last executing test programs:

1.923899782s ago: executing program 2 (id=3):
syz_emit_ethernet(0x42, &(0x7f00000003c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@timestamp_addr={0x44, 0xc, 0xa, 0x2, 0x0, [{@local}]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x40}}}}}}, 0x0)

1.751257109s ago: executing program 2 (id=6):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
r3 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x41, 0x0)
ioctl$IOMMU_GET_HW_INFO(r3, 0x3b8a, &(0x7f0000000980)={0x28, 0x0, 0x0, 0x96, &(0x7f00000008c0)=""/150})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r4, 0x5760, 0x5e)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x2, 0x7fff0000}]})
r6 = socket$inet_udp(0x2, 0x2, 0x0)
r7 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0xa, &(0x7f0000000040), 0x4)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x3a0, 0x0, 0x240, 0xffffffff, 0x1a0, 0x0, 0x3c8, 0x3c8, 0xffffffff, 0x3c8, 0x3c8, 0x5, 0x0, {[{{@ip={@rand_addr=0x64010100, @local, 0xff0000ff, 0xffffff00, 'veth1_to_bridge\x00', 'veth0_macvtap\x00', {}, {0xff}, 0x16}, 0x0, 0xa8, 0xe0, 0x48, {}, [@common=@unspec=@devgroup={{0x38}, {0x3, 0x0, 0x3, 0x3, 0x81}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0xae, {0xf, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x65, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0xfffc, 0xd, 0x1}, {0x2, 0x4, 0x3}, 0x1000, 0x100}}}, {{@ip={@multicast2, @broadcast, 0xff, 0x0, 'virt_wifi0\x00', 'veth1_to_bridge\x00', {}, {}, 0x0, 0x0, 0x4e}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@rand_addr=0x64010102, @ipv4=@private=0xa010101, @icmp_id=0x68, @icmp_id=0x64}}}, {{@ip={@loopback, @remote, 0xff, 0x0, 'batadv_slave_1\x00', 'ip_vti0\x00', {}, {0xff}, 0x6, 0x1, 0x5}, 0x0, 0x98, 0xd0, 0x0, {}, [@common=@icmp={{0x28}, {0x4, '\\Q', 0x1}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x10, @local, @dev={0xac, 0x14, 0x14, 0x2a}, @port=0x4e22, @gre_key=0x5}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x400)
close_range(r5, 0xffffffffffffffff, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
r8 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
mmap(&(0x7f0000608000/0x4000)=nil, 0x4000, 0x1000001, 0x1010, r6, 0x945d000)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r8, 0xc2604111, &(0x7f0000000540)={0x0, [[0x223, 0x0, 0x0, 0x1], [0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32], [0x2]], '\x00', [{}, {}, {}, {0x0, 0x7}, {}, {}, {}, {}, {}, {0x3}]})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4048aec9, &(0x7f0000000140)={0x6, 0x0, @ioapic={0x5000, 0x995, 0xb, 0xfffffffe, 0x0, [{0x5, 0x6, 0x89, '\x00', 0x2}, {0x2, 0xa, 0x8, '\x00', 0xfe}, {0x4, 0x2, 0x6, '\x00', 0x6}, {0x8, 0x7, 0x3, '\x00', 0x4a}, {0x3, 0x5, 0xee, '\x00', 0x80}, {0x8, 0x5, 0x2, '\x00', 0x8}, {0x4, 0x8, 0x5, '\x00', 0xf0}, {0x8, 0xce, 0xc}, {0x4, 0x80, 0xe7, '\x00', 0xc5}, {0x2, 0xa, 0x8, '\x00', 0x81}, {0xb, 0x5, 0xf8, '\x00', 0xbf}, {0x3, 0x2, 0xb, '\x00', 0xa}, {0xfe, 0xca, 0xa, '\x00', 0x1}, {0x5, 0x6, 0x3, '\x00', 0x5}, {0x7, 0x5, 0x5, '\x00', 0x10}, {0x7, 0x3, 0x2, '\x00', 0x8}, {0xc, 0x8, 0x5, '\x00', 0x9}, {0x7, 0x22, 0x9, '\x00', 0x6}, {0x5, 0xf6, 0xd, '\x00', 0x15}, {0x1, 0x9, 0x5, '\x00', 0x6}, {0xbe, 0x2, 0x4}, {0x8, 0xba, 0x80, '\x00', 0x2}, {0x7, 0xc, 0xb, '\x00', 0x5}, {0x9, 0x4, 0x7, '\x00', 0x5}]}})

1.444155001s ago: executing program 0 (id=1):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r3 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102})
ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000080)={'pimreg1\x00', 0x400})
ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000000)={0x0, 0x0})
ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f00000000c0)={'dvmrp1\x00', 0x600})
r4 = socket$netlink(0x10, 0x3, 0xa)
syz_usb_connect$printer(0x3, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0xb5, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x7, 0x1, 0x2, 0x9c, "", {{{0x9, 0x5, 0x1, 0x2, 0x428, 0xf4, 0xba, 0x9}}}}}]}}]}}, &(0x7f0000000300)={0x0, 0x0, 0x8, &(0x7f0000000140)={0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}})
r5 = dup(r4)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r5, 0x7ab, &(0x7f00000001c0)={&(0x7f0000000340)={{@any, 0xde}, {@hyper, 0x24a}, 