last executing test programs:

17.332143421s ago: executing program 0 (id=1108):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(0x0, r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000000)={r2, 0x0, 0xfffffffffffffffe}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000003"], 0x48)
r3 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000002c0)=""/110, 0x6e}, {&(0x7f00000047c0)=""/4057, 0xfd9}, {&(0x7f00000037c0)=""/4069, 0xfe5}, {&(0x7f0000000340)=""/198, 0xc6}, {&(0x7f0000000200)=""/37, 0x25}, {&(0x7f0000000800)=""/187, 0xbb}], 0x6}, 0x40000100)
sendmsg$inet(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000900)="5c00000012006bab9a3fe3d86e17aa0a046b4877c4aaf68187bae53dca2ba35bda6a876c1d0048007ea608649e7524765f0ef82e3c0000a705259a3651f60a84c9f4d4938037e70e4509c5bb00000000e513aeac9bf2bee150d5fe86", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20000000)
r4 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000))
openat$cgroup_ro(r4, &(0x7f0000001300)='memory.swap.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000"], 0x0, 0x2}, 0x94)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, &(0x7f0000000340)={r5, r5, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'})
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"/12], &(0x7f0000000140)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10)
shutdown(r5, 0x1)
ioctl$sock_bt_hidp_HIDPCONNDEL(r6, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)

17.254978786s ago: executing program 1 (id=1109):
r0 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r1 = accept(r0, &(0x7f00000002c0)=@xdp, &(0x7f00000000c0)=0x80)
socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
shutdown(r3, 0x0)
recvmmsg(r3, &(0x7f00000004c0), 0xf02, 0xf0, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r1, 0x114, 0xa, &(0x7f0000000400)=ANY=[@ANYBLOB="03ede391055e50ac83ab0c5468da41bd9291917af3a8a6628530a3b662bc46e9be23ec41f385828795"], 0x4)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000001200000024000000080000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={0x0, r5, 0x0, 0x200000002}, 0x18)
r6 = bpf$ITER_CREATE(0xb, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$cgroup_int(r6, &(0x7f00000001c0)=0x8200000000000000, 0xfffffdef)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000007, 0x20010, 0xffffffffffffffff, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_EVENTS(r7, 0x84, 0xb, 0x0, &(0x7f0000000140))
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r8, &(0x7f00000004c0)={0x1f, 0xfffd, @none}, 0xe)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x2, 0x0, @local, 0x2}]}, 0x0)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000006040)={0x184, 0x0, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_MLSCATLST={0x158, 0xc, 0x0, 0x1, [{0x154, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATLOC, @NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}]}, {0x4}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x32}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8}]}, {0x5c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}]}]}]}, 0x184}}, 0x0)
r9 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000240), r4)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r9, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @broadcast}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @loopback}]}, 0x30}, 0x1, 0x0, 0x0, 0x4880}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4)
socket$kcm(0x10, 0x2, 0x10)

17.172878361s ago: executing program 1 (id=1111):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x1d64, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x38, 0x3e, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x11, 0x2, 0x0, 0x1, [@nested={0xc, 0x14, 0x0, 0x1, [@typed={0x8, 0x18, 0x0, 0x0, @u32=0x9}]}, @generic='V']}]}, 0x38}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}, 0xf5ff}], 0xf00, 0x0, 0x0)
shutdown(r2, 0x0)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000f2ffffff0000000000000000850000001700000095"], &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r3, 0x0, 0x3c, 0x72, &(0x7f0000000040)="976d9023d56482cd284a63da539706d7009be646625bd75b025352ebe557df463106baeed6c2d75549b140f143fb8bb67bfe5b308b8d05758115c7ad", &(0x7f0000000180)=""/114, 0x0, 0x0, 0xdf, 0xa0, &(0x7f0000000580)="cf2240e6919817e49555d2215c23f7f4c29c90b4e6c6ba11c4d974ddab2318db7b52cee499399a00be4b710e9246d7bca28cc8346eb84414e45f3f4633f4acb77bf8cc38c4c16fe035905db79cdc86ea320f339c21399b5bb7607044916c63c528ab4149718d6215a9a3749113c268e49b2b9dae91ed804e5ac5d4ec7ac9c5fd67a76f9a2b06f7304f6e81221a751008e786e1edde82cf1ecb76cb4cd71cf781ea3a19b917a1e215b1a6c7de2f69700b0c55b7ee605b32b91eaae38517fde4303d5f2b1e63e9e52ae4b197fd72de1f71801e1f9f1369d1f530000000000000", &(0x7f0000000280)="bf049fd184f7b03c21d9bcddc4eef9ebb6a0da3eb91c56454e873dd7336ccf21a1eeb8da7adf80d6e06ef46c7f36222fadaed2103c286468b3f44adee51445bd1bedf8fcc1c0b9fdc8b3829b1bf0c9d2d409cdecb12ad033e299c029331993ae9760345bf7feb91ee96b0eee19454ad3dbce5019b68c114ff1921a9b4665744c7784ac6736101a70592d83c448a84c31ec60bb901d96ea99471d823ee5233188", 0x0, 0x8000, 0x6}, 0x50)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r4, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r5, 0x400448cb, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r6, 0x401054d5, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x60, 0x4, 0xfd}]})
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
socket$inet(0x2, 0x2, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$int_in(r8, 0x5421, &(0x7f0000001100)=0x2000000009)
accept4(r8, 0x0, 0x0, 0x0)
write(r7, &(0x7f0000000040)="05000000010000", 0x7)

17.044257829s ago: executing program 0 (id=1113):
r0 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) (async)
r1 = accept(r0, &(0x7f00000002c0)=@xdp, &(0x7f00000000c0)=0x80)
socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000002140)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(michael_mic-generic,xchacha20-generic)\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x7, &(0x7f00000000c0)="faffffff", 0x4) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x18)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
shutdown(r4, 0x0) (async)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$SIOCSIFHWADDR(r5, 0x8931, &(0x7f00000000c0)={'tunl0\x00'}) (async)
recvmmsg(r4, &(0x7f00000004c0), 0xf02, 0xf0, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r1, 0x114, 0xa, &(0x7f0000000400)=ANY=[@ANYBLOB="03ede391055e50ac83ab0c5468da41bd9291917af3a8a6628530a3b662bc46e9be23ec41f385828795"], 0x4) (async)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) (async)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000001200000024000000080000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={0x0, r6, 0x0, 0x200000002}, 0x18)
r7 = bpf$ITER_CREATE(0xb, 0x0, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$cgroup_int(r7, &(0x7f00000001c0)=0x8200000000000000, 0xfffffdef) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40) (async)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r8, &(0x7f00000004c0)={0x1f, 0xfffd, @none}, 0xe) (async)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x2, 0x0, @local, 0x2}]}, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4) (async, rerun: 32)
socket$kcm(0x10, 0x2, 0x10) (rerun: 32)

16.960383268s ago: executing program 0 (id=1117):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1fd}, 0xe)
writev(r1, &(0x7f0000000240)=[{&(0x7f0000002740)="1e", 0xfdef}], 0x33)
accept4(r1, 0x0, &(0x7f0000000040), 0x800)

16.891525795s ago: executing program 0 (id=1118):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4000}}, &(0x7f0000000000)='syzkaller\x00', 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)={0x34, r2, 0x1, 0xfffffd, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x20, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'eth', 0x3a, 'gre0\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x84}, 0x80)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000100)={r3, r3, 0x0, 0x0, 0x0, 0xc2, 0xff, 0x15c2, 0x5886, 0x6, 0x0, 0x8, 'syz1\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f00000000c0)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})

16.784812875s ago: executing program 2 (id=1119):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000100)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) (async)
r1 = epoll_create(0xeb)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)={0x20000000})
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) (async)
ioctl(r1, 0x9, &(0x7f0000000000)="772162e8c72eb9ad440081c94132adb155fd3213bd24c2f099eaa882d2c04c104e240506dc332149b0f5ff6579c3ac872f7269a5ec0d")
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0xb, 0x0, 0x0, 0xc2, 0xfd, 0x15c2, 0x1, 0x801, 0x3, 0x8, 'syz0\x00'})
shutdown(r0, 0x1)

16.705153636s ago: executing program 0 (id=1120):
r0 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r1 = accept(r0, &(0x7f00000002c0)=@xdp={0x2c, 0x0, <r2=>0x0}, &(0x7f00000000c0)=0x80)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x9, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=ANY=[], 0x104}, 0x1, 0x0, 0x0, 0x814}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
shutdown(r6, 0x0)
recvmmsg(r6, &(0x7f00000004c0), 0xf02, 0xf0, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r1, 0x114, 0xa, &(0x7f0000000400)=ANY=[@ANYBLOB="03ede391055e50ac83ab0c5468da41bd9291917af3a8a6628530a3b662bc46e9be23ec41f385828795"], 0x4)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x4}, 0x10}, 0x94)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x5, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={0x0, r8, 0x0, 0x200000002}, 0x18)
r9 = bpf$ITER_CREATE(0xb, 0x0, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000010000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003c80)=ANY=[@ANYBLOB="14000000100001000000000000000000e8ff000a60000000060a010400000000000000000200000034000480300001800e000100696d6d6564696174650000001c000280100002800c000280080001800000000308000140000000000900010073797a30000000000900020073797a3200000000140000000c0a010800000000000000000100000820000000080a01010000000000000000020000030900010073797a3000000000140000001100010000000000000000000000000a"], 0xbc}, 0x1, 0x0, 0x0, 0x44}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$cgroup_int(r9, &(0x7f00000001c0)=0x8200000000000000, 0xfffffdef)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40)
r11 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r11, &(0x7f00000004c0)={0x1f, 0xfffd, @none}, 0xe)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e22, 0x0, @local, 0x2}]}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4)
socket$kcm(0x10, 0x2, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x1a, &(0x7f0000000c00)=ANY=[@ANYRES64=r7, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000005c900800080000018110000eee6f882ca50cae129756d113f540190bf23e103182d559bd6563d2cfd43cbba628bb3290f94aabfd44e13b9443d82d335c4182352070c35d2f3240fb6dc5d11bb7b097f21b468bcdb9a10e3b9116d3b536a6b2e4c715e299eb6f80544aebc0280986964f83b2a7c4e28870201358f37ffa4f3ad8203f8f67c21e1fd93412ae91aa5bd8e11927bf3423262", @ANYRES32, @ANYBLOB="0000000000000000b7020000000000008500000086000000186a0000070000000000000005000000852000000500000085100000fbffffff18420000ffffffff0000000000000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000700)='GPL\x00', 0x6, 0x40, &(0x7f0000000740)=""/64, 0x41000, 0x30, '\x00', r2, 0x25, r9, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000780)={0x1, 0xb, 0x4, 0x5}, 0x10, 0x0, 0x0, 0x6, &(0x7f00000007c0)=[r9, r9, r9, r9, r8, r9, r9, r3, r9], &(0x7f0000000800)=[{0x5, 0x1, 0x5, 0x7}, {0x3, 0x4, 0xb, 0x6}, {0x1, 0x5, 0x6, 0x2}, {0x0, 0x2, 0xa, 0x3}, {0x3, 0x4, 0xf, 0x1}, {0x1, 0x5, 0xc}], 0x10, 0x400}, 0x94)

16.704180913s ago: executing program 2 (id=1121):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1e, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}, [@ldst={0x1, 0x2, 0x6b324fb906924663, 0x2, 0x1, 0x18}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x24}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000340)="580000001400add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff00007edcff48d744", 0x58}], 0x1) (async)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = accept$phonet_pipe(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0x10)
getsockopt$PNPIPE_IFINDEX(r2, 0x113, 0x2, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
ioctl$HCIINQUIRY(r1, 0x400448ca, 0x0)

16.624028129s ago: executing program 1 (id=1122):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000040)=0x30, 0x5e)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x9f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0b00000007000000010001000900000005"], 0x48)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18"], 0x0}, 0x90)
bpf$MAP_LOOKUP_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000001840), 0xfffffff7, r1}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000080)={0x0, &(0x7f0000001900)=""/4108, &(0x7f00000000c0), &(0x7f0000000440), 0x2, r1}, 0x38)
unshare(0x22020400)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0x7, 0x80000001, 0x7fff, 0x1, 0x5, 0x9, 0xa4, 0xff9, 0xc3cfbe86, 0xb69, 0xc1, 0x4, 0x1, 0x3, 0x5, 0x101, 0x1000, 0x9, 0x3, 0x3, 0x1, 0xfffffffa, 0x0, 0x6, 0x9, 0x4, 0x7, 0x5, 0x100000, 0x7fffffff, 0x3, 0xd, 0xe, 0x2312, 0x100, 0x8, 0x1c00, 0x7, 0x7, 0xbed4, 0x8, 0x8000100, 0x3, 0x0, 0x11000, 0x6, 0x5, 0x79b, 0x2, 0x1, 0x7f, 0x4, 0xa, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x81, 0x2, 0x180000, 0x4007, 0x8b, 0x5, 0x2af, 0xf7, 0x5, 0x2, 0x6, 0x9, 0x4, 0x7, 0x4009, 0x0, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x3, 0x0, 0x10001, 0x2, 0xffffffff, 0x6, 0x6, 0xc, 0x80000000, 0xfdffffff, 0x2, 0x2, 0x84, 0x100, 0x5, 0x252, 0x81, 0xf, 0x5, 0x20006, 0x5, 0x2, 0xb, 0x2, 0xd9a, 0x80000001, 0x4, 0xfffffffd, 0x3, 0x2, 0x5, 0x8, 0x0, 0x4, 0x2, 0x40, 0x8, 0x4, 0x4, 0x401, 0x66cd, 0x8, 0x8, 0x1, 0x1fc, 0xc60, 0xffffdfff]}})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_to_hsr\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0x2, {0x1, 0x0, 0x2}}, 0x18)
close(r0)

16.622080763s ago: executing program 0 (id=1123):
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394", 0xf}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x30, r5, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x4}, @NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r6}}]}]}, 0x30}}, 0x20000000)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040090}, 0xc0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r8, 0x8983, &(0x7f0000001640)={0x0, 'veth0_to_hsr\x00', {0x3}, 0x4})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000240)={0x0, r1}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xf, &(0x7f00000002c0)=ANY=[@ANYRES32=r7, @ANYBLOB="a769ed16d431d963eff6c2d0f9113babb7ce9c9a317adc5c255123c8c3280fb83d7ef6e4571bc229479c5d4ca1cdbc9823e0e294d603260f4c32ea85c3a4dd6ec71e005b8576568eeb12745cf1951e0e61"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NLBL_MGMT_C_ADD(r2, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000004c0)={0x64, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @rand_addr=' \x01\x00'}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @empty}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @dev={0xfe, 0x80, '\x00', 0x13}}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @empty}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xa}]}, 0x64}, 0x1, 0x0, 0x0, 0x20004010}, 0x400c000)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000080)={0x0, 'wlan0\x00', {0x1}, 0x10})
r9 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r11 = socket$unix(0x1, 0x1, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r13, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x80000, {0x0, 0x0, 0x0, r13, {}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x1428, 0xffffffff, 0x11a8, 0x11a8, 0x11a8, 0xffffffff, 0xffffffff, 0x1390, 0x1390, 0x1390, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'netpci0\x00', 'nr0\x00'}, 0x74000002, 0x70, 0x98, 0x1ba, {0x46010000, 0x2c000000000000}}, @REJECT={0x28}}, {{@ip={@remote, @broadcast, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_1\x00'}, 0x287, 0x10e8, 0x1110, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x0, './cgroup.cpu/syz1\x00', 0x401}}, @common=@unspec=@limit={{0x48}, {0x0, 0x400}}]}, @REJECT={0x28}}, {{@ip={@loopback, @broadcast, 0x0, 0x0, 'dvmrp1\x00', 'dummy0\x00'}, 0x0, 0x1c0, 0x1e8, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'gre0\x00'}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x1488)
r14 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r14, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)

16.621795464s ago: executing program 2 (id=1124):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x10, 0x4, &(0x7f00000005c0)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0xfffffffffffffff4}]}, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x300}, 0x94)

16.619342642s ago: executing program 2 (id=1125):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$sock_int(r2, 0x1, 0x22, 0x0, &(0x7f0000000b40))
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket(0x10, 0x3, 0x6)
r5 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000600)={'team0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x60, 0x2, {{0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, [@TCA_MQPRIO_SHAPER={0x6, 0x2, 0x1}]}}}]}, 0x90}}, 0x20000000)
r7 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r7, 0x0, 0x4, 0x0, 0x0)
setsockopt$inet_opts(r7, 0x0, 0x4, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000340)={r1, r1, 0x1, 0x1, &(0x7f00000000c0)="16", 0x31, 0x1, 0x10cf, 0x5df, 0x8b, 0x2, 0x3, 'syz0\x00'})
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r8, 0x40047451, &(0x7f0000000080)=0x3)
pwritev(r8, &(0x7f0000000540)=[{&(0x7f0000000180)='\x00!G', 0x3}], 0x1, 0x295e, 0x0)
r9 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r9, 0x0, 0x16, &(0x7f0000000040)=0xff, 0x4)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r0, 0x800448d2, &(0x7f0000000c80)={0x1, &(0x7f0000001040)=[{@fixed}]})
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x6100})

16.474908382s ago: executing program 2 (id=1126):
syz_emit_ethernet(0xa6, &(0x7f00000002c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x70, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x5, 0xa, "a78c000000008080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c40dd3be27df3e34066d42ca0a5c15b37adac15084dbaf636b41e5af1802"}, {0x0, 0x56, "005ff9297d00001392000100"}]}}}}}}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x40)
r1 = socket(0x10, 0x803, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x4, 0x4, &(0x7f0000000040)=ANY=[@ANYRESDEC=r0], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
getsockname$packet(r1, 0x0, &(0x7f0000000200))
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r2, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$cgroup_ro(r3, &(0x7f0000000340)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="2800000010000304fcffffff3f00000000000000", @ANYRES32=0x0, @ANYBLOB="a5fdad880000000008000a00", @ANYRES32=r6, @ANYBLOB="f745f86f037a9eec5f65aca5f8fcdef1f46a92a6a071744070d37f6854eadc5f0e11a07201ab8a1e8661010000003fa5d0ba7023768f15d81302c9d3e329622d5016ed4fa4f7e7b20200000000000000f6a948bef2b7f77e32934918faf2ee1b710154b4e9945dd25f7d80667cf2751439caecf09ebd4c6e669686bfd76f37b33fb1c04d91efb9cdf60cd6b2b85c4e3685d7bb36cb45de755f967fc4ba300800000000000000803e2baf2508c6cd1ec32696b630028700a29cac3183279cd1648c915298d91ae21ccc8d01f0a36ed3a255ac27838d32befb25cfeaaa5d021d01cf91ed65a7c6460cf478f087ea78bd2d7000000090aa1711fd5f5849c9242fb6ef03b99e5641d326bebb50b26b33210150addf94a65b9ea03f3a4540ef3275d6ee4f5130fe589cf1c3c967c82163ebbe8c7509511525826066d3a59db4b3518966f14da59ee9a9b36a11571dc72539b0a3b8605639c0db4e4b7c951548b809015ef695724bddde81357e2ac097c91fc462c41d2e96cbb5c6e75094053a75f65898b7bdf6cdf27dfb1ad49c2bf492535231d65bb07cb65871959f3f62b96549e8294f33ebd1595b0ea3b2dcfaee2058b8d786c143cd59ce222058bcd309efec6aa3e7fe092e2a0ea74371bb9e22df3acd5643e49b9cb1827e6ca8c3ac658c0678628488b851c6930e866ce04d39d8271c01b262342212d4aafe291fba593aed2cdb644ca5fcb23e80872c9c7d6973c1bcc6f4d5a644781d1c073b66c6ff5f4510ea543d8998b8b371b962ef48891ac75d366b63248f97df1b9b32638b56ac609b82d569e7d00cb26f1b932976bac67654be6dbe6682284e536fe946d458296b00d54b36a44b2409e39d7ecd62c6ce870ce4b83ee2524b42bec7b82cfc227ff746ca4262579c7158c07fd5383e02b4b9e193990e10f7792078568300"/681], 0x28}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b4000000000000006111140000000000040000000000000095000000000000001abe5201462857a3db65e291772afa2114f5963ed660b870d974d2252829f8290f8d02e3b0096b3df3e6585851cb7efb50a982b66e14716ffe33a164c3d1ff5798fc4bd6d3e5ab096e9ad743eb00"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @xdp=0x21, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1d43, 0x10, &(0x7f0000000000), 0x76}, 0x48)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
writev(r2, &(0x7f0000000100), 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r5)
shutdown(r2, 0x1)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)

16.473818126s ago: executing program 2 (id=1127):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="0d3a3b1a", @ANYRES16=r1, @ANYBLOB="010528bd7000fddbdf251a00000014002280040000800400008004000080040000800700210061610000"], 0x30}, 0x1, 0x0, 0x0, 0x20000054}, 0x44)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$bt_BT_POWER(r4, 0x112, 0x9, 0x0, &(0x7f00000001c0))
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10)
r7 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r7, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0xdd86, 0x2}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000080)='b', 0x1}], 0x1}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
socket$kcm(0x11, 0xa, 0x300)
setsockopt$inet_mtu(r5, 0x0, 0xa, &(0x7f00000000c0)=0x1, 0x4)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r8, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x2710, @host}, 0x10)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, 0x0, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000208004518005800000000002f90787f000001ac1e01010420880b0000000000000800000086dd080088be000000001000000001000000000000000800220200000000000000000000000800655800"/102], 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000280)={r3, r3, 0x1, 0xd, &(0x7f0000000040)="0f114def84b22dde27e442f1a7", 0x9, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})

