last executing test programs:

34.458603207s ago: executing program 2 (id=803):
r0 = socket(0x10, 0x3, 0x6)
socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000180), 0x4)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000080)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x42, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x34, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x4, 0x2, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0xffff, 0x7}]}}}}}}}, 0x0)

28.477761781s ago: executing program 2 (id=803):
r0 = socket(0x10, 0x3, 0x6)
socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000180), 0x4)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000080)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x42, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x34, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x4, 0x2, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0xffff, 0x7}]}}}}}}}, 0x0)

22.769292594s ago: executing program 2 (id=803):
r0 = socket(0x10, 0x3, 0x6)
socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000180), 0x4)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000080)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x42, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x34, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x4, 0x2, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0xffff, 0x7}]}}}}}}}, 0x0)

16.298421642s ago: executing program 2 (id=803):
r0 = socket(0x10, 0x3, 0x6)
socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000180), 0x4)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000080)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x42, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x34, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x4, 0x2, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0xffff, 0x7}]}}}}}}}, 0x0)

9.6393029s ago: executing program 2 (id=803):
r0 = socket(0x10, 0x3, 0x6)
socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000180), 0x4)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000080)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x42, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x34, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x4, 0x2, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0xffff, 0x7}]}}}}}}}, 0x0)

3.684879524s ago: executing program 2 (id=803):
r0 = socket(0x10, 0x3, 0x6)
socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000180), 0x4)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000080)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x42, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x34, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x4, 0x2, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0xffff, 0x7}]}}}}}}}, 0x0)

1.431553354s ago: executing program 1 (id=1369):
socket$inet6_tcp(0xa, 0x1, 0x0)
socket(0x10, 0x80002, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff08000900fcfc0000080011000000000008000e00800000000800", @ANYRES64=r0], 0x5c}, 0x1, 0x0, 0x0, 0x20008005}, 0x0)

1.352658143s ago: executing program 1 (id=1372):
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = socket$pppoe(0x18, 0x1, 0x0)
ioctl$PPPIOCGCHAN(0xffffffffffffffff, 0x80047437, &(0x7f0000000180))
connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x4, @local, 'wg2\x00'}}, 0x1e)
connect$pppoe(r1, &(0x7f00000000c0)={0x18, 0x0, {0x1, @broadcast, 'veth1_to_hsr\x00'}}, 0x1e)
socket(0x200000000000011, 0x2, 0x0)
ioctl$PPPOEIOCSFWD(r1, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @local, 'bridge_slave_1\x00'}})

1.266546072s ago: executing program 1 (id=1374):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, &(0x7f0000000040))
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x1, &(0x7f0000000400)="e6", 0x9, 0x1, 0xc45, 0x1012, 0xc7, 0x2, 0x7, 'syz1\x00'})

1.177222966s ago: executing program 0 (id=1375):
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0xb, &(0x7f0000000000)=0x2, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newtaction={0x80, 0x1c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x6c, 0x1, [@m_tunnel_key={0x3c, 0x17, 0x0, 0x0, {{0xf}, {0x4}, {0x9, 0x6, "13885b9622"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_ife={0x2c, 0xe, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x4}, 0x0)

1.177001086s ago: executing program 1 (id=1376):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="2e0000040f80ec59acbc0413a1f8480b4a00005e140602", 0x17}], 0x1}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r0, 0x8b27, &(0x7f0000000040))

429.203577ms ago: executing program 0 (id=1377):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010000104000000000300000000000000", @ANYRES32=0x0, @ANYBLOB="2b030000008000001c0012800b00010067656e65766500000c00028008000f"], 0x3c}}, 0x0)

353.366243ms ago: executing program 1 (id=1378):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000080)={0x34, r1, 0xf03, 0x0, 0x0, {0x34}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)

353.225323ms ago: executing program 0 (id=1379):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000003380), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYRES16], 0x40}}, 0x40)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x48}}, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000006100), 0x49f, 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'wrr\x00', 0x38, 0x84, 0x47}, 0x2c)

251.799517ms ago: executing program 1 (id=1380):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc0200, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100)=0x2)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0xe9503, 0x0)
ioctl$PPPIOCATTACH(r1, 0x4004743d, &(0x7f0000000040)=0x3)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r2, 0x0, 0x0, 0x20004041, 0x0, 0x0)
connect$inet6(r2, &(0x7f0000000280)={0xa, 0x0, 0x4, @dev={0xfe, 0x80, '\x00', 0x6}, 0x7}, 0x1c)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, 0x0, 0x20000800)
write(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000d9bb000085000000b500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x50)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r4, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)

171.668213ms ago: executing program 0 (id=1381):
r0 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r0, 0x107, 0x13, 0x0, &(0x7f0000000200))

81.864551ms ago: executing program 0 (id=1382):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newsa={0x154, 0x10, 0x1, 0x8000000, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {@in=@broadcast, 0x0, 0x33}, @in=@local, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x5680000000}, {0x10, 0x9, 0x2}, 0x0, 0x0, 0x2, 0x1}, [@algo_auth={0x48, 0x1, {{'sha256\x00'}}}, @replay_esn_val={0x1c, 0x17, {0x0, 0x70bd2b, 0x70bd25, 0x70bd2d, 0x70bd2d, 0x6}}]}, 0x154}}, 0x0)

