last executing test programs:
3.931648693s ago: executing program 0 (id=1):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
socketpair$auto(0xfffffffe, 0x1, 0x4, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
fsopen$auto(&(0x7f0000000000)='nlctrl\x00', 0x3)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/neigh/bridge0/retrans_time\x00', 0x101000, 0x0)
read$auto(r1, 0x0, 0x1ff)
ioctl$auto_DMA_HEAP_IOCTL_ALLOC(r0, 0xc0184800, 0x0)
3.167337371s ago: executing program 2 (id=3):
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio1\x00', 0x101000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
rename$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00')
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
socket(0x2a, 0x2, 0x0)
socket(0x23, 0x80805, 0x0)
r0 = memfd_secret$auto(0x0)
r1 = getpgid(0x0)
r2 = fcntl$auto(0x0, 0x404, 0x8001)
pidfd_open$auto(r1, 0x0)
socket(0x2b, 0x1, 0x1)
r3 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x60000, 0x0)
poll$auto(&(0x7f0000000080)={r3, 0x800}, 0x7, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r4 = bpf$auto(0x7, 0x0, 0x0)
mmap$auto(0x1000, 0x400005, 0xdc, 0x9b72, 0x2, 0x8000)
madvise$auto(0x20c2, 0xd, 0x400018)
mseal$auto(0x0, 0xc1, 0x0)
mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000)
ioctl$auto_COMEDI_SETWSUBD(r0, 0x6411, 0x0)
r5 = socket(0x11, 0x2, 0x4)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
sendmsg$auto_NL802154_CMD_GET_INTERFACE(r5, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040}, 0x20004010)
mremap$auto(0xe21a, 0x4, 0x100, 0x7, 0x80000000)
syz_genetlink_get_family_id$auto_handshake(0xffffffffffffffff, r2)
read$auto_proc_pid_set_comm_operations_base(r4, &(0x7f0000000140)=""/63, 0x3f)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff)
3.105006709s ago: executing program 1 (id=2):
socket(0x2, 0x6, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1b004d"], 0x1ac}, 0x1, 0x0, 0x0, 0x4048811}, 0x40000) (async)
ioperm$auto(0xa, 0x7, 0x2) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
socket(0x2, 0x1, 0x0) (async, rerun: 32)
timerfd_create$auto(0x1, 0x0) (rerun: 32)
timerfd_gettime$auto(0x6, &(0x7f0000000200)={{0xfffffffffffffff9, 0x8000}, {0x81, 0x5}}) (async)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) (async)
r0 = socket(0x10, 0x3, 0x6) (async)
socket(0x6, 0x6, 0x6)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x50) (async)
close_range$auto(0x2, 0xa, 0x0) (async)
bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) (async)
socket(0xa, 0x2, 0x88) (async)
mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000)
setsockopt$auto(0x3, 0x0, 0x33, 0x0, 0x28) (async, rerun: 64)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (rerun: 64)
r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/meminfo\x00', 0x0, 0x0) (async, rerun: 32)
r2 = socket(0x18, 0x5, 0x2) (async, rerun: 32)
prctl$auto(0x4, 0x1, 0x3ff, 0x8000000000000001, 0x9) (async)
r3 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x28240, 0x0)
r4 = syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000080), r3) (async)
r5 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r5, 0x29, 0x14, 0x0, 0x56b)
sendmsg$auto_NLBL_UNLABEL_C_ACCEPT(r5, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="c4020000", @ANYRES16=r4, @ANYBLOB="02002cbd7000ffdbdf250100000008000400ac1e00011400020020010000000000000000000000000002bf00070028825bcf319cee2ef4e18e5cf63c69c134cccab297cf2ccb6f7768d03c3f024eb890d0477a3bc8f843aa65c9f1d3ba6e708941270215dd5d4d519ef4876d82f779eded0cb82afb1e0f4c6d5229ce08ad1296c01ac1ec69484defffdae0c181c0dfc89589a7db841e8b99c11aee78bd503e576f171b9e95561352f8d167a723b7d202801d2173648e577f6fe36077f71d26a13412f149998200dca3a565cfc7cb811cb4b1b3b82559b8bc65904ece8e7a7ca820051900140006007665746830000000000000000000000014000300fc00000000000000000000000000000014000300ff01000000000000000000000000000114000300fe8000000000000000000000000000bb140006006d616376746170300000000000000000d90007005794ec5748ae491281f1dfea0500d84561288e880bccaf4deb609450af1dea5cc4a72a66ddff5390a3738e90d83290aaa9a93ca3a71abcf656586e8c5590b705f359cb0f146bb47f4b524b5b9699170b4429a7df526eb6ca55c48161371ec540bebf7c716fd1375a10a248032addb5f2463821ff172de093630860b5dd8758681ec07ff537aa336e46408fb8756c4f32e9c6cc086f903fb0ca22f47f7297b9ccd39130cc7e644d8b15b0c42df4fbffe75cf54dd96085e6e8708ed2d19dfdde2a37b2b7b1adc260a54da193106566c8b900000014000300fc02000000000000000000000000000008000400e0000001780007006f9bdadf3c9efb02f1cdb94a38ed7b1565983676953f4a65fe2f847f3cd72c7f7d17d78b69d47bedcc49858cbb3f8f32783ed0732e30187b4a9007598b87f27fd8f79470f68559d57ccd578d485d4839989de4a413e4f48bd1131f6cad3caaf4ab9b30f32d000b4634ffe31d58dc26013525388c40ea11b6bebea3d75ec870f395c5bc359fdc883d9e304e6302b8b532f8211cf1896be24b6ec30dbb1407f6eea890cf9e1e88ea271a057002001913692e9d09f67e047770d598a1d79c778ec89f3bd5bd4a0c7a7f70b681ee51ea11866a8491cb0d57d25406bbbeb3c618ce6f4c0279e69e75f54e110eb5e811aaeed93741f6000000000000000000000000ee9e8707ce182562aab46bf05b29c06762520c86dde7843a7e4d0580b311af8bbfb29a34c58aa7b0be2c2cb592b02e0ab2b84c53738ec6886397d7ae5c77bd18d9bcd192620b625d4b73444b4be2ac269c48646273a2a78ac7e8e5f6fc11063da8dfcea6da2cbaa882c644e733d1dd0f859a72644740c199d21d84f2"], 0x2c4}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) (async, rerun: 32)
sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="01002abd7000fedbdf25030000001400060073797a6b616c6c6572300000000000001400030000000000000000000000000000000000080005007f0000011400060076657468315f6d6163767461700000001400020000000000000000000000ffffac"], 0x6c}, 0x1, 0x0, 0x0, 0x4044800}, 0x4) (async, rerun: 32)
sendmsg$auto_NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000940)={0x80, r4, 0x800, 0x70bd28, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @empty}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x1f}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'erspan0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x1b}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1_macvtap\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private2}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x9}]}, 0x80}, 0x1, 0x0, 0x0, 0x4008010}, 0x20048095) (async)
pread64$auto(r1, 0x0, 0x23, 0x100000001)
r6 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000100)=""/129, 0x81)
2.761907968s ago: executing program 1 (id=5):
syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000640), 0xffffffffffffffff)
lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x3f, 0x100000001, 0xffffffff, 0x0, 0x0, 0x0, 0x1000000006, 0x6, 0x7, 0x400, 0xc53d, 0x5, 0xffffffff80000000, 0x1, 0x61, 0x103})
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
unshare$auto(0x40000080)
mknod$auto(0x0, 0xc9, 0xc8)
add_key$auto(0x0, 0x0, 0x0, 0x6, 0x100)
add_key$auto(&(0x7f0000000000)='\x00', &(0x7f0000000040)='\x00', &(0x7f0000000080)="883d1f774c71c98a08432ff91fd0876d2462557d7993eb51e9889e74abd940a30130fa", 0x10, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
2.705594665s ago: executing program 3 (id=4):
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
setpriority$auto(0x2, 0x0, 0x5)
semctl$auto(0x1ff, 0x2, 0x13, 0x4)
bpf$auto(0x11, 0xfffffffffffffffc, 0x0)
read$auto(0x3, 0x0, 0x80)
mmap$auto(0x80000000000, 0x400008, 0xe0, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0)
ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x936, 0x0, 0x50b301a, 0x2c, 0x2c, 0x0, 0x2})
mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x9, 0x11, 0xffffffffffffffff, 0x0)
move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2)
ioperm$auto(0x7, 0x6, 0x3)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
read$auto(0x3, 0x0, 0x7ffffffff000)
2.399268012s ago: executing program 3 (id=6):
socket(0x2, 0x2, 0x1) (async)
sendto$auto(0x3, 0x0, 0xf, 0xe, 0x0, 0x19)
mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) (async)
bind$auto(0x3, 0x0, 0x68) (async, rerun: 64)
pipe2$auto(0xfffffffffffffffd, 0x4080) (rerun: 64)
r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0)
mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x9, 0x11, r0, 0x0)
r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fb0\x00', 0x0, 0x0)
mmap$auto_fb_fops_fb_chrdev(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x7, 0x12, r1, 0x80000000000000) (async, rerun: 64)
io_uring_enter$auto(r1, 0xffffffc0, 0x1, 0x5, &(0x7f0000000000)="0eb00796dea9b0b4ca2dac676ae7f69ee8c8e7e947623eb5ed1fb4b1458af8c9cae046ccc80994d52659ad7a931e238dbb79c7b41f5be087cbd9", 0xbe3) (rerun: 64)
2.169944847s ago: executing program 3 (id=7):
r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0)
mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x9, 0x11, r0, 0x0) (fail_nth: 13)
1.940345831s ago: executing program 0 (id=8):
futex_waitv$auto(0x0, 0x2fbe, 0x6a, 0x0, 0x80000001)
shmat$auto(0x0, &(0x7f0000000000), 0xfffffffe)
r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0)
r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_FRAME(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000004280)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010025bd7002fbdbdf25020000000a000100560b557986750000"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x9, 0x11, r0, 0x0)
1.786695772s ago: executing program 3 (id=9):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
socketpair$auto(0xfffffffe, 0x1, 0x4, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
fsopen$auto(&(0x7f0000000000)='nlctrl\x00', 0x3)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/neigh/bridge0/retrans_time\x00', 0x101000, 0x0)
read$auto(r1, 0x0, 0x1ff)
ioctl$auto_DMA_HEAP_IOCTL_ALLOC(r0, 0xc0184800, 0x0)
1.678900003s ago: executing program 0 (id=10):
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
setpriority$auto(0x2, 0x0, 0x5)
semctl$auto(0x1ff, 0x2, 0x13, 0x4)
bpf$auto(0x11, 0xfffffffffffffffc, 0x0)
read$auto(0x3, 0x0, 0x80)
mmap$auto(0x80000000000, 0x400008, 0xe0, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0)
ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x936, 0x0, 0x50b301a, 0x2c, 0x2c, 0x0, 0x2})
mmap$auto(0x0, 0x1, 0xe1, 0x9b75, 0x800, 0x28000)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0)
move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2)
ioperm$auto(0x7, 0x6, 0x3)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
read$auto(0x3, 0x0, 0x7ffffffff000)
1.581021319s ago: executing program 2 (id=11):
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/rcutree/parameters/qovld\x00', 0x800, 0x0)
