last executing test programs:

8.967008179s ago: executing program 1 (id=1674):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$tipc(r0, &(0x7f00000003c0)={&(0x7f0000000180), 0x10, &(0x7f0000000380)=[{&(0x7f0000000480)="c3e972bd85a6d84136d6dd55048d3593a74f338ce6772ab9a6f64041c2f6fbbecdc08ebcd3192b6a53662dae7c8e9c665e80a5d0925f728dcac30c29793992e588952653d414cb8ccdabc38767fee819ec5af0c5ee936880fe8549b4ed347779cab4ffd4e0b62c53a1c01db28f2b3f91c34211c9353bc1dece61511917c2245fd66cb8dffeacb4d46d627c97b498bf1ff6b313bfbc9765457c831771d5eec7997ec242e4505f01c1bb3e069b2e630f42a2be86598a61", 0x64}, {&(0x7f0000000300)='V', 0x1}, {&(0x7f0000001600)="3eed50d0125719a810f88e3f47186fe4dae74182dfd109a2587c4797410c9b8e39bd3d9aa144d5908647c30c8db69b5c17084c9b1bfbb8680737c4f88abcdbc7d294d72ab1b344270915df9ddf5635644c351c22b29d948ac4106bce7107570beed63077cfbc98ef71699eae65d37724d995b553e7a3ade619b522313ab382caf879feb48942878e605ee3ee2872794e3abe22a3f025068b628a5d92468092a5cc649bbbd978b5772e537939432a502122235ced312dafd108c9ffeb0b38cc16da9418ca01d485a6afb5827da4df6e1121ec307de14bb32b6a977608e4576a998182dd93d592ff43e55bfdbbce23ecd501e43b3e93ef8d9d01711dff54c301e299d3801a3cffe6c9883fbd0e47124dc02569f62d48b878fcb58ce99fcffcd2a5166eff3ad93cf1d137274993d86a3b3730d63ded759f6ca88fa449e5575b15321e5a58a1f888eed7466db4976ce35f6d2efb5ad05d99a66482dc607cb5acb24d326803bd337519cc98103f59c63b5962cd72e4497d1b00817d6e09de70270a09b493c2226617b1c9ef9d506be00d6e07f14633a966f04ecca90fb8d2b963ad6f3817935bd6534fa3da1c5dc468789cbf1192f3c0bff3777f1edd2ada5d35f88f12f29e952c44445ce623509d66811c80a9e0f13ad85aba37d86ff0da4dda601d9e8acb264233bc939fb056316612cff687d5c44157be05bcc88b333ff2a40041d98f1acfe6e2231a84e09bd7a54a0442cf87ce3ee8fd8da39da1862862ae40fc3cb3055c8b70e62f243850707341f51426bb3e71c7a4fffefab060db786000618b05eb087a424a2f30f6a232ff44b605f70ceec0a8f70e37907f6e0bbba21e9d5b7ecb6d287742b75c101ba79525918c3473eae38f3c177249dfa8816661c9921f0b0c858d53ab87c8407b97950c842111002edd1d1e80b801b495da28bcd5409bc971e55dab1857e188ac9728efc8f9a4543945f86ade13b445eacecbbf848a96410ac37c57e3e9e8bc8b8fadd559d225c7468639da2b5d1208558b51e94c14faa7947a7c60e81a96bb5d194cc7289adbc02ebb4b49be1f1efc429db2f9b79b5a22919dba0c35341042c5776942c52365367c4bfc95b42be383cca7107161ded7e851d0126da33d581f1e2b08d0c061e86d31e7a83f9b51c79b4034c7deda7697034e1404c6e8e459f76c2efe64350146c7437ef808e04ca14df5f6f500264fd977272bbf8fc096774e8eb61d0963430751ac1425a073f84346b0eba368cba7fa34adc420800d4f99927280eba199f9695cf88124fafc3a2b1226d2f2ab3ea27c69a127650cf5c725b54c02bd8729033cf699ce7f030f9a3442056244da3cfb61a8126dba11377624f39eb009242152fd7b8b88de7dd86057f29bfcb7b7df0e65e7e9ac9eeaa41afa62743698bff03d5b2d51fb6bca2d92294e8e177cfa3661b26f1c040e9bed983b7bc0aa154eb9c92e4ee25091318c53113a1c23ac62d2d71504cba99041f29a4f332133292cf20abec9222a2acca57cac48fa6c0668ee5eecb494741a64d33b011dcca74696d4614c5b45a5d20983b1708d365ed3ffa60f9161972a611c22642c3c259b41f943f6d7a8b60f284d325e38fe76f0645e069ff70cae38850ccf973193b6232c987df26239a574691f7f07fffa6deae1eb0324fe546573c36f2a2c31cd442517a9b036ae6a2a491e7343864693c107a5dc2585820863c146c1ba6caa4fea9b87d567716f4c8ca1a9d2848055cd750512d3b7415d090019dc8a04a1a1d28931093cd8f00e94c407ca1fa2a5ce903d9df26e008c07cd13afa783220e1bd5e6b60645f3dbb6ecb4156fedafa2dd25498c6a99d94f0b38125ea7741b75109dcac9f80635f79f5c8a0483bb9f05a3a5bf721c7541edb252449f8b13e63c370a6146332f03ca1f1b6fe0bed984f13744bb7fa0fe322e83ddf9ffb2083e94f33604a0a199220c450dad94bf154805e7f9e4350ca2d81adf2978c87dcc8a8a7d56297ec124bfef0d28f35777205e973272c87e01070f14f5b14daa3b5104d9ff6b296c4f16ed49eb42d35e7ba3bccb7a26c33a263df88aadd596e9d9de0abbd4d449df11081f2cd62e1d8962b9b9feb25a3b8e03537d61a61c11ac22b7211d12c84e60a6abcc219e558b2513d8c530b3c7a57cdc47de545aafbb2a13c0e6c75b1b92fa241c713c83a09c92b2b61d565120372a9143415583c9596f27a663d4967cd653b08cebd6cb96c1f0dc80d57267ac9a8281d7149bde880828ee27d69a6818db58320db29d1b044eaf6ab8a5108bc522de406990b5393b1f7e7bab71bf6cf8eed1cd59c7607d662e8b313f5c4fce0f59b1027371381011b63dd5b2b09739082c0d62ffad96e30153a395234937d377c32fe7af82aca3a19d0ebc4a5c5fb5ff190f14d5695c703b571fb4bf03756635cafc6cf6267eab836c347a9d07e8089fc105346934cf3364e5be370b3c42b94bc5ae3d17a817398566a2953251eb91697d67278145df9a4b917bcca1bf211780b22f4caacfcb7604c84f943d05f6fdf8edbd258d7d8dbf84f9d99e57472c5b1c2337d749a1f345e662e2536d23c7a63bbbbf00f8b5b0a2106a0342ab27b9a10b82e82668cd49e0cbb09d7be0217645f1dda3be59c8232fa290d34791cda52aa5b5cec6339ab96a2eb3f5328cc7c0e6717c2824344547a2ed518f6b2b4e4fe5b684596aa6a9d3988fc5d5ff4cb46cec99d951b8386b10949a163af974b7543df97b4882a4ed60e927a1deb67c5f814235bef65fea79a2c712815be7403c93a3707fb90d4604ec3a6a3b0928f253f6ab6bd56c958e026c8c58172c4ac2a3efe2ecd5cea70c8313f9ac2d638bc296ba99e2ca86d2fd06b5402cdcddc3f3c9845d5ae77f6f36963b91e8f6cdccd17abe8d40ed02463af4bb0e496344f350097f1cc13313fa1e172b63556ed2b8a8121c01a5fb343ff7767821626fc49b0d6bd522e1c9bf137d5a5bccb4bc8dbb64c83a82ef6c2894f3896c9f6bf0c3764011d53eeb6db9ea9dae22d3ebcca4942d5828c0bca0d9ea37701d5a06c066ac4fe318e11e9c0d6c658ac810fb5d7836cfffe4ccbb0934e5567d74695980a156d4bf1c18861c5a29ccd349999dc20562d00e1f6c1851ae563541086438d60b975c8ceb466414ff60efa0b2dee790fd0659ffa98b92414c13d5a6825368f56c4984412205041cd8e006c7127d4395ecdffb5addf80ef938ce54a367154c4fc286d5f969325c12b13655a9a956dd3b98281f537e837669fc55d8930676e807aa8cd046e0f4583d59f86cb99f3f7a7ddde1fb39111fdec7677d2fee4b8f4814a5def5ebcc67c653384ce80eaffd880405f7edf8fd3ea049f040595df4a75e2f892e7a85e0ba351fb8d263bfff7168bb85017b360fcd2ba89346682a6ea7ccc46afbdb5ab444e3f477238b2ab503bde914d3cf1789539cde9c0621152cd97bff9f235d88a1ef4ea4309db3a05d401af7fb82784b050ef529dab4f1f003eb29710a962f7538c521e617e2f0efac36182d09985e1d725cc38c3833a53742a02f76fb2854a9e45f0febacf3bda83f11183ef5b9fef02ebcdf56d4104b175bad937d8f61964f97d673577cdcbbb48d8eb62b063ee6563b9ff053719baff871bcd83822d865b2f7ef023076425ac5cd71b1f2309de0c6f14cc9c4d3e8fad945f756a7c8a084ea1bfdf5ac6e740043e7f7bdaca06774b084ae314c2636529d4fdcd965c7f8c07156572620b827d694efdc9d2bfc5aa9391220a83765f2c71fcd48d4acaed60afb53d1013fa3b15e948ec4159f7d130ef85b594018346e99034c18738285223ea53a6b1d5cf11a607de2e19608ba03ec970a915b773824261f3fc931dd6d3b934d89f07baf14776314c3eeb8cd0537ef5736f565fbd14e520d4ab2f77ed9597b76ff91f8d1f99ebd6e473efda7accb273975a06944d1037032129992b994ca791a09b4d83980a1e494b0f97098df5f6fb6bbb02722adb11dc319c565c2c363cbd19d9fb3efb4613b62d6584cd53f7bd80e3e89304f444ce9dd1835661e3bb4de02ccf568a2a5daaf0d56898d4286c3fb62e22af62d7ac318685834467f337561dde2e0c1e2827cdffcf42c17728ee64b3ff4ccc0227590badd0bd7e448b8cca0892d6a5e0130d2ac665f47c6b28daa101c1b319869bdd39fa924d6d9ba7d72feda5f21ac78641c7d4801d41c7879721b3be4dab40d9c4a78552440101f373489cc5240b0144a9ce32691a784b6dfe971a21bb5980ff67da2d1bb90b223c9e192a39c1aeadd1f5c790811079c0b51a97105c99b6f95d71bb3ea47c33d9dcb0a53c929c44499e184a3cd722c908d3b0d157e28ffdeb2ed7192e780d96a7a2f0fd5a87bdc973e049da0caf931f26f5a21813e2e602ceb2259997e0205ce48fd9424bd6d4d75dd4301f429ee30745cd839a40dbeab4c3db2f0f10bbaea071ca41d1392385681730a3678a5f60f604dbe19cb9d7dd234337e327451b8cc65394af399432ef7fc3765d055874ebdca14e5999292d6f72f31e92bacf25db5ef8f5212952c1910de06ddbe1687a0e1837922f2228289916ed3aeb7b9cc24da3ae47139e371930afa6d3573df6732c26c0c7ae06d9cedfa77160711bcb06e6553338deae4c5731cf53cc154113096d02f3036d7d9edfcdc331e4bb860c5208489212e904eab70e7f860b0379895cbdecbf7a0b7a25e5b853c7dbe08a4e296a30afec8cf5a9f6ea4aef32a508655d539a770b21e660c9ee1d7688c56abeb7cf1afccc8d59780cf26312589e0c8e1bc00ad7b1325cd9a5dd69246e0b33407c381ea09265154aec297e4ccdf9785a1042a83e77c13d4ce4360782f2428f9916b5cd123b089eb683d30c1e895b9944aa905a1a5b52301d8cc5e4741834ead6ebdb5dc05c9c49c5e883e99d40b9838037beaf876534d747856103e59caf6266fbbe760b6ef83d004634b74f14f8eb4aef93c4cc9cbbd78d83d532c70feef51ea3f170b25d81a6a9b074bfca7e9b3771bf83517e0dd9d0600f70b86b20f61fe36076f8bada334b2390fa954973bc901619a3cfd039349cb328625f495ab288dbdd6dbfd022c2a83f59e0b998619a12e35891b5ae9e83a71765507b4a571cd2241e5885c705244c1022688bef7c5065fbcf219fc01753adb611b3fbc09403dcb10a4f99d788667eff75fa27074ca8481a633530e26163ccf7dada049d23e717e067b6fa5b2f652bc50abda9e7ccdc5f2f3c35ecc2c4431c819c9691be4422e379750774e9f39dae06f26423c8a4278789c9f3111b43f6dd25b0ad47c4cc5fda3f3ed82079c9366e0adced883488f429c1d7e1b351fd0bb204dd7977ef224c4df6d7a5f7697bc6500a7d03a8a914154779fa7092bf1be6bad4092367ce5d295a5d5d0e7c469f372ca2011d612637025e89f178ae9ada0c5b73bcb7d7c034ff595263cd4216e3c76ba5f3d81932a088a90bf8043e877e299c670ef1622a098d5519d9adc4ee7d4cd00e5934a4375fa83fdb81214b892482b31bdde59a70aaf25cb7f417c3a2a91c4e54b48149f6c41d9d396ee6ff13e3028c64a7c9b1f2e7c6e67184a3d52d6f570db3d225c947423c4c6533f22df57d15c5e5a3183422bd378b06fe4732a9401dcb19840fb8fa5c50a0ff497fef362c507753e46b8881d3e767f3b1d893a3805941c94f2efa05ce34b9ea81d716984af6834230d4707a87089d40779503ee6a9bb245d7d997f14acb80e89731c042bbbbe3dcd05177b0ee0eec23455830ef5b65aca357f2b0b887e0b9821c0", 0x1000}, {&(0x7f0000000340)="b768eb20304f2fdc5a9694a4867840d93170ca1a86406f", 0xfffffec0}], 0x4, 0x0, 0x0, 0x8010}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x21, &(0x7f0000000040), 0x4)
sendmmsg(r1, &(0x7f0000005280)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x5, 0x2004c890)

