last executing test programs:

1.122469981s ago: executing program 2 (id=1252):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000340)={0x3, {{0x2, 0x4e23, @multicast1}}, {{0x2, 0x0, @remote}}}, 0x108)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, 0x0, &(0x7f0000000340))
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000480)={0x6, {{0x2, 0x400, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108)
getsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1)

1.122125499s ago: executing program 2 (id=1254):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0xa}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}, 0x48)
listen(r0, 0x1ad72f7)
socket$igmp6(0xa, 0x3, 0x2)
accept4(r0, 0x0, 0x0, 0x80000)
accept4$netrom(r0, 0x0, 0x0, 0x80000)

519.897736ms ago: executing program 1 (id=1273):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xe, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8e}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x41}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x32}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

439.7489ms ago: executing program 1 (id=1274):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000017c0)=@newqdisc={0x5c, 0x24, 0xf0b, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x9}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x8, 0x80, 0x80, 0x0, 0x9, 0x7}}, {0x4}}]}]}, 0x5c}}, 0x0)

380.01473ms ago: executing program 1 (id=1276):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0)
write$nci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="41040101040403"], 0x7)

263.00282ms ago: executing program 1 (id=1279):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x4000)
r2 = socket$netlink(0x10, 0x3, 0x0)
syz_80211_join_ibss(&(0x7f0000000000)='wlan0\x00', 0x0, 0x0, 0x2)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

209.76823ms ago: executing program 2 (id=1280):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000180)={'vxcan1\x00', <r2=>0x0})
bind$802154_dgram(0xffffffffffffffff, 0x0, 0x0)
r3 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000040)={0x1d, r4, 0x2, {0x1, 0xf0, 0x4}, 0xfe}, 0x18)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x470bd25, 0x21dfdbfb, {0x0, 0x0, 0x0, r2, {0x1, 0x6}, {0xffff, 0xb}, {0xc}}}, 0x24}}, 0x40)
sendto$l2tp6(r3, &(0x7f0000000400)="28d7820168e3e85b18f7dbd5f962e8471948fc5975e5dc2c", 0x18, 0x20000010, 0x0, 0x0)

209.660367ms ago: executing program 0 (id=1281):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x3, 0x25dfdbfa, {0x0, 0x0, 0x0, 0x0, 0x190, 0xf1f80502f07a58b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_PACKETS_PER_SLAVE={0x8, 0x14, 0xff}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40010}, 0x240080c1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x0)

155.784773ms ago: executing program 1 (id=1282):
pipe(&(0x7f0000019480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f0000000580)=[{0x0}, {&(0x7f0000002040)="7c06930c0963a94a374e765d56084f6694157fcf85c4702a3857799ae1273225b7f2df59bda679e4e112653c8f94cf041bc431657679353edaca7547afd3ffc67a486159a489e9423eb1674fb6bd7d52b494aa68c411f3ef247cb891f5e3ef248e8115be5844ef1126d3652c0a471db54cb72a1046452ce8a920810873cb5b5add932b613b41b2681a71352ccb786da545e3181375630020f96dc03b7a033aad45fa3e960f99d43c33fa7c28c7531ee65c7b3df51cb9bc14605c21bdc0320554ee0a8aac17538360e5164208270bf0b40b47a4b5ccc7ab1eff505c7eb4421ee108987d41a62dfbcf6f86e95ebf6c77ba46ae8380db44cde795b638a2d1c84f51df1caff31113aa5dfe98f1ded85a9e1ac832033284f088b118a718afd3c296ec66285cd21d8a7f2e2f2209a56995615c29008de3a4ff207ea3c650de92b53a95130d853b68ed9dc94b2bdf9d71f600c21f7cef96296a05873907ba78d9a7ddae795988ab545ae954bc1541212972afa698ed184485e196fca866a99875c4500722a43d35ca2ccf487c67859aee1f1ebd21b4cfe1fbb6ba377da0143127caf0ccfbcf549b3271cb1d03e4a6bd1300039fe4e9c6a3ee304b95361cbf78e33702fd41ee183c99844aaf8e9dd068cb9e99b580340242fa0548e137a54986c774d473e686271b87cb72e57c5c279cc4ecbd941292bedea93cc140761a25850f8e967953a220356570441d35bec904a1bc62fe1b1f017b86b61d8b8caf854c89249f4b26e2ba2026927d4cc108da7a930dfbe5ea9a5a5c9e436eeec9025d60fb9480fed0d9ae1d65c7e97f833149e53b2ae1b006b2e14321eba37218fd5534e7af3b7dc8b388f8fad2b43dd5af651080280e71c3f8290d70c48521ac36b023495b9866997846d5ebffc5770f0ea2392c44c86ccc530ab3afff6aa913f1af346dede59906820e736be5f8f8e9e4efcbefa41ca460a53818ac2661f099bc759ca102249221f9a81ee8dd4271699b48c9bf01ed4eb56bff5f82c56df3d010a6443426f87749ac953d84ac6e62526dd215fe351a1957ff999c7e88ec6b523d98a29ffe99038f5129ce787d78f43bf242ecd82e75f3f490973def2184a57a577c8a36a7105109a6cb19ce091703a1ceb8ad577ad8ab93ca9887e8d2b17c9d1d878fbdb1ef037e68dc00899912de74b3601dcd734ec6ad53598a6232af7e36bcd41bae8b7cc1ccb5a6f257cb49a20b0adc2d8e86c904afcce50de98284cde5ee5f39d31715749a1fcb4797eff2b443b6dc19b8aab8c267265cebd50c7d693e5fec35ee66dadc7a518e73a04cc9b5d4f28f212b6eb00415f61937de716c3100a35cc973cd5396fee8518c73967b1e06dadd9f0f50a9bd803a3e2d007edaebd81233bd8d0f080ff3f2a1c98b510ee95b55aa946353e41a2c188e90f43fe4eb02679ff9dfee0115e9ab9acc0e4aa5ef50f8fbaba2a39e7eec55f417ffc312ae10fa6a2624db2bb6e10dcd31c23ad113424ac04728d05c91860ce9c51e17ea4ea8eb547f222ceebe31bbe620525ab72ed9c4b94c7b7a4601963d47853c4ada88f89a3870ab63eca169ce89bffaa74fe53cffc076d7108a98e0ce312ca97456d552915765522ed1f0e76aed0c9f66cf45d6c069f246cefd000ff47c6a8a06debcb7a117d7ae38a9889b1644c1b3be8c019a88452860d017e08e5b95af5f44bfe2b32a2777d067eb78b89eee130a93ae41e065b4ddf1813f168f27f6c151f8b72755b6fd26faa7b74235c6102a2cc6f5e9f97a4c6002567bd462fea650c9f5fa21db0b8a188148eceb9c3b8cf976ec38cdd0f2328f9efc9361ba22c446f36f3a3eabc6959caec635c0789474dcf542357b4a58c42a271129e122e16c4ff72f2da123e88ef46e2148a53e1c4a6d728d793dbc7b0052b43c4545becb5865a83ec6096b7166594b157dd552bf0bbf02b43f167b3a87119e2056e032010c79e07f4cc93cb98af71de762933fabe7ff36c077f8a40a3eaee02ad964bb7ff1d6df50e36c625e4f26a336d27b68ebf406049de4526f18bee54bfcfe57dcf5a0a6f4623dc2bd6fa3f3b3dd91e396354eed7ba8e7caed8f57b5fd9a6b9b459dabd8958e6093303f9e88f506f6d9365b6e8eb144adfade31cfb6d1b3691e6892b2e636aa2f3449e5b03ac7dc33f626f172469d92abcf146b2cb586314d02e1b5726a6ae21d38712dbba55cf193914a0cae37dd6e8d40188965a4ec5783b5fab6c2745acf2d0d8e7e16523a30201dd3c3aaf7a0051989f7ce7cf147533c74beccad3eac56787ca45b74df41b5512ff1589866af4e2e1702661d09fcea936a2b46d70a8215634f10e561abeccad738eeff32ceb3b2928e14fc00b3c77a78e8a028710616200f20e3f88a60dacfe90b1fa1a04431967ebd301cabcaa1ea3768b8af703051df26ddeda8886948379e682566b49b4d44477ac27de57a043d7672b1c761f761d17d395c44f5aae3ce8a520533aa4b3f65d437539932e556f30605ceb3c5f9948f00649cf5097dee7b3c0434ad5365a5c2abcabc8e0e100bdebdc251bca1d18b5c755ef93be2fd1c72aa05a0d0c97dfe1924fe9e250bad269c0822b940cdff2f9496e2f616b0604ba499b97c0ae1ee3b50b92688dbde19a9b605831b791474ed9b27f49481e6fe3a343ed8af4ac5232ae424496ed6ea13dcd5170c51b69f8bd6e98cdadd9703cbcf32aa0bff9f23cc4cb791ada7d51088bd16abf9195a4f2afde153b677a2f16fd40f20b605ea96e493905dcb9be34b3e9d2014a7d677064983f7a0ea2e9776f6df1fc08a28c46e73e590f5a11874b9278a9f18d06931df951b990e83334c74026266d1b51d99c797b8d9ca22449bf3d5d5bd3346d2f709899c22d13795a3c0d61b296e6ff0c2baca9679e26f7d5ada547aedd218f9d55348c7e28569396081c1ee9cc253f79fa91c79732762ee51f1df98880df0a34ca95e0b5fad543e3cad00b41c763f7e28cf7f44dd8f7513c6cc8213b4c2024b2ef017996a84020c3816a6f5dcac2c758dc0b106996b3b5fc1366d308836208e22b53005481d95762a7c47056f67611800ed7cfa632aa563423bef2353e7a5c2c1147d9c7ac5202cbe274ab8dd337fbdc451f030176a4a84f39438c21184de83b228433b0c0c022710c38df4ee5006006edeb597b10ea3514ca072e1728aebd1ffcff18949df06877920a5f261d806d09b009347ad28228034ff3c7cdb4f71dd8f9fdeb8c8faad1acffbcea4bec853e7733b3a1f1adf0253416d62c05392271f61f30ba9bd56d01706c4238b1955f87fae71a08c0e5c47e61edb85ff640f741a59960beef7ac83a7e3fbd4ae22db13234e97e8c4df9601ed702204f3bb2244f34421630e44412b6a1c44bbfd4fb9f7af9f9395da443440901a492185b39efde8165f4c0e7cf8647642be53dfdb8ed7f1579fb3492946bbba81d8a2e30e9120a2e6001d10914620bc13a28794bd0c64afa3af4fcd55a04dfb0bd7d000be614ff9d1383f8b570bffcc6bf2cf6c01ea332948d553285f557bd811249f620bfba2bc9ffab49f248bec3a541770a48b7e898bf4cb1ca81bf687db9701ddbc9d5bf2601fc6fd749b639fc571a3d44c9c92545b7474326e16949691650e99eeb9669fcbeebcbe32c0050e9ac9374c8180debaeb8dd5d89b9e5f6e45d12d4ec3a4e9bf2a5e438c3a9a9290945b203decd0192d0de1f14fe4b919f11e9ab9d092e268ae0b2dd7330a95172ca4ae473e2e622a1206ad0eb8ddf1b4bf854571bfa9d068b2cd03e75b7860ad6da012db37be4706959c9233d9bf36dfe6b6682256dcedcc32239ab6ab12f67d85f868828cbf594d1048716544fa9f065ae78896b63b56c05893a0bb49ba5258ac8611b1cdacacead6ddb9833fd8f7936bc002d82358a3217956de79da9b45f4cba65458290ec96d13a2aa1bf418cacaef2e76443bc38c30404aa07268966e3b234502e1babbf01d18b6b20ff615dfe5e8935aaa66e5d07a150684b7af3e7b18bba755f302873fc0660da9a454704163565a3b3c18bf0c6cafb9bb7f5e217ba4e6e765771fb09baaba5a2af28b3a62bd13c493989d193c41f7bcacbfa918df6734c01a685e8f5b3550214668f74eea986a6d11100792c08a4974f9b8b77533c1ccc54a68fcd8fec8e7613fa4746ad4a8948c7c97da9ccdbb21ef339d22d06cba86c9b23dd079b700f080bb827a8ba9f76bf51a6d7547e19e415469d574883ccb70772b449306f44e70f82636968dee93e8c7cf3336804ba9d2ed3c0691bcd05b0aae7f56b8fee67a13d0f591c203e200af4d7ef73c37a0ea10faa2c72b855eea8603d1fed8f9d0f0e0e3faef40be37bb372e1cd2e1781c4016eaeff29b4d21deb153852a1667cf04a35edbd8df0e94f6f1cdcbf5550e83e17c06085e4378fc2d9eaa72abe0a43d95f7a385d7287918027f7ee94233bd0c", 0xc4e}], 0x2, 0x3)
close(r1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000300)=0x1, 0x4)
connect$inet(r2, &(0x7f00000006c0)={0x2, 0x0, @empty}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000900)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r2, &(0x7f0000001ec0)=[{{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000780)="92", 0x1}], 0x1}}], 0x1, 0x4008440)
splice(r0, 0x0, r1, 0x0, 0x10500, 0x0)

