last executing test programs:

730.524183ms ago: executing program 2 (id=587):
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)={@map, 0xffffffffffffffff, 0x5}, 0x10)

669.136914ms ago: executing program 2 (id=589):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r0, &(0x7f0000003d40)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000980)="e41e0491846f58333e3e48a7c0b119", 0xf}], 0x1}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000280)="89e2380866cbd975", 0x8}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000003880)="167a5af69e3e11f3c24bb591d71b686e0b8372ac147298eee3d485d08d00d6f04d7b7bcd0fa4cc0b5cb8968a48302fc31dd6c91019df7e2f9a2ecba64c89687b2402879b3b290d4001518f9f2c7c7273da6b30ee59d3", 0x56}, {&(0x7f00000008c0)="73aca9d2f9764c49088997da3c161d10c9771163bd33c94ee21c56a68eda101772081d4aa6cba3c6c242", 0x2a}], 0x2}}], 0x3, 0x8010)
shutdown(r0, 0x1)

610.330344ms ago: executing program 2 (id=594):
r0 = socket(0xa, 0x2400000001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000034000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)

540.278348ms ago: executing program 2 (id=597):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80"], 0xa8}}, 0x0)
r0 = socket$unix(0x1, 0x5, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r2=>0x0})
connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10)
sendmsg$can_bcm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r0, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$can_bcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0xc8}, 0x2}, 0x0)

539.883275ms ago: executing program 2 (id=600):
syz_emit_ethernet(0x4e, &(0x7f0000000440)={@local, @remote, @void, {@ipv4={0x800, @tipc={{0x6, 0x4, 0x3, 0x5, 0x40, 0x65, 0x0, 0x9, 0x6, 0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@generic={0x89, 0x2}]}}, @payload_named={{{{{0x28, 0x0, 0x0, 0x1, 0x0, 0xa, 0x1, 0x2, 0xdd, 0x0, 0x3, 0x4, 0x2, 0x2, 0x101, 0x3, 0x0, 0x4e22, 0x4e21}, 0x3, 0x2}, 0x1, 0x1}}}}}}}, 0x0)

470.459877ms ago: executing program 2 (id=603):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4004441)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0xe429, @none, 0x401}, 0xe)
socket(0x2b, 0x6, 0x8000)
r4 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000003c0)=@generic={&(0x7f0000000300)='./file0\x00', 0x0, 0x10}, 0x18)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x6, 0xb}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b70300000000ff80850000000400000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x15, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x2}, [@ldst={0x0, 0x2, 0x3, 0x3, 0x8, 0xfffffffffffffff4, 0xfffffffffffffffc}]}, &(0x7f0000000100)='syzkaller\x00', 0x8, 0x51, &(0x7f0000000200)=""/81, 0x41100, 0x4, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x3, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, r4, 0x0, &(0x7f0000000400)=[0xffffffffffffffff, r5, r2, r2], 0x0, 0x10, 0x5}, 0x94)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000009, 0x200000006c832, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)

470.340401ms ago: executing program 0 (id=604):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000100)='blkio.throttle.write_bps_device\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000240)=0x10000, 0x12)

387.951278ms ago: executing program 0 (id=606):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x19, &(0x7f0000000240)={&(0x7f00000000c0)=@migrate={0x154, 0x21, 0x1, 0x0, 0x0, {{@in=@multicast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, [@encap={0x1c, 0x4, {0x0, 0x0, 0x0, @in=@multicast2}}, @migrate={0xe8}]}, 0x154}}, 0x0)

330.733296ms ago: executing program 0 (id=608):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$802154_dgram(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x24, @none={0x0, 0x2}}, 0x14, &(0x7f00000000c0)={0x0}, 0x7, 0x0, 0x0, 0x6274a5ca71beadeb}, 0x4000000)

250.822893ms ago: executing program 1 (id=609):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={0x38, r1, 0x1, 0x70bd26, 0x80, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x80}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x18}, 0x4014)

250.726318ms ago: executing program 0 (id=610):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
bind$ax25(r0, &(0x7f0000000380)={{0x3, @null, 0x1}, [@null={0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x2}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x3c)

250.648226ms ago: executing program 1 (id=611):
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', <r1=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000080)={@private0, 0x71, r1})

189.678915ms ago: executing program 1 (id=612):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000fc007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000001a00)={r1, 0x1}, 0xc)

189.297355ms ago: executing program 0 (id=613):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000340)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="0200000002"], 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="0200"], 0x10)

189.142154ms ago: executing program 1 (id=614):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x6, &(0x7f0000000140)={0x14, {{0x29, 0x0, 0x8000000, @mcast1}}}, 0x88)

120.605467ms ago: executing program 1 (id=615):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r0, 0x11b, 0x8, &(0x7f0000003140), &(0x7f0000000040)=0x30)

118.598185ms ago: executing program 0 (id=616):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, r1, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_PEER_V6={0x14, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback}, @FOU_ATTR_PORT={0x6}]}, 0x4c}}, 0x0)

