Warning: Permanently added '10.128.1.20' (ED25519) to the list of known hosts.
2024/04/05 17:50:16 fuzzer started
2024/04/05 17:50:16 dialing manager at 10.128.0.169:30005
[   73.948084][ T5083] cgroup: Unknown subsys name 'net'
[   74.116682][ T5083] cgroup: Unknown subsys name 'rlimit'
2024/04/05 17:50:18 syscalls: 3855
2024/04/05 17:50:18 code coverage: enabled
2024/04/05 17:50:18 comparison tracing: enabled
2024/04/05 17:50:18 extra coverage: enabled
2024/04/05 17:50:18 delay kcov mmap: enabled
2024/04/05 17:50:18 setuid sandbox: enabled
2024/04/05 17:50:18 namespace sandbox: enabled
2024/04/05 17:50:18 Android sandbox: /sys/fs/selinux/policy does not exist
2024/04/05 17:50:18 fault injection: enabled
2024/04/05 17:50:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2024/04/05 17:50:18 net packet injection: enabled
2024/04/05 17:50:18 net device setup: enabled
2024/04/05 17:50:18 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2024/04/05 17:50:18 devlink PCI setup: PCI device 0000:00:10.0 is not available
2024/04/05 17:50:18 NIC VF setup: PCI device 0000:00:11.0 is not available
2024/04/05 17:50:18 USB emulation: enabled
2024/04/05 17:50:18 hci packet injection: enabled
2024/04/05 17:50:18 wifi device emulation: enabled
2024/04/05 17:50:18 802.15.4 emulation: enabled
2024/04/05 17:50:18 swap file: enabled
[   75.810967][ T5083] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2024/04/05 17:50:19 starting 5 executor processes
[   77.037527][ T5100] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.051046][ T5107] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   77.069121][ T5111] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.078533][ T5111] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   77.087196][ T5111] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   77.092221][ T5109] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   77.095803][ T5111] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   77.102311][ T5109] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.110772][ T5111] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   77.119162][ T5109] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.123784][ T5111] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   77.131204][ T5109] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   77.145779][ T5109] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   77.150081][ T5113] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   77.154424][ T5109] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   77.161815][ T5111] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   77.168943][ T5109] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   77.175409][ T5111] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   77.183010][ T5109] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   77.191681][ T5111] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   77.206775][ T5111] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   77.214372][ T5109] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   77.214383][ T5111] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   77.229028][ T5111] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   77.236399][ T5109] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   77.244176][ T5109] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   77.251733][ T5107] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   77.264180][ T5111] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   77.271849][ T5107] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   77.280259][ T5107] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   77.894925][ T5097] chnl_net:caif_netlink_parms(): no params data found
[   77.921773][ T5104] chnl_net:caif_netlink_parms(): no params data found
[   77.941323][ T5101] chnl_net:caif_netlink_parms(): no params data found
[   78.049360][ T5096] chnl_net:caif_netlink_parms(): no params data found
[   78.162205][ T5097] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.173326][ T5097] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.181647][ T5097] bridge_slave_0: entered allmulticast mode
[   78.192237][ T5097] bridge_slave_0: entered promiscuous mode
[   78.217252][ T5097] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.226749][ T5097] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.234938][ T5097] bridge_slave_1: entered allmulticast mode
[   78.242338][ T5097] bridge_slave_1: entered promiscuous mode
[   78.326092][ T5104] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.333477][ T5104] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.341929][ T5104] bridge_slave_0: entered allmulticast mode
[   78.349455][ T5104] bridge_slave_0: entered promiscuous mode
[   78.403908][ T5104] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.411593][ T5104] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.420828][ T5104] bridge_slave_1: entered allmulticast mode
[   78.428617][ T5104] bridge_slave_1: entered promiscuous mode
[   78.468850][ T5101] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.476547][ T5101] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.484624][ T5101] bridge_slave_0: entered allmulticast mode
[   78.491968][ T5101] bridge_slave_0: entered promiscuous mode
[   78.501292][ T5101] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.511829][ T5101] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.519480][ T5101] bridge_slave_1: entered allmulticast mode
[   78.527640][ T5101] bridge_slave_1: entered promiscuous mode
[   78.539263][ T5097] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.555728][ T5097] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.589996][ T5104] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.599645][ T5096] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.607606][ T5096] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.615566][ T5096] bridge_slave_0: entered allmulticast mode
[   78.622917][ T5096] bridge_slave_0: entered promiscuous mode
[   78.680168][ T5098] chnl_net:caif_netlink_parms(): no params data found
[   78.696690][ T5104] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.719024][ T5096] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.727834][ T5096] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.735633][ T5096] bridge_slave_1: entered allmulticast mode
[   78.743019][ T5096] bridge_slave_1: entered promiscuous mode
[   78.752775][ T5101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.767082][ T5097] team0: Port device team_slave_0 added
[   78.823165][ T5101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.834581][ T5097] team0: Port device team_slave_1 added
[   78.860848][ T5104] team0: Port device team_slave_0 added
[   78.885500][ T5096] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.955161][ T5104] team0: Port device team_slave_1 added
[   78.964630][ T5096] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.978487][ T5101] team0: Port device team_slave_0 added
[   78.986279][ T5097] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.993685][ T5097] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.020713][ T5097] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.035975][ T5097] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.043339][ T5097] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.070922][ T5097] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.146814][ T5101] team0: Port device team_slave_1 added
[   79.174651][ T5104] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.181760][ T5104] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.209234][ T5104] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.222695][ T5104] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.230412][ T5104] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.257304][ T5104] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.273321][ T5096] team0: Port device team_slave_0 added
[   79.284554][ T5103] Bluetooth: hci4: command tx timeout
[   79.284574][ T5109] Bluetooth: hci0: command tx timeout
[   79.286250][ T5096] team0: Port device team_slave_1 added
[   79.331305][ T5101] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.339136][ T5101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.366140][ T5103] Bluetooth: hci3: command tx timeout
[   79.366166][ T5109] Bluetooth: hci1: command tx timeout
[   79.366467][ T5109] Bluetooth: hci2: command tx timeout
[   79.372882][ T5101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.408914][ T5098] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.416725][ T5098] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.424187][ T5098] bridge_slave_0: entered allmulticast mode
[   79.431425][ T5098] bridge_slave_0: entered promiscuous mode
[   79.447087][ T5098] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.454720][ T5098] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.462230][ T5098] bridge_slave_1: entered allmulticast mode
[   79.470146][ T5098] bridge_slave_1: entered promiscuous mode
[   79.521623][ T5101] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.529333][ T5101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.555720][ T5101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.613156][ T5096] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.621047][ T5096] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.649518][ T5096] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.662882][ T5096] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.670240][ T5096] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.697209][ T5096] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.726383][ T5097] hsr_slave_0: entered promiscuous mode
[   79.733667][ T5097] hsr_slave_1: entered promiscuous mode
[   79.757041][ T5098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.823761][ T5104] hsr_slave_0: entered promiscuous mode
[   79.830506][ T5104] hsr_slave_1: entered promiscuous mode
[   79.837177][ T5104] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   79.845832][ T5104] Cannot create hsr debugfs directory
[   79.856763][ T5098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.927397][ T5101] hsr_slave_0: entered promiscuous mode
[   79.934893][ T5101] hsr_slave_1: entered promiscuous mode
[   79.941649][ T5101] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   79.949863][ T5101] Cannot create hsr debugfs directory
[   79.985999][ T5098] team0: Port device team_slave_0 added
[   79.998366][ T5096] hsr_slave_0: entered promiscuous mode
[   80.006062][ T5096] hsr_slave_1: entered promiscuous mode
[   80.014092][ T5096] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   80.022038][ T5096] Cannot create hsr debugfs directory
[   80.066088][ T5098] team0: Port device team_slave_1 added
[   80.106783][ T5098] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.114468][ T5098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.141185][ T5098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.215970][ T5098] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.222987][ T5098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.250472][ T5098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.485098][ T5098] hsr_slave_0: entered promiscuous mode
[   80.492534][ T5098] hsr_slave_1: entered promiscuous mode
[   80.500454][ T5098] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   80.508719][ T5098] Cannot create hsr debugfs directory
[   80.791530][ T5101] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   80.812756][ T5101] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   80.824230][ T5101] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   80.839612][ T5101] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   80.922780][ T5097] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   80.938752][ T5097] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   80.960276][ T5097] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   80.972282][ T5097] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   81.072346][ T5104] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   81.083316][ T5104] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   81.116384][ T5104] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   81.131704][ T5104] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   81.261580][ T5097] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.297268][ T5097] 8021q: adding VLAN 0 to HW filter on device team0
[   81.325228][ T5096] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   81.336836][ T5096] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   81.351927][ T5149] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.359694][ T5149] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.363774][ T5109] Bluetooth: hci0: command tx timeout
[   81.372821][ T5107] Bluetooth: hci4: command tx timeout
[   81.418183][ T5096] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   81.431304][ T5148] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.438879][ T5148] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.447903][ T5107] Bluetooth: hci2: command tx timeout
[   81.454191][ T5107] Bluetooth: hci3: command tx timeout
[   81.459783][ T5107] Bluetooth: hci1: command tx timeout
[   81.483357][ T5098] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   81.497374][ T5098] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   81.510314][ T5096] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   81.550041][ T5098] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   81.560291][ T5098] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   81.641042][ T5101] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.811693][ T5101] 8021q: adding VLAN 0 to HW filter on device team0
[   81.860026][ T5154] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.867661][ T5154] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.917095][ T5104] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.950317][ T5154] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.957595][ T5154] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.979854][ T5096] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.038645][ T5104] 8021q: adding VLAN 0 to HW filter on device team0
[   82.076992][ T5096] 8021q: adding VLAN 0 to HW filter on device team0
[   82.106928][ T5151] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.114253][ T5151] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.155588][ T5154] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.162914][ T5154] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.179824][ T5154] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.187077][ T5154] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.206298][ T5154] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.213773][ T5154] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.232049][ T5098] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.250688][ T5097] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.313221][ T5098] 8021q: adding VLAN 0 to HW filter on device team0
[   82.373345][ T5152] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.382824][ T5152] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.400156][ T5152] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.407421][ T5152] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.462277][ T5104] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   82.502451][ T5097] veth0_vlan: entered promiscuous mode
[   82.542719][ T5097] veth1_vlan: entered promiscuous mode
[   82.579468][ T5096] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   82.862629][ T5101] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.881706][ T5097] veth0_macvtap: entered promiscuous mode
[   82.929122][ T5097] veth1_macvtap: entered promiscuous mode
[   83.047650][ T5104] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.062061][ T5096] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.087476][ T5097] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.110183][ T5097] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.198692][ T5097] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.223894][ T5097] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.233220][ T5097] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.243161][ T5097] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.400094][ T5096] veth0_vlan: entered promiscuous mode
[   83.431379][ T5098] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.445585][ T5109] Bluetooth: hci0: command tx timeout
[   83.451224][ T5107] Bluetooth: hci4: command tx timeout
[   83.496481][ T5096] veth1_vlan: entered promiscuous mode
[   83.525011][ T5107] Bluetooth: hci1: command tx timeout
[   83.530743][ T5107] Bluetooth: hci3: command tx timeout
[   83.534328][ T5109] Bluetooth: hci2: command tx timeout
[   83.545774][ T5104] veth0_vlan: entered promiscuous mode
[   83.603513][ T5104] veth1_vlan: entered promiscuous mode
[   83.631931][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.640462][ T5101] veth0_vlan: entered promiscuous mode
[   83.652596][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.730343][ T5101] veth1_vlan: entered promiscuous mode
[   83.753719][ T5096] veth0_macvtap: entered promiscuous mode
[   83.781226][ T5098] veth0_vlan: entered promiscuous mode
[   83.782662][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.795615][ T5096] veth1_macvtap: entered promiscuous mode
[   83.804146][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.817828][ T5104] veth0_macvtap: entered promiscuous mode
[   83.841259][ T5098] veth1_vlan: entered promiscuous mode
[   83.867860][ T5104] veth1_macvtap: entered promiscuous mode
17:50:26 executing program 2:
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f00000002c0)=ANY=[], &(0x7f00000001c0)='./bus\x00', &(0x7f0000000140)='ubifs\x00', 0x0, 0x0)