155.618083ms ago: executing program 0 (id=1283):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r0 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r0, 0x0, 0x0)
socket$inet(0x2, 0x1, 0x0)
socket(0x10, 0x3, 0x0)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r2, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r1], 0x38}}, 0x10)

110.218506ms ago: executing program 1 (id=1284):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xb}, @NFTA_SET_EXPRESSIONS={0x24, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0xc, 0x1, 0x0, 0x1, @dup={{0x8}, @void}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x90}, 0x1, 0x0, 0x0, 0x4044050}, 0x40)

110.11058ms ago: executing program 2 (id=1285):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x2}, 0x8)
sendto$inet(r0, &(0x7f0000000100)="ab", 0x34000, 0x40048c4, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10)

110.053185ms ago: executing program 0 (id=1286):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x8001, r0, 0x4}, 0x38)

59.557036ms ago: executing program 2 (id=1287):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x16, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000015090100000000009500000000000000de9a00000000000056080000000000008500000005000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

59.387721ms ago: executing program 0 (id=1288):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x2000000, 0x12, r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000069000010000000004000050018010000696c6c2500000000002020207b1af8ff00000000bfa1000000000000070100fef7ffffffb702000008000000b70300000040000585000000b400000095"], &(0x7f0000000040)='syzkaller\x00', 0x9, 0xfcc, &(0x7f0000001e00)=""/4044, 0x100, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94)

287.703µs ago: executing program 0 (id=1289):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x68}}, 0x0)

141.934µs ago: executing program 2 (id=1290):
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0xb, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0)