0s ago: executing program 1 (id=617):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x4e8, 0x0, 0x940c, 0x3002, 0x2e0, 0x2c0, 0x418, 0x3d8, 0x3d8, 0x418, 0x3d8, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @loopback}, @local, [0xff, 0xffffffff, 0x0, 0xff000000], [0xffffff00, 0xff000000], 'erspan0\x00', 'wlan0\x00', {}, {0xff}, 0x2b, 0x3, 0x3}, 0x0, 0x298, 0x2e0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x2, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, [0x0, 0x0, 0xff000000, 0xff], [0xffffff00, 0xffffff00, 0xff000000, 0xffffffff], 'team_slave_1\x00', 'veth1_virt_wifi\x00', {0xff}, {}, 0x886215f4d37bb4bb, 0x90, 0x1, 0x69}, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x548)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:12051' (ED25519) to the list of known hosts.
syzkaller login: [   48.701250][ T5750] cgroup: Unknown subsys name 'net'
[   48.830577][ T5750] cgroup: Unknown subsys name 'cpuset'
[   48.836235][ T5750] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.196131][ T5750] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   54.602135][ T5815] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.611519][ T5817] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   54.615741][ T5815] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   54.616195][ T5817] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.621810][ T5817] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.625515][ T5817] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.626259][ T5815] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   54.630241][ T5817] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   54.631595][ T5815] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   54.637107][ T5821] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   54.641558][ T5821] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   54.641951][ T5817] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   54.647186][ T5202] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   54.655971][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   54.659178][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   54.962492][ T5811] chnl_net:caif_netlink_parms(): no params data found
[   54.968651][ T5813] chnl_net:caif_netlink_parms(): no params data found
[   55.040094][ T5820] chnl_net:caif_netlink_parms(): no params data found
[   55.149772][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.153647][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.158914][ T5811] bridge_slave_0: entered allmulticast mode
[   55.162961][ T5811] bridge_slave_0: entered promiscuous mode
[   55.167953][ T5813] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.170295][ T5813] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.172803][ T5813] bridge_slave_0: entered allmulticast mode
[   55.175617][ T5813] bridge_slave_0: entered promiscuous mode
[   55.179459][ T5813] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.181752][ T5813] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.184195][ T5813] bridge_slave_1: entered allmulticast mode
[   55.187187][ T5813] bridge_slave_1: entered promiscuous mode
[   55.200730][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.203080][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.205639][ T5811] bridge_slave_1: entered allmulticast mode
[   55.210039][ T5811] bridge_slave_1: entered promiscuous mode
[   55.263230][ T5813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.279788][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.282715][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.285673][ T5820] bridge_slave_0: entered allmulticast mode
[   55.290019][ T5820] bridge_slave_0: entered promiscuous mode
[   55.305379][ T5813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.317617][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.320209][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.322623][ T5820] bridge_slave_1: entered allmulticast mode
[   55.325205][ T5820] bridge_slave_1: entered promiscuous mode
[   55.336708][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.359158][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.364530][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.369758][ T5813] team0: Port device team_slave_0 added
[   55.372896][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.384684][ T5813] team0: Port device team_slave_1 added
[   55.422341][ T5811] team0: Port device team_slave_0 added
[   55.442594][ T5820] team0: Port device team_slave_0 added
[   55.446970][ T5811] team0: Port device team_slave_1 added
[   55.451055][ T5820] team0: Port device team_slave_1 added
[   55.454794][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.457810][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.466934][ T5813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.509590][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.512094][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.524275][ T5813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.528971][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.531893][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.542299][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.546518][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.549008][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.557652][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.565799][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.568979][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.578495][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.582673][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.585014][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.593981][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.651522][ T5813] hsr_slave_0: entered promiscuous mode
