last executing test programs:

1.11714864s ago: executing program 3 (id=4):
fsopen(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db671988187606bcc6e2f73c67cc6b675eb43188b5b7f9f898860200a9c5d536d418ba2809000000000000007d2a25252940000000de02ad8be8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922c978fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
read$FUSE(0xffffffffffffffff, &(0x7f0000019800)={0x2020, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x2020)
prctl$PR_SCHED_CORE(0x3e, 0x4, r0, 0x2, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
fsmount(0xffffffffffffffff, 0x1, 0x8c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x890b, &(0x7f0000000000))
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x1d, &(0x7f0000000080)=0x4f, 0x4)
r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000800)=""/102376, 0x18fe8)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102383, 0x18fef}], 0x1, 0x0, 0x0)

433.928057ms ago: executing program 3 (id=5):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x8, [{{0x9, 0x4, 0x0, 0xfe, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0xffff, 0xfd, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x0, 0xfd}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000040)={0x18, &(0x7f00000012c0)=ANY=[@ANYBLOB="400308"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000900)={&(0x7f0000000580)=[{0x9, 0x3800, 0x0, 0x0}], 0x1})

180.144475ms ago: executing program 2 (id=3):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000240)={0x1, 0x101})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, 0x0, 0x48849)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000075f84c1071042703a4610000000109021200010000000009"], 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f00000004c0)={0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r2, 0x0, 0x0)

0s ago: executing program 0 (id=1):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r3, 0x0, 0x0, 0x0, 0x1, [<r4=>0x0], [], [], [0x0, 0x100000000]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r4, 0x0, <r5=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000280)={r3, 0x0, 0x20000, 0x0, 0x0, [<r6=>0x0], [0x0, 0x9], [0x4, 0x0, 0x6], [0xffffffefffffffff, 0x3, 0x400000008]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={r6})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, [<r7=>0x0], [0xffffffff], [], [0xfffffffffffffffc]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000040)={r7})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.145' (ED25519) to the list of known hosts.
[   84.615217][ T5853] cgroup: Unknown subsys name 'net'
[   84.750860][ T5853] cgroup: Unknown subsys name 'cpuset'
[   84.760710][ T5853] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   86.453408][ T5853] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   89.216744][ T5875] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   89.224627][ T5875] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   89.233436][ T5875] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   89.237474][ T5877] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   89.241152][ T5875] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   89.256086][ T5875] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   89.264891][ T5875] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   89.270115][ T5878] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   89.274055][ T5875] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   89.287170][ T5880] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   89.287218][ T5878] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   89.295786][ T5873] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   89.305326][ T5878] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   89.315896][ T5873] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   89.317439][ T5878] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   89.324811][ T5873] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   89.339235][ T5875] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   89.346498][ T5873] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   89.357026][ T5875] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   89.365651][ T5866] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   89.905137][ T5863] chnl_net:caif_netlink_parms(): no params data found
[   89.983224][ T5864] chnl_net:caif_netlink_parms(): no params data found
[   90.075679][ T5862] chnl_net:caif_netlink_parms(): no params data found
[   90.187993][ T5865] chnl_net:caif_netlink_parms(): no params data found
[   90.212533][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.220683][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.229028][ T5863] bridge_slave_0: entered allmulticast mode
[   90.236729][ T5863] bridge_slave_0: entered promiscuous mode
[   90.252146][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.259477][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.266842][ T5863] bridge_slave_1: entered allmulticast mode
[   90.274103][ T5863] bridge_slave_1: entered promiscuous mode
[   90.376219][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.383815][ T5864] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.391605][ T5864] bridge_slave_0: entered allmulticast mode
[   90.399635][ T5864] bridge_slave_0: entered promiscuous mode
[   90.430409][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.440572][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.448901][ T5864] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.456956][ T5864] bridge_slave_1: entered allmulticast mode
[   90.464164][ T5864] bridge_slave_1: entered promiscuous mode
