last executing test programs:

1.108755669s ago: executing program 2 (id=131):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000900)={0x10, 0x140f, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x40c0}, 0x24000080)

1.033872971s ago: executing program 2 (id=132):
r0 = socket$kcm(0x29, 0x5, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x2, &(0x7f0000000000)=0x3, 0x4)

1.031024853s ago: executing program 0 (id=135):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000004000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
clock_gettime(0xa, 0x0)

983.704811ms ago: executing program 2 (id=136):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r0, 0x0, &(0x7f0000000600)=""/4096}, 0x20)

983.067059ms ago: executing program 0 (id=138):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1200000007000000080000000b"], 0x50)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f0000000340), &(0x7f0000000380)=r1}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000380)={r0, &(0x7f0000000280), 0x0}, 0x20)

982.86238ms ago: executing program 2 (id=139):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@ipv4_newnexthop={0x1c, 0x68, 0x1, 0x70bd29, 0x25dfdbfe, {0x2, 0x0, 0x2, 0x0, 0x4}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0)

927.35852ms ago: executing program 2 (id=141):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x1c, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_CSUM_OFFSET={0x8, 0x7, 0x1, 0x0, 0xc29600}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xa8}}, 0x0)

926.966089ms ago: executing program 0 (id=142):
r0 = socket(0x848000000015, 0x805, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c)
sendto$inet6(r0, 0x0, 0x4c, 0x0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8001}, 0x1c)

867.039758ms ago: executing program 0 (id=144):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x304}, "bd88818314ff7d84", "0b3ea924c47b25d7624cd362581725c7", "000400", "d5a1d50399459b68"}, 0x28)
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r0)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000140)=0x4, 0x4)

866.59113ms ago: executing program 2 (id=145):
socket$netlink(0x10, 0x3, 0x9)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="1c00000014000100000080000000000007000080080002"], 0x1c}], 0x1}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x5, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1}, @ldst={0x2, 0x0, 0x3, 0x0, 0x0, 0x2}]}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5}, 0x94)
ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r7, 0x8983, &(0x7f0000000000)={0x0, 'batadv0\x00', {0x4}, 0x1})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x7}, @TCA_NETEM_RATE64={0xc, 0x8, 0x4526dd370cbcddac}]}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r9 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r9, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r10 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r10, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
r11 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r11, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write(r11, &(0x7f0000000000)="2a000200010078", 0x7)
connect$rose(r10, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)

616.667096ms ago: executing program 1 (id=151):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xa0}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=ANY=[@ANYBLOB="240000001900010028bd7000fbdbdf251d010200080009"], 0x24}, 0x1, 0x0, 0x0, 0x4048855}, 0x30004016)
sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x0)

527.787219ms ago: executing program 1 (id=152):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x38, 0x701, 0xfffffffc, 0x0, {0x6}}, 0x14}}, 0x0)

527.583041ms ago: executing program 1 (id=153):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)='+', 0x1)

437.732905ms ago: executing program 1 (id=154):
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, 0x0}, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_mptcp_buf(r0, 0x11c, 0x2, &(0x7f0000000040)=""/167, &(0x7f0000000100)=0xa7)

437.377268ms ago: executing program 1 (id=155):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000002940), 0x80000, 0x0)
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000002980)={'rose0\x00', 0x200})

387.459337ms ago: executing program 1 (id=156):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000080)="441f0801000000e8c94ef56491ee54be0e1c2074ed27c1c6fe76cef3e2", 0x1d)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10)