15.744909795s ago: executing program 1 (id=1128):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(0x0, r0) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) (async)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="10002dbd7000ffdbdf252100000009001f0070687932000000000a0001007770616e3300000009001f0070687932000000080c0005000202aaaaaaaaaaaa09001f20706879310000000005002000000000000a0001007770616e300000e8"], 0x64}, 0x1, 0x0, 0x0, 0x20040805}, 0x4040080)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000000)={r3, 0x0, 0xfffffffffffffffe}, 0x10) (async, rerun: 32)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) (async, rerun: 32)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000003"], 0x48) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000"], 0x0, 0x2}, 0x94) (async)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff) (async)
socket$packet(0x11, 0x2, 0x300) (async)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000040)=0x80000000) (async, rerun: 64)
ioctl$PPPIOCGDEBUG(r4, 0x80047441, &(0x7f0000000000)) (async, rerun: 64)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, &(0x7f0000000340)={r5, r5, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'})
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"/12], &(0x7f0000000140)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10) (async)
shutdown(r5, 0x1) (async)
ioctl$sock_bt_hidp_HIDPCONNDEL(r6, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 64)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0) (async, rerun: 64)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)

15.675056112s ago: executing program 1 (id=1129):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x40)
r1 = socket(0x10, 0x803, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x4, 0x4, &(0x7f0000000040)=ANY=[@ANYRESDEC=r0], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
getsockname$packet(r1, 0x0, &(0x7f0000000200))
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r2, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuset.effective_mems\x00', 0x275a, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="2800000010000304fcffffff3f00000000000000", @ANYRES32=0x0, @ANYBLOB="a5fdad880000000008000a00", @ANYRES32=r5, @ANYBLOB="a98bccadf84cb432a9264869a73c1ed2d059d9f637b592134eeb307f678921b00cb9faa0fb0bb31056580ea5e6f17bbda9fa3c853a44d9646e5252a03eca840755b73d3e209aae6092d9826044b73a04df9b6a308d2367cbb3b0fb0be700c3c5256be679f9a6b3e8501317f8ea43addd7a19e2e38ce33a941080217e2fa3bb403ec7b7ef7d29d5b59a5f4b372abe1bf47beddad93d2741d8406fc0387450bb7371d3483e7b42538629eb0c454e92cb7dc8654506a5c1da399f6115c3"], 0x28}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
writev(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="1e", 0x1}], 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r2)
shutdown(r2, 0x1)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)

15.52509435s ago: executing program 1 (id=1130):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r2)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000d80)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000006000009080004000000000008000500e00000020f000700266e"], 0x34}, 0x2, 0x34005}, 0x4040004)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, r4, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r5}}]}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x1}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SERVER_FLAGS={0xc}]}, 0x50}, 0x1, 0x0, 0x0, 0x20008004}, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000340)={r1, r1, 0x1, 0x1, &(0x7f00000009c0)="16", 0x31, 0x1, 0x10cf, 0x5df, 0x8b, 0x2, 0x3, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r0, 0x800448d2, &(0x7f0000000c80)={0x1, &(0x7f0000001040)=[{@fixed}]})

1.010962296s ago: executing program 32 (id=1123):
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394", 0xf}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x30, r5, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x4}, @NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r6}}]}]}, 0x30}}, 0x20000000)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040090}, 0xc0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r8, 0x8983, &(0x7f0000001640)={0x0, 'veth0_to_hsr\x00', {0x3}, 0x4})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000240)={0x0, r1}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xf, &(0x7f00000002c0)=ANY=[@ANYRES32=r7, @ANYBLOB="a769ed16d431d963eff6c2d0f9113babb7ce9c9a317adc5c255123c8c3280fb83d7ef6e4571bc229479c5d4ca1cdbc9823e0e294d603260f4c32ea85c3a4dd6ec71e005b8576568eeb12745cf1951e0e61"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NLBL_MGMT_C_ADD(r2, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000004c0)={0x64, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @rand_addr=' \x01\x00'}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @empty}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @dev={0xfe, 0x80, '\x00', 0x13}}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @empty}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xa}]}, 0x64}, 0x1, 0x0, 0x0, 0x20004010}, 0x400c000)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000080)={0x0, 'wlan0\x00', {0x1}, 0x10})
r9 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r11 = socket$unix(0x1, 0x1, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r13, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x80000, {0x0, 0x0, 0x0, r13, {}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x1428, 0xffffffff, 0x11a8, 0x11a8, 0x11a8, 0xffffffff, 0xffffffff, 0x1390, 0x1390, 0x1390, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'netpci0\x00', 'nr0\x00'}, 0x74000002, 0x70, 0x98, 0x1ba, {0x46010000, 0x2c000000000000}}, @REJECT={0x28}}, {{@ip={@remote, @broadcast, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_1\x00'}, 0x287, 0x10e8, 0x1110, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x0, './cgroup.cpu/syz1\x00', 0x401}}, @common=@unspec=@limit={{0x48}, {0x0, 0x400}}]}, @REJECT={0x28}}, {{@ip={@loopback, @broadcast, 0x0, 0x0, 'dvmrp1\x00', 'dummy0\x00'}, 0x0, 0x1c0, 0x1e8, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'gre0\x00'}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x1488)
r14 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r14, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)

963.841166ms ago: executing program 33 (id=1127):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="0d3a3b1a", @ANYRES16=r1, @ANYBLOB="010528bd7000fddbdf251a00000014002280040000800400008004000080040000800700210061610000"], 0x30}, 0x1, 0x0, 0x0, 0x20000054}, 0x44)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$bt_BT_POWER(r4, 0x112, 0x9, 0x0, &(0x7f00000001c0))
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10)
r7 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r7, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0xdd86, 0x2}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000080)='b', 0x1}], 0x1}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
socket$kcm(0x11, 0xa, 0x300)
setsockopt$inet_mtu(r5, 0x0, 0xa, &(0x7f00000000c0)=0x1, 0x4)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r8, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x2710, @host}, 0x10)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, 0x0, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000208004518005800000000002f90787f000001ac1e01010420880b0000000000000800000086dd080088be000000001000000001000000000000000800220200000000000000000000000800655800"/102], 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000280)={r3, r3, 0x1, 0xd, &(0x7f0000000040)="0f114def84b22dde27e442f1a7", 0x9, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})

0s ago: executing program 34 (id=1130):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r2)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000d80)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000006000009080004000000000008000500e00000020f000700266e"], 0x34}, 0x2, 0x34005}, 0x4040004)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, r4, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r5}}]}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x1}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SERVER_FLAGS={0xc}]}, 0x50}, 0x1, 0x0, 0x0, 0x20008004}, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000340)={r1, r1, 0x1, 0x1, &(0x7f00000009c0)="16", 0x31, 0x1, 0x10cf, 0x5df, 0x8b, 0x2, 0x3, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r0, 0x800448d2, &(0x7f0000000c80)={0x1, &(0x7f0000001040)=[{@fixed}]})

kernel console output (not intermixed with test programs):

