last executing test programs:

17.07793955s ago: executing program 4 (id=532):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), r1)

16.232647863s ago: executing program 4 (id=536):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000380)={'erspan0\x00', <r1=>0x0, 0x1, 0x7, 0x2, 0xc, {{0x24, 0x4, 0x0, 0x10, 0x90, 0x67, 0x0, 0x1, 0x29, 0x0, @loopback, @rand_addr=0x64010101, {[@generic={0x88, 0x11, "92446eb5d45f20fb9d14e7cc01c8ae"}, @ra={0x94, 0x4}, @timestamp={0x44, 0x18, 0x99, 0x0, 0x1, [0x8, 0x2, 0x40, 0x9, 0x6238]}, @noop, @ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0xc, 0x2e, 0x0, 0x6, [0x80000001, 0x6]}, @timestamp_addr={0x44, 0x3c, 0x17, 0x1, 0x9, [{@private=0xa010102, 0x80000001}, {@empty, 0x1}, {@multicast1, 0x1}, {@private=0xa010100}, {@local, 0x2}, {@multicast1, 0xd}, {@local, 0x2}]}]}}}}})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r2}, 0x18)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000b80)={@fallback=r3, 0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)=[0x0, 0x0], &(0x7f0000000b40)=[0x0, 0x0], <r5=>0x0}, 0x40)
getsockopt$inet_mreqn(r4, 0x0, 0x20, 0x0, &(0x7f0000000c40))
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000bc0)={@ifindex, r2, 0x2d, 0x2, r2, @void, @value=r3, @void, @void, r5}, 0x20)
write$cgroup_int(r4, &(0x7f00000001c0)=0x8200000000000000, 0xfffffdef)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x14, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2fd2, 0x0, 0x0, 0x0, 0x27d}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@map_idx_val={0x18, 0x4, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0xcdce}, @alu={0x7, 0x0, 0xc, 0x3, 0xb, 0x4, 0xfffffffffffffffe}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8000}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000100)='GPL\x00', 0xffff0000, 0x0, 0x0, 0x41000, 0x40, '\x00', r1, 0x0, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000440)={0x1, 0x4, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[r0], 0x0, 0x10, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f00000000c0)='rpc_request\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x11, 0x0, 0x0, 0x0, 0x4, 0x1e, &(0x7f0000000740)=""/30, 0x41100, 0x46, '\x00', r1, 0x0, r4, 0x8, &(0x7f0000000780)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000800)={0x3, 0xc, 0x6e, 0x34}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000840)=[r0, r0], &(0x7f0000000940)=[{0x5, 0x2, 0xc, 0xa}, {0x1, 0x2, 0x202, 0xc}], 0x10, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000580)='bcache_btree_gc_coalesce\x00', r6, 0x0, 0x7}, 0x18)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x66, &(0x7f00000004c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbbbbbbbbbbbbb86dd60003a0400303afffe8000000000000000000000000000bbff020000000000000000000000000001"], 0x0)

13.181671355s ago: executing program 4 (id=543):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x5, 0x4, 0x9, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10)
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)

12.498038909s ago: executing program 1 (id=544):
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/partitions\x00', 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xfffffffe}}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)={0x2c, 0x0, 0xb, 0x5, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_COMPAT_TYPE={0x8}, @NFTA_COMPAT_NAME={0x5, 0x1, '\x00'}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x40)

12.211584151s ago: executing program 4 (id=547):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xe000, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x6, 0x101, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x1, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x9, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x0, 0x8d2, 0x9, 0x0, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x5, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x5, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ef, 0x4, 0x25], [0x20009, 0xbb33, 0x7, 0xb, 0x7, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xfbff, 0x2000a620, 0xffffffff, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0xfffffffa, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b28, 0x0)
syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)

12.149735736s ago: executing program 0 (id=548):
r0 = syz_open_procfs(0xffffffffffffffff, 0x0)
pwritev(r0, &(0x7f0000000500)=[{0x0}, {0x0}], 0x2, 0x0, 0x0)
sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x40010)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mount$9p_rdma(&(0x7f00000013c0), 0x0, 0x0, 0x800, &(0x7f0000000080)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[{@timeout}]}})
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0xc162, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f000000c3c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
capset(&(0x7f0000000080)={0x19980330}, 0x0)
write$FUSE_INIT(r1, &(0x7f00000000c0)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x7ab78c4493c52f9b}}, 0x50)
open(&(0x7f0000000000)='./file0\x00', 0x200, 0x8f)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x44040})

11.995235079s ago: executing program 1 (id=549):
socket$phonet_pipe(0x23, 0x5, 0x2)
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000200)={'geneve0\x00', &(0x7f0000000000)=@ethtool_cmd={0x25, 0x3, 0x487, 0x9, 0x0, 0x1, 0x2, 0x7, 0x3a, 0x9, 0x80000000, 0xfffffffe, 0x97be, 0x8, 0xfa, 0x8, [0x1154, 0x7]}})
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

10.57396718s ago: executing program 5 (id=551):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, r0, 0x200, 0x70bd25, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xffff0000, 0xb}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4004000}, 0xc000094)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000018c0)={{}, 0x0, &(0x7f00000006c0)='%-010d \x00'}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0x7, 0x0, &(0x7f0000000000)="40f0538ef047b2", 0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000010400"/19, @ANYBLOB="00000000000000002400128009000100626f6e"], 0x44}}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f7", 0x1}], 0x1}], 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

10.034701273s ago: executing program 4 (id=552):
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
openat$qrtrtun(0xffffff9c, &(0x7f0000000080), 0x80002)
syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r0 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x40000012})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x601, 0x1, &(0x7f0000000340)=[r1], &(0x7f0000000280)=[0x1], &(0x7f0000000200), &(0x7f0000000040), 0x0, 0x7f})

9.974616427s ago: executing program 0 (id=553):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x1000}, 0x18)
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300})

9.939418536s ago: executing program 1 (id=554):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x20)
r3 = gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000029000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$int_in(r4, 0x5452, &(0x7f0000000180)=0xffffffffffffffff)
fcntl$setsig(r4, 0xa, 0x12)
r6 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r6, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
dup2(r4, r5)
fcntl$setown(r5, 0x8, r3)
tkill(r3, 0x13)

9.928923395s ago: executing program 2 (id=556):
socket$netlink(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r0, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f00000001c0)={'filter\x00', 0x5, 0x4, 0x3f0, 0x110, 0x220, 0x110, 0x308, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe0}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @private, @broadcast}}}, {{@arp={@multicast1, @loopback, 0xffffffff, 0xffffff00, 0x6, 0xf, {@empty, {[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}}, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}, {[0xff, 0x0, 0xff, 0xff, 0xff]}}, 0x3794, 0x2a1b, 0xc6d3, 0x0, 0x3, 0x2, 'vxcan1\x00', 'vlan0\x00', {0xff}}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac, @local, @private}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffd}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000027421965fd8aa3f0ae2a73a214f2d59f77f2102a6cbc4cd3da3b3bb5abb7b9982da1e662a84de61f532b56d5c83d4fd6b96bc58208c3fcff29f8dbed777e4286f45cc571b1c2c6311561ac8ffc685cb4f7e71ec337df0d61bce49a8549419db65c02ce71fbf172ffbd4e273912c7f85abf4be4bd91806f596942ba43965c60c802d4"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000c00)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf67000000000000150002000fff52e84407000009300000d60600000ee60000bf050000000000003d63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070400000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f2686ee970d6482a2e71a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387bfa1bc9b49da28724ba9cd79fbee8f97af876d0e30c19555ffdd7d73815b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f42407107000cdc9d7820c4eb67cc0f8b5fe9258eeacb5776aebbab3d5c55020000006082778366dadfc36029633e0514cbcee1f3928970bde148c940434f33acd377cbad17673b2d30b6339255c98eba97efb4e9ac1f11be815dd6045592edcbee7f253ec74c7c1313505bd7ff8fd58b3a6569c91dbdef1df585aeaea7346a2a65caee5c85f9eddeeeee3c8a2e523c864ac430eb47cb4d0c8767b9d4125661b5a1a170c04b64da3a99ddb93bf14fae3ca2d1e882375b8dbac83978e136c34f90b33cc0eeb57debcfe26589efc08124d5d62a7e593c9738a50171adf051ea4f07e7e7e770c2016eeacbe8511afffffbea75759a1ea5404f5453c0b5c46c9700808c096cf8cf5223f341cb003841b5cd224c1b381d56afebe9f99a00e3cd94dc0bb7af9e8709db487cc4d9b3b96723d69d512ddd57b0dee9b9f6ae80a502cce352098603e75414c91fce6c86287945bd8d258442760000ff010000000000000000000000300807f2f3906c1d45d05ba9df828d35376fed399fa311ff63a34f0c0b82b4f2825e729eb9b7f4c9ab3be5bc011ff29904bbc424880247fabe7325a6e8d139e99d2b2fbf7e84fca3b21c78840b858ce900a4eb9c2b8b9b7fb664d2aeac991ca09b1afc0ef7aed4541a2f7275130a9fa3853481c81e919c000000000000000000000000b1e0e4b55e0d5d8c657b4853fc18ec43be33e5f971cceda04d95c87489910ce692ee55c536d1671bffd4c9b98efb741b13f0ab26ac191c74"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000180)={0x48})
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x2)
readv(r2, &(0x7f0000000000)=[{&(0x7f0000001300)=""/241, 0xf1}], 0x1)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)

9.727191363s ago: executing program 4 (id=557):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x40100001, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffff, 0x804, {0xac7c, 0x1, 0x3, 0x69, 0xf4b, 0x1, 0x1f, 0x5, 0x412f, 0xe154, 0x1000, 0x5, 0x6, 0x3, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}})
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
mremap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f00003eb000/0x1000)=nil)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x8800, 0x0)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x64, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x1f}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x64}, 0x1, 0x0, 0x0, 0x40001}, 0x0)

9.726577425s ago: executing program 5 (id=558):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000), 0x0)

8.738620106s ago: executing program 2 (id=559):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, 0x0, &(0x7f00000004c0))
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000040)={0x0, 0xa, 0xfff, 0x7cef, 0x20000000, 0xfffffffe}, &(0x7f0000000080)=0x14)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x4, 0x8, &(0x7f00000002c0)="0000ffff", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendto(r0, &(0x7f00000001c0)="d010f2a0932cc724af7114d8d570be057d0b21b246fa21740bcb9e70f6d8e4b9ad3089194205ac9a", 0x28, 0x4004, &(0x7f0000000540)=@sco={0x1f, @none}, 0x80)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x4c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

8.631458209s ago: executing program 0 (id=560):
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x2b0, 0xffffffff, 0xb0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x2d8, 0x2d8, 0x2d8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0xb0, 0x0, {0x100000000000000}}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x9}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @remote, 0x4ca, 0xb, [0x10, 0x2a, 0x36, 0xe, 0x7, 0xf, 0xb, 0x22, 0x39, 0x12, 0x17, 0x36, 0x6, 0xe, 0xa, 0x10], 0x0, 0xb, 0x681}}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'wlan1\x00', 'pim6reg1\x00', {0xff}}, 0x0, 0x70, 0x98}, @REJECT={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x310)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCBRDELBR(r0, 0x89a2, 0x0)
sendmsg$NL80211_CMD_GET_COALESCE(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x104, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback={0x100000000000000}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8cd1"]}]}, 0x114}], 0x1}, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_extract_tcp_res(&(0x7f0000000380)={<r3=>0x41424344}, 0x0, 0x10000)
syz_emit_ethernet(0x52, &(0x7f0000000080)={@broadcast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x1c, 0x6, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, @local, {[], {{0x0, 0x4e22, 0x41424344, r3, 0x0, 0x2, 0x7, 0x70, 0x0, 0x0, 0x0, {[@exp_smc={0xfe, 0x6}]}}}}}}}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r5, 0x6, 0x19, 0x0, 0x0)
sendmmsg$inet(r5, &(0x7f0000004980)=[{{&(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000140)=[{0x0}], 0x1}}], 0x1, 0x2000c000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
bind$inet(r5, 0x0, 0x0)
setsockopt$inet_tcp_TLS_TX(r5, 0x6, 0xc, &(0x7f0000000000)=@ccm_128={{0x304}, "9effe4ad99f7008e", "4d1a267a1d8fa8f4fd9b7eb99e785f84", "799a0e39", "a5e77b58ffac206a"}, 0x28)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x4001, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

8.377135278s ago: executing program 3 (id=561):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48)
close(0x3)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa10000000000000701"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000500000000000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x3f, 0x6, 0x42, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd66, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

8.278352566s ago: executing program 5 (id=562):
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
socket$inet(0x2, 0x3, 0x2)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="120000007d0000000800000002"], 0x48)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xfe6b)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af0ff00000000bfa20000000000000702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r2}, 0x10)
socket$packet(0x11, 0x2, 0x300)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)

8.128149722s ago: executing program 3 (id=563):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000340), &(0x7f0000000380)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000280), 0xa, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'erspan0\x00'})
sendmsg$nl_route_sched(r1, 0x0, 0x0)
fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f00000003c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008040}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x40088c0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000000000e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000067ff0000000000000005"], 0x310)

7.167242519s ago: executing program 0 (id=564):
socket$inet(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
ppoll(0x0, 0x0, &(0x7f0000000140)={0x0, 0x989680}, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x40, &(0x7f0000000000)=0x8, 0x4)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100))
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x2c, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @remote}}}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
setreuid(0x0, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000cc0)=@newtaction={0x18, 0x30, 0x30b, 0x70bd27, 0x0, {0x0, 0x0, 0x6a00}, [{0x4}]}, 0x18}}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000020000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r6, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, &(0x7f0000000040)=0xa59)

7.012785253s ago: executing program 2 (id=565):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xe000, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x6, 0x101, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x1, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x9, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x0, 0x8d2, 0x9, 0x0, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x5, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x5, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ef, 0x4, 0x25], [0x20009, 0xbb33, 0x7, 0xb, 0x7, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xfbff, 0x2000a620, 0xffffffff, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0xfffffffa, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b28, 0x0)
syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)

6.955525248s ago: executing program 3 (id=566):
socket$phonet_pipe(0x23, 0x5, 0x2)
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000200)={'geneve0\x00', &(0x7f0000000000)=@ethtool_cmd={0x25, 0x3, 0x487, 0x9, 0x0, 0x1, 0x2, 0x7, 0x3a, 0x9, 0x80000000, 0xfffffffe, 0x97be, 0x8, 0xfa, 0x8, [0x1154, 0x7]}})
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed8"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

6.911500824s ago: executing program 5 (id=567):
r0 = syz_open_procfs(0xffffffffffffffff, 0x0)
pwritev(r0, &(0x7f0000000500)=[{0x0}, {0x0}], 0x2, 0x0, 0x0)
sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x40010)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mount$9p_rdma(&(0x7f00000013c0), 0x0, 0x0, 0x800, &(0x7f0000000080)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[{@timeout}]}})
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0xc162, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f000000c3c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
capset(&(0x7f0000000080)={0x19980330}, 0x0)
write$FUSE_INIT(r1, &(0x7f00000000c0)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x7ab78c4493c52f9b}}, 0x50)
open(&(0x7f0000000000)='./file0\x00', 0x200, 0x8f)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x44040})

5.823859522s ago: executing program 1 (id=568):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), r1)

5.685089392s ago: executing program 0 (id=569):
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mount(0x0, &(0x7f0000000280)='./bus\x00', 0x0, 0x0, &(0x7f0000000300)='trans=rdma,')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)

5.206983681s ago: executing program 2 (id=570):
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
openat$qrtrtun(0xffffff9c, &(0x7f0000000080), 0x80002)
syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r0 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x40000012})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x601, 0x1, &(0x7f0000000340)=[r1], &(0x7f0000000280)=[0x1], &(0x7f0000000200), &(0x7f0000000040), 0x0, 0x7f})

4.125828692s ago: executing program 0 (id=571):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})
chmod(&(0x7f0000000180)='./file0\x00', 0x1d0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
pwritev2(r3, &(0x7f00000018c0)=[{&(0x7f0000000340)="0347445ff208aaca7baffcf27613207359cdef33524b9df55a", 0x19}], 0x1, 0xf, 0x7, 0x5)

3.727816694s ago: executing program 3 (id=572):
socket$netlink(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r0, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f00000001c0)={'filter\x00', 0x5, 0x4, 0x3f0, 0x110, 0x220, 0x110, 0x308, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe0}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @private, @broadcast}}}, {{@arp={@multicast1, @loopback, 0xffffffff, 0xffffff00, 0x6, 0xf, {@empty, {[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}}, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}, {[0xff, 0x0, 0xff, 0xff, 0xff]}}, 0x3794, 0x2a1b, 0xc6d3, 0x0, 0x3, 0x2, 'vxcan1\x00', 'vlan0\x00', {0xff}}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac, @local, @private}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffd}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000027421965fd8aa3f0ae2a73a214f2d59f77f2102a6cbc4cd3da3b3bb5abb7b9982da1e662a84de61f532b56d5c83d4fd6b96bc58208c3fcff29f8dbed777e4286f45cc571b1c2c6311561ac8ffc685cb4f7e71ec337df0d61bce49a8549419db65c02ce71fbf172ffbd4e273912c7f85abf4be4bd91806f596942ba43965c60c802d4"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000c00)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf67000000000000150002000fff52e84407000009300000d60600000ee60000bf050000000000003d63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070400000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f2686ee970d6482a2e71a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387bfa1bc9b49da28724ba9cd79fbee8f97af876d0e30c19555ffdd7d73815b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f42407107000cdc9d7820c4eb67cc0f8b5fe9258eeacb5776aebbab3d5c55020000006082778366dadfc36029633e0514cbcee1f3928970bde148c940434f33acd377cbad17673b2d30b6339255c98eba97efb4e9ac1f11be815dd6045592edcbee7f253ec74c7c1313505bd7ff8fd58b3a6569c91dbdef1df585aeaea7346a2a65caee5c85f9eddeeeee3c8a2e523c864ac430eb47cb4d0c8767b9d4125661b5a1a170c04b64da3a99ddb93bf14fae3ca2d1e882375b8dbac83978e136c34f90b33cc0eeb57debcfe26589efc08124d5d62a7e593c9738a50171adf051ea4f07e7e7e770c2016eeacbe8511afffffbea75759a1ea5404f5453c0b5c46c9700808c096cf8cf5223f341cb003841b5cd224c1b381d56afebe9f99a00e3cd94dc0bb7af9e8709db487cc4d9b3b96723d69d512ddd57b0dee9b9f6ae80a502cce352098603e75414c91fce6c86287945bd8d258442760000ff010000000000000000000000300807f2f3906c1d45d05ba9df828d35376fed399fa311ff63a34f0c0b82b4f2825e729eb9b7f4c9ab3be5bc011ff29904bbc424880247fabe7325a6e8d139e99d2b2fbf7e84fca3b21c78840b858ce900a4eb9c2b8b9b7fb664d2aeac991ca09b1afc0ef7aed4541a2f7275130a9fa3853481c81e919c000000000000000000000000b1e0e4b55e0d5d8c657b4853fc18ec43be33e5f971cceda04d95c87489910ce692ee55c536d1671bffd4c9b98efb741b13f0ab26ac191c74"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000180)={0x48})
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x2)
readv(r2, &(0x7f0000000000)=[{&(0x7f0000001300)=""/241, 0xf1}], 0x1)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)