306.454µs ago: executing program 0 (id=157):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x56)
connect$inet(r0, &(0x7f0000000380)={0x2, 0x4e25, @dev={0xac, 0x14, 0x14, 0x3e}}, 0x10)
sendmmsg(r0, &(0x7f0000006140)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000740)="65c6d96326a838047976a77611d4c4ecc94b3585c42786716ad7c93fd3a228e9a1cd93801f5b4033ea9ae2b561128c2893aba2af73f86ac4a65917672e186b297cada86c7b329c4831efa7d660040c757e6ce437d7853ac2cca9605a2e18bf6529e94453fac161511f4483dc8b5294583cc78cd79fb68fb57bd8697ac1639517070e92cd2d36932b0e26cf8fdd87e817f08f7d937282c63371e22e43e8ab5c2b3d851d147f260004a12512be6e3b6b48a430a4e4747a28d766c634658499181a54867295ad5496ef6eed69b0da6b885004a5bc869e090798f4a1139e098f282ab4aefc8a67fe2087e1eadd30c54f4c87b1fb7a", 0xf3}, {&(0x7f00000002c0)="b16b5d1ddcad4b5eedb9593060ada4a1778939f40388ef540871ce291c1010f3310edf7028093cf8709632cad4866d5e448d5385c80db3518564b1194247acfb3b463ee97c794123a991311e51e1790748a23c3301974b905bbd18b3e54cb3cc90c180fba7461df205130349d430083d2c66", 0x72}], 0x2}}], 0x1, 0x4000)
close(r0)