0s ago: executing program 0 (id=1383):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000fc0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cd0aa7b73340cc2160a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e10d859e8327ef03fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563112f4b391aafe234870072858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5c768a40538be5f76e9c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5be5f6eb2eea0d0df414b315f65112412392191fa83ee830548ef8e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb030621204d3ded6f260af62d91faae95196d5e3ff010000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a30280bc586e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5ffff000000000000c24411d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d54aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5f7d895de17a10b0a0ea15ccc0d7a830b6eb33b6b21675511d693ef5e3c44bbf71cabc5175d879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2e5a00d2f953a86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c56d0886eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366a9660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e959212181d4bf32ed89c96d421c8171698c49403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef310e10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d618cdaaf7e038879c5d177b3876fda4121e15a00adb976064a93e8d000000000000903350932d3eef7fdada20c19807066e2c72d0d816eb9fa50be213bf6bbb7ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a2c5986aa9200a1306ffa5a71ca69e89a6980612b35fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeadc5cf218a6eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041814f60fbbcafa487ee96b368e8769da90b44190e569fe8b1d155d0765baaca5c5548b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751beed5f79de29a67a579150bfb31232d296b9d2977ed027ca90af7088d6466f1501d96a32bfa3cf9ab0dcd626ac9341833e92685af6917ae05473ae4768341426e244159b3c3e002b6f8ee80cbe6e26c816ab92658d956d849cd3a21ebf4b143d338035cd91f087633aa668e0644b05dc5a7937cd5fb62bd08242a858aeeda8c0cbb4fc2478a8155b859e88493f322702277939832bd4a1d8109f98c5a187564c9eb80acc63ac57459593c81ce8998e38ea231b81ebaa6b242ebdf382d70232f1d8e516a8eaf39d09ea40198cf1b72eb5ce5327d3a3861470be47a9a9dbf569e6f6f474fd1448adfd70c4f4a4487edaf193a00a808389a110a4286905ba81309735f6ac5d2ba7ab2be01fa25c11dbb3170258e9d9fed944fd85c03336a49f7016517a1988bc84ee301e167d3cf88c46c4eba6e2bfd099acd2eec5c624679aa7ebab76061a9ca792bffe3d6df4dbe70b5cab6299a51e63826fd0bda4846d06e322ebd745e73da718ba0c93e7567df9ed7ea8d2fdbde44e65a4cd01748b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x8, 0x0, 0xff6c}, 0x48)
r1 = socket$kcm(0x11, 0x200000000000002, 0x300)
setsockopt$sock_attach_bpf(r1, 0x107, 0x8, &(0x7f00000000c0), 0x8)
recvmsg$kcm(r1, &(0x7f0000001280)={0x0, 0x0, 0x0}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x56, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088a81bff886411004048633321fbac14142ce934a0a662079f4b4d2f87e56dca6aab845013f208001a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfb, 0x60000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000001c40)="beb61ec2ca90080239f2a54e2368fa761313c3a024a98109ba1e2e7b780d03c54b7a83d56fce397842e724674507d531762055fca371ea775f418df7bee236c9b9968146efb3232ae3413b617445e98bb644a892b9337f1a9135d9f30457a8ffb21aef4a95a155fab70a40b086056b0f63331a66b3457c", 0x2}, 0x2c)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:46348' (ED25519) to the list of known hosts.
syzkaller login: [   49.655125][ T5810] cgroup: Unknown subsys name 'net'
[   49.777819][ T5810] cgroup: Unknown subsys name 'cpuset'
[   49.784549][ T5810] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   51.376639][ T5810] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   55.324901][ T5223] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   55.327727][ T5223] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   55.330236][ T5223] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   55.332887][ T5223] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   55.335591][ T5223] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   55.377797][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   55.380573][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   55.383232][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   55.386652][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   55.389379][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   55.465463][ T5223] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   55.468235][ T5223] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   55.470883][ T5223] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   55.474438][ T5223] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   55.477333][ T5223] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   55.534905][ T5828] chnl_net:caif_netlink_parms(): no params data found
[   55.669462][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.672491][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.675351][ T5828] bridge_slave_0: entered allmulticast mode
[   55.678149][ T5828] bridge_slave_0: entered promiscuous mode
[   55.682229][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.685080][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.687559][ T5828] bridge_slave_1: entered allmulticast mode
[   55.690645][ T5828] bridge_slave_1: entered promiscuous mode
[   55.741898][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.768007][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.798223][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   55.808618][ T5828] team0: Port device team_slave_0 added
[   55.827622][ T5828] team0: Port device team_slave_1 added
[   55.868746][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.871271][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.881983][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.888372][ T5838] chnl_net:caif_netlink_parms(): no params data found
[   55.894042][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.897103][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.908078][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.970965][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.974494][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.977577][ T5833] bridge_slave_0: entered allmulticast mode
[   55.981502][ T5833] bridge_slave_0: entered promiscuous mode
[   55.998706][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.001801][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.004959][ T5833] bridge_slave_1: entered allmulticast mode
[   56.008778][ T5833] bridge_slave_1: entered promiscuous mode
[   56.039648][ T5828] hsr_slave_0: entered promiscuous mode
[   56.042228][ T5828] hsr_slave_1: entered promiscuous mode
[   56.066624][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.090384][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.093139][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.096752][ T5838] bridge_slave_0: entered allmulticast mode
[   56.100692][ T5838] bridge_slave_0: entered promiscuous mode
[   56.107486][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.111431][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.114442][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.117177][ T5838] bridge_slave_1: entered allmulticast mode
[   56.120613][ T5838] bridge_slave_1: entered promiscuous mode
[   56.185704][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.191483][ T5833] team0: Port device team_slave_0 added
[   56.199738][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.206573][ T5833] team0: Port device team_slave_1 added
[   56.252131][ T5838] team0: Port device team_slave_0 added
[   56.274409][ T5838] team0: Port device team_slave_1 added
[   56.277429][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.279832][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.290289][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.325675][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.328018][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.338309][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.364953][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.367897][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.378468][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.390709][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.393906][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.404631][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.459695][ T5833] hsr_slave_0: entered promiscuous mode
[   56.462260][ T5833] hsr_slave_1: entered promiscuous mode
[   56.465319][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   56.467958][ T5833] Cannot create hsr debugfs directory
[   56.480752][ T5838] hsr_slave_0: entered promiscuous mode
[   56.483040][ T5838] hsr_slave_1: entered promiscuous mode
[   56.487281][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   56.489627][ T5838] Cannot create hsr debugfs directory
[   56.530067][ T5828] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.573774][ T5828] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.580184][ T5828] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.601683][ T5828] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.749822][ T5833] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   56.767356][ T5833] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   56.772247][ T5833] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   56.796592][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.799480][ T5833] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   56.856775][ T5828] 8021q: adding VLAN 0 to HW filter on device team0
[   56.859620][ T5838] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   56.866864][ T5838] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   56.880141][ T4334] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.883221][ T4334] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.888492][ T5838] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   56.893881][ T5838] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.905589][ T4334] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.907860][ T4334] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.039576][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.053065][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.070655][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   57.079364][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[   57.096881][  T258] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.099417][  T258] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.103103][  T258] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.105737][  T258] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.124669][  T258] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.127533][  T258] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.131964][  T258] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.134986][  T258] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.161031][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.231055][ T5828] veth0_vlan: entered promiscuous mode
[   57.239719][ T5828] veth1_vlan: entered promiscuous mode
[   57.276794][ T5828] veth0_macvtap: entered promiscuous mode
[   57.281353][ T5828] veth1_macvtap: entered promiscuous mode
[   57.305838][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.321676][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.327544][ T5828] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.330478][ T5828] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.338642][ T5828] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.342181][ T5828] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.369883][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.399592][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.434688][ T5223] Bluetooth: hci1: command tx timeout
[   57.436743][ T5223] Bluetooth: hci0: command tx timeout
[   57.449950][ T5838] veth0_vlan: entered promiscuous mode
[   57.452490][ T4334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.457786][ T4334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.487894][ T5838] veth1_vlan: entered promiscuous mode
[   57.514595][   T55] Bluetooth: hci2: command tx timeout
[   57.515822][ T4334] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.524094][ T4334] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.539862][ T5833] veth0_vlan: entered promiscuous mode
[   57.558145][ T5838] veth0_macvtap: entered promiscuous mode
[   57.560964][ T5833] veth1_vlan: entered promiscuous mode
[   57.591515][ T5838] veth1_macvtap: entered promiscuous mode
[   57.607655][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.615004][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.615480][ T5828] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   57.620537][ T5838] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.628287][ T5838] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.630981][ T5838] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.634605][ T5838] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.668359][ T5833] veth0_macvtap: entered promiscuous mode
[   57.686986][ T5833] veth1_macvtap: entered promiscuous mode
[   57.713185][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.738223][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.745006][ T5833] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.747912][ T5833] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.750759][ T5833] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.754497][ T5833] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.771937][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.775116][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.847632][  T156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.853036][  T156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.889168][ T4334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.892452][ T4334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.938044][ T4080] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.940648][ T4080] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.261502][ T5925] netlink: 'syz.2.17': attribute type 21 has an invalid length.
[   58.268529][ T5925] netlink: 128 bytes leftover after parsing attributes in process `syz.2.17'.
[   58.273904][ T5925] netlink: 3 bytes leftover after parsing attributes in process `syz.2.17'.
[   58.382423][ T5931] Zero length message leads to an empty skb
[   58.388488][ T5931] tipc: Started in network mode
[   58.390387][ T5931] tipc: Node identity da4bf174e01e, cluster identity 4711
[   58.392972][ T5931] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   58.404865][ T5934] bridge0: entered promiscuous mode
[   58.437305][ T5931] syzkaller0: entered promiscuous mode
[   58.439227][ T5931] syzkaller0: entered allmulticast mode
[   58.441541][ T5931] tipc: Resetting bearer <eth:syzkaller0>
[   58.455957][ T5931] netlink: 28 bytes leftover after parsing attributes in process `syz.0.20'.
[   58.579971][ T5930] tipc: Resetting bearer <eth:syzkaller0>
[   58.909747][ T5959] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   59.328428][ T5930] tipc: Disabling bearer <eth:syzkaller0>
[   59.504329][   T55] Bluetooth: hci0: command tx timeout
[   59.506709][   T55] Bluetooth: hci1: command tx timeout
[   59.587256][   T55] Bluetooth: hci2: command tx timeout
[   59.773134][ T5985] veth1_macvtap: left promiscuous mode
[   59.787021][ T5985] macsec0: entered allmulticast mode
[   59.827420][ T5990] veth1_macvtap: entered promiscuous mode
[   59.829867][ T5990] veth1_macvtap: entered allmulticast mode
[   59.835365][ T5990] macsec0: left allmulticast mode
[   59.837548][ T5990] veth1_macvtap: left allmulticast mode
[   60.035671][ T6002] netlink: 4 bytes leftover after parsing attributes in process `syz.0.47'.
[   60.195408][ T6012] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   60.221418][ T6012] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   60.344267][ T6026] netlink: 14 bytes leftover after parsing attributes in process `syz.2.58'.
[   60.361965][ T6026] hsr_slave_0: left promiscuous mode
[   60.377020][ T6026] hsr_slave_1: left promiscuous mode
[   60.482672][ T6027] netlink: 8 bytes leftover after parsing attributes in process `syz.0.56'.
[   60.689658][ T6038] xt_hashlimit: size too large, truncated to 1048576
[   60.750777][ T6040] : renamed from vxcan1 (while UP)
[   60.885549][ T6048] warning: `syz.1.67' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   60.889913][ T6050] netlink: 'syz.0.68': attribute type 1 has an invalid length.
[   60.893140][ T6050] netlink: 'syz.0.68': attribute type 1 has an invalid length.
[   61.028098][ T6058] syzkaller1: entered promiscuous mode
[   61.030484][ T6058] syzkaller1: entered allmulticast mode
[   61.234003][ T6075] netlink: 16 bytes leftover after parsing attributes in process `syz.1.79'.
[   61.242366][ T6075] bond0: entered promiscuous mode
[   61.245997][ T6075] bond_slave_0: entered promiscuous mode
[   61.248458][ T6075] bond_slave_1: entered promiscuous mode
[   61.261025][ T6075] bond0: left promiscuous mode
[   61.263136][ T6075] bond_slave_0: left promiscuous mode
[   61.271321][ T6075] bond_slave_1: left promiscuous mode
[   61.353088][ T6082] netlink: 17 bytes leftover after parsing attributes in process `syz.0.83'.
[   61.362539][ T6082] netlink: zone id is out of range
[   61.366069][ T6082] netlink: zone id is out of range
[   61.367813][ T6082] netlink: zone id is out of range
[   61.369529][ T6082] netlink: zone id is out of range
[   61.371417][ T6082] netlink: zone id is out of range
[   61.373550][ T6082] netlink: zone id is out of range
[   61.375307][ T6082] netlink: zone id is out of range
[   61.377104][ T6082] netlink: zone id is out of range