0s ago: executing program 0 (id=1291):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd70000000000005000000180001801400020073797a5f74756e000000000000000000240003801c0003800c00018008000100000000000c89d8000000000000000000040001"], 0x50}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:29729' (ED25519) to the list of known hosts.
syzkaller login: [   49.102614][ T5773] cgroup: Unknown subsys name 'net'
[   49.213970][ T5773] cgroup: Unknown subsys name 'cpuset'
[   49.222134][ T5773] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   51.014039][ T5773] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   55.821929][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   55.826880][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   55.830815][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   55.834972][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   55.838399][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   55.858605][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   55.862306][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   55.865131][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   55.868510][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   55.871402][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   55.966469][ T5853] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   55.971067][ T5853] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   55.974938][ T5853] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   55.979623][ T5853] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   55.982328][ T5853] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   56.084726][ T5843] chnl_net:caif_netlink_parms(): no params data found
[   56.113400][ T5847] chnl_net:caif_netlink_parms(): no params data found
[   56.234676][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.237975][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.242231][ T5843] bridge_slave_0: entered allmulticast mode
[   56.246200][ T5843] bridge_slave_0: entered promiscuous mode
[   56.265939][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.268940][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.272113][ T5843] bridge_slave_1: entered allmulticast mode
[   56.275878][ T5843] bridge_slave_1: entered promiscuous mode
[   56.292180][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.294897][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.297654][ T5847] bridge_slave_0: entered allmulticast mode
[   56.300755][ T5847] bridge_slave_0: entered promiscuous mode
[   56.321097][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.323577][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.326072][ T5847] bridge_slave_1: entered allmulticast mode
[   56.329229][ T5847] bridge_slave_1: entered promiscuous mode
[   56.347253][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.361457][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.368589][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.393322][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.432419][ T5847] team0: Port device team_slave_0 added
[   56.435881][ T5843] team0: Port device team_slave_0 added
[   56.440012][ T5847] team0: Port device team_slave_1 added
[   56.453991][ T5843] team0: Port device team_slave_1 added
[   56.463687][ T5852] chnl_net:caif_netlink_parms(): no params data found
[   56.490532][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.492808][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.501679][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.513846][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.516232][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.524923][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.539632][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.542352][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.551186][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.556222][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.558880][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.568402][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.631294][ T5847] hsr_slave_0: entered promiscuous mode
[   56.633603][ T5847] hsr_slave_1: entered promiscuous mode
[   56.646983][ T5843] hsr_slave_0: entered promiscuous mode
[   56.649373][ T5843] hsr_slave_1: entered promiscuous mode
[   56.652059][ T5843] debugfs: 'hsr0' already exists in 'hsr'
[   56.653953][ T5843] Cannot create hsr debugfs directory
[   56.664307][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.666739][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.669173][ T5852] bridge_slave_0: entered allmulticast mode
[   56.675084][ T5852] bridge_slave_0: entered promiscuous mode
[   56.678863][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.681807][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.684263][ T5852] bridge_slave_1: entered allmulticast mode
[   56.687150][ T5852] bridge_slave_1: entered promiscuous mode
[   56.766036][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.792875][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.851875][ T5852] team0: Port device team_slave_0 added
[   56.860748][ T5852] team0: Port device team_slave_1 added
[   56.891684][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.894379][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.903335][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.914004][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.916285][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.926077][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.970510][ T5852] hsr_slave_0: entered promiscuous mode
[   56.972842][ T5852] hsr_slave_1: entered promiscuous mode
[   56.975311][ T5852] debugfs: 'hsr0' already exists in 'hsr'
[   56.977157][ T5852] Cannot create hsr debugfs directory
[   56.998672][ T5847] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   57.007569][ T5847] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   57.054649][ T5847] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   57.061146][ T5847] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   57.133989][ T5843] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   57.147352][ T5843] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   57.162297][ T5843] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   57.174972][ T5843] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   57.262962][ T5852] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   57.274110][ T5852] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   57.279336][ T5852] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   57.285926][ T5852] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   57.346777][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.376725][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[   57.381345][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.397669][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.400825][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.415905][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.418961][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.432805][ T5843] 8021q: adding VLAN 0 to HW filter on device team0
[   57.453502][  T741] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.456365][  T741] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.471175][ T5847] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   57.475303][ T5847] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   57.488714][  T741] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.491648][  T741] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.507466][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.530812][ T5852] 8021q: adding VLAN 0 to HW filter on device team0
[   57.554378][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.557752][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.571428][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.574387][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.715810][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.785925][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.799211][ T5847] veth0_vlan: entered promiscuous mode
[   57.811043][ T5847] veth1_vlan: entered promiscuous mode
[   57.846024][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.856137][ T5847] veth0_macvtap: entered promiscuous mode
[   57.872075][ T5847] veth1_macvtap: entered promiscuous mode
[   57.890794][ T5853] Bluetooth: hci1: command tx timeout
[   57.893492][   T54] Bluetooth: hci0: command tx timeout
[   57.896780][ T5843] veth0_vlan: entered promiscuous mode
[   57.917199][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.933957][ T5843] veth1_vlan: entered promiscuous mode
[   57.938554][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.967894][ T5876] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.978196][ T5852] veth0_vlan: entered promiscuous mode
[   57.983728][ T5876] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.990583][ T5876] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.995225][ T5876] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.024464][ T5852] veth1_vlan: entered promiscuous mode
[   58.039265][ T5843] veth0_macvtap: entered promiscuous mode
[   58.051171][ T5853] Bluetooth: hci2: command tx timeout
[   58.064448][ T5843] veth1_macvtap: entered promiscuous mode
[   58.085889][ T5852] veth0_macvtap: entered promiscuous mode
