last executing test programs:

1.507231533s ago: executing program 3 (id=333):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r1, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e1c}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r0, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4040)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r2}, 0x18)

1.417065825s ago: executing program 0 (id=336):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x4, 0x1}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0)

1.282845404s ago: executing program 0 (id=339):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)={0x24, 0x3, 0x1, 0x101, 0x0, 0x0, {0xa}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x80a}]}, @CTA_TUPLE_REPLY={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000004}, 0x44080)

1.145024035s ago: executing program 3 (id=341):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="02000000040000000100000027bf00000005"], 0x50)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a40)={r0}, 0x4)

1.136461991s ago: executing program 1 (id=342):
r0 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0)

1.037004352s ago: executing program 0 (id=344):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000140)={@multicast1, @loopback}, 0xc)
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000480)={0xc, {{0x2, 0x4e21, @multicast2}}, {{0x2, 0x4e20, @empty}}}, 0x108)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000440)={@multicast1, @loopback, 0x1, 0x1, [@multicast2]}, 0x14)

954.898223ms ago: executing program 1 (id=345):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a84000000060a010400000000000000000200000058000480540001800b00010065787468647200004400028005000200830000000800034000000000080004400000003208000640000000020800014000000008080005400000000108000540d052aec108000640000000020900010073797a30000000000900020073797a3200"], 0x6034}}, 0x0)

947.437078ms ago: executing program 2 (id=346):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, 0x0, 0x0)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0xfffe, @local, 'geneve1\x00'}}, 0x1e)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'veth0_virt_wifi\x00'}}, 0x1e)

896.250515ms ago: executing program 3 (id=347):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x88f}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xce0, 0x0, &(0x7f00000000c0)="e30080670000ec67838717bd86dd", 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

896.002034ms ago: executing program 4 (id=348):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@getroute={0x14, 0x1a, 0x211, 0x70bd28, 0x25dfdbfd}, 0x14}}, 0x800)
recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000240)=""/203, 0xcb}, {&(0x7f00000023c0)=""/4107, 0x100b}], 0x2}, 0x9}], 0x1, 0x40012000, 0x0)

877.67077ms ago: executing program 0 (id=349):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWCHAIN={0x50, 0x3, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xffffff6a}]}, @NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x3}]}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050)

794.309972ms ago: executing program 2 (id=350):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x60000090)

732.949079ms ago: executing program 3 (id=351):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec"], 0xffe)

731.943214ms ago: executing program 1 (id=352):
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000ce34000000000000000000850000002f00000095"], &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x1c, 0x15, 0x301, 0x0, 0x0, {0xa}, [@typed={0x8, 0x2, 0x0, 0x0, @fd=r2}]}, 0x1c}}, 0x20000080)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x80}, 0x0)

641.02594ms ago: executing program 0 (id=353):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0xe8034000, 0x0, 0x44, 0x0, &(0x7f00000000c0)="c6769e45b7c61302926682c7f9e9bb5ba2b3cdf023e8da0392a4cd62e2370f25ae5ba0dab896bcf5b774cd28bebbde39f796ae27d04582bb7c03e9fe830ea22c9fd03f6d", 0x5dc}, 0x50)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB='c *:23'], 0xa)

640.849639ms ago: executing program 4 (id=354):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000680)={0x1d, r1, 0x1, {0x0, 0x1}, 0x2}, 0x18)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000000)={0x1d, r1, 0x1, {0x0, 0xf0, 0x3}, 0x7d}, 0x18)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000002500)={0x1d, r1, 0x2, {0x2, 0xff, 0x4}, 0xfd}, 0x18)

583.607626ms ago: executing program 2 (id=355):
unshare(0x40400)
r0 = socket(0x28, 0x801, 0x0)
connect$vsock_stream(r0, &(0x7f0000000880)={0x28, 0x0, 0x0, @local}, 0x10)

538.397891ms ago: executing program 1 (id=356):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x2c, 0x7, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x4001}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040850}, 0x4004014)

488.77246ms ago: executing program 4 (id=357):
syz_emit_ethernet(0x6e, &(0x7f00000001c0)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "e400ff", 0x38, 0x3a, 0x0, @private2, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x11, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast1}, [@fragment={0x33, 0x0, 0x6, 0x1, 0x0, 0x1a, 0x66}]}}}}}}}, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000f14010094bd7800fbdbdf2508000100000000000b0045007576657262730000080003"], 0x2c}, 0x1, 0x0, 0x0, 0xc004}, 0x4044010)

488.111696ms ago: executing program 0 (id=358):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x16, 0xc, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0xea5, '.\x00'}})

373.089604ms ago: executing program 2 (id=359):
socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x5e, &(0x7f0000000480)=ANY=[@ANYBLOB="e33110"], 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x240008c8)

324.111034ms ago: executing program 3 (id=360):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, 0x0, 0x0)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'veth0_virt_wifi\x00'}}, 0x1e)

311.696002ms ago: executing program 1 (id=361):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x1c42}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8, 0x2, 0xfffffffe}]}}}, @IFLA_IFNAME={0x14, 0x3, 'xfrm0\x00'}]}, 0x50}}, 0x0)

245.145276ms ago: executing program 2 (id=362):
gettid()
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6(0x10, 0x2, 0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$alg(0x26, 0x5, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r2], 0x3c}}, 0x10)