0007ffc62166618
[   59.137640][ T5974]  </TASK>
[   59.138980][ T5974] Mem-Info:
[   59.226142][ T5978] netlink: 12 bytes leftover after parsing attributes in process `syz.1.32'.
[   59.231004][ T5974] active_anon:5493 inactive_anon:0 isolated_anon:0
[   59.231004][ T5974]  active_file:866 inactive_file:38202 isolated_file:0
[   59.231004][ T5974]  unevictable:1768 dirty:1382 writeback:0
[   59.231004][ T5974]  slab_reclaimable:9233 slab_unreclaimable:51752
[   59.231004][ T5974]  mapped:18142 shmem:2434 pagetables:944
[   59.231004][ T5974]  sec_pagetables:0 bounce:0
[   59.231004][ T5974]  kernel_misc_reclaimable:0
[   59.231004][ T5974]  free:300218 free_pcp:24528 free_cma:0
[   59.265179][ T5974] Node 0 active_anon:9664kB inactive_anon:0kB active_file:2884kB inactive_file:148108kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:37672kB dirty:5428kB writeback:0kB shmem:4812kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7296kB pagetables:2420kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   59.277124][ T5974] Node 1 active_anon:12172kB inactive_anon:0kB active_file:580kB inactive_file:4700kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:34556kB dirty:100kB writeback:0kB shmem:4924kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4120kB pagetables:1356kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   59.282147][ T5819] Bluetooth: hci1: command tx timeout
[   59.290423][ T5974] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   59.301408][ T5974] lowmem_reserve[]: 0 815 815 815 815
[   59.303576][ T5974] Node 0 DMA32 free:251256kB boost:0kB min:33716kB low:42144kB high:50572kB reserved_highatomic:0KB free_highatomic:0KB active_anon:9664kB inactive_anon:0kB active_file:2884kB inactive_file:148108kB unevictable:3536kB writepending:5428kB present:1556484kB managed:834740kB mlocked:0kB bounce:0kB free_pcp:46932kB local_pcp:26980kB free_cma:0kB
[   59.315673][ T5974] lowmem_reserve[]: 0 0 0 0 0
[   59.317517][ T5974] Node 1 DMA32 free:458616kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   59.327690][ T5974] lowmem_reserve[]: 0 0 854 854 854
[   59.329541][ T5974] Node 1 Normal free:459928kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12240kB inactive_anon:0kB active_file:580kB inactive_file:4700kB unevictable:3536kB writepending:100kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:51212kB local_pcp:21384kB free_cma:0kB
[   59.342408][ T5974] lowmem_reserve[]: 0 0 0 0 0
[   59.345267][ T5974] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   59.349730][ T5974] Node 0 DMA32: 20*4kB (UM) 33*8kB (ME) 37*16kB (M) 177*32kB (UM) 46*64kB (UM) 10*128kB (UME) 5*256kB (UM) 7*512kB (UME) 6*1024kB (ME) 4*2048kB (ME) 54*4096kB (M) = 251208kB
[   59.356650][ T5974] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[   59.362323][ T5819] Bluetooth: hci2: command tx timeout
[   59.363560][ T5974] Node 1 Normal: 1*4kB (E) 232*8kB (U) 259*16kB (U) 1*32kB (E) 1*64kB (E) 1*128kB (E) 6*256kB (ME) 4*512kB (UME) 3*1024kB (M) 2*2048kB (UE) 107*4096kB (M) = 455252kB
[   59.370910][ T5974] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   59.374998][ T5974] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   59.378757][ T5974] 43117 total pagecache pages
[   59.380718][ T5974] 0 pages in swap cache
[   59.384561][ T5974] Free swap  = 124996kB
[   59.386409][ T5974] Total swap = 124996kB
[   59.388164][ T5974] 786301 pages RAM
[   59.389738][ T5974] 0 pages HighMem/MovableOnly
[   59.391689][ T5974] 240368 pages reserved
[   59.393844][ T5974] 0 pages cma reserved
[   59.557940][   T33] audit: type=1800 audit(1751646806.530:2): pid=5982 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.33" name="cgroup.controllers" dev="tmpfs" ino=28 res=0 errno=0
[   59.787622][ T5998] xt_hashlimit: size too large, truncated to 1048576
[   59.934751][ T5998] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input6
[   60.057940][ T6010] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input7
[   60.587037][ T6053] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input8
[   60.708226][ T6062] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input9
[   60.827019][   T10] hid (null): unknown global tag 0xc
[   60.831548][   T10] hid-generic 0005:10CF:05DF.0002: unknown main item tag 0x5
[   60.840229][   T10] hid-generic 0005:10CF:05DF.0002: collection stack underflow
[   60.847877][   T10] hid-generic 0005:10CF:05DF.0002: item 0 4 0 12 parsing failed
[   60.854190][   T10] hid-generic 0005:10CF:05DF.0002: probe with driver hid-generic failed with error -22
[   61.023497][ T6082] tipc: Started in network mode
[   61.025524][ T6082] tipc: Node identity , cluster identity 4711
[   61.027615][ T6082] tipc: Failed to obtain node identity
[   61.029363][ T6082] tipc: Enabling of bearer <eth:gre0> rejected, failed to enable media
[   61.037173][ T6083] tipc: Started in network mode
[   61.039460][ T6083] tipc: Node identity , cluster identity 4711
[   61.044011][ T6083] tipc: Failed to obtain node identity
[   61.047115][ T6083] tipc: Enabling of bearer <eth:gre0> rejected, failed to enable media
[   61.230766][ T6089] xt_l2tp: missing protocol rule (udp|l2tpip)
[   61.244823][ T6089] syz.0.61 uses obsolete (PF_INET,SOCK_PACKET)
[   61.352507][ T5819] Bluetooth: hci1: command tx timeout
[   61.432367][ T5819] Bluetooth: hci2: command 0x040f tx timeout
[   61.469813][ T6093] netlink: 12 bytes leftover after parsing attributes in process `syz.2.63'.
[   61.644540][ T6103] batadv_slave_1: entered promiscuous mode
[   61.675996][ T6108] batadv_slave_1: left promiscuous mode
[   61.676238][ T6105] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input10
[   61.793188][ T6110] Cannot find set identified by id 0 to match
[   61.796531][ T6110] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input11
[   61.971146][ T6119] netlink: 20 bytes leftover after parsing attributes in process `syz.2.72'.
[   61.975309][ T6126] netlink: 28 bytes leftover after parsing attributes in process `syz.2.72'.
[   61.995324][ T6129] netlink: 56 bytes leftover after parsing attributes in process `syz.1.73'.
[   62.002864][ T6129] netlink: 8 bytes leftover after parsing attributes in process `syz.1.73'.
[   62.014489][ T6129] netlink: 24 bytes leftover after parsing attributes in process `syz.1.73'.
[   63.023012][ T6179] netlink: 8 bytes leftover after parsing attributes in process `syz.1.89'.
[   63.026909][ T6179] netlink: 8 bytes leftover after parsing attributes in process `syz.1.89'.
[   63.149567][ T6184] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input12
[   63.393129][ T6197] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input13
[   63.432075][ T5819] Bluetooth: hci1: command tx timeout
[   63.512223][ T5819] Bluetooth: hci2: command 0x040f tx timeout
[   63.573467][   T33] audit: type=1800 audit(1751646810.550:3): pid=6200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.95" name="cgroup.controllers" dev="tmpfs" ino=232 res=0 errno=0
[   63.606144][   T33] audit: type=1800 audit(1751646810.570:4): pid=6189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.92" name="cgroup.controllers" dev="tmpfs" ino=175 res=0 errno=0
[   63.685010][   T47] hid-generic 0005:0B57:00AA.0003: collection stack underflow
[   63.687554][   T47] hid-generic 0005:0B57:00AA.0003: item 0 0 0 12 parsing failed
[   63.690364][   T47] hid-generic 0005:0B57:00AA.0003: probe with driver hid-generic failed with error -22
[   64.060650][ T6239] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   64.114700][ T6241] Bluetooth: MGMT ver 1.23
[   64.246749][ T6254] __nla_validate_parse: 2 callbacks suppressed
[   64.246759][ T6254] netlink: 12 bytes leftover after parsing attributes in process `syz.1.111'.
[   64.414275][ T6263] netlink: 16 bytes leftover after parsing attributes in process `syz.1.114'.
[   64.664792][ T6280] netlink: 44 bytes leftover after parsing attributes in process `syz.2.120'.
[   64.894062][ T6296] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input14
[   65.389537][ T6323] tipc: Can't bind to reserved service type 0
[   65.400063][ T6323] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input15
[   65.592079][ T5819] Bluetooth: hci2: command 0x040f tx timeout
[   66.050520][ T6348] netlink: 8 bytes leftover after parsing attributes in process `syz.1.137'.
[   66.108421][ T6351] Driver unsupported XDP return value 0 on prog  (id 124) dev N/A, expect packet loss!
[   66.124280][ T6351] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input16
[   66.348313][ T6365] netlink: 27 bytes leftover after parsing attributes in process `syz.0.142'.
[   66.364532][ T6365] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input17
[   66.859932][ T6374] netlink: 8 bytes leftover after parsing attributes in process `syz.1.144'.
[   66.865592][ T6374] netlink: 12 bytes leftover after parsing attributes in process `syz.1.144'.
[   67.451944][ T6400] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input18
[   67.611410][ T6407] netlink: 92 bytes leftover after parsing attributes in process `syz.0.153'.
[   67.616749][ T6406] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input19
[   67.767350][ T6417] netlink: 20 bytes leftover after parsing attributes in process `syz.2.156'.
[   68.557360][ T6459] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input20
[   68.637907][ T6462] trusted_key: syz.0.162 sent an empty control message without MSG_MORE.
[   68.686800][ T6467] netlink: 24 bytes leftover after parsing attributes in process `syz.2.163'.
[   68.702907][ T6467] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input21
[   68.888734][   T47] hid-generic 0005:16BF:5505.0004: hidraw0: BLUETOOTH HID vc3.b8 Device [syz1] on aa:aa:aa:aa:aa:aa
[   68.936746][ T5844] hid-generic 0005:04F3:000E.0005: collection stack underflow
[   68.944169][ T5844] hid-generic 0005:04F3:000E.0005: item 0 0 0 12 parsing failed
[   68.947832][ T5844] hid-generic 0005:04F3:000E.0005: probe with driver hid-generic failed with error -22
[   69.339727][   T47] hid-generic 0005:16BF:5505.0006: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   69.830516][ T6559] __nla_validate_parse: 3 callbacks suppressed
[   69.830533][ T6559] netlink: 64 bytes leftover after parsing attributes in process `syz.1.190'.
[   69.903362][ T6561] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input22
[   69.965564][ T6568] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input23
[   70.116960][   T47] hid-generic 0005:16C0:5505.0007: unknown main item tag 0x0
[   70.119895][   T47] hid-generic 0005:16C0:5505.0007: unknown main item tag 0x0
[   70.124302][   T47] hid-generic 0005:16C0:5505.0007: unknown main item tag 0x0
[   70.128923][   T47] hid-generic 0005:16C0:5505.0007: unknown main item tag 0x0
[   70.131602][   T47] hid-generic 0005:16C0:5505.0007: unknown main item tag 0x0
[   70.136053][   T47] hid-generic 0005:16C0:5505.0007: unknown main item tag 0x0
[   70.138912][   T47] hid-generic 0005:16C0:5505.0007: unknown main item tag 0x3
[   70.141640][   T47] hid-generic 0005:16C0:5505.0007: item fetching failed at offset 17/19
[   70.146336][   T47] hid-generic 0005:16C0:5505.0007: probe with driver hid-generic failed with error -22
[   70.241180][ T6592] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input24
[   70.400495][   T10] hid-generic 0005:16C0:5505.0008: unknown main item tag 0x0
[   70.412325][   T10] hid-generic 0005:16C0:5505.0008: unknown main item tag 0x0
[   70.419723][   T10] hid-generic 0005:16C0:5505.0008: unknown main item tag 0x0
[   70.425578][   T10] hid-generic 0005:16C0:5505.0008: unknown main item tag 0x0
[   70.428889][   T10] hid-generic 0005:16C0:5505.0008: unknown main item tag 0x0
[   70.434613][   T10] hid-generic 0005:16C0:5505.0008: unknown main item tag 0x0
[   70.437782][   T10] hid-generic 0005:16C0:5505.0008: unknown main item tag 0x3
[   70.440954][   T10] hid-generic 0005:16C0:5505.0008: item fetching failed at offset 17/19
[   70.446028][   T10] hid-generic 0005:16C0:5505.0008: probe with driver hid-generic failed with error -22
[   70.482036][ T6607] netlink: 104 bytes leftover after parsing attributes in process `syz.1.205'.
[   70.485037][ T6607] netlink: 104 bytes leftover after parsing attributes in process `syz.1.205'.
[   70.487945][ T6607] netlink: 81 bytes leftover after parsing attributes in process `syz.1.205'.
[   70.506405][ T6609] netlink: 'syz.2.206': attribute type 23 has an invalid length.
[   70.547204][ T6611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.207'.
[   70.628942][ T6618] netlink: 12 bytes leftover after parsing attributes in process `syz.1.209'.
[   70.668429][ T6620] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input25
[   70.722155][ T5819] Bluetooth: hci2: command 0x040f tx timeout
[   70.792641][ T6625] syz.1.212: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[   70.800107][ T6625] CPU: 1 UID: 0 PID: 6625 Comm: syz.1.212 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   70.800123][ T6625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   70.800128][ T6625] Call Trace:
[   70.800132][ T6625]  <TASK>
[   70.800137][ T6625]  dump_stack_lvl+0x189/0x250
[   70.800158][ T6625]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.800171][ T6625]  ? __pfx__printk+0x10/0x10
[   70.800181][ T6625]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   70.800193][ T6625]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   70.800201][ T6625]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[   70.800210][ T6625]  warn_alloc+0x214/0x310
[   70.800221][ T6625]  ? stack_depot_save_flags+0x40/0x900
[   70.800236][ T6625]  ? __pfx_warn_alloc+0x10/0x10
[   70.800246][ T6625]  ? kasan_save_track+0x4f/0x80
[   70.800259][ T6625]  ? xskq_create+0x56/0x170
[   70.800272][ T6625]  ? xsk_init_queue+0xb0/0x110
[   70.800282][ T6625]  ? xsk_setsockopt+0x43f/0x710
[   70.800291][ T6625]  ? do_sock_setsockopt+0x25a/0x3e0
[   70.800301][ T6625]  ? __x64_sys_setsockopt+0x18b/0x220
[   70.800309][ T6625]  ? do_syscall_64+0xfa/0x3b0
[   70.800316][ T6625]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.800327][ T6625]  __vmalloc_node_range_noprof+0x125/0x12f0
[   70.800345][ T6625]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   70.800353][ T6625]  ? xskq_create+0x56/0x170
[   70.800363][ T6625]  ? __kasan_kmalloc+0x93/0xb0
[   70.800371][ T6625]  vmalloc_user_noprof+0xad/0xf0
[   70.800379][ T6625]  ? xskq_create+0xbf/0x170
[   70.800390][ T6625]  xskq_create+0xbf/0x170
[   70.800405][ T6625]  xsk_init_queue+0xb0/0x110
[   70.800421][ T6625]  xsk_setsockopt+0x43f/0x710
[   70.800462][ T6625]  ? __pfx_xsk_setsockopt+0x10/0x10
[   70.800473][ T6625]  ? __lock_acquire+0xab9/0xd20
[   70.800489][ T6625]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[   70.800501][ T6625]  ? __pfx_xsk_setsockopt+0x10/0x10
[   70.800512][ T6625]  do_sock_setsockopt+0x25a/0x3e0
[   70.800522][ T6625]  ? __pfx_do_sock_setsockopt+0x10/0x10
[   70.800534][ T6625]  ? __fget_files+0x2a/0x420
[   70.800545][ T6625]  __x64_sys_setsockopt+0x18b/0x220
[   70.800557][ T6625]  do_syscall_64+0xfa/0x3b0
[   70.800563][ T6625]  ? lockdep_hardirqs_on+0x9c/0x150
[   70.800577][ T6625]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.800587][ T6625]  ? exc_page_fault+0x9f/0xf0
[   70.800603][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.800614][ T6625] RIP: 0033:0x7f75dfb8e929
[   70.800624][ T6625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.800630][ T6625] RSP: 002b:00007f75e0aaf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   70.800640][ T6625] RAX: ffffffffffffffda RBX: 00007f75dfdb5fa0 RCX: 00007f75dfb8e929
[   70.800645][ T6625] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000005
[   70.800650][ T6625] RBP: 00007f75dfc10b39 R08: 0000000000000004 R09: 0000000000000000
[   70.800654][ T6625] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.800658][ T6625] R13: 0000000000000000 R14: 00007f75dfdb5fa0 R15: 00007fff331b2c08
[   70.800669][ T6625]  </TASK>
[   70.801028][ T6625] Mem-Info:
[   70.911431][ T6625] active_anon:5586 inactive_anon:0 isolated_anon:0
[   70.911431][ T6625]  active_file:962 inactive_file:38208 isolated_file:0
[   70.911431][ T6625]  unevictable:1768 dirty:1433 writeback:0
[   70.911431][ T6625]  slab_reclaimable:9350 slab_unreclaimable:52321
[   70.911431][ T6625]  mapped:18124 shmem:2441 pagetables:1012
[   70.911431][ T6625]  sec_pagetables:0 bounce:0
[   70.911431][ T6625]  kernel_misc_reclaimable:0
[   70.911431][ T6625]  free:303841 free_pcp:19377 free_cma:0
[   70.926916][ T6625] Node 0 active_anon:10096kB inactive_anon:0kB active_file:3012kB inactive_file:148132kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:38072kB dirty:5608kB writeback:0kB shmem:4832kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7444kB pagetables:2384kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   70.929060][ T5281] hid-generic 0005:16C0:5505.0009: unknown main item tag 0x0
[   70.938373][ T6625] Node 1 active_anon:12248kB inactive_anon:0kB active_file:836kB inactive_file:4700kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:34560kB dirty:124kB writeback:0kB shmem:4932kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4964kB pagetables:1664kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   70.938403][ T6625] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   70.938430][ T6625] lowmem_reserve[]: 0 815 815 815 815
[   70.938450][ T6625] Node 0 DMA32 free:261540kB boost:0kB min:33716kB low:42144kB high:50572kB reserved_highatomic:0KB free_highatomic:0KB active_anon:10096kB inactive_anon:0kB active_file:3012kB inactive_file:148132kB unevictable:3536kB writepending:5608kB present:1556484kB managed:834740kB mlocked:0kB bounce:0kB free_pcp:30768kB local_pcp:14120kB free_cma:0kB
[   70.938476][ T6625] lowmem_reserve[]: 0 0 0 0 0
[   70.938495][ T6625] Node 1 DMA32 free:458616kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   70.938519][ T6625] lowmem_reserve[]: 0 0 854 854 854
[   70.938538][ T6625] Node 1 Normal free:479848kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12248kB inactive_anon:0kB active_file:836kB inactive_file:4700kB unevictable:3536kB writepending:124kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:46508kB local_pcp:27520kB free_cma:0kB
[   70.938564][ T6625] lowmem_reserve[]: 0 0 0 0 0
[   70.938581][ T6625] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   70.938633][ T6625] Node 0 DMA32: 497*4kB (UM) 286*8kB (UM) 225*16kB (UME) 432*32kB (UME) 129*64kB (UM) 37*128kB (UME) 18*256kB (UME) 8*512kB (UM) 9*1024kB (UME) 6*2048kB (ME) 48*4096kB (M) = 261508kB
[   70.938706][ T6625] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[   70.938776][ T6625] Node 1 Normal: 350*4kB (UE) 522*8kB (U) 404*16kB (UME) 363*32kB (UME) 198*64kB (UM) 71*128kB (UM) 17*256kB (UME) 4*512kB (UM) 2*1024kB (U) 2*2048kB (UE) 103*4096kB (M) = 479848kB
[   70.938848][ T6625] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   70.938855][ T6625] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   70.938861][ T6625] 41611 total pagecache pages
[   70.938865][ T6625] 0 pages in swap cache
[   70.938868][ T6625] Free swap  = 124996kB
[   70.938871][ T6625] Total swap = 124996kB
[   70.938874][ T6625] 786301 pages RAM
[   70.938878][ T6625] 0 pages HighMem/MovableOnly
[   70.938881][ T6625] 240368 pages reserved
[   70.938884][ T6625] 0 pages cma reserved
[   70.963957][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   70.964030][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   71.082017][ T5281] hid-generic 0005:16C0:5505.0009: unknown main item tag 0x0
[   71.085098][ T5281] hid-generic 0005:16C0:5505.0009: unknown main item tag 0x0
[   71.088059][ T5281] hid-generic 0005:16C0:5505.0009: unknown main item tag 0x0
[   71.091081][ T5281] hid-generic 0005:16C0:5505.0009: unknown main item tag 0x0
[   71.094203][ T5281] hid-generic 0005:16C0:5505.0009: unknown main item tag 0x0
[   71.097209][ T5281] hid-generic 0005:16C0:5505.0009: unknown main item tag 0x3
[   71.100186][ T5281] hid-generic 0005:16C0:5505.0009: item fetching failed at offset 17/19
[   71.104351][ T5281] hid-generic 0005:16C0:5505.0009: probe with driver hid-generic failed with error -22
[   71.465067][ T6651] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input26
[   71.473249][ T6649] netlink: 'syz.0.219': attribute type 1 has an invalid length.
[   71.554096][ T6654] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input27
[   71.895864][ T6673] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check.
[   71.908370][ T6673] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input28
[   72.258559][ T6697] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input29
[   72.495730][ T6716] netlink: 16 bytes leftover after parsing attributes in process `syz.1.245'.
[   72.523932][ T6718] IPVS: sync thread started: state = BACKUP, mcast_ifn = wg0, syncid = 4, id = 0
[   72.529859][ T6719] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.569073][ T5281] hid-generic 0005:16BF:5505.000A: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   72.630370][ T6722] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input30
[   72.792390][ T5819] Bluetooth: hci2: command 0x040f tx timeout
[   72.908715][ T6736] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input31
[   72.958859][ T6736] xt_l2tp: v2 sid > 0xffff: 4294901760
[   74.322458][   T47] hid-generic 0005:16BF:5505.000B: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   74.610819][ T6806] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input32
[   74.821136][ T6824] netlink: 12 bytes leftover after parsing attributes in process `syz.1.277'.
[   74.829597][ T6826] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input33
[   74.872149][ T5819] Bluetooth: hci2: command 0x040f tx timeout
[   74.936600][ T6829] netlink: 8 bytes leftover after parsing attributes in process `syz.0.279'.
[   75.602542][ T6852] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input34
[   75.680344][ T6857] delete_channel: no stack
[   75.753604][ T6865] netlink: 24 bytes leftover after parsing attributes in process `syz.2.288'.
[   76.037048][ T6892] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input35
[   76.240482][ T6906] netlink: 32 bytes leftover after parsing attributes in process `syz.2.300'.
[   76.257584][ T6906] netlink: 32 bytes leftover after parsing attributes in process `syz.2.300'.
[   76.329525][   T33] audit: type=1800 audit(1751646823.300:5): pid=6890 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.295" name="cgroup.controllers" dev="tmpfs" ino=496 res=0 errno=0
[   76.570367][ T6930] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input36
[   76.700039][ T6938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.312'.
[   76.706684][ T6938] netlink: 4 bytes leftover after parsing attributes in process `syz.1.312'.
[   76.717545][ T6938] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input37
[   76.816270][ T6947] netlink: 20 bytes leftover after parsing attributes in process `syz.0.314'.
[   76.825767][ T6948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'.
[   76.836285][ T6948] netlink: 4 bytes leftover after parsing attributes in process `syz.1.315'.
[   76.839509][ T6948] netlink: 'syz.1.315': attribute type 1 has an invalid length.
[   76.851812][ T6948] netlink: 10 bytes leftover after parsing attributes in process `syz.1.315'.
[   76.904451][ T6948] nbd: socks must be embedded in a SOCK_ITEM attr
[   76.907579][ T6948] block nbd0: shutting down sockets
[   76.949562][ T6952] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input38
[   77.056013][ T6960] openvswitch: netlink: Actions may not be safe on all matching packets
[   77.186288][ T6964] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input39
[   77.663139][   T33] audit: type=1800 audit(1751646824.640:6): pid=6980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.325" name="cgroup.controllers" dev="tmpfs" ino=506 res=0 errno=0
[   77.750094][ T7000] No such timeout policy "syz1"
[   77.760578][ T7000] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input40
[   77.948188][  T972] hid-generic 0005:10CF:05DF.000C: item fetching failed at offset 0/1
[   77.956498][  T972] hid-generic 0005:10CF:05DF.000C: probe with driver hid-generic failed with error -22
[   78.888790][ T7054] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input41
[   79.077836][ T7064] syzkaller1: entered promiscuous mode
[   79.080087][ T7064] syzkaller1: entered allmulticast mode