8.845022858s ago: executing program 1 (id=1676):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x8, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000008110bc000000000095"], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

8.781916381s ago: executing program 1 (id=1678):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="0200000002"], 0x10)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r2, r3, 0x2, 0x2}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="180000000000000000000000000000009500160000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r4}, 0x10)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r5}, 0x8)
close(r6)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r8, r7, 0x2, 0x6, 0x4000}, 0x10)

8.715970612s ago: executing program 1 (id=1679):
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/pid\x00')
ioctl$NS_GET_PARENT(r0, 0x8004b707, 0x0)

8.605468072s ago: executing program 1 (id=1683):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c064001000009053582c1", 0x20}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="e40000000201010800000000000000000a000000d00001800c0002800500"], 0xe4}}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x6}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c00"/28], 0x30}}, 0x0)

4.759875153s ago: executing program 1 (id=1683):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c064001000009053582c1", 0x20}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="e40000000201010800000000000000000a000000d00001800c0002800500"], 0xe4}}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x6}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c00"/28], 0x30}}, 0x0)

1.469418338s ago: executing program 0 (id=1855):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000325bd7000fbdbdf25050000000c000980080002000300000028000280080001"], 0x46}}, 0x4004)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0xa0, 0x30, 0x51b, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x7fffffff}}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}, @m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0xa0}}, 0x14008004)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf250801f2800c00180008ac0f0000000000140001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)

1.393031094s ago: executing program 0 (id=1856):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10)
sendmsg$kcm(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e00000022008102e00f80ecdb4cb9020a", 0x4a}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0)

1.392718174s ago: executing program 0 (id=1857):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fff}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x14, r2, 0x1, 0x0, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x90)

1.324935033s ago: executing program 0 (id=1858):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000ac0)={0x3c, r1, 0x5eae78d9c54e9d3f, 0x0, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_KEY={0x20, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "3e7d9e838196f61c9b54c9c6b8bd5d48"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x3}]}]}, 0x3c}}, 0x0)

853.632166ms ago: executing program 0 (id=1859):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000047733757000000000000000085000000ba00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x79, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xdcf}, 0x94)
r0 = socket$rds(0x15, 0x5, 0x0)
ppoll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0, 0x0, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r0, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000061c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003e80)=""/172, 0xac}, 0x80000000}], 0x1, 0x836b, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r1, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
close(r1)
setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000ec0)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000080)={0x5, <r2=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x13, 0x2, &(0x7f0000000040)=ANY=[@ANYBLOB="85000000a400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40}, 0x94)

424.557298ms ago: executing program 2 (id=1868):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x29, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb904021d08007b490d4f1e81f8d815001f000605142603600e12080005007a010401a800160020e0034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x0)

355.621333ms ago: executing program 2 (id=1869):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x298, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x1c8, 0xffffffff, 0xffffffff, 0x1c8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0x0, 0x0, 0xff000000], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xfffffe00, 'syz1\x00', {0x4}}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [0x0, 0x0, 0x0, 0xffffff00], [0x0, 0x0, 0x0, 0xffffff00], 'wg1\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2f8)

303.069908ms ago: executing program 2 (id=1870):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="0500"/12, @ANYRES32, @ANYBLOB="32e9e2ea96a40c15d21508205a6760df4accede349e80480934cd518721af6b4396a53fee791c327f124133cbdcab939e100afa75a27d70e0ecb151074d25fd5be4684bb42a87055fa3a2afaddc0df9e62b738d48530ec97b52257a6b643aee689a0630dc10b547dcf9f469f", @ANYRES64=0x0], 0x10)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000007c0)={r0}, 0xc)
r1 = socket(0x8, 0x3, 0x0)
ioctl$sock_netrom_SIOCADDRT(r1, 0x61d8, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x94)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b0000000e000000cc0002000600000005000000", @ANYRES32, @ANYBLOB="000000000000f24086caf666dd41c5fcef000000001e0000000000000000000ead2f1e7aeb2c9af4d4ca30edd468e49c913ccc7ad7b918d6d387ae5b6acee6dc9afa8aadc42e1706a46b190dbe97b785a3b1255f1854421605ccd9ebc824556f87a7cbc96fe5fe0ea545d4c05defb8f1076a1b699368e785ca2a68ba8360fba6d99ec32f5248fdcfdd048dcb1afa18d18176db766d3299057ef0f33fa3178aa394a25be8cd07d785455e3bf4e2f80e0561f13712badbafa3f65318d6d6d85ce0a51d6a58d237a8b6ff6d28ee48416f4e22eba29c762fd4b98dc4c41ff3c5567a7929637c4cfb1a03e0b6a5fbbe19c45c44d0d7ef9149ae404f20cb666dbeed1f9448c60a4c07c19c891c6c3991e2c4ece8072e2bfbfe4a060e3ba9cc6b007dc63c7388c3e85834e8ab57cf4142fed0a248227c4c77430155e8e39809f72995db519c1b849cc6b4352b5dc2bd5a8adc25ec396fdce40ccb2aa80d5b65316e79bb3def2cafdfc5a970555ff3bfe2207cb78c437702f8f332ceb8777afcff7fb2cbb2f4e50f5e", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000200)='P', &(0x7f0000000740), 0x4af, r3}, 0x38)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r1)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'ipvlan1\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=ANY=[@ANYBLOB="8c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="0ffe0000000000005000128009000100766c616e0000000040000280060001000000000004000480280003800ca10100400000000600000089e6784300040000000000000c00010006000000090000000600050088a800000800", @ANYRES32=r5], 0x8c}, 0x1, 0xba01}, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0x0, &(0x7f0000000080)=""/231, &(0x7f0000000180), &(0x7f0000000240), 0x2, r3}, 0x38)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})
writev(r2, &(0x7f00000002c0)=[{&(0x7f0000000080)="0bc3ff", 0x3}, {&(0x7f0000000000)='G', 0x1}, {&(0x7f0000000240)="d336bd7524", 0x5}], 0x3)

81.095847ms ago: executing program 2 (id=1871):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x7, [@struct={0x5, 0x1, 0x0, 0xf, 0x0, 0x6, [{0xb, 0x5, 0x7}]}]}, {0x0, [0x5850ee0e47556dcb, 0x0, 0x0, 0x61, 0x61]}}, 0x0, 0x37}, 0x28)

804.071µs ago: executing program 2 (id=1872):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {0x3, 0x0, 0x7}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x54}}, 0x0)

285.118µs ago: executing program 0 (id=1873):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001a00010000000080fbdbd2250a00800000000000000000000800010000000000080009"], 0x2c}}, 0x20000050)