[   58.106209][ T5852] veth1_macvtap: entered promiscuous mode
[   58.111530][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.113173][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.118056][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.125333][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.148062][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.152395][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.175607][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.182122][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.186161][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.188968][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.195154][   T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.202750][   T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.205421][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.226940][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.238351][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.253756][ T5847] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   58.265363][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.359823][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.362628][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.397532][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.406624][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.436480][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.451561][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.472251][   T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.474945][   T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.554195][ T5926] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5'.
[   59.969998][ T5853] Bluetooth: hci1: command tx timeout
[   59.970766][   T54] Bluetooth: hci0: command tx timeout
[   60.067871][ T5981] Illegal XDP return value 542375936 on prog  (id 7) dev N/A, expect packet loss!
[   60.130086][   T54] Bluetooth: hci2: command tx timeout
[   61.218174][ T6016] syz.0.39 uses obsolete (PF_INET,SOCK_PACKET)
[   61.458186][ T6034] netlink: 'syz.0.44': attribute type 4 has an invalid length.
[   61.485076][ T6034] netlink: 'syz.0.44': attribute type 4 has an invalid length.
[   62.020036][ T6074] netlink: 60 bytes leftover after parsing attributes in process `syz.1.57'.
[   62.023770][ T6074] netlink: 24 bytes leftover after parsing attributes in process `syz.1.57'.
[   62.027457][ T6074] netlink: 24 bytes leftover after parsing attributes in process `syz.1.57'.
[   62.054572][   T54] Bluetooth: hci1: command tx timeout
[   62.054624][ T5853] Bluetooth: hci0: command tx timeout
[   62.057008][ T6074] netlink: 32 bytes leftover after parsing attributes in process `syz.1.57'.
[   62.209953][ T5853] Bluetooth: hci2: command tx timeout
[   62.240962][ T6089] netlink: 12 bytes leftover after parsing attributes in process `syz.0.63'.
[   62.367821][ T6096] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   62.389883][ T6096] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[   62.406820][ T6096] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   63.221473][ T6163] netlink: 8 bytes leftover after parsing attributes in process `syz.1.84'.
[   63.598188][ T6193] TCP: tcp_parse_options: Illegal window scaling value 236 > 14 received
[   63.655310][ T6199] netlink: 4 bytes leftover after parsing attributes in process `syz.1.102'.
[   63.662003][ T6199] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   63.702818][ T6199] batman_adv: batadv0: Removing interface: batadv_slave_1
[   64.132406][ T5853] Bluetooth: hci0: command tx timeout
[   64.140762][ T5853] Bluetooth: hci1: command tx timeout
[   64.294815][ T5853] Bluetooth: hci2: command tx timeout
[   64.558350][ T6240] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[   64.567698][ T6240] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   64.786666][ T6257] netlink: 4 bytes leftover after parsing attributes in process `syz.1.125'.
[   64.814540][ T6257] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   64.928789][ T6265] netlink: 4 bytes leftover after parsing attributes in process `syz.2.129'.
[   65.005502][ T6272] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   65.134558][ T6285] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[   65.137261][ T6285] macsec1: entered promiscuous mode
[   65.253492][ T6298] netlink: 'syz.0.145': attribute type 8 has an invalid length.
[   65.843804][ T6338] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   66.505775][ T6385] netlink: 16 bytes leftover after parsing attributes in process `syz.2.183'.
[   67.016555][ T6418] Bluetooth: MGMT ver 1.23
[   67.019415][ T6418] RDS: rds_bind could not find a transport for ::ffff:172.30.1.3, load rds_tcp or rds_rdma?
[   67.023489][ T6418] netlink: 14 bytes leftover after parsing attributes in process `syz.2.199'.
[   67.184355][ T6418] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   67.203811][ T6418] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   67.213101][ T6418] bond0 (unregistering): Released all slaves
[   67.871281][ T6484] warning: `syz.1.225' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   68.296532][ T6508] netlink: 28 bytes leftover after parsing attributes in process `syz.1.235'.
[   68.312216][ T6508] netlink: 64 bytes leftover after parsing attributes in process `syz.1.235'.
[   68.346814][ T6508] geneve2: entered promiscuous mode
[   68.496806][ T6523] netlink: 12 bytes leftover after parsing attributes in process `syz.0.241'.
[   68.498199][ T5297] udevd[5297]: worker [5849] terminated by signal 33 (Unknown signal 33)
[   68.505662][ T5297] udevd[5297]: worker [5849] failed while handling '/devices/virtual/block/loop2'
[   69.111584][ T6580] netlink: 8 bytes leftover after parsing attributes in process `syz.2.266'.
[   69.473964][ T6592] netlink: 44 bytes leftover after parsing attributes in process `syz.2.272'.
[   69.641952][ T6604] syz_tun: entered allmulticast mode
[   69.654708][ T6604] pimreg: entered allmulticast mode
[   69.684621][ T6603] syz_tun: left allmulticast mode
[   70.854502][ T6646] ip6tnl2: entered promiscuous mode
[   70.856426][ T6646] ip6tnl2: entered allmulticast mode
[   70.995068][ T6652] Zero length message leads to an empty skb
[   71.180106][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   71.183077][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   71.417338][ T6675] syzkaller1: entered promiscuous mode
[   71.420857][ T6675] syzkaller1: entered allmulticast mode
[   71.626236][ T6698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.318'.
[   71.862455][ T6721] bridge1: entered allmulticast mode
[   71.892468][ T6723] netlink: 20 bytes leftover after parsing attributes in process `syz.2.325'.
[   71.934436][ T6728] veth0: entered promiscuous mode
[   71.941167][ T6728] netlink: 4 bytes leftover after parsing attributes in process `syz.2.327'.
[   72.222124][ T6734] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.225911][ T6734] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.309505][ T6734] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   72.318341][ T6734] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   72.444008][   T12] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   72.449775][   T12] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   72.452979][   T12] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   72.456192][   T12] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   72.816431][ T6771] sock: sock_timestamping_bind_phc: sock not bind to device
[   72.889817][ T6780] netlink: 132 bytes leftover after parsing attributes in process `syz.2.351'.
[   73.633218][ T6793] ipvlan2: entered promiscuous mode
[   73.852147][ T6801] netlink: 24 bytes leftover after parsing attributes in process `syz.0.360'.
[   74.957755][ T6871] netlink: 'syz.1.389': attribute type 10 has an invalid length.
[   74.959842][ T6867] nbd2: detected capacity change from 0 to 63
[   74.960513][ T6871] netdevsim netdevsim1 netdevsim0: left allmulticast mode
[   74.966078][ T6869] block nbd2: NBD_DISCONNECT
[   74.966420][ T6871] batman_adv: batadv0: Adding interface: netdevsim0
[   74.968677][ T6869] block nbd2: Disconnected due to user request.
[   74.970878][ T6871] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.975671][ T6869] block nbd2: shutting down sockets
[   74.984587][ T6871] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active
[   74.992190][    C1] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   74.996119][    C1] Buffer I/O error on dev nbd2, logical block 0, async page read
[   74.999403][    C1] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   75.003298][    C1] Buffer I/O error on dev nbd2, logical block 1, async page read
[   75.009471][    C1] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   75.013729][    C1] Buffer I/O error on dev nbd2, logical block 2, async page read
[   75.017062][    C1] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   75.020992][    C1] Buffer I/O error on dev nbd2, logical block 3, async page read
[   75.024709][ T5844] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   75.028663][ T5844] Buffer I/O error on dev nbd2, logical block 0, async page read
[   75.052343][ T5844] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   75.056882][ T5844] Buffer I/O error on dev nbd2, logical block 1, async page read
