last executing test programs:

17.531736098s ago: executing program 2 (id=6):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x8, 0x0, 0x0)

17.531475921s ago: executing program 2 (id=7):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000e40)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="0200000002"], 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r3, r4, 0x2, 0x2}, 0x10)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@cgroup=r5, r2, 0x2, 0x0, 0x4000}, 0x10)

17.448406047s ago: executing program 2 (id=9):
syz_emit_ethernet(0x6a, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x48, 0x0, @wg=@cookie={0x3, 0x2, "173e6335a79630de1125f32bfd49b77c2d01a8ac6334c2bd", "5c341f44cbb52d9d51c5ea017cd89c9cf84a0b6ec3606f3e97d850427a78e750"}}}}}}, 0x0)

16.238049034s ago: executing program 2 (id=43):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x288, 0x0, 0x4c, 0x1a, 0x190, 0x73, 0x270, 0x258, 0x258, 0x270, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @mcast2, [], [], 'netdevsim0\x00', 'macvlan1\x00'}, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2e8)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000040)=0xfffffffc, 0x4)
setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x10005, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

10.498826547s ago: executing program 2 (id=43):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x288, 0x0, 0x4c, 0x1a, 0x190, 0x73, 0x270, 0x258, 0x258, 0x270, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @mcast2, [], [], 'netdevsim0\x00', 'macvlan1\x00'}, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2e8)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000040)=0xfffffffc, 0x4)
setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x10005, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

3.986556692s ago: executing program 2 (id=43):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x288, 0x0, 0x4c, 0x1a, 0x190, 0x73, 0x270, 0x258, 0x258, 0x270, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @mcast2, [], [], 'netdevsim0\x00', 'macvlan1\x00'}, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2e8)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000040)=0xfffffffc, 0x4)
setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x10005, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

389.69599ms ago: executing program 0 (id=346):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0900000000000000000000ffffffffffffffff010000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYRES8=r0, @ANYRES8=r0, @ANYRESHEX=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x10, &(0x7f0000000140)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8001}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x33}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r4, 0xe0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbc, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080))
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet(r6, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x29000000, 0x8, {0x0, @empty}}}], 0x20}}], 0x1, 0x80)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
close(r5)

287.222588ms ago: executing program 1 (id=348):
syz_emit_ethernet(0x8e, &(0x7f0000001080)={@local, @link_local, @val, {@ipv4={0x88a8, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x300, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x4, 0x3, "7fe77f731db8aba73f3509d6e7118104224a45fe99a8fbc5252b1170535ac6fb", "c196168f72696bf9ad5b6dc51a703690", {"aa72f4bd15c2580cdc3d66fdf23cb5a3", "a02ad2bc4f0c9415f88c3599baddc6ee"}}}}}}}, 0x0)

276.262004ms ago: executing program 0 (id=349):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x8c}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x90)

276.035676ms ago: executing program 1 (id=350):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001b00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x94, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x34, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x108}}, 0x0)

208.530848ms ago: executing program 0 (id=351):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x200, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4ac2d78a}}, 0x0, 0x0, 0x3f, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4)
ioctl$int_in(r0, 0x5421, &(0x7f0000000140)=0x1)
writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)
shutdown(r0, 0x1)

208.152095ms ago: executing program 0 (id=352):
socket$inet(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x34, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, 0x0, {0xfff2}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0)
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000280)={r1, r1, 0x1, 0x3, &(0x7f0000000040)="0f114d", 0x9, 0x1, 0x458, 0x58, 0xc3b8, 0x1, 0x0, 'syz0\x00'})

207.867585ms ago: executing program 1 (id=353):
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, 0x0}, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @broadcast}, 0x10)
getsockopt$inet_mptcp_buf(r0, 0x11c, 0x3, &(0x7f0000000040)=""/185, &(0x7f0000000100)=0xb9)

127.827058ms ago: executing program 1 (id=354):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newlink={0x48, 0x10, 0x1, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2180}, [@IFLA_IFNAME={0x14, 0x3, 'wlan0\x00'}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc, 0x5, {0x9, 0xffffffff}}]}]}]}, 0x48}}, 0x0)

126.497537ms ago: executing program 0 (id=355):
r0 = socket$inet6(0xa, 0x2, 0x3a)
sendto$inet6(r0, &(0x7f0000000140)="80003ee9620ca1ce", 0x8, 0x0, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)

70.21848ms ago: executing program 1 (id=356):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r0}, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r1, &(0x7f0000000340)="41000000010001", 0x7)

69.979124ms ago: executing program 0 (id=357):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x2000)
ioctl$TUNSETNOCSUM(r2, 0xff0a, 0x1)

