last executing test programs:

2.177598961s ago: executing program 0 (id=209):
r0 = socket(0x848000000015, 0x805, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x4000000, &(0x7f00000003c0)={0xa, 0x0, 0x8dc, @remote, 0x3ff}, 0x1c)

2.109296765s ago: executing program 0 (id=210):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000c00)=ANY=[@ANYBLOB="b4000000020000006600000000000000730137000000000095000000000000004bb5eea0a6ec9fcd4b0a008a8443f22702000000e63bde9e4a0587536a966992ae7011d6e6c03175717e9912e0dd1a59541f7cbb1548ee5bd627f5b0b8ec77bd6d5f7b543f9aafaabe53339b12fbbe7decc4aa61b8aad0359083bdd61543fbeee8d560bb4b5925fae801f4c91e31674b124a1b38000000bc4da4a9b3d5cc9e0000f6a7a729009973ff07000000000000ac79e5d84abbec7d96629490727375b853f6308a980fba61fbe0131f3c7a026d8f000008000000000000000b20d7ac2df89d7989bf53bec908213d396edf24e9fc3cc004a1097fddc65c1b1b328277ff85ed56b9261eb7bcee28ec2d3616689ab3f31f849eebce6f21e6302003c0467844e000000000db0700bd694a09b253a1c6c7c138b3ec6ee9b83edcc55d3403acd5c50e2740a7ab7069790da79b7ab45184caffff00009bab066bf7a4ab148d44c7e2e4d219cdd7ebeb51511d9df85a648b1b85f93cb6cd21f93d5ea3da2b31657c065d052d9b9ee00320def97ebac25b929b3c15e33be6e7d54e622b427ee8d181d2f18d772fb5c58a936620ba1f5fbb48703ab211f442697edc165b449db2e3c221fbf270a6db414516949b97c200000096a1cbe81a38a23f03bd741a3e60c2e294f828e06f1b2cb70328f151f949e369efed52a28b87aae9d7d2800c8eff7f93c05adc9086d3f143a7b87d06838c6525cafdc01820a8912a131ff1f6acb9439f2d95a746291641b38333ce1c84b0d9d033edc9da00c8a2b42e8adfeff69fce7a35f79748e3e5b235269310988a05bf7c4e4cef3d1aa550c83d6328eb000000044a6458c31431d58973c93f5e9452258a7098bc3d014afe638a40948498fa9561213bc20845526e054d6b3ba5ca8f357df67c41acc28edacb31d38994544c3511ea1e8a448e66039425cfb03efb5d5eb81a306746adb8809ef969187763c00085e2dc401325327e54cbfceb400c2663466cd4a79c94b62c9882626499a8a29c564464f2a7aee6a929f831c93d23005787d272b5eaf0c6e11a7f0f1f39f68df44f6bf2d9b51d99c89e327b4bf7b96ad33abbd3a8b5814b5e7f85d1a47ee604ccef20bda53c9ce06910568fc200eee12fc6ef2734a6e9af5132f0c507e277fd97f9b48c840697289d38e454467f4d2f94b2f76d06edd083dafefd76deb251b5818de9c27d0df6e7b8862fe42f6c453f551f35b6d76395a1d205f276ae628fbdb8081905a1d7c2805532d3387b88f2997e8ce41c5dca83659cfb7f3a1c7b2bec8a7575dc4241dde6c680ee9a27b197739f4ad86f3bad3e42d4954bef864586ad02c27858d63efc495bcfb6ed49a5ca8987b0f2a8b14054e30f30fedf536d63769a196fc3b472195d0a1a13ecf803136d751cefb0edb5794cab8681214b39f86d88f3aebea4d465ef05f975b09f264d6c8d8e3bb6ea7d21c6602bcc8f76f2546cccc074f55c22aa8b502968040000000000000047c8a50036dd268a1aeff951f5090492b5e941feb1d3785aafe1655876e5a36c40fb5afcfd1eb28952662782097836a4d1aa3de0c06bb7dc27cf1a546b6aa6ce9932f3c6a013bc3791da4d8a33680ba8f1334d75a43e991ebd4582d786ec05cdd3152d52ab15fc7595cbd339f730d2ec8e37e6c500c4c30280a6af986f62a22d9c5c275e7798c165545abfcd304243274db15924a136a0896d56576ed7de90b1bda90f4024b9a0b3b33f688db8e38f784ae3942aba874f95d10c47e2405ceb0438cc272133fac718a6553710e4ca97df646b21d02652c54eade2e99344e11a2671cf274d397650fba8fcfb7e51a926e37b3980a1732111175dd99b9d979042b3ea411a7b4f9081ae9b82974d5eb6fd4e4bcd95e4f897dfba4e44777e6d02a896b650a66d9139696b926c36a33eb3bdc092bf4586bfab34002f802bbfe6a7679cec20cc25e01f129bbe92a65961fac7bffa3d8feda2ac927743d2bce57ee39b671948576337535180aa754e035421cf1709bc1b5e46c35515fb1fcda637a6405e9b216d2ca09795c5d2f27665da5b17bcf0f387e6dd58202a3a1148e46e55ac7ea027eb3022eee4a000ca543ab566921e5db4f741a762e5705f942855a9fa30b912045f78ab1e3fdeada84bc8ac36cc1223901e56f6ecbabbc3263098c9c47a1f505a8299b5715a455e834ddddc430f387cafa07bf915522f9a42e34eea5169b796320e892d27924045bcf56135684ca96ada82749371d5766c0d0cae8772f140eef001ca39dc28aef8a5236393fce29b0531cbd3265c209761ed41a2e473fbd84ca9b67e3ceb58a4b774ee127628faba8702c0a73f8311d269429aaadf74c439404fc9f864e69807dfe257c0c4a26c60bfa77f89bae2bd4c498a10d4e17dddb1f7539bfeb392e22e7b93d0ecf66cd253a4062bbc8a437f8924ee7a89ab73dd7c11be13707482c369f02d7b6f242599f95dbfcb55bea158665231f8fe04ed2a8c407fed1a8702e2486386f2ae6347231128be789186ff5651208c80781f85d3fb51bd28b939a8bc88a471c36fa17fd04c3fbdbd3f7bf144b1466014a77c582aa0380e612cd101d557dd1e5b7bae3da3ea2659f66a3641eaa3b008b9788a63c8f7009f9149fd9c740eddd300000000000000000000e620e3657ac82a5bd27dfa4f2add31a402346571e87b2644edb73d4affdcbbe2b8e2539b44554c10dc0ac8ba67ab9901c8e9564b4c26a87cf59b11978a86d4938ca4db01a9d8426aed32eb0d0d1dd894bbf3197f3b5744b5a4f813fd7330"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000002c0), 0x10}, 0x47)