0s ago: executing program 2 (id=1874):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x3, {}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x7, 0xaf, 0x20000000, 0x5b, 0x3}, 0x1}}, @TCA_MPLS_TTL={0x5, 0x7, 0x9}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8848}]}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x74}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:40860' (ED25519) to the list of known hosts.
syzkaller login: [   48.372143][ T5766] cgroup: Unknown subsys name 'net'
[   48.458367][ T5766] cgroup: Unknown subsys name 'cpuset'
[   48.463843][ T5766] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.385825][ T5766] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   54.448926][ T5830] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.453435][ T5219] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.456173][ T5219] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   54.458988][ T5219] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.461919][ T5219] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   54.465661][ T5219] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.469764][ T5219] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   54.473205][ T5219] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   54.476511][ T5219] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   54.479438][ T5219] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   54.507074][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   54.517697][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   54.522115][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   54.526662][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   54.530057][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   54.626282][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   54.757515][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.761718][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.764922][ T5832] bridge_slave_0: entered allmulticast mode
[   54.768842][ T5832] bridge_slave_0: entered promiscuous mode
[   54.774835][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.777836][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.782211][ T5832] bridge_slave_1: entered allmulticast mode
[   54.786112][ T5832] bridge_slave_1: entered promiscuous mode
[   54.826546][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.832045][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.874103][ T5832] team0: Port device team_slave_0 added
[   54.889307][ T5832] team0: Port device team_slave_1 added
[   54.955892][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.958790][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.969835][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.994274][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.997165][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.009055][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.044894][ T5828] chnl_net:caif_netlink_parms(): no params data found
[   55.113908][ T5836] chnl_net:caif_netlink_parms(): no params data found
[   55.144651][ T5832] hsr_slave_0: entered promiscuous mode
[   55.147833][ T5832] hsr_slave_1: entered promiscuous mode
[   55.229774][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.233842][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.236355][ T5828] bridge_slave_0: entered allmulticast mode
[   55.239771][ T5828] bridge_slave_0: entered promiscuous mode
[   55.256013][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.259155][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.264105][ T5828] bridge_slave_1: entered allmulticast mode
[   55.267916][ T5828] bridge_slave_1: entered promiscuous mode
[   55.330157][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.348287][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.353142][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.356405][ T5836] bridge_slave_0: entered allmulticast mode
[   55.361317][ T5836] bridge_slave_0: entered promiscuous mode
[   55.376126][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.391531][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.394483][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.397587][ T5836] bridge_slave_1: entered allmulticast mode
[   55.400455][ T5836] bridge_slave_1: entered promiscuous mode
[   55.425568][ T5828] team0: Port device team_slave_0 added
[   55.459586][ T5828] team0: Port device team_slave_1 added
[   55.477643][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.511638][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.532717][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.535738][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.547404][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.571071][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.574009][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.584569][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.607489][ T5836] team0: Port device team_slave_0 added
[   55.637105][ T5836] team0: Port device team_slave_1 added
[   55.695306][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.698334][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.709315][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.732410][ T5828] hsr_slave_0: entered promiscuous mode
[   55.735757][ T5828] hsr_slave_1: entered promiscuous mode
[   55.738744][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.742359][ T5828] Cannot create hsr debugfs directory
[   55.745831][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.748707][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.759016][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.855464][ T5836] hsr_slave_0: entered promiscuous mode
[   55.858668][ T5836] hsr_slave_1: entered promiscuous mode
[   55.863792][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.867060][ T5836] Cannot create hsr debugfs directory
[   55.913174][ T5832] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   55.929711][ T5832] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   55.954334][ T5832] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   55.977800][ T5832] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   56.126282][ T5828] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.137101][ T5828] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.155217][ T5828] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.185958][ T5828] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.217033][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   56.223736][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   56.234732][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   56.245897][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.306859][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.343273][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   56.352965][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.355769][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.379466][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.382367][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.427693][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.447871][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.457396][ T5836] 8021q: adding VLAN 0 to HW filter on device team0
[   56.480705][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.483115][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.498625][ T5828] 8021q: adding VLAN 0 to HW filter on device team0
[   56.518361][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.521500][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.561857][ T5835] Bluetooth: hci0: command tx timeout
[   56.562421][ T5837] Bluetooth: hci1: command tx timeout
[   56.564516][ T5835] Bluetooth: hci2: command tx timeout
[   56.570427][ T4812] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.573497][ T4812] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.597742][ T4812] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.600669][ T4812] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.687766][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.760410][ T5832] veth0_vlan: entered promiscuous mode
[   56.765603][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.776321][ T5832] veth1_vlan: entered promiscuous mode
[   56.819355][ T5836] veth0_vlan: entered promiscuous mode
[   56.832440][ T5832] veth0_macvtap: entered promiscuous mode
[   56.840561][ T5836] veth1_vlan: entered promiscuous mode
[   56.849263][ T5832] veth1_macvtap: entered promiscuous mode
[   56.865931][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.877585][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.890418][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.902577][ T5836] veth0_macvtap: entered promiscuous mode
[   56.910564][ T5836] veth1_macvtap: entered promiscuous mode
[   56.924330][ T5832] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.928131][ T5832] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.932498][ T5832] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.935312][ T5832] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.972472][ T5828] veth0_vlan: entered promiscuous mode
[   56.985383][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.009300][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.016937][ T5836] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.020417][ T5836] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.026042][ T5836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.029569][ T5836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.037598][ T5828] veth1_vlan: entered promiscuous mode
[   57.047174][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.052656][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.108650][ T1027] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.112860][ T1027] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.125499][ T5828] veth0_macvtap: entered promiscuous mode
[   57.148690][ T5828] veth1_macvtap: entered promiscuous mode
[   57.165028][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   57.194966][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.208934][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.211440][ T1027] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.211464][ T1027] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.253250][ T5828] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.256820][ T5828] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.260253][ T5828] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.266378][ T5828] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.276775][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.279316][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.331645][ T5896] syzkaller0: create flow: hash 3080195966 index 1
[   57.350644][ T5895] syzkaller0: delete flow: hash 3080195966 index 1
[   58.019730][ T1087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.026650][ T1087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.075112][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.078027][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.097540][ T5901] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   58.324175][ T5913] netlink: 'syz.1.9': attribute type 1 has an invalid length.
[   58.470403][ T5922] syz.0.10 uses obsolete (PF_INET,SOCK_PACKET)
[   58.641398][ T5830] Bluetooth: hci0: command tx timeout
[   58.644751][ T5830] Bluetooth: hci2: command tx timeout
[   58.647112][ T5835] Bluetooth: hci1: command tx timeout
[   58.726268][ T5934] netlink: 24 bytes leftover after parsing attributes in process `syz.1.18'.
[   58.887199][ T5938] IPVS: length: 209 != 24
[   59.011997][ T5940] GUP no longer grows the stack in syz.2.21 (5940): 200000006000-20000000a000 (200000005000)
[   59.022526][ T5940] CPU: 1 UID: 0 PID: 5940 Comm: syz.2.21 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   59.022552][ T5940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   59.022561][ T5940] Call Trace:
[   59.022568][ T5940]  <TASK>
[   59.022574][ T5940]  dump_stack_lvl+0x189/0x250
[   59.022600][ T5940]  ? __pfx_dump_stack_lvl+0x10/0x10
[   59.022616][ T5940]  ? __pfx__printk+0x10/0x10
[   59.022632][ T5940]  ? find_vma+0xe7/0x160
[   59.022660][ T5940]  __get_user_pages+0x2a60/0x30b0
[   59.022700][ T5940]  ? __pfx___get_user_pages+0x10/0x10
[   59.022713][ T5940]  ? __gup_longterm_locked+0xbf7/0x15b0
[   59.022741][ T5940]  ? down_read_killable+0x1d1/0x350
[   59.022757][ T5940]  ? try_get_folio+0x633/0x660
[   59.022774][ T5940]  __gup_longterm_locked+0xd66/0x15b0