[   75.060479][ T5844] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   75.064319][ T5844] Buffer I/O error on dev nbd2, logical block 2, async page read
[   75.067855][ T5844] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   75.073536][ T5844] Buffer I/O error on dev nbd2, logical block 3, async page read
[   75.076785][ T5844] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   75.080756][ T5844] Buffer I/O error on dev nbd2, logical block 0, async page read
[   75.084199][ T5844] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   75.087945][ T5844] Buffer I/O error on dev nbd2, logical block 1, async page read
[   75.097714][ T5844] ldm_validate_partition_table(): Disk read failed.
[   75.102338][ T5844] Dev nbd2: unable to read RDB block 0
[   75.106176][ T5844]  nbd2: unable to read partition table
[   75.124785][ T5844] ldm_validate_partition_table(): Disk read failed.
[   75.129295][ T5844] Dev nbd2: unable to read RDB block 0
[   75.152788][ T5844]  nbd2: unable to read partition table
[   75.399140][ T6900] netlink: 'syz.1.403': attribute type 1 has an invalid length.
[   75.402584][ T6900] netlink: 600 bytes leftover after parsing attributes in process `syz.1.403'.
[   76.001776][ T6914] netlink: 'syz.0.408': attribute type 15 has an invalid length.
[   76.133525][ T6924] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   76.242293][ T6929] netlink: 'syz.0.415': attribute type 11 has an invalid length.
[   76.398675][ T6942] tipc: Started in network mode
[   76.403783][ T6942] tipc: Node identity 5e201efb0a85, cluster identity 4711
[   76.407152][ T6942] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   76.416466][ T6945] tipc: Started in network mode
[   76.418529][ T6945] tipc: Node identity b2faa2dbf203, cluster identity 4711
[   76.423222][ T6945] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   76.426392][ T6942] syzkaller0: entered promiscuous mode
[   76.428231][ T6942] syzkaller0: entered allmulticast mode
[   76.432221][ T6945] syzkaller0: entered promiscuous mode
[   76.434179][ T6945] syzkaller0: entered allmulticast mode
[   76.446167][ T6945] tipc: Resetting bearer <eth:syzkaller0>
[   76.451134][ T6942] tipc: Resetting bearer <eth:syzkaller0>
[   76.453804][ T6943] tipc: Resetting bearer <eth:syzkaller0>
[   76.470301][ T6943] tipc: Disabling bearer <eth:syzkaller0>
[   76.477327][ T6942] tipc: Resetting bearer <eth:syzkaller0>
[   76.484148][ T6942] tipc: Disabling bearer <eth:syzkaller0>
[   76.896073][ T6992] netlink: 28 bytes leftover after parsing attributes in process `syz.2.446'.
[   77.095307][ T7009] netlink: 'syz.2.453': attribute type 10 has an invalid length.
[   77.106849][ T7009] netlink: 4 bytes leftover after parsing attributes in process `syz.2.453'.
[   77.114682][ T7009] bridge_slave_1: left allmulticast mode
[   77.117160][ T7009] bridge_slave_1: left promiscuous mode
[   77.121279][ T7009] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.131621][ T7009] bridge_slave_0: left allmulticast mode
[   77.134158][ T7009] bridge_slave_0: left promiscuous mode
[   77.136789][ T7009] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.799448][ T7062] syzkaller0: entered promiscuous mode
[   77.805283][ T7062] syzkaller0: entered allmulticast mode
[   77.954816][ T7076] netlink: 8 bytes leftover after parsing attributes in process `syz.2.482'.
[   79.072169][ T7119] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[   79.362060][ T7151] netlink: 12 bytes leftover after parsing attributes in process `syz.0.517'.
[   79.563624][ T7175] netlink: 4 bytes leftover after parsing attributes in process `syz.1.526'.
[   79.587413][ T7177] netlink: 16 bytes leftover after parsing attributes in process `syz.2.527'.
[   79.598214][ T7177] netlink: 'syz.2.527': attribute type 3 has an invalid length.
[   79.655735][ T7184] netlink: 24 bytes leftover after parsing attributes in process `syz.2.530'.
[   79.745271][ T7199] netlink: 32 bytes leftover after parsing attributes in process `syz.2.536'.
[   80.396455][ T7267] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   80.399390][ T7267] IPv6: NLM_F_CREATE should be set when creating new route
[   80.402469][ T7267] IPv6: NLM_F_CREATE should be set when creating new route
[   80.660299][ T7275] netlink: 4 bytes leftover after parsing attributes in process `syz.0.564'.
[   81.322602][ T7297] netlink: 'syz.0.574': attribute type 1 has an invalid length.
[   81.352148][ T7297] 8021q: adding VLAN 0 to HW filter on device bond1
[   81.367631][ T7297] vlan2: entered allmulticast mode
[   81.370407][ T7297] macvtap0: entered allmulticast mode
[   81.372804][ T7297] veth0_macvtap: entered allmulticast mode
[   81.378918][ T7297] bond1: (slave vlan2): making interface the new active one
[   81.384003][ T7297] bond1: (slave vlan2): Enslaving as an active interface with an up link
[   81.407461][ T7297] syz.0.574 (7297) used greatest stack depth: 18488 bytes left
[   81.421877][ T3248] cfg80211: failed to load regulatory.db
[   81.793700][ T7342] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   81.804113][ T7342] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   82.209160][ T7379] netlink: 'syz.2.611': attribute type 74 has an invalid length.
[   82.383019][ T7387] netlink: 96 bytes leftover after parsing attributes in process `syz.2.615'.
[   82.793985][ T7402] netlink: 65051 bytes leftover after parsing attributes in process `syz.0.620'.
[   83.145458][ T7419] netlink: 4 bytes leftover after parsing attributes in process `syz.1.628'.
[   83.484441][ T7456] wg1: entered promiscuous mode
[   83.486294][ T7456] wg1: entered allmulticast mode
[   83.498029][ T7457] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[   83.501806][ T7457] CPU: 1 UID: 0 PID: 7457 Comm: syz.0.644 Not tainted syzkaller #0 PREEMPT(full) 
[   83.501821][ T7457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   83.501828][ T7457] Call Trace:
[   83.501833][ T7457]  <TASK>
[   83.501839][ T7457]  dump_stack_lvl+0x189/0x250
[   83.501861][ T7457]  ? __pfx_dump_stack_lvl+0x10/0x10
[   83.501875][ T7457]  ? __pfx__printk+0x10/0x10
[   83.501893][ T7457]  ? kernfs_path_from_node+0x2f/0x290
[   83.501906][ T7457]  ? kernfs_path_from_node+0x250/0x290
[   83.501917][ T7457]  ? kernfs_path_from_node+0x2f/0x290
[   83.501930][ T7457]  sysfs_warn_dup+0x8e/0xa0
[   83.501943][ T7457]  sysfs_do_create_link_sd+0xc0/0x110
[   83.501957][ T7457]  device_add_class_symlinks+0x1cf/0x240
[   83.501972][ T7457]  device_add+0x475/0xb50
[   83.501986][ T7457]  wiphy_register+0x1ba6/0x28d0
[   83.502014][ T7457]  ? __pfx_wiphy_register+0x10/0x10
[   83.502030][ T7457]  ? minstrel_ht_alloc+0x6dd/0x7e0
[   83.502050][ T7457]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[   83.502065][ T7457]  ieee80211_register_hw+0x3484/0x4100
[   83.502091][ T7457]  ? ieee80211_register_hw+0x1431/0x4100
[   83.502113][ T7457]  ? __pfx_ieee80211_register_hw+0x10/0x10
[   83.502130][ T7457]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   83.502152][ T7457]  ? __hrtimer_setup+0x187/0x210
[   83.502163][ T7457]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[   83.502183][ T7457]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[   83.502223][ T7457]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[   83.502237][ T7457]  ? trace_kmalloc+0x1f/0xd0
[   83.502252][ T7457]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[   83.502268][ T7457]  ? kstrndup+0xbf/0x160
[   83.502289][ T7457]  hwsim_new_radio_nl+0xea4/0x1b10
[   83.502314][ T7457]  ? __pfx___nla_validate_parse+0x10/0x10
[   83.502345][ T7457]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[   83.502372][ T7457]  ? __nla_parse+0x40/0x60
[   83.502393][ T7457]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[   83.502415][ T7457]  genl_family_rcv_msg_doit+0x215/0x300
[   83.502434][ T7457]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   83.502456][ T7457]  ? bpf_lsm_capable+0x9/0x20
[   83.502471][ T7457]  ? security_capable+0x7e/0x2e0
[   83.502522][ T7457]  genl_rcv_msg+0x60e/0x790
[   83.502540][ T7457]  ? __pfx_genl_rcv_msg+0x10/0x10
[   83.502554][ T7457]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[   83.502580][ T7457]  netlink_rcv_skb+0x208/0x470
[   83.502594][ T7457]  ? __lock_acquire+0xab9/0xd20
[   83.502611][ T7457]  ? __pfx_genl_rcv_msg+0x10/0x10
[   83.502625][ T7457]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   83.502658][ T7457]  ? down_read+0x1ad/0x2e0
[   83.502673][ T7457]  genl_rcv+0x28/0x40
[   83.502684][ T7457]  netlink_unicast+0x82f/0x9e0
[   83.502706][ T7457]  ? __pfx_netlink_unicast+0x10/0x10
[   83.502721][ T7457]  ? netlink_sendmsg+0x642/0xb30
[   83.502728][ T7457]  ? skb_put+0x11b/0x210
[   83.502739][ T7457]  netlink_sendmsg+0x805/0xb30
[   83.502749][ T7457]  ? __pfx_netlink_sendmsg+0x10/0x10
[   83.502756][ T7457]  ? aa_sock_msg_perm+0xf1/0x1d0
[   83.502764][ T7457]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   83.502771][ T7457]  ? __pfx_netlink_sendmsg+0x10/0x10
[   83.502777][ T7457]  __sock_sendmsg+0x21c/0x270
[   83.502788][ T7457]  ____sys_sendmsg+0x505/0x830
[   83.502798][ T7457]  ? __pfx_____sys_sendmsg+0x10/0x10
[   83.502827][ T7457]  ? import_iovec+0x74/0xa0
[   83.502838][ T7457]  ___sys_sendmsg+0x21f/0x2a0
[   83.502847][ T7457]  ? __pfx____sys_sendmsg+0x10/0x10
[   83.502871][ T7457]  ? __fget_files+0x2a/0x420
[   83.502876][ T7457]  ? __fget_files+0x3a0/0x420
[   83.502887][ T7457]  __x64_sys_sendmsg+0x19b/0x260
