last executing test programs:

7.083799706s ago: executing program 2 (id=19):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x26)

7.019044902s ago: executing program 2 (id=21):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000007c0)=ANY=[@ANYBLOB="280300002d00090027bd70000000000004000000130317"], 0x328}}, 0x84)

6.938288791s ago: executing program 2 (id=23):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_AF_SPEC={0x4}, @IFLA_IFNAME={0x14, 0x3, 'sit0\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x8850}, 0x0)

6.937085678s ago: executing program 2 (id=24):
socket$xdp(0x2c, 0x3, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000640)=ANY=[@ANYRES32=<r2=>r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10)
r3 = socket$key(0xf, 0x3, 0x2)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYRES8=r3], 0x10)

6.856382893s ago: executing program 2 (id=26):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8923, &(0x7f00000000c0)={'dummy0\x00', @random="0130210100ff"})
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {0xfffffffffffffffc}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x30}, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="347afc93", @ANYRES16=r4, @ANYBLOB="00022abd7004fcdbdf250100000014000700ff02000000000000000000000000000108000800e000000204000500"], 0x34}, 0x1, 0x0, 0x0, 0x50}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r6}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r7, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000140)={0x2c, r8, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}}, 0x0)
r9 = socket(0x10, 0x3, 0xc)
write(r9, 0x0, 0x0)
unshare(0x40020000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

5.25034047s ago: executing program 2 (id=56):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x8000, @initdev={0xac, 0x1e, 0x10, 0x0}}, 0x10, 0x0, 0x0, &(0x7f00000002c0)=[@mask_fadd={0x58, 0x118, 0x8, {{}, 0x0, 0x0, 0x5c, 0x1, 0x1, 0x0, 0x0, 0x20}}, @rdma_dest={0x18, 0x114, 0x2, {0x401, 0x6}}], 0x70, 0x20000000}, 0x0)

597.258698ms ago: executing program 1 (id=143):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001780)={0x18, 0x7, &(0x7f0000001380)=@framed={{}, [@jmp={0x5, 0x0, 0x2, 0x0, 0xa, 0x2}, @generic={0x5, 0x0, 0x0, 0x2, 0x2}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}, @jmp={0x5, 0x0, 0xa, 0x0, 0x0, 0xfffffffffffffffe}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)

537.533126ms ago: executing program 1 (id=145):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff})
close(r0)
epoll_create1(0x80000)
write$cgroup_subtree(r0, 0x0, 0x0)

449.107229ms ago: executing program 0 (id=146):
r0 = socket$kcm(0x10, 0x2, 0x4)
r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r1)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
sendmsg$inet(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="5c00000014006b04000000d86e6c1d000a887ea6ea65670000000000000090f9c3dc90f8f41f8ecff32c6e020075e300250045586c8da718ad4b4460bc24eab55600000000000000bf9367b4fa51f60a64c9f4d4938037e786a6d0bd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

448.86922ms ago: executing program 1 (id=147):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000300)="4c0000001200ff09ff3a150099a283ff07b8008000f0ffff000000060040150024001d0010c411a0b598bc593ab6821148a730cc33a49868c62b2ca654a6613b6aab", 0x42}, {&(0x7f0000000440)="0000e100000000000068", 0xa}], 0x2}, 0x0)

348.203877ms ago: executing program 0 (id=148):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r1}, 0x8)
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000006c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4091, 0xffb}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000a00)=""/155, 0x9b}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_to_bridge\x00', <r2=>0x0})
setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000040)={@broadcast, @loopback, r2}, 0xc)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r3, 0x400448ca, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="3800000012000501000000000000000028001a000a01010200000000000000000000000000020000000000000000ffffe00000020a0066fa"], 0x38}}, 0x20040810)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001e40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a09040000000000000000020000000900020073797a32000000000900010073797a30000000002400048020000180080001006c6f6700140002800800064000008801080005400000000814000000110001"], 0x78}}, 0x0)
close(0x3)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write$bt_hci(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="01422006020607f6"], 0xa)
bind$bt_hci(r3, &(0x7f00000019c0)={0x1f, 0x3, 0x2}, 0x6)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000980)=@newlink={0x64, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x38, 0x2, 0x0, 0x1, [@IFLA_GTP_RESTART_COUNT={0x5, 0x6, 0x3}, @IFLA_GTP_LOCAL6={0x14, 0x8, @mcast1}, @IFLA_GTP_CREATE_SOCKETS={0x5, 0x5, 0x1}, @IFLA_GTP_CREATE_SOCKETS={0x5, 0x5, 0x1}, @IFLA_GTP_ROLE={0x8}]}}}]}, 0x64}}, 0x0)