[   55.654746][ T5813] hsr_slave_1: entered promiscuous mode
[   55.695137][ T5820] hsr_slave_0: entered promiscuous mode
[   55.697892][ T5820] hsr_slave_1: entered promiscuous mode
[   55.700021][ T5820] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.702507][ T5820] Cannot create hsr debugfs directory
[   55.710765][ T5811] hsr_slave_0: entered promiscuous mode
[   55.713891][ T5811] hsr_slave_1: entered promiscuous mode
[   55.718056][ T5811] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.721219][ T5811] Cannot create hsr debugfs directory
[   56.003840][ T5820] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.017428][ T5820] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.037990][ T5820] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.052573][ T5820] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.095300][ T5813] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   56.102246][ T5813] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   56.127917][ T5813] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   56.134516][ T5813] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.186230][ T5811] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   56.194980][ T5811] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   56.205360][ T5811] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   56.211807][ T5811] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   56.292064][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.322903][ T5820] 8021q: adding VLAN 0 to HW filter on device team0
[   56.343328][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.349648][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.352119][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.365341][ T5813] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.368905][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.371177][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.382400][ T5811] 8021q: adding VLAN 0 to HW filter on device team0
[   56.403961][ T5813] 8021q: adding VLAN 0 to HW filter on device team0
[   56.407897][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.410811][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.427003][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.429916][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.440707][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.443298][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.460276][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.462882][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.571645][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.628887][ T5820] veth0_vlan: entered promiscuous mode
[   56.650758][ T5820] veth1_vlan: entered promiscuous mode
[   56.682134][ T5820] veth0_macvtap: entered promiscuous mode
[   56.686847][   T54] Bluetooth: hci1: command tx timeout
[   56.689472][   T54] Bluetooth: hci2: command tx timeout
[   56.691934][   T54] Bluetooth: hci0: command tx timeout
[   56.713732][ T5820] veth1_macvtap: entered promiscuous mode
[   56.731423][ T5813] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.746942][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.751813][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.765127][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.774416][ T5820] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.779230][ T5820] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.782352][ T5820] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.785653][ T5820] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.832565][ T5813] veth0_vlan: entered promiscuous mode
[   56.868387][ T4292] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.871152][ T4292] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.871695][ T5813] veth1_vlan: entered promiscuous mode
[   56.894706][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.896345][ T5811] veth0_vlan: entered promiscuous mode
[   56.897704][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.929389][ T5813] veth0_macvtap: entered promiscuous mode
[   56.933618][ T5811] veth1_vlan: entered promiscuous mode
[   56.940207][ T5820] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   56.941519][ T5813] veth1_macvtap: entered promiscuous mode
[   56.984271][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.005142][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.020244][ T5811] veth0_macvtap: entered promiscuous mode
[   57.030580][ T5813] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.034221][ T5813] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.039969][ T5813] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.043588][ T5813] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.075637][ T5811] veth1_macvtap: entered promiscuous mode
[   57.145170][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.173342][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.199680][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.203103][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.212097][ T5811] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.222865][ T5811] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.230320][ T5884] netlink: 'syz.0.6': attribute type 3 has an invalid length.
[   57.233323][ T5811] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.238185][ T5811] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.314172][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.326056][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.342084][ T5887] netlink: 136 bytes leftover after parsing attributes in process `syz.0.7'.