[   59.022793][ T5940]  ? try_grab_folio_fast+0x1be/0x4f0
[   59.022813][ T5940]  ? gup_fast_fallback+0x1afc/0x2260
[   59.022829][ T5940]  gup_fast_fallback+0x1cd4/0x2260
[   59.022901][ T5940]  ? __pfx_gup_fast_fallback+0x10/0x10
[   59.022917][ T5940]  ? trace_contention_end+0x39/0x120
[   59.022936][ T5940]  ? __mutex_lock+0x330/0xe80
[   59.022953][ T5940]  ? is_valid_gup_args+0x11f/0x200
[   59.022969][ T5940]  ? get_user_pages_fast+0x4d/0xb0
[   59.022984][ T5940]  __iov_iter_get_pages_alloc+0x39a/0xb40
[   59.023006][ T5940]  ? __pfx_pipe_clear_nowait+0x10/0x10
[   59.023026][ T5940]  ? wait_for_space+0x24d/0x2d0
[   59.023044][ T5940]  iov_iter_get_pages2+0x5e/0xa0
[   59.023063][ T5940]  __se_sys_vmsplice+0x548/0x10d0
[   59.023096][ T5940]  ? __pfx___se_sys_vmsplice+0x10/0x10
[   59.023113][ T5940]  ? __lock_acquire+0xab9/0xd20
[   59.023127][ T5940]  ? __pfx_futex_wake+0x10/0x10
[   59.023148][ T5940]  ? __lock_acquire+0xab9/0xd20
[   59.023186][ T5940]  ? do_pipe2+0xf7/0x170
[   59.023206][ T5940]  ? rcu_is_watching+0x15/0xb0
[   59.023227][ T5940]  ? do_syscall_64+0xbe/0x3b0
[   59.023244][ T5940]  do_syscall_64+0xfa/0x3b0
[   59.023258][ T5940]  ? lockdep_hardirqs_on+0x9c/0x150
[   59.023270][ T5940]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.023283][ T5940]  ? exc_page_fault+0x9f/0xf0
[   59.023304][ T5940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.023316][ T5940] RIP: 0033:0x7f108338e929
[   59.023330][ T5940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.023342][ T5940] RSP: 002b:00007f1084256038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
[   59.023359][ T5940] RAX: ffffffffffffffda RBX: 00007f10835b5fa0 RCX: 00007f108338e929
[   59.023368][ T5940] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000009
[   59.023377][ T5940] RBP: 00007f1083410b39 R08: 0000000000000000 R09: 0000000000000000
[   59.023385][ T5940] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[   59.023393][ T5940] R13: 0000000000000000 R14: 00007f10835b5fa0 R15: 00007ffcd6225668
[   59.023415][ T5940]  </TASK>
[   59.345407][ T5953] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[   59.427973][ T5962] veth0: entered promiscuous mode
[   59.430760][ T5962] netlink: 4 bytes leftover after parsing attributes in process `syz.1.26'.
[   59.944996][ T5999] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   60.063026][ T6009] netlink: 4 bytes leftover after parsing attributes in process `syz.2.31'.
[   60.721142][ T5837] Bluetooth: hci1: command tx timeout
[   60.722713][ T5835] Bluetooth: hci2: command tx timeout
[   60.723592][ T5837] Bluetooth: hci0: command tx timeout
[   61.304856][ T6099] tipc: Can't bind to reserved service type 0
[   61.319234][ T6099] bond0: entered promiscuous mode
[   61.324151][ T6099] bond_slave_0: entered promiscuous mode
[   61.326715][ T6099] bond_slave_1: entered promiscuous mode
[   61.329394][ T6099] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   61.334711][ T6099] bond0: left promiscuous mode
[   61.336525][ T6099] bond_slave_0: left promiscuous mode
[   61.338874][ T6099] bond_slave_1: left promiscuous mode
[   61.548453][ T6123] dvmrp0: entered allmulticast mode
[   61.903693][ T6149] netlink: 27 bytes leftover after parsing attributes in process `syz.1.65'.
[   61.988727][ T6156] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.68'.
[   62.429945][ T6195] netlink: 308 bytes leftover after parsing attributes in process `syz.1.86'.
[   62.441072][ T6195] netlink: 8 bytes leftover after parsing attributes in process `syz.1.86'.
[   62.453637][ T6195] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check.
[   62.514936][ T6201] netlink: 4 bytes leftover after parsing attributes in process `syz.0.89'.
[   62.802952][ T5837] Bluetooth: hci2: command tx timeout
[   62.802982][ T5830] Bluetooth: hci1: command tx timeout
[   62.813017][ T5830] Bluetooth: hci0: command tx timeout
[   62.862018][ T6230] tipc: Invalid UDP bearer configuration
[   62.862049][ T6230] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[   63.030531][ T6240] netlink: 'syz.2.108': attribute type 4 has an invalid length.
[   63.058019][ T6240] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check.
[   63.147973][ T6249] netlink: 8 bytes leftover after parsing attributes in process `syz.1.110'.
[   63.162294][ T6249] vlan2: entered allmulticast mode
[   63.244756][ T6255] netlink: 6 bytes leftover after parsing attributes in process `syz.2.113'.
[   63.387781][ T6263] netlink: 'syz.2.117': attribute type 1 has an invalid length.
[   63.559114][ T6273] syzkaller1: entered promiscuous mode
[   63.561704][ T6273] syzkaller1: entered allmulticast mode
[   63.929993][ T6290] sctp: [Deprecated]: syz.2.130 (pid 6290) Use of struct sctp_assoc_value in delayed_ack socket option.
[   63.929993][ T6290] Use struct sctp_sack_info instead
[   64.194339][ T6309] netlink: 'syz.1.135': attribute type 13 has an invalid length.
[   64.198131][ T6309] netlink: 'syz.1.135': attribute type 17 has an invalid length.
[   64.242955][ T6309] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   64.364934][ T6301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   64.420142][ T6301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   64.477268][ T6301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   65.082799][ T6328] netlink: 12 bytes leftover after parsing attributes in process `syz.1.142'.
[   65.257102][ T6341] netlink: 60 bytes leftover after parsing attributes in process `syz.1.149'.
[   65.305109][ T6343] tun0: tun_chr_ioctl cmd 1074025675
[   65.308071][ T6343] tun0: persist enabled
[   65.309794][ T6343] tun0: tun_chr_ioctl cmd 1074025675
[   65.315061][ T6346] netlink: 'syz.0.150': attribute type 1 has an invalid length.
[   65.316582][ T6343] tun0: persist disabled
[   65.318880][ T6346] netlink: 16150 bytes leftover after parsing attributes in process `syz.0.150'.
[   65.808737][ T6394] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[   65.821712][ T6394] macsec1: entered promiscuous mode
[   65.824397][ T6394] macsec1: entered allmulticast mode
[   65.826647][ T6394] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[   65.976133][ T6411] netlink: 'syz.1.179': attribute type 29 has an invalid length.
[   66.048286][ T6415] vlan3: entered promiscuous mode
[   66.050134][ T6415] bond0: entered promiscuous mode
[   66.051943][ T6415] bond_slave_0: entered promiscuous mode
[   66.054273][ T6415] bond_slave_1: entered promiscuous mode
[   66.852240][ T6420] syzkaller1: entered promiscuous mode
[   66.854673][ T6420] syzkaller1: entered allmulticast mode
[   67.567619][ T6459] netlink: 'syz.2.194': attribute type 32 has an invalid length.
[   67.596713][ T6459] netlink: 8 bytes leftover after parsing attributes in process `syz.2.194'.
[   67.615250][ T6459] (unnamed net_device) (uninitialized): option coupled_control: invalid value (192)
[   67.636399][ T6462] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   67.884855][ T6479] netlink: 8 bytes leftover after parsing attributes in process `syz.1.199'.
[   68.195970][ T6512] netlink: 16 bytes leftover after parsing attributes in process `syz.0.215'.
[   68.308276][ T6522] Zero length message leads to an empty skb
[   68.343948][ T6528] netlink: 8 bytes leftover after parsing attributes in process `syz.0.223'.
[   68.347232][ T6528] netlink: 4 bytes leftover after parsing attributes in process `syz.0.223'.
[   68.524628][ T6544] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.539646][ T6548] netlink: 4 bytes leftover after parsing attributes in process `syz.2.233'.
[   68.607890][ T6544] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.677621][ T6544] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.749896][ T6544] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.759110][ T6565] netlink: 'syz.2.240': attribute type 4 has an invalid length.
[   68.829197][ T6544] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.844857][ T6544] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.856248][ T6544] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.866667][ T6544] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   70.179357][ T6604] netlink: 16 bytes leftover after parsing attributes in process `syz.2.257'.
[   70.462146][ T6634] warning: `syz.0.272' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   70.597612][ T6651] netlink: 'syz.2.280': attribute type 46 has an invalid length.
[   70.638080][    T9] IPVS: starting estimator thread 0...
[   70.739582][ T6658] IPVS: using max 80 ests per chain, 192000 per kthread
[   70.792954][ T6670] ip6gretap0: entered promiscuous mode
[   70.805181][ T6670] ip6gretap0: left promiscuous mode
[   70.918966][ T6682] netlink: 277 bytes leftover after parsing attributes in process `syz.2.295'.
[   71.045563][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.190239][ T6704] netlink: 'syz.2.305': attribute type 10 has an invalid length.
[   71.197535][ T6704] bond0: (slave batadv0): Error -22 calling dev_set_mtu
[   71.600422][ T6711] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048)
[   71.895849][ T6729] netlink: 12 bytes leftover after parsing attributes in process `syz.2.317'.
[   72.053635][ T6739] netlink: 'syz.0.322': attribute type 6 has an invalid length.
[   72.056873][ T6739] netlink: 32 bytes leftover after parsing attributes in process `syz.0.322'.
[   72.067261][ T6742] netlink: 48 bytes leftover after parsing attributes in process `syz.2.323'.
[   72.074588][ T6742] netlink: 56 bytes leftover after parsing attributes in process `syz.2.323'.
[   72.117259][ T6744] bridge_slave_0: left allmulticast mode
[   72.119724][ T6744] bridge_slave_0: left promiscuous mode
[   72.123758][ T6744] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.134283][ T6744] bridge_slave_1: left allmulticast mode
[   72.136692][ T6744] bridge_slave_1: left promiscuous mode
[   72.139827][ T6744] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.154148][ T6744] bond0: (slave bond_slave_0): Releasing backup interface
[   72.164776][ T6744] bond0: (slave bond_slave_1): Releasing backup interface
[   72.186390][ T6744] team0: Port device team_slave_0 removed
[   72.195028][ T6744] team0: Port device team_slave_1 removed
[   72.198462][ T6744] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   72.204184][ T6744] batman_adv: batadv0: Removing interface: batadv_slave_0
[   72.209499][ T6744] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   72.213263][ T6744] batman_adv: batadv0: Removing interface: batadv_slave_1
[   72.247952][ T6752] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[   72.260452][    C0] Illegal XDP return value 16128 on prog  (id 34) dev lo, expect packet loss!
[   72.454468][ T6766] vlan0: entered promiscuous mode
[   72.649610][ T6782] netlink: 104 bytes leftover after parsing attributes in process `syz.0.342'.
[   72.688241][ T6786] Bluetooth: MGMT ver 1.23
[   72.966040][ T6802] xt_CT: No such helper "syz1"
[   73.057764][ T6808] block nbd0: not configured, cannot reconfigure
[   73.062144][ T6808] netlink: 64 bytes leftover after parsing attributes in process `syz.0.354'.
[   73.065765][ T6808] netlink: 64 bytes leftover after parsing attributes in process `syz.0.354'.
[   73.139823][ T6810] netlink: 256 bytes leftover after parsing attributes in process `syz.1.355'.
[   73.508797][ T6828] bridge0: entered promiscuous mode
[   73.516875][ T6828] bridge0: port 3(macvlan2) entered blocking state
[   73.519262][ T6828] bridge0: port 3(macvlan2) entered disabled state
[   73.529213][ T6828] macvlan2: entered allmulticast mode
[   73.532001][ T6828] bridge0: entered allmulticast mode
[   73.538819][ T6828] macvlan2: left allmulticast mode
[   73.540637][ T6828] bridge0: left allmulticast mode
[   73.543093][ T6828] bridge0: left promiscuous mode
[   73.959805][ T6865] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   73.965616][ T6865] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   73.969974][ T6865] bond0 (unregistering): Released all slaves
[   73.982619][ T6873] wg1: entered promiscuous mode
[   73.984317][ T6873] wg1: entered allmulticast mode
[   74.309975][ T6898] block nbd1: not configured, cannot reconfigure
[   74.524189][ T6919] netlink: 'syz.2.408': attribute type 8 has an invalid length.
[   74.577563][ T6925] Bluetooth: MGMT ver 1.23
[   76.107839][ T7008] netlink: 'syz.2.450': attribute type 12 has an invalid length.
[   76.793196][ T7049] __nla_validate_parse: 7 callbacks suppressed
[   76.793210][ T7049] netlink: 12 bytes leftover after parsing attributes in process `syz.0.469'.
[   76.810539][ T7049] netlink: 16 bytes leftover after parsing attributes in process `syz.0.469'.