347.991603ms ago: executing program 1 (id=149):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x9, 0x3, 0x2b0, 0x128, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x260, 0xffffffff, 0xffffffff, 0x260, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@remote, @private1={0xfc, 0x1, '\x00', 0x1}, [0x0, 0xffffff00, 0xff000000, 0xffffff00], [0x0, 0x7c50b1c8628a650e, 0xff, 0xffffff00], 'pim6reg0\x00', 'veth0_macvtap\x00', {0xff}, {}, 0x64, 0x1, 0x6, 0xa4}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@ipv6={@local, @private1, [0xff, 0xffffff00, 0xffffff00, 0xff], [0xff000000, 0xff, 0xff], 'ip6tnl0\x00', 'dvmrp1\x00', {0xff}, {}, 0x6c, 0xe1, 0x0, 0x20}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x9, 0x7, 0x100, 0x9, 'syz0\x00', 'syz1\x00', {0x3}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)

295.12203ms ago: executing program 1 (id=150):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0xc}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70)

293.986076ms ago: executing program 0 (id=151):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c00)={0x78, 0x2, 0x8, 0x201, 0x0, 0x0, {0x8440a8fc14029499, 0x0, 0x6}, [@CTA_TIMEOUT_DATA={0x34, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xecde}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x8001}]}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xffffffff}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6005}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x888e}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x78}, 0x1, 0x0, 0x0, 0x20008081}, 0x4000040)

180.843127ms ago: executing program 1 (id=152):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000003c0)='sys_enter\x00', r0}, 0x18)
nanosleep(&(0x7f0000000bc0)={0x0, 0x3938700}, 0x0)
r1 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
connect$inet6(r1, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c)
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
connect$inet6(r2, &(0x7f0000000300)={0xa, 0x4e22, 0x2, @private1, 0x5}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)

180.555125ms ago: executing program 0 (id=153):
r0 = socket$tipc(0x1e, 0x5, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000240)={0x800042, 0x1}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f00000002c0)={0x100042, 0xf7, 0x1}, 0x10)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x42}, 0x10)

82.20358ms ago: executing program 0 (id=154):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=@base={0x12, 0x2, 0x8, 0x2}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB='\a'], 0x10)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map=r1, 0x7, 0x0, 0x8, &(0x7f0000000180)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)