read$auto_mousedev_fops_mousedev(0xffffffffffffffff, 0x0, 0x0)
setsockopt$auto(0xffffffffffffffff, 0x1, 0x10, &(0x7f0000000040)='\x00\x15\x8d\xca`\xbcgY\xd2w\xf6\xaedN\xfb\xc2_\xf54\xb4z\n*\xaaL\'\xab>q\x9e\xdd`\x84_\r\xc2\x17\xb1\xaf\xd2\f\xfd[Iy\xbb*$\xec\xca\x8b\xde\xdcV@\x04+\x00'/82, 0xba)
close_range$auto(0x2, 0x8, 0x0)
process_vm_readv$auto(0xbd4, &(0x7f0000000040)={0x0}, 0x3ff, 0x0, 0x46, 0x0)
r0 = socket(0x10, 0x2, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x7, 0x940, 0x1ffde, 0x3, 0x6, 0x3, 0x9, 0x5, 0x2, 0x7, 0xb1, 0x23, 0x2, 0x1, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7]}, 0x1fe, 0x81)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_GET_REG(r1, 0x0, 0x46004)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
r2 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x40001, 0x0)
write$auto_kmsg_fops_printk(r2, &(0x7f0000000040)='<', 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tracing_stats_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu0/stats\x00', 0xa00, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
mmap$auto(0x0, 0x9a, 0x4, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
clone$auto(0x6, 0x401, 0xffffffffffffffff, 0xfffffffffffffffc, 0xa31b)
socket(0x10, 0x2, 0x4)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_OVS_VPORT_CMD_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000", @ANYBLOB="52dc12bc30b561ea90d49e6faf0c073366e6641b99f5fc6adae02bb31b1193319cec6ff3d4f9e55809495a9ab80139b6c7d8", @ANYBLOB="08cbaa14478cd0e5c340e5d2789a7873"], 0x14}, 0x1, 0x0, 0x0, 0x44001}, 0x20004001)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4004)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x8)
mlock$auto(0x81, 0xffff)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000380), 0xffffffffffffffff)
1.423700581s ago: executing program 3 (id=12):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000)
select$auto(0x6d0c, 0x0, 0x0, 0x0, 0x0)
socket(0xa, 0x2, 0x73)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
sendto$auto(0x3, 0x0, 0x5, 0xfffffffc, &(0x7f00000001c0), 0x19)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000dc0)='/sys/kernel/mm/ksm/merge_across_nodes\x00', 0x2000, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000e00)=""/217, 0xd9)
connect$auto(0xffffffffffffffff, &(0x7f0000000000)=@vsock={0x28, 0x0, 0xffffffff, @host}, 0x10001)
socket(0x11, 0x80003, 0x300)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ptrace$auto(0x10, 0x10000000000001, 0xffffffffffffff56, 0x868f)
1.278464696s ago: executing program 1 (id=13):
mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000008)
mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000000)
mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000)
move_pages$auto(0x0, 0x91, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
rt_tgsigqueueinfo$auto(0x0, 0x0, 0x41, &(0x7f0000000400)={@siginfo_0_0={0x3, 0x1c51, 0x7, @_sigchld={0x0, 0xffffffffffffffff, 0x4d, 0x8, 0x9}}})
munmap$auto(0x0, 0xffffffff)
618.663786ms ago: executing program 0 (id=14):
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
setpriority$auto(0x2, 0x0, 0x5)
semctl$auto(0x1ff, 0x2, 0x13, 0x4)
bpf$auto(0x11, 0xfffffffffffffffc, 0x0)
read$auto(0x3, 0x0, 0x80)
mmap$auto(0x80000000000, 0x400008, 0xe0, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0)
ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x936, 0x0, 0x50b301a, 0x2c, 0x2c, 0x0, 0x2})
mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x9, 0x11, 0xffffffffffffffff, 0x0)
move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2)
ioperm$auto(0x7, 0x6, 0x3)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
read$auto(0x3, 0x0, 0x7ffffffff000)
501.922349ms ago: executing program 1 (id=15):
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
setpriority$auto(0x2, 0x0, 0x5)
semctl$auto(0x1ff, 0x2, 0x13, 0x4)
bpf$auto(0x11, 0xfffffffffffffffc, 0x0)
read$auto(0x3, 0x0, 0x80)
mmap$auto(0x80000000000, 0x400008, 0xe0, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0)
ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x936, 0x0, 0x50b301a, 0x2c, 0x2c, 0x0, 0x2})
mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x9, 0x11, 0xffffffffffffffff, 0x0)
move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2)
ioperm$auto(0x7, 0x6, 0x3)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
read$auto(0x3, 0x0, 0x7ffffffff000)
291.811613ms ago: executing program 3 (id=16):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
socketpair$auto(0xfffffffe, 0x1, 0x4, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
fsopen$auto(&(0x7f0000000000)='nlctrl\x00', 0x3)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/neigh/bridge0/retrans_time\x00', 0x101000, 0x0)
read$auto(r1, 0x0, 0x1ff)
ioctl$auto_DMA_HEAP_IOCTL_ALLOC(r0, 0xc0184800, 0x0)
132.348412ms ago: executing program 2 (id=17):
r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0)
mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x9, 0x11, r0, 0x800000)
0s ago: executing program 0 (id=18):
r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0)
mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x9, 0x11, r0, 0x0) (fail_nth: 14)
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.10.8' (ED25519) to the list of known hosts.