[   83.978182][ T5104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.981809][ T5185] UBIFS error (pid: 5185): cannot open "", error -22
17:50:26 executing program 2:
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x140}}, 0x0)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000002c0)=@ipv6_newnexthop={0x34, 0x68, 0xb, 0x0, 0x0, {}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP_TTL={0x5}}, @NHA_OIF={0x8, 0x5, r1}, @NHA_ENCAP_TYPE={0x6, 0x7, 0x8}]}, 0x34}}, 0x0)

[   84.013259][ T5104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.039204][ T5104] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.078576][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   84.100852][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.113171][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   84.126055][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.145497][ T5096] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.196486][ T5104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   84.208034][ T5104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.221277][ T5104] batman_adv: batadv0: Interface activated: batadv_slave_1
17:50:27 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=@allocspi={0xf8, 0x16, 0xe32b7fa974c0285, 0x0, 0x0, {{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in=@multicast2}, {@in6=@local, 0x0, 0x6c}, @in=@multicast2}}}, 0xf8}}, 0x0)

[   84.236309][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   84.249407][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.260414][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   84.271939][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.286975][ T5096] batman_adv: batadv0: Interface activated: batadv_slave_1
[   84.307685][ T5101] veth0_macvtap: entered promiscuous mode
[   84.320712][ T5104] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
17:50:27 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYRESHEX=0x0, @ANYRESHEX, @ANYBLOB="f30fabea260ea3"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[   84.359780][ T5104] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.369358][ T5104] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.378589][ T5104] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.393279][ T5098] veth0_macvtap: entered promiscuous mode
[   84.406995][ T5101] veth1_macvtap: entered promiscuous mode
[   84.423111][ T5096] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.437035][ T5096] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.450953][ T5096] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.451043][ T5191] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   84.460442][ T5096] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.519799][ T5098] veth1_macvtap: entered promiscuous mode
[   84.620498][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   84.634124][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.652050][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   84.670023][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.682776][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   84.703630][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.718772][ T5098] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.742358][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   84.760245][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.776147][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   84.790520][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.803084][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   84.822043][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.833709][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   84.846320][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.859270][ T5101] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.898214][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   84.913314][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.933452][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
17:50:27 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f00000007c0)="05", 0x1}], 0x1}}], 0x1, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
recvmmsg(r0, &(0x7f0000004000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000004100))
close_range(r1, 0xffffffffffffffff, 0x0)

[   84.944891][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.961944][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   84.982030][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.994500][ T5098] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.041191][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.041820][   T28] audit: type=1326 audit(1712339427.738:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5194 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbcb667de69 code=0x0
[   85.055362][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.088344][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.100704][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.110817][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.121658][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.131967][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.143231][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.156682][ T5101] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.198056][ T2795] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.213123][ T2795] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.223306][ T5098] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.235057][ T5098] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.244069][ T5098] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.252975][ T5098] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.266935][ T5101] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.276817][ T5101] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.286248][ T5101] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.295519][ T5101] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.335295][ T2795] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.348093][ T2795] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.451579][   T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.472504][   T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.524369][ T5109] Bluetooth: hci4: command tx timeout
[   85.530026][ T5109] Bluetooth: hci0: command tx timeout
[   85.534266][ T5150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
17:50:28 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_to_hsr\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MTU={0x8, 0x4, 0x100}]}, 0x44}}, 0x0)