[   79.092116][ T5844] hid-generic 0005:16C0:5505.000D: unknown main item tag 0x0
[   79.096573][ T5844] hid-generic 0005:16C0:5505.000D: unknown main item tag 0x0
[   79.099241][ T5844] hid-generic 0005:16C0:5505.000D: unknown main item tag 0x0
[   79.102454][ T5844] hid-generic 0005:16C0:5505.000D: unknown main item tag 0x0
[   79.105036][ T5844] hid-generic 0005:16C0:5505.000D: unknown main item tag 0x0
[   79.108272][ T5844] hid-generic 0005:16C0:5505.000D: unknown main item tag 0x0
[   79.110786][ T5844] hid-generic 0005:16C0:5505.000D: unknown main item tag 0x3
[   79.113649][ T5844] hid-generic 0005:16C0:5505.000D: item fetching failed at offset 17/19
[   79.116869][ T5844] hid-generic 0005:16C0:5505.000D: probe with driver hid-generic failed with error -22
[   79.280203][ T7074] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition
[   79.284649][ T7074] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0)
[   79.482657][ T7082] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input42
[   80.197732][ T7095] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input43
[   80.328655][ T7101] __nla_validate_parse: 3 callbacks suppressed
[   80.328664][ T7101] netlink: 12 bytes leftover after parsing attributes in process `syz.2.356'.
[   80.607371][ T7113] "syz.1.361" (7113) uses obsolete ecb(arc4) skcipher
[   80.789702][   T47] hid-generic 0005:16C0:5505.000E: unknown main item tag 0x0
[   80.793413][   T47] hid-generic 0005:16C0:5505.000E: unknown main item tag 0x0
[   80.799705][   T47] hid-generic 0005:16C0:5505.000E: unknown main item tag 0x0
[   80.803078][   T47] hid-generic 0005:16C0:5505.000E: unknown main item tag 0x0
[   80.806239][   T47] hid-generic 0005:16C0:5505.000E: unknown main item tag 0x0
[   80.809234][   T47] hid-generic 0005:16C0:5505.000E: unknown main item tag 0x0
[   80.816704][   T47] hid-generic 0005:16C0:5505.000E: unknown main item tag 0x3
[   80.819719][   T47] hid-generic 0005:16C0:5505.000E: item fetching failed at offset 17/19
[   80.842330][   T47] hid-generic 0005:16C0:5505.000E: probe with driver hid-generic failed with error -22
[   80.946362][ T5281] hid-generic 0005:16C0:5505.000F: unknown main item tag 0x0
[   80.953774][ T5281] hid-generic 0005:16C0:5505.000F: unknown main item tag 0x0
[   80.956649][ T5281] hid-generic 0005:16C0:5505.000F: unknown main item tag 0x0
[   80.959214][ T5281] hid-generic 0005:16C0:5505.000F: unknown main item tag 0x0
[   80.961931][ T5281] hid-generic 0005:16C0:5505.000F: unknown main item tag 0x0
[   80.964419][ T5281] hid-generic 0005:16C0:5505.000F: unknown main item tag 0x0
[   80.966888][ T5281] hid-generic 0005:16C0:5505.000F: unknown main item tag 0x3
[   80.969320][ T5281] hid-generic 0005:16C0:5505.000F: item fetching failed at offset 17/19
[   80.972587][ T5281] hid-generic 0005:16C0:5505.000F: probe with driver hid-generic failed with error -22
[   81.026517][ T7131] netlink: 'syz.0.367': attribute type 9 has an invalid length.
[   81.178966][ T7140] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input44
[   81.211655][  T791] cfg80211: failed to load regulatory.db
[   81.413839][ T7166] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input45
[   81.579405][ T7181] netlink: 8 bytes leftover after parsing attributes in process `syz.2.383'.
[   81.585596][ T7181] netlink: 4 bytes leftover after parsing attributes in process `syz.2.383'.
[   81.675271][ T7189] netlink: 48 bytes leftover after parsing attributes in process `syz.1.384'.
[   81.754342][ T7192] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input46
[   81.891262][   T33] audit: type=1800 audit(1751646828.860:7): pid=7188 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.385" name="cgroup.controllers" dev="tmpfs" ino=619 res=0 errno=0
[   82.027257][ T7210] netlink: 24 bytes leftover after parsing attributes in process `syz.2.393'.
[   82.226969][ T7221] xt_hashlimit: size too large, truncated to 1048576
[   82.401678][  T972] hid-generic 0005:16BF:5505.0010: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   82.692715][ T7249] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input47
[   82.927553][ T7263] netlink: 136 bytes leftover after parsing attributes in process `syz.2.409'.
[   82.933567][ T7263] netlink: 9275 bytes leftover after parsing attributes in process `syz.2.409'.
[   83.571318][ T7273] netlink: 8 bytes leftover after parsing attributes in process `syz.0.413'.
[   84.150335][ T7301] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input48
[   84.435023][ T7327] IPVS: set_ctl: invalid protocol: 59 172.30.1.1:20001
[   84.475136][ T7329] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input49
[   84.520852][ T7333] netlink: 4 bytes leftover after parsing attributes in process `syz.0.430'.
[   84.968644][ T7363] netlink: 24 bytes leftover after parsing attributes in process `syz.1.438'.
[   85.105129][ T7361] netlink: 'syz.0.437': attribute type 1 has an invalid length.
[   85.466598][ T7399] __nla_validate_parse: 1 callbacks suppressed
[   85.466610][ T7399] netlink: 20 bytes leftover after parsing attributes in process `syz.2.446'.
[   86.115996][ T7419] netlink: 'syz.1.452': attribute type 2 has an invalid length.
[   86.398666][ T7442] x_tables: duplicate underflow at hook 2
[   86.414067][ T7444] batman_adv: batadv0: Adding interface: dummy0
[   86.416987][ T7444] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.428606][ T7444] batman_adv: batadv0: Interface activated: dummy0
[   86.515513][ T7449] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input50
[   86.973028][ T7479] nbd: socks must be embedded in a SOCK_ITEM attr
[   86.979492][ T7479] block nbd0: shutting down sockets
[   87.070837][ T7487] netlink: 'syz.1.475': attribute type 1 has an invalid length.
[   87.109065][ T7487] 8021q: adding VLAN 0 to HW filter on device bond1
[   87.131382][ T7487] bond1: (slave ip6gretap1): making interface the new active one
[   87.143331][ T7487] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[   87.183831][  T972] hid-generic 0005:10CF:05DF.0011: item fetching failed at offset 0/1
[   87.188823][  T972] hid-generic 0005:10CF:05DF.0011: probe with driver hid-generic failed with error -22
[   87.254423][ T7501] netlink: 'syz.2.477': attribute type 8 has an invalid length.
[   87.265358][ T7505] xt_hashlimit: size too large, truncated to 1048576
[   87.268116][ T7505] xt_hashlimit: max too large, truncated to 1048576
[   87.391398][ T7512] netlink: 8 bytes leftover after parsing attributes in process `syz.1.482'.
[   88.142442][ T7518] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input51
[   88.366647][ T7538] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input52
[   88.606021][  T972] hid-generic 0005:16BF:5505.0012: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   88.706241][   T33] audit: type=1800 audit(1751646835.680:8): pid=7542 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.492" name="cgroup.controllers" dev="tmpfs" ino=919 res=0 errno=0
[   89.048151][ T7568] netlink: 12 bytes leftover after parsing attributes in process `syz.0.501'.
[   89.174694][ T7580] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input53
[   89.288042][ T7589] netlink: 134788 bytes leftover after parsing attributes in process `syz.0.508'.
[   89.448944][ T7596] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input54
[   89.597660][ T7605] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input55
[   89.643981][   T47] hid-generic 0005:16C0:5505.0013: unknown main item tag 0x0
[   89.649933][   T47] hid-generic 0005:16C0:5505.0013: unknown main item tag 0x0
[   89.656692][   T47] hid-generic 0005:16C0:5505.0013: unknown main item tag 0x0
[   89.662095][   T47] hid-generic 0005:16C0:5505.0013: unknown main item tag 0x0
[   89.664806][   T47] hid-generic 0005:16C0:5505.0013: unknown main item tag 0x0
[   89.667291][   T47] hid-generic 0005:16C0:5505.0013: unknown main item tag 0x0
[   89.670002][   T47] hid-generic 0005:16C0:5505.0013: unknown main item tag 0x3
[   89.675172][   T47] hid-generic 0005:16C0:5505.0013: item fetching failed at offset 17/19
[   89.678448][   T47] hid-generic 0005:16C0:5505.0013: probe with driver hid-generic failed with error -22
[   89.975671][ T7624] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input56
[   90.035078][ T7634] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input57
[   90.106884][ T7645] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input58
[   90.164497][ T7648] netlink: 'syz.1.527': attribute type 1 has an invalid length.
[   90.187615][ T7648] 8021q: adding VLAN 0 to HW filter on device bond2
[   90.200364][ T7648] bond2: (slave ip6erspan0): making interface the new active one
[   90.204832][ T7648] bond2: (slave ip6erspan0): Enslaving as an active interface with an up link
[   90.319317][ T7663] netlink: 'syz.2.531': attribute type 1 has an invalid length.
[   90.381131][ T5844] hid-generic 0005:16BF:5505.0014: hidraw0: BLUETOOTH HID vc3.bb Device [syz0] on aa:aa:aa:aa:aa:aa
[   90.474352][ T7672] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   90.501892][ T7674] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input59
[   91.367460][ T7691] netlink: 'syz.2.540': attribute type 1 has an invalid length.
[   91.370804][ T7691] netlink: 'syz.2.540': attribute type 1 has an invalid length.
[   91.377372][ T7691] netlink: 'syz.2.540': attribute type 1 has an invalid length.
[   91.381085][ T7691] netlink: 'syz.2.540': attribute type 2 has an invalid length.
[   91.389630][ T7691] x_tables: duplicate underflow at hook 1
[   91.765161][ T7714] netlink: 8 bytes leftover after parsing attributes in process `syz.0.548'.
[   91.768086][ T7714] netlink: 4 bytes leftover after parsing attributes in process `syz.0.548'.
[   91.771995][ T7714] netlink: 22 bytes leftover after parsing attributes in process `syz.0.548'.
[   91.776009][ T7714] nbd: socks must be embedded in a SOCK_ITEM attr
[   91.887221][ T7718] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input60
[   92.041969][ T7724] netlink: 'syz.0.550': attribute type 34 has an invalid length.
[   92.597931][ T7736] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input61
[   92.690664][ T7739] netlink: 24 bytes leftover after parsing attributes in process `syz.2.555'.
[   92.850034][ T7741] warn_alloc: 1 callbacks suppressed
[   92.850050][ T7741] syz.0.556: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[   92.858898][ T7741] CPU: 1 UID: 0 PID: 7741 Comm: syz.0.556 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   92.858914][ T7741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   92.858921][ T7741] Call Trace:
[   92.858927][ T7741]  <TASK>
[   92.858932][ T7741]  dump_stack_lvl+0x189/0x250
[   92.858958][ T7741]  ? __pfx_dump_stack_lvl+0x10/0x10
[   92.858977][ T7741]  ? __pfx__printk+0x10/0x10
[   92.858990][ T7741]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   92.859003][ T7741]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   92.859017][ T7741]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[   92.859031][ T7741]  warn_alloc+0x214/0x310
[   92.859052][ T7741]  ? stack_depot_save_flags+0x40/0x900
[   92.859068][ T7741]  ? __pfx_warn_alloc+0x10/0x10
[   92.859077][ T7741]  ? kasan_save_track+0x4f/0x80
[   92.859088][ T7741]  ? xskq_create+0x56/0x170
[   92.859098][ T7741]  ? xsk_init_queue+0xb0/0x110
[   92.859106][ T7741]  ? xsk_setsockopt+0x43f/0x710
[   92.859113][ T7741]  ? do_sock_setsockopt+0x25a/0x3e0
[   92.859121][ T7741]  ? __x64_sys_setsockopt+0x18b/0x220
[   92.859128][ T7741]  ? do_syscall_64+0xfa/0x3b0
[   92.859134][ T7741]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.859144][ T7741]  __vmalloc_node_range_noprof+0x125/0x12f0
[   92.859164][ T7741]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   92.859174][ T7741]  ? __kasan_kmalloc+0x93/0xb0
[   92.859182][ T7741]  vmalloc_user_noprof+0xad/0xf0
[   92.859189][ T7741]  ? xskq_create+0xbf/0x170
[   92.859199][ T7741]  xskq_create+0xbf/0x170
[   92.859210][ T7741]  xsk_init_queue+0xb0/0x110
[   92.859220][ T7741]  xsk_setsockopt+0x43f/0x710
[   92.859230][ T7741]  ? __pfx_xsk_setsockopt+0x10/0x10
[   92.859239][ T7741]  ? __lock_acquire+0xab9/0xd20
[   92.859252][ T7741]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[   92.859262][ T7741]  ? __pfx_xsk_setsockopt+0x10/0x10
[   92.859271][ T7741]  do_sock_setsockopt+0x25a/0x3e0
[   92.859280][ T7741]  ? __pfx_do_sock_setsockopt+0x10/0x10
[   92.859292][ T7741]  ? __fget_files+0x2a/0x420
[   92.859303][ T7741]  __x64_sys_setsockopt+0x18b/0x220
[   92.859314][ T7741]  do_syscall_64+0xfa/0x3b0
[   92.859319][ T7741]  ? lockdep_hardirqs_on+0x9c/0x150
[   92.859329][ T7741]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.859335][ T7741]  ? exc_page_fault+0x9f/0xf0
[   92.859346][ T7741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.859353][ T7741] RIP: 0033:0x7f8d87d8e929
[   92.859360][ T7741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.859366][ T7741] RSP: 002b:00007f8d88c0d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   92.859374][ T7741] RAX: ffffffffffffffda RBX: 00007f8d87fb5fa0 RCX: 00007f8d87d8e929
[   92.859379][ T7741] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009
[   92.859383][ T7741] RBP: 00007f8d87e10b39 R08: 0000000000000004 R09: 0000000000000000
[   92.859387][ T7741] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[   92.859391][ T7741] R13: 0000000000000000 R14: 00007f8d87fb5fa0 R15: 00007ffc62166618
[   92.859402][ T7741]  </TASK>
[   92.859405][ T7741] Mem-Info:
[   92.882211][   T55] Bluetooth: hci2: command 0x040f tx timeout
[   92.975641][ T7741] active_anon:13754 inactive_anon:0 isolated_anon:0
[   92.975641][ T7741]  active_file:1011 inactive_file:38217 isolated_file:0
[   92.975641][ T7741]  unevictable:1768 dirty:50 writeback:0
[   92.975641][ T7741]  slab_reclaimable:9350 slab_unreclaimable:53369
[   92.975641][ T7741]  mapped:18236 shmem:2450 pagetables:1001
[   92.975641][ T7741]  sec_pagetables:0 bounce:0
[   92.975641][ T7741]  kernel_misc_reclaimable:0
[   92.975641][ T7741]  free:290385 free_pcp:22882 free_cma:0
[   92.990649][ T7741] Node 0 active_anon:11296kB inactive_anon:0kB active_file:3208kB inactive_file:148148kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:38384kB dirty:132kB writeback:0kB shmem:4848kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7324kB pagetables:2328kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   93.001890][ T7741] Node 1 active_anon:43720kB inactive_anon:0kB active_file:836kB inactive_file:4720kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:34560kB dirty:68kB writeback:0kB shmem:4952kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5160kB pagetables:1676kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   93.014615][ T7741] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   93.024311][ T7741] lowmem_reserve[]: 0 815 815 815 815
[   93.026470][ T7741] Node 0 DMA32 free:246500kB boost:0kB min:33716kB low:42144kB high:50572kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11296kB inactive_anon:0kB active_file:3208kB inactive_file:148148kB unevictable:3536kB writepending:132kB present:1556484kB managed:834740kB mlocked:0kB bounce:0kB free_pcp:39128kB local_pcp:15496kB free_cma:0kB
[   93.037885][ T7741] lowmem_reserve[]: 0 0 0 0 0
[   93.039527][ T7741] Node 1 DMA32 free:458616kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   93.051420][ T7741] lowmem_reserve[]: 0 0 854 854 854
[   93.053597][ T7741] Node 1 Normal free:441064kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:43720kB inactive_anon:0kB active_file:836kB inactive_file:4720kB unevictable:3536kB writepending:68kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:52980kB local_pcp:32572kB free_cma:0kB
[   93.066185][ T7741] lowmem_reserve[]: 0 0 0 0 0
[   93.068005][ T7741] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   93.095330][ T7741] Node 0 DMA32: 411*4kB (UME) 587*8kB (UME) 266*16kB (UME) 114*32kB (UME) 49*64kB (UME) 20*128kB (UM) 15*256kB (M) 9*512kB (UM) 7*1024kB (ME) 7*2048kB (ME) 48*4096kB (M) = 246500kB
[   93.138131][ T7741] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[   93.147307][ T7741] Node 1 Normal: 1*4kB (E) 369*8kB (UME) 378*16kB (UM) 240*32kB (UME) 9*64kB (UME) 51*128kB (UME) 19*256kB (UME) 9*512kB (UE) 4*1024kB (UME) 3*2048kB (UM) 97*4096kB (UM) = 440812kB
[   93.156496][ T7741] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   93.160814][ T7741] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   93.169286][ T7741] 41678 total pagecache pages
[   93.171569][ T7741] 0 pages in swap cache
[   93.173860][ T7741] Free swap  = 124996kB
[   93.175854][ T7741] Total swap = 124996kB
[   93.177944][ T7741] 786301 pages RAM
[   93.179802][ T7741] 0 pages HighMem/MovableOnly
[   93.182617][ T7741] 240368 pages reserved
[   93.184035][ T7741] 0 pages cma reserved
[   93.314305][ T7769] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input62
[   94.421521][   T33] audit: type=1800 audit(1751646841.390:9): pid=7793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.571" name="cgroup.controllers" dev="tmpfs" ino=1043 res=0 errno=0
[   94.701529][ T7808] pim6reg: entered allmulticast mode
[   94.706047][ T7807] pim6reg: left allmulticast mode
[   94.757760][  T791] hid-generic 0005:0B57:00AA.0015: collection stack underflow
[   94.769337][  T791] hid-generic 0005:0B57:00AA.0015: item 0 0 0 12 parsing failed
[   94.772990][  T791] hid-generic 0005:0B57:00AA.0015: probe with driver hid-generic failed with error -22
[   94.952247][ T5819] Bluetooth: hci2: command 0x040f tx timeout
[   94.957958][   T33] audit: type=1800 audit(1751646841.930:10): pid=7812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.577" name="cgroup.controllers" dev="tmpfs" ino=1085 res=0 errno=0
[   95.085845][ T7816] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode broadcast(3)
[   95.279187][ T7827] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input63
[   95.386605][ T7834] netlink: 'syz.0.584': attribute type 3 has an invalid length.
[   95.426025][ T7838] netlink: 28 bytes leftover after parsing attributes in process `syz.2.585'.
[   95.430767][ T7838] netlink: 28 bytes leftover after parsing attributes in process `syz.2.585'.
[   95.442508][ T7838] gretap0: entered promiscuous mode
[   95.447020][ T7838] gretap0: left promiscuous mode
[   95.562669][ T7848] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input64
[   95.717238][ T7871] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input65
[   95.731410][ T6966] udevd[6966]: setting owner of /dev/input/event3 to uid=0, gid=104 failed: No such file or directory
[   95.937263][ T7887] IPVS: Unknown mcast interface: nicvf0
[   96.014825][ T7905] netlink: 'syz.2.602': attribute type 5 has an invalid length.
[   96.017458][ T7905] netlink: 4 bytes leftover after parsing attributes in process `syz.2.602'.
[   96.145511][ T7923] netlink: 12 bytes leftover after parsing attributes in process `syz.2.608'.
[   96.283768][ T7930] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input66
[   96.308018][ T7930] netlink: 16 bytes leftover after parsing attributes in process `syz.2.610'.
[   96.319484][ T7930] netlink: 16 bytes leftover after parsing attributes in process `syz.2.610'.
[   96.388653][ T7933] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input67
[   96.431678][   T47] hid-generic 0005:16BF:5505.0016: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   96.708943][ T7954] RDS: rds_bind could not find a transport for ::ffff:172.30.0.3, load rds_tcp or rds_rdma?
[   97.031852][ T5819] Bluetooth: hci2: command 0x040f tx timeout
[   97.079038][ T7973] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input68
[   97.205995][ T7981] Bluetooth: MGMT ver 1.23
[   97.617495][ T5844] hid-generic 0005:16C0:5505.0017: unknown main item tag 0x0
[   97.620526][ T5844] hid-generic 0005:16C0:5505.0017: unknown main item tag 0x0
[   97.634446][ T5844] hid-generic 0005:16C0:5505.0017: unknown main item tag 0x0
[   97.642605][ T5844] hid-generic 0005:16C0:5505.0017: unknown main item tag 0x0
[   97.645628][ T5844] hid-generic 0005:16C0:5505.0017: unknown main item tag 0x0
[   97.648717][ T5844] hid-generic 0005:16C0:5505.0017: unknown main item tag 0x0
[   97.661885][ T5844] hid-generic 0005:16C0:5505.0017: unknown main item tag 0x3
[   97.664964][ T5844] hid-generic 0005:16C0:5505.0017: item fetching failed at offset 17/19
[   97.668850][ T5844] hid-generic 0005:16C0:5505.0017: probe with driver hid-generic failed with error -22
[   97.730412][ T8031] netlink: 22 bytes leftover after parsing attributes in process `syz.0.635'.
[   97.805482][ T8037] netlink: 8 bytes leftover after parsing attributes in process `syz.1.636'.
[   97.827217][ T8038] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input69
[   98.786961][ T8060] pimreg3: entered allmulticast mode
[   98.795160][ T8059] netlink: 'syz.1.643': attribute type 8 has an invalid length.
[   99.482557][ T8059] pimreg3: left allmulticast mode
[   99.606624][   T47] hid-generic 0005:16BF:5505.0018: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  100.050787][ T8108] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input70
[  100.136621][ T8111] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input71
[  100.488552][  T791] hid-generic 0005:16C0:5505.0019: unknown main item tag 0x0
[  100.491511][  T791] hid-generic 0005:16C0:5505.0019: unknown main item tag 0x0
[  100.495500][  T791] hid-generic 0005:16C0:5505.0019: unknown main item tag 0x0
[  100.498149][  T791] hid-generic 0005:16C0:5505.0019: unknown main item tag 0x0
[  100.500886][  T791] hid-generic 0005:16C0:5505.0019: unknown main item tag 0x0
[  100.504165][  T791] hid-generic 0005:16C0:5505.0019: unknown main item tag 0x0
[  100.506900][  T791] hid-generic 0005:16C0:5505.0019: unknown main item tag 0x3
[  100.509817][  T791] hid-generic 0005:16C0:5505.0019: item fetching failed at offset 17/19
[  100.514247][  T791] hid-generic 0005:16C0:5505.0019: probe with driver hid-generic failed with error -22
[  100.528683][ T8126] netlink: 28 bytes leftover after parsing attributes in process `syz.2.665'.
[  101.130513][ T8144] netlink: 12 bytes leftover after parsing attributes in process `syz.1.669'.
[  101.254495][ T8157] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input72
[  101.380096][ T8169] netlink: 134788 bytes leftover after parsing attributes in process `syz.0.676'.
[  101.475806][ T8175] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input73
[  102.004269][ T5819] Bluetooth: hci2: link tx timeout
[  102.006735][ T5819] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  102.801275][ T5844] hid-generic 0005:046D:FFF9.001A: item fetching failed at offset 0/1
[  102.811342][ T5844] hid-generic 0005:046D:FFF9.001A: probe with driver hid-generic failed with error -22
[  102.955539][ T8258] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input74
[  103.029933][ T8262] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input75
[  103.069940][ T8264] netlink: 'syz.1.703': attribute type 4 has an invalid length.
[  103.271209][ T8279] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input76
[  103.289826][ T8284] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input77
[  103.756317][ T8325] netlink: 40 bytes leftover after parsing attributes in process `syz.0.720'.
[  103.763298][   T55] Bluetooth: hci2: link tx timeout
[  103.765518][   T55] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  103.848904][ T8328] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input78
[  103.987679][ T8337] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input79
[  104.072945][   T55] Bluetooth: hci2: command 0x040f tx timeout
[  104.107574][ T8352] netlink: 76 bytes leftover after parsing attributes in process `syz.1.727'.
[  104.117112][ T8352] netlink: 'syz.1.727': attribute type 10 has an invalid length.
[  104.120224][ T8352] bridge0: port 3(team0) entered blocking state
[  104.124200][ T8352] bridge0: port 3(team0) entered disabled state
[  104.126956][ T8352] team0: entered allmulticast mode
[  104.129005][ T8352] team_slave_0: entered allmulticast mode
[  104.134228][ T8352] team_slave_1: entered allmulticast mode
[  104.137655][ T8352] team0: entered promiscuous mode
[  104.139786][ T8352] team_slave_0: entered promiscuous mode
[  104.143723][ T8352] team_slave_1: entered promiscuous mode
[  104.170052][  T791] hid-generic 0005:16BF:5505.001B: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  104.266723][ T5863] hid-generic 0005:16C0:5505.001C: unknown main item tag 0x0