3.727069697s ago: executing program 5 (id=573):
socket$inet(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
ppoll(0x0, 0x0, &(0x7f0000000140)={0x0, 0x989680}, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x40, &(0x7f0000000000)=0x8, 0x4)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x58, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @remote}}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
setreuid(0x0, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r3, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000cc0)=@newtaction={0x68, 0x30, 0x30b, 0x70bd27, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x6, 0xc}, 0x2, r5}}]}, {0x4, 0xa}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x68}}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000020000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)

3.643525558s ago: executing program 1 (id=574):
socket$netlink(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r0, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f00000001c0)={'filter\x00', 0x5, 0x4, 0x3f0, 0x110, 0x220, 0x110, 0x308, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe0}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @private, @broadcast}}}, {{@arp={@multicast1, @loopback, 0xffffffff, 0xffffff00, 0x6, 0xf, {@empty, {[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}}, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}, {[0xff, 0x0, 0xff, 0xff, 0xff]}}, 0x3794, 0x2a1b, 0xc6d3, 0x0, 0x3, 0x2, 'vxcan1\x00', 'vlan0\x00', {0xff}}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac, @local, @private}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffd}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$unix(r3, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000c00)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf67000000000000150002000fff52e84407000009300000d60600000ee60000bf050000000000003d63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070400000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f2686ee970d6482a2e71a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387bfa1bc9b49da28724ba9cd79fbee8f97af876d0e30c19555ffdd7d73815b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f42407107000cdc9d7820c4eb67cc0f8b5fe9258eeacb5776aebbab3d5c55020000006082778366dadfc36029633e0514cbcee1f3928970bde148c940434f33acd377cbad17673b2d30b6339255c98eba97efb4e9ac1f11be815dd6045592edcbee7f253ec74c7c1313505bd7ff8fd58b3a6569c91dbdef1df585aeaea7346a2a65caee5c85f9eddeeeee3c8a2e523c864ac430eb47cb4d0c8767b9d4125661b5a1a170c04b64da3a99ddb93bf14fae3ca2d1e882375b8dbac83978e136c34f90b33cc0eeb57debcfe26589efc08124d5d62a7e593c9738a50171adf051ea4f07e7e7e770c2016eeacbe8511afffffbea75759a1ea5404f5453c0b5c46c9700808c096cf8cf5223f341cb003841b5cd224c1b381d56afebe9f99a00e3cd94dc0bb7af9e8709db487cc4d9b3b96723d69d512ddd57b0dee9b9f6ae80a502cce352098603e75414c91fce6c86287945bd8d258442760000ff010000000000000000000000300807f2f3906c1d45d05ba9df828d35376fed399fa311ff63a34f0c0b82b4f2825e729eb9b7f4c9ab3be5bc011ff29904bbc424880247fabe7325a6e8d139e99d2b2fbf7e84fca3b21c78840b858ce900a4eb9c2b8b9b7fb664d2aeac991ca09b1afc0ef7aed4541a2f7275130a9fa3853481c81e919c000000000000000000000000b1e0e4b55e0d5d8c657b4853fc18ec43be33e5f971cceda04d95c87489910ce692ee55c536d1671bffd4c9b98efb741b13f0ab26ac191c74"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r7, 0x3ba0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r7, 0x3ba0, &(0x7f0000000180)={0x48})
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x2)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)

3.567501841s ago: executing program 2 (id=575):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000), 0x0)

1.524825863s ago: executing program 3 (id=576):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x5, 0x4, 0x9, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10)
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)

458.404389ms ago: executing program 1 (id=577):
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[0x0, 0x0], 0x2, 0x0, <r0=>0x0, <r1=>0xffffffffffffffff})
syz_open_procfs(0x0, &(0x7f0000000340)='net/tcp\x00')
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00'})
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
msgctl$IPC_RMID(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r2}, 0x10)
fadvise64(0xffffffffffffffff, 0x2, 0x80003, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$pid(0x0, 0x0, 0x2007)
mount$afs(&(0x7f0000000040)=ANY=[@ANYBLOB='#.yz1:'], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[])
socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
futimesat(r1, &(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={{0x0, 0x2710}})
sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRESHEX=r0], 0x64}}, 0x40014)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='0.0:\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

247.605039ms ago: executing program 2 (id=578):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, 0x0, &(0x7f00000004c0))
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000040)={0x0, 0xa, 0xfff, 0x7cef, 0x20000000, 0xfffffffe}, &(0x7f0000000080)=0x14)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x4, 0x8, &(0x7f00000002c0)="0000ffff", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendto(r0, &(0x7f00000001c0)="d010f2a0932cc724af7114d8d570be057d0b21b246fa21740bcb9e70f6d8e4b9ad3089194205ac9a", 0x28, 0x4004, &(0x7f0000000540)=@sco={0x1f, @none}, 0x80)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x4c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

189.355314ms ago: executing program 3 (id=579):
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
socket$inet(0x2, 0x3, 0x2)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="120000007d0000000800000002"], 0x48)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xfe6b)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af0ff00000000bfa20000000000000702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r2}, 0x10)
socket$packet(0x11, 0x2, 0x300)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x44}}, 0x0)