0s ago: executing program 1 (id=358):
sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000000000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf5", 0x52}], 0x1, 0x0, 0x0, 0x1f000801}, 0x8000)
r0 = socket$inet6(0xa, 0x3, 0x8)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x2, 0x4)
sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="24000000000000002900000032000000fe"], 0x28}}], 0x1, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:58051' (ED25519) to the list of known hosts.
syzkaller login: [   48.105672][ T5820] cgroup: Unknown subsys name 'net'
[   48.207087][ T5820] cgroup: Unknown subsys name 'cpuset'
[   48.211788][ T5820] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   49.850717][ T5820] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   54.039400][ T5220] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.054389][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.074513][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.079537][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   54.082924][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   54.083013][ T5831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.087840][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   54.088490][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   54.093978][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   54.097135][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   54.108327][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   54.111637][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   54.114781][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   54.117633][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   54.120508][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   54.362193][ T5838] chnl_net:caif_netlink_parms(): no params data found
[   54.406646][ T5829] chnl_net:caif_netlink_parms(): no params data found
[   54.431721][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   54.506949][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.509656][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.512302][ T5838] bridge_slave_0: entered allmulticast mode
[   54.515502][ T5838] bridge_slave_0: entered promiscuous mode
[   54.519709][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.521907][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.524306][ T5838] bridge_slave_1: entered allmulticast mode
[   54.526951][ T5838] bridge_slave_1: entered promiscuous mode
[   54.595218][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.597493][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.599601][ T5833] bridge_slave_0: entered allmulticast mode
[   54.603225][ T5833] bridge_slave_0: entered promiscuous mode
[   54.609204][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.612185][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.614776][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.617145][ T5829] bridge_slave_0: entered allmulticast mode
[   54.620120][ T5829] bridge_slave_0: entered promiscuous mode
[   54.623094][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.625535][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.627825][ T5833] bridge_slave_1: entered allmulticast mode
[   54.630506][ T5833] bridge_slave_1: entered promiscuous mode
[   54.634770][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.645951][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.648307][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.650698][ T5829] bridge_slave_1: entered allmulticast mode
[   54.653514][ T5829] bridge_slave_1: entered promiscuous mode
[   54.701080][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.705741][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.711681][ T5838] team0: Port device team_slave_0 added
[   54.716855][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.737899][ T5838] team0: Port device team_slave_1 added
[   54.741730][ T5833] team0: Port device team_slave_0 added
[   54.745101][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.759294][ T5833] team0: Port device team_slave_1 added
[   54.795949][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.798162][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.806958][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.813278][ T5829] team0: Port device team_slave_0 added
[   54.817969][ T5829] team0: Port device team_slave_1 added
[   54.836639][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.838830][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.848047][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.861248][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.863379][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.871277][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.875247][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.877932][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.889788][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.894997][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.897565][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.908144][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.920260][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.922455][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.931328][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.988735][ T5833] hsr_slave_0: entered promiscuous mode
[   54.991118][ T5833] hsr_slave_1: entered promiscuous mode
[   54.999446][ T5838] hsr_slave_0: entered promiscuous mode
[   55.002308][ T5838] hsr_slave_1: entered promiscuous mode
[   55.006534][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.009557][ T5838] Cannot create hsr debugfs directory
[   55.042793][ T5829] hsr_slave_0: entered promiscuous mode
[   55.046215][ T5829] hsr_slave_1: entered promiscuous mode
[   55.048315][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.050659][ T5829] Cannot create hsr debugfs directory
[   55.316308][ T5833] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   55.325872][ T5833] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   55.351964][ T5833] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   55.362568][ T5833] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   55.398876][ T5838] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   55.416925][ T5838] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   55.423388][ T5838] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   55.429317][ T5838] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   55.457487][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   55.468643][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   55.481317][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   55.496253][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   55.547422][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.571306][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   55.585755][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.588492][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.599852][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.602606][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.625476][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.666383][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[   55.677642][ T2254] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.679908][ T2254] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.695797][ T2254] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.698029][ T2254] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.706088][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.740454][ T5829] 8021q: adding VLAN 0 to HW filter on device team0