[   85.576241][ T5150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.604693][ T5109] Bluetooth: hci3: command tx timeout
[   85.605020][ T5107] Bluetooth: hci1: command tx timeout
[   85.610978][ T5109] Bluetooth: hci2: command tx timeout
17:50:28 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="8500000013000000350000000000ba00850000000500000095000000000000004cf12aa5cbd56806f81f06a9c7fff5e0a141d524588f32cb447f90ee60b191e2c825cd4d581c45469816b05b61a3cf5fc6dd8442230e7953f911aa1f70351718512c7ae8766b643497cbe593f90a847687a1ef1f83dd6c1023678a1086f7d0f9dce435558fe138d736209ddb7457c14bc34e6bdea4217c4b49377fad08d9a7ab69000000004f0a9c13ecee61c09a701bd5192a9e19b27de967bfb3fe241454a04080bf668ce021879c820f9b80fe233888f07f5ab2667027d4b33729d714e0e205db36aa52281c70e90b9d1615e3a833c63d335d96f51401f6f2f05e469dfd1a8d6e77a6278d708d41af3cacc0afaec2262da46ee302999f76b0e21c2f8f456701b60000bd9ece2df9aac757664062f8b57375ecf693f041aca86e253039c8c7807f298a63f47e9b32d2712250e3ab7f90551b0459ca0157"], 0x0}, 0x90)
r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$apparmor_exec(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="737461636b203aae86ad47aa0d9495e6d80f7bde2d18ffb36cf152aed2d408fb58e305fc8e2f2f7d91f81b621cc4214d4a24e1614fbee0beac8f4a045070b770212d46d4a2df096b791f2a4ba218e12cb76aa24945b70a7c9dd5edeac52b5a876f73cfbe66371a72f11f3d9544d6b59b4a55b2abee5cbf112aa437dfd147cca3e5098a207be806ea716780bd4ddef272f90b8c101f8c1b5c8fe41e170fd0c775dbc5be0b6d3ab625ab702e5b1dc15f9c4b3d09be812f340e681e0694f5badf640da3fdfc2f929b4c2beb9a592c577287b6021bfeec24146c7f95608bb60a736206a09d9f47e89c4044eadde57cdefd15f25b822d2eaf2205df0d6b71b63ee0b63cb598f26509af36983578f6f4198a0843cc1b1bd780015007ab9709cc6211e3b5c685b972b5c5e95f054a7a9fe149282f679c8466b9734e3850ec98419dd0c887715902f9e7802842085bc60c2654869e9e3701fd0fc69137fe165592689465eebd5cafad7c29de2adadec45e965063e389ca1fe33a1ef23617c89116a3a458b56612e4c36c43a9150d5331adbb0beb01a062b1f1349fc2ecea76cb7c40cdfe378185f3099b1d71414d0fda5a47f8593260cc0bd723a4cca81435f041321635f91bcb15aac48883a9617fb4e58c19b18cf3a7e1299a07f45325fcd05a7c30f47e77073dcc584f7e0516cb74c55a0a2a30dc9f3163868f7c233ad1fff87a2c71cc6433e9bd7c3209de0cba9552f5c7c04f24eccf206bdb745564539dd62d655a33d40a507660668c30f7720280c86c104e58d30d6cb65814e00b55ff9a33f3ed375dfb4b47d89a599f31a0d612827a8f6e1173eb376e11160ddbc0d79e3a11d5a99fa9c98f559efeb1e0a196d6da225fbad0dc880e923d6b2ed2890eed8255bd2f8296b8d689762aa02e1399045bc0cbec07ec937f2e6dfac960460574e2e00dc39221a4a0c31dbbfa4973fcb7be76e87bdfe6bc14056b5a867d05316247465aceddf5c95825d73a9b119dab89ac982fff04e5d140a8391bd6f1831a9b7519ba86abc949"], 0x564)

[   85.697476][   T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.730886][   T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
17:50:28 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000740)=[@register_looper], 0x0, 0x0, 0x0})
ppoll(&(0x7f0000000140)=[{r1}], 0x1, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x10, 0x0, &(0x7f0000000440)=[@request_death], 0x0, 0x0, 0x0})

[   85.785193][ T5152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.793476][ T5152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
17:50:28 executing program 3:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000300)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TCSETS(r1, 0x5420, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "7ec5a816d916b2db5b3eb407000000000700"})

17:50:28 executing program 2:
r0 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)

[   85.858398][   T28] audit: type=1400 audit(1712339428.548:3): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A24E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A55B2ABEE5CBF112AA437DFD147CCA3E5098A207BE806EA716780BD4DDEF272F90B8C101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736206A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC60C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC45E965063E389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A
[   85.935854][ T5203] binder: 5202:5203 ioctl c0306201 20000080 returned -14
[   85.943796][ T5157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
17:50:28 executing program 3:
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x28, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}}, 0x0)

[   86.147695][ T5157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
17:50:28 executing program 2:
r0 = socket(0x2, 0x3, 0x6)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x2, 0x0, @multicast2}, 0x10)

17:50:29 executing program 2:
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
dup(r0)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000100)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xffff}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

17:50:29 executing program 0:
semget$private(0x0, 0x0, 0x0)
semctl$GETALL(0x0, 0xff0f0000, 0x10, 0x0)

[   86.315626][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.345495][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
17:50:29 executing program 3:
r0 = io_uring_setup(0x4822, &(0x7f0000000180))
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r3=>0x0})
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000080)={r3, 0x1, 0x6, @multicast}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

17:50:29 executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="8500000013000000350000000000ba00850000000500000095000000000000004cf12aa5cbd56806f81f06a9c7fff5e0a141d524588f32cb447f90ee60b191e2c825cd4d581c45469816b05b61a3cf5fc6dd8442230e7953f911aa1f70351718512c7ae8766b643497cbe593f90a847687a1ef1f83dd6c1023678a1086f7d0f9dce435558fe138d736209ddb7457c14bc34e6bdea4217c4b49377fad08d9a7ab69000000004f0a9c13ecee61c09a701bd5192a9e19b27de967bfb3fe241454a04080bf668ce021879c820f9b80fe233888f07f5ab2667027d4b33729d714e0e205db36aa52281c70e90b9d1615e3a833c63d335d96f51401f6f2f05e469dfd1a8d6e77a6278d708d41af3cacc0afaec2262da46ee302999f76b0e21c2f8f456701b60000bd9ece2df9aac757664062f8b57375ecf693f041aca86e253039c8c7807f298a63f47e9b32d2712250e3ab7f90551b0459ca0157"], 0x0}, 0x90)
r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$apparmor_exec(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="737461636b203aae86ad47aa0d9495e6d80f7bde2d18ffb36cf152aed2d408fb58e305fc8e2f2f7d91f81b621cc4214d4a24e1614fbee0beac8f4a045070b770212d46d4a2df096b791f2a4ba218e12cb76aa24945b70a7c9dd5edeac52b5a876f73cfbe66371a72f11f3d9544d6b59b4a55b2abee5cbf112aa437dfd147cca3e5098a207be806ea716780bd4ddef272f90b8c101f8c1b5c8fe41e170fd0c775dbc5be0b6d3ab625ab702e5b1dc15f9c4b3d09be812f340e681e0694f5badf640da3fdfc2f929b4c2beb9a592c577287b6021bfeec24146c7f95608bb60a736206a09d9f47e89c4044eadde57cdefd15f25b822d2eaf2205df0d6b71b63ee0b63cb598f26509af36983578f6f4198a0843cc1b1bd780015007ab9709cc6211e3b5c685b972b5c5e95f054a7a9fe149282f679c8466b9734e3850ec98419dd0c887715902f9e7802842085bc60c2654869e9e3701fd0fc69137fe165592689465eebd5cafad7c29de2adadec45e965063e389ca1fe33a1ef23617c89116a3a458b56612e4c36c43a9150d5331adbb0beb01a062b1f1349fc2ecea76cb7c40cdfe378185f3099b1d71414d0fda5a47f8593260cc0bd723a4cca81435f041321635f91bcb15aac48883a9617fb4e58c19b18cf3a7e1299a07f45325fcd05a7c30f47e77073dcc584f7e0516cb74c55a0a2a30dc9f3163868f7c233ad1fff87a2c71cc6433e9bd7c3209de0cba9552f5c7c04f24eccf206bdb745564539dd62d655a33d40a507660668c30f7720280c86c104e58d30d6cb65814e00b55ff9a33f3ed375dfb4b47d89a599f31a0d612827a8f6e1173eb376e11160ddbc0d79e3a11d5a99fa9c98f559efeb1e0a196d6da225fbad0dc880e923d6b2ed2890eed8255bd2f8296b8d689762aa02e1399045bc0cbec07ec937f2e6dfac960460574e2e00dc39221a4a0c31dbbfa4973fcb7be76e87bdfe6bc14056b5a867d05316247465aceddf5c95825d73a9b119dab89ac982fff04e5d140a8391bd6f1831a9b7519ba86abc949"], 0x564)