[ 84.092671][ T5822] cgroup: Unknown subsys name 'net'
[ 84.223543][ T5822] cgroup: Unknown subsys name 'cpuset'
[ 84.232709][ T5822] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 85.923851][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 87.998038][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 88.008943][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 88.018919][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 88.027598][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 88.040472][ T5833] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 88.047890][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 88.108460][ T5143] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 88.117592][ T5143] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 88.125533][ T5143] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 88.134387][ T5143] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 88.187148][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 88.195696][ T5841] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 88.203756][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 88.219606][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 88.228599][ T5844] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 88.235197][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 88.239870][ T5833] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 88.251885][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 88.262590][ T5843] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 88.271066][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 88.278292][ T5843] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 88.288513][ T5845] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 88.296623][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 88.305438][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 88.492864][ T5831] chnl_net:caif_netlink_parms(): no params data found
[ 88.650752][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[ 88.658124][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[ 88.667093][ T5831] bridge_slave_0: entered allmulticast mode
[ 88.674304][ T5831] bridge_slave_0: entered promiscuous mode
[ 88.684258][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[ 88.691617][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[ 88.699074][ T5831] bridge_slave_1: entered allmulticast mode
[ 88.705893][ T5831] bridge_slave_1: entered promiscuous mode
[ 88.785734][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 88.832007][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 88.888234][ T5831] team0: Port device team_slave_0 added
[ 88.899886][ T5831] team0: Port device team_slave_1 added
[ 88.905797][ T5838] chnl_net:caif_netlink_parms(): no params data found
[ 88.928520][ T5835] chnl_net:caif_netlink_parms(): no params data found
[ 88.953125][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 88.962280][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 88.988394][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 89.006725][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 89.013844][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.040031][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 89.056419][ T5837] chnl_net:caif_netlink_parms(): no params data found
[ 89.142827][ T5831] hsr_slave_0: entered promiscuous mode
[ 89.151207][ T5831] hsr_slave_1: entered promiscuous mode
[ 89.227209][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[ 89.234750][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[ 89.242538][ T5838] bridge_slave_0: entered allmulticast mode
[ 89.249728][ T5838] bridge_slave_0: entered promiscuous mode
[ 89.288008][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[ 89.295298][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[ 89.303000][ T5838] bridge_slave_1: entered allmulticast mode
[ 89.310244][ T5838] bridge_slave_1: entered promiscuous mode
[ 89.326779][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state
[ 89.334170][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[ 89.341552][ T5835] bridge_slave_0: entered allmulticast mode
[ 89.348489][ T5835] bridge_slave_0: entered promiscuous mode
[ 89.386809][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[ 89.394897][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[ 89.402530][ T5835] bridge_slave_1: entered allmulticast mode
[ 89.410260][ T5835] bridge_slave_1: entered promiscuous mode
[ 89.433127][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state
[ 89.440479][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state
[ 89.447661][ T5837] bridge_slave_0: entered allmulticast mode
[ 89.455045][ T5837] bridge_slave_0: entered promiscuous mode
[ 89.486824][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 89.498543][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 89.516390][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state
[ 89.524388][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state
[ 89.531730][ T5837] bridge_slave_1: entered allmulticast mode
[ 89.538940][ T5837] bridge_slave_1: entered promiscuous mode
[ 89.556141][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 89.595468][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 89.636029][ T5838] team0: Port device team_slave_0 added
[ 89.646904][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 89.659936][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 89.686753][ T5838] team0: Port device team_slave_1 added
[ 89.745872][ T5837] team0: Port device team_slave_0 added
[ 89.755641][ T5835] team0: Port device team_slave_0 added
[ 89.768207][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 89.777629][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.804662][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 89.818516][ T5837] team0: Port device team_slave_1 added
[ 89.835374][ T5835] team0: Port device team_slave_1 added
[ 89.854826][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 89.862165][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.888242][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 89.922996][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 89.930126][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.957132][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 89.975738][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 89.982806][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 90.009431][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 90.021532][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 90.028531][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 90.058122][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 90.095502][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 90.105252][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 90.110903][ T54] Bluetooth: hci0: command tx timeout
[ 90.140529][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 90.189370][ T5838] hsr_slave_0: entered promiscuous mode
[ 90.196425][ T5838] hsr_slave_1: entered promiscuous mode
[ 90.203021][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 90.210990][ T5838] Cannot create hsr debugfs directory
[ 90.237157][ T5835] hsr_slave_0: entered promiscuous mode
[ 90.243778][ T5835] hsr_slave_1: entered promiscuous mode
[ 90.250905][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 90.258488][ T5835] Cannot create hsr debugfs directory
[ 90.309415][ T5831] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 90.339580][ T54] Bluetooth: hci2: command tx timeout
[ 90.339588][ T5143] Bluetooth: hci1: command tx timeout
[ 90.340143][ T5843] Bluetooth: hci3: command tx timeout
[ 90.366612][ T5831] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 90.381137][ T5837] hsr_slave_0: entered promiscuous mode
[ 90.387954][ T5837] hsr_slave_1: entered promiscuous mode
[ 90.395239][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 90.407043][ T5837] Cannot create hsr debugfs directory
