last executing test programs:

57.260198616s ago: executing program 1 (id=2199):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x4, 0x70bd2d, 0x25dfdbfc, {{}, {}, {0x18, 0x17, {0x9, 0xe3, @udp='udp:syz0\x00'}}}}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x408d4)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{r1}, &(0x7f00000007c0), &(0x7f0000000640)=r0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000004c0)={r1, &(0x7f0000000300), &(0x7f0000000400)=""/154}, 0x20)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='tlb_flush\x00', r2}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000800000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x31)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="000000008000000000000000001a000000001f00257bf763022f1aff3a0b7a859b0bfe9236cdc5df4209a61a554bc1711f818dce4d3a7f19165f1d50cf10f9ac00f87f95788e15c05be4864b40af1b84e85ed739a3205137d83412f89fc2d26125e1ce9e010c3f20350a6a8364e048aa0ec9d8bdfae5e5ca89fdd5f32235eac62b409c4614459e711d7d460bfae079482be875", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='rpcgss_oid_to_mech\x00', r5}, 0x18)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000e40)=ANY=[@ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="0200000002"], 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r9, r10, 0x2, 0x2}, 0x10)
r11 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@cgroup=r11, r8, 0x2, 0x0, 0x4000}, 0x10)
r12 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r12, 0x10e, 0xc, &(0x7f0000000180)={0x6}, 0x10)
sendmsg$nl_route(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c000000000000000000000014", @ANYRES8=0x0, @ANYRES32=r12], 0x30}}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)

57.252243507s ago: executing program 1 (id=2200):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x2efb, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="290626bd7000fbdbdf251d00000034000180140002007465616d5f736c6176655f3000000000140002006970365f767469300000000000000000080003"], 0x48}, 0x1, 0x0, 0x0, 0x8844}, 0x20040000)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmmsg$inet(r0, &(0x7f0000001200)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8800)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) (async)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x2efb, 0x4) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) (async)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="290626bd7000fbdbdf251d00000034000180140002007465616d5f736c6176655f3000000000140002006970365f767469300000000000000000080003"], 0x48}, 0x1, 0x0, 0x0, 0x8844}, 0x20040000) (async)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) (async)
sendmmsg$inet(r0, &(0x7f0000001200)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8800) (async)

56.825925735s ago: executing program 1 (id=2203):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
socket$netlink(0x10, 0x3, 0x13)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000003000)={0x1, 0x4}, 0x5f)

15.146813914s ago: executing program 1 (id=2203):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
socket$netlink(0x10, 0x3, 0x13)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000003000)={0x1, 0x4}, 0x5f)

10.069131226s ago: executing program 1 (id=2203):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
socket$netlink(0x10, 0x3, 0x13)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000003000)={0x1, 0x4}, 0x5f)

4.37280373s ago: executing program 1 (id=2203):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
socket$netlink(0x10, 0x3, 0x13)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000003000)={0x1, 0x4}, 0x5f)

1.64993171s ago: executing program 0 (id=2540):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x2, 0x4e24, @private=0xa010102}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)="b7", 0x1}], 0x1}, 0x20008050)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000000)=r2, 0xc)
setsockopt$MRT_FLUSH(r2, 0x0, 0xd4, &(0x7f0000000000)=0x8, 0x4)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @null, @bpq0, 0x1, [@bcast, @default, @default, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]})

789.379024ms ago: executing program 0 (id=2544):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(0x0, r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000000)={r2, 0x0, 0xfffffffffffffffe}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000003"], 0x48)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r3], 0x0, 0x2}, 0x94)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000340)={r5, r5, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'})
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"/12], &(0x7f0000000140)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10)
shutdown(r5, 0x1)
ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000880)=@bpf_ext={0x1c, 0x2b, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x1}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x5}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10001}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @map_fd={0x18, 0x1}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffff8}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6a49}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000002c0)='syzkaller\x00', 0xfffff492, 0xc7, &(0x7f0000000680)=""/199, 0x40f00, 0x0, '\x00', 0x0, 0x0, r8, 0x8, &(0x7f0000000780)={0x7, 0x5}, 0x8, 0x10, &(0x7f00000007c0)={0x1, 0x7, 0x4, 0xb0}, 0x10, 0x3358, r4, 0x1, &(0x7f0000000800)=[r8, r7, r3, 0xffffffffffffffff], &(0x7f0000000840)=[{0x1, 0x1, 0x7}]}, 0x94)
r9 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r9, 0x8916, &(0x7f0000000000)={'wlan1\x00', @random="0200ff7fffff"})
sendfile(r8, r7, 0x0, 0x10000)
pipe(&(0x7f00000045c0)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r11, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r11, 0x0)
vmsplice(r10, &(0x7f00000019c0)=[{&(0x7f0000001a00)="ce", 0x1}], 0x1, 0x1)

437.35097ms ago: executing program 0 (id=2546):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) (async)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f00000000c0)={r1, r1, 0x1, 0xd, &(0x7f0000000040)="0f114def84b22dde27e442f1a7", 0x9, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})

318.596795ms ago: executing program 0 (id=2547):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(0x0, r0) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) (async)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000000)={r2, 0x0, 0xfffffffffffffffe}, 0x10) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000003"], 0x48) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000"], 0x0, 0x2}, 0x94) (async)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) (async)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000200)={'wg0\x00', <r5=>0x0})
sendmsg$sock(r4, &(0x7f0000000400)={&(0x7f0000000240)=@ll={0x11, 0x4, r5, 0x1, 0x1d, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000004c0)="8a0e84c0dd71c51553be9e654d8c8ea810b5a8e38dbbcde078d22e0156af04096ffa1d31db5a17fde2e687bbbde60ea219a0a1bb0734fb976570b793dc37062b3427b00c1f690dbc6d394447e95c3592b248ade72cbea96a303555a34b4c736b770a59831caf9549099c854131a490b2ba42f962b15a78db6982442c9e8ec65c6ab260d0848c886cf00ddca55824994cd6b02d47f5ec9979521ec0be546373f1ca379ec9d4544a9a1ab1214e923a64f32f238f", 0xb3}, {&(0x7f0000000680)="115e097de324ee32ed92e376a7389aae06ed1f7320ce8fe6f83be40da08b2e9557e6cd4b2479787943389b11d6803dc0e38962361d6561e2b2427f6a6e5874143f29cc36bf106be863e08b3375dead886c198b4ab76095906b266350c7f6419c1ebd6aa87664915f6e079419b5d7e8077dcb24957768a0e956a8dd9346ff1e42e3af71b58f407a7e10d61f310dd89b5e60cb1588e8d6ae3235686611719198461cbd1899b1f9ec4eba016fefb8ac58c2e73505691f2914fd8afcd68398edaf9efc9d61d188674c817ac707dd9ac4386be021b2119c0607f34918ca894d", 0xdd}, {&(0x7f00000002c0)="aef5d53d811615b3bc547e29a1d64094209e82c5a5f21e8890750902d5f849a15f06b21d19f77d58da49cc187ca25395e11df578e11474b66a8691a9603c49478f9bb56bf154dd03364a77587875cc41112a5c1511e43883648921ebb544800a013d870cb193316de92f7a9128f71e2b1b4bfd59", 0x74}, {&(0x7f0000000580)="90219f079c3965841632f8fd2b0342ad00b504ef44a685c962d1a988cccd082a5f297bcceb70a87d83196aece5399375d933698279f8cf00c55106406231192fefb599e953916fabf5fced41f8b43800d6e6c076ead24e025d5b70", 0x5b}, {&(0x7f0000000780)="fe857bf6cbb717d3456825a36008346a75d91907f9f6f4b57448c69cde83e98d454e5b239467a899a2f83303459169a4783d0d1e7d407b956d3a9f301b2f19846a734b456e9c2c10ce94e9fe50d3d768f03e91f408806285f1a7dfea68a2385e4b9c0d0a948cc57b2efdcc704ba039a47fa23b13d438f27ae5c8d1b480a99111497876500cfba5a06d6265ba63481cd46647ac752ec1c0b58999caa51befa85b43ce9661195309a1c2d4308924c9e17eb34949230516aed4d4138a03526c1efa9228a53b991190d0d51a21489ff4ac4546826d97c58ca36bae68610d7ca0094a9b76281bb3d4f0d26ce33fee1d3c00729c0293cf40cc5f313ef7170e8738", 0xfe}, {&(0x7f0000000880)="c86bfd49103ee113eb211bc619f21b8f5df3828ae46cefbb4de5f1c7f6809c0a5f2fc1e48d3df3d3b72b760d93122907c35e3242c57581340058ff19cd7a4053aa7376858fb10c2db356", 0x4a}, {&(0x7f0000000900)="e01371b82e4cb55e55d869907c1f04b9f2017dedc88dca8b19503590a47c4c3a2a9faacc16d51172268ab39added225c3c3fac72ec53dd5d86c30c5977c789bd2aa727fd35cacf359d7be00182033c29ee0ef2eed8227e3096b8fe2bf9d0573809a0d89ba9df2d32cfacf457b64e7f9dabf5f369b3cfb5ae76ea1d1ba326b9be5d72d7965ff0b3f289059c162b4ba4b405917ec9e6f6b8b142e8ecb86a9e9488519d7c085f589545fce7f197ff8bec770117ce2d", 0xb4}], 0x7, &(0x7f0000000b00)=[@mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0xffffffff}}, @timestamping={{0x14, 0x1, 0x25, 0x3}}, @timestamping={{0x14, 0x1, 0x25, 0xffff}}, @mark={{0x14}}, @txtime={{0x18, 0x1, 0x3d, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x8}}], 0xa8}, 0x40)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) (async)
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'}) (async)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"/12], &(0x7f0000000140)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10) (async)
shutdown(r3, 0x1) (async)
ioctl$sock_bt_hidp_HIDPCONNDEL(r6, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)

318.258079ms ago: executing program 2 (id=2548):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x2, 0x0, 0x4}, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="200000001600010a00000000000000000a00007c"], 0x20}, 0x1, 0x0, 0x0, 0xc8001}, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0x76, &(0x7f0000000180)={0x9, 0x0, 0x0, 0x1001}, &(0x7f0000000280)=0x20)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x9, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @bcast, @bcast, @null]})

256.213999ms ago: executing program 2 (id=2549):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x9, @null, @bpq0, 0x0, [@default, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null]})

255.879606ms ago: executing program 0 (id=2550):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x0, 0x0)
accept4$ax25(0xffffffffffffffff, &(0x7f0000000280)={{0x3, @rose}, [@rose, @default, @bcast, @rose, @remote, @null, @bcast, @netrom]}, &(0x7f00000001c0)=0x48, 0x0) (async)
accept4$bt_l2cap(r1, &(0x7f0000000000), &(0x7f0000000040)=0xe, 0x13be89dff09a7cd9) (async)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) (async)
unshare(0x22020600)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$can_j1939(0x1d, 0x2, 0x7) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x3, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10)
sendmmsg$inet(r2, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000a80)="2a73ed35", 0x732a}], 0x1}}], 0x400000000000292, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6(0xa, 0x3, 0x7) (async, rerun: 64)
r5 = socket$alg(0x26, 0x5, 0x0) (rerun: 64)
bind$alg(r5, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000240), r6)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYRESDEC], 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 64)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0xd, 0x4, 0x4, 0x9, 0x150, r7}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af0ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r8, 0x400448c8, &(0x7f0000000100)={r0, r0, 0xfffe, 0x0, 0x0, 0xc2, 0x85, 0x15c2, 0x5886, 0x6, 0x0, 0x0, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r8, 0x400448c9, &(0x7f00000000c0)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})

183.582965ms ago: executing program 2 (id=2551):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) (async)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) (async)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000280)={r1, r1, 0x1, 0xd, &(0x7f0000000040)="0f114def84b22dde27e442f1a7", 0x9, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'}) (async)
ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

107.068786ms ago: executing program 2 (id=2552):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={r0, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, &(0x7f00000001c0)=[0x0, 0x0], &(0x7f0000000200)=[0x0], <r1=>0x0, 0x3d, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0x89, 0x8, 0x8, &(0x7f0000000300)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0xa, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x200}, [@map_idx_val={0x18, 0x0, 0x6, 0x0, 0xa, 0x0, 0x0, 0x0, 0xfffffff7}, @map_idx={0x18, 0x6, 0x5, 0x0, 0x7}, @ldst={0x0, 0x0, 0x1, 0x2, 0x1, 0xffffffffffffffc0, 0xfffffffffffffffc}, @map_idx={0x18, 0x0, 0x5, 0x0, 0x4}]}, &(0x7f00000000c0)='syzkaller\x00', 0xf, 0x2, &(0x7f0000000100)=""/2, 0x41100, 0x20, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x4, 0x3}, 0x8, 0x10, 0x0, 0x0, r1, 0xffffffffffffffff, 0x2, 0x0, &(0x7f0000000480)=[{0x0, 0x3, 0x6, 0x5}, {0x5, 0x5, 0xe, 0xb}], 0x10, 0x1}, 0x94)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r2, 0x400448ca, 0x0)

101.067198ms ago: executing program 2 (id=2553):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c00020007001400000000000c000180060006008e"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r3 = accept4$bt_l2cap(r2, 0x0, &(0x7f0000000040), 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @none, 0x7ff, 0x2}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000340)={r2, r2, 0xc, 0x13, &(0x7f00000009c0)="160000000000000000b2317233f54c843626ac", 0x9, 0x1, 0x16c0, 0x5505, 0x8b, 0x1, 0x0, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})