2.039817153s ago: executing program 0 (id=214):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x61, 0x11, 0x4}]}, &(0x7f00000000c0)='GPL\x00', 0x8, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffd97}, 0x70)

1.98982454s ago: executing program 0 (id=215):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2}, 0x10)

1.93973055s ago: executing program 0 (id=218):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a310000000070000000060a010400000000000000000100000008000b400000000048000480440001800b000100657874686472000034000280080001400000000c080003400000000008000440000000220500020007000000080006400000000308000540000000000900010073797a300000000020000000030a010300000000000000000a0000020900030073797a300000000044010000080a01080000000000000000010000073a00074032e97608c07b8f34d704cc507d07a8d4c429672a9b6841e516ce194f03354b3c46a930469ce36ee8391a02352a70d543c633dc17a9d300007900074012119f33dbd27dbba871f33b8206fc0a59dac6df96baf86f3deffa20b8a2b13fa2fbc917a33ad4b9dc903553ff1e7533cd9d1e3f6a3248b10a63552977fab38d9ad7409cbd223b094a0bb6f0884c8839890d122f9b9963668c97749b2304852a8d461ccc39dc307f41ac41688a4f2d64a916dc532d00000008000a40000000000900010073797a30000000000900020073797a310000"], 0x248}}, 0x0)

1.698982737s ago: executing program 0 (id=229):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xa, 0x4, 0xfff, 0x7}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r1}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r3, &(0x7f0000000180), 0x40010)

849.905471ms ago: executing program 2 (id=245):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x1f, 0xb, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000008c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ffffd}, 0x94)

849.581467ms ago: executing program 2 (id=246):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="280000001c000100000000000000000007000000", @ANYRES32=r1, @ANYBLOB="8000b200080002"], 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x40800)

718.501464ms ago: executing program 1 (id=247):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x9, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock=0xe}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x70}}}}}}}, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "1e1907", 0xc, 0x2f, 0x0, @remote, @mcast2, {[], {0x0, 0x6558, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x11, 0x0, 0x0, {[@window={0x3, 0x3, 0x4}]}}}}}}}}, 0x0)

718.189118ms ago: executing program 2 (id=248):
syz_emit_ethernet(0x36, &(0x7f00000000c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x3, 0x9, 0x28, 0x65, 0x0, 0x78, 0x6, 0x0, @loopback, @private=0xa010100}, {{0x4e24, 0x4e21, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x10, 0x14, 0x0, 0xffff}}}}}}, 0x0)

650.46942ms ago: executing program 1 (id=249):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'rose0\x00', 0x112})
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x102})
ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000080)={'syzkaller0\x00', 0x400})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'rose0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r3], 0x20}}, 0x0)

650.270207ms ago: executing program 2 (id=250):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x20, 0x44, 0x107, 0xfffffffc, 0x0, {0x1, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x8e\n'}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

579.4463ms ago: executing program 2 (id=251):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000140)='devices.list\x00', 0x0, 0x0)
readv(r1, &(0x7f0000000040)=[{&(0x7f0000001640)=""/244, 0xf4}], 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xc4}}, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x600}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xd, 0x9, 0x0, 0x0, 0xffffff13}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x9}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x5, 0x1, 0x7, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

462.744604ms ago: executing program 1 (id=252):
r0 = socket$inet(0x2, 0x2, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$inet(r0, &(0x7f00000005c0)={&(0x7f00000003c0)={0x2, 0x0, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000080)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb35", 0x6}], 0x2, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @local, @broadcast}}}], 0x20}, 0x24008004)