17:50:29 executing program 2:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000300)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TCSETS(r1, 0x5420, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "7ec5a816d916b2db5b3eb407000000000700"})

17:50:29 executing program 4:
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xc8}}, 0x0)
r0 = semget$private(0x0, 0x6, 0x0)
semtimedop(0x0, &(0x7f0000000180)=[{0x0, 0xfff}], 0x1, 0x0)
semop(0x0, &(0x7f0000000000)=[{}], 0xd)
semtimedop(r0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0)
semctl$IPC_RMID(0x0, 0x0, 0x0)

[   86.645759][ T5219] batadv_slave_0: entered promiscuous mode
[   86.677067][ T5219] batadv_slave_0: left promiscuous mode
17:50:29 executing program 3:
syz_emit_vhci(&(0x7f00000009c0)=ANY=[@ANYBLOB="04224c781b83b1ac0d982205000000000000403a3fb1e36af9ffffaaaaaaaaaa100605eeff33b80100c1000000000000050305e1e443060003ffffffffff0ffefa"], 0x4f)

17:50:29 executing program 0:
r0 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)

17:50:29 executing program 1:
syz_emit_vhci(&(0x7f0000000e80)=ANY=[@ANYBLOB="040e0a0060201a"], 0xd)

17:50:29 executing program 2:
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x28, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}}, 0x0)

[   86.703810][   T28] audit: type=1400 audit(1712339429.398:4): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A24E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A55B2ABEE5CBF112AA437DFD147CCA3E5098A207BE806EA716780BD4DDEF272F90B8C101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736206A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC60C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC45E965063E389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A
[   86.915933][ T5109] Bluetooth: hci4: Malformed HCI Event: 0x22
17:50:29 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='ext4_es_lookup_extent_exit\x00', r0}, 0x10)
r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r1, 0x0, 0x0, 0x1000f4)
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000040))

17:50:29 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000006c0), r1)
sendmsg$NFC_CMD_FW_DOWNLOAD(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="810026bd7000ffdbdf2515"], 0x24}}, 0x0)

17:50:29 executing program 3:
r0 = io_uring_setup(0x4822, &(0x7f0000000180))
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r3=>0x0})
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000080)={r3, 0x1, 0x6, @multicast}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

17:50:29 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="8500000013000000350000000000ba00850000000500000095000000000000004cf12aa5cbd56806f81f06a9c7fff5e0a141d524588f32cb447f90ee60b191e2c825cd4d581c45469816b05b61a3cf5fc6dd8442230e7953f911aa1f70351718512c7ae8766b643497cbe593f90a847687a1ef1f83dd6c1023678a1086f7d0f9dce435558fe138d736209ddb7457c14bc34e6bdea4217c4b49377fad08d9a7ab69000000004f0a9c13ecee61c09a701bd5192a9e19b27de967bfb3fe241454a04080bf668ce021879c820f9b80fe233888f07f5ab2667027d4b33729d714e0e205db36aa52281c70e90b9d1615e3a833c63d335d96f51401f6f2f05e469dfd1a8d6e77a6278d708d41af3cacc0afaec2262da46ee302999f76b0e21c2f8f456701b60000bd9ece2df9aac757664062f8b57375ecf693f041aca86e253039c8c7807f298a63f47e9b32d2712250e3ab7f90551b0459ca0157"], 0x0}, 0x90)
r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$apparmor_exec(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="737461636b203aae86ad47aa0d9495e6d80f7bde2d18ffb36cf152aed2d408fb58e305fc8e2f2f7d91f81b621cc4214d4a24e1614fbee0beac8f4a045070b770212d46d4a2df096b791f2a4ba218e12cb76aa24945b70a7c9dd5edeac52b5a876f73cfbe66371a72f11f3d9544d6b59b4a55b2abee5cbf112aa437dfd147cca3e5098a207be806ea716780bd4ddef272f90b8c101f8c1b5c8fe41e170fd0c775dbc5be0b6d3ab625ab702e5b1dc15f9c4b3d09be812f340e681e0694f5badf640da3fdfc2f929b4c2beb9a592c577287b6021bfeec24146c7f95608bb60a736206a09d9f47e89c4044eadde57cdefd15f25b822d2eaf2205df0d6b71b63ee0b63cb598f26509af36983578f6f4198a0843cc1b1bd780015007ab9709cc6211e3b5c685b972b5c5e95f054a7a9fe149282f679c8466b9734e3850ec98419dd0c887715902f9e7802842085bc60c2654869e9e3701fd0fc69137fe165592689465eebd5cafad7c29de2adadec45e965063e389ca1fe33a1ef23617c89116a3a458b56612e4c36c43a9150d5331adbb0beb01a062b1f1349fc2ecea76cb7c40cdfe378185f3099b1d71414d0fda5a47f8593260cc0bd723a4cca81435f041321635f91bcb15aac48883a9617fb4e58c19b18cf3a7e1299a07f45325fcd05a7c30f47e77073dcc584f7e0516cb74c55a0a2a30dc9f3163868f7c233ad1fff87a2c71cc6433e9bd7c3209de0cba9552f5c7c04f24eccf206bdb745564539dd62d655a33d40a507660668c30f7720280c86c104e58d30d6cb65814e00b55ff9a33f3ed375dfb4b47d89a599f31a0d612827a8f6e1173eb376e11160ddbc0d79e3a11d5a99fa9c98f559efeb1e0a196d6da225fbad0dc880e923d6b2ed2890eed8255bd2f8296b8d689762aa02e1399045bc0cbec07ec937f2e6dfac960460574e2e00dc39221a4a0c31dbbfa4973fcb7be76e87bdfe6bc14056b5a867d05316247465aceddf5c95825d73a9b119dab89ac982fff04e5d140a8391bd6f1831a9b7519ba86abc949"], 0x564)

17:50:29 executing program 2:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000300)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TCSETS(r1, 0x5420, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "7ec5a816d916b2db5b3eb407000000000700"})

17:50:29 executing program 0:
r0 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)

17:50:30 executing program 0:
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xc8}}, 0x0)
semget$private(0x0, 0x6, 0x0)
semtimedop(0x0, &(0x7f0000000180)=[{0x0, 0xfff}], 0x1, 0x0)
semop(0x0, &(0x7f0000000000)=[{}], 0xd)

[   87.339714][ T5242] batadv_slave_0: entered promiscuous mode
17:50:30 executing program 4:
r0 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000180)=@multiplanar_userptr={0x300, 0x1, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "488dc807"}, 0x0, 0x2, {0x0}})

[   87.345551][   T28] audit: type=1400 audit(1712339430.038:5): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A24E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A55B2ABEE5CBF112AA437DFD147CCA3E5098A207BE806EA716780BD4DDEF272F90B8C101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736206A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC60C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC45E965063E389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A
[   87.376617][ T5246] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
17:50:30 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="a71f4df4fa399bf85b098a790b0000000000007f1d0b2295a746e10b7853b1a81ea50f42"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[   87.502816][ T5242] batadv_slave_0: left promiscuous mode
17:50:30 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)

17:50:30 executing program 1:
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x28, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}}, 0x0)

17:50:30 executing program 4:
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddc1517600"})
r2 = syz_open_pts(r1, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000200)=0x2)
read(r2, 0x0, 0x2006)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

17:50:30 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000180)=@ethtool_drvinfo={0x3, "96eb43226449fae27d98035470bd99875c2547b267cb4f94122d73252ef4ff7e", "912784d426e7e82210c416ca2d9d948e29319af9dfb609d20ebb13731dc6ab7f", "f88d00434cff3d9a7e8215a41862c4c861dee77aeff0f51e5eb142ad6f89bb39", "ac0f3cf5058c3a05a96396513a412248e38789e3fc0466896ba906750c35bf3a", "f397408494a60edd96260d819955afe7ff7357e1bb628ea10f49a568df10b96d", "e35510d6cd086a3f42221d8c"}})