0x400, "0197247055f63c3f5789a8081f2a1bd3b69274609e8e5a44ce7399081d8801513c3171b3e6f9ff89c183b82d2b8c476e7795f648dd17e3f96569e1fe1c3a44e479065da00088c5df910065e4789b486e90283d97d3f3774babc43bcf0086fa904098008ce8412f1feaf7a6cc55b321e64ac4b80821bb21db1489f480c7df38b885f20b5740e64653b511693180967dc8900f2167ab16e89084230f76a0eb1f9523eb703fbf015347050af1a968f67318d1b28fed49789833dee668ce3c45e201e3b79644ce21401c3def34ea50ae978255306fe4493c856761ef4ee9a743e3f12398d48c1b39c89bba3463b705176012748cf589523c5519c424bffa8f9cd23d5541fcfa399998c4ada5dfdf0061273f40b5c98d223df9d0c1e464015b5bd3fd6fd2198d1e4188d2e28cf5b561564013a0f4b573281b59ac6aab3701de2cee9c9f09fff2680bd23c91c17a340cf440decd736b8fef975a47f2163c6ae236eac725815bc1b72457e66510da471fc89f0dace9758047fca466181c22f46bd7758bc792fcf0063e33a0535d6d7db7a7565d4070f3ba1a7433c6f0fc27992f8649f63036f56c201ad8bc605f834c0183db4566b86f040766aa53324d6978570b46a9631d8e1798342beeba2ff3275e00d62f109e06573b3c7660c80d2832ad18113f50c43c0d02b373403f178c8d5d5268d73335b02fe2dfa9b7213c72b4043a58cfa6f496f2420b719e37b1c02a699a2f7e17cb5e6ec60c6c8df7bf11fc0a16b27cbbbd965808dae4096aa8063933c47ee6ab38214b2d96f3cd2a1d237eea9381b40f956cfe189946759354e5565b416cc8dc320a32e44a6d22620b1f8a52cf374176f1e4c0852bd7b1d19a1e5c94fd0aa05999e1fa501269265aff18f7d02019dc3e1d9c5b7a468665ead04a4d80b245ed20bddbd907e937980a345b8ab7fb8bcf649d10f343df54c5c656e09f3578f5d91e6ecdc860976583809b2f83d3fb131bde674558453785954bd819be2c78f2916d1b25afd3ba0f4078afafba0797b95b221cf6473d828f2b71313fa9c82ae1a14f722be724eb43f7634e8e2d787ce88cc3a37470313626afc113e6daab7753298135e2e06adb3f5085a07ffc6f4c9b1335ad0f2c8f0728aa7d2baa62aaa29908ad2ba2e0958e4245f9b992ae7d17b6a17e80c43d84f532ae018dd528954aa5f641051fbe3b6eb20b99524e75f32e7ec20ad92c43cc7d0f1ac842ea1fec790e78f6407e06fd7efb9995369b7ab768fb79737326003bd8e44bb24fb57a4e1133b9d1f491c577d3f2f01122d2297a6e4ee5f620b043e5d925c95a8468677ef7da5943d02cff8b9e2747db03c0c3d51f3f1a5a7a2f85edb77ecb945ae34e4c7208c00553e88c55ea9d9db26ecc8595a203b9246a0b2bee075b629de52c67625df4f9cb15d611bc7148802898cb6f30112012"}, 0x418, 0x6})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
sendfile(r5, 0xffffffffffffffff, 0x0, 0x80001d00c0d1)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002700)=ANY=[@ANYBLOB="c474000042000701feffffff00000000017c0000ec0242805b021a80d501ee80fb8d136da31edc546f500c8cfa08a5c5754b91c2df21434977915ca20818805268c77c40d30d690be101237fe2d4f76ecbd0a3a72fd24530e0c798c833077a5f872fe39e7969b90d69bc920c426d98543a115113b491e8cfedcadf90301401d69f157034d9236f5296c5e7672ee37ff38111b6bc2648ab6aa17910a3404651fb2e87661960284b3708021087b3018adc0e3ee9906d0091bff50dab42528573bd5e64cd4432fff76b731360a6287463cc2bcb8cdfabeb537ef6be5f442a4ad6d97e9197a72790584202a68843cd90cf7b4d17bd354efba83e56231126b41743aecfd0bca0e7fbaecefd57f3da424405f5bbee4940eb3d75c66e85767aebc33dc0474446f5b777bfb24d9d811574b0124053ef4d4041aedaa9382a720c76fd8af91024a3abc4f3b0c968bb09b994e2a5c5da74ccbc86ed9dcbc7f827af348bae3c609ebacfcd1c145b8fb4e866bba160d595fd8027174aaa3d1ff903eb3053b6fbf0693acc2b14b95a134ba6d55a853e51f2394e6e202013ca10fa9f99b79730aa957b93219e2f2ec64749b88b0e0cdfea1a5c7f47fc2fdf7d30809c89905c3e0e896aeda66adcabed006a0da29cb0a48491d4c1097750365e0c02e15106c9bd8926e34e43a9108ba8729e4cdaca2d7ed99700000004002c800400ee0004002c80b4dfec08383fe7db080f4e90f4f7ed53618ec09a3f4af45e1b81cc948f38db20641761807964a90070731a1c4c7134321838a59a55ebdbfbc725f2fadb0964e32c0335a5366c75c36269f8d7e0fafaeddedd96882d37d55b7f11e9fa4831f636410dae304267004ed4ba7f681d970c0400ad80001400ae002001000000000000000000000000000208005800ac1e01010400758069003a0005482336b4a905f43e90a19cf7edbb2356f7002fa5414748bf9734f53e2a2dab6a0b4ac7154b6aee5efbbf3cfa3692ea4e29f961e5d09163f61ee64ad41014412031ecb95750ddd395ef93a30105426a37b4ea9945e8552e27099fe2ff422ee477953acc39000000c47101"], 0x74c4}, 0x1, 0x0, 0x0, 0xc004}, 0xc000)

658.33189ms ago: executing program 2 (id=7):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1, 0x8}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newtfilter={0x58, 0x2c, 0xd27, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {}, {0x10, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x28, 0x2, [@TCA_FLOW_EMATCHES={0x24, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0xf, 0x7, 0xfff7}, {{0x4, 0x1, 0x0, 0x1}, {0x1, 0x0, 0x1, 0x1}}}}]}]}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20040084}, 0x2008c010)

0s ago: executing program 2 (id=8):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000)
r1 = socket(0x2b, 0x80801, 0x1)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.196' (ED25519) to the list of known hosts.
[   82.972853][ T5788] cgroup: Unknown subsys name 'net'
[   83.224371][ T5788] cgroup: Unknown subsys name 'cpuset'
[   83.290169][ T5788] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   84.950425][ T5788] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   86.914621][   T10] cfg80211: failed to load regulatory.db
[   87.833929][ T5807] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   87.837283][ T5807] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   87.853201][ T5812] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   87.857352][ T5812] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   87.858221][ T5812] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   87.859523][ T5812] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   87.863779][ T5812] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   87.865670][ T5812] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   87.866963][ T5812] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   87.867821][ T5812] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   87.871932][ T5812] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   87.949812][ T5817] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   87.953226][ T5817] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   87.955834][ T5807] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   87.957198][ T5817] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   87.958459][ T5817] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   87.961201][ T5817] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   87.962071][ T5817] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   87.980865][ T5817] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   87.984136][ T5817] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   87.984973][ T5817] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   87.985748][ T5817] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   87.986889][ T5817] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   87.987633][ T5817] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   87.988024][ T5817] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   88.849247][ T5810] chnl_net:caif_netlink_parms(): no params data found
[   88.906099][ T5800] chnl_net:caif_netlink_parms(): no params data found
[   88.921955][ T5813] chnl_net:caif_netlink_parms(): no params data found
[   89.336765][ T5802] chnl_net:caif_netlink_parms(): no params data found
[   89.344244][ T5801] chnl_net:caif_netlink_parms(): no params data found
[   89.931678][   T61] Bluetooth: hci0: command tx timeout
[   89.931788][ T5804] Bluetooth: hci3: command tx timeout
[   90.009143][ T5804] Bluetooth: hci4: command tx timeout
[   90.010307][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.011692][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.012077][ T5810] bridge_slave_0: entered allmulticast mode
[   90.013728][ T5810] bridge_slave_0: entered promiscuous mode
[   90.099621][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.099828][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.099999][ T5800] bridge_slave_0: entered allmulticast mode
[   90.101756][ T5800] bridge_slave_0: entered promiscuous mode
[   90.124268][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.124395][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.124650][ T5810] bridge_slave_1: entered allmulticast mode
[   90.127262][ T5810] bridge_slave_1: entered promiscuous mode
[   90.132298][ T5813] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.132416][ T5813] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.132603][ T5813] bridge_slave_0: entered allmulticast mode
[   90.135505][ T5813] bridge_slave_0: entered promiscuous mode
[   90.139676][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.139800][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.140350][ T5800] bridge_slave_1: entered allmulticast mode
[   90.143455][ T5800] bridge_slave_1: entered promiscuous mode
[   90.169038][   T61] Bluetooth: hci1: command tx timeout
[   90.169289][ T5804] Bluetooth: hci2: command tx timeout
[   90.305730][ T5813] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.305861][ T5813] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.306073][ T5813] bridge_slave_1: entered allmulticast mode
[   90.307976][ T5813] bridge_slave_1: entered promiscuous mode
[   90.783584][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.862900][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.053300][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.056726][ T5813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.060229][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.060651][ T5802] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.060841][ T5802] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.061005][ T5802] bridge_slave_0: entered allmulticast mode
[   91.063693][ T5802] bridge_slave_0: entered promiscuous mode
[   91.279949][ T5801] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.280023][ T5801] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.280146][ T5801] bridge_slave_0: entered allmulticast mode
[   91.281709][ T5801] bridge_slave_0: entered promiscuous mode
[   91.382648][ T5813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.460890][ T5802] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.461020][ T5802] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.461217][ T5802] bridge_slave_1: entered allmulticast mode
[   91.462731][ T5802] bridge_slave_1: entered promiscuous mode
[   91.464366][ T5801] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.464494][ T5801] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.464610][ T5801] bridge_slave_1: entered allmulticast mode
[   91.466155][ T5801] bridge_slave_1: entered promiscuous mode
[   91.891688][ T5810] team0: Port device team_slave_0 added
[   91.951802][ T5800] team0: Port device team_slave_0 added
[   92.009495][   T61] Bluetooth: hci3: command tx timeout
[   92.009589][ T5804] Bluetooth: hci0: command tx timeout