[ 90.430607][ T5831] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 90.464889][ T5831] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 90.718346][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 90.739861][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 90.764096][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 90.805857][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 90.815160][ T5838] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 90.826744][ T5838] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 90.862551][ T5838] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 90.874457][ T5838] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 90.946257][ T5837] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 90.969734][ T5837] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 90.980308][ T5837] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 90.999572][ T5837] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 91.013734][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[ 91.097292][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[ 91.123630][ T11] bridge0: port 1(bridge_slave_0) entered blocking state
[ 91.131019][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 91.146485][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state
[ 91.153728][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 91.253673][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[ 91.278081][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[ 91.323886][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[ 91.352117][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0
[ 91.364629][ T5090] bridge0: port 1(bridge_slave_0) entered blocking state
[ 91.371858][ T5090] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 91.387138][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[ 91.417074][ T2900] bridge0: port 2(bridge_slave_1) entered blocking state
[ 91.424934][ T2900] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 91.454852][ T35] bridge0: port 1(bridge_slave_0) entered blocking state
[ 91.462091][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 91.490363][ T5837] 8021q: adding VLAN 0 to HW filter on device team0
[ 91.520415][ T35] bridge0: port 2(bridge_slave_1) entered blocking state
[ 91.527604][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 91.546850][ T35] bridge0: port 1(bridge_slave_0) entered blocking state
[ 91.554058][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 91.595293][ T35] bridge0: port 2(bridge_slave_1) entered blocking state
[ 91.602531][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 91.658797][ T5838] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 91.741787][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 91.887023][ T5831] veth0_vlan: entered promiscuous mode
[ 91.931858][ T5831] veth1_vlan: entered promiscuous mode
[ 92.013152][ T5831] veth0_macvtap: entered promiscuous mode
[ 92.027331][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 92.046913][ T5831] veth1_macvtap: entered promiscuous mode
[ 92.162949][ T5838] veth0_vlan: entered promiscuous mode
[ 92.179317][ T5843] Bluetooth: hci0: command tx timeout
[ 92.185626][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 92.203928][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 92.227967][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 92.243558][ T5838] veth1_vlan: entered promiscuous mode
[ 92.261787][ T5831] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.280599][ T5831] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.295208][ T5831] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.307092][ T5831] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.381643][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 92.420935][ T5843] Bluetooth: hci2: command tx timeout
[ 92.420956][ T54] Bluetooth: hci3: command tx timeout
[ 92.421000][ T54] Bluetooth: hci1: command tx timeout
[ 92.488551][ T5838] veth0_macvtap: entered promiscuous mode
[ 92.573996][ T5838] veth1_macvtap: entered promiscuous mode
[ 92.594898][ T5837] veth0_vlan: entered promiscuous mode
[ 92.639519][ T5837] veth1_vlan: entered promiscuous mode
[ 92.686629][ T5090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.707377][ T5090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.727754][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 92.745393][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 92.770381][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 92.826389][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.827826][ T5837] veth0_macvtap: entered promiscuous mode
[ 92.846889][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.872807][ T5837] veth1_macvtap: entered promiscuous mode
[ 92.891885][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 92.919199][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 92.931123][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 92.967510][ T5835] veth0_vlan: entered promiscuous mode
[ 93.005931][ T5838] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.016484][ T5838] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.027843][ T5838] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.036896][ T5838] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.054684][ T5835] veth1_vlan: entered promiscuous mode
[ 93.080455][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 93.091482][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 93.107556][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 93.117558][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 93.128973][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 93.142528][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 93.164804][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 93.182310][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 93.195847][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 93.216208][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 93.234059][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 93.245107][ T5837] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.255353][ T5837] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.268009][ T5837] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.277811][ T5837] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.422895][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 93.446579][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 93.466960][ T5835] veth0_macvtap: entered promiscuous mode
[ 93.515892][ T5835] veth1_macvtap: entered promiscuous mode
[ 93.551830][ T1142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 93.560513][ T1142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 93.579267][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 93.587224][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 93.621556][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 93.642821][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 93.653306][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 93.665500][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 93.675771][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 93.687674][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 93.700497][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 93.738059][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 93.747523][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 93.756981][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 93.778194][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 93.805170][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 93.816944][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 93.832187][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 93.844123][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 93.863072][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 93.874330][ T5835] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.883666][ T5835] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.892673][ T5835] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.901567][ T5835] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.113703][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 94.134837][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.203880][ T5090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 94.223151][ T5090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.259460][ T54] Bluetooth: hci0: command tx timeout
[ 94.503078][ T54] Bluetooth: hci2: command tx timeout
[ 94.503603][ T5143] Bluetooth: hci3: command tx timeout
[ 94.508561][ T54] Bluetooth: hci1: command tx timeout
[ 94.995542][ T5917] FAULT_INJECTION: forcing a failure.