[   87.980475][ T5264] serio: Serial port pts0
[   88.028168][ T5257] kvm: emulating exchange as write
17:50:30 executing program 4:
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r1 = dup(r0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, 0x0)

17:50:30 executing program 1:
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x282a2, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x20)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000f, 0x11, r0, 0x0)
ioctl$SNDCTL_DSP_GETIPTR(r0, 0x800c5011, &(0x7f0000000040))
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x4000)

17:50:31 executing program 0:
r0 = io_uring_setup(0x4822, &(0x7f0000000180))
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r3=>0x0})
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000080)={r3, 0x1, 0x6, @multicast}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

17:50:31 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000006c0), r1)
sendmsg$NFC_CMD_FW_DOWNLOAD(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="810026bd7000ffdbdf2515"], 0x24}}, 0x0)

17:50:31 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='ext4_es_lookup_extent_exit\x00', r0}, 0x10)
r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r1, 0x0, 0x0, 0x1000f4)
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000040))

[   88.608419][ T5280] batadv_slave_0: entered promiscuous mode
[   88.629399][ T5280] batadv_slave_0: left promiscuous mode
17:50:31 executing program 2:
pipe2(&(0x7f0000000040), 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddc1517600"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)=0x2)
read(r1, 0x0, 0x2006)

[   88.680101][ T5283] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
17:50:31 executing program 0:
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x28, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}}, 0x0)

17:50:31 executing program 3:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x6, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000740)=[@register_looper], 0x0, 0x0, 0x0})
ppoll(&(0x7f0000000140)=[{r1}], 0x1, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x10, 0x0, &(0x7f0000000440)=[@request_death], 0x0, 0x0, 0x0})

17:50:31 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYRESHEX=0x0, @ANYRESHEX, @ANYBLOB="f30fabea260ea3"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

17:50:31 executing program 1:
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r1 = dup(r0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, 0x0)

[   88.957375][ T5289] serio: Serial port pts0
[   88.965001][ T5291] binder: 5290:5291 unknown command 0
17:50:31 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="a71f4df4fa399bf85b098a790b0000000000007f1d0b2295a746e10b7853b1a81ea50f42"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[   89.002323][ T5291] binder: 5290:5291 ioctl c0306201 20000080 returned -22
17:50:31 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="a71f4df4fa399bf85b098a790b0000000000007f1d0b2295a746e10b7853b1a81ea50f42"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

17:50:32 executing program 2:
r0 = socket(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000580)={0x2, 0x0, @local}, 0x10)
setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f0000000080)={{0x0}, 0x0}, 0x20)

17:50:32 executing program 3:
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000a80), 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000000340)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x8, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x1}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0)

17:50:32 executing program 4:
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000180)=@ethtool_drvinfo={0x3, "96eb43226449fae27d98035470bd99875c2547b267cb4f94122d73252ef4ff7e", "912784d426e7e82210c416ca2d9d948e29319af9dfb609d20ebb13731dc6ab7f", "f88d00434cff3d9a7e8215a41862c4c861dee77aeff0f51e5eb142ad6f89bb39", "ac0f3cf5058c3a05a96396513a412248e38789e3fc0466896ba906750c35bf3a", "f397408494a60edd96260d819955afe7ff7357e1bb628ea10f49a568df10b96d", "e35510d6cd086a3f42221d8c"}})

17:50:32 executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000006c0), r1)
sendmsg$NFC_CMD_FW_DOWNLOAD(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="810026bd7000ffdbdf2515"], 0x24}}, 0x0)

17:50:32 executing program 3:
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x282a2, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x20)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000f, 0x11, r0, 0x0)
ioctl$SNDCTL_DSP_GETIPTR(r0, 0x800c5011, &(0x7f0000000040))
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x4000)

17:50:32 executing program 0:
r0 = socket$inet(0x2b, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f00000011c0)={0x84, @multicast2, 0x0, 0x0, 'wrr\x00'}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)

17:50:32 executing program 4:
pipe2(&(0x7f0000000040), 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddc1517600"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)=0x2)
read(r1, 0x0, 0x2006)

[   90.178954][ T5317] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
17:50:32 executing program 1:
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x282a2, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x20)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000f, 0x11, r0, 0x0)
ioctl$SNDCTL_DSP_GETIPTR(r0, 0x800c5011, &(0x7f0000000040))
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x4000)

17:50:32 executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f00000006c0)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{@in=@local, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@mcast2}}}, 0xf0}}, 0x0)

17:50:33 executing program 2:
r0 = socket(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000580)={0x2, 0x0, @local}, 0x10)
setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f0000000080)={{0x0}, 0x0}, 0x20)

[   90.398114][ T5322] serio: Serial port pts0
17:50:33 executing program 2:
r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000400)={0x2, {0x0, 0x0, 0x6}})

17:50:33 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="a71f4df4fa399bf85b098a790b0000000000007f1d0b2295a746e10b7853b1a81ea50f42"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

17:50:33 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x2, 0x6, 0x1fffffbf, 0x0, 0x2a8, 0x3b0, 0x1b0, 0x3b0, 0x4f0, 0x4f0, 0x4f0, 0x4f0, 0x4f0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@ipv6={@private0, @loopback, [], [], 'dvmrp1\x00', 'veth1_macvtap\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@mh={{0x28}, {'cS'}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev, [], [], 'lo\x00', 'ipvlan0\x00'}, 0x0, 0xd0, 0x108, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@SET3={0x38}}, {{@ipv6={@local, @loopback, [], [], 'macvtap0\x00', 'vlan1\x00'}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@unspec=@pkttype={{0x28}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x620)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000020180)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x90)

17:50:33 executing program 3:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x2, 0x6, 0x1fffffbf, 0x0, 0x2a8, 0x3b0, 0x1b0, 0x3b0, 0x4f0, 0x4f0, 0x4f0, 0x4f0, 0x4f0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@ipv6={@private0, @loopback, [], [], 'dvmrp1\x00', 'veth1_macvtap\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@mh={{0x28}, {'cS'}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev, [], [], 'lo\x00', 'ipvlan0\x00'}, 0x0, 0xd0, 0x108, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@SET3={0x38}}, {{@ipv6={@local, @loopback, [], [], 'macvtap0\x00', 'vlan1\x00'}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@unspec=@pkttype={{0x28}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x620)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000020180)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x90)

17:50:33 executing program 1:
r0 = syz_open_dev$swradio(&(0x7f0000000540), 0x0, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000dc0)={0x0, 0x5})

[   91.046227][ T5109] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[   91.055822][ T5109] Bluetooth: hci1: Injecting HCI hardware error event
[   91.064048][ T5109] Bluetooth: hci1: hardware error 0x00
17:50:33 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='ext4_es_lookup_extent_exit\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, 0xffffffffffffffff, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4)
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000040))

17:50:33 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x14, r1, 0x1}, 0x14}}, 0x0)

17:50:33 executing program 4:
socket$can_j1939(0x1d, 0x2, 0x7)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWSET={0x44, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_POLICY={0x8}]}], {0x14}}, 0x6c}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000380)={0x14, 0x15, 0xa, 0x201}, 0x14}}, 0x0)

17:50:34 executing program 1:
r0 = io_uring_setup(0x4822, &(0x7f0000000180))
socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
close_range(r0, 0xffffffffffffffff, 0x0)

17:50:34 executing program 0:
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[], &(0x7f0000000200)=""/247, 0x4a, 0xf7, 0x1}, 0x20)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000200)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x24, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x0, 0x0, 0x0, {[@mptcp=@mp_join={0x1e, 0x3}, @mptcp=@syn={0x1e, 0xc}]}}}}}}}}, 0x0)

[   91.408343][ T5352] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
17:50:34 executing program 1:
r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000340)={0x0, &(0x7f0000000100)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000040)={0x0, 0x0, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_DIRTYFB(r0, 0xc01864b1, &(0x7f0000000040)={r3, 0x1, 0x0, 0x5, &(0x7f00000000c0)=[{}, {}, {}, {}, {}]})