244.980498ms ago: executing program 4 (id=363):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a84000000060a010400000000000000000200000058000480540001800b00010065787468647200004400028005000200830000000800034000000000080004400000003208000640000000020800014000000008080005400000000108000540d052aec108000640000000020900010073797a30000000000900020073797a3200"], 0x6034}}, 0x0)

170.677152ms ago: executing program 1 (id=364):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x4, @private1}}, 0x0, 0x0, 0x6, 0x0, "3f114438efdaca16d374b49a365be44d5e860ea3ba676c300047b80e003535d5bd9db3c8572560f4d1be5cd41f7716082ee3589f099942e6f1c395ddb8160381baadf279000000000400"}, 0xd8)

159.892976ms ago: executing program 4 (id=365):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x60000090)

101.008807ms ago: executing program 3 (id=366):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
socket$packet(0x11, 0x2, 0x300)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000001800)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5efb8032d1ade92e88e50a05a95dd5c6cbbdfb086fa53bca14d40c8c3f7149b39b16b7c7370978389366174db5fbc99dbe958f8c1690cd695dfbe6c384162a412c8d3cfd7cf223f9df4c67b92514111891f53d4e19826797302e1a87e7a627c52740bb3bd311771a68d349c0a68ef6f2a765f8220323add67b2b6695ca41adcda387a4264bcd94c8578a9ccca3b55ebcda45369b56068cfeec34abc2cbd94b9b12d057fa9d4328d57073f40e5ae64443e4a10ed400575bbd1168a170a0134b9ad28735dbd9603a9e417cce864f2141a92f57e1fdfcff4776f94a794d6db8d3e9e0ecc783956c7ab15a8d5639d3df1ac9da6057af913a563bd55b657f37cbf4cae2919aea6ff8a748eb4c036361b8866cc062bbad019f43d02b0c38bd6309f2baa53924466203ab8d00daaac4c9da846e645d64c10e47c32e9824e79ade4eeee7cbf71b1bb48f760800b04334745ab553dea12a85f0671eb07a4cc67ceaffa8269e0b052f25136cfb8a6b9327a2d165c42933642d3171ad00ebf0be485f5ed319021600a94072f251c8905a2451eba3ba7db2ec5fb8613463a796610629719166259ffa3261e06f09b5a69798b88848da9028ff7ed8a729c384374fce0f4f5cda3b61cc4d61da382c5708f26edb16e9b65d667ed61248dfbed35a6a886adec25361c17d9f30f94db7e3085440df135ddec94f3f01fe2e2f9edb9e1", 0x340}], 0x1}}], 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

73.088537ms ago: executing program 2 (id=367):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0)
bind$can_j1939(r1, &(0x7f0000000680)={0x1d, 0x0, 0x1, {0x0, 0x1}, 0x2}, 0x18)
bind$can_j1939(r0, &(0x7f0000000000)={0x1d, 0x0, 0x1, {0x0, 0xf0, 0x3}, 0x7d}, 0x18)
bind$can_j1939(r0, &(0x7f0000002500)={0x1d, 0x0, 0x2, {0x2, 0xff, 0x4}, 0xfd}, 0x18)