[   57.387860][ T4292] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.391052][ T4292] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.460735][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.464896][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.552504][ T5898] netlink: 'syz.1.10': attribute type 7 has an invalid length.
[   57.567572][ T5898] netlink: 'syz.1.10': attribute type 3 has an invalid length.
[   57.570578][ T5898] netlink: 224 bytes leftover after parsing attributes in process `syz.1.10'.
[   57.605011][ T5902] netlink: 'syz.0.12': attribute type 1 has an invalid length.
[   57.623850][ T5902] netlink: 20 bytes leftover after parsing attributes in process `syz.0.12'.
[   57.653585][ T5902] netlink: 'syz.0.12': attribute type 1 has an invalid length.
[   57.659286][ T5902] netlink: 20 bytes leftover after parsing attributes in process `syz.0.12'.
[   57.663355][ T5902] netlink: 'syz.0.12': attribute type 1 has an invalid length.
[   57.667784][ T5902] netlink: 20 bytes leftover after parsing attributes in process `syz.0.12'.
[   57.671912][ T5902] netlink: 'syz.0.12': attribute type 1 has an invalid length.
[   57.674987][ T5902] netlink: 20 bytes leftover after parsing attributes in process `syz.0.12'.
[   57.686397][ T5902] netlink: 'syz.0.12': attribute type 1 has an invalid length.
[   57.689708][ T5902] netlink: 20 bytes leftover after parsing attributes in process `syz.0.12'.
[   57.696309][ T5902] netlink: 'syz.0.12': attribute type 1 has an invalid length.
[   57.699487][ T5902] netlink: 20 bytes leftover after parsing attributes in process `syz.0.12'.
[   57.703504][ T5902] netlink: 'syz.0.12': attribute type 1 has an invalid length.
[   57.716285][ T5902] netlink: 20 bytes leftover after parsing attributes in process `syz.0.12'.
[   57.720518][ T5902] netlink: 20 bytes leftover after parsing attributes in process `syz.0.12'.
[   57.753160][ T5906] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   57.755705][ T5906] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[   57.769109][ T5906] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   58.367844][ T5924] Zero length message leads to an empty skb
[   58.471251][ T5931] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   58.767065][ T5817] Bluetooth: hci0: command tx timeout
[   58.768533][   T54] Bluetooth: hci2: command tx timeout
[   58.769526][ T5817] Bluetooth: hci1: command tx timeout
[   59.043847][ T5985] xt_hashlimit: size too large, truncated to 1048576
[   59.048724][ T5985] xt_hashlimit: max too large, truncated to 1048576
[   59.616107][   T33] audit: type=1800 audit(1751709833.966:2): pid=6009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.57" name="memory.events" dev="tmpfs" ino=138 res=0 errno=0
[   60.845996][ T5817] Bluetooth: hci2: command tx timeout
[   60.846313][ T5819] Bluetooth: hci0: command tx timeout
[   60.856849][ T5819] Bluetooth: hci1: command tx timeout
[   61.139965][ T6135] warning: `syz.2.115' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   61.420783][ T6165] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[   61.484612][ T6174] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   61.597974][ T6189] syz.0.140 uses obsolete (PF_INET,SOCK_PACKET)
[   62.195744][    C1] vcan0: j1939_tp_rxtimer: 0xffff888111551400: rx timeout, send abort
[   62.691272][ T6223] __nla_validate_parse: 68 callbacks suppressed
[   62.691284][ T6223] netlink: 4 bytes leftover after parsing attributes in process `syz.2.153'.
[   62.700008][    C1] vcan0: j1939_tp_rxtimer: 0xffff888111551400: abort rx timeout. Force session deactivation
[   62.731418][ T6225] batadv_slave_1: entered promiscuous mode
[   62.734006][ T6224] batadv_slave_1: left promiscuous mode
[   62.865600][ T6240] validate_nla: 67 callbacks suppressed
[   62.865618][ T6240] netlink: 'syz.2.161': attribute type 1 has an invalid length.
[   62.902933][ T6243] IPv4: Oversized IP packet from 127.202.26.0
[   62.927403][ T5819] Bluetooth: hci2: command tx timeout
[   62.936124][ T5817] Bluetooth: hci0: command tx timeout
[   62.938293][ T5819] Bluetooth: hci1: command tx timeout
[   63.853184][ T6299] netlink: 8 bytes leftover after parsing attributes in process `syz.2.188'.
[   64.244132][ T6323] netlink: 8 bytes leftover after parsing attributes in process `syz.2.199'.
[   64.303889][ T6327] netlink: 4 bytes leftover after parsing attributes in process `syz.2.201'.
[   64.374872][ T6330] xt_CT: No such helper "snmp"
[   64.573028][ T6347] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[   64.578701][ T6347] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[   64.727788][ T6360] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   64.833316][ T6367] xt_CT: No such helper "pptp"
[   64.840744][ T6367] Cannot find add_set index 0 as target
[   65.188745][ T6385] af_packet: tpacket_rcv: packet too big, clamped from 3 to 4294967272. macoff=96
[   65.381893][ T6393] netlink: 'syz.2.231': attribute type 1 has an invalid length.
[   65.385091][ T6393] netlink: 224 bytes leftover after parsing attributes in process `syz.2.231'.
[   65.915690][ T6418] netlink: 36 bytes leftover after parsing attributes in process `syz.1.243'.
[   65.921383][ T6418] netlink: 36 bytes leftover after parsing attributes in process `syz.1.243'.
[   66.297858][ T6435] ip6erspan0: entered promiscuous mode
[   66.389631][ T6439] netlink: 4 bytes leftover after parsing attributes in process `syz.1.253'.
[   66.848375][ T6467] xt_CT: No such helper "syz0"
[   66.850778][ T6467] netlink: 8 bytes leftover after parsing attributes in process `syz.0.264'.