[   61.379512][ T6082] netlink: zone id is out of range
[   61.381270][ T6082] netlink: zone id is out of range
[   61.398744][ T6084] veth1_macvtap: left promiscuous mode
[   61.400648][ T6084] macsec0: entered promiscuous mode
[   61.406315][ T6084] veth1_macvtap: entered promiscuous mode
[   61.408952][ T6084] macsec0: left promiscuous mode
[   61.546366][ T6097] netlink: 4 bytes leftover after parsing attributes in process `syz.2.91'.
[   61.584166][ T5223] Bluetooth: hci0: command tx timeout
[   61.586033][   T55] Bluetooth: hci1: command tx timeout
[   61.663443][   T55] Bluetooth: hci2: command tx timeout
[   61.925262][ T6126] bond1: entered promiscuous mode
[   61.929246][ T6126] 8021q: adding VLAN 0 to HW filter on device bond1
[   62.070906][ T6140] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   62.613151][ T6179] netlink: 8 bytes leftover after parsing attributes in process `syz.1.128'.
[   62.657077][ T6181] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   62.660786][ T6181] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   62.664251][ T6181] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   62.667224][ T6181] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   62.937956][ T6204] erspan0: entered promiscuous mode
[   62.941356][ T6204] batman_adv: batadv0: Adding interface: macvlan2
[   62.949064][ T6204] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1450) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.959591][ T6204] batman_adv: batadv0: Interface activated: macvlan2
[   63.555508][ T6262] atomic_op ffff88802ff42198 conn xmit_atomic 0000000000000000
[   63.625299][ T6266] netlink: 'syz.1.168': attribute type 18 has an invalid length.
[   63.673412][   T55] Bluetooth: hci1: command tx timeout
[   63.673438][ T5223] Bluetooth: hci0: command tx timeout
[   63.753556][ T5223] Bluetooth: hci2: command tx timeout
[   63.992203][ T6274] __nla_validate_parse: 3 callbacks suppressed
[   63.992218][ T6274] netlink: 132 bytes leftover after parsing attributes in process `syz.1.171'.
[   64.504307][ T6300] netlink: 24 bytes leftover after parsing attributes in process `syz.1.184'.
[   64.579205][ T6309] C: renamed from team_slave_0 (while UP)
[   64.709522][ T6309] netlink: 'syz.0.187': attribute type 1 has an invalid length.
[   64.712991][ T6309] netlink: 152 bytes leftover after parsing attributes in process `syz.0.187'.
[   64.801848][ T6317] netlink: 28 bytes leftover after parsing attributes in process `syz.2.193'.
[   64.804810][ T6317] netlink: 28 bytes leftover after parsing attributes in process `syz.2.193'.
[   64.811911][ T6317] syz_tun: entered promiscuous mode
[   64.814554][ T6317] erspan0: entered promiscuous mode
[   64.816853][ T6317] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   64.820174][ T6317] Cannot create hsr debugfs directory
[   64.870629][ T6322] netlink: 4 bytes leftover after parsing attributes in process `syz.2.195'.
[   64.893567][ T6324] xt_hashlimit: max too large, truncated to 1048576
[   64.896273][ T6324] Cannot find add_set index 3 as target
[   64.948446][ T6329] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   65.050180][ T6338] netlink: 8 bytes leftover after parsing attributes in process `syz.1.203'.
[   65.861794][ T6364] netlink: 24 bytes leftover after parsing attributes in process `syz.1.216'.
[   66.088136][ T6394] netlink: 'syz.1.229': attribute type 1 has an invalid length.
[   66.169839][ T6400] syzkaller1: tun_chr_ioctl cmd 1074025677
[   66.172294][ T6400] syzkaller1: linktype set to 6
[   66.643595][ T6365] Bluetooth: hci0: Opcode 0x0401 failed: -4
[   66.710713][ T6465] netlink: 20 bytes leftover after parsing attributes in process `syz.0.258'.
[   66.978740][    C1] net_ratelimit: 75 callbacks suppressed
[   66.978749][    C1] IPv4: Oversized IP packet from 127.0.0.1
[   67.171585][ T6505] netlink: 'syz.0.277': attribute type 1 has an invalid length.
[   67.180780][ T6505] netlink: 600 bytes leftover after parsing attributes in process `syz.0.277'.
[   67.826822][ T6533] netlink: 'syz.2.287': attribute type 1 has an invalid length.
[   67.903761][   T55] Bluetooth: hci0: command 0x0401 tx timeout
[   68.928380][ T6579] netlink: 'syz.0.308': attribute type 21 has an invalid length.
[   69.030836][ T6588] __nla_validate_parse: 5 callbacks suppressed
[   69.030851][ T6588] netlink: 4 bytes leftover after parsing attributes in process `syz.0.312'.
[   69.061893][ T6588] syz.0.312 uses obsolete (PF_INET,SOCK_PACKET)
[   69.533020][ T6634] pim6reg1: entered promiscuous mode
[   69.535526][ T6634] pim6reg1: entered allmulticast mode
[   69.659117][ T6634] netlink: 32 bytes leftover after parsing attributes in process `syz.0.331'.
[   69.729531][ T6634] 8021q: adding VLAN 0 to HW filter on device bond1
[   69.734385][ T6634] team0: Port device bond1 added
[   69.744076][   T55] Bluetooth: hci2: command 0x0405 tx timeout
[   69.764294][ T6654] Illegal XDP return value 4294967274 on prog  (id 68) dev N/A, expect packet loss!
[   70.382939][ T6685] xt_hashlimit: size too large, truncated to 1048576
[   70.472146][ T6688] xt_bpf: check failed: parse error
[   70.603556][ T6692] netlink: 4 bytes leftover after parsing attributes in process `syz.1.354'.
[   70.607255][ T6692] netlink: 4 bytes leftover after parsing attributes in process `syz.1.354'.
[   70.841154][ T6710] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.363'.
[   70.872428][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   70.874650][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[   71.427661][ T6754] veth2: entered allmulticast mode
[   71.617679][ T6771] netlink: 44 bytes leftover after parsing attributes in process `syz.2.390'.
[   71.644605][ T6771] netlink: 43 bytes leftover after parsing attributes in process `syz.2.390'.
[   71.663680][ T6771] netlink: 'syz.2.390': attribute type 6 has an invalid length.
[   71.669303][ T6771] netlink: 'syz.2.390': attribute type 5 has an invalid length.
[   71.672514][ T6771] netlink: 43 bytes leftover after parsing attributes in process `syz.2.390'.
[   71.952664][ T6793] netlink: 'syz.0.402': attribute type 1 has an invalid length.
[   71.957545][ T6793] netlink: 224 bytes leftover after parsing attributes in process `syz.0.402'.
[   72.108494][ T6813] netlink: 4 bytes leftover after parsing attributes in process `syz.1.411'.
[   72.113366][ T6809] dummy0: entered promiscuous mode
[   72.116073][ T6809] vlan2: entered promiscuous mode
[   72.231788][ T6821] tipc: Enabled bearer <udp:syz2>, priority 10
[   72.381308][ T6831] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   72.384895][ T6831] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   72.387921][ T6831] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   72.390759][ T6831] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   72.443461][ T6831] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   72.448827][ T6831] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.521133][ T6831] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   72.540229][ T6831] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.597707][ T6855] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled
[   72.771104][ T6831] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   72.775559][ T6831] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.872643][ T6831] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   72.877335][ T6831] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.922205][ T6883] vlan2: entered promiscuous mode
[   72.924863][ T6883] bond0: entered promiscuous mode
[   72.927004][ T6883] bond_slave_0: entered promiscuous mode
[   72.929610][ T6883] bond_slave_1: entered promiscuous mode
[   73.003757][ T6831] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   73.015069][ T6831] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.046573][ T6831] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   73.049997][ T6831] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.070136][ T6831] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   73.076442][ T6831] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.093181][ T6831] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   73.098348][ T6831] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.219259][ T6899] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.238964][ T6900] netlink: 'syz.2.447': attribute type 7 has an invalid length.
[   73.245634][ T6900] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.248865][ T6900] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.251787][ T6900] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.314699][ T6899] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.344797][  T973] tipc: Node number set to 978710900
[   73.379234][ T6899] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.481728][ T6917] netlink: 'syz.1.453': attribute type 1 has an invalid length.
[   73.484662][ T6899] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.534745][ T6917] nbd: socks must be embedded in a SOCK_ITEM attr
[   73.539726][ T6917] block nbd0: shutting down sockets
[   73.601492][ T6899] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.643026][ T6899] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.674323][ T6899] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.707366][ T6921] netlink: 'syz.1.455': attribute type 15 has an invalid length.
[   73.707927][ T6899] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   74.229923][ T6949] Cannot find add_set index 0 as target
[   74.284103][ T6958] __nla_validate_parse: 7 callbacks suppressed
[   74.284115][ T6958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.473'.
[   74.370284][ T6966] netlink: 'syz.1.477': attribute type 5 has an invalid length.
[   74.373692][ T6966] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.477'.
[   74.406621][ T6972] netlink: 20 bytes leftover after parsing attributes in process `syz.2.479'.
[   74.503263][ T6981] netlink: 304 bytes leftover after parsing attributes in process `syz.2.484'.
[   74.571637][ T6987] netlink: 20 bytes leftover after parsing attributes in process `syz.1.487'.
[   75.301731][ T7029] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   75.477567][ T7041] netlink: 40 bytes leftover after parsing attributes in process `syz.0.511'.
[   75.481375][ T7041] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[   75.673834][ T7060] netlink: 20 bytes leftover after parsing attributes in process `syz.1.519'.
[   75.842407][ T7071] xfrm1: entered allmulticast mode
[   76.022123][ T7080] netlink: 'syz.1.528': attribute type 4 has an invalid length.
[   76.054286][ T7080] netlink: 'syz.1.528': attribute type 4 has an invalid length.
[   76.099683][ T7084] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.530'.
[   76.145419][ T7087] netlink: 1 bytes leftover after parsing attributes in process `syz.0.532'.
[   76.488064][ T7114] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.491362][ T7114] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.569697][ T7114] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   76.578701][ T7114] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   76.621134][ T7114] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   76.624668][ T7114] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   76.627495][ T7114] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   76.630260][ T7114] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   76.652890][ T7119] dummy0: mtu less than device minimum
[   76.725016][ T7114] syz.0.544 (7114) used greatest stack depth: 20632 bytes left
[   76.847586][ T7137] netlink: 4 bytes leftover after parsing attributes in process `syz.1.554'.
[   76.927836][ T7144] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[   77.092386][ T7164] nbd: must specify at least one socket
[   78.010757][ T7272] x_tables: ip_tables: udp match: only valid for protocol 17
[   78.130457][ T7278] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.134380][ T7278] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.385019][ T7291] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   78.533142][ T7296] tap0: tun_chr_ioctl cmd 1074025677
[   78.536693][ T7296] tap0: linktype set to 776
[   78.821513][ T7329] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048)
[   78.934305][ T7342] veth0_to_team: entered promiscuous mode
[   78.936222][ T7342] veth0_to_team: entered allmulticast mode
[   79.441933][ T7377] __nla_validate_parse: 15 callbacks suppressed
[   79.441949][ T7377] netlink: 4 bytes leftover after parsing attributes in process `syz.1.656'.
[   79.444413][ T7380] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551500)
[   79.444834][ T7377] netlink: 8 bytes leftover after parsing attributes in process `syz.1.656'.
[   79.448156][ T7380] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647
[   79.495521][ T7383] netlink: 'syz.2.659': attribute type 1 has an invalid length.
[   79.510300][ T7387] xt_TCPMSS: Only works on TCP SYN packets
[   79.625156][ T7398] tipc: Started in network mode
[   79.627184][ T7398] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[   79.630094][ T7398] tipc: Enabled bearer <eth:team0>, priority 0
[   79.708289][ T7409] netlink: 8 bytes leftover after parsing attributes in process `syz.1.672'.
[   80.089544][ T7451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.692'.
[   80.199733][ T7459] netlink: 8 bytes leftover after parsing attributes in process `syz.1.698'.
[   80.316742][ T7471] netlink: 'syz.1.703': attribute type 10 has an invalid length.
[   80.378253][ T7471] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   80.386262][ T7470] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   80.445469][ T7484] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.709'.
[   80.631628][ T7502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.718'.
[   80.672130][ T7506] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[   80.743482][    T9] tipc: Node number set to 11578026
[   80.859292][ T7518] netlink: 4 bytes leftover after parsing attributes in process `syz.2.726'.
[   80.864912][ T7518] netlink: 12 bytes leftover after parsing attributes in process `syz.2.726'.
[   81.120949][  T792] cfg80211: failed to load regulatory.db
[   81.330018][ T7562] netlink: 8 bytes leftover after parsing attributes in process `syz.1.743'.
[   81.428273][ T7575] syzkaller1: entered promiscuous mode
[   81.430635][ T7575] syzkaller1: entered allmulticast mode
[   81.952213][ T7602] xt_CT: No such helper "snmp"
[   82.119978][ T7611] openvswitch: netlink: IP tunnel dst address not specified
[   82.144741][ T7613] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   82.696107][ T7669] netlink: 'syz.0.791': attribute type 7 has an invalid length.
[   82.698832][ T7669] netlink: 'syz.0.791': attribute type 8 has an invalid length.
[   82.800840][ T5833] syz_tun (unregistering): left promiscuous mode
[   82.832597][ T7676] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[   83.087255][ T5857] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   83.090723][ T5857] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.156819][ T5857] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   83.161066][ T5857] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.184740][ T7695] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   83.238848][ T5857] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   83.242191][ T5857] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.327296][ T5857] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   83.330794][ T5857] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.443154][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   83.448311][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   83.452508][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   83.458395][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   83.462749][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   83.535275][ T5857] bridge_slave_1: left allmulticast mode
[   83.539121][ T5857] bridge_slave_1: left promiscuous mode
[   83.546327][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.578183][ T5857] bridge_slave_0: left allmulticast mode
[   83.581070][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.839004][ T5857] erspan0 (unregistering): left promiscuous mode
[   84.098154][ T5857] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   84.106542][ T5857] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   84.111535][ T5857] bond0 (unregistering): Released all slaves
[   84.418353][ T7708] chnl_net:caif_netlink_parms(): no params data found
[   84.542286][ T5857] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   84.547965][ T5857] batman_adv: batadv0: Removing interface: batadv_slave_0
[   84.552899][ T5857] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   84.556911][ T5857] batman_adv: batadv0: Removing interface: batadv_slave_1
[   84.571525][ T5857] veth1_vlan: left promiscuous mode
[   84.575497][ T5857] veth0_vlan: left promiscuous mode
[   84.780295][ T5857] team0 (unregistering): Port device team_slave_1 removed
[   84.801823][ T5857] team0 (unregistering): Port device team_slave_0 removed
[   85.076581][ T7764] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   85.081687][ T7765] syzkaller0: entered promiscuous mode
[   85.086626][ T7765] syzkaller0: entered allmulticast mode
[   85.092653][ T7773] tipc: Resetting bearer <eth:syzkaller0>
[   85.099750][ T7753] tipc: Resetting bearer <eth:syzkaller0>
[   85.128221][ T7753] tipc: Disabling bearer <eth:syzkaller0>
[   85.155240][ T7708] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.158377][ T7708] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.161490][ T7708] bridge_slave_0: entered allmulticast mode
[   85.168790][ T7708] bridge_slave_0: entered promiscuous mode