[  104.272469][ T5863] hid-generic 0005:16C0:5505.001C: unknown main item tag 0x0
[  104.275659][ T5863] hid-generic 0005:16C0:5505.001C: unknown main item tag 0x0
[  104.278738][ T5863] hid-generic 0005:16C0:5505.001C: unknown main item tag 0x0
[  104.282504][ T5863] hid-generic 0005:16C0:5505.001C: unknown main item tag 0x0
[  104.285531][ T5863] hid-generic 0005:16C0:5505.001C: unknown main item tag 0x0
[  104.288688][ T5863] hid-generic 0005:16C0:5505.001C: unknown main item tag 0x3
[  104.292153][ T5863] hid-generic 0005:16C0:5505.001C: item fetching failed at offset 17/19
[  104.295966][ T5863] hid-generic 0005:16C0:5505.001C: probe with driver hid-generic failed with error -22
[  104.415385][ T8366] warn_alloc: 2 callbacks suppressed
[  104.415404][ T8366] syz.0.734: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  104.425812][ T8366] CPU: 1 UID: 0 PID: 8366 Comm: syz.0.734 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  104.425830][ T8366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  104.425838][ T8366] Call Trace:
[  104.425844][ T8366]  <TASK>
[  104.425850][ T8366]  dump_stack_lvl+0x189/0x250
[  104.425877][ T8366]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.425895][ T8366]  ? __pfx__printk+0x10/0x10
[  104.425908][ T8366]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  104.425923][ T8366]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  104.425937][ T8366]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  104.425952][ T8366]  warn_alloc+0x214/0x310
[  104.425967][ T8366]  ? stack_depot_save_flags+0x40/0x900
[  104.425986][ T8366]  ? __pfx_warn_alloc+0x10/0x10
[  104.426001][ T8366]  ? kasan_save_track+0x4f/0x80
[  104.426020][ T8366]  ? xskq_create+0x56/0x170
[  104.426037][ T8366]  ? xsk_init_queue+0xb0/0x110
[  104.426050][ T8366]  ? xsk_setsockopt+0x43f/0x710
[  104.426070][ T8366]  ? do_sock_setsockopt+0x25a/0x3e0
[  104.426083][ T8366]  ? __x64_sys_setsockopt+0x18b/0x220
[  104.426095][ T8366]  ? do_syscall_64+0xfa/0x3b0
[  104.426105][ T8366]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.426120][ T8366]  __vmalloc_node_range_noprof+0x125/0x12f0
[  104.426152][ T8366]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  104.426170][ T8366]  ? __kasan_kmalloc+0x93/0xb0
[  104.426183][ T8366]  vmalloc_user_noprof+0xad/0xf0
[  104.426198][ T8366]  ? xskq_create+0xbf/0x170
[  104.426214][ T8366]  xskq_create+0xbf/0x170
[  104.426232][ T8366]  xsk_init_queue+0xb0/0x110
[  104.426250][ T8366]  xsk_setsockopt+0x43f/0x710
[  104.426267][ T8366]  ? __pfx_xsk_setsockopt+0x10/0x10
[  104.426281][ T8366]  ? __lock_acquire+0xab9/0xd20
[  104.426305][ T8366]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  104.426321][ T8366]  ? __pfx_xsk_setsockopt+0x10/0x10
[  104.426337][ T8366]  do_sock_setsockopt+0x25a/0x3e0
[  104.426354][ T8366]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  104.426371][ T8366]  ? __fget_files+0x2a/0x420
[  104.426391][ T8366]  __x64_sys_setsockopt+0x18b/0x220
[  104.426408][ T8366]  do_syscall_64+0xfa/0x3b0
[  104.426418][ T8366]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.426434][ T8366]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.426445][ T8366]  ? exc_page_fault+0x9f/0xf0
[  104.426462][ T8366]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.426472][ T8366] RIP: 0033:0x7f8d87d8e929
[  104.426484][ T8366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.426494][ T8366] RSP: 002b:00007f8d88c0d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  104.426506][ T8366] RAX: ffffffffffffffda RBX: 00007f8d87fb5fa0 RCX: 00007f8d87d8e929
[  104.426515][ T8366] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000028
[  104.426521][ T8366] RBP: 00007f8d87e10b39 R08: 0000000000000004 R09: 0000000000000000
[  104.426528][ T8366] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  104.426535][ T8366] R13: 0000000000000000 R14: 00007f8d87fb5fa0 R15: 00007ffc62166618
[  104.426556][ T8366]  </TASK>
[  104.426561][ T8366] Mem-Info:
[  104.555730][ T8366] active_anon:13843 inactive_anon:0 isolated_anon:0
[  104.555730][ T8366]  active_file:1060 inactive_file:38221 isolated_file:0
[  104.555730][ T8366]  unevictable:1768 dirty:72 writeback:0
[  104.555730][ T8366]  slab_reclaimable:9468 slab_unreclaimable:53120
[  104.555730][ T8366]  mapped:18225 shmem:2538 pagetables:1000
[  104.555730][ T8366]  sec_pagetables:0 bounce:0
[  104.555730][ T8366]  kernel_misc_reclaimable:0
[  104.555730][ T8366]  free:290065 free_pcp:22617 free_cma:0
[  104.574075][ T8366] Node 0 active_anon:11892kB inactive_anon:0kB active_file:3400kB inactive_file:148164kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:38336kB dirty:216kB writeback:0kB shmem:5308kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7472kB pagetables:2364kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  104.587467][ T8366] Node 1 active_anon:43480kB inactive_anon:0kB active_file:840kB inactive_file:4720kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:34564kB dirty:72kB writeback:0kB shmem:4844kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5072kB pagetables:1636kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  104.600747][ T8366] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  104.614902][ T8366] lowmem_reserve[]: 0 815 815 815 815
[  104.618080][ T8366] Node 0 DMA32 free:246864kB boost:0kB min:33716kB low:42144kB high:50572kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11892kB inactive_anon:0kB active_file:3400kB inactive_file:148164kB unevictable:3536kB writepending:216kB present:1556484kB managed:834740kB mlocked:0kB bounce:0kB free_pcp:38268kB local_pcp:15684kB free_cma:0kB
[  104.633967][ T8366] lowmem_reserve[]: 0 0 0 0 0
[  104.636024][ T8366] Node 1 DMA32 free:458616kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  104.648884][ T8366] lowmem_reserve[]: 0 0 854 854 854
[  104.651111][ T8366] Node 1 Normal free:439420kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:43480kB inactive_anon:0kB active_file:840kB inactive_file:4720kB unevictable:3536kB writepending:72kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:52212kB local_pcp:31748kB free_cma:0kB
[  104.666890][ T8366] lowmem_reserve[]: 0 0 0 0 0
[  104.668961][ T8366] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  104.670660][ T8373] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input80
[  104.681459][ T8366] Node 0 DMA32: 4*4kB (UME) 158*8kB (UME) 173*16kB (UME) 302*32kB (UM) 153*64kB (UME) 31*128kB (UM) 5*256kB (UM) 4*512kB (UM) 7*1024kB (ME) 6*2048kB (ME) 48*4096kB (M) = 246864kB
[  104.695467][ T8366] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  104.702500][ T8366] Node 1 Normal: 97*4kB (UME) 411*8kB (UME) 490*16kB (UME) 142*32kB (UME) 31*64kB (UM) 54*128kB (UME) 23*256kB (UME) 12*512kB (UME) 5*1024kB (UME) 8*2048kB (UM) 93*4096kB (UM) = 439420kB
[  104.710778][ T8366] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  104.718579][ T8366] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  104.723202][ T8366] 41819 total pagecache pages
[  104.725107][ T8366] 0 pages in swap cache
[  104.726972][ T8366] Free swap  = 124996kB
[  104.728683][ T8366] Total swap = 124996kB
[  104.730444][ T8366] 786301 pages RAM
[  104.733374][ T8366] 0 pages HighMem/MovableOnly
[  104.735305][ T8366] 240368 pages reserved
[  104.737002][ T8366] 0 pages cma reserved
[  104.757575][ T8376] raw_sendmsg: syz.2.736 forgot to set AF_INET. Fix it!
[  104.877464][ T5844] hid-generic 0005:16BF:5505.001D: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  104.892262][ T8389] netlink: 28 bytes leftover after parsing attributes in process `syz.0.740'.
[  104.896434][ T8389] netlink: 28 bytes leftover after parsing attributes in process `syz.0.740'.
[  104.903127][ T8389] netlink: 28 bytes leftover after parsing attributes in process `syz.0.740'.
[  104.906139][ T8389] netlink: 28 bytes leftover after parsing attributes in process `syz.0.740'.
[  104.963372][ T5844] IPVS: starting estimator thread 0...
[  104.966134][ T8396] IPVS: set_ctl: invalid protocol: 22 255.255.255.255:20006
[  105.007170][ T8409] netlink: 16 bytes leftover after parsing attributes in process `syz.1.747'.
[  105.015529][ T5844] hid-generic 0005:04F3:000E.001E: collection stack underflow
[  105.018388][ T5844] hid-generic 0005:04F3:000E.001E: item 0 0 0 12 parsing failed
[  105.021219][ T5844] hid-generic 0005:04F3:000E.001E: probe with driver hid-generic failed with error -22
[  105.062045][ T8397] IPVS: using max 80 ests per chain, 192000 per kthread
[  105.274028][ T8433] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  105.393022][ T8439] netlink: 48 bytes leftover after parsing attributes in process `syz.0.753'.
[  105.432921][ T8439] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input81
[  105.458834][   T33] audit: type=1800 audit(1751646852.430:11): pid=8438 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.751" name="cgroup.controllers" dev="tmpfs" ino=1146 res=0 errno=0
[  105.584978][ T8449] netlink: 8 bytes leftover after parsing attributes in process `syz.2.756'.
[  105.591274][ T8449] netlink: 8 bytes leftover after parsing attributes in process `syz.2.756'.
[  105.995382][ T8478] netlink: 'syz.1.761': attribute type 10 has an invalid length.
[  106.002802][ T8478] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.012872][ T8478] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  107.204883][ T8514] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input82
[  107.289746][ T8519] IPv6: Can't replace route, no match found
[  107.298507][ T8520] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0001 with DS=0x2
[  107.728147][ T8528] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input83
[  108.118628][ T8546] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input84
[  108.243840][ T8551] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input85
[  109.655561][ T8593] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input86
[  109.907076][ T8617] netlink: 'syz.1.806': attribute type 3 has an invalid length.
[  109.925081][ T8620] __nla_validate_parse: 9 callbacks suppressed
[  109.925098][ T8620] netlink: 8 bytes leftover after parsing attributes in process `syz.0.804'.
[  110.050454][   T33] audit: type=1800 audit(1751646857.020:12): pid=8618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.805" name="cgroup.controllers" dev="tmpfs" ino=1240 res=0 errno=0
[  110.187628][ T8632] netlink: 8 bytes leftover after parsing attributes in process `syz.1.810'.
[  110.202871][  T972] hid-generic 0005:16C0:5505.001F: unknown main item tag 0x0
[  110.205473][  T972] hid-generic 0005:16C0:5505.001F: unknown main item tag 0x0
[  110.207741][ T8632] netlink: 8 bytes leftover after parsing attributes in process `syz.1.810'.
[  110.208062][  T972] hid-generic 0005:16C0:5505.001F: unknown main item tag 0x0
[  110.217163][  T972] hid-generic 0005:16C0:5505.001F: unknown main item tag 0x0
[  110.219861][ T8632] netlink: 4 bytes leftover after parsing attributes in process `syz.1.810'.
[  110.220576][  T972] hid-generic 0005:16C0:5505.001F: unknown main item tag 0x0
[  110.225299][ T8632] netlink: 'syz.1.810': attribute type 1 has an invalid length.
[  110.230913][ T8632] netlink: 10 bytes leftover after parsing attributes in process `syz.1.810'.
[  110.230955][  T972] hid-generic 0005:16C0:5505.001F: unknown main item tag 0x0
[  110.238587][  T972] hid-generic 0005:16C0:5505.001F: unknown main item tag 0x3
[  110.241972][  T972] hid-generic 0005:16C0:5505.001F: item fetching failed at offset 17/19
[  110.245196][  T972] hid-generic 0005:16C0:5505.001F: probe with driver hid-generic failed with error -22
[  110.261902][ T8632] nbd: socks must be embedded in a SOCK_ITEM attr
[  110.264923][ T8632] block nbd0: shutting down sockets
[  110.314350][ T8637] bridge1: entered promiscuous mode
[  110.367844][ T8647] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  110.662146][ T8669] netlink: 8 bytes leftover after parsing attributes in process `syz.0.821'.
[  110.667895][ T8669] netlink: 4 bytes leftover after parsing attributes in process `syz.0.821'.
[  110.671202][ T8669] netlink: 10 bytes leftover after parsing attributes in process `syz.0.821'.
[  110.674913][ T8669] nbd: socks must be embedded in a SOCK_ITEM attr
[  110.952890][  T791] hid-generic 0005:0B57:00AA.0020: collection stack underflow
[  110.962209][  T791] hid-generic 0005:0B57:00AA.0020: item 0 0 0 12 parsing failed
[  110.966167][  T791] hid-generic 0005:0B57:00AA.0020: probe with driver hid-generic failed with error -22
[  111.436947][ T8715] netlink: 48 bytes leftover after parsing attributes in process `syz.2.836'.
[  111.440812][ T8715] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  111.444051][ T8715] IPv6: NLM_F_CREATE should be set when creating new route
[  111.453018][ T8715] netlink: 60 bytes leftover after parsing attributes in process `syz.2.836'.
[  111.459708][ T8715] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input87
[  111.668995][ T8730] openvswitch: netlink: VXLAN extension 2 out of range max 1
[  111.724243][ T8731] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.727787][ T8731] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.841683][ T8731] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  111.855939][ T8731] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  111.900537][ T8731] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  111.904170][ T8731] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  111.907163][ T8731] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  111.910283][ T8731] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  111.940434][ T8731] bridge1: left promiscuous mode
[  112.790970][   T33] audit: type=1800 audit(1751646859.760:13): pid=8753 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.846" name="cgroup.controllers" dev="tmpfs" ino=1478 res=0 errno=0
[  112.914374][ T8756] netlink: 'syz.0.847': attribute type 9 has an invalid length.
[  112.921229][ T8756] hsr0: entered promiscuous mode
[  112.925009][ T8756] macvlan2: entered promiscuous mode
[  112.927273][ T8756] macvlan2: entered allmulticast mode
[  112.929408][ T8756] hsr0: entered allmulticast mode
[  112.931184][ T8756] hsr_slave_0: entered allmulticast mode
[  112.934530][ T8756] hsr_slave_1: entered allmulticast mode
[  112.948011][ T8756] netlink: 'syz.0.847': attribute type 9 has an invalid length.
[  112.955251][ T8756] macvlan3: entered promiscuous mode
[  112.957201][ T8756] macvlan3: entered allmulticast mode
[  113.029630][ T8760] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input88
[  113.129916][ T8765] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input89
[  113.240720][ T8769] can: request_module (can-proto-4) failed.
[  113.317468][ T8778] netlink: 'syz.2.854': attribute type 3 has an invalid length.
[  113.320214][  T972] hid-generic 0005:16BF:5505.0021: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  113.397576][ T8785] xt_time: invalid argument - start or stop time greater than 23:59:59
[  113.406766][ T8785] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input90
[  113.487248][ T8789] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input91
[  113.565415][ T8787] netlink: 'syz.1.855': attribute type 8 has an invalid length.
[  113.855360][   T33] audit: type=1800 audit(1751646860.820:14): pid=8794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.859" name="cgroup.controllers" dev="tmpfs" ino=1368 res=0 errno=0
[  114.286620][ T5844] hid-generic 0005:16BF:5505.0022: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  114.552724][ T5863] hid-generic 0005:16C0:5505.0023: unknown main item tag 0x0
[  114.557118][ T5863] hid-generic 0005:16C0:5505.0023: unknown main item tag 0x0
[  114.571831][ T5863] hid-generic 0005:16C0:5505.0023: unknown main item tag 0x0
[  114.574624][ T5863] hid-generic 0005:16C0:5505.0023: unknown main item tag 0x0
[  114.577065][ T5863] hid-generic 0005:16C0:5505.0023: unknown main item tag 0x0
[  114.579539][ T5863] hid-generic 0005:16C0:5505.0023: unknown main item tag 0x0
[  114.585221][ T5863] hid-generic 0005:16C0:5505.0023: unknown main item tag 0x3
[  114.587669][ T5863] hid-generic 0005:16C0:5505.0023: item fetching failed at offset 17/19
[  114.590810][ T5863] hid-generic 0005:16C0:5505.0023: probe with driver hid-generic failed with error -22
[  114.623735][ T8839] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input92
[  114.751666][ T8846] warn_alloc: 1 callbacks suppressed
[  114.751677][ T8846] syz.0.874: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  114.765854][ T8846] CPU: 1 UID: 0 PID: 8846 Comm: syz.0.874 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  114.765868][ T8846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  114.765874][ T8846] Call Trace:
[  114.765878][ T8846]  <TASK>
[  114.765883][ T8846]  dump_stack_lvl+0x189/0x250
[  114.765906][ T8846]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.765919][ T8846]  ? __pfx__printk+0x10/0x10
[  114.765931][ T8846]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  114.765941][ T8846]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  114.765950][ T8846]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  114.765961][ T8846]  warn_alloc+0x214/0x310
[  114.765972][ T8846]  ? stack_depot_save_flags+0x40/0x900
[  114.765985][ T8846]  ? __pfx_warn_alloc+0x10/0x10
[  114.765995][ T8846]  ? kasan_save_track+0x4f/0x80
[  114.766006][ T8846]  ? xskq_create+0x56/0x170
[  114.766017][ T8846]  ? xsk_init_queue+0xb0/0x110
[  114.766028][ T8846]  ? xsk_setsockopt+0x43f/0x710
[  114.766036][ T8846]  ? do_sock_setsockopt+0x25a/0x3e0
[  114.766046][ T8846]  ? __x64_sys_setsockopt+0x18b/0x220
[  114.766053][ T8846]  ? do_syscall_64+0xfa/0x3b0
[  114.766060][ T8846]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.766070][ T8846]  __vmalloc_node_range_noprof+0x125/0x12f0
[  114.766101][ T8846]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  114.766114][ T8846]  ? __kasan_kmalloc+0x93/0xb0
[  114.766122][ T8846]  vmalloc_user_noprof+0xad/0xf0
[  114.766131][ T8846]  ? xskq_create+0xbf/0x170
[  114.766141][ T8846]  xskq_create+0xbf/0x170
[  114.766152][ T8846]  xsk_init_queue+0xb0/0x110
[  114.766163][ T8846]  xsk_setsockopt+0x43f/0x710
[  114.766174][ T8846]  ? __pfx_xsk_setsockopt+0x10/0x10
[  114.766182][ T8846]  ? __lock_acquire+0xab9/0xd20
[  114.766197][ T8846]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  114.766207][ T8846]  ? __pfx_xsk_setsockopt+0x10/0x10
[  114.766216][ T8846]  do_sock_setsockopt+0x25a/0x3e0
[  114.766226][ T8846]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  114.766236][ T8846]  ? __fget_files+0x2a/0x420
[  114.766249][ T8846]  __x64_sys_setsockopt+0x18b/0x220
[  114.766266][ T8846]  do_syscall_64+0xfa/0x3b0
[  114.766275][ T8846]  ? lockdep_hardirqs_on+0x9c/0x150
[  114.766289][ T8846]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.766297][ T8846]  ? exc_page_fault+0x9f/0xf0
[  114.766313][ T8846]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.766324][ T8846] RIP: 0033:0x7f8d87d8e929
[  114.766335][ T8846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.766345][ T8846] RSP: 002b:00007f8d88bec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  114.766354][ T8846] RAX: ffffffffffffffda RBX: 00007f8d87fb6080 RCX: 00007f8d87d8e929
[  114.766360][ T8846] RDX: 0000000000000006 RSI: 000000000000011b RDI: 000000000000000a
[  114.766364][ T8846] RBP: 00007f8d87e10b39 R08: 0000000000000004 R09: 0000000000000000
[  114.766368][ T8846] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  114.766372][ T8846] R13: 0000000000000000 R14: 00007f8d87fb6080 R15: 00007ffc62166618
[  114.766384][ T8846]  </TASK>
[  114.766387][ T8846] Mem-Info:
[  114.883275][ T8846] active_anon:13921 inactive_anon:0 isolated_anon:0
[  114.883275][ T8846]  active_file:1060 inactive_file:38225 isolated_file:0
[  114.883275][ T8846]  unevictable:3774 dirty:73 writeback:0
[  114.883275][ T8846]  slab_reclaimable:9586 slab_unreclaimable:54128
[  114.883275][ T8846]  mapped:20220 shmem:4549 pagetables:1072
[  114.883275][ T8846]  sec_pagetables:0 bounce:0
[  114.883275][ T8846]  kernel_misc_reclaimable:0
[  114.883275][ T8846]  free:285921 free_pcp:23748 free_cma:0
[  114.899088][ T8846] Node 0 active_anon:11832kB inactive_anon:0kB active_file:3400kB inactive_file:148180kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:38292kB dirty:220kB writeback:0kB shmem:5324kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7408kB pagetables:2488kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  114.912578][ T8846] Node 1 active_anon:43716kB inactive_anon:0kB active_file:840kB inactive_file:4720kB unevictable:11560kB isolated(anon):0kB isolated(file):0kB mapped:42588kB dirty:72kB writeback:0kB shmem:12872kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5168kB pagetables:1664kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  114.932728][   T33] audit: type=1800 audit(1751646861.900:15): pid=8845 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.873" name="cgroup.controllers" dev="tmpfs" ino=1630 res=0 errno=0
[  114.965162][ T8850] __nla_validate_parse: 6 callbacks suppressed
[  114.965174][ T8850] netlink: 4308 bytes leftover after parsing attributes in process `syz.2.876'.
[  114.980067][ T8846] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  114.992596][ T8846] lowmem_reserve[]: 0 815 815 815 815
[  114.995005][ T8846] Node 0 DMA32 free:242600kB boost:0kB min:33716kB low:42144kB high:50572kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11832kB inactive_anon:0kB active_file:3400kB inactive_file:148180kB unevictable:3536kB writepending:220kB present:1556484kB managed:834740kB mlocked:0kB bounce:0kB free_pcp:42048kB local_pcp:13512kB free_cma:0kB
[  115.008661][ T8846] lowmem_reserve[]: 0 0 0 0 0
[  115.010624][ T8846] Node 1 DMA32 free:458616kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  115.015688][  T791] hid-generic 0005:16C0:5505.0024: unknown main item tag 0x0
[  115.024790][ T8846] lowmem_reserve[]: 0 0 854 854 854
[  115.026203][  T791] hid-generic 0005:16C0:5505.0024: unknown main item tag 0x0
[  115.027545][ T8846] Node 1 
[  115.030030][  T791] hid-generic 0005:16C0:5505.0024: unknown main item tag 0x0
[  115.033841][ T8846] Normal free:426952kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:43716kB inactive_anon:0kB active_file:840kB inactive_file:4720kB unevictable:3536kB writepending:72kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:62324kB local_pcp:40616kB free_cma:0kB
[  115.033870][ T8846] lowmem_reserve[]: 0 0 0 0 0
[  115.033890][ T8846] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  115.033963][ T8846] Node 0 
[  115.035576][  T791] hid-generic 0005:16C0:5505.0024: unknown main item tag 0x0
[  115.045179][ T8846] DMA32: 
[  115.046756][  T791] hid-generic 0005:16C0:5505.0024: unknown main item tag 0x0
[  115.051642][ T8846] 641*4kB 
[  115.056565][  T791] hid-generic 0005:16C0:5505.0024: unknown main item tag 0x0
[  115.062270][ T8846] (UME) 478*8kB (UE) 111*16kB (UE) 58*32kB (UME) 54*64kB (UME) 68*128kB (UME) 19*256kB (UM) 6*512kB (UME) 3*1024kB (M) 4*2048kB (ME) 49*4096kB (M) = 242084kB
[  115.068249][ T8846] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  115.069170][  T791] hid-generic 0005:16C0:5505.0024: unknown main item tag 0x3
[  115.077033][  T791] hid-generic 0005:16C0:5505.0024: item fetching failed at offset 17/19
[  115.077935][ T8846] Node 1 Normal: 153*4kB (UME) 585*8kB (UM) 490*16kB (UM) 411*32kB (UME) 84*64kB (UME) 36*128kB (UME) 18*256kB (UME) 10*512kB (UME) 4*1024kB (UME) 2*2048kB (U) 91*4096kB (UM) = 426924kB
[  115.080826][  T791] hid-generic 0005:16C0:5505.0024: probe with driver hid-generic failed with error -22
[  115.087502][ T8846] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  115.098966][ T8846] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  115.102213][ T8846] 41845 total pagecache pages
[  115.104049][ T8846] 0 pages in swap cache
[  115.105865][ T8846] Free swap  = 124996kB
[  115.107358][ T8846] Total swap = 124996kB
[  115.108949][ T8846] 786301 pages RAM
[  115.110376][ T8846] 0 pages HighMem/MovableOnly
[  115.112623][ T8846] 240368 pages reserved
[  115.114257][ T8846] 0 pages cma reserved
[  115.183107][ T8859] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[  115.262576][ T8863] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input93
[  115.442892][ T8878] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input94
[  116.069720][ T8911] syz_tun: entered allmulticast mode