[   83.502896][ T7457]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   83.502922][ T7457]  ? rcu_is_watching+0x15/0xb0
[   83.502932][ T7457]  ? do_syscall_64+0xbe/0x3b0
[   83.502941][ T7457]  do_syscall_64+0xfa/0x3b0
[   83.502947][ T7457]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.502954][ T7457]  ? asm_sysvec_call_function_single+0x1a/0x20
[   83.502964][ T7457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.502971][ T7457] RIP: 0033:0x7fccd198eba9
[   83.502978][ T7457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   83.502984][ T7457] RSP: 002b:00007fcccfbf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   83.502993][ T7457] RAX: ffffffffffffffda RBX: 00007fccd1bd6090 RCX: 00007fccd198eba9
[   83.502998][ T7457] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 000000000000000a
[   83.503002][ T7457] RBP: 00007fccd1a11e19 R08: 0000000000000000 R09: 0000000000000000
[   83.503007][ T7457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   83.503011][ T7457] R13: 00007fccd1bd6128 R14: 00007fccd1bd6090 R15: 00007ffdbaf78e38
[   83.503023][ T7457]  </TASK>
[   84.059182][ T7459] ieee802154 phy0 wpan0: encryption failed: -90
[   84.306568][ T7473] netlink: 8 bytes leftover after parsing attributes in process `syz.0.652'.
[   84.911590][ T7545] netlink: 'syz.0.677': attribute type 9 has an invalid length.
[   84.915920][ T7545] netlink: 'syz.0.677': attribute type 6 has an invalid length.
[   84.981552][ T7560] netlink: 8 bytes leftover after parsing attributes in process `syz.0.683'.
[   85.702951][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.705'.
[   85.707347][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.705'.
[   85.715632][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.705'.
[   85.721914][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.705'.
[   85.726053][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.705'.
[   85.734495][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.705'.
[   85.740958][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.705'.
[   85.748430][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.705'.
[   85.755349][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.705'.
[   85.761823][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.705'.
[   85.786436][ T7607] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   86.047620][ T7632] netem: unknown loss type 12
[   86.051485][ T7632] netem: change failed
[   86.168499][ T7644] netlink: 'syz.0.723': attribute type 5 has an invalid length.
[   86.196951][ T7648] ieee802154 phy0 wpan0: encryption failed: -22
[   86.323866][ T7656] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.326424][ T7656] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.404531][ T7656] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   86.415301][ T7656] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   86.483261][ T7656] veth0_macvtap: left allmulticast mode
[   86.603969][ T5876] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   86.607356][ T5876] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   86.620537][   T13] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   86.634908][   T13] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   87.347612][ T7679] netlink: 'syz.1.736': attribute type 11 has an invalid length.
[   87.755656][ T7716] netlink: 'syz.2.752': attribute type 1 has an invalid length.
[   87.854972][ T7728] netdevsim netdevsim1: loading /lib/firmware// failed with error -22
[   87.858697][ T7728] netdevsim netdevsim1: Direct firmware load for / failed with error -22
[   87.863965][ T7728] netdevsim netdevsim1: Falling back to sysfs fallback for: /
[   88.273010][ T7760] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   88.275882][ T7760] syzkaller0: entered promiscuous mode
[   88.277713][ T7760] syzkaller0: entered allmulticast mode
[   88.283170][ T7760] tipc: Resetting bearer <eth:syzkaller0>
[   88.286122][ T7759] tipc: Resetting bearer <eth:syzkaller0>
[   88.293773][ T7759] tipc: Disabling bearer <eth:syzkaller0>
[   88.714972][ T7766] netlink: 'syz.1.775': attribute type 10 has an invalid length.
[   88.718079][ T7766] veth0_vlan: entered allmulticast mode
[   88.721614][ T7766] bridge0: port 3(veth0_vlan) entered blocking state
[   88.724000][ T7766] bridge0: port 3(veth0_vlan) entered disabled state
[   88.727773][ T7766] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[   88.877539][ T7774] netlink: 'syz.1.779': attribute type 3 has an invalid length.
[   88.922137][ T7777] TCP: TCP_TX_DELAY enabled
[   89.324198][ T7806] netlink: 'syz.0.794': attribute type 1 has an invalid length.
[   89.861347][ T7836] trusted_key: syz.0.808 sent an empty control message without MSG_MORE.
[   90.214218][ T7865] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   91.097460][ T7922] __nla_validate_parse: 21 callbacks suppressed
[   91.097475][ T7922] netlink: 56 bytes leftover after parsing attributes in process `syz.1.843'.
[   91.132884][ T7924] netlink: 'syz.1.844': attribute type 1 has an invalid length.
[   91.135649][ T7924] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   91.201698][ T7928] netlink: 8 bytes leftover after parsing attributes in process `syz.1.846'.
[   91.204846][ T7928] netlink: 'syz.1.846': attribute type 2 has an invalid length.
[   91.396704][ T7943] netlink: 56 bytes leftover after parsing attributes in process `syz.1.849'.
[   91.611903][ T7965] netlink: 8 bytes leftover after parsing attributes in process `syz.2.857'.
[   91.651905][ T7967] openvswitch: netlink: Message has 20 unknown bytes.
[   91.654287][ T7967] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   91.678790][ T7969] netlink: 8 bytes leftover after parsing attributes in process `syz.2.861'.
[   92.298724][ T8026] netlink: 20 bytes leftover after parsing attributes in process `syz.1.886'.
[   92.303215][ T8026] netlink: 20 bytes leftover after parsing attributes in process `syz.1.886'.
[   92.432647][ T8041] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.894'.
[   92.457060][ T8045] netlink: 'syz.2.895': attribute type 4 has an invalid length.
[   92.556468][ T8057] netlink: 24 bytes leftover after parsing attributes in process `syz.1.901'.
[   92.583962][ T8057] netlink: 4 bytes leftover after parsing attributes in process `syz.1.901'.
[   92.832745][ T8076] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   92.842372][ T8076] syzkaller0: entered promiscuous mode
[   92.844330][ T8076] syzkaller0: entered allmulticast mode
[   92.862026][ T8076] tipc: Resetting bearer <eth:syzkaller0>
[   92.868359][ T8075] tipc: Resetting bearer <eth:syzkaller0>
[   92.876873][ T8075] tipc: Disabling bearer <eth:syzkaller0>
[   93.045379][ T8094] vlan3: entered allmulticast mode
[   93.047128][ T8094] bridge0: entered allmulticast mode
[   93.049118][ T8094] bridge0: port 1(vlan3) entered blocking state
[   93.053140][ T8094] bridge0: port 1(vlan3) entered disabled state
[   93.286307][ T8107] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   95.008727][ T8200] netlink: 'syz.2.964': attribute type 21 has an invalid length.
[   95.019461][ T8200] netlink: 'syz.2.964': attribute type 1 has an invalid length.
[   96.294140][ T8305] netlink: 'syz.1.989': attribute type 1 has an invalid length.
[   96.297009][ T8305] netlink: 'syz.1.989': attribute type 1 has an invalid length.
[   96.301112][ T8305] netlink: 'syz.1.989': attribute type 1 has an invalid length.
[   96.453690][ T8311] __nla_validate_parse: 3 callbacks suppressed
[   96.453700][ T8311] netlink: 8 bytes leftover after parsing attributes in process `syz.2.991'.
[   96.458897][ T8311] netlink: 'syz.2.991': attribute type 5 has an invalid length.
[   96.468891][ T8311] netlink: 48 bytes leftover after parsing attributes in process `syz.2.991'.
[   96.496456][ T8311] geneve2: entered promiscuous mode
[   96.498209][ T8311] geneve2: entered allmulticast mode
[   96.501728][ T5876] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0
[   96.504721][ T5876] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0
[   96.513308][ T5876] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0
[   96.538116][ T8309] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[   96.642929][ T8309] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[   96.739348][ T8309] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[   96.812459][ T5876] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 256 - 0
[   96.832112][ T5876] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 256 - 0
[   96.848068][ T5876] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 256 - 0
[   96.866312][ T5876] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 256 - 0
[   97.217999][ T8332] netlink: 'syz.0.1000': attribute type 10 has an invalid length.
[   97.225775][ T8332] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1000'.
[   97.235525][ T8332] team0: Port device geneve0 added
[   97.238036][ T5876] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.241317][ T5876] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.244844][ T5876] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.254669][ T5876] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.462460][ T8351] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1008'.
[   97.519304][ T8357] dvmrp8: entered allmulticast mode
[   97.537706][ T8359] netlink: 'syz.1.1007': attribute type 13 has an invalid length.