[   55.751211][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.753428][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.768050][ T4070] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.770315][ T4070] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.780883][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.857235][ T5833] veth0_vlan: entered promiscuous mode
[   55.878196][ T5833] veth1_vlan: entered promiscuous mode
[   55.928188][ T5833] veth0_macvtap: entered promiscuous mode
[   55.936673][ T5833] veth1_macvtap: entered promiscuous mode
[   55.945713][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.957151][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.967887][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.977636][ T5833] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.981170][ T5833] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.985311][ T5833] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.988610][ T5833] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.002866][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.034849][ T5838] veth0_vlan: entered promiscuous mode
[   56.056198][ T5838] veth1_vlan: entered promiscuous mode
[   56.090826][ T5829] veth0_vlan: entered promiscuous mode
[   56.110323][ T5829] veth1_vlan: entered promiscuous mode
[   56.120854][ T5838] veth0_macvtap: entered promiscuous mode
[   56.124929][ T5837] Bluetooth: hci1: command tx timeout
[   56.124933][ T5220] Bluetooth: hci0: command tx timeout
[   56.133631][ T5838] veth1_macvtap: entered promiscuous mode
[   56.138762][ T4070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.141265][ T4070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.159025][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.166242][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.178364][ T5838] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.181071][ T5838] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.183726][ T5838] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.187882][ T5838] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.201715][ T2254] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.202209][ T5829] veth0_macvtap: entered promiscuous mode
[   56.205026][ T2254] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.208678][ T5220] Bluetooth: hci2: command tx timeout
[   56.237103][ T5829] veth1_macvtap: entered promiscuous mode
[   56.269284][ T4070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.271637][ T4070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.304923][ T2254] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.307589][ T2254] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.313194][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   56.324689][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.331939][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.348529][ T5829] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.351874][ T5829] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.365639][ T5829] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.368935][ T5829] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.406785][ T5895] netlink: 'syz.2.3': attribute type 4 has an invalid length.
[   56.409744][ T5895] netlink: 17 bytes leftover after parsing attributes in process `syz.2.3'.
[   56.504486][ T1086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.507697][ T1086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.530102][ T1086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.532698][ T1086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.735617][ T5919] Zero length message leads to an empty skb
[   56.796550][ T5921] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11'.
[   56.797938][ T5919] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.802095][ T5919] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.849805][ T5919] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   56.856561][ T5919] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   56.891986][ T5919] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   56.894842][ T5919] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   56.897617][ T5919] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   56.900222][ T5919] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   56.930458][ T5921] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   56.933307][ T5921] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   56.936407][ T5921] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   56.938987][ T5921] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   56.961294][ T5923] team0: Port device veth3 added
[   57.040155][ T5929] tipc: Started in network mode
[   57.041855][ T5929] tipc: Node identity 8ab2333b34b6, cluster identity 4711
[   57.056802][ T5929] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   57.061942][ T5929] syzkaller0: entered promiscuous mode
[   57.063637][ T5929] syzkaller0: entered allmulticast mode
[   57.070019][ T5929] tipc: Resetting bearer <eth:syzkaller0>
[   57.074208][ T5928] tipc: Resetting bearer <eth:syzkaller0>
[   57.083371][ T5928] tipc: Disabling bearer <eth:syzkaller0>
[   57.106732][ T5933] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18'.
[   57.269045][ T5946] warning: `syz.1.24' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   57.411286][ T5958] syz.1.28 uses obsolete (PF_INET,SOCK_PACKET)
[   57.596594][ T5970] bpq0: entered promiscuous mode
[   57.598150][ T5970] bpq0: entered allmulticast mode
[   57.825876][ T5986] pim6reg1: entered promiscuous mode
[   57.828122][ T5986] pim6reg1: entered allmulticast mode
[   57.850022][ T5661] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.101683][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   58.106819][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   58.109707][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   58.113074][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   58.116319][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   58.213919][ T5837] Bluetooth: hci0: command tx timeout
[   58.263148][ T5994] chnl_net:caif_netlink_parms(): no params data found
[   58.284500][ T5837] Bluetooth: hci2: command tx timeout
[   58.312412][   T33] audit: type=1800 audit(1752190108.353:2): pid=6006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.49" name="bpf-map" dev="anon_inodefs" ino=32 res=0 errno=0