[   85.173747][ T7708] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.176654][ T7708] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.179784][ T7708] bridge_slave_1: entered allmulticast mode
[   85.185002][ T7708] bridge_slave_1: entered promiscuous mode
[   85.268207][ T7708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   85.273051][ T7708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   85.336480][ T7708] team0: Port device team_slave_0 added
[   85.346615][ T7708] team0: Port device team_slave_1 added
[   85.391576][ T7708] batman_adv: batadv0: Adding interface: batadv_slave_0
[   85.394159][ T7708] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   85.402268][ T7708] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   85.424788][ T7708] batman_adv: batadv0: Adding interface: batadv_slave_1
[   85.427031][ T7708] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   85.452942][ T7708] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   85.505515][   T55] Bluetooth: hci1: command tx timeout
[   85.530749][ T7708] hsr_slave_0: entered promiscuous mode
[   85.540779][ T7708] hsr_slave_1: entered promiscuous mode
[   85.543024][ T7708] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   85.547018][ T7708] Cannot create hsr debugfs directory
[   85.767178][ T7828] __nla_validate_parse: 10 callbacks suppressed
[   85.767195][ T7828] netlink: 24 bytes leftover after parsing attributes in process `syz.0.848'.
[   85.812613][ T7831] Bluetooth: MGMT ver 1.23
[   86.210679][ T7708] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   86.224315][ T7708] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   86.241522][ T7708] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   86.251338][ T7708] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   86.421333][ T7708] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.444831][ T7708] 8021q: adding VLAN 0 to HW filter on device team0
[   86.461911][ T4334] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.465146][ T4334] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.471876][ T4334] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.475278][ T4334] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.819129][ T7708] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.847267][ T7905] netlink: 16 bytes leftover after parsing attributes in process `syz.1.868'.
[   86.882650][ T7708] veth0_vlan: entered promiscuous mode
[   86.894408][ T7708] veth1_vlan: entered promiscuous mode
[   86.926795][ T7708] veth0_macvtap: entered promiscuous mode
[   86.938874][ T7708] veth1_macvtap: entered promiscuous mode
[   86.955757][ T7708] batman_adv: batadv0: Interface activated: batadv_slave_0
[   86.968181][ T7708] batman_adv: batadv0: Interface activated: batadv_slave_1
[   86.987142][ T7708] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.990121][ T7708] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.993133][ T7708] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.001664][ T7708] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.115488][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.119154][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.208672][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.212584][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.224501][ T7120] IPVS: starting estimator thread 0...
[   87.227476][ T7920] IPVS: ovf: UDP 224.0.0.2:20004 - no destination available
[   87.345271][ T7939] IPVS: using max 40 ests per chain, 96000 per kthread
[   87.741672][ T7975] netlink: 48 bytes leftover after parsing attributes in process `syz.0.884'.
[   87.756555][ T7977] ieee802154 phy0 wpan0: encryption failed: -22
[   87.874883][ T7988] netlink: 'syz.0.890': attribute type 1 has an invalid length.
[   87.895580][ T7988] 8021q: adding VLAN 0 to HW filter on device bond2
[   87.911214][ T7988] 8021q: adding VLAN 0 to HW filter on device bond2
[   87.913584][ T7988] bond2: (slave vxcan1): The slave device specified does not support setting the MAC address
[   87.917563][ T7988] bond2: (slave vxcan1): Error -95 calling set_mac_address
[   87.967125][ T7996] netlink: 20 bytes leftover after parsing attributes in process `syz.1.893'.
[   87.971808][ T7988] gretap1: entered promiscuous mode
[   87.977414][ T7988] bond2: (slave gretap1): making interface the new active one
[   87.980945][ T7988] bond2: (slave gretap1): Enslaving as an active interface with an up link
[   88.000124][ T7988] macvlan2: entered promiscuous mode
[   88.003524][ T7988] macvlan2: entered allmulticast mode
[   88.005950][ T7988] bond2: entered promiscuous mode
[   88.008227][ T7988] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   88.012130][ T7988] bond2: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1
[   88.020516][ T7988] bond2: left promiscuous mode
[   88.315925][ T8020] netlink: 'syz.1.905': attribute type 4 has an invalid length.
[   88.453040][ T8032] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   88.810854][ T5858] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.069248][ T8052] 8021q: adding VLAN 0 to HW filter on device bond3
[   89.072425][ T8052] bond3: entered promiscuous mode
[   89.075795][ T8052] bond0: (slave bond3): Enslaving as an active interface with an up link
[   89.136258][ T5223] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   89.139795][ T5223] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   89.144288][ T5223] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   89.147721][ T5223] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   89.150618][ T5223] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   89.259071][ T8058] chnl_net:caif_netlink_parms(): no params data found
[   89.330223][ T8058] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.333847][ T8058] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.336868][ T8058] bridge_slave_0: entered allmulticast mode
[   89.340626][ T8058] bridge_slave_0: entered promiscuous mode
[   89.353242][ T8058] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.356856][ T8058] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.360857][ T8058] bridge_slave_1: entered allmulticast mode
[   89.365987][ T8058] bridge_slave_1: entered promiscuous mode
[   89.407862][ T8079] vlan1: entered promiscuous mode
[   89.409799][ T8079] vlan0: entered promiscuous mode
[   89.411929][ T8079] gretap0: entered promiscuous mode
[   89.426792][ T8058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.434026][ T8058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.481582][ T8058] team0: Port device team_slave_0 added
[   89.487169][ T8058] team0: Port device team_slave_1 added
[   89.512843][ T8058] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.516090][ T8058] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.525385][ T8058] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.529974][ T8058] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.532304][ T8058] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.542445][ T8058] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.572709][ T8058] hsr_slave_0: entered promiscuous mode
[   89.575431][ T8058] hsr_slave_1: entered promiscuous mode
[   89.577776][ T8058] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.580463][ T8058] Cannot create hsr debugfs directory
[   89.816311][ T8099] batadv_slave_1: entered promiscuous mode
[   89.826881][ T8098] batadv_slave_1: left promiscuous mode
[   89.937981][ T8105] xt_CT: No such helper "snmp"
[   90.455918][ T8149] netlink: 8 bytes leftover after parsing attributes in process `syz.0.961'.
[   90.458909][ T8149] netlink: 12 bytes leftover after parsing attributes in process `syz.0.961'.
[   90.487828][ T5858] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.565458][ T5858] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.643120][ T5858] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.857712][ T5858] bridge_slave_1: left allmulticast mode
[   90.861210][ T5858] bridge_slave_1: left promiscuous mode
[   90.864023][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.886126][ T5858] bridge_slave_0: left allmulticast mode
[   90.892577][ T5858] bridge_slave_0: left promiscuous mode
[   90.899281][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.184595][ T5223] Bluetooth: hci1: command tx timeout
[   91.279919][ T5858] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   91.284730][ T5858] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   91.288936][ T5858] bond0 (unregistering): Released all slaves
[   91.535694][ T8184] netlink: 8 bytes leftover after parsing attributes in process `syz.0.976'.
[   91.541294][ T8184] openvswitch: netlink: nsh attr 2560 is out of range max 3
[   91.543882][ T8184] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   91.749377][ T8193] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[   91.772580][ T5858] hsr_slave_0: left promiscuous mode
[   91.778932][ T5858] hsr_slave_1: left promiscuous mode
[   91.786762][ T5858] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   91.790102][ T5858] batman_adv: batadv0: Removing interface: batadv_slave_0
[   91.793108][ T5858] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   91.796223][ T5858] batman_adv: batadv0: Removing interface: batadv_slave_1
[   91.808477][ T5858] veth1_macvtap: left promiscuous mode
[   91.810635][ T5858] veth0_macvtap: left promiscuous mode
[   91.812634][ T5858] veth1_vlan: left promiscuous mode
[   91.817009][ T5858] veth0_vlan: left promiscuous mode
[   92.142090][ T5858] team0 (unregistering): Port device team_slave_1 removed
[   92.162368][ T5858] team0 (unregistering): Port device team_slave_0 removed
[   92.456624][ T8058] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   92.476203][ T8058] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   92.498605][ T8058] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   92.535745][ T8058] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   92.645419][ T8058] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.666861][ T8058] 8021q: adding VLAN 0 to HW filter on device team0
[   92.677109][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.679762][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.694020][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.696375][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.710626][ T8221] netlink: 'syz.0.986': attribute type 29 has an invalid length.
[   92.720069][ T8221] netlink: 'syz.0.986': attribute type 29 has an invalid length.
[   92.730692][ T8221] netlink: 'syz.0.986': attribute type 29 has an invalid length.
[   92.744747][ T8221] netlink: 'syz.0.986': attribute type 29 has an invalid length.
[   92.762739][ T8058] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   92.767243][ T8058] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   92.817109][ T8227] xt_CT: You must specify a L4 protocol and not use inversions on it
[   92.975728][ T8058] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.031511][ T8058] veth0_vlan: entered promiscuous mode
[   93.041346][ T8058] veth1_vlan: entered promiscuous mode
[   93.069608][ T8058] veth0_macvtap: entered promiscuous mode
[   93.076844][ T8058] veth1_macvtap: entered promiscuous mode
[   93.098936][ T8058] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.108897][ T8058] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.115424][ T8058] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.118396][ T8058] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.121407][ T8058] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.125507][ T8058] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.157552][ T8252] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.997'.
[   93.162509][ T8249] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.997'.
[   93.182550][ T8249] IPVS: set_ctl: invalid protocol: 8345 172.30.1.2:20003
[   93.190201][ T8254] SET target dimension over the limit!
[   93.196583][ T8249] Cannot find add_set index 3 as target
[   93.206920][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.210128][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.258755][  T253] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.259671][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.262125][  T253] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.267123][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.275325][ T5223] Bluetooth: hci1: command tx timeout
[   93.280828][ T8249] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   93.346020][ T8258] netlink: 720 bytes leftover after parsing attributes in process `syz.0.1001'.
[   93.352142][ T8258] (unnamed net_device) (uninitialized): option packets_per_slave: invalid value (5001287)
[   93.359533][ T8258] (unnamed net_device) (uninitialized): option packets_per_slave: allowed values 0 - 65535
[   93.864628][ T8293] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   93.952476][ T8288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   94.011006][ T8288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   94.361653][ T8318] netlink: 'syz.1.1017': attribute type 10 has an invalid length.
[   94.364596][ T8318] tipc: Resetting bearer <eth:team0>
[   94.369625][ T8318] tipc: Resetting bearer <eth:team0>
[   94.372134][ T8318] 8021q: adding VLAN 0 to HW filter on device team0
[   94.380934][ T8318] bond0: (slave team0): Enslaving as an active interface with an up link
[   94.442616][ T8322] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1019'.
[   94.804566][ T5857] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.150634][ T8365] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (3)
[   95.199221][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   95.203130][ T8370] netlink: 'syz.1.1035': attribute type 2 has an invalid length.
[   95.215040][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   95.218731][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   95.223007][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   95.225859][ T8370] : entered promiscuous mode
[   95.228829][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   95.367053][ T8366] chnl_net:caif_netlink_parms(): no params data found
[   95.443258][ T8366] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.448657][ T8366] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.452331][ T8366] bridge_slave_0: entered allmulticast mode
[   95.456336][ T8366] bridge_slave_0: entered promiscuous mode
[   95.459798][ T8366] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.462100][ T8366] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.465094][ T8366] bridge_slave_1: entered allmulticast mode
[   95.467790][ T8366] bridge_slave_1: entered promiscuous mode
[   95.489448][ T8366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.495414][ T8366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.517060][ T8366] team0: Port device team_slave_0 added
[   95.520356][ T8366] team0: Port device team_slave_1 added
[   95.550622][ T8366] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.554793][ T8366] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.565491][ T8366] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.571672][ T8366] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.574865][ T8366] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.588707][ T8366] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.639614][ T8366] hsr_slave_0: entered promiscuous mode
[   95.642793][ T8366] hsr_slave_1: entered promiscuous mode
[   95.648097][ T8366] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.651420][ T8366] Cannot create hsr debugfs directory
[   96.150135][ T5857] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.220219][ T8393] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1042'.
[   96.350055][ T5857] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.422923][ T5857] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.448088][ T8406] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1048'.
[   96.471287][ T8406] netlink: 'syz.1.1048': attribute type 1 has an invalid length.
[   96.534333][ T8406] 8021q: adding VLAN 0 to HW filter on device bond2
[   96.576094][ T8411] bond2: (slave gretap1): making interface the new active one
[   96.581437][ T8411] bond2: (slave gretap1): Enslaving as an active interface with an up link
[   96.675372][ T8411] syz.1.1048 (8411) used greatest stack depth: 20104 bytes left
[   96.699223][ T5857] bridge_slave_1: left allmulticast mode
[   96.701062][ T5857] bridge_slave_1: left promiscuous mode
[   96.702981][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.714740][ T5857] bridge_slave_0: left allmulticast mode
[   96.717216][ T5857] bridge_slave_0: left promiscuous mode
[   96.720565][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.025632][ T5857] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   97.030226][ T5857] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   97.034547][ T5857] bond0 (unregistering): Released all slaves
[   97.263873][   T55] Bluetooth: hci1: command tx timeout
[   97.452456][ T5857] hsr_slave_0: left promiscuous mode
[   97.464808][ T5857] hsr_slave_1: left promiscuous mode
[   97.472938][ T5857] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   97.478686][ T5857] batman_adv: batadv0: Removing interface: batadv_slave_0
[   97.487300][ T5857] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.490437][ T5857] batman_adv: batadv0: Removing interface: batadv_slave_1
[   97.530514][ T5857] veth1_macvtap: left promiscuous mode
[   97.539916][ T5857] veth0_macvtap: left promiscuous mode
[   97.542401][ T5857] veth1_vlan: left promiscuous mode
[   97.545038][ T5857] veth0_vlan: left promiscuous mode
[   97.870317][ T5857] team0 (unregistering): Port device team_slave_1 removed
[   97.889460][ T5857] team0 (unregistering): Port device team_slave_0 removed