380.857254ms ago: executing program 2 (id=253):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000003b80)={0x10000001})
write(r2, 0x0, 0x0)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
syz_emit_ethernet(0x331, &(0x7f0000000780)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00cd04", 0x2fb, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x1f, 0xa, "a78c000005dc8080a2030003004003493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af0502"}, {0x0, 0x1, "000005000000000026000400"}, {0x22, 0x18, "fe906d26efe39393fe08f73eabc57d7b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e464a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf3915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea468000000000054740a5d4901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2bce9ac946a3f0e2bc4000091394c02bcfbbb7d71138537d68e2d2c6393a9f3cc271a9ff09a48b5b303f4"}, {0xe, 0x3, "b8a3e10000a3e1100000006f00ffc0ffff00000000600000ff0bc0"}, {0x0, 0xc, "5e14ccb44d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d180600aa89c8f267d76ece1c9f6ae2e1eb3d8bf9c6ab2642c4808298e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c"}]}}}}}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00000000c0)=0x1c)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r5, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x40000)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x5, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0)
r6 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r6, 0x8)
r7 = accept4(r6, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r7, 0x84, 0x1b, &(0x7f0000000140), &(0x7f0000000000)=0x8)
nanosleep(&(0x7f0000000bc0)={0x0, 0x3938700}, &(0x7f0000000040))
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)

320.53501ms ago: executing program 1 (id=254):
close(0xffffffffffffffff)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000008100000008000300", @ANYRES32=r2, @ANYBLOB="0a000600080211000001000006006600c78800001a003300"], 0x50}}, 0x0)

271.130314ms ago: executing program 1 (id=255):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=@newsa={0x150, 0x10, 0x413, 0x0, 0x25dfdbfb, {{@in6=@dev, @in=@remote}, {@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x6}, 0x0, 0x32}, @in=@dev, {}, {0x0, 0x8, 0x0, 0x8000}, {}, 0x0, 0x1000000, 0xa}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x40, "25cac5216d1c8af0a976902918bf448c5d9f5459"}}]}, 0x150}}, 0x4000080)