[ 94.995542][ T5917] name failslab, interval 1, probability 0, space 0, times 1
[ 95.043069][ T5917] CPU: 0 UID: 0 PID: 5917 Comm: syz.3.7 Not tainted 6.13.0-rc3-syzkaller-00136-g8faabc041a00 #0
[ 95.053607][ T5917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 95.063800][ T5917] Call Trace:
[ 95.067132][ T5917]
[ 95.070157][ T5917] dump_stack_lvl+0x16c/0x1f0
[ 95.074929][ T5917] should_fail_ex+0x497/0x5b0
[ 95.079708][ T5917] ? fs_reclaim_acquire+0xae/0x150
[ 95.084907][ T5917] should_failslab+0xc2/0x120
[ 95.089684][ T5917] __kmalloc_noprof+0xce/0x4f0
[ 95.094537][ T5917] ? __rb_map_vma+0x4d8/0xae0
[ 95.099315][ T5917] __rb_map_vma+0x4d8/0xae0
[ 95.103899][ T5917] ? ring_buffer_map+0x561/0x9b0
[ 95.108903][ T5917] ? __pfx_lock_release+0x10/0x10
[ 95.114005][ T5917] ? __pfx___rb_map_vma+0x10/0x10
[ 95.119201][ T5917] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 95.125084][ T5917] ring_buffer_map+0x56e/0x9b0
[ 95.129951][ T5917] tracing_buffers_mmap+0xa6/0x120
[ 95.135154][ T5917] __mmap_region+0x1786/0x2670
[ 95.140017][ T5917] ? __pfx___mmap_region+0x10/0x10
[ 95.145211][ T5917] ? hlock_class+0x4e/0x130
[ 95.149788][ T5917] ? mark_lock+0xb5/0xc60
[ 95.154291][ T5917] ? cap_mmap_addr+0x53/0x320
[ 95.159061][ T5917] mmap_region+0x127/0x320
[ 95.163562][ T5917] do_mmap+0xc00/0xfc0
[ 95.167716][ T5917] vm_mmap_pgoff+0x1ba/0x360
[ 95.172395][ T5917] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 95.177595][ T5917] ? __fget_files+0x206/0x3a0
[ 95.182358][ T5917] ksys_mmap_pgoff+0x32c/0x5c0
[ 95.187194][ T5917] ? __pfx_ksys_write+0x10/0x10
[ 95.192220][ T5917] __x64_sys_mmap+0x125/0x190
[ 95.197064][ T5917] do_syscall_64+0xcd/0x250
[ 95.201655][ T5917] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 95.207632][ T5917] RIP: 0033:0x7fd523385d29
[ 95.212304][ T5917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 95.231991][ T5917] RSP: 002b:00007fd524228038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 95.240483][ T5917] RAX: ffffffffffffffda RBX: 00007fd523575fa0 RCX: 00007fd523385d29
[ 95.248514][ T5917] RDX: 0000000000000009 RSI: 0000000000001000 RDI: 0000000020ffe000
[ 95.256548][ T5917] RBP: 00007fd524228090 R08: 0000000000000003 R09: 0000000000000000
[ 95.264580][ T5917] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000002
[ 95.272616][ T5917] R13: 0000000000000000 R14: 00007fd523575fa0 R15: 00007ffddd1b1298
[ 95.280768][ T5917]
[ 95.446158][ T5909] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5'.
[ 95.455164][ T5909] lo: entered promiscuous mode
[ 95.461975][ T5909] lo: entered allmulticast mode
[ 95.818534][ T5927] Zero length message leads to an empty skb
[ 95.863044][ T5927] <
[ 96.306728][ T5941] ptrace attach of "./syz-executor exec"[5835] was attempted by "./syz-executor exec"[5941]
[ 96.358937][ T54] Bluetooth: hci0: command tx timeout
[ 96.579431][ T54] Bluetooth: hci1: command tx timeout
[ 96.584943][ T54] Bluetooth: hci3: command tx timeout
[ 96.590455][ T5143] Bluetooth: hci2: command tx timeout
[ 97.222027][ T5951] ==================================================================
[ 97.230175][ T5951] BUG: KASAN: slab-use-after-free in __rb_map_vma+0x9ab/0xae0
[ 97.237747][ T5951] Read of size 8 at addr ffff88802c35a438 by task syz.2.17/5951
[ 97.245461][ T5951]
[ 97.247834][ T5951] CPU: 0 UID: 0 PID: 5951 Comm: syz.2.17 Not tainted 6.13.0-rc3-syzkaller-00136-g8faabc041a00 #0
[ 97.258416][ T5951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 97.268530][ T5951] Call Trace:
[ 97.271870][ T5951]
[ 97.274861][ T5951] dump_stack_lvl+0x116/0x1f0
[ 97.279636][ T5951] print_report+0xc3/0x620
[ 97.284138][ T5951] ? __virt_addr_valid+0x5e/0x590
[ 97.289244][ T5951] ? __phys_addr+0xc6/0x150
[ 97.293867][ T5951] kasan_report+0xd9/0x110
[ 97.298363][ T5951] ? __rb_map_vma+0x9ab/0xae0
[ 97.303132][ T5951] ? __rb_map_vma+0x9ab/0xae0
[ 97.307899][ T5951] __rb_map_vma+0x9ab/0xae0
[ 97.312504][ T5951] ? __pfx___rb_map_vma+0x10/0x10
[ 97.317653][ T5951] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 97.323643][ T5951] ring_buffer_map+0x56e/0x9b0
[ 97.328509][ T5951] tracing_buffers_mmap+0xa6/0x120
[ 97.333721][ T5951] __mmap_region+0x1786/0x2670
[ 97.338570][ T5951] ? __pfx___lock_acquire+0x10/0x10
[ 97.343887][ T5951] ? __pfx___mmap_region+0x10/0x10