0s ago: executing program 4 (id=368):
r0 = socket(0x2, 0x3, 0xff)
setsockopt$inet_int(r0, 0x0, 0x3, 0x0, 0x0)
sendmmsg$inet(r0, &(0x7f0000001f80)=[{{&(0x7f00000000c0)={0x2, 0x4e22, @remote}, 0x10, 0x0}}, {{&(0x7f00000002c0)={0x2, 0x4e23, @multicast1}, 0x10, 0x0}}], 0x2, 0x4)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.174' (ED25519) to the list of known hosts.
[   71.757769][ T5834] cgroup: Unknown subsys name 'net'
[   71.927311][ T5834] cgroup: Unknown subsys name 'cpuset'
[   71.935977][ T5834] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   73.366967][ T5834] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   75.815074][ T5847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   75.830965][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   75.853153][ T5857] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   75.861347][ T5857] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   75.869325][ T5857] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   75.877263][ T5857] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   75.886576][ T5857] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   75.887409][ T5855] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   75.894548][ T5857] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   75.908137][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   75.910057][ T5855] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   75.916147][ T5857] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   75.924029][ T5855] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   75.934235][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   75.937068][ T5855] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   75.951117][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   75.951679][ T5855] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   75.967285][ T5855] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   75.983654][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   75.991959][ T5855] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   76.003803][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   76.011364][ T5855] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   76.019942][ T5855] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   76.032555][ T5855] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   76.040642][ T5855] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   76.568780][ T5859] chnl_net:caif_netlink_parms(): no params data found
[   76.698475][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   76.808337][ T5844] chnl_net:caif_netlink_parms(): no params data found
[   76.898928][ T5851] chnl_net:caif_netlink_parms(): no params data found
[   76.973842][ T5849] chnl_net:caif_netlink_parms(): no params data found
[   77.002142][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.011311][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.018720][ T5859] bridge_slave_0: entered allmulticast mode
[   77.027323][ T5859] bridge_slave_0: entered promiscuous mode
[   77.067812][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.075061][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.082239][ T5854] bridge_slave_0: entered allmulticast mode
[   77.089399][ T5854] bridge_slave_0: entered promiscuous mode
[   77.130006][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.137203][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.144540][ T5859] bridge_slave_1: entered allmulticast mode
[   77.151480][ T5859] bridge_slave_1: entered promiscuous mode
[   77.163458][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.173059][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.180247][ T5854] bridge_slave_1: entered allmulticast mode
[   77.188201][ T5854] bridge_slave_1: entered promiscuous mode
[   77.216585][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.225638][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.232738][ T5844] bridge_slave_0: entered allmulticast mode
[   77.239954][ T5844] bridge_slave_0: entered promiscuous mode
[   77.305054][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.312204][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.321015][ T5844] bridge_slave_1: entered allmulticast mode
[   77.328877][ T5844] bridge_slave_1: entered promiscuous mode
[   77.338949][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.387329][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.399446][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.424203][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.492346][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.499591][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.507078][ T5851] bridge_slave_0: entered allmulticast mode
[   77.516440][ T5851] bridge_slave_0: entered promiscuous mode
[   77.524668][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.531732][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.539661][ T5851] bridge_slave_1: entered allmulticast mode
[   77.546938][ T5851] bridge_slave_1: entered promiscuous mode
[   77.566771][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.579338][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.651808][ T5854] team0: Port device team_slave_0 added
[   77.672444][ T5859] team0: Port device team_slave_0 added
[   77.683187][ T5859] team0: Port device team_slave_1 added
[   77.689340][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.697337][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.704843][ T5849] bridge_slave_0: entered allmulticast mode
[   77.711797][ T5849] bridge_slave_0: entered promiscuous mode
[   77.721522][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.732792][ T5854] team0: Port device team_slave_1 added
[   77.760580][ T5844] team0: Port device team_slave_0 added
[   77.793100][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.800892][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.808299][ T5849] bridge_slave_1: entered allmulticast mode
[   77.815373][ T5849] bridge_slave_1: entered promiscuous mode
[   77.824894][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.849219][ T5844] team0: Port device team_slave_1 added