0s ago: executing program 1 (id=256):
socket$tipc(0x1e, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
close(0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="400000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="04000400000000001800128008000100677470000c00028008000100", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00M'], 0x40}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=ANY=[], 0x44}}, 0xd0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:64882' (ED25519) to the list of known hosts.
syzkaller login: [   48.789181][ T5819] cgroup: Unknown subsys name 'net'
[   48.906916][ T5819] cgroup: Unknown subsys name 'cpuset'
[   48.912507][ T5819] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.270277][ T5819] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   54.172762][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.186052][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   54.188424][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.192413][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   54.195339][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   54.197777][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.200573][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   54.201014][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   54.207191][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   54.208136][ T5837] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.213252][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   54.213491][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   54.218658][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   54.222064][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   54.225186][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   54.486439][ T5834] chnl_net:caif_netlink_parms(): no params data found
[   54.513515][ T5827] chnl_net:caif_netlink_parms(): no params data found
[   54.562439][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   54.672117][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.675497][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.677948][ T5834] bridge_slave_0: entered allmulticast mode
[   54.680990][ T5834] bridge_slave_0: entered promiscuous mode
[   54.686853][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.689647][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.692418][ T5834] bridge_slave_1: entered allmulticast mode
[   54.696104][ T5834] bridge_slave_1: entered promiscuous mode
[   54.713734][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.716745][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.719850][ T5827] bridge_slave_0: entered allmulticast mode
[   54.723161][ T5827] bridge_slave_0: entered promiscuous mode
[   54.741640][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.744267][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.746867][ T5831] bridge_slave_0: entered allmulticast mode
[   54.750288][ T5831] bridge_slave_0: entered promiscuous mode
[   54.753802][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.756424][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.759444][ T5827] bridge_slave_1: entered allmulticast mode
[   54.763021][ T5827] bridge_slave_1: entered promiscuous mode
[   54.779367][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.784471][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.787198][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.789870][ T5831] bridge_slave_1: entered allmulticast mode
[   54.792727][ T5831] bridge_slave_1: entered promiscuous mode
[   54.821165][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.827245][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.833773][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.874759][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.899435][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.906268][ T5827] team0: Port device team_slave_0 added
[   54.910159][ T5834] team0: Port device team_slave_0 added
[   54.922643][ T5827] team0: Port device team_slave_1 added
[   54.927032][ T5834] team0: Port device team_slave_1 added
[   54.952097][ T5831] team0: Port device team_slave_0 added
[   54.978583][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.980737][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.989182][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.994961][ T5831] team0: Port device team_slave_1 added
[   55.021916][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.025640][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.035939][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.044002][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.046360][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.055678][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.059935][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.062330][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.071509][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.077808][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.080302][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.088726][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.093903][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.096197][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.104498][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.153401][ T5831] hsr_slave_0: entered promiscuous mode
[   55.156697][ T5831] hsr_slave_1: entered promiscuous mode
[   55.166699][ T5827] hsr_slave_0: entered promiscuous mode
[   55.169088][ T5827] hsr_slave_1: entered promiscuous mode
[   55.171301][ T5827] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.174221][ T5827] Cannot create hsr debugfs directory
[   55.225192][ T5834] hsr_slave_0: entered promiscuous mode
[   55.227617][ T5834] hsr_slave_1: entered promiscuous mode
[   55.229930][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.234101][ T5834] Cannot create hsr debugfs directory