0s ago: executing program 0 (id=158):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000680)={r0, &(0x7f00000002c0), 0x0}, 0x20)
socket$phonet_pipe(0x23, 0x5, 0x2)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:14389' (ED25519) to the list of known hosts.
syzkaller login: [   50.158161][ T5774] cgroup: Unknown subsys name 'net'
[   50.306892][ T5774] cgroup: Unknown subsys name 'cpuset'
[   50.311694][ T5774] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   52.437936][ T5774] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   58.279389][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   58.283514][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   58.287000][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   58.294241][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   58.297931][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   58.320657][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   58.327565][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   58.331552][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   58.341075][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   58.345178][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   58.405232][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   58.410770][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   58.413818][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   58.423032][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   58.427170][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   58.572599][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   58.737763][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.743878][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.746635][ T5846] bridge_slave_0: entered allmulticast mode
[   58.754220][ T5846] bridge_slave_0: entered promiscuous mode
[   58.760490][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.763562][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.766617][ T5846] bridge_slave_1: entered allmulticast mode
[   58.770536][ T5846] bridge_slave_1: entered promiscuous mode
[   58.816258][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.825116][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   58.860054][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.932929][ T5846] team0: Port device team_slave_0 added
[   58.950095][ T5846] team0: Port device team_slave_1 added
[   58.985981][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.988695][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.000988][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.009695][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.012247][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.021721][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.035477][ T5853] chnl_net:caif_netlink_parms(): no params data found
[   59.076957][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.079294][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.081540][ T5850] bridge_slave_0: entered allmulticast mode
[   59.085366][ T5850] bridge_slave_0: entered promiscuous mode
[   59.089496][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.091759][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.094435][ T5850] bridge_slave_1: entered allmulticast mode
[   59.097471][ T5850] bridge_slave_1: entered promiscuous mode
[   59.168251][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.179077][ T5846] hsr_slave_0: entered promiscuous mode
[   59.182238][ T5846] hsr_slave_1: entered promiscuous mode
[   59.206243][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.226770][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.229216][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.231817][ T5853] bridge_slave_0: entered allmulticast mode
[   59.235315][ T5853] bridge_slave_0: entered promiscuous mode
[   59.253642][ T5850] team0: Port device team_slave_0 added
[   59.256033][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.258794][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.261075][ T5853] bridge_slave_1: entered allmulticast mode
[   59.264664][ T5853] bridge_slave_1: entered promiscuous mode
[   59.282677][ T5850] team0: Port device team_slave_1 added
[   59.341345][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.345813][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.356312][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.362301][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.369481][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.372140][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.383325][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.388306][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.447505][ T5853] team0: Port device team_slave_0 added
[   59.470486][ T5853] team0: Port device team_slave_1 added
[   59.531710][ T5850] hsr_slave_0: entered promiscuous mode
[   59.535300][ T5850] hsr_slave_1: entered promiscuous mode
[   59.538038][ T5850] debugfs: 'hsr0' already exists in 'hsr'
[   59.540319][ T5850] Cannot create hsr debugfs directory
[   59.544218][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.546982][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.555427][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.565577][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.568433][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.579674][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.671614][ T5853] hsr_slave_0: entered promiscuous mode
[   59.675286][ T5853] hsr_slave_1: entered promiscuous mode
[   59.678086][ T5853] debugfs: 'hsr0' already exists in 'hsr'
[   59.680722][ T5853] Cannot create hsr debugfs directory