[   97.541637][ T8359] netlink: 'syz.1.1007': attribute type 17 has an invalid length.
[   97.574788][ T8359] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   97.672935][ T8353] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   97.755153][ T8366] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1011'.
[   97.758421][ T8366] IPVS: Unknown mcast interface: vetN1_macvtap
[   97.797995][ T8368] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   97.902718][ T8374] netlink: 232 bytes leftover after parsing attributes in process `syz.2.1015'.
[   97.995711][ T8377] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input5
[   98.285151][ T8389] netlink: set zone limit has 4 unknown bytes
[   98.740431][ T8426] bond0: (slave vxlan0): Enslaving as an active interface with an up link
[   98.743426][   T13] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   98.746509][   T13] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   98.758999][   T13] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   98.763249][   T13] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   98.881729][ T8442] openvswitch: netlink: IPv4 frag type 255 is out of range max 2
[   99.420528][ T8497] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1072'.
[   99.433746][ T8497] bridge_slave_1: left allmulticast mode
[   99.435846][ T8497] bridge_slave_1: left promiscuous mode
[   99.438542][ T8497] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.452316][ T8497] bridge_slave_0: left allmulticast mode
[   99.454374][ T8497] bridge_slave_0: left promiscuous mode
[   99.456319][ T8497] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.520187][ T8501] netlink: 'syz.1.1074': attribute type 6 has an invalid length.
[   99.523032][ T8501] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1074'.
[  100.571772][ T8548] xt_l2tp: missing protocol rule (udp|l2tpip)
[  100.655567][ T8558] netlink: 'syz.0.1101': attribute type 13 has an invalid length.
[  100.769475][ T8568] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1106'.
[  100.776475][ T8568] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1106'.
[  100.781640][ T8568] netlink: 'syz.1.1106': attribute type 1 has an invalid length.
[  100.820803][ T8568] nbd: socks must be embedded in a SOCK_ITEM attr
[  100.823728][ T8568] block nbd0: shutting down sockets
[  100.916807][ T8578] syzkaller1: entered promiscuous mode
[  100.919207][ T8578] syzkaller1: entered allmulticast mode
[  101.443506][ T8641] netlink: 'syz.0.1135': attribute type 1 has an invalid length.
[  101.594110][ T8651] __nla_validate_parse: 1 callbacks suppressed
[  101.594124][ T8651] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1140'.
[  101.629582][ T8657] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1143'.
[  101.794307][ T8665] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1148'.
[  101.795950][ T8677] batadv_slave_1: entered promiscuous mode
[  101.803789][ T8676] batadv_slave_1: left promiscuous mode
[  101.953386][ T8692] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1157'.
[  102.002816][ T8697] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1160'.
[  102.075837][ T8707] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  102.078389][ T8707] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  102.239047][ T8728] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1173'.
[  102.244752][ T8728] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1173'.
[  102.248563][ T8728] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1173'.
[  102.394115][ T8744] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1181'.
[  102.481039][ T8752] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  102.487517][ T8752] syzkaller0: entered promiscuous mode
[  102.489441][ T8752] syzkaller0: entered allmulticast mode
[  102.508792][ T8752] tipc: Resetting bearer <eth:syzkaller0>
[  102.512284][ T8751] tipc: Resetting bearer <eth:syzkaller0>
[  102.529499][ T8751] tipc: Disabling bearer <eth:syzkaller0>
[  102.888460][ T8801] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1208'.
[  103.065642][ T8819] netlink: 'syz.2.1217': attribute type 1 has an invalid length.
[  103.613906][ T8846] syzkaller1: entered promiscuous mode
[  103.615897][ T8846] syzkaller1: entered allmulticast mode
[  103.776818][   T13] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  103.780426][   T13] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  103.786966][   T13] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  103.802833][   T13] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  103.868010][ T8853] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.708520][ T8897] veth1_macvtap: left promiscuous mode
[  104.751913][ T8916] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  104.992848][ T8938] tipc: Started in network mode
[  104.995029][ T8938] tipc: Node identity 96b175e50476, cluster identity 4711
[  104.998291][ T8938] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  105.005785][ T8938] syzkaller0: entered promiscuous mode
[  105.008945][ T8938] syzkaller0: entered allmulticast mode
[  105.034471][ T8938] tipc: Resetting bearer <eth:syzkaller0>
[  105.038844][ T8937] tipc: Resetting bearer <eth:syzkaller0>
[  105.047992][ T8937] tipc: Disabling bearer <eth:syzkaller0>
[  105.589518][ T8973] netlink: 'syz.0.1281': attribute type 20 has an invalid length.
[  106.146757][ T8378] ==================================================================
[  106.149927][ T8378] BUG: KASAN: slab-use-after-free in __mutex_lock+0x801/0x1350
[  106.152563][ T8378] Read of size 8 at addr ffff88801af680a0 by task khidpd_15c25886/8378
[  106.156141][ T8378] 
[  106.157135][ T8378] CPU: 1 UID: 0 PID: 8378 Comm: khidpd_15c25886 Not tainted syzkaller #0 PREEMPT(full) 
[  106.157149][ T8378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  106.157156][ T8378] Call Trace:
[  106.157162][ T8378]  <TASK>
[  106.157167][ T8378]  dump_stack_lvl+0x189/0x250
[  106.157184][ T8378]  ? __kasan_check_byte+0x12/0x40
[  106.157200][ T8378]  ? __pfx_dump_stack_lvl+0x10/0x10
[  106.157212][ T8378]  ? lock_release+0x4b/0x3e0
[  106.157230][ T8378]  ? __virt_addr_valid+0x4a5/0x5c0
[  106.157245][ T8378]  print_report+0xca/0x240
[  106.157256][ T8378]  ? __mutex_lock+0x801/0x1350
[  106.157266][ T8378]  kasan_report+0x118/0x150
[  106.157281][ T8378]  ? __mutex_lock+0x801/0x1350
[  106.157293][ T8378]  __mutex_lock+0x801/0x1350
[  106.157331][ T8378]  ? __mutex_lock+0x5bb/0x1350
[  106.157342][ T8378]  ? l2cap_unregister_user+0x6a/0x1b0
[  106.157358][ T8378]  ? __pfx___mutex_lock+0x10/0x10
[  106.157368][ T8378]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  106.157387][ T8378]  l2cap_unregister_user+0x6a/0x1b0
[  106.157402][ T8378]  hidp_session_thread+0x3c9/0x410
[  106.157417][ T8378]  ? __pfx_hidp_session_thread+0x10/0x10
[  106.157431][ T8378]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  106.157446][ T8378]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  106.157462][ T8378]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  106.157476][ T8378]  ? __kthread_parkme+0x7b/0x200
[  106.157488][ T8378]  ? __kthread_parkme+0x1a1/0x200
[  106.157501][ T8378]  kthread+0x711/0x8a0
[  106.157514][ T8378]  ? __pfx_hidp_session_thread+0x10/0x10
[  106.157528][ T8378]  ? __pfx_kthread+0x10/0x10
[  106.157541][ T8378]  ? _raw_spin_unlock_irq+0x23/0x50
[  106.157555][ T8378]  ? lockdep_hardirqs_on+0x9c/0x150
[  106.157570][ T8378]  ? __pfx_kthread+0x10/0x10
[  106.157583][ T8378]  ret_from_fork+0x3fc/0x770
[  106.157595][ T8378]  ? __pfx_ret_from_fork+0x10/0x10
[  106.157608][ T8378]  ? __switch_to_asm+0x39/0x70
[  106.157621][ T8378]  ? __switch_to_asm+0x33/0x70
[  106.157634][ T8378]  ? __pfx_kthread+0x10/0x10
[  106.157647][ T8378]  ret_from_fork_asm+0x1a/0x30
[  106.157665][ T8378]  </TASK>
[  106.157669][ T8378] 
[  106.240841][ T8378] Allocated by task 5852:
[  106.242350][ T8378]  kasan_save_track+0x3e/0x80
[  106.243948][ T8378]  __kasan_kmalloc+0x93/0xb0
[  106.245635][ T8378]  __kmalloc_noprof+0x27a/0x4f0
[  106.247405][ T8378]  hci_alloc_dev_priv+0x28/0x2060
[  106.249181][ T8378]  vhci_create_device+0x120/0x650
[  106.251271][ T8378]  vhci_write+0x3ce/0x4a0
[  106.253047][ T8378]  vfs_write+0x5c9/0xb30
[  106.254796][ T8378]  ksys_write+0x145/0x250
[  106.256564][ T8378]  do_syscall_64+0xfa/0x3b0
[  106.258264][ T8378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.260517][ T8378] 
[  106.261527][ T8378] Freed by task 5852:
[  106.263013][ T8378]  kasan_save_track+0x3e/0x80
[  106.264521][ T8378]  kasan_save_free_info+0x46/0x50
[  106.266063][ T8378]  __kasan_slab_free+0x5b/0x80
[  106.267688][ T8378]  kfree+0x18e/0x440
[  106.268996][ T8378]  bt_host_release+0x82/0x90
[  106.270520][ T8378]  device_release+0x9c/0x1c0
[  106.272163][ T8378]  kobject_put+0x22b/0x480
[  106.273981][ T8378]  vhci_release+0x15a/0x1a0
[  106.275852][ T8378]  __fput+0x44c/0xa70
[  106.277395][ T8378]  task_work_run+0x1d4/0x260
[  106.279118][ T8378]  do_exit+0x6b5/0x2300
[  106.280524][ T8378]  do_group_exit+0x21c/0x2d0
[  106.282051][ T8378]  __x64_sys_exit_group+0x3f/0x40
[  106.283913][ T8378]  x64_sys_call+0x21f7/0x2200
[  106.285625][ T8378]  do_syscall_64+0xfa/0x3b0
[  106.287235][ T8378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.289514][ T8378] 
[  106.290372][ T8378] Last potentially related work creation:
[  106.292699][ T8378]  kasan_save_stack+0x3e/0x60