[   77.856324][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.863252][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.889880][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.926746][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.933757][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.960185][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.983295][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.990424][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.016931][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.017056][   T51] Bluetooth: hci0: command tx timeout
[   78.033730][ T5852] Bluetooth: hci1: command tx timeout
[   78.039549][ T5855] Bluetooth: hci3: command tx timeout
[   78.065726][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.072706][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.098969][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.103765][ T5855] Bluetooth: hci4: command tx timeout
[   78.115110][   T51] Bluetooth: hci2: command tx timeout
[   78.131560][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.139152][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.165368][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.179045][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.186057][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.212245][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.226227][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.239324][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.250306][ T5851] team0: Port device team_slave_0 added
[   78.259491][ T5851] team0: Port device team_slave_1 added
[   78.352961][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.364038][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.390307][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.428271][ T5849] team0: Port device team_slave_0 added
[   78.438291][ T5849] team0: Port device team_slave_1 added
[   78.450001][ T5859] hsr_slave_0: entered promiscuous mode
[   78.458265][ T5859] hsr_slave_1: entered promiscuous mode
[   78.466712][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.475929][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.502679][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.525407][ T5854] hsr_slave_0: entered promiscuous mode
[   78.531640][ T5854] hsr_slave_1: entered promiscuous mode
[   78.538194][ T5854] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.546072][ T5854] Cannot create hsr debugfs directory
[   78.670809][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.678800][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.705278][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.721326][ T5844] hsr_slave_0: entered promiscuous mode
[   78.728328][ T5844] hsr_slave_1: entered promiscuous mode
[   78.734430][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.741974][ T5844] Cannot create hsr debugfs directory
[   78.780843][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.788135][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.817531][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.850235][ T5851] hsr_slave_0: entered promiscuous mode
[   78.856693][ T5851] hsr_slave_1: entered promiscuous mode
[   78.862681][ T5851] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.870834][ T5851] Cannot create hsr debugfs directory
[   78.952833][ T5849] hsr_slave_0: entered promiscuous mode
[   78.959453][ T5849] hsr_slave_1: entered promiscuous mode
[   78.966654][ T5849] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.974395][ T5849] Cannot create hsr debugfs directory
[   79.450268][ T5859] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   79.461979][ T5859] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   79.480794][ T5859] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   79.500352][ T5859] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   79.570180][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   79.582658][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   79.620905][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   79.657555][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   79.724650][ T5844] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   79.757318][ T5844] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   79.770345][ T5844] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   79.803395][ T5844] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   79.882900][ T5849] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   79.905807][ T5849] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   79.940098][ T5849] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   79.980298][ T5849] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   79.997075][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.056466][ T5851] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   80.084193][ T5852] Bluetooth: hci1: command tx timeout
[   80.085501][ T5859] 8021q: adding VLAN 0 to HW filter on device team0
[   80.089660][   T51] Bluetooth: hci0: command tx timeout
[   80.101808][ T5855] Bluetooth: hci3: command tx timeout
[   80.106078][ T5851] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   80.131049][ T5851] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   80.152414][ T5851] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   80.164540][   T51] Bluetooth: hci2: command tx timeout
[   80.170067][ T5855] Bluetooth: hci4: command tx timeout
[   80.189133][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.196400][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.208635][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.215728][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.257400][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.271467][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.303398][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   80.340149][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[   80.352090][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.359262][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.375041][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.382218][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.418495][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.425667][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.438701][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.445816][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.599598][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.679778][ T5849] 8021q: adding VLAN 0 to HW filter on device team0