0s ago: executing program 5 (id=580):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x20)
r3 = gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000029000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$int_in(r4, 0x5452, &(0x7f0000000180)=0xffffffffffffffff)
fcntl$setsig(r4, 0xa, 0x12)
r6 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r6, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
dup2(r4, r5)
fcntl$setown(r5, 0x8, r3)
tkill(r3, 0x13)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.120' (ED25519) to the list of known hosts.
[   85.230139][ T5819] cgroup: Unknown subsys name 'net'
[   85.382500][ T5819] cgroup: Unknown subsys name 'cpuset'
[   85.391968][ T5819] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   86.925186][ T5819] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   90.090513][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   90.129380][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   90.137106][ T5851] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   90.145694][ T5851] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   90.154031][ T5851] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   90.163236][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   90.170429][ T5851] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   90.178381][ T5851] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   90.186964][ T5851] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   90.195676][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   90.203477][ T5851] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   90.211098][ T5851] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   90.221763][ T5854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   90.223756][ T5852] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   90.248045][ T5853] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   90.257350][ T5853] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   90.264877][ T5854] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   90.265526][ T5853] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   90.280684][ T5853] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   90.283813][ T5855] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   90.289507][ T5853] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   90.302101][ T5854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   90.302763][ T5853] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   90.313690][ T5835] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   90.318454][ T5853] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   90.325125][ T5855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   90.330999][ T5853] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   90.346857][ T5835] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   90.348369][ T5141] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   90.359745][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   90.361324][ T5141] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   90.381407][ T5141] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   90.396959][ T5846] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   90.402516][ T5853] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   90.404818][ T5846] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   90.418503][ T5846] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   90.948915][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   90.976813][ T5836] chnl_net:caif_netlink_parms(): no params data found
[   91.013002][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   91.242257][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   91.295316][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.303407][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.311052][ T5832] bridge_slave_0: entered allmulticast mode
[   91.318095][ T5832] bridge_slave_0: entered promiscuous mode
[   91.349652][ T5837] chnl_net:caif_netlink_parms(): no params data found
[   91.376992][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.384320][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.392130][ T5832] bridge_slave_1: entered allmulticast mode
[   91.399466][ T5832] bridge_slave_1: entered promiscuous mode
[   91.406934][ T5838] chnl_net:caif_netlink_parms(): no params data found
[   91.458006][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.466072][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.473784][ T5836] bridge_slave_0: entered allmulticast mode
[   91.480996][ T5836] bridge_slave_0: entered promiscuous mode
[   91.527443][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.543042][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.554141][ T5830] bridge_slave_0: entered allmulticast mode
[   91.566619][ T5830] bridge_slave_0: entered promiscuous mode
[   91.620044][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.627710][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.643148][ T5836] bridge_slave_1: entered allmulticast mode
[   91.652925][ T5836] bridge_slave_1: entered promiscuous mode
[   91.704757][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.720778][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.728115][ T5830] bridge_slave_1: entered allmulticast mode
[   91.743472][ T5830] bridge_slave_1: entered promiscuous mode
[   91.854203][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.970796][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.978002][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.986882][ T5837] bridge_slave_0: entered allmulticast mode
[   91.994260][ T5837] bridge_slave_0: entered promiscuous mode
[   92.021124][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.037805][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.050074][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.066947][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.074733][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.082146][ T5837] bridge_slave_1: entered allmulticast mode
[   92.089450][ T5837] bridge_slave_1: entered promiscuous mode
[   92.101252][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.113798][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.186035][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.198358][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.205695][ T5833] bridge_slave_0: entered allmulticast mode
[   92.213606][ T5833] bridge_slave_0: entered promiscuous mode
[   92.250244][ T5830] team0: Port device team_slave_0 added
[   92.269793][ T5836] team0: Port device team_slave_0 added
[   92.275951][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.284929][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.292620][ T5833] bridge_slave_1: entered allmulticast mode
[   92.299609][ T5833] bridge_slave_1: entered promiscuous mode
[   92.310211][ T5832] team0: Port device team_slave_0 added
[   92.337352][ T5830] team0: Port device team_slave_1 added
[   92.356192][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.368649][ T5836] team0: Port device team_slave_1 added
[   92.374447][ T5848] Bluetooth: hci3: command tx timeout
[   92.381598][ T5832] team0: Port device team_slave_1 added
[   92.398426][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.405625][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.413517][ T5838] bridge_slave_0: entered allmulticast mode
[   92.421045][ T5838] bridge_slave_0: entered promiscuous mode
[   92.431244][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.438532][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.445748][ T5838] bridge_slave_1: entered allmulticast mode
[   92.449873][ T5846] Bluetooth: hci1: command tx timeout
[   92.451955][   T55] Bluetooth: hci4: command tx timeout
[   92.457421][ T5846] Bluetooth: hci0: command tx timeout
[   92.462960][ T5853] Bluetooth: hci2: command tx timeout
[   92.468431][ T5848] Bluetooth: hci5: command tx timeout
[   92.482392][ T5838] bridge_slave_1: entered promiscuous mode
[   92.500706][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.510588][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.517554][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.544046][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.591663][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.621085][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.628101][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.654275][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.680961][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.687982][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.714492][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.728781][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.735760][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.762138][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.775416][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.782488][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.808689][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.823314][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.869870][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.876866][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.903327][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.947578][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.960711][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.972497][ T5837] team0: Port device team_slave_0 added
[   92.982006][ T5837] team0: Port device team_slave_1 added
[   93.020941][ T5833] team0: Port device team_slave_0 added
[   93.091180][ T5836] hsr_slave_0: entered promiscuous mode
[   93.097597][ T5836] hsr_slave_1: entered promiscuous mode
[   93.106397][ T5833] team0: Port device team_slave_1 added
[   93.141155][ T5838] team0: Port device team_slave_0 added
[   93.160982][ T5832] hsr_slave_0: entered promiscuous mode
[   93.167303][ T5832] hsr_slave_1: entered promiscuous mode
[   93.174874][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   93.183029][ T5832] Cannot create hsr debugfs directory
[   93.223982][ T5830] hsr_slave_0: entered promiscuous mode
[   93.230916][ T5830] hsr_slave_1: entered promiscuous mode
[   93.237137][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   93.244984][ T5830] Cannot create hsr debugfs directory
[   93.252479][ T5838] team0: Port device team_slave_1 added
[   93.271545][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.283556][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.309824][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.322794][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.329900][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.356248][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.374195][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.381252][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.407255][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.466659][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.473890][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.500645][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.534028][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.541859][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.588789][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.605702][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.613157][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.639263][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.794671][ T5837] hsr_slave_0: entered promiscuous mode
[   93.801428][ T5837] hsr_slave_1: entered promiscuous mode
[   93.807434][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   93.815759][ T5837] Cannot create hsr debugfs directory
[   93.835726][ T5838] hsr_slave_0: entered promiscuous mode
[   93.842067][ T5838] hsr_slave_1: entered promiscuous mode
[   93.848076][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   93.856114][ T5838] Cannot create hsr debugfs directory
[   93.967313][ T5833] hsr_slave_0: entered promiscuous mode
[   93.973990][ T5833] hsr_slave_1: entered promiscuous mode
[   93.980759][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   93.988819][ T5833] Cannot create hsr debugfs directory
[   94.253094][ T5832] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   94.297073][ T5832] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   94.332094][ T5832] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   94.352874][ T5832] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   94.401649][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   94.440940][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   94.451431][ T5848] Bluetooth: hci3: command tx timeout
[   94.461073][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   94.488743][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   94.505535][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   94.517402][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   94.528688][ T5846] Bluetooth: hci4: command tx timeout
[   94.528703][ T5853] Bluetooth: hci1: command tx timeout
[   94.538406][ T5848] Bluetooth: hci2: command tx timeout
[   94.539715][ T5846] Bluetooth: hci5: command tx timeout
[   94.544872][ T5853] Bluetooth: hci0: command tx timeout
[   94.558800][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   94.579144][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   94.659493][ T5837] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   94.670040][ T5837] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   94.706332][ T5837] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   94.725591][ T5837] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   94.816729][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.826759][ T5838] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   94.842038][ T5838] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   94.877441][ T5838] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   94.918977][ T5838] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   94.932675][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   94.973018][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.980347][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.035277][ T5833] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   95.061272][ T3519] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.068471][ T3519] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.083232][ T5833] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   95.099609][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.117053][ T5833] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   95.160097][ T5833] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   95.179783][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   95.206036][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.224479][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.231671][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.290691][ T5837] 8021q: adding VLAN 0 to HW filter on device team0
[   95.306379][ T3519] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.313600][ T3519] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.347065][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.373472][ T3519] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.380655][ T3519] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.391518][ T3519] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.398695][ T3519] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.466283][ T5832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   95.509713][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.530681][ T5836] 8021q: adding VLAN 0 to HW filter on device team0
[   95.586972][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.594173][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.696203][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.703464][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.735862][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[   95.857841][ T5836] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   95.880134][ T5836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   95.931310][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.955819][ T3435] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.963014][ T3435] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.986387][ T3435] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.993594][ T3435] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.057850][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.152677][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   96.224884][ T3435] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.232086][ T3435] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.266883][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.278251][ T3435] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.285362][ T3435] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.317511][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.421588][ T5832] veth0_vlan: entered promiscuous mode
[   96.495454][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.532378][   T26] cfg80211: failed to load regulatory.db
[   96.539158][ T5848] Bluetooth: hci3: command tx timeout
[   96.565930][ T5832] veth1_vlan: entered promiscuous mode
[   96.593053][ T5837] veth0_vlan: entered promiscuous mode
[   96.609684][ T5853] Bluetooth: hci2: command tx timeout
[   96.615139][ T5853] Bluetooth: hci0: command tx timeout
[   96.618693][ T5846] Bluetooth: hci4: command tx timeout
[   96.621065][   T55] Bluetooth: hci1: command tx timeout
[   96.634700][ T5848] Bluetooth: hci5: command tx timeout
[   96.655622][ T5830] veth0_vlan: entered promiscuous mode
[   96.692967][ T5830] veth1_vlan: entered promiscuous mode
[   96.734260][ T5837] veth1_vlan: entered promiscuous mode
[   96.795665][ T5832] veth0_macvtap: entered promiscuous mode
[   96.827183][ T5832] veth1_macvtap: entered promiscuous mode
[   96.860164][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.871703][ T5836] veth0_vlan: entered promiscuous mode
[   96.893258][ T5836] veth1_vlan: entered promiscuous mode
[   96.990654][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.000972][ T5830] veth0_macvtap: entered promiscuous mode
[   97.014735][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.034753][ T5837] veth0_macvtap: entered promiscuous mode
[   97.053245][ T5830] veth1_macvtap: entered promiscuous mode
[   97.070630][ T5837] veth1_macvtap: entered promiscuous mode
[   97.083510][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.148070][ T5832] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.162513][ T5832] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.171941][ T5832] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.181056][ T5832] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.211411][ T5836] veth0_macvtap: entered promiscuous mode
[   97.228010][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   97.241894][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.253286][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.261742][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   97.273882][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.284255][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   97.297095][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.309183][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.340184][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.361231][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.383038][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.395991][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.410925][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.433109][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.443732][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.456766][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.476703][ T5836] veth1_macvtap: entered promiscuous mode
[   97.512175][ T5830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.532128][ T5830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.545876][ T5830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.554778][ T5830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.590412][ T5837] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.599528][ T5837] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.608507][ T5837] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.617256][ T5837] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.680731][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   97.696717][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.706930][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   97.717455][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.727424][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   97.739908][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.751145][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.785769][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.796865][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.807280][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.818322][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.828390][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.839192][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.850259][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.869391][ T5838] veth0_vlan: entered promiscuous mode
[   97.906085][ T5836] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.914962][ T5836] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.924797][ T5836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.933602][ T5836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.967017][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.985662][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.013861][ T5838] veth1_vlan: entered promiscuous mode
[   98.078079][ T5833] veth0_vlan: entered promiscuous mode
[   98.125024][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.133317][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.135822][ T5833] veth1_vlan: entered promiscuous mode
[   98.186579][ T5838] veth0_macvtap: entered promiscuous mode
[   98.206711][ T5838] veth1_macvtap: entered promiscuous mode
[   98.213139][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.221383][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.305400][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.320230][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.363378][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.379285][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   98.380805][ T5833] veth0_macvtap: entered promiscuous mode