[   67.065704][   T10] IPVS: starting estimator thread 0...
[   67.186307][ T6491] IPVS: using max 82 ests per chain, 196800 per kthread
[   67.683294][ T6540] netlink: 8 bytes leftover after parsing attributes in process `syz.2.284'.
[   67.796471][ T6546] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[   68.222480][ T6596] raw_sendmsg: syz.2.309 forgot to set AF_INET. Fix it!
[   69.157092][ T6653] netlink: 'syz.2.330': attribute type 1 has an invalid length.
[   69.438716][ T6679] __nla_validate_parse: 1 callbacks suppressed
[   69.438736][ T6679] netlink: 8 bytes leftover after parsing attributes in process `syz.0.342'.
[   69.527894][ T6691] netlink: 72 bytes leftover after parsing attributes in process `syz.1.347'.
[   69.531053][ T6691] netlink: 'syz.1.347': attribute type 1 has an invalid length.
[   69.536239][ T6690] netlink: 28 bytes leftover after parsing attributes in process `syz.2.348'.
[   69.539065][ T6690] netlink: 8 bytes leftover after parsing attributes in process `syz.2.348'.
[   69.558836][ T6690] netlink: 'syz.2.348': attribute type 10 has an invalid length.
[   69.561968][ T6690] bridge0: port 3(team0) entered blocking state
[   69.564142][ T6690] bridge0: port 3(team0) entered disabled state
[   69.570087][ T6690] team0: entered allmulticast mode
[   69.572181][ T6690] team_slave_0: entered allmulticast mode
[   69.574339][ T6690] team_slave_1: entered allmulticast mode
[   69.579221][ T6690] team0: entered promiscuous mode
[   69.581447][ T6690] team_slave_0: entered promiscuous mode
[   69.583483][ T6690] team_slave_1: entered promiscuous mode
[   69.590085][ T6690] bridge0: port 3(team0) entered blocking state
[   69.592993][ T6690] bridge0: port 3(team0) entered forwarding state
[   69.644652][ T6701] batadv_slave_1: entered promiscuous mode
[   69.652702][ T6700] batadv_slave_1: left promiscuous mode
[   70.400334][    T9] cfg80211: failed to load regulatory.db
[   70.512714][ T6749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.370'.
[   70.528125][ T6749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.370'.
[   70.531957][ T6749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.370'.
[   70.545227][ T6749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.370'.
[   70.549489][ T6749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.370'.
[   70.553623][ T6749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.370'.
[   70.943095][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   71.339610][ T6795] sch_tbf: burst 0 is lower than device veth0_to_team mtu (1514) !
[   71.477254][ T6809] Driver unsupported XDP return value 0 on prog  (id 81) dev N/A, expect packet loss!
[   72.462766][ T6842] netlink: 'syz.1.411': attribute type 1 has an invalid length.
[   72.762347][ T6872] xt_bpf: check failed: parse error
[   72.824233][ T6876] netlink: 'syz.0.427': attribute type 1 has an invalid length.
[   73.288706][ T6919] netlink: 'syz.2.448': attribute type 2 has an invalid length.
[   73.319694][ T6919] netlink: 'syz.2.448': attribute type 2 has an invalid length.
[   73.346874][ T6926] sch_tbf: burst 1 is lower than device ip6tnl0 mtu (1452) !
[   73.415463][ T6932] netlink: 'syz.2.454': attribute type 3 has an invalid length.
[   74.451749][ T6993] __nla_validate_parse: 77 callbacks suppressed
[   74.451766][ T6993] netlink: 32 bytes leftover after parsing attributes in process `syz.0.476'.
[   75.021629][ T7031] netlink: 52 bytes leftover after parsing attributes in process `syz.1.490'.
[   75.110968][ T7037] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[   75.115385][ T7037] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check.
[   75.177338][ T7039] netlink: 'syz.0.494': attribute type 14 has an invalid length.
[   75.283416][ T7047] ipt_rpfilter: unknown options
[   75.416850][ T7055] xt_cgroup: invalid path, errno=-2
[   75.659049][ T7068] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   75.895276][ T7091] veth0_to_bond: entered allmulticast mode
[   75.911911][ T7091] netlink: 76 bytes leftover after parsing attributes in process `syz.1.509'.
[   76.004311][ T7095] netlink: 32 bytes leftover after parsing attributes in process `syz.2.514'.
[   76.608016][ T7139] ieee802154 phy1 wpan1: encryption failed: -22
[   76.635810][ T7145] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   77.952087][ T7212] netlink: 'syz.0.564': attribute type 1 has an invalid length.
[   78.011339][ T7212] bond1: (slave veth3): Enslaving as an active interface with a down link
[   78.034132][ T7212] bond1: (slave veth5): Enslaving as an active interface with a down link
[   78.088364][ T7221] netlink: 'syz.0.568': attribute type 1 has an invalid length.
[   78.171137][ T7231] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   78.184340][ T7229] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[   79.151628][ T7328] xt_CT: You must specify a L4 protocol and not use inversions on it
[   79.204181][ T7072] ==================================================================
[   79.209463][ T7072] BUG: KASAN: slab-use-after-free in __mutex_lock+0x738/0xe80
[   79.211858][ T7072] Read of size 8 at addr ffff888022ddc0a0 by task khidpd_15c25886/7072
[   79.215619][ T7072] 
[   79.216504][ T7072] CPU: 0 UID: 0 PID: 7072 Comm: khidpd_15c25886 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   79.216515][ T7072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   79.216520][ T7072] Call Trace:
[   79.216525][ T7072]  <TASK>
[   79.216530][ T7072]  dump_stack_lvl+0x189/0x250
[   79.216545][ T7072]  ? __virt_addr_valid+0x1c8/0x5c0
[   79.216554][ T7072]  ? rcu_is_watching+0x15/0xb0