[   80.731392][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.779922][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.787126][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.824768][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.831929][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.853992][ T5851] 8021q: adding VLAN 0 to HW filter on device team0
[   80.880849][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.888044][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.979547][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.006408][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.013637][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.181692][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.220051][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.256620][ T5859] veth0_vlan: entered promiscuous mode
[   81.297400][ T5859] veth1_vlan: entered promiscuous mode
[   81.456002][ T5854] veth0_vlan: entered promiscuous mode
[   81.462119][ T5859] veth0_macvtap: entered promiscuous mode
[   81.510091][ T5859] veth1_macvtap: entered promiscuous mode
[   81.567612][ T5854] veth1_vlan: entered promiscuous mode
[   81.622468][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0
[   81.659863][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1
[   81.759201][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.799032][ T5854] veth0_macvtap: entered promiscuous mode
[   81.821675][ T3489] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.860337][ T3489] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.869931][ T3489] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.901767][ T5854] veth1_macvtap: entered promiscuous mode
[   81.914486][ T3489] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.968638][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.999475][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.022077][ T5844] veth0_vlan: entered promiscuous mode
[   82.047319][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.092867][ T5851] veth0_vlan: entered promiscuous mode
[   82.123253][ T5844] veth1_vlan: entered promiscuous mode
[   82.164160][   T51] Bluetooth: hci0: command tx timeout
[   82.169623][ T5852] Bluetooth: hci1: command tx timeout
[   82.175327][ T5855] Bluetooth: hci3: command tx timeout
[   82.180796][ T3489] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.216501][ T5851] veth1_vlan: entered promiscuous mode
[   82.237924][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.254020][ T5855] Bluetooth: hci4: command tx timeout
[   82.259445][ T5855] Bluetooth: hci2: command tx timeout
[   82.270090][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.270117][ T3489] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.293415][ T3489] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.305757][ T5849] veth0_vlan: entered promiscuous mode
[   82.321335][ T3489] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.351792][ T5849] veth1_vlan: entered promiscuous mode
[   82.381330][ T3489] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.391141][ T3489] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.468148][ T5844] veth0_macvtap: entered promiscuous mode
[   82.505432][ T5859] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   82.522747][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.534282][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.542562][ T5851] veth0_macvtap: entered promiscuous mode
[   82.551313][ T5851] veth1_macvtap: entered promiscuous mode
[   82.582695][ T5844] veth1_macvtap: entered promiscuous mode
[   82.636847][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.653164][ T5849] veth0_macvtap: entered promiscuous mode
[   82.659781][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.679394][ T5966] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 67108897, id = 0
[   82.681962][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.713138][ T5849] veth1_macvtap: entered promiscuous mode
[   82.760671][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.815708][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.839682][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.888957][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.907781][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.919768][ T3543] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.953297][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.030819][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.068930][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.120528][   T36] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.158848][   T36] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.173074][   T36] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.236438][   T36] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.261664][   T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.276987][ T5979] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   83.291169][   T76] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.359025][   T76] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.378774][   T76] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.412427][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.434162][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.443194][ T5983] IPVS: stopping backup sync thread 5984 ...
[   83.462032][ T5984] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 5, id = 0
[   83.486418][ T3489] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.519534][ T3489] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.571240][ T3543] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.586593][ T3543] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.751351][ T3543] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.775898][ T3543] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.793400][ T5993] wg2: entered promiscuous mode
[   83.802177][ T5993] wg2: entered allmulticast mode