[   98.398646][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.438103][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.446098][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.457139][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   98.488106][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   98.518232][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   98.542269][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   98.558213][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   98.576791][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   98.588130][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   98.599832][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   98.609978][ T5848] Bluetooth: hci3: command tx timeout
[   98.613241][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.688951][ T5141] Bluetooth: hci1: command tx timeout
[   98.689360][ T5846] Bluetooth: hci0: command tx timeout
[   98.694521][ T5853] Bluetooth: hci5: command tx timeout
[   98.701228][   T55] Bluetooth: hci2: command tx timeout
[   98.705960][ T5848] Bluetooth: hci4: command tx timeout
[   98.920160][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   98.931462][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   98.943696][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   98.981294][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   99.020466][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.061516][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   99.075332][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.087751][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   99.103842][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.127028][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.188818][ T5833] veth1_macvtap: entered promiscuous mode
[   99.216248][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.296772][ T5838] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.308291][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.530113][ T5838] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.547409][ T5838] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.557133][ T5838] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.675612][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   99.719722][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.738294][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   99.757106][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.767270][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   99.786284][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.799288][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   99.813396][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.823781][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   99.834490][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.846039][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.861094][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.874918][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.012733][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.064538][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.094016][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.128852][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.152487][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.188213][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.198092][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.238426][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.258216][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.289062][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.334329][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.456168][ T5833] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.479261][ T5833] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.488060][ T5833] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.539051][ T5833] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.831296][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.028640][    T0] NOHZ tick-stop error: local softirq work is pending, handler #102!!!
[  101.037244][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  102.135425][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.153656][   T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.194244][   T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.218661][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  103.577496][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.649822][ T5985] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  104.270541][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.525805][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.568284][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.748651][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  104.758617][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  104.775705][ T2147] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  104.848879][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  104.923002][ T5993] ipvlan2: entered promiscuous mode
[  104.988666][ T2147] usb 2-1: device descriptor read/64, error -71
[  105.471468][ T2147] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  105.677642][ T6000] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  106.419943][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  106.443159][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  106.990009][ T2147] usb 2-1: device descriptor read/64, error -71
[  107.029235][    T9] usb 5-1: Using ep0 maxpacket: 16
[  107.037316][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  107.109945][    T9] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  107.148316][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.158945][ T2147] usb usb2-port1: attempt power cycle
[  107.182154][    T9] usb 5-1: Product: syz
[  107.198393][    T9] usb 5-1: Manufacturer: syz
[  107.226280][    T9] usb 5-1: SerialNumber: syz
[  107.289597][    T9] usb 5-1: config 0 descriptor??
[  107.335425][    T9] hub 5-1:0.0: bad descriptor, ignoring hub
[  107.365097][    T9] hub 5-1:0.0: probe with driver hub failed with error -5
[  107.416908][    T9] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input5
[  107.785246][ T2147] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  108.154595][    T9] usb 5-1: USB disconnect, device number 2
[  108.418058][ T2147] usb 2-1: device not accepting address 4, error -71
[  108.699235][    T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!!
[  108.710103][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!!
[  109.628632][ T6024] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  109.659407][ T6024] CIFS: Unable to determine destination address
[  110.032881][ T6026] loop2: detected capacity change from 0 to 128
[  110.253676][   T30] audit: type=1800 audit(1742645335.335:2): pid=6026 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.22" name="bus" dev="loop2" ino=114 res=0 errno=0
[  114.328378][ T5856] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  115.400366][ T5856] usb 4-1: device descriptor read/64, error -71
[  116.340970][ T5856] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  116.508281][ T5856] usb 4-1: device descriptor read/64, error -71
[  116.544373][ T6082] netlink: 36 bytes leftover after parsing attributes in process `syz.2.41'.
[  116.638501][ T6082] netlink: 16 bytes leftover after parsing attributes in process `syz.2.41'.
[  116.658578][ T5856] usb usb4-port1: attempt power cycle
[  116.713850][ T6082] netlink: 36 bytes leftover after parsing attributes in process `syz.2.41'.
[  116.724186][ T6082] netlink: 36 bytes leftover after parsing attributes in process `syz.2.41'.
[  117.778322][ T5856] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  118.106023][ T5856] usb 4-1: device descriptor read/8, error -71
[  118.203442][ T6092] loop5: detected capacity change from 0 to 128
[  118.337705][   T30] audit: type=1800 audit(1742645343.425:3): pid=6092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.44" name="bus" dev="loop5" ino=115 res=0 errno=0
[  121.186911][ T6116] capability: warning: `syz.1.52' uses 32-bit capabilities (legacy support in use)
[  122.148462][   T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  122.335223][ T6141] warning: `syz.0.57' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  122.368353][   T10] usb 5-1: Using ep0 maxpacket: 16
[  122.471198][   T10] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  122.670166][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  122.774438][   T10] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  122.790264][ T6144] Cannot find set identified by id 0 to match
[  122.806807][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.825485][   T10] usb 5-1: Product: syz
[  122.835581][   T10] usb 5-1: Manufacturer: syz
[  122.845694][   T10] usb 5-1: SerialNumber: syz
[  122.890566][   T10] usb 5-1: config 0 descriptor??
[  122.955559][   T10] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  123.011448][   T10] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  123.179452][ T2147] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  123.348327][ T2147] usb 2-1: device descriptor read/64, error -71
[  123.564135][   T10] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  123.575198][   T10] em28xx 5-1:0.0: Config register raw data: 0x56
[  123.638340][ T2147] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  123.812284][   T10] em28xx 5-1:0.0: AC97 chip type couldn't be determined
[  123.830833][   T10] em28xx 5-1:0.0: No AC97 audio processor
[  123.878312][ T6159] serio: Serial port ptm0
[  124.021929][ T2147] usb 2-1: device descriptor read/64, error -71
[  124.140914][ T2147] usb usb2-port1: attempt power cycle
[  124.528583][ T2147] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  124.589042][ T2147] usb 2-1: device descriptor read/8, error -71
[  124.838780][ T2147] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  124.888325][    T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  124.899387][ T2147] usb 2-1: device descriptor read/8, error -71
[  124.958495][   T10] usb 5-1: USB disconnect, device number 3
[  124.973595][   T10] em28xx 5-1:0.0: Disconnecting em28xx
[  125.009046][ T2147] usb usb2-port1: unable to enumerate USB device
[  125.138635][   T10] em28xx 5-1:0.0: Freeing device
[  125.153785][    T9] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  125.168020][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  125.187174][    T9] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  125.230063][    T9] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  125.518442][    T9] usb 1-1: Product: syz
[  125.535039][    T9] usb 1-1: Manufacturer: syz
[  126.490159][    T9] usb 1-1: SerialNumber: syz
[  126.500281][    T9] usb 1-1: config 0 descriptor??
[  126.521480][    T9] usb 1-1: selecting invalid altsetting 0
[  126.521793][ T6185] Zero length message leads to an empty skb
[  126.777045][    T9] usb 1-1: USB disconnect, device number 2
[  127.284235][ T5893] udevd[5893]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  129.220288][ T6212] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  129.683163][ T6227] mmap: syz.2.83 (6227) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  129.810471][ T6228] serio: Serial port ptm0
[  129.878462][ T2147] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  130.818314][ T2147] usb 1-1: Using ep0 maxpacket: 16
[  130.865353][ T2147] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  130.889328][ T5899] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  130.950379][ T2147] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  131.004859][ T2147] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  131.053607][ T2147] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.161274][ T5899] usb 6-1: unable to read config index 0 descriptor/start: -61
[  131.204682][ T2147] usb 1-1: Product: syz
[  131.249238][ T5899] usb 6-1: can't read configurations, error -61
[  131.272985][ T2147] usb 1-1: Manufacturer: syz
[  131.277806][ T2147] usb 1-1: SerialNumber: syz
[  131.459010][ T5899] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  131.476390][ T2147] usb 1-1: config 0 descriptor??
[  131.691619][ T2147] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  131.787651][ T2147] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  131.798361][ T5899] usb 6-1: unable to read config index 0 descriptor/start: -61
[  131.805977][ T5899] usb 6-1: can't read configurations, error -61
[  131.882387][ T5899] usb usb6-port1: attempt power cycle
[  132.739551][ T2147] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  132.774940][ T2147] em28xx 1-1:0.0: Config register raw data: 0x56
[  133.268750][ T5899] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  133.328331][ T2147] em28xx 1-1:0.0: AC97 chip type couldn't be determined
[  133.335351][ T2147] em28xx 1-1:0.0: No AC97 audio processor
[  133.391986][ T5899] usb 6-1: device descriptor read/8, error -71
[  134.979074][    T9] usb 1-1: USB disconnect, device number 3
[  135.009258][    T9] em28xx 1-1:0.0: Disconnecting em28xx
[  135.279520][    T9] em28xx 1-1:0.0: Freeing device
[  136.135281][    T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  136.402400][    T9] usb 1-1: unable to read config index 0 descriptor/start: -61
[  136.410208][    T9] usb 1-1: can't read configurations, error -61
[  136.578338][    T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  136.910605][    T9] usb 1-1: unable to read config index 0 descriptor/start: -61
[  136.950000][    T9] usb 1-1: can't read configurations, error -61
[  136.960648][    T9] usb usb1-port1: attempt power cycle
[  137.303352][ T6309] trusted_key: syz.2.104 sent an empty control message without MSG_MORE.
[  137.328455][    T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  137.391668][    T9] usb 1-1: unable to read config index 0 descriptor/start: -61
[  137.416749][    T9] usb 1-1: can't read configurations, error -61
[  137.568516][    T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  137.659900][    T9] usb 1-1: unable to read config index 0 descriptor/start: -61
[  137.667566][    T9] usb 1-1: can't read configurations, error -61
[  137.725319][    T9] usb usb1-port1: unable to enumerate USB device
[  137.781859][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  137.788542][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  139.159240][    T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  139.308293][    T9] usb 5-1: Using ep0 maxpacket: 16
[  140.371821][    T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  140.429576][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  140.503238][    T9] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  140.537315][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.572244][    T9] usb 5-1: Product: syz
[  140.576498][    T9] usb 5-1: Manufacturer: syz
[  140.595021][    T9] usb 5-1: SerialNumber: syz
[  140.624563][    T9] usb 5-1: config 0 descriptor??
[  140.681879][    T9] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  140.736295][    T9] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  141.879566][    T9] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  141.921945][    T9] em28xx 5-1:0.0: Config register raw data: 0x56
[  142.118651][    T9] em28xx 5-1:0.0: AC97 chip type couldn't be determined
[  142.159643][    T9] em28xx 5-1:0.0: No AC97 audio processor
[  143.876362][ T2147] usb 5-1: USB disconnect, device number 4
[  143.888865][ T2147] em28xx 5-1:0.0: Disconnecting em28xx
[  143.909333][ T2147] em28xx 5-1:0.0: Freeing device
[  143.915527][ T6353] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  144.049558][ T6353] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  144.309666][    T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  144.649721][ T6377] libceph: resolve '0.0' (ret=-3): failed
[  144.752979][    T9] usb 1-1: unable to read config index 0 descriptor/start: -61
[  145.108405][    T9] usb 1-1: can't read configurations, error -61
[  145.261873][    T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  145.653343][    T9] usb 1-1: unable to read config index 0 descriptor/start: -61
[  145.661811][    T9] usb 1-1: can't read configurations, error -61
[  145.668610][    T9] usb usb1-port1: attempt power cycle
[  146.045699][    T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  146.319470][    T9] usb 1-1: unable to read config index 0 descriptor/start: -61
[  146.327104][    T9] usb 1-1: can't read configurations, error -61
[  146.651826][    T9] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  147.201914][    T9] usb 1-1: device descriptor read/8, error -71
[  147.358994][    T9] usb usb1-port1: unable to enumerate USB device
[  149.229952][ T6431] netlink: 36 bytes leftover after parsing attributes in process `syz.4.146'.
[  149.577368][ T6429] sctp: failed to load transform for md5: -4
[  150.146509][ T5848] Bluetooth: hci4: link tx timeout
[  150.152280][ T5848] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  150.699526][ T6441] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  150.709475][ T6441] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  152.230888][ T6468] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  152.237102][ T6468] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  152.288333][   T55] Bluetooth: hci4: command 0x0406 tx timeout
[  152.301695][ T6468] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  152.331463][ T6468] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  152.337517][ T6468] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  152.379024][ T6468] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  152.467794][ T6468] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  152.473916][ T6468] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  152.501347][ T6468] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  152.516707][ T6468] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  152.522814][ T6468] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  152.551122][ T6468] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  152.568041][ T6488] netlink: 'syz.2.161': attribute type 1 has an invalid length.
[  152.619376][ T6468] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  152.625389][ T6468] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  152.651392][ T6488] netlink: 224 bytes leftover after parsing attributes in process `syz.2.161'.
[  153.239083][ T6468] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  153.279802][ T6464] mkiss: ax0: crc mode is auto.
[  153.303744][ T6468] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  153.310059][ T6468] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  153.895260][   T55] Bluetooth: hci0: command 0x0c1a tx timeout
[  154.379225][   T55] Bluetooth: hci1: command 0x0c1a tx timeout
[  154.558310][   T55] Bluetooth: hci3: command 0x0c1a tx timeout
[  154.644028][   T55] Bluetooth: hci2: command 0x0c1a tx timeout
[  154.692364][ T5846] Bluetooth: hci5: command 0x0c1a tx timeout
[  155.370251][ T5846] Bluetooth: hci4: command 0x0406 tx timeout
[  155.978337][ T5846] Bluetooth: hci0: command 0x0c1a tx timeout
[  156.908427][ T5846] Bluetooth: hci1: command 0x0c1a tx timeout
[  156.914651][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout
[  156.920889][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout
[  156.927009][   T55] Bluetooth: hci5: command 0x0c1a tx timeout
[  158.268249][   T55] Bluetooth: hci4: command 0x0406 tx timeout
[  158.268357][ T5853] Bluetooth: hci0: command 0x0c1a tx timeout
[  158.958895][ T6549] xt_hashlimit: max too large, truncated to 1048576
[  159.008935][ T5853] Bluetooth: hci5: command 0x0c1a tx timeout
[  159.016326][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout
[  159.091914][   T55] Bluetooth: hci3: command 0x0c1a tx timeout
[  159.099176][ T5846] Bluetooth: hci2: command 0x0c1a tx timeout
[  159.548721][ T6551] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  159.554933][ T6551] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  159.562377][ T6551] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  159.568589][ T6551] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  159.574668][ T6551] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  159.580787][ T6551] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  161.770242][ T5853] Bluetooth: hci4: command 0x0406 tx timeout
[  161.776343][ T5853] Bluetooth: hci5: command 0x0c1a tx timeout
[  161.782495][ T5846] Bluetooth: hci2: command 0x0c1a tx timeout
[  161.788637][ T5846] Bluetooth: hci3: command 0x0c1a tx timeout
[  161.794641][ T5846] Bluetooth: hci1: command 0x0c1a tx timeout
[  161.800718][ T5846] Bluetooth: hci0: command 0x0c1a tx timeout
[  162.163052][ T5897] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  162.185110][ T6571] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma?
[  162.208503][  T970] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  162.348522][ T5897] usb 2-1: Using ep0 maxpacket: 8
[  162.376921][  T970] usb 3-1: config 0 has an invalid interface number: 3 but max is 0
[  162.390236][  T970] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  162.404692][ T5897] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  162.415801][  T970] usb 3-1: config 0 has no interface number 0
[  162.422137][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.438370][ T5897] usb 2-1: Product: syz
[  162.452999][  T970] usb 3-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  162.467234][ T5897] usb 2-1: Manufacturer: syz
[  162.487618][  T970] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.508945][ T5897] usb 2-1: SerialNumber: syz
[  162.518643][  T970] usb 3-1: Product: syz
[  162.529535][ T5897] usb 2-1: config 0 descriptor??
[  162.543182][  T970] usb 3-1: Manufacturer: syz
[  162.562908][  T970] usb 3-1: SerialNumber: syz
[  162.579833][  T970] usb 3-1: config 0 descriptor??
[  162.593125][  T970] powermate 3-1:0.3: probe with driver powermate failed with error -22
[  162.942852][ T5897] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  163.245409][   T26] usb 3-1: USB disconnect, device number 2
[  164.411198][ T5897] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  165.797835][ T5897] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  165.967986][   T10] usb 2-1: USB disconnect, device number 10
[  166.004625][ T5897] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  166.045595][ T5897] usb 5-1: config 0 interface 0 has no altsetting 0
[  166.095154][ T6603] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  166.119770][ T5897] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  166.173774][ T5897] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  166.849934][ T5897] usb 5-1: Product: syz
[  166.854167][ T5897] usb 5-1: Manufacturer: syz
[  166.871990][ T5897] usb 5-1: SerialNumber: syz
[  167.001078][ T5897] usb 5-1: config 0 descriptor??
[  167.050999][ T5897] usb 5-1: selecting invalid altsetting 0
[  167.118989][ T6197] udevd[6197]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  167.292549][ T5897] usb 5-1: USB disconnect, device number 5