98.135681ms ago: executing program 0 (id=2554):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a8c000000060a090400000000000000000200000060000480300001800e000100696d6d6564696174650000001c000280100002800c000280080001800000000008000140000000002c0001800b0001006e756d67656e00001c0002800800014000000004080002400000009408000340000000000900010073797a30000000000900020073797a32"], 0xb4}}, 0x0)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r2, r2, 0x1, 0xd, &(0x7f0000000040)="0f114def84b22dde27e442f1a7", 0x9, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'})
syz_emit_ethernet(0xf87, &(0x7f0000001180)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd606410a60f51000000000000000000000000000000000000fe8000000000000000000000000000aa8400000000000000223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b78a7875338b3d7645ef2c24ab05db63cfdcde7b3cac2248c9d1c73d0d4382b3f520ad6e9be698eaa9bf5b939ce09919c9485c4725690ee2483315829a196f85a5ae552ebe19a2d6768ce2a6bf60fbb53104c7919b7cf28fa555fc9460df11e72eddebb2fc4eb6f83b16e0d65307e4210dfc209f0c68df65b57f420fd215546b798af6b6ab7bfb2fe6bd6142f877852717370b1ca39d199c149c3ead97c4e16229ce4c08a111a0fc64651c21e9174dd72442a9ae2a42d9433c7b54c8dd4b59203f9a2e227e9b043eb430e606cf98f3428ac8511948dd553bc0728c0626fbda71bd2a1d734d605e27bdb0be93b7b91284689e31fccb70c15f2c39da9011c84d36fe4b4b36ff26e45a34685fc638dbdaa068a3d3d4f5d44b74afc0fc7956e5fcc3fe405ac6d292d1d90f257f18fe14a3192d28ed369956aa2f91f9fee773cf7fb5d90705347eeadc1af86de78a498fa1a20e5b3f481a0595769654d969299506d8ffbc172a7fb9453a8a3787e80b167936863f2cc16c1d03481bd40e1abcf87a292559771572136932bf30e48174012a1d4d5f138f93140af2ceb9c821c7966ea7592d762975b5b33ef141b6b91eb388c91b924945c3231d0f299adb5a36e0c95a17872e7ebf0bc0e33baf5c46f9e2087b77bad0794d519ce7bc8674a70f3545d020454ded22f164185df3b4f952b132947b75333993fd73a6bac5836dd5720e559bcb82a4926734c5c3b1287c5fec219a99f71eb398430001f007306e9232c269c2886357f75d935e8de054341ac36f1df1fc77fbc347d90660f4d5658cfeb9e289f70968a7c0b38ae34c4bfa46b47964e223ac34f472e3231e8c285add5713592c76c062c3477beb55b279846f04f8d6a5ce2743c6a2020f0c5164953b8dca7e57239dc8a7f507bcf77767ab0b4602437171a09c8e80f5a165c4c37eaae386cfcb927dd1a935fa717fa1608792b34bafbc20cf11a678455894ede62788309ab7a7075535847a2b48260a613e521b01d75648263ad78e6176528dbf3e6c4e4d72066e617be5387183a51dd97d2e846c5d173b51e17a4c8d78a49c914cbe44236c52c78de45b44f9d80bc6f77c75135922a84579bce77baa71311889f5b7b90c5124b8298d5e9c81c442d60df00795854d3213a1ac254c8963c109f68b3ff5451c381f6fb56c116f86b71f988d1e9f732280cbf3d4e9791fefc4bdec5dc293fb77b02d5aab6bd8cd179b7e425126b7f78c0d004bc6470ecc2bbc422bd06a6bd8f717009509e6a88b01347b7a62b9dea6f7a7446a371f422499a6e66eeb6a7b0beb4a86a61f875a9bfe0f5d5f0d0e4c85852afaea97d74ebc80d6491a8a1c998c4b5bc34b3edaeba2df902cd5e14e016720e6c3c8b15287b2471c34251e26dc442720cd5d984e30b110b7370f233f865b9ac129fdf49ff02b303d7d4f91039d3bb58a9d64d7a72d8b8eba6b45a000370d4f0e9c0d411768441372e7112e5d4e7d70a9d6b428b8b85ee6209d6f73e7b024740c052166deeb843e4ab78d1d354d75a5827ff0d49d8964e75785f3594c7299c0917b48f3b2efb81a4c3a7d6e0f1cf50efe0360963c2e3ee390ed2a4c39f42e856eced0f2ee7beacd2ecbece493e911ca0460584323ea6d4a0c00864693c979cae38f0c5841bfaeebf609d1075163c120fea0bd0207d2dd07e5e2e0a5afe3efee0ee6bb9a926a8dba7a27a82c5421a5b20bfb5dbdef532a12435fcd899f15603209831711e0dcfaaf2104b2016f087fce44848c70b65a34b9be83df2064391fc5a8d169dc1943d226e57ab5ba06c656273d4efba73a8a61aae19df4d2445f3ce7e649af1b4ffc86106c9092ddd0aafeb45653d181cb32b06a1dd41573495f15c3b8c0019ba72a2eb163dfcbdbb235322ae27d7116af506f295c2424ab9191aa8ce0e4617b212af21983f8d2b19d7fdeec881f6fa448acc7c3e133b6f281583fad4467c05801e69f6ffc1ae2e1f54655534d884c2f8f60303da33ccbe47a293643edb61c7d9fad4e3e54028bc64be8e5b1da53446869b136660b8e96ff96c48641ece275967b27b291c5c240b3399b5b901b699227735f821938bc88ded45bada2b257b1a4bcab7ed6647f2027e5680c87329e9cfdba6bde2f2a9b676be016001702bebbabb2eae3eba01d6f49ab70245a4c5ef0e136b531e1843487b3f69c5b811217d6d2f5e71b47f40c28117bd09a88bb21887a06e2cc164d4281d0df47cbd5781f1524098d89ccae32f24c5f9d86469106685fdc683ad5e873030b621dc00354e0621106da90aca69bb53848dd57251a45bc1898aca9bc84c9a8d2f8aabeed888560771c8cb03aab02620430fec8e9740880790060ccbffd5b8edaa219ca61587eff1b1b03ae8af53059f121efdec8b3ee8aba06f494a5b4575bc848d5a9773d2346f75811cb82a078fc960c9bd374555d78b1b4ba0b438ef00e8aa75810ca5efc5c70936e2cb0e515912cb7f625a2130a9ad58f29e58ae6eac5c3f15f22f0163ee6dead6947c4390b92c8dfb146fec7bfc0b37e8ff2c9de90c30f2d8b5e334107f9835bc47fbc193c60ebd5ac4e677c7fd5b6261ff96e97c185c726ec02941bc2336946f181fd2aff43f0e95f06105a049fcb8e4e3738407d6356856f533f17fae281a3be9f2050ae3d19d1b8350d424087ac9b7875824a9b7e098775b53d6ec960fc052ecd165d17a7897de75f15316a072bb9ccf6ce1ec085bb5356c271b985a437a32f12308fc927410fd444bcded9859e7b8a3cfaaf29ebfb92cc7cbfad2559bbe4f90e189e8708e93827b221869cc78fa41fd5bcb6577b7dfe4c3927dc25a58aa84419f76e71d1f3c10cbb5e52ab2bebe0d39bdffda0fa1b55fe3a03683f882a82dd58498d62b101acd710fd436aa7409fe3cf5352dffb399d560323e14d564bdb3121b89c1f43fc9a892b799cd32f7ce2ededb868920b4547735ef0bf3e148251a4f65dddb7f96b2f33734522a8cffdc51520ac98926b3406e96618cf15a042a67239e755afc70ec6a9c99f8e08ec2946e5901364d85223a63d49572519137d93b6b0798e72acf9da120e706ee73367dec1450a68def886c149bcd734469e10b933899501011cd548e99d638821d5709fde050ab382d4896ecfd7999d40ea9c690c26d396545224c8f9e19705593df2688eb592e2476a0193f7054ab6f703d41c545a80bf285bbc7cc735bd306c9ea5eb64f40752fd4c741d9b6e03cd41b636ef8f5e810047a21c0b24c6fde1f2e98f2f27730c90d93af9e7564e4e209a61ff626b666fcc4f75f7d560da688169ff0af5e674a0b89a99fb54bb438a65f953c2db0faec2ce09cec33b6d25620b5a0393ac473fed48a38beaca5223997419876d571ce969b83b5b3ae54de83dd89fd92ed2a93c087828bef49a24ed1a97778c47fdc691a94fd5b437dfe494b5c6fadf499d9d15583b0439d3d5ecb61a32a2508a6960be6009accfd1d5d75a16dbc4121c6ef07bda12646792449c18a56e7aa3893f3f0e55a8e09ca64193dd29ea24ed8614ee8e717f046dd99a8e3750506655331125a502aa89c0d7e8e30c36a4be22cd911322695144d3bf034f38ef32d49431d50da583d08a3e4c5862483cdd52d031b12c8e883d301bf3a9c27311a987d4dae82a061f48182cc747cd64441e88b68e26e4975f0fdde3129a9e6af80009962581d5349676df9c73b81514b175709d9193749660f480bd4009b528c1db4f76f42b6a175126603c39a374e890f871c97b2eebb4500451d827cc15497dc5ae89edc6f47f25db7efa4b4b2afbbb2ee543e3db8d20fe93faf300247f59075921e8b2f2a025af8a1d46f274e0c6cb4be0293c7c16c88e98d7d189e9733e4c0e3b96be4aa3fa6ecf42732e0b1432d38aeaf2330d92713cd5580ce42bfe47fb98fea64783de23f456300dd193008211a5ba408d32dedbf12aa8237a6e1a2c9890a2c1011855241fea186906a5139d1c300be57dc7ff493de80010520d10fc3eda0ee9cd413e075d3dc02258fdab567a16e43edbeecc366a69d8d75512f43a2b79cbb9132cdcd00c531730d05f1eabf66613d6e7ebb8c4c3f4f7efd415d41049786352808b22a3bde40121968af39c8f00296001662adc72b7963c8bafab4a496b50f3237a29d19ad4a51a62b1c77a04c14004734189cf7ec49e3d041a1e5658d080f09df77f39782e7133968c1f39ab3ae2a5f24a60073288f3c5825dafd614a379b8b905aaf961caa14ffa38de0d632918d31e4a9291b0f0789248e232e4276840a1ed0257300e522d83111dffd424b1b33148981e3794b2b649ba9174e6697bcc96049f4f3dcc7cf4ca97e2006ec8a146014bb49184632e4fb159a34b6530e959e60a6b4e0427cc697f14cfe6bb7a662a6f5012744f3cf2307abc19c58449864d98fcfebc5d598cd32a1c38c207896468fe8da75eb1edb1d6e7cb1eab671e4e92f139c81d79f15df2a2dc075acc982dec769e2f49aad0fdf594cb590e054616e4f4582b6c4a149ae45d844903ef68d211df2a180178e178b7c7a5012ccf8a1e677586588620365e6111f5192ecfdbd97e2284128de02e08ebc13d4bb4d114faa1e6c16c51c12da2c52d68f73640ce866ce4e794b9fafdc392c91c1f824bc301b3069a02b9c86d2ffac3ed63ddee130cbc248d6a3345d3f9553db78077072d569a6633f8bdbdb1a209a8be9b6830225994f9021b57ddd6a44e8ea40b205c6cf437f45bffaef053a5916dcc6de62ee02bdb8ce3acec8ad97fc95dab1307d254790c71f32e4678957cf0121dccabe73a03c6cacbcbdaad8801b04d9836555a982c357a06e2db7e9bf62aed8cdebbb7a71a2410b929015b61f16e54bffd038996a717b9c7cc3696d8a1205e8266bf782c3a45b0e31461d6a3ed62396088833f69248b24fbf6f81dcc08b98826c3bd2325ade54f614f2d4a153e3e3527d93978483f2bfeada6b64bc43f2a725c30e843d13e6ab34cfc38d488b3ef50cd04318fac1f89905f017644cfa2de058ad399871d1316264813c2289d0b6cfeddfbca36ce93fd4a1bfc93bb74453cfbb9c6ca22320ffc9cb0a3fff046a5678c066e617cd3ac024dfead04b99877f448b78208938585c7563efe815ff0cc47da5fff521d9730ddc89f4aeceadd06f2ea6b9ae72c9407aa550a0155db3b4bc6aaa382a30552f699cb6a1af9972a8ccc483f98952dfbde3d712ea8673eacdbb77490d833fc90f0f02e7c073d2917db70831496a88defc10667dc4c1b7399191bdc7857eb090e79c332bf9f71bb5377178e6232800c93d22318dc5ab8d5dfa2f074a6c23acb61c89f2f078ec91e9817e11a4c8295c19634b5ca2df74"], 0x0)
ioctl$sock_bt_hidp_HIDPCONNDEL(r1, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})

0s ago: executing program 2 (id=2555):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r2)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000004feffff070004000000000008000500ac1414000f000600"], 0x38}}, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x1, &(0x7f0000000180)="e2", 0x8b, 0x1, 0x46d, 0xfff9, 0x3, 0x0, 0x8, 'syz0\x00'})

kernel console output (not intermixed with test programs):

237] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  171.738349][T11272] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1634'.
[  171.742835][T11272] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1634'.
[  171.746040][T11272] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1634'.
[  172.054325][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  172.264508][T11275] xt_policy: output policy not valid in PREROUTING and INPUT
[  172.315675][T11280] netlink: 'syz.2.1636': attribute type 35 has an invalid length.
[  172.374793][   T27] wlan0: Trigger new scan to find an IBSS to join
[  172.854303][T11297] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1639'.
[  174.890450][T11360] can: request_module (can-proto-4) failed.
[  175.412363][   T64] wlan0: Trigger new scan to find an IBSS to join
[  175.896679][T11376] x_tables: duplicate underflow at hook 1
[  175.900429][T11376] No such timeout policy "syz0"
[  175.988380][T11379] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1664'.
[  176.106001][T11392] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1667'.
[  176.333229][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  176.747973][T11420] netlink: 'syz.2.1676': attribute type 13 has an invalid length.
[  176.751185][T11420] netlink: 'syz.2.1676': attribute type 17 has an invalid length.
[  176.758751][T11420] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  176.782741][ T5865] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  176.927140][T11422] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  176.978509][T11427] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  177.294072][T11432] netlink: 'syz.1.1679': attribute type 8 has an invalid length.
[  177.581393][T11436] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1680'.
[  177.594666][T11436] tap0: tun_chr_ioctl cmd 1074025677
[  177.597216][T11436] tap0: linktype set to 0
[  177.732432][ T5865] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  177.877726][T11447] netlink: 'syz.2.1683': attribute type 13 has an invalid length.
[  177.880363][T11447] netlink: 'syz.2.1683': attribute type 17 has an invalid length.
[  177.885558][T11447] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  177.914236][ T5865] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  178.172927][ T5865] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  178.195310][T11459] syz.1.1687 (11459) used greatest stack depth: 18696 bytes left
[  179.060924][T11507] trusted_key: syz.2.1698 sent an empty control message without MSG_MORE.
[  179.654366][T11523] netlink: 'syz.0.1702': attribute type 14 has an invalid length.
[  180.534502][   T54] Bluetooth: hci1: command 0x0406 tx timeout
[  180.841391][T11553] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1711'.
[  181.783919][T11586] x_tables: duplicate underflow at hook 2
[  181.787532][T11586] x_tables: duplicate underflow at hook 1
[  182.130989][T11589] netlink: 'syz.2.1720': attribute type 10 has an invalid length.
[  182.134789][T11589] team0: Device dummy0 is up. Set it down before adding it as a team port
[  182.140788][T11589] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  182.638592][T11598] GUP no longer grows the stack in syz.1.1724 (11598): 200000006000-20000000a000 (200000005000)
[  182.645400][T11598] CPU: 0 UID: 0 PID: 11598 Comm: syz.1.1724 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  182.645450][T11598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  182.645459][T11598] Call Trace:
[  182.645464][T11598]  <TASK>
[  182.645471][T11598]  dump_stack_lvl+0x189/0x250
[  182.645501][T11598]  ? __pfx_dump_stack_lvl+0x10/0x10
[  182.645520][T11598]  ? __pfx__printk+0x10/0x10
[  182.645533][T11598]  ? find_vma+0xe7/0x160
[  182.645556][T11598]  __get_user_pages+0x2a60/0x30b0
[  182.645600][T11598]  ? __pfx___get_user_pages+0x10/0x10
[  182.645618][T11598]  ? __gup_longterm_locked+0xbf7/0x15b0
[  182.645661][T11598]  ? down_read_killable+0x1d1/0x350
[  182.645675][T11598]  ? try_get_folio+0x633/0x660
[  182.645690][T11598]  __gup_longterm_locked+0xd66/0x15b0
[  182.645713][T11598]  ? try_grab_folio_fast+0x1be/0x4f0
[  182.645741][T11598]  ? gup_fast_fallback+0x1afc/0x2260
[  182.645762][T11598]  gup_fast_fallback+0x1cd4/0x2260
[  182.645810][T11598]  ? __pfx_gup_fast_fallback+0x10/0x10
[  182.645826][T11598]  ? trace_contention_end+0x39/0x120
[  182.645841][T11598]  ? __mutex_lock+0x330/0xe80
[  182.645860][T11598]  ? update_curr_dl_se+0x107/0xa20
[  182.645880][T11598]  ? is_valid_gup_args+0x11f/0x200
[  182.645899][T11598]  ? get_user_pages_fast+0x4d/0xb0
[  182.645919][T11598]  __iov_iter_get_pages_alloc+0x39a/0xb40
[  182.645937][T11598]  ? __pfx_pipe_clear_nowait+0x10/0x10
[  182.645951][T11598]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  182.645966][T11598]  ? wait_for_space+0x24d/0x2d0
[  182.645981][T11598]  iov_iter_get_pages2+0x5e/0xa0
[  182.646003][T11598]  __se_sys_vmsplice+0x548/0x10d0
[  182.646031][T11598]  ? __pfx___se_sys_vmsplice+0x10/0x10
[  182.646044][T11598]  ? __lock_acquire+0xab9/0xd20
[  182.646062][T11598]  ? __pfx_futex_wake+0x10/0x10
[  182.646086][T11598]  ? __lock_acquire+0xab9/0xd20
[  182.646130][T11598]  ? do_pipe2+0xf7/0x170
[  182.646147][T11598]  ? rcu_is_watching+0x15/0xb0
[  182.646170][T11598]  ? do_syscall_64+0xbe/0x3b0
[  182.646184][T11598]  do_syscall_64+0xfa/0x3b0
[  182.646194][T11598]  ? lockdep_hardirqs_on+0x9c/0x150
[  182.646211][T11598]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.646245][T11598]  ? exc_page_fault+0x9f/0xf0
[  182.646264][T11598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.646276][T11598] RIP: 0033:0x7f75e4d8e929
[  182.646288][T11598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.646300][T11598] RSP: 002b:00007f75e5c67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
[  182.646315][T11598] RAX: ffffffffffffffda RBX: 00007f75e4fb5fa0 RCX: 00007f75e4d8e929
[  182.646324][T11598] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 000000000000000d
[  182.646331][T11598] RBP: 00007f75e4e10b39 R08: 0000000000000000 R09: 0000000000000000
[  182.646339][T11598] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  182.646346][T11598] R13: 0000000000000000 R14: 00007f75e4fb5fa0 R15: 00007ffc7bfe3d58
[  182.646368][T11598]  </TASK>
[  182.829451][T11601] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  182.853209][   T33] audit: type=1800 audit(1751648208.366:22): pid=11596 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1723" name="cgroup.controllers" dev="tmpfs" ino=2889 res=0 errno=0
[  182.969790][T11603] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1725'.
[  182.992438][T11603] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1725'.
[  183.671001][T11620] delete_channel: no stack
[  183.836686][T11622] x_tables: duplicate underflow at hook 1
[  184.921823][T11646] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1737'.
[  184.940090][T11646] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1737'.
[  184.964277][T11646] netlink: 46 bytes leftover after parsing attributes in process `syz.0.1737'.
[  184.968224][T11646] nbd: socks must be embedded in a SOCK_ITEM attr
[  185.091077][T11650] warn_alloc: 2 callbacks suppressed
[  185.091098][T11650] syz.2.1738: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  185.113408][T11650] CPU: 0 UID: 0 PID: 11650 Comm: syz.2.1738 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  185.113424][T11650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  185.113429][T11650] Call Trace:
[  185.113434][T11650]  <TASK>
[  185.113438][T11650]  dump_stack_lvl+0x189/0x250
[  185.113458][T11650]  ? __pfx_dump_stack_lvl+0x10/0x10
[  185.113470][T11650]  ? __pfx__printk+0x10/0x10
[  185.113479][T11650]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  185.113491][T11650]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  185.113499][T11650]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  185.113509][T11650]  warn_alloc+0x214/0x310
[  185.113519][T11650]  ? stack_depot_save_flags+0x40/0x900
[  185.113530][T11650]  ? __pfx_warn_alloc+0x10/0x10
[  185.113539][T11650]  ? kasan_save_track+0x4f/0x80
[  185.113553][T11650]  ? xskq_create+0x56/0x170
[  185.113565][T11650]  ? xsk_init_queue+0xb0/0x110
[  185.113575][T11650]  ? xsk_setsockopt+0x43f/0x710
[  185.113584][T11650]  ? do_sock_setsockopt+0x25a/0x3e0
[  185.113591][T11650]  ? __x64_sys_setsockopt+0x18b/0x220
[  185.113599][T11650]  ? do_syscall_64+0xfa/0x3b0
[  185.113605][T11650]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.113615][T11650]  __vmalloc_node_range_noprof+0x125/0x12f0
[  185.113636][T11650]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  185.113648][T11650]  ? __kasan_kmalloc+0x93/0xb0
[  185.113656][T11650]  vmalloc_user_noprof+0xad/0xf0
[  185.113664][T11650]  ? xskq_create+0xbf/0x170
[  185.113675][T11650]  xskq_create+0xbf/0x170
[  185.113686][T11650]  xsk_init_queue+0xb0/0x110
[  185.113697][T11650]  xsk_setsockopt+0x43f/0x710
[  185.113707][T11650]  ? __pfx_xsk_setsockopt+0x10/0x10
[  185.113716][T11650]  ? __lock_acquire+0xab9/0xd20
[  185.113730][T11650]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  185.113741][T11650]  ? __pfx_xsk_setsockopt+0x10/0x10
[  185.113751][T11650]  do_sock_setsockopt+0x25a/0x3e0
[  185.113761][T11650]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  185.113772][T11650]  ? __fget_files+0x2a/0x420
[  185.113783][T11650]  __x64_sys_setsockopt+0x18b/0x220
[  185.113794][T11650]  do_syscall_64+0xfa/0x3b0
[  185.113799][T11650]  ? lockdep_hardirqs_on+0x9c/0x150
[  185.113809][T11650]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.113816][T11650]  ? exc_page_fault+0x9f/0xf0
[  185.113826][T11650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.113833][T11650] RIP: 0033:0x7f1b5398e929
[  185.113841][T11650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  185.113848][T11650] RSP: 002b:00007f1b5475c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  185.113857][T11650] RAX: ffffffffffffffda RBX: 00007f1b53bb5fa0 RCX: 00007f1b5398e929
[  185.113863][T11650] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009
[  185.113867][T11650] RBP: 00007f1b53a10b39 R08: 0000000000000004 R09: 0000000000000000
[  185.113871][T11650] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  185.113876][T11650] R13: 0000000000000000 R14: 00007f1b53bb5fa0 R15: 00007fff38ae6f98
[  185.113887][T11650]  </TASK>
[  185.113890][T11650] Mem-Info:
[  185.248725][T11650] active_anon:25177 inactive_anon:0 isolated_anon:0
[  185.248725][T11650]  active_file:1202 inactive_file:38258 isolated_file:0
[  185.248725][T11650]  unevictable:1768 dirty:84 writeback:0
[  185.248725][T11650]  slab_reclaimable:9737 slab_unreclaimable:110807
[  185.248725][T11650]  mapped:18100 shmem:22908 pagetables:887
[  185.248725][T11650]  sec_pagetables:0 bounce:0
[  185.248725][T11650]  kernel_misc_reclaimable:0
[  185.248725][T11650]  free:200155 free_pcp:29030 free_cma:0
[  185.263828][T11650] Node 0 active_anon:89236kB inactive_anon:0kB active_file:3376kB inactive_file:18172kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36220kB dirty:212kB writeback:0kB shmem:82720kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5952kB pagetables:2116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  185.274570][T11650] Node 1 active_anon:7392kB inactive_anon:0kB active_file:1432kB inactive_file:134860kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36180kB dirty:124kB writeback:0kB shmem:4832kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5900kB pagetables:1568kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  185.284833][T11650] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  185.296348][T11650] lowmem_reserve[]: 0 815 815 815 815
[  185.298284][T11650] Node 0 DMA32 free:224208kB boost:0kB min:33716kB low:42144kB high:50572kB reserved_highatomic:0KB free_highatomic:0KB active_anon:84748kB inactive_anon:0kB active_file:3376kB inactive_file:18172kB unevictable:3536kB writepending:212kB present:1556484kB managed:834740kB mlocked:0kB bounce:0kB free_pcp:64204kB local_pcp:49840kB free_cma:0kB
[  185.308773][T11650] lowmem_reserve[]: 0 0 0 0 0
[  185.310974][T11650] Node 1 DMA32 free:458616kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  185.322147][T11650] lowmem_reserve[]: 0 0 854 854 854
[  185.323929][T11650] Node 1 Normal free:111208kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:7460kB inactive_anon:0kB active_file:1432kB inactive_file:134860kB unevictable:3536kB writepending:124kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:51696kB local_pcp:17428kB free_cma:0kB
[  185.335181][T11650] lowmem_reserve[]: 0 0 0 0 0
[  185.336813][T11650] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  185.340903][T11650] Node 0 DMA32: 582*4kB (ME) 617*8kB (UM) 519*16kB (UME) 619*32kB (UM) 224*64kB (UME) 68*128kB (UM) 31*256kB (UME) 18*512kB (UM) 12*1024kB (UM) 5*2048kB (UME) 33*4096kB (M) = 233264kB
[  185.347887][T11650] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  185.370454][T11650] Node 1 Normal: 690*4kB (UM) 954*8kB (UM) 372*16kB (UM) 245*32kB (UME) 77*64kB (UME) 33*128kB (UME) 50*256kB (UM) 21*512kB (UM) 21*1024kB (UM) 4*2048kB (UME) 6*4096kB (UM) = 111160kB
[  185.376633][T11650] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  185.379678][T11650] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  185.384230][T11650] 57268 total pagecache pages
[  185.385823][T11650] 0 pages in swap cache
[  185.387126][T11650] Free swap  = 124996kB
[  185.388465][T11650] Total swap = 124996kB
[  185.390399][T11650] 786301 pages RAM
[  185.391645][T11650] 0 pages HighMem/MovableOnly
[  185.394906][T11650] 240368 pages reserved
[  185.396238][T11650] 0 pages cma reserved
[  185.762227][   T33] audit: type=1800 audit(1751648211.266:23): pid=11674 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1739" name="cgroup.controllers" dev="tmpfs" ino=3040 res=0 errno=0
[  185.815861][T11683] openvswitch: netlink: ct_state flags 0000ee01 unsupported
[  186.772481][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  187.165656][T11713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1756'.
[  187.273490][T11720] netlink: 'syz.1.1759': attribute type 13 has an invalid length.
[  187.276564][T11720] netlink: 'syz.1.1759': attribute type 17 has an invalid length.
[  187.286263][T11720] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  187.540499][T11726] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1761'.
[  187.544266][T11726] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1761'.
[  187.628721][T11735] sctp: [Deprecated]: syz.0.1764 (pid 11735) Use of int in max_burst socket option.
[  187.628721][T11735] Use struct sctp_assoc_value instead
[  187.646849][T11735] raw_sendmsg: syz.0.1764 forgot to set AF_INET. Fix it!
[  187.736093][T11742] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1766'.
[  188.113108][   T33] audit: type=1800 audit(1751648213.626:24): pid=11749 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1768" name="cgroup.controllers" dev="tmpfs" ino=2990 res=0 errno=0
[  191.019122][T11809] netlink: 'syz.0.1785': attribute type 3 has an invalid length.
[  191.073533][T11810] netlink: 'syz.0.1785': attribute type 3 has an invalid length.
[  191.077409][T11811] netlink: 'syz.0.1785': attribute type 3 has an invalid length.
[  191.161636][T11818] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1787'.
[  191.170489][T11818] netlink: 'syz.2.1787': attribute type 3 has an invalid length.
[  191.184361][T11818] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1787'.
[  191.329346][T11823] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1789'.
[  191.332481][T11823] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1789'.
[  191.647200][   T33] audit: type=1800 audit(1751648217.156:25): pid=11830 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1792" name="cgroup.controllers" dev="tmpfs" ino=3167 res=0 errno=0
[  192.658241][T11861] batadv_slave_0: entered promiscuous mode
[  192.805851][T11881] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1805'.
[  192.809792][T11881] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1805'.
[  193.008426][T11888] netlink: 'syz.0.1807': attribute type 13 has an invalid length.
[  193.010948][T11888] netlink: 'syz.0.1807': attribute type 17 has an invalid length.
[  193.016202][T11888] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  193.681066][T11908] netlink: 'syz.2.1812': attribute type 12 has an invalid length.
[  193.686023][T11908] netlink: 'syz.2.1812': attribute type 29 has an invalid length.
[  193.688923][T11908] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1812'.
[  193.765899][T11914] netlink: 'syz.1.1809': attribute type 4 has an invalid length.
[  193.818602][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  193.935116][T11920] netlink: 'syz.0.1814': attribute type 13 has an invalid length.
[  193.937723][T11920] netlink: 'syz.0.1814': attribute type 17 has an invalid length.
[  193.943268][T11920] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  194.048330][T11924] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1816'.
[  194.725831][T11936] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1819'.
[  195.539908][T11946] netlink: 'syz.2.1822': attribute type 3 has an invalid length.
[  196.242973][T11956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1825'.
[  196.247007][T11956] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1825'.
[  196.250852][T11956] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1825'.
[  196.255449][T11956] nbd: socks must be embedded in a SOCK_ITEM attr
[  196.260321][T11955] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1825'.
[  196.266191][T11955] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1825'.
[  196.270095][T11955] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1825'.
[  196.274096][T11955] nbd: socks must be embedded in a SOCK_ITEM attr
[  196.605727][T11963] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1828'.
[  196.805683][T11967] infiniband syz!: set down
[  196.809209][T11967] infiniband syz!: added team_slave_0
[  196.850123][T11967] RDS/IB: syz!: added
[  196.853542][T11967] smc: adding ib device syz! with port count 1
[  196.856354][T11967] smc:    ib device syz! port 1 has pnetid 
[  197.157545][T12002] netlink: 'syz.1.1839': attribute type 13 has an invalid length.
[  197.160573][T12002] netlink: 'syz.1.1839': attribute type 17 has an invalid length.
[  197.175378][T12002] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  197.294561][T12010] netlink: 50 bytes leftover after parsing attributes in process `syz.1.1841'.
[  197.705219][T12023] warn_alloc: 1 callbacks suppressed
[  197.705228][T12023] syz.0.1844: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  197.716091][T12023] CPU: 0 UID: 0 PID: 12023 Comm: syz.0.1844 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  197.716111][T12023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  197.716119][T12023] Call Trace:
[  197.716126][T12023]  <TASK>
[  197.716132][T12023]  dump_stack_lvl+0x189/0x250
[  197.716160][T12023]  ? __pfx_dump_stack_lvl+0x10/0x10
[  197.716186][T12023]  ? __pfx__printk+0x10/0x10
[  197.716201][T12023]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  197.716216][T12023]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  197.716232][T12023]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  197.716282][T12023]  warn_alloc+0x214/0x310
[  197.716300][T12023]  ? stack_depot_save_flags+0x40/0x900
[  197.716319][T12023]  ? __pfx_warn_alloc+0x10/0x10
[  197.716336][T12023]  ? kasan_save_track+0x4f/0x80
[  197.716356][T12023]  ? xskq_create+0x56/0x170
[  197.716375][T12023]  ? xsk_init_queue+0xb0/0x110
[  197.716391][T12023]  ? xsk_setsockopt+0x43f/0x710
[  197.716405][T12023]  ? do_sock_setsockopt+0x25a/0x3e0
[  197.716417][T12023]  ? __x64_sys_setsockopt+0x18b/0x220
[  197.716430][T12023]  ? do_syscall_64+0xfa/0x3b0
[  197.716440][T12023]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.716457][T12023]  __vmalloc_node_range_noprof+0x125/0x12f0
[  197.716497][T12023]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  197.716512][T12023]  ? xskq_create+0x56/0x170
[  197.716530][T12023]  ? __kasan_kmalloc+0x93/0xb0
[  197.716544][T12023]  vmalloc_user_noprof+0xad/0xf0
[  197.716559][T12023]  ? xskq_create+0xbf/0x170
[  197.716578][T12023]  xskq_create+0xbf/0x170
[  197.716598][T12023]  xsk_init_queue+0xb0/0x110
[  197.716616][T12023]  xsk_setsockopt+0x43f/0x710
[  197.716633][T12023]  ? __pfx_xsk_setsockopt+0x10/0x10
[  197.716648][T12023]  ? __lock_acquire+0xab9/0xd20