[ 97.349135][ T5951] ? hlock_class+0x4e/0x130
[ 97.353730][ T5951] ? mark_lock+0xb5/0xc60
[ 97.358189][ T5951] ? cap_mmap_addr+0x53/0x320
[ 97.362973][ T5951] mmap_region+0x127/0x320
[ 97.367475][ T5951] do_mmap+0xc00/0xfc0
[ 97.371639][ T5951] vm_mmap_pgoff+0x1ba/0x360
[ 97.376342][ T5951] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 97.381555][ T5951] ? __fget_files+0x206/0x3a0
[ 97.386322][ T5951] ksys_mmap_pgoff+0x32c/0x5c0
[ 97.391155][ T5951] ? rcu_is_watching+0x12/0xc0
[ 97.395986][ T5951] __x64_sys_mmap+0x125/0x190
[ 97.400722][ T5951] do_syscall_64+0xcd/0x250
[ 97.401311][ T91] cfg80211: failed to load regulatory.db
[ 97.405271][ T5951] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 97.417062][ T5951] RIP: 0033:0x7f5e34b85d29
[ 97.421540][ T5951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 97.441313][ T5951] RSP: 002b:00007f5e35941038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 97.449895][ T5951] RAX: ffffffffffffffda RBX: 00007f5e34d75fa0 RCX: 00007f5e34b85d29
[ 97.457930][ T5951] RDX: 0000000000000009 RSI: 0000000000001000 RDI: 0000000020ffe000
[ 97.466224][ T5951] RBP: 00007f5e34c01aa8 R08: 0000000000000003 R09: 0000000000800000
[ 97.474275][ T5951] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[ 97.482297][ T5951] R13: 0000000000000000 R14: 00007f5e34d75fa0 R15: 00007fff544425d8
[ 97.490335][ T5951]
[ 97.493397][ T5951]
[ 97.495769][ T5951] Allocated by task 62:
[ 97.499977][ T5951] kasan_save_stack+0x33/0x60
[ 97.504720][ T5951] kasan_save_track+0x14/0x30
[ 97.509465][ T5951] __kasan_slab_alloc+0x89/0x90
[ 97.514621][ T5951] kmem_cache_alloc_noprof+0x1c8/0x3b0
[ 97.520596][ T5951] copy_process+0x3798/0x6f20
[ 97.525382][ T5951] kernel_clone+0xfd/0x960
[ 97.529878][ T5951] user_mode_thread+0xb4/0xf0
[ 97.534633][ T5951] call_usermodehelper_exec_work+0xcb/0x170
[ 97.540611][ T5951] process_one_work+0x958/0x1b30
[ 97.545620][ T5951] worker_thread+0x6c8/0xf00
[ 97.550276][ T5951] kthread+0x2c1/0x3a0
[ 97.554496][ T5951] ret_from_fork+0x45/0x80
[ 97.559004][ T5951] ret_from_fork_asm+0x1a/0x30
[ 97.563851][ T5951]
[ 97.566207][ T5951] Freed by task 1:
[ 97.569975][ T5951] kasan_save_stack+0x33/0x60
[ 97.574731][ T5951] kasan_save_track+0x14/0x30
[ 97.579477][ T5951] kasan_save_free_info+0x3b/0x60
[ 97.584578][ T5951] __kasan_slab_free+0x51/0x70
[ 97.589524][ T5951] kmem_cache_free+0x152/0x4c0
[ 97.594372][ T5951] __put_task_struct+0x2ec/0x3b0
[ 97.599391][ T5951] delayed_put_task_struct+0x119/0x2f0
[ 97.604924][ T5951] rcu_core+0x79d/0x14d0
[ 97.609237][ T5951] handle_softirqs+0x213/0x8f0
[ 97.614071][ T5951] __irq_exit_rcu+0x109/0x170
[ 97.618809][ T5951] irq_exit_rcu+0x9/0x30
[ 97.623117][ T5951] sysvec_apic_timer_interrupt+0xa4/0xc0
[ 97.628831][ T5951] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 97.634883][ T5951]
[ 97.637238][ T5951] The buggy address belongs to the object at ffff88802c35a1c0
[ 97.637238][ T5951] which belongs to the cache signal_cache of size 1544
[ 97.651537][ T5951] The buggy address is located 632 bytes inside of
[ 97.651537][ T5951] freed 1544-byte region [ffff88802c35a1c0, ffff88802c35a7c8)
[ 97.665483][ T5951]
[ 97.667961][ T5951] The buggy address belongs to the physical page:
[ 97.674436][ T5951] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802c35f2c0 pfn:0x2c358
[ 97.684566][ T5951] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 97.693112][ T5951] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[ 97.701680][ T5951] page_type: f5(slab)
[ 97.705735][ T5951] raw: 00fff00000000240 ffff88801bafe780 ffffea0000bae410 ffffea0000b2c010
[ 97.715094][ T5951] raw: ffff88802c35f2c0 0000000000120003 00000001f5000000 0000000000000000
[ 97.723748][ T5951] head: 00fff00000000240 ffff88801bafe780 ffffea0000bae410 ffffea0000b2c010
[ 97.732919][ T5951] head: ffff88802c35f2c0 0000000000120003 00000001f5000000 0000000000000000
[ 97.741653][ T5951] head: 00fff00000000003 ffffea0000b0d601 ffffffffffffffff 0000000000000000
[ 97.750491][ T5951] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 97.759299][ T5951] page dumped because: kasan: bad access detected
[ 97.765767][ T5951] page_owner tracks the page as allocated
[ 97.771539][ T5951] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 62, tgid 62 (kworker/u8:4), ts 24611458534, free_ts 0