[  167.743878][ T5893] udevd[5893]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  170.752785][ T6637] libceph: resolve '0.0' (ret=-3): failed
[  172.415884][  T970] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  172.788360][  T970] usb 6-1: Using ep0 maxpacket: 8
[  172.970688][ T6651] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  172.976937][ T6651] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  172.983169][ T6651] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  172.989298][ T6651] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  172.995415][ T6651] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  173.001573][ T6651] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  173.327702][  T970] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  173.378617][  T970] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.386694][  T970] usb 6-1: Product: syz
[  173.438773][  T970] usb 6-1: Manufacturer: syz
[  173.443479][  T970] usb 6-1: SerialNumber: syz
[  173.485460][  T970] usb 6-1: config 0 descriptor??
[  173.635056][ T6662] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  174.372507][  T970] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  174.818266][   T55] Bluetooth: hci0: command 0x0c1a tx timeout
[  175.088824][   T55] Bluetooth: hci4: command 0x0406 tx timeout
[  175.088883][ T5853] Bluetooth: hci5: command 0x0c1a tx timeout
[  175.095150][   T55] Bluetooth: hci2: command 0x0c1a tx timeout
[  175.102175][ T5846] Bluetooth: hci3: command 0x0c1a tx timeout
[  175.107259][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout
[  175.298469][   T26] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  175.934633][   T26] usb 3-1: Using ep0 maxpacket: 16
[  175.960858][   T26] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  176.198026][  T970] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  176.207853][   T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  176.311849][   T26] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  176.321181][   T26] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.329267][   T26] usb 3-1: Product: syz
[  176.333468][   T26] usb 3-1: Manufacturer: syz
[  176.338089][   T26] usb 3-1: SerialNumber: syz
[  176.346561][   T26] usb 3-1: config 0 descriptor??
[  176.359160][   T26] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  176.418324][   T26] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  177.189186][  T970] usb 6-1: USB disconnect, device number 6
[  177.540390][   T26] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  177.568309][   T55] Bluetooth: hci4: command 0x0406 tx timeout
[  177.589423][   T26] em28xx 3-1:0.0: Config register raw data: 0x56
[  177.645407][ T6702] tmpfs: Unknown parameter 'grpqu"RÝ÷‘ota_block_hardl'
[  177.991075][   T26] em28xx 3-1:0.0: AC97 chip type couldn't be determined
[  178.011221][   T26] em28xx 3-1:0.0: No AC97 audio processor
[  179.028143][   T26] usb 3-1: USB disconnect, device number 3
[  179.056242][   T26] em28xx 3-1:0.0: Disconnecting em28xx
[  179.129553][   T26] em28xx 3-1:0.0: Freeing device
[  180.167217][ T6728] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  180.173517][ T6728] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  180.179666][ T6728] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  180.187022][ T6728] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  180.193169][ T6728] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  180.199314][ T6728] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  180.588720][ T6733] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  181.390362][ T6721] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  181.551847][ T6721] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  182.111475][ T6747] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  182.228611][ T5141] Bluetooth: hci5: command 0x0c1a tx timeout
[  182.236195][ T5141] Bluetooth: hci3: command 0x0c1a tx timeout
[  182.246015][ T5141] Bluetooth: hci0: command 0x0c1a tx timeout
[  182.254384][ T5141] Bluetooth: hci1: command 0x0c1a tx timeout
[  182.262278][ T5141] Bluetooth: hci4: command 0x0406 tx timeout
[  182.269055][ T5141] Bluetooth: hci2: command 0x0c1a tx timeout
[  183.130179][ T6751] netlink: 'syz.3.237': attribute type 1 has an invalid length.
[  183.191861][ T6751] netlink: 224 bytes leftover after parsing attributes in process `syz.3.237'.
[  186.409321][ T6777] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  186.415427][ T6777] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  186.421628][ T6777] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  186.427655][ T6777] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  186.434761][ T6777] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  186.442841][ T6777] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  187.891561][ T5848] Bluetooth: hci2: Ignoring connect complete event for invalid link type
[  188.448398][ T5848] Bluetooth: hci4: command 0x0406 tx timeout
[  188.454490][ T5848] Bluetooth: hci5: command 0x0c1a tx timeout
[  188.460632][ T5141] Bluetooth: hci2: command 0x0c1a tx timeout
[  188.466708][ T5141] Bluetooth: hci3: command 0x0c1a tx timeout
[  188.472932][ T5141] Bluetooth: hci1: command 0x0c1a tx timeout
[  188.479990][ T5141] Bluetooth: hci0: command 0x0c1a tx timeout
[  188.870395][ T6808] netlink: 'syz.5.255': attribute type 1 has an invalid length.
[  188.900992][ T6808] netlink: 224 bytes leftover after parsing attributes in process `syz.5.255'.
[  189.018479][   T26] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  189.200094][   T26] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  189.225202][   T26] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  189.284111][   T26] usb 3-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  189.317710][   T26] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.332778][   T26] usb 3-1: Product: syz
[  189.336982][   T26] usb 3-1: Manufacturer: syz
[  189.347774][   T26] usb 3-1: SerialNumber: syz
[  189.359283][   T26] usb 3-1: config 0 descriptor??
[  189.375265][   T26] powermate 3-1:0.0: probe with driver powermate failed with error -22
[  189.577829][   T26] usb 3-1: USB disconnect, device number 4
[  189.786190][ T6826] xt_hashlimit: max too large, truncated to 1048576
[  190.908533][   T26] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  191.084199][   T26] usb 4-1: Using ep0 maxpacket: 8
[  191.136337][   T26] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  191.178760][   T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.187109][   T26] usb 4-1: Product: syz
[  191.399768][   T26] usb 4-1: Manufacturer: syz
[  192.003909][   T26] usb 4-1: SerialNumber: syz
[  192.011261][   T26] usb 4-1: config 0 descriptor??
[  192.420373][   T26] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  192.906313][ T6857] netlink: 'syz.2.271': attribute type 1 has an invalid length.
[  192.923031][ T6857] netlink: 224 bytes leftover after parsing attributes in process `syz.2.271'.
[  193.858472][ T6879] block device autoloading is deprecated and will be removed.
[  194.208549][ T5848] Bluetooth: hci4: command 0x0406 tx timeout
[  194.248409][   T26] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  195.220001][ T5899] usb 4-1: USB disconnect, device number 6
[  195.356506][ T6898] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  195.384201][   T26] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  195.842569][   T26] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  195.853785][   T26] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  195.955890][   T26] usb 5-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  196.854721][   T26] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.892004][ T6910] serio: Serial port ptm0
[  197.040362][   T26] usb 5-1: Product: syz
[  197.045781][   T26] usb 5-1: Manufacturer: syz
[  197.050550][   T26] usb 5-1: SerialNumber: syz
[  197.065185][   T26] usb 5-1: config 0 descriptor??
[  197.074414][   T26] powermate 5-1:0.0: probe with driver powermate failed with error -22
[  197.213124][ T6917] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  197.327992][ T5847] usb 5-1: USB disconnect, device number 6
[  197.341353][ T6920] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  197.491103][ T6917] iommufd_mock iommufd_mock2: Adding to iommu group 2
[  198.619169][ T6931] loop4: detected capacity change from 0 to 128
[  198.670748][   T30] audit: type=1800 audit(1742645423.765:4): pid=6931 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.294" name="bus" dev="loop4" ino=116 res=0 errno=0
[  198.930620][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  199.578430][    T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  199.788719][    T9] usb 1-1: Using ep0 maxpacket: 8
[  200.535647][    T9] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  200.568370][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.618359][    T9] usb 1-1: Product: syz
[  200.748478][ T6951] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma?
[  200.855775][    T9] usb 1-1: Manufacturer: syz
[  200.869106][    T9] usb 1-1: SerialNumber: syz
[  200.934721][    T9] usb 1-1: config 0 descriptor??
[  202.058476][    T9] dvb_usb_rtl28xxu 1-1:0.0: chip type detection failed -110
[  202.066746][    T9] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110
[  202.407049][ T6966] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  202.708756][ T6971] overlayfs: missing 'lowerdir'
[  203.607030][  T970] usb 1-1: USB disconnect, device number 12
[  203.918445][ T2147] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  204.216432][ T2147] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  204.284293][ T2147] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  204.922965][ T2147] usb 2-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  204.956435][ T2147] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.994026][ T2147] usb 2-1: Product: syz
[  205.024950][ T2147] usb 2-1: Manufacturer: syz
[  205.032835][ T2147] usb 2-1: SerialNumber: syz
[  205.120013][ T2147] usb 2-1: config 0 descriptor??
[  205.540861][ T2147] powermate 2-1:0.0: probe with driver powermate failed with error -22
[  206.326307][ T2147] usb 2-1: USB disconnect, device number 11
[  208.594030][ T7012] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma?
[  208.913291][ T7017] loop2: detected capacity change from 0 to 128
[  208.974368][   T30] audit: type=1800 audit(1742645434.065:5): pid=7017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.320" name="bus" dev="loop2" ino=117 res=0 errno=0
[  211.261022][ T7046] serio: Serial port ptm0
[  211.733023][ T7051] netlink: 'syz.2.332': attribute type 1 has an invalid length.
[  211.987211][ T7051] bond1: entered promiscuous mode
[  212.004828][ T7051] bond1: entered allmulticast mode
[  212.106020][ T7054] batadv1: entered promiscuous mode
[  212.144043][ T7054] batadv1: entered allmulticast mode
[  212.193408][ T7054] 8021q: adding VLAN 0 to HW filter on device batadv1
[  212.266578][ T7054] bond1: (slave batadv1): making interface the new active one
[  212.330360][ T7054] bond1: (slave batadv1): Enslaving as an active interface with an up link
[  213.689622][ T7077] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma?
[  216.135823][ T7120] fuse: Bad value for 'fd'
[  216.506073][ T7110] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  216.512228][ T7110] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  216.518335][ T7110] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  216.524390][ T7110] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  216.530591][ T7110] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  216.537475][ T7110] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  216.869807][ T7143] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  218.048292][ T5853] Bluetooth: hci0: command 0x0c1a tx timeout
[  218.608511][ T5141] Bluetooth: hci5: command 0x0c1a tx timeout
[  218.608903][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout
[  218.614705][ T5141] Bluetooth: hci3: command 0x0c1a tx timeout
[  218.621173][   T55] Bluetooth: hci1: command 0x0c1a tx timeout
[  218.628159][ T5853] Bluetooth: hci4: command 0x0406 tx timeout
[  222.110056][ T7178] tmpfs: Unknown parameter 'grpqu"RÝ÷‘ota_block_hardl'
[  222.191351][ T7179] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma?
[  223.542929][ T7190] netlink: 'syz.2.367': attribute type 1 has an invalid length.
[  223.551044][ T7190] netlink: 224 bytes leftover after parsing attributes in process `syz.2.367'.
[  225.208341][ T2147] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  225.245828][ T7212] loop1: detected capacity change from 0 to 128
[  225.300576][   T30] audit: type=1800 audit(1742645450.395:6): pid=7212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.373" name="bus" dev="loop1" ino=118 res=0 errno=0
[  225.391714][ T2147] usb 3-1: device descriptor read/64, error -71
[  225.649420][ T2147] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  225.879150][ T2147] usb 3-1: device descriptor read/64, error -71
[  226.054121][ T2147] usb usb3-port1: attempt power cycle
[  226.498325][ T2147] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  226.558767][ T2147] usb 3-1: device descriptor read/8, error -71
[  227.143687][ T2147] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  227.169642][ T2147] usb 3-1: device descriptor read/8, error -71
[  228.370888][ T2147] usb usb3-port1: unable to enumerate USB device
[  229.007280][ T7246] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma?
[  234.300034][ T5141] Bluetooth: hci4: command 0x0406 tx timeout
[  238.641379][ T7315] netlink: 'syz.0.404': attribute type 1 has an invalid length.
[  238.668709][ T7315] netlink: 224 bytes leftover after parsing attributes in process `syz.0.404'.
[  239.207640][ T7326] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  240.879889][ T7335] set match dimension is over the limit!
[  241.970943][ T7343] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  242.175908][ T7343] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  242.663588][ T7359] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  246.187804][ T7378] loop4: detected capacity change from 0 to 128
[  246.491010][   T30] audit: type=1800 audit(1742645471.585:7): pid=7378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.423" name="bus" dev="loop4" ino=119 res=0 errno=0
[  247.957683][ T7398] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma?
[  248.503793][ T7408] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  249.596751][ T7415] netlink: 'syz.2.432': attribute type 1 has an invalid length.
[  249.629827][ T7415] netlink: 224 bytes leftover after parsing attributes in process `syz.2.432'.
[  251.047251][ T7418] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  251.055705][ T7418] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  251.062806][ T7418] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  251.069291][ T7418] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  251.075348][ T7418] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  251.081499][ T7418] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  251.386472][ T7427] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  251.738327][ T5853] Bluetooth: hci0: command 0x0c1a tx timeout
[  253.093413][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout
[  253.099682][ T5853] Bluetooth: hci4: command 0x0406 tx timeout
[  253.105870][ T5853] Bluetooth: hci5: command 0x0c1a tx timeout
[  253.112914][ T5853] Bluetooth: hci2: command 0x0c1a tx timeout
[  253.119564][ T5853] Bluetooth: hci3: command 0x0c1a tx timeout
[  254.771095][ T7462] loop2: detected capacity change from 0 to 128
[  255.113877][   T30] audit: type=1800 audit(1742645480.195:8): pid=7462 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.442" name="bus" dev="loop2" ino=120 res=0 errno=0
[  255.568305][ T5853] Bluetooth: hci4: command 0x0406 tx timeout
[  255.689793][ T7468] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  256.535086][ T7485] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma?
[  256.561276][ T7484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.450'.
[  259.602135][ T7502] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  260.429015][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  260.948893][ T7516] loop3: detected capacity change from 0 to 128
[  261.311333][   T30] audit: type=1800 audit(1742645486.405:9): pid=7516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.459" name="bus" dev="loop3" ino=121 res=0 errno=0
[  261.742010][ T7531] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  262.541332][ T7534] netlink: 4 bytes leftover after parsing attributes in process `syz.2.464'.
[  267.073834][ T7571] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  267.083882][ T7571] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  267.989090][ T7573] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  270.059781][ T7583] netlink: 4 bytes leftover after parsing attributes in process `syz.4.480'.
[  270.073876][ T7592] loop3: detected capacity change from 0 to 128
[  270.215362][   T30] audit: type=1800 audit(1742645495.305:10): pid=7592 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.482" name="bus" dev="loop3" ino=122 res=0 errno=0
[  271.062066][ T7609] serio: Serial port ptm0
[  272.679475][ T7625] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  272.689577][ T7625] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  273.862991][ T7637] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  278.069152][ T7652] netlink: 4 bytes leftover after parsing attributes in process `syz.4.498'.
[  278.760211][ T7654] netlink: 'syz.2.499': attribute type 1 has an invalid length.
[  278.798287][ T7654] netlink: 224 bytes leftover after parsing attributes in process `syz.2.499'.
[  280.545846][ T7679] serio: Serial port ptm0
[  281.392853][ T7685] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  281.401809][ T7685] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  283.025766][ T7702] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  283.308964][ T7703] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  284.014590][ T7705] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  284.028125][ T7705] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  284.113268][ T7715] netlink: 4 bytes leftover after parsing attributes in process `syz.0.513'.
[  287.852357][ T7726] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  287.858615][ T7726] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  287.866341][ T7726] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  287.872728][ T7726] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  287.878920][ T7726] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  287.884976][ T7726] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  289.098335][ T5853] Bluetooth: hci0: command 0x0c1a tx timeout
[  290.108674][ T5141] Bluetooth: hci3: command 0x0c1a tx timeout
[  290.114994][ T5141] Bluetooth: hci1: command 0x0c1a tx timeout
[  290.121513][ T5141] Bluetooth: hci4: command 0x0406 tx timeout
[  290.127800][ T5141] Bluetooth: hci5: command 0x0c1a tx timeout
[  290.136348][ T5141] Bluetooth: hci2: command 0x0c1a tx timeout
[  290.945184][ T7768] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  294.829086][ T7806] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  299.655530][ T7867] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  299.898361][ T7866] serio: Serial port ptm1
[  300.720039][ T7878] netlink: 'syz.0.560': attribute type 1 has an invalid length.
[  300.748342][ T7878] netlink: 224 bytes leftover after parsing attributes in process `syz.0.560'.
[  301.854661][ T7880] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  301.861677][ T7880] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  301.867796][ T7880] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  301.873920][ T7880] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  301.880019][ T7880] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  301.886087][ T7880] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  303.057796][ T5141] Bluetooth: hci0: command 0x0c1a tx timeout
[  303.908340][ T5141] Bluetooth: hci4: command 0x0406 tx timeout
[  303.914481][ T5853] Bluetooth: hci5: command 0x0c1a tx timeout
[  303.920610][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout
[  303.926711][   T55] Bluetooth: hci3: command 0x0c1a tx timeout
[  303.932842][ T5846] Bluetooth: hci1: command 0x0c1a tx timeout
[  306.056528][ T7922] serio: Serial port ptm0
[  307.404737][ T7925] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  308.891587][ T7933] libceph: resolve '0.0' (ret=-3): failed
[  308.999204][   T53] ==================================================================
[  309.007317][   T53] BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x443/0x5a0
[  309.014994][   T53] Read of size 4 at addr ffff888023369f38 by task kworker/u8:3/53
[  309.022819][   T53] 
[  309.025155][   T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.14.0-rc7-syzkaller-00196-g88d324e69ea9 #0
[  309.025196][   T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  309.025220][   T53] Workqueue: events_unbound netfs_write_collection_worker
[  309.025283][   T53] Call Trace:
[  309.025294][   T53]  <TASK>
[  309.025307][   T53]  dump_stack_lvl+0x116/0x1f0
[  309.025370][   T53]  print_report+0xc3/0x670
[  309.025403][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.025467][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.025526][   T53]  ? __phys_addr+0xc6/0x150
[  309.025565][   T53]  kasan_report+0xd9/0x110
[  309.025597][   T53]  ? iov_iter_revert+0x443/0x5a0
[  309.025639][   T53]  ? iov_iter_revert+0x443/0x5a0
[  309.025683][   T53]  iov_iter_revert+0x443/0x5a0
[  309.025725][   T53]  netfs_retry_writes+0x163d/0x1a00
[  309.025786][   T53]  ? __pfx___lock_acquire+0x10/0x10
[  309.025842][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.025902][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.025964][   T53]  ? __pfx_netfs_retry_writes+0x10/0x10
[  309.026029][   T53]  ? __pfx_lock_release+0x10/0x10
[  309.026080][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.026139][   T53]  ? rcu_is_watching+0x12/0xc0
[  309.026180][   T53]  netfs_write_collection_worker+0x23de/0x37d0
[  309.026259][   T53]  process_one_work+0x9c8/0x1ba0
[  309.026317][   T53]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  309.026381][   T53]  ? __pfx_process_one_work+0x10/0x10
[  309.026432][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.026498][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.026557][   T53]  ? assign_work+0x1a0/0x250
[  309.026604][   T53]  worker_thread+0x6c8/0xf00
[  309.026659][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.026717][   T53]  ? __kthread_parkme+0x148/0x220
[  309.026752][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  309.026811][   T53]  ? __pfx_worker_thread+0x10/0x10