[   58.345872][ T5994] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.348488][ T5994] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.350786][ T5994] bridge_slave_0: entered allmulticast mode
[   58.361075][ T5994] bridge_slave_0: entered promiscuous mode
[   58.371205][ T5994] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.373570][ T5994] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.389114][ T5994] bridge_slave_1: entered allmulticast mode
[   58.398156][ T5994] bridge_slave_1: entered promiscuous mode
[   58.422944][ T6013] netlink: 'syz.1.52': attribute type 58 has an invalid length.
[   58.425734][ T6013] netlink: 20 bytes leftover after parsing attributes in process `syz.1.52'.
[   58.441287][ T5994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.447781][ T5994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.468815][ T5994] team0: Port device team_slave_0 added
[   58.472079][ T5994] team0: Port device team_slave_1 added
[   58.519585][ T5994] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.521743][ T5994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.529597][ T5994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.534433][ T5994] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.536600][ T5994] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.544609][ T5994] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.591120][ T6020] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   58.594892][ T6020] batadv_slave_0: entered promiscuous mode
[   58.596657][ T6020] batadv_slave_0: entered allmulticast mode
[   58.604950][ T5994] hsr_slave_0: entered promiscuous mode
[   58.607142][ T5994] hsr_slave_1: entered promiscuous mode
[   58.609194][ T5994] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.611437][ T5994] Cannot create hsr debugfs directory
[   58.907997][ T6035] delete_channel: no stack
[   59.169950][ T5661] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.257392][ T5661] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.312741][ T5661] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.491516][ T5661] bridge_slave_1: left allmulticast mode
[   59.493340][ T5661] bridge_slave_1: left promiscuous mode
[   59.501908][ T5661] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.511884][ T5661] bridge_slave_0: left allmulticast mode
[   59.513632][ T5661] bridge_slave_0: left promiscuous mode
[   59.520611][ T5661] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.799319][ T5661] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   59.803784][ T5661] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   59.808703][ T5661] bond0 (unregistering): Released all slaves
[   60.108454][ T6095] netlink: 12 bytes leftover after parsing attributes in process `syz.0.87'.
[   60.134035][ T5837] Bluetooth: hci1: command tx timeout
[   60.285598][ T5837] Bluetooth: hci0: command tx timeout
[   60.345771][ T5661] hsr_slave_0: left promiscuous mode
[   60.358601][ T5661] hsr_slave_1: left promiscuous mode
[   60.363026][ T5661] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   60.365578][ T5837] Bluetooth: hci2: command tx timeout
[   60.370509][ T5661] batman_adv: batadv0: Removing interface: batadv_slave_0
[   60.374847][ T5661] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   60.382151][ T5661] batman_adv: batadv0: Removing interface: batadv_slave_1
[   60.401442][ T5661] veth1_macvtap: left promiscuous mode
[   60.409159][ T5661] veth0_macvtap: left promiscuous mode
[   60.410929][ T5661] veth1_vlan: left promiscuous mode
[   60.412725][ T5661] veth0_vlan: left promiscuous mode
[   60.489286][ T6120] xt_l2tp: v2 sid > 0xffff: 4294901760
[   60.850067][ T5661] team0 (unregistering): Port device team_slave_1 removed
[   60.869264][ T5661] team0 (unregistering): Port device team_slave_0 removed
[   61.071360][ T6136] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[   61.113301][ T5994] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   61.122820][ T5994] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   61.142690][ T5994] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   61.149622][ T5994] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   61.231464][ T6150] netlink: 'syz.0.109': attribute type 1 has an invalid length.
[   61.273445][ T5994] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.308910][ T5994] 8021q: adding VLAN 0 to HW filter on device team0
[   61.328667][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.330851][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.349796][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.351972][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.397987][ T5994] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   61.410220][ T5994] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   61.563188][ T5994] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.605894][ T5994] veth0_vlan: entered promiscuous mode
[   61.612381][ T5994] veth1_vlan: entered promiscuous mode
[   61.643681][ T6180] IPv6: sit1: Disabled Multicast RS
[   61.646708][ T6180] sit1: entered allmulticast mode
[   61.660649][ T5994] veth0_macvtap: entered promiscuous mode
[   61.667046][ T5994] veth1_macvtap: entered promiscuous mode
[   61.676860][ T5994] batman_adv: batadv0: Interface activated: batadv_slave_0
[   61.685240][ T5994] batman_adv: batadv0: Interface activated: batadv_slave_1
[   61.691219][ T5994] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.695681][ T5994] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.702071][ T5994] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.706354][ T5994] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.781359][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.786407][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.791976][ T6184] batadv_slave_0: left allmulticast mode
[   61.819365][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.822435][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.364217][ T5837] Bluetooth: hci0: command tx timeout
[   62.436750][ T6206] netlink: 8 bytes leftover after parsing attributes in process `syz.0.133'.
[   62.445979][ T5837] Bluetooth: hci2: command tx timeout
[   62.592796][ T6212] openvswitch: netlink: Key type 30 is not supported
[   62.858425][ T6234] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   62.958892][ T6242] netlink: 16 bytes leftover after parsing attributes in process `syz.0.150'.
[   63.109436][ T6254] netlink: 16 bytes leftover after parsing attributes in process `syz.0.156'.
[   63.165755][ T6258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.157'.
[   63.220319][ T6264] syz.1.160 uses old SIOCAX25GETINFO
[   63.463456][ T6277] netlink: 'syz.0.167': attribute type 1 has an invalid length.
[   63.731736][ T5661] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.918219][ T6309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.174'.
[   63.921325][ T6309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.174'.
[   64.021632][ T6312] bridge_slave_0: left allmulticast mode
[   64.032050][ T6312] bridge_slave_0: left promiscuous mode