[   90.493332][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.529328][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.538940][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.546210][ T5862] bridge_slave_0: entered allmulticast mode
[   90.553518][ T5862] bridge_slave_0: entered promiscuous mode
[   90.562654][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.569955][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.579466][ T5862] bridge_slave_1: entered allmulticast mode
[   90.587099][ T5862] bridge_slave_1: entered promiscuous mode
[   90.662670][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.670239][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.677934][ T5865] bridge_slave_0: entered allmulticast mode
[   90.685208][ T5865] bridge_slave_0: entered promiscuous mode
[   90.694984][ T5863] team0: Port device team_slave_0 added
[   90.703869][ T5864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.717193][ T5864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.740643][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.747984][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.755265][ T5865] bridge_slave_1: entered allmulticast mode
[   90.762925][ T5865] bridge_slave_1: entered promiscuous mode
[   90.772048][ T5863] team0: Port device team_slave_1 added
[   90.799261][ T5862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.869518][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.904483][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.911790][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.938327][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.952897][ T5864] team0: Port device team_slave_0 added
[   90.975200][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.988583][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.998933][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.005906][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.033073][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.046262][ T5864] team0: Port device team_slave_1 added
[   91.054369][ T5862] team0: Port device team_slave_0 added
[   91.098979][ T5862] team0: Port device team_slave_1 added
[   91.121607][ T5865] team0: Port device team_slave_0 added
[   91.170385][ T5865] team0: Port device team_slave_1 added
[   91.191543][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.198778][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.224868][ T5864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.250957][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.258142][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.284534][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.311265][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.318445][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.345460][ T5864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.347242][ T5866] Bluetooth: hci0: command tx timeout
[   91.384701][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.392384][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.406671][ T5866] Bluetooth: hci3: command tx timeout
[   91.418593][   T52] Bluetooth: hci1: command tx timeout
[   91.424559][ T5866] Bluetooth: hci2: command tx timeout
[   91.437171][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.457493][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.464506][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.491393][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.508349][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.515337][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.542114][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.584674][ T5863] hsr_slave_0: entered promiscuous mode
[   91.591948][ T5863] hsr_slave_1: entered promiscuous mode
[   91.680129][ T5864] hsr_slave_0: entered promiscuous mode
[   91.687512][ T5864] hsr_slave_1: entered promiscuous mode
[   91.693801][ T5864] debugfs: 'hsr0' already exists in 'hsr'
[   91.699696][ T5864] Cannot create hsr debugfs directory
[   91.724168][ T5862] hsr_slave_0: entered promiscuous mode
[   91.731440][ T5862] hsr_slave_1: entered promiscuous mode
[   91.737858][ T5862] debugfs: 'hsr0' already exists in 'hsr'
[   91.743604][ T5862] Cannot create hsr debugfs directory
[   91.799905][ T5865] hsr_slave_0: entered promiscuous mode
[   91.807051][ T5865] hsr_slave_1: entered promiscuous mode
[   91.813190][ T5865] debugfs: 'hsr0' already exists in 'hsr'
[   91.819130][ T5865] Cannot create hsr debugfs directory
[   92.303151][ T5863] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   92.319253][ T5863] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   92.340685][ T5863] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   92.360521][ T5863] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   92.419878][ T5864] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   92.437769][ T5864] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   92.451648][ T5864] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   92.477864][ T5864] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   92.538412][ T5865] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   92.583503][ T5865] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   92.594210][ T5865] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   92.625841][ T5865] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   92.685175][ T5862] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   92.712458][ T5862] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   92.730673][ T5862] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   92.741678][ T5862] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   92.825135][ T5863] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.894913][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.910945][ T5863] 8021q: adding VLAN 0 to HW filter on device team0