[  197.716671][T12023]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  197.716686][T12023]  ? __pfx_xsk_setsockopt+0x10/0x10
[  197.716703][T12023]  do_sock_setsockopt+0x25a/0x3e0
[  197.716719][T12023]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  197.716735][T12023]  ? __fget_files+0x2a/0x420
[  197.716754][T12023]  __x64_sys_setsockopt+0x18b/0x220
[  197.716772][T12023]  do_syscall_64+0xfa/0x3b0
[  197.716781][T12023]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.716799][T12023]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.716810][T12023]  ? exc_page_fault+0x9f/0xf0
[  197.716827][T12023]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.716837][T12023] RIP: 0033:0x7f95b838e929
[  197.716859][T12023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  197.716870][T12023] RSP: 002b:00007f95b9229038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  197.716885][T12023] RAX: ffffffffffffffda RBX: 00007f95b85b5fa0 RCX: 00007f95b838e929
[  197.716895][T12023] RDX: 0000000000000006 RSI: 000000000000011b RDI: 000000000000000c
[  197.716903][T12023] RBP: 00007f95b8410b39 R08: 0000000000000004 R09: 0000000000000000
[  197.716911][T12023] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  197.716918][T12023] R13: 0000000000000000 R14: 00007f95b85b5fa0 R15: 00007ffcbd2be4c8
[  197.716939][T12023]  </TASK>
[  197.716944][T12023] Mem-Info:
[  197.824662][T12023] active_anon:4735 inactive_anon:0 isolated_anon:0
[  197.824662][T12023]  active_file:1241 inactive_file:38262 isolated_file:0
[  197.824662][T12023]  unevictable:1768 dirty:135 writeback:0
[  197.824662][T12023]  slab_reclaimable:9756 slab_unreclaimable:112067
[  197.824662][T12023]  mapped:18153 shmem:2435 pagetables:951
[  197.824662][T12023]  sec_pagetables:0 bounce:0
[  197.824662][T12023]  kernel_misc_reclaimable:0
[  197.824662][T12023]  free:229301 free_pcp:18710 free_cma:0
[  197.838954][T12023] Node 0 active_anon:11604kB inactive_anon:0kB active_file:3376kB inactive_file:18188kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36268kB dirty:276kB writeback:0kB shmem:4892kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:6120kB pagetables:2448kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  197.850821][T12023] Node 1 active_anon:7336kB inactive_anon:0kB active_file:1588kB inactive_file:134860kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36344kB dirty:264kB writeback:0kB shmem:4848kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5908kB pagetables:1356kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  197.861900][T12023] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  197.871691][T12023] lowmem_reserve[]: 0 815 815 815 815
[  197.873885][T12023] Node 0 DMA32 free:322992kB boost:0kB min:33716kB low:42144kB high:50572kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11604kB inactive_anon:0kB active_file:3376kB inactive_file:18188kB unevictable:3536kB writepending:276kB present:1556484kB managed:834740kB mlocked:0kB bounce:0kB free_pcp:33504kB local_pcp:20744kB free_cma:0kB
[  197.886353][T12023] lowmem_reserve[]: 0 0 0 0 0
[  197.887966][T12023] Node 1 DMA32 free:458616kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  197.897571][T12023] lowmem_reserve[]: 0 0 854 854 854
[  197.899227][T12023] Node 1 Normal free:120236kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:7336kB inactive_anon:0kB active_file:1588kB inactive_file:134860kB unevictable:3536kB writepending:264kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:41316kB local_pcp:22804kB free_cma:0kB
[  197.911461][T12023] lowmem_reserve[]: 0 0 0 0 0
[  197.913369][T12023] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  197.917799][T12023] Node 0 DMA32: 424*4kB (UE) 144*8kB (UME) 278*16kB (UME) 732*32kB (UME) 286*64kB (UME) 108*128kB (UM) 48*256kB (UME) 22*512kB (UM) 25*1024kB (UM) 7*2048kB (UME) 48*4096kB (M) = 322944kB
[  197.926819][T12023] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  197.932976][T12023] Node 1 Normal: 43*4kB (UME) 604*8kB (UM) 332*16kB (UME) 315*32kB (UME) 147*64kB (UME) 70*128kB (UME) 50*256kB (UME) 22*512kB (UME) 22*1024kB (UME) 5*2048kB (UM) 6*4096kB (UM) = 120172kB
[  197.942067][T12023] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  197.945327][T12023] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  197.948527][T12023] 41938 total pagecache pages
[  197.950284][T12023] 0 pages in swap cache
[  197.951670][T12023] Free swap  = 124996kB
[  197.955074][T12023] Total swap = 124996kB
[  197.956862][T12023] 786301 pages RAM
[  197.958423][T12023] 0 pages HighMem/MovableOnly
[  197.960379][T12023] 240368 pages reserved
[  197.962274][T12023] 0 pages cma reserved
[  199.923969][T12109] syzkaller1: entered allmulticast mode
[  199.997470][T12111] validate_nla: 1 callbacks suppressed
[  199.997486][T12111] netlink: 'syz.0.1867': attribute type 13 has an invalid length.
[  200.003595][T12111] netlink: 'syz.0.1867': attribute type 17 has an invalid length.
[  200.010999][T12111] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  200.133206][T12120] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1870'.
[  200.137007][T12120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1870'.
[  200.140478][T12120] netlink: 'syz.0.1870': attribute type 1 has an invalid length.
[  200.182330][T12120] nbd: socks must be embedded in a SOCK_ITEM attr
[  200.185051][T12120] block nbd1: shutting down sockets
[  200.232735][T12130] netlink: 'syz.2.1874': attribute type 13 has an invalid length.
[  200.235521][T12130] netlink: 'syz.2.1874': attribute type 17 has an invalid length.
[  200.240592][T12130] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  200.263670][ T5865] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  200.294418][ T5865] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  200.364572][T12140] netlink: 'syz.2.1878': attribute type 9 has an invalid length.
[  200.374167][T12140] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  200.445863][T12142] netlink: 'syz.0.1877': attribute type 1 has an invalid length.
[  200.462515][ T5817] Bluetooth: hci2: command 0x0419 tx timeout
[  201.259520][T12154] netlink: 'syz.0.1882': attribute type 13 has an invalid length.
[  201.262240][T12154] netlink: 'syz.0.1882': attribute type 17 has an invalid length.
[  201.267102][T12154] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  201.295705][T12157] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  201.389552][T12167] netlink: 'syz.2.1886': attribute type 10 has an invalid length.
[  202.404315][T12191] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  202.416029][T12191] __nla_validate_parse: 3 callbacks suppressed
[  202.416049][T12191] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1893'.
[  202.460844][T12191] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  203.228776][T12218] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1899'.
[  203.273835][T12218] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1899'.
[  203.277728][T12218] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1899'.
[  206.004926][T12296] netlink: 'syz.0.1923': attribute type 10 has an invalid length.
[  206.157791][T12303] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1924'.
[  206.194906][T12304] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  206.289981][T12313] netlink: 'syz.1.1928': attribute type 13 has an invalid length.
[  206.302481][T12313] netlink: 'syz.1.1928': attribute type 17 has an invalid length.
[  206.317548][T12313] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  206.336732][   T33] audit: type=1800 audit(1751648231.846:26): pid=12298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1924" name="cgroup.controllers" dev="tmpfs" ino=3232 res=0 errno=0
[  206.896386][T12341] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  207.799640][T12366] bridge3: entered promiscuous mode
[  207.802292][T12366] bridge3: entered allmulticast mode
[  207.810092][T12366] team0: Port device bridge3 added
[  207.945500][T12376] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  208.536721][T12380] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1943'.
[  209.000412][   T33] audit: type=1800 audit(1751648234.506:27): pid=12390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1945" name="cgroup.controllers" dev="tmpfs" ino=3253 res=0 errno=0
[  209.084234][T12398] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1948'.
[  209.518370][T12422] netlink: 'syz.2.1954': attribute type 10 has an invalid length.
[  210.295031][T12439] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1960'.
[  211.057820][T12449] warn_alloc: 3 callbacks suppressed
[  211.057842][T12449] syz.1.1963: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  211.066841][T12449] CPU: 0 UID: 0 PID: 12449 Comm: syz.1.1963 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  211.066863][T12449] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  211.066871][T12449] Call Trace:
[  211.066877][T12449]  <TASK>
[  211.066883][T12449]  dump_stack_lvl+0x189/0x250
[  211.066912][T12449]  ? __pfx_dump_stack_lvl+0x10/0x10
[  211.066931][T12449]  ? __pfx__printk+0x10/0x10
[  211.066947][T12449]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  211.066962][T12449]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  211.066977][T12449]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  211.066993][T12449]  warn_alloc+0x214/0x310
[  211.067008][T12449]  ? stack_depot_save_flags+0x40/0x900
[  211.067028][T12449]  ? __pfx_warn_alloc+0x10/0x10
[  211.067044][T12449]  ? kasan_save_track+0x4f/0x80
[  211.067065][T12449]  ? xskq_create+0x56/0x170
[  211.067083][T12449]  ? xsk_init_queue+0xb0/0x110
[  211.067129][T12449]  ? xsk_setsockopt+0x43f/0x710
[  211.067143][T12449]  ? do_sock_setsockopt+0x25a/0x3e0
[  211.067159][T12449]  ? __x64_sys_setsockopt+0x18b/0x220
[  211.067173][T12449]  ? do_syscall_64+0xfa/0x3b0
[  211.067183][T12449]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.067202][T12449]  __vmalloc_node_range_noprof+0x125/0x12f0
[  211.067238][T12449]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  211.067257][T12449]  ? __kasan_kmalloc+0x93/0xb0
[  211.067271][T12449]  vmalloc_user_noprof+0xad/0xf0
[  211.067285][T12449]  ? xskq_create+0xbf/0x170
[  211.067310][T12449]  xskq_create+0xbf/0x170
[  211.067328][T12449]  xsk_init_queue+0xb0/0x110
[  211.067348][T12449]  xsk_setsockopt+0x43f/0x710
[  211.067366][T12449]  ? __pfx_xsk_setsockopt+0x10/0x10
[  211.067381][T12449]  ? __lock_acquire+0xab9/0xd20
[  211.067407][T12449]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  211.067424][T12449]  ? __pfx_xsk_setsockopt+0x10/0x10
[  211.067442][T12449]  do_sock_setsockopt+0x25a/0x3e0
[  211.067459][T12449]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  211.067477][T12449]  ? __fget_files+0x2a/0x420
[  211.067497][T12449]  __x64_sys_setsockopt+0x18b/0x220
[  211.067517][T12449]  do_syscall_64+0xfa/0x3b0
[  211.067527][T12449]  ? lockdep_hardirqs_on+0x9c/0x150
[  211.067544][T12449]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.067554][T12449]  ? exc_page_fault+0x9f/0xf0
[  211.067573][T12449]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.067586][T12449] RIP: 0033:0x7f75e4d8e929
[  211.067598][T12449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  211.067610][T12449] RSP: 002b:00007f75e5c67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  211.067625][T12449] RAX: ffffffffffffffda RBX: 00007f75e4fb5fa0 RCX: 00007f75e4d8e929
[  211.067634][T12449] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009
[  211.067642][T12449] RBP: 00007f75e4e10b39 R08: 0000000000000004 R09: 0000000000000000
[  211.067650][T12449] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  211.067657][T12449] R13: 0000000000000000 R14: 00007f75e4fb5fa0 R15: 00007ffc7bfe3d58
[  211.067679][T12449]  </TASK>
[  211.067684][T12449] Mem-Info:
[  211.204640][T12449] active_anon:4635 inactive_anon:0 isolated_anon:0
[  211.204640][T12449]  active_file:1241 inactive_file:38268 isolated_file:0
[  211.204640][T12449]  unevictable:1768 dirty:171 writeback:0
[  211.204640][T12449]  slab_reclaimable:9687 slab_unreclaimable:112866
[  211.204640][T12449]  mapped:18145 shmem:2439 pagetables:913
[  211.204640][T12449]  sec_pagetables:0 bounce:0
[  211.204640][T12449]  kernel_misc_reclaimable:0
[  211.204640][T12449]  free:225997 free_pcp:21197 free_cma:0
[  211.222331][T12449] Node 0 active_anon:11272kB inactive_anon:0kB active_file:3376kB inactive_file:18196kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36236kB dirty:296kB writeback:0kB shmem:4888kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5892kB pagetables:2160kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  211.236181][T12449] Node 1 active_anon:7336kB inactive_anon:0kB active_file:1588kB inactive_file:134876kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36344kB dirty:388kB writeback:0kB shmem:4868kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:6016kB pagetables:1560kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  211.249364][T12449] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  211.261150][T12449] lowmem_reserve[]: 0 815 815 815 815
[  211.267803][T12449] Node 0 DMA32 free:311700kB boost:0kB min:33716kB low:42144kB high:50572kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11272kB inactive_anon:0kB active_file:3376kB inactive_file:18196kB unevictable:3536kB writepending:296kB present:1556484kB managed:834740kB mlocked:0kB bounce:0kB free_pcp:38348kB local_pcp:20472kB free_cma:0kB
[  211.281122][T12449] lowmem_reserve[]: 0 0 0 0 0
[  211.284901][T12449] Node 1 DMA32 free:458616kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  211.303433][T12449] lowmem_reserve[]: 0 0 854 854 854
[  211.322160][T12449] Node 1 Normal free:118312kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:7268kB inactive_anon:0kB active_file:1588kB inactive_file:134876kB unevictable:3536kB writepending:388kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:46536kB local_pcp:19192kB free_cma:0kB
[  211.335966][T12449] lowmem_reserve[]: 0 0 0 0 0
[  211.338487][T12449] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  211.343638][T12449] Node 0 DMA32: 205*4kB (ME) 34*8kB (ME) 137*16kB (ME) 172*32kB (UME) 263*64kB (UME) 107*128kB (UM) 44*256kB (UME) 22*512kB (UME) 22*1024kB (UME) 9*2048kB (UM) 51*4096kB (M) = 311700kB
[  211.350834][T12449] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  211.357473][T12449] Node 1 Normal: 320*4kB (ME) 379*8kB (UM) 469*16kB (UME) 108*32kB (UME) 191*64kB (UM) 81*128kB (UME) 44*256kB (UM) 21*512kB (UM) 21*1024kB (UM) 4*2048kB (UME) 7*4096kB (UM) = 118248kB
[  211.365026][T12449] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  211.368760][T12449] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  211.373649][T12449] 41948 total pagecache pages
[  211.375754][T12449] 0 pages in swap cache
[  211.377618][T12449] Free swap  = 124996kB
[  211.379463][T12449] Total swap = 124996kB
[  211.381368][T12449] 786301 pages RAM
[  211.387052][T12449] 0 pages HighMem/MovableOnly
[  211.390810][T12449] 240368 pages reserved
[  211.393452][T12449] 0 pages cma reserved
[  211.398948][T12459] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  211.407326][T12458] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  212.369232][T12476] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1971'.
[  212.380430][T12478] netlink: 'syz.0.1972': attribute type 13 has an invalid length.
[  212.387605][T12478] netlink: 'syz.0.1972': attribute type 17 has an invalid length.
[  212.400126][T12478] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  212.488915][T12492] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1976'.
[  213.486433][T12511] netlink: 'syz.2.1983': attribute type 10 has an invalid length.
[  213.490775][T12511] veth0_vlan: left promiscuous mode
[  213.495830][T12511] veth0_vlan: entered promiscuous mode
[  213.500225][T12511] team0: Device veth0_vlan failed to register rx_handler
[  215.541223][T12544] xt_TCPMSS: Only works on TCP SYN packets
[  215.905866][T12559] netlink: 'syz.1.2000': attribute type 13 has an invalid length.
[  215.908941][T12559] netlink: 'syz.1.2000': attribute type 17 has an invalid length.
[  215.921691][T12559] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  215.979331][T12561] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2001'.
[  215.987613][T12561] xt_bpf: check failed: parse error
[  216.686829][T12578] netlink: 'syz.2.2007': attribute type 8 has an invalid length.
[  217.121370][T12582] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2008'.
[  218.440467][T12656] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2025'.
[  218.447049][T12656] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2025'.
[  218.450570][T12656] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2025'.
[  218.765933][T12674] netlink: 'syz.2.2031': attribute type 21 has an invalid length.
[  219.286361][T12684] netlink: 'syz.1.2034': attribute type 10 has an invalid length.
[  219.458321][T12692] xt_recent: hitcount (16777216) is larger than allowed maximum (65535)
[  219.557356][T12696] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2038'.
[  219.562402][T12696] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2038'.
[  219.565274][T12696] netlink: 10 bytes leftover after parsing attributes in process `syz.1.2038'.
[  219.568231][T12696] nbd: socks must be embedded in a SOCK_ITEM attr
[  219.749719][T12705] netlink: 'syz.1.2041': attribute type 10 has an invalid length.
[  219.793484][T12707] netlink: 'syz.1.2042': attribute type 13 has an invalid length.
[  219.796670][T12707] netlink: 'syz.1.2042': attribute type 17 has an invalid length.
[  219.808512][T12707] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  220.986203][T12743] netlink: 'syz.2.2053': attribute type 13 has an invalid length.
[  220.989402][T12743] netlink: 'syz.2.2053': attribute type 17 has an invalid length.
[  220.997710][T12743] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  221.023615][ T5865] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  221.099578][T12750] team0: No ports can be present during mode change
[  221.125711][ T5865] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  221.408297][T12758] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2057'.
[  221.428854][T12758] bond1 (unregistering): Released all slaves
[  221.466038][T12760] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2057'.
[  222.224711][T12769] netlink: 'syz.0.2060': attribute type 13 has an invalid length.
[  222.228452][T12769] netlink: 'syz.0.2060': attribute type 17 has an invalid length.
[  222.238067][T12769] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  222.295883][T12771] netlink: 'syz.0.2061': attribute type 4 has an invalid length.
[  223.204317][T12792] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2066'.
[  223.535799][T12795] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  223.675449][T12803] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2069'.
[  223.724811][T12803] hsr_slave_1 (unregistering): left promiscuous mode
[  223.851434][T12808] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2071'.
[  223.857023][T12808] validate_nla: 3 callbacks suppressed
[  223.857036][T12808] netlink: 'syz.1.2071': attribute type 1 has an invalid length.
[  223.864916][T12808] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2071'.
[  223.906665][T12810] netlink: 'syz.2.2072': attribute type 10 has an invalid length.
[  223.910117][T12810] veth0_vlan: left promiscuous mode
[  223.914911][T12810] veth0_vlan: entered promiscuous mode
[  223.924576][T12810] team0: Device veth0_vlan failed to register rx_handler
[  224.004595][T12818] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2074'.
[  224.008769][T12818] netlink: 'syz.2.2074': attribute type 1 has an invalid length.
[  224.015250][T12818] netlink: 'syz.2.2074': attribute type 2 has an invalid length.
[  224.018466][T12818] netlink: 'syz.2.2074': attribute type 3 has an invalid length.
[  224.022419][T12818] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2074'.
[  224.455371][   T33] audit: type=1800 audit(1751648249.966:28): pid=12837 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2080" name="cgroup.controllers" dev="tmpfs" ino=3459 res=0 errno=0
[  226.393761][T12901] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  227.359822][T12931] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2107'.
[  227.364968][T12931] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2107'.
[  227.629036][T12947] warn_alloc: 2 callbacks suppressed
