last executing test programs:

24.834802679s ago: executing program 4 (id=5):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r2, r3, 0x2, 0x2, 0x0, @void, @value}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r1, r4, 0x2, 0x0, 0x0, @void, @value}, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000200), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, r5, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0x1c, 0xc, 0x0, 0x1, [{0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xab1}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}]}, 0x48}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$unix(0x1, 0x2, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)={0x34, 0x3, 0x1, 0x301, 0x0, 0x0, {0x5, 0x0, 0x3}, [@CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x561d}, @CTA_MARK_MASK={0x8}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x44, r8, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r11)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000854000001700000085000000d000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r11, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)

23.993463473s ago: executing program 4 (id=14):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940))
r0 = socket$l2tp(0x2, 0x2, 0x73)
recvfrom$l2tp(r0, &(0x7f0000000000)=""/27, 0x1b, 0x4000, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
unshare(0x42000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8010, 0xffffffffffffffff, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r4, 0x731, 0x0, 0x0, {0x38}}, 0x14}, 0x1, 0x2}, 0x0)
writev(r2, &(0x7f00000006c0)=[{&(0x7f0000000280)='v', 0x1}], 0x1)
unshare(0x2000400)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/net\x00')
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_sctp(0x2, 0x5, 0x84)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xf000000, &(0x7f00000003c0)={&(0x7f0000000400)={0x2c, 0xb, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000200)={'ip6_vti0\x00', &(0x7f0000000640)={'syztnl1\x00', <r7=>0x0, 0x29, 0xfe, 0x4, 0x0, 0x22, @private1, @remote, 0x10, 0x10, 0x3, 0x6}})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000d40)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001840), 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000800)=@bpf_lsm={0x1d, 0xf, &(0x7f0000000340)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0xe4, 0x0, 0x0, 0x0, 0x7}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @generic={0x4, 0xf, 0x4, 0x7, 0x1}, @call={0x85, 0x0, 0x0, 0xa3}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}, @cb_func={0x18, 0xb, 0x4, 0x0, 0x2}], &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x76, &(0x7f00000005c0)=""/118, 0xc0f00, 0x9, '\x00', r7, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000700)={0x4, 0xe, 0x7, 0x7}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000740)=[0x1, r1, r2, r2, r1, r2], &(0x7f0000000780)=[{0x1, 0x5, 0x10, 0xb}, {0x1, 0x5, 0xd}, {0x2, 0x5, 0xa, 0x2}, {0x1, 0x2, 0x6}, {0x4, 0x1, 0xd, 0x6}, {0x3, 0x3, 0x0, 0x1}, {0x2, 0x1, 0xc, 0x4}], 0x10, 0x8, @void, @value}, 0x94)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_FD={0x8, 0x1c, r6}]}, 0x3c}}, 0x0)

23.233810984s ago: executing program 4 (id=17):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
unshare(0x28000600)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f00000001c0), 0x2, 0x0)
read(r1, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400f2951000290400000000fbdbdf25000000fb", @ANYRES32=r4, @ANYBLOB="000200000100000024001280110001006272696467655f736c617665000000000c0005800500090000000000"], 0x44}}, 0x2)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)={0x40, 0x39, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='\x05G'}]}, @typed={0x14, 0x2, 0x0, 0x0, @ipv6=@loopback}, @nested={0x8, 0x7, 0x0, 0x1, [@typed={0x4}]}]}, 0x40}}, 0x0)
listen(r5, 0x0)
r7 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000200)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, &(0x7f0000000200)=ANY=[@ANYBLOB="850000006c1700"/16], &(0x7f00000008c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000014c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xfff3}, {}, {0x1c}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0xfffffffffffffee3, 0x4, 0xa}]}}]}, 0x38}}, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0)
setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r10, 0x1, 0xf, &(0x7f0000000340)=0x800003, 0xffffffca)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r11, 0x8933, &(0x7f0000000100))
r12 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r12, 0x209}, 0x14}}, 0x0)

10.08118399s ago: executing program 4 (id=17):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
unshare(0x28000600)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f00000001c0), 0x2, 0x0)
read(r1, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400f2951000290400000000fbdbdf25000000fb", @ANYRES32=r4, @ANYBLOB="000200000100000024001280110001006272696467655f736c617665000000000c0005800500090000000000"], 0x44}}, 0x2)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)={0x40, 0x39, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='\x05G'}]}, @typed={0x14, 0x2, 0x0, 0x0, @ipv6=@loopback}, @nested={0x8, 0x7, 0x0, 0x1, [@typed={0x4}]}]}, 0x40}}, 0x0)
listen(r5, 0x0)
r7 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000200)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, &(0x7f0000000200)=ANY=[@ANYBLOB="850000006c1700"/16], &(0x7f00000008c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000014c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xfff3}, {}, {0x1c}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0xfffffffffffffee3, 0x4, 0xa}]}}]}, 0x38}}, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0)
setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r10, 0x1, 0xf, &(0x7f0000000340)=0x800003, 0xffffffca)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r11, 0x8933, &(0x7f0000000100))
r12 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r12, 0x209}, 0x14}}, 0x0)

4.052942601s ago: executing program 3 (id=162):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00'})
recvmmsg$unix(r0, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) (async)
recvmmsg$unix(r0, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) (async)
connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)

3.834255458s ago: executing program 3 (id=166):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000380)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='btrfs_transaction_commit\x00', r0}, 0x18)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
pwritev(r1, 0x0, 0x0, 0x0, 0x0)

3.713779013s ago: executing program 3 (id=168):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x6}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_AF_SPEC={0x4}]}, 0x3c}}, 0x0) (async)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$pppoe(0x18, 0x1, 0x0)
ioctl$PPPIOCSFLAGS(r3, 0xb101, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="340000003b0007010000000000000000047c0000040000000c00018006000600800a000010000280040014"], 0x34}}, 0xc000) (async)
sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="020500030e000000000000000000000005000600000000000a00000000000000ff01000000000000000000000000000100000000000000000200010000000000000000000000000005000500000000000a00000000000000fe80000000000000000000000000003a0000000000000000fc3097c0eff7d57092d57390f1fd33c7ae4c937524e1df"], 0x70}, 0x1, 0x7}, 0x0) (async, rerun: 32)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0) (rerun: 32)
setsockopt$sock_int(r4, 0x1, 0xa, &(0x7f0000000140)=0x9d, 0x4) (async)
recvmmsg(r4, &(0x7f0000001300)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40010041, 0x0) (async, rerun: 64)
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r1, 0x8010661b, &(0x7f0000000140)) (rerun: 64)

3.352032965s ago: executing program 3 (id=172):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_RELOAD_REGDB(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x200, 0x70bd2d, 0x25dfdbfe, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4004)
r2 = socket$inet6(0xa, 0x4, 0xa53)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_INTERFACE(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20040)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r2, 0x29, 0x44, &(0x7f0000000280)={'HL\x00'}, &(0x7f00000002c0)=0x1e) (async, rerun: 32)
r4 = socket$xdp(0x2c, 0x3, 0x0) (rerun: 32)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000003c0)={&(0x7f0000000300)=""/131, 0x31e000, 0x1000, 0x3}, 0x20) (async, rerun: 32)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000400)={0x0, 0x0, 0x3, [0xf, 0x6c, 0xd]}, 0xe) (async, rerun: 32)
r5 = socket$caif_stream(0x25, 0x1, 0x5)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000440)={'veth0_macvtap\x00', <r6=>0x0}) (async, rerun: 32)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 32)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r7, 0x10e, 0x4, &(0x7f0000000480)=0x1000, 0x4) (async)
socket$inet6_udplite(0xa, 0x2, 0x88)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$NFC_CMD_GET_SE(r8, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r9, 0x10, 0x70bd25, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008885) (async)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r0, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x5c, r1, 0x800, 0x70bd2b, 0x9, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_NAN_FUNC={0x40, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_FOLLOW_UP_DEST={0xa}, @NL80211_NAN_FUNC_TERM_REASON={0x5, 0x10, 0xb}, @NL80211_NAN_FUNC_SERVICE_INFO={0xe, 0xb, "190398a0af1d70bf099d"}, @NL80211_NAN_FUNC_TYPE={0x5, 0x1, 0x1}, @NL80211_NAN_FUNC_FOLLOW_UP_DEST={0xa, 0x8, @broadcast}, @NL80211_NAN_FUNC_PUBLISH_BCAST={0x4}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4040090}, 0x24000041) (async)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000880)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000840)={&(0x7f0000000780)=@mpls_delroute={0xa8, 0x19, 0x200, 0x70bd27, 0x25dfdbfd, {0x1c, 0x20, 0x80, 0x0, 0xfc, 0x0, 0xff, 0x4, 0x1000}, [@RTA_NEWDST={0x84, 0x13, [{0x661f, 0x0, 0x1}, {0x5b9c}, {0x1ff, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x5, 0x0, 0x1}, {0x1000}, {0x40}, {0x4}, {0x6, 0x0, 0x1}, {0x3}, {0xfc, 0x0, 0x1}, {0x2ebf}, {0x3}, {0x2e}, {0xffff, 0x0, 0x1}, {0x7}, {0x80}, {0x81, 0x0, 0x1}, {0x8, 0x0, 0x1}, {0x5}, {0x0, 0x0, 0x1}, {0x8, 0x0, 0x1}, {0x77a, 0x0, 0x1}, {0x3}, {0x6}, {0x3, 0x0, 0x1}, {0x4}, {0x9}, {0x8}, {0x5}, {0xa}, {0xac1c}]}, @RTA_OIF={0x8, 0x4, r6}]}, 0xa8}, 0x1, 0x0, 0x0, 0x20004050}, 0x20000040)
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
r11 = accept$unix(r5, &(0x7f00000008c0)=@abs, &(0x7f0000000940)=0x6e)
bind$unix(r11, &(0x7f0000000980)=@abs={0x1, 0x0, 0x4e21}, 0x6e) (async)
r12 = accept4$x25(0xffffffffffffffff, &(0x7f0000000a00), &(0x7f0000000a40)=0x12, 0x0)
recvfrom$x25(r12, &(0x7f0000000a80)=""/153, 0x99, 0x2101, &(0x7f0000000b40), 0x12) (async, rerun: 64)
r13 = openat$cgroup_root(0xffffff9c, &(0x7f0000000b80)='./cgroup/syz0\x00', 0x200002, 0x0) (rerun: 64)
r14 = openat$cgroup_ro(r13, &(0x7f0000000bc0)='rdma.current\x00', 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r14, &(0x7f0000000cc0)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x30, 0x2, 0x6, 0x500, 0x0, 0x0, {0x5, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async)
socket$unix(0x1, 0x5, 0x0)

2.293871298s ago: executing program 1 (id=182):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x11, &(0x7f0000000280)=0x3fa8, 0x4)
recvmmsg(r0, &(0x7f0000001c00)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x40010020, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$kcm(0x2a, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000001d00)=@qipcrtr, 0x80, 0x0}, 0x0)
sendmsg$kcm(r3, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)={'team0\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_sco(r6, &(0x7f0000000040), 0x8)
shutdown(r6, 0x0)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r7, &(0x7f00000001c0)={0x1f, @none}, 0x8)
r8 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$sock_int(r8, 0x1, 0x10, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x25, &(0x7f0000000000)=0x24d2, 0x4)
write(r8, &(0x7f0000000180)="b1f6a4e6086771339298ff93c614cda94476d7b36598b8cb08591ffc2467faa14eba6144e8129396", 0x28)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00006841420e39bebae08c6c9dae16dde5076dc835ac0ebdd9c8001000010000000000000000001000000008e563c1", @ANYRES32=0x0, @ANYBLOB="0221000000000000140003007767320000000000000000000000000008000a00", @ANYRES32=r4, @ANYBLOB], 0x3c}}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000240)=ANY=[@ANYRESOCT=r0, @ANYRES32=r9, @ANYRES16=r9], 0x28}, 0x1, 0x0, 0x0, 0x881}, 0x810)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="340000001000010400f924153cae64c75dfcff0900000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800c0001006d6163767461700004000280", @ANYRES64=r0], 0x34}}, 0x0)

2.201412237s ago: executing program 2 (id=183):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="1802000000850000002c0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000d19516e22b7f176d4b8bdf53083b759db8e3a3dcc076c7bbde5bf3cd98390c216edba8bbd65228887ea5e1aa06c6464aa93ac6176243418976278829aceccd08e420f23152f9b4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r0, 0x0, 0xe, 0x0, &(0x7f00000001c0)="348b0d151f8218e3c73697e40800", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="84000000000101040000000000000000020000002400018014000180080001000000000008000200ac1414000c0002800500010000000000240002800c000280"], 0x84}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e000000080000000000180003801400038010000180040003000800"], 0x44}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="1802000000850000002c0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000d19516e22b7f176d4b8bdf53083b759db8e3a3dcc076c7bbde5bf3cd98390c216edba8bbd65228887ea5e1aa06c6464aa93ac6176243418976278829aceccd08e420f23152f9b4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r0, 0x0, 0xe, 0x0, &(0x7f00000001c0)="348b0d151f8218e3c73697e40800", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) (async)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="84000000000101040000000000000000020000002400018014000180080001000000000008000200ac1414000c0002800500010000000000240002800c000280"], 0x84}}, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) (async)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e000000080000000000180003801400038010000180040003000800"], 0x44}}, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)

1.841437888s ago: executing program 2 (id=186):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="e900", 0x2}], 0x1, &(0x7f00000006c0)=[{0x10, 0x1, 0x31}], 0x10}}], 0x1, 0x4008004) (async)
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) (async)
ioctl(0xffffffffffffffff, 0x7fffffff, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0xfffd}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x32658aeb}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x88}}, 0x0) (async, rerun: 64)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) (rerun: 64)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async, rerun: 64)
r3 = socket$kcm(0x2, 0xa, 0x2) (rerun: 64)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async)
write$tun(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000004000000060ec97000fc83c00fe8000000000000000000000000000aaff020000000000000000000000000001"], 0xffe)

1.840722026s ago: executing program 0 (id=187):
connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e22, @broadcast}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000040)
r0 = socket$inet6(0xa, 0x4, 0x5)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
syz_emit_ethernet(0x46, &(0x7f0000000140)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x10, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, @local, {[], {0x0, 0xe22, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r2, 0x10d, 0xb4, &(0x7f0000000000), &(0x7f0000000080)=0x4)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NLBL_MGMT_C_LISTDEF(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r3, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast1}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x1}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_CLPDOI={0x8}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x200080d0)

1.644455894s ago: executing program 0 (id=188):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'hsr0\x00', <r2=>0x0}) (async, rerun: 32)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff}) (rerun: 32)
getsockopt$sock_buf(r3, 0x1, 0x1f, &(0x7f0000002a00)=""/4096, &(0x7f0000000180)=0x1000) (async, rerun: 32)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r4=>0x0}) (rerun: 32)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x48, 0x10, 0x401, 0x3, 0x0, {0x0, 0x0, 0x0, 0x0, 0x50243}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_HSR_MULTICAST_SPEC={0x5, 0x3, 0x6}, @IFLA_HSR_SLAVE1={0x8, 0x1, r2}, @IFLA_HSR_SLAVE2={0x8, 0x2, r4}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4048001}, 0x0)

1.513568698s ago: executing program 3 (id=189):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000080000850000002200000085000000a000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000c00)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000140)=0x7, 0x4)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001440)=@newtaction={0x44c, 0x31, 0x1, 0x0, 0x0, {}, [{0x438, 0x1, [@m_police={0x434, 0x0, 0x0, 0x0, {{0xb}, {0x408, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaf, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1d9d5eb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x3, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x820, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80400001]}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'lo\x00', <r8=>0x0})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x34, r10, 0x1, 0x0, 0x0, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r8, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000fcffffff00000000000000008500000041000000850000000500000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r12 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r12, &(0x7f0000000100)={0x1f, 0x0, @none}, 0xe)
r13 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r13, &(0x7f0000000000)={0x1f, 0x1001, @none}, 0xe)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r11, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
r14 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240)={r14}, 0x57)
r15 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r15, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="600000001000410400"/20, @ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00ffffffffff"], 0x6c}}, 0x2404c844)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