[   83.824899][ T3489] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.846358][ T3489] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.914497][   T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.922975][   T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.060738][ T6001] vcan0: tx drop: invalid sa for name 0x0000000000000001
[   84.254029][ T5855] Bluetooth: hci3: command tx timeout
[   84.259474][ T5855] Bluetooth: hci0: command tx timeout
[   84.267649][   T51] Bluetooth: hci1: command tx timeout
[   84.324591][ T5855] Bluetooth: hci2: command tx timeout
[   84.330023][ T5855] Bluetooth: hci4: command tx timeout
[   84.878315][ T6027] vcan0: tx drop: invalid sa for name 0x0000000000000001
[   85.026472][ T6031] pim6reg1: entered promiscuous mode
[   85.042887][ T6031] pim6reg1: entered allmulticast mode
[   85.907867][ T6053] pim6reg1: entered promiscuous mode
[   85.928219][ T6053] pim6reg1: entered allmulticast mode
[   85.994436][ T6057] vcan0: tx drop: invalid sa for name 0x0000000000000001
[   86.462246][ T6077] veth0_vlan: entered allmulticast mode
[   86.548337][ T6077] veth0_vlan: left promiscuous mode
[   86.583112][ T6077] veth0_vlan: entered promiscuous mode
[   86.649293][  T978] cfg80211: failed to load regulatory.db
[   89.288165][ T6159] netlink: 'syz.4.85': attribute type 39 has an invalid length.
[   89.315226][ T6163] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   90.795088][ T6228] netlink: 8 bytes leftover after parsing attributes in process `syz.4.116'.
[   90.816935][ T6228] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.825094][ T6228] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.066705][ T6283] bridge0: entered promiscuous mode
[   92.082480][ T6283] macvtap1: entered allmulticast mode
[   92.114520][ T6283] bridge0: entered allmulticast mode
[   92.212695][ T6296] netlink: 'syz.4.146': attribute type 10 has an invalid length.
[   92.259635][ T6296] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.267038][ T6296] bridge0: port 2(bridge_slave_1) entered listening state
[   92.275058][ T6296] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.282227][ T6296] bridge0: port 1(bridge_slave_0) entered listening state
[   92.390577][ T6296] bond0: (slave bridge0): Enslaving as an active interface with an up link
[   93.156884][ T6330] netlink: 16 bytes leftover after parsing attributes in process `syz.3.162'.
[   93.265446][ T6338] netlink: 508 bytes leftover after parsing attributes in process `syz.4.166'.
[   94.741386][ T6397] Zero length message leads to an empty skb
[   94.757526][ T6397] bridge_slave_1: left allmulticast mode
[   94.763206][ T6397] bridge_slave_1: left promiscuous mode
[   94.781447][ T6397] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.822475][ T6397] bridge_slave_0: left allmulticast mode
[   94.829010][ T6397] bridge_slave_0: left promiscuous mode
[   94.839126][ T6403] netlink: 4 bytes leftover after parsing attributes in process `syz.0.197'.
[   94.856828][ T6397] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.135643][ T6413] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[   95.164511][ T6413] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   95.784470][ T6441] netlink: 8 bytes leftover after parsing attributes in process `syz.3.215'.
[   95.820604][ T6443] team0: Device ipvlan1 failed to register rx_handler
[   96.077353][ T6449] tipc: Started in network mode
[   96.110466][ T6449] tipc: Node identity 9e415518476a, cluster identity 4711
[   96.136914][ T6449] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   96.191307][ T6458] syzkaller0: entered promiscuous mode
[   96.214001][ T6458] syzkaller0: entered allmulticast mode
[   96.362997][ T6464] tipc: Resetting bearer <eth:syzkaller0>
[   96.398943][ T6448] tipc: Resetting bearer <eth:syzkaller0>
[   96.460738][ T6448] tipc: Disabling bearer <eth:syzkaller0>
[   96.505777][ T6476] netlink: 8 bytes leftover after parsing attributes in process `syz.2.231'.
[   96.619506][ T6479] syz.1.233 uses obsolete (PF_INET,SOCK_PACKET)
[   96.947082][ T6485] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.954401][ T6485] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.281496][ T6485] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   97.327852][ T6485] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.686564][ T4791] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.719011][ T4791] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.767187][ T4791] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.785015][   T76] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   98.635490][ T6556] netlink: 64 bytes leftover after parsing attributes in process `syz.2.270'.
[   98.670507][ T6560] netlink: 16 bytes leftover after parsing attributes in process `syz.3.272'.
[   98.836951][ T6564] netlink: 8 bytes leftover after parsing attributes in process `syz.2.275'.
[   99.277921][ T6589] netlink: 28 bytes leftover after parsing attributes in process `syz.4.285'.
[   99.296175][ T6588] netlink: 16 bytes leftover after parsing attributes in process `syz.2.286'.
[   99.299306][ T6589] netlink: 8 bytes leftover after parsing attributes in process `syz.4.285'.
[   99.454599][ T6589] netlink: 'syz.4.285': attribute type 10 has an invalid length.
[   99.462526][ T6589] bridge0: port 3(team0) entered blocking state
[   99.504162][ T6589] bridge0: port 3(team0) entered disabled state
[   99.520412][ T6589] team0: entered allmulticast mode
[   99.546689][ T6589] team_slave_0: entered allmulticast mode
[   99.574504][ T6589] team_slave_1: entered allmulticast mode
[   99.610235][ T6589] team0: entered promiscuous mode
[   99.637136][ T6589] team_slave_0: entered promiscuous mode
[   99.653917][ T6589] team_slave_1: entered promiscuous mode
[   99.812527][ T6612] netlink: 'syz.4.296': attribute type 1 has an invalid length.
[   99.836090][ T6612] netlink: 172 bytes leftover after parsing attributes in process `syz.4.296'.
[   99.880325][ T6612] netlink: 4 bytes leftover after parsing attributes in process `syz.4.296'.
[  102.638231][ T6748] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  102.683722][ T6748] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  102.709367][ T6748] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  102.829754][ T3489] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2
[  103.014490][ T6764] ==================================================================