[   78.247442][ T7072] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[   78.264871][ T7101] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[   78.547522][ T7128] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[   78.552195][ T7128] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[   78.594672][ T7132] netlink: 48 bytes leftover after parsing attributes in process `syz.1.508'.
[   78.689214][ T7140] x_tables: duplicate underflow at hook 4
[   78.695899][ T7138] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   78.699487][ T7138] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   78.703285][ T7138] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   78.706986][ T7138] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   78.720250][ T7142] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048)
[   78.777506][ T7146] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   78.946117][ T7156] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   79.178838][ T7180] netlink: 'syz.1.532': attribute type 32 has an invalid length.
[   79.332211][ T7194] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   79.337432][ T7194] batadv_slave_0: entered promiscuous mode
[   79.339999][ T7194] batadv_slave_0: entered allmulticast mode
[   79.445430][ T5830] Bluetooth: hci0: command 0x0c20 tx timeout
[   79.597338][ T7211] netlink: 4 bytes leftover after parsing attributes in process `syz.0.547'.
[   79.995095][ T7240] netlink: 24 bytes leftover after parsing attributes in process `syz.0.561'.
[   80.016579][ T7240] netlink: 4 bytes leftover after parsing attributes in process `syz.0.561'.
[   80.091887][ T7245] netlink: 4 bytes leftover after parsing attributes in process `syz.0.564'.
[   80.497234][ T7278] lo speed is unknown, defaulting to 1000
[   80.499856][ T7278] lo speed is unknown, defaulting to 1000
[   80.507391][ T7278] lo speed is unknown, defaulting to 1000
[   80.512862][ T7278] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   80.549040][ T7278] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   80.555461][ T7280] lo speed is unknown, defaulting to 1000
[   80.563239][ T5830] Bluetooth: hci2: command tx timeout
[   80.606358][ T7278] lo speed is unknown, defaulting to 1000
[   80.618242][ T7278] lo speed is unknown, defaulting to 1000
[   80.627885][ T7278] lo speed is unknown, defaulting to 1000
[   80.804759][ T7300] netlink: 'syz.0.588': attribute type 5 has an invalid length.
[   80.865448][ T7304] lo speed is unknown, defaulting to 1000
[   81.168946][ T7331] netlink: 244 bytes leftover after parsing attributes in process `syz.0.602'.
[   81.284962][   T10] cfg80211: failed to load regulatory.db
[   81.350893][   T24] IPVS: starting estimator thread 0...
[   81.376764][ T7338] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.379446][ T7338] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.441394][ T7345] IPVS: using max 49 ests per chain, 117600 per kthread
[   81.535449][ T7338] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   81.548052][ T7338] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   81.607346][ T7354] netlink: 8 bytes leftover after parsing attributes in process `syz.1.612'.
[   81.613156][ T7354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.612'.
[   81.617673][ T7354] netlink: 'syz.1.612': attribute type 1 has an invalid length.
[   81.647676][ T7338] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   81.650609][ T7338] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   81.653944][ T7338] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   81.656899][ T7338] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   81.675951][   T57] block nbd0: Receive control failed (result -107)
[   82.022490][ T7384] Cannot find del_set index 286 as target
[   82.389691][ T7420] __nla_validate_parse: 1 callbacks suppressed
[   82.389705][ T7420] netlink: 4 bytes leftover after parsing attributes in process `syz.0.639'.
[   82.592922][ T7424] bond0: entered promiscuous mode
[   82.597295][ T7424] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   82.603721][ T7424] bond0: left promiscuous mode
[   83.372026][ T7462] netlink: 4 bytes leftover after parsing attributes in process `syz.2.659'.
[   83.439641][ T7466] netlink: 12 bytes leftover after parsing attributes in process `syz.2.661'.
[   83.528171][ T7470] batman_adv: batadv0: Removing interface: batadv_slave_1
[   84.335910][ T7441] Set syz1 is full, maxelem 65536 reached
[   85.369689][ T7555] netlink: 'syz.0.703': attribute type 32 has an invalid length.
[   85.373580][ T7555] netlink: 8 bytes leftover after parsing attributes in process `syz.0.703'.
[   85.377942][ T7555] (unnamed net_device) (uninitialized): option coupled_control: invalid value (192)
[   85.414552][ T7559] vlan2: entered promiscuous mode
[   85.416261][ T7559] bond0: entered promiscuous mode
[   86.448593][ T7594] netlink: 16 bytes leftover after parsing attributes in process `syz.1.713'.
[   86.452498][ T7596] netlink: 8 bytes leftover after parsing attributes in process `syz.2.714'.
[   86.461166][ T7596] netlink: 4 bytes leftover after parsing attributes in process `syz.2.714'.
[   86.561540][ T7603] netlink: 'syz.0.717': attribute type 4 has an invalid length.
[   86.571972][ T7603] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check.
[   87.785986][ T7662] ip6gretap0: entered promiscuous mode
[   87.791011][ T7662] ip6gretap0: left promiscuous mode
[   87.905333][ T7678] tipc: Started in network mode
[   87.906991][ T7678] tipc: Node identity 00000000000000008, cluster identity 4711
[   87.968074][ T7685] !: renamed from dummy0 (while UP)
[   88.214647][ T7698] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[   88.296717][ T7705] netlink: 52 bytes leftover after parsing attributes in process `syz.1.761'.
[   88.299777][ T7705] netlink: 52 bytes leftover after parsing attributes in process `syz.1.761'.
[   88.449244][ T7696] lo speed is unknown, defaulting to 1000
[   88.702762][ T7724] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048)
[   89.081394][ T7732] dvmrp0: entered allmulticast mode
[   89.728167][ T7686] Set syz1 is full, maxelem 65536 reached
[   89.862486][ T7758] vlan0: entered promiscuous mode
[   90.186293][ T7777] netlink: 104 bytes leftover after parsing attributes in process `syz.2.787'.
[   90.426061][ T7798] block nbd2: not configured, cannot reconfigure
[   90.431348][ T7798] netlink: 64 bytes leftover after parsing attributes in process `syz.2.800'.
[   90.435014][ T7798] netlink: 64 bytes leftover after parsing attributes in process `syz.2.800'.
[   90.698782][ T7815] xt_l2tp: missing protocol rule (udp|l2tpip)
[   90.933591][ T7827] erspan0: entered promiscuous mode
[   90.936795][ T7827] batman_adv: batadv0: Adding interface: macvlan2
[   90.938879][ T7827] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1450) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.969675][ T7827] batman_adv: batadv0: Interface activated: macvlan2
[   91.002156][ T7827] netlink: 12 bytes leftover after parsing attributes in process `syz.1.814'.
[   91.017882][ T7831] lo speed is unknown, defaulting to 1000
[   91.447483][ T7839] netlink: 4 bytes leftover after parsing attributes in process `syz.1.818'.
[   91.998630][ T7897] lo: MTU too low for tipc bearer
[   92.000368][ T7897] tipc: Enabling of bearer <ib:lo> rejected, failed to enable media
[   92.366838][ T7926] netlink: 566 bytes leftover after parsing attributes in process `syz.2.856'.
[   92.628457][ T7951] netlink: 8 bytes leftover after parsing attributes in process `syz.0.867'.
[   92.769909][ T7966] netlink: 8 bytes leftover after parsing attributes in process `syz.2.876'.
[   93.530693][ T8034] xt_l2tp: v2 tid > 0xffff: 4294967295
[   94.008552][ T8065] __nla_validate_parse: 2 callbacks suppressed
[   94.008563][ T8065] netlink: 24 bytes leftover after parsing attributes in process `syz.0.921'.
[   94.056428][ T8067] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048)
[   94.470626][ T8081] netlink: 'syz.0.929': attribute type 1 has an invalid length.
[   94.535701][ T8081] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[   94.538942][ T8081] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[   94.561039][ T8081] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[   94.564419][ T8081] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[   94.569981][ T8081] bond2: (slave geneve2): making interface the new active one
[   94.578377][ T8088] netlink: 28 bytes leftover after parsing attributes in process `syz.0.929'.
[   94.586500][ T8081] bond2: (slave geneve2): Enslaving as an active interface with an up link
[   94.595582][ T8088] 8021q: adding VLAN 0 to HW filter on device bond2
[   95.289368][ T8153] netlink: 60 bytes leftover after parsing attributes in process `syz.2.959'.
[   95.303165][ T8153] netlink: 60 bytes leftover after parsing attributes in process `syz.2.959'.
[   95.500516][ T8167] netlink: 8 bytes leftover after parsing attributes in process `syz.2.965'.
[   95.783013][ T8194] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[   95.868054][ T8198] netlink: 16 bytes leftover after parsing attributes in process `syz.2.979'.
[   95.871177][ T8198] netlink: 24 bytes leftover after parsing attributes in process `syz.2.979'.
[   96.148685][ T8222] netlink: 4 bytes leftover after parsing attributes in process `syz.2.990'.
[   96.236149][ T8232] SET target dimension over the limit!
[   96.412528][ T8253] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   96.777796][ T8278] trusted_key: syz.2.1018 sent an empty control message without MSG_MORE.
[   97.035346][ T8298] netlink: zone id is out of range
[   97.037480][ T8298] netlink: zone id is out of range
[   97.039154][ T8298] netlink: zone id is out of range
[   97.047440][ T8298] netlink: zone id is out of range
[   97.049378][ T8298] netlink: zone id is out of range
[   97.053089][ T8298] netlink: zone id is out of range
[   97.054906][ T8298] netlink: zone id is out of range
[   97.056704][ T8298] netlink: zone id is out of range
[   97.058513][ T8298] netlink: zone id is out of range
[   97.127477][ T8307] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1025'.
[   97.134592][ T8307] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1025'.
[   97.137500][ T8308] netlink: 'syz.1.1024': attribute type 4 has an invalid length.
[   97.176408][ T8312] RDS: rds_bind could not find a transport for 100:806:aaaa:aaaa:aaaa::, load rds_tcp or rds_rdma?
[   97.616734][ T8361] netlink: 'syz.1.1050': attribute type 15 has an invalid length.
[   97.724206][ T8372] netlink: 'syz.2.1054': attribute type 1 has an invalid length.
[   97.744544][   T57] block nbd1: Receive control failed (result -107)
[   97.844855][ T8380] block nbd2: not configured, cannot reconfigure
[   99.231729][ T8396] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[   99.338021][ T8420] __nla_validate_parse: 6 callbacks suppressed
[   99.338037][ T8420] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1077'.
[   99.383428][ T8423] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1079'.
[   99.427650][ T8416] lo speed is unknown, defaulting to 1000
[   99.531664][ T5837] Bluetooth: hci2: command 0x0405 tx timeout
[   99.609823][ T8441] netlink: 134820 bytes leftover after parsing attributes in process `syz.0.1087'.
[   99.725108][ T8449] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  100.252732][ T8485] bridge_slave_0: entered promiscuous mode
[  100.485834][ T5830] Bluetooth: hci0: command 0x0c20 tx timeout
[  100.741761][ T8534] tipc: Started in network mode
[  100.744499][ T8534] tipc: Node identity 4, cluster identity 4711
[  100.746674][ T8534] tipc: Node number set to 4
[  100.836164][ T8527] netlink: 'syz.2.1124': attribute type 4 has an invalid length.
[  100.944391][ T8550] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1132'.
[  101.207305][ T8581] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  101.715024][ T8607] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1150'.
[  101.718130][ T8607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1150'.
[  101.856866][ T8621] IPVS: persistence engine module ip_vs_pe_ not found
[  101.968196][ T8636] netlink: 'syz.1.1164': attribute type 16 has an invalid length.
[  102.013746][ T8639] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode active-backup(1)
[  102.287662][ T8658] net_ratelimit: 197 callbacks suppressed
[  102.287682][ T8658] IPVS: sed: UDP 224.0.0.2:0 - no destination available
[  102.293793][ T5897] IPVS: starting estimator thread 0...