[  227.629047][T12947] syz.0.2112: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  227.636873][T12947] CPU: 0 UID: 0 PID: 12947 Comm: syz.0.2112 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  227.636886][T12947] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  227.636891][T12947] Call Trace:
[  227.636897][T12947]  <TASK>
[  227.636902][T12947]  dump_stack_lvl+0x189/0x250
[  227.636944][T12947]  ? __pfx_dump_stack_lvl+0x10/0x10
[  227.636955][T12947]  ? __pfx__printk+0x10/0x10
[  227.636964][T12947]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  227.636974][T12947]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  227.636982][T12947]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  227.636991][T12947]  warn_alloc+0x214/0x310
[  227.637005][T12947]  ? stack_depot_save_flags+0x40/0x900
[  227.637024][T12947]  ? __pfx_warn_alloc+0x10/0x10
[  227.637037][T12947]  ? kasan_save_track+0x4f/0x80
[  227.637048][T12947]  ? xskq_create+0x56/0x170
[  227.637059][T12947]  ? xsk_init_queue+0xb0/0x110
[  227.637067][T12947]  ? xsk_setsockopt+0x43f/0x710
[  227.637082][T12947]  ? do_sock_setsockopt+0x25a/0x3e0
[  227.637092][T12947]  ? __x64_sys_setsockopt+0x18b/0x220
[  227.637099][T12947]  ? do_syscall_64+0xfa/0x3b0
[  227.637105][T12947]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.637116][T12947]  __vmalloc_node_range_noprof+0x125/0x12f0
[  227.637136][T12947]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  227.637146][T12947]  ? __kasan_kmalloc+0x93/0xb0
[  227.637154][T12947]  vmalloc_user_noprof+0xad/0xf0
[  227.637162][T12947]  ? xskq_create+0xbf/0x170
[  227.637172][T12947]  xskq_create+0xbf/0x170
[  227.637183][T12947]  xsk_init_queue+0xb0/0x110
[  227.637194][T12947]  xsk_setsockopt+0x43f/0x710
[  227.637204][T12947]  ? __pfx_xsk_setsockopt+0x10/0x10
[  227.637213][T12947]  ? __lock_acquire+0xab9/0xd20
[  227.637227][T12947]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  227.637237][T12947]  ? __pfx_xsk_setsockopt+0x10/0x10
[  227.637246][T12947]  do_sock_setsockopt+0x25a/0x3e0
[  227.637256][T12947]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  227.637266][T12947]  ? __fget_files+0x2a/0x420
[  227.637277][T12947]  __x64_sys_setsockopt+0x18b/0x220
[  227.637288][T12947]  do_syscall_64+0xfa/0x3b0
[  227.637294][T12947]  ? lockdep_hardirqs_on+0x9c/0x150
[  227.637304][T12947]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.637310][T12947]  ? exc_page_fault+0x9f/0xf0
[  227.637323][T12947]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.637330][T12947] RIP: 0033:0x7f95b838e929
[  227.637338][T12947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  227.637345][T12947] RSP: 002b:00007f95b9208038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  227.637354][T12947] RAX: ffffffffffffffda RBX: 00007f95b85b6080 RCX: 00007f95b838e929
[  227.637359][T12947] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008
[  227.637364][T12947] RBP: 00007f95b8410b39 R08: 0000000000000004 R09: 0000000000000000
[  227.637368][T12947] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  227.637372][T12947] R13: 0000000000000000 R14: 00007f95b85b6080 R15: 00007ffcbd2be4c8
[  227.637384][T12947]  </TASK>
[  227.637387][T12947] Mem-Info:
[  227.748976][T12947] active_anon:4636 inactive_anon:0 isolated_anon:0
[  227.748976][T12947]  active_file:1241 inactive_file:38274 isolated_file:0
[  227.748976][T12947]  unevictable:1768 dirty:70 writeback:0
[  227.748976][T12947]  slab_reclaimable:9711 slab_unreclaimable:112069
[  227.748976][T12947]  mapped:18102 shmem:2446 pagetables:959
[  227.748976][T12947]  sec_pagetables:0 bounce:0
[  227.748976][T12947]  kernel_misc_reclaimable:0
[  227.748976][T12947]  free:228809 free_pcp:19265 free_cma:0
[  227.763854][T12947] Node 0 active_anon:11492kB inactive_anon:0kB active_file:3376kB inactive_file:18196kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36064kB dirty:128kB writeback:0kB shmem:4896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5848kB pagetables:2144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  227.782087][T12947] Node 1 active_anon:6984kB inactive_anon:0kB active_file:1588kB inactive_file:134900kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36344kB dirty:152kB writeback:0kB shmem:4888kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:6096kB pagetables:1760kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  227.795039][T12947] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  227.806384][T12947] lowmem_reserve[]: 0 815 815 815 815
[  227.808315][T12947] Node 0 DMA32 free:310688kB boost:0kB min:33716kB low:42144kB high:50572kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11492kB inactive_anon:0kB active_file:3376kB inactive_file:18196kB unevictable:3536kB writepending:128kB present:1556484kB managed:834740kB mlocked:0kB bounce:0kB free_pcp:44124kB local_pcp:27544kB free_cma:0kB
[  227.821267][T12947] lowmem_reserve[]: 0 0 0 0 0
[  227.823536][T12947] Node 1 DMA32 free:458616kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  227.836858][T12947] lowmem_reserve[]: 0 0 854 854 854
[  227.840024][T12947] Node 1 Normal free:130368kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:6984kB inactive_anon:0kB active_file:1588kB inactive_file:134900kB unevictable:3536kB writepending:152kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:34204kB local_pcp:17180kB free_cma:0kB
[  227.850615][T12947] lowmem_reserve[]: 0 0 0 0 0
[  227.852413][T12947] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  227.856546][T12947] Node 0 DMA32: 956*4kB (UME) 944*8kB (UME) 437*16kB (UME) 146*32kB (UME) 238*64kB (UME) 78*128kB (UM) 29*256kB (UME) 18*512kB (UME) 20*1024kB (UME) 6*2048kB (UM) 52*4096kB (M) = 310656kB
[  227.863257][T12947] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  227.868517][T12947] Node 1 Normal: 306*4kB (UME) 41*8kB (UM) 290*16kB (UM) 429*32kB (UM) 251*64kB (UM) 95*128kB (UME) 49*256kB (UM) 22*512kB (UM) 21*1024kB (UM) 4*2048kB (UME) 7*4096kB (UM) = 130320kB
[  227.874772][T12947] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  227.878020][T12947] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  227.881265][T12947] 41961 total pagecache pages
[  227.883647][T12947] 0 pages in swap cache
[  227.885351][T12947] Free swap  = 124996kB
[  227.887053][T12947] Total swap = 124996kB
[  227.889027][T12947] 786301 pages RAM
[  227.890846][T12947] 0 pages HighMem/MovableOnly
[  227.893513][T12947] 240368 pages reserved
[  227.895296][T12947] 0 pages cma reserved
[  228.069473][T12972] netlink: 'syz.0.2118': attribute type 1 has an invalid length.
[  228.075398][T12972] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  228.405689][T12975] netlink: 'syz.1.2119': attribute type 10 has an invalid length.
[  229.046550][T12995] xt_hashlimit: size too large, truncated to 1048576
[  229.104793][T12997] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2125'.
[  230.166598][T13016] sctp: [Deprecated]: syz.2.2130 (pid 13016) Use of int in maxseg socket option.
[  230.166598][T13016] Use struct sctp_assoc_value instead
[  230.175465][T13016] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2130'.
[  230.295564][T13026] netlink: 'syz.2.2133': attribute type 1 has an invalid length.
[  230.298536][T13026] netlink: 'syz.2.2133': attribute type 1 has an invalid length.
[  230.400905][T13030] netlink: 'syz.2.2135': attribute type 13 has an invalid length.
[  230.409218][T13030] netlink: 'syz.2.2135': attribute type 17 has an invalid length.
[  230.416785][T13030] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  230.443825][   T51] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  230.537758][T13033] infiniband srz1: RDMA CMA: cma_listen_on_dev, error -98
[  230.614199][T13032] infiniband syz0: set down
[  230.616471][T13032] infiniband syz0: added ipvlan1
[  230.652468][T13032] RDS/IB: syz0: added
[  230.654041][T13032] smc: adding ib device syz0 with port count 1
[  230.656129][T13032] smc:    ib device syz0 port 1 has pnetid 
[  231.092514][   T51] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  232.051173][T13062] netlink: 'syz.1.2144': attribute type 11 has an invalid length.
[  233.834643][T13116] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2158'.
[  234.020445][T13123] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2160'.
[  234.132756][T13128] netlink: 'syz.1.2161': attribute type 10 has an invalid length.
[  234.142809][T13128] 8021q: adding VLAN 0 to HW filter on device team0
[  234.147939][T13128] bond0: (slave team0): Enslaving as an active interface with an up link
[  234.832550][T13137] netlink: 508 bytes leftover after parsing attributes in process `syz.0.2164'.
[  236.080999][T13175] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  236.083772][T13175] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  236.709081][T13200] delete_channel: no stack
[  236.869376][T13209] netlink: 'syz.1.2183': attribute type 4 has an invalid length.
[  236.873703][T13209] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2183'.
[  236.903974][T13209] syzkaller0: entered promiscuous mode
[  236.906152][T13209] syzkaller0: entered allmulticast mode
[  237.200368][T13223] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2187'.
[  237.205111][T13223] netlink: 51 bytes leftover after parsing attributes in process `syz.0.2187'.
[  237.208378][T13223] netlink: 'syz.0.2187': attribute type 6 has an invalid length.
[  237.212974][T13223] netlink: 51 bytes leftover after parsing attributes in process `syz.0.2187'.
[  237.289162][T13230] netlink: 'syz.0.2189': attribute type 12 has an invalid length.
[  238.824375][T13260] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2198'.
[  238.827661][T13260] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2198'.
[  238.830767][T13260] netlink: 'syz.1.2198': attribute type 1 has an invalid length.
[  238.834150][T13260] netlink: 10 bytes leftover after parsing attributes in process `syz.1.2198'.
[  238.856135][T13260] nbd: socks must be embedded in a SOCK_ITEM attr
[  238.859101][T13260] block nbd1: shutting down sockets
[  239.043487][T13265] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  239.111916][T13269] syz.2.2202: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  239.120107][T13269] CPU: 1 UID: 0 PID: 13269 Comm: syz.2.2202 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  239.120120][T13269] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  239.120126][T13269] Call Trace:
[  239.120132][T13269]  <TASK>
[  239.120138][T13269]  dump_stack_lvl+0x189/0x250
[  239.120157][T13269]  ? __pfx_dump_stack_lvl+0x10/0x10
[  239.120171][T13269]  ? __pfx__printk+0x10/0x10
[  239.120181][T13269]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  239.120192][T13269]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  239.120202][T13269]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  239.120212][T13269]  warn_alloc+0x214/0x310
[  239.120222][T13269]  ? stack_depot_save_flags+0x40/0x900
[  239.120233][T13269]  ? __pfx_warn_alloc+0x10/0x10
[  239.120242][T13269]  ? kasan_save_track+0x4f/0x80
[  239.120271][T13269]  ? xskq_create+0x56/0x170
[  239.120281][T13269]  ? xsk_init_queue+0xb0/0x110
[  239.120289][T13269]  ? xsk_setsockopt+0x43f/0x710
[  239.120297][T13269]  ? do_sock_setsockopt+0x25a/0x3e0
[  239.120306][T13269]  ? __x64_sys_setsockopt+0x18b/0x220
[  239.120313][T13269]  ? do_syscall_64+0xfa/0x3b0
[  239.120319][T13269]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.120330][T13269]  __vmalloc_node_range_noprof+0x125/0x12f0
[  239.120368][T13269]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  239.120380][T13269]  ? __kasan_kmalloc+0x93/0xb0
[  239.120389][T13269]  vmalloc_user_noprof+0xad/0xf0
[  239.120398][T13269]  ? xskq_create+0xbf/0x170
[  239.120409][T13269]  xskq_create+0xbf/0x170
[  239.120422][T13269]  xsk_init_queue+0xb0/0x110
[  239.120434][T13269]  xsk_setsockopt+0x43f/0x710
[  239.120445][T13269]  ? __pfx_xsk_setsockopt+0x10/0x10
[  239.120454][T13269]  ? __lock_acquire+0xab9/0xd20
[  239.120468][T13269]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  239.120479][T13269]  ? __pfx_xsk_setsockopt+0x10/0x10
[  239.120491][T13269]  do_sock_setsockopt+0x25a/0x3e0
[  239.120502][T13269]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  239.120512][T13269]  ? __fget_files+0x2a/0x420
[  239.120524][T13269]  __x64_sys_setsockopt+0x18b/0x220
[  239.120535][T13269]  do_syscall_64+0xfa/0x3b0
[  239.120541][T13269]  ? lockdep_hardirqs_on+0x9c/0x150
[  239.120551][T13269]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.120558][T13269]  ? exc_page_fault+0x9f/0xf0
[  239.120569][T13269]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.120576][T13269] RIP: 0033:0x7f1b5398e929
[  239.120584][T13269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  239.120591][T13269] RSP: 002b:00007f1b5473b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  239.120600][T13269] RAX: ffffffffffffffda RBX: 00007f1b53bb6080 RCX: 00007f1b5398e929
[  239.120606][T13269] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008
[  239.120610][T13269] RBP: 00007f1b53a10b39 R08: 0000000000000004 R09: 0000000000000000
[  239.120615][T13269] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  239.120619][T13269] R13: 0000000000000000 R14: 00007f1b53bb6080 R15: 00007fff38ae6f98
[  239.120631][T13269]  </TASK>
[  239.120972][T13269] Mem-Info:
[  239.253132][T13269] active_anon:4686 inactive_anon:0 isolated_anon:0
[  239.253132][T13269]  active_file:1241 inactive_file:38278 isolated_file:0
[  239.253132][T13269]  unevictable:1768 dirty:80 writeback:0
[  239.253132][T13269]  slab_reclaimable:9809 slab_unreclaimable:110310
[  239.253132][T13269]  mapped:18162 shmem:2449 pagetables:839
[  239.253132][T13269]  sec_pagetables:0 bounce:0
[  239.253132][T13269]  kernel_misc_reclaimable:0
[  239.253132][T13269]  free:227982 free_pcp:21338 free_cma:0
[  239.275484][T13269] Node 0 active_anon:11856kB inactive_anon:0kB active_file:3376kB inactive_file:18196kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36300kB dirty:160kB writeback:0kB shmem:4896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:6024kB pagetables:2004kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  239.287006][T13269] Node 1 active_anon:6888kB inactive_anon:0kB active_file:1588kB inactive_file:134916kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36348kB dirty:160kB writeback:0kB shmem:4900kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5916kB pagetables:1352kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  239.300114][T13269] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  239.311443][T13269] lowmem_reserve[]: 0 815 815 815 815
[  239.314604][T13269] Node 0 DMA32 free:326088kB boost:0kB min:33716kB low:42144kB high:50572kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11856kB inactive_anon:0kB active_file:3376kB inactive_file:18196kB unevictable:3536kB writepending:160kB present:1556484kB managed:834740kB mlocked:0kB bounce:0kB free_pcp:32488kB local_pcp:17304kB free_cma:0kB
[  239.325051][T13269] lowmem_reserve[]: 0 0 0 0 0
[  239.326635][T13269] Node 1 DMA32 free:458616kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  239.337635][T13269] lowmem_reserve[]: 0 0 854 854 854
[  239.339403][T13269] Node 1 Normal free:111864kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:6004kB inactive_anon:0kB active_file:1588kB inactive_file:134916kB unevictable:3536kB writepending:160kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:56120kB local_pcp:36796kB free_cma:0kB
[  239.349859][T13269] lowmem_reserve[]: 0 0 0 0 0
[  239.351470][T13269] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  239.358011][T13269] Node 0 DMA32: 586*4kB (UM) 908*8kB (UME) 358*16kB (UME) 321*32kB (UME) 248*64kB (UME) 81*128kB (UM) 37*256kB (UME) 23*512kB (UME) 23*1024kB (UME) 4*2048kB (UM) 54*4096kB (UM) = 326024kB
[  239.365395][T13269] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  239.370570][T13269] Node 1 Normal: 1361*4kB (UME) 1068*8kB (UME) 424*16kB (UME) 292*32kB (UME) 25*64kB (U) 64*128kB (UME) 43*256kB (UME) 23*512kB (UME) 22*1024kB (UME) 3*2048kB (UM) 7*4096kB (UM) = 120036kB
[  239.377846][T13269] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  239.380758][T13269] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  239.384261][T13269] 41985 total pagecache pages
[  239.385833][T13269] 0 pages in swap cache
[  239.387217][T13269] Free swap  = 124996kB
[  239.388608][T13269] Total swap = 124996kB
[  239.390008][T13269] 786301 pages RAM
[  239.391216][T13269] 0 pages HighMem/MovableOnly
[  239.394816][T13269] 240368 pages reserved
[  239.396201][T13269] 0 pages cma reserved
[  239.645508][ T5817] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  239.650227][ T5817] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  239.653927][ T5817] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  239.657529][ T5817] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  239.660822][ T5817] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  239.676431][T13279] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2205'.
[  239.737976][T13280] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input135
[  239.902233][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  239.920037][T13286] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input136
[  239.976432][T13276] chnl_net:caif_netlink_parms(): no params data found
[  239.994520][T13292] netlink: 'syz.0.2208': attribute type 13 has an invalid length.
[  239.997407][T13292] netlink: 'syz.0.2208': attribute type 17 has an invalid length.
[  240.006101][T13292] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  240.039733][T13297] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2209'.
[  240.044649][T13297] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2209'.
[  240.049980][T13297] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2209'.
[  240.055116][T13276] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.057698][T13276] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.062851][T13276] bridge_slave_0: entered allmulticast mode
[  240.065600][T13276] bridge_slave_0: entered promiscuous mode
[  240.074403][T13276] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.077758][T13276] bridge0: port 2(bridge_slave_1) entered disabled state
[  240.080083][T13276] bridge_slave_1: entered allmulticast mode
[  240.092248][T13276] bridge_slave_1: entered promiscuous mode
[  240.119561][T13276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  240.125726][T13276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  240.154925][T13276] team0: Port device team_slave_0 added
[  240.158452][T13276] team0: Port device team_slave_1 added
[  240.178022][T13276] batman_adv: batadv0: Adding interface: batadv_slave_0
[  240.180288][T13276] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  240.190823][T13276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  240.196960][T13276] batman_adv: batadv0: Adding interface: batadv_slave_1
[  240.199184][T13276] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  240.208584][T13276] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  240.234986][T13276] hsr_slave_0: entered promiscuous mode
[  240.238700][T13276] hsr_slave_1: entered promiscuous mode
[  240.326550][T13276] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  240.330095][T13276] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.336585][T13276] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  240.348649][T13309] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2212'.
[  240.371322][T13309] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2212'.
[  240.396683][T13276] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  240.400115][T13276] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.404218][T13276] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  240.464091][T13276] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  240.467506][T13276] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.470912][T13276] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  240.544347][T13276] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  240.548811][T13276] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.554960][T13276] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  240.705306][T13276] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  240.712286][T13276] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  240.720112][T13276] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  240.729072][T13276] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  240.835195][T13276] 8021q: adding VLAN 0 to HW filter on device bond0
[  240.878793][T13276] 8021q: adding VLAN 0 to HW filter on device team0