17:50:34 executing program 4:
r0 = socket$inet(0x2b, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f00000011c0)={0x84, @multicast2, 0x0, 0x0, 'wrr\x00'}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)

[   91.556056][ T5357] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
17:50:34 executing program 0:
r0 = memfd_create(&(0x7f0000000d00)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x13, r1, 0x8000000)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
waitid(0x0, 0x0, 0x0, 0x8, &(0x7f0000001780))

17:50:34 executing program 1:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$dsp(r0, 0x0, 0x2000000)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))

17:50:34 executing program 4:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000300)=ANY=[], 0x118)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TCSETS(r1, 0x5420, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "7ec5a816d916b2db5b3eb407000000000700"})

17:50:34 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000300)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x40, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x10, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x2000000000000010}]}}]}, 0x40}}, 0x0)

17:50:34 executing program 4:
r0 = syz_open_dev$swradio(&(0x7f0000000540), 0x0, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000dc0)={0x0, 0x5})

17:50:34 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000080)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x24, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x0, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x4}, @mptcp=@syn={0x1e, 0xc}]}}}}}}}}, 0x0)

17:50:34 executing program 4:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x6, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000740)=[@register_looper], 0x0, 0x0, 0x0})
ppoll(&(0x7f0000000140)=[{r1}], 0x1, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x10, 0x0, &(0x7f0000000440)=[@request_death], 0x0, 0x0, 0x0})

[   92.299224][ T5375] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[   92.365613][ T5342] syz-executor.3: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0x400cc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM), nodemask=(null),cpuset=syz3,mems_allowed=0-1
[   92.386211][ T5342] CPU: 0 PID: 5342 Comm: syz-executor.3 Not tainted 6.9.0-rc2-next-20240405-syzkaller #0
[   92.396315][ T5342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   92.406421][ T5342] Call Trace:
[   92.409745][ T5342]  <TASK>
[   92.412732][ T5342]  dump_stack_lvl+0x241/0x360
[   92.417520][ T5342]  ? __pfx_dump_stack_lvl+0x10/0x10
[   92.422785][ T5342]  ? __pfx__printk+0x10/0x10
[   92.427444][ T5342]  ? __rcu_read_unlock+0xa1/0x110
[   92.432800][ T5342]  warn_alloc+0x278/0x410
[   92.437205][ T5342]  ? __pfx_warn_alloc+0x10/0x10
[   92.442143][ T5342]  ? __get_vm_area_node+0x1b0/0x280
[   92.447493][ T5342]  ? __get_vm_area_node+0x244/0x280
[   92.452843][ T5342]  __vmalloc_node_range_noprof+0x6d0/0x1490
[   92.459052][ T5342]  ? __kasan_kmalloc_large+0x1a/0xa0
17:50:35 executing program 0:
r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000340)={0x0, &(0x7f0000000100)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000040)={0x0, 0x0, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_DIRTYFB(r0, 0xc01864b1, &(0x7f0000000040)={r3, 0x1, 0x0, 0x5, &(0x7f00000000c0)=[{}, {}, {}, {}, {}]})

[   92.464508][ T5342]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   92.470925][ T5342]  ? rcu_is_watching+0x15/0xb0
[   92.476295][ T5342]  ? trace_kmalloc+0x1f/0xd0
[   92.480942][ T5342]  ? __kmalloc_node_noprof+0x24c/0x440
[   92.486744][ T5342]  ? kvmalloc_node_noprof+0x72/0x190
[   92.492100][ T5342]  kvmalloc_node_noprof+0x142/0x190
[   92.497727][ T5342]  ? xt_alloc_table_info+0x3d/0xa0
[   92.502901][ T5342]  xt_alloc_table_info+0x3d/0xa0
[   92.507983][ T5342]  do_ip6t_set_ctl+0xaae/0x1250
[   92.513007][ T5342]  ? __pfx___might_resched+0x10/0x10
[   92.518372][ T5342]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[   92.524075][ T5342]  ? __pfx_lock_release+0x10/0x10
[   92.529266][ T5342]  ? __mutex_unlock_slowpath+0x21d/0x750
[   92.534987][ T5342]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   92.541056][ T5342]  ? __pfx_aa_sk_perm+0x10/0x10
[   92.545996][ T5342]  nf_setsockopt+0x295/0x2c0
[   92.550687][ T5342]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   92.556733][ T5342]  do_sock_setsockopt+0x3af/0x720
[   92.561838][ T5342]  ? __pfx_do_sock_setsockopt+0x10/0x10
[   92.567459][ T5342]  ? __fget_files+0x3f4/0x470
[   92.572387][ T5342]  ? __fget_files+0x28/0x470
[   92.577103][ T5342]  __sys_setsockopt+0x1ae/0x250
[   92.582328][ T5342]  __x64_sys_setsockopt+0xb5/0xd0
[   92.587423][ T5342]  do_syscall_64+0xfb/0x240
[   92.593188][ T5342]  entry_SYSCALL_64_after_hwframe+0x72/0x7a
[   92.599253][ T5342] RIP: 0033:0x7f747d87de69
[   92.603810][ T5342] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   92.623814][ T5342] RSP: 002b:00007f747e58c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   92.632372][ T5342] RAX: ffffffffffffffda RBX: 00007f747d9abf80 RCX: 00007f747d87de69
[   92.640914][ T5342] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[   92.649287][ T5342] RBP: 00007f747d8ca47a R08: 0000000000000620 R09: 0000000000000000
[   92.657581][ T5342] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000000
[   92.665627][ T5342] R13: 000000000000000b R14: 00007f747d9abf80 R15: 00007ffcd8397168
[   92.673673][ T5342]  </TASK>
[   92.702334][    T8] cfg80211: failed to load regulatory.db
17:50:35 executing program 1:
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000040))

[   92.717011][ T5342] Mem-Info:
[   92.720372][ T5342] active_anon:14674 inactive_anon:0 isolated_anon:0
[   92.720372][ T5342]  active_file:0 inactive_file:45935 isolated_file:0
[   92.720372][ T5342]  unevictable:768 dirty:8653 writeback:0
[   92.720372][ T5342]  slab_reclaimable:9383 slab_unreclaimable:94847
[   92.720372][ T5342]  mapped:18652 shmem:1357 pagetables:776
[   92.720372][ T5342]  sec_pagetables:0 bounce:0
[   92.720372][ T5342]  kernel_misc_reclaimable:0
[   92.720372][ T5342]  free:1361321 free_pcp:845 free_cma:0
17:50:35 executing program 0:
pipe2(&(0x7f0000000040), 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddc1517600"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)=0x2)
read(r1, 0x0, 0x2006)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)

[   92.835172][ T5342] Node 0 active_anon:58696kB inactive_anon:0kB active_file:0kB inactive_file:183664kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:74708kB dirty:34604kB writeback:0kB shmem:3892kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10336kB pagetables:3004kB sec_pagetables:0kB all_unreclaimable? no
[   92.901372][ T5342] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[   92.915589][ T5385] serio: Serial port pts0
[   92.932242][    C1] vkms_vblank_simulate: vblank timer overrun
[   92.951140][ T5342] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
17:50:35 executing program 1:
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002000020d3"])
ioctl$USBDEVFS_RESETEP(r0, 0x80045503, 0x0)

[   93.022215][ T5342] lowmem_reserve[]: 0 2571 2571 0 0
[   93.057366][ T5342] Node 0 DMA32 free:1466216kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:58756kB inactive_anon:0kB active_file:100kB inactive_file:183348kB unevictable:1536kB writepending:34592kB present:3129332kB managed:2660016kB mlocked:0kB bounce:0kB free_pcp:6552kB local_pcp:5584kB free_cma:0kB
[   93.133713][ T5109] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[   93.172365][ T5342] lowmem_reserve[]: 0 0 0 0 0
[   93.177417][ T5342] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:316kB unevictable:0kB writepending:12kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB
[   93.204458][    C1] vkms_vblank_simulate: vblank timer overrun
[   93.211988][ T5342] lowmem_reserve[]: 0 0 0 0 0
[   93.219689][ T5342] Node 1 Normal free:3951600kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:8kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   93.249276][    C1] vkms_vblank_simulate: vblank timer overrun
17:50:36 executing program 4:
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000a80), 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000000340)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x8, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x1}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0)