[  103.033236][ T6764] BUG: KASAN: slab-use-after-free in tcp_prune_ofo_queue+0x37e/0x6e0
[  103.041309][ T6764] Read of size 4 at addr ffff888078525850 by task syz.3.366/6764
[  103.049026][ T6764] 
[  103.051363][ T6764] CPU: 0 UID: 0 PID: 6764 Comm: syz.3.366 Not tainted 6.16.0-rc5-syzkaller-01444-g55e8757c6962 #0 PREEMPT(full) 
[  103.051382][ T6764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  103.051396][ T6764] Call Trace:
[  103.051408][ T6764]  <TASK>
[  103.051415][ T6764]  dump_stack_lvl+0x189/0x250
[  103.051435][ T6764]  ? rcu_is_watching+0x15/0xb0
[  103.051451][ T6764]  ? __kasan_check_byte+0x12/0x40
[  103.051468][ T6764]  ? __pfx_dump_stack_lvl+0x10/0x10
[  103.051482][ T6764]  ? rcu_is_watching+0x15/0xb0
[  103.051497][ T6764]  ? lock_release+0x4b/0x3e0
[  103.051511][ T6764]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  103.051527][ T6764]  ? __virt_addr_valid+0x1c8/0x5c0
[  103.051543][ T6764]  ? __virt_addr_valid+0x4a5/0x5c0
[  103.051559][ T6764]  print_report+0xd2/0x2b0
[  103.051573][ T6764]  ? tcp_prune_ofo_queue+0x37e/0x6e0
[  103.051588][ T6764]  kasan_report+0x118/0x150
[  103.051603][ T6764]  ? tcp_prune_ofo_queue+0x37e/0x6e0
[  103.051621][ T6764]  tcp_prune_ofo_queue+0x37e/0x6e0
[  103.051641][ T6764]  tcp_try_rmem_schedule+0xb6b/0x1830
[  103.051663][ T6764]  tcp_data_queue+0x4e3/0x6380
[  103.051685][ T6764]  ? __pfx_tcp_data_queue+0x10/0x10
[  103.051699][ T6764]  ? __pfx_tcp_urg+0x10/0x10
[  103.051712][ T6764]  ? read_tsc+0x9/0x20
[  103.051726][ T6764]  tcp_rcv_established+0xf9e/0x1eb0
[  103.051741][ T6764]  ? rt_is_expired+0x1c/0x2d0
[  103.051762][ T6764]  ? __pfx_tcp_rcv_established+0x10/0x10
[  103.051774][ T6764]  ? rt_is_expired+0x1c/0x2d0
[  103.051790][ T6764]  ? rt_is_expired+0x1c/0x2d0
[  103.051807][ T6764]  ? rt_is_expired+0x250/0x2d0
[  103.051823][ T6764]  ? __pfx_ipv4_dst_check+0x10/0x10
[  103.051840][ T6764]  ? __pfx_ipv4_dst_check+0x10/0x10
[  103.051858][ T6764]  tcp_v4_do_rcv+0xa23/0xce0
[  103.051876][ T6764]  ? __pfx_tcp_v4_do_rcv+0x10/0x10
[  103.051891][ T6764]  __release_sock+0x21c/0x350
[  103.051908][ T6764]  release_sock+0x5f/0x1f0
[  103.051924][ T6764]  tcp_sendmsg+0x39/0x50
[  103.051939][ T6764]  __sock_sendmsg+0x19c/0x270
[  103.051954][ T6764]  __sys_sendto+0x3bd/0x520
[  103.051971][ T6764]  ? __pfx___sys_sendto+0x10/0x10
[  103.051986][ T6764]  ? do_futex+0x395/0x420
[  103.052014][ T6764]  ? rcu_is_watching+0x15/0xb0
[  103.052029][ T6764]  __x64_sys_sendto+0xde/0x100
[  103.052047][ T6764]  do_syscall_64+0xfa/0x3b0
[  103.052063][ T6764]  ? lockdep_hardirqs_on+0x9c/0x150
[  103.052078][ T6764]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.052091][ T6764]  ? clear_bhb_loop+0x60/0xb0
[  103.052105][ T6764]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.052118][ T6764] RIP: 0033:0x7f48ca38e929
[  103.052135][ T6764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.052147][ T6764] RSP: 002b:00007f48cb18f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  103.052162][ T6764] RAX: ffffffffffffffda RBX: 00007f48ca5b5fa0 RCX: 00007f48ca38e929
[  103.052172][ T6764] RDX: 000000000000059a RSI: 0000200000000580 RDI: 0000000000000003
[  103.052182][ T6764] RBP: 00007f48ca410b39 R08: 0000000000000000 R09: 0000000000000000
[  103.052190][ T6764] R10: 0000000010008095 R11: 0000000000000246 R12: 0000000000000000
[  103.052199][ T6764] R13: 0000000000000000 R14: 00007f48ca5b5fa0 R15: 00007ffedf9b05f8
[  103.052215][ T6764]  </TASK>
[  103.052220][ T6764] 
[  103.366717][ T6764] Allocated by task 6764:
[  103.371025][ T6764]  kasan_save_track+0x3e/0x80
[  103.375686][ T6764]  __kasan_slab_alloc+0x6c/0x80
[  103.380519][ T6764]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  103.386394][ T6764]  __alloc_skb+0x112/0x2d0
[  103.390796][ T6764]  tcp_stream_alloc_skb+0x3d/0x340
[  103.395888][ T6764]  tcp_write_xmit+0xeec/0x67f0
[  103.400638][ T6764]  __tcp_push_pending_frames+0x97/0x360
[  103.406168][ T6764]  tcp_rcv_established+0x1012/0x1eb0
[  103.411435][ T6764]  tcp_v4_do_rcv+0xa23/0xce0
[  103.416007][ T6764]  __release_sock+0x21c/0x350
[  103.420664][ T6764]  release_sock+0x5f/0x1f0
[  103.425064][ T6764]  tcp_sendmsg+0x39/0x50
[  103.429293][ T6764]  __sock_sendmsg+0x19c/0x270
[  103.433951][ T6764]  __sys_sendto+0x3bd/0x520
[  103.438439][ T6764]  __x64_sys_sendto+0xde/0x100
[  103.443186][ T6764]  do_syscall_64+0xfa/0x3b0
[  103.447676][ T6764]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.453549][ T6764] 
[  103.455853][ T6764] Freed by task 6764:
[  103.459809][ T6764]  kasan_save_track+0x3e/0x80
[  103.464469][ T6764]  kasan_save_free_info+0x46/0x50
[  103.469477][ T6764]  __kasan_slab_free+0x62/0x70
[  103.474222][ T6764]  kmem_cache_free+0x18f/0x400
[  103.478970][ T6764]  tcp_prune_ofo_queue+0x198/0x6e0
[  103.484065][ T6764]  tcp_try_rmem_schedule+0xb6b/0x1830
[  103.489419][ T6764]  tcp_data_queue+0x4e3/0x6380
[  103.494165][ T6764]  tcp_rcv_established+0xf9e/0x1eb0
[  103.499349][ T6764]  tcp_v4_do_rcv+0xa23/0xce0
[  103.503930][ T6764]  __release_sock+0x21c/0x350
[  103.508590][ T6764]  release_sock+0x5f/0x1f0
[  103.512988][ T6764]  tcp_sendmsg+0x39/0x50
[  103.517212][ T6764]  __sock_sendmsg+0x19c/0x270
[  103.521872][ T6764]  __sys_sendto+0x3bd/0x520
[  103.526363][ T6764]  __x64_sys_sendto+0xde/0x100
[  103.531115][ T6764]  do_syscall_64+0xfa/0x3b0
[  103.535601][ T6764]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.541475][ T6764] 
[  103.543784][ T6764] The buggy address belongs to the object at ffff888078525680
[  103.543784][ T6764]  which belongs to the cache skbuff_fclone_cache of size 488
[  103.558515][ T6764] The buggy address is located 464 bytes inside of
[  103.558515][ T6764]  freed 488-byte region [ffff888078525680, ffff888078525868)
[  103.572299][ T6764] 
[  103.574617][ T6764] The buggy address belongs to the physical page:
[  103.581021][ T6764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78524
[  103.589790][ T6764] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  103.598282][ T6764] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  103.606272][ T6764] page_type: f5(slab)
[  103.610254][ T6764] raw: 00fff00000000040 ffff88801def4b40 0000000000000000 dead000000000001
[  103.618828][ T6764] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000
[  103.627401][ T6764] head: 00fff00000000040 ffff88801def4b40 0000000000000000 dead000000000001