[  240.906849][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.909915][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[  240.928329][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.931352][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[  241.124884][T13276] 8021q: adding VLAN 0 to HW filter on device batadv0
[  241.175676][T13276] veth0_vlan: entered promiscuous mode
[  241.187089][T13276] veth1_vlan: entered promiscuous mode
[  241.218807][T13276] veth0_macvtap: entered promiscuous mode
[  241.230651][T13276] veth1_macvtap: entered promiscuous mode
[  241.247429][T13335] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input137
[  241.258754][T13276] batman_adv: batadv0: Interface activated: batadv_slave_0
[  241.267935][T13276] batman_adv: batadv0: Interface activated: batadv_slave_1
[  241.280419][T13276] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  241.289079][T13276] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  241.298465][T13276] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  241.298559][   T33] audit: type=1800 audit(1751648266.806:29): pid=13328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2215" name="cgroup.controllers" dev="tmpfs" ino=3978 res=0 errno=0
[  241.302446][T13276] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  241.425406][ T1119] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  241.428897][ T1119] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  241.489393][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  241.492883][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  241.605259][T13346] netlink: 'syz.0.2220': attribute type 1 has an invalid length.
[  241.610585][T13346] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2220'.
[  241.616708][T13346] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2220'.
[  241.619926][T13346] netlink: 'syz.0.2220': attribute type 1 has an invalid length.
[  241.623292][T13346] netlink: 10 bytes leftover after parsing attributes in process `syz.0.2220'.
[  241.652664][T13346] nbd: socks must be embedded in a SOCK_ITEM attr
[  241.655552][T13346] block nbd1: shutting down sockets
[  241.698578][T13348] netlink: 'syz.0.2221': attribute type 13 has an invalid length.
[  241.701378][T13348] netlink: 'syz.0.2221': attribute type 17 has an invalid length.
[  241.708120][T13348] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  241.732352][ T5817] Bluetooth: hci2: command tx timeout
[  242.697329][T13364] IPv6: addrconf: prefix option has invalid lifetime
[  242.739696][T13366] netlink: 'syz.2.2228': attribute type 13 has an invalid length.
[  242.743737][T13366] netlink: 'syz.2.2228': attribute type 17 has an invalid length.
[  243.059357][T13385] netlink: 'syz.2.2234': attribute type 1 has an invalid length.
[  243.064364][T13385] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.2234'.
[  245.001781][T13418] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2244'.
[  246.035546][T13444] netlink: 'syz.0.2250': attribute type 10 has an invalid length.
[  246.084326][T13446] tap0: tun_chr_ioctl cmd 1074025673
[  246.092499][T13446] tap0: tun_chr_ioctl cmd 1074025678
[  246.094898][T13446] tap0: group set to 0
[  246.097341][T13446] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2251'.
[  246.986195][T13454] batman_adv: batadv0: Adding interface: dummy0
[  246.988761][T13454] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  246.997178][T13454] batman_adv: batadv0: Interface activated: dummy0
[  247.970851][T13465] netlink: 'syz.0.2257': attribute type 10 has an invalid length.
[  247.996765][T13467] netlink: 356 bytes leftover after parsing attributes in process `syz.2.2258'.
[  248.867476][T13478] netlink: 'syz.0.2261': attribute type 1 has an invalid length.
[  248.886340][T13478] 8021q: adding VLAN 0 to HW filter on device bond1
[  248.903077][T13478] bond1: (slave ip6gretap1): making interface the new active one
[  248.906319][T13478] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  249.863211][T13528] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2276'.
[  250.550806][T13535] netlink: 'syz.0.2278': attribute type 1 has an invalid length.
[  250.555106][T13535] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  250.776520][T13539] netlink: 'syz.2.2280': attribute type 13 has an invalid length.
[  250.780066][T13539] netlink: 'syz.2.2280': attribute type 17 has an invalid length.
[  251.378834][T13547] delete_channel: no stack
[  251.809061][T13565] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  252.455917][T13569] netlink: 'syz.0.2288': attribute type 1 has an invalid length.
[  252.458682][T13569] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2288'.
[  252.463418][T13569] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2288'.
[  252.466571][T13569] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2288'.
[  252.469840][T13569] netlink: 26 bytes leftover after parsing attributes in process `syz.0.2288'.
[  252.474326][T13569] nbd: socks must be embedded in a SOCK_ITEM attr
[  252.728557][T13577] warn_alloc: 1 callbacks suppressed
[  252.728572][T13577] syz.2.2291: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  252.738588][T13577] CPU: 1 UID: 0 PID: 13577 Comm: syz.2.2291 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  252.738605][T13577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  252.738612][T13577] Call Trace:
[  252.738617][T13577]  <TASK>
[  252.738621][T13577]  dump_stack_lvl+0x189/0x250
[  252.738676][T13577]  ? __pfx_dump_stack_lvl+0x10/0x10
[  252.738692][T13577]  ? __pfx__printk+0x10/0x10
[  252.738705][T13577]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  252.738718][T13577]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  252.738731][T13577]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  252.738744][T13577]  warn_alloc+0x214/0x310
[  252.738757][T13577]  ? stack_depot_save_flags+0x40/0x900
[  252.738774][T13577]  ? __pfx_warn_alloc+0x10/0x10
[  252.738787][T13577]  ? kasan_save_track+0x4f/0x80
[  252.738803][T13577]  ? xskq_create+0x56/0x170
[  252.738819][T13577]  ? xsk_init_queue+0xb0/0x110
[  252.738831][T13577]  ? xsk_setsockopt+0x43f/0x710
[  252.738844][T13577]  ? do_sock_setsockopt+0x25a/0x3e0
[  252.738856][T13577]  ? __x64_sys_setsockopt+0x18b/0x220
[  252.738867][T13577]  ? do_syscall_64+0xfa/0x3b0
[  252.738875][T13577]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.738890][T13577]  __vmalloc_node_range_noprof+0x125/0x12f0
[  252.738920][T13577]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  252.738935][T13577]  ? __kasan_kmalloc+0x93/0xb0
[  252.738946][T13577]  vmalloc_user_noprof+0xad/0xf0
[  252.738957][T13577]  ? xskq_create+0xbf/0x170
[  252.738971][T13577]  xskq_create+0xbf/0x170
[  252.738987][T13577]  xsk_init_queue+0xb0/0x110
[  252.739003][T13577]  xsk_setsockopt+0x43f/0x710
[  252.739018][T13577]  ? __pfx_xsk_setsockopt+0x10/0x10
[  252.739029][T13577]  ? __lock_acquire+0xab9/0xd20
[  252.739049][T13577]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  252.739065][T13577]  ? __pfx_xsk_setsockopt+0x10/0x10
[  252.739080][T13577]  do_sock_setsockopt+0x25a/0x3e0
[  252.739094][T13577]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  252.739112][T13577]  ? __fget_files+0x2a/0x420
[  252.739130][T13577]  __x64_sys_setsockopt+0x18b/0x220
[  252.739146][T13577]  do_syscall_64+0xfa/0x3b0
[  252.739154][T13577]  ? lockdep_hardirqs_on+0x9c/0x150
[  252.739170][T13577]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.739180][T13577]  ? exc_page_fault+0x9f/0xf0
[  252.739199][T13577]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.739210][T13577] RIP: 0033:0x7f1b5398e929
[  252.739251][T13577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  252.739262][T13577] RSP: 002b:00007f1b5473b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  252.739277][T13577] RAX: ffffffffffffffda RBX: 00007f1b53bb6080 RCX: 00007f1b5398e929
[  252.739286][T13577] RDX: 0000000000000006 RSI: 000000000000011b RDI: 000000000000000b
[  252.739294][T13577] RBP: 00007f1b53a10b39 R08: 0000000000000004 R09: 0000000000000000
[  252.739302][T13577] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  252.739310][T13577] R13: 0000000000000000 R14: 00007f1b53bb6080 R15: 00007fff38ae6f98
[  252.739333][T13577]  </TASK>
[  252.739489][T13577] Mem-Info:
[  252.878393][T13577] active_anon:4639 inactive_anon:0 isolated_anon:0
[  252.878393][T13577]  active_file:1258 inactive_file:38285 isolated_file:0
[  252.878393][T13577]  unevictable:1768 dirty:37 writeback:0
[  252.878393][T13577]  slab_reclaimable:9883 slab_unreclaimable:113037
[  252.878393][T13577]  mapped:18146 shmem:2456 pagetables:841
[  252.878393][T13577]  sec_pagetables:0 bounce:0
[  252.878393][T13577]  kernel_misc_reclaimable:0
[  252.878393][T13577]  free:229194 free_pcp:17271 free_cma:0
[  252.897998][T13577] Node 0 active_anon:12652kB inactive_anon:0kB active_file:3376kB inactive_file:18208kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:54408kB dirty:120kB writeback:0kB shmem:4924kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:6028kB pagetables:2108kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  252.913362][T13577] Node 1 active_anon:5904kB inactive_anon:0kB active_file:1656kB inactive_file:134932kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:18176kB dirty:28kB writeback:0kB shmem:4900kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:6252kB pagetables:1256kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  252.927522][T13577] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  252.942855][T13577] lowmem_reserve[]: 0 815 815 815 815
[  252.945201][T13577] Node 0 DMA32 free:291868kB boost:0kB min:33716kB low:42144kB high:50572kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12652kB inactive_anon:0kB active_file:3376kB inactive_file:18208kB unevictable:3536kB writepending:120kB present:1556484kB managed:834740kB mlocked:0kB bounce:0kB free_pcp:28408kB local_pcp:15868kB free_cma:0kB
[  252.957331][T13577] lowmem_reserve[]: 0 0 0 0 0
[  252.958938][T13577] Node 1 DMA32 free:458616kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  252.969348][T13577] lowmem_reserve[]: 0 0 854 854 854
[  252.971067][T13577] Node 1 Normal free:150932kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:5904kB inactive_anon:0kB active_file:1656kB inactive_file:134932kB unevictable:3536kB writepending:28kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:40644kB local_pcp:18652kB free_cma:0kB
[  252.981372][T13577] lowmem_reserve[]: 0 0 0 0 0
[  252.983452][T13577] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  252.987618][T13577] Node 0 DMA32: 1*4kB (M) 1*8kB (E) 203*16kB (ME) 241*32kB (UME) 58*64kB (UM) 37*128kB (UM) 20*256kB (UM) 20*512kB (UM) 23*1024kB (UME) 6*2048kB (UM) 54*4096kB (UM) = 291804kB
[  252.993673][T13577] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  252.998932][T13577] Node 1 Normal: 263*4kB (UM) 871*8kB (UME) 609*16kB (UM) 240*32kB (UME) 128*64kB (UME) 98*128kB (UME) 59*256kB (UME) 35*512kB (UME) 26*1024kB (UME) 8*2048kB (UM) 7*4096kB (UM) = 150884kB
[  253.006516][T13577] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  253.010399][T13577] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  253.015984][T13577] 42001 total pagecache pages
[  253.018011][T13577] 0 pages in swap cache
[  253.019775][T13577] Free swap  = 124996kB
[  253.021400][T13577] Total swap = 124996kB
[  253.023046][T13577] 786301 pages RAM
[  253.024276][T13577] 0 pages HighMem/MovableOnly
[  253.025863][T13577] 240368 pages reserved
[  253.027199][T13577] 0 pages cma reserved
[  253.377867][T13593] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2296'.
[  253.407822][T13596] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  253.467011][T13598] openvswitch: netlink: Actions may not be safe on all matching packets
[  255.252165][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  255.256116][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  256.008250][T13609] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2299'.
[  256.866340][T13618] netlink: 'syz.0.2302': attribute type 13 has an invalid length.
[  256.869028][T13618] netlink: 'syz.0.2302': attribute type 17 has an invalid length.
[  256.964859][T13621] bridge0: port 4(erspan0) entered blocking state
[  256.967035][T13621] bridge0: port 4(erspan0) entered disabled state
[  256.969176][T13621] erspan0: entered allmulticast mode
[  256.971864][T13621] erspan0: left allmulticast mode
[  257.737086][T13624] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2304'.
[  257.821204][T13626] bridge4: entered promiscuous mode
[  257.823428][T13626] bridge4: entered allmulticast mode
[  257.828282][T13626] team0: Port device bridge4 added
[  257.838801][T13626] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2305'.
[  257.913848][T13626] team0 (unregistering): Port device bridge3 removed
[  257.919515][T13626] team0 (unregistering): Port device bridge4 removed
[  258.657300][T13635] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2307'.
[  258.686480][T13640] netlink: 'syz.2.2308': attribute type 10 has an invalid length.
[  258.689402][T13640] veth0_vlan: left promiscuous mode
[  258.691871][T13640] veth0_vlan: entered promiscuous mode
[  258.698608][T13640] team0: Device veth0_vlan failed to register rx_handler
[  258.784988][T13644] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  258.927242][T13650] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  260.538600][T13670] netlink: 'syz.0.2316': attribute type 10 has an invalid length.
[  260.596485][T13672] bridge0: port 1(vlan0) entered blocking state
[  260.599310][T13672] bridge0: port 1(vlan0) entered disabled state
[  260.602722][T13672] vlan0: entered allmulticast mode
[  260.605019][T13672] dummy0: entered allmulticast mode
[  260.609216][T13672] vlan0: entered promiscuous mode
[  260.611470][T13672] dummy0: entered promiscuous mode
[  260.616133][T13672] bridge0: port 1(vlan0) entered blocking state
[  260.618537][T13672] bridge0: port 1(vlan0) entered listening state
[  262.424835][T13693] netlink: 'syz.2.2323': attribute type 10 has an invalid length.
[  262.428410][T13693] veth0_vlan: left promiscuous mode
[  262.431698][T13693] veth0_vlan: entered promiscuous mode
[  262.437659][T13693] team0: Device veth0_vlan failed to register rx_handler
[  262.490559][T13695] batman_adv: batadv0: Adding interface: ipvlan1
[  262.493708][T13695] batman_adv: batadv0: The MTU of interface ipvlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  262.505065][T13695] batman_adv: batadv0: Interface activated: ipvlan1
[  262.692486][ T5819] Bluetooth: hci1: command 0x0406 tx timeout
[  263.148650][T13718] bridge0: port 2(batadv_slave_0) entered blocking state
[  263.185198][T13718] bridge0: port 2(batadv_slave_0) entered disabled state
[  263.188414][T13718] batadv_slave_0: entered allmulticast mode
[  263.192915][T13718] batadv_slave_0: entered promiscuous mode
[  263.206892][T13718] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2329'.
[  263.394874][T13722] netlink: 'syz.2.2331': attribute type 10 has an invalid length.
[  263.397938][T13722] veth0_vlan: left promiscuous mode
[  263.400391][T13722] veth0_vlan: entered promiscuous mode
[  263.404920][T13722] team0: Device veth0_vlan failed to register rx_handler
[  263.847632][T13732] netlink: 'syz.0.2334': attribute type 13 has an invalid length.
[  263.850323][T13732] netlink: 'syz.0.2334': attribute type 17 has an invalid length.
[  264.349825][T13757] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2342'.
[  264.356614][T13757] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2342'.
[  264.387650][T13762] netlink: 'syz.0.2343': attribute type 10 has an invalid length.
[  265.430182][T13786] netlink: 'syz.2.2351': attribute type 10 has an invalid length.
[  265.436126][T13786] veth0_vlan: left promiscuous mode
[  265.439388][T13786] veth0_vlan: entered promiscuous mode
[  265.444120][T13786] team0: Device veth0_vlan failed to register rx_handler
[  267.009701][T13799] netlink: 410 bytes leftover after parsing attributes in process `syz.0.2356'.
[  267.423601][T13813] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2360'.
[  267.496971][T13814] IPVS: persistence engine module ip_vs_pe_ not found
[  267.967866][T13819] netlink: 'syz.0.2362': attribute type 10 has an invalid length.
[  268.032307][   T33] audit: type=1800 audit(1751648293.536:30): pid=13823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2364" name="blkio.bfq.time_recursive" dev="tmpfs" ino=4184 res=0 errno=0
[  268.043524][T13823] netlink: 'syz.0.2364': attribute type 1 has an invalid length.
[  268.046303][T13823] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2364'.
[  268.050182][   T33] audit: type=1800 audit(1751648293.556:31): pid=13823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2364" name="blkio.bfq.time_recursive" dev="tmpfs" ino=4184 res=0 errno=0
[  268.097985][T13825] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[  268.363709][T13828] tipc: Enabled bearer <eth:ipvlan1>, priority 17
[  269.092497][ T5819] Bluetooth: hci1: command 0x0406 tx timeout
[  269.245507][T13838] netlink: 'syz.2.2369': attribute type 5 has an invalid length.
[  269.248236][T13838] netlink: 'syz.2.2369': attribute type 7 has an invalid length.
[  269.255879][T13838] : entered promiscuous mode
[  269.282405][T13840] netlink: 'syz.2.2370': attribute type 10 has an invalid length.
[  269.285210][T13840] veth0_vlan: left promiscuous mode
[  269.287571][T13840] veth0_vlan: entered promiscuous mode
[  269.290552][T13840] team0: Device veth0_vlan failed to register rx_handler
[  269.297214][T13840] tipc: Resetting bearer <eth:ipvlan1>
[  269.324110][T13842] netlink: 'syz.2.2371': attribute type 1 has an invalid length.
[  269.326886][T13842] netlink: 184 bytes leftover after parsing attributes in process `syz.2.2371'.
[  269.443413][ T5812] tipc: Node number set to 3438291484
[  269.509071][T13849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2374'.
[  269.512396][T13849] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2374'.
[  269.515875][T13849] netlink: 'syz.2.2374': attribute type 1 has an invalid length.
[  269.518919][T13849] netlink: 10 bytes leftover after parsing attributes in process `syz.2.2374'.
[  269.552417][T13849] nbd: socks must be embedded in a SOCK_ITEM attr
[  269.554656][T13849] block nbd1: shutting down sockets
[  269.814827][   T33] audit: type=1800 audit(1751648295.326:32): pid=13852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2375" name="cgroup.controllers" dev="tmpfs" ino=4340 res=0 errno=0
[  271.424723][T13882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2385'.
[  271.428224][T13882] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2385'.
[  271.431635][T13882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2385'.
[  271.436019][T13882] netlink: 536 bytes leftover after parsing attributes in process `syz.2.2385'.
[  271.440136][T13882] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2385'.
[  271.865391][T13894] netlink: 'syz.0.2388': attribute type 21 has an invalid length.
[  271.868711][T13894] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2388'.
[  271.874328][T13894] netlink: 'syz.0.2388': attribute type 4 has an invalid length.
[  271.877448][T13894] netlink: 'syz.0.2388': attribute type 5 has an invalid length.
[  273.906658][T13936] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check.
[  274.724876][T13941] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  276.523190][T13987] __nla_validate_parse: 3 callbacks suppressed
[  276.523206][T13987] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2414'.
[  277.445656][   T33] audit: type=1804 audit(1751648302.956:33): pid=13995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2416" name="/newroot/828/memory.events" dev="tmpfs" ino=4301 res=1 errno=0
[  277.462226][   T33] audit: type=1800 audit(1751648302.956:34): pid=13995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2416" name="memory.events" dev="tmpfs" ino=4301 res=0 errno=0
[  277.884888][T13998] batman_adv: batadv0: Interface deactivated: dummy0
[  277.900753][T13998] batman_adv: batadv0: Removing interface: dummy0
[  280.692195][ T5817] Bluetooth: hci1: command 0x0406 tx timeout
[  281.073676][ T5842] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.126812][ T5842] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.179830][ T5842] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.232554][ T5842] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.278211][ T5819] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  281.281636][ T5819] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  281.284762][ T5819] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  281.288911][ T5819] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  281.291539][ T5819] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  281.336807][ T5842] bridge_slave_1: left allmulticast mode