[   98.101616][ T8366] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   98.106146][ T8366] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   98.127855][ T8366] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   98.140035][ T8366] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   98.207105][ T8366] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.229535][ T8366] 8021q: adding VLAN 0 to HW filter on device team0
[   98.249580][  T253] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.252100][  T253] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.265513][  T253] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.267868][  T253] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.449372][ T8366] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.503490][ T8366] veth0_vlan: entered promiscuous mode
[   98.515425][ T8366] veth1_vlan: entered promiscuous mode
[   98.552518][ T8366] veth0_macvtap: entered promiscuous mode
[   98.566906][ T8366] veth1_macvtap: entered promiscuous mode
[   98.591725][ T8366] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.611833][ T8366] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.619104][ T8366] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.622178][ T8366] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.627729][ T8366] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.630722][ T8366] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.646223][ T8500] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1072'.
[   98.730109][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.732594][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.754712][  T253] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.757312][  T253] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.796543][  T792] IPVS: starting estimator thread 0...
[   98.883838][ T8513] IPVS: using max 79 ests per chain, 189600 per kthread
[   98.896047][ T8521] netlink: 'syz.0.1081': attribute type 58 has an invalid length.
[   98.921107][ T8525] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[   98.936710][ T8527] netlink: 'syz.1.1084': attribute type 1 has an invalid length.
[   98.939865][ T8527] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1084'.
[   99.000583][ T8533] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1087'.
[   99.042215][ T8538] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1090'.
[   99.464612][ T8569] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   99.467537][ T8569] IPv6: NLM_F_CREATE should be set when creating new route
[   99.470012][ T8569] IPv6: NLM_F_CREATE should be set when creating new route
[   99.740141][ T8576] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[   99.743194][ T8576] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  100.321635][ T8602] xt_NFQUEUE: number of total queues is 0
[  100.499368][ T5857] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.259364][ T5223] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  101.263953][ T5223] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  101.268486][ T5223] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  101.275039][ T5223] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  101.279445][ T5223] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  101.348639][ T8633] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1128'.
[  101.518192][ T8644] (unnamed net_device) (uninitialized): ARP target 9.0.0.0 is already present
[  101.522054][ T8644] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (9)
[  101.532493][ T8628] chnl_net:caif_netlink_parms(): no params data found
[  101.654329][ T8655] netlink: 'syz.0.1137': attribute type 142 has an invalid length.
[  101.659589][ T8628] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.662349][ T8628] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.666672][ T8628] bridge_slave_0: entered allmulticast mode
[  101.673251][ T8628] bridge_slave_0: entered promiscuous mode
[  101.689379][ T8628] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.692017][ T8628] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.703618][ T8628] bridge_slave_1: entered allmulticast mode
[  101.709062][ T8628] bridge_slave_1: entered promiscuous mode
[  101.736526][ T8628] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.741550][ T8628] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.802435][ T8628] team0: Port device team_slave_0 added
[  101.815527][ T8628] team0: Port device team_slave_1 added
[  101.842862][ T8669] wg2: entered promiscuous mode
[  101.848823][ T8628] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.854916][ T8628] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.865888][ T8628] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.870608][ T8628] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.872941][ T8628] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.888082][ T8665] syz.1.1142: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  101.889677][ T8628] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.894565][ T8665] CPU: 1 UID: 0 PID: 8665 Comm: syz.1.1142 Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 PREEMPT(full) 
[  101.894584][ T8665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  101.894591][ T8665] Call Trace:
[  101.894598][ T8665]  <TASK>
[  101.894603][ T8665]  dump_stack_lvl+0x189/0x250
[  101.894626][ T8665]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.894643][ T8665]  ? __pfx__printk+0x10/0x10
[  101.894661][ T8665]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  101.894680][ T8665]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  101.894697][ T8665]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  101.894745][ T8665]  warn_alloc+0x214/0x310
[  101.894764][ T8665]  ? stack_depot_save_flags+0x40/0x900
[  101.894784][ T8665]  ? __pfx_warn_alloc+0x10/0x10
[  101.894795][ T8665]  ? kasan_save_track+0x4f/0x80
[  101.894805][ T8665]  ? xskq_create+0x56/0x170
[  101.894818][ T8665]  ? xsk_init_queue+0xb0/0x110
[  101.894828][ T8665]  ? xsk_setsockopt+0x43f/0x710
[  101.894839][ T8665]  ? do_sock_setsockopt+0x25a/0x3e0
[  101.894848][ T8665]  ? __x64_sys_setsockopt+0x18b/0x220
[  101.894860][ T8665]  ? do_syscall_64+0xfa/0x3b0
[  101.894872][ T8665]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.894890][ T8665]  __vmalloc_node_range_noprof+0x125/0x12f0
[  101.894933][ T8665]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  101.894955][ T8665]  ? __kasan_kmalloc+0x93/0xb0
[  101.894973][ T8665]  vmalloc_user_noprof+0xad/0xf0
[  101.894990][ T8665]  ? xskq_create+0xbf/0x170
[  101.895007][ T8665]  xskq_create+0xbf/0x170
[  101.895026][ T8665]  xsk_init_queue+0xb0/0x110
[  101.895043][ T8665]  xsk_setsockopt+0x43f/0x710
[  101.895061][ T8665]  ? __pfx_xsk_setsockopt+0x10/0x10
[  101.895075][ T8665]  ? __lock_acquire+0xab9/0xd20
[  101.895094][ T8665]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  101.895111][ T8665]  ? __pfx_xsk_setsockopt+0x10/0x10
[  101.895127][ T8665]  do_sock_setsockopt+0x25a/0x3e0
[  101.895144][ T8665]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  101.895161][ T8665]  ? __fget_files+0x2a/0x420
[  101.895182][ T8665]  __x64_sys_setsockopt+0x18b/0x220
[  101.895201][ T8665]  do_syscall_64+0xfa/0x3b0
[  101.895213][ T8665]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.895222][ T8665]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  101.895238][ T8665]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.895249][ T8665] RIP: 0033:0x7f4856f8e929
[  101.895261][ T8665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.895271][ T8665] RSP: 002b:00007f4857e9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  101.895285][ T8665] RAX: ffffffffffffffda RBX: 00007f48571b5fa0 RCX: 00007f4856f8e929
[  101.895293][ T8665] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009
[  101.895300][ T8665] RBP: 00007f4857010b39 R08: 0000000000000004 R09: 0000000000000000
[  101.895306][ T8665] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  101.895313][ T8665] R13: 0000000000000000 R14: 00007f48571b5fa0 R15: 00007fff4efab9e8
[  101.895331][ T8665]  </TASK>
[  101.895337][ T8665] Mem-Info:
[  102.007074][ T8665] active_anon:13935 inactive_anon:0 isolated_anon:0
[  102.007074][ T8665]  active_file:977 inactive_file:38228 isolated_file:0
[  102.007074][ T8665]  unevictable:1768 dirty:288 writeback:0
[  102.007074][ T8665]  slab_reclaimable:9420 slab_unreclaimable:54350
[  102.007074][ T8665]  mapped:18234 shmem:2457 pagetables:1017
[  102.007074][ T8665]  sec_pagetables:0 bounce:0
[  102.007074][ T8665]  kernel_misc_reclaimable:0
[  102.007074][ T8665]  free:288986 free_pcp:22228 free_cma:0
[  102.022181][ T8665] Node 0 active_anon:12544kB inactive_anon:0kB active_file:2988kB inactive_file:19608kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:48352kB dirty:876kB writeback:0kB shmem:4752kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5316kB pagetables:1924kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  102.047002][ T8665] Node 1 active_anon:43264kB inactive_anon:0kB active_file:920kB inactive_file:133304kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:24584kB dirty:276kB writeback:0kB shmem:5076kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:6504kB pagetables:2144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  102.060046][ T8665] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  102.070356][ T8665] lowmem_reserve[]: 0 812 812 812 812
[  102.072693][ T8665] Node 0 DMA32 free:376932kB boost:0kB min:33656kB low:42068kB high:50480kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12476kB inactive_anon:0kB active_file:2988kB inactive_file:19608kB unevictable:3536kB writepending:876kB present:1556484kB managed:831872kB mlocked:0kB bounce:0kB free_pcp:49372kB local_pcp:16504kB free_cma:0kB
[  102.077954][ T8628] hsr_slave_0: entered promiscuous mode
[  102.090893][ T8628] hsr_slave_1: entered promiscuous mode
[  102.091326][ T8665] lowmem_reserve[]: 0 0 0 0 0
[  102.096641][ T8628] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  102.096696][ T8628] Cannot create hsr debugfs directory
[  102.101701][ T8665] Node 1 DMA32 free:458616kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  102.112540][ T8665] lowmem_reserve[]: 0 0 854 854 854
[  102.116424][ T8665] Node 1 Normal free:305036kB boost:0kB min:36616kB low:45768kB high:54920kB reserved_highatomic:0KB free_highatomic:0KB active_anon:43264kB inactive_anon:0kB active_file:920kB inactive_file:133304kB unevictable:3536kB writepending:276kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:39212kB local_pcp:23892kB free_cma:0kB
[  102.126694][ T8665] lowmem_reserve[]: 0 0 0 0 0
[  102.128362][ T8665] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  102.133236][ T8665] Node 0 DMA32: 231*4kB (ME) 181*8kB (UME) 146*16kB (UME) 4*32kB (UME) 2*64kB (UE) 18*128kB (UME) 24*256kB (UME) 10*512kB (UM) 8*1024kB (UME) 9*2048kB (UM) 81*4096kB (UM) = 376932kB
[  102.139689][ T8665] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  102.177142][ T8665] Node 1 Normal: 1737*4kB (UME) 802*8kB (UE) 553*16kB (UE) 346*32kB (UME) 99*64kB (UME) 24*128kB (UM) 18*256kB (U) 16*512kB (UM) 15*1024kB (UM) 6*2048kB (U) 54*4096kB (M) = 304324kB
[  102.185926][ T8665] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  102.194465][ T8665] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  102.225314][ T8665] 41662 total pagecache pages
[  102.226843][ T8665] 0 pages in swap cache
[  102.231193][ T8665] Free swap  = 124996kB
[  102.232744][ T8665] Total swap = 124996kB
[  102.234657][ T8665] 786301 pages RAM
[  102.238096][ T8665] 0 pages HighMem/MovableOnly
[  102.241564][ T8665] 241085 pages reserved
[  102.244030][ T8665] 0 pages cma reserved
[  102.247548][ T8683] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1150'.
[  102.250736][ T8683] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1150'.
[  102.264657][ T8683] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1150'.
[  102.281212][ T8683] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma?
[  102.350510][ T5857] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.421382][ T5857] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.443806][ T8692] netlink: 'syz.1.1152': attribute type 1 has an invalid length.
[  102.499765][ T5857] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.517909][ T8696] tipc: Enabling of bearer <5dp:s> rejected, media not registered
[  102.536194][  T156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.540595][  T156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.572446][ T8695] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  102.656267][ T5857] bridge_slave_1: left allmulticast mode
[  102.658277][ T5857] bridge_slave_1: left promiscuous mode
[  102.660542][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.671242][ T5857] bridge_slave_0: left allmulticast mode
[  102.675664][ T5857] bridge_slave_0: left promiscuous mode
[  102.678387][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.939206][ T8718] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.1163'.
[  102.942254][ T8718] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  102.946093][ T8718] openvswitch: netlink: Duplicate key (type 0).
[  103.027697][ T5857] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.034107][ T5857] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  103.039062][ T5857] bond0 (unregistering): Released all slaves
[  103.161220][ T8725] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1166'.
[  103.344350][ T5223] Bluetooth: hci1: command tx timeout
[  103.603450][ T5857] hsr_slave_0: left promiscuous mode
[  103.615106][ T5857] hsr_slave_1: left promiscuous mode
[  103.617929][ T5857] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  103.621270][ T5857] batman_adv: batadv0: Removing interface: batadv_slave_0
[  103.626152][ T5857] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.630088][ T5857] batman_adv: batadv0: Removing interface: batadv_slave_1
[  103.659062][ T5857] veth1_macvtap: left promiscuous mode
[  103.662520][ T5857] veth0_macvtap: left promiscuous mode
[  103.667095][ T5857] veth1_vlan: left promiscuous mode
[  103.669493][ T5857] veth0_vlan: left promiscuous mode
[  104.050584][ T5857] team0 (unregistering): Port device team_slave_1 removed
[  104.082402][ T5857] team0 (unregistering): Port device team_slave_0 removed
[  104.396440][ T8755] dvmrp0: entered allmulticast mode
[  104.546362][ T8628] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  104.560160][ T8628] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  104.578090][ T8628] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  104.590042][ T8628] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  104.691856][ T8628] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.707523][ T8628] 8021q: adding VLAN 0 to HW filter on device team0
[  104.715670][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.718187][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.730782][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.733373][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.799048][ T8628] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  104.941102][ T8628] 8021q: adding VLAN 0 to HW filter on device batadv0
[  104.987043][ T8628] veth0_vlan: entered promiscuous mode
[  104.994790][ T8628] veth1_vlan: entered promiscuous mode
[  105.019892][ T8628] veth0_macvtap: entered promiscuous mode
[  105.030770][ T8628] veth1_macvtap: entered promiscuous mode
[  105.047609][ T8628] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.056545][ T8628] batman_adv: batadv0: Interface activated: batadv_slave_1
[  105.064774][ T8628] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  105.067916][ T8628] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  105.071015][ T8628] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  105.075638][ T8628] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.148008][  T156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.150510][  T156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.172289][  T156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.176270][  T156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.595204][ T8831] netlink: 'syz.0.1199': attribute type 1 has an invalid length.
[  105.598547][ T8831] nbd: error processing sock list
[  105.601148][ T8831] block nbd0: shutting down sockets
[  105.733221][ T8842] netlink: 'syz.0.1202': attribute type 4 has an invalid length.
[  105.801674][ T8850] __nla_validate_parse: 1 callbacks suppressed
[  105.801712][ T8850] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1205'.
[  105.808485][ T8850] nbd: illegal input index 65508
[  105.932226][ T8862] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1211'.
[  105.944503][ T8864] ip6t_REJECT: ECHOREPLY is not supported
[  105.995501][ T8868] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1214'.
[  106.070114][ T8873] delete_channel: no stack
[  106.098916][ T8876] IPv6: sit1: Disabled Multicast RS
[  106.101125][ T8876] sit1: entered allmulticast mode
[  106.942966][ T5837] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.633990][ T8898] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1226'.
[  107.678717][ T8901] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  107.691407][ T8901] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  107.751857][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  107.757348][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  107.760187][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  107.763245][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  107.766607][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  107.844568][ T8912] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  107.894842][ T8918] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1232'.
[  107.902349][ T8904] chnl_net:caif_netlink_parms(): no params data found