0s ago: executing program 0 (id=155):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000010400b500000000040000000000", @ANYRES32=0x0, @ANYBLOB="00000000001400001c00128009000100626f6e64000000000c000280080014"], 0x3c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x8000010}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:42834' (ED25519) to the list of known hosts.
syzkaller login: [   48.786830][ T5816] cgroup: Unknown subsys name 'net'
[   48.896436][ T5816] cgroup: Unknown subsys name 'cpuset'
[   48.900733][ T5816] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.609380][ T5816] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   54.795797][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.799890][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.802643][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.805946][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.813561][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   54.879922][ T5826] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   54.882744][ T5826] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   54.887002][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   54.890188][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   54.894367][ T5826] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   54.897241][ T5826] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   54.899715][ T5826] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   54.902428][ T5826] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   54.905391][ T5826] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   54.918260][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   55.032603][ T5825] chnl_net:caif_netlink_parms(): no params data found
[   55.133638][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.135901][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.138334][ T5825] bridge_slave_0: entered allmulticast mode
[   55.141135][ T5825] bridge_slave_0: entered promiscuous mode
[   55.180406][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.182625][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.185148][ T5825] bridge_slave_1: entered allmulticast mode
[   55.187842][ T5825] bridge_slave_1: entered promiscuous mode
[   55.282203][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.288030][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.290905][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   55.339860][ T5825] team0: Port device team_slave_0 added
[   55.342081][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   55.362641][ T5825] team0: Port device team_slave_1 added
[   55.436794][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.438912][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.446774][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.455494][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.457759][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.459975][ T5832] bridge_slave_0: entered allmulticast mode
[   55.462673][ T5832] bridge_slave_0: entered promiscuous mode
[   55.466280][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.468385][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.477073][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.496744][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.499148][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.501329][ T5832] bridge_slave_1: entered allmulticast mode
[   55.504818][ T5832] bridge_slave_1: entered promiscuous mode
[   55.521573][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.524131][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.526419][ T5830] bridge_slave_0: entered allmulticast mode
[   55.529079][ T5830] bridge_slave_0: entered promiscuous mode
[   55.563383][ T5825] hsr_slave_0: entered promiscuous mode
[   55.565648][ T5825] hsr_slave_1: entered promiscuous mode
[   55.568230][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.570390][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.572614][ T5830] bridge_slave_1: entered allmulticast mode
[   55.575823][ T5830] bridge_slave_1: entered promiscuous mode
[   55.580341][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.585759][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.634328][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.639143][ T5832] team0: Port device team_slave_0 added
[   55.649564][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.654711][ T5832] team0: Port device team_slave_1 added
[   55.704245][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.706492][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.715217][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.724689][ T5830] team0: Port device team_slave_0 added
[   55.727135][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.729247][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.737329][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.747806][ T5830] team0: Port device team_slave_1 added
[   55.800859][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.803074][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.811047][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.832181][ T5832] hsr_slave_0: entered promiscuous mode
[   55.835372][ T5832] hsr_slave_1: entered promiscuous mode
[   55.837542][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.840021][ T5832] Cannot create hsr debugfs directory