[  102.376371][ T8668] netlink: 'syz.2.1178': attribute type 3 has an invalid length.
[  102.380698][ T8668] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1178'.
[  102.391124][ T8662] IPVS: using max 40 ests per chain, 96000 per kthread
[  102.740986][ T8711] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1195'.
[  102.762550][ T8715] netlink: 4696 bytes leftover after parsing attributes in process `syz.2.1198'.
[  102.765957][ T8715] netlink: 4696 bytes leftover after parsing attributes in process `syz.2.1198'.
[  102.800719][ T8718] sctp: [Deprecated]: syz.1.1201 (pid 8718) Use of int in max_burst socket option.
[  102.800719][ T8718] Use struct sctp_assoc_value instead
[  102.917328][ T8730] lo speed is unknown, defaulting to 1000
[  102.997820][ T8737] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  103.014916][ T8730] netlink: 'syz.2.1205': attribute type 13 has an invalid length.
[  103.018446][ T8730] netlink: 'syz.2.1205': attribute type 17 has an invalid length.
[  103.023192][ T8737] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.071949][ T8737] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  103.076451][ T8737] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.154544][ T8737] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  103.158854][ T8737] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.213692][ T8737] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  103.223560][ T8737] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.348627][ T8737] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  103.373525][ T8737] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.397834][ T8737] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  103.402489][ T8737] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.425925][ T8737] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  103.429341][ T8737] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.439915][ T8737] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  103.461055][ T8737] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.866569][ T8788] syzkaller1: entered promiscuous mode
[  103.869161][ T8788] syzkaller1: entered allmulticast mode
[  104.418062][ T8821] __nla_validate_parse: 3 callbacks suppressed
[  104.418074][ T8821] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1239'.
[  104.424624][ T8818] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1239'.
[  104.909448][ T8845] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1251'.
[  104.921893][ T8845] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1251'.
[  105.542028][ T8881] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1268'.
[  105.570467][ T8881] 8021q: adding VLAN 0 to HW filter on device bond1
[  105.590341][ T8881] bond1: (slave veth3): Enslaving as an active interface with an up link
[  105.606567][ T8881] vlan2: entered allmulticast mode
[  105.608316][ T8881] veth1: entered allmulticast mode
[  105.610540][ T8881] bond1: (slave vlan2): Opening slave failed
[  105.704279][ T8884] netlink: 'syz.2.1269': attribute type 3 has an invalid length.
[  106.589793][ T8914] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1283'.
[  106.634203][ T8917] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1285'.
[  106.712861][ T8922] netlink: 'syz.0.1287': attribute type 4 has an invalid length.
[  106.715768][ T8922] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1287'.
[  106.724635][ T8922] : renamed from bond0 (while UP)
[  106.814501][ T8930] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  106.923083][ T8939] veth0_to_bridge: entered promiscuous mode
[  106.937449][ T8938] veth0_to_bridge: left promiscuous mode
[  107.303792][ T8970] nbd: socks must be embedded in a SOCK_ITEM attr
[  107.672114][ T8992] C: renamed from team_slave_0 (while UP)
[  107.677691][ T8992] netlink: 'syz.1.1319': attribute type 3 has an invalid length.
[  107.680620][ T8992] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1319'.
[  107.685480][ T8992] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  107.962106][ T9008] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1327'.
[  107.967268][ T9008] netlink: 'syz.1.1327': attribute type 5 has an invalid length.
[  108.654923][ T9045] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  108.657385][ T9045] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  108.974189][ T9063] xt_socket: unknown flags 0xd0
[  109.708279][ T9120] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  109.711936][ T9120] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.767488][ T9120] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  109.771105][ T9120] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.821605][ T9120] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  109.825713][ T9120] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.866566][ T9120] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  109.869940][ T9120] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.964435][ T9136] __nla_validate_parse: 6 callbacks suppressed
[  109.964452][ T9136] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1388'.
[  109.973476][ T9120] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  109.976767][ T9120] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.988290][ T9120] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  109.991727][ T9120] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.004506][ T9120] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  110.008134][ T9120] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.022257][ T9120] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  110.025820][ T9120] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.119430][ T9144] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled
[  110.213872][ T9152] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1394'.
[  110.282533][ T9157] xt_CT: No such helper "snmp_trap"
[  110.551665][ T9176] netlink: del zone limit has 4 unknown bytes
[  110.913285][ T9194] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1414'.
[  110.920198][ T9194] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1414'.
[  111.003957][ T9200] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1417'.
[  111.288827][ T9214] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1423'.
[  111.534692][ T9233] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1430'.
[  111.573479][ T9236] netlink: 'syz.1.1433': attribute type 4 has an invalid length.
[  111.603785][ T9236] netlink: 'syz.1.1433': attribute type 4 has an invalid length.
[  111.616952][   T24] lo speed is unknown, defaulting to 1000
[  111.620022][ T1271] lo speed is unknown, defaulting to 1000
[  112.019462][ T9267] x_tables: duplicate underflow at hook 2
[  112.064559][ T9272] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1446'.
[  112.333261][ T9289] tipc: Started in network mode
[  112.335395][ T9289] tipc: Node identity 22f078db6ec5, cluster identity 4711
[  112.338563][ T9289] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  112.368492][ T9289] syzkaller0: entered promiscuous mode
[  112.371047][ T9289] syzkaller0: entered allmulticast mode
[  112.374098][ T9289] tipc: Resetting bearer <eth:syzkaller0>
[  112.379540][ T9288] tipc: Resetting bearer <eth:syzkaller0>
[  113.267550][ T9288] tipc: Disabling bearer <eth:syzkaller0>
[  113.284371][ T9294] bridge0: port 3(ipvlan2) entered blocking state
[  113.287461][ T9294] bridge0: port 3(ipvlan2) entered disabled state
[  113.290370][ T9294] ipvlan2: entered allmulticast mode
[  113.293043][ T9294] bridge0: entered allmulticast mode
[  113.298428][ T9294] ipvlan2: left allmulticast mode
[  113.300635][ T9294] bridge0: left allmulticast mode
[  113.350423][ T9304] tipc: New replicast peer: 255.255.255.255
[  113.353843][ T9304] tipc: Enabled bearer <udp:syz2>, priority 10
[  113.392666][ T9304] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1458'.
[  113.816645][ T9336] netlink: 'syz.1.1473': attribute type 1 has an invalid length.
[  113.819984][ T9336] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1473'.
[  113.940341][ T9347] netlink: 'syz.0.1476': attribute type 13 has an invalid length.
[  113.946304][ T9347] netlink: 'syz.0.1476': attribute type 17 has an invalid length.
[  114.005502][ T9347] 8021q: adding VLAN 0 to HW filter on device 
[  114.015623][ T9347] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  114.033247][ T9348] tipc: New replicast peer: 255.255.255.255
[  114.036076][ T9348] tipc: Enabled bearer <udp:syz2>, priority 10
[  114.054138][ T9350] tipc: Disabling bearer <udp:syz2>
[  114.065686][ T9349] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  114.472450][ T5297] tipc: Node number set to 2147483648
[  114.725124][ T9341] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  115.327099][ T9379] __nla_validate_parse: 2 callbacks suppressed
[  115.327118][ T9379] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1491'.
[  115.484168][ T9388] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  115.789581][ T9401] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1500'.
[  115.853677][ T9406] netlink: 'syz.1.1502': attribute type 11 has an invalid length.
[  115.861173][ T9406] netlink: 140 bytes leftover after parsing attributes in process `syz.1.1502'.
[  116.215528][ T9440] syz.1.1519 (9440) used greatest stack depth: 18824 bytes left
[  116.232463][ T9447] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1523'.
[  116.379038][ T9462] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1528'.
[  116.383476][ T9460] netlink: 'syz.1.1527': attribute type 1 has an invalid length.
[  116.388627][ T9460] netlink: 136 bytes leftover after parsing attributes in process `syz.1.1527'.
[  116.393170][ T9460] netlink: 'syz.1.1527': attribute type 2 has an invalid length.
[  116.396649][ T9460] netlink: 'syz.1.1527': attribute type 1 has an invalid length.
[  116.454516][ T9468] netlink: 1 bytes leftover after parsing attributes in process `syz.1.1531'.
[  117.318090][ T9498] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1545'.
[  117.437237][ T9508] tipc: Enabled bearer <eth:vlan0>, priority 18
[  117.612690][ T9522] netlink: 'syz.1.1557': attribute type 1 has an invalid length.
[  117.621869][ T9522] netlink: 'syz.1.1557': attribute type 4 has an invalid length.
[  117.624972][ T9522] netlink: 9491 bytes leftover after parsing attributes in process `syz.1.1557'.
[  117.842132][ T9545] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1568'.
[  117.983831][ T9565] (unnamed net_device) (uninitialized): peer notification delay (9) is not a multiple of miimon (100), value rounded to 0 ms
[  117.987978][ T9565] (unnamed net_device) (uninitialized): option use_carrier: invalid value (5)
[  118.006814][ T9571] netlink: 'syz.2.1574': attribute type 11 has an invalid length.
[  118.437376][ T9615] TCP: TCP_TX_DELAY enabled
[  118.556960][    C1] Unknown status report in ack skb
[  118.713041][ T9651] netlink: 'syz.0.1603': attribute type 11 has an invalid length.
[  118.716490][ T9651] netlink: 'syz.0.1603': attribute type 11 has an invalid length.
[  118.954749][ T9680] (unnamed net_device) (uninitialized): up delay (1024) is not a multiple of miimon (100), value rounded to 1000 ms
[  118.958795][ T9680] (unnamed net_device) (uninitialized): down delay (4) is not a multiple of miimon (100), value rounded to 0 ms
[  119.726407][ T9760] netlink: 'syz.2.1645': attribute type 15 has an invalid length.
[  122.036418][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  122.039715][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  122.042960][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  122.046624][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  122.049404][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  122.073680][ T9853] lo speed is unknown, defaulting to 1000
[  122.209848][ T9853] chnl_net:caif_netlink_parms(): no params data found
[  122.264269][ T9853] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.266806][ T9853] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.269130][ T9853] bridge_slave_0: entered allmulticast mode
[  122.272512][ T9853] bridge_slave_0: entered promiscuous mode
[  122.276171][ T9853] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.278741][ T9853] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.283341][ T9853] bridge_slave_1: entered allmulticast mode
[  122.286030][ T9853] bridge_slave_1: entered promiscuous mode
[  122.334027][ T9853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  122.339516][ T9853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  122.364896][ T9853] team0: Port device team_slave_0 added