[  108.017867][ T8904] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.020986][ T8904] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.024387][ T8904] bridge_slave_0: entered allmulticast mode
[  108.034891][ T8904] bridge_slave_0: entered promiscuous mode
[  108.043058][ T8904] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.046156][ T8904] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.048969][ T8904] bridge_slave_1: entered allmulticast mode
[  108.052141][ T8904] bridge_slave_1: entered promiscuous mode
[  108.108801][ T8933] bond0: (slave team0): Releasing backup interface
[  108.112528][ T8933] tipc: Resetting bearer <eth:team0>
[  108.125996][ T8933] tipc: Resetting bearer <eth:team0>
[  108.130861][ T8933] bridge_slave_0: left allmulticast mode
[  108.133215][ T8933] bridge_slave_0: left promiscuous mode
[  108.136901][ T8933] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.142450][ T8933] bridge_slave_1: left allmulticast mode
[  108.145952][ T8933] bridge_slave_1: left promiscuous mode
[  108.148394][ T8933] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.158331][ T8933] bond0: (slave bond_slave_0): Releasing backup interface
[  108.167117][ T8933] bond0: (slave bond_slave_1): Releasing backup interface
[  108.181787][ T8933] team0: Port device team_slave_0 removed
[  108.192038][ T8933] team0: Port device team_slave_1 removed
[  108.197023][ T8933] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  108.200067][ T8933] batman_adv: batadv0: Removing interface: batadv_slave_0
[  108.206953][ T8933] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  108.210027][ T8933] batman_adv: batadv0: Removing interface: batadv_slave_1
[  108.220412][ T8933] bond0: (slave wlan1): Releasing backup interface
[  108.226229][ T8933] batman_adv: batadv0: Interface deactivated: macvlan2
[  108.228958][ T8933] batman_adv: batadv0: Removing interface: macvlan2
[  108.235095][ T8933] bond2: (slave gretap1): Releasing active interface
[  108.243086][ T8904] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.261432][ T8904] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.280205][ T8936] team0: Mode changed to "broadcast"
[  108.325053][ T8904] team0: Port device team_slave_0 added
[  108.329749][ T8904] team0: Port device team_slave_1 added
[  108.383144][ T8904] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.386366][ T8904] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.403740][ T8904] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.429618][ T8904] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.432469][ T8904] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.448930][ T8904] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.466900][ T8942] Cannot find del_set index 0 as target
[  108.540870][ T8904] hsr_slave_0: entered promiscuous mode
[  108.551256][ T8904] hsr_slave_1: entered promiscuous mode
[  108.555957][ T8950] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1244'.
[  108.557310][ T8904] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  108.562619][ T8904] Cannot create hsr debugfs directory
[  108.565282][ T8950] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1244'.
[  108.642228][ T5837] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.701044][ T8959] GUP no longer grows the stack in syz.0.1247 (8959): 200000006000-20000000a000 (200000005000)
[  108.709471][ T8959] CPU: 1 UID: 0 PID: 8959 Comm: syz.0.1247 Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 PREEMPT(full) 
[  108.709491][ T8959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  108.709499][ T8959] Call Trace:
[  108.709505][ T8959]  <TASK>
[  108.709511][ T8959]  dump_stack_lvl+0x189/0x250
[  108.709533][ T8959]  ? __pfx_dump_stack_lvl+0x10/0x10
[  108.709549][ T8959]  ? __pfx__printk+0x10/0x10
[  108.709565][ T8959]  ? find_vma+0xe7/0x160
[  108.709592][ T8959]  __get_user_pages+0x2a60/0x30b0
[  108.709632][ T8959]  ? __pfx___get_user_pages+0x10/0x10
[  108.709645][ T8959]  ? __gup_longterm_locked+0xbf7/0x15b0
[  108.709689][ T8959]  ? down_read_killable+0x1d1/0x350
[  108.709704][ T8959]  ? try_get_folio+0x633/0x660
[  108.709723][ T8959]  __gup_longterm_locked+0xd66/0x15b0
[  108.709741][ T8959]  ? try_grab_folio_fast+0x1be/0x4f0
[  108.709763][ T8959]  ? gup_fast_fallback+0x1afc/0x2260
[  108.709779][ T8959]  gup_fast_fallback+0x1cd4/0x2260
[  108.709819][ T8959]  ? __pfx_gup_fast_fallback+0x10/0x10
[  108.709831][ T8959]  ? trace_contention_end+0x39/0x120
[  108.709847][ T8959]  ? __mutex_lock+0x330/0xe80
[  108.709864][ T8959]  ? is_valid_gup_args+0x11f/0x200
[  108.709878][ T8959]  ? get_user_pages_fast+0x4d/0xb0
[  108.709893][ T8959]  __iov_iter_get_pages_alloc+0x39a/0xb40
[  108.709914][ T8959]  ? __pfx_pipe_clear_nowait+0x10/0x10
[  108.709930][ T8959]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  108.709948][ T8959]  ? wait_for_space+0x24d/0x2d0
[  108.709968][ T8959]  iov_iter_get_pages2+0x5e/0xa0
[  108.709985][ T8959]  __se_sys_vmsplice+0x548/0x10d0
[  108.710017][ T8959]  ? wake_up_q+0xca/0x110
[  108.710036][ T8959]  ? __pfx___se_sys_vmsplice+0x10/0x10
[  108.710055][ T8959]  ? __pfx_futex_wake+0x10/0x10
[  108.710075][ T8959]  ? __lock_acquire+0xab9/0xd20
[  108.710113][ T8959]  ? do_pipe2+0xf7/0x170
[  108.710133][ T8959]  ? rcu_is_watching+0x15/0xb0
[  108.710152][ T8959]  ? do_syscall_64+0xbe/0x3b0
[  108.710167][ T8959]  do_syscall_64+0xfa/0x3b0
[  108.710177][ T8959]  ? lockdep_hardirqs_on+0x9c/0x150
[  108.710194][ T8959]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.710206][ T8959]  ? exc_page_fault+0x9f/0xf0
[  108.710225][ T8959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.710236][ T8959] RIP: 0033:0x7f2892b8e929
[  108.710248][ T8959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.710258][ T8959] RSP: 002b:00007f28939b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
[  108.710271][ T8959] RAX: ffffffffffffffda RBX: 00007f2892db5fa0 RCX: 00007f2892b8e929
[  108.710280][ T8959] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 000000000000000e
[  108.710288][ T8959] RBP: 00007f2892c10b39 R08: 0000000000000000 R09: 0000000000000000
[  108.710295][ T8959] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  108.710302][ T8959] R13: 0000000000000000 R14: 00007f2892db5fa0 R15: 00007ffebd9444f8
[  108.710324][ T8959]  </TASK>
[  108.914836][ T5837] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.018147][ T5837] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.140348][ T5837] bridge_slave_1: left allmulticast mode
[  109.142313][ T5837] bridge_slave_1: left promiscuous mode
[  109.146743][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.153114][ T5837] bridge_slave_0: left allmulticast mode
[  109.156915][ T5837] bridge_slave_0: left promiscuous mode
[  109.158865][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.394953][ T5837] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  109.400543][ T5837] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  109.407612][ T5837] bond0 (unregistering): Released all slaves
[  109.418910][ T8983] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1254'.
[  109.422750][ T8983] tc_dump_action: action bad kind
[  109.643259][ T8999] !: renamed from dummy0
[  109.824122][   T55] Bluetooth: hci1: command tx timeout
[  109.937807][ T5837] hsr_slave_0: left promiscuous mode
[  109.942229][ T5837] hsr_slave_1: left promiscuous mode
[  109.946878][ T5837] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  109.949783][ T5837] batman_adv: batadv0: Removing interface: batadv_slave_0
[  109.979963][ T5837] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  109.982665][ T5837] batman_adv: batadv0: Removing interface: batadv_slave_1
[  110.020496][ T5837] veth1_macvtap: left promiscuous mode
[  110.023776][ T5837] veth0_macvtap: left promiscuous mode
[  110.027012][ T5837] veth1_vlan: left promiscuous mode
[  110.029016][ T5837] veth0_vlan: left promiscuous mode
[  110.778472][ T5837] team0 (unregistering): Port device team_slave_1 removed
[  110.812944][ T5837] team0 (unregistering): Port device team_slave_0 removed
[  111.119282][ T9040] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1262'.
[  111.197961][ T8904] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  111.238993][ T9088] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1263'.
[  111.266697][ T8904] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  111.280045][ T8904] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  111.298535][ T8904] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  111.377995][ T9098] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  111.385326][ T9098] syzkaller0: entered promiscuous mode
[  111.390625][ T9098] syzkaller0: entered allmulticast mode
[  111.414677][ T9098] tipc: Resetting bearer <eth:syzkaller0>
[  111.421758][ T9097] tipc: Resetting bearer <eth:syzkaller0>
[  111.430387][ T9097] tipc: Disabling bearer <eth:syzkaller0>
[  111.481995][ T8904] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.499887][ T8904] 8021q: adding VLAN 0 to HW filter on device team0
[  111.527477][ T4334] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.530442][ T4334] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.537591][ T9102] delete_channel: no stack
[  111.538851][ T4334] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.541890][ T4334] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.597539][ T8904] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  111.677817][ T8904] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.713225][ T8904] veth0_vlan: entered promiscuous mode
[  111.720739][ T8904] veth1_vlan: entered promiscuous mode
[  111.740247][ T8904] veth0_macvtap: entered promiscuous mode
[  111.750180][ T8904] veth1_macvtap: entered promiscuous mode
[  111.780090][ T8904] batman_adv: batadv0: Interface activated: batadv_slave_0
[  111.786622][ T8904] batman_adv: batadv0: Interface activated: batadv_slave_1
[  111.798747][ T8904] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  111.801748][ T8904] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  111.805814][ T8904] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  111.808872][ T8904] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.862800][  T253] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.873755][  T253] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.894054][  T258] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.896958][  T258] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.914123][   T55] Bluetooth: hci1: command tx timeout
[  111.949835][ T9128] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  112.448083][ T9133] ieee802154 phy0 wpan0: encryption failed: -22
[  112.538666][ T9139] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1280'.
[  112.587411][ T9141] pim6reg0: tun_chr_ioctl cmd 2148553947
[  113.597221][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.363676][ T9169] tap0: tun_chr_ioctl cmd 1074025677
[  114.365794][ T9169] tap0: linktype set to 804
[  114.605756][ T5223] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  114.611215][ T5223] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  114.618101][ T5223] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  114.625308][ T5223] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  114.631050][ T5223] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  114.668765][ T9192] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1303'.
[  114.820821][ T9188] chnl_net:caif_netlink_parms(): no params data found
[  114.925676][ T9188] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.928549][ T9188] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.931684][ T9188] bridge_slave_0: entered allmulticast mode
[  114.937557][ T9188] bridge_slave_0: entered promiscuous mode
[  114.942034][ T9188] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.945975][ T9188] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.948978][ T9188] bridge_slave_1: entered allmulticast mode
[  114.952580][ T9188] bridge_slave_1: entered promiscuous mode
[  114.983168][ T9188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  114.987904][ T9188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  115.024810][ T9188] team0: Port device team_slave_0 added
[  115.030133][ T9188] team0: Port device team_slave_1 added
[  115.078772][ T9188] batman_adv: batadv0: Adding interface: batadv_slave_0
[  115.081594][ T9188] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.117487][ T9188] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  115.125811][ T9188] batman_adv: batadv0: Adding interface: batadv_slave_1
[  115.128738][ T9188] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.146255][ T9188] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  115.208907][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.229343][ T9188] hsr_slave_0: entered promiscuous mode
[  115.232480][ T9188] hsr_slave_1: entered promiscuous mode
[  115.238196][ T9188] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  115.241568][ T9188] Cannot create hsr debugfs directory
[  115.312716][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.391213][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.619096][   T13] bridge_slave_1: left allmulticast mode
[  115.621550][   T13] bridge_slave_1: left promiscuous mode
[  115.645730][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.663285][   T13] bridge_slave_0: left allmulticast mode
[  115.668569][   T13] bridge_slave_0: left promiscuous mode
[  115.671141][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.707438][ T9223] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1315'.
[  115.713480][ T9223] netlink: 43 bytes leftover after parsing attributes in process `syz.0.1315'.
[  115.722965][ T9223] netlink: 'syz.0.1315': attribute type 5 has an invalid length.
[  115.733422][ T9223] netlink: 43 bytes leftover after parsing attributes in process `syz.0.1315'.
[  115.890113][ T9229] netlink: 'syz.0.1318': attribute type 11 has an invalid length.
[  116.058349][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  116.066776][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  116.072113][   T13] bond0 (unregistering): Released all slaves
[  116.268573][ T9233] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1320'.
[  116.271565][ T9233] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1320'.
[  116.430333][   T13] hsr_slave_0: left promiscuous mode
[  116.433216][   T13] hsr_slave_1: left promiscuous mode
[  116.437999][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  116.440969][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  116.446511][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  116.449490][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  116.459026][   T13] veth1_macvtap: left promiscuous mode
[  116.461353][   T13] veth0_macvtap: left promiscuous mode
[  116.463915][   T13] veth1_vlan: left promiscuous mode
[  116.465657][   T13] veth0_vlan: left promiscuous mode
[  116.698059][   T13] team0 (unregistering): Port device team_slave_1 removed
[  116.708290][ T5223] Bluetooth: hci1: command tx timeout
[  116.726490][   T13] team0 (unregistering): Port device team_slave_0 removed
[  117.222846][ T9188] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  117.232131][ T9188] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  117.252505][ T9188] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  117.276210][ T9188] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  117.379641][ T9188] 8021q: adding VLAN 0 to HW filter on device bond0
[  117.385934][ T9273] netlink: 'syz.1.1329': attribute type 1 has an invalid length.
[  117.386439][ T9271] netlink: 'syz.0.1328': attribute type 83 has an invalid length.
[  117.388927][ T9273] netlink: 784 bytes leftover after parsing attributes in process `syz.1.1329'.
[  117.404456][ T9188] 8021q: adding VLAN 0 to HW filter on device team0
[  117.412251][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.415085][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[  117.432233][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.434697][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.485500][ T9281] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1332'.
[  117.536507][ T9188] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.565262][ T9188] veth0_vlan: entered promiscuous mode
[  117.570068][ T9188] veth1_vlan: entered promiscuous mode
[  117.598853][ T9188] veth0_macvtap: entered promiscuous mode
[  117.611620][ T9188] veth1_macvtap: entered promiscuous mode
[  117.621116][ T9188] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.632681][ T9188] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.638669][ T9188] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.638785][ T9295] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1337'.
[  117.641681][ T9188] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.647483][ T9188] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.650280][ T9188] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.706569][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.715608][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.736553][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.739937][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.645356][ T9308] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1343'.
[  118.651378][ T9308] batadv1: entered promiscuous mode
[  118.653215][ T9308] batadv1: entered allmulticast mode
[  118.808775][ T9308] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1343'.
[  118.857766][ T9315] netlink: 'syz.0.1345': attribute type 4 has an invalid length.
[  118.975966][ T9329] netlink: 'syz.1.1350': attribute type 29 has an invalid length.
[  118.979969][ T9329] netlink: 'syz.1.1350': attribute type 29 has an invalid length.