[   64.035014][ T5220] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.040282][ T5220] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.046546][ T6312] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.052459][ T5220] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.057650][ T6312] bridge_slave_1: left allmulticast mode
[   64.061833][ T5220] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.066145][ T5220] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.069203][ T6312] bridge_slave_1: left promiscuous mode
[   64.072619][ T6312] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.106608][ T6312] bond0: (slave bond_slave_0): Releasing backup interface
[   64.121897][ T6312] bond0: (slave bond_slave_1): Releasing backup interface
[   64.148651][ T6312] team0: Port device team_slave_0 removed
[   64.153448][ T6312] team0: Port device team_slave_1 removed
[   64.159680][ T6312] batman_adv: batadv0: Removing interface: batadv_slave_0
[   64.162880][ T6312] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   64.165667][ T6312] batman_adv: batadv0: Removing interface: batadv_slave_1
[   64.181308][ T6312] team0: Port device veth3 removed
[   64.268122][ T6329] netlink: 'syz.0.180': attribute type 10 has an invalid length.
[   64.272821][ T6329] team0: Cannot enslave team device to itself
[   64.392920][ T6314] chnl_net:caif_netlink_parms(): no params data found
[   64.454803][ T6344] netlink: 8 bytes leftover after parsing attributes in process `syz.0.185'.
[   64.524978][ T5220] Bluetooth: hci2: command tx timeout
[   64.564212][ T6314] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.568692][ T6314] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.570839][ T6314] bridge_slave_0: entered allmulticast mode
[   64.577894][ T6314] bridge_slave_0: entered promiscuous mode
[   64.594012][ T6314] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.597266][ T6314] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.599396][ T6314] bridge_slave_1: entered allmulticast mode
[   64.602022][ T6314] bridge_slave_1: entered promiscuous mode
[   64.612764][ T6364] netlink: 1041 bytes leftover after parsing attributes in process `syz.1.191'.
[   64.659909][ T6367] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   64.668391][ T6314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.683305][ T6314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.683419][ T6367] xt_CT: No such helper "snmp"
[   64.729326][ T6372] netlink: 12 bytes leftover after parsing attributes in process `syz.1.194'.
[   64.732080][ T6314] team0: Port device team_slave_0 added
[   64.755999][ T6314] team0: Port device team_slave_1 added
[   64.799830][ T6314] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.802177][ T6314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.811021][ T6314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.816069][ T6314] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.821127][ T6314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.836655][ T6314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.870719][ T6381] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.197'.
[   64.915200][ T6314] hsr_slave_0: entered promiscuous mode
[   64.917455][ T6314] hsr_slave_1: entered promiscuous mode
[   65.224135][ T5865] IPVS: starting estimator thread 0...
[   65.236760][ T6408] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   65.292155][   T33] audit: type=1800 audit(1752190115.333:3): pid=6409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.207" name="memory.events" dev="tmpfs" ino=565 res=0 errno=0
[   65.324981][ T6410] IPVS: using max 62 ests per chain, 148800 per kthread
[   65.410465][ T5661] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.479224][ T5661] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.542803][ T5661] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.874298][ T5661] bridge_slave_1: left allmulticast mode
[   65.883234][ T5661] bridge_slave_1: left promiscuous mode
[   65.906598][ T5661] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.939278][ T5661] bridge_slave_0: left allmulticast mode
[   65.940984][ T5661] bridge_slave_0: left promiscuous mode
[   65.942747][ T5661] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.134191][ T5220] Bluetooth: hci1: command tx timeout
[   66.303625][ T5661] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   66.310140][ T5661] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   66.315479][ T5661] bond0 (unregistering): Released all slaves
[   66.703035][ T5661] hsr_slave_0: left promiscuous mode
[   66.705880][ T5661] hsr_slave_1: left promiscuous mode
[   66.709434][ T5661] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   66.711699][ T5661] batman_adv: batadv0: Removing interface: batadv_slave_0
[   66.718290][ T5661] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   66.720518][ T5661] batman_adv: batadv0: Removing interface: batadv_slave_1
[   66.732310][ T5661] veth1_macvtap: left promiscuous mode
[   66.734218][ T5661] veth0_macvtap: left promiscuous mode
[   66.736750][ T5661] veth1_vlan: left promiscuous mode
[   66.744009][ T5661] veth0_vlan: left promiscuous mode
[   66.861606][ T6452] netlink: 'syz.1.223': attribute type 9 has an invalid length.
[   66.864454][ T6452] netlink: 'syz.1.223': attribute type 6 has an invalid length.
[   67.399402][ T5661] team0 (unregistering): Port device team_slave_1 removed
[   67.467147][ T5661] team0 (unregistering): Port device team_slave_0 removed
[   67.912827][ T6314] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   67.942533][ T6314] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   67.963591][ T6314] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   67.992001][ T6314] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   68.138327][ T6314] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.165341][ T6314] 8021q: adding VLAN 0 to HW filter on device team0
[   68.171162][ T4070] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.173414][ T4070] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.186904][ T4070] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.189087][ T4070] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.215646][ T5220] Bluetooth: hci1: command tx timeout
[   68.241943][ T6314] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   68.401060][ T6314] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.447890][ T6314] veth0_vlan: entered promiscuous mode
[   68.455969][ T6314] veth1_vlan: entered promiscuous mode
[   68.490017][ T6314] veth0_macvtap: entered promiscuous mode
[   68.496731][ T6314] veth1_macvtap: entered promiscuous mode
[   68.515102][ T6314] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.526446][ T6314] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.536320][ T6314] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.540237][ T6314] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.543668][ T6314] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.547049][ T6314] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.610981][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.621170][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.638130][ T1086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.640542][ T1086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.129395][ T6509] __nla_validate_parse: 3 callbacks suppressed