[  116.166631][ T8914] netlink: 'syz.1.896': attribute type 1 has an invalid length.
[  116.169926][ T8914] netlink: 32 bytes leftover after parsing attributes in process `syz.1.896'.
[  116.174179][ T8914] netlink: 4 bytes leftover after parsing attributes in process `syz.1.896'.
[  116.231275][ T8915] netlink: 60 bytes leftover after parsing attributes in process `syz.1.896'.
[  116.237627][ T8914] netlink: 60 bytes leftover after parsing attributes in process `syz.1.896'.
[  116.739336][ T8927] netlink: 9275 bytes leftover after parsing attributes in process `syz.0.901'.
[  116.843726][ T8908] syz_tun: left allmulticast mode
[  117.112128][   T55] Bluetooth: hci2: command 0x040f tx timeout
[  117.569272][ T8942] netlink: 8 bytes leftover after parsing attributes in process `syz.0.906'.
[  117.569711][ T8943] netlink: 8 bytes leftover after parsing attributes in process `syz.0.906'.
[  117.576551][ T8942] netlink: 12 bytes leftover after parsing attributes in process `syz.0.906'.
[  118.499729][ T8962] netlink: 16 bytes leftover after parsing attributes in process `syz.0.913'.
[  118.844753][ T8981] netlink: 'syz.2.919': attribute type 3 has an invalid length.
[  118.900378][ T8984] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input95
[  119.368368][ T9000] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  120.246345][ T9034] netlink: 'syz.0.933': attribute type 1 has an invalid length.
[  120.248875][ T9034] netlink: 'syz.0.933': attribute type 4 has an invalid length.
[  120.251418][ T9034] netlink: 188 bytes leftover after parsing attributes in process `syz.0.933'.
[  120.260411][ T9034] NCSI netlink: No device for ifindex 458760
[  120.489447][   T33] audit: type=1800 audit(1751646867.460:16): pid=9037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.935" name="cgroup.controllers" dev="tmpfs" ino=1512 res=0 errno=0
[  120.593904][ T5863] hid-generic 0005:16C0:5505.0025: unknown main item tag 0x0
[  120.597574][ T5863] hid-generic 0005:16C0:5505.0025: unknown main item tag 0x0
[  120.600625][ T5863] hid-generic 0005:16C0:5505.0025: unknown main item tag 0x0
[  120.605843][ T5863] hid-generic 0005:16C0:5505.0025: unknown main item tag 0x0
[  120.608634][ T9060] netlink: 88 bytes leftover after parsing attributes in process `syz.0.942'.
[  120.608961][ T5863] hid-generic 0005:16C0:5505.0025: unknown main item tag 0x0
[  120.615015][ T5863] hid-generic 0005:16C0:5505.0025: unknown main item tag 0x0
[  120.618165][ T5863] hid-generic 0005:16C0:5505.0025: unknown main item tag 0x3
[  120.621305][ T5863] hid-generic 0005:16C0:5505.0025: item fetching failed at offset 17/19
[  120.626926][ T5863] hid-generic 0005:16C0:5505.0025: probe with driver hid-generic failed with error -22
[  120.783003][ T9075] netlink: 'syz.1.945': attribute type 8 has an invalid length.
[  120.979217][ T9094] netlink: 'syz.2.952': attribute type 1 has an invalid length.
[  121.960259][ T5844] hid-generic 0005:10CF:05DF.0026: item fetching failed at offset 0/1
[  121.972351][ T5844] hid-generic 0005:10CF:05DF.0026: probe with driver hid-generic failed with error -22
[  122.164935][   T33] audit: type=1800 audit(1751646869.140:17): pid=9159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.966" name="cgroup.controllers" dev="tmpfs" ino=1670 res=0 errno=0
[  122.291141][ T9187] netlink: 8 bytes leftover after parsing attributes in process `syz.1.972'.
[  122.295235][ T9187] netlink: 4 bytes leftover after parsing attributes in process `syz.1.972'.
[  122.300912][ T9187] netlink: 'syz.1.972': attribute type 1 has an invalid length.
[  122.304805][ T9187] netlink: 10 bytes leftover after parsing attributes in process `syz.1.972'.
[  122.521993][ T9205] !: renamed from dummy0
[  122.539490][ T9207] netlink: 12 bytes leftover after parsing attributes in process `syz.1.977'.
[  122.548769][ T9207] netlink: 12 bytes leftover after parsing attributes in process `syz.1.977'.
[  122.552954][ T9207] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  123.305577][ T9242] netlink: 24 bytes leftover after parsing attributes in process `syz.0.979'.
[  123.547085][ T9270] netlink: 8 bytes leftover after parsing attributes in process `syz.0.980'.
[  123.662166][ T9281] netlink: 'syz.0.983': attribute type 178 has an invalid length.
[  123.853259][ T9297] netlink: 8 bytes leftover after parsing attributes in process `syz.1.987'.
[  123.886428][ T5863] hid-generic 0005:16BF:5505.0027: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  123.922513][ T9304] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input96
[  124.024148][ T9312] netlink: 'syz.0.990': attribute type 1 has an invalid length.
[  124.057910][ T9316] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input97
[  124.144122][ T9323] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  124.348950][ T9344] syzkaller1: entered promiscuous mode
[  124.350710][ T9344] syzkaller1: entered allmulticast mode
[  124.583572][ T9367] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input98
[  124.951397][  T791] hid-generic 0005:16C0:5505.0028: unknown main item tag 0x0
[  124.956467][  T791] hid-generic 0005:16C0:5505.0028: unknown main item tag 0x0
[  124.960482][  T791] hid-generic 0005:16C0:5505.0028: unknown main item tag 0x0
[  124.964090][  T791] hid-generic 0005:16C0:5505.0028: unknown main item tag 0x0
[  124.966771][  T791] hid-generic 0005:16C0:5505.0028: unknown main item tag 0x0
[  124.969256][  T791] hid-generic 0005:16C0:5505.0028: unknown main item tag 0x0
[  124.972273][  T791] hid-generic 0005:16C0:5505.0028: unknown main item tag 0x3
[  124.974797][  T791] hid-generic 0005:16C0:5505.0028: item fetching failed at offset 17/19
[  124.977683][  T791] hid-generic 0005:16C0:5505.0028: probe with driver hid-generic failed with error -22
[  124.983125][ T9399] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input99
[  125.175217][  T972] hid-generic 0005:16C0:5505.0029: unknown main item tag 0x0
[  125.179861][  T972] hid-generic 0005:16C0:5505.0029: unknown main item tag 0x0
[  125.182535][  T972] hid-generic 0005:16C0:5505.0029: unknown main item tag 0x0
[  125.184823][  T972] hid-generic 0005:16C0:5505.0029: unknown main item tag 0x0
[  125.187445][  T972] hid-generic 0005:16C0:5505.0029: unknown main item tag 0x0
[  125.189924][  T972] hid-generic 0005:16C0:5505.0029: unknown main item tag 0x0
[  125.195402][  T972] hid-generic 0005:16C0:5505.0029: unknown main item tag 0x3
[  125.197888][  T972] hid-generic 0005:16C0:5505.0029: item fetching failed at offset 17/19
[  125.201112][  T972] hid-generic 0005:16C0:5505.0029: probe with driver hid-generic failed with error -22
[  125.240334][ T9421] netlink: 'syz.2.1021': attribute type 1 has an invalid length.
[  125.290685][ T9427] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input100
[  125.586942][ T9452] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input101
[  126.363554][ T9469] syz.1.1035 (9469) used obsolete PPPIOCDETACH ioctl
[  126.545978][ T9474] netlink: 'syz.1.1036': attribute type 8 has an invalid length.
[  126.553210][ T9477] __nla_validate_parse: 2 callbacks suppressed
[  126.553226][ T9477] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1037'.
[  126.769732][ T9488] netlink: 'syz.0.1041': attribute type 4 has an invalid length.
[  126.775699][ T9488] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1041'.
[  126.874181][ T9495] netlink: 'syz.0.1043': attribute type 2 has an invalid length.
[  126.877029][ T9495] netlink: 'syz.0.1043': attribute type 2 has an invalid length.
[  127.366930][ T9503] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input102
[  127.397291][ T9503] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1046'.
[  127.463398][ T9510] bridge0: port 4(erspan0) entered blocking state
[  127.465756][ T9510] bridge0: port 4(erspan0) entered disabled state
[  127.468448][ T9510] erspan0: entered allmulticast mode
[  127.470931][ T9510] erspan0: entered promiscuous mode
[  127.479136][ T9510] erspan0: left allmulticast mode
[  127.480744][ T9510] erspan0: left promiscuous mode
[  127.483174][ T9510] bridge0: port 4(erspan0) entered disabled state
[  127.508744][ T9513] x_tables: duplicate underflow at hook 1
[  127.787334][ T9534] netlink: 428 bytes leftover after parsing attributes in process `syz.0.1055'.
[  127.790895][ T9534] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1055'.
[  127.840541][ T9536] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1056'.
[  127.846442][ T9536] netlink: 'syz.2.1056': attribute type 13 has an invalid length.
[  127.850705][ T9536] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1056'.
[  127.856207][ T9536] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (6)
[  127.943615][ T5844] hid-generic 0005:16BF:5505.002A: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  127.999895][ T9551] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1058'.
[  128.011387][ T9551] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1058'.
[  128.170204][ T9558] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1061'.
[  128.791456][ T9587] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input103
[  128.904181][ T9592] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input104
[  128.940452][ T9592] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  128.956463][ T9592] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  128.981665][ T5844] hid-generic 0005:10CF:05DF.002B: item fetching failed at offset 0/1
[  129.004452][ T5844] hid-generic 0005:10CF:05DF.002B: probe with driver hid-generic failed with error -22
[  129.328684][ T9614] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  130.767901][ T9650] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input105
[  131.010685][ T9668] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input106
[  131.126975][ T9690] netlink: 'syz.1.1098': attribute type 3 has an invalid length.
[  131.134799][ T9690] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  131.137745][ T9690] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  131.140575][ T9690] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  131.144473][ T9690] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  131.339082][ T9706] netlink: 'syz.2.1103': attribute type 1 has an invalid length.
[  131.884921][ T9708] __nla_validate_parse: 2 callbacks suppressed
[  131.884936][ T9708] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1104'.
[  132.146790][ T9727] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1108'.
[  132.151165][ T9724] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1108'.
[  132.164679][ T9724] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input107
[  132.192551][ T9731] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  132.257280][ T9735] warn_alloc: 1 callbacks suppressed
[  132.257322][ T9735] syz.1.1111: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  132.270805][ T9735] CPU: 1 UID: 0 PID: 9735 Comm: syz.1.1111 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  132.270819][ T9735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  132.270825][ T9735] Call Trace:
[  132.270830][ T9735]  <TASK>
[  132.270834][ T9735]  dump_stack_lvl+0x189/0x250
[  132.270853][ T9735]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.270865][ T9735]  ? __pfx__printk+0x10/0x10
[  132.270874][ T9735]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  132.270884][ T9735]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  132.270893][ T9735]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  132.270903][ T9735]  warn_alloc+0x214/0x310
[  132.270914][ T9735]  ? stack_depot_save_flags+0x40/0x900
[  132.270926][ T9735]  ? __pfx_warn_alloc+0x10/0x10
[  132.270935][ T9735]  ? kasan_save_track+0x4f/0x80
[  132.270946][ T9735]  ? xskq_create+0x56/0x170
[  132.270956][ T9735]  ? xsk_init_queue+0xb0/0x110
[  132.270965][ T9735]  ? xsk_setsockopt+0x43f/0x710
[  132.270973][ T9735]  ? do_sock_setsockopt+0x25a/0x3e0
[  132.270980][ T9735]  ? __x64_sys_setsockopt+0x18b/0x220
[  132.270987][ T9735]  ? do_syscall_64+0xfa/0x3b0
[  132.270994][ T9735]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.271005][ T9735]  __vmalloc_node_range_noprof+0x125/0x12f0
[  132.271025][ T9735]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  132.271033][ T9735]  ? xskq_create+0x56/0x170
[  132.271045][ T9735]  ? __kasan_kmalloc+0x93/0xb0
[  132.271054][ T9735]  vmalloc_user_noprof+0xad/0xf0
[  132.271063][ T9735]  ? xskq_create+0xbf/0x170
[  132.271075][ T9735]  xskq_create+0xbf/0x170
[  132.271087][ T9735]  xsk_init_queue+0xb0/0x110
[  132.271098][ T9735]  xsk_setsockopt+0x43f/0x710
[  132.271110][ T9735]  ? __pfx_xsk_setsockopt+0x10/0x10
[  132.271122][ T9735]  ? __lock_acquire+0xab9/0xd20
[  132.271142][ T9735]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  132.271155][ T9735]  ? __pfx_xsk_setsockopt+0x10/0x10
[  132.271165][ T9735]  do_sock_setsockopt+0x25a/0x3e0
[  132.271175][ T9735]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  132.271185][ T9735]  ? __fget_files+0x2a/0x420
[  132.271196][ T9735]  __x64_sys_setsockopt+0x18b/0x220
[  132.271207][ T9735]  do_syscall_64+0xfa/0x3b0
[  132.271214][ T9735]  ? lockdep_hardirqs_on+0x9c/0x150
[  132.271229][ T9735]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.271240][ T9735]  ? exc_page_fault+0x9f/0xf0
[  132.271255][ T9735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.271262][ T9735] RIP: 0033:0x7f75dfb8e929
[  132.271270][ T9735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.271276][ T9735] RSP: 002b:00007f75e0a8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  132.271286][ T9735] RAX: ffffffffffffffda RBX: 00007f75dfdb6080 RCX: 00007f75dfb8e929
[  132.271325][ T9735] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009
[  132.271332][ T9735] RBP: 00007f75dfc10b39 R08: 0000000000000004 R09: 0000000000000000
[  132.271340][ T9735] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  132.271348][ T9735] R13: 0000000000000000 R14: 00007f75dfdb6080 R15: 00007fff331b2c08
[  132.271365][ T9735]  </TASK>
[  132.271368][ T9735] Mem-Info:
[  132.394761][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  132.397582][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  132.408240][ T9735] active_anon:13892 inactive_anon:0 isolated_anon:0
[  132.408240][ T9735]  active_file:1077 inactive_file:38231 isolated_file:0
[  132.408240][ T9735]  unevictable:1768 dirty:126 writeback:0
[  132.408240][ T9735]  slab_reclaimable:9478 slab_unreclaimable:54572
[  132.408240][ T9735]  mapped:18269 shmem:2552 pagetables:1024
[  132.408240][ T9735]  sec_pagetables:0 bounce:0
[  132.408240][ T9735]  kernel_misc_reclaimable:0
[  132.408240][ T9735]  free:295656 free_pcp:15152 free_cma:0
[  132.428281][ T9735] Node 0 active_anon:12036kB inactive_anon:0kB active_file:3380kB inactive_file:148204kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:38428kB dirty:324kB writeback:0kB shmem:5348kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7540kB pagetables:2560kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  132.444609][ T9735] Node 1 active_anon:43532kB inactive_anon:0kB active_file:928kB inactive_file:4720kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:34648kB dirty:180kB writeback:0kB shmem:4860kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5128kB pagetables:1604kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  132.459660][ T9735] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  132.474857][ T9735] lowmem_reserve[]: 0 815 815 815 815
[  132.477680][ T9735] Node 0 DMA32 free:252392kB boost:0kB min:33716kB low:42144kB high:50572kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12184kB inactive_anon:0kB active_file:3380kB inactive_file:148212kB unevictable:3536kB writepending:324kB present:1556484kB managed:834740kB mlocked:0kB bounce:0kB free_pcp:26560kB local_pcp:19668kB free_cma:0kB
[  132.491087][ T9735] lowmem_reserve[]: 0 0 0 0 0
[  132.493696][ T9735] Node 1 DMA32 free:458616kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  132.507475][ T9735] lowmem_reserve[]: 0 0 854 854 854
[  132.510892][ T9735] Node 1 Normal free:456032kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:43488kB inactive_anon:0kB active_file:928kB inactive_file:4720kB unevictable:3536kB writepending:180kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:34116kB local_pcp:17584kB free_cma:0kB
[  132.517047][ T9754] tipc: Started in network mode
[  132.525431][ T9735] lowmem_reserve[]: 0 0 0
[  132.525607][ T9754] tipc: Node identity , cluster identity 4711
[  132.525745][ T9735]  0
[  132.527464][ T9754] tipc: Failed to obtain node identity
[  132.529803][ T9735]  0
[  132.530680][ T9754] tipc: Enabling of bearer <eth:gre0> rejected, failed to enable media
[  132.533308][ T9735] 
[  132.543330][ T9735] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  132.561520][ T9735] Node 0 DMA32: 4*4kB (UME) 29*8kB (UE) 91*16kB (UME) 448*32kB (UME) 187*64kB (UME) 89*128kB (UME) 34*256kB (UM) 7*512kB (UME) 4*1024kB 
[  132.569279][ T9754] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input108
[  132.580104][ T9735] (UM) 6*2048kB (UME) 45*4096kB (UM) = 252392kB
[  132.583312][ T9735] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  132.598573][ T9735] Node 1 Normal: 378*4kB (UME) 269*8kB (UME) 549*16kB (UM) 558*32kB (UME) 234*64kB (UME) 83*128kB (UME) 27*256kB (UME) 14*512kB (UME) 3*1024kB (UME) 3*2048kB (UM) 92*4096kB (UM) = 456032kB
[  132.617486][ T9735] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  132.632587][ T9735] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  132.642964][ T9735] 41861 total pagecache pages
[  132.648474][ T9735] 0 pages in swap cache
[  132.650427][ T9735] Free swap  = 124996kB
[  132.653153][ T9735] Total swap = 124996kB
[  132.655107][ T9735] 786301 pages RAM
[  132.656887][ T9735] 0 pages HighMem/MovableOnly
[  132.659063][ T9735] 240368 pages reserved
[  132.661053][ T9735] 0 pages cma reserved
[  132.810824][ T5844] hid-generic 0005:10CF:05DF.002C: item fetching failed at offset 0/1
[  132.819766][ T5844] hid-generic 0005:10CF:05DF.002C: probe with driver hid-generic failed with error -22
[  132.832886][ T9777] block nbd0: NBD_DISCONNECT
[  132.834803][ T9777] block nbd0: Send disconnect failed -107
[  132.837115][ T9777] block nbd0: Disconnected due to user request.
[  132.839236][ T9777] block nbd0: shutting down sockets
[  133.706037][   T56] block nbd1: Receive control failed (result -32)
[  133.955379][  T972] hid-generic 0005:10CF:05DF.002D: item fetching failed at offset 0/1
[  133.959218][  T972] hid-generic 0005:10CF:05DF.002D: probe with driver hid-generic failed with error -22
[  148.546847][ T5819] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  148.550559][ T5819] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  148.553711][ T5819] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  148.556452][ T5819] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  148.559599][ T5819] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  148.613570][   T55] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  148.619652][   T55] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  148.625846][   T55] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  148.630488][   T55] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  148.634446][   T55] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  148.686157][ T9803] chnl_net:caif_netlink_parms(): no params data found
[  148.760648][ T9803] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.764252][ T9803] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.766672][ T9803] bridge_slave_0: entered allmulticast mode
[  148.769492][ T9803] bridge_slave_0: entered promiscuous mode
[  148.773705][ T9803] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.776557][ T9803] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.779006][ T9803] bridge_slave_1: entered allmulticast mode
[  148.783270][ T9803] bridge_slave_1: entered promiscuous mode
[  148.811180][ T9803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  148.822649][ T9803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  148.880586][ T9803] team0: Port device team_slave_0 added
[  148.890359][ T9803] team0: Port device team_slave_1 added
[  148.927321][ T9803] batman_adv: batadv0: Adding interface: batadv_slave_0
[  148.930247][ T9803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.941191][ T9803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  148.946735][ T9807] chnl_net:caif_netlink_parms(): no params data found
[  148.955363][ T9803] batman_adv: batadv0: Adding interface: batadv_slave_1
[  148.958093][ T9803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.968436][ T9803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  149.066172][ T9803] hsr_slave_0: entered promiscuous mode
[  149.069279][ T9803] hsr_slave_1: entered promiscuous mode
[  149.072447][ T9803] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  149.075623][ T9803] Cannot create hsr debugfs directory
[  149.085840][ T9807] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.088256][ T9807] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.090574][ T9807] bridge_slave_0: entered allmulticast mode
[  149.093765][ T9807] bridge_slave_0: entered promiscuous mode
[  149.097138][ T9807] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.099422][ T9807] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.102570][ T9807] bridge_slave_1: entered allmulticast mode
[  149.105175][ T9807] bridge_slave_1: entered promiscuous mode
[  149.150249][ T9807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  149.159551][ T9807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  149.206253][ T9807] team0: Port device team_slave_0 added
[  149.223902][ T9807] team0: Port device team_slave_1 added
[  149.262275][ T9807] batman_adv: batadv0: Adding interface: batadv_slave_0
[  149.265301][ T9807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.276048][ T9807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  149.284824][ T9807] batman_adv: batadv0: Adding interface: batadv_slave_1
[  149.288897][ T9807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.299963][ T9807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  149.350328][ T9807] hsr_slave_0: entered promiscuous mode
[  149.353835][ T9807] hsr_slave_1: entered promiscuous mode
[  149.356653][ T9807] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  149.359644][ T9807] Cannot create hsr debugfs directory
[  149.619157][ T5819] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  149.624179][ T5819] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  149.627921][ T5819] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  149.632357][ T5819] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  149.636023][ T5819] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  149.822244][ T9822] chnl_net:caif_netlink_parms(): no params data found
[  149.883655][ T9822] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.886783][ T9822] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.889867][ T9822] bridge_slave_0: entered allmulticast mode
[  149.894706][ T9822] bridge_slave_0: entered promiscuous mode
[  149.899460][ T9822] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.902619][ T9822] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.905590][ T9822] bridge_slave_1: entered allmulticast mode
[  149.909448][ T9822] bridge_slave_1: entered promiscuous mode
[  149.942162][ T9822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  149.948651][ T9822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  149.979217][ T9822] team0: Port device team_slave_0 added
[  149.985165][ T9822] team0: Port device team_slave_1 added
[  150.002845][ T9822] batman_adv: batadv0: Adding interface: batadv_slave_0
[  150.005220][ T9822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  150.013595][ T9822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  150.017964][ T9822] batman_adv: batadv0: Adding interface: batadv_slave_1
[  150.020185][ T9822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  150.028448][ T9822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  150.062592][ T9822] hsr_slave_0: entered promiscuous mode
[  150.064903][ T9822] hsr_slave_1: entered promiscuous mode
[  150.067059][ T9822] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  150.069481][ T9822] Cannot create hsr debugfs directory
[  150.632016][ T5819] Bluetooth: hci3: command tx timeout