[   59.780319][ T5846] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   59.797261][ T5846] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   59.816942][ T5846] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   59.850595][ T5846] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   59.976242][ T5853] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   59.982538][ T5853] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   59.998090][ T5853] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   60.010620][ T5853] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   60.054401][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   60.060794][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   60.068547][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   60.079973][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   60.139380][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.176636][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   60.191013][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.193464][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.203825][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.206160][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.236398][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.278638][ T5853] 8021q: adding VLAN 0 to HW filter on device team0
[   60.305913][ T4861] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.308658][ T4861] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.318769][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.330970][ T4861] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.334003][ T4861] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.376066][   T55] Bluetooth: hci1: command tx timeout
[   60.378620][   T55] Bluetooth: hci0: command tx timeout
[   60.391124][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   60.410663][ T4861] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.413657][ T4861] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.427934][ T4861] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.430839][ T4861] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.456224][ T5848] Bluetooth: hci2: command tx timeout
[   60.481473][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.581138][ T5846] veth0_vlan: entered promiscuous mode
[   60.596597][ T5846] veth1_vlan: entered promiscuous mode
[   60.637395][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.640736][ T5846] veth0_macvtap: entered promiscuous mode
[   60.669597][ T5846] veth1_macvtap: entered promiscuous mode
[   60.687233][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.714216][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.729210][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.732838][ T5853] veth0_vlan: entered promiscuous mode
[   60.749337][ T5717] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.758860][ T5853] veth1_vlan: entered promiscuous mode
[   60.770239][ T5717] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.775536][ T5717] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.778364][ T5717] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.849963][ T5850] veth0_vlan: entered promiscuous mode
[   60.879728][ T1373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.880587][ T5853] veth0_macvtap: entered promiscuous mode
[   60.882995][ T1373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.889376][ T5850] veth1_vlan: entered promiscuous mode
[   60.917677][ T5853] veth1_macvtap: entered promiscuous mode
[   60.940962][ T3793] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.943719][ T3793] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.946161][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.962588][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.975558][ T5850] veth0_macvtap: entered promiscuous mode
[   60.987008][ T5850] veth1_macvtap: entered promiscuous mode
[   61.000875][ T5906] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.004436][ T5906] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.007279][ T5906] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.010043][ T5906] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.045813][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   61.047843][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   61.095349][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   61.141576][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.141735][ T5717] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.145511][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.151913][ T5717] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.154893][ T5909] sock: sock_timestamping_bind_phc: sock not bind to device
[   61.161188][ T5717] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.168744][ T5717] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.254722][ T3793] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.258644][ T3793] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.292935][ T3793] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.309093][ T3793] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.363836][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.374262][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.435497][ T5920] tipc: Started in network mode
[   61.437156][ T5920] tipc: Node identity 7638c0b395b3, cluster identity 4711
[   61.439564][ T5920] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   61.453585][ T5920] syzkaller0: entered promiscuous mode
[   61.455404][ T5920] syzkaller0: entered allmulticast mode
[   61.481876][ T5925] netlink: 'syz.2.3': attribute type 1 has an invalid length.
[   61.488377][ T5925] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'.
[   61.542093][ T5920] tipc: Resetting bearer <eth:syzkaller0>
[   61.556155][ T5917] tipc: Resetting bearer <eth:syzkaller0>