[   69.129408][ T6509] netlink: 8 bytes leftover after parsing attributes in process `syz.1.238'.
[   69.136460][ T6509] netlink: 4 bytes leftover after parsing attributes in process `syz.1.238'.
[   69.290470][ T6521] netlink: 'syz.1.245': attribute type 1 has an invalid length.
[   69.292831][ T6521] netlink: 'syz.1.245': attribute type 4 has an invalid length.
[   69.295926][ T6521] netlink: 188 bytes leftover after parsing attributes in process `syz.1.245'.
[   69.454779][ T6539] syzkaller0: entered promiscuous mode
[   69.456744][ T6539] syzkaller0: entered allmulticast mode
[   69.636285][    T9] IPVS: starting estimator thread 0...
[   69.637935][ T6552] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551615)
[   69.641114][ T6552] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647
[   69.666960][ T6556] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.262'.
[   69.725470][ T6554] IPVS: using max 62 ests per chain, 148800 per kthread
[   70.225898][ T5661] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.464998][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   70.467911][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   70.470535][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   70.473225][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   70.479073][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   70.606608][ T6633] netlink: 32 bytes leftover after parsing attributes in process `syz.1.293'.
[   70.612765][ T6616] chnl_net:caif_netlink_parms(): no params data found
[   70.617876][ T6633] netlink: 48 bytes leftover after parsing attributes in process `syz.1.293'.
[   70.620583][ T6633] netlink: 48 bytes leftover after parsing attributes in process `syz.1.293'.
[   70.689955][ T6616] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.695593][ T6616] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.697752][ T6616] bridge_slave_0: entered allmulticast mode
[   70.703165][ T6616] bridge_slave_0: entered promiscuous mode
[   70.710216][ T6616] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.712382][ T6616] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.716294][ T6616] bridge_slave_1: entered allmulticast mode
[   70.718991][ T6616] bridge_slave_1: entered promiscuous mode
[   70.765626][ T6616] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.772055][ T6616] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.806762][ T6616] team0: Port device team_slave_0 added
[   70.814665][ T6616] team0: Port device team_slave_1 added
[   70.840123][ T6616] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.842233][ T6616] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.851714][ T6616] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.856232][ T6616] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.858289][ T6616] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.858949][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   70.874041][ T6616] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.904067][ T6616] hsr_slave_0: entered promiscuous mode
[   70.906907][ T6616] hsr_slave_1: entered promiscuous mode
[   70.908998][ T6616] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   70.911958][ T6616] Cannot create hsr debugfs directory
[   71.239028][ T5661] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.828921][ T5661] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.889027][ T6678] netlink: 12 bytes leftover after parsing attributes in process `syz.1.311'.
[   71.892717][ T5661] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.901248][ T6678] smc: net device bond0 applied user defined pnetid SYZ
[   71.938003][ T6683] netlink: 304 bytes leftover after parsing attributes in process `syz.0.313'.
[   72.014444][ T5661] bridge_slave_1: left allmulticast mode
[   72.016223][ T5661] bridge_slave_1: left promiscuous mode
[   72.017972][ T5661] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.023025][ T5661] bridge_slave_0: left allmulticast mode
[   72.027646][ T5661] bridge_slave_0: left promiscuous mode
[   72.029471][ T5661] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.252038][ T5661] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   72.256247][ T5661] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   72.259772][ T5661] bond0 (unregistering): Released all slaves
[   72.332808][ T6703] netlink: 'syz.1.323': attribute type 2 has an invalid length.
[   72.524561][ T5837] Bluetooth: hci1: command tx timeout
[   72.597457][ T5661] hsr_slave_0: left promiscuous mode
[   72.601256][ T5661] hsr_slave_1: left promiscuous mode
[   72.603289][ T5661] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   72.614337][ T5661] batman_adv: batadv0: Removing interface: batadv_slave_0
[   72.618176][ T5661] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   72.620372][ T5661] batman_adv: batadv0: Removing interface: batadv_slave_1
[   72.632443][ T5661] veth1_macvtap: left promiscuous mode
[   72.635154][ T5661] veth0_macvtap: left promiscuous mode
[   72.636892][ T5661] veth1_vlan: left promiscuous mode
[   72.638652][ T5661] veth0_vlan: left promiscuous mode
[   72.979685][ T5661] team0 (unregistering): Port device team_slave_1 removed
[   72.999625][ T5661] team0 (unregistering): Port device team_slave_0 removed
[   73.281670][ T6739] netlink: 12 bytes leftover after parsing attributes in process `syz.1.335'.
[   73.311842][ T6616] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   73.322197][ T6739] bridge3: port 1(ip6gretap1) entered blocking state
[   73.325895][ T6739] bridge3: port 1(ip6gretap1) entered disabled state
[   73.327999][ T6739] ip6gretap1: entered allmulticast mode
[   73.330829][ T6739] ip6gretap1: entered promiscuous mode
[   73.336355][ T6616] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   73.341128][ T6616] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   73.370964][ T6739] veth5: entered promiscuous mode
[   73.372768][ T6739] bridge3: port 2(veth5) entered blocking state
[   73.376611][ T6739] bridge3: port 2(veth5) entered disabled state
[   73.378621][ T6739] veth5: entered allmulticast mode
[   73.384043][ T6616] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   73.417337][ T6745] Bluetooth: MGMT ver 1.23
[   73.471237][ T6616] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.493057][ T6616] 8021q: adding VLAN 0 to HW filter on device team0
[   73.509632][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.511936][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.525066][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.527319][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.778692][ T6616] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.836886][ T6616] veth0_vlan: entered promiscuous mode
[   73.847410][ T6616] veth1_vlan: entered promiscuous mode