[  120.146703][ T5837] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.385831][ T9350] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  120.392873][ T9350] mac80211_hwsim hwsim2 syzkaller0: entered promiscuous mode
[  120.408822][ T9350] mac80211_hwsim hwsim2 syzkaller0: entered allmulticast mode
[  120.431949][ T9350] tipc: Resetting bearer <eth:syzkaller0>
[  120.502609][ T5858] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x80
[  120.588218][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  120.592353][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  120.597749][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  120.602522][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  120.606741][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  120.791594][ T9362] chnl_net:caif_netlink_parms(): no params data found
[  120.842147][ T5837] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.888162][ T9362] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.890603][ T9362] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.893947][ T9362] bridge_slave_0: entered allmulticast mode
[  120.897232][ T9362] bridge_slave_0: entered promiscuous mode
[  120.902493][ T9362] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.905795][ T9362] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.908589][ T9362] bridge_slave_1: entered allmulticast mode
[  120.911434][ T9362] bridge_slave_1: entered promiscuous mode
[  120.929452][ T9362] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.934335][ T9362] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.957151][ T9362] team0: Port device team_slave_0 added
[  120.960986][ T9362] team0: Port device team_slave_1 added
[  120.984571][ T9362] batman_adv: batadv0: Adding interface: batadv_slave_0
[  120.987290][ T9362] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.998047][ T9362] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  121.003171][ T9362] batman_adv: batadv0: Adding interface: batadv_slave_1
[  121.007008][ T9362] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.016425][ T9362] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  121.042267][ T9362] hsr_slave_0: entered promiscuous mode
[  121.044793][ T9362] hsr_slave_1: entered promiscuous mode
[  121.046922][ T9362] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  121.049364][ T9362] Cannot create hsr debugfs directory
[  121.071709][ T5837] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.137983][ T5837] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.282664][ T5837] bridge_slave_1: left allmulticast mode
[  121.285112][ T5837] bridge_slave_1: left promiscuous mode
[  121.298827][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.308735][ T5837] bridge_slave_0: left allmulticast mode
[  121.315643][ T5837] bridge_slave_0: left promiscuous mode
[  121.317625][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.610735][ T5837] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  121.618217][ T5837] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  121.622214][ T5837] bond0 (unregistering): Released all slaves
[  121.967520][ T5834] hid-generic 0005:0C45:1012.0001: item fetching failed at offset 0/1
[  121.971950][ T5834] hid-generic 0005:0C45:1012.0001: probe with driver hid-generic failed with error -22
[  122.044097][ T5837] hsr_slave_0: left promiscuous mode
[  122.047081][ T5837] hsr_slave_1: left promiscuous mode
[  122.049897][ T5837] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  122.052995][ T5837] batman_adv: batadv0: Removing interface: batadv_slave_0
[  122.070991][ T5837] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  122.077341][ T5837] batman_adv: batadv0: Removing interface: batadv_slave_1
[  122.093026][ T5837] veth1_macvtap: left promiscuous mode
[  122.096650][ T5837] veth0_macvtap: left promiscuous mode
[  122.099185][ T5837] veth1_vlan: left promiscuous mode
[  122.101713][ T5837] veth0_vlan: left promiscuous mode
[  122.379834][ T5837] team0 (unregistering): Port device team_slave_1 removed
[  122.406777][ T5837] team0 (unregistering): Port device team_slave_0 removed
[  122.628316][   T55] Bluetooth: hci1: command tx timeout
[  122.705013][ T9407] netlink: 'syz.0.1375': attribute type 6 has an invalid length.
[  122.708353][ T9407] netlink: 'syz.0.1375': attribute type 7 has an invalid length.
[  122.711471][ T9407] netlink: 'syz.0.1375': attribute type 8 has an invalid length.
[  123.076713][ T9362] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  123.108350][ T9362] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  123.151797][ T9362] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  123.160293][ T9362] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  123.341277][ T9362] 8021q: adding VLAN 0 to HW filter on device bond0
[  123.359387][ T9362] 8021q: adding VLAN 0 to HW filter on device team0
[  123.387093][  T258] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.390164][  T258] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.395478][  T258] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.398666][  T258] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.529964][ T9362] 8021q: adding VLAN 0 to HW filter on device batadv0
[  123.571506][ T9362] veth0_vlan: entered promiscuous mode
[  123.576461][ T9362] veth1_vlan: entered promiscuous mode
[  123.593036][ T9362] veth0_macvtap: entered promiscuous mode
[  123.597125][ T9362] veth1_macvtap: entered promiscuous mode
[  123.606477][ T9362] batman_adv: batadv0: Interface activated: batadv_slave_0
[  123.612290][ T9362] batman_adv: batadv0: Interface activated: batadv_slave_1
[  123.619484][ T9362] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.622284][ T9362] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  123.626490][ T9362] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  123.629244][ T9362] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  123.667924][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.670624][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.690183][  T258] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.692952][  T258] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.746509][ T9405] ==================================================================
[  123.750014][ T9405] BUG: KASAN: slab-use-after-free in __mutex_lock+0x738/0xe80
[  123.753234][ T9405] Read of size 8 at addr ffff888027c5c0a0 by task khidpd_0c451012/9405
[  123.757460][ T9405] 
[  123.758564][ T9405] CPU: 1 UID: 0 PID: 9405 Comm: khidpd_0c451012 Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 PREEMPT(full) 
[  123.758579][ T9405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  123.758587][ T9405] Call Trace:
[  123.758595][ T9405]  <TASK>
[  123.758601][ T9405]  dump_stack_lvl+0x189/0x250
[  123.758620][ T9405]  ? __virt_addr_valid+0x1c8/0x5c0
[  123.758637][ T9405]  ? rcu_is_watching+0x15/0xb0
[  123.758651][ T9405]  ? __kasan_check_byte+0x12/0x40
[  123.758666][ T9405]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.758678][ T9405]  ? rcu_is_watching+0x15/0xb0
[  123.758691][ T9405]  ? lock_release+0x4b/0x3e0
[  123.758704][ T9405]  ? __virt_addr_valid+0x1c8/0x5c0
[  123.758718][ T9405]  ? __virt_addr_valid+0x4a5/0x5c0
[  123.758733][ T9405]  print_report+0xd2/0x2b0
[  123.758744][ T9405]  ? __mutex_lock+0x738/0xe80
[  123.758756][ T9405]  kasan_report+0x118/0x150
[  123.758771][ T9405]  ? __mutex_lock+0x738/0xe80
[  123.758784][ T9405]  __mutex_lock+0x738/0xe80
[  123.758795][ T9405]  ? __mutex_lock+0x51b/0xe80
[  123.758808][ T9405]  ? l2cap_unregister_user+0x6a/0x1b0
[  123.758827][ T9405]  ? __pfx___mutex_lock+0x10/0x10
[  123.758841][ T9405]  ? __pfx___timer_delete_sync+0x10/0x10
[  123.758860][ T9405]  l2cap_unregister_user+0x6a/0x1b0
[  123.758879][ T9405]  hidp_session_thread+0x3c9/0x410
[  123.758892][ T9405]  ? __pfx_hidp_session_thread+0x10/0x10
[  123.758903][ T9405]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  123.758919][ T9405]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  123.758932][ T9405]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  123.758943][ T9405]  ? __kthread_parkme+0x7b/0x200
[  123.758958][ T9405]  ? __kthread_parkme+0x1a1/0x200
[  123.758973][ T9405]  kthread+0x711/0x8a0
[  123.758997][ T9405]  ? __pfx_hidp_session_thread+0x10/0x10
[  123.759008][ T9405]  ? __pfx_kthread+0x10/0x10
[  123.759023][ T9405]  ? _raw_spin_unlock_irq+0x23/0x50
[  123.759038][ T9405]  ? lockdep_hardirqs_on+0x9c/0x150
[  123.759055][ T9405]  ? __pfx_kthread+0x10/0x10
[  123.759070][ T9405]  ret_from_fork+0x3fc/0x770
[  123.759083][ T9405]  ? __pfx_ret_from_fork+0x10/0x10
[  123.759096][ T9405]  ? __switch_to_asm+0x39/0x70
[  123.759110][ T9405]  ? __switch_to_asm+0x33/0x70
[  123.759124][ T9405]  ? __pfx_kthread+0x10/0x10
[  123.759139][ T9405]  ret_from_fork_asm+0x1a/0x30
[  123.759158][ T9405]  </TASK>
[  123.759163][ T9405] 
[  123.854056][ T9405] Allocated by task 9362:
[  123.855922][ T9405]  kasan_save_track+0x3e/0x80
[  123.857959][ T9405]  __kasan_kmalloc+0x93/0xb0
[  123.859910][ T9405]  __kmalloc_noprof+0x27a/0x4f0
[  123.861956][ T9405]  hci_alloc_dev_priv+0x28/0x2040
[  123.864137][ T9405]  vhci_create_device+0x120/0x6e0
[  123.866335][ T9405]  vhci_write+0x3ce/0x4a0
[  123.868227][ T9405]  vfs_write+0x54b/0xa90
[  123.870077][ T9405]  ksys_write+0x145/0x250
[  123.871917][ T9405]  do_syscall_64+0xfa/0x3b0
[  123.873920][ T9405]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.876394][ T9405] 
[  123.877427][ T9405] Freed by task 9362:
[  123.879136][ T9405]  kasan_save_track+0x3e/0x80
[  123.881133][ T9405]  kasan_save_free_info+0x46/0x50
[  123.883324][ T9405]  __kasan_slab_free+0x62/0x70
[  123.885400][ T9405]  kfree+0x18e/0x440
[  123.887061][ T9405]  bt_host_release+0x82/0x90
[  123.889014][ T9405]  device_release+0x9c/0x1c0
[  123.890983][ T9405]  kobject_put+0x22b/0x480
[  123.892881][ T9405]  vhci_release+0x88/0xd0
[  123.894703][ T9405]  __fput+0x44c/0xa70
[  123.896448][ T9405]  task_work_run+0x1d4/0x260
[  123.898437][ T9405]  do_exit+0x6b5/0x22e0
[  123.900192][ T9405]  do_group_exit+0x21c/0x2d0
[  123.902152][ T9405]  __x64_sys_exit_group+0x3f/0x40
[  123.904258][ T9405]  x64_sys_call+0x21ba/0x21c0
[  123.906324][ T9405]  do_syscall_64+0xfa/0x3b0
[  123.908272][ T9405]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.910709][ T9405] 
[  123.911709][ T9405] Last potentially related work creation:
[  123.914139][ T9405]  kasan_save_stack+0x3e/0x60
[  123.916186][ T9405]  kasan_record_aux_stack+0xbd/0xd0
[  123.918435][ T9405]  insert_work+0x3d/0x330
[  123.920239][ T9405]  __queue_work+0xbd9/0xfe0
[  123.922142][ T9405]  queue_work_on+0x181/0x270
[  123.924150][ T9405]  process_scheduled_works+0xae1/0x17b0
[  123.926478][ T9405]  worker_thread+0x8a0/0xda0
[  123.928391][ T9405]  kthread+0x711/0x8a0
[  123.930106][ T9405]  ret_from_fork+0x3fc/0x770
[  123.931990][ T9405]  ret_from_fork_asm+0x1a/0x30
[  123.934041][ T9405] 
[  123.935087][ T9405] Second to last potentially related work creation:
[  123.937939][ T9405]  kasan_save_stack+0x3e/0x60
[  123.939872][ T9405]  kasan_record_aux_stack+0xbd/0xd0
[  123.942082][ T9405]  insert_work+0x3d/0x330
[  123.943945][ T9405]  __queue_work+0xcfc/0xfe0
[  123.945917][ T9405]  call_timer_fn+0x17e/0x5f0
[  123.947909][ T9405]  __run_timer_base+0x646/0x860
[  123.949947][ T9405]  run_timer_softirq+0xb7/0x180
[  123.951955][ T9405]  handle_softirqs+0x286/0x870
[  123.953929][ T9405]  __irq_exit_rcu+0xca/0x1f0
[  123.955790][ T9405]  irq_exit_rcu+0x9/0x30
[  123.957514][ T9405]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  123.959879][ T9405]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  123.962366][ T9405] 
[  123.963386][ T9405] The buggy address belongs to the object at ffff888027c5c000
[  123.963386][ T9405]  which belongs to the cache kmalloc-8k of size 8192
[  123.969104][ T9405] The buggy address is located 160 bytes inside of
[  123.969104][ T9405]  freed 8192-byte region [ffff888027c5c000, ffff888027c5e000)
[  123.974647][ T9405] 
[  123.975658][ T9405] The buggy address belongs to the physical page:
[  123.978328][ T9405] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27c58
[  123.981955][ T9405] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  123.985413][ T9405] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  123.988818][ T9405] page_type: f5(slab)
[  123.990578][ T9405] raw: 00fff00000000040 ffff88801a442280 ffffea0000cbb200 dead000000000005
[  123.994254][ T9405] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  123.997833][ T9405] head: 00fff00000000040 ffff88801a442280 ffffea0000cbb200 dead000000000005
[  124.001483][ T9405] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  124.005201][ T9405] head: 00fff00000000003 ffffea00009f1601 00000000ffffffff 00000000ffffffff
[  124.008715][ T9405] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  124.012221][ T9405] page dumped because: kasan: bad access detected
[  124.014808][ T9405] page_owner tracks the page as allocated
[  124.017092][ T9405] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5577, tgid 5577 (dhcpcd), ts 86181400269, free_ts 77570043772
[  124.025371][ T9405]  post_alloc_hook+0x240/0x2a0
[  124.027356][ T9405]  get_page_from_freelist+0x21e4/0x22c0
[  124.029629][ T9405]  __alloc_frozen_pages_noprof+0x181/0x370
[  124.032017][ T9405]  alloc_pages_mpol+0x232/0x4a0
[  124.034047][ T9405]  allocate_slab+0x8a/0x3b0
[  124.035840][ T9405]  ___slab_alloc+0xbfc/0x1480
[  124.037412][ T9405]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[  124.039717][ T9405]  kmalloc_reserve+0x136/0x290
[  124.041507][ T9405]  __alloc_skb+0x142/0x2d0
[  124.043600][ T9405]  netlink_dump+0x169/0xe90
[  124.045584][ T9405]  netlink_recvmsg+0x676/0xa30
[  124.047693][ T9405]  sock_recvmsg+0x22c/0x270
[  124.049713][ T9405]  ____sys_recvmsg+0x1c9/0x460
[  124.051821][ T9405]  ___sys_recvmsg+0x1b5/0x510
[  124.053873][ T9405]  __x64_sys_recvmsg+0x198/0x260
[  124.055877][ T9405]  do_syscall_64+0xfa/0x3b0
[  124.057374][ T9405] page last free pid 7195 tgid 7195 stack trace:
[  124.059642][ T9405]  __free_frozen_pages+0xc71/0xe70
[  124.061336][ T9405]  vfree+0x25a/0x400
[  124.062670][ T9405]  xskq_destroy+0x40/0x60
[  124.064524][ T9405]  xsk_release+0x671/0x890
[  124.066493][ T9405]  sock_close+0xc3/0x240
[  124.068338][ T9405]  __fput+0x44c/0xa70
[  124.070043][ T9405]  task_work_run+0x1d4/0x260
[  124.071971][ T9405]  exit_to_user_mode_loop+0xec/0x110
[  124.073842][ T9405]  do_syscall_64+0x2bd/0x3b0
[  124.075333][ T9405]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.077244][ T9405] 
[  124.078038][ T9405] Memory state around the buggy address:
[  124.080149][ T9405]  ffff888027c5bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  124.083428][ T9405]  ffff888027c5c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  124.086724][ T9405] >ffff888027c5c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  124.089909][ T9405]                                ^
[  124.092051][ T9405]  ffff888027c5c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  124.095440][ T9405]  ffff888027c5c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  124.098299][ T9405] ==================================================================
[  124.103099][ T9405] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  124.106205][ T9405] CPU: 1 UID: 0 PID: 9405 Comm: khidpd_0c451012 Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 PREEMPT(full) 
[  124.110810][ T9405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  124.114895][ T9405] Call Trace:
[  124.116016][ T9405]  <TASK>
[  124.116990][ T9405]  dump_stack_lvl+0x99/0x250
[  124.118548][ T9405]  ? __asan_memcpy+0x40/0x70
[  124.120432][ T9405]  ? __pfx_dump_stack_lvl+0x10/0x10
[  124.122642][ T9405]  ? __pfx__printk+0x10/0x10
[  124.124560][ T9405]  panic+0x2db/0x790
[  124.126222][ T9405]  ? __pfx_panic+0x10/0x10
[  124.128104][ T9405]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  124.130657][ T9405]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  124.133153][ T9405]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  124.135211][ T9405]  ? print_memory_metadata+0x314/0x400
[  124.136973][ T9405]  ? __mutex_lock+0x738/0xe80
[  124.138551][ T9405]  check_panic_on_warn+0x89/0xb0
[  124.140577][ T9405]  ? __mutex_lock+0x738/0xe80
[  124.142621][ T9405]  end_report+0x78/0x160
[  124.144465][ T9405]  kasan_report+0x129/0x150
[  124.146415][ T9405]  ? __mutex_lock+0x738/0xe80
[  124.148437][ T9405]  __mutex_lock+0x738/0xe80
[  124.150441][ T9405]  ? __mutex_lock+0x51b/0xe80
[  124.152360][ T9405]  ? l2cap_unregister_user+0x6a/0x1b0
[  124.154076][ T9405]  ? __pfx___mutex_lock+0x10/0x10
[  124.155776][ T9405]  ? __pfx___timer_delete_sync+0x10/0x10
[  124.158174][ T9405]  l2cap_unregister_user+0x6a/0x1b0
[  124.160325][ T9405]  hidp_session_thread+0x3c9/0x410
[  124.162433][ T9405]  ? __pfx_hidp_session_thread+0x10/0x10
[  124.164573][ T9405]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  124.167079][ T9405]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  124.169777][ T9405]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  124.172449][ T9405]  ? __kthread_parkme+0x7b/0x200
[  124.174305][ T9405]  ? __kthread_parkme+0x1a1/0x200
[  124.175903][ T9405]  kthread+0x711/0x8a0
[  124.177212][ T9405]  ? __pfx_hidp_session_thread+0x10/0x10
[  124.179225][ T9405]  ? __pfx_kthread+0x10/0x10
[  124.181189][ T9405]  ? _raw_spin_unlock_irq+0x23/0x50
[  124.183304][ T9405]  ? lockdep_hardirqs_on+0x9c/0x150
[  124.185506][ T9405]  ? __pfx_kthread+0x10/0x10
[  124.187559][ T9405]  ret_from_fork+0x3fc/0x770
[  124.189576][ T9405]  ? __pfx_ret_from_fork+0x10/0x10
[  124.191774][ T9405]  ? __switch_to_asm+0x39/0x70
[  124.193821][ T9405]  ? __switch_to_asm+0x33/0x70
[  124.195856][ T9405]  ? __pfx_kthread+0x10/0x10
[  124.197370][ T9405]  ret_from_fork_asm+0x1a/0x30
[  124.199004][ T9405]  </TASK>
[  124.200896][ T9405] Kernel Offset: disabled
[  124.202769][ T9405] Rebooting in 86400 seconds..