[  309.026861][   T53]  kthread+0x3b2/0x750
[  309.026905][   T53]  ? __pfx_kthread+0x10/0x10
[  309.026949][   T53]  ? lock_acquire+0x2f/0xb0
[  309.027003][   T53]  ? __pfx_kthread+0x10/0x10
[  309.027048][   T53]  ret_from_fork+0x48/0x80
[  309.027097][   T53]  ? __pfx_kthread+0x10/0x10
[  309.027142][   T53]  ret_from_fork_asm+0x1a/0x30
[  309.027193][   T53]  </TASK>
[  309.027205][   T53] 
[  309.248638][   T53] Allocated by task 7915:
[  309.252967][   T53]  kasan_save_stack+0x33/0x60
[  309.257675][   T53]  kasan_save_track+0x14/0x30
[  309.262382][   T53]  __kasan_kmalloc+0xaa/0xb0
[  309.267001][   T53]  __kmalloc_noprof+0x21c/0x510
[  309.271878][   T53]  lsm_blob_alloc+0x68/0x90
[  309.276413][   T53]  security_sk_alloc+0x30/0x270
[  309.281276][   T53]  sk_prot_alloc+0xfb/0x2a0
[  309.285798][   T53]  sk_alloc+0x36/0xc20
[  309.289894][   T53]  unix_create1+0xa6/0x6c0
[  309.294346][   T53]  unix_create+0x10e/0x1d0
[  309.298793][   T53]  __sock_create+0x338/0x8d0
[  309.303401][   T53]  __sys_socketpair+0x25d/0x5a0
[  309.308272][   T53]  __x64_sys_socketpair+0x96/0x100
[  309.313411][   T53]  do_syscall_64+0xcd/0x250
[  309.317942][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.323864][   T53] 
[  309.326185][   T53] Freed by task 7921:
[  309.330160][   T53]  kasan_save_stack+0x33/0x60
[  309.334863][   T53]  kasan_save_track+0x14/0x30
[  309.339569][   T53]  kasan_save_free_info+0x3b/0x60
[  309.344615][   T53]  __kasan_slab_free+0x51/0x70
[  309.349410][   T53]  kfree+0x2c4/0x4d0
[  309.353327][   T53]  security_sk_free+0x9d/0x1a0
[  309.358109][   T53]  __sk_destruct+0x44d/0x6f0
[  309.362750][   T53]  sk_destruct+0xc2/0xf0
[  309.367019][   T53]  __sk_free+0xf4/0x3e0
[  309.371201][   T53]  sock_wfree+0x276/0x880
[  309.375557][   T53]  unix_destruct_scm+0x138/0x190
[  309.380525][   T53]  skb_release_head_state+0xa6/0x290
[  309.385818][   T53]  sk_skb_reason_drop+0xeb/0x1a0
[  309.390768][   T53]  unix_release_sock+0x789/0x1210
[  309.395807][   T53]  unix_release+0x91/0xf0
[  309.400145][   T53]  __sock_release+0xb3/0x270
[  309.404744][   T53]  sock_close+0x1c/0x30
[  309.408910][   T53]  __fput+0x402/0xb70
[  309.412932][   T53]  task_work_run+0x151/0x250
[  309.417563][   T53]  get_signal+0x1d3/0x26c0
[  309.422019][   T53]  arch_do_signal_or_restart+0x90/0x7e0
[  309.427588][   T53]  syscall_exit_to_user_mode+0x150/0x2a0
[  309.433252][   T53]  do_syscall_64+0xda/0x250
[  309.437808][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.443733][   T53] 
[  309.446054][   T53] The buggy address belongs to the object at ffff888023369f20
[  309.446054][   T53]  which belongs to the cache kmalloc-16 of size 16
[  309.459943][   T53] The buggy address is located 8 bytes to the right of
[  309.459943][   T53]  allocated 16-byte region [ffff888023369f20, ffff888023369f30)
[  309.474360][   T53] 
[  309.476693][   T53] The buggy address belongs to the physical page:
[  309.483103][   T53] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888023369080 pfn:0x23369
[  309.493174][   T53] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  309.500287][   T53] page_type: f5(slab)
[  309.504279][   T53] raw: 00fff00000000000 ffff88801b041640 dead000000000100 dead000000000122
[  309.512878][   T53] raw: ffff888023369080 0000000080800079 00000000f5000000 0000000000000000
[  309.521468][   T53] page dumped because: kasan: bad access detected
[  309.527876][   T53] page_owner tracks the page as allocated
[  309.533589][   T53] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5837, tgid 5837 (syz-executor), ts 242189329938, free_ts 242098253989
[  309.553326][   T53]  post_alloc_hook+0x181/0x1b0
[  309.558118][   T53]  get_page_from_freelist+0xfce/0x2f80
[  309.563612][   T53]  __alloc_frozen_pages_noprof+0x221/0x2470
[  309.569544][   T53]  new_slab+0x94/0x330
[  309.573637][   T53]  ___slab_alloc+0xc5d/0x1720
[  309.578337][   T53]  __slab_alloc.constprop.0+0x56/0xb0
[  309.583732][   T53]  __kmalloc_node_noprof+0x2f0/0x510
[  309.589046][   T53]  __kvmalloc_node_noprof+0xad/0x1a0
[  309.594357][   T53]  xt_replace_table+0x1e3/0x940
[  309.599219][   T53]  __do_replace+0x1d3/0x9e0
[  309.603750][   T53]  do_ip6t_set_ctl+0x965/0xbf0
[  309.608547][   T53]  nf_setsockopt+0x8d/0xf0
[  309.612991][   T53]  ipv6_setsockopt+0x135/0x170
[  309.617780][   T53]  tcp_setsockopt+0xa7/0x100
[  309.622395][   T53]  do_sock_setsockopt+0x225/0x480
[  309.627438][   T53]  __sys_setsockopt+0x1a0/0x230
[  309.632322][   T53] page last free pid 7346 tgid 7337 stack trace:
[  309.638647][   T53]  free_frozen_pages+0x6db/0xfb0
[  309.643613][   T53]  tlb_finish_mmu+0x237/0x7b0
[  309.648324][   T53]  exit_mmap+0x40e/0xba0
[  309.652589][   T53]  __mmput+0x12a/0x410
[  309.656687][   T53]  mmput+0x62/0x70
[  309.660436][   T53]  do_exit+0x9ba/0x2db0
[  309.664605][   T53]  do_group_exit+0xd3/0x2a0
[  309.669208][   T53]  get_signal+0x24ed/0x26c0
[  309.673740][   T53]  arch_do_signal_or_restart+0x90/0x7e0
[  309.679301][   T53]  syscall_exit_to_user_mode+0x150/0x2a0
[  309.684967][   T53]  do_syscall_64+0xda/0x250
[  309.689503][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.695423][   T53] 
[  309.697743][   T53] Memory state around the buggy address:
[  309.703373][   T53]  ffff888023369e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  309.711441][   T53]  ffff888023369e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  309.719509][   T53] >ffff888023369f00: fa fb fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[  309.727573][   T53]                                         ^
[  309.733469][   T53]  ffff888023369f80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  309.741535][   T53]  ffff88802336a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  309.749596][   T53] ==================================================================
[  309.999769][   T53] Disabling lock debugging due to kernel taint
[  310.006005][   T53] ==================================================================
[  310.014060][   T53] BUG: KASAN: slab-use-after-free in iov_iter_revert+0x521/0x5a0
[  310.021788][   T53] Read of size 4 at addr ffff888023369f28 by task kworker/u8:3/53
[  310.029598][   T53] 
[  310.031927][   T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Tainted: G    B              6.14.0-rc7-syzkaller-00196-g88d324e69ea9 #0
[  310.031965][   T53] Tainted: [B]=BAD_PAGE
[  310.031974][   T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  310.031992][   T53] Workqueue: events_unbound netfs_write_collection_worker
[  310.032038][   T53] Call Trace:
[  310.032046][   T53]  <TASK>
[  310.032056][   T53]  dump_stack_lvl+0x116/0x1f0
[  310.032098][   T53]  print_report+0xc3/0x670
[  310.032121][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.032166][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.032210][   T53]  ? __phys_addr+0xc6/0x150
[  310.032239][   T53]  kasan_report+0xd9/0x110
[  310.032263][   T53]  ? iov_iter_revert+0x521/0x5a0
[  310.032293][   T53]  ? iov_iter_revert+0x521/0x5a0
[  310.032326][   T53]  iov_iter_revert+0x521/0x5a0
[  310.032358][   T53]  netfs_retry_writes+0x163d/0x1a00
[  310.032403][   T53]  ? __pfx___lock_acquire+0x10/0x10
[  310.032445][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.032489][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.032535][   T53]  ? __pfx_netfs_retry_writes+0x10/0x10
[  310.032587][   T53]  ? __pfx_lock_release+0x10/0x10
[  310.032625][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.032668][   T53]  ? rcu_is_watching+0x12/0xc0
[  310.032699][   T53]  netfs_write_collection_worker+0x23de/0x37d0
[  310.032758][   T53]  process_one_work+0x9c8/0x1ba0
[  310.032800][   T53]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  310.032844][   T53]  ? __pfx_process_one_work+0x10/0x10
[  310.032882][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.032929][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.032973][   T53]  ? assign_work+0x1a0/0x250
[  310.033008][   T53]  worker_thread+0x6c8/0xf00
[  310.033049][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.033093][   T53]  ? __kthread_parkme+0x148/0x220
[  310.033120][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.033164][   T53]  ? __pfx_worker_thread+0x10/0x10
[  310.033202][   T53]  kthread+0x3b2/0x750
[  310.033235][   T53]  ? __pfx_kthread+0x10/0x10
[  310.033268][   T53]  ? lock_acquire+0x2f/0xb0
[  310.033308][   T53]  ? __pfx_kthread+0x10/0x10
[  310.033342][   T53]  ret_from_fork+0x48/0x80
[  310.033378][   T53]  ? __pfx_kthread+0x10/0x10
[  310.033412][   T53]  ret_from_fork_asm+0x1a/0x30
[  310.033450][   T53]  </TASK>
[  310.033458][   T53] 
[  310.260382][   T53] Allocated by task 7915:
[  310.264704][   T53]  kasan_save_stack+0x33/0x60
[  310.269401][   T53]  kasan_save_track+0x14/0x30
[  310.274105][   T53]  __kasan_kmalloc+0xaa/0xb0
[  310.278709][   T53]  __kmalloc_noprof+0x21c/0x510
[  310.283577][   T53]  lsm_blob_alloc+0x68/0x90
[  310.288100][   T53]  security_sk_alloc+0x30/0x270
[  310.292957][   T53]  sk_prot_alloc+0xfb/0x2a0
[  310.297467][   T53]  sk_alloc+0x36/0xc20
[  310.301576][   T53]  unix_create1+0xa6/0x6c0
[  310.306011][   T53]  unix_create+0x10e/0x1d0
[  310.310446][   T53]  __sock_create+0x338/0x8d0
[  310.315045][   T53]  __sys_socketpair+0x25d/0x5a0
[  310.319908][   T53]  __x64_sys_socketpair+0x96/0x100
[  310.325033][   T53]  do_syscall_64+0xcd/0x250
[  310.329575][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.335485][   T53] 
[  310.337803][   T53] Freed by task 7921:
[  310.341774][   T53]  kasan_save_stack+0x33/0x60
[  310.346467][   T53]  kasan_save_track+0x14/0x30
[  310.351199][   T53]  kasan_save_free_info+0x3b/0x60
[  310.356231][   T53]  __kasan_slab_free+0x51/0x70
[  310.361049][   T53]  kfree+0x2c4/0x4d0
[  310.364973][   T53]  security_sk_free+0x9d/0x1a0
[  310.369742][   T53]  __sk_destruct+0x44d/0x6f0
[  310.374351][   T53]  sk_destruct+0xc2/0xf0
[  310.378612][   T53]  __sk_free+0xf4/0x3e0
[  310.382784][   T53]  sock_wfree+0x276/0x880
[  310.387129][   T53]  unix_destruct_scm+0x138/0x190
[  310.392084][   T53]  skb_release_head_state+0xa6/0x290
[  310.397372][   T53]  sk_skb_reason_drop+0xeb/0x1a0
[  310.402332][   T53]  unix_release_sock+0x789/0x1210
[  310.407384][   T53]  unix_release+0x91/0xf0
[  310.411714][   T53]  __sock_release+0xb3/0x270
[  310.416308][   T53]  sock_close+0x1c/0x30
[  310.420475][   T53]  __fput+0x402/0xb70
[  310.424457][   T53]  task_work_run+0x151/0x250
[  310.429082][   T53]  get_signal+0x1d3/0x26c0
[  310.433514][   T53]  arch_do_signal_or_restart+0x90/0x7e0
[  310.439072][   T53]  syscall_exit_to_user_mode+0x150/0x2a0
[  310.444744][   T53]  do_syscall_64+0xda/0x250
[  310.449266][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.455177][   T53] 
[  310.457497][   T53] The buggy address belongs to the object at ffff888023369f20
[  310.457497][   T53]  which belongs to the cache kmalloc-16 of size 16
[  310.471378][   T53] The buggy address is located 8 bytes inside of
[  310.471378][   T53]  freed 16-byte region [ffff888023369f20, ffff888023369f30)
[  310.484957][   T53] 
[  310.487273][   T53] The buggy address belongs to the physical page:
[  310.493672][   T53] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888023369080 pfn:0x23369
[  310.503737][   T53] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  310.510844][   T53] page_type: f5(slab)
[  310.514825][   T53] raw: 00fff00000000000 ffff88801b041640 dead000000000100 dead000000000122
[  310.523409][   T53] raw: ffff888023369080 0000000080800079 00000000f5000000 0000000000000000
[  310.531987][   T53] page dumped because: kasan: bad access detected
[  310.538396][   T53] page_owner tracks the page as allocated
[  310.544111][   T53] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5837, tgid 5837 (syz-executor), ts 242189329938, free_ts 242098253989
[  310.563831][   T53]  post_alloc_hook+0x181/0x1b0
[  310.568614][   T53]  get_page_from_freelist+0xfce/0x2f80
[  310.574092][   T53]  __alloc_frozen_pages_noprof+0x221/0x2470
[  310.580006][   T53]  new_slab+0x94/0x330
[  310.584093][   T53]  ___slab_alloc+0xc5d/0x1720
[  310.588793][   T53]  __slab_alloc.constprop.0+0x56/0xb0
[  310.594179][   T53]  __kmalloc_node_noprof+0x2f0/0x510
[  310.599484][   T53]  __kvmalloc_node_noprof+0xad/0x1a0
[  310.604781][   T53]  xt_replace_table+0x1e3/0x940
[  310.609635][   T53]  __do_replace+0x1d3/0x9e0
[  310.614155][   T53]  do_ip6t_set_ctl+0x965/0xbf0
[  310.618937][   T53]  nf_setsockopt+0x8d/0xf0
[  310.623370][   T53]  ipv6_setsockopt+0x135/0x170
[  310.628150][   T53]  tcp_setsockopt+0xa7/0x100
[  310.632767][   T53]  do_sock_setsockopt+0x225/0x480
[  310.637798][   T53]  __sys_setsockopt+0x1a0/0x230
[  310.642667][   T53] page last free pid 7346 tgid 7337 stack trace:
[  310.648986][   T53]  free_frozen_pages+0x6db/0xfb0
[  310.653938][   T53]  tlb_finish_mmu+0x237/0x7b0
[  310.658652][   T53]  exit_mmap+0x40e/0xba0
[  310.662907][   T53]  __mmput+0x12a/0x410
[  310.666994][   T53]  mmput+0x62/0x70
[  310.670732][   T53]  do_exit+0x9ba/0x2db0
[  310.674888][   T53]  do_group_exit+0xd3/0x2a0
[  310.679394][   T53]  get_signal+0x24ed/0x26c0
[  310.683911][   T53]  arch_do_signal_or_restart+0x90/0x7e0
[  310.689460][   T53]  syscall_exit_to_user_mode+0x150/0x2a0
[  310.695108][   T53]  do_syscall_64+0xda/0x250
[  310.699628][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.705557][   T53] 
[  310.707867][   T53] Memory state around the buggy address:
[  310.713491][   T53]  ffff888023369e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  310.721549][   T53]  ffff888023369e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  310.729797][   T53] >ffff888023369f00: fa fb fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[  310.737846][   T53]                                   ^
[  310.743215][   T53]  ffff888023369f80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  310.751283][   T53]  ffff88802336a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  310.759343][   T53] ==================================================================
[  310.791955][   T53] ==================================================================
[  310.800057][   T53] BUG: KASAN: slab-use-after-free in iov_iter_advance+0x652/0x6c0
[  310.807898][   T53] Read of size 4 at addr ffff888023369f28 by task kworker/u8:3/53
[  310.815725][   T53] 
[  310.818055][   T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Tainted: G    B              6.14.0-rc7-syzkaller-00196-g88d324e69ea9 #0
[  310.818102][   T53] Tainted: [B]=BAD_PAGE
[  310.818113][   T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  310.818136][   T53] Workqueue: events_unbound netfs_write_collection_worker
[  310.818194][   T53] Call Trace:
[  310.818205][   T53]  <TASK>
[  310.818217][   T53]  dump_stack_lvl+0x116/0x1f0
[  310.818269][   T53]  print_report+0xc3/0x670
[  310.818298][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.818353][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.818407][   T53]  ? __phys_addr+0xc6/0x150
[  310.818443][   T53]  kasan_report+0xd9/0x110
[  310.818472][   T53]  ? iov_iter_advance+0x652/0x6c0
[  310.818509][   T53]  ? iov_iter_advance+0x652/0x6c0
[  310.818549][   T53]  iov_iter_advance+0x652/0x6c0
[  310.818594][   T53]  netfs_reissue_write+0x13d/0x240
[  310.818648][   T53]  netfs_retry_writes+0x165a/0x1a00
[  310.818704][   T53]  ? __pfx___lock_acquire+0x10/0x10
[  310.818754][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.818809][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.818865][   T53]  ? __pfx_netfs_retry_writes+0x10/0x10
[  310.818924][   T53]  ? __pfx_lock_release+0x10/0x10
[  310.818971][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.819025][   T53]  ? rcu_is_watching+0x12/0xc0
[  310.819063][   T53]  netfs_write_collection_worker+0x23de/0x37d0
[  310.819134][   T53]  process_one_work+0x9c8/0x1ba0
[  310.819186][   T53]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  310.819240][   T53]  ? __pfx_process_one_work+0x10/0x10
[  310.819286][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.819344][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.819397][   T53]  ? assign_work+0x1a0/0x250
[  310.819441][   T53]  worker_thread+0x6c8/0xf00
[  310.819491][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.819544][   T53]  ? __kthread_parkme+0x148/0x220
[  310.819580][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  310.819634][   T53]  ? __pfx_worker_thread+0x10/0x10
[  310.819680][   T53]  kthread+0x3b2/0x750
[  310.819720][   T53]  ? __pfx_kthread+0x10/0x10
[  310.819760][   T53]  ? lock_acquire+0x2f/0xb0
[  310.819810][   T53]  ? __pfx_kthread+0x10/0x10
[  310.819850][   T53]  ret_from_fork+0x48/0x80
[  310.819895][   T53]  ? __pfx_kthread+0x10/0x10
[  310.819936][   T53]  ret_from_fork_asm+0x1a/0x30
[  310.819982][   T53]  </TASK>
[  310.819993][   T53] 
[  311.052502][   T53] Allocated by task 7915:
[  311.056835][   T53]  kasan_save_stack+0x33/0x60
[  311.061550][   T53]  kasan_save_track+0x14/0x30
[  311.066256][   T53]  __kasan_kmalloc+0xaa/0xb0
[  311.070876][   T53]  __kmalloc_noprof+0x21c/0x510
[  311.075763][   T53]  lsm_blob_alloc+0x68/0x90
[  311.080305][   T53]  security_sk_alloc+0x30/0x270
[  311.085176][   T53]  sk_prot_alloc+0xfb/0x2a0
[  311.089703][   T53]  sk_alloc+0x36/0xc20
[  311.093799][   T53]  unix_create1+0xa6/0x6c0
[  311.098245][   T53]  unix_create+0x10e/0x1d0
[  311.102700][   T53]  __sock_create+0x338/0x8d0
[  311.107317][   T53]  __sys_socketpair+0x25d/0x5a0
[  311.112188][   T53]  __x64_sys_socketpair+0x96/0x100
[  311.117324][   T53]  do_syscall_64+0xcd/0x250
[  311.121855][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.127773][   T53] 
[  311.130094][   T53] Freed by task 7921:
[  311.134069][   T53]  kasan_save_stack+0x33/0x60
[  311.138775][   T53]  kasan_save_track+0x14/0x30
[  311.143486][   T53]  kasan_save_free_info+0x3b/0x60
[  311.148530][   T53]  __kasan_slab_free+0x51/0x70
[  311.153332][   T53]  kfree+0x2c4/0x4d0
[  311.157247][   T53]  security_sk_free+0x9d/0x1a0
[  311.162025][   T53]  __sk_destruct+0x44d/0x6f0
[  311.166639][   T53]  sk_destruct+0xc2/0xf0
[  311.170908][   T53]  __sk_free+0xf4/0x3e0
[  311.175088][   T53]  sock_wfree+0x276/0x880
[  311.179444][   T53]  unix_destruct_scm+0x138/0x190
[  311.184411][   T53]  skb_release_head_state+0xa6/0x290
[  311.189704][   T53]  sk_skb_reason_drop+0xeb/0x1a0
[  311.194652][   T53]  unix_release_sock+0x789/0x1210
[  311.199687][   T53]  unix_release+0x91/0xf0
[  311.204025][   T53]  __sock_release+0xb3/0x270
[  311.208713][   T53]  sock_close+0x1c/0x30
[  311.212877][   T53]  __fput+0x402/0xb70
[  311.216868][   T53]  task_work_run+0x151/0x250
[  311.221506][   T53]  get_signal+0x1d3/0x26c0
[  311.225951][   T53]  arch_do_signal_or_restart+0x90/0x7e0
[  311.231514][   T53]  syscall_exit_to_user_mode+0x150/0x2a0
[  311.237173][   T53]  do_syscall_64+0xda/0x250
[  311.241705][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.247626][   T53] 
[  311.249947][   T53] The buggy address belongs to the object at ffff888023369f20
[  311.249947][   T53]  which belongs to the cache kmalloc-16 of size 16
[  311.263839][   T53] The buggy address is located 8 bytes inside of
[  311.263839][   T53]  freed 16-byte region [ffff888023369f20, ffff888023369f30)
[  311.277385][   T53] 
[  311.279706][   T53] The buggy address belongs to the physical page:
[  311.286109][   T53] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888023369080 pfn:0x23369
[  311.296180][   T53] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  311.303294][   T53] page_type: f5(slab)
[  311.307288][   T53] raw: 00fff00000000000 ffff88801b041640 dead000000000100 dead000000000122
[  311.315890][   T53] raw: ffff888023369080 0000000080800079 00000000f5000000 0000000000000000
[  311.324473][   T53] page dumped because: kasan: bad access detected
[  311.330882][   T53] page_owner tracks the page as allocated
[  311.336591][   T53] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5837, tgid 5837 (syz-executor), ts 242189329938, free_ts 242098253989
[  311.356328][   T53]  post_alloc_hook+0x181/0x1b0
[  311.361127][   T53]  get_page_from_freelist+0xfce/0x2f80
[  311.366623][   T53]  __alloc_frozen_pages_noprof+0x221/0x2470
[  311.372552][   T53]  new_slab+0x94/0x330
[  311.376643][   T53]  ___slab_alloc+0xc5d/0x1720
[  311.381339][   T53]  __slab_alloc.constprop.0+0x56/0xb0
[  311.386733][   T53]  __kmalloc_node_noprof+0x2f0/0x510
[  311.392048][   T53]  __kvmalloc_node_noprof+0xad/0x1a0
[  311.397359][   T53]  xt_replace_table+0x1e3/0x940
[  311.402222][   T53]  __do_replace+0x1d3/0x9e0
[  311.406781][   T53]  do_ip6t_set_ctl+0x965/0xbf0
[  311.411576][   T53]  nf_setsockopt+0x8d/0xf0
[  311.416020][   T53]  ipv6_setsockopt+0x135/0x170
[  311.420836][   T53]  tcp_setsockopt+0xa7/0x100
[  311.425449][   T53]  do_sock_setsockopt+0x225/0x480
[  311.430490][   T53]  __sys_setsockopt+0x1a0/0x230
[  311.435369][   T53] page last free pid 7346 tgid 7337 stack trace:
[  311.441691][   T53]  free_frozen_pages+0x6db/0xfb0
[  311.446654][   T53]  tlb_finish_mmu+0x237/0x7b0
[  311.451363][   T53]  exit_mmap+0x40e/0xba0
[  311.455629][   T53]  __mmput+0x12a/0x410
[  311.459731][   T53]  mmput+0x62/0x70
[  311.463498][   T53]  do_exit+0x9ba/0x2db0
[  311.467670][   T53]  do_group_exit+0xd3/0x2a0
[  311.472186][   T53]  get_signal+0x24ed/0x26c0
[  311.476718][   T53]  arch_do_signal_or_restart+0x90/0x7e0
[  311.482283][   T53]  syscall_exit_to_user_mode+0x150/0x2a0
[  311.487967][   T53]  do_syscall_64+0xda/0x250
[  311.492499][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.498431][   T53] 
[  311.500751][   T53] Memory state around the buggy address:
[  311.506379][   T53]  ffff888023369e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  311.514448][   T53]  ffff888023369e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  311.522519][   T53] >ffff888023369f00: fa fb fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[  311.530667][   T53]                                   ^
[  311.536034][   T53]  ffff888023369f80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  311.544098][   T53]  ffff88802336a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  311.552159][   T53] ==================================================================
[  311.570026][   T53] ==================================================================
[  311.578122][   T53] BUG: KASAN: slab-use-after-free in _copy_from_iter+0x1507/0x1560
[  311.586055][   T53] Read of size 4 at addr ffff888023369f2c by task kworker/u8:3/53
[  311.593878][   T53] 
[  311.596216][   T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Tainted: G    B              6.14.0-rc7-syzkaller-00196-g88d324e69ea9 #0
[  311.596266][   T53] Tainted: [B]=BAD_PAGE
[  311.596278][   T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  311.596302][   T53] Workqueue: events_unbound netfs_write_collection_worker
[  311.596363][   T53] Call Trace:
[  311.596374][   T53]  <TASK>
[  311.596386][   T53]  dump_stack_lvl+0x116/0x1f0
[  311.596442][   T53]  print_report+0xc3/0x670