[   61.565928][ T5917] tipc: Disabling bearer <eth:syzkaller0>
[   61.568127][ T5929] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9'.
[   61.594481][ T5927] syz.1.8 uses obsolete (PF_INET,SOCK_PACKET)
[   61.691895][ T5938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12'.
[   61.865485][ T5945] tipc: Started in network mode
[   61.867075][ T5945] tipc: Node identity 0ad016b0ce33, cluster identity 4711
[   61.869437][ T5945] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   61.872135][ T5945] syzkaller0: entered promiscuous mode
[   61.878021][ T5945] syzkaller0: entered allmulticast mode
[   61.891894][ T5947] netlink: 28 bytes leftover after parsing attributes in process `syz.0.16'.
[   61.899007][ T5945] tipc: Resetting bearer <eth:syzkaller0>
[   61.911669][ T5944] tipc: Resetting bearer <eth:syzkaller0>
[   61.921516][ T5944] tipc: Disabling bearer <eth:syzkaller0>
[   62.047441][ T5947] warning: `syz.0.16' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   62.224945][ T5894] IPVS: starting estimator thread 0...
[   62.314134][ T5963] IPVS: using max 39 ests per chain, 93600 per kthread
[   62.432739][ T5975] netlink: del zone limit has 8 unknown bytes
[   62.434070][ T5974] sctp: [Deprecated]: syz.0.29 (pid 5974) Use of struct sctp_assoc_value in delayed_ack socket option.
[   62.434070][ T5974] Use struct sctp_sack_info instead
[   62.464851][ T5848] Bluetooth: hci0: command tx timeout
[   62.467037][ T5848] Bluetooth: hci1: command tx timeout
[   62.533970][ T5848] Bluetooth: hci2: command tx timeout
[   62.845121][ T6012] netlink: 4 bytes leftover after parsing attributes in process `syz.2.41'.
[   62.850439][ T6012] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   62.890349][ T6013] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   62.958277][ T6013] 8021q: adding VLAN 0 to HW filter on device bond1
[   62.981073][ T6013] bond0: (slave bond1): Enslaving as an active interface with an up link
[   63.149983][ T6029] netlink: 'syz.1.48': attribute type 4 has an invalid length.
[   63.195340][ T6029] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.198231][ T6029] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.268595][ T6029] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   63.276260][ T6029] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   63.367434][ T5870] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   63.377605][ T5870] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   63.388353][ T5870] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   63.396355][ T5870] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   63.521150][ T6047] netlink: 'syz.0.55': attribute type 6 has an invalid length.
[   63.525043][ T6047] IPv6: NLM_F_CREATE should be specified when creating new route
[   63.785309][ T6058] netlink: 'syz.1.60': attribute type 23 has an invalid length.
[   63.941259][ T6080] netlink: 12 bytes leftover after parsing attributes in process `syz.2.71'.
[   63.985383][ T6086] netlink: 4 bytes leftover after parsing attributes in process `syz.1.74'.
[   64.101030][ T6101] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   64.140121][ T6104] netlink: 44 bytes leftover after parsing attributes in process `syz.0.83'.
[   64.145208][ T6104] netlink: 44 bytes leftover after parsing attributes in process `syz.0.83'.
[   64.185393][ T6110] batadv_slave_0: entered promiscuous mode
[   64.188385][ T6110] netlink: 4 bytes leftover after parsing attributes in process `syz.0.85'.
[   64.191646][ T6110] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   64.218674][ T6110] batadv_slave_0 (unregistering): left promiscuous mode
[   64.222029][ T6110] batman_adv: batadv0: Removing interface: batadv_slave_0
[   64.410078][ T6120] netlink: 'syz.2.91': attribute type 4 has an invalid length.
[   64.507804][ T6120] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.510576][ T6120] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.533451][ T5848] Bluetooth: hci0: command tx timeout
[   64.535627][ T5848] Bluetooth: hci1: command tx timeout
[   64.601972][ T6120] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   64.609241][ T6120] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   64.613553][   T55] Bluetooth: hci2: command tx timeout
[   64.705162][ T5870] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.707952][ T5870] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.710601][ T5870] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.715626][ T5870] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   66.158803][ T6173] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   66.605980][ T6201] macvtap0: entered allmulticast mode
[   66.614209][   T55] Bluetooth: hci1: command tx timeout
[   66.614234][ T5848] Bluetooth: hci0: command tx timeout
[   66.703638][ T5848] Bluetooth: hci2: command tx timeout
[   66.880300][ T6239] Bluetooth: MGMT ver 1.23
[   67.139083][ T6254] __nla_validate_parse: 1 callbacks suppressed
[   67.139099][ T6254] netlink: 8 bytes leftover after parsing attributes in process `syz.1.151'.
[   67.147726][ T6254] Zero length message leads to an empty skb
[   67.737334][ T6239] ==================================================================
[   67.740552][ T6239] BUG: KASAN: slab-use-after-free in rose_transmit_link+0x5c3/0x740
[   67.743842][ T6239] Read of size 1 at addr ffff8881220c5032 by task syz.2.145/6239
[   67.747756][ T6239] 
[   67.748610][ T6239] CPU: 1 UID: 0 PID: 6239 Comm: syz.2.145 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[   67.748623][ T6239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   67.748630][ T6239] Call Trace:
[   67.748635][ T6239]  <TASK>
[   67.748640][ T6239]  dump_stack_lvl+0x189/0x250
[   67.748654][ T6239]  ? __virt_addr_valid+0x1c8/0x5c0