[   73.888415][ T6616] veth0_macvtap: entered promiscuous mode
[   73.892171][ T6616] veth1_macvtap: entered promiscuous mode
[   73.910837][ T6616] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.920603][ T6785] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input4
[   73.926140][ T6616] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.931208][ T6616] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.936661][ T6616] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.940311][ T6616] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.942826][ T6616] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.962580][ T6789] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[   74.024672][ T1086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.027038][ T1086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.055339][ T1086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.057723][ T1086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.149384][ T6788] ==================================================================
[   74.151830][ T6788] BUG: KASAN: slab-use-after-free in __mutex_lock+0x738/0xe80
[   74.154083][ T6788] Read of size 8 at addr ffff8881208f40a0 by task khidpd_04580058/6788
[   74.157478][ T6788] 
[   74.158196][ T6788] CPU: 1 UID: 0 PID: 6788 Comm: khidpd_04580058 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   74.158208][ T6788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   74.158214][ T6788] Call Trace:
[   74.158219][ T6788]  <TASK>
[   74.158266][ T6788]  dump_stack_lvl+0x189/0x250
[   74.158286][ T6788]  ? __virt_addr_valid+0x1c8/0x5c0
[   74.158304][ T6788]  ? rcu_is_watching+0x15/0xb0
[   74.158314][ T6788]  ? __kasan_check_byte+0x12/0x40
[   74.158325][ T6788]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.158333][ T6788]  ? rcu_is_watching+0x15/0xb0
[   74.158341][ T6788]  ? lock_release+0x4b/0x3e0
[   74.158351][ T6788]  ? __virt_addr_valid+0x1c8/0x5c0
[   74.158360][ T6788]  ? __virt_addr_valid+0x4a5/0x5c0
[   74.158369][ T6788]  print_report+0xd2/0x2b0
[   74.158377][ T6788]  ? __mutex_lock+0x738/0xe80
[   74.158385][ T6788]  kasan_report+0x118/0x150
[   74.158394][ T6788]  ? __mutex_lock+0x738/0xe80
[   74.158403][ T6788]  __mutex_lock+0x738/0xe80
[   74.158411][ T6788]  ? __mutex_lock+0x51b/0xe80
[   74.158418][ T6788]  ? l2cap_unregister_user+0x6a/0x1b0
[   74.158427][ T6788]  ? __pfx___mutex_lock+0x10/0x10
[   74.158435][ T6788]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   74.158449][ T6788]  l2cap_unregister_user+0x6a/0x1b0
[   74.158458][ T6788]  hidp_session_thread+0x3c9/0x410
[   74.158468][ T6788]  ? __pfx_hidp_session_thread+0x10/0x10
[   74.158474][ T6788]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   74.158485][ T6788]  ? __pfx_hidp_session_wake_function+0x10/0x10
[   74.158493][ T6788]  ? __pfx_hidp_session_wake_function+0x10/0x10
[   74.158501][ T6788]  ? __kthread_parkme+0x7b/0x200
[   74.158510][ T6788]  ? __kthread_parkme+0x1a1/0x200
[   74.158520][ T6788]  kthread+0x711/0x8a0
[   74.158530][ T6788]  ? __pfx_hidp_session_thread+0x10/0x10
[   74.158538][ T6788]  ? __pfx_kthread+0x10/0x10
[   74.158547][ T6788]  ? _raw_spin_unlock_irq+0x23/0x50
[   74.158557][ T6788]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.158564][ T6788]  ? __pfx_kthread+0x10/0x10
[   74.158573][ T6788]  ret_from_fork+0x3fc/0x770
[   74.158582][ T6788]  ? __pfx_ret_from_fork+0x10/0x10
[   74.158591][ T6788]  ? __switch_to_asm+0x39/0x70
[   74.158601][ T6788]  ? __switch_to_asm+0x33/0x70
[   74.158609][ T6788]  ? __pfx_kthread+0x10/0x10
[   74.158619][ T6788]  ret_from_fork_asm+0x1a/0x30
[   74.158631][ T6788]  </TASK>
[   74.158634][ T6788] 
[   74.227299][ T6788] Allocated by task 6616:
[   74.228627][ T6788]  kasan_save_track+0x3e/0x80
[   74.230062][ T6788]  __kasan_kmalloc+0x93/0xb0
[   74.231504][ T6788]  __kmalloc_noprof+0x27a/0x4f0
[   74.232989][ T6788]  hci_alloc_dev_priv+0x28/0x2040
[   74.234553][ T6788]  vhci_create_device+0x120/0x6e0
[   74.236054][ T6788]  vhci_write+0x3ce/0x4a0
[   74.237385][ T6788]  vfs_write+0x54b/0xa90
[   74.238695][ T6788]  ksys_write+0x145/0x250
[   74.240030][ T6788]  do_syscall_64+0xfa/0x3b0
[   74.241422][ T6788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.243264][ T6788] 
[   74.244019][ T6788] Freed by task 6616:
[   74.245225][ T6788]  kasan_save_track+0x3e/0x80
[   74.246672][ T6788]  kasan_save_free_info+0x46/0x50
[   74.248258][ T6788]  __kasan_slab_free+0x62/0x70
[   74.249769][ T6788]  kfree+0x18e/0x440
[   74.250960][ T6788]  bt_host_release+0x82/0x90
[   74.252401][ T6788]  device_release+0x9c/0x1c0
[   74.253855][ T6788]  kobject_put+0x22b/0x480
[   74.255251][ T6788]  vhci_release+0x88/0xd0
[   74.256574][ T6788]  __fput+0x44c/0xa70
[   74.257782][ T6788]  task_work_run+0x1d4/0x260
[   74.259221][ T6788]  do_exit+0x6b5/0x22e0
[   74.260528][ T6788]  do_group_exit+0x21c/0x2d0
[   74.261965][ T6788]  __x64_sys_exit_group+0x3f/0x40
[   74.263550][ T6788]  x64_sys_call+0x21ba/0x21c0
[   74.264965][ T6788]  do_syscall_64+0xfa/0x3b0
[   74.266354][ T6788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.268259][ T6788] 
[   74.269009][ T6788] Last potentially related work creation:
[   74.270727][ T6788]  kasan_save_stack+0x3e/0x60
[   74.272154][ T6788]  kasan_record_aux_stack+0xbd/0xd0
[   74.273755][ T6788]  insert_work+0x3d/0x330
[   74.275102][ T6788]  __queue_work+0xbd9/0xfe0
[   74.276517][ T6788]  queue_work_on+0x181/0x270
[   74.277930][ T6788]  process_scheduled_works+0xae1/0x17b0
[   74.279628][ T6788]  worker_thread+0x8a0/0xda0
[   74.281026][ T6788]  kthread+0x711/0x8a0
[   74.282293][ T6788]  ret_from_fork+0x3fc/0x770
[   74.283746][ T6788]  ret_from_fork_asm+0x1a/0x30
[   74.285248][ T6788] 
[   74.285999][ T6788] Second to last potentially related work creation:
[   74.288055][ T6788]  kasan_save_stack+0x3e/0x60
[   74.289534][ T6788]  kasan_record_aux_stack+0xbd/0xd0
[   74.291141][ T6788]  insert_work+0x3d/0x330
[   74.292510][ T6788]  __queue_work+0xcfc/0xfe0
[   74.293934][ T6788]  call_timer_fn+0x17e/0x5f0
[   74.295363][ T6788]  __run_timer_base+0x646/0x860
[   74.296877][ T6788]  run_timer_softirq+0xb7/0x180
[   74.298380][ T6788]  handle_softirqs+0x286/0x870
[   74.299863][ T6788]  __irq_exit_rcu+0xca/0x1f0
[   74.301358][ T6788]  irq_exit_rcu+0x9/0x30
[   74.302712][ T6788]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   74.304473][ T6788]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   74.306357][ T6788] 
[   74.307107][ T6788] The buggy address belongs to the object at ffff8881208f4000
[   74.307107][ T6788]  which belongs to the cache kmalloc-8k of size 8192
[   74.311424][ T6788] The buggy address is located 160 bytes inside of
[   74.311424][ T6788]  freed 8192-byte region [ffff8881208f4000, ffff8881208f6000)
[   74.315645][ T6788] 
[   74.316409][ T6788] The buggy address belongs to the physical page:
[   74.318380][ T6788] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1208f0
[   74.321079][ T6788] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   74.323704][ T6788] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[   74.326055][ T6788] page_type: f5(slab)