[   79.216566][ T7072]  ? __kasan_check_byte+0x12/0x40
[   79.216574][ T7072]  ? __pfx_dump_stack_lvl+0x10/0x10
[   79.216583][ T7072]  ? rcu_is_watching+0x15/0xb0
[   79.216593][ T7072]  ? lock_release+0x4b/0x3e0
[   79.216604][ T7072]  ? __virt_addr_valid+0x1c8/0x5c0
[   79.216610][ T7072]  ? __virt_addr_valid+0x4a5/0x5c0
[   79.216617][ T7072]  print_report+0xd2/0x2b0
[   79.216627][ T7072]  ? __mutex_lock+0x738/0xe80
[   79.216638][ T7072]  kasan_report+0x118/0x150
[   79.216645][ T7072]  ? __mutex_lock+0x738/0xe80
[   79.216656][ T7072]  __mutex_lock+0x738/0xe80
[   79.216666][ T7072]  ? __mutex_lock+0x51b/0xe80
[   79.216676][ T7072]  ? l2cap_unregister_user+0x6a/0x1b0
[   79.216688][ T7072]  ? __pfx___mutex_lock+0x10/0x10
[   79.216706][ T7072]  ? __pfx___timer_delete_sync+0x10/0x10
[   79.216722][ T7072]  l2cap_unregister_user+0x6a/0x1b0
[   79.216738][ T7072]  hidp_session_thread+0x3c9/0x410
[   79.216758][ T7072]  ? __pfx_hidp_session_thread+0x10/0x10
[   79.216775][ T7072]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   79.216789][ T7072]  ? __pfx_hidp_session_wake_function+0x10/0x10
[   79.216809][ T7072]  ? __pfx_hidp_session_wake_function+0x10/0x10
[   79.216827][ T7072]  ? __kthread_parkme+0x7b/0x200
[   79.216838][ T7072]  ? __kthread_parkme+0x1a1/0x200
[   79.216848][ T7072]  kthread+0x711/0x8a0
[   79.216856][ T7072]  ? __pfx_hidp_session_thread+0x10/0x10
[   79.216866][ T7072]  ? __pfx_kthread+0x10/0x10
[   79.216874][ T7072]  ? _raw_spin_unlock_irq+0x23/0x50
[   79.216882][ T7072]  ? lockdep_hardirqs_on+0x9c/0x150
[   79.216892][ T7072]  ? __pfx_kthread+0x10/0x10
[   79.216900][ T7072]  ret_from_fork+0x3fc/0x770
[   79.216911][ T7072]  ? __pfx_ret_from_fork+0x10/0x10
[   79.216921][ T7072]  ? __switch_to_asm+0x39/0x70
[   79.216928][ T7072]  ? __switch_to_asm+0x33/0x70
[   79.216935][ T7072]  ? __pfx_kthread+0x10/0x10
[   79.216942][ T7072]  ret_from_fork_asm+0x1a/0x30
[   79.216951][ T7072]  </TASK>
[   79.216955][ T7072] 
[   79.294789][ T7072] Allocated by task 5820:
[   79.296306][ T7072]  kasan_save_track+0x3e/0x80
[   79.297902][ T7072]  __kasan_kmalloc+0x93/0xb0
[   79.299622][ T7072]  __kmalloc_noprof+0x27a/0x4f0
[   79.301307][ T7072]  hci_alloc_dev_priv+0x28/0x2040
[   79.303043][ T7072]  vhci_create_device+0x120/0x6e0
[   79.304873][ T7072]  vhci_write+0x3ce/0x4a0
[   79.306564][ T7072]  vfs_write+0x54b/0xa90
[   79.308060][ T7072]  ksys_write+0x145/0x250
[   79.309644][ T7072]  do_syscall_64+0xfa/0x3b0
[   79.311181][ T7072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.313185][ T7072] 
[   79.314017][ T7072] Freed by task 5820:
[   79.315460][ T7072]  kasan_save_track+0x3e/0x80
[   79.317171][ T7072]  kasan_save_free_info+0x46/0x50
[   79.318973][ T7072]  __kasan_slab_free+0x62/0x70
[   79.320860][ T7072]  kfree+0x18e/0x440
[   79.322236][ T7072]  bt_host_release+0x82/0x90
[   79.323887][ T7072]  device_release+0x9c/0x1c0
[   79.325494][ T7072]  kobject_put+0x22b/0x480
[   79.327105][ T7072]  vhci_release+0x88/0xd0
[   79.328635][ T7072]  __fput+0x44c/0xa70
[   79.330053][ T7072]  task_work_run+0x1d4/0x260
[   79.331691][ T7072]  do_exit+0x6b5/0x22e0
[   79.333198][ T7072]  do_group_exit+0x21c/0x2d0
[   79.334855][ T7072]  __x64_sys_exit_group+0x3f/0x40
[   79.336731][ T7072]  x64_sys_call+0x21ba/0x21c0
[   79.338331][ T7072]  do_syscall_64+0xfa/0x3b0
[   79.339999][ T7072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.342180][ T7072] 
[   79.343149][ T7072] Last potentially related work creation:
[   79.345143][ T7072]  kasan_save_stack+0x3e/0x60
[   79.346829][ T7072]  kasan_record_aux_stack+0xbd/0xd0
[   79.348695][ T7072]  insert_work+0x3d/0x330
[   79.350197][ T7072]  __queue_work+0xbd9/0xfe0
[   79.351716][ T7072]  queue_work_on+0x181/0x270
[   79.353244][ T7072]  hci_cmd_sync_submit+0x285/0x2b0
[   79.354959][ T7072]  process_scheduled_works+0xae1/0x17b0
[   79.356781][ T7072]  worker_thread+0x8a0/0xda0
[   79.358322][ T7072]  kthread+0x711/0x8a0
[   79.359694][ T7072]  ret_from_fork+0x3fc/0x770
[   79.361233][ T7072]  ret_from_fork_asm+0x1a/0x30
[   79.362838][ T7072] 
[   79.363654][ T7072] Second to last potentially related work creation:
[   79.365881][ T7072]  kasan_save_stack+0x3e/0x60
[   79.367554][ T7072]  kasan_record_aux_stack+0xbd/0xd0
[   79.369293][ T7072]  insert_work+0x3d/0x330
[   79.370819][ T7072]  __queue_work+0xbd9/0xfe0
[   79.372357][ T7072]  queue_work_on+0x181/0x270
[   79.374064][ T7072]  hci_abort_conn+0x1e4/0x330
[   79.375754][ T7072]  process_scheduled_works+0xae1/0x17b0
[   79.377743][ T7072]  worker_thread+0x8a0/0xda0
[   79.379309][ T7072]  kthread+0x711/0x8a0
[   79.380858][ T7072]  ret_from_fork+0x3fc/0x770
[   79.382522][ T7072]  ret_from_fork_asm+0x1a/0x30
[   79.384175][ T7072] 
[   79.385001][ T7072] The buggy address belongs to the object at ffff888022ddc000
[   79.385001][ T7072]  which belongs to the cache kmalloc-8k of size 8192
[   79.389695][ T7072] The buggy address is located 160 bytes inside of
[   79.389695][ T7072]  freed 8192-byte region [ffff888022ddc000, ffff888022dde000)
[   79.394276][ T7072] 
[   79.395193][ T7072] The buggy address belongs to the physical page:
[   79.397509][ T7072] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22dd8
[   79.400938][ T7072] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   79.404055][ T7072] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   79.406669][ T7072] page_type: f5(slab)
[   79.408118][ T7072] raw: 00fff00000000040 ffff88801a442280 ffffea00008ae800 0000000000000002
[   79.411050][ T7072] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   79.414020][ T7072] head: 00fff00000000040 ffff88801a442280 ffffea00008ae800 0000000000000002