[   92.089072][ T5804] Bluetooth: hci4: command tx timeout
[   92.121668][ T5810] team0: Port device team_slave_1 added
[   92.123541][ T5813] team0: Port device team_slave_0 added
[   92.125604][ T5800] team0: Port device team_slave_1 added
[   92.128587][ T5802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.249063][   T61] Bluetooth: hci1: command tx timeout
[   92.249137][ T5804] Bluetooth: hci2: command tx timeout
[   92.322616][ T5801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.400923][ T5813] team0: Port device team_slave_1 added
[   92.482274][ T5802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.484429][ T5801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.870975][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.870986][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   92.870999][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.970626][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.970643][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   92.970665][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.110774][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.110791][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   93.110815][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.111939][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.111952][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   93.111973][ T5813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.113155][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.113168][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   93.113192][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.115106][ T5802] team0: Port device team_slave_0 added
[   93.117590][ T5801] team0: Port device team_slave_0 added
[   93.134023][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.134039][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   93.134056][ T5813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.149796][ T5802] team0: Port device team_slave_1 added
[   93.152806][ T5801] team0: Port device team_slave_1 added
[   93.800451][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.800466][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   93.800479][ T5802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.801657][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.801670][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   93.801693][ T5801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.060641][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.060657][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   94.060679][ T5802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.061770][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.061779][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   94.061792][ T5801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.067570][ T5810] hsr_slave_0: entered promiscuous mode
[   94.068659][ T5810] hsr_slave_1: entered promiscuous mode
[   94.092254][   T61] Bluetooth: hci3: command tx timeout
[   94.092347][ T5804] Bluetooth: hci0: command tx timeout
[   94.169016][ T5804] Bluetooth: hci4: command tx timeout
[   94.265194][ T5800] hsr_slave_0: entered promiscuous mode
[   94.266056][ T5800] hsr_slave_1: entered promiscuous mode
[   94.266709][ T5800] debugfs: 'hsr0' already exists in 'hsr'
[   94.266801][ T5800] Cannot create hsr debugfs directory
[   94.315767][ T5813] hsr_slave_0: entered promiscuous mode
[   94.317093][ T5813] hsr_slave_1: entered promiscuous mode
[   94.317668][ T5813] debugfs: 'hsr0' already exists in 'hsr'
[   94.317687][ T5813] Cannot create hsr debugfs directory
[   94.340254][ T5804] Bluetooth: hci2: command tx timeout
[   94.340294][ T5804] Bluetooth: hci1: command tx timeout
[   94.975011][ T5802] hsr_slave_0: entered promiscuous mode
[   94.976060][ T5802] hsr_slave_1: entered promiscuous mode
[   94.976587][ T5802] debugfs: 'hsr0' already exists in 'hsr'
[   94.976604][ T5802] Cannot create hsr debugfs directory
[   94.986389][ T5801] hsr_slave_0: entered promiscuous mode
[   94.987951][ T5801] hsr_slave_1: entered promiscuous mode
[   94.989627][ T5801] debugfs: 'hsr0' already exists in 'hsr'
[   94.989651][ T5801] Cannot create hsr debugfs directory
[   96.169043][   T61] Bluetooth: hci0: command tx timeout
[   96.169075][   T61] Bluetooth: hci3: command tx timeout
[   96.249065][ T5804] Bluetooth: hci4: command tx timeout
[   96.291467][ T5810] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   96.328019][ T5810] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   96.343736][ T5810] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   96.395136][ T5810] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   96.408919][ T5804] Bluetooth: hci1: command tx timeout
[   96.408953][ T5804] Bluetooth: hci2: command tx timeout