[   55.842184][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.845609][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.853130][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.903719][ T5830] hsr_slave_0: entered promiscuous mode
[   55.906009][ T5830] hsr_slave_1: entered promiscuous mode
[   55.908134][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.910477][ T5830] Cannot create hsr debugfs directory
[   56.011579][ T5825] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.018299][ T5825] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.034021][ T5825] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.039303][ T5825] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.150548][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   56.173593][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   56.179394][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   56.191969][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.227775][ T5830] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   56.237263][ T5830] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   56.243005][ T5830] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   56.248380][ T5830] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   56.306665][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.346080][ T5825] 8021q: adding VLAN 0 to HW filter on device team0
[   56.359252][   T29] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.361674][   T29] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.373204][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.380249][   T29] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.382521][   T29] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.406545][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.412303][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   56.423066][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.425379][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.436061][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.438320][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.455851][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   56.471670][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.473946][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.487108][   T29] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.489288][   T29] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.642781][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.677747][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.685199][ T5825] veth0_vlan: entered promiscuous mode
[   56.701221][ T5825] veth1_vlan: entered promiscuous mode
[   56.711620][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.740134][ T5825] veth0_macvtap: entered promiscuous mode
[   56.742807][ T5832] veth0_vlan: entered promiscuous mode
[   56.751548][ T5825] veth1_macvtap: entered promiscuous mode
[   56.760136][ T5832] veth1_vlan: entered promiscuous mode
[   56.780322][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.784464][ T5830] veth0_vlan: entered promiscuous mode
[   56.789718][ T5830] veth1_vlan: entered promiscuous mode
[   56.802288][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.813631][ T5825] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.816264][ T5825] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.818766][ T5825] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.821333][ T5825] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.840175][ T5832] veth0_macvtap: entered promiscuous mode
[   56.850259][ T5830] veth0_macvtap: entered promiscuous mode
[   56.852923][ T5832] veth1_macvtap: entered promiscuous mode
[   56.855078][ T5217] Bluetooth: hci0: command tx timeout
[   56.874512][ T5830] veth1_macvtap: entered promiscuous mode
[   56.889300][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.899488][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.913891][ T5832] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.918204][ T5832] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.920828][ T5832] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.924273][ T5832] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.924550][ T5217] Bluetooth: hci2: command tx timeout
[   56.931466][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.945271][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.962877][ T5830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.966602][ T5830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.969294][ T5830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.971968][ T5830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.982445][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.985939][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.003941][ T5217] Bluetooth: hci1: command tx timeout
[   57.024903][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.027338][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.063756][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.066233][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.099598][ T5825] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   57.108725][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.111052][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.132652][  T261] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.143159][  T261] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.180764][  T261] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.186453][  T261] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.506922][ T5916] warning: `syz.1.13' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   57.626092][ T5922] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   57.642785][ T5922] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[   57.772456][ T5933] netlink: 'syz.2.21': attribute type 23 has an invalid length.