[   67.748665][ T6239]  ? rcu_is_watching+0x15/0xb0
[   67.748674][ T6239]  ? __kasan_check_byte+0x12/0x40
[   67.748686][ T6239]  ? __pfx_dump_stack_lvl+0x10/0x10
[   67.748695][ T6239]  ? rcu_is_watching+0x15/0xb0
[   67.748702][ T6239]  ? lock_release+0x4b/0x3e0
[   67.748714][ T6239]  ? __virt_addr_valid+0x1c8/0x5c0
[   67.748723][ T6239]  ? __virt_addr_valid+0x4a5/0x5c0
[   67.748732][ T6239]  print_report+0xca/0x240
[   67.748740][ T6239]  ? rose_transmit_link+0x5c3/0x740
[   67.748751][ T6239]  kasan_report+0x118/0x150
[   67.748762][ T6239]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[   67.748774][ T6239]  ? rose_transmit_link+0x5c3/0x740
[   67.748786][ T6239]  rose_transmit_link+0x5c3/0x740
[   67.748796][ T6239]  ? skb_put+0x11b/0x210
[   67.748807][ T6239]  rose_write_internal+0x11dc/0x1ac0
[   67.748817][ T6239]  ? __pfx_rose_write_internal+0x10/0x10
[   67.748824][ T6239]  ? __timer_delete+0x5d/0x390
[   67.748835][ T6239]  rose_release+0x24e/0x520
[   67.748846][ T6239]  sock_close+0xc3/0x240
[   67.748854][ T6239]  ? __pfx_sock_close+0x10/0x10
[   67.748861][ T6239]  __fput+0x44c/0xa70
[   67.748872][ T6239]  task_work_run+0x1d4/0x260
[   67.748883][ T6239]  ? __pfx_task_work_run+0x10/0x10
[   67.748893][ T6239]  ? task_work_add+0x377/0x420
[   67.748903][ T6239]  ? __pfx_task_work_add+0x10/0x10
[   67.748912][ T6239]  get_signal+0x11ed/0x1340
[   67.748924][ T6239]  arch_do_signal_or_restart+0x9a/0x750
[   67.748937][ T6239]  ? __pfx___sys_connect+0x10/0x10
[   67.748946][ T6239]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   67.748960][ T6239]  ? exit_to_user_mode_loop+0x40/0x110
[   67.748971][ T6239]  exit_to_user_mode_loop+0x75/0x110
[   67.748981][ T6239]  do_syscall_64+0x2bd/0x3b0
[   67.748991][ T6239]  ? lockdep_hardirqs_on+0x9c/0x150
[   67.748999][ T6239]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.749007][ T6239]  ? exc_page_fault+0x9f/0xf0
[   67.749023][ T6239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.749032][ T6239] RIP: 0033:0x7f129ff8ebe9
[   67.749056][ T6239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   67.749064][ T6239] RSP: 002b:00007f12a0db4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   67.749073][ T6239] RAX: fffffffffffffe00 RBX: 00007f12a01b5fa0 RCX: 00007f129ff8ebe9
[   67.749079][ T6239] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 0000000000000010
[   67.749085][ T6239] RBP: 00007f12a0011e19 R08: 0000000000000000 R09: 0000000000000000
[   67.749090][ T6239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   67.749094][ T6239] R13: 00007f12a01b6038 R14: 00007f12a01b5fa0 R15: 00007fffad314b08
[   67.749104][ T6239]  </TASK>
[   67.749107][ T6239] 
[   67.848838][ T6239] Allocated by task 6239:
[   67.850343][ T6239]  kasan_save_track+0x3e/0x80
[   67.852044][ T6239]  __kasan_kmalloc+0x93/0xb0
[   67.853678][ T6239]  __kmalloc_cache_noprof+0x230/0x3d0
[   67.855563][ T6239]  rose_add_node+0x23a/0xde0
[   67.857219][ T6239]  rose_rt_ioctl+0xa48/0xfb0
[   67.858875][ T6239]  rose_ioctl+0x3ce/0x8b0
[   67.860444][ T6239]  sock_do_ioctl+0xdc/0x300
[   67.862161][ T6239]  sock_ioctl+0x576/0x790
[   67.863726][ T6239]  __se_sys_ioctl+0xfc/0x170
[   67.865380][ T6239]  do_syscall_64+0xfa/0x3b0
[   67.867026][ T6239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.869135][ T6239] 
[   67.870001][ T6239] Freed by task 6244:
[   67.871437][ T6239]  kasan_save_track+0x3e/0x80
[   67.873134][ T6239]  kasan_save_free_info+0x46/0x50
[   67.874949][ T6239]  __kasan_slab_free+0x5b/0x80
[   67.876672][ T6239]  kfree+0x18e/0x440
[   67.878085][ T6239]  rose_rt_device_down+0x473/0x4c0
[   67.879926][ T6239]  rose_device_event+0x603/0x6a0
[   67.881736][ T6239]  notifier_call_chain+0x1b6/0x3e0
[   67.883612][ T6239]  __dev_notify_flags+0x18d/0x2e0
[   67.885417][ T6239]  netif_change_flags+0xe8/0x1a0
[   67.887188][ T6239]  dev_change_flags+0x130/0x260
[   67.888943][ T6239]  dev_ioctl+0x7b4/0x1150
[   67.890516][ T6239]  sock_do_ioctl+0x22c/0x300
[   67.892117][ T6239]  sock_ioctl+0x576/0x790
[   67.893703][ T6239]  __se_sys_ioctl+0xfc/0x170
[   67.895302][ T6239]  do_syscall_64+0xfa/0x3b0
[   67.896944][ T6239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.899073][ T6239] 
[   67.899940][ T6239] The buggy address belongs to the object at ffff8881220c5000
[   67.899940][ T6239]  which belongs to the cache kmalloc-512 of size 512
[   67.904756][ T6239] The buggy address is located 50 bytes inside of
[   67.904756][ T6239]  freed 512-byte region [ffff8881220c5000, ffff8881220c5200)
[   67.909480][ T6239] 
[   67.910334][ T6239] The buggy address belongs to the physical page:
[   67.912625][ T6239] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8881220c5c00 pfn:0x1220c4
[   67.916189][ T6239] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   67.919144][ T6239] flags: 0x57ff00000000240(workingset|head|node=1|zone=2|lastcpupid=0x7ff)
[   67.922071][ T6239] page_type: f5(slab)
[   67.923531][ T6239] raw: 057ff00000000240 ffff88801a441c80 ffffea0004468110 ffffea000424e610
[   67.926532][ T6239] raw: ffff8881220c5c00 000000000010000d 00000000f5000000 0000000000000000
[   67.929548][ T6239] head: 057ff00000000240 ffff88801a441c80 ffffea0004468110 ffffea000424e610
[   67.932573][ T6239] head: ffff8881220c5c00 000000000010000d 00000000f5000000 0000000000000000
[   67.935609][ T6239] head: 057ff00000000002 ffffea0004883101 00000000ffffffff 00000000ffffffff
[   67.938666][ T6239] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   67.941730][ T6239] page dumped because: kasan: bad access detected
[   67.944006][ T6239] page_owner tracks the page as allocated
[   67.946028][ T6239] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5923, tgid 5923 (syz.1.2), ts 61479517866, free_ts 61455491677