[   96.505391][ T5800] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   96.546402][ T5800] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   96.592007][ T5800] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   96.637012][ T5800] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   96.747129][ T5813] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   96.787619][ T5813] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   96.831357][ T5813] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   96.879680][ T5813] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   97.030522][ T5802] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   97.082522][ T5802] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   97.140862][ T5802] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   97.190649][ T5802] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   97.332979][ T5801] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   97.367083][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.373461][ T5801] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   97.421087][ T5801] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   97.460094][ T5801] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   97.547037][ T5810] 8021q: adding VLAN 0 to HW filter on device team0
[   97.567246][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.589818][ T1166] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.589972][ T1166] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.654941][ T1166] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.655055][ T1166] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.692484][ T5800] 8021q: adding VLAN 0 to HW filter on device team0
[   97.712692][ T5813] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.735344][ T3493] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.735459][ T3493] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.775070][ T3493] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.775299][ T3493] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.837304][ T5813] 8021q: adding VLAN 0 to HW filter on device team0
[   97.878230][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.878359][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.894035][ T5802] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.923187][ T3493] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.923286][ T3493] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.006459][ T5802] 8021q: adding VLAN 0 to HW filter on device team0
[   98.053551][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.053765][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.082435][ T5801] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.113362][   T70] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.113505][   T70] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.215343][ T5801] 8021q: adding VLAN 0 to HW filter on device team0
[   98.267497][ T3493] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.267815][ T3493] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.318627][ T3493] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.322466][ T3493] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.402693][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.607778][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.690799][ T5810] veth0_vlan: entered promiscuous mode
[   98.740384][ T5810] veth1_vlan: entered promiscuous mode
[   98.862390][ T5813] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.890554][ T5800] veth0_vlan: entered promiscuous mode
[   98.955998][ T5800] veth1_vlan: entered promiscuous mode
[   99.003430][ T5810] veth0_macvtap: entered promiscuous mode
[   99.042059][ T5810] veth1_macvtap: entered promiscuous mode
[   99.131887][ T5802] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.164415][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.205846][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.214463][ T5801] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.225638][ T5800] veth0_macvtap: entered promiscuous mode
[   99.263548][ T3958] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.265163][ T5800] veth1_macvtap: entered promiscuous mode
[   99.287346][ T3958] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.306056][ T3958] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.336206][ T3958] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.484381][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.542638][ T5802] veth0_vlan: entered promiscuous mode
[   99.551110][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.594474][   T70] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.607336][   T70] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.615085][ T5802] veth1_vlan: entered promiscuous mode
[   99.625139][ T3493] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.642900][ T3493] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.664809][ T5801] veth0_vlan: entered promiscuous mode