[   58.872347][ T6006] netlink: 'syz.1.47': attribute type 21 has an invalid length.
[   58.923686][ T5217] Bluetooth: hci0: command tx timeout
[   59.005142][ T5217] Bluetooth: hci2: command tx timeout
[   59.690924][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.814569][ T5826] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   59.817678][ T5826] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   59.821396][ T5826] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   59.837590][ T5826] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   59.840317][ T5826] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   60.017138][ T6031] chnl_net:caif_netlink_parms(): no params data found
[   60.135645][ T6031] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.144517][ T6031] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.146767][ T6031] bridge_slave_0: entered allmulticast mode
[   60.150071][ T6031] bridge_slave_0: entered promiscuous mode
[   60.154567][ T6031] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.156754][ T6031] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.158943][ T6031] bridge_slave_1: entered allmulticast mode
[   60.162571][ T6031] bridge_slave_1: entered promiscuous mode
[   60.201384][ T6031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.212162][ T6031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.240343][ T6031] team0: Port device team_slave_0 added
[   60.245627][ T6031] team0: Port device team_slave_1 added
[   60.279052][ T6031] batman_adv: batadv0: Adding interface: batadv_slave_0
[   60.288609][ T6031] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.301420][ T6031] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   60.303730][ T6074] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   60.306151][ T6031] batman_adv: batadv0: Adding interface: batadv_slave_1
[   60.310218][ T6031] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.318162][ T6031] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   60.338748][ T6076] netlink: 248 bytes leftover after parsing attributes in process `syz.1.76'.
[   60.368972][ T6031] hsr_slave_0: entered promiscuous mode
[   60.371199][ T6031] hsr_slave_1: entered promiscuous mode
[   60.390185][ T6031] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   60.392687][ T6031] Cannot create hsr debugfs directory
[   60.405193][ T6079] netlink: 20 bytes leftover after parsing attributes in process `syz.0.77'.
[   60.411051][ T6079] netlink: 20 bytes leftover after parsing attributes in process `syz.0.77'.
[   60.638991][ T6097] netlink: 20 bytes leftover after parsing attributes in process `syz.0.85'.
[   60.769497][ T6110] netlink: 8 bytes leftover after parsing attributes in process `syz.1.88'.
[   60.782585][ T6110] netlink: 8 bytes leftover after parsing attributes in process `syz.1.88'.
[   61.005571][ T5826] Bluetooth: hci0: command tx timeout
[   61.061645][ T5295] hid-generic 0005:04F3:8002.0001: collection stack underflow
[   61.074528][ T5295] hid-generic 0005:04F3:8002.0001: item 0 0 0 12 parsing failed
[   61.077404][ T5295] hid-generic 0005:04F3:8002.0001: probe with driver hid-generic failed with error -22
[   61.083461][ T5826] Bluetooth: hci2: command tx timeout
[   61.130631][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.167414][ T6149] x_tables: ip_tables: HMARK.0 target: invalid size 64 (kernel) != (user) 72
[   61.192685][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.216015][ T6151] netlink: 68 bytes leftover after parsing attributes in process `syz.1.103'.
[   61.282523][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.348169][ T6165] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   61.348695][ T6164] netlink: 20 bytes leftover after parsing attributes in process `syz.1.109'.
[   61.528317][   T13] bridge_slave_1: left allmulticast mode
[   61.530715][   T13] bridge_slave_1: left promiscuous mode
[   61.533212][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.571536][   T13] bridge_slave_0: left allmulticast mode
[   61.573848][   T13] bridge_slave_0: left promiscuous mode
[   61.575972][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.818064][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   61.822590][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   61.826720][   T13] bond0 (unregistering): Released all slaves
[   61.894782][ T5826] Bluetooth: hci1: command tx timeout
[   61.952829][ T6192] netlink: 'syz.1.119': attribute type 4 has an invalid length.
[   62.168955][   T13] hsr_slave_0: left promiscuous mode
[   62.171004][   T13] hsr_slave_1: left promiscuous mode
[   62.172974][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   62.182717][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[   62.188478][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   62.190709][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[   62.205733][   T13] veth1_macvtap: left promiscuous mode