1.273285347s ago: executing program 0 (id=190):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x80, 0x80, 0x7, [@const={0x0, 0x0, 0x0, 0xa, 0x2}, @volatile={0xa, 0x0, 0x0, 0x9, 0x3}, @union={0xa, 0x2, 0x0, 0x5, 0x1, 0x2, [{0x9, 0x0, 0xf}, {0x7, 0x4, 0x7}]}, @int={0x4, 0x0, 0x0, 0x1, 0x0, 0x56, 0x0, 0x79, 0x6}, @restrict={0x4, 0x0, 0x0, 0xb, 0x2}, @var={0x3, 0x0, 0x0, 0xe, 0x5}, @volatile={0x3, 0x0, 0x0, 0x9, 0x4}, @const={0xb, 0x0, 0x0, 0xa, 0x2}]}, {0x0, [0x61, 0x0, 0x61, 0x5f, 0x2e]}}, &(0x7f00000002c0)=""/249, 0x9f, 0xf9, 0x0, 0x2, 0x10000, @value}, 0x28)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r2, 0x0, 0xd1, &(0x7f0000000000)=0x3, 0x4)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000200), &(0x7f0000000280)=0x8)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r3, &(0x7f00000001c0)="c2", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
sendto$inet6(r3, &(0x7f0000007100)="06", 0x1, 0x0, &(0x7f0000000340)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
shutdown(r3, 0x1)
r4 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x6d, &(0x7f0000000640)={r5}, &(0x7f0000000180)=0x8)
setsockopt$MRT_INIT(r2, 0x0, 0xc8, &(0x7f0000000040), 0x4)
setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000480)={0xffff, 0x4, 0x3f, 0x9, @vifc_lcl_ifindex, @private=0xa010101}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000740)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f00000010c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001080)={&(0x7f0000000780)=ANY=[@ANYBLOB="c8080000", @ANYRES16=0x0, @ANYBLOB="020029bd7000ffdbdf250600000008000300", @ANYRES32=r6, @ANYBLOB="0c009900080000005300000070015a80e80001804b000200474750342e2e1f0d262232143c051b18255039104e2f57061e3b201036010a090a343515251c384f391849461d5650352f17344b184b3b1308000f2d364a2c0620171b20284a31000500060001000000230002000c1d3e54240c394e541d2f104f1721294715530a3c28062e30342d0737110f000a00010009306c2d1b60000005000700020000001e0002001145544a211542492c402d0a1f43111f2d291a0936501140014e0000140001004824061b362a180024010b4809360109210001000548160d0548301234794860010c1b120b1b6c1b02600e24180901020100000018000080140005000600060008000400230404000a0009002c000180120002002c4b211100470e233b041f471b550000140005007602010005000200fcff030005000c0040000180050004000000000005000400020000001400030000001b1cff7faf010b0002000300060005000400000000000500060002000000050004000100000038015a802c00038005000400000000000d0001000401600109061630360000000d000100061b60120bb86036010000000c0003800500070000000000fc000280220001000201091248126001031830180c16600c2403240104160b06004809603016000014000300090003000100050006000200f1fd03001c00020035220652463c293e1627463826300827525c28323548084305000400020000000500040000000000310002004619313a34482e21151e470e1e1f082f5407314a2838274f452e500931355746105005211f090c4b32181c01570000004a00020049093612034f241e4213254a1638063940550e1b41401e46342e4b090f001723314d001a3b3c43260110104f2b334a1b1915562f230008522f543a380e4d4c482f4810331c1d000013000100120330183909020b0009301233020900f8005a80400002803a0002000b0c1a26010133560734380a353d493327023920504c211b264f16383e564d0300192b080c213f31102b062334472f0d130f3545514800008800018028000200531405062932282f48162413302151541833190185144d4918250b3641133a012d3e523d05000400020000001700020031290208113b492211222a495125303049472a00050007000000000005000700010000001500020007100c2b4d4f260e3000231f002e3a0c56000000140003000b0000080400020000000b00010007002c000080140003000800810004000900030008000000010414000300070088a70000f7ff050000000300e100cc005a80bc000080410002003c014e323f1907090c003908492a4426122a3f02480b2001230e0b36062c41302c3b182d2f40025723490f420a1c1e2e111f1e110a020b50411d3813400000001b000100306b01120448010d24360118366030300c366c16d9306c00050004000000000005000700020000001e0002000e3c46321d2855442f0e40243a274a13042a2544102b2a055119000005000400000000000500070001000000170001003003601b03480448300136123604093616361b000c0001800500040001000000a0015a804c0002801e0001006c600918486c02240124140311023618180c0c361602161b1616000014000300000e0001080005007f00f004070001001400030004000600400002000600000006000008640001800f00010012050b0905241b181b061b00240001004805f31836300b5002306016090c16020b1b0c01060303600712126c4b06011215000200164417484057550404202b281e40401f44000000140005000600000033c124407a0a0800ff0108002c000280050006000200000005000400020000000500010005000000050004000000000005000600010000005c0000800500070000000000140005000f000000a70400f0090001000100070014000500080080000f00090001800a0003000b00140003002aac0900fffe190008000700070007001400050003000f0000020080050004000000040064000380140005000900f2ff0040020002003e0005004c0c05000700010000000500070001000000050004000000000031000200354f3e3c1116513726141a4a29321117301c531d350031221e2f363719512536261423431f230e36324d3d1d5700000024005a802000008014000300060001004c370200010081000000571305000600010000008c005a80340000802d0002002b224131192d20540b2902373f1d372f4a1042301e06074907210e2f103033541f450e2727364b5420000000540001802400010004300202181605090c0b006c0c482409371b1b3601180c16066c30166002307c1400030009000600c00c0100050001000000ff07050004000000000005000400010000000500040002000000e4015a80800001801400010002121824364816300b1b24050201181b140003003e0501000300ff0f5800000109000600140005007f000d00000100000800ff03179e0400140005000300010007004300000001040900000023000100090016050416186c09306c1b031b480c602a060c16601b0b03061660026c060005000600010000003c000180240001000b06020102003018016c06300336031601164809480b6c3602041624026c16301300010000011260241b0b30060b090104184800300002802b000200474e4813181d4925d94c2d0811054221502c2a0b4e2c0057360936141f1c292e074224154d2b06005000038014000500018003006297fcff010000010180080014000300a80a001000000500040007001b3351c405000400020000000500070000000000140003000100ff030900cf000f00050005008c1330000080050004000100000005000400010000000600010048020000140005000c00020004000300040000000700070074000280050006000000000005000400000000001400050004000002f8ff000400010000000002004a0002000c1f4f182d263145491f080107551025083e4627055705082101093801340f4a260517471f543e512947183730540e48031d19083d254f5757562957374f384f3a430f3e0a2c0000"], 0x8c8}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x5, &(0x7f0000001100)=ANY=[@ANYBLOB="180000000080075400000000825bda06185600000400000000004806000000009500000000000000aee1a34e40c791f2c2da08e94f2763e92d3218809a72a2de44f97b00d2f8"], &(0x7f0000000440)='GPL\x00', 0x5, 0xc, &(0x7f0000000500)=""/12, 0x41000, 0xb, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000540)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x1, 0x7fff, 0x1}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f00000005c0)=[{0x4, 0x5, 0x6, 0x4}, {0x5, 0x4, 0xe, 0x7}, {0x3, 0x5, 0x0, 0x2}, {0x0, 0x4, 0xe, 0x1}, {0x0, 0x5, 0x1, 0x5}, {0x2, 0x3, 0xb, 0xc}], 0x10, 0x8, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r8, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000200), 0x4)
sendto$inet6(r8, &(0x7f0000000140)='g', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r8, 0x1)
sendmsg$inet6(r8, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000480)}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r9 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r9, 0x0, 0x0)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)

1.270909144s ago: executing program 1 (id=191):
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, 0x1407, 0x2, 0x70bd2d, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x4090}, 0x0)
getsockopt$netlink(r0, 0x10e, 0x6, &(0x7f0000000180)=""/87, &(0x7f0000000200)=0x57)
r1 = openat$ppp(0xffffff9c, &(0x7f0000000240), 0x840, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000280)=0x2)
socket$inet6(0xa, 0x2, 0x5d3f)
ioctl$PPPIOCSACTIVE(r1, 0x40107446, &(0x7f0000000300)={0x2, &(0x7f00000002c0)=[{0x7, 0x6, 0xff, 0x10}, {0x40, 0x6, 0x89, 0x5}]})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(r2, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x68, r3, 0x800, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x647}, @IPVS_CMD_ATTR_SERVICE={0x44, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x23}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x39, 0x2}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x2a}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x8800}, 0x4040)
ioctl$int_in(r0, 0x0, &(0x7f00000004c0)=0x2)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2)
r5 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
r6 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r2, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x44, r4, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x27}, @val={0x8}, @void}}, [@NL80211_ATTR_NETNS_FD={0x8, 0xdb, r5}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x6d}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r6}, @NL80211_ATTR_PID={0x8, 0x52, 0xffffffffffffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004000}, 0x20)
socket$packet(0x11, 0x2, 0x300)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
syz_genetlink_get_family_id$team(&(0x7f0000000680), r2)
r8 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000006c0)={'wlan0\x00', <r9=>0x0})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x68, r4, 0x0, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x2000, 0x1, 0x1, 0x0, {0xac, 0x3, 0x0, 0xe, 0x0, 0x1, 0x1, 0x0, 0x1}, 0xf0b, 0x0, 0x2}}, @NL80211_ATTR_BSS_SELECT={0x10, 0xe3, 0x0, 0x1, [@NL80211_BSS_SELECT_ATTR_RSSI={0x4}, @NL80211_BSS_SELECT_ATTR_RSSI_ADJUST={0x6, 0x3, {0xa, 0x47}}]}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x7}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x7}]}, 0x68}, 0x1, 0x0, 0x0, 0x50}, 0xc000)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r2, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x44, r4, 0x800, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x24}, @val={0x8, 0x3, r9}, @val={0xc, 0x99, {0xfffffffe, 0x4}}}}, [@NL80211_ATTR_NETNS_FD={0x8, 0xdb, r6}, @NL80211_ATTR_WDEV={0xc, 0x99, {0xb7, 0x20}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r11 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000009c0)='pids.events\x00', 0x0, 0x0)
sendmsg$IPSET_CMD_TEST(r11, &(0x7f0000000c40)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000a40)={0x194, 0xb, 0x6, 0x401, 0x0, 0x0, {0xa, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private2}}]}, @IPSET_ATTR_ADT={0x20, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x7}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x101}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x40, 0x7, 0x0, 0x1, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_NAME={0x9, 0x12, 'syz2\x00'}, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x9b}, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x6}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8}]}, @IPSET_ATTR_ADT={0x30, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz1\x00'}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e23}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0x9}}]}, @IPSET_ATTR_ADT={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PROTO={0x5, 0x7, 0x6c}}]}, @IPSET_ATTR_ADT={0x98, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty}}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz1\x00'}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5, 0x3, 0x6}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e24}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz1\x00'}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5, 0x3, 0x8}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x200}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x194}, 0x1, 0x0, 0x0, 0x24004890}, 0x8014)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r11, 0x29, 0x20, &(0x7f0000000c80)={@ipv4={'\x00', '\xff\xff', @multicast2}, 0x5, 0x3, 0x2, 0x4, 0xe, 0x7}, 0x20)
getsockopt$inet_mreqn(r7, 0x0, 0x23, &(0x7f0000000cc0)={@broadcast, @initdev}, &(0x7f0000000d00)=0xc)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000d40), 0xffffffffffffffff)

908.592146ms ago: executing program 0 (id=192):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f00000001c0)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r3, &(0x7f00000092c0)={0x0, 0x0, &(0x7f0000009280)={&(0x7f0000009240)={0x14, 0x3, 0x2, 0x201}, 0x14}}, 0x0)
recvmmsg(r3, &(0x7f000000a040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x44, r2, 0x4, 0x70bd25, 0x25dfdbfc, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x4}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x96d}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x44}, 0x1, 0x0, 0x0, 0x810}, 0x40)
unshare(0x22020400)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x5e, &(0x7f00000000c0)=ANY=[@ANYBLOB="0180c280c200000e86dd60ecff8000281101fc000000000000000000000000000000ff0200000000000000000000000000014e224e22002890782ccb0b0f2204000000020000000300000000000000c1ec20295ad01e08003f72"], 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)={0x24, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, "16"}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r6, @ANYBLOB="05005b"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_RADAR_DETECT(r0, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x78, r5, 0x300, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7ff, 0x49}}}}, [@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xffff}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x30e}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x6}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x204}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x1a}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x2}]}, 0x78}, 0x1, 0x0, 0x0, 0x4}, 0x4010)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r9, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_dccp(0x2, 0x6, 0x0)
epoll_create(0x0)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r11, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=0x0, @ANYBLOB="04005b00e14461e38ad33ec323333bd688f817716a108dea5b9e824d0c"], 0x20}}, 0x0)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r12)

801.100892ms ago: executing program 1 (id=193):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x3, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x1, 0xc}}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x3, 0x3}]}]}, {0x0, [0x0]}}, &(0x7f0000000000), 0x47, 0x0, 0x1, 0xffffffa6, 0x0, @void, @value}, 0x28) (async)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x3, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x1, 0xc}}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x3, 0x3}]}]}, {0x0, [0x0]}}, &(0x7f0000000000), 0x47, 0x0, 0x1, 0xffffffa6, 0x0, @void, @value}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xe, 0x4, &(0x7f00000001c0)=ANY=[@ANYRESHEX=0x0], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

628.573076ms ago: executing program 1 (id=194):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)={0x1c, 0x3a, 0x10, 0x0, 0x0, {0x1}, [@typed={0x0, 0xd7, 0x0, 0x0, @ipv4=@remote}, @nested={0x4, 0x1}]}, 0x5}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000000c0)=ANY=[], 0x5c}}, 0x0) (async, rerun: 32)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0) (async, rerun: 32)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002280)=ANY=[@ANYBLOB="420000001800010000000000000000000a800000000000000000000018001600140001000000000000000000000010000000000008000400", @ANYRES32=r2, @ANYBLOB="0600150003"], 0x44}}, 0x0)

545.809225ms ago: executing program 0 (id=195):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="640000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000440012800b00010067726574617000003400028008000100", @ANYRES32=0x0, @ANYRESOCT=r0], 0x64}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x3, 0x400, 0x4, 0x5, 0x2004, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_SIOCOUTQ(r2, 0x5411, 0x0)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r6=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000100)={0x28, r3, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_PAUSE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @ETHTOOL_A_PAUSE_TX={0x5}]}, 0x28}}, 0x0)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x4b)
sendmsg$DEVLINK_CMD_RATE_DEL(r1, &(0x7f0000000180)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYRESHEX=r7, @ANYRES32=r2], 0x74}}, 0x8043)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="611234000000000061134c0000000000bf2000000000000015000200000000103d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff07006702000003000000160600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202d6293c3d5e11f4f83e7455baeeba4f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r1, 0x58, &(0x7f00000000c0)}, 0x10)

452.639671ms ago: executing program 2 (id=196):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socketpair(0x18, 0x2fca021a81f924ff, 0x7, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}) (async)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_DEL(r1, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, r3, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}]}, 0x60}, 0x1, 0x0, 0x0, 0x4c001}, 0x40000)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r2, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)={0x90, r3, 0x200, 0x70bd2a, 0x25dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x100}, {0x6, 0x16, 0x3}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0x6}, {0x5, 0x12, 0x1}}]}, 0x90}, 0x1, 0x0, 0x0, 0x80c4}, 0x84000)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x4c}}, 0x0) (async)
socket$can_bcm(0x1d, 0x2, 0x2)

341.341415ms ago: executing program 2 (id=197):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8)
socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
pipe(&(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}) (async, rerun: 64)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$int_in(r4, 0x5421, &(0x7f0000000000)=0xcb16) (async)
mmap(&(0x7f0000abb000/0x1000)=nil, 0x1000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r5, 0x1, 0x1a, &(0x7f0000abaff9), 0x10) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRESOCT=r4], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r6, <r7=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) (async)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) (async)
getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000340)={{{@in, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in=@empty}, 0x0, @in6=@ipv4={""/10, ""/2, @loopback}}}, &(0x7f0000000440)=0x5b)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000480)={{{@in=@broadcast, @in=@rand_addr=0x64010101, 0x4e20, 0x0, 0x4e22, 0x5, 0x2, 0x20, 0x80, 0x32, 0x0, r8}, {0x9, 0x0, 0x8, 0x9, 0x7, 0x2, 0xa, 0x1}, {0x6, 0x2, 0x5, 0x4}, 0x0, 0x6e6bb6, 0x0, 0x0, 0x1, 0x1}, {{@in6=@remote, 0x4d4, 0x6c}, 0xa0d7856023c82306, @in6=@dev={0xfe, 0x80, '\x00', 0x23}, 0x3502, 0x4, 0x1, 0xf0, 0x10001, 0x2, 0xa}}, 0xe8) (async)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000018110000000000", @ANYRES32=r7, @ANYRESOCT=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r9}, 0x10) (async, rerun: 32)
r10 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (rerun: 32)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) (async, rerun: 64)
ioctl$TUNSETOFFLOAD(r10, 0xc004743e, 0x110e22ffdf) (async, rerun: 64)
connect$inet(r4, &(0x7f0000000240)={0x2, 0x0, @dev}, 0x10)
splice(r4, 0x0, r3, 0x0, 0x7ffff041, 0x6) (async)
sendmsg$IPSET_CMD_HEADER(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="340000000c0601010000000000000000010000050900020073797a31000000000500aece0100"/52], 0x34}, 0x1, 0x0, 0x0, 0x20048804}, 0x50)
r11 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r11, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async, rerun: 64)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r11, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) (rerun: 64)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r12, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async, rerun: 64)
setsockopt$sock_int(r11, 0x1, 0x8, &(0x7f0000000200), 0x4) (async, rerun: 64)
socket$nl_netfilter(0x10, 0x3, 0xc)

318.272482ms ago: executing program 1 (id=198):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4400000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff000000001c0012800b00010067726574617000000c000280080001"], 0x44}}, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f00000000c0)="390000001000111867090707a640400f0021ff3f30000000170a00170000000004003700090003", 0x27}], 0x1)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x60, 0x30, 0x0, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_skbedit={0x48, 0x1, 0x0, 0x0, {{0xc}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc, 0x9}}}]}]}, 0x60}}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90324fc602f00001550000100053582c137153e370248018088a817000535", 0x33fe0}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0xa3}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

210.204378ms ago: executing program 2 (id=199):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r0)

89.268366ms ago: executing program 0 (id=200):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000080)=0xffff7b6e, 0x4)
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f00000006c0)={@void, @void, @eth={@broadcast, @local, @val={@void}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x29, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"a0"}}}}}}}, 0x3b)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
close(0xffffffffffffffff)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa2c"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000000), &(0x7f0000000140))
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0)
r6 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x7, 0x4, 0x8, 0x8, 0x20, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bind$ax25(r6, &(0x7f0000000380)={{0x3, @null, 0x1}, [@null={0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x2}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x3c)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181003100000001010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f00000004c0)="64c35154b295d638f02bb8077504cb7dcf03764efd8917ddbe1abed39d29fb49b90024fb8e522fd5ab19c51a1d91c264613520bf6e3f5fd975828e73adadee1c8fc5cf618dc7891a198bfa72bb61dfdbb8e2cb44efe277f052c74dc07169dbf15aced592dba2461e9675c35f9b671e5604a0bdc7dece0fb50ea95a6a5eebbf014246eed31cbf9580038685d30e2ee01b63d3702701b5cdfc3456f8766b3de1a2c86ca6d47e79b3ae6084a570be0f26d6db1f45e133688d0b0342228aeb9ace3e9b3df9a7adb794827e4c09813200ee82a962de60788f9bd5c6c7ab2525a1fb8f1db4c7007b2c1d81dca007eab794e5bd8244", 0xf2, 0x40, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1, 0x8}, 0x1c)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r5}, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x11, &(0x7f0000000840)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x75}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r10=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000009500010000000000"], &(0x7f0000000200)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', r10, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='rpcgss_context\x00', r8, 0x0, 0x200007fffffffc}, 0x18)

16.355698ms ago: executing program 1 (id=201):
r0 = socket$inet6(0xa, 0x6, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0xb, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)={0x44, r4, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x99e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x19}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x5}]]}, 0x44}}, 0x0)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff})
vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)='wi', 0x2}], 0x1, 0x1)
connect$pppoe(r5, &(0x7f0000000040)={0x18, 0x0, {0x3, @random="de554f694282", 'dvmrp1\x00'}}, 0x1e)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x953a, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)
socket$kcm(0x29, 0x5, 0x0)
socket$inet6(0xa, 0x6, 0x1) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0xb, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)={0x44, r4, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x99e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x19}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x5}]]}, 0x44}}, 0x0) (async)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20) (async)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) (async)
pipe(&(0x7f0000000080)) (async)
vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)='wi', 0x2}], 0x1, 0x1) (async)
connect$pppoe(r5, &(0x7f0000000040)={0x18, 0x0, {0x3, @random="de554f694282", 'dvmrp1\x00'}}, 0x1e) (async)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x953a, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) (async)
socket$kcm(0x29, 0x5, 0x0) (async)