[   93.282573][ T5342] lowmem_reserve[]: 0 0 0 0 0
[   93.299927][ T5342] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
17:50:36 executing program 1:
r0 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f00000011c0)={0x84, @multicast2, 0x0, 0x0, 'wrr\x00'}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)

[   93.350934][ T5342] Node 0 DMA32: 436*4kB (UME) 413*8kB (UME) 173*16kB (UME) 88*32kB (UME) 25*64kB (UME) 12*128kB (UME) 5*256kB (UME) 6*512kB (UME) 4*1024kB (UME) 3*2048kB (UM) 351*4096kB (M) = 1466056kB
[   93.432532][ T5342] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
17:50:36 executing program 4:
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r1 = dup(r0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000100)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000040), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[   93.473204][ T5342] Node 1 Normal: 6*4kB (U) 5*8kB (U) 5*16kB (U) 7*32kB (U) 6*64kB (UM) 4*128kB (U) 1*256kB (M) 5*512kB (UM) 1*1024kB (U) 1*2048kB (M) 963*4096kB (M) = 3951600kB
[   93.498696][ T5342] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
17:50:36 executing program 1:
r0 = syz_open_dev$dmmidi(&(0x7f0000000080), 0xfc, 0x1)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x810c5701, &(0x7f00000000c0))

[   93.561913][ T5342] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   93.580931][ T5342] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
17:50:36 executing program 4:
bind$rds(0xffffffffffffffff, &(0x7f0000000580)={0x2, 0x0, @local}, 0x10)
setsockopt$RDS_GET_MR(0xffffffffffffffff, 0x114, 0x2, &(0x7f0000000080)={{0x0}, 0x0}, 0x20)

[   93.616622][ T5342] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   93.654586][ T5342] 47304 total pagecache pages
[   93.678989][ T5342] 0 pages in swap cache
[   93.710667][ T5342] Free swap  = 124996kB
17:50:36 executing program 0:
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='workdir=./bus,lowerdir=./file0,upperdir=./file1'])
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000000340)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
linkat(r0, &(0x7f0000001180)='./file1\x00', r0, &(0x7f00000002c0)='./file0\x00', 0x0)
unlink(&(0x7f0000000200)='./file0\x00')
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xffffff69)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)

[   93.747413][ T5342] Total swap = 124996kB
[   93.761942][ T5342] 2097051 pages RAM
[   93.804920][ T5342] 0 pages HighMem/MovableOnly
17:50:36 executing program 4:
r0 = io_uring_setup(0x4822, &(0x7f0000000180))
r1 = socket$packet(0x11, 0x2, 0x300)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000080)={0x0, 0x1, 0x6, @multicast}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

[   93.831138][ T5342] 400837 pages reserved
[   93.842716][ T5342] 0 pages cma reserved
17:50:36 executing program 1:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c831, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000080)={0x60, 0x0, &(0x7f00001fc000/0x1000)=nil, &(0x7f0000247000/0x1000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26})

17:50:36 executing program 4:
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000a80), 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14)
sendmmsg(r0, &(0x7f0000000340)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x8, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x1}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0)

17:50:36 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0)

17:50:37 executing program 0:
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[], &(0x7f0000000200)=""/247, 0x4a, 0xf7, 0x1}, 0x20)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
syz_emit_ethernet(0x5a, &(0x7f0000000200)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x24, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x0, 0x0, 0x0, {[@mptcp=@mp_join={0x1e, 0x3}, @mptcp=@syn={0x1e, 0xc}]}}}}}}}}, 0x0)