[   92.957850][ T5864] 8021q: adding VLAN 0 to HW filter on device team0
[   92.974409][ T3009] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.981861][ T3009] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.004303][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.011504][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.022853][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.030059][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.064069][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.071259][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.102053][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.192768][ T5865] 8021q: adding VLAN 0 to HW filter on device team0
[   93.208368][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.234421][ T3009] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.241687][ T3009] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.304582][ T5862] 8021q: adding VLAN 0 to HW filter on device team0
[   93.351050][ T1162] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.358302][ T1162] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.395063][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.402296][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.410902][ T5866] Bluetooth: hci0: command tx timeout
[   93.468675][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.475856][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.490070][ T5866] Bluetooth: hci2: command tx timeout
[   93.490088][ T5875] Bluetooth: hci1: command tx timeout
[   93.490126][ T5875] Bluetooth: hci3: command tx timeout
[   93.706624][ T5863] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.775410][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.900802][ T5863] veth0_vlan: entered promiscuous mode
[   93.944557][ T5863] veth1_vlan: entered promiscuous mode
[   94.002295][ T5864] veth0_vlan: entered promiscuous mode
[   94.067272][ T5864] veth1_vlan: entered promiscuous mode
[   94.088477][ T5863] veth0_macvtap: entered promiscuous mode
[   94.101272][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.126889][ T5863] veth1_macvtap: entered promiscuous mode
[   94.153360][ T5865] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.179202][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.204970][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.237538][ T5864] veth0_macvtap: entered promiscuous mode
[   94.245185][   T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.255478][   T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.278862][   T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.288525][   T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.301683][ T5864] veth1_macvtap: entered promiscuous mode
[   94.383968][ T5865] veth0_vlan: entered promiscuous mode
[   94.403332][ T5862] veth0_vlan: entered promiscuous mode
[   94.429584][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.467464][ T5862] veth1_vlan: entered promiscuous mode
[   94.479345][ T5865] veth1_vlan: entered promiscuous mode
[   94.496889][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.513244][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.535435][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.565394][   T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.602523][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.610841][   T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.611266][   T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.630889][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.647930][ T5862] veth0_macvtap: entered promiscuous mode
[   94.657987][   T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.694220][ T5862] veth1_macvtap: entered promiscuous mode
[   94.710973][ T5865] veth0_macvtap: entered promiscuous mode
[   94.733987][ T5865] veth1_macvtap: entered promiscuous mode
[   94.751048][ T5863] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   94.795292][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.876787][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.891882][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.970818][ T1162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.024063][ T1162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.183342][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.193249][ T3587] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.464055][ T3587] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.486638][ T5875] Bluetooth: hci0: command tx timeout
[   95.526077][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.550585][ T3587] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.559615][ T3587] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.567599][ T5875] Bluetooth: hci2: command tx timeout
[   95.573038][ T5875] Bluetooth: hci1: command tx timeout
[   95.579760][   T52] Bluetooth: hci3: command tx timeout
[   95.589576][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.629862][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.658570][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.673503][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.705632][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.740919][ T1162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.760242][ T1162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.842153][ T1162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.856953][ T1162] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.889684][   T44] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   95.937589][ T1162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.952082][ T1162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.023212][ T3522] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.049399][ T3522] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.066827][   T44] usb 4-1: Using ep0 maxpacket: 8