[   99.728090][ T5813] veth0_vlan: entered promiscuous mode
[   99.742297][   T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.742318][   T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.813004][ T5801] veth1_vlan: entered promiscuous mode
[   99.875367][ T5813] veth1_vlan: entered promiscuous mode
[   99.885982][ T3493] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.886001][ T3493] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.008140][ T5802] veth0_macvtap: entered promiscuous mode
[  100.031942][ T3493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.031962][ T3493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.045535][ T5802] veth1_macvtap: entered promiscuous mode
[  100.117849][ T5801] veth0_macvtap: entered promiscuous mode
[  100.135568][ T3493] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.135588][ T3493] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.196266][ T5801] veth1_macvtap: entered promiscuous mode
[  100.231275][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.240019][ T5813] veth0_macvtap: entered promiscuous mode
[  100.291951][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.305460][ T5813] veth1_macvtap: entered promiscuous mode
[  100.365155][   T70] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.369889][   T70] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.373050][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.374671][   T70] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.382083][   T70] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.407721][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.602918][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.616035][   T70] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.228942][   T70] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.341915][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.363397][ T1350] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.413239][ T1350] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.556666][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.579398][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.581944][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.647806][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.120137][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.120157][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.179943][ T1239] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  102.223387][ T5937] ==================================================================
[  102.223404][ T5937] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0
[  102.223442][ T5937] Read of size 8 at addr ffff8880369158f8 by task syz.2.8/59[  102.223442][ T5937] Read of size 8 at addr ffff8880369158f8 by task syz.2.8/5937
[  102.223458][ T5937] 
[  102.223481][ T5937] CPU: 0 UID: 0 PID: 5937 Comm: syz.2.8 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  102.223503][ T5937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  102.223520][ T5937] Call Trace:
[  102.223530][ T5937]  <TASK>
[  102.223538][ T5937]  dump_stack_lvl+0x189/0x250
[  102.223561][ T5937]  ? __kasan_check_byte+0x12/0x40
[  102.223581][ T5937]  ? __pfx_dump_stack_lvl+0x10/0x10
[  102.223600][ T5937]  ? lock_release+0x4b/0x3e0
[  102.223622][ T5937]  ? __virt_addr_valid+0x4a5/0x5c0
[  102.223644][ T5937]  print_report+0xca/0x240
[  102.223667][ T5937]  ? change_page_attr_set_clr+0x625/0xfc0
[  102.223696][ T5937]  kasan_report+0x118/0x150
[  102.223717][ T5937]  ? change_page_attr_set_clr+0x625/0xfc0
[  102.223743][ T5937]  change_page_attr_set_clr+0x625/0xfc0
[  102.223771][ T5937]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[  102.223796][ T5937]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[  102.223818][ T5937]  ? memtype_reserve+0x874/0xb30
[  102.223854][ T5937]  _set_pages_array+0x145/0x270
[  102.223873][ T5937]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[  102.223901][ T5937]  ? drm_gem_shmem_mmap+0x18b/0x450
[  102.223921][ T5937]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[  102.223946][ T5937]  ? rt_read_unlock+0x150/0x220
[  102.223972][ T5937]  drm_gem_shmem_mmap+0x193/0x450
[  102.223995][ T5937]  drm_gem_mmap_obj+0x18a/0x4e0
[  102.224015][ T5937]  drm_gem_mmap+0x38d/0x640
[  102.224035][ T5937]  ? __pfx_drm_gem_mmap+0x10/0x10
[  102.224053][ T5937]  ? __mas_set_range+0x12f/0x3c0
[  102.224077][ T5937]  mmap_region+0x18c9/0x20f0
[  102.224104][ T5937]  ? __pfx_mmap_region+0x10/0x10
[  102.224124][ T5937]  ? trace_sched_exit_tp+0x36/0x110
[  102.224142][ T5937]  ? __schedule+0x1709/0x4c20
[  102.224203][ T5937]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[  102.224238][ T5937]  ? bpf_lsm_mmap_addr+0x9/0x20
[  102.224261][ T5937]  ? security_mmap_addr+0x71/0x270
[  102.224285][ T5937]  ? shmem_mapping+0xd/0x50
[  102.224300][ T5937]  ? memfd_check_seals_mmap+0xcb/0x210
[  102.224332][ T5937]  do_mmap+0xc23/0x10c0