[   55.499224][ T5831] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   55.507625][ T5831] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   55.520173][ T5831] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   55.536276][ T5831] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   55.579062][ T5827] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   55.594736][ T5827] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   55.621078][ T5827] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   55.628471][ T5827] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   55.680316][ T5834] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   55.688070][ T5834] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   55.700702][ T5834] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   55.709290][ T5834] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   55.779228][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.812174][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   55.825041][  T739] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.828314][  T739] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.842715][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.849669][  T739] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.852733][  T739] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.894004][ T5827] 8021q: adding VLAN 0 to HW filter on device team0
[   55.900645][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.919525][  T739] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.922693][  T739] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.941564][ T1085] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.944706][ T1085] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.966133][ T5834] 8021q: adding VLAN 0 to HW filter on device team0
[   55.979059][ T1085] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.982160][ T1085] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.007526][ T1085] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.010890][ T1085] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.119686][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.189836][ T5831] veth0_vlan: entered promiscuous mode
[   56.214647][ T5831] veth1_vlan: entered promiscuous mode
[   56.234637][ T5831] veth0_macvtap: entered promiscuous mode
[   56.239313][ T5831] veth1_macvtap: entered promiscuous mode
[   56.250241][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.253333][ T5219] Bluetooth: hci0: command tx timeout
[   56.271680][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.290331][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.300405][ T5827] veth0_vlan: entered promiscuous mode
[   56.309191][ T5831] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.312728][ T5831] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.317156][ T5831] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.320011][ T5831] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.323786][ T5219] Bluetooth: hci1: command tx timeout
[   56.330273][ T5219] Bluetooth: hci2: command tx timeout
[   56.341116][ T5827] veth1_vlan: entered promiscuous mode
[   56.346769][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.412412][ T5827] veth0_macvtap: entered promiscuous mode
[   56.429482][ T1086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.431422][ T5834] veth0_vlan: entered promiscuous mode
[   56.440310][ T5827] veth1_macvtap: entered promiscuous mode
[   56.443993][ T1086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.450076][ T5834] veth1_vlan: entered promiscuous mode
[   56.480666][ T1086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.485168][ T1086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.487629][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.504782][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.510596][ T5834] veth0_macvtap: entered promiscuous mode
[   56.516018][ T5827] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.518800][ T5827] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.521558][ T5827] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.528738][ T5827] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.535369][ T5834] veth1_macvtap: entered promiscuous mode
[   56.542214][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   56.565422][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.580583][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.596498][ T5834] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.599377][ T5834] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.602240][ T5834] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.611103][ T5834] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.662221][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.674324][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.697612][ T5898] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   56.717755][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.721054][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.736532][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.739662][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.784197][  T739] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.787340][  T739] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.088997][ T5921] netlink: 16 bytes leftover after parsing attributes in process `syz.0.13'.
[   57.091902][ T5921] netlink: 16 bytes leftover after parsing attributes in process `syz.0.13'.
[   57.386968][ T5953] netlink: 8 bytes leftover after parsing attributes in process `syz.0.28'.
[   57.437794][ T5957] netlink: 'syz.2.31': attribute type 1 has an invalid length.
[   57.440347][ T5957] netlink: 228 bytes leftover after parsing attributes in process `syz.2.31'.
[   58.005217][ T6011] netlink: 28 bytes leftover after parsing attributes in process `syz.1.51'.
[   58.277048][ T6030] netlink: 36 bytes leftover after parsing attributes in process `syz.2.61'.
[   58.324653][ T5219] Bluetooth: hci0: command tx timeout
[   58.357743][ T6035] netlink: 'syz.2.63': attribute type 1 has an invalid length.
[   58.403417][ T5219] Bluetooth: hci2: command tx timeout
[   58.403543][ T5829] Bluetooth: hci1: command tx timeout
[   58.416891][ T6039] netlink: 28 bytes leftover after parsing attributes in process `syz.2.63'.
[   58.439056][ T6041] netlink: 16 bytes leftover after parsing attributes in process `syz.1.67'.
[   58.442588][ T6041] netlink: 64 bytes leftover after parsing attributes in process `syz.1.67'.
[   58.449486][ T6041] netlink: 16 bytes leftover after parsing attributes in process `syz.1.67'.