7.977897ms ago: executing program 3 (id=202):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x284, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6, 0x5, {0x80}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_route={{0xa}, {0x234, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x210, 0x6, [@m_ctinfo={0x60, 0x0, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8}]}, {0x19, 0x6, "41be356e964e7745f9a57571dce1c50c2bf05086e1"}, {0xc}, {0xc}}}, @m_connmark={0x10c, 0x0, 0x0, 0x0, {{0xd}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c}]}, {0xa1, 0x6, "66396e732cf67237ecb590a592c571fa73ca19ec26dea927df7162b385d80fe15ca7f5cb6a4d958bd18714cd4f89f48d039d7da0dc8795f6ad32634b6b66cf821e93079c15dda212b0b37b761850342ebe270d64e92b80cf9114d976338d2dbd729e033dcd00b517933d3e64d73a30fc4e9a29d250104fa297e7a7f17405df935efe7e4806b65a797a850f6a8d8e2c8a8b9f56953d1262211f307b4af9"}, {0xc}, {0xc}}}, @m_nat={0xa0, 0x0, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @rand_addr, @loopback}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @rand_addr, @broadcast}}]}, {0x25, 0x6, "ef93daeef78df7f9a037a0d7a2f92a1cc341deabba437fc636cbf66a843bc4e030"}, {0xc}, {0xc}}}]}, @TCA_ROUTE4_IIF={0x8}]}}]}, 0x284}}, 0x0)
r0 = socket(0x10, 0x803, 0x0) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async, rerun: 32)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x15}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async, rerun: 32)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000040)={<r3=>r2, 0x8000000000000001, 0x9, 0x1})
write$cgroup_devices(r3, &(0x7f00000000c0)={'a', ' *:* ', 'rm\x00'}, 0x9) (async)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84) (async)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000300)={<r5=>0x0, 0x4}, &(0x7f0000000540)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000580)={r5, 0x3a07, 0x20}, &(0x7f00000005c0)=0xc) (async)
shutdown(r4, 0x0) (async, rerun: 64)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={<r6=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) (rerun: 64)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, r6}, &(0x7f0000000340)=0x10) (async, rerun: 32)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000020305030000000000000000000016b9080001000157a292deef9f8de86e8a15a7ff2c2d063b47220b936ff5a5d38147d7c4517e32f0f41e824ab9179b314ce51833eac60de2f2fde5fd2334587e8a417aaaf106e152d7751e49a2356f47c7254d0860446ca8653d944a58b2a844012961abaea8f2b5b678f28e5e4f4e078812b9e2c23205fa4818486ccaee2fb5fe2ba117d0555629867d27aec10ce27306aec1fc74027d897fc880a6eb46e4ebb15fb06e5880159f719f626148039903ca0b47bb54cd452f9c044d"], 0x1c}}, 0x0) (async, rerun: 32)
r7 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r7, 0x0, 0x4, &(0x7f0000000000)="8907", 0x2) (async, rerun: 32)
write$tun(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="000008000100000000123d000000460000400000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="b4000000907800040a0300050200000000000000000002d58838068b91000000"], 0x4e) (async, rerun: 32)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r3) (async, rerun: 64)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) (async, rerun: 64)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x1b0}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