[  102.224353][ T5937]  ? __pfx_do_mmap+0x10/0x10
[  102.224369][ T5937]  ? rwbase_write_lock+0x56f/0x750
[  102.224391][ T5937]  ? __lock_acquire+0xab9/0xd20
[  102.224410][ T5937]  vm_mmap_pgoff+0x2a9/0x4d0
[  102.224439][ T5937]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  102.224464][ T5937]  ? __fget_files+0x2a/0x420
[  102.224483][ T5937]  ? __fget_files+0x3a6/0x420
[  102.224500][ T5937]  ? __fget_files+0x2a/0x420
[  102.224518][ T5937]  ksys_mmap_pgoff+0x4e9/0x720
[  102.224534][ T5937]  ? __x64_sys_mmap+0x7f/0x140
[  102.224561][ T5937]  do_syscall_64+0xfa/0xfa0
[  102.224577][ T5937]  ? lockdep_hardirqs_on+0x9c/0x150
[  102.224600][ T5937]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.224618][ T5937]  ? clear_bhb_loop+0x60/0xb0
[  102.224640][ T5937]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.224659][ T5937] RIP: 0033:0x7f6cf94cefc9
[  102.224686][ T5937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.224704][ T5937] RSP: 002b:00007f6cf7736038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  102.224726][ T5937] RAX: ffffffffffffffda RBX: 00007f6cf9725fa0 RCX: 00007f6cf94cefc9
[  102.224742][ T5937] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[  102.224756][ T5937] RBP: 00007f6cf9551f91 R08: 0000000000000003 R09: 0000000100000000
[  102.224770][ T5937] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[  102.224783][ T5937] R13: 00007f6cf9726038 R14: 00007f6cf9725fa0 R15: 00007fff0b99ff68
[  102.224806][ T5937]  </TASK>
[  102.224814][ T5937] 
[  102.224822][ T5937] Allocated by task 5937:
[  102.224832][ T5937]  kasan_save_track+0x3e/0x80
[  102.224848][ T5937]  __kasan_kmalloc+0x93/0xb0
[  102.224864][ T5937]  __kvmalloc_node_noprof+0x3fd/0x920
[  102.224883][ T5937]  drm_gem_get_pages+0x169/0xa30
[  102.224899][ T5937]  drm_gem_shmem_get_pages_locked+0x201/0x440
[  102.224921][ T5937]  drm_gem_shmem_mmap+0x193/0x450
[  102.224941][ T5937]  drm_gem_mmap_obj+0x18a/0x4e0
[  102.224958][ T5937]  drm_gem_mmap+0x38d/0x640
[  102.224973][ T5937]  mmap_region+0x18c9/0x20f0
[  102.224996][ T5937]  do_mmap+0xc23/0x10c0
[  102.225010][ T5937]  vm_mmap_pgoff+0x2a9/0x4d0
[  102.225034][ T5937]  ksys_mmap_pgoff+0x4e9/0x720
[  102.225049][ T5937]  do_syscall_64+0xfa/0xfa0
[  102.225063][ T5937]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.225080][ T5937] 
[  102.225084][ T5937] The buggy address belongs to the object at ffff888036915800
[  102.225084][ T5937]  which belongs to the cache kmalloc-256 of size 256
[  102.225100][ T5937] The buggy address is located 0 bytes to the right of
[  102.225100][ T5937]  allocated 248-byte region [ffff888036915800, ffff8880369158f8)
[  102.225120][ T5937] 
[  102.225125][ T5937] The buggy address belongs to the physical page:
[  102.225143][ T5937] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36914
[  102.225160][ T5937] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  102.225175][ T5937] flags: 0x80000000000040(head|node=0|zone=1)
[  102.225195][ T5937] page_type: f5(slab)
[  102.225213][ T5937] raw: 0080000000000040 ffff88813ff26b40 dead000000000122 0000000000000000
[  102.225229][ T5937] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  102.225247][ T5937] head: 0080000000000040 ffff88813ff26b40 dead000000000122 0000000000000000
[  102.225272][ T5937] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  102.225289][ T5937] head: 0080000000000001 ffffea0000da4501 00000000ffffffff 00000000ffffffff
[  102.225306][ T5937] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000002
[  102.225323][ T5937] page dumped because: kasan: bad access detected
[  102.225353][ T5937] page_owner tracks the page as allocated
[  102.225360][ T5937] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5813, tgid 5813 (syz-executor), ts 101901014997, free_ts 101500744510
[  102.225395][ T5937]  post_alloc_hook+0x240/0x2a0
[  102.225412][ T5937]  get_page_from_freelist+0x28c0/0x2960
[  102.225433][ T5937]  __alloc_frozen_pages_noprof+0x181/0x370
[  102.225458][ T5937]  alloc_pages_mpol+0xd1/0x380
[  102.225477][ T5937]  allocate_slab+0x96/0x3a0
[  102.225498][ T5937]  ___slab_alloc+0xb12/0x13f0
[  102.225518][ T5937]  __slab_alloc+0xc6/0x1f0
[  102.225537][ T5937]  __kmalloc_noprof+0x14b/0x7d0
[  102.225553][ T5937]  fib_create_info+0x172d/0x3210
[  102.225576][ T5937]  fib_table_insert+0xc6/0x1b50
[  102.225601][ T5937]  fib_magic+0x2c4/0x390
[  102.225619][ T5937]  fib_add_ifaddr+0x144/0x5f0
[  102.225637][ T5937]  fib_netdev_event+0x382/0x490
[  102.225657][ T5937]  notifier_call_chain+0x1b6/0x3e0
[  102.225674][ T5937]  __dev_notify_flags+0x18d/0x2e0
[  102.225698][ T5937]  netif_change_flags+0xe8/0x1a0
[  102.225722][ T5937] page last free pid 28 tgid 28 stack trace:
[  102.225732][ T5937]  __free_frozen_pages+0xfb6/0x1140
[  102.225750][ T5937]  rcu_cpu_kthread+0xbf6/0x1b50
[  102.225769][ T5937]  smpboot_thread_fn+0x542/0xa60
[  102.225784][ T5937]  kthread+0x711/0x8a0
[  102.225803][ T5937]  ret_from_fork+0x4bc/0x870