[   96.079217][   T44] usb 4-1: config 0 interface 0 has no altsetting 0
[   96.088838][ T5967] ==================================================================
[   96.097030][ T5967] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0
[   96.105539][ T5967] Read of size 8 at addr ffff888077603260 by task syz.0.1/5967
[   96.113114][ T5967] 
[   96.115515][ T5967] CPU: 1 UID: 0 PID: 5967 Comm: syz.0.1 Not tainted syzkaller #0 PREEMPT(full) 
[   96.115543][ T5967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   96.115566][ T5967] Call Trace:
[   96.115576][ T5967]  <TASK>
[   96.115586][ T5967]  dump_stack_lvl+0x189/0x250
[   96.115612][ T5967]  ? __kasan_check_byte+0x12/0x40
[   96.115641][ T5967]  ? __pfx_dump_stack_lvl+0x10/0x10
[   96.115661][ T5967]  ? lock_release+0x4b/0x3e0
[   96.115696][ T5967]  ? __virt_addr_valid+0x4a5/0x5c0
[   96.115732][ T5967]  print_report+0xca/0x240
[   96.115755][ T5967]  ? change_page_attr_set_clr+0x625/0xfc0
[   96.115779][ T5967]  kasan_report+0x118/0x150
[   96.115805][ T5967]  ? change_page_attr_set_clr+0x625/0xfc0
[   96.115835][ T5967]  change_page_attr_set_clr+0x625/0xfc0
[   96.115864][ T5967]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[   96.115889][ T5967]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[   96.115923][ T5967]  ? memtype_reserve+0x874/0xb30
[   96.115963][ T5967]  _set_pages_array+0x145/0x270
[   96.115992][ T5967]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[   96.116028][ T5967]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[   96.116069][ T5967]  drm_gem_shmem_pin_locked+0x22c/0x460
[   96.116104][ T5967]  ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10
[   96.116141][ T5967]  ? ww_mutex_lock+0x3f/0x1c0
[   96.116165][ T5967]  drm_gem_map_attach+0x19c/0x1f0
[   96.116201][ T5967]  dma_buf_dynamic_attach+0x1ea/0x3d0
[   96.116234][ T5967]  ? __fget_files+0x3a0/0x420
[   96.116265][ T5967]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[   96.116288][ T5967]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[   96.116310][ T5967]  ? drm_gem_prime_fd_to_handle+0x185/0x4d0
[   96.116345][ T5967]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[   96.116367][ T5967]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[   96.116405][ T5967]  drm_ioctl_kernel+0x2cc/0x390
[   96.116435][ T5967]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[   96.116470][ T5967]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   96.116503][ T5967]  drm_ioctl+0x67f/0xb10
[   96.116533][ T5967]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[   96.116570][ T5967]  ? __pfx_drm_ioctl+0x10/0x10
[   96.116605][ T5967]  ? __fget_files+0x3a0/0x420
[   96.116633][ T5967]  ? __fget_files+0x2a/0x420
[   96.116672][ T5967]  ? bpf_lsm_file_ioctl+0x9/0x20
[   96.116693][ T5967]  ? __pfx_drm_ioctl+0x10/0x10
[   96.116722][ T5967]  __se_sys_ioctl+0xf9/0x170
[   96.116746][ T5967]  do_syscall_64+0xfa/0xfa0
[   96.116767][ T5967]  ? lockdep_hardirqs_on+0x9c/0x150
[   96.116787][ T5967]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.116809][ T5967]  ? clear_bhb_loop+0x60/0xb0
[   96.116834][ T5967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.116867][ T5967] RIP: 0033:0x7fd26d98ebe9
[   96.116893][ T5967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.116912][ T5967] RSP: 002b:00007fd26bbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   96.116935][ T5967] RAX: ffffffffffffffda RBX: 00007fd26dbc5fa0 RCX: 00007fd26d98ebe9
[   96.116950][ T5967] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000004
[   96.116964][ T5967] RBP: 00007fd26da11e19 R08: 0000000000000000 R09: 0000000000000000
[   96.116977][ T5967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   96.116990][ T5967] R13: 00007fd26dbc6038 R14: 00007fd26dbc5fa0 R15: 00007ffe9d68ac88
[   96.117016][ T5967]  </TASK>
[   96.117023][ T5967] 
[   96.246796][ T1226] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   96.249220][ T5967] Allocated by task 5967:
[   96.462301][ T5967]  kasan_save_track+0x3e/0x80
[   96.466988][ T5967]  __kasan_kmalloc+0x93/0xb0
[   96.471602][ T5967]  __kvmalloc_node_noprof+0x5cd/0x910
[   96.476978][ T5967]  drm_gem_get_pages+0x166/0xa20
[   96.481920][ T5967]  drm_gem_shmem_get_pages_locked+0x201/0x440
[   96.488004][ T5967]  drm_gem_shmem_pin_locked+0x22c/0x460
[   96.493558][ T5967]  drm_gem_map_attach+0x19c/0x1f0
[   96.498602][ T5967]  dma_buf_dynamic_attach+0x1ea/0x3d0
[   96.501156][ T1226] usb 3-1: Using ep0 maxpacket: 16
[   96.504005][ T5967]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[   96.514867][ T1226] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   96.515357][ T5967]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[   96.526112][ T1226] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[   96.530016][ T5967]  drm_ioctl_kernel+0x2cc/0x390
[   96.530052][ T5967]  drm_ioctl+0x67f/0xb10
[   96.544120][ T1226] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.544413][ T5967]  __se_sys_ioctl+0xf9/0x170
[   96.561254][ T5967]  do_syscall_64+0xfa/0xfa0
[   96.565795][ T5967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.570983][ T1226] usb 3-1: config 0 descriptor??