[   58.504691][ T6047] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   58.547825][ T6050] warning: `syz.0.70' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   58.554162][ T6047] netlink: 'syz.2.69': attribute type 2 has an invalid length.
[   58.562454][ T6045] tipc: Started in network mode
[   58.565891][ T6045] tipc: Node identity 9a9ae6e41ba3, cluster identity 4711
[   58.568665][ T6045] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   58.584240][ T6044] tipc: Resetting bearer <eth:syzkaller0>
[   59.157047][ T6044] tipc: Disabling bearer <eth:syzkaller0>
[   59.599950][ T6094] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   59.770245][ T6108] netlink: 'syz.2.99': attribute type 15 has an invalid length.
[   59.907826][ T6123] netlink: 'syz.2.106': attribute type 8 has an invalid length.
[   60.094498][ T6141] netlink: 'syz.2.115': attribute type 1 has an invalid length.
[   60.403012][ T5829] Bluetooth: hci0: command tx timeout
[   60.484909][ T5829] Bluetooth: hci2: command tx timeout
[   60.494477][ T5829] Bluetooth: hci1: command tx timeout
[   60.508899][ T6168] tun0: tun_chr_ioctl cmd 2147767521
[   60.838868][ T6182] infiniband syz0: set down
[   60.841695][ T6182] infiniband syz0: added ipvlan1
[   60.886881][ T6182] RDS/IB: syz0: added
[   60.888947][ T6182] smc: adding ib device syz0 with port count 1
[   60.891586][ T6182] smc:    ib device syz0 port 1 has pnetid 
[   60.929332][    T9] hid-generic 0005:07C0:8002.0001: collection stack underflow
[   60.936131][    T9] hid-generic 0005:07C0:8002.0001: item 0 0 0 12 parsing failed
[   60.946859][    T9] hid-generic 0005:07C0:8002.0001: probe with driver hid-generic failed with error -22
[   61.103436][ T6198] x_tables: ip6_tables: mh match: only valid for protocol 135
[   62.140147][ T6258] syz.2.168 (6258) used greatest stack depth: 20648 bytes left
[   62.185729][ T6263] netlink: 'syz.0.171': attribute type 11 has an invalid length.
[   62.230029][ T6268] __nla_validate_parse: 10 callbacks suppressed
[   62.230039][ T6268] netlink: 8 bytes leftover after parsing attributes in process `syz.0.174'.
[   62.483162][ T5829] Bluetooth: hci0: command tx timeout
[   62.573729][ T5219] Bluetooth: hci2: command tx timeout
[   62.580084][ T5829] Bluetooth: hci1: command tx timeout
[   62.647534][ T6277] Zero length message leads to an empty skb
[   63.994809][ T6340] netlink: 'syz.1.200': attribute type 1 has an invalid length.
[   63.997308][ T6340] netlink: 172 bytes leftover after parsing attributes in process `syz.1.200'.
[   64.000055][ T6340] netlink: 'syz.1.200': attribute type 1 has an invalid length.
[   64.014090][ T6333] bridge_slave_0: left allmulticast mode
[   64.018058][ T6333] bridge_slave_0: left promiscuous mode
[   64.020534][ T6342] netlink: 11 bytes leftover after parsing attributes in process `syz.2.201'.
[   64.021178][ T6333] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.059205][ T6333] bridge_slave_1: left allmulticast mode
[   64.061448][ T6333] bridge_slave_1: left promiscuous mode
[   64.089659][ T6333] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.132581][ T6333] bond0: (slave bond_slave_0): Releasing backup interface
[   64.146027][ T6333] bond0: (slave bond_slave_1): Releasing backup interface
[   64.167926][ T6333] team0: Port device team_slave_0 removed
[   64.179593][ T6333] team0: Port device team_slave_1 removed
[   64.187670][ T6333] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   64.191765][ T6333] batman_adv: batadv0: Removing interface: batadv_slave_0
[   64.214302][ T6333] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   64.216912][ T6333] batman_adv: batadv0: Removing interface: batadv_slave_1
[   64.408052][ T6362] netlink: 8 bytes leftover after parsing attributes in process `syz.2.212'.
[   64.447944][ T6365] netlink: 28 bytes leftover after parsing attributes in process `syz.1.211'.
[   64.463142][ T6365] netlink: 'syz.1.211': attribute type 7 has an invalid length.
[   64.466164][ T6365] netlink: 'syz.1.211': attribute type 8 has an invalid length.
[   64.469284][ T6365] netlink: 4 bytes leftover after parsing attributes in process `syz.1.211'.
[   64.504012][ T6365] gretap0: entered promiscuous mode
[   64.506586][ T6365] batadv_slave_1: entered promiscuous mode
[   64.702204][ T6385] netlink: 8 bytes leftover after parsing attributes in process `syz.2.223'.
[   64.880531][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.005909][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.011290][ T6401] sctp: [Deprecated]: syz.1.231 (pid 6401) Use of int in max_burst socket option.
[   65.011290][ T6401] Use struct sctp_assoc_value instead
[   65.021071][ T6403] netlink: 12 bytes leftover after parsing attributes in process `syz.2.230'.
[   65.032670][ T6403] netlink: 12 bytes leftover after parsing attributes in process `syz.2.230'.
[   65.091986][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.165413][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.182554][ T5219] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   65.192065][ T5219] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   65.195000][ T5219] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   65.198196][ T5219] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   65.201459][ T5219] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   65.294870][ T6417] netlink: 12 bytes leftover after parsing attributes in process `syz.1.237'.
[   65.728640][   T13] bond0 (unregistering): Released all slaves
[   65.890956][ T6454] netlink: 'syz.2.250': attribute type 1 has an invalid length.
[   66.177035][ T6412] chnl_net:caif_netlink_parms(): no params data found
[   66.374179][ T6412] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.377275][ T6412] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.383411][ T6412] bridge_slave_0: entered allmulticast mode
[   66.389541][ T6412] bridge_slave_0: entered promiscuous mode
[   66.440251][   T13] hsr_slave_0: left promiscuous mode
[   66.454698][   T13] hsr_slave_1: left promiscuous mode
[   66.488100][   T13] veth1_macvtap: left promiscuous mode
[   66.490511][   T13] veth0_macvtap: left promiscuous mode
[   66.494095][   T13] veth1_vlan: left promiscuous mode
[   66.496436][   T13] veth0_vlan: left promiscuous mode