[  102.225826][ T5937]  ret_from_fork_asm+0x1a/0x30
[  102.225848][ T5937] 
[  102.225853][ T5937] Memory state around the buggy address:
[  102.225863][ T5937]  ffff888036915780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  102.225877][ T5937]  ffff888036915800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  102.225890][ T5937] >ffff888036915880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[  102.225899][ T5937]                                                                 ^
[  102.225911][ T5937]  ffff888036915900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  102.225924][ T5937]  ffff888036915980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  102.225934][ T5937] ==================================================================
[  102.252178][ T5937] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  102.252200][ T5937] CPU: 1 UID: 0 PID: 5937 Comm: syz.2.8 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  102.252224][ T5937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  102.252236][ T5937] Call Trace:
[  102.252243][ T5937]  <TASK>
[  102.252252][ T5937]  dump_stack_lvl+0x99/0x250
[  102.252279][ T5937]  ? __asan_memcpy+0x40/0x70
[  102.252305][ T5937]  ? __pfx_dump_stack_lvl+0x10/0x10
[  102.252326][ T5937]  ? __pfx__printk+0x10/0x10
[  102.252354][ T5937]  vpanic+0x237/0x6d0
[  102.252372][ T5937]  ? __pfx_vpanic+0x10/0x10
[  102.252388][ T5937]  ? preempt_schedule+0xae/0xc0
[  102.252413][ T5937]  ? __pfx_preempt_schedule+0x10/0x10
[  102.252441][ T5937]  panic+0xb9/0xc0
[  102.252457][ T5937]  ? __pfx_panic+0x10/0x10
[  102.252476][ T5937]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  102.252506][ T5937]  ? change_page_attr_set_clr+0x625/0xfc0
[  102.252532][ T5937]  check_panic_on_warn+0x89/0xb0
[  102.252554][ T5937]  ? change_page_attr_set_clr+0x625/0xfc0
[  102.252579][ T5937]  end_report+0x78/0x160
[  102.252598][ T5937]  kasan_report+0x129/0x150
[  102.252618][ T5937]  ? change_page_attr_set_clr+0x625/0xfc0
[  102.252647][ T5937]  change_page_attr_set_clr+0x625/0xfc0
[  102.252675][ T5937]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[  102.252700][ T5937]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[  102.252723][ T5937]  ? memtype_reserve+0x874/0xb30
[  102.252753][ T5937]  _set_pages_array+0x145/0x270
[  102.252772][ T5937]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[  102.252795][ T5937]  ? drm_gem_shmem_mmap+0x18b/0x450
[  102.252818][ T5937]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[  102.252842][ T5937]  ? rt_read_unlock+0x150/0x220
[  102.252866][ T5937]  drm_gem_shmem_mmap+0x193/0x450
[  102.252890][ T5937]  drm_gem_mmap_obj+0x18a/0x4e0
[  102.252911][ T5937]  drm_gem_mmap+0x38d/0x640
[  102.252929][ T5937]  ? __pfx_drm_gem_mmap+0x10/0x10
[  102.252948][ T5937]  ? __mas_set_range+0x12f/0x3c0
[  102.252975][ T5937]  mmap_region+0x18c9/0x20f0
[  102.253008][ T5937]  ? __pfx_mmap_region+0x10/0x10
[  102.253029][ T5937]  ? trace_sched_exit_tp+0x36/0x110
[  102.253059][ T5937]  ? __schedule+0x1709/0x4c20
[  102.253115][ T5937]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[  102.253151][ T5937]  ? bpf_lsm_mmap_addr+0x9/0x20
[  102.253174][ T5937]  ? security_mmap_addr+0x71/0x270
[  102.253198][ T5937]  ? shmem_mapping+0xd/0x50
[  102.253213][ T5937]  ? memfd_check_seals_mmap+0xcb/0x210
[  102.253237][ T5937]  do_mmap+0xc23/0x10c0
[  102.253258][ T5937]  ? __pfx_do_mmap+0x10/0x10
[  102.253273][ T5937]  ? rwbase_write_lock+0x56f/0x750
[  102.253294][ T5937]  ? __lock_acquire+0xab9/0xd20
[  102.253315][ T5937]  vm_mmap_pgoff+0x2a9/0x4d0
[  102.253345][ T5937]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  102.253370][ T5937]  ? __fget_files+0x2a/0x420
[  102.253392][ T5937]  ? __fget_files+0x3a6/0x420
[  102.253410][ T5937]  ? __fget_files+0x2a/0x420
[  102.253431][ T5937]  ksys_mmap_pgoff+0x4e9/0x720
[  102.253450][ T5937]  ? __x64_sys_mmap+0x7f/0x140
[  102.253476][ T5937]  do_syscall_64+0xfa/0xfa0
[  102.253493][ T5937]  ? lockdep_hardirqs_on+0x9c/0x150
[  102.253519][ T5937]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.253537][ T5937]  ? clear_bhb_loop+0x60/0xb0
[  102.253557][ T5937]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.253575][ T5937] RIP: 0033:0x7f6cf94cefc9
[  102.253593][ T5937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.253609][ T5937] RSP: 002b:00007f6cf7736038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  102.253629][ T5937] RAX: ffffffffffffffda RBX: 00007f6cf9725fa0 RCX: 00007f6cf94cefc9
[  102.253643][ T5937] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[  102.253655][ T5937] RBP: 00007f6cf9551f91 R08: 0000000000000003 R09: 0000000100000000
[  102.253668][ T5937] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[  102.253680][ T5937] R13: 00007f6cf9726038 R14: 00007f6cf9725fa0 R15: 00007fff0b99ff68
[  102.253703][ T5937]  </TASK>
[  102.253974][ T5937] Kernel Offset: disabled