[  103.636071][ T6764] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000
[  103.644736][ T6764] head: 00fff00000000001 ffffea0001e14901 00000000ffffffff 00000000ffffffff
[  103.653393][ T6764] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  103.662042][ T6764] page dumped because: kasan: bad access detected
[  103.668443][ T6764] page_owner tracks the page as allocated
[  103.674135][ T6764] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5834, tgid 5834 (syz-executor), ts 73803989104, free_ts 22244608176
[  103.695562][ T6764]  post_alloc_hook+0x240/0x2a0
[  103.700321][ T6764]  get_page_from_freelist+0x21e4/0x22c0
[  103.705865][ T6764]  __alloc_frozen_pages_noprof+0x181/0x370
[  103.711659][ T6764]  alloc_pages_mpol+0x232/0x4a0
[  103.716491][ T6764]  allocate_slab+0x8a/0x3b0
[  103.720980][ T6764]  ___slab_alloc+0xbfc/0x1480
[  103.725640][ T6764]  kmem_cache_alloc_node_noprof+0x280/0x3c0
[  103.731516][ T6764]  __alloc_skb+0x112/0x2d0
[  103.735917][ T6764]  tcp_stream_alloc_skb+0x3d/0x340
[  103.741014][ T6764]  tcp_sendmsg_locked+0xefc/0x56d0
[  103.746107][ T6764]  tcp_sendmsg+0x2f/0x50
[  103.750422][ T6764]  __sock_sendmsg+0x19c/0x270
[  103.755085][ T6764]  sock_write_iter+0x258/0x330
[  103.759830][ T6764]  vfs_write+0x54b/0xa90
[  103.764063][ T6764]  ksys_write+0x145/0x250
[  103.768399][ T6764]  do_syscall_64+0xfa/0x3b0
[  103.772911][ T6764] page last free pid 1 tgid 1 stack trace:
[  103.778703][ T6764]  __free_frozen_pages+0xc71/0xe70
[  103.783809][ T6764]  free_contig_range+0x1bd/0x4a0
[  103.788730][ T6764]  destroy_args+0x7e/0x5d0
[  103.793133][ T6764]  debug_vm_pgtable+0x412/0x450
[  103.797978][ T6764]  do_one_initcall+0x233/0x820
[  103.802747][ T6764]  do_initcall_level+0x137/0x1f0
[  103.807681][ T6764]  do_initcalls+0x69/0xd0
[  103.812000][ T6764]  kernel_init_freeable+0x3d9/0x570
[  103.817192][ T6764]  kernel_init+0x1d/0x1d0
[  103.821516][ T6764]  ret_from_fork+0x3fc/0x770
[  103.826097][ T6764]  ret_from_fork_asm+0x1a/0x30
[  103.830854][ T6764] 
[  103.833166][ T6764] Memory state around the buggy address:
[  103.838781][ T6764]  ffff888078525700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  103.846828][ T6764]  ffff888078525780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  103.854871][ T6764] >ffff888078525800: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[  103.862911][ T6764]                                                  ^
[  103.869561][ T6764]  ffff888078525880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  103.877603][ T6764]  ffff888078525900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  103.885644][ T6764] ==================================================================
[  103.928594][ T6764] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  103.935820][ T6764] CPU: 0 UID: 0 PID: 6764 Comm: syz.3.366 Not tainted 6.16.0-rc5-syzkaller-01444-g55e8757c6962 #0 PREEMPT(full) 
[  103.947712][ T6764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  103.957779][ T6764] Call Trace:
[  103.961045][ T6764]  <TASK>
[  103.963968][ T6764]  dump_stack_lvl+0x99/0x250
[  103.968545][ T6764]  ? __asan_memcpy+0x40/0x70
[  103.973120][ T6764]  ? __pfx_dump_stack_lvl+0x10/0x10
[  103.978301][ T6764]  ? __pfx__printk+0x10/0x10
[  103.982881][ T6764]  panic+0x2db/0x790
[  103.986764][ T6764]  ? __pfx_preempt_schedule+0x10/0x10
[  103.992125][ T6764]  ? __pfx_panic+0x10/0x10
[  103.996529][ T6764]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  104.002406][ T6764]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  104.008736][ T6764]  ? tcp_prune_ofo_queue+0x37e/0x6e0
[  104.014056][ T6764]  check_panic_on_warn+0x89/0xb0
[  104.018995][ T6764]  ? tcp_prune_ofo_queue+0x37e/0x6e0
[  104.024267][ T6764]  end_report+0x78/0x160
[  104.028499][ T6764]  kasan_report+0x129/0x150
[  104.032990][ T6764]  ? tcp_prune_ofo_queue+0x37e/0x6e0
[  104.038263][ T6764]  tcp_prune_ofo_queue+0x37e/0x6e0
[  104.043406][ T6764]  tcp_try_rmem_schedule+0xb6b/0x1830
[  104.048769][ T6764]  tcp_data_queue+0x4e3/0x6380
[  104.053526][ T6764]  ? __pfx_tcp_data_queue+0x10/0x10
[  104.058706][ T6764]  ? __pfx_tcp_urg+0x10/0x10
[  104.063365][ T6764]  ? read_tsc+0x9/0x20
[  104.067434][ T6764]  tcp_rcv_established+0xf9e/0x1eb0
[  104.072618][ T6764]  ? rt_is_expired+0x1c/0x2d0
[  104.077287][ T6764]  ? __pfx_tcp_rcv_established+0x10/0x10
[  104.082901][ T6764]  ? rt_is_expired+0x1c/0x2d0
[  104.087565][ T6764]  ? rt_is_expired+0x1c/0x2d0
[  104.092230][ T6764]  ? rt_is_expired+0x250/0x2d0
[  104.096983][ T6764]  ? __pfx_ipv4_dst_check+0x10/0x10
[  104.102173][ T6764]  ? __pfx_ipv4_dst_check+0x10/0x10
[  104.107359][ T6764]  tcp_v4_do_rcv+0xa23/0xce0
[  104.111938][ T6764]  ? __pfx_tcp_v4_do_rcv+0x10/0x10
[  104.117035][ T6764]  __release_sock+0x21c/0x350
[  104.121701][ T6764]  release_sock+0x5f/0x1f0
[  104.126104][ T6764]  tcp_sendmsg+0x39/0x50
[  104.130330][ T6764]  __sock_sendmsg+0x19c/0x270
[  104.134992][ T6764]  __sys_sendto+0x3bd/0x520
[  104.139487][ T6764]  ? __pfx___sys_sendto+0x10/0x10
[  104.144498][ T6764]  ? do_futex+0x395/0x420
[  104.148827][ T6764]  ? rcu_is_watching+0x15/0xb0
[  104.153578][ T6764]  __x64_sys_sendto+0xde/0x100
[  104.158331][ T6764]  do_syscall_64+0xfa/0x3b0
[  104.162820][ T6764]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.168005][ T6764]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.174054][ T6764]  ? clear_bhb_loop+0x60/0xb0
[  104.178713][ T6764]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.184588][ T6764] RIP: 0033:0x7f48ca38e929
[  104.188987][ T6764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.208574][ T6764] RSP: 002b:00007f48cb18f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  104.216982][ T6764] RAX: ffffffffffffffda RBX: 00007f48ca5b5fa0 RCX: 00007f48ca38e929
[  104.224942][ T6764] RDX: 000000000000059a RSI: 0000200000000580 RDI: 0000000000000003
[  104.232899][ T6764] RBP: 00007f48ca410b39 R08: 0000000000000000 R09: 0000000000000000
[  104.240852][ T6764] R10: 0000000010008095 R11: 0000000000000246 R12: 0000000000000000
[  104.248893][ T6764] R13: 0000000000000000 R14: 00007f48ca5b5fa0 R15: 00007ffedf9b05f8
[  104.256860][ T6764]  </TASK>
[  104.260092][ T6764] Kernel Offset: disabled
[  104.264395][ T6764] Rebooting in 86400 seconds..