[   96.571720][ T5967] 
[   96.571729][ T5967] The buggy address belongs to the object at ffff888077603200
[   96.571729][ T5967]  which belongs to the cache kmalloc-96 of size 96
[   96.571749][ T5967] The buggy address is located 0 bytes to the right of
[   96.571749][ T5967]  allocated 96-byte region [ffff888077603200, ffff888077603260)
[   96.607362][ T5967] 
[   96.609712][ T5967] The buggy address belongs to the physical page:
[   96.616160][ T5967] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77603
[   96.624932][ T5967] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   96.632055][ T5967] page_type: f5(slab)
[   96.636037][ T5967] raw: 00fff00000000000 ffff88801a841280 dead000000000122 0000000000000000
[   96.644625][ T5967] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   96.653252][ T5967] page dumped because: kasan: bad access detected
[   96.659673][ T5967] page_owner tracks the page as allocated
[   96.665383][ T5967] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5967, tgid 5966 (syz.0.1), ts 96042416142, free_ts 96017113206
[   96.684488][ T5967]  post_alloc_hook+0x240/0x2a0
[   96.689258][ T5967]  get_page_from_freelist+0x21e4/0x22c0
[   96.694827][ T5967]  __alloc_frozen_pages_noprof+0x181/0x370
[   96.700690][ T5967]  allocate_slab+0x65/0x330
[   96.705249][ T5967]  ___slab_alloc+0xbd1/0x13f0
[   96.709951][ T5967]  __slab_alloc+0x55/0xa0
[   96.714291][ T5967]  __kmalloc_node_noprof+0x5cc/0x800
[   96.719583][ T5967]  allocate_slab+0x160/0x330
[   96.724183][ T5967]  ___slab_alloc+0xbd1/0x13f0
[   96.728866][ T5967]  __slab_alloc+0x55/0xa0
[   96.733201][ T5967]  kmem_cache_alloc_lru_noprof+0x3ef/0x6d0
[   96.739028][ T5967]  alloc_inode+0x67/0x1b0
[   96.743391][ T5967]  new_inode+0x22/0x170
[   96.747562][ T5967]  __debugfs_create_file+0x14d/0x4f0
[   96.752871][ T5967]  debugfs_create_file_full+0x3f/0x60
[   96.758250][ T5967]  drm_debugfs_clients_add+0xca/0x1a0
[   96.763631][ T5967] page last free pid 23 tgid 23 stack trace:
[   96.769631][ T5967]  __free_frozen_pages+0xbc4/0xd30
[   96.774789][ T5967]  rcu_core+0xcab/0x1770
[   96.779054][ T5967]  handle_softirqs+0x283/0x870
[   96.783833][ T5967]  run_ksoftirqd+0x9b/0x100
[   96.788367][ T5967]  smpboot_thread_fn+0x542/0xa60
[   96.793319][ T5967]  kthread+0x70e/0x8a0
[   96.797406][ T5967]  ret_from_fork+0x47c/0x820
[   96.802027][ T5967]  ret_from_fork_asm+0x1a/0x30
[   96.806821][ T5967] 
[   96.809170][ T5967] Memory state around the buggy address:
[   96.814817][ T5967]  ffff888077603100: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[   96.822903][ T5967]  ffff888077603180: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[   96.831058][ T5967] >ffff888077603200: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   96.839115][ T5967]                                                        ^
[   96.846318][ T5967]  ffff888077603280: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   96.854410][ T5967]  ffff888077603300: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   96.862487][ T5967] ==================================================================