0s ago: executing program 2 (id=203):
r0 = socket(0x1d, 0x2, 0x6)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
sendmmsg(r0, &(0x7f0000000340)=[{{&(0x7f0000000100)=@in6={0xa, 0x4e24, 0x9, @empty, 0xc}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="2754c647c404725442df84e0c30c8ee328f32e19c79eec555da2aa3d28feee71d7d80a8daea8584eb0ef407089e7eb9bb7e2d19ff9b8493282adea5fb3d6473f623458ed21518097d2c718138f8d1c39263a952cb0ad6dbbdb9d3f0affb1b55049692c5b1187506317142957aff731fd08720446d96b6d1c80911591a1f81ada107e5be0e6502be33899ecf470086e4583c5fff96cb74a5134f7c5fa3eec92f8f0c9daf9fed53993bd15c1c47e2abc392dbec101b460e1d186036116d37b6cbfa38ab54c53a755f2b16ac1b8", 0xcc}], 0x1, &(0x7f0000000280)=[{0x78, 0x115, 0xd, "ba0fc079c48abd24010fc30320bcd57e34885b8f2214b6126a95ec952b816541d2bb6dc5fe41e9c0f3ef33878c01f5e2652ac76b8065b2b27526cdcb85f531e8ed321dc62a64d2a5d4efbf81d19892e20e1c7e551805946e4e19e835a8edcbab413a0acee2"}], 0x78}}], 0x1, 0x4004800)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f8483e0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000000001384931f000000000000000000", @ANYBLOB], 0x48)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000), 0xffd2)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r5, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b18, &(0x7f0000000000)={'wlan1\x00'})
r7 = socket(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=@bloom_filter={0x1e, 0x0, 0x3, 0x5, 0x4c, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x2, 0x33, 0x0, @empty, @broadcast}, @timestamp_reply={0x11, 0x0, 0x0, 0xfffc, 0x0, 0x1}}}}}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r7, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000020000000200000800040001000000", 0x24)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl2\x00', r2, 0x0, 0x81, 0x1f, 0x8, 0x68, @mcast2, @loopback={0xfec0ffff00000000}, 0x40, 0x10, 0x8000, 0x6}})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.37' (ED25519) to the list of known hosts.
[   51.749659][ T5217] cgroup: Unknown subsys name 'net'
[   51.936135][ T5217] cgroup: Unknown subsys name 'cpuset'
[   51.944256][ T5217] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   53.206997][ T5217] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   55.115882][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   55.144104][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   55.173408][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   55.183660][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   55.193679][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   55.200976][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   55.264425][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   55.283650][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   55.306888][ T5230] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   55.329420][ T5241] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   55.343627][ T5241] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   55.363230][ T5242] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   55.371126][ T5244] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   55.383686][ T5244] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   55.391392][ T5244] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   55.399642][ T5244] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   55.408123][ T5244] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   55.413479][ T5242] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   55.415465][ T5244] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   55.422405][ T5239] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   55.432259][ T5244] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   55.439387][ T5239] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   55.444682][ T5244] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   55.457905][ T5239] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   55.459492][ T5244] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   55.472098][ T5239] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   55.474882][ T5244] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   55.488338][ T5239] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   55.495727][ T5239] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   55.505906][   T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   55.592650][ T5227] chnl_net:caif_netlink_parms(): no params data found
[   55.754734][ T5227] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.762141][ T5227] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.769876][ T5227] bridge_slave_0: entered allmulticast mode
[   55.776640][ T5227] bridge_slave_0: entered promiscuous mode
[   55.787472][ T5227] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.794766][ T5227] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.801908][ T5227] bridge_slave_1: entered allmulticast mode
[   55.808954][ T5227] bridge_slave_1: entered promiscuous mode
[   55.908892][ T5227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.920308][ T5227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.988057][ T5233] chnl_net:caif_netlink_parms(): no params data found
[   56.011914][ T5227] team0: Port device team_slave_0 added
[   56.023441][ T5227] team0: Port device team_slave_1 added
[   56.051807][ T5231] chnl_net:caif_netlink_parms(): no params data found
[   56.082612][ T5227] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.089660][ T5227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.115754][ T5227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.151414][ T5227] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.158472][ T5227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.184477][ T5227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.257068][ T5227] hsr_slave_0: entered promiscuous mode
[   56.264337][ T5227] hsr_slave_1: entered promiscuous mode
[   56.294981][ T5238] chnl_net:caif_netlink_parms(): no params data found
[   56.304852][ T5233] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.312004][ T5233] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.319275][ T5233] bridge_slave_0: entered allmulticast mode
[   56.326148][ T5233] bridge_slave_0: entered promiscuous mode
[   56.356917][ T5233] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.364082][ T5233] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.371194][ T5233] bridge_slave_1: entered allmulticast mode
[   56.378263][ T5233] bridge_slave_1: entered promiscuous mode
[   56.390781][ T5234] chnl_net:caif_netlink_parms(): no params data found
[   56.441301][ T5231] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.448858][ T5231] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.456569][ T5231] bridge_slave_0: entered allmulticast mode
[   56.463163][ T5231] bridge_slave_0: entered promiscuous mode
[   56.505639][ T5233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.515034][ T5231] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.522176][ T5231] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.529547][ T5231] bridge_slave_1: entered allmulticast mode
[   56.536602][ T5231] bridge_slave_1: entered promiscuous mode
[   56.568009][ T5233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.629049][ T5238] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.636598][ T5238] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.645194][ T5238] bridge_slave_0: entered allmulticast mode
[   56.651675][ T5238] bridge_slave_0: entered promiscuous mode
[   56.661724][ T5231] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.688986][ T5233] team0: Port device team_slave_0 added
[   56.700148][ T5238] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.707359][ T5238] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.714866][ T5238] bridge_slave_1: entered allmulticast mode
[   56.721415][ T5238] bridge_slave_1: entered promiscuous mode
[   56.730604][ T5231] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.746590][ T5233] team0: Port device team_slave_1 added
[   56.819140][ T5234] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.828099][ T5234] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.835338][ T5234] bridge_slave_0: entered allmulticast mode
[   56.841893][ T5234] bridge_slave_0: entered promiscuous mode
[   56.850967][ T5233] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.858409][ T5233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.884953][ T5233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.898647][ T5238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.910267][ T5231] team0: Port device team_slave_0 added
[   56.919823][ T5231] team0: Port device team_slave_1 added
[   56.926115][ T5234] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.934037][ T5234] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.941185][ T5234] bridge_slave_1: entered allmulticast mode
[   56.948009][ T5234] bridge_slave_1: entered promiscuous mode
[   56.961788][ T5233] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.968894][ T5233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.995219][ T5233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.009532][ T5238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.066472][ T5234] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.078713][ T5238] team0: Port device team_slave_0 added
[   57.087860][ T5238] team0: Port device team_slave_1 added
[   57.097827][ T5231] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.105001][ T5231] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.132115][ T5231] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.144790][ T5231] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.151751][ T5231] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.177910][ T5231] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.190613][ T5234] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.247337][ T5227] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   57.254665][   T54] Bluetooth: hci0: command tx timeout
[   57.266919][ T5227] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   57.276453][ T5227] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   57.297160][ T5234] team0: Port device team_slave_0 added
[   57.310567][ T5238] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.320668][ T5238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.346940][ T5238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.360012][ T5238] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.367986][ T5238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.394241][ T5238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.409906][ T5227] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   57.420018][ T5234] team0: Port device team_slave_1 added
[   57.437353][ T5233] hsr_slave_0: entered promiscuous mode
[   57.443838][ T5233] hsr_slave_1: entered promiscuous mode
[   57.449835][ T5233] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   57.457803][ T5233] Cannot create hsr debugfs directory
[   57.482846][ T5231] hsr_slave_0: entered promiscuous mode
[   57.489778][ T5231] hsr_slave_1: entered promiscuous mode
[   57.496656][ T5231] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   57.504289][ T5231] Cannot create hsr debugfs directory
[   57.521664][ T5234] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.528932][ T5234] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.554952][ T5234] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.565677][   T54] Bluetooth: hci4: command tx timeout
[   57.565699][ T5235] Bluetooth: hci3: command tx timeout
[   57.576749][ T5235] Bluetooth: hci2: command tx timeout
[   57.576969][ T5235] Bluetooth: hci1: command tx timeout
[   57.616526][ T5234] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.623589][ T5234] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.649610][ T5234] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.700839][ T5238] hsr_slave_0: entered promiscuous mode
[   57.707460][ T5238] hsr_slave_1: entered promiscuous mode
[   57.713673][ T5238] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   57.721237][ T5238] Cannot create hsr debugfs directory
[   57.778735][ T5234] hsr_slave_0: entered promiscuous mode
[   57.786481][ T5234] hsr_slave_1: entered promiscuous mode
[   57.792688][ T5234] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   57.800528][ T5234] Cannot create hsr debugfs directory
[   58.029563][ T5233] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   58.046980][ T5233] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   58.058445][ T5233] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   58.077458][ T5233] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   58.148880][ T5231] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   58.162319][ T5231] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   58.185593][ T5227] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.194183][ T5231] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   58.221551][ T5231] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   58.254733][ T5234] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   58.274501][ T5227] 8021q: adding VLAN 0 to HW filter on device team0
[   58.293113][ T5234] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   58.305826][ T5234] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   58.339368][ T5234] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   58.364102][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.371370][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.391920][ T5238] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   58.401288][ T5238] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   58.426040][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.433189][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.441678][ T5238] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   58.450502][ T5238] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   58.553499][ T5233] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.589904][ T5233] 8021q: adding VLAN 0 to HW filter on device team0
[   58.628067][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.635219][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.655997][ T5231] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.694472][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.701601][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.747274][ T5231] 8021q: adding VLAN 0 to HW filter on device team0
[   58.791663][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.798849][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.823912][ T5234] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.836338][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.843489][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.864243][ T5238] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.905251][ T5234] 8021q: adding VLAN 0 to HW filter on device team0
[   58.920969][ T5227] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.948989][ T5238] 8021q: adding VLAN 0 to HW filter on device team0
[   58.959655][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.966814][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.986477][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.993630][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.029421][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.036587][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.079944][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.087142][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.138181][ T5227] veth0_vlan: entered promiscuous mode
[   59.206599][ T5227] veth1_vlan: entered promiscuous mode
[   59.276673][ T5233] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.323500][ T5235] Bluetooth: hci0: command tx timeout
[   59.367611][ T5227] veth0_macvtap: entered promiscuous mode
[   59.391844][ T5227] veth1_macvtap: entered promiscuous mode
[   59.427089][ T5227] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.450305][ T5227] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.486139][ T5233] veth0_vlan: entered promiscuous mode
[   59.525235][ T5233] veth1_vlan: entered promiscuous mode
[   59.547445][ T5231] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.557013][ T5227] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.574571][ T5227] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.589112][ T5227] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.598537][ T5227] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.645957][ T5235] Bluetooth: hci4: command tx timeout
[   59.645975][ T5230] Bluetooth: hci2: command tx timeout
[   59.646010][ T5230] Bluetooth: hci1: command tx timeout
[   59.651377][ T5235] Bluetooth: hci3: command tx timeout
[   59.676681][ T5234] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.774441][ T5233] veth0_macvtap: entered promiscuous mode
[   59.784245][ T5238] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.816734][ T5233] veth1_macvtap: entered promiscuous mode
[   59.832777][ T5233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.844274][ T5233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.857170][ T5233] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.898967][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.907629][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.938741][ T5231] veth0_vlan: entered promiscuous mode
[   59.959340][ T5233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.971079][ T5233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.986107][ T5233] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.995723][ T5231] veth1_vlan: entered promiscuous mode
[   60.007609][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.014090][ T5234] veth0_vlan: entered promiscuous mode
[   60.027602][ T5233] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.033276][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.036584][ T5233] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.055354][ T5233] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.064319][ T5233] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.097107][ T5238] veth0_vlan: entered promiscuous mode
[   60.132800][ T5234] veth1_vlan: entered promiscuous mode
[   60.134397][ T5227] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   60.158370][ T5238] veth1_vlan: entered promiscuous mode
[   60.255498][ T5231] veth0_macvtap: entered promiscuous mode
[   60.275047][ T5234] veth0_macvtap: entered promiscuous mode
[   60.305445][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.318854][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.330949][ T5238] veth0_macvtap: entered promiscuous mode
[   60.345467][ T5312] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3'.
[   60.367041][ T5234] veth1_macvtap: entered promiscuous mode
[   60.381999][ T5231] veth1_macvtap: entered promiscuous mode
[   60.410585][ T5231] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.424713][ T5231] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.435467][ T5231] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.453324][ T5231] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.470744][ T5231] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.495725][ T5238] veth1_macvtap: entered promiscuous mode
[   60.501749][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.514685][ T5238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.527341][ T5238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.538098][ T5238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.540338][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.549213][ T5238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.568524][ T5238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.579831][ T5238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.591673][ T5238] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.623415][ T5231] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.634003][ T5231] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.644053][ T5231] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.654574][ T5231] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.665681][ T5231] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.678584][ T5238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.691053][ T5238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.701875][ T5238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.713493][ T5238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.723494][ T5238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.733985][ T5238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.745518][ T5238] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.780994][ T5238] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.792635][ T5238] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.811401][ T5238] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.820639][ T5238] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.837919][ T5231] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.852040][ T5231] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.867769][ T5231] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.878045][ T5231] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.894351][ T5234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.905330][ T5234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.915540][ T5234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.926114][ T5234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.936012][ T5234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.946526][ T5234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.956406][ T5234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.967038][ T5234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.978361][ T5234] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.989277][ T5234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.999804][ T5234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.009854][ T5234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   61.020368][ T5234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.030238][ T5234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   61.040789][ T5234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.050716][ T5234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   61.061212][ T5234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.073393][ T5234] batman_adv: batadv0: Interface activated: batadv_slave_1
[   61.175196][ T5234] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.185981][ T5234] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.210238][ T5234] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.235072][ T5234] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.403216][ T5235] Bluetooth: hci0: command tx timeout
[   61.726070][   T54] Bluetooth: hci1: command tx timeout
[   61.727217][ T5230] Bluetooth: hci4: command tx timeout
[   61.731504][   T54] Bluetooth: hci2: command tx timeout
[   61.742619][ T5235] Bluetooth: hci3: command tx timeout
[   61.890854][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.907896][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.986129][ T3956] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.023115][ T3956] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.055217][ T3956] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.075870][ T3956] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.118636][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.135687][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.147509][ T5339] netlink: 288 bytes leftover after parsing attributes in process `syz.3.11'.
[   62.175191][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.193671][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.218961][ T5336] tipc: Started in network mode
[   62.243513][ T5336] tipc: Node identity ac1414aa, cluster identity 4711
[   62.251431][ T5336] tipc: Enabled bearer <udp:syz2>, priority 10
[   62.294119][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.311186][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.026346][ T5352] mac80211_hwsim hwsim10 syzkaller0: entered promiscuous mode
[   63.048547][ T5352] mac80211_hwsim hwsim10 syzkaller0: entered allmulticast mode
[   63.196131][ T5364] netlink: 'syz.1.13': attribute type 10 has an invalid length.
[   63.349360][ T5363] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   63.393883][ T5228] tipc: Node number set to 2886997162
[   63.517766][ T5235] Bluetooth: hci0: command tx timeout
[   63.803750][ T5235] Bluetooth: hci3: command tx timeout
[   63.803779][ T5239] Bluetooth: hci4: command tx timeout
[   63.814925][   T54] Bluetooth: hci2: command tx timeout
[   64.200341][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.311983][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.480352][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.542569][ T5375] netlink: 36 bytes leftover after parsing attributes in process `syz.3.18'.
[   64.646506][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.683512][ T5239] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.692486][ T5239] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.701874][ T5239] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.710558][ T5239] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.718527][ T5239] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   64.726120][ T5239] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.758794][ T5384] netlink: 'syz.3.21': attribute type 8 has an invalid length.
[   64.903402][ T5390] netlink: 24 bytes leftover after parsing attributes in process `syz.1.22'.
[   65.001591][ T5393] netlink: 24 bytes leftover after parsing attributes in process `syz.1.22'.
[   65.193623][   T12] bridge_slave_1: left allmulticast mode
[   65.199531][   T12] bridge_slave_1: left promiscuous mode
[   65.206445][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.230979][   T12] bridge_slave_0: left allmulticast mode
[   65.236919][   T12] bridge_slave_0: left promiscuous mode
[   65.243197][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.358685][ T5406] Zero length message leads to an empty skb
[   65.368327][ T5413] netlink: 191024 bytes leftover after parsing attributes in process `syz.2.25'.
[   65.809588][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   65.821505][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   65.837526][   T12] bond0 (unregistering): Released all slaves
[   65.860720][ T5412] netlink: 8 bytes leftover after parsing attributes in process `syz.1.27'.
[   65.875480][ T5422] netlink: 'syz.0.29': attribute type 11 has an invalid length.
[   66.008848][ T5424] netlink: 256 bytes leftover after parsing attributes in process `syz.0.30'.
[   66.413853][ T5438] netlink: 4 bytes leftover after parsing attributes in process `syz.1.38'.
[   66.503230][ T5443] warning: `syz.0.37' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   66.569498][ T5444] pim6reg: entered allmulticast mode
[   66.630159][ T5444] netlink: 12 bytes leftover after parsing attributes in process `syz.2.39'.
[   66.689549][ T5377] chnl_net:caif_netlink_parms(): no params data found
[   66.722179][ T5453] pim6reg: left allmulticast mode
[   66.831512][ T5456] bond0: entered promiscuous mode
[   66.843167][ T5239] Bluetooth: hci1: command tx timeout
[   66.862024][ T5456] bond_slave_0: entered promiscuous mode
[   66.915857][ T5456] bond_slave_1: entered promiscuous mode
[   67.110874][   T12] hsr_slave_0: left promiscuous mode
[   67.127036][   T12] hsr_slave_1: left promiscuous mode
[   67.161700][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   67.169836][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[   67.180993][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   67.189320][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[   67.214159][   T12] veth1_macvtap: left promiscuous mode
[   67.220325][   T12] veth0_macvtap: left promiscuous mode
[   67.226758][   T12] veth1_vlan: left promiscuous mode
[   67.232549][   T12] veth0_vlan: left promiscuous mode
[   67.375733][ T5496] netlink: 4 bytes leftover after parsing attributes in process `syz.3.44'.
[   67.696485][   T12] team0 (unregistering): Port device team_slave_1 removed
[   67.737265][   T12] team0 (unregistering): Port device team_slave_0 removed
[   68.416095][ T5377] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.428366][ T5377] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.446582][ T5377] bridge_slave_0: entered allmulticast mode
[   68.454291][ T5377] bridge_slave_0: entered promiscuous mode
[   68.527828][ T5513] netlink: 32 bytes leftover after parsing attributes in process `syz.3.50'.
[   68.557434][ T5377] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.571887][ T5377] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.588598][ T5377] bridge_slave_1: entered allmulticast mode
[   68.596245][ T5377] bridge_slave_1: entered promiscuous mode
[   68.658765][ T5520] Bluetooth: MGMT ver 1.23
[   68.732302][ T5377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.750660][ T5377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.815925][ T5513] netlink: 'syz.3.50': attribute type 7 has an invalid length.
[   68.915886][ T5377] team0: Port device team_slave_0 added
[   68.923445][ T5239] Bluetooth: hci1: command tx timeout
[   68.976831][ T5377] team0: Port device team_slave_1 added
[   69.060258][ T5377] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.077610][ T5377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.138566][ T5377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.230753][ T5377] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.241828][ T5377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.285353][ T5377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.396843][ T5544] netlink: 96 bytes leftover after parsing attributes in process `syz.0.53'.