[  281.338969][ T5842] bridge_slave_1: left promiscuous mode
[  281.341577][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[  281.348862][ T5842] bridge_slave_0: left allmulticast mode
[  281.350718][ T5842] bridge_slave_0: left promiscuous mode
[  281.353198][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[  281.628186][ T5842] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  281.634286][ T5842] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  281.637892][ T5842] bond0 (unregistering): Released all slaves
[  281.776934][T14076] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input138
[  282.002765][T14084] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2443'.
[  282.006669][T14084] netlink: 'syz.0.2443': attribute type 39 has an invalid length.
[  282.313381][T14061] chnl_net:caif_netlink_parms(): no params data found
[  282.330850][T14098] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2446'.
[  282.337553][T14098] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2446'.
[  282.345150][T14098] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2446'.
[  282.354148][ T5842] hsr_slave_0: left promiscuous mode
[  282.356435][ T5842] hsr_slave_1: left promiscuous mode
[  282.358613][ T5842] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  282.361349][ T5842] batman_adv: batadv0: Removing interface: batadv_slave_0
[  282.367161][ T5842] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  282.369871][ T5842] batman_adv: batadv0: Removing interface: batadv_slave_1
[  282.391926][ T5842] veth1_macvtap: left promiscuous mode
[  282.395044][ T5842] veth0_macvtap: left promiscuous mode
[  282.398500][ T5842] veth1_vlan: left promiscuous mode
[  282.401005][ T5842] veth0_vlan: left promiscuous mode
[  282.579910][   T33] audit: type=1800 audit(1751648308.086:35): pid=14097 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2448" name="cgroup.controllers" dev="tmpfs" ino=4520 res=0 errno=0
[  282.787378][ T5842] team0 (unregistering): Port device team_slave_1 removed
[  282.810577][ T5842] team0 (unregistering): Port device team_slave_0 removed
[  283.191833][T14061] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.203868][T14061] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.206907][T14061] bridge_slave_0: entered allmulticast mode
[  283.223801][T14061] bridge_slave_0: entered promiscuous mode
[  283.230556][T14061] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.239437][T14061] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.244114][T14061] bridge_slave_1: entered allmulticast mode
[  283.248575][T14061] bridge_slave_1: entered promiscuous mode
[  283.299761][T14061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  283.307502][T14111] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2450'.
[  283.313829][T14111] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2450'.
[  283.318394][T14111] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2450'.
[  283.326567][T14061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  283.342681][   T54] Bluetooth: hci2: command tx timeout
[  283.385717][T14061] team0: Port device team_slave_0 added
[  283.390754][T14061] team0: Port device team_slave_1 added
[  283.422702][T14061] batman_adv: batadv0: Adding interface: batadv_slave_0
[  283.424920][T14061] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  283.434359][T14061] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  283.441694][T14061] batman_adv: batadv0: Adding interface: batadv_slave_1
[  283.445636][T14061] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  283.454818][T14061] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  283.484262][T14061] hsr_slave_0: entered promiscuous mode
[  283.486718][T14061] hsr_slave_1: entered promiscuous mode
[  283.814438][T14061] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  283.819106][T14061] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  283.824274][T14061] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  283.829481][T14061] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  283.849666][T14061] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.852185][T14061] bridge0: port 2(bridge_slave_1) entered forwarding state
[  283.854858][T14061] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.857192][T14061] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.893772][T14061] 8021q: adding VLAN 0 to HW filter on device bond0
[  283.903435][ T3594] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.907169][ T3594] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.918963][T14061] 8021q: adding VLAN 0 to HW filter on device team0
[  283.927938][ T3594] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.930918][ T3594] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.943320][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.945673][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  284.080434][T14061] 8021q: adding VLAN 0 to HW filter on device batadv0
[  284.115840][T14061] veth0_vlan: entered promiscuous mode
[  284.123545][T14061] veth1_vlan: entered promiscuous mode
[  284.149080][T14061] veth0_macvtap: entered promiscuous mode
[  284.155763][T14061] veth1_macvtap: entered promiscuous mode
[  284.171762][T14061] batman_adv: batadv0: Interface activated: batadv_slave_0
[  284.178278][T14061] batman_adv: batadv0: Interface activated: batadv_slave_1
[  284.187004][T14061] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  284.190124][T14061] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  284.194161][T14061] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  284.197033][T14061] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  284.283498][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  284.285912][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  284.316047][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  284.319275][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  284.418281][T14137] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2455'.
[  286.065942][T14156] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2462'.
[  286.118138][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.390402][ T5819] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  286.397959][ T5819] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  286.401205][ T5819] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  286.404820][ T5819] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  286.407842][ T5819] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  286.523610][T14171] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input139
[  286.583213][T14174] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2466'.
[  286.720064][T14182] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input140
[  286.801098][T14162] chnl_net:caif_netlink_parms(): no params data found
[  286.852426][T14162] bridge0: port 1(bridge_slave_0) entered blocking state
[  286.854853][T14162] bridge0: port 1(bridge_slave_0) entered disabled state
[  286.857355][T14162] bridge_slave_0: entered allmulticast mode
[  286.860082][T14162] bridge_slave_0: entered promiscuous mode
[  286.864464][T14162] bridge0: port 2(bridge_slave_1) entered blocking state
[  286.866837][T14162] bridge0: port 2(bridge_slave_1) entered disabled state
[  286.869234][T14162] bridge_slave_1: entered allmulticast mode
[  286.872293][T14162] bridge_slave_1: entered promiscuous mode
[  286.908586][T14162] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  286.914483][T14162] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  286.938230][T14162] team0: Port device team_slave_0 added
[  286.941893][T14162] team0: Port device team_slave_1 added
[  286.960612][T14162] batman_adv: batadv0: Adding interface: batadv_slave_0
[  286.963373][T14162] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  286.971526][T14162] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  286.976625][T14162] batman_adv: batadv0: Adding interface: batadv_slave_1
[  286.979237][T14162] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  286.989019][T14162] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  287.021294][T14162] hsr_slave_0: entered promiscuous mode
[  287.024017][T14162] hsr_slave_1: entered promiscuous mode
[  287.026530][T14162] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  287.029353][T14162] Cannot create hsr debugfs directory
[  287.130775][T14196] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2471'.
[  287.134691][T14196] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2471'.
[  287.254766][T14200] netlink: 'syz.0.2473': attribute type 10 has an invalid length.
[  287.310234][T14204] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input141
[  287.474454][T14212] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input142
[  287.742276][T14229] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2484'.
[  287.781940][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.808076][T14234] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input143
[  287.848537][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.911593][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.007135][   T12] bridge_slave_1: left allmulticast mode
[  288.009076][   T12] bridge_slave_1: left promiscuous mode
[  288.011070][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  288.016198][   T12] bridge_slave_0: left allmulticast mode
[  288.018130][   T12] bridge_slave_0: left promiscuous mode
[  288.020041][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  288.274128][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  288.278817][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  288.283125][   T12] bond0 (unregistering): Released all slaves
[  288.355890][T14254] netlink: 'syz.2.2490': attribute type 1 has an invalid length.
[  288.360016][T14254] netlink: 244 bytes leftover after parsing attributes in process `syz.2.2490'.
[  288.453843][   T54] Bluetooth: hci2: command tx timeout
[  288.665076][T14258] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2491'.
[  288.751538][T14260] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2492'.
[  288.763403][T14162] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  288.777769][T14162] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  288.798272][T14162] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  288.818053][T14162] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  288.829479][T14265] netlink: 'syz.0.2493': attribute type 5 has an invalid length.
[  288.833123][   T12] hsr_slave_0: left promiscuous mode
[  288.836978][   T12] hsr_slave_1: left promiscuous mode
[  288.839125][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  288.841607][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  288.845013][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  288.847565][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  288.861361][   T12] veth1_macvtap: left promiscuous mode
[  288.865470][   T12] veth0_macvtap: left promiscuous mode
[  288.868264][   T12] veth1_vlan: left promiscuous mode
[  288.870098][   T12] veth0_vlan: left promiscuous mode
[  289.166820][   T12] team0 (unregistering): Port device team_slave_1 removed
[  289.201277][   T12] team0 (unregistering): Port device team_slave_0 removed
[  289.266843][ T5865] hid-generic 0005:16C0:5505.004B: unknown main item tag 0x0
[  289.269810][ T5865] hid-generic 0005:16C0:5505.004B: unknown main item tag 0x0
[  289.289356][ T5865] hid-generic 0005:16C0:5505.004B: unknown main item tag 0x0
[  289.299458][ T5865] hid-generic 0005:16C0:5505.004B: unknown main item tag 0x0
[  289.304297][ T5865] hid-generic 0005:16C0:5505.004B: unknown main item tag 0x0
[  289.307433][ T5865] hid-generic 0005:16C0:5505.004B: unknown main item tag 0x0
[  289.310559][ T5865] hid-generic 0005:16C0:5505.004B: unknown main item tag 0x3
[  289.314334][ T5865] hid-generic 0005:16C0:5505.004B: item fetching failed at offset 17/19
[  289.325475][ T5865] hid-generic 0005:16C0:5505.004B: probe with driver hid-generic failed with error -22
[  289.394328][T14271] netlink: 'syz.2.2495': attribute type 13 has an invalid length.
[  289.397359][T14271] netlink: 'syz.2.2495': attribute type 17 has an invalid length.
[  289.400558][T14271] netlink: 'syz.2.2495': attribute type 27 has an invalid length.
[  289.629944][T14282] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input144
[  289.636367][T14162] 8021q: adding VLAN 0 to HW filter on device bond0
[  289.683834][T14162] 8021q: adding VLAN 0 to HW filter on device team0
[  289.694404][ T8505] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.696729][ T8505] bridge0: port 1(bridge_slave_0) entered forwarding state
[  289.715766][ T8505] bridge0: port 2(bridge_slave_1) entered blocking state
[  289.718443][ T8505] bridge0: port 2(bridge_slave_1) entered forwarding state
[  289.778006][T14292] netlink: 176 bytes leftover after parsing attributes in process `syz.0.2499'.
[  289.873453][T14162] 8021q: adding VLAN 0 to HW filter on device batadv0
[  289.906832][T14162] veth0_vlan: entered promiscuous mode
[  289.915335][T14162] veth1_vlan: entered promiscuous mode
[  289.938100][T14162] veth0_macvtap: entered promiscuous mode
[  289.943756][T14162] veth1_macvtap: entered promiscuous mode
[  289.948710][T14306] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2504'.
[  289.957121][T14162] batman_adv: batadv0: Interface activated: batadv_slave_0
[  289.963902][T14162] batman_adv: batadv0: Interface activated: batadv_slave_1
[  289.975253][T14162] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  289.978885][T14162] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  289.984306][T14162] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  289.987783][T14162] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  290.049127][T14308] netlink: 'syz.2.2502': attribute type 8 has an invalid length.
[  290.069927][ T8505] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  290.078202][ T8505] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  290.108210][ T8505] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  290.113253][ T8505] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  290.267156][T14325] netlink: 'syz.2.2509': attribute type 10 has an invalid length.
[  290.270777][T14325] veth0_vlan: left promiscuous mode
[  290.278923][T14325] veth0_vlan: entered promiscuous mode
[  290.284399][T14325] team0: Device veth0_vlan failed to register rx_handler
[  290.299046][T14325] tipc: Resetting bearer <eth:ipvlan1>
[  290.309444][T14326] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2510'.
[  291.094174][    C0] bridge0: port 1(vlan0) entered learning state
[  291.256451][T14349] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2518'.
[  291.798698][T14364] nbd: socks must be embedded in a SOCK_ITEM attr
[  292.160863][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.591795][ T5819] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  292.596308][ T5819] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  292.600473][ T5819] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  292.605734][ T5819] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  292.609166][ T5819] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  292.924105][T14380] chnl_net:caif_netlink_parms(): no params data found
[  292.974795][T14380] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.977957][T14380] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.980532][T14380] bridge_slave_0: entered allmulticast mode
[  292.984632][T14380] bridge_slave_0: entered promiscuous mode
[  292.988371][T14380] bridge0: port 2(bridge_slave_1) entered blocking state
[  292.990750][T14380] bridge0: port 2(bridge_slave_1) entered disabled state
[  292.996315][T14380] bridge_slave_1: entered allmulticast mode
[  292.999281][T14380] bridge_slave_1: entered promiscuous mode
[  293.021051][T14380] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  293.025840][T14380] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  293.049971][T14380] team0: Port device team_slave_0 added
[  293.054783][T14380] team0: Port device team_slave_1 added
[  293.077085][T14380] batman_adv: batadv0: Adding interface: batadv_slave_0
[  293.079562][T14380] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  293.089026][T14380] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  293.094542][T14380] batman_adv: batadv0: Adding interface: batadv_slave_1
[  293.096834][T14380] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  293.106452][T14380] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  293.136371][T14380] hsr_slave_0: entered promiscuous mode
[  293.139039][T14380] hsr_slave_1: entered promiscuous mode
[  293.391276][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.450569][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.508563][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.607231][T14406] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input145
[  293.645277][   T12] bridge_slave_1: left allmulticast mode
[  293.647662][   T12] bridge_slave_1: left promiscuous mode
[  293.650351][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.668257][   T12] bridge_slave_0: left allmulticast mode
[  293.670313][   T12] bridge_slave_0: left promiscuous mode
[  293.673553][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.941479][T14414] __nla_validate_parse: 5 callbacks suppressed
[  293.941496][T14414] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2538'.
[  293.996390][T14415] syz.2.2538: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  294.001213][T14415] CPU: 0 UID: 0 PID: 14415 Comm: syz.2.2538 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  294.001226][T14415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  294.001231][T14415] Call Trace:
[  294.001236][T14415]  <TASK>
[  294.001241][T14415]  dump_stack_lvl+0x189/0x250
[  294.001257][T14415]  ? __pfx_dump_stack_lvl+0x10/0x10
[  294.001270][T14415]  ? __pfx__printk+0x10/0x10
[  294.001278][T14415]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  294.001288][T14415]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  294.001297][T14415]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  294.001306][T14415]  warn_alloc+0x214/0x310
[  294.001315][T14415]  ? stack_depot_save_flags+0x40/0x900
[  294.001326][T14415]  ? __pfx_warn_alloc+0x10/0x10
[  294.001335][T14415]  ? kasan_save_track+0x4f/0x80
[  294.001345][T14415]  ? xskq_create+0x56/0x170
[  294.001355][T14415]  ? xsk_init_queue+0xb0/0x110
[  294.001379][T14415]  ? xsk_setsockopt+0x43f/0x710
[  294.001390][T14415]  ? do_sock_setsockopt+0x25a/0x3e0
[  294.001398][T14415]  ? __x64_sys_setsockopt+0x18b/0x220
[  294.001406][T14415]  ? do_syscall_64+0xfa/0x3b0
[  294.001412][T14415]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.001423][T14415]  __vmalloc_node_range_noprof+0x125/0x12f0
[  294.001443][T14415]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  294.001454][T14415]  ? __kasan_kmalloc+0x93/0xb0
[  294.001463][T14415]  vmalloc_user_noprof+0xad/0xf0
[  294.001472][T14415]  ? xskq_create+0xbf/0x170
[  294.001483][T14415]  xskq_create+0xbf/0x170
[  294.001494][T14415]  xsk_init_queue+0xb0/0x110
[  294.001505][T14415]  xsk_setsockopt+0x43f/0x710
[  294.001515][T14415]  ? __pfx_xsk_setsockopt+0x10/0x10
[  294.001524][T14415]  ? __lock_acquire+0xab9/0xd20
[  294.001538][T14415]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  294.001547][T14415]  ? __pfx_xsk_setsockopt+0x10/0x10
[  294.001556][T14415]  do_sock_setsockopt+0x25a/0x3e0
[  294.001566][T14415]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  294.001582][T14415]  ? __fget_files+0x2a/0x420
[  294.001594][T14415]  __x64_sys_setsockopt+0x18b/0x220
[  294.001605][T14415]  do_syscall_64+0xfa/0x3b0
[  294.001611][T14415]  ? lockdep_hardirqs_on+0x9c/0x150
[  294.001622][T14415]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.001630][T14415]  ? exc_page_fault+0x9f/0xf0
[  294.001641][T14415]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.001648][T14415] RIP: 0033:0x7f1b5398e929
[  294.001657][T14415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  294.001664][T14415] RSP: 002b:00007f1b5471a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  294.001673][T14415] RAX: ffffffffffffffda RBX: 00007f1b53bb6160 RCX: 00007f1b5398e929