[   79.416914][ T7072] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   79.419897][ T7072] head: 00fff00000000003 ffffea00008b7601 00000000ffffffff 00000000ffffffff
[   79.422667][ T7072] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   79.425572][ T7072] page dumped because: kasan: bad access detected
[   79.427849][ T7072] page_owner tracks the page as allocated
[   79.429890][ T7072] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5558, tgid 5558 (dhcpcd), ts 36661268335, free_ts 32601652008
[   79.437087][ T7072]  post_alloc_hook+0x240/0x2a0
[   79.438691][ T7072]  get_page_from_freelist+0x21e4/0x22c0
[   79.440601][ T7072]  __alloc_frozen_pages_noprof+0x181/0x370
[   79.442761][ T7072]  alloc_pages_mpol+0x232/0x4a0
[   79.444643][ T7072]  allocate_slab+0x8a/0x3b0
[   79.446138][ T7072]  ___slab_alloc+0xbfc/0x1480
[   79.447627][ T7072]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[   79.449652][ T7072]  kmalloc_reserve+0x136/0x290
[   79.451213][ T7072]  __alloc_skb+0x142/0x2d0
[   79.452712][ T7072]  netlink_dump+0x1c7/0xe20
[   79.454457][ T7072]  netlink_recvmsg+0x676/0xa30
[   79.456098][ T7072]  sock_recvmsg+0x22c/0x270
[   79.457623][ T7072]  ____sys_recvmsg+0x1c9/0x460
[   79.459199][ T7072]  ___sys_recvmsg+0x1b5/0x510
[   79.460748][ T7072]  __x64_sys_recvmsg+0x198/0x260
[   79.462608][ T7072]  do_syscall_64+0xfa/0x3b0
[   79.464467][ T7072] page last free pid 5268 tgid 5268 stack trace:
[   79.467009][ T7072]  __free_frozen_pages+0xc71/0xe70
[   79.469015][ T7072]  __put_partials+0x161/0x1c0
[   79.470925][ T7072]  put_cpu_partial+0x17c/0x250
[   79.472988][ T7072]  __slab_free+0x2f7/0x400
[   79.474819][ T7072]  qlist_free_all+0x97/0x140
[   79.476661][ T7072]  kasan_quarantine_reduce+0x148/0x160
[   79.478831][ T7072]  __kasan_slab_alloc+0x22/0x80
[   79.480814][ T7072]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[   79.483037][ T7072]  seq_open+0x5f/0x140
[   79.484489][ T7072]  kernfs_fop_open+0x542/0xca0
[   79.486077][ T7072]  do_dentry_open+0xdf3/0x1970
[   79.487894][ T7072]  vfs_open+0x3b/0x340
[   79.489544][ T7072]  path_openat+0x2ee5/0x3830
[   79.491382][ T7072]  do_filp_open+0x1fa/0x410
[   79.493086][ T7072]  do_sys_openat2+0x121/0x1c0
[   79.494997][ T7072]  __x64_sys_openat+0x138/0x170
[   79.496988][ T7072] 
[   79.497793][ T7072] Memory state around the buggy address:
[   79.499611][ T7072]  ffff888022ddbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   79.502508][ T7072]  ffff888022ddc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   79.505089][ T7072] >ffff888022ddc080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   79.507667][ T7072]                                ^
[   79.509466][ T7072]  ffff888022ddc100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   79.512127][ T7072]  ffff888022ddc180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   79.514921][ T7072] ==================================================================
[   79.518859][ T7072] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   79.521452][ T7072] CPU: 0 UID: 0 PID: 7072 Comm: khidpd_15c25886 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   79.525598][ T7072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   79.528763][ T7072] Call Trace:
[   79.529882][ T7072]  <TASK>
[   79.530845][ T7072]  dump_stack_lvl+0x99/0x250
[   79.532472][ T7072]  ? __asan_memcpy+0x40/0x70
[   79.534053][ T7072]  ? __pfx_dump_stack_lvl+0x10/0x10
[   79.535834][ T7072]  ? __pfx__printk+0x10/0x10
[   79.537389][ T7072]  panic+0x2db/0x790
[   79.538703][ T7072]  ? __pfx_panic+0x10/0x10
[   79.540386][ T7072]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[   79.542389][ T7072]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   79.544395][ T7072]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   79.546601][ T7072]  ? print_memory_metadata+0x314/0x400
[   79.548574][ T7072]  ? __mutex_lock+0x738/0xe80
[   79.550190][ T7072]  check_panic_on_warn+0x89/0xb0
[   79.551835][ T7072]  ? __mutex_lock+0x738/0xe80
[   79.553498][ T7072]  end_report+0x78/0x160
[   79.554921][ T7072]  kasan_report+0x129/0x150
[   79.556461][ T7072]  ? __mutex_lock+0x738/0xe80
[   79.558157][ T7072]  __mutex_lock+0x738/0xe80
[   79.559675][ T7072]  ? __mutex_lock+0x51b/0xe80
[   79.561464][ T7072]  ? l2cap_unregister_user+0x6a/0x1b0
[   79.563330][ T7072]  ? __pfx___mutex_lock+0x10/0x10
[   79.565281][ T7072]  ? __pfx___timer_delete_sync+0x10/0x10
[   79.567510][ T7072]  l2cap_unregister_user+0x6a/0x1b0
[   79.569637][ T7072]  hidp_session_thread+0x3c9/0x410
[   79.571403][ T7072]  ? __pfx_hidp_session_thread+0x10/0x10
[   79.573594][ T7072]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   79.575668][ T7072]  ? __pfx_hidp_session_wake_function+0x10/0x10
[   79.578168][ T7072]  ? __pfx_hidp_session_wake_function+0x10/0x10
[   79.580732][ T7072]  ? __kthread_parkme+0x7b/0x200
[   79.582769][ T7072]  ? __kthread_parkme+0x1a1/0x200
[   79.584837][ T7072]  kthread+0x711/0x8a0
[   79.586480][ T7072]  ? __pfx_hidp_session_thread+0x10/0x10
[   79.588330][ T7072]  ? __pfx_kthread+0x10/0x10
[   79.589871][ T7072]  ? _raw_spin_unlock_irq+0x23/0x50
[   79.591601][ T7072]  ? lockdep_hardirqs_on+0x9c/0x150
[   79.593293][ T7072]  ? __pfx_kthread+0x10/0x10
[   79.594822][ T7072]  ret_from_fork+0x3fc/0x770
[   79.596360][ T7072]  ? __pfx_ret_from_fork+0x10/0x10
[   79.598054][ T7072]  ? __switch_to_asm+0x39/0x70
[   79.599643][ T7072]  ? __switch_to_asm+0x33/0x70
[   79.601191][ T7072]  ? __pfx_kthread+0x10/0x10
[   79.602759][ T7072]  ret_from_fork_asm+0x1a/0x30
[   79.604321][ T7072]  </TASK>
[   79.606033][ T7072] Kernel Offset: disabled
[   79.607620][ T7072] Rebooting in 86400 seconds..