[   69.628407][ T5377] hsr_slave_0: entered promiscuous mode
[   69.652485][ T5377] hsr_slave_1: entered promiscuous mode
[   69.664524][ T5377] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.685953][ T5377] Cannot create hsr debugfs directory
[   70.334013][ T5559] netlink: 4 bytes leftover after parsing attributes in process `syz.2.57'.
[   70.367811][ T5559] netlink: 204 bytes leftover after parsing attributes in process `syz.2.57'.
[   70.562030][ T5276] IPVS: starting estimator thread 0...
[   70.580141][ T5568] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   70.635901][ T5568] xt_bpf: check failed: parse error
[   70.673686][ T5565] pim6reg: entered allmulticast mode
[   70.693889][ T5569] IPVS: using max 26 ests per chain, 62400 per kthread
[   70.721834][ T5565] pim6reg: left allmulticast mode
[   70.756059][ T5578] IPVS: wrr: SCTP 172.20.20.187:0 - no destination available
[   71.003329][ T5239] Bluetooth: hci1: command tx timeout
[   71.566691][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[   71.576941][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[   71.938784][ T5637] tun0: tun_chr_ioctl cmd 1074025677
[   71.963414][ T5637] tun0: linktype set to 773
[   72.301696][ T5377] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   72.458420][ T5377] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   72.551963][ T5377] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   72.606036][ T5377] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   72.646978][ T5666] netlink: 'syz.0.77': attribute type 1 has an invalid length.
[   72.667682][ T5666] netlink: 'syz.0.77': attribute type 2 has an invalid length.
[   72.687129][ T5666] netlink: 20 bytes leftover after parsing attributes in process `syz.0.77'.
[   72.706689][ T5666] sctp: [Deprecated]: syz.0.77 (pid 5666) Use of struct sctp_assoc_value in delayed_ack socket option.
[   72.706689][ T5666] Use struct sctp_sack_info instead
[   72.779489][ T5673] netlink: 'syz.0.77': attribute type 1 has an invalid length.
[   72.811097][ T5673] netlink: 'syz.0.77': attribute type 2 has an invalid length.
[   72.833581][ T5673] netlink: 20 bytes leftover after parsing attributes in process `syz.0.77'.
[   72.926873][ T5673] syzkaller0: tun_chr_ioctl cmd 2147767506
[   73.093272][ T5239] Bluetooth: hci1: command tx timeout
[   73.140205][ T5377] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.175044][ T5377] 8021q: adding VLAN 0 to HW filter on device team0
[   73.198484][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.205650][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.229924][ T2475] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.237077][ T2475] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.304008][ T5697] netlink: 168 bytes leftover after parsing attributes in process `syz.3.83'.
[   73.335551][ T5699] netlink: 'syz.2.82': attribute type 10 has an invalid length.
[   73.350991][ T5705] xt_HMARK: spi-set and port-set can't be combined
[   73.672107][ T5699] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[   73.718768][ T5696] lo: entered promiscuous mode
[   73.739126][ T5695] lo: left promiscuous mode
[   73.754314][ T5710] netlink: 'syz.1.85': attribute type 58 has an invalid length.
[   73.784021][ T5710] netlink: 20 bytes leftover after parsing attributes in process `syz.1.85'.
[   73.989265][ T5722] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   74.010677][ T5722] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   74.049148][ T5730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.88'.
[   74.117346][ T5730] netlink: 12 bytes leftover after parsing attributes in process `syz.0.88'.
[   74.143597][ T5741] netlink: 'syz.3.90': attribute type 1 has an invalid length.
[   74.300276][ T5377] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.547445][ T5765] netlink: 176 bytes leftover after parsing attributes in process `syz.3.94'.
[   74.825073][ T5377] veth0_vlan: entered promiscuous mode
[   74.874990][ T5377] veth1_vlan: entered promiscuous mode
[   74.941479][ T5377] veth0_macvtap: entered promiscuous mode
[   74.960808][ T5377] veth1_macvtap: entered promiscuous mode
[   75.025469][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   75.063673][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.078155][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   75.090523][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.100929][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   75.121062][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.133666][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   75.145022][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.163653][ T5239] Bluetooth: hci1: command tx timeout
[   75.172934][ T5377] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.230981][ T5792] netlink: 4 bytes leftover after parsing attributes in process `syz.2.99'.
[   75.300819][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   75.311860][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.330531][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   75.366281][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.376562][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   75.394239][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.409416][ T5377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   75.421406][ T5377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.434500][ T5377] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.435468][ T5804] Driver unsupported XDP return value 0 on prog  (id 82) dev N/A, expect packet loss!
[   75.598958][ T5377] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.628216][ T5377] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.679058][ T5377] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.703896][ T5377] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.723499][ T5820] netlink: 8 bytes leftover after parsing attributes in process `syz.2.104'.
[   75.764403][ T5820] netlink: 20 bytes leftover after parsing attributes in process `syz.2.104'.
[   75.953940][ T5820] team0 (unregistering): Port device team_slave_0 removed
[   76.022157][ T5820] team0 (unregistering): Port device team_slave_1 removed
[   76.485479][ T2475] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.498409][ T2475] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.552704][ T5857] netlink: 'syz.3.111': attribute type 5 has an invalid length.
[   76.569833][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.590603][ T5823] ieee802154 phy0 wpan0: encryption failed: -22
[   76.612893][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.690445][  T937] cfg80211: failed to load regulatory.db
[   76.731973][ T5861] netlink: 'syz.2.112': attribute type 1 has an invalid length.
[   77.150138][ T3956] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.467977][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   77.497596][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   77.505923][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   77.525357][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   77.541234][   T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   77.549362][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   78.484174][ T5881] dccp_close: ABORT with 32 bytes unread
[   78.710650][ T3956] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.860448][ T5883] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.896433][ T3956] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.039084][ T5883] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.134614][ T3956] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.339015][ T5883] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.435671][ T5917] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.567525][ T5239] Bluetooth: hci1: command tx timeout
[   79.570878][ T5883] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.649625][ T5936] netlink: 'syz.2.132': attribute type 12 has an invalid length.
[   79.707026][ T5942] __nla_validate_parse: 3 callbacks suppressed
[   79.707044][ T5942] netlink: 16 bytes leftover after parsing attributes in process `syz.0.133'.
[   79.727418][ T5942] netlink: 40 bytes leftover after parsing attributes in process `syz.0.133'.
[   79.842889][ T3956] bridge_slave_1: left allmulticast mode
[   79.849466][ T3956] bridge_slave_1: left promiscuous mode
[   79.857067][ T3956] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.876502][ T3956] bridge_slave_0: left allmulticast mode
[   79.882537][ T3956] bridge_slave_0: left promiscuous mode
[   79.889637][ T3956] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.493039][ T3956] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   80.505653][ T3956] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   80.517687][ T3956] bond0 (unregistering): Released all slaves
[   80.735113][ T5883] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.794932][ T5883] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.810797][ T5991] netlink: 36 bytes leftover after parsing attributes in process `syz.1.141'.
[   80.866340][ T5994] netlink: 'syz.2.142': attribute type 3 has an invalid length.
[   80.911343][ T5883] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.932208][ T5883] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.968675][ T5879] chnl_net:caif_netlink_parms(): no params data found
[   81.027399][ T3956] hsr_slave_0: left promiscuous mode
[   81.035395][ T3956] hsr_slave_1: left promiscuous mode
[   81.041546][ T3956] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   81.051753][ T3956] batman_adv: batadv0: Removing interface: batadv_slave_0
[   81.063924][ T5999] xt_TPROXY: Can be used only with -p tcp or -p udp
[   81.068045][ T3956] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   81.101506][ T3956] batman_adv: batadv0: Removing interface: batadv_slave_1
[   81.127527][ T3956] veth1_macvtap: left promiscuous mode
[   81.132549][ T6002] netlink: 'syz.3.145': attribute type 27 has an invalid length.
[   81.134525][ T3956] veth0_macvtap: left promiscuous mode
[   81.148077][ T3956] veth1_vlan: left promiscuous mode
[   81.153610][ T3956] veth0_vlan: left promiscuous mode
[   81.605549][ T3956] team0 (unregistering): Port device team_slave_1 removed
[   81.640208][ T3956] team0 (unregistering): Port device team_slave_0 removed
[   81.653075][ T5239] Bluetooth: hci1: command tx timeout
[   81.972729][ T5996] tap0: tun_chr_ioctl cmd 1074025677
[   81.979048][ T5996] tap0: linktype set to 825
[   82.269511][ T6022] dummy0: entered promiscuous mode
[   82.278140][ T6034] No such timeout policy "syz1"
[   82.338495][ T6022] dummy0: left promiscuous mode
[   82.417111][ T5879] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.448518][ T5879] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.469717][ T5879] bridge_slave_0: entered allmulticast mode
[   82.479557][ T5879] bridge_slave_0: entered promiscuous mode
[   82.487634][ T6038] netlink: 32 bytes leftover after parsing attributes in process `syz.2.152'.
[   82.499238][ T5879] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.542108][ T5879] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.549916][ T5879] bridge_slave_1: entered allmulticast mode
[   82.562747][ T5879] bridge_slave_1: entered promiscuous mode
[   82.716310][ T5879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   82.754660][ T5879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.854355][ T6051] netlink: 12 bytes leftover after parsing attributes in process `syz.3.156'.
[   82.959516][ T6066] netlink: 144 bytes leftover after parsing attributes in process `syz.1.159'.
[   82.973033][ T5879] team0: Port device team_slave_0 added
[   82.992336][ T6069] netlink: 12 bytes leftover after parsing attributes in process `syz.0.158'.
[   83.048552][ T5879] team0: Port device team_slave_1 added
[   83.313453][ T5879] batman_adv: batadv0: Adding interface: batadv_slave_0
[   83.326557][ T5879] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.424982][ T5879] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   83.447026][ T5879] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.478254][ T5879] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.507254][ T6115] openvswitch: netlink: Actions may not be safe on all matching packets
[   83.515438][ T5879] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.692685][ T6113] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[   83.730074][ T5239] Bluetooth: hci1: command tx timeout
[   83.987743][ T6142] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[   84.039903][ T5879] hsr_slave_0: entered promiscuous mode
[   84.048447][ T5879] hsr_slave_1: entered promiscuous mode
[   84.064585][ T5879] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   84.093384][ T5879] Cannot create hsr debugfs directory
[   84.220213][ T6150] netlink: 76 bytes leftover after parsing attributes in process `syz.1.176'.
[   84.315498][ T6154] netlink: 'syz.0.177': attribute type 9 has an invalid length.
[   84.338516][ T6154] netlink: 172568 bytes leftover after parsing attributes in process `syz.0.177'.
[   84.471638][ T6161] netlink: 'syz.0.177': attribute type 9 has an invalid length.
[   84.502873][ T6161] netlink: 158276 bytes leftover after parsing attributes in process `syz.0.177'.
[   85.009768][ T6182] bridge_slave_0: left allmulticast mode
[   85.016028][ T6182] bridge_slave_0: left promiscuous mode
[   85.023235][ T6182] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.094401][ T6182] bridge_slave_1: left allmulticast mode
[   85.100116][ T6182] bridge_slave_1: left promiscuous mode
[   85.108335][ T6182] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.122388][ T6182] bond0: (slave bond_slave_0): Releasing backup interface
[   85.134951][ T6182] bond_slave_0: left promiscuous mode
[   85.144358][ T6182] bond0: (slave bond_slave_1): Releasing backup interface
[   85.152581][ T6182] bond_slave_1: left promiscuous mode
[   85.173835][ T6182] team0: Port device team_slave_0 removed
[   85.185268][ T6182] team0: Port device team_slave_1 removed
[   85.191751][ T6182] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.199367][ T6182] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.210122][ T6182] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   85.218503][ T6182] batman_adv: batadv0: Removing interface: batadv_slave_1
[   85.301653][ T6196] netlink: 20 bytes leftover after parsing attributes in process `syz.1.182'.
[   85.465545][ T5879] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   85.492376][ T5879] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   85.525817][ T5879] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   85.566692][ T5879] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   85.803912][   T54] Bluetooth: hci1: command tx timeout
[   85.915642][ T6218] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   85.987496][ T6229] syz.2.186 uses obsolete (PF_INET,SOCK_PACKET)
[   86.031371][ T6227] netlink: 16 bytes leftover after parsing attributes in process `syz.3.189'.
[   86.040820][ T6227] netlink: 16 bytes leftover after parsing attributes in process `syz.3.189'.
[   86.172684][ T6218] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.233490][ T6218] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.332570][ T5879] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.406263][ T5879] 8021q: adding VLAN 0 to HW filter on device team0
[   86.425793][ T2475] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.433032][ T2475] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.452574][ T2475] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.459792][ T2475] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.520749][ T6218] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.566395][ T6253] netlink: 4 bytes leftover after parsing attributes in process `syz.1.194'.
[   86.698251][ T6253] netlink: 'syz.1.194': attribute type 1 has an invalid length.
[   86.767012][ T6253] netlink: 'syz.1.194': attribute type 1 has an invalid length.
[   86.799698][ T6218] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.825981][ T6260] netlink: 40 bytes leftover after parsing attributes in process `syz.0.195'.
[   86.898912][ T6218] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.914124][ T6276] netlink: 'syz.1.198': attribute type 9 has an invalid length.
[   86.919272][ T6218] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.984323][ T6276] netlink: 134660 bytes leftover after parsing attributes in process `syz.1.198'.
[   87.059087][ T6218] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.274713][ T6292] netlink: 'syz.2.203': attribute type 10 has an invalid length.
[   87.337865][ T6296] BUG: Bad page state in process syz.0.200  pfn:20bd3
[   87.344899][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20bd3
[   87.353763][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   87.360920][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   87.369606][ T6296] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   87.378307][ T6296] page dumped because: page_pool leak
[   87.383749][ T6296] page_owner tracks the page as allocated
[   87.389734][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301503932, free_ts 86578369263
[   87.406577][ T6296]  post_alloc_hook+0x1f3/0x230
[   87.411409][ T6296]  get_page_from_freelist+0x3045/0x3190
[   87.417042][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   87.422285][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   87.427849][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   87.433825][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   87.439058][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   87.444528][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   87.449948][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   87.454988][ T6296]  __sys_bpf+0x48d/0x810
[   87.459263][ T6296]  __x64_sys_bpf+0x7c/0x90
[   87.463749][ T6296]  do_syscall_64+0xf3/0x230
[   87.468298][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.474278][ T6296] page last free pid 6256 tgid 6256 stack trace:
[   87.480663][ T6296]  free_unref_page+0xcfb/0xf20
[   87.485530][ T6296]  __put_partials+0xeb/0x130
[   87.490147][ T6296]  put_cpu_partial+0x17c/0x250
[   87.495008][ T6296]  __slab_free+0x2ea/0x3d0
[   87.499516][ T6296]  qlist_free_all+0x9a/0x140
[   87.504177][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   87.509665][ T6296]  __kasan_slab_alloc+0x23/0x80
[   87.514604][ T6296]  __kmalloc_node_noprof+0x1d2/0x440
[   87.520011][ T6296]  allocate_slab+0xb6/0x2f0
[   87.524608][ T6296]  ___slab_alloc+0xcd1/0x14b0
[   87.529322][ T6296]  __slab_alloc+0x58/0xa0
[   87.533755][ T6296]  kmem_cache_alloc_noprof+0x1c1/0x2a0
[   87.539246][ T6296]  __anon_vma_prepare+0x117/0x4a0
[   87.544371][ T6296]  handle_pte_fault+0x5361/0x6800
[   87.549427][ T6296]  handle_mm_fault+0x1106/0x1bb0
[   87.554466][ T6296]  exc_page_fault+0x459/0x8c0
[   87.559264][ T6296] Modules linked in:
[   87.563257][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Not tainted 6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   87.573876][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   87.583965][ T6296] Call Trace:
[   87.587267][ T6296]  <TASK>
[   87.590228][ T6296]  dump_stack_lvl+0x241/0x360
[   87.594935][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.600157][ T6296]  ? __pfx_print_modules+0x10/0x10
[   87.605312][ T6296]  bad_page+0x166/0x1b0
[   87.609506][ T6296]  free_unref_page+0xed0/0xf20
[   87.614302][ T6296]  skb_release_data+0x6dc/0x8a0
[   87.619195][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   87.624248][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   87.630006][ T6296]  ? __lock_acquire+0x1384/0x2050
[   87.635082][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   87.641220][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   87.647244][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   87.653865][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   87.660395][ T6296]  ? read_tsc+0x9/0x20
[   87.664513][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   87.669752][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   87.676111][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   87.682302][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   87.688670][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   87.695381][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   87.700608][ T6296]  ? __phys_addr+0xba/0x170
[   87.705135][ T6296]  ? build_skb_around+0x111/0x260
[   87.710190][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   87.716118][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   87.721442][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   87.726936][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   87.732884][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   87.738473][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   87.744320][ T6296]  ? synchronize_rcu+0x11b/0x360
[   87.749299][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   87.754642][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   87.760937][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   87.766873][ T6296]  ? _copy_from_user+0xa6/0xe0
[   87.771672][ T6296]  ? bpf_test_init+0x15a/0x180
[   87.776472][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   87.781969][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   87.787391][ T6296]  ? __pfx_lock_release+0x10/0x10
[   87.792458][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   87.798299][ T6296]  ? __fget_files+0x29/0x470
[   87.802934][ T6296]  ? fput+0x1a8/0x230
[   87.806942][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   87.813225][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   87.818211][ T6296]  __sys_bpf+0x48d/0x810
[   87.822494][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   87.827290][ T6296]  ? __sys_bind+0x108/0x2d0
[   87.831841][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   87.837863][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   87.844238][ T6296]  ? do_syscall_64+0x100/0x230
[   87.849050][ T6296]  __x64_sys_bpf+0x7c/0x90
[   87.853509][ T6296]  do_syscall_64+0xf3/0x230
[   87.858050][ T6296]  ? clear_bhb_loop+0x35/0x90
[   87.862757][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.868704][ T6296] RIP: 0033:0x7fcce777dff9
[   87.873153][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.892793][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   87.901248][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   87.909252][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   87.917251][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   87.925253][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.928170][   T54] Bluetooth: hci1: command 0x0405 tx timeout
[   87.933228][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   87.933264][ T6296]  </TASK>
[   87.933354][ T6296] Disabling lock debugging due to kernel taint
[   87.956521][ T6296] BUG: Bad page state in process syz.0.200  pfn:20bd2
[   87.963349][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20bd2
[   87.972134][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   87.979320][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   87.987971][ T6296] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   87.996614][ T6296] page dumped because: page_pool leak
[   88.001997][ T6296] page_owner tracks the page as allocated
[   88.007777][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301492578, free_ts 86578369263
[   88.024591][ T6296]  post_alloc_hook+0x1f3/0x230
[   88.029388][ T6296]  get_page_from_freelist+0x3045/0x3190
[   88.035006][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   88.040238][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   88.045781][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   88.051703][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   88.056978][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   88.062373][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   88.067814][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   88.072781][ T6296]  __sys_bpf+0x48d/0x810
[   88.077089][ T6296]  __x64_sys_bpf+0x7c/0x90
[   88.081522][ T6296]  do_syscall_64+0xf3/0x230
[   88.086228][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.092153][ T6296] page last free pid 6256 tgid 6256 stack trace:
[   88.098536][ T6296]  free_unref_page+0xcfb/0xf20
[   88.103349][ T6296]  __put_partials+0xeb/0x130
[   88.107960][ T6296]  put_cpu_partial+0x17c/0x250
[   88.112739][ T6296]  __slab_free+0x2ea/0x3d0
[   88.117221][ T6296]  qlist_free_all+0x9a/0x140
[   88.121822][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   88.127357][ T6296]  __kasan_slab_alloc+0x23/0x80
[   88.132233][ T6296]  __kmalloc_node_noprof+0x1d2/0x440
[   88.137595][ T6296]  allocate_slab+0xb6/0x2f0
[   88.142113][ T6296]  ___slab_alloc+0xcd1/0x14b0
[   88.146868][ T6296]  __slab_alloc+0x58/0xa0
[   88.151219][ T6296]  kmem_cache_alloc_noprof+0x1c1/0x2a0
[   88.156746][ T6296]  __anon_vma_prepare+0x117/0x4a0
[   88.161793][ T6296]  handle_pte_fault+0x5361/0x6800
[   88.166883][ T6296]  handle_mm_fault+0x1106/0x1bb0
[   88.171844][ T6296]  exc_page_fault+0x459/0x8c0
[   88.176593][ T6296] Modules linked in:
[   88.180502][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   88.192575][ T6296] Tainted: [B]=BAD_PAGE
[   88.196708][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   88.206756][ T6296] Call Trace:
[   88.210021][ T6296]  <TASK>
[   88.212937][ T6296]  dump_stack_lvl+0x241/0x360
[   88.217608][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.222785][ T6296]  ? __pfx_print_modules+0x10/0x10
[   88.227885][ T6296]  bad_page+0x166/0x1b0
[   88.232023][ T6296]  free_unref_page+0xed0/0xf20
[   88.236965][ T6296]  skb_release_data+0x6dc/0x8a0
[   88.241803][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   88.246815][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   88.252520][ T6296]  ? __lock_acquire+0x1384/0x2050
[   88.257536][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   88.263593][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   88.269561][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   88.276137][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   88.282621][ T6296]  ? read_tsc+0x9/0x20
[   88.286680][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   88.291867][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   88.298182][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   88.304330][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   88.310660][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   88.317324][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   88.322503][ T6296]  ? __phys_addr+0xba/0x170
[   88.327006][ T6296]  ? build_skb_around+0x111/0x260
[   88.332015][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   88.337904][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   88.343177][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   88.348625][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   88.354503][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   88.360040][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   88.365832][ T6296]  ? synchronize_rcu+0x11b/0x360
[   88.370754][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   88.376032][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   88.382262][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   88.388154][ T6296]  ? _copy_from_user+0xa6/0xe0
[   88.392907][ T6296]  ? bpf_test_init+0x15a/0x180
[   88.397659][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   88.403109][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   88.408474][ T6296]  ? __pfx_lock_release+0x10/0x10
[   88.413490][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   88.419287][ T6296]  ? __fget_files+0x29/0x470
[   88.423864][ T6296]  ? fput+0x1a8/0x230
[   88.427833][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   88.433638][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   88.438592][ T6296]  __sys_bpf+0x48d/0x810
[   88.442824][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   88.447575][ T6296]  ? __sys_bind+0x108/0x2d0
[   88.452065][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   88.458038][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   88.464439][ T6296]  ? do_syscall_64+0x100/0x230
[   88.469188][ T6296]  __x64_sys_bpf+0x7c/0x90
[   88.473589][ T6296]  do_syscall_64+0xf3/0x230
[   88.478161][ T6296]  ? clear_bhb_loop+0x35/0x90
[   88.482820][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.488705][ T6296] RIP: 0033:0x7fcce777dff9
[   88.493107][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.512707][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   88.521139][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   88.529097][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   88.537057][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   88.545016][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.552977][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   88.560949][ T6296]  </TASK>
[   88.564044][ T6296] BUG: Bad page state in process syz.0.200  pfn:20bd1
[   88.570805][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x20bd1
[   88.579600][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   88.586740][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   88.595354][ T6296] raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
[   88.603961][ T6296] page dumped because: page_pool leak
[   88.609314][ T6296] page_owner tracks the page as allocated
[   88.615093][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301480926, free_ts 86578369263
[   88.631879][ T6296]  post_alloc_hook+0x1f3/0x230
[   88.636675][ T6296]  get_page_from_freelist+0x3045/0x3190