[   74.327353][ T6788] raw: 057ff00000000040 ffff88801a442280 ffffea0004978c00 0000000000000004
[   74.329978][ T6788] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   74.332525][ T6788] head: 057ff00000000040 ffff88801a442280 ffffea0004978c00 0000000000000004
[   74.335172][ T6788] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   74.337777][ T6788] head: 057ff00000000003 ffffea0004823c01 00000000ffffffff 00000000ffffffff
[   74.340369][ T6788] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   74.343014][ T6788] page dumped because: kasan: bad access detected
[   74.344982][ T6788] page_owner tracks the page as allocated
[   74.346761][ T6788] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 5994, tgid 5994 (syz-executor), ts 58314878701, free_ts 57841998269
[   74.352812][ T6788]  post_alloc_hook+0x240/0x2a0
[   74.354380][ T6788]  get_page_from_freelist+0x21e4/0x22c0
[   74.356115][ T6788]  __alloc_frozen_pages_noprof+0x181/0x370
[   74.357912][ T6788]  alloc_pages_mpol+0x232/0x4a0
[   74.359452][ T6788]  allocate_slab+0x8a/0x3b0
[   74.360897][ T6788]  ___slab_alloc+0xbfc/0x1480
[   74.362374][ T6788]  __kvmalloc_node_noprof+0x429/0x5f0
[   74.364014][ T6788]  wg_packet_queue_init+0xb7/0x320
[   74.365643][ T6788]  wg_newlink+0x326/0x650
[   74.367000][ T6788]  rtnl_newlink_create+0x310/0xb00
[   74.368722][ T6788]  rtnl_newlink+0x16d6/0x1c70
[   74.370184][ T6788]  rtnetlink_rcv_msg+0x7cf/0xb70
[   74.371730][ T6788]  netlink_rcv_skb+0x208/0x470
[   74.373219][ T6788]  netlink_unicast+0x75b/0x8d0
[   74.374755][ T6788]  netlink_sendmsg+0x805/0xb30
[   74.376288][ T6788]  __sock_sendmsg+0x21c/0x270
[   74.378070][ T6788] page last free pid 5828 tgid 5828 stack trace:
[   74.380076][ T6788]  __free_frozen_pages+0xc71/0xe70
[   74.381687][ T6788]  vfree+0x25a/0x400
[   74.382920][ T6788]  kcov_close+0x28/0x50
[   74.384246][ T6788]  __fput+0x44c/0xa70
[   74.385453][ T6788]  task_work_run+0x1d4/0x260
[   74.386880][ T6788]  do_exit+0x6b5/0x22e0
[   74.388153][ T6788]  do_group_exit+0x21c/0x2d0
[   74.389617][ T6788]  __x64_sys_exit_group+0x3f/0x40
[   74.391185][ T6788]  x64_sys_call+0x21ba/0x21c0
[   74.392668][ T6788]  do_syscall_64+0xfa/0x3b0
[   74.394092][ T6788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.395924][ T6788] 
[   74.396681][ T6788] Memory state around the buggy address:
[   74.398435][ T6788]  ffff8881208f3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   74.400883][ T6788]  ffff8881208f4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.403563][ T6788] >ffff8881208f4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.406025][ T6788]                                ^
[   74.407661][ T6788]  ffff8881208f4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.410147][ T6788]  ffff8881208f4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.412586][ T6788] ==================================================================
[   74.415399][ T6788] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   74.417667][ T6788] CPU: 1 UID: 0 PID: 6788 Comm: khidpd_04580058 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   74.421577][ T6788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   74.424698][ T6788] Call Trace:
[   74.425756][ T6788]  <TASK>
[   74.426687][ T6788]  dump_stack_lvl+0x99/0x250
[   74.428095][ T6788]  ? __asan_memcpy+0x40/0x70
[   74.429564][ T6788]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.431147][ T6788]  ? __pfx__printk+0x10/0x10
[   74.432617][ T6788]  panic+0x2db/0x790
[   74.433874][ T6788]  ? __pfx_panic+0x10/0x10
[   74.435344][ T6788]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[   74.437182][ T6788]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   74.439030][ T6788]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   74.441022][ T6788]  ? print_memory_metadata+0x314/0x400
[   74.442732][ T6788]  ? __mutex_lock+0x738/0xe80
[   74.444167][ T6788]  check_panic_on_warn+0x89/0xb0
[   74.445705][ T6788]  ? __mutex_lock+0x738/0xe80
[   74.447179][ T6788]  end_report+0x78/0x160
[   74.448519][ T6788]  kasan_report+0x129/0x150
[   74.449889][ T6788]  ? __mutex_lock+0x738/0xe80
[   74.451327][ T6788]  __mutex_lock+0x738/0xe80
[   74.452697][ T6788]  ? __mutex_lock+0x51b/0xe80
[   74.454140][ T6788]  ? l2cap_unregister_user+0x6a/0x1b0
[   74.455823][ T6788]  ? __pfx___mutex_lock+0x10/0x10
[   74.457396][ T6788]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   74.459241][ T6788]  l2cap_unregister_user+0x6a/0x1b0
[   74.460896][ T6788]  hidp_session_thread+0x3c9/0x410
[   74.462498][ T6788]  ? __pfx_hidp_session_thread+0x10/0x10
[   74.464241][ T6788]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   74.466073][ T6788]  ? __pfx_hidp_session_wake_function+0x10/0x10
[   74.468124][ T6788]  ? __pfx_hidp_session_wake_function+0x10/0x10
[   74.470123][ T6788]  ? __kthread_parkme+0x7b/0x200
[   74.471691][ T6788]  ? __kthread_parkme+0x1a1/0x200
[   74.473302][ T6788]  kthread+0x711/0x8a0
[   74.474595][ T6788]  ? __pfx_hidp_session_thread+0x10/0x10
[   74.476354][ T6788]  ? __pfx_kthread+0x10/0x10
[   74.477775][ T6788]  ? _raw_spin_unlock_irq+0x23/0x50
[   74.479369][ T6788]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.480976][ T6788]  ? __pfx_kthread+0x10/0x10
[   74.482432][ T6788]  ret_from_fork+0x3fc/0x770
[   74.483875][ T6788]  ? __pfx_ret_from_fork+0x10/0x10
[   74.485437][ T6788]  ? __switch_to_asm+0x39/0x70
[   74.486939][ T6788]  ? __switch_to_asm+0x33/0x70
[   74.488482][ T6788]  ? __pfx_kthread+0x10/0x10
[   74.489937][ T6788]  ret_from_fork_asm+0x1a/0x30
[   74.491435][ T6788]  </TASK>
[   74.492995][ T6788] Kernel Offset: disabled
[   74.494377][ T6788] Rebooting in 86400 seconds..

VM DIAGNOSIS:
23:28:44  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000007 RBX=0000000000000003 RCX=0000000000000000 RDX=0000000000000000
RSI=ffff888020e62828 RDI=ffff888020e61cc0 RBP=0000000000000000 RSP=ffffc900040af1e8
R8 =0000000000000000 R9 =ffffffff81729af5 R10=ffffc900040af438 R11=ffffffff81acf6a0
R12=0000000000004000 R13=ffff888020e627b0 R14=ffff888020e62828 R15=0b844b592684a22e
RIP=ffffffff819e3d7c RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055557fcd2500 ffffffff 00c00000
GS =0000 ffff8880b861d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fddc5ae56c0 CR3=0000000027c2a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007fddc4e11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000038 RBX=0000000000000038 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000300f370
R8 =ffff888021768237 R9 =1ffff110042ed046 R10=dffffc0000000000 R11=ffffffff85475610
R12=dffffc0000000000 R13=ffffffff99af791a R14=ffffffff99dfc760 R15=0000000000000000
RIP=ffffffff8547568c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f4dd7f4ffc8 CR3=00000001065c4000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=ffffffffffffffff ffffffffffffffff XMM03=ffffffffffffff00 ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f4dd7211c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