[  150.711999][ T5819] Bluetooth: hci4: command tx timeout
[  151.672271][ T5819] Bluetooth: hci5: command tx timeout
[  152.712305][ T5819] Bluetooth: hci3: command tx timeout
[  152.792045][ T5819] Bluetooth: hci4: command tx timeout
[  153.752252][ T5819] Bluetooth: hci5: command tx timeout
[  154.791966][ T5819] Bluetooth: hci3: command tx timeout
[  154.871942][ T5819] Bluetooth: hci4: command tx timeout
[  155.832069][ T5819] Bluetooth: hci5: command tx timeout
[  156.872037][ T5819] Bluetooth: hci3: command tx timeout
[  156.952079][ T5819] Bluetooth: hci4: command tx timeout
[  157.912063][ T5819] Bluetooth: hci5: command tx timeout
[  180.551930][   T55] Bluetooth: hci1: command 0x0406 tx timeout
[  193.835202][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  193.837977][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  208.605967][   T55] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  208.612513][   T55] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  208.616548][   T55] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  208.620598][   T55] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  208.624698][   T55] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  208.779278][ T9832] chnl_net:caif_netlink_parms(): no params data found
[  208.854599][ T9832] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.857641][ T9832] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.860403][ T9832] bridge_slave_0: entered allmulticast mode
[  208.864564][ T9832] bridge_slave_0: entered promiscuous mode
[  208.869580][ T9832] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.873221][ T9832] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.876239][ T9832] bridge_slave_1: entered allmulticast mode
[  208.879996][ T9832] bridge_slave_1: entered promiscuous mode
[  208.909954][ T9832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  208.917289][ T9832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  208.948793][ T9832] team0: Port device team_slave_0 added
[  208.953856][ T9832] team0: Port device team_slave_1 added
[  208.983517][ T9832] batman_adv: batadv0: Adding interface: batadv_slave_0
[  208.986491][ T9832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  208.997746][ T9832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  209.003832][ T9832] batman_adv: batadv0: Adding interface: batadv_slave_1
[  209.006693][ T9832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.017931][ T9832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  209.050693][ T9832] hsr_slave_0: entered promiscuous mode
[  209.053418][ T9832] hsr_slave_1: entered promiscuous mode
[  209.055853][ T9832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  209.058917][ T9832] Cannot create hsr debugfs directory
[  209.624952][   T55] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  209.629338][   T55] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  209.633710][   T55] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  209.637485][   T55] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  209.644843][ T5205] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  209.647759][ T5821] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  209.653336][ T5205] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  209.657295][ T5205] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  209.668197][ T5819] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  209.671641][ T5819] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  209.841201][ T9844] chnl_net:caif_netlink_parms(): no params data found
[  209.878241][ T9846] chnl_net:caif_netlink_parms(): no params data found
[  209.950050][ T9844] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.953469][ T9844] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.956630][ T9844] bridge_slave_0: entered allmulticast mode
[  209.960654][ T9844] bridge_slave_0: entered promiscuous mode
[  209.970769][ T9844] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.974480][ T9844] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.977641][ T9844] bridge_slave_1: entered allmulticast mode
[  209.982370][ T9844] bridge_slave_1: entered promiscuous mode
[  210.015658][ T9846] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.018010][ T9846] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.020475][ T9846] bridge_slave_0: entered allmulticast mode
[  210.023732][ T9846] bridge_slave_0: entered promiscuous mode
[  210.039879][ T9846] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.042543][ T9846] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.044977][ T9846] bridge_slave_1: entered allmulticast mode
[  210.047765][ T9846] bridge_slave_1: entered promiscuous mode
[  210.055102][ T9844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  210.074415][ T9844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  210.100471][ T9846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  210.118908][ T9846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  210.125807][ T9844] team0: Port device team_slave_0 added
[  210.139248][ T9844] team0: Port device team_slave_1 added
[  210.160350][ T9846] team0: Port device team_slave_0 added
[  210.170932][ T9846] team0: Port device team_slave_1 added
[  210.174463][ T9844] batman_adv: batadv0: Adding interface: batadv_slave_0
[  210.176789][ T9844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  210.185812][ T9844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  210.197206][ T9844] batman_adv: batadv0: Adding interface: batadv_slave_1
[  210.199585][ T9844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  210.208482][ T9844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  210.226698][ T9846] batman_adv: batadv0: Adding interface: batadv_slave_0
[  210.229618][ T9846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  210.240746][ T9846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  210.247078][ T9846] batman_adv: batadv0: Adding interface: batadv_slave_1
[  210.249358][ T9846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  210.258375][ T9846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  210.292541][ T9844] hsr_slave_0: entered promiscuous mode
[  210.295051][ T9844] hsr_slave_1: entered promiscuous mode
[  210.297366][ T9844] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  210.299771][ T9844] Cannot create hsr debugfs directory
[  210.336493][ T9846] hsr_slave_0: entered promiscuous mode
[  210.339414][ T9846] hsr_slave_1: entered promiscuous mode
[  210.342488][ T9846] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  210.345146][ T9846] Cannot create hsr debugfs directory
[  210.712126][   T55] Bluetooth: hci6: command tx timeout
[  211.672153][   T55] Bluetooth: hci7: command tx timeout
[  211.753114][   T55] Bluetooth: hci8: command tx timeout
[  212.791860][   T55] Bluetooth: hci6: command tx timeout
[  213.751995][   T55] Bluetooth: hci7: command tx timeout
[  213.832191][   T55] Bluetooth: hci8: command tx timeout
[  214.872030][   T55] Bluetooth: hci6: command tx timeout
[  215.832002][   T55] Bluetooth: hci7: command tx timeout
[  215.912084][   T55] Bluetooth: hci8: command tx timeout
[  216.961952][   T55] Bluetooth: hci6: command tx timeout
[  217.912017][   T55] Bluetooth: hci7: command tx timeout
[  217.992060][   T55] Bluetooth: hci8: command tx timeout
[  255.274060][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  255.276131][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  268.604422][ T5819] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  268.608390][ T5819] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  268.612125][ T5819] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  268.615260][ T5819] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  268.617827][ T5819] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  268.771096][ T9866] chnl_net:caif_netlink_parms(): no params data found
[  268.843463][ T9866] bridge0: port 1(bridge_slave_0) entered blocking state
[  268.847205][ T9866] bridge0: port 1(bridge_slave_0) entered disabled state
[  268.850375][ T9866] bridge_slave_0: entered allmulticast mode
[  268.854885][ T9866] bridge_slave_0: entered promiscuous mode
[  268.859448][ T9866] bridge0: port 2(bridge_slave_1) entered blocking state
[  268.862748][ T9866] bridge0: port 2(bridge_slave_1) entered disabled state
[  268.866204][ T9866] bridge_slave_1: entered allmulticast mode
[  268.870210][ T9866] bridge_slave_1: entered promiscuous mode
[  268.904760][ T9866] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  268.911567][ T9866] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  268.939673][ T9866] team0: Port device team_slave_0 added
[  268.945901][ T9866] team0: Port device team_slave_1 added
[  268.974389][ T9866] batman_adv: batadv0: Adding interface: batadv_slave_0
[  268.977353][ T9866] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  268.988296][ T9866] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  268.995727][ T9866] batman_adv: batadv0: Adding interface: batadv_slave_1
[  268.998759][ T9866] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.009962][ T9866] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  269.050621][ T9866] hsr_slave_0: entered promiscuous mode
[  269.054170][ T9866] hsr_slave_1: entered promiscuous mode
[  269.057197][ T9866] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  269.060440][ T9866] Cannot create hsr debugfs directory
[  269.647319][ T5819] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  269.651002][ T5819] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  269.654233][ T5819] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  269.657280][ T5819] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  269.660013][ T5819] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  269.785658][ T9877] chnl_net:caif_netlink_parms(): no params data found
[  269.843378][ T9877] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.846224][ T9877] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.848930][ T9877] bridge_slave_0: entered allmulticast mode
[  269.851575][ T9877] bridge_slave_0: entered promiscuous mode
[  269.857977][ T9877] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.860413][ T9877] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.863077][ T9877] bridge_slave_1: entered allmulticast mode
[  269.866050][ T9877] bridge_slave_1: entered promiscuous mode
[  269.886110][ T9877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  269.891001][ T9877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  269.919753][ T9877] team0: Port device team_slave_0 added
[  269.923617][ T9877] team0: Port device team_slave_1 added
[  269.945524][ T9877] batman_adv: batadv0: Adding interface: batadv_slave_0
[  269.947887][ T9877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.956505][ T9877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  269.960915][ T9877] batman_adv: batadv0: Adding interface: batadv_slave_1
[  269.964093][ T9877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.975048][ T9877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  270.007333][ T9877] hsr_slave_0: entered promiscuous mode
[  270.010174][ T9877] hsr_slave_1: entered promiscuous mode
[  270.012869][ T9877] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  270.015455][ T9877] Cannot create hsr debugfs directory
[  270.633566][   T55] Bluetooth: hci9: command tx timeout
[  270.693372][ T5821] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  270.696758][ T5821] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  270.700067][ T5821] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  270.703919][ T5821] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  270.706888][ T5821] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  270.829045][ T9886] chnl_net:caif_netlink_parms(): no params data found
[  270.875690][ T9886] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.878196][ T9886] bridge0: port 1(bridge_slave_0) entered disabled state
[  270.880619][ T9886] bridge_slave_0: entered allmulticast mode
[  270.884140][ T9886] bridge_slave_0: entered promiscuous mode
[  270.888223][ T9886] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.890905][ T9886] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.894187][ T9886] bridge_slave_1: entered allmulticast mode
[  270.897091][ T9886] bridge_slave_1: entered promiscuous mode
[  270.921143][ T9886] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  270.927139][ T9886] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  270.948031][ T9886] team0: Port device team_slave_0 added
[  270.951693][ T9886] team0: Port device team_slave_1 added
[  270.970259][ T9886] batman_adv: batadv0: Adding interface: batadv_slave_0
[  270.972683][ T9886] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  270.981084][ T9886] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  270.986076][ T9886] batman_adv: batadv0: Adding interface: batadv_slave_1
[  270.988431][ T9886] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  270.997177][ T9886] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  271.026713][ T9886] hsr_slave_0: entered promiscuous mode
[  271.029463][ T9886] hsr_slave_1: entered promiscuous mode
[  271.032292][ T9886] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  271.034805][ T9886] Cannot create hsr debugfs directory
[  271.672033][ T5821] Bluetooth: hci10: command tx timeout
[  272.714527][ T5814] Bluetooth: hci3: command 0x0406 tx timeout
[  272.716710][ T5814] Bluetooth: hci9: command tx timeout
[  272.718539][ T5814] Bluetooth: hci4: command 0x0406 tx timeout
[  272.720623][ T5821] Bluetooth: hci5: command 0x0406 tx timeout
[  272.792131][ T5205] Bluetooth: hci11: command tx timeout
[  273.751993][ T5205] Bluetooth: hci10: command tx timeout
[  274.792113][ T5205] Bluetooth: hci9: command tx timeout
[  274.871993][ T5205] Bluetooth: hci11: command tx timeout
[  275.832245][ T5205] Bluetooth: hci10: command tx timeout
[  276.872090][ T5205] Bluetooth: hci9: command tx timeout
[  276.952186][ T5205] Bluetooth: hci11: command tx timeout
[  277.912017][ T5205] Bluetooth: hci10: command tx timeout
[  279.032475][ T5205] Bluetooth: hci11: command tx timeout
[  294.322523][   T34] INFO: task syz.0.1123:9777 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  294.328705][   T34]       Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0
[  294.332460][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  294.335301][   T34] task:syz.0.1123      state:D stack:25480 pid:9777  tgid:9769  ppid:5811   task_flags:0x400140 flags:0x00004004
[  294.339248][   T34] Call Trace:
[  294.340571][   T34]  <TASK>
[  294.345672][   T34]  __schedule+0x16f5/0x4d00
[  294.347198][   T34]  ? schedule+0x165/0x360
[  294.348678][   T34]  ? __lock_acquire+0xab9/0xd20
[  294.350315][   T34]  ? __pfx___schedule+0x10/0x10
[  294.352264][   T34]  ? schedule+0x91/0x360
[  294.353750][   T34]  schedule+0x165/0x360
[  294.355204][   T34]  schedule_timeout+0x9a/0x270
[  294.356839][   T34]  ? __pfx_schedule_timeout+0x10/0x10
[  294.358692][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  294.360411][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  294.362726][   T34]  ? wait_for_completion+0x267/0x5d0
[  294.364587][   T34]  wait_for_completion+0x2bf/0x5d0
[  294.366393][   T34]  ? __pfx_wait_for_completion+0x10/0x10
[  294.368313][   T34]  ? flush_workqueue_prep_pwqs+0x47c/0x4f0
[  294.370616][   T34]  ? check_flush_dependency+0x88/0x400
[  294.372784][   T34]  __flush_workqueue+0x6f7/0x14b0
[  294.374564][   T34]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  294.376636][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  294.378356][   T34]  ? __pfx___flush_workqueue+0x10/0x10
[  294.380301][   T34]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  294.382839][   T34]  ? __wake_up_common_lock+0x190/0x1f0
[  294.384909][   T34]  nbd_disconnect_and_put+0x9e/0x2a0
[  294.386921][   T34]  nbd_genl_disconnect+0x485/0x570
[  294.388832][   T34]  ? __pfx_nbd_genl_disconnect+0x10/0x10
[  294.390700][   T34]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  294.393567][   T34]  genl_family_rcv_msg_doit+0x215/0x300
[  294.395672][   T34]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  294.397859][   T34]  genl_rcv_msg+0x60e/0x790
[  294.399396][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  294.401334][   T34]  ? __pfx_nbd_genl_disconnect+0x10/0x10
[  294.403992][   T34]  netlink_rcv_skb+0x208/0x470
[  294.405976][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  294.408056][   T34]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  294.410235][   T34]  ? down_read+0x1ad/0x2e0
[  294.412407][   T34]  genl_rcv+0x28/0x40
[  294.414071][   T34]  netlink_unicast+0x75b/0x8d0
[  294.416073][   T34]  netlink_sendmsg+0x805/0xb30
[  294.417993][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  294.419753][   T34]  ? aa_sock_msg_perm+0x94/0x160
[  294.421388][   T34]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  294.423474][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  294.425230][   T34]  __sock_sendmsg+0x21c/0x270
[  294.426798][   T34]  ____sys_sendmsg+0x505/0x830
[  294.428382][   T34]  ? __pfx_____sys_sendmsg+0x10/0x10
[  294.430129][   T34]  ? import_iovec+0x74/0xa0
[  294.432433][   T34]  ___sys_sendmsg+0x21f/0x2a0
[  294.434122][   T34]  ? __pfx____sys_sendmsg+0x10/0x10
[  294.436014][   T34]  ? __fget_files+0x2a/0x420
[  294.437703][   T34]  ? __fget_files+0x3a0/0x420
[  294.439252][   T34]  __x64_sys_sendmsg+0x19b/0x260
[  294.440891][   T34]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  294.443176][   T34]  ? do_user_addr_fault+0xc8a/0x1390
[  294.445101][   T34]  ? do_syscall_64+0xbe/0x3b0
[  294.446818][   T34]  do_syscall_64+0xfa/0x3b0
[  294.448531][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  294.450355][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.453078][   T34]  ? exc_page_fault+0x9f/0xf0
[  294.454721][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.456953][   T34] RIP: 0033:0x7f8d87d8e929
[  294.458762][   T34] RSP: 002b:00007f8d88bec038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  294.462463][   T34] RAX: ffffffffffffffda RBX: 00007f8d87fb6080 RCX: 00007f8d87d8e929
[  294.465736][   T34] RDX: 00000000000000c0 RSI: 0000200000000280 RDI: 0000000000000007
[  294.468945][   T34] RBP: 00007f8d87e10b39 R08: 0000000000000000 R09: 0000000000000000
[  294.472280][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  294.475310][   T34] R13: 0000000000000001 R14: 00007f8d87fb6080 R15: 00007ffc62166618
[  294.478140][   T34]  </TASK>
[  294.479209][   T34] INFO: task syz.2.1127:9784 blocked for more than 143 seconds.
[  294.482303][   T34]       Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0
[  294.485275][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  294.491948][   T34] task:syz.2.1127      state:D stack:28744 pid:9784  tgid:9783  ppid:5818   task_flags:0x400040 flags:0x00004004
[  294.496353][   T34] Call Trace:
[  294.497662][   T34]  <TASK>
[  294.498760][   T34]  __schedule+0x16f5/0x4d00
[  294.500399][   T34]  ? __lock_acquire+0xab9/0xd20
[  294.506687][   T34]  ? __lock_acquire+0xab9/0xd20
[  294.508430][   T34]  ? schedule+0x165/0x360
[  294.509833][   T34]  ? __pfx___schedule+0x10/0x10
[  294.511454][   T34]  ? schedule+0x91/0x360
[  294.513149][   T34]  schedule+0x165/0x360
[  294.514541][   T34]  schedule_preempt_disabled+0x13/0x30
[  294.516273][   T34]  __mutex_lock+0x724/0xe80
[  294.517733][   T34]  ? unwind_get_return_address+0x4d/0x90
[  294.519810][   T34]  ? __mutex_lock+0x51b/0xe80
[  294.521347][   T34]  ? genl_rcv_msg+0x10d/0x790
[  294.523157][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  294.524782][   T34]  ? stack_trace_save+0x9c/0xe0
[  294.526342][   T34]  ? radix_tree_lookup+0x240/0x290
[  294.528017][   T34]  genl_rcv_msg+0x10d/0x790
[  294.529523][   T34]  ? __lock_acquire+0xab9/0xd20
[  294.531145][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  294.535099][   T34]  netlink_rcv_skb+0x208/0x470
[  294.536696][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  294.538356][   T34]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  294.540111][   T34]  ? down_read+0x1ad/0x2e0
[  294.541601][   T34]  genl_rcv+0x28/0x40
[  294.544546][   T34]  netlink_unicast+0x75b/0x8d0
[  294.546100][   T34]  netlink_sendmsg+0x805/0xb30
[  294.548038][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  294.549821][   T34]  ? aa_sock_msg_perm+0x94/0x160
[  294.551627][   T34]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  294.556836][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  294.558517][   T34]  __sock_sendmsg+0x21c/0x270
[  294.559989][   T34]  __sys_sendto+0x3bd/0x520
[  294.561416][   T34]  ? __pfx___sys_sendto+0x10/0x10
[  294.564237][   T34]  ? count_memcg_event_mm+0x21/0x260
[  294.565903][   T34]  ? exc_page_fault+0x76/0xf0
[  294.567372][   T34]  ? do_user_addr_fault+0xc8a/0x1390
[  294.569057][   T34]  __x64_sys_sendto+0xde/0x100
[  294.570550][   T34]  do_syscall_64+0xfa/0x3b0
[  294.572225][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  294.573857][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.575724][   T34]  ? exc_page_fault+0x9f/0xf0
[  294.577188][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.579052][   T34] RIP: 0033:0x7f47d15907bc
[  294.580442][   T34] RSP: 002b:00007f47d2346ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  294.583242][   T34] RAX: ffffffffffffffda RBX: 00007f47d2346fc0 RCX: 00007f47d15907bc
[  294.585747][   T34] RDX: 0000000000000020 RSI: 00007f47d2347010 RDI: 0000000000000004
[  294.588311][   T34] RBP: 0000000000000000 R08: 00007f47d2346f14 R09: 000000000000000c
[  294.590859][   T34] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
[  294.593491][   T34] R13: 00007f47d2346f68 R14: 00007f47d2347010 R15: 0000000000000000
[  294.596043][   T34]  </TASK>
[  294.597140][   T34] INFO: task syz.1.1130:9796 blocked for more than 143 seconds.
[  294.599634][   T34]       Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0
[  294.602342][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  294.605146][   T34] task:syz.1.1130      state:D stack:28312 pid:9796  tgid:9795  ppid:5816   task_flags:0x400140 flags:0x00004004
[  294.608963][   T34] Call Trace:
[  294.610074][   T34]  <TASK>
[  294.611172][   T34]  __schedule+0x16f5/0x4d00
[  294.613656][   T34]  ? __lock_acquire+0xab9/0xd20
[  294.615249][   T34]  ? __lock_acquire+0xab9/0xd20
[  294.616831][   T34]  ? schedule+0x165/0x360
[  294.618200][   T34]  ? __pfx___schedule+0x10/0x10
[  294.619754][   T34]  ? schedule+0x91/0x360
[  294.621108][   T34]  schedule+0x165/0x360
[  294.622606][   T34]  schedule_preempt_disabled+0x13/0x30
[  294.624435][   T34]  __mutex_lock+0x724/0xe80
[  294.626241][   T34]  ? unwind_get_return_address+0x4d/0x90
[  294.628566][   T34]  ? __mutex_lock+0x51b/0xe80
[  294.630572][   T34]  ? genl_rcv_msg+0x10d/0x790
[  294.632851][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  294.634678][   T34]  ? stack_trace_save+0x9c/0xe0
[  294.636742][   T34]  ? radix_tree_lookup+0x240/0x290
[  294.638883][   T34]  genl_rcv_msg+0x10d/0x790
[  294.640772][   T34]  ? __lock_acquire+0xab9/0xd20
[  294.642999][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  294.645200][   T34]  netlink_rcv_skb+0x208/0x470
[  294.647204][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  294.649288][   T34]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  294.651469][   T34]  ? down_read+0x1ad/0x2e0
[  294.654130][   T34]  genl_rcv+0x28/0x40
[  294.655890][   T34]  netlink_unicast+0x75b/0x8d0
[  294.657933][   T34]  netlink_sendmsg+0x805/0xb30
[  294.659885][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  294.662118][   T34]  ? aa_sock_msg_perm+0x94/0x160
[  294.663948][   T34]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  294.665823][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  294.667533][   T34]  __sock_sendmsg+0x21c/0x270
[  294.669232][   T34]  __sys_sendto+0x3bd/0x520
[  294.670775][   T34]  ? __pfx___sys_sendto+0x10/0x10
[  294.672807][   T34]  ? count_memcg_event_mm+0x21/0x260
[  294.674962][   T34]  ? exc_page_fault+0x76/0xf0
[  294.676705][   T34]  ? do_user_addr_fault+0xc8a/0x1390
[  294.678411][   T34]  __x64_sys_sendto+0xde/0x100
[  294.680335][   T34]  do_syscall_64+0xfa/0x3b0
[  294.682494][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  294.684673][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.687110][   T34]  ? exc_page_fault+0x9f/0xf0