[ 97.791858][ T5951] post_alloc_hook+0x2d1/0x350
[ 97.796722][ T5951] get_page_from_freelist+0xfce/0x2f80
[ 97.802261][ T5951] __alloc_pages_noprof+0x223/0x25b0
[ 97.807715][ T5951] alloc_pages_mpol_noprof+0x2c9/0x610
[ 97.813260][ T5951] new_slab+0x2c9/0x410
[ 97.817575][ T5951] ___slab_alloc+0xce2/0x1650
[ 97.822335][ T5951] __slab_alloc.constprop.0+0x56/0xb0
[ 97.827798][ T5951] kmem_cache_alloc_noprof+0xeb/0x3b0
[ 97.833285][ T5951] copy_process+0x3798/0x6f20
[ 97.838034][ T5951] kernel_clone+0xfd/0x960
[ 97.842525][ T5951] user_mode_thread+0xb4/0xf0
[ 97.847265][ T5951] call_usermodehelper_exec_work+0xcb/0x170
[ 97.853248][ T5951] process_one_work+0x958/0x1b30
[ 97.858421][ T5951] worker_thread+0x6c8/0xf00
[ 97.863087][ T5951] kthread+0x2c1/0x3a0
[ 97.867231][ T5951] ret_from_fork+0x45/0x80
[ 97.871700][ T5951] page_owner free stack trace missing
[ 97.877107][ T5951]
[ 97.879510][ T5951] Memory state around the buggy address:
[ 97.885188][ T5951] ffff88802c35a300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 97.893300][ T5951] ffff88802c35a380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 97.901435][ T5951] >ffff88802c35a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 97.909639][ T5951] ^
[ 97.915594][ T5951] ffff88802c35a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 97.923718][ T5951] ffff88802c35a500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 97.931918][ T5951] ==================================================================
[ 97.984775][ T5951] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 97.992059][ T5951] CPU: 0 UID: 0 PID: 5951 Comm: syz.2.17 Not tainted 6.13.0-rc3-syzkaller-00136-g8faabc041a00 #0
[ 98.002712][ T5951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 98.012824][ T5951] Call Trace:
[ 98.016150][ T5951]
[ 98.019130][ T5951] dump_stack_lvl+0x3d/0x1f0
[ 98.023789][ T5951] panic+0x71d/0x800
[ 98.027759][ T5951] ? __pfx_panic+0x10/0x10
[ 98.032248][ T5951] ? irqentry_exit+0x3b/0x90
[ 98.036923][ T5951] ? lockdep_hardirqs_on+0x7c/0x110
[ 98.042192][ T5951] ? preempt_schedule_thunk+0x1a/0x30
[ 98.047615][ T5951] ? preempt_schedule_common+0x44/0xc0
[ 98.053141][ T5951] check_panic_on_warn+0xab/0xb0
[ 98.058151][ T5951] end_report+0x117/0x180
[ 98.062561][ T5951] kasan_report+0xe9/0x110
[ 98.067050][ T5951] ? __rb_map_vma+0x9ab/0xae0
[ 98.071801][ T5951] ? __rb_map_vma+0x9ab/0xae0
[ 98.076735][ T5951] __rb_map_vma+0x9ab/0xae0
[ 98.081347][ T5951] ? __pfx___rb_map_vma+0x10/0x10
[ 98.086920][ T5951] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 98.092804][ T5951] ring_buffer_map+0x56e/0x9b0
[ 98.097641][ T5951] tracing_buffers_mmap+0xa6/0x120
[ 98.103018][ T5951] __mmap_region+0x1786/0x2670
[ 98.107922][ T5951] ? __pfx___lock_acquire+0x10/0x10
[ 98.113168][ T5951] ? __pfx___mmap_region+0x10/0x10
[ 98.118351][ T5951] ? hlock_class+0x4e/0x130
[ 98.123006][ T5951] ? mark_lock+0xb5/0xc60
[ 98.127420][ T5951] ? cap_mmap_addr+0x53/0x320
[ 98.132145][ T5951] mmap_region+0x127/0x320
[ 98.136602][ T5951] do_mmap+0xc00/0xfc0
[ 98.140719][ T5951] vm_mmap_pgoff+0x1ba/0x360
[ 98.145397][ T5951] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 98.150560][ T5951] ? __fget_files+0x206/0x3a0
[ 98.155282][ T5951] ksys_mmap_pgoff+0x32c/0x5c0
[ 98.160082][ T5951] ? rcu_is_watching+0x12/0xc0
[ 98.164891][ T5951] __x64_sys_mmap+0x125/0x190
[ 98.169616][ T5951] do_syscall_64+0xcd/0x250
[ 98.174171][ T5951] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 98.180113][ T5951] RIP: 0033:0x7f5e34b85d29
[ 98.184552][ T5951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 98.204202][ T5951] RSP: 002b:00007f5e35941038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 98.212655][ T5951] RAX: ffffffffffffffda RBX: 00007f5e34d75fa0 RCX: 00007f5e34b85d29
[ 98.220743][ T5951] RDX: 0000000000000009 RSI: 0000000000001000 RDI: 0000000020ffe000
[ 98.228758][ T5951] RBP: 00007f5e34c01aa8 R08: 0000000000000003 R09: 0000000000800000
[ 98.236763][ T5951] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[ 98.244763][ T5951] R13: 0000000000000000 R14: 00007f5e34d75fa0 R15: 00007fff544425d8
[ 98.252944][ T5951]
[ 98.256247][ T5951] Kernel Offset: disabled
[ 98.260597][ T5951] Rebooting in 86400 seconds..