[  311.596473][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.596533][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.596596][   T53]  ? __phys_addr+0xc6/0x150
[  311.596635][   T53]  kasan_report+0xd9/0x110
[  311.596667][   T53]  ? _copy_from_iter+0x1507/0x1560
[  311.596709][   T53]  ? _copy_from_iter+0x1507/0x1560
[  311.596753][   T53]  _copy_from_iter+0x1507/0x1560
[  311.596795][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.596854][   T53]  ? __virt_addr_valid+0x1a4/0x590
[  311.596892][   T53]  ? __pfx__copy_from_iter+0x10/0x10
[  311.596930][   T53]  ? __virt_addr_valid+0x1a4/0x590
[  311.596969][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.597027][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.597086][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.597145][   T53]  ? __phys_addr_symbol+0x30/0x80
[  311.597180][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.597238][   T53]  ? __check_object_size+0x488/0x710
[  311.597276][   T53]  p9pdu_vwritef+0x2d0/0x1cf0
[  311.597338][   T53]  ? p9pdu_writef+0xc4/0x100
[  311.597396][   T53]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  311.597455][   T53]  ? __pfx_p9_tag_alloc+0x10/0x10
[  311.597503][   T53]  ? finish_task_switch.isra.0+0x212/0xcc0
[  311.597560][   T53]  ? rcu_is_watching+0x12/0xc0
[  311.597605][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.597665][   T53]  ? rcu_is_watching+0x12/0xc0
[  311.597704][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.597767][   T53]  p9_client_prepare_req+0x244/0x4d0
[  311.597820][   T53]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  311.597871][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.597936][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.597996][   T53]  ? __schedule+0xf4b/0x5890
[  311.598047][   T53]  p9_client_rpc+0x1c3/0xc10
[  311.598099][   T53]  ? __pfx_p9_client_rpc+0x10/0x10
[  311.598150][   T53]  ? __pfx___schedule+0x10/0x10
[  311.598199][   T53]  ? __pfx_vprintk_emit+0x10/0x10
[  311.598242][   T53]  ? rcu_is_watching+0x12/0xc0
[  311.598280][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.598340][   T53]  ? trace_irq_enable.constprop.0+0xea/0x140
[  311.598400][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.598466][   T53]  p9_client_write+0x31f/0x680
[  311.598529][   T53]  ? __pfx_p9_client_write+0x10/0x10
[  311.598589][   T53]  ? iov_iter_advance+0x652/0x6c0
[  311.598634][   T53]  v9fs_issue_write+0xe4/0x1b0
[  311.598674][   T53]  ? __pfx_v9fs_issue_write+0x10/0x10
[  311.598712][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.598772][   T53]  ? rcu_is_watching+0x12/0xc0
[  311.598810][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.598873][   T53]  netfs_do_issue_write+0x95/0x110
[  311.598933][   T53]  netfs_retry_writes+0x165a/0x1a00
[  311.598996][   T53]  ? __pfx___lock_acquire+0x10/0x10
[  311.599052][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.599113][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.599174][   T53]  ? __pfx_netfs_retry_writes+0x10/0x10
[  311.599239][   T53]  ? __pfx_lock_release+0x10/0x10
[  311.599290][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.599350][   T53]  ? rcu_is_watching+0x12/0xc0
[  311.599389][   T53]  netfs_write_collection_worker+0x23de/0x37d0
[  311.599467][   T53]  process_one_work+0x9c8/0x1ba0
[  311.599524][   T53]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  311.599586][   T53]  ? __pfx_process_one_work+0x10/0x10
[  311.599635][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.599700][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.599760][   T53]  ? assign_work+0x1a0/0x250
[  311.599808][   T53]  worker_thread+0x6c8/0xf00
[  311.599865][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.599925][   T53]  ? __kthread_parkme+0x148/0x220
[  311.599961][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  311.600023][   T53]  ? __pfx_worker_thread+0x10/0x10
[  311.600074][   T53]  kthread+0x3b2/0x750
[  311.600120][   T53]  ? __pfx_kthread+0x10/0x10
[  311.600164][   T53]  ? lock_acquire+0x2f/0xb0
[  311.600219][   T53]  ? __pfx_kthread+0x10/0x10
[  311.600265][   T53]  ret_from_fork+0x48/0x80
[  311.600316][   T53]  ? __pfx_kthread+0x10/0x10
[  311.600361][   T53]  ret_from_fork_asm+0x1a/0x30
[  311.600412][   T53]  </TASK>
[  311.600425][   T53] 
[  312.042013][   T53] Allocated by task 7915:
[  312.046342][   T53]  kasan_save_stack+0x33/0x60
[  312.051053][   T53]  kasan_save_track+0x14/0x30
[  312.055760][   T53]  __kasan_kmalloc+0xaa/0xb0
[  312.060379][   T53]  __kmalloc_noprof+0x21c/0x510
[  312.065259][   T53]  lsm_blob_alloc+0x68/0x90
[  312.069795][   T53]  security_sk_alloc+0x30/0x270
[  312.074666][   T53]  sk_prot_alloc+0xfb/0x2a0
[  312.079200][   T53]  sk_alloc+0x36/0xc20
[  312.083297][   T53]  unix_create1+0xa6/0x6c0
[  312.087745][   T53]  unix_create+0x10e/0x1d0
[  312.092191][   T53]  __sock_create+0x338/0x8d0
[  312.096801][   T53]  __sys_socketpair+0x25d/0x5a0
[  312.101761][   T53]  __x64_sys_socketpair+0x96/0x100
[  312.106894][   T53]  do_syscall_64+0xcd/0x250
[  312.111427][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.117345][   T53] 
[  312.119664][   T53] Freed by task 7921:
[  312.123641][   T53]  kasan_save_stack+0x33/0x60
[  312.128346][   T53]  kasan_save_track+0x14/0x30
[  312.133047][   T53]  kasan_save_free_info+0x3b/0x60
[  312.138089][   T53]  __kasan_slab_free+0x51/0x70
[  312.142879][   T53]  kfree+0x2c4/0x4d0
[  312.146795][   T53]  security_sk_free+0x9d/0x1a0
[  312.151581][   T53]  __sk_destruct+0x44d/0x6f0
[  312.156197][   T53]  sk_destruct+0xc2/0xf0
[  312.160470][   T53]  __sk_free+0xf4/0x3e0
[  312.164656][   T53]  sock_wfree+0x276/0x880
[  312.169018][   T53]  unix_destruct_scm+0x138/0x190
[  312.173986][   T53]  skb_release_head_state+0xa6/0x290
[  312.179285][   T53]  sk_skb_reason_drop+0xeb/0x1a0
[  312.184237][   T53]  unix_release_sock+0x789/0x1210
[  312.189272][   T53]  unix_release+0x91/0xf0
[  312.193610][   T53]  __sock_release+0xb3/0x270
[  312.198210][   T53]  sock_close+0x1c/0x30
[  312.202377][   T53]  __fput+0x402/0xb70
[  312.206368][   T53]  task_work_run+0x151/0x250
[  312.210981][   T53]  get_signal+0x1d3/0x26c0
[  312.215429][   T53]  arch_do_signal_or_restart+0x90/0x7e0
[  312.220991][   T53]  syscall_exit_to_user_mode+0x150/0x2a0
[  312.226654][   T53]  do_syscall_64+0xda/0x250
[  312.231184][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.237103][   T53] 
[  312.239423][   T53] The buggy address belongs to the object at ffff888023369f20
[  312.239423][   T53]  which belongs to the cache kmalloc-16 of size 16
[  312.253307][   T53] The buggy address is located 12 bytes inside of
[  312.253307][   T53]  freed 16-byte region [ffff888023369f20, ffff888023369f30)
[  312.266939][   T53] 
[  312.269259][   T53] The buggy address belongs to the physical page:
[  312.275664][   T53] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23369
[  312.284434][   T53] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  312.291551][   T53] page_type: f5(slab)
[  312.295545][   T53] raw: 00fff00000000000 ffff88801b041640 dead000000000100 dead000000000122
[  312.304140][   T53] raw: 0000000000000000 0000000000800080 00000000f5000000 0000000000000000
[  312.312723][   T53] page dumped because: kasan: bad access detected
[  312.319130][   T53] page_owner tracks the page as allocated
[  312.324838][   T53] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5837, tgid 5837 (syz-executor), ts 242189329938, free_ts 242098253989
[  312.344573][   T53]  post_alloc_hook+0x181/0x1b0
[  312.349366][   T53]  get_page_from_freelist+0xfce/0x2f80
[  312.354853][   T53]  __alloc_frozen_pages_noprof+0x221/0x2470
[  312.360776][   T53]  new_slab+0x94/0x330
[  312.364864][   T53]  ___slab_alloc+0xc5d/0x1720
[  312.369566][   T53]  __slab_alloc.constprop.0+0x56/0xb0
[  312.374961][   T53]  __kmalloc_node_noprof+0x2f0/0x510
[  312.380287][   T53]  __kvmalloc_node_noprof+0xad/0x1a0
[  312.385600][   T53]  xt_replace_table+0x1e3/0x940
[  312.390466][   T53]  __do_replace+0x1d3/0x9e0
[  312.394998][   T53]  do_ip6t_set_ctl+0x965/0xbf0
[  312.399791][   T53]  nf_setsockopt+0x8d/0xf0
[  312.404232][   T53]  ipv6_setsockopt+0x135/0x170
[  312.409021][   T53]  tcp_setsockopt+0xa7/0x100
[  312.413630][   T53]  do_sock_setsockopt+0x225/0x480
[  312.418673][   T53]  __sys_setsockopt+0x1a0/0x230
[  312.423560][   T53] page last free pid 7346 tgid 7337 stack trace:
[  312.429887][   T53]  free_frozen_pages+0x6db/0xfb0
[  312.434854][   T53]  tlb_finish_mmu+0x237/0x7b0
[  312.439559][   T53]  exit_mmap+0x40e/0xba0
[  312.443825][   T53]  __mmput+0x12a/0x410
[  312.447920][   T53]  mmput+0x62/0x70
[  312.451669][   T53]  do_exit+0x9ba/0x2db0
[  312.455839][   T53]  do_group_exit+0xd3/0x2a0
[  312.460355][   T53]  get_signal+0x24ed/0x26c0
[  312.464888][   T53]  arch_do_signal_or_restart+0x90/0x7e0
[  312.470452][   T53]  syscall_exit_to_user_mode+0x150/0x2a0
[  312.476111][   T53]  do_syscall_64+0xda/0x250
[  312.480644][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.486570][   T53] 
[  312.488899][   T53] Memory state around the buggy address:
[  312.494530][   T53]  ffff888023369e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  312.502599][   T53]  ffff888023369e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  312.510666][   T53] >ffff888023369f00: fa fb fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[  312.518728][   T53]                                   ^
[  312.524097][   T53]  ffff888023369f80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  312.532162][   T53]  ffff88802336a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  312.540222][   T53] ==================================================================
[  312.609930][   T53] ==================================================================
[  312.618038][   T53] BUG: KASAN: slab-use-after-free in _copy_from_iter+0x14a2/0x1560
[  312.625972][   T53] Read of size 8 at addr ffff888023369f20 by task kworker/u8:3/53
[  312.633797][   T53] 
[  312.636135][   T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Tainted: G    B              6.14.0-rc7-syzkaller-00196-g88d324e69ea9 #0
[  312.636188][   T53] Tainted: [B]=BAD_PAGE
[  312.636201][   T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  312.636225][   T53] Workqueue: events_unbound netfs_write_collection_worker
[  312.636288][   T53] Call Trace:
[  312.636299][   T53]  <TASK>
[  312.636317][   T53]  dump_stack_lvl+0x116/0x1f0
[  312.636374][   T53]  print_report+0xc3/0x670
[  312.636407][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.636468][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.636528][   T53]  ? __phys_addr+0xc6/0x150
[  312.636568][   T53]  kasan_report+0xd9/0x110
[  312.636601][   T53]  ? _copy_from_iter+0x14a2/0x1560
[  312.636644][   T53]  ? _copy_from_iter+0x14a2/0x1560
[  312.636689][   T53]  _copy_from_iter+0x14a2/0x1560
[  312.636732][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.636792][   T53]  ? __virt_addr_valid+0x1a4/0x590
[  312.636830][   T53]  ? __pfx__copy_from_iter+0x10/0x10
[  312.636870][   T53]  ? __virt_addr_valid+0x1a4/0x590
[  312.636910][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.636970][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.637031][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.637090][   T53]  ? __phys_addr_symbol+0x30/0x80
[  312.637127][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.637186][   T53]  ? __check_object_size+0x488/0x710
[  312.637226][   T53]  p9pdu_vwritef+0x2d0/0x1cf0
[  312.637289][   T53]  ? p9pdu_writef+0xc4/0x100
[  312.637350][   T53]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  312.637409][   T53]  ? __pfx_p9_tag_alloc+0x10/0x10
[  312.637456][   T53]  ? finish_task_switch.isra.0+0x212/0xcc0
[  312.637513][   T53]  ? rcu_is_watching+0x12/0xc0
[  312.637552][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.637612][   T53]  ? rcu_is_watching+0x12/0xc0
[  312.637650][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.637714][   T53]  p9_client_prepare_req+0x244/0x4d0
[  312.637766][   T53]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  312.637816][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.637880][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.637940][   T53]  ? __schedule+0xf4b/0x5890
[  312.637990][   T53]  p9_client_rpc+0x1c3/0xc10
[  312.638043][   T53]  ? __pfx_p9_client_rpc+0x10/0x10
[  312.638093][   T53]  ? __pfx___schedule+0x10/0x10
[  312.638142][   T53]  ? __pfx_vprintk_emit+0x10/0x10
[  312.638183][   T53]  ? rcu_is_watching+0x12/0xc0
[  312.638220][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.638277][   T53]  ? trace_irq_enable.constprop.0+0xea/0x140
[  312.638343][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.638409][   T53]  p9_client_write+0x31f/0x680
[  312.638472][   T53]  ? __pfx_p9_client_write+0x10/0x10
[  312.638527][   T53]  ? iov_iter_advance+0x652/0x6c0
[  312.638572][   T53]  v9fs_issue_write+0xe4/0x1b0
[  312.638610][   T53]  ? __pfx_v9fs_issue_write+0x10/0x10
[  312.638649][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.638709][   T53]  ? rcu_is_watching+0x12/0xc0
[  312.638747][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.638809][   T53]  netfs_do_issue_write+0x95/0x110
[  312.638868][   T53]  netfs_retry_writes+0x165a/0x1a00
[  312.638929][   T53]  ? __pfx___lock_acquire+0x10/0x10
[  312.638985][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.639046][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.639108][   T53]  ? __pfx_netfs_retry_writes+0x10/0x10
[  312.639174][   T53]  ? __pfx_lock_release+0x10/0x10
[  312.639226][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.639286][   T53]  ? rcu_is_watching+0x12/0xc0
[  312.639335][   T53]  netfs_write_collection_worker+0x23de/0x37d0
[  312.639414][   T53]  process_one_work+0x9c8/0x1ba0
[  312.639472][   T53]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  312.639532][   T53]  ? __pfx_process_one_work+0x10/0x10
[  312.639583][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.639647][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.639707][   T53]  ? assign_work+0x1a0/0x250
[  312.639755][   T53]  worker_thread+0x6c8/0xf00
[  312.639811][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.639870][   T53]  ? __kthread_parkme+0x148/0x220
[  312.639907][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  312.639967][   T53]  ? __pfx_worker_thread+0x10/0x10
[  312.640018][   T53]  kthread+0x3b2/0x750
[  312.640064][   T53]  ? __pfx_kthread+0x10/0x10
[  312.640108][   T53]  ? lock_acquire+0x2f/0xb0
[  312.640163][   T53]  ? __pfx_kthread+0x10/0x10
[  312.640209][   T53]  ret_from_fork+0x48/0x80
[  312.640258][   T53]  ? __pfx_kthread+0x10/0x10
[  312.640303][   T53]  ret_from_fork_asm+0x1a/0x30
[  312.640360][   T53]  </TASK>
[  312.640372][   T53] 
[  313.081896][   T53] Allocated by task 7915:
[  313.086225][   T53]  kasan_save_stack+0x33/0x60
[  313.090934][   T53]  kasan_save_track+0x14/0x30
[  313.095640][   T53]  __kasan_kmalloc+0xaa/0xb0
[  313.100256][   T53]  __kmalloc_noprof+0x21c/0x510
[  313.105139][   T53]  lsm_blob_alloc+0x68/0x90
[  313.109676][   T53]  security_sk_alloc+0x30/0x270
[  313.114544][   T53]  sk_prot_alloc+0xfb/0x2a0
[  313.119063][   T53]  sk_alloc+0x36/0xc20
[  313.123157][   T53]  unix_create1+0xa6/0x6c0
[  313.127603][   T53]  unix_create+0x10e/0x1d0
[  313.132047][   T53]  __sock_create+0x338/0x8d0
[  313.136654][   T53]  __sys_socketpair+0x25d/0x5a0
[  313.141526][   T53]  __x64_sys_socketpair+0x96/0x100
[  313.146662][   T53]  do_syscall_64+0xcd/0x250
[  313.151193][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.157112][   T53] 
[  313.159433][   T53] Freed by task 7921:
[  313.163410][   T53]  kasan_save_stack+0x33/0x60
[  313.168114][   T53]  kasan_save_track+0x14/0x30
[  313.172821][   T53]  kasan_save_free_info+0x3b/0x60
[  313.177864][   T53]  __kasan_slab_free+0x51/0x70
[  313.182656][   T53]  kfree+0x2c4/0x4d0
[  313.186573][   T53]  security_sk_free+0x9d/0x1a0
[  313.191349][   T53]  __sk_destruct+0x44d/0x6f0
[  313.195966][   T53]  sk_destruct+0xc2/0xf0
[  313.200234][   T53]  __sk_free+0xf4/0x3e0
[  313.204421][   T53]  sock_wfree+0x276/0x880
[  313.208781][   T53]  unix_destruct_scm+0x138/0x190
[  313.213749][   T53]  skb_release_head_state+0xa6/0x290
[  313.219044][   T53]  sk_skb_reason_drop+0xeb/0x1a0
[  313.223993][   T53]  unix_release_sock+0x789/0x1210
[  313.229028][   T53]  unix_release+0x91/0xf0
[  313.233364][   T53]  __sock_release+0xb3/0x270
[  313.237963][   T53]  sock_close+0x1c/0x30
[  313.242127][   T53]  __fput+0x402/0xb70
[  313.246119][   T53]  task_work_run+0x151/0x250
[  313.250735][   T53]  get_signal+0x1d3/0x26c0
[  313.255179][   T53]  arch_do_signal_or_restart+0x90/0x7e0
[  313.260739][   T53]  syscall_exit_to_user_mode+0x150/0x2a0
[  313.266399][   T53]  do_syscall_64+0xda/0x250
[  313.270928][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.276850][   T53] 
[  313.279169][   T53] The buggy address belongs to the object at ffff888023369f20
[  313.279169][   T53]  which belongs to the cache kmalloc-16 of size 16
[  313.293054][   T53] The buggy address is located 0 bytes inside of
[  313.293054][   T53]  freed 16-byte region [ffff888023369f20, ffff888023369f30)
[  313.306603][   T53] 
[  313.308926][   T53] The buggy address belongs to the physical page:
[  313.315334][   T53] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23369
[  313.324100][   T53] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  313.331214][   T53] page_type: f5(slab)
[  313.335201][   T53] raw: 00fff00000000000 ffff88801b041640 dead000000000100 dead000000000122
[  313.343795][   T53] raw: 0000000000000000 0000000000800080 00000000f5000000 0000000000000000
[  313.352380][   T53] page dumped because: kasan: bad access detected
[  313.358791][   T53] page_owner tracks the page as allocated
[  313.364499][   T53] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5837, tgid 5837 (syz-executor), ts 242189329938, free_ts 242098253989
[  313.384230][   T53]  post_alloc_hook+0x181/0x1b0
[  313.389023][   T53]  get_page_from_freelist+0xfce/0x2f80
[  313.394513][   T53]  __alloc_frozen_pages_noprof+0x221/0x2470
[  313.400441][   T53]  new_slab+0x94/0x330
[  313.404530][   T53]  ___slab_alloc+0xc5d/0x1720
[  313.409230][   T53]  __slab_alloc.constprop.0+0x56/0xb0
[  313.414626][   T53]  __kmalloc_node_noprof+0x2f0/0x510
[  313.419940][   T53]  __kvmalloc_node_noprof+0xad/0x1a0
[  313.425249][   T53]  xt_replace_table+0x1e3/0x940
[  313.430113][   T53]  __do_replace+0x1d3/0x9e0
[  313.434643][   T53]  do_ip6t_set_ctl+0x965/0xbf0
[  313.439433][   T53]  nf_setsockopt+0x8d/0xf0
[  313.443874][   T53]  ipv6_setsockopt+0x135/0x170
[  313.448662][   T53]  tcp_setsockopt+0xa7/0x100
[  313.453269][   T53]  do_sock_setsockopt+0x225/0x480
[  313.458317][   T53]  __sys_setsockopt+0x1a0/0x230
[  313.463196][   T53] page last free pid 7346 tgid 7337 stack trace:
[  313.469521][   T53]  free_frozen_pages+0x6db/0xfb0
[  313.474488][   T53]  tlb_finish_mmu+0x237/0x7b0
[  313.479192][   T53]  exit_mmap+0x40e/0xba0
[  313.483459][   T53]  __mmput+0x12a/0x410
[  313.487557][   T53]  mmput+0x62/0x70
[  313.491303][   T53]  do_exit+0x9ba/0x2db0
[  313.495472][   T53]  do_group_exit+0xd3/0x2a0
[  313.499987][   T53]  get_signal+0x24ed/0x26c0
[  313.504519][   T53]  arch_do_signal_or_restart+0x90/0x7e0
[  313.510082][   T53]  syscall_exit_to_user_mode+0x150/0x2a0
[  313.515743][   T53]  do_syscall_64+0xda/0x250
[  313.520274][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.526197][   T53] 
[  313.528519][   T53] Memory state around the buggy address:
[  313.534145][   T53]  ffff888023369e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  313.542210][   T53]  ffff888023369e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  313.550319][   T53] >ffff888023369f00: fa fb fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[  313.558382][   T53]                                ^
[  313.563492][   T53]  ffff888023369f80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  313.571557][   T53]  ffff88802336a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  313.579704][   T53] ==================================================================
[  313.658747][   T53] ==================================================================
[  313.666848][   T53] BUG: KASAN: slab-use-after-free in _copy_from_iter+0x14b4/0x1560
[  313.674779][   T53] Read of size 4 at addr ffff888023369f28 by task kworker/u8:3/53
[  313.682606][   T53] 
[  313.684947][   T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Tainted: G    B              6.14.0-rc7-syzkaller-00196-g88d324e69ea9 #0
[  313.684999][   T53] Tainted: [B]=BAD_PAGE
[  313.685012][   T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  313.685036][   T53] Workqueue: events_unbound netfs_write_collection_worker
[  313.685098][   T53] Call Trace:
[  313.685109][   T53]  <TASK>
[  313.685122][   T53]  dump_stack_lvl+0x116/0x1f0
[  313.685179][   T53]  print_report+0xc3/0x670
[  313.685211][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.685272][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.685340][   T53]  ? __phys_addr+0xc6/0x150
[  313.685380][   T53]  kasan_report+0xd9/0x110
[  313.685413][   T53]  ? _copy_from_iter+0x14b4/0x1560
[  313.685456][   T53]  ? _copy_from_iter+0x14b4/0x1560
[  313.685502][   T53]  _copy_from_iter+0x14b4/0x1560
[  313.685545][   T53]  ? __virt_addr_valid+0x1a4/0x590
[  313.685583][   T53]  ? __pfx__copy_from_iter+0x10/0x10
[  313.685623][   T53]  ? __virt_addr_valid+0x1a4/0x590
[  313.685664][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.685723][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.685783][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.685842][   T53]  ? __phys_addr_symbol+0x30/0x80
[  313.685879][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.685939][   T53]  ? __check_object_size+0x488/0x710
[  313.685978][   T53]  p9pdu_vwritef+0x2d0/0x1cf0
[  313.686042][   T53]  ? p9pdu_writef+0xc4/0x100
[  313.686099][   T53]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  313.686157][   T53]  ? __pfx_p9_tag_alloc+0x10/0x10
[  313.686204][   T53]  ? finish_task_switch.isra.0+0x212/0xcc0
[  313.686261][   T53]  ? rcu_is_watching+0x12/0xc0
[  313.686300][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.686364][   T53]  ? rcu_is_watching+0x12/0xc0
[  313.686402][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.686466][   T53]  p9_client_prepare_req+0x244/0x4d0
[  313.686518][   T53]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  313.686568][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.686631][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.686691][   T53]  ? __schedule+0xf4b/0x5890
[  313.686741][   T53]  p9_client_rpc+0x1c3/0xc10
[  313.686793][   T53]  ? __pfx_p9_client_rpc+0x10/0x10
[  313.686844][   T53]  ? __pfx___schedule+0x10/0x10
[  313.686892][   T53]  ? __pfx_vprintk_emit+0x10/0x10
[  313.686934][   T53]  ? rcu_is_watching+0x12/0xc0