[  106.294473][ T8378]  kasan_record_aux_stack+0xbd/0xd0
[  106.296472][ T8378]  insert_work+0x3d/0x330
[  106.298254][ T8378]  __queue_work+0xcd2/0xfb0
[  106.300162][ T8378]  queue_work_on+0x181/0x270
[  106.302078][ T8378]  l2cap_start_connection+0x20e/0x310
[  106.304320][ T8378]  l2cap_chan_connect+0xa7f/0xe30
[  106.306400][ T8378]  l2cap_sock_connect+0x5c8/0x7a0
[  106.308470][ T8378]  __sys_connect+0x316/0x440
[  106.310167][ T8378]  __x64_sys_connect+0x7a/0x90
[  106.311815][ T8378]  do_syscall_64+0xfa/0x3b0
[  106.313317][ T8378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.315249][ T8378] 
[  106.316191][ T8378] Second to last potentially related work creation:
[  106.318816][ T8378]  kasan_save_stack+0x3e/0x60
[  106.320504][ T8378]  kasan_record_aux_stack+0xbd/0xd0
[  106.322437][ T8378]  insert_work+0x3d/0x330
[  106.324350][ T8378]  __queue_work+0xcd2/0xfb0
[  106.326116][ T8378]  queue_work_on+0x181/0x270
[  106.327864][ T8378]  hci_sock_sendmsg+0xa56/0xef0
[  106.329720][ T8378]  __sock_sendmsg+0x21c/0x270
[  106.331446][ T8378]  sock_write_iter+0x258/0x330
[  106.333221][ T8378]  vfs_write+0x5c9/0xb30
[  106.334787][ T8378]  ksys_write+0x145/0x250
[  106.336371][ T8378]  do_syscall_64+0xfa/0x3b0
[  106.337977][ T8378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.340220][ T8378] 
[  106.341114][ T8378] The buggy address belongs to the object at ffff88801af68000
[  106.341114][ T8378]  which belongs to the cache kmalloc-8k of size 8192
[  106.346269][ T8378] The buggy address is located 160 bytes inside of
[  106.346269][ T8378]  freed 8192-byte region [ffff88801af68000, ffff88801af6a000)
[  106.350992][ T8378] 
[  106.351848][ T8378] The buggy address belongs to the physical page:
[  106.354200][ T8378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1af68
[  106.357262][ T8378] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  106.360331][ T8378] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  106.363316][ T8378] page_type: f5(slab)
[  106.364886][ T8378] raw: 00fff00000000040 ffff88801a442280 dead000000000100 dead000000000122
[  106.368029][ T8378] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  106.371204][ T8378] head: 00fff00000000040 ffff88801a442280 dead000000000100 dead000000000122
[  106.374466][ T8378] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  106.377740][ T8378] head: 00fff00000000003 ffffea00006bda01 00000000ffffffff 00000000ffffffff
[  106.380724][ T8378] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  106.384123][ T8378] page dumped because: kasan: bad access detected
[  106.386661][ T8378] page_owner tracks the page as allocated
[  106.388938][ T8378] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5597, tgid 5597 (dhcpcd), ts 35232803050, free_ts 35127863623
[  106.396460][ T8378]  post_alloc_hook+0x240/0x2a0
[  106.398047][ T8378]  get_page_from_freelist+0x21e4/0x22c0
[  106.399848][ T8378]  __alloc_frozen_pages_noprof+0x181/0x370
[  106.401974][ T8378]  alloc_pages_mpol+0x232/0x4a0
[  106.403523][ T8378]  allocate_slab+0x8a/0x370
[  106.404975][ T8378]  ___slab_alloc+0xbeb/0x1420
[  106.406743][ T8378]  __kmalloc_cache_noprof+0x296/0x3d0
[  106.408858][ T8378]  tomoyo_init_log+0x111f/0x1f70
[  106.410668][ T8378]  tomoyo_supervisor+0x340/0x1480
[  106.412344][ T8378]  tomoyo_env_perm+0x149/0x1e0
[  106.414041][ T8378]  tomoyo_find_next_domain+0x15cf/0x1aa0
[  106.416193][ T8378]  tomoyo_bprm_check_security+0x11c/0x180
[  106.418457][ T8378]  security_bprm_check+0x89/0x270
[  106.420507][ T8378]  bprm_execve+0x8ee/0x1450
[  106.422121][ T8378]  do_execveat_common+0x510/0x6a0
[  106.423876][ T8378]  __x64_sys_execve+0x94/0xb0
[  106.425614][ T8378] page last free pid 5594 tgid 5594 stack trace:
[  106.427801][ T8378]  __free_frozen_pages+0xbc4/0xd30
[  106.429559][ T8378]  __slab_free+0x303/0x3c0
[  106.431042][ T8378]  qlist_free_all+0x97/0x140
[  106.432715][ T8378]  kasan_quarantine_reduce+0x148/0x160
[  106.434643][ T8378]  __kasan_slab_alloc+0x22/0x80
[  106.436495][ T8378]  __kmalloc_noprof+0x224/0x4f0
[  106.438198][ T8378]  tomoyo_realpath_from_path+0xe3/0x5d0
[  106.440103][ T8378]  tomoyo_path_perm+0x213/0x4b0
[  106.441915][ T8378]  security_inode_getattr+0x12f/0x330
[  106.444212][ T8378]  vfs_statx+0x18e/0x550
[  106.446070][ T8378]  vfs_fstatat+0x118/0x170
[  106.447962][ T8378]  __x64_sys_newfstatat+0x116/0x190
[  106.449886][ T8378]  do_syscall_64+0xfa/0x3b0
[  106.451475][ T8378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.453554][ T8378] 
[  106.454462][ T8378] Memory state around the buggy address:
[  106.456384][ T8378]  ffff88801af67f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  106.459140][ T8378]  ffff88801af68000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  106.462075][ T8378] >ffff88801af68080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  106.465073][ T8378]                                ^
[  106.466890][ T8378]  ffff88801af68100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  106.469647][ T8378]  ffff88801af68180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  106.472445][ T8378] ==================================================================
[  106.475714][ T8378] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  106.478559][ T8378] CPU: 1 UID: 0 PID: 8378 Comm: khidpd_15c25886 Not tainted syzkaller #0 PREEMPT(full) 
[  106.482492][ T8378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  106.486131][ T8378] Call Trace:
[  106.487463][ T8378]  <TASK>
[  106.488661][ T8378]  dump_stack_lvl+0x99/0x250
[  106.490221][ T8378]  ? __asan_memcpy+0x40/0x70
[  106.491784][ T8378]  ? __pfx_dump_stack_lvl+0x10/0x10
[  106.493862][ T8378]  ? __pfx__printk+0x10/0x10
[  106.495766][ T8378]  vpanic+0x281/0x750
[  106.497226][ T8378]  ? __pfx_vpanic+0x10/0x10
[  106.498822][ T8378]  ? irqentry_exit+0x74/0x90
[  106.500388][ T8378]  panic+0xb9/0xc0
[  106.501648][ T8378]  ? __pfx_panic+0x10/0x10
[  106.503410][ T8378]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  106.505714][ T8378]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  106.507690][ T8378]  ? __mutex_lock+0x801/0x1350
[  106.509175][ T8378]  check_panic_on_warn+0x89/0xb0
[  106.511195][ T8378]  ? __mutex_lock+0x801/0x1350
[  106.513017][ T8378]  end_report+0x78/0x160
[  106.514602][ T8378]  kasan_report+0x129/0x150
[  106.516486][ T8378]  ? __mutex_lock+0x801/0x1350
[  106.518451][ T8378]  __mutex_lock+0x801/0x1350
[  106.520330][ T8378]  ? __mutex_lock+0x5bb/0x1350
[  106.522280][ T8378]  ? l2cap_unregister_user+0x6a/0x1b0
[  106.524458][ T8378]  ? __pfx___mutex_lock+0x10/0x10
[  106.526524][ T8378]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  106.528977][ T8378]  l2cap_unregister_user+0x6a/0x1b0
[  106.531068][ T8378]  hidp_session_thread+0x3c9/0x410
[  106.532956][ T8378]  ? __pfx_hidp_session_thread+0x10/0x10
[  106.534982][ T8378]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  106.537275][ T8378]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  106.539391][ T8378]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  106.541588][ T8378]  ? __kthread_parkme+0x7b/0x200
[  106.543646][ T8378]  ? __kthread_parkme+0x1a1/0x200
[  106.545542][ T8378]  kthread+0x711/0x8a0
[  106.547206][ T8378]  ? __pfx_hidp_session_thread+0x10/0x10
[  106.549462][ T8378]  ? __pfx_kthread+0x10/0x10
[  106.551089][ T8378]  ? _raw_spin_unlock_irq+0x23/0x50
[  106.552832][ T8378]  ? lockdep_hardirqs_on+0x9c/0x150
[  106.554578][ T8378]  ? __pfx_kthread+0x10/0x10
[  106.556229][ T8378]  ret_from_fork+0x3fc/0x770
[  106.558125][ T8378]  ? __pfx_ret_from_fork+0x10/0x10
[  106.560113][ T8378]  ? __switch_to_asm+0x39/0x70
[  106.561724][ T8378]  ? __switch_to_asm+0x33/0x70
[  106.563345][ T8378]  ? __pfx_kthread+0x10/0x10
[  106.565052][ T8378]  ret_from_fork_asm+0x1a/0x30
[  106.566979][ T8378]  </TASK>
[  106.569000][ T8378] Kernel Offset: disabled
[  106.570749][ T8378] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:29:06  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff81b44fbb RBX=1ffff11026cc7f61 RCX=ffff88810dc6b980 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc9000273f6c0 RSP=ffffc9000273f540
R8 =ffffffff8fa39837 R9 =1ffffffff1f47306 R10=dffffc0000000000 R11=fffffbfff1f47307
R12=ffff88813663fb08 R13=dffffc0000000000 R14=ffff88804b03b1c0 R15=0000000000000001
RIP=ffffffff81b44fa3 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fbf84293c80 ffffffff 00c00000
GS =0000 ffff8880b8618000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000558cc09107e8 CR3=000000010efb2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=00ff000000000000 ff00000000000000 XMM05=0000000000000174 0000000000000000
XMM06=ffffffffffff0000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffffff0000 ffffffffffffffff XMM09=0000000000003374 6e6576652f357475
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90006abf370
R8 =ffff888106f08237 R9 =1ffff11020de1046 R10=dffffc0000000000 R11=ffffffff854f4700
R12=dffffc0000000000 R13=ffffffff99afd8ff R14=ffffffff99df2420 R15=0000000000000000
RIP=ffffffff854f477c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c18000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fccd2707d60 CR3=000000010e74e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=ffffffffffffffff ffff00ff00000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffffffffff ffffffffff000000 XMM09=0000000000000021 0000000000357475
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