[  122.369760][ T9853] team0: Port device team_slave_1 added
[  122.389523][ T9853] batman_adv: batadv0: Adding interface: batadv_slave_0
[  122.392151][ T9853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  122.400727][ T9853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  122.407006][ T9853] batman_adv: batadv0: Adding interface: batadv_slave_1
[  122.409312][ T9853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  122.418378][ T9853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  122.449957][ T9853] hsr_slave_0: entered promiscuous mode
[  122.454138][ T9853] hsr_slave_1: entered promiscuous mode
[  122.456295][ T9853] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  122.458698][ T9853] Cannot create hsr debugfs directory
[  122.543155][ T9853] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  122.546355][ T9853] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.596806][ T9853] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  122.599959][ T9853] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.650337][ T9853] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  122.654991][ T9853] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.715360][ T9853] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  122.718543][ T9853] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.833625][ T9853] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  122.841605][ T9853] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  122.853485][ T9853] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  122.858970][ T9853] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  122.879329][ T9853] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.881873][ T9853] bridge0: port 2(bridge_slave_1) entered forwarding state
[  122.884564][ T9853] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.886896][ T9853] bridge0: port 1(bridge_slave_0) entered forwarding state
[  122.894824][ T4812] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.898257][ T4812] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.954390][ T9853] 8021q: adding VLAN 0 to HW filter on device bond0
[  122.973177][ T9853] 8021q: adding VLAN 0 to HW filter on device team0
[  122.983684][  T137] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.986261][  T137] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.002866][  T137] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.005217][  T137] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.174551][ T9853] 8021q: adding VLAN 0 to HW filter on device batadv0
[  123.223522][ T9853] veth0_vlan: entered promiscuous mode
[  123.252290][ T9853] veth1_vlan: entered promiscuous mode
[  123.287187][ T9853] veth0_macvtap: entered promiscuous mode
[  123.297298][ T9853] veth1_macvtap: entered promiscuous mode
[  123.319438][ T9853] batman_adv: batadv0: Interface activated: batadv_slave_0
[  123.331733][ T9853] batman_adv: batadv0: Interface activated: batadv_slave_1
[  123.338585][ T9853] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.345182][ T9853] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  123.347990][ T9853] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  123.354356][ T9853] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  123.438748][ T4812] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.446145][ T4812] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.471189][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.473824][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.668034][ T9938] lo speed is unknown, defaulting to 1000
[  123.728693][ T9941] __nla_validate_parse: 3 callbacks suppressed
[  123.728710][ T9941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1717'.
[  123.741584][ T9941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1717'.
[  123.745272][ T9941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1717'.
[  123.748971][ T9941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1717'.
[  123.756375][ T9941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1717'.
[  123.759837][ T9941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1717'.
[  123.764120][ T9941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1717'.
[  123.767648][ T9941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1717'.
[  123.770649][ T9941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1717'.
[  123.776940][ T9941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1717'.
[  124.495748][ T9990] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input5
[  124.686361][ T9997] IPVS: set_ctl: invalid protocol: 29 100.1.1.0:20001
[  124.752420][ T9999] netlink: 'syz.0.1746': attribute type 39 has an invalid length.
[  125.400216][T10027] lo speed is unknown, defaulting to 1000
[  125.592053][T10027] syzkaller1: entered promiscuous mode
[  125.593903][T10027] syzkaller1: entered allmulticast mode
[  125.639208][ T5849] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.888661][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  125.893236][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  125.896821][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  125.900620][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  125.908404][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  125.933066][T10043] lo speed is unknown, defaulting to 1000
[  126.083002][T10043] chnl_net:caif_netlink_parms(): no params data found
[  126.137351][T10070] netlink: 'syz.0.1774': attribute type 2 has an invalid length.
[  126.213369][T10043] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.216215][T10043] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.221378][T10043] bridge_slave_0: entered allmulticast mode
[  126.225145][T10043] bridge_slave_0: entered promiscuous mode
[  126.230349][T10043] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.233668][T10043] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.236286][T10043] bridge_slave_1: entered allmulticast mode
[  126.238972][T10043] bridge_slave_1: entered promiscuous mode
[  126.269535][T10043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.277442][T10043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.309284][T10043] team0: Port device team_slave_0 added
[  126.319186][T10043] team0: Port device team_slave_1 added
[  126.344649][T10043] batman_adv: batadv0: Adding interface: batadv_slave_0
[  126.346984][T10043] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.355947][T10043] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  126.360616][T10043] batman_adv: batadv0: Adding interface: batadv_slave_1
[  126.367302][T10043] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.375502][T10043] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  126.415078][T10043] hsr_slave_0: entered promiscuous mode
[  126.417398][T10043] hsr_slave_1: entered promiscuous mode
[  126.419549][T10043] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  126.422402][T10043] Cannot create hsr debugfs directory
[  126.679782][T10123] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input6
[  127.167530][T10161] openvswitch: netlink: Actions may not be safe on all matching packets
[  127.246135][T10167] netlink: 'syz.0.1819': attribute type 10 has an invalid length.
[  127.263812][T10167] wlan1: mtu less than device minimum
[  127.269723][T10167] : (slave wlan1): Error -22 calling dev_set_mtu
[  127.373390][ T5849] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.446150][ T5849] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.583138][ T5849] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.766208][ T5849] bridge_slave_1: left allmulticast mode
[  127.768867][ T5849] bridge_slave_1: left promiscuous mode
[  127.782427][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.797035][ T5849] bridge_slave_0: left allmulticast mode
[  127.801733][ T5849] bridge_slave_0: left promiscuous mode
[  127.804259][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.922038][ T5837] Bluetooth: hci2: command tx timeout
[  128.143162][ T5849] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  128.147579][ T5849] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  128.153130][ T5849] bond0 (unregistering): Released all slaves
[  128.272533][T10217] lo speed is unknown, defaulting to 1000
[  128.274657][T10217] lo speed is unknown, defaulting to 1000
[  128.276946][T10217] lo speed is unknown, defaulting to 1000
[  128.292477][T10217] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  128.370136][T10217] lo speed is unknown, defaulting to 1000
[  128.382454][T10217] lo speed is unknown, defaulting to 1000
[  128.385415][T10217] lo speed is unknown, defaulting to 1000
[  128.388782][T10217] lo speed is unknown, defaulting to 1000
[  128.407321][T10217] lo speed is unknown, defaulting to 1000
[  128.414358][T10217] lo speed is unknown, defaulting to 1000
[  128.553981][ T5849] hsr_slave_0: left promiscuous mode
[  128.568675][ T5849] hsr_slave_1: left promiscuous mode
[  128.572051][ T5849] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  128.574617][ T5849] batman_adv: batadv0: Removing interface: batadv_slave_0
[  128.586568][ T5849] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  128.589687][ T5849] batman_adv: batadv0: Removing interface: batadv_slave_1
[  128.636097][ T5849] veth1_macvtap: left promiscuous mode
[  128.638800][ T5849] veth0_macvtap: left promiscuous mode
[  128.661518][ T5849] veth1_vlan: left promiscuous mode
[  128.664098][ T5849] veth0_vlan: left promiscuous mode
[  128.751482][T10246] __nla_validate_parse: 50 callbacks suppressed
[  128.751498][T10246] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1851'.
[  128.906623][T10255] netlink: 'syz.0.1855': attribute type 1 has an invalid length.
[  128.909434][T10255] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1855'.
[  128.913463][T10255] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1855'.
[  129.155646][ T5849] team0 (unregistering): Port device team_slave_1 removed
[  129.201612][ T5849] team0 (unregistering): Port device team_slave_0 removed
[  129.474402][T10043] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  129.499550][T10043] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  129.516471][T10043] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  129.525440][T10043] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  129.661035][T10278] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1863'.
[  129.689346][T10043] 8021q: adding VLAN 0 to HW filter on device bond0
[  129.706317][T10043] 8021q: adding VLAN 0 to HW filter on device team0
[  129.712930][  T137] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.715788][  T137] bridge0: port 1(bridge_slave_0) entered forwarding state
[  129.734999][  T137] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.738122][  T137] bridge0: port 2(bridge_slave_1) entered forwarding state
[  129.994226][T10043] 8021q: adding VLAN 0 to HW filter on device batadv0
[  130.001467][ T5837] Bluetooth: hci2: command tx timeout
[  130.045676][T10043] veth0_vlan: entered promiscuous mode
[  130.059497][T10043] veth1_vlan: entered promiscuous mode
[  130.093103][T10043] veth0_macvtap: entered promiscuous mode
[  130.099965][T10296] lo speed is unknown, defaulting to 1000
[  130.100419][T10043] veth1_macvtap: entered promiscuous mode
[  130.106756][T10296] lo speed is unknown, defaulting to 1000
[  130.125751][T10043] batman_adv: batadv0: Interface activated: batadv_slave_0
[  130.138018][T10043] batman_adv: batadv0: Interface activated: batadv_slave_1
[  130.158787][T10043] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  130.161898][T10043] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  130.164762][T10043] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  130.167722][T10043] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  130.219422][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.222272][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.246077][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.249049][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.434681][T10127] ==================================================================
[  130.437324][T10127] BUG: KASAN: slab-use-after-free in __mutex_lock+0x738/0xe80
[  130.439774][T10127] Read of size 8 at addr ffff88801ea280a0 by task khidpd_15c25886/10127
[  130.443612][T10127] 
[  130.444471][T10127] CPU: 1 UID: 0 PID: 10127 Comm: khidpd_15c25886 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  130.444481][T10127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  130.444486][T10127] Call Trace:
[  130.444490][T10127]  <TASK>
[  130.444494][T10127]  dump_stack_lvl+0x189/0x250