[  294.689037][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.691443][   T34] RIP: 0033:0x7f75dfb907bc
[  294.693405][   T34] RSP: 002b:00007f75e0aadec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  294.696783][   T34] RAX: ffffffffffffffda RBX: 00007f75e0aadfc0 RCX: 00007f75dfb907bc
[  294.700066][   T34] RDX: 0000000000000024 RSI: 00007f75e0aae010 RDI: 0000000000000006
[  294.703463][   T34] RBP: 0000000000000000 R08: 00007f75e0aadf14 R09: 000000000000000c
[  294.706177][   T34] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000006
[  294.708725][   T34] R13: 00007f75e0aadf68 R14: 00007f75e0aae010 R15: 0000000000000000
[  294.712058][   T34]  </TASK>
[  294.713267][   T34] INFO: task syz.1.1130:9797 blocked for more than 143 seconds.
[  294.715872][   T34]       Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0
[  294.718689][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  294.721370][   T34] task:syz.1.1130      state:D stack:28312 pid:9797  tgid:9795  ppid:5816   task_flags:0x400040 flags:0x00004004
[  294.725193][   T34] Call Trace:
[  294.726301][   T34]  <TASK>
[  294.727238][   T34]  __schedule+0x16f5/0x4d00
[  294.728717][   T34]  ? __lock_acquire+0xab9/0xd20
[  294.730254][   T34]  ? schedule+0x165/0x360
[  294.731999][   T34]  ? __pfx___schedule+0x10/0x10
[  294.733652][   T34]  ? schedule+0x91/0x360
[  294.735023][   T34]  schedule+0x165/0x360
[  294.736344][   T34]  schedule_preempt_disabled+0x13/0x30
[  294.738123][   T34]  __mutex_lock+0x724/0xe80
[  294.739839][   T34]  ? __mutex_lock+0x51b/0xe80
[  294.742109][   T34]  ? genl_rcv_msg+0x10d/0x790
[  294.743841][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  294.745461][   T34]  ? __pfx___dev_queue_xmit+0x10/0x10
[  294.747330][   T34]  ? radix_tree_lookup+0x240/0x290
[  294.749494][   T34]  genl_rcv_msg+0x10d/0x790
[  294.751422][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  294.753673][   T34]  ? ref_tracker_free+0x63a/0x7d0
[  294.755817][   T34]  ? __copy_skb_header+0xa7/0x550
[  294.757472][   T34]  ? __pfx_ref_tracker_free+0x10/0x10
[  294.759207][   T34]  netlink_rcv_skb+0x208/0x470
[  294.761193][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  294.764121][   T34]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  294.766247][   T34]  ? down_read+0x1ad/0x2e0
[  294.768050][   T34]  genl_rcv+0x28/0x40
[  294.769683][   T34]  netlink_unicast+0x75b/0x8d0
[  294.771703][   T34]  netlink_sendmsg+0x805/0xb30
[  294.773893][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  294.775996][   T34]  ? aa_sock_msg_perm+0x94/0x160
[  294.777894][   T34]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  294.779985][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  294.782089][   T34]  __sock_sendmsg+0x21c/0x270
[  294.783899][   T34]  __sys_sendto+0x3bd/0x520
[  294.785630][   T34]  ? __pfx___sys_sendto+0x10/0x10
[  294.787341][   T34]  ? fd_install+0x97/0x540
[  294.788810][   T34]  ? fd_install+0x30d/0x540
[  294.790467][   T34]  __x64_sys_sendto+0xde/0x100
[  294.792634][   T34]  do_syscall_64+0xfa/0x3b0
[  294.794305][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  294.796364][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.798735][   T34]  ? exc_page_fault+0x9f/0xf0
[  294.800398][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.802427][   T34] RIP: 0033:0x7f75dfb907bc
[  294.803911][   T34] RSP: 002b:00007f75e0a8cec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  294.806546][   T34] RAX: ffffffffffffffda RBX: 00007f75e0a8cfc0 RCX: 00007f75dfb907bc
[  294.809101][   T34] RDX: 000000000000001c RSI: 00007f75e0a8d010 RDI: 0000000000000003
[  294.811852][   T34] RBP: 0000000000000000 R08: 00007f75e0a8cf14 R09: 000000000000000c
[  294.814314][   T34] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  294.817531][   T34] R13: 00007f75e0a8cf68 R14: 00007f75e0a8d010 R15: 0000000000000000
[  294.820856][   T34]  </TASK>
[  294.822346][   T34] INFO: task syz-executor:9803 blocked for more than 143 seconds.
[  294.825628][   T34]       Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0
[  294.828987][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  294.832999][   T34] task:syz-executor    state:D stack:22760 pid:9803  tgid:9803  ppid:1      task_flags:0x400140 flags:0x00004004
[  294.838006][   T34] Call Trace:
[  294.839429][   T34]  <TASK>
[  294.840760][   T34]  __schedule+0x16f5/0x4d00
[  294.842884][   T34]  ? __lock_acquire+0xab9/0xd20
[  294.844919][   T34]  ? __lock_acquire+0xab9/0xd20
[  294.846948][   T34]  ? schedule+0x165/0x360
[  294.848752][   T34]  ? __pfx___schedule+0x10/0x10
[  294.850790][   T34]  ? schedule+0x91/0x360
[  294.852692][   T34]  schedule+0x165/0x360
[  294.854108][   T34]  schedule_preempt_disabled+0x13/0x30
[  294.856274][   T34]  __mutex_lock+0x724/0xe80
[  294.857884][   T34]  ? unwind_get_return_address+0x4d/0x90
[  294.859691][   T34]  ? __mutex_lock+0x51b/0xe80
[  294.861252][   T34]  ? genl_rcv_msg+0x10d/0x790
[  294.862915][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  294.864529][   T34]  ? stack_trace_save+0x9c/0xe0
[  294.866322][   T34]  ? radix_tree_lookup+0x240/0x290
[  294.868029][   T34]  genl_rcv_msg+0x10d/0x790
[  294.869932][   T34]  ? __lock_acquire+0xab9/0xd20
[  294.876249][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  294.878416][   T34]  netlink_rcv_skb+0x208/0x470
[  294.880535][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  294.882754][   T34]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  294.884458][   T34]  ? down_read+0x1ad/0x2e0
[  294.886044][   T34]  genl_rcv+0x28/0x40
[  294.887523][   T34]  netlink_unicast+0x75b/0x8d0
[  294.889570][   T34]  netlink_sendmsg+0x805/0xb30
[  294.891588][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  294.893887][   T34]  ? aa_sock_msg_perm+0x94/0x160
[  294.895909][   T34]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  294.898140][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  294.900368][   T34]  __sock_sendmsg+0x21c/0x270
[  294.902609][   T34]  __sys_sendto+0x3bd/0x520
[  294.904613][   T34]  ? __pfx___sys_sendto+0x10/0x10
[  294.906744][   T34]  ? fd_install+0x97/0x540
[  294.908649][   T34]  ? fd_install+0x30d/0x540
[  294.910619][   T34]  __x64_sys_sendto+0xde/0x100
[  294.912879][   T34]  do_syscall_64+0xfa/0x3b0
[  294.914777][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  294.916907][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.919548][   T34]  ? exc_page_fault+0x9f/0xf0
[  294.921538][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.924034][   T34] RIP: 0033:0x7f74721907bc
[  294.925896][   T34] RSP: 002b:00007ffec33f66a0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  294.929448][   T34] RAX: ffffffffffffffda RBX: 00007f7472ee4620 RCX: 00007f74721907bc
[  294.932405][   T34] RDX: 0000000000000020 RSI: 00007f7472ee4670 RDI: 0000000000000005
[  294.935177][   T34] RBP: 0000000000000000 R08: 00007ffec33f66f4 R09: 000000000000000c
[  294.938434][   T34] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005
[  294.941278][   T34] R13: 00007ffec33f6748 R14: 00007f7472ee4670 R15: 0000000000000000
[  294.944578][   T34]  </TASK>
[  294.945818][   T34] INFO: task syz-executor:9807 blocked for more than 143 seconds.
[  294.948949][   T34]       Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0
[  294.951526][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  294.954624][   T34] task:syz-executor    state:D stack:22392 pid:9807  tgid:9807  ppid:1      task_flags:0x400140 flags:0x00004004
[  294.959001][   T34] Call Trace:
[  294.960300][   T34]  <TASK>
[  294.961429][   T34]  __schedule+0x16f5/0x4d00
[  294.962994][   T34]  ? __lock_acquire+0xab9/0xd20
[  294.964568][   T34]  ? __lock_acquire+0xab9/0xd20
[  294.966519][   T34]  ? schedule+0x165/0x360
[  294.967941][   T34]  ? __pfx___schedule+0x10/0x10
[  294.969705][   T34]  ? schedule+0x91/0x360
[  294.971440][   T34]  schedule+0x165/0x360
[  294.973238][   T34]  schedule_preempt_disabled+0x13/0x30
[  294.975257][   T34]  __mutex_lock+0x724/0xe80
[  294.977124][   T34]  ? unwind_get_return_address+0x4d/0x90
[  294.979402][   T34]  ? __mutex_lock+0x51b/0xe80
[  294.981281][   T34]  ? genl_rcv_msg+0x10d/0x790
[  294.983230][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  294.984964][   T34]  ? stack_trace_save+0x9c/0xe0
[  294.986908][   T34]  ? radix_tree_lookup+0x240/0x290
[  294.988514][   T34]  genl_rcv_msg+0x10d/0x790
[  294.989963][   T34]  ? __lock_acquire+0xab9/0xd20
[  294.991528][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  294.993331][   T34]  netlink_rcv_skb+0x208/0x470
[  294.995158][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  294.996927][   T34]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  294.998623][   T34]  ? down_read+0x1ad/0x2e0
[  295.000109][   T34]  genl_rcv+0x28/0x40
[  295.001458][   T34]  netlink_unicast+0x75b/0x8d0
[  295.003221][   T34]  netlink_sendmsg+0x805/0xb30
[  295.004827][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  295.006586][   T34]  ? aa_sock_msg_perm+0x94/0x160
[  295.008216][   T34]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  295.009967][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  295.011852][   T34]  __sock_sendmsg+0x21c/0x270
[  295.013405][   T34]  __sys_sendto+0x3bd/0x520
[  295.014934][   T34]  ? __pfx___sys_sendto+0x10/0x10
[  295.016628][   T34]  ? fd_install+0x97/0x540
[  295.018152][   T34]  ? fd_install+0x30d/0x540
[  295.019691][   T34]  __x64_sys_sendto+0xde/0x100
[  295.021224][   T34]  do_syscall_64+0xfa/0x3b0
[  295.022809][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  295.024548][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.026457][   T34]  ? exc_page_fault+0x9f/0xf0
[  295.028021][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.029909][   T34] RIP: 0033:0x7f45a07907bc
[  295.031324][   T34] RSP: 002b:00007ffe91d777d0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  295.034171][   T34] RAX: ffffffffffffffda RBX: 00007f45a14e4620 RCX: 00007f45a07907bc
[  295.036682][   T34] RDX: 0000000000000020 RSI: 00007f45a14e4670 RDI: 0000000000000005
[  295.039267][   T34] RBP: 0000000000000000 R08: 00007ffe91d77824 R09: 000000000000000c
[  295.041893][   T34] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005
[  295.044367][   T34] R13: 00007ffe91d77878 R14: 00007f45a14e4670 R15: 0000000000000000
[  295.046836][   T34]  </TASK>
[  295.047833][   T34] INFO: task syz-executor:9822 blocked for more than 144 seconds.
[  295.050322][   T34]       Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0
[  295.053114][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  295.055958][   T34] task:syz-executor    state:D stack:22024 pid:9822  tgid:9822  ppid:1      task_flags:0x400140 flags:0x00004004
[  295.059815][   T34] Call Trace:
[  295.060927][   T34]  <TASK>
[  295.062019][   T34]  __schedule+0x16f5/0x4d00
[  295.063546][   T34]  ? __lock_acquire+0xab9/0xd20
[  295.065180][   T34]  ? __lock_acquire+0xab9/0xd20
[  295.066811][   T34]  ? schedule+0x165/0x360
[  295.068254][   T34]  ? __pfx___schedule+0x10/0x10
[  295.069902][   T34]  ? schedule+0x91/0x360
[  295.071291][   T34]  schedule+0x165/0x360
[  295.072722][   T34]  schedule_preempt_disabled+0x13/0x30
[  295.074416][   T34]  __mutex_lock+0x724/0xe80
[  295.075875][   T34]  ? unwind_get_return_address+0x4d/0x90
[  295.077640][   T34]  ? __mutex_lock+0x51b/0xe80
[  295.079212][   T34]  ? genl_rcv_msg+0x10d/0x790
[  295.080796][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  295.082461][   T34]  ? stack_trace_save+0x9c/0xe0
[  295.084029][   T34]  ? radix_tree_lookup+0x240/0x290
[  295.085661][   T34]  genl_rcv_msg+0x10d/0x790
[  295.087119][   T34]  ? __lock_acquire+0xab9/0xd20
[  295.088690][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  295.090380][   T34]  netlink_rcv_skb+0x208/0x470
[  295.092072][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  295.093720][   T34]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  295.095393][   T34]  ? down_read+0x1ad/0x2e0
[  295.096859][   T34]  genl_rcv+0x28/0x40
[  295.098143][   T34]  netlink_unicast+0x75b/0x8d0
[  295.099723][   T34]  netlink_sendmsg+0x805/0xb30
[  295.101331][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  295.103225][   T34]  ? aa_sock_msg_perm+0x94/0x160
[  295.104880][   T34]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  295.106563][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  295.108237][   T34]  __sock_sendmsg+0x21c/0x270
[  295.109794][   T34]  __sys_sendto+0x3bd/0x520
[  295.111313][   T34]  ? __pfx___sys_sendto+0x10/0x10
[  295.113104][   T34]  ? fd_install+0x97/0x540
[  295.114594][   T34]  ? fd_install+0x30d/0x540
[  295.116057][   T34]  __x64_sys_sendto+0xde/0x100
[  295.117614][   T34]  do_syscall_64+0xfa/0x3b0
[  295.119102][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  295.120830][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.122976][   T34]  ? exc_page_fault+0x9f/0xf0
[  295.124538][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.126475][   T34] RIP: 0033:0x7ffaa07907bc
[  295.127974][   T34] RSP: 002b:00007ffe1f01e2d0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  295.130701][   T34] RAX: ffffffffffffffda RBX: 00007ffaa14e4620 RCX: 00007ffaa07907bc
[  295.133401][   T34] RDX: 0000000000000020 RSI: 00007ffaa14e4670 RDI: 0000000000000005
[  295.135874][   T34] RBP: 0000000000000000 R08: 00007ffe1f01e324 R09: 000000000000000c
[  295.138537][   T34] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005
[  295.141228][   T34] R13: 00007ffe1f01e378 R14: 00007ffaa14e4670 R15: 0000000000000000
[  295.143911][   T34]  </TASK>
[  295.144987][   T34] 
[  295.144987][   T34] Showing all locks held in the system:
[  295.147534][   T34] 1 lock held by khungtaskd/34:
[  295.149191][   T34]  #0: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  295.152560][   T34] 2 locks held by kworker/u13:0/57:
[  295.154217][   T34]  #0: ffff8880220ab148 ((wq_completion)nbd0-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  295.157743][   T34]  #1: ffffc90000a0fbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  295.161481][   T34] 2 locks held by getty/5642:
[  295.163293][   T34]  #0: ffff8881091630a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  295.166422][   T34]  #1: ffffc900025c62f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  295.169737][   T34] 7 locks held by kworker/u10:11/6426:
[  295.171586][   T34] 3 locks held by syz.0.1123/9777:
[  295.173330][   T34]  #0: ffffffff8f576170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  295.175982][   T34]  #1: ffffffff8f575f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  295.178833][   T34]  #2: ffff888107ee0a30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_disconnect_and_put+0x2f/0x2a0
[  295.182204][   T34] 2 locks held by syz.2.1127/9784:
[  295.183875][   T34]  #0: ffffffff8f576170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  295.186445][   T34]  #1: ffffffff8f575f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  295.189250][   T34] 2 locks held by syz.1.1130/9796:
[  295.190924][   T34]  #0: ffffffff8f576170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  295.193669][   T34]  #1: ffffffff8f575f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  295.196524][   T34] 2 locks held by syz.1.1130/9797:
[  295.198113][   T34]  #0: ffffffff8f576170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  295.200725][   T34]  #1: ffffffff8f575f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  295.203765][   T34] 2 locks held by syz-executor/9803:
[  295.205460][   T34]  #0: ffffffff8f576170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  295.208125][   T34]  #1: ffffffff8f575f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  295.211063][   T34] 2 locks held by syz-executor/9807:
[  295.212916][   T34]  #0: ffffffff8f576170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  295.215589][   T34]  #1: ffffffff8f575f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  295.218510][   T34] 2 locks held by syz-executor/9822:
[  295.220171][   T34]  #0: ffffffff8f576170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  295.222847][   T34]  #1: ffffffff8f575f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  295.225801][   T34] 2 locks held by syz-executor/9832:
[  295.227541][   T34]  #0: ffffffff8f576170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  295.230133][   T34]  #1: ffffffff8f575f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  295.233066][   T34] 2 locks held by syz-executor/9844:
[  295.234727][   T34]  #0: ffffffff8f576170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  295.237275][   T34]  #1: ffffffff8f575f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  295.240103][   T34] 2 locks held by syz-executor/9846:
[  295.241886][   T34]  #0: ffffffff8f576170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  295.244439][   T34]  #1: ffffffff8f575f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  295.247193][   T34] 2 locks held by syz-executor/9866:
[  295.248904][   T34]  #0: ffffffff8f576170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  295.251524][   T34]  #1: ffffffff8f575f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  295.254522][   T34] 2 locks held by syz-executor/9877:
[  295.256243][   T34]  #0: ffffffff8f576170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  295.258945][   T34]  #1: ffffffff8f575f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  295.261986][   T34] 2 locks held by syz-executor/9886:
[  295.263747][   T34]  #0: ffffffff8f576170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  295.266420][   T34]  #1: ffffffff8f575f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  295.269265][   T34] 
[  295.270045][   T34] =============================================
[  295.270045][   T34] 
[  295.272882][   T34] NMI backtrace for cpu 0
[  295.272889][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  295.272898][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  295.272903][   T34] Call Trace:
[  295.272906][   T34]  <TASK>
[  295.272910][   T34]  dump_stack_lvl+0x189/0x250
[  295.272922][   T34]  ? __wake_up_klogd+0xd9/0x110
[  295.272932][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  295.272943][   T34]  ? __pfx__printk+0x10/0x10
[  295.272954][   T34]  nmi_cpu_backtrace+0x39e/0x3d0
[  295.272965][   T34]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  295.272972][   T34]  ? _printk+0xcf/0x120
[  295.272981][   T34]  ? __pfx__printk+0x10/0x10
[  295.272989][   T34]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  295.272999][   T34]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  295.273009][   T34]  watchdog+0xfee/0x1030
[  295.273019][   T34]  ? watchdog+0x1de/0x1030
[  295.273030][   T34]  kthread+0x711/0x8a0
[  295.273040][   T34]  ? __pfx_watchdog+0x10/0x10
[  295.273048][   T34]  ? __pfx_kthread+0x10/0x10
[  295.273056][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  295.273066][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  295.273075][   T34]  ? __pfx_kthread+0x10/0x10
[  295.273083][   T34]  ret_from_fork+0x3fc/0x770
[  295.273094][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  295.273105][   T34]  ? __switch_to_asm+0x39/0x70
[  295.273112][   T34]  ? __switch_to_asm+0x33/0x70
[  295.273118][   T34]  ? __pfx_kthread+0x10/0x10
[  295.273126][   T34]  ret_from_fork_asm+0x1a/0x30
[  295.273138][   T34]  </TASK>
[  295.273141][   T34] Sending NMI from CPU 0 to CPUs 1:
[  295.324516][    C1] NMI backtrace for cpu 1
[  295.324532][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  295.324540][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  295.324545][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  295.324561][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d e3 75 21 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  295.324568][    C1] RSP: 0018:ffffc90000177de0 EFLAGS: 00000286
[  295.324575][    C1] RAX: 42a93512587c7e00 RBX: ffffffff81974d58 RCX: 42a93512587c7e00
[  295.324580][    C1] RDX: 0000000000000001 RSI: ffffffff8d9823e9 RDI: ffffffff8be28d40
[  295.324585][    C1] RBP: ffffc90000177f20 R08: ffff888136632f5b R09: 1ffff11026cc65eb
[  295.324590][    C1] R10: dffffc0000000000 R11: ffffed1026cc65ec R12: ffffffff8fa10df0
[  295.324594][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110200d7000
[  295.324599][    C1] FS:  0000000000000000(0000) GS:ffff8881a3c50000(0000) knlGS:0000000000000000
[  295.324604][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  295.324608][    C1] CR2: 000055fbcbb79e68 CR3: 000000000df38000 CR4: 00000000000006f0
[  295.324636][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  295.324642][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  295.324646][    C1] Call Trace:
[  295.324650][    C1]  <TASK>
[  295.324653][    C1]  default_idle+0x13/0x20
[  295.324661][    C1]  default_idle_call+0x74/0xb0
[  295.324668][    C1]  do_idle+0x1e8/0x510
[  295.324676][    C1]  ? __pfx_do_idle+0x10/0x10
[  295.324684][    C1]  cpu_startup_entry+0x44/0x60
[  295.324689][    C1]  start_secondary+0x101/0x110
[  295.324699][    C1]  common_startup_64+0x13e/0x147
[  295.324709][    C1]  </TASK>
[  295.325533][   T34] Kernel panic - not syncing: hung_task: blocked tasks
[  295.384760][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  295.388558][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  295.391788][   T34] Call Trace:
[  295.392877][   T34]  <TASK>
[  295.393836][   T34]  dump_stack_lvl+0x99/0x250
[  295.395292][   T34]  ? __asan_memcpy+0x40/0x70
[  295.396769][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  295.398441][   T34]  ? __pfx__printk+0x10/0x10
[  295.399957][   T34]  panic+0x2db/0x790
[  295.401227][   T34]  ? __pfx_panic+0x10/0x10
[  295.402658][   T34]  ? nmi_backtrace_stall_check+0x433/0x440
[  295.404547][   T34]  ? preempt_schedule_thunk+0x16/0x30
[  295.406290][   T34]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  295.408271][   T34]  watchdog+0x102d/0x1030
[  295.409654][   T34]  ? watchdog+0x1de/0x1030
[  295.411117][   T34]  kthread+0x711/0x8a0
[  295.412453][   T34]  ? __pfx_watchdog+0x10/0x10
[  295.414001][   T34]  ? __pfx_kthread+0x10/0x10
[  295.415447][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  295.417077][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  295.418753][   T34]  ? __pfx_kthread+0x10/0x10
[  295.420220][   T34]  ret_from_fork+0x3fc/0x770
[  295.421696][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  295.423283][   T34]  ? __switch_to_asm+0x39/0x70
[  295.424898][   T34]  ? __switch_to_asm+0x33/0x70
[  295.426608][   T34]  ? __pfx_kthread+0x10/0x10
[  295.428402][   T34]  ret_from_fork_asm+0x1a/0x30
[  295.430083][   T34]  </TASK>
[  295.431934][   T34] Kernel Offset: disabled
[  295.433580][   T34] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:37:21  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffff88802050b980 RCX=383e0fc5b448f900 RDX=0000000000000006
RSI=ffffffff8db6f0f5 RDI=ffffffff8185919d RBP=ffffc900036ef978 RSP=ffffc900036ef8b8
R8 =ffffffff8fa10df7 R9 =1ffffffff1f421be R10=dffffc0000000000 R11=fffffbfff1f421bf
R12=ffffffff8b34ed28 R13=dffffc0000000000 R14=dffffc0000000000 R15=1ffff920006ddf1c
RIP=ffffffff8b66b987 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8650000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00005644223efb78 CR3=000000000df38000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000000 00007f67e1184d00
XMM02=656e2f7600000045 ffffffff00000000 XMM03=800401c71000080c 4ac2006e75742f74
XMM04=0000000000000000 0000000000000016 XMM05=0000000000000000 000000000001df8a
XMM06=84040002a0030000 0000000000000047 XMM07=6765726d00000000 ffffffffffffffdf
XMM08=0802800302080006 10003a1000000046 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffffffff99c7a7e8 RCX=1ffff920005f9e6c RDX=0000000000000000
RSI=ffffffff8db6f0f5 RDI=ffffffff99c7a7e8 RBP=ffffc90002fcf3f0 RSP=ffffc90002fcf340
R8 =0000000000000000 R9 =ffffffff84c7bfea R10=dffffc0000000000 R11=fffffbfff1f421bf
R12=dffffc0000000000 R13=ffff88811276ebe8 R14=ffffffff99c7a7ec R15=dffffc0000000000
RIP=ffffffff819ec64d RFL=00000803 [-O----C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007eff1c8e8800 ffffffff 00c00000
GS =0000 ffff8881a3c50000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffc341b5c78 CR3=000000010ace8000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