[   88.642226][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   88.647449][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   88.652911][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   88.658915][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   88.664151][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   88.669515][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   88.674922][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   88.679869][ T6296]  __sys_bpf+0x48d/0x810
[   88.684150][ T6296]  __x64_sys_bpf+0x7c/0x90
[   88.688570][ T6296]  do_syscall_64+0xf3/0x230
[   88.693110][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.699016][ T6296] page last free pid 6256 tgid 6256 stack trace:
[   88.705371][ T6296]  free_unref_page+0xcfb/0xf20
[   88.710572][ T6296]  __put_partials+0xeb/0x130
[   88.715201][ T6296]  put_cpu_partial+0x17c/0x250
[   88.719980][ T6296]  __slab_free+0x2ea/0x3d0
[   88.724449][ T6296]  qlist_free_all+0x9a/0x140
[   88.729047][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   88.734541][ T6296]  __kasan_slab_alloc+0x23/0x80
[   88.739395][ T6296]  __kmalloc_node_noprof+0x1d2/0x440
[   88.744719][ T6296]  allocate_slab+0xb6/0x2f0
[   88.749230][ T6296]  ___slab_alloc+0xcd1/0x14b0
[   88.753945][ T6296]  __slab_alloc+0x58/0xa0
[   88.758289][ T6296]  kmem_cache_alloc_noprof+0x1c1/0x2a0
[   88.763795][ T6296]  __anon_vma_prepare+0x117/0x4a0
[   88.768827][ T6296]  handle_pte_fault+0x5361/0x6800
[   88.773884][ T6296]  handle_mm_fault+0x1106/0x1bb0
[   88.778835][ T6296]  exc_page_fault+0x459/0x8c0
[   88.783555][ T6296] Modules linked in:
[   88.787455][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   88.799503][ T6296] Tainted: [B]=BAD_PAGE
[   88.803636][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   88.813867][ T6296] Call Trace:
[   88.817146][ T6296]  <TASK>
[   88.820087][ T6296]  dump_stack_lvl+0x241/0x360
[   88.824757][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.829944][ T6296]  ? __pfx_print_modules+0x10/0x10
[   88.835046][ T6296]  bad_page+0x166/0x1b0
[   88.839187][ T6296]  free_unref_page+0xed0/0xf20
[   88.843964][ T6296]  skb_release_data+0x6dc/0x8a0
[   88.848921][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   88.853942][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   88.859647][ T6296]  ? __lock_acquire+0x1384/0x2050
[   88.864662][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   88.870735][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   88.876717][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   88.883297][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   88.889786][ T6296]  ? read_tsc+0x9/0x20
[   88.893852][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   88.899059][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   88.905372][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   88.911512][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   88.917824][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   88.924606][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   88.929815][ T6296]  ? __phys_addr+0xba/0x170
[   88.934302][ T6296]  ? build_skb_around+0x111/0x260
[   88.939309][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   88.945192][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   88.950463][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   88.955959][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   88.961842][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   88.967374][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   88.973251][ T6296]  ? synchronize_rcu+0x11b/0x360
[   88.978176][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   88.983449][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   88.989702][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   88.995583][ T6296]  ? _copy_from_user+0xa6/0xe0
[   89.000348][ T6296]  ? bpf_test_init+0x15a/0x180
[   89.005114][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   89.010575][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   89.016027][ T6296]  ? __pfx_lock_release+0x10/0x10
[   89.021039][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   89.026840][ T6296]  ? __fget_files+0x29/0x470
[   89.031423][ T6296]  ? fput+0x1a8/0x230
[   89.035391][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   89.041195][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   89.046135][ T6296]  __sys_bpf+0x48d/0x810
[   89.050367][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   89.055114][ T6296]  ? __sys_bind+0x108/0x2d0
[   89.059609][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   89.065577][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   89.071894][ T6296]  ? do_syscall_64+0x100/0x230
[   89.076645][ T6296]  __x64_sys_bpf+0x7c/0x90
[   89.081051][ T6296]  do_syscall_64+0xf3/0x230
[   89.085535][ T6296]  ? clear_bhb_loop+0x35/0x90
[   89.090197][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.096088][ T6296] RIP: 0033:0x7fcce777dff9
[   89.100489][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   89.120170][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   89.128575][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   89.136551][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   89.144520][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   89.152494][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   89.160451][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   89.168413][ T6296]  </TASK>
[   89.171498][ T6296] BUG: Bad page state in process syz.0.200  pfn:20bd0
[   89.178395][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888020bd6000 pfn:0x20bd0
[   89.188490][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   89.195630][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   89.204243][ T6296] raw: ffff888020bd6000 0000000000000001 00000000ffffffff 0000000000000000
[   89.212916][ T6296] page dumped because: page_pool leak
[   89.218315][ T6296] page_owner tracks the page as allocated
[   89.224049][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301469552, free_ts 86578369263
[   89.240833][ T6296]  post_alloc_hook+0x1f3/0x230
[   89.245633][ T6296]  get_page_from_freelist+0x3045/0x3190
[   89.251167][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   89.256390][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   89.261855][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   89.267775][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   89.273012][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   89.278426][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   89.283830][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   89.288780][ T6296]  __sys_bpf+0x48d/0x810
[   89.293052][ T6296]  __x64_sys_bpf+0x7c/0x90
[   89.297471][ T6296]  do_syscall_64+0xf3/0x230
[   89.301957][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.307879][ T6296] page last free pid 6256 tgid 6256 stack trace:
[   89.314225][ T6296]  free_unref_page+0xcfb/0xf20
[   89.318973][ T6296]  __put_partials+0xeb/0x130
[   89.323596][ T6296]  put_cpu_partial+0x17c/0x250
[   89.328451][ T6296]  __slab_free+0x2ea/0x3d0
[   89.332858][ T6296]  qlist_free_all+0x9a/0x140
[   89.337479][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   89.342943][ T6296]  __kasan_slab_alloc+0x23/0x80
[   89.347836][ T6296]  __kmalloc_node_noprof+0x1d2/0x440
[   89.353148][ T6296]  allocate_slab+0xb6/0x2f0
[   89.357653][ T6296]  ___slab_alloc+0xcd1/0x14b0
[   89.362320][ T6296]  __slab_alloc+0x58/0xa0
[   89.366677][ T6296]  kmem_cache_alloc_noprof+0x1c1/0x2a0
[   89.372146][ T6296]  __anon_vma_prepare+0x117/0x4a0
[   89.377202][ T6296]  handle_pte_fault+0x5361/0x6800
[   89.382232][ T6296]  handle_mm_fault+0x1106/0x1bb0
[   89.387195][ T6296]  exc_page_fault+0x459/0x8c0
[   89.391973][ T6296] Modules linked in:
[   89.395904][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   89.407967][ T6296] Tainted: [B]=BAD_PAGE
[   89.412102][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   89.422140][ T6296] Call Trace:
[   89.425406][ T6296]  <TASK>
[   89.428321][ T6296]  dump_stack_lvl+0x241/0x360
[   89.432995][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.438181][ T6296]  ? __pfx_print_modules+0x10/0x10
[   89.443390][ T6296]  bad_page+0x166/0x1b0
[   89.447529][ T6296]  free_unref_page+0xed0/0xf20
[   89.452278][ T6296]  skb_release_data+0x6dc/0x8a0
[   89.457120][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   89.462137][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   89.467857][ T6296]  ? __lock_acquire+0x1384/0x2050
[   89.472875][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   89.478935][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   89.484906][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   89.491475][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   89.497962][ T6296]  ? read_tsc+0x9/0x20
[   89.502013][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   89.507208][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   89.513532][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   89.519760][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   89.526070][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   89.532725][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   89.537909][ T6296]  ? __phys_addr+0xba/0x170
[   89.542394][ T6296]  ? build_skb_around+0x111/0x260
[   89.547400][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   89.553293][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   89.558588][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   89.564037][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   89.569917][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   89.575452][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   89.581252][ T6296]  ? synchronize_rcu+0x11b/0x360
[   89.586175][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   89.591450][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   89.597677][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   89.603572][ T6296]  ? _copy_from_user+0xa6/0xe0
[   89.608350][ T6296]  ? bpf_test_init+0x15a/0x180
[   89.613098][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   89.618546][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   89.623993][ T6296]  ? __pfx_lock_release+0x10/0x10
[   89.629005][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   89.634797][ T6296]  ? __fget_files+0x29/0x470
[   89.639379][ T6296]  ? fput+0x1a8/0x230
[   89.643346][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   89.649139][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   89.654121][ T6296]  __sys_bpf+0x48d/0x810
[   89.658374][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   89.663122][ T6296]  ? __sys_bind+0x108/0x2d0
[   89.667642][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   89.673608][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   89.679920][ T6296]  ? do_syscall_64+0x100/0x230
[   89.684667][ T6296]  __x64_sys_bpf+0x7c/0x90
[   89.689104][ T6296]  do_syscall_64+0xf3/0x230
[   89.693589][ T6296]  ? clear_bhb_loop+0x35/0x90
[   89.698252][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.704145][ T6296] RIP: 0033:0x7fcce777dff9
[   89.708567][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   89.728163][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   89.736565][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   89.744530][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   89.752489][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   89.760452][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   89.768410][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   89.776370][ T6296]  </TASK>
[   89.779450][ T6296] BUG: Bad page state in process syz.0.200  pfn:26d3f
[   89.786233][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26d3f
[   89.795017][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   89.802137][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   89.810754][ T6296] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   89.819357][ T6296] page dumped because: page_pool leak
[   89.824747][ T6296] page_owner tracks the page as allocated
[   89.830460][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301458050, free_ts 86724965404
[   89.847255][ T6296]  post_alloc_hook+0x1f3/0x230
[   89.852046][ T6296]  get_page_from_freelist+0x3045/0x3190
[   89.857626][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   89.862833][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   89.868332][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   89.874272][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   89.879478][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   89.884875][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   89.890262][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   89.895234][ T6296]  __sys_bpf+0x48d/0x810
[   89.899480][ T6296]  __x64_sys_bpf+0x7c/0x90
[   89.903927][ T6296]  do_syscall_64+0xf3/0x230
[   89.908430][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.914351][ T6296] page last free pid 5405 tgid 5405 stack trace:
[   89.920674][ T6296]  free_unref_page+0xcfb/0xf20
[   89.925459][ T6296]  __slab_free+0x31b/0x3d0
[   89.929881][ T6296]  qlist_free_all+0x9a/0x140
[   89.934491][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   89.939953][ T6296]  __kasan_slab_alloc+0x23/0x80
[   89.944833][ T6296]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[   89.950660][ T6296]  shmem_alloc_inode+0x28/0x40
[   89.955468][ T6296]  new_inode+0x6e/0x310
[   89.959626][ T6296]  shmem_get_inode+0x34a/0xd70
[   89.964411][ T6296]  shmem_mknod+0x5f/0x1e0
[   89.968748][ T6296]  path_openat+0x1c03/0x3590
[   89.973376][ T6296]  do_filp_open+0x235/0x490
[   89.977895][ T6296]  do_sys_openat2+0x13e/0x1d0
[   89.982557][ T6296]  __x64_sys_openat+0x247/0x2a0
[   89.987431][ T6296]  do_syscall_64+0xf3/0x230
[   89.991938][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.997855][ T6296] Modules linked in:
[   90.001765][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   90.013814][ T6296] Tainted: [B]=BAD_PAGE
[   90.017943][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   90.027990][ T6296] Call Trace:
[   90.031254][ T6296]  <TASK>
[   90.034176][ T6296]  dump_stack_lvl+0x241/0x360
[   90.038838][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   90.044027][ T6296]  ? __pfx_print_modules+0x10/0x10
[   90.049171][ T6296]  bad_page+0x166/0x1b0
[   90.053333][ T6296]  free_unref_page+0xed0/0xf20
[   90.058103][ T6296]  skb_release_data+0x6dc/0x8a0
[   90.062943][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   90.067965][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   90.073675][ T6296]  ? __lock_acquire+0x1384/0x2050
[   90.078691][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   90.084754][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   90.090725][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   90.097301][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   90.103795][ T6296]  ? read_tsc+0x9/0x20
[   90.107871][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   90.113063][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   90.119377][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   90.125518][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   90.131836][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   90.138501][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   90.143683][ T6296]  ? __phys_addr+0xba/0x170
[   90.148185][ T6296]  ? build_skb_around+0x111/0x260
[   90.153255][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   90.159174][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   90.164450][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   90.169903][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   90.175799][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   90.181344][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   90.187141][ T6296]  ? synchronize_rcu+0x11b/0x360
[   90.192061][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   90.197421][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   90.203666][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   90.209588][ T6296]  ? _copy_from_user+0xa6/0xe0
[   90.214347][ T6296]  ? bpf_test_init+0x15a/0x180
[   90.219104][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   90.224552][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   90.229916][ T6296]  ? __pfx_lock_release+0x10/0x10
[   90.234929][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   90.240724][ T6296]  ? __fget_files+0x29/0x470
[   90.245310][ T6296]  ? fput+0x1a8/0x230
[   90.249296][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   90.255101][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   90.260054][ T6296]  __sys_bpf+0x48d/0x810
[   90.264315][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   90.269067][ T6296]  ? __sys_bind+0x108/0x2d0
[   90.273573][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   90.279572][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   90.285887][ T6296]  ? do_syscall_64+0x100/0x230
[   90.290635][ T6296]  __x64_sys_bpf+0x7c/0x90
[   90.295046][ T6296]  do_syscall_64+0xf3/0x230
[   90.299532][ T6296]  ? clear_bhb_loop+0x35/0x90
[   90.304206][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.310279][ T6296] RIP: 0033:0x7fcce777dff9
[   90.314679][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.334273][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   90.342673][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   90.350649][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   90.358614][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   90.366574][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   90.374542][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   90.382510][ T6296]  </TASK>
[   90.385610][ T6296] BUG: Bad page state in process syz.0.200  pfn:26d3e
[   90.392386][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26d3e
[   90.401223][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   90.408395][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   90.417026][ T6296] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   90.425653][ T6296] page dumped because: page_pool leak
[   90.431021][ T6296] page_owner tracks the page as allocated
[   90.436767][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301446656, free_ts 86724965404
[   90.453563][ T6296]  post_alloc_hook+0x1f3/0x230
[   90.458327][ T6296]  get_page_from_freelist+0x3045/0x3190
[   90.463917][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   90.469124][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   90.474604][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   90.480516][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   90.485771][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   90.491179][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   90.496592][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   90.501539][ T6296]  __sys_bpf+0x48d/0x810
[   90.505813][ T6296]  __x64_sys_bpf+0x7c/0x90
[   90.510237][ T6296]  do_syscall_64+0xf3/0x230
[   90.514758][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.520658][ T6296] page last free pid 5405 tgid 5405 stack trace:
[   90.527004][ T6296]  free_unref_page+0xcfb/0xf20
[   90.531773][ T6296]  __slab_free+0x31b/0x3d0
[   90.536218][ T6296]  qlist_free_all+0x9a/0x140
[   90.540813][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   90.546301][ T6296]  __kasan_slab_alloc+0x23/0x80
[   90.551155][ T6296]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[   90.556994][ T6296]  shmem_alloc_inode+0x28/0x40
[   90.561768][ T6296]  new_inode+0x6e/0x310
[   90.565955][ T6296]  shmem_get_inode+0x34a/0xd70
[   90.570724][ T6296]  shmem_mknod+0x5f/0x1e0
[   90.575077][ T6296]  path_openat+0x1c03/0x3590
[   90.579673][ T6296]  do_filp_open+0x235/0x490
[   90.584200][ T6296]  do_sys_openat2+0x13e/0x1d0
[   90.588881][ T6296]  __x64_sys_openat+0x247/0x2a0
[   90.593766][ T6296]  do_syscall_64+0xf3/0x230
[   90.598275][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.604210][ T6296] Modules linked in:
[   90.608117][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   90.620193][ T6296] Tainted: [B]=BAD_PAGE
[   90.624322][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   90.634355][ T6296] Call Trace:
[   90.637616][ T6296]  <TASK>
[   90.640528][ T6296]  dump_stack_lvl+0x241/0x360
[   90.645190][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   90.650366][ T6296]  ? __pfx_print_modules+0x10/0x10
[   90.655464][ T6296]  bad_page+0x166/0x1b0
[   90.659600][ T6296]  free_unref_page+0xed0/0xf20
[   90.664377][ T6296]  skb_release_data+0x6dc/0x8a0
[   90.669234][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   90.674264][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   90.679971][ T6296]  ? __lock_acquire+0x1384/0x2050
[   90.684987][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   90.691040][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   90.697002][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   90.703576][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   90.710055][ T6296]  ? read_tsc+0x9/0x20
[   90.714145][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   90.719353][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   90.725664][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   90.731801][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   90.738114][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   90.744769][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   90.749947][ T6296]  ? __phys_addr+0xba/0x170
[   90.754429][ T6296]  ? build_skb_around+0x111/0x260
[   90.759431][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   90.765325][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   90.770620][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   90.776069][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   90.781944][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   90.787474][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   90.793261][ T6296]  ? synchronize_rcu+0x11b/0x360
[   90.798179][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   90.803446][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   90.809670][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   90.815548][ T6296]  ? _copy_from_user+0xa6/0xe0
[   90.820295][ T6296]  ? bpf_test_init+0x15a/0x180
[   90.825040][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   90.830482][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   90.835840][ T6296]  ? __pfx_lock_release+0x10/0x10
[   90.840852][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   90.846638][ T6296]  ? __fget_files+0x29/0x470
[   90.851210][ T6296]  ? fput+0x1a8/0x230
[   90.855175][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   90.860962][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   90.865898][ T6296]  __sys_bpf+0x48d/0x810
[   90.870149][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   90.874922][ T6296]  ? __sys_bind+0x108/0x2d0
[   90.879413][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   90.885376][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   90.891687][ T6296]  ? do_syscall_64+0x100/0x230
[   90.896433][ T6296]  __x64_sys_bpf+0x7c/0x90
[   90.900827][ T6296]  do_syscall_64+0xf3/0x230
[   90.905308][ T6296]  ? clear_bhb_loop+0x35/0x90
[   90.909964][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.915844][ T6296] RIP: 0033:0x7fcce777dff9
[   90.920239][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.939911][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   90.948307][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   90.956263][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   90.964223][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   90.972198][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   90.980151][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   90.988112][ T6296]  </TASK>
[   90.991195][ T6296] BUG: Bad page state in process syz.0.200  pfn:26d3d
[   90.998006][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26d3d
[   91.006834][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   91.013988][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   91.022571][ T6296] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   91.031170][ T6296] page dumped because: page_pool leak
[   91.036552][ T6296] page_owner tracks the page as allocated
[   91.042242][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301435467, free_ts 86724965404
[   91.059038][ T6296]  post_alloc_hook+0x1f3/0x230
[   91.063860][ T6296]  get_page_from_freelist+0x3045/0x3190
[   91.069417][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   91.074661][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   91.080127][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   91.086056][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   91.091263][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   91.096669][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   91.102067][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   91.107060][ T6296]  __sys_bpf+0x48d/0x810
[   91.111311][ T6296]  __x64_sys_bpf+0x7c/0x90
[   91.115756][ T6296]  do_syscall_64+0xf3/0x230
[   91.120264][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.126187][ T6296] page last free pid 5405 tgid 5405 stack trace:
[   91.132510][ T6296]  free_unref_page+0xcfb/0xf20
[   91.137299][ T6296]  __slab_free+0x31b/0x3d0
[   91.141718][ T6296]  qlist_free_all+0x9a/0x140
[   91.146332][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   91.151797][ T6296]  __kasan_slab_alloc+0x23/0x80
[   91.156668][ T6296]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[   91.162479][ T6296]  shmem_alloc_inode+0x28/0x40
[   91.167271][ T6296]  new_inode+0x6e/0x310
[   91.171431][ T6296]  shmem_get_inode+0x34a/0xd70
[   91.176229][ T6296]  shmem_mknod+0x5f/0x1e0
[   91.180567][ T6296]  path_openat+0x1c03/0x3590
[   91.185185][ T6296]  do_filp_open+0x235/0x490
[   91.189697][ T6296]  do_sys_openat2+0x13e/0x1d0
[   91.194397][ T6296]  __x64_sys_openat+0x247/0x2a0
[   91.199255][ T6296]  do_syscall_64+0xf3/0x230
[   91.203835][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.209785][ T6296] Modules linked in:
[   91.213724][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   91.225800][ T6296] Tainted: [B]=BAD_PAGE
[   91.229932][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   91.239966][ T6296] Call Trace:
[   91.243226][ T6296]  <TASK>
[   91.246139][ T6296]  dump_stack_lvl+0x241/0x360
[   91.250797][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   91.255973][ T6296]  ? __pfx_print_modules+0x10/0x10
[   91.261068][ T6296]  bad_page+0x166/0x1b0
[   91.265207][ T6296]  free_unref_page+0xed0/0xf20
[   91.269972][ T6296]  skb_release_data+0x6dc/0x8a0
[   91.274824][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   91.279852][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   91.285558][ T6296]  ? __lock_acquire+0x1384/0x2050
[   91.290569][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   91.296624][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   91.302583][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   91.309149][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   91.315630][ T6296]  ? read_tsc+0x9/0x20
[   91.319681][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   91.324884][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   91.331220][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   91.337373][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   91.343785][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   91.350461][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   91.355756][ T6296]  ? __phys_addr+0xba/0x170
[   91.360243][ T6296]  ? build_skb_around+0x111/0x260
[   91.365248][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   91.371126][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   91.376404][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   91.381860][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   91.387741][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   91.393274][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   91.399062][ T6296]  ? synchronize_rcu+0x11b/0x360
[   91.403982][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   91.409253][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   91.415477][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   91.421352][ T6296]  ? _copy_from_user+0xa6/0xe0
[   91.426120][ T6296]  ? bpf_test_init+0x15a/0x180
[   91.430891][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   91.436336][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   91.441696][ T6296]  ? __pfx_lock_release+0x10/0x10
[   91.446707][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   91.452496][ T6296]  ? __fget_files+0x29/0x470
[   91.457077][ T6296]  ? fput+0x1a8/0x230
[   91.461041][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   91.466852][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   91.471780][ T6296]  __sys_bpf+0x48d/0x810
[   91.476010][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   91.480761][ T6296]  ? __sys_bind+0x108/0x2d0
[   91.485254][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   91.491221][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   91.497531][ T6296]  ? do_syscall_64+0x100/0x230
[   91.502275][ T6296]  __x64_sys_bpf+0x7c/0x90
[   91.506684][ T6296]  do_syscall_64+0xf3/0x230
[   91.511170][ T6296]  ? clear_bhb_loop+0x35/0x90
[   91.515829][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.521730][ T6296] RIP: 0033:0x7fcce777dff9