[   67.952687][ T6239]  post_alloc_hook+0x240/0x2a0
[   67.954430][ T6239]  get_page_from_freelist+0x21e4/0x22c0
[   67.956376][ T6239]  __alloc_frozen_pages_noprof+0x181/0x370
[   67.958464][ T6239]  allocate_slab+0x65/0x370
[   67.960060][ T6239]  ___slab_alloc+0xbeb/0x1410
[   67.961732][ T6239]  __kmalloc_node_noprof+0x2fd/0x4e0
[   67.963605][ T6239]  alloc_slab_obj_exts+0x39/0xa0
[   67.965349][ T6239]  __memcg_slab_post_alloc_hook+0x31e/0x7f0
[   67.967451][ T6239]  kmem_cache_alloc_noprof+0x2bf/0x3c0
[   67.969407][ T6239]  __send_signal_locked+0x22a/0xeb0
[   67.971253][ T6239]  force_sig_info_to_task+0x30c/0x590
[   67.973184][ T6239]  force_sig_fault+0xdc/0x130
[   67.974883][ T6239]  __bad_area_nosemaphore+0x3b3/0x780
[   67.976805][ T6239]  bad_area_access_error+0x155/0x270
[   67.978699][ T6239]  exc_page_fault+0x76/0xf0
[   67.980317][ T6239]  asm_exc_page_fault+0x26/0x30
[   67.982055][ T6239] page last free pid 5296 tgid 5296 stack trace:
[   67.984328][ T6239]  __free_frozen_pages+0xbc4/0xd30
[   67.986169][ T6239]  __slab_free+0x303/0x3c0
[   67.987776][ T6239]  qlist_free_all+0x97/0x140
[   67.989616][ T6239]  kasan_quarantine_reduce+0x148/0x160
[   67.991582][ T6239]  __kasan_slab_alloc+0x22/0x80
[   67.993349][ T6239]  __kmalloc_noprof+0x224/0x4f0
[   67.995093][ T6239]  tomoyo_realpath_from_path+0xe3/0x5d0
[   67.997075][ T6239]  tomoyo_path_perm+0x213/0x4b0
[   67.998825][ T6239]  security_inode_getattr+0x12f/0x330
[   68.000726][ T6239]  vfs_fstatat+0xb1/0x170
[   68.002275][ T6239]  __x64_sys_newfstatat+0x116/0x190
[   68.004115][ T6239]  do_syscall_64+0xfa/0x3b0
[   68.005733][ T6239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.007857][ T6239] 
[   68.008737][ T6239] Memory state around the buggy address:
[   68.010724][ T6239]  ffff8881220c4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   68.013563][ T6239]  ffff8881220c4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   68.016397][ T6239] >ffff8881220c5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.019218][ T6239]                                      ^
[   68.021224][ T6239]  ffff8881220c5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.024078][ T6239]  ffff8881220c5100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.026894][ T6239] ==================================================================
[   68.041632][ T6239] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   68.044539][ T6239] CPU: 1 UID: 0 PID: 6239 Comm: syz.2.145 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[   68.049249][ T6239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   68.053227][ T6239] Call Trace:
[   68.054670][ T6239]  <TASK>
[   68.055879][ T6239]  dump_stack_lvl+0x99/0x250
[   68.057720][ T6239]  ? __asan_memcpy+0x40/0x70
[   68.059607][ T6239]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.061702][ T6239]  ? __pfx__printk+0x10/0x10
[   68.063453][ T6239]  vpanic+0x281/0x750
[   68.064889][ T6239]  ? __pfx_print_hex_dump+0x10/0x10
[   68.066771][ T6239]  ? __pfx_vpanic+0x10/0x10
[   68.068403][ T6239]  ? preempt_schedule_common+0x83/0xd0
[   68.070357][ T6239]  ? preempt_schedule+0xae/0xc0
[   68.072123][ T6239]  panic+0xb9/0xc0
[   68.073514][ T6239]  ? __pfx_panic+0x10/0x10
[   68.075120][ T6239]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.077309][ T6239]  ? rose_transmit_link+0x5c3/0x740
[   68.079132][ T6239]  check_panic_on_warn+0x89/0xb0
[   68.080916][ T6239]  ? rose_transmit_link+0x5c3/0x740
[   68.082800][ T6239]  end_report+0x78/0x160
[   68.084343][ T6239]  kasan_report+0x129/0x150
[   68.085987][ T6239]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[   68.088202][ T6239]  ? rose_transmit_link+0x5c3/0x740
[   68.090088][ T6239]  rose_transmit_link+0x5c3/0x740
[   68.091909][ T6239]  ? skb_put+0x11b/0x210
[   68.093487][ T6239]  rose_write_internal+0x11dc/0x1ac0
[   68.095395][ T6239]  ? __pfx_rose_write_internal+0x10/0x10
[   68.097418][ T6239]  ? __timer_delete+0x5d/0x390
[   68.099155][ T6239]  rose_release+0x24e/0x520
[   68.100748][ T6239]  sock_close+0xc3/0x240
[   68.102240][ T6239]  ? __pfx_sock_close+0x10/0x10
[   68.104008][ T6239]  __fput+0x44c/0xa70
[   68.105474][ T6239]  task_work_run+0x1d4/0x260
[   68.107157][ T6239]  ? __pfx_task_work_run+0x10/0x10
[   68.108996][ T6239]  ? task_work_add+0x377/0x420
[   68.110732][ T6239]  ? __pfx_task_work_add+0x10/0x10
[   68.112541][ T6239]  get_signal+0x11ed/0x1340
[   68.114204][ T6239]  arch_do_signal_or_restart+0x9a/0x750
[   68.116191][ T6239]  ? __pfx___sys_connect+0x10/0x10
[   68.118203][ T6239]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   68.120446][ T6239]  ? exit_to_user_mode_loop+0x40/0x110
[   68.122418][ T6239]  exit_to_user_mode_loop+0x75/0x110
[   68.124318][ T6239]  do_syscall_64+0x2bd/0x3b0
[   68.126041][ T6239]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.127926][ T6239]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.130124][ T6239]  ? exc_page_fault+0x9f/0xf0
[   68.131828][ T6239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.133969][ T6239] RIP: 0033:0x7f129ff8ebe9
[   68.135559][ T6239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.142313][ T6239] RSP: 002b:00007f12a0db4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   68.145246][ T6239] RAX: fffffffffffffe00 RBX: 00007f12a01b5fa0 RCX: 00007f129ff8ebe9
[   68.148058][ T6239] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 0000000000000010
[   68.150663][ T6239] RBP: 00007f12a0011e19 R08: 0000000000000000 R09: 0000000000000000
[   68.153118][ T6239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.155555][ T6239] R13: 00007f12a01b6038 R14: 00007f12a01b5fa0 R15: 00007fffad314b08
[   68.157989][ T6239]  </TASK>
[   68.159509][ T6239] Kernel Offset: disabled
[   68.160832][ T6239] Rebooting in 86400 seconds..