[  313.686972][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.687031][   T53]  ? trace_irq_enable.constprop.0+0xea/0x140
[  313.687091][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.687156][   T53]  p9_client_write+0x31f/0x680
[  313.687219][   T53]  ? __pfx_p9_client_write+0x10/0x10
[  313.687274][   T53]  ? iov_iter_advance+0x652/0x6c0
[  313.687322][   T53]  v9fs_issue_write+0xe4/0x1b0
[  313.687361][   T53]  ? __pfx_v9fs_issue_write+0x10/0x10
[  313.687399][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.687459][   T53]  ? rcu_is_watching+0x12/0xc0
[  313.687497][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.687558][   T53]  netfs_do_issue_write+0x95/0x110
[  313.687617][   T53]  netfs_retry_writes+0x165a/0x1a00
[  313.687679][   T53]  ? __pfx___lock_acquire+0x10/0x10
[  313.687735][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.687795][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.687858][   T53]  ? __pfx_netfs_retry_writes+0x10/0x10
[  313.687923][   T53]  ? __pfx_lock_release+0x10/0x10
[  313.687975][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.688035][   T53]  ? rcu_is_watching+0x12/0xc0
[  313.688076][   T53]  netfs_write_collection_worker+0x23de/0x37d0
[  313.688154][   T53]  process_one_work+0x9c8/0x1ba0
[  313.688213][   T53]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  313.688272][   T53]  ? __pfx_process_one_work+0x10/0x10
[  313.688329][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.688394][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.688454][   T53]  ? assign_work+0x1a0/0x250
[  313.688501][   T53]  worker_thread+0x6c8/0xf00
[  313.688557][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.688617][   T53]  ? __kthread_parkme+0x148/0x220
[  313.688654][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  313.688714][   T53]  ? __pfx_worker_thread+0x10/0x10
[  313.688765][   T53]  kthread+0x3b2/0x750
[  313.688811][   T53]  ? __pfx_kthread+0x10/0x10
[  313.688855][   T53]  ? lock_acquire+0x2f/0xb0
[  313.688910][   T53]  ? __pfx_kthread+0x10/0x10
[  313.688955][   T53]  ret_from_fork+0x48/0x80
[  313.689006][   T53]  ? __pfx_kthread+0x10/0x10
[  313.689051][   T53]  ret_from_fork_asm+0x1a/0x30
[  313.689102][   T53]  </TASK>
[  313.689114][   T53] 
[  314.125447][   T53] Allocated by task 7915:
[  314.129788][   T53]  kasan_save_stack+0x33/0x60
[  314.134512][   T53]  kasan_save_track+0x14/0x30
[  314.139237][   T53]  __kasan_kmalloc+0xaa/0xb0
[  314.143870][   T53]  __kmalloc_noprof+0x21c/0x510
[  314.148767][   T53]  lsm_blob_alloc+0x68/0x90
[  314.153318][   T53]  security_sk_alloc+0x30/0x270
[  314.158198][   T53]  sk_prot_alloc+0xfb/0x2a0
[  314.162739][   T53]  sk_alloc+0x36/0xc20
[  314.166853][   T53]  unix_create1+0xa6/0x6c0
[  314.171318][   T53]  unix_create+0x10e/0x1d0
[  314.175781][   T53]  __sock_create+0x338/0x8d0
[  314.180407][   T53]  __sys_socketpair+0x25d/0x5a0
[  314.185298][   T53]  __x64_sys_socketpair+0x96/0x100
[  314.190446][   T53]  do_syscall_64+0xcd/0x250
[  314.194994][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.200932][   T53] 
[  314.203263][   T53] Freed by task 7921:
[  314.207250][   T53]  kasan_save_stack+0x33/0x60
[  314.211973][   T53]  kasan_save_track+0x14/0x30
[  314.216695][   T53]  kasan_save_free_info+0x3b/0x60
[  314.221753][   T53]  __kasan_slab_free+0x51/0x70
[  314.226574][   T53]  kfree+0x2c4/0x4d0
[  314.230507][   T53]  security_sk_free+0x9d/0x1a0
[  314.235298][   T53]  __sk_destruct+0x44d/0x6f0
[  314.239932][   T53]  sk_destruct+0xc2/0xf0
[  314.244217][   T53]  __sk_free+0xf4/0x3e0
[  314.248415][   T53]  sock_wfree+0x276/0x880
[  314.252789][   T53]  unix_destruct_scm+0x138/0x190
[  314.257773][   T53]  skb_release_head_state+0xa6/0x290
[  314.263082][   T53]  sk_skb_reason_drop+0xeb/0x1a0
[  314.268046][   T53]  unix_release_sock+0x789/0x1210
[  314.273095][   T53]  unix_release+0x91/0xf0
[  314.277538][   T53]  __sock_release+0xb3/0x270
[  314.282163][   T53]  sock_close+0x1c/0x30
[  314.286342][   T53]  __fput+0x402/0xb70
[  314.290352][   T53]  task_work_run+0x151/0x250
[  314.294980][   T53]  get_signal+0x1d3/0x26c0
[  314.299445][   T53]  arch_do_signal_or_restart+0x90/0x7e0
[  314.305020][   T53]  syscall_exit_to_user_mode+0x150/0x2a0
[  314.310701][   T53]  do_syscall_64+0xda/0x250
[  314.315253][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.321191][   T53] 
[  314.323523][   T53] The buggy address belongs to the object at ffff888023369f20
[  314.323523][   T53]  which belongs to the cache kmalloc-16 of size 16
[  314.337428][   T53] The buggy address is located 8 bytes inside of
[  314.337428][   T53]  freed 16-byte region [ffff888023369f20, ffff888023369f30)
[  314.351076][   T53] 
[  314.353406][   T53] The buggy address belongs to the physical page:
[  314.359824][   T53] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23369
[  314.368608][   T53] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  314.375734][   T53] page_type: f5(slab)
[  314.379736][   T53] raw: 00fff00000000000 ffff88801b041640 dead000000000100 dead000000000122
[  314.388350][   T53] raw: 0000000000000000 0000000000800080 00000000f5000000 0000000000000000
[  314.396946][   T53] page dumped because: kasan: bad access detected
[  314.403453][   T53] page_owner tracks the page as allocated
[  314.409175][   T53] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5837, tgid 5837 (syz-executor), ts 242189329938, free_ts 242098253989
[  314.428926][   T53]  post_alloc_hook+0x181/0x1b0
[  314.433736][   T53]  get_page_from_freelist+0xfce/0x2f80
[  314.439243][   T53]  __alloc_frozen_pages_noprof+0x221/0x2470
[  314.445184][   T53]  new_slab+0x94/0x330
[  314.449288][   T53]  ___slab_alloc+0xc5d/0x1720
[  314.454009][   T53]  __slab_alloc.constprop.0+0x56/0xb0
[  314.459427][   T53]  __kmalloc_node_noprof+0x2f0/0x510
[  314.464760][   T53]  __kvmalloc_node_noprof+0xad/0x1a0
[  314.470093][   T53]  xt_replace_table+0x1e3/0x940
[  314.474977][   T53]  __do_replace+0x1d3/0x9e0
[  314.479528][   T53]  do_ip6t_set_ctl+0x965/0xbf0
[  314.484343][   T53]  nf_setsockopt+0x8d/0xf0
[  314.488803][   T53]  ipv6_setsockopt+0x135/0x170
[  314.493641][   T53]  tcp_setsockopt+0xa7/0x100
[  314.498266][   T53]  do_sock_setsockopt+0x225/0x480
[  314.503321][   T53]  __sys_setsockopt+0x1a0/0x230
[  314.508219][   T53] page last free pid 7346 tgid 7337 stack trace:
[  314.514556][   T53]  free_frozen_pages+0x6db/0xfb0
[  314.519545][   T53]  tlb_finish_mmu+0x237/0x7b0
[  314.524272][   T53]  exit_mmap+0x40e/0xba0
[  314.528555][   T53]  __mmput+0x12a/0x410
[  314.532691][   T53]  mmput+0x62/0x70
[  314.536459][   T53]  do_exit+0x9ba/0x2db0
[  314.540642][   T53]  do_group_exit+0xd3/0x2a0
[  314.545173][   T53]  get_signal+0x24ed/0x26c0
[  314.549724][   T53]  arch_do_signal_or_restart+0x90/0x7e0
[  314.555300][   T53]  syscall_exit_to_user_mode+0x150/0x2a0
[  314.560980][   T53]  do_syscall_64+0xda/0x250
[  314.565527][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.571470][   T53] 
[  314.573803][   T53] Memory state around the buggy address:
[  314.579446][   T53]  ffff888023369e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  314.587525][   T53]  ffff888023369e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  314.595611][   T53] >ffff888023369f00: fa fb fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[  314.603687][   T53]                                   ^
[  314.609069][   T53]  ffff888023369f80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  314.617148][   T53]  ffff88802336a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  314.625223][   T53] ==================================================================
[  314.683364][   T53] ==================================================================
[  314.691476][   T53] BUG: KASAN: wild-memory-access in _copy_from_iter+0x8a2/0x1560
[  314.699234][   T53] Read of size 11 at addr ffe7288c24167171 by task kworker/u8:3/53
[  314.707150][   T53] 
[  314.709496][   T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Tainted: G    B              6.14.0-rc7-syzkaller-00196-g88d324e69ea9 #0
[  314.709550][   T53] Tainted: [B]=BAD_PAGE
[  314.709563][   T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  314.709593][   T53] Workqueue: events_unbound netfs_write_collection_worker
[  314.709657][   T53] Call Trace:
[  314.709668][   T53]  <TASK>
[  314.709681][   T53]  dump_stack_lvl+0x116/0x1f0
[  314.709739][   T53]  kasan_report+0xd9/0x110
[  314.709773][   T53]  ? _copy_from_iter+0x8a2/0x1560
[  314.709817][   T53]  ? _copy_from_iter+0x8a2/0x1560
[  314.709863][   T53]  kasan_check_range+0xef/0x1a0
[  314.709906][   T53]  __asan_memcpy+0x23/0x60
[  314.709957][   T53]  _copy_from_iter+0x8a2/0x1560
[  314.710000][   T53]  ? __virt_addr_valid+0x1a4/0x590
[  314.710041][   T53]  ? __pfx__copy_from_iter+0x10/0x10
[  314.710081][   T53]  ? __virt_addr_valid+0x1a4/0x590
[  314.710122][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.710184][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.710245][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.710306][   T53]  ? __phys_addr_symbol+0x30/0x80
[  314.710343][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.710404][   T53]  ? __check_object_size+0x488/0x710
[  314.710445][   T53]  p9pdu_vwritef+0x2d0/0x1cf0
[  314.710509][   T53]  ? p9pdu_writef+0xc4/0x100
[  314.710571][   T53]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  314.710630][   T53]  ? __pfx_p9_tag_alloc+0x10/0x10
[  314.710679][   T53]  ? finish_task_switch.isra.0+0x212/0xcc0
[  314.710737][   T53]  ? rcu_is_watching+0x12/0xc0
[  314.710777][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.710839][   T53]  ? rcu_is_watching+0x12/0xc0
[  314.710877][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.710943][   T53]  p9_client_prepare_req+0x244/0x4d0
[  314.710996][   T53]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  314.711047][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.711112][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.711173][   T53]  ? __schedule+0xf4b/0x5890
[  314.711224][   T53]  p9_client_rpc+0x1c3/0xc10
[  314.711277][   T53]  ? __pfx_p9_client_rpc+0x10/0x10
[  314.711328][   T53]  ? __pfx___schedule+0x10/0x10
[  314.711377][   T53]  ? __pfx_vprintk_emit+0x10/0x10
[  314.711420][   T53]  ? rcu_is_watching+0x12/0xc0
[  314.711459][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.711520][   T53]  ? trace_irq_enable.constprop.0+0xea/0x140
[  314.711586][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.711653][   T53]  p9_client_write+0x31f/0x680
[  314.711716][   T53]  ? __pfx_p9_client_write+0x10/0x10
[  314.711773][   T53]  ? iov_iter_advance+0x652/0x6c0
[  314.711818][   T53]  v9fs_issue_write+0xe4/0x1b0
[  314.711858][   T53]  ? __pfx_v9fs_issue_write+0x10/0x10
[  314.711897][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.711958][   T53]  ? rcu_is_watching+0x12/0xc0
[  314.711997][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.712060][   T53]  netfs_do_issue_write+0x95/0x110
[  314.712120][   T53]  netfs_retry_writes+0x165a/0x1a00
[  314.712183][   T53]  ? __pfx___lock_acquire+0x10/0x10
[  314.712240][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.712301][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.712365][   T53]  ? __pfx_netfs_retry_writes+0x10/0x10
[  314.712432][   T53]  ? __pfx_lock_release+0x10/0x10
[  314.712485][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.712546][   T53]  ? rcu_is_watching+0x12/0xc0
[  314.712593][   T53]  netfs_write_collection_worker+0x23de/0x37d0
[  314.712673][   T53]  process_one_work+0x9c8/0x1ba0
[  314.712733][   T53]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  314.712794][   T53]  ? __pfx_process_one_work+0x10/0x10
[  314.712846][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.712912][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.712972][   T53]  ? assign_work+0x1a0/0x250
[  314.713021][   T53]  worker_thread+0x6c8/0xf00
[  314.713077][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.713138][   T53]  ? __kthread_parkme+0x148/0x220
[  314.713176][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  314.713237][   T53]  ? __pfx_worker_thread+0x10/0x10
[  314.713289][   T53]  kthread+0x3b2/0x750
[  314.713334][   T53]  ? __pfx_kthread+0x10/0x10
[  314.713380][   T53]  ? lock_acquire+0x2f/0xb0
[  314.713435][   T53]  ? __pfx_kthread+0x10/0x10
[  314.713482][   T53]  ret_from_fork+0x48/0x80
[  314.713533][   T53]  ? __pfx_kthread+0x10/0x10
[  314.713587][   T53]  ret_from_fork_asm+0x1a/0x30
[  314.713639][   T53]  </TASK>
[  314.713652][   T53] ==================================================================
[  316.000538][   T53] ==================================================================
[  316.008652][   T53] BUG: KASAN: slab-use-after-free in _copy_from_iter+0x13e3/0x1560
[  316.016554][   T53] Read of size 4 at addr ffff888023369f28 by task kworker/u8:3/53
[  316.024354][   T53] 
[  316.026676][   T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Tainted: G    B              6.14.0-rc7-syzkaller-00196-g88d324e69ea9 #0
[  316.026714][   T53] Tainted: [B]=BAD_PAGE
[  316.026724][   T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  316.026742][   T53] Workqueue: events_unbound netfs_write_collection_worker
[  316.026789][   T53] Call Trace:
[  316.026798][   T53]  <TASK>
[  316.026809][   T53]  dump_stack_lvl+0x116/0x1f0
[  316.026852][   T53]  print_report+0xc3/0x670
[  316.026876][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.026921][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.026964][   T53]  ? __phys_addr+0xc6/0x150
[  316.026994][   T53]  kasan_report+0xd9/0x110
[  316.027018][   T53]  ? _copy_from_iter+0x13e3/0x1560
[  316.027049][   T53]  ? _copy_from_iter+0x13e3/0x1560
[  316.027082][   T53]  _copy_from_iter+0x13e3/0x1560
[  316.027114][   T53]  ? __virt_addr_valid+0x1a4/0x590
[  316.027142][   T53]  ? __pfx__copy_from_iter+0x10/0x10
[  316.027171][   T53]  ? __virt_addr_valid+0x1a4/0x590
[  316.027201][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.027245][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.027289][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.027336][   T53]  ? __phys_addr_symbol+0x30/0x80
[  316.027363][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.027407][   T53]  ? __check_object_size+0x488/0x710
[  316.027437][   T53]  p9pdu_vwritef+0x2d0/0x1cf0
[  316.027483][   T53]  ? p9pdu_writef+0xc4/0x100
[  316.027526][   T53]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  316.027569][   T53]  ? __pfx_p9_tag_alloc+0x10/0x10
[  316.027603][   T53]  ? finish_task_switch.isra.0+0x212/0xcc0
[  316.027646][   T53]  ? rcu_is_watching+0x12/0xc0
[  316.027675][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.027720][   T53]  ? rcu_is_watching+0x12/0xc0
[  316.027748][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.027795][   T53]  p9_client_prepare_req+0x244/0x4d0
[  316.027834][   T53]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  316.027871][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.027918][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.027962][   T53]  ? __schedule+0xf4b/0x5890
[  316.028000][   T53]  p9_client_rpc+0x1c3/0xc10
[  316.028038][   T53]  ? __pfx_p9_client_rpc+0x10/0x10
[  316.028075][   T53]  ? __pfx___schedule+0x10/0x10
[  316.028111][   T53]  ? __pfx_vprintk_emit+0x10/0x10
[  316.028142][   T53]  ? rcu_is_watching+0x12/0xc0
[  316.028171][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.028231][   T53]  ? trace_irq_enable.constprop.0+0xea/0x140
[  316.028293][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.028363][   T53]  p9_client_write+0x31f/0x680
[  316.028424][   T53]  ? __pfx_p9_client_write+0x10/0x10
[  316.028479][   T53]  ? iov_iter_advance+0x652/0x6c0
[  316.028523][   T53]  v9fs_issue_write+0xe4/0x1b0
[  316.028561][   T53]  ? __pfx_v9fs_issue_write+0x10/0x10
[  316.028599][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.028657][   T53]  ? rcu_is_watching+0x12/0xc0
[  316.028696][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.028757][   T53]  netfs_do_issue_write+0x95/0x110
[  316.028815][   T53]  netfs_retry_writes+0x165a/0x1a00
[  316.028876][   T53]  ? __pfx___lock_acquire+0x10/0x10
[  316.028931][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.028990][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.029053][   T53]  ? __pfx_netfs_retry_writes+0x10/0x10
[  316.029117][   T53]  ? __pfx_lock_release+0x10/0x10
[  316.029168][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.029226][   T53]  ? rcu_is_watching+0x12/0xc0
[  316.029266][   T53]  netfs_write_collection_worker+0x23de/0x37d0
[  316.029350][   T53]  process_one_work+0x9c8/0x1ba0
[  316.029407][   T53]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  316.029466][   T53]  ? __pfx_process_one_work+0x10/0x10
[  316.029516][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.029579][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.029638][   T53]  ? assign_work+0x1a0/0x250
[  316.029685][   T53]  worker_thread+0x6c8/0xf00
[  316.029739][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.029798][   T53]  ? __kthread_parkme+0x148/0x220
[  316.029834][   T53]  ? srso_alias_return_thunk+0x5/0xfbef5
[  316.029893][   T53]  ? __pfx_worker_thread+0x10/0x10
[  316.029944][   T53]  kthread+0x3b2/0x750
[  316.029988][   T53]  ? __pfx_kthread+0x10/0x10
[  316.030032][   T53]  ? lock_acquire+0x2f/0xb0
[  316.030085][   T53]  ? __pfx_kthread+0x10/0x10
[  316.030130][   T53]  ret_from_fork+0x48/0x80
[  316.030180][   T53]  ? __pfx_kthread+0x10/0x10
[  316.030224][   T53]  ret_from_fork_asm+0x1a/0x30
[  316.030275][   T53]  </TASK>
[  316.030287][   T53] 
[  316.465582][   T53] Allocated by task 7915:
[  316.469902][   T53]  kasan_save_stack+0x33/0x60
[  316.474595][   T53]  kasan_save_track+0x14/0x30
[  316.479286][   T53]  __kasan_kmalloc+0xaa/0xb0
[  316.483893][   T53]  __kmalloc_noprof+0x21c/0x510
[  316.488756][   T53]  lsm_blob_alloc+0x68/0x90
[  316.493280][   T53]  security_sk_alloc+0x30/0x270
[  316.498132][   T53]  sk_prot_alloc+0xfb/0x2a0
[  316.502645][   T53]  sk_alloc+0x36/0xc20
[  316.506724][   T53]  unix_create1+0xa6/0x6c0
[  316.511156][   T53]  unix_create+0x10e/0x1d0
[  316.515608][   T53]  __sock_create+0x338/0x8d0
[  316.520204][   T53]  __sys_socketpair+0x25d/0x5a0
[  316.525064][   T53]  __x64_sys_socketpair+0x96/0x100
[  316.530184][   T53]  do_syscall_64+0xcd/0x250
[  316.534699][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.540604][   T53] 
[  316.542916][   T53] Freed by task 7921:
[  316.546883][   T53]  kasan_save_stack+0x33/0x60
[  316.551573][   T53]  kasan_save_track+0x14/0x30
[  316.556262][   T53]  kasan_save_free_info+0x3b/0x60
[  316.561290][   T53]  __kasan_slab_free+0x51/0x70
[  316.566075][   T53]  kfree+0x2c4/0x4d0
[  316.569980][   T53]  security_sk_free+0x9d/0x1a0
[  316.574745][   T53]  __sk_destruct+0x44d/0x6f0
[  316.579350][   T53]  sk_destruct+0xc2/0xf0
[  316.583609][   T53]  __sk_free+0xf4/0x3e0
[  316.587776][   T53]  sock_wfree+0x276/0x880
[  316.592117][   T53]  unix_destruct_scm+0x138/0x190
[  316.597067][   T53]  skb_release_head_state+0xa6/0x290
[  316.602353][   T53]  sk_skb_reason_drop+0xeb/0x1a0
[  316.607293][   T53]  unix_release_sock+0x789/0x1210
[  316.612320][   T53]  unix_release+0x91/0xf0
[  316.616651][   T53]  __sock_release+0xb3/0x270
[  316.621239][   T53]  sock_close+0x1c/0x30
[  316.625394][   T53]  __fput+0x402/0xb70
[  316.629394][   T53]  task_work_run+0x151/0x250
[  316.633993][   T53]  get_signal+0x1d3/0x26c0
[  316.638426][   T53]  arch_do_signal_or_restart+0x90/0x7e0
[  316.643973][   T53]  syscall_exit_to_user_mode+0x150/0x2a0
[  316.649618][   T53]  do_syscall_64+0xda/0x250
[  316.654132][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.660037][   T53] 
[  316.662356][   T53] The buggy address belongs to the object at ffff888023369f20
[  316.662356][   T53]  which belongs to the cache kmalloc-16 of size 16
[  316.676231][   T53] The buggy address is located 8 bytes inside of
[  316.676231][   T53]  freed 16-byte region [ffff888023369f20, ffff888023369f30)
[  316.689765][   T53] 
[  316.692078][   T53] The buggy address belongs to the physical page:
[  316.698479][   T53] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23369
[  316.707234][   T53] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  316.714772][   T53] page_type: f5(slab)
[  316.718760][   T53] raw: 00fff00000000000 ffff88801b041640 0000000000000000 dead000000000001
[  316.727370][   T53] raw: 0000000000000000 0000000000800080 00000000f5000000 0000000000000000
[  316.735958][   T53] page dumped because: kasan: bad access detected
[  316.742360][   T53] page_owner tracks the page as allocated
[  316.748061][   T53] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5837, tgid 5837 (syz-executor), ts 242189329938, free_ts 242098253989
[  316.767776][   T53]  post_alloc_hook+0x181/0x1b0
[  316.772566][   T53]  get_page_from_freelist+0xfce/0x2f80
[  316.778042][   T53]  __alloc_frozen_pages_noprof+0x221/0x2470
[  316.783952][   T53]  new_slab+0x94/0x330
[  316.788031][   T53]  ___slab_alloc+0xc5d/0x1720
[  316.792807][   T53]  __slab_alloc.constprop.0+0x56/0xb0
[  316.798195][   T53]  __kmalloc_node_noprof+0x2f0/0x510
[  316.803524][   T53]  __kvmalloc_node_noprof+0xad/0x1a0
[  316.808822][   T53]  xt_replace_table+0x1e3/0x940
[  316.813672][   T53]  __do_replace+0x1d3/0x9e0
[  316.818190][   T53]  do_ip6t_set_ctl+0x965/0xbf0
[  316.823009][   T53]  nf_setsockopt+0x8d/0xf0
[  316.827439][   T53]  ipv6_setsockopt+0x135/0x170
[  316.832213][   T53]  tcp_setsockopt+0xa7/0x100
[  316.836818][   T53]  do_sock_setsockopt+0x225/0x480
[  316.841848][   T53]  __sys_setsockopt+0x1a0/0x230
[  316.846730][   T53] page last free pid 7346 tgid 7337 stack trace:
[  316.853046][   T53]  free_frozen_pages+0x6db/0xfb0
[  316.857993][   T53]  tlb_finish_mmu+0x237/0x7b0
[  316.862686][   T53]  exit_mmap+0x40e/0xba0
[  316.866936][   T53]  __mmput+0x12a/0x410
[  316.871017][   T53]  mmput+0x62/0x70
[  316.874756][   T53]  do_exit+0x9ba/0x2db0
[  316.878930][   T53]  do_group_exit+0xd3/0x2a0
[  316.883450][   T53]  get_signal+0x24ed/0x26c0
[  316.887976][   T53]  arch_do_signal_or_restart+0x90/0x7e0
[  316.893534][   T53]  syscall_exit_to_user_mode+0x150/0x2a0
[  316.899188][   T53]  do_syscall_64+0xda/0x250
[  316.903710][   T53]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.909641][   T53] 
[  316.911955][   T53] Memory state around the buggy address:
[  316.917574][   T53]  ffff888023369e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  316.925637][   T53]  ffff888023369e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  316.933701][   T53] >ffff888023369f00: fa fb fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[  316.941788][   T53]                                   ^
[  316.947149][   T53]  ffff888023369f80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  316.955237][   T53]  ffff88802336a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  316.963323][   T53] ==================================================================