[  294.001678][T14415] RDX: 0000000000000006 RSI: 000000000000011b RDI: 000000000000000a
[  294.001682][T14415] RBP: 00007f1b53a10b39 R08: 0000000000000004 R09: 0000000000000000
[  294.001687][T14415] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  294.001691][T14415] R13: 0000000000000000 R14: 00007f1b53bb6160 R15: 00007fff38ae6f98
[  294.001703][T14415]  </TASK>
[  294.022933][T14415] Mem-Info:
[  294.032321][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  294.036415][T14415] active_anon:4590 inactive_anon:0 isolated_anon:0
[  294.036415][T14415]  active_file:1292 inactive_file:38308 isolated_file:0
[  294.036415][T14415]  unevictable:1768 dirty:68 writeback:0
[  294.036415][T14415]  slab_reclaimable:9927 slab_unreclaimable:112056
[  294.036415][T14415]  mapped:18118 shmem:2421 pagetables:881
[  294.036415][T14415]  sec_pagetables:0 bounce:0
[  294.036415][T14415]  kernel_misc_reclaimable:0
[  294.036415][T14415]  free:224399 free_pcp:22913 free_cma:0
[  294.155224][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  294.155431][T14415] Node 0 active_anon:11316kB inactive_anon:0kB active_file:3512kB inactive_file:18240kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36532kB dirty:104kB writeback:0kB shmem:4828kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:6268kB pagetables:1964kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  294.172698][T14415] Node 1 active_anon:7044kB inactive_anon:0kB active_file:1656kB inactive_file:134992kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:44100kB dirty:168kB writeback:0kB shmem:4856kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:6288kB pagetables:1560kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  294.174999][   T12] bond0 (unregistering): Released all slaves
[  294.187514][T14415] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  294.200828][T14415] lowmem_reserve[]: 0 815 815 815 815
[  294.203725][T14415] Node 0 DMA32 free:299652kB boost:0kB min:33716kB low:42144kB high:50572kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11316kB inactive_anon:0kB active_file:3512kB inactive_file:18240kB unevictable:3536kB writepending:104kB present:1556484kB managed:834740kB mlocked:0kB bounce:0kB free_pcp:41288kB local_pcp:20244kB free_cma:0kB
[  294.233242][T14415] lowmem_reserve[]: 0 0 0 0 0
[  294.235903][T14415] Node 1 DMA32 free:458616kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  294.257567][T14415] lowmem_reserve[]: 0 0 854 854 854
[  294.266539][T14415] Node 1 Normal free:123968kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:6908kB inactive_anon:0kB active_file:1656kB inactive_file:134992kB unevictable:3536kB writepending:168kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:51856kB local_pcp:22228kB free_cma:0kB
[  294.287307][T14415] lowmem_reserve[]: 0 0 0 0 0
[  294.294842][T14415] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  294.309618][T14415] Node 0 DMA32: 389*4kB (UM) 462*8kB (UME) 676*16kB (UME) 250*32kB (UM) 262*64kB (UME) 132*128kB (UME) 35*256kB (UME) 15*512kB (UM) 12*1024kB (UME) 6*2048kB (UM) 49*4096kB (UM) = 299652kB
[  294.317716][T14415] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  294.323978][T14415] Node 1 Normal: 2*4kB (UE) 251*8kB (ME) 178*16kB (ME) 88*32kB (ME) 69*64kB (ME) 62*128kB (UM) 64*256kB (UM) 23*512kB (UME) 22*1024kB (UME) 6*2048kB (UM) 10*4096kB (UM) = 123968kB
[  294.330769][T14415] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  294.335010][T14415] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  294.338355][T14415] 42021 total pagecache pages
[  294.340056][T14415] 0 pages in swap cache
[  294.342779][T14415] Free swap  = 124996kB
[  294.344284][T14415] Total swap = 124996kB
[  294.346365][T14415] 786301 pages RAM
[  294.348156][T14415] 0 pages HighMem/MovableOnly
[  294.350289][T14415] 240368 pages reserved
[  294.353776][T14415] 0 pages cma reserved
[  294.447550][T14420] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input146
[  294.586883][T14429] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input147
[  294.692890][   T54] Bluetooth: hci2: command tx timeout
[  294.800880][T14380] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  294.811042][T14380] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  294.841050][T14380] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  294.866047][T14380] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  294.930780][   T12] hsr_slave_0: left promiscuous mode
[  294.942960][   T12] hsr_slave_1: left promiscuous mode
[  294.953985][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  294.956399][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  294.959867][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  294.962620][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  294.974769][   T12] veth1_macvtap: left promiscuous mode
[  294.974897][T14444] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2543'.
[  294.976599][   T12] veth0_macvtap: left promiscuous mode
[  294.982512][   T12] veth1_vlan: left promiscuous mode
[  294.984445][   T12] veth0_vlan: left promiscuous mode
[  295.310431][   T12] team0 (unregistering): Port device team_slave_1 removed
[  295.350472][   T12] team0 (unregistering): Port device team_slave_0 removed
[  295.700247][T14380] 8021q: adding VLAN 0 to HW filter on device bond0
[  295.711949][T14380] 8021q: adding VLAN 0 to HW filter on device team0
[  295.720586][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[  295.723179][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[  295.738693][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[  295.741244][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[  295.869049][T14380] 8021q: adding VLAN 0 to HW filter on device batadv0
[  295.907021][T14380] veth0_vlan: entered promiscuous mode
[  295.916362][T14380] veth1_vlan: entered promiscuous mode
[  295.937727][T14380] veth0_macvtap: entered promiscuous mode
[  295.949503][T14380] veth1_macvtap: entered promiscuous mode
[  295.962843][T14380] batman_adv: batadv0: Interface activated: batadv_slave_0
[  295.977082][T14380] batman_adv: batadv0: Interface activated: batadv_slave_1
[  295.983696][T14380] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  295.986652][T14380] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  295.986740][ T5865] hid-generic 0005:16BF:5505.004C: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  295.989398][T14380] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  296.001800][T14380] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  296.083127][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  296.086013][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  296.087533][T14482] openvswitch: netlink: Actions may not be safe on all matching packets
[  296.115787][ T1119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  296.118371][ T1119] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  296.145393][    T9] hid-generic 0005:16BF:5505.004D: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  296.154402][T14487] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2555'.
[  296.179860][    T9] hid-generic 0005:046D:FFF9.004E: item fetching failed at offset 0/1
[  296.187910][    T9] hid-generic 0005:046D:FFF9.004E: probe with driver hid-generic failed with error -22
[  296.198703][T14488] ==================================================================
[  296.202191][T14488] BUG: KASAN: slab-use-after-free in __mutex_lock+0x738/0xe80
[  296.205191][T14488] Read of size 8 at addr ffff8881208800a0 by task khidpd_046dfff9/14488
[  296.209396][T14488] 
[  296.210419][T14488] CPU: 1 UID: 0 PID: 14488 Comm: khidpd_046dfff9 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  296.210435][T14488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  296.210442][T14488] Call Trace:
[  296.210448][T14488]  <TASK>
[  296.210454][T14488]  dump_stack_lvl+0x189/0x250
[  296.210474][T14488]  ? __virt_addr_valid+0x1c8/0x5c0
[  296.210486][T14488]  ? rcu_is_watching+0x15/0xb0
[  296.210503][T14488]  ? __kasan_check_byte+0x12/0x40
[  296.210514][T14488]  ? __pfx_dump_stack_lvl+0x10/0x10
[  296.210531][T14488]  ? rcu_is_watching+0x15/0xb0
[  296.210547][T14488]  ? lock_release+0x4b/0x3e0
[  296.210562][T14488]  ? __virt_addr_valid+0x1c8/0x5c0
[  296.210573][T14488]  ? __virt_addr_valid+0x4a5/0x5c0
[  296.210584][T14488]  print_report+0xd2/0x2b0
[  296.210599][T14488]  ? __mutex_lock+0x738/0xe80
[  296.210614][T14488]  kasan_report+0x118/0x150
[  296.210625][T14488]  ? __mutex_lock+0x738/0xe80
[  296.210643][T14488]  __mutex_lock+0x738/0xe80
[  296.210659][T14488]  ? __mutex_lock+0x51b/0xe80
[  296.210675][T14488]  ? l2cap_unregister_user+0x6a/0x1b0
[  296.210692][T14488]  ? __pfx___mutex_lock+0x10/0x10
[  296.210716][T14488]  ? __pfx___timer_delete_sync+0x10/0x10
[  296.210731][T14488]  l2cap_unregister_user+0x6a/0x1b0
[  296.210748][T14488]  hidp_session_thread+0x3c9/0x410
[  296.210767][T14488]  ? __pfx_hidp_session_thread+0x10/0x10
[  296.210783][T14488]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  296.210796][T14488]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  296.210812][T14488]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  296.210827][T14488]  ? __kthread_parkme+0x7b/0x200
[  296.210838][T14488]  ? __kthread_parkme+0x1a1/0x200
[  296.210850][T14488]  kthread+0x711/0x8a0
[  296.210863][T14488]  ? __pfx_hidp_session_thread+0x10/0x10
[  296.210878][T14488]  ? __pfx_kthread+0x10/0x10
[  296.210890][T14488]  ? _raw_spin_unlock_irq+0x23/0x50
[  296.210903][T14488]  ? lockdep_hardirqs_on+0x9c/0x150
[  296.210918][T14488]  ? __pfx_kthread+0x10/0x10
[  296.210930][T14488]  ret_from_fork+0x3fc/0x770
[  296.210946][T14488]  ? __pfx_ret_from_fork+0x10/0x10
[  296.210962][T14488]  ? __switch_to_asm+0x39/0x70
[  296.210974][T14488]  ? __switch_to_asm+0x33/0x70
[  296.210984][T14488]  ? __pfx_kthread+0x10/0x10
[  296.210996][T14488]  ret_from_fork_asm+0x1a/0x30
[  296.211012][T14488]  </TASK>
[  296.211016][T14488] 
[  296.295088][T14488] Allocated by task 14380:
[  296.296783][T14488]  kasan_save_track+0x3e/0x80
[  296.298464][T14488]  __kasan_kmalloc+0x93/0xb0
[  296.299972][T14488]  __kmalloc_noprof+0x27a/0x4f0
[  296.301548][T14488]  hci_alloc_dev_priv+0x28/0x2040
[  296.303223][T14488]  vhci_create_device+0x120/0x6e0
[  296.304918][T14488]  vhci_write+0x3ce/0x4a0
[  296.306426][T14488]  vfs_write+0x54b/0xa90
[  296.307978][T14488]  ksys_write+0x145/0x250
[  296.309426][T14488]  do_syscall_64+0xfa/0x3b0
[  296.311019][T14488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.313081][T14488] 
[  296.313911][T14488] Freed by task 14380:
[  296.315294][T14488]  kasan_save_track+0x3e/0x80
[  296.317126][T14488]  kasan_save_free_info+0x46/0x50
[  296.318822][T14488]  __kasan_slab_free+0x62/0x70
[  296.320352][T14488]  kfree+0x18e/0x440
[  296.321582][T14488]  bt_host_release+0x82/0x90
[  296.323119][T14488]  device_release+0x9c/0x1c0
[  296.324682][T14488]  kobject_put+0x22b/0x480
[  296.326193][T14488]  vhci_release+0x88/0xd0
[  296.327662][T14488]  __fput+0x44c/0xa70
[  296.329027][T14488]  task_work_run+0x1d4/0x260
[  296.330637][T14488]  do_exit+0x6b5/0x22e0
[  296.332023][T14488]  do_group_exit+0x21c/0x2d0
[  296.333539][T14488]  __x64_sys_exit_group+0x3f/0x40
[  296.335175][T14488]  x64_sys_call+0x21ba/0x21c0
[  296.336662][T14488]  do_syscall_64+0xfa/0x3b0
[  296.338223][T14488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.340084][T14488] 
[  296.340863][T14488] Last potentially related work creation:
[  296.342719][T14488]  kasan_save_stack+0x3e/0x60
[  296.344268][T14488]  kasan_record_aux_stack+0xbd/0xd0
[  296.346338][T14488]  insert_work+0x3d/0x330
[  296.347785][T14488]  __queue_work+0xbd9/0xfe0
[  296.349236][T14488]  queue_work_on+0x181/0x270
[  296.350776][T14488]  process_scheduled_works+0xae1/0x17b0
[  296.352587][T14488]  worker_thread+0x8a0/0xda0
[  296.354054][T14488]  kthread+0x711/0x8a0
[  296.355456][T14488]  ret_from_fork+0x3fc/0x770
[  296.356986][T14488]  ret_from_fork_asm+0x1a/0x30
[  296.358573][T14488] 
[  296.359362][T14488] Second to last potentially related work creation:
[  296.361478][T14488]  kasan_save_stack+0x3e/0x60
[  296.362997][T14488]  kasan_record_aux_stack+0xbd/0xd0
[  296.364714][T14488]  insert_work+0x3d/0x330
[  296.366501][T14488]  __queue_work+0xcfc/0xfe0
[  296.368427][T14488]  call_timer_fn+0x17e/0x5f0
[  296.370188][T14488]  __run_timer_base+0x646/0x860
[  296.371794][T14488]  run_timer_softirq+0xb7/0x180
[  296.373614][T14488]  handle_softirqs+0x286/0x870
[  296.375272][T14488]  __irq_exit_rcu+0xca/0x1f0
[  296.377032][T14488]  irq_exit_rcu+0x9/0x30
[  296.378442][T14488]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  296.380465][T14488]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  296.382478][T14488] 
[  296.383307][T14488] The buggy address belongs to the object at ffff888120880000
[  296.383307][T14488]  which belongs to the cache kmalloc-8k of size 8192
[  296.388636][T14488] The buggy address is located 160 bytes inside of
[  296.388636][T14488]  freed 8192-byte region [ffff888120880000, ffff888120882000)
[  296.393601][T14488] 
[  296.394480][T14488] The buggy address belongs to the physical page:
[  296.397017][T14488] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120880
[  296.400069][T14488] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  296.403338][T14488] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  296.406146][T14488] page_type: f5(slab)
[  296.407451][T14488] raw: 057ff00000000040 ffff88801a442280 ffffea0000b98e00 0000000000000004
[  296.410108][T14488] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  296.413033][T14488] head: 057ff00000000040 ffff88801a442280 ffffea0000b98e00 0000000000000004
[  296.416194][T14488] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  296.419711][T14488] head: 057ff00000000003 ffffea0004822001 00000000ffffffff 00000000ffffffff
[  296.423179][T14488] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  296.426227][T14488] page dumped because: kasan: bad access detected
[  296.428289][T14488] page_owner tracks the page as allocated
[  296.430108][T14488] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 14069, tgid 14068 (syz.2.2439), ts 281624988896, free_ts 281393429044
[  296.436847][T14488]  post_alloc_hook+0x240/0x2a0
[  296.438886][T14488]  get_page_from_freelist+0x21e4/0x22c0
[  296.440926][T14488]  __alloc_frozen_pages_noprof+0x181/0x370
[  296.442730][T14488]  alloc_pages_mpol+0x232/0x4a0
[  296.444326][T14488]  allocate_slab+0x8a/0x3b0
[  296.445917][T14488]  ___slab_alloc+0xbfc/0x1480
[  296.447501][T14488]  __kvmalloc_node_noprof+0x429/0x5f0
[  296.449195][T14488]  xdp_umem_pin_pages+0x52/0x340
[  296.450742][T14488]  xdp_umem_create+0x677/0x8e0
[  296.452419][T14488]  xsk_setsockopt+0x62a/0x710
[  296.454009][T14488]  do_sock_setsockopt+0x25a/0x3e0
[  296.455923][T14488]  __x64_sys_setsockopt+0x18b/0x220
[  296.457709][T14488]  do_syscall_64+0xfa/0x3b0
[  296.459174][T14488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.461094][T14488] page last free pid 5865 tgid 5865 stack trace:
[  296.463097][T14488]  __free_frozen_pages+0xc71/0xe70
[  296.465238][T14488]  __slab_free+0x326/0x400
[  296.466937][T14488]  qlist_free_all+0x97/0x140
[  296.468439][T14488]  kasan_quarantine_reduce+0x148/0x160
[  296.470176][T14488]  __kasan_slab_alloc+0x22/0x80
[  296.471798][T14488]  __kmalloc_cache_noprof+0x1be/0x3d0
[  296.473801][T14488]  nsim_fib_event_work+0x835/0x3180
[  296.476028][T14488]  process_scheduled_works+0xae1/0x17b0
[  296.478283][T14488]  worker_thread+0x8a0/0xda0
[  296.480006][T14488]  kthread+0x711/0x8a0
[  296.481411][T14488]  ret_from_fork+0x3fc/0x770
[  296.482924][T14488]  ret_from_fork_asm+0x1a/0x30
[  296.484493][T14488] 
[  296.485330][T14488] Memory state around the buggy address:
[  296.487237][T14488]  ffff88812087ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  296.490506][T14488]  ffff888120880000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  296.493910][T14488] >ffff888120880080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  296.497072][T14488]                                ^
[  296.499225][T14488]  ffff888120880100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  296.502520][T14488]  ffff888120880180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  296.505437][T14488] ==================================================================
[  296.509053][T14488] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  296.511331][T14488] CPU: 1 UID: 0 PID: 14488 Comm: khidpd_046dfff9 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  296.515721][T14488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  296.519146][T14488] Call Trace:
[  296.520259][T14488]  <TASK>
[  296.521242][T14488]  dump_stack_lvl+0x99/0x250
[  296.523000][T14488]  ? __asan_memcpy+0x40/0x70
[  296.524510][T14488]  ? __pfx_dump_stack_lvl+0x10/0x10
[  296.526522][T14488]  ? __pfx__printk+0x10/0x10
[  296.528187][T14488]  panic+0x2db/0x790
[  296.529456][T14488]  ? __pfx_panic+0x10/0x10
[  296.530959][T14488]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  296.532839][T14488]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  296.534807][T14488]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  296.536994][T14488]  ? print_memory_metadata+0x314/0x400
[  296.538708][T14488]  ? __mutex_lock+0x738/0xe80
[  296.540202][T14488]  check_panic_on_warn+0x89/0xb0
[  296.541850][T14488]  ? __mutex_lock+0x738/0xe80
[  296.543802][T14488]  end_report+0x78/0x160
[  296.545603][T14488]  kasan_report+0x129/0x150
[  296.547018][T14488]  ? __mutex_lock+0x738/0xe80
[  296.548526][T14488]  __mutex_lock+0x738/0xe80
[  296.549953][T14488]  ? __mutex_lock+0x51b/0xe80
[  296.551497][T14488]  ? l2cap_unregister_user+0x6a/0x1b0
[  296.553371][T14488]  ? __pfx___mutex_lock+0x10/0x10
[  296.555344][T14488]  ? __pfx___timer_delete_sync+0x10/0x10
[  296.557114][T14488]  l2cap_unregister_user+0x6a/0x1b0
[  296.558821][T14488]  hidp_session_thread+0x3c9/0x410
[  296.560555][T14488]  ? __pfx_hidp_session_thread+0x10/0x10
[  296.562441][T14488]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  296.564467][T14488]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  296.566625][T14488]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  296.569221][T14488]  ? __kthread_parkme+0x7b/0x200
[  296.571292][T14488]  ? __kthread_parkme+0x1a1/0x200
[  296.573383][T14488]  kthread+0x711/0x8a0
[  296.575136][T14488]  ? __pfx_hidp_session_thread+0x10/0x10
[  296.577477][T14488]  ? __pfx_kthread+0x10/0x10
[  296.579362][T14488]  ? _raw_spin_unlock_irq+0x23/0x50
[  296.581498][T14488]  ? lockdep_hardirqs_on+0x9c/0x150
[  296.583595][T14488]  ? __pfx_kthread+0x10/0x10
[  296.585236][T14488]  ret_from_fork+0x3fc/0x770
[  296.586725][T14488]  ? __pfx_ret_from_fork+0x10/0x10
[  296.588495][T14488]  ? __switch_to_asm+0x39/0x70
[  296.589994][T14488]  ? __switch_to_asm+0x33/0x70
[  296.591507][T14488]  ? __pfx_kthread+0x10/0x10
[  296.592960][T14488]  ret_from_fork_asm+0x1a/0x30
[  296.594560][T14488]  </TASK>
[  296.596542][T14488] Kernel Offset: disabled
[  296.598255][T14488] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:58:41  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000003 RBX=0000000000000005 RCX=0000000000000007 RDX=0000000000000003
RSI=0000000000000003 RDI=ffff888106a11cc0 RBP=0000000000000000 RSP=ffffc9000310f238
R8 =0000000000000000 R9 =ffffffff822efbcd R10=dffffc0000000000 R11=fffff9400087c909
R12=0000000000000003 R13=0000000000000001 R14=ffff888106a128c8 R15=ffff888106a12898
RIP=ffffffff819e2a56 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555584539500 ffffffff 00c00000
GS =0000 ffff8880b8650000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c30d68c CR3=0000000028c24000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f95b8584478 00007f95b8584450 XMM03=00007f95b8584488 00007f95b8584480
XMM04=00007f95b90ed100 00007f95b8584440 XMM05=00007f95b8584458 00007f95b85844a0
XMM06=00007f95b8584498 00007f95b8584490 XMM07=00007f95b8584488 00007f95b8584480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f95b8411c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000036 RBX=0000000000000036 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002dff370
R8 =ffff888021308237 R9 =1ffff11004261046 R10=dffffc0000000000 R11=ffffffff85474610
R12=dffffc0000000000 R13=ffffffff99ac4911 R14=ffffffff99dc9760 R15=0000000000000000
RIP=ffffffff8547468c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c50000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f1b546e56c0 CR3=0000000028c24000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f1b53a11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