[   66.605962][ T1087] smc: removing ib device syz0
[   66.948194][ T6412] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.950878][ T6412] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.954506][ T6412] bridge_slave_1: entered allmulticast mode
[   66.957338][ T6412] bridge_slave_1: entered promiscuous mode
[   67.005115][ T5869] ==================================================================
[   67.007681][ T5869] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x6e/0x190
[   67.010528][ T5869] Read of size 8 at addr ffff88803ced02e8 by task kworker/0:4/5869
[   67.014157][ T5869] 
[   67.015212][ T5869] CPU: 0 UID: 0 PID: 5869 Comm: kworker/0:4 Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 PREEMPT(full) 
[   67.015226][ T5869] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   67.015235][ T5869] Workqueue: events smc_ib_port_event_work
[   67.015256][ T5869] Call Trace:
[   67.015262][ T5869]  <TASK>
[   67.015268][ T5869]  dump_stack_lvl+0x189/0x250
[   67.015283][ T5869]  ? __virt_addr_valid+0x1c8/0x5c0
[   67.015298][ T5869]  ? rcu_is_watching+0x15/0xb0
[   67.015312][ T5869]  ? __pfx_dump_stack_lvl+0x10/0x10
[   67.015325][ T5869]  ? rcu_is_watching+0x15/0xb0
[   67.015338][ T5869]  ? lock_release+0x4b/0x3e0
[   67.015351][ T5869]  ? __virt_addr_valid+0x1c8/0x5c0
[   67.015365][ T5869]  ? __virt_addr_valid+0x4a5/0x5c0
[   67.015379][ T5869]  print_report+0xd2/0x2b0
[   67.015391][ T5869]  ? __ethtool_get_link_ksettings+0x6e/0x190
[   67.015407][ T5869]  kasan_report+0x118/0x150
[   67.015422][ T5869]  ? __ethtool_get_link_ksettings+0x6e/0x190
[   67.015439][ T5869]  __ethtool_get_link_ksettings+0x6e/0x190
[   67.015456][ T5869]  ib_get_eth_speed+0x15e/0x7b0
[   67.015473][ T5869]  ? __pfx_ib_get_eth_speed+0x10/0x10
[   67.015491][ T5869]  ? do_raw_spin_unlock+0x4d/0x240
[   67.015510][ T5869]  rxe_query_port+0x93/0x3b0
[   67.015525][ T5869]  ib_query_port+0x170/0x830
[   67.015543][ T5869]  smc_ib_port_event_work+0x15a/0x940
[   67.015561][ T5869]  ? _raw_spin_unlock_irq+0x23/0x50
[   67.015578][ T5869]  ? process_scheduled_works+0x9ef/0x17b0
[   67.015591][ T5869]  ? process_scheduled_works+0x9ef/0x17b0
[   67.015604][ T5869]  process_scheduled_works+0xae1/0x17b0
[   67.015625][ T5869]  ? __pfx_process_scheduled_works+0x10/0x10
[   67.015642][ T5869]  worker_thread+0x8a0/0xda0
[   67.015656][ T5869]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   67.015675][ T5869]  ? __kthread_parkme+0x7b/0x200
[   67.015691][ T5869]  kthread+0x711/0x8a0
[   67.015707][ T5869]  ? __pfx_worker_thread+0x10/0x10
[   67.015719][ T5869]  ? __pfx_kthread+0x10/0x10
[   67.015735][ T5869]  ? _raw_spin_unlock_irq+0x23/0x50
[   67.015750][ T5869]  ? lockdep_hardirqs_on+0x9c/0x150
[   67.015793][ T5869]  ? __pfx_kthread+0x10/0x10
[   67.015809][ T5869]  ret_from_fork+0x3fc/0x770
[   67.015822][ T5869]  ? __pfx_ret_from_fork+0x10/0x10
[   67.015836][ T5869]  ? __switch_to_asm+0x39/0x70
[   67.015850][ T5869]  ? __switch_to_asm+0x33/0x70
[   67.015864][ T5869]  ? __pfx_kthread+0x10/0x10
[   67.015879][ T5869]  ret_from_fork_asm+0x1a/0x30
[   67.015898][ T5869]  </TASK>
[   67.015902][ T5869] 
[   67.096098][ T5869] Allocated by task 5831:
[   67.097508][ T5869]  kasan_save_track+0x3e/0x80
[   67.099040][ T5869]  __kasan_kmalloc+0x93/0xb0
[   67.100571][ T5869]  __kvmalloc_node_noprof+0x30d/0x5f0
[   67.102258][ T5869]  alloc_netdev_mqs+0xa6/0x11e0
[   67.103798][ T5869]  rtnl_create_link+0x31f/0xd10
[   67.105431][ T5869]  rtnl_newlink_create+0x25c/0xb00
[   67.107614][ T5869]  rtnl_newlink+0x16d6/0x1c70
[   67.109261][ T5869]  rtnetlink_rcv_msg+0x7cf/0xb70
[   67.110990][ T5869]  netlink_rcv_skb+0x208/0x470
[   67.112950][ T5869]  netlink_unicast+0x75c/0x8e0
[   67.114889][ T5869]  netlink_sendmsg+0x805/0xb30
[   67.116814][ T5869]  __sock_sendmsg+0x21c/0x270
[   67.118689][ T5869]  __sys_sendto+0x3bd/0x520
[   67.120370][ T5869]  __x64_sys_sendto+0xde/0x100
[   67.121913][ T5869]  do_syscall_64+0xfa/0x3b0
[   67.123509][ T5869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.125999][ T5869] 
[   67.126990][ T5869] Freed by task 13:
[   67.128472][ T5869]  kasan_save_track+0x3e/0x80
[   67.129956][ T5869]  kasan_save_free_info+0x46/0x50
[   67.131597][ T5869]  __kasan_slab_free+0x62/0x70
[   67.133265][ T5869]  kfree+0x18e/0x440
[   67.134957][ T5869]  device_release+0x9c/0x1c0
[   67.136731][ T5869]  kobject_put+0x22b/0x480
[   67.138249][ T5869]  netdev_run_todo+0xd2e/0xea0
[   67.139834][ T5869]  default_device_exit_batch+0x81e/0x890
[   67.141653][ T5869]  ops_undo_list+0x525/0x990
[   67.143131][ T5869]  cleanup_net+0x4c5/0x800
[   67.144561][ T5869]  process_scheduled_works+0xae1/0x17b0
[   67.146277][ T5869]  worker_thread+0x8a0/0xda0
[   67.147727][ T5869]  kthread+0x711/0x8a0
[   67.149037][ T5869]  ret_from_fork+0x3fc/0x770
[   67.150540][ T5869]  ret_from_fork_asm+0x1a/0x30
[   67.152137][ T5869] 
[   67.152914][ T5869] The buggy address belongs to the object at ffff88803ced0000
[   67.152914][ T5869]  which belongs to the cache kmalloc-cg-4k of size 4096
[   67.157472][ T5869] The buggy address is located 744 bytes inside of
[   67.157472][ T5869]  freed 4096-byte region [ffff88803ced0000, ffff88803ced1000)
[   67.161689][ T5869] 
[   67.162455][ T5869] The buggy address belongs to the physical page:
[   67.164797][ T5869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3ced0
[   67.167784][ T5869] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   67.170373][ T5869] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   67.172715][ T5869] page_type: f5(slab)
[   67.174225][ T5869] raw: 00fff00000000040 ffff88801a44b500 dead000000000122 0000000000000000
[   67.177009][ T5869] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[   67.179745][ T5869] head: 00fff00000000040 ffff88801a44b500 dead000000000122 0000000000000000
[   67.182612][ T5869] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[   67.185442][ T5869] head: 00fff00000000003 ffffea0000f3b401 00000000ffffffff 00000000ffffffff
[   67.188201][ T5869] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   67.191035][ T5869] page dumped because: kasan: bad access detected
[   67.193116][ T5869] page_owner tracks the page as allocated
[   67.195333][ T5869] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5831, tgid 5831 (syz-executor), ts 55236582310, free_ts 0