[   62.207609][   T13] veth0_macvtap: left promiscuous mode
[   62.209460][   T13] veth1_vlan: left promiscuous mode
[   62.211197][   T13] veth0_vlan: left promiscuous mode
[   63.084323][ T5826] Bluetooth: hci0: command tx timeout
[   63.164392][ T5826] Bluetooth: hci2: command tx timeout
[   63.418030][   T13] team0 (unregistering): Port device team_slave_1 removed
[   63.438048][   T13] team0 (unregistering): Port device team_slave_0 removed
[   63.646806][ T6212] batadv_slave_1: entered promiscuous mode
[   63.656037][ T6212] batadv_slave_1: left promiscuous mode
[   63.706995][ T6031] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   63.735321][ T6031] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   63.751194][ T6031] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   63.760921][ T6031] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   63.804400][ T6237] netem: incorrect gi model size
[   63.806085][ T6237] netem: change failed
[   63.930529][ T6031] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.950298][ T6031] 8021q: adding VLAN 0 to HW filter on device team0
[   63.963344][ T5826] Bluetooth: hci1: command tx timeout
[   63.965328][   T29] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.967507][   T29] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.996221][   T29] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.998411][   T29] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.265890][ T6031] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.329351][ T6031] veth0_vlan: entered promiscuous mode
[   64.338440][ T6031] veth1_vlan: entered promiscuous mode
[   64.346970][ T6283] netlink: 'syz.1.147': attribute type 29 has an invalid length.
[   64.350185][ T6283] netlink: 8 bytes leftover after parsing attributes in process `syz.1.147'.
[   64.377450][ T6031] veth0_macvtap: entered promiscuous mode
[   64.385104][ T6031] veth1_macvtap: entered promiscuous mode
[   64.418984][ T6031] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.432898][ T6031] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.450600][ T6031] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.453189][ T6031] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.459357][ T6031] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.462026][ T6031] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.566626][  T261] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.576856][  T261] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.639106][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.644182][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.791781][ T6305] netlink: 12 bytes leftover after parsing attributes in process `syz.0.155'.
[   64.799686][ T6140] ==================================================================
[   64.802171][ T6140] BUG: KASAN: slab-use-after-free in __mutex_lock+0x738/0xe80
[   64.804390][ T6140] Read of size 8 at addr ffff888011ac00a0 by task khidpd_04f38002/6140
[   64.806341][ T6305] netlink: 'syz.0.155': attribute type 20 has an invalid length.
[   64.807489][ T6140] 
[   64.807516][ T6140] CPU: 1 UID: 0 PID: 6140 Comm: khidpd_04f38002 Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 PREEMPT(full) 
[   64.807528][ T6140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   64.807535][ T6140] Call Trace:
[   64.807541][ T6140]  <TASK>
[   64.807546][ T6140]  dump_stack_lvl+0x189/0x250
[   64.807559][ T6140]  ? __virt_addr_valid+0x1c8/0x5c0
[   64.807569][ T6140]  ? rcu_is_watching+0x15/0xb0
[   64.807578][ T6140]  ? __kasan_check_byte+0x12/0x40
[   64.807588][ T6140]  ? __pfx_dump_stack_lvl+0x10/0x10
[   64.807597][ T6140]  ? rcu_is_watching+0x15/0xb0
[   64.807605][ T6140]  ? lock_release+0x4b/0x3e0
[   64.807613][ T6140]  ? __virt_addr_valid+0x1c8/0x5c0
[   64.807623][ T6140]  ? __virt_addr_valid+0x4a5/0x5c0
[   64.807632][ T6140]  print_report+0xd2/0x2b0
[   64.807639][ T6140]  ? __mutex_lock+0x738/0xe80
[   64.807647][ T6140]  kasan_report+0x118/0x150
[   64.807656][ T6140]  ? __mutex_lock+0x738/0xe80
[   64.807664][ T6140]  __mutex_lock+0x738/0xe80
[   64.807672][ T6140]  ? __mutex_lock+0x51b/0xe80
[   64.807679][ T6140]  ? l2cap_unregister_user+0x6a/0x1b0
[   64.807692][ T6140]  ? __pfx___mutex_lock+0x10/0x10
[   64.807701][ T6140]  ? __pfx___timer_delete_sync+0x10/0x10
[   64.807713][ T6140]  l2cap_unregister_user+0x6a/0x1b0
[   64.807725][ T6140]  hidp_session_thread+0x3c9/0x410
[   64.807734][ T6140]  ? __pfx_hidp_session_thread+0x10/0x10
[   64.807740][ T6140]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   64.807751][ T6140]  ? __pfx_hidp_session_wake_function+0x10/0x10
[   64.807760][ T6140]  ? __pfx_hidp_session_wake_function+0x10/0x10
[   64.807767][ T6140]  ? __kthread_parkme+0x7b/0x200
[   64.807776][ T6140]  ? __kthread_parkme+0x1a1/0x200
[   64.807786][ T6140]  kthread+0x711/0x8a0
[   64.807797][ T6140]  ? __pfx_hidp_session_thread+0x10/0x10
[   64.807804][ T6140]  ? __pfx_kthread+0x10/0x10
[   64.807813][ T6140]  ? _raw_spin_unlock_irq+0x23/0x50
[   64.807823][ T6140]  ? lockdep_hardirqs_on+0x9c/0x150
[   64.807834][ T6140]  ? __pfx_kthread+0x10/0x10
[   64.807843][ T6140]  ret_from_fork+0x3fc/0x770
[   64.807852][ T6140]  ? __pfx_ret_from_fork+0x10/0x10
[   64.807868][ T6140]  ? __switch_to_asm+0x39/0x70
[   64.807877][ T6140]  ? __switch_to_asm+0x33/0x70
[   64.807886][ T6140]  ? __pfx_kthread+0x10/0x10
[   64.807895][ T6140]  ret_from_fork_asm+0x1a/0x30