VM DIAGNOSIS:
18:01:02  Registers:
info registers vcpu 0

CPU#0
RAX=f66ae06de2450a00 RBX=ffffffff81968308 RCX=f66ae06de2450a00 RDX=0000000000000001
RSI=ffffffff8d9b47b6 RDI=ffffffff8be32600 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa34230 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a20
RIP=ffffffff8b78a3f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8623000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555572ac55c8 CR3=000000010673c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000001a4 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000032 RBX=0000000000000032 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000015f7 RDI=00000000000015f8 RBP=00000000000003f8 RSP=ffffc90004daf210
R8 =ffff888020e80237 R9 =1ffff110041d0046 R10=dffffc0000000000 R11=ffffffff854e72a0
R12=dffffc0000000000 R13=ffffffff99af2913 R14=ffffffff99de74e0 R15=0000000000000000
RIP=ffffffff854e731c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f12a0db46c0 ffffffff 00c00000
GS =0000 ffff8881a3c23000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32520ff8 CR3=00000000257a2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff81ec5679 ffffffff8168893f
XMM02=00007f41b8f87498 ffffffff8168893f XMM03=00007f41b8f874a8 00007f41b8f874a0
XMM04=00007f41b9aed100 00007f41b8f87460 XMM05=00007f41b8f87478 00007f41b8f874c0
XMM06=00007f41b8f874b8 00007f41b8f874b0 XMM07=00007f41b8f874a8 00007f41b8f874a0
XMM08=0000000000000000 00007f41b8e12ee7 XMM09=0000000000000000 00007f41b8e12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