[   94.616792][  T138] ==================================================================
[   94.625115][  T138] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x78/0x1fd0
[   94.632699][  T138] Read of size 8 at addr ffff888022ef1fa8 by task kworker/u8:5/138
[   94.640708][  T138] 
[   94.643060][  T138] CPU: 1 PID: 138 Comm: kworker/u8:5 Not tainted 6.9.0-rc2-next-20240405-syzkaller #0
[   94.653028][  T138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   94.663296][  T138] Workqueue: writeback wb_workfn (flush-8:0)
[   94.669348][  T138] Call Trace:
[   94.672652][  T138]  <TASK>
[   94.675783][  T138]  dump_stack_lvl+0x241/0x360
[   94.680516][  T138]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.685775][  T138]  ? __pfx__printk+0x10/0x10
[   94.690397][  T138]  ? _printk+0xd5/0x120
[   94.694594][  T138]  ? __virt_addr_valid+0x183/0x520
[   94.699826][  T138]  ? __virt_addr_valid+0x183/0x520
[   94.705073][  T138]  print_report+0x169/0x550
[   94.709620][  T138]  ? __virt_addr_valid+0x183/0x520
[   94.714773][  T138]  ? __virt_addr_valid+0x183/0x520
[   94.719911][  T138]  ? __virt_addr_valid+0x44e/0x520
[   94.725238][  T138]  ? __phys_addr+0xba/0x170
[   94.729881][  T138]  ? __lock_acquire+0x78/0x1fd0
[   94.734797][  T138]  kasan_report+0x143/0x180
[   94.739323][  T138]  ? __lock_acquire+0x78/0x1fd0
[   94.744279][  T138]  __lock_acquire+0x78/0x1fd0
[   94.749062][  T138]  lock_acquire+0x1ed/0x550
[   94.753589][  T138]  ? wb_writeback+0x66f/0xd30
[   94.758377][  T138]  ? __pfx_lock_acquire+0x10/0x10
[   94.763440][  T138]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   94.768849][  T138]  _raw_spin_lock+0x2e/0x40
[   94.773640][  T138]  ? wb_writeback+0x66f/0xd30
[   94.778352][  T138]  wb_writeback+0x66f/0xd30
[   94.782877][  T138]  ? __pfx_wb_writeback+0x10/0x10
[   94.787925][  T138]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   94.794013][  T138]  wb_workfn+0x410/0x1090
[   94.798520][  T138]  ? __pfx_wb_workfn+0x10/0x10
[   94.803460][  T138]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   94.809484][  T138]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   94.815926][  T138]  ? process_scheduled_works+0x945/0x1830
[   94.821660][  T138]  process_scheduled_works+0xa2c/0x1830
[   94.827255][  T138]  ? __pfx_process_scheduled_works+0x10/0x10
[   94.833334][  T138]  ? assign_work+0x364/0x3d0
[   94.838113][  T138]  worker_thread+0x86d/0xd70
[   94.842718][  T138]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   94.848650][  T138]  ? __kthread_parkme+0x169/0x1d0
[   94.853720][  T138]  ? __pfx_worker_thread+0x10/0x10
[   94.858858][  T138]  kthread+0x2f0/0x390
[   94.862947][  T138]  ? __pfx_worker_thread+0x10/0x10
[   94.868083][  T138]  ? __pfx_kthread+0x10/0x10
[   94.872784][  T138]  ret_from_fork+0x4b/0x80
[   94.877323][  T138]  ? __pfx_kthread+0x10/0x10
[   94.881929][  T138]  ret_from_fork_asm+0x1a/0x30
[   94.886804][  T138]  </TASK>
[   94.889915][  T138] 
[   94.892303][  T138] Allocated by task 783:
[   94.896727][  T138]  kasan_save_track+0x3f/0x80
[   94.901417][  T138]  __kasan_kmalloc+0x98/0xb0
[   94.906023][  T138]  kmalloc_node_track_caller_noprof+0x22a/0x440
[   94.912373][  T138]  kmalloc_reserve+0x111/0x2a0
[   94.917173][  T138]  __alloc_skb+0x1f3/0x440
[   94.921606][  T138]  nsim_dev_trap_report_work+0x254/0xaa0
[   94.927380][  T138]  process_scheduled_works+0xa2c/0x1830
[   94.932971][  T138]  worker_thread+0x86d/0xd70
[   94.937662][  T138]  kthread+0x2f0/0x390
[   94.941750][  T138]  ret_from_fork+0x4b/0x80
[   94.946188][  T138]  ret_from_fork_asm+0x1a/0x30
[   94.950987][  T138] 
[   94.953335][  T138] Freed by task 783:
[   94.957258][  T138]  kasan_save_track+0x3f/0x80
[   94.961970][  T138]  kasan_save_free_info+0x40/0x50
[   94.967113][  T138]  poison_slab_object+0xe0/0x150
[   94.972099][  T138]  __kasan_slab_free+0x37/0x60
[   94.976933][  T138]  kfree+0x149/0x350
[   94.980848][  T138]  skb_release_data+0x690/0x890
[   94.985722][  T138]  consume_skb+0xb1/0x160
[   94.990065][  T138]  nsim_dev_trap_report_work+0x765/0xaa0
[   94.995801][  T138]  process_scheduled_works+0xa2c/0x1830
[   95.001377][  T138]  worker_thread+0x86d/0xd70
[   95.006033][  T138]  kthread+0x2f0/0x390
[   95.010143][  T138]  ret_from_fork+0x4b/0x80
[   95.014599][  T138]  ret_from_fork_asm+0x1a/0x30
[   95.019379][  T138] 
[   95.021795][  T138] The buggy address belongs to the object at ffff888022ef0000
[   95.021795][  T138]  which belongs to the cache kmalloc-4k of size 4096
[   95.036117][  T138] The buggy address is located 4008 bytes to the right of
[   95.036117][  T138]  allocated 4096-byte region [ffff888022ef0000, ffff888022ef1000)
[   95.051150][  T138] 
[   95.053486][  T138] The buggy address belongs to the physical page:
[   95.060160][  T138] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22ef0
[   95.068945][  T138] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   95.076513][  T138] flags: 0xfff80000000040(head|node=0|zone=1|lastcpupid=0xfff)
[   95.084152][  T138] page_type: 0xffffefff(slab)
[   95.088836][  T138] raw: 00fff80000000040 ffff888015042140 dead000000000100 dead000000000122
[   95.097424][  T138] raw: 0000000000000000 0000000000040004 00000001ffffefff 0000000000000000
[   95.106018][  T138] head: 00fff80000000040 ffff888015042140 dead000000000100 dead000000000122
[   95.114702][  T138] head: 0000000000000000 0000000000040004 00000001ffffefff 0000000000000000
[   95.123390][  T138] head: 00fff80000000003 ffffea00008bbc01 ffffea00008bbc48 00000000ffffffff
[   95.132097][  T138] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[   95.140866][  T138] page dumped because: kasan: bad access detected
[   95.147288][  T138] page_owner tracks the page as allocated
[   95.153002][  T138] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 138, tgid -1645027151 (kworker/u8:5), ts 138, free_ts 0
[   95.173355][  T138]  post_alloc_hook+0x1f3/0x230
[   95.178237][  T138]  get_page_from_freelist+0x2e7e/0x2f40
[   95.183829][  T138]  __alloc_pages_noprof+0x256/0x6c0
[   95.189220][  T138]  alloc_slab_page+0x5f/0x120
[   95.193913][  T138]  allocate_slab+0x5a/0x2e0
[   95.198432][  T138]  ___slab_alloc+0xcd1/0x14b0
[   95.203119][  T138]  __slab_alloc+0x58/0xa0
[   95.207472][  T138]  kmalloc_trace_noprof+0x1d5/0x2b0
[   95.212962][  T138]  kobject_uevent_env+0x28b/0x8e0
[   95.218009][  T138]  device_add+0x63b/0xbf0
[   95.222613][  T138]  scsi_sysfs_add_sdev+0x256/0x5a0
[   95.227770][  T138]  do_scan_async+0x42a/0x7a0
[   95.232458][  T138]  async_run_entry_fn+0xa8/0x420
[   95.237401][  T138]  process_scheduled_works+0xa2c/0x1830
[   95.243065][  T138]  worker_thread+0x86d/0xd70
[   95.247686][  T138]  kthread+0x2f0/0x390
[   95.251886][  T138] page_owner free stack trace missing
[   95.257259][  T138] 
[   95.259596][  T138] Memory state around the buggy address:
[   95.265236][  T138]  ffff888022ef1e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   95.273312][  T138]  ffff888022ef1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   95.281406][  T138] >ffff888022ef1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   95.289652][  T138]                                   ^
[   95.295035][  T138]  ffff888022ef2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   95.303383][  T138]  ffff888022ef2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   95.311648][  T138] ==================================================================
[   95.319886][  T138] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   95.327114][  T138] CPU: 1 PID: 138 Comm: kworker/u8:5 Not tainted 6.9.0-rc2-next-20240405-syzkaller #0
[   95.336692][  T138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   95.346855][  T138] Workqueue: writeback wb_workfn (flush-8:0)
[   95.352878][  T138] Call Trace:
[   95.356170][  T138]  <TASK>
[   95.359106][  T138]  dump_stack_lvl+0x241/0x360
[   95.363810][  T138]  ? __pfx_dump_stack_lvl+0x10/0x10
[   95.369026][  T138]  ? __pfx__printk+0x10/0x10
[   95.373984][  T138]  ? rcu_is_watching+0x15/0xb0
[   95.378776][  T138]  ? lock_release+0xbf/0x9f0
[   95.383485][  T138]  ? vscnprintf+0x5d/0x90
[   95.387837][  T138]  panic+0x349/0x860
[   95.391855][  T138]  ? check_panic_on_warn+0x21/0xb0
[   95.397096][  T138]  ? __pfx_panic+0x10/0x10
[   95.402021][  T138]  ? do_raw_spin_unlock+0x13c/0x8b0
[   95.407258][  T138]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   95.413292][  T138]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   95.419653][  T138]  ? print_report+0x502/0x550
[   95.424432][  T138]  check_panic_on_warn+0x86/0xb0
[   95.429386][  T138]  ? __lock_acquire+0x78/0x1fd0
[   95.434253][  T138]  end_report+0x77/0x160
[   95.438850][  T138]  kasan_report+0x154/0x180
[   95.443553][  T138]  ? __lock_acquire+0x78/0x1fd0
[   95.448430][  T138]  __lock_acquire+0x78/0x1fd0
[   95.453249][  T138]  lock_acquire+0x1ed/0x550
[   95.457958][  T138]  ? wb_writeback+0x66f/0xd30
[   95.462667][  T138]  ? __pfx_lock_acquire+0x10/0x10
[   95.467967][  T138]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   95.473458][  T138]  _raw_spin_lock+0x2e/0x40
[   95.478332][  T138]  ? wb_writeback+0x66f/0xd30
[   95.483125][  T138]  wb_writeback+0x66f/0xd30
[   95.487821][  T138]  ? __pfx_wb_writeback+0x10/0x10
[   95.493131][  T138]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   95.499325][  T138]  wb_workfn+0x410/0x1090
[   95.504128][  T138]  ? __pfx_wb_workfn+0x10/0x10
[   95.509096][  T138]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   95.515181][  T138]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   95.521819][  T138]  ? process_scheduled_works+0x945/0x1830
[   95.527562][  T138]  process_scheduled_works+0xa2c/0x1830
[   95.533333][  T138]  ? __pfx_process_scheduled_works+0x10/0x10
[   95.539628][  T138]  ? assign_work+0x364/0x3d0
[   95.544244][  T138]  worker_thread+0x86d/0xd70
[   95.548854][  T138]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   95.556010][  T138]  ? __kthread_parkme+0x169/0x1d0
[   95.561171][  T138]  ? __pfx_worker_thread+0x10/0x10
[   95.567119][  T138]  kthread+0x2f0/0x390
[   95.571212][  T138]  ? __pfx_worker_thread+0x10/0x10
[   95.576380][  T138]  ? __pfx_kthread+0x10/0x10
[   95.581008][  T138]  ret_from_fork+0x4b/0x80
[   95.585478][  T138]  ? __pfx_kthread+0x10/0x10
[   95.590179][  T138]  ret_from_fork_asm+0x1a/0x30
[   95.595056][  T138]  </TASK>
[   95.598510][  T138] Kernel Offset: disabled
[   95.602923][  T138] Rebooting in 86400 seconds..