[   91.526134][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.545723][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   91.554119][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   91.562071][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   91.570022][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   91.577980][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   91.585938][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   91.593898][ T6296]  </TASK>
[   91.596977][ T6296] BUG: Bad page state in process syz.0.200  pfn:26d3c
[   91.603783][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26d3c
[   91.612543][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   91.619686][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   91.628293][ T6296] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   91.636895][ T6296] page dumped because: page_pool leak
[   91.642257][ T6296] page_owner tracks the page as allocated
[   91.647997][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301424226, free_ts 86724965404
[   91.664791][ T6296]  post_alloc_hook+0x1f3/0x230
[   91.669548][ T6296]  get_page_from_freelist+0x3045/0x3190
[   91.675119][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   91.680320][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   91.685817][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   91.691724][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   91.697039][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   91.702428][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   91.707831][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   91.712775][ T6296]  __sys_bpf+0x48d/0x810
[   91.717050][ T6296]  __x64_sys_bpf+0x7c/0x90
[   91.721467][ T6296]  do_syscall_64+0xf3/0x230
[   91.725991][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.731897][ T6296] page last free pid 5405 tgid 5405 stack trace:
[   91.738248][ T6296]  free_unref_page+0xcfb/0xf20
[   91.743034][ T6296]  __slab_free+0x31b/0x3d0
[   91.747436][ T6296]  qlist_free_all+0x9a/0x140
[   91.752003][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   91.757483][ T6296]  __kasan_slab_alloc+0x23/0x80
[   91.762335][ T6296]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[   91.768173][ T6296]  shmem_alloc_inode+0x28/0x40
[   91.772942][ T6296]  new_inode+0x6e/0x310
[   91.777136][ T6296]  shmem_get_inode+0x34a/0xd70
[   91.781882][ T6296]  shmem_mknod+0x5f/0x1e0
[   91.786239][ T6296]  path_openat+0x1c03/0x3590
[   91.790841][ T6296]  do_filp_open+0x235/0x490
[   91.795370][ T6296]  do_sys_openat2+0x13e/0x1d0
[   91.800056][ T6296]  __x64_sys_openat+0x247/0x2a0
[   91.804932][ T6296]  do_syscall_64+0xf3/0x230
[   91.809438][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.815389][ T6296] Modules linked in:
[   91.819295][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   91.831347][ T6296] Tainted: [B]=BAD_PAGE
[   91.835480][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   91.845515][ T6296] Call Trace:
[   91.848776][ T6296]  <TASK>
[   91.851690][ T6296]  dump_stack_lvl+0x241/0x360
[   91.856352][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   91.861527][ T6296]  ? __pfx_print_modules+0x10/0x10
[   91.866624][ T6296]  bad_page+0x166/0x1b0
[   91.870761][ T6296]  free_unref_page+0xed0/0xf20
[   91.875511][ T6296]  skb_release_data+0x6dc/0x8a0
[   91.880351][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   91.885358][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   91.891069][ T6296]  ? __lock_acquire+0x1384/0x2050
[   91.896087][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   91.902142][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   91.908109][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   91.914679][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   91.921158][ T6296]  ? read_tsc+0x9/0x20
[   91.925216][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   91.930403][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   91.936712][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   91.942852][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   91.949157][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   91.955813][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   91.960988][ T6296]  ? __phys_addr+0xba/0x170
[   91.965468][ T6296]  ? build_skb_around+0x111/0x260
[   91.970470][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   91.976351][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   91.981620][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   91.987062][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   91.992947][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   91.998499][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   92.004291][ T6296]  ? synchronize_rcu+0x11b/0x360
[   92.009224][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   92.014506][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   92.020742][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   92.026627][ T6296]  ? _copy_from_user+0xa6/0xe0
[   92.031379][ T6296]  ? bpf_test_init+0x15a/0x180
[   92.036127][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   92.041570][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   92.046929][ T6296]  ? __pfx_lock_release+0x10/0x10
[   92.051943][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   92.057736][ T6296]  ? __fget_files+0x29/0x470
[   92.062307][ T6296]  ? fput+0x1a8/0x230
[   92.066270][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   92.072061][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   92.076992][ T6296]  __sys_bpf+0x48d/0x810
[   92.081223][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   92.085966][ T6296]  ? __sys_bind+0x108/0x2d0
[   92.090464][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   92.096433][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   92.102744][ T6296]  ? do_syscall_64+0x100/0x230
[   92.107489][ T6296]  __x64_sys_bpf+0x7c/0x90
[   92.111890][ T6296]  do_syscall_64+0xf3/0x230
[   92.116373][ T6296]  ? clear_bhb_loop+0x35/0x90
[   92.121029][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.126910][ T6296] RIP: 0033:0x7fcce777dff9
[   92.131309][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.150896][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   92.159294][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   92.167248][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   92.175204][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   92.183159][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   92.191108][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   92.199070][ T6296]  </TASK>
[   92.202153][ T6296] BUG: Bad page state in process syz.0.200  pfn:26d3b
[   92.208963][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26d3b
[   92.217757][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   92.224892][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   92.233499][ T6296] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   92.242060][ T6296] page dumped because: page_pool leak
[   92.247445][ T6296] page_owner tracks the page as allocated
[   92.253180][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301413018, free_ts 86724965404
[   92.269957][ T6296]  post_alloc_hook+0x1f3/0x230
[   92.274751][ T6296]  get_page_from_freelist+0x3045/0x3190
[   92.280279][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   92.285492][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   92.290953][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   92.296873][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   92.302079][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   92.307492][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   92.312872][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   92.317840][ T6296]  __sys_bpf+0x48d/0x810
[   92.322089][ T6296]  __x64_sys_bpf+0x7c/0x90
[   92.326528][ T6296]  do_syscall_64+0xf3/0x230
[   92.331034][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.336958][ T6296] page last free pid 5405 tgid 5405 stack trace:
[   92.343333][ T6296]  free_unref_page+0xcfb/0xf20
[   92.348102][ T6296]  __slab_free+0x31b/0x3d0
[   92.352500][ T6296]  qlist_free_all+0x9a/0x140
[   92.357107][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   92.362565][ T6296]  __kasan_slab_alloc+0x23/0x80
[   92.367442][ T6296]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[   92.373290][ T6296]  shmem_alloc_inode+0x28/0x40
[   92.378060][ T6296]  new_inode+0x6e/0x310
[   92.382200][ T6296]  shmem_get_inode+0x34a/0xd70
[   92.386986][ T6296]  shmem_mknod+0x5f/0x1e0
[   92.391323][ T6296]  path_openat+0x1c03/0x3590
[   92.395940][ T6296]  do_filp_open+0x235/0x490
[   92.400447][ T6296]  do_sys_openat2+0x13e/0x1d0
[   92.405149][ T6296]  __x64_sys_openat+0x247/0x2a0
[   92.410004][ T6296]  do_syscall_64+0xf3/0x230
[   92.414524][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.420423][ T6296] Modules linked in:
[   92.424363][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   92.436430][ T6296] Tainted: [B]=BAD_PAGE
[   92.440559][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   92.450591][ T6296] Call Trace:
[   92.453853][ T6296]  <TASK>
[   92.456764][ T6296]  dump_stack_lvl+0x241/0x360
[   92.461423][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   92.466602][ T6296]  ? __pfx_print_modules+0x10/0x10
[   92.471700][ T6296]  bad_page+0x166/0x1b0
[   92.475837][ T6296]  free_unref_page+0xed0/0xf20
[   92.480586][ T6296]  skb_release_data+0x6dc/0x8a0
[   92.485428][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   92.490434][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   92.496138][ T6296]  ? __lock_acquire+0x1384/0x2050
[   92.501159][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   92.507222][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   92.513188][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   92.519757][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   92.526237][ T6296]  ? read_tsc+0x9/0x20
[   92.530287][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   92.535487][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   92.541822][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   92.547963][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   92.554275][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   92.560927][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   92.566107][ T6296]  ? __phys_addr+0xba/0x170
[   92.570590][ T6296]  ? build_skb_around+0x111/0x260
[   92.575596][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   92.581475][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   92.586747][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   92.592193][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   92.598072][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   92.603603][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   92.609398][ T6296]  ? synchronize_rcu+0x11b/0x360
[   92.614320][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   92.619590][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   92.625822][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   92.631699][ T6296]  ? _copy_from_user+0xa6/0xe0
[   92.636453][ T6296]  ? bpf_test_init+0x15a/0x180
[   92.641212][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   92.646655][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   92.652034][ T6296]  ? __pfx_lock_release+0x10/0x10
[   92.657043][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   92.662829][ T6296]  ? __fget_files+0x29/0x470
[   92.667402][ T6296]  ? fput+0x1a8/0x230
[   92.671365][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   92.677153][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   92.682072][ T6296]  __sys_bpf+0x48d/0x810
[   92.686306][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   92.691057][ T6296]  ? __sys_bind+0x108/0x2d0
[   92.695553][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   92.701622][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   92.707941][ T6296]  ? do_syscall_64+0x100/0x230
[   92.712708][ T6296]  __x64_sys_bpf+0x7c/0x90
[   92.717108][ T6296]  do_syscall_64+0xf3/0x230
[   92.721589][ T6296]  ? clear_bhb_loop+0x35/0x90
[   92.726244][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.732120][ T6296] RIP: 0033:0x7fcce777dff9
[   92.736520][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.756110][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   92.764506][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   92.772458][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   92.780409][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   92.788371][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   92.796323][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   92.804279][ T6296]  </TASK>
[   92.807360][ T6296] BUG: Bad page state in process syz.0.200  pfn:26d3a
[   92.814162][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26d3a
[   92.822929][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   92.830084][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   92.838696][ T6296] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   92.847303][ T6296] page dumped because: page_pool leak
[   92.852741][ T6296] page_owner tracks the page as allocated
[   92.858488][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301401697, free_ts 86724965404
[   92.875279][ T6296]  post_alloc_hook+0x1f3/0x230
[   92.880034][ T6296]  get_page_from_freelist+0x3045/0x3190
[   92.885599][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   92.890800][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   92.896278][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   92.902178][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   92.907407][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   92.912798][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   92.918220][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   92.923197][ T6296]  __sys_bpf+0x48d/0x810
[   92.927443][ T6296]  __x64_sys_bpf+0x7c/0x90
[   92.931837][ T6296]  do_syscall_64+0xf3/0x230
[   92.936361][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.942264][ T6296] page last free pid 5405 tgid 5405 stack trace:
[   92.948605][ T6296]  free_unref_page+0xcfb/0xf20
[   92.953405][ T6296]  __slab_free+0x31b/0x3d0
[   92.957820][ T6296]  qlist_free_all+0x9a/0x140
[   92.962387][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   92.967863][ T6296]  __kasan_slab_alloc+0x23/0x80
[   92.972717][ T6296]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[   92.978551][ T6296]  shmem_alloc_inode+0x28/0x40
[   92.983353][ T6296]  new_inode+0x6e/0x310
[   92.987512][ T6296]  shmem_get_inode+0x34a/0xd70
[   92.992254][ T6296]  shmem_mknod+0x5f/0x1e0
[   92.996605][ T6296]  path_openat+0x1c03/0x3590
[   93.001206][ T6296]  do_filp_open+0x235/0x490
[   93.005733][ T6296]  do_sys_openat2+0x13e/0x1d0
[   93.010414][ T6296]  __x64_sys_openat+0x247/0x2a0
[   93.015296][ T6296]  do_syscall_64+0xf3/0x230
[   93.019802][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.025725][ T6296] Modules linked in:
[   93.029622][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   93.041683][ T6296] Tainted: [B]=BAD_PAGE
[   93.045823][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   93.055863][ T6296] Call Trace:
[   93.059125][ T6296]  <TASK>
[   93.062038][ T6296]  dump_stack_lvl+0x241/0x360
[   93.066705][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.071884][ T6296]  ? __pfx_print_modules+0x10/0x10
[   93.076984][ T6296]  bad_page+0x166/0x1b0
[   93.081120][ T6296]  free_unref_page+0xed0/0xf20
[   93.085873][ T6296]  skb_release_data+0x6dc/0x8a0
[   93.090714][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   93.095719][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   93.101422][ T6296]  ? __lock_acquire+0x1384/0x2050
[   93.106433][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   93.112488][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   93.118459][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   93.125033][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   93.131517][ T6296]  ? read_tsc+0x9/0x20
[   93.135571][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   93.140755][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   93.147065][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   93.153202][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   93.159507][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   93.166162][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   93.171341][ T6296]  ? __phys_addr+0xba/0x170
[   93.175824][ T6296]  ? build_skb_around+0x111/0x260
[   93.180825][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   93.186708][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   93.191976][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   93.197419][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   93.203297][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   93.208827][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   93.214615][ T6296]  ? synchronize_rcu+0x11b/0x360
[   93.219532][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   93.224808][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   93.231035][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   93.236915][ T6296]  ? _copy_from_user+0xa6/0xe0
[   93.241663][ T6296]  ? bpf_test_init+0x15a/0x180
[   93.246414][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   93.251856][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   93.257211][ T6296]  ? __pfx_lock_release+0x10/0x10
[   93.262221][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   93.268008][ T6296]  ? __fget_files+0x29/0x470
[   93.272581][ T6296]  ? fput+0x1a8/0x230
[   93.276547][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   93.282333][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   93.287257][ T6296]  __sys_bpf+0x48d/0x810
[   93.291482][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   93.296225][ T6296]  ? __sys_bind+0x108/0x2d0
[   93.300716][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   93.306685][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   93.313000][ T6296]  ? do_syscall_64+0x100/0x230
[   93.317746][ T6296]  __x64_sys_bpf+0x7c/0x90
[   93.322147][ T6296]  do_syscall_64+0xf3/0x230
[   93.326654][ T6296]  ? clear_bhb_loop+0x35/0x90
[   93.331316][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.337205][ T6296] RIP: 0033:0x7fcce777dff9
[   93.341604][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.361192][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   93.369586][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   93.377538][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   93.385494][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   93.393445][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   93.401393][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   93.409349][ T6296]  </TASK>
[   93.412423][ T6296] BUG: Bad page state in process syz.0.200  pfn:26d39
[   93.419229][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x26d39
[   93.428027][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   93.435165][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   93.443768][ T6296] raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
[   93.452343][ T6296] page dumped because: page_pool leak
[   93.457735][ T6296] page_owner tracks the page as allocated
[   93.463464][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301390511, free_ts 86724965404
[   93.480241][ T6296]  post_alloc_hook+0x1f3/0x230
[   93.485038][ T6296]  get_page_from_freelist+0x3045/0x3190
[   93.490566][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   93.495782][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   93.501242][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   93.507162][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   93.512366][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   93.517768][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   93.523162][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   93.528091][ T6296]  __sys_bpf+0x48d/0x810
[   93.532315][ T6296]  __x64_sys_bpf+0x7c/0x90
[   93.536750][ T6296]  do_syscall_64+0xf3/0x230
[   93.541254][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.547167][ T6296] page last free pid 5405 tgid 5405 stack trace:
[   93.553524][ T6296]  free_unref_page+0xcfb/0xf20
[   93.558286][ T6296]  __slab_free+0x31b/0x3d0
[   93.562680][ T6296]  qlist_free_all+0x9a/0x140
[   93.567281][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   93.572739][ T6296]  __kasan_slab_alloc+0x23/0x80
[   93.577616][ T6296]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[   93.583471][ T6296]  shmem_alloc_inode+0x28/0x40
[   93.588240][ T6296]  new_inode+0x6e/0x310
[   93.592374][ T6296]  shmem_get_inode+0x34a/0xd70
[   93.597154][ T6296]  shmem_mknod+0x5f/0x1e0
[   93.601492][ T6296]  path_openat+0x1c03/0x3590
[   93.606108][ T6296]  do_filp_open+0x235/0x490
[   93.610616][ T6296]  do_sys_openat2+0x13e/0x1d0
[   93.615325][ T6296]  __x64_sys_openat+0x247/0x2a0
[   93.620181][ T6296]  do_syscall_64+0xf3/0x230
[   93.624705][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.630610][ T6296] Modules linked in:
[   93.634541][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   93.646626][ T6296] Tainted: [B]=BAD_PAGE
[   93.650757][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   93.660790][ T6296] Call Trace:
[   93.664052][ T6296]  <TASK>
[   93.666964][ T6296]  dump_stack_lvl+0x241/0x360
[   93.671623][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.676803][ T6296]  ? __pfx_print_modules+0x10/0x10
[   93.681896][ T6296]  bad_page+0x166/0x1b0
[   93.686032][ T6296]  free_unref_page+0xed0/0xf20
[   93.690776][ T6296]  skb_release_data+0x6dc/0x8a0
[   93.695613][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   93.700623][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   93.706327][ T6296]  ? __lock_acquire+0x1384/0x2050
[   93.711338][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   93.717392][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   93.723382][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   93.729972][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   93.736461][ T6296]  ? read_tsc+0x9/0x20
[   93.740516][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   93.745700][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   93.752014][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   93.758151][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   93.764459][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   93.771111][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   93.776291][ T6296]  ? __phys_addr+0xba/0x170
[   93.780790][ T6296]  ? build_skb_around+0x111/0x260
[   93.785795][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   93.791670][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   93.796943][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   93.802387][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   93.808263][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   93.813818][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   93.819608][ T6296]  ? synchronize_rcu+0x11b/0x360
[   93.824530][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   93.829798][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   93.836027][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   93.841904][ T6296]  ? _copy_from_user+0xa6/0xe0
[   93.846657][ T6296]  ? bpf_test_init+0x15a/0x180
[   93.851404][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   93.856848][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   93.862219][ T6296]  ? __pfx_lock_release+0x10/0x10
[   93.867229][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   93.873021][ T6296]  ? __fget_files+0x29/0x470
[   93.877594][ T6296]  ? fput+0x1a8/0x230
[   93.881556][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   93.887344][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   93.892265][ T6296]  __sys_bpf+0x48d/0x810
[   93.896495][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   93.901241][ T6296]  ? __sys_bind+0x108/0x2d0
[   93.905730][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   93.911694][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   93.918006][ T6296]  ? do_syscall_64+0x100/0x230
[   93.922753][ T6296]  __x64_sys_bpf+0x7c/0x90
[   93.927148][ T6296]  do_syscall_64+0xf3/0x230
[   93.931635][ T6296]  ? clear_bhb_loop+0x35/0x90
[   93.936293][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.942179][ T6296] RIP: 0033:0x7fcce777dff9
[   93.946603][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.966281][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   93.974676][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   93.982632][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   93.990601][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   93.998568][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   94.006528][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   94.014489][ T6296]  </TASK>
[   94.017577][ T6296] BUG: Bad page state in process syz.0.200  pfn:26d38
[   94.024382][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888026d3a000 pfn:0x26d38
[   94.034482][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   94.041600][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   94.050213][ T6296] raw: ffff888026d3a000 0000000000000001 00000000ffffffff 0000000000000000
[   94.058825][ T6296] page dumped because: page_pool leak
[   94.064206][ T6296] page_owner tracks the page as allocated
[   94.069912][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301379086, free_ts 86724965404
[   94.086697][ T6296]  post_alloc_hook+0x1f3/0x230
[   94.091471][ T6296]  get_page_from_freelist+0x3045/0x3190
[   94.097044][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   94.102244][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   94.107725][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   94.113663][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   94.118873][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   94.124263][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   94.129642][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   94.134607][ T6296]  __sys_bpf+0x48d/0x810
[   94.138854][ T6296]  __x64_sys_bpf+0x7c/0x90
[   94.143308][ T6296]  do_syscall_64+0xf3/0x230
[   94.147815][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.153731][ T6296] page last free pid 5405 tgid 5405 stack trace:
[   94.160053][ T6296]  free_unref_page+0xcfb/0xf20
[   94.164835][ T6296]  __slab_free+0x31b/0x3d0
[   94.169251][ T6296]  qlist_free_all+0x9a/0x140
[   94.173873][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   94.179334][ T6296]  __kasan_slab_alloc+0x23/0x80
[   94.184201][ T6296]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[   94.190011][ T6296]  shmem_alloc_inode+0x28/0x40
[   94.194803][ T6296]  new_inode+0x6e/0x310
[   94.198960][ T6296]  shmem_get_inode+0x34a/0xd70
[   94.203757][ T6296]  shmem_mknod+0x5f/0x1e0
[   94.208097][ T6296]  path_openat+0x1c03/0x3590
[   94.212709][ T6296]  do_filp_open+0x235/0x490
[   94.217232][ T6296]  do_sys_openat2+0x13e/0x1d0
[   94.221914][ T6296]  __x64_sys_openat+0x247/0x2a0
[   94.226786][ T6296]  do_syscall_64+0xf3/0x230
[   94.231287][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.237206][ T6296] Modules linked in:
[   94.241105][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   94.253153][ T6296] Tainted: [B]=BAD_PAGE
[   94.257280][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   94.267311][ T6296] Call Trace:
[   94.270570][ T6296]  <TASK>
[   94.273484][ T6296]  dump_stack_lvl+0x241/0x360
[   94.278142][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.283320][ T6296]  ? __pfx_print_modules+0x10/0x10
[   94.288416][ T6296]  bad_page+0x166/0x1b0
[   94.292568][ T6296]  free_unref_page+0xed0/0xf20
[   94.297319][ T6296]  skb_release_data+0x6dc/0x8a0
[   94.302152][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   94.307156][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   94.312858][ T6296]  ? __lock_acquire+0x1384/0x2050
[   94.317869][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   94.323923][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   94.329993][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   94.336583][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   94.343075][ T6296]  ? read_tsc+0x9/0x20
[   94.347150][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   94.352425][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   94.358738][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   94.364882][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   94.371194][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   94.377851][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   94.383032][ T6296]  ? __phys_addr+0xba/0x170
[   94.387513][ T6296]  ? build_skb_around+0x111/0x260
[   94.392514][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   94.398397][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   94.403675][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   94.409120][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   94.415000][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   94.420526][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   94.426313][ T6296]  ? synchronize_rcu+0x11b/0x360
[   94.431253][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   94.436524][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   94.442753][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   94.448660][ T6296]  ? _copy_from_user+0xa6/0xe0
[   94.453457][ T6296]  ? bpf_test_init+0x15a/0x180