[   64.807908][ T6140]  </TASK>
[   64.807911][ T6140] 
[   64.879155][ T6140] Allocated by task 6031:
[   64.880495][ T6140]  kasan_save_track+0x3e/0x80
[   64.881992][ T6140]  __kasan_kmalloc+0x93/0xb0
[   64.883426][ T6140]  __kmalloc_noprof+0x27a/0x4f0
[   64.884911][ T6140]  hci_alloc_dev_priv+0x28/0x2040
[   64.886425][ T6140]  vhci_create_device+0x120/0x6e0
[   64.887994][ T6140]  vhci_write+0x3ce/0x4a0
[   64.889323][ T6140]  vfs_write+0x54b/0xa90
[   64.890590][ T6140]  ksys_write+0x145/0x250
[   64.891896][ T6140]  do_syscall_64+0xfa/0x3b0
[   64.893285][ T6140]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.895090][ T6140] 
[   64.895830][ T6140] Freed by task 6031:
[   64.897054][ T6140]  kasan_save_track+0x3e/0x80
[   64.898477][ T6140]  kasan_save_free_info+0x46/0x50
[   64.900000][ T6140]  __kasan_slab_free+0x62/0x70
[   64.901400][ T6140]  kfree+0x18e/0x440
[   64.902577][ T6140]  bt_host_release+0x82/0x90
[   64.903988][ T6140]  device_release+0x9c/0x1c0
[   64.905364][ T6140]  kobject_put+0x22b/0x480
[   64.906733][ T6140]  vhci_release+0x88/0xd0
[   64.908021][ T6140]  __fput+0x44c/0xa70
[   64.909203][ T6140]  task_work_run+0x1d4/0x260
[   64.910613][ T6140]  do_exit+0x6b5/0x22e0
[   64.911848][ T6140]  do_group_exit+0x21c/0x2d0
[   64.913248][ T6140]  __x64_sys_exit_group+0x3f/0x40
[   64.914772][ T6140]  x64_sys_call+0x21ba/0x21c0
[   64.916181][ T6140]  do_syscall_64+0xfa/0x3b0
[   64.917555][ T6140]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.919368][ T6140] 
[   64.920101][ T6140] Last potentially related work creation:
[   64.921805][ T6140]  kasan_save_stack+0x3e/0x60
[   64.923229][ T6140]  kasan_record_aux_stack+0xbd/0xd0
[   64.924784][ T6140]  insert_work+0x3d/0x330
[   64.926132][ T6140]  __queue_work+0xbd9/0xfe0
[   64.927471][ T6140]  queue_work_on+0x181/0x270
[   64.928822][ T6140]  process_scheduled_works+0xae1/0x17b0
[   64.930459][ T6140]  worker_thread+0x8a0/0xda0
[   64.931818][ T6140]  kthread+0x711/0x8a0
[   64.933063][ T6140]  ret_from_fork+0x3fc/0x770
[   64.934455][ T6140]  ret_from_fork_asm+0x1a/0x30
[   64.935839][ T6140] 
[   64.936559][ T6140] Second to last potentially related work creation:
[   64.938470][ T6140]  kasan_save_stack+0x3e/0x60
[   64.939847][ T6140]  kasan_record_aux_stack+0xbd/0xd0
[   64.941433][ T6140]  insert_work+0x3d/0x330
[   64.942708][ T6140]  __queue_work+0xcfc/0xfe0
[   64.944068][ T6140]  call_timer_fn+0x17e/0x5f0
[   64.945467][ T6140]  __run_timer_base+0x646/0x860
[   64.946908][ T6140]  run_timer_softirq+0xb7/0x180
[   64.948359][ T6140]  handle_softirqs+0x286/0x870
[   64.949829][ T6140]  __irq_exit_rcu+0xca/0x1f0
[   64.951198][ T6140]  irq_exit_rcu+0x9/0x30
[   64.952470][ T6140]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   64.954188][ T6140]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   64.955989][ T6140] 
[   64.956730][ T6140] The buggy address belongs to the object at ffff888011ac0000
[   64.956730][ T6140]  which belongs to the cache kmalloc-8k of size 8192
[   64.960878][ T6140] The buggy address is located 160 bytes inside of
[   64.960878][ T6140]  freed 8192-byte region [ffff888011ac0000, ffff888011ac2000)
[   64.964913][ T6140] 
[   64.965644][ T6140] The buggy address belongs to the physical page:
[   64.967543][ T6140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ac0
[   64.970148][ T6140] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   64.972603][ T6140] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   64.974814][ T6140] page_type: f5(slab)
[   64.976010][ T6140] raw: 00fff00000000040 ffff88801a442280 dead000000000100 dead000000000122
[   64.978527][ T6140] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   64.981086][ T6140] head: 00fff00000000040 ffff88801a442280 dead000000000100 dead000000000122
[   64.983670][ T6140] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   64.986234][ T6140] head: 00fff00000000003 ffffea000046b001 00000000ffffffff 00000000ffffffff
[   64.988815][ T6140] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   64.991372][ T6140] page dumped because: kasan: bad access detected
[   64.993268][ T6140] page_owner tracks the page as allocated
[   64.994938][ T6140] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5574, tgid 5574 (dhcpcd), ts 32342347649, free_ts 29144770448
[   65.000890][ T6140]  post_alloc_hook+0x240/0x2a0
[   65.002336][ T6140]  get_page_from_freelist+0x21e4/0x22c0
[   65.004031][ T6140]  __alloc_frozen_pages_noprof+0x181/0x370
[   65.005751][ T6140]  alloc_pages_mpol+0x232/0x4a0
[   65.007222][ T6140]  allocate_slab+0x8a/0x3b0
[   65.008562][ T6140]  ___slab_alloc+0xbfc/0x1480
[   65.009981][ T6140]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[   65.011868][ T6140]  kmalloc_reserve+0x136/0x290
[   65.013353][ T6140]  __alloc_skb+0x142/0x2d0
[   65.014681][ T6140]  netlink_dump+0x169/0xe90
[   65.016039][ T6140]  netlink_recvmsg+0x676/0xa30
[   65.017462][ T6140]  sock_recvmsg+0x22c/0x270
[   65.018831][ T6140]  ____sys_recvmsg+0x1c9/0x460
[   65.020269][ T6140]  ___sys_recvmsg+0x1b5/0x510
[   65.021685][ T6140]  __x64_sys_recvmsg+0x198/0x260
[   65.023154][ T6140]  do_syscall_64+0xfa/0x3b0
[   65.024544][ T6140] page last free pid 5282 tgid 5282 stack trace:
[   65.026389][ T6140]  __free_frozen_pages+0xc71/0xe70
[   65.027903][ T6140]  __put_partials+0x161/0x1c0
[   65.029332][ T6140]  put_cpu_partial+0x17c/0x250