[  130.444507][T10127]  ? __virt_addr_valid+0x1c8/0x5c0
[  130.444518][T10127]  ? rcu_is_watching+0x15/0xb0
[  130.444527][T10127]  ? __kasan_check_byte+0x12/0x40
[  130.444537][T10127]  ? __pfx_dump_stack_lvl+0x10/0x10
[  130.444545][T10127]  ? rcu_is_watching+0x15/0xb0
[  130.444553][T10127]  ? lock_release+0x4b/0x3e0
[  130.444561][T10127]  ? __virt_addr_valid+0x1c8/0x5c0
[  130.444570][T10127]  ? __virt_addr_valid+0x4a5/0x5c0
[  130.444578][T10127]  print_report+0xd2/0x2b0
[  130.444585][T10127]  ? __mutex_lock+0x738/0xe80
[  130.444593][T10127]  kasan_report+0x118/0x150
[  130.444602][T10127]  ? __mutex_lock+0x738/0xe80
[  130.444609][T10127]  __mutex_lock+0x738/0xe80
[  130.444616][T10127]  ? __mutex_lock+0x51b/0xe80
[  130.444623][T10127]  ? l2cap_unregister_user+0x6a/0x1b0
[  130.444632][T10127]  ? __pfx___mutex_lock+0x10/0x10
[  130.444640][T10127]  ? __pfx___timer_delete_sync+0x10/0x10
[  130.444652][T10127]  l2cap_unregister_user+0x6a/0x1b0
[  130.444659][T10127]  hidp_session_thread+0x3c9/0x410
[  130.444670][T10127]  ? __pfx_hidp_session_thread+0x10/0x10
[  130.444676][T10127]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  130.444687][T10127]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  130.444695][T10127]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  130.444702][T10127]  ? __kthread_parkme+0x7b/0x200
[  130.444711][T10127]  ? __kthread_parkme+0x1a1/0x200
[  130.444720][T10127]  kthread+0x711/0x8a0
[  130.444729][T10127]  ? __pfx_hidp_session_thread+0x10/0x10
[  130.444736][T10127]  ? __pfx_kthread+0x10/0x10
[  130.444745][T10127]  ? _raw_spin_unlock_irq+0x23/0x50
[  130.444754][T10127]  ? lockdep_hardirqs_on+0x9c/0x150
[  130.444761][T10127]  ? __pfx_kthread+0x10/0x10
[  130.444770][T10127]  ret_from_fork+0x3fc/0x770
[  130.444778][T10127]  ? __pfx_ret_from_fork+0x10/0x10
[  130.444786][T10127]  ? __switch_to_asm+0x39/0x70
[  130.444795][T10127]  ? __switch_to_asm+0x33/0x70
[  130.444826][T10127]  ? __pfx_kthread+0x10/0x10
[  130.444836][T10127]  ret_from_fork_asm+0x1a/0x30
[  130.444848][T10127]  </TASK>
[  130.444851][T10127] 
[  130.524872][T10127] Allocated by task 10043:
[  130.526373][T10127]  kasan_save_track+0x3e/0x80
[  130.527987][T10127]  __kasan_kmalloc+0x93/0xb0
[  130.529498][T10127]  __kmalloc_noprof+0x27a/0x4f0
[  130.531436][T10127]  hci_alloc_dev_priv+0x28/0x2040
[  130.533238][T10127]  vhci_create_device+0x120/0x6e0
[  130.534868][T10127]  vhci_write+0x3ce/0x4a0
[  130.536274][T10127]  vfs_write+0x54b/0xa90
[  130.537672][T10127]  ksys_write+0x145/0x250
[  130.539067][T10127]  do_syscall_64+0xfa/0x3b0
[  130.540540][T10127]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.542432][T10127] 
[  130.543307][T10127] Freed by task 10043:
[  130.544832][T10127]  kasan_save_track+0x3e/0x80
[  130.546519][T10127]  kasan_save_free_info+0x46/0x50
[  130.548353][T10127]  __kasan_slab_free+0x62/0x70
[  130.550011][T10127]  kfree+0x18e/0x440
[  130.551316][T10127]  bt_host_release+0x82/0x90
[  130.552917][T10127]  device_release+0x9c/0x1c0
[  130.554550][T10127]  kobject_put+0x22b/0x480
[  130.556206][T10127]  vhci_release+0x88/0xd0
[  130.557963][T10127]  __fput+0x44c/0xa70
[  130.559532][T10127]  task_work_run+0x1d4/0x260
[  130.561392][T10127]  do_exit+0x6b5/0x22e0
[  130.563082][T10127]  do_group_exit+0x21c/0x2d0
[  130.564722][T10127]  __x64_sys_exit_group+0x3f/0x40
[  130.566606][T10127]  x64_sys_call+0x21ba/0x21c0
[  130.568362][T10127]  do_syscall_64+0xfa/0x3b0
[  130.570134][T10127]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.572088][T10127] 
[  130.572921][T10127] Last potentially related work creation:
[  130.574797][T10127]  kasan_save_stack+0x3e/0x60
[  130.576434][T10127]  kasan_record_aux_stack+0xbd/0xd0
[  130.578365][T10127]  insert_work+0x3d/0x330
[  130.579914][T10127]  __queue_work+0xbd9/0xfe0
[  130.581472][T10127]  queue_work_on+0x181/0x270
[  130.583060][T10127]  process_scheduled_works+0xae1/0x17b0
[  130.585059][T10127]  worker_thread+0x8a0/0xda0
[  130.586604][T10127]  kthread+0x711/0x8a0
[  130.587932][T10127]  ret_from_fork+0x3fc/0x770
[  130.589782][T10127]  ret_from_fork_asm+0x1a/0x30
[  130.591770][T10127] 
[  130.592688][T10127] Second to last potentially related work creation:
[  130.594886][T10127]  kasan_save_stack+0x3e/0x60
[  130.596415][T10127]  kasan_record_aux_stack+0xbd/0xd0
[  130.598089][T10127]  insert_work+0x3d/0x330
[  130.599663][T10127]  __queue_work+0xcfc/0xfe0
[  130.601336][T10127]  call_timer_fn+0x17e/0x5f0
[  130.602991][T10127]  __run_timer_base+0x646/0x860
[  130.604562][T10127]  run_timer_softirq+0xb7/0x180
[  130.606485][T10127]  handle_softirqs+0x286/0x870
[  130.608205][T10127]  __irq_exit_rcu+0xca/0x1f0
[  130.609814][T10127]  irq_exit_rcu+0x9/0x30
[  130.611277][T10127]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  130.613267][T10127]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  130.615249][T10127] 
[  130.616064][T10127] The buggy address belongs to the object at ffff88801ea28000
[  130.616064][T10127]  which belongs to the cache kmalloc-8k of size 8192
[  130.620573][T10127] The buggy address is located 160 bytes inside of
[  130.620573][T10127]  freed 8192-byte region [ffff88801ea28000, ffff88801ea2a000)
[  130.625164][T10127] 
[  130.626019][T10127] The buggy address belongs to the physical page:
[  130.628105][T10127] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ea28
[  130.631128][T10127] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  130.634097][T10127] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  130.636790][T10127] page_type: f5(slab)
[  130.638414][T10127] raw: 00fff00000000040 ffff88801a442280 ffffea0004b70000 0000000000000004
[  130.641429][T10127] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  130.644239][T10127] head: 00fff00000000040 ffff88801a442280 ffffea0004b70000 0000000000000004
[  130.647360][T10127] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  130.650198][T10127] head: 00fff00000000003 ffffea00007a8a01 00000000ffffffff 00000000ffffffff
[  130.653083][T10127] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  130.655978][T10127] page dumped because: kasan: bad access detected
[  130.658392][T10127] page_owner tracks the page as allocated
[  130.660283][T10127] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9773, tgid 9769 (syz.2.1650), ts 120062339364, free_ts 119994052268
[  130.667417][T10127]  post_alloc_hook+0x240/0x2a0
[  130.669108][T10127]  get_page_from_freelist+0x21e4/0x22c0
[  130.670932][T10127]  __alloc_frozen_pages_noprof+0x181/0x370
[  130.672843][T10127]  alloc_pages_mpol+0x232/0x4a0
[  130.674607][T10127]  allocate_slab+0x8a/0x3b0
[  130.676123][T10127]  ___slab_alloc+0xbfc/0x1480
[  130.677623][T10127]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[  130.679635][T10127]  krealloc_noprof+0x124/0x340
[  130.681168][T10127]  copy_array+0x63/0xf0
[  130.682640][T10127]  copy_verifier_state+0x848/0xed0
[  130.684390][T10127]  do_check+0x4c44/0xd450
[  130.685828][T10127]  do_check_common+0x168d/0x20b0
[  130.687423][T10127]  bpf_check+0x13664/0x19c60
[  130.688939][T10127]  bpf_prog_load+0x1318/0x1930
[  130.690568][T10127]  __sys_bpf+0x5f1/0x860
[  130.692225][T10127]  __x64_sys_bpf+0x7c/0x90
[  130.693826][T10127] page last free pid 9772 tgid 9769 stack trace:
[  130.695915][T10127]  __free_frozen_pages+0xc71/0xe70
[  130.697537][T10127]  __put_partials+0x161/0x1c0
[  130.699055][T10127]  put_cpu_partial+0x17c/0x250
[  130.700645][T10127]  __slab_free+0x2f7/0x400
[  130.702086][T10127]  qlist_free_all+0x97/0x140
[  130.703567][T10127]  kasan_quarantine_reduce+0x148/0x160
[  130.705666][T10127]  __kasan_slab_alloc+0x22/0x80
[  130.707645][T10127]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  130.709476][T10127]  security_file_alloc+0x34/0x330
[  130.711136][T10127]  init_file+0x93/0x2f0
[  130.712562][T10127]  alloc_empty_file+0x6e/0x1d0
[  130.714384][T10127]  path_openat+0x107/0x3830
[  130.715895][T10127]  do_filp_open+0x1fa/0x410
[  130.717405][T10127]  do_sys_openat2+0x121/0x1c0
[  130.718986][T10127]  __x64_sys_openat+0x138/0x170
[  130.720614][T10127]  do_syscall_64+0xfa/0x3b0
[  130.722145][T10127] 
[  130.722937][T10127] Memory state around the buggy address:
[  130.724757][T10127]  ffff88801ea27f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  130.727340][T10127]  ffff88801ea28000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  130.730082][T10127] >ffff88801ea28080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  130.732636][T10127]                                ^
[  130.734346][T10127]  ffff88801ea28100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  130.736975][T10127]  ffff88801ea28180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  130.739750][T10127] ==================================================================
[  130.743507][T10127] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  130.745966][T10127] CPU: 1 UID: 0 PID: 10127 Comm: khidpd_15c25886 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  130.750233][T10127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  130.753514][T10127] Call Trace:
[  130.754830][T10127]  <TASK>
[  130.755920][T10127]  dump_stack_lvl+0x99/0x250
[  130.757466][T10127]  ? __asan_memcpy+0x40/0x70
[  130.759036][T10127]  ? __pfx_dump_stack_lvl+0x10/0x10
[  130.760781][T10127]  ? __pfx__printk+0x10/0x10
[  130.762410][T10127]  panic+0x2db/0x790
[  130.763759][T10127]  ? __pfx_panic+0x10/0x10
[  130.765526][T10127]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  130.767493][T10127]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  130.769452][T10127]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  130.771538][T10127]  ? print_memory_metadata+0x314/0x400
[  130.773356][T10127]  ? __mutex_lock+0x738/0xe80
[  130.775086][T10127]  check_panic_on_warn+0x89/0xb0
[  130.776790][T10127]  ? __mutex_lock+0x738/0xe80
[  130.778367][T10127]  end_report+0x78/0x160
[  130.779824][T10127]  kasan_report+0x129/0x150
[  130.781310][T10127]  ? __mutex_lock+0x738/0xe80
[  130.782832][T10127]  __mutex_lock+0x738/0xe80
[  130.784413][T10127]  ? __mutex_lock+0x51b/0xe80
[  130.785992][T10127]  ? l2cap_unregister_user+0x6a/0x1b0
[  130.787765][T10127]  ? __pfx___mutex_lock+0x10/0x10
[  130.789454][T10127]  ? __pfx___timer_delete_sync+0x10/0x10
[  130.791317][T10127]  l2cap_unregister_user+0x6a/0x1b0
[  130.793053][T10127]  hidp_session_thread+0x3c9/0x410
[  130.794771][T10127]  ? __pfx_hidp_session_thread+0x10/0x10
[  130.796577][T10127]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  130.798473][T10127]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  130.800554][T10127]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  130.802633][T10127]  ? __kthread_parkme+0x7b/0x200
[  130.804290][T10127]  ? __kthread_parkme+0x1a1/0x200
[  130.806072][T10127]  kthread+0x711/0x8a0
[  130.807380][T10127]  ? __pfx_hidp_session_thread+0x10/0x10
[  130.809187][T10127]  ? __pfx_kthread+0x10/0x10
[  130.810693][T10127]  ? _raw_spin_unlock_irq+0x23/0x50
[  130.812470][T10127]  ? lockdep_hardirqs_on+0x9c/0x150
[  130.814117][T10127]  ? __pfx_kthread+0x10/0x10
[  130.815596][T10127]  ret_from_fork+0x3fc/0x770
[  130.817146][T10127]  ? __pfx_ret_from_fork+0x10/0x10
[  130.819076][T10127]  ? __switch_to_asm+0x39/0x70
[  130.820991][T10127]  ? __switch_to_asm+0x33/0x70
[  130.822597][T10127]  ? __pfx_kthread+0x10/0x10
[  130.824148][T10127]  ret_from_fork_asm+0x1a/0x30
[  130.825848][T10127]  </TASK>
[  130.827551][T10127] Kernel Offset: disabled
[  130.828976][T10127] Rebooting in 86400 seconds..

VM DIAGNOSIS:
06:39:30  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff8211b96e RBX=ffffea0004ffa2c0 RCX=ffff8880347ed640 RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000000 RBP=dffffc0000000000 RSP=ffffc90002a9f900
R8 =ffffea0004ffa2f3 R9 =1ffffd40009ff45e R10=dffffc0000000000 R11=fffff940009ff45f
R12=1ffffd40009ff459 R13=ffffea0004ffa2c8 R14=ffffea0004ffa288 R15=0000000000000000
RIP=ffffffff81c063cf RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f3851950200 CR3=0000000035722000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffff000000 0000000000000000
XMM02=ffffffffffffffff ffffffffffffffff XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002b3f370
R8 =ffff888021798237 R9 =1ffff110042f3046 R10=dffffc0000000000 R11=ffffffff85475610
R12=dffffc0000000000 R13=ffffffff99af7902 R14=ffffffff99dfc760 R15=0000000000000000
RIP=ffffffff8547568c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f009d6e56c0 CR3=0000000110d6c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f009ca11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