VM DIAGNOSIS:
10:04:13  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000066 RBX=0000000000000066 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90003fcf370
R8 =ffff888108850237 R9 =1ffff1102110a046 R10=dffffc0000000000 R11=ffffffff85474610
R12=dffffc0000000000 R13=ffffffff99ac48ef R14=ffffffff99dc9760 R15=0000000000000000
RIP=ffffffff8547468c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8650000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f7a53d7e2d8 CR3=000000002926c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00000008000003b7 fffffff800000207 XMM03=0000000300000085 00000000000004b7
XMM04=9500000003000000 8500000000000004 XMM05=b700000008000003 b7fffffff8000002
XMM06=07000000000000a2 bf00000000fff88a XMM07=7b00000000000008 b700000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f4678411c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0a649fa4e5150700 RBX=ffffffff81974d58 RCX=0a649fa4e5150700 RDX=0000000000000001
RSI=ffffffff8d9823f5 RDI=ffffffff8be28d40 RBP=ffffc90000177f20 RSP=ffffc90000177de0
R8 =ffff888136632f5b R9 =1ffff11026cc65eb R10=dffffc0000000000 R11=ffffed1026cc65ec
R12=ffffffff8fa10df0 R13=0000000000000001 R14=0000000000000001 R15=1ffff110200d6000
RIP=ffffffff8b66c4a3 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c50000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055c3c0cc4d70 CR3=000000002926c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=00ff000000000000 ff00000000000000 XMM05=0000000000003374 000000002f346f6c
XMM06=ff00000000ff0000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffffff0000 ffffffff00000000 XMM09=0065736f70003374 6e6576652f347475
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