[   65.030765][ T6140]  __slab_free+0x2f7/0x400
[   65.032174][ T6140]  qlist_free_all+0x97/0x140
[   65.033541][ T6140]  kasan_quarantine_reduce+0x148/0x160
[   65.035158][ T6140]  __kasan_slab_alloc+0x22/0x80
[   65.036603][ T6140]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[   65.038364][ T6140]  shmem_alloc_inode+0x28/0x40
[   65.039842][ T6140]  alloc_inode+0x6a/0x1b0
[   65.041211][ T6140]  new_inode+0x22/0x170
[   65.042480][ T6140]  shmem_get_inode+0x346/0xe90
[   65.043928][ T6140]  shmem_symlink+0xa3/0x510
[   65.045303][ T6140]  vfs_symlink+0x143/0x2f0
[   65.046621][ T6140]  do_symlinkat+0x1b1/0x3f0
[   65.047975][ T6140]  __x64_sys_symlink+0x7a/0x90
[   65.049396][ T6140] 
[   65.050133][ T6140] Memory state around the buggy address:
[   65.051768][ T6140]  ffff888011abff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   65.054157][ T6140]  ffff888011ac0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.056613][ T6140] >ffff888011ac0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.059055][ T6140]                                ^
[   65.060615][ T6140]  ffff888011ac0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.063061][ T6140]  ffff888011ac0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.065417][ T6140] ==================================================================
[   65.068666][ T6140] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   65.070928][ T6140] CPU: 1 UID: 0 PID: 6140 Comm: khidpd_04f38002 Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 PREEMPT(full) 
[   65.074855][ T6140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   65.077887][ T6140] Call Trace:
[   65.078913][ T6140]  <TASK>
[   65.079828][ T6140]  dump_stack_lvl+0x99/0x250
[   65.081222][ T6140]  ? __asan_memcpy+0x40/0x70
[   65.082590][ T6140]  ? __pfx_dump_stack_lvl+0x10/0x10
[   65.084177][ T6140]  ? __pfx__printk+0x10/0x10
[   65.085615][ T6140]  panic+0x2db/0x790
[   65.086785][ T6140]  ? __pfx_panic+0x10/0x10
[   65.088142][ T6140]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[   65.089932][ T6140]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   65.091783][ T6140]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   65.093819][ T6140]  ? print_memory_metadata+0x314/0x400
[   65.095451][ T6140]  ? __mutex_lock+0x738/0xe80
[   65.096920][ T6140]  check_panic_on_warn+0x89/0xb0
[   65.098450][ T6140]  ? __mutex_lock+0x738/0xe80
[   65.099880][ T6140]  end_report+0x78/0x160
[   65.101207][ T6140]  kasan_report+0x129/0x150
[   65.102613][ T6140]  ? __mutex_lock+0x738/0xe80
[   65.104080][ T6140]  __mutex_lock+0x738/0xe80
[   65.105502][ T6140]  ? __mutex_lock+0x51b/0xe80
[   65.106997][ T6140]  ? l2cap_unregister_user+0x6a/0x1b0
[   65.108679][ T6140]  ? __pfx___mutex_lock+0x10/0x10
[   65.110278][ T6140]  ? __pfx___timer_delete_sync+0x10/0x10
[   65.112161][ T6140]  l2cap_unregister_user+0x6a/0x1b0
[   65.114070][ T6140]  hidp_session_thread+0x3c9/0x410
[   65.115674][ T6140]  ? __pfx_hidp_session_thread+0x10/0x10
[   65.117419][ T6140]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   65.119238][ T6140]  ? __pfx_hidp_session_wake_function+0x10/0x10
[   65.121164][ T6140]  ? __pfx_hidp_session_wake_function+0x10/0x10
[   65.123106][ T6140]  ? __kthread_parkme+0x7b/0x200
[   65.124616][ T6140]  ? __kthread_parkme+0x1a1/0x200
[   65.126125][ T6140]  kthread+0x711/0x8a0
[   65.127403][ T6140]  ? __pfx_hidp_session_thread+0x10/0x10
[   65.129172][ T6140]  ? __pfx_kthread+0x10/0x10
[   65.130628][ T6140]  ? _raw_spin_unlock_irq+0x23/0x50
[   65.132405][ T6140]  ? lockdep_hardirqs_on+0x9c/0x150
[   65.134016][ T6140]  ? __pfx_kthread+0x10/0x10
[   65.135406][ T6140]  ret_from_fork+0x3fc/0x770
[   65.136772][ T6140]  ? __pfx_ret_from_fork+0x10/0x10
[   65.138280][ T6140]  ? __switch_to_asm+0x39/0x70
[   65.139717][ T6140]  ? __switch_to_asm+0x33/0x70
[   65.141192][ T6140]  ? __pfx_kthread+0x10/0x10
[   65.142643][ T6140]  ret_from_fork_asm+0x1a/0x30
[   65.144124][ T6140]  </TASK>
[   65.145628][ T6140] Kernel Offset: disabled
[   65.146900][ T6140] Rebooting in 86400 seconds..

VM DIAGNOSIS:
21:46:48  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=1ffff11021606db6 RCX=ffff888020ba3980 RDX=0000000000000002
RSI=0000000000000000 RDI=0000000000000000 RBP=ffffc9000309ef60 RSP=ffffc9000309ed40
R8 =ffff88802e12d35f R9 =0000000000000000 R10=ffff88802e12d250 R11=ffffed1005c25a6c
R12=dffffc0000000000 R13=dffffc0000000000 R14=0000000000000001 R15=1ffffffff1839610
RIP=ffffffff84f5c70a RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f2049ccd6c0 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b3001eff8 CR3=0000000021efe000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f2048e11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000033 RBX=0000000000000033 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90004ccf370
R8 =ffff888108330237 R9 =1ffff11021066046 R10=dffffc0000000000 R11=ffffffff85478780
R12=dffffc0000000000 R13=ffffffff99af98d2 R14=ffffffff99dfe6e0 R15=0000000000000000
RIP=ffffffff854787fc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b30115ff8 CR3=0000000111b32000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=00ff000000000000 ff00000000000000 XMM05=0000000000003021 00302d0034303a00
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffffff0000 ff0000ff000000ff XMM09=313030302e323030 383a334634303a35
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