[   94.458215][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   94.463659][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   94.469015][ T6296]  ? __pfx_lock_release+0x10/0x10
[   94.474026][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   94.479813][ T6296]  ? __fget_files+0x29/0x470
[   94.484385][ T6296]  ? fput+0x1a8/0x230
[   94.488355][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   94.494155][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   94.499102][ T6296]  __sys_bpf+0x48d/0x810
[   94.503329][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   94.508074][ T6296]  ? __sys_bind+0x108/0x2d0
[   94.512561][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   94.518524][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   94.524834][ T6296]  ? do_syscall_64+0x100/0x230
[   94.529579][ T6296]  __x64_sys_bpf+0x7c/0x90
[   94.533977][ T6296]  do_syscall_64+0xf3/0x230
[   94.538456][ T6296]  ? clear_bhb_loop+0x35/0x90
[   94.543117][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.549016][ T6296] RIP: 0033:0x7fcce777dff9
[   94.553420][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.573010][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   94.581405][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   94.589355][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   94.597311][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   94.605263][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   94.613212][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   94.621169][ T6296]  </TASK>
[   94.624261][ T6296] BUG: Bad page state in process syz.0.200  pfn:27f0f
[   94.631023][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27f0f
[   94.639816][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   94.646950][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   94.655567][ T6296] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   94.664190][ T6296] page dumped because: page_pool leak
[   94.669538][ T6296] page_owner tracks the page as allocated
[   94.675274][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301362410, free_ts 86725001087
[   94.692142][ T6296]  post_alloc_hook+0x1f3/0x230
[   94.696935][ T6296]  get_page_from_freelist+0x3045/0x3190
[   94.702486][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   94.707705][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   94.713201][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   94.719100][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   94.724317][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   94.729696][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   94.735096][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   94.740037][ T6296]  __sys_bpf+0x48d/0x810
[   94.744316][ T6296]  __x64_sys_bpf+0x7c/0x90
[   94.748737][ T6296]  do_syscall_64+0xf3/0x230
[   94.753257][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.759159][ T6296] page last free pid 5405 tgid 5405 stack trace:
[   94.765530][ T6296]  free_unref_page+0xcfb/0xf20
[   94.770306][ T6296]  __put_partials+0xeb/0x130
[   94.774929][ T6296]  put_cpu_partial+0x17c/0x250
[   94.779708][ T6296]  __slab_free+0x2ea/0x3d0
[   94.784156][ T6296]  qlist_free_all+0x9a/0x140
[   94.788751][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   94.794233][ T6296]  __kasan_slab_alloc+0x23/0x80
[   94.799087][ T6296]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[   94.804929][ T6296]  shmem_alloc_inode+0x28/0x40
[   94.809704][ T6296]  new_inode+0x6e/0x310
[   94.813894][ T6296]  shmem_get_inode+0x34a/0xd70
[   94.818665][ T6296]  shmem_mknod+0x5f/0x1e0
[   94.823023][ T6296]  path_openat+0x1c03/0x3590
[   94.827628][ T6296]  do_filp_open+0x235/0x490
[   94.832121][ T6296]  do_sys_openat2+0x13e/0x1d0
[   94.836828][ T6296]  __x64_sys_openat+0x247/0x2a0
[   94.841687][ T6296] Modules linked in:
[   94.845616][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   94.857683][ T6296] Tainted: [B]=BAD_PAGE
[   94.861820][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   94.871860][ T6296] Call Trace:
[   94.875122][ T6296]  <TASK>
[   94.878036][ T6296]  dump_stack_lvl+0x241/0x360
[   94.882696][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.887900][ T6296]  ? __pfx_print_modules+0x10/0x10
[   94.893085][ T6296]  bad_page+0x166/0x1b0
[   94.897222][ T6296]  free_unref_page+0xed0/0xf20
[   94.901965][ T6296]  skb_release_data+0x6dc/0x8a0
[   94.906806][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   94.911815][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   94.917520][ T6296]  ? __lock_acquire+0x1384/0x2050
[   94.922538][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   94.928595][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   94.934573][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   94.941138][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   94.947622][ T6296]  ? read_tsc+0x9/0x20
[   94.951673][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   94.956860][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   94.963179][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   94.969319][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   94.975627][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   94.982283][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   94.987460][ T6296]  ? __phys_addr+0xba/0x170
[   94.991943][ T6296]  ? build_skb_around+0x111/0x260
[   94.996944][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   95.002822][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   95.008096][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   95.013599][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   95.019493][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   95.025048][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   95.030847][ T6296]  ? synchronize_rcu+0x11b/0x360
[   95.035772][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   95.041043][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   95.047275][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   95.053166][ T6296]  ? _copy_from_user+0xa6/0xe0
[   95.057947][ T6296]  ? bpf_test_init+0x15a/0x180
[   95.062786][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   95.068235][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   95.073599][ T6296]  ? __pfx_lock_release+0x10/0x10
[   95.078610][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   95.084399][ T6296]  ? __fget_files+0x29/0x470
[   95.088976][ T6296]  ? fput+0x1a8/0x230
[   95.092941][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   95.098748][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   95.103684][ T6296]  __sys_bpf+0x48d/0x810
[   95.107933][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   95.112678][ T6296]  ? __sys_bind+0x108/0x2d0
[   95.117168][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   95.123132][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   95.129459][ T6296]  ? do_syscall_64+0x100/0x230
[   95.134202][ T6296]  __x64_sys_bpf+0x7c/0x90
[   95.138597][ T6296]  do_syscall_64+0xf3/0x230
[   95.143079][ T6296]  ? clear_bhb_loop+0x35/0x90
[   95.147734][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.153623][ T6296] RIP: 0033:0x7fcce777dff9
[   95.158039][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.177636][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   95.186031][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   95.193985][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   95.201936][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   95.209892][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   95.217844][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   95.225800][ T6296]  </TASK>
[   95.228886][ T6296] BUG: Bad page state in process syz.0.200  pfn:27f0e
[   95.235668][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27f0e
[   95.244450][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   95.251569][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   95.260197][ T6296] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   95.268817][ T6296] page dumped because: page_pool leak
[   95.274214][ T6296] page_owner tracks the page as allocated
[   95.279924][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301351107, free_ts 86725001087
[   95.296704][ T6296]  post_alloc_hook+0x1f3/0x230
[   95.301478][ T6296]  get_page_from_freelist+0x3045/0x3190
[   95.307047][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   95.312249][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   95.317728][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   95.323668][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   95.328872][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   95.334266][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   95.339647][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   95.344611][ T6296]  __sys_bpf+0x48d/0x810
[   95.348883][ T6296]  __x64_sys_bpf+0x7c/0x90
[   95.353339][ T6296]  do_syscall_64+0xf3/0x230
[   95.357845][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.363765][ T6296] page last free pid 5405 tgid 5405 stack trace:
[   95.370087][ T6296]  free_unref_page+0xcfb/0xf20
[   95.374888][ T6296]  __put_partials+0xeb/0x130
[   95.379484][ T6296]  put_cpu_partial+0x17c/0x250
[   95.384283][ T6296]  __slab_free+0x2ea/0x3d0
[   95.388702][ T6296]  qlist_free_all+0x9a/0x140
[   95.393332][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   95.398793][ T6296]  __kasan_slab_alloc+0x23/0x80
[   95.403687][ T6296]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[   95.409502][ T6296]  shmem_alloc_inode+0x28/0x40
[   95.414296][ T6296]  new_inode+0x6e/0x310
[   95.418454][ T6296]  shmem_get_inode+0x34a/0xd70
[   95.423251][ T6296]  shmem_mknod+0x5f/0x1e0
[   95.427589][ T6296]  path_openat+0x1c03/0x3590
[   95.432165][ T6296]  do_filp_open+0x235/0x490
[   95.436695][ T6296]  do_sys_openat2+0x13e/0x1d0
[   95.441379][ T6296]  __x64_sys_openat+0x247/0x2a0
[   95.446255][ T6296] Modules linked in:
[   95.450184][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   95.462231][ T6296] Tainted: [B]=BAD_PAGE
[   95.466366][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   95.476406][ T6296] Call Trace:
[   95.479675][ T6296]  <TASK>
[   95.483025][ T6296]  dump_stack_lvl+0x241/0x360
[   95.487687][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   95.492876][ T6296]  ? __pfx_print_modules+0x10/0x10
[   95.497972][ T6296]  bad_page+0x166/0x1b0
[   95.502108][ T6296]  free_unref_page+0xed0/0xf20
[   95.506859][ T6296]  skb_release_data+0x6dc/0x8a0
[   95.511695][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   95.516723][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   95.522424][ T6296]  ? __lock_acquire+0x1384/0x2050
[   95.527530][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   95.533587][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   95.539548][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   95.546115][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   95.552595][ T6296]  ? read_tsc+0x9/0x20
[   95.556654][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   95.561839][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   95.568149][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   95.574287][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   95.580605][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   95.587266][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   95.592443][ T6296]  ? __phys_addr+0xba/0x170
[   95.596925][ T6296]  ? build_skb_around+0x111/0x260
[   95.601927][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   95.607811][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   95.613083][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   95.618524][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   95.624400][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   95.629930][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   95.635716][ T6296]  ? synchronize_rcu+0x11b/0x360
[   95.640636][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   95.645907][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   95.652130][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   95.658011][ T6296]  ? _copy_from_user+0xa6/0xe0
[   95.662758][ T6296]  ? bpf_test_init+0x15a/0x180
[   95.667507][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   95.672947][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   95.678334][ T6296]  ? __pfx_lock_release+0x10/0x10
[   95.683355][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   95.689146][ T6296]  ? __fget_files+0x29/0x470
[   95.693719][ T6296]  ? fput+0x1a8/0x230
[   95.697683][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   95.703482][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   95.708429][ T6296]  __sys_bpf+0x48d/0x810
[   95.712654][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   95.717397][ T6296]  ? __sys_bind+0x108/0x2d0
[   95.721971][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   95.727936][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   95.734247][ T6296]  ? do_syscall_64+0x100/0x230
[   95.738989][ T6296]  __x64_sys_bpf+0x7c/0x90
[   95.743388][ T6296]  do_syscall_64+0xf3/0x230
[   95.747888][ T6296]  ? clear_bhb_loop+0x35/0x90
[   95.752543][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.758426][ T6296] RIP: 0033:0x7fcce777dff9
[   95.762823][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.782586][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   95.790981][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   95.798933][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   95.806891][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   95.814863][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   95.822815][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   95.830776][ T6296]  </TASK>
[   95.833860][ T6296] BUG: Bad page state in process syz.0.200  pfn:27f0d
[   95.840622][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27f0d
[   95.849439][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   95.856620][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   95.865235][ T6296] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   95.873842][ T6296] page dumped because: page_pool leak
[   95.879191][ T6296] page_owner tracks the page as allocated
[   95.884930][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301340278, free_ts 86725001087
[   95.901729][ T6296]  post_alloc_hook+0x1f3/0x230
[   95.906531][ T6296]  get_page_from_freelist+0x3045/0x3190
[   95.912086][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   95.917309][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   95.922798][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   95.928729][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   95.933952][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   95.939308][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   95.944718][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   95.949663][ T6296]  __sys_bpf+0x48d/0x810
[   95.953930][ T6296]  __x64_sys_bpf+0x7c/0x90
[   95.958349][ T6296]  do_syscall_64+0xf3/0x230
[   95.962830][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.968836][ T6296] page last free pid 5405 tgid 5405 stack trace:
[   95.975182][ T6296]  free_unref_page+0xcfb/0xf20
[   95.979946][ T6296]  __put_partials+0xeb/0x130
[   95.984559][ T6296]  put_cpu_partial+0x17c/0x250
[   95.989331][ T6296]  __slab_free+0x2ea/0x3d0
[   95.993768][ T6296]  qlist_free_all+0x9a/0x140
[   95.998360][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   96.003859][ T6296]  __kasan_slab_alloc+0x23/0x80
[   96.009322][ T6296]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[   96.015152][ T6296]  shmem_alloc_inode+0x28/0x40
[   96.019923][ T6296]  new_inode+0x6e/0x310
[   96.024099][ T6296]  shmem_get_inode+0x34a/0xd70
[   96.028893][ T6296]  shmem_mknod+0x5f/0x1e0
[   96.033261][ T6296]  path_openat+0x1c03/0x3590
[   96.037949][ T6296]  do_filp_open+0x235/0x490
[   96.042561][ T6296]  do_sys_openat2+0x13e/0x1d0
[   96.047276][ T6296]  __x64_sys_openat+0x247/0x2a0
[   96.052143][ T6296] Modules linked in:
[   96.056075][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   96.068142][ T6296] Tainted: [B]=BAD_PAGE
[   96.072361][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   96.082398][ T6296] Call Trace:
[   96.085663][ T6296]  <TASK>
[   96.088584][ T6296]  dump_stack_lvl+0x241/0x360
[   96.093249][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   96.098426][ T6296]  ? __pfx_print_modules+0x10/0x10
[   96.103546][ T6296]  bad_page+0x166/0x1b0
[   96.107791][ T6296]  free_unref_page+0xed0/0xf20
[   96.112742][ T6296]  skb_release_data+0x6dc/0x8a0
[   96.117587][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   96.122593][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   96.128297][ T6296]  ? __lock_acquire+0x1384/0x2050
[   96.133309][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   96.139361][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   96.145326][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   96.151895][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   96.158375][ T6296]  ? read_tsc+0x9/0x20
[   96.162422][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   96.167619][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   96.173938][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   96.180074][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   96.186384][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   96.193057][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   96.198239][ T6296]  ? __phys_addr+0xba/0x170
[   96.202720][ T6296]  ? build_skb_around+0x111/0x260
[   96.207724][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   96.213613][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   96.218901][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   96.224344][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   96.230222][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   96.235753][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   96.241537][ T6296]  ? synchronize_rcu+0x11b/0x360
[   96.246454][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   96.251722][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   96.257947][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   96.263835][ T6296]  ? _copy_from_user+0xa6/0xe0
[   96.268605][ T6296]  ? bpf_test_init+0x15a/0x180
[   96.273353][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   96.278795][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   96.284151][ T6296]  ? __pfx_lock_release+0x10/0x10
[   96.289159][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   96.294980][ T6296]  ? __fget_files+0x29/0x470
[   96.299554][ T6296]  ? fput+0x1a8/0x230
[   96.303522][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   96.309312][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   96.314244][ T6296]  __sys_bpf+0x48d/0x810
[   96.318496][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   96.323241][ T6296]  ? __sys_bind+0x108/0x2d0
[   96.327733][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   96.333697][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   96.340006][ T6296]  ? do_syscall_64+0x100/0x230
[   96.344750][ T6296]  __x64_sys_bpf+0x7c/0x90
[   96.349149][ T6296]  do_syscall_64+0xf3/0x230
[   96.353651][ T6296]  ? clear_bhb_loop+0x35/0x90
[   96.358307][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.364196][ T6296] RIP: 0033:0x7fcce777dff9
[   96.368610][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.388196][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   96.396621][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   96.404575][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   96.412526][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   96.420488][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   96.428443][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   96.436402][ T6296]  </TASK>
[   96.439491][ T6296] BUG: Bad page state in process syz.0.200  pfn:27f0c
[   96.446277][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27f0c
[   96.455065][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   96.462180][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   96.470793][ T6296] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   96.479394][ T6296] page dumped because: page_pool leak
[   96.484777][ T6296] page_owner tracks the page as allocated
[   96.490490][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301329844, free_ts 86725001087
[   96.507301][ T6296]  post_alloc_hook+0x1f3/0x230
[   96.512075][ T6296]  get_page_from_freelist+0x3045/0x3190
[   96.517645][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   96.522846][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   96.528327][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   96.534268][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   96.539481][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   96.544871][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   96.550250][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   96.555216][ T6296]  __sys_bpf+0x48d/0x810
[   96.559461][ T6296]  __x64_sys_bpf+0x7c/0x90
[   96.563912][ T6296]  do_syscall_64+0xf3/0x230
[   96.568413][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.574328][ T6296] page last free pid 5405 tgid 5405 stack trace:
[   96.580646][ T6296]  free_unref_page+0xcfb/0xf20
[   96.585425][ T6296]  __put_partials+0xeb/0x130
[   96.590017][ T6296]  put_cpu_partial+0x17c/0x250
[   96.594800][ T6296]  __slab_free+0x2ea/0x3d0
[   96.599224][ T6296]  qlist_free_all+0x9a/0x140
[   96.603850][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   96.609313][ T6296]  __kasan_slab_alloc+0x23/0x80
[   96.614189][ T6296]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[   96.620000][ T6296]  shmem_alloc_inode+0x28/0x40
[   96.624788][ T6296]  new_inode+0x6e/0x310
[   96.628945][ T6296]  shmem_get_inode+0x34a/0xd70
[   96.633744][ T6296]  shmem_mknod+0x5f/0x1e0
[   96.638082][ T6296]  path_openat+0x1c03/0x3590
[   96.642657][ T6296]  do_filp_open+0x235/0x490
[   96.647179][ T6296]  do_sys_openat2+0x13e/0x1d0
[   96.651860][ T6296]  __x64_sys_openat+0x247/0x2a0
[   96.656735][ T6296] Modules linked in:
[   96.660633][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   96.672679][ T6296] Tainted: [B]=BAD_PAGE
[   96.676806][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   96.686841][ T6296] Call Trace:
[   96.690101][ T6296]  <TASK>
[   96.693016][ T6296]  dump_stack_lvl+0x241/0x360
[   96.697675][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   96.702858][ T6296]  ? __pfx_print_modules+0x10/0x10
[   96.707957][ T6296]  bad_page+0x166/0x1b0
[   96.712095][ T6296]  free_unref_page+0xed0/0xf20
[   96.716843][ T6296]  skb_release_data+0x6dc/0x8a0
[   96.721680][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   96.726687][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   96.732386][ T6296]  ? __lock_acquire+0x1384/0x2050
[   96.737396][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   96.743452][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980
[   96.749418][ T6296]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   96.755991][ T6296]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[   96.762474][ T6296]  ? read_tsc+0x9/0x20
[   96.766542][ T6296]  ? timekeeping_get_ns+0x2c0/0x420
[   96.771746][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   96.778056][ T6296]  netif_receive_skb_list_internal+0xa51/0xe30
[   96.784197][ T6296]  ? netif_receive_skb_list_internal+0x4e8/0xe30
[   96.790506][ T6296]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[   96.797164][ T6296]  ? __pfx_eth_type_trans+0x10/0x10
[   96.802342][ T6296]  ? __phys_addr+0xba/0x170
[   96.806840][ T6296]  ? build_skb_around+0x111/0x260
[   96.811854][ T6296]  ? __xdp_build_skb_from_frame+0x338/0x650
[   96.817740][ T6296]  netif_receive_skb_list+0x55/0x4b0
[   96.823025][ T6296]  bpf_test_run_xdp_live+0x1b0d/0x2160
[   96.828479][ T6296]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
[   96.834359][ T6296]  ? bpf_test_run_xdp_live+0x5d6/0x2160
[   96.839890][ T6296]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[   96.845681][ T6296]  ? synchronize_rcu+0x11b/0x360
[   96.850608][ T6296]  ? __pfx_synchronize_rcu+0x10/0x10
[   96.855880][ T6296]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[   96.862104][ T6296]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   96.867990][ T6296]  ? _copy_from_user+0xa6/0xe0
[   96.872739][ T6296]  ? bpf_test_init+0x15a/0x180
[   96.877488][ T6296]  ? xdp_convert_md_to_buff+0x5b/0x330
[   96.882930][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   96.888294][ T6296]  ? __pfx_lock_release+0x10/0x10
[   96.893305][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   96.899101][ T6296]  ? __fget_files+0x29/0x470
[   96.903674][ T6296]  ? fput+0x1a8/0x230
[   96.907647][ T6296]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   96.913453][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   96.918402][ T6296]  __sys_bpf+0x48d/0x810
[   96.922719][ T6296]  ? __pfx___sys_bpf+0x10/0x10
[   96.927467][ T6296]  ? __sys_bind+0x108/0x2d0
[   96.931956][ T6296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   96.937920][ T6296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   96.944232][ T6296]  ? do_syscall_64+0x100/0x230
[   96.948978][ T6296]  __x64_sys_bpf+0x7c/0x90
[   96.953377][ T6296]  do_syscall_64+0xf3/0x230
[   96.957859][ T6296]  ? clear_bhb_loop+0x35/0x90
[   96.962514][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.968488][ T6296] RIP: 0033:0x7fcce777dff9
[   96.972893][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.992486][ T6296] RSP: 002b:00007fcce71ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   97.000912][ T6296] RAX: ffffffffffffffda RBX: 00007fcce7936058 RCX: 00007fcce777dff9
[   97.008881][ T6296] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   97.016853][ T6296] RBP: 00007fcce77f0296 R08: 0000000000000000 R09: 0000000000000000
[   97.024898][ T6296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   97.032939][ T6296] R13: 0000000000000000 R14: 00007fcce7936058 R15: 00007fff2bbf7c58
[   97.040911][ T6296]  </TASK>
[   97.043998][ T6296] BUG: Bad page state in process syz.0.200  pfn:27f0b
[   97.050763][ T6296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27f0b
[   97.059567][ T6296] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   97.066708][ T6296] raw: 00fff00000000000 dead000000000040 ffff888026a50000 0000000000000000
[   97.075316][ T6296] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   97.083923][ T6296] page dumped because: page_pool leak
[   97.089272][ T6296] page_owner tracks the page as allocated
[   97.095014][ T6296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6296, tgid 6281 (syz.0.200), ts 87301318645, free_ts 86725001087
[   97.111894][ T6296]  post_alloc_hook+0x1f3/0x230
[   97.116690][ T6296]  get_page_from_freelist+0x3045/0x3190
[   97.122245][ T6296]  __alloc_pages_noprof+0x256/0x6c0
[   97.127473][ T6296]  alloc_pages_bulk_noprof+0x729/0xd40
[   97.133003][ T6296]  __page_pool_alloc_pages_slow+0x122/0x690
[   97.138917][ T6296]  page_pool_alloc_pages+0xd0/0x1c0
[   97.144152][ T6296]  bpf_test_run_xdp_live+0x950/0x2160
[   97.149536][ T6296]  bpf_prog_test_run_xdp+0x805/0x11e0
[   97.154948][ T6296]  bpf_prog_test_run+0x2e4/0x360
[   97.159887][ T6296]  __sys_bpf+0x48d/0x810
[   97.164176][ T6296]  __x64_sys_bpf+0x7c/0x90
[   97.168600][ T6296]  do_syscall_64+0xf3/0x230
[   97.173128][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.179041][ T6296] page last free pid 5405 tgid 5405 stack trace:
[   97.185435][ T6296]  free_unref_page+0xcfb/0xf20
[   97.190218][ T6296]  __put_partials+0xeb/0x130
[   97.194877][ T6296]  put_cpu_partial+0x17c/0x250
[   97.199660][ T6296]  __slab_free+0x2ea/0x3d0
[   97.204217][ T6296]  qlist_free_all+0x9a/0x140
[   97.208828][ T6296]  kasan_quarantine_reduce+0x14f/0x170
[   97.214365][ T6296]  __kasan_slab_alloc+0x23/0x80
[   97.219237][ T6296]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[   97.225101][ T6296]  shmem_alloc_inode+0x28/0x40
[   97.229885][ T6296]  new_inode+0x6e/0x310
[   97.234102][ T6296]  shmem_get_inode+0x34a/0xd70
[   97.238890][ T6296]  shmem_mknod+0x5f/0x1e0
[   97.243276][ T6296]  path_openat+0x1c03/0x3590
[   97.247977][ T6296]  do_filp_open+0x235/0x490
[   97.252506][ T6296]  do_sys_openat2+0x13e/0x1d0
[   97.257247][ T6296]  __x64_sys_openat+0x247/0x2a0
[   97.262120][ T6296] Modules linked in:
[   97.266073][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.200 Tainted: G    B              6.12.0-rc1-syzkaller-00238-g8b641b5e4c78 #0
[   97.278149][ T6296] Tainted: [B]=BAD_PAGE
[   97.282300][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   97.292367][ T6296] Call Trace:
[   97.295654][ T6296]  <TASK>
[   97.298589][ T6296]  dump_stack_lvl+0x241/0x360
[   97.303279][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[   97.308491][ T6296]  ? __pfx_print_modules+0x10/0x10
[   97.313629][ T6296]  bad_page+0x166/0x1b0
[   97.317810][ T6296]  free_unref_page+0xed0/0xf20
[   97.322596][ T6296]  skb_release_data+0x6dc/0x8a0
[   97.326600][ T5235] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   97.327447][ T6296]  sk_skb_reason_drop+0x1c9/0x380
[   97.334644][ T5235] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   97.339358][ T6296]  __netif_receive_skb_core+0x3edd/0x4570
[   97.346811][ T5235] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   97.351963][ T6296]  ? __lock_acquire+0x1384/0x2050
[   97.359729][ T5235] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   97.363877][ T6296]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   97.363919][ T6296]  __netif_receive_skb_list_core+0x2b1/0x980