VM DIAGNOSIS:
19:48:25  Registers:
info registers vcpu 0

CPU#0
RAX=e46bd31ba4a70500 RBX=ffffffff81976c78 RCX=e46bd31ba4a70500 RDX=0000000000000001
RSI=ffffffff8d998b82 RDI=ffffffff8be29dc0 RBP=ffffffff8de07ea8 RSP=ffffffff8de07d80
R8 =ffff88804b032f5b R9 =1ffff110096065eb R10=dffffc0000000000 R11=ffffed10096065ec
R12=ffffffff8fa1f3f0 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a50
RIP=ffffffff8b6f34d3 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fffb7ef6ba8 CR3=0000000111294000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000063d6192 0000000000000001 XMM01=0000010101010101 000000ffffffffff
XMM02=000055b0c4d32913 000000376270616c XMM03=0000000000000000 0000000000000000
XMM04=ffff000000000000 ffffff0000000000 XMM05=1600000000000000 00000000000002ff
XMM06=1600000000000000 00000000000002ff XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000063 RBX=0000000000000063 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002c1f370
R8 =ffff888108540237 R9 =1ffff110210a8046 R10=dffffc0000000000 R11=ffffffff85478780
R12=dffffc0000000000 R13=ffffffff99af98b9 R14=ffffffff99dfe6e0 R15=0000000000000000
RIP=ffffffff854787fc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00005644d75cb131 CR3=000000003a65c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff8133a4fe ffffffff8133a4fe
XMM02=00007f2892d85478 ffffffff8133a4fe XMM03=00007f2892d85488 00007f2892d85480
XMM04=00007f28938ed100 00007f2892d85440 XMM05=00007f2892d85458 00007f2892d854a0
XMM06=00007f2892d85498 00007f2892d85490 XMM07=00007f2892d85488 00007f2892d85480
XMM08=9614c00a6b2950a4 0d1938b248dfa1b9 XMM09=0000000000000000 00007f2892c11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