[   67.202294][ T5869]  post_alloc_hook+0x240/0x2a0
[   67.204033][ T5869]  get_page_from_freelist+0x21e4/0x22c0
[   67.206192][ T5869]  __alloc_frozen_pages_noprof+0x181/0x370
[   67.208022][ T5869]  alloc_pages_mpol+0x232/0x4a0
[   67.209684][ T5869]  allocate_slab+0x8a/0x3b0
[   67.211388][ T5869]  ___slab_alloc+0xbfc/0x1480
[   67.212863][ T5869]  __kvmalloc_node_noprof+0x429/0x5f0
[   67.214629][ T5869]  alloc_netdev_mqs+0xa6/0x11e0
[   67.216365][ T5869]  rtnl_create_link+0x31f/0xd10
[   67.217954][ T5869]  rtnl_newlink_create+0x25c/0xb00
[   67.219705][ T5869]  rtnl_newlink+0x16d6/0x1c70
[   67.221440][ T5869]  rtnetlink_rcv_msg+0x7cf/0xb70
[   67.223042][ T5869]  netlink_rcv_skb+0x208/0x470
[   67.224995][ T5869]  netlink_unicast+0x75c/0x8e0
[   67.226744][ T5869]  netlink_sendmsg+0x805/0xb30
[   67.228297][ T5869]  __sock_sendmsg+0x21c/0x270
[   67.229804][ T5869] page_owner free stack trace missing
[   67.231557][ T5869] 
[   67.232377][ T5869] Memory state around the buggy address:
[   67.234147][ T5869]  ffff88803ced0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.236667][ T5869]  ffff88803ced0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.239206][ T5869] >ffff88803ced0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.241881][ T5869]                                                           ^
[   67.244404][ T5869]  ffff88803ced0300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.247046][ T5869]  ffff88803ced0380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.249705][ T5869] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   67.275391][ T5869] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   67.277792][ T5869] CPU: 0 UID: 0 PID: 5869 Comm: kworker/0:4 Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 PREEMPT(full) 
[   67.281946][ T5869] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   67.285245][ T5869] Workqueue: events smc_ib_port_event_work
[   67.287173][ T5869] Call Trace:
[   67.288257][ T5869]  <TASK>
[   67.289263][ T5869]  dump_stack_lvl+0x99/0x250
[   67.290785][ T5869]  ? __asan_memcpy+0x40/0x70
[   67.292362][ T5869]  ? __pfx_dump_stack_lvl+0x10/0x10
[   67.294033][ T5869]  ? __pfx__printk+0x10/0x10
[   67.295548][ T5869]  panic+0x2db/0x790
[   67.296839][ T5869]  ? __pfx_panic+0x10/0x10
[   67.298290][ T5869]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   67.300149][ T5869]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   67.302216][ T5869]  ? print_memory_metadata+0x314/0x400
[   67.303931][ T5869]  ? __ethtool_get_link_ksettings+0x6e/0x190
[   67.305867][ T5869]  check_panic_on_warn+0x89/0xb0
[   67.307502][ T5869]  ? __ethtool_get_link_ksettings+0x6e/0x190
[   67.309527][ T5869]  end_report+0x78/0x160
[   67.310962][ T5869]  kasan_report+0x129/0x150
[   67.312530][ T5869]  ? __ethtool_get_link_ksettings+0x6e/0x190
[   67.314788][ T5869]  __ethtool_get_link_ksettings+0x6e/0x190
[   67.316633][ T5869]  ib_get_eth_speed+0x15e/0x7b0
[   67.318246][ T5869]  ? __pfx_ib_get_eth_speed+0x10/0x10
[   67.320016][ T5869]  ? do_raw_spin_unlock+0x4d/0x240
[   67.321806][ T5869]  rxe_query_port+0x93/0x3b0
[   67.323429][ T5869]  ib_query_port+0x170/0x830
[   67.325415][ T5869]  smc_ib_port_event_work+0x15a/0x940
[   67.327194][ T5869]  ? _raw_spin_unlock_irq+0x23/0x50
[   67.328938][ T5869]  ? process_scheduled_works+0x9ef/0x17b0
[   67.330721][ T5869]  ? process_scheduled_works+0x9ef/0x17b0
[   67.332580][ T5869]  process_scheduled_works+0xae1/0x17b0
[   67.334490][ T5869]  ? __pfx_process_scheduled_works+0x10/0x10
[   67.336486][ T5869]  worker_thread+0x8a0/0xda0
[   67.338014][ T5869]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   67.340126][ T5869]  ? __kthread_parkme+0x7b/0x200
[   67.341746][ T5869]  kthread+0x711/0x8a0
[   67.343090][ T5869]  ? __pfx_worker_thread+0x10/0x10
[   67.345205][ T5869]  ? __pfx_kthread+0x10/0x10
[   67.346841][ T5869]  ? _raw_spin_unlock_irq+0x23/0x50
[   67.348590][ T5869]  ? lockdep_hardirqs_on+0x9c/0x150
[   67.350306][ T5869]  ? __pfx_kthread+0x10/0x10
[   67.351803][ T5869]  ret_from_fork+0x3fc/0x770
[   67.353352][ T5869]  ? __pfx_ret_from_fork+0x10/0x10
[   67.355152][ T5869]  ? __switch_to_asm+0x39/0x70
[   67.356723][ T5869]  ? __switch_to_asm+0x33/0x70
[   67.358531][ T5869]  ? __pfx_kthread+0x10/0x10
[   67.360413][ T5869]  ret_from_fork_asm+0x1a/0x30
[   67.362293][ T5869]  </TASK>
[   67.364288][ T5869] Kernel Offset: disabled
[   67.366137][ T5869] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:03:02  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000065 RBX=0000000000000065 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900034bf090
R8 =ffff888021898237 R9 =1ffff11004313046 R10=dffffc0000000000 R11=ffffffff85478780
R12=dffffc0000000000 R13=ffffffff99af98a3 R14=ffffffff99dfe6e0 R15=0000000000000000
RIP=ffffffff854787fc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fac58c36fc8 CR3=0000000029432000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff8168704e ffffffff8167846b
XMM02=ffffffff8133a4fe ffffffff8167846b XMM03=ffffffff8133a4fe ffffffff8133a4fe
XMM04=00007fc5c5eed100 00007fc5c5385440 XMM05=00007fc5c5385458 00007fc5c53854a0
XMM06=00007fc5c5385498 00007fc5c5385490 XMM07=00007fc5c5385488 00007fc5c5385480
XMM08=16b89ea3ba12b22d 560acd7c909923a4 XMM09=0000000000000000 00007fc5c5211c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=1ffff11020ed6702 RBX=1ffffffff1b77d8f RCX=58492d18ba470200 RDX=0000000000000000
RSI=ffffffff8db865a0 RDI=ffffffff8be29dc0 RBP=dffffc0000000000 RSP=ffffc90004ecf6c0
R8 =ffffffff8fa1f3f7 R9 =1ffffffff1f43e7e R10=dffffc0000000000 R11=fffffbfff1f43e7f
R12=ffff88810fdbb400 R13=ffff8881076b3810 R14=0000000000000001 R15=ffffffff8dbbec78
RIP=ffffffff819aabcd RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555594d02500 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fac58c57fc8 CR3=0000000029432000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fac57f85478 00007fac57f85450 XMM03=00007fac57f85488 00007fac57f85480
XMM04=00007fac58aed100 00007fac57f85440 XMM05=00007fac57f85458 00007fac57f854a0
XMM06=00007fac57f85498 00007fac57f85490 XMM07=00007fac57f85488 00007fac57f85480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007fac57e11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