[   96.873637][   T44] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   96.883513][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.888599][ T5967] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   96.888625][ T5967] CPU: 0 UID: 0 PID: 5967 Comm: syz.0.1 Not tainted syzkaller #0 PREEMPT(full) 
[   96.888655][ T5967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   96.888672][ T5967] Call Trace:
[   96.888682][ T5967]  <TASK>
[   96.888692][ T5967]  dump_stack_lvl+0x99/0x250
[   96.888721][ T5967]  ? __asan_memcpy+0x40/0x70
[   96.888746][ T5967]  ? __pfx_dump_stack_lvl+0x10/0x10
[   96.888768][ T5967]  ? __pfx__printk+0x10/0x10
[   96.888815][ T5967]  vpanic+0x237/0x6d0
[   96.888845][ T5967]  ? __pfx_vpanic+0x10/0x10
[   96.888876][ T5967]  ? preempt_schedule+0xae/0xc0
[   96.888914][ T5967]  ? __pfx_preempt_schedule+0x10/0x10
[   96.888957][ T5967]  panic+0xb9/0xc0
[   96.888986][ T5967]  ? __pfx_panic+0x10/0x10
[   96.889019][ T5967]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   96.889061][ T5967]  ? change_page_attr_set_clr+0x625/0xfc0
[   96.889092][ T5967]  check_panic_on_warn+0x89/0xb0
[   96.889115][ T5967]  ? change_page_attr_set_clr+0x625/0xfc0
[   96.889145][ T5967]  end_report+0x78/0x160
[   96.889174][ T5967]  kasan_report+0x129/0x150
[   96.889206][ T5967]  ? change_page_attr_set_clr+0x625/0xfc0
[   96.889242][ T5967]  change_page_attr_set_clr+0x625/0xfc0
[   96.889276][ T5967]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[   96.889307][ T5967]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[   96.889353][ T5967]  ? memtype_reserve+0x874/0xb30
[   96.889404][ T5967]  _set_pages_array+0x145/0x270
[   96.889437][ T5967]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[   96.889482][ T5967]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[   96.889528][ T5967]  drm_gem_shmem_pin_locked+0x22c/0x460
[   96.889577][ T5967]  ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10
[   96.889620][ T5967]  ? ww_mutex_lock+0x3f/0x1c0
[   96.889647][ T5967]  drm_gem_map_attach+0x19c/0x1f0
[   96.889689][ T5967]  dma_buf_dynamic_attach+0x1ea/0x3d0
[   96.889728][ T5967]  ? __fget_files+0x3a0/0x420
[   96.889764][ T5967]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[   96.889790][ T5967]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[   96.889815][ T5967]  ? drm_gem_prime_fd_to_handle+0x185/0x4d0
[   96.889855][ T5967]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[   96.889881][ T5967]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[   96.889925][ T5967]  drm_ioctl_kernel+0x2cc/0x390
[   96.889960][ T5967]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[   96.890000][ T5967]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   96.890041][ T5967]  drm_ioctl+0x67f/0xb10
[   96.890076][ T5967]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[   96.890120][ T5967]  ? __pfx_drm_ioctl+0x10/0x10
[   96.890159][ T5967]  ? __fget_files+0x3a0/0x420
[   96.890193][ T5967]  ? __fget_files+0x2a/0x420
[   96.890230][ T5967]  ? bpf_lsm_file_ioctl+0x9/0x20
[   96.890252][ T5967]  ? __pfx_drm_ioctl+0x10/0x10
[   96.890285][ T5967]  __se_sys_ioctl+0xf9/0x170
[   96.890312][ T5967]  do_syscall_64+0xfa/0xfa0
[   96.890336][ T5967]  ? lockdep_hardirqs_on+0x9c/0x150
[   96.890358][ T5967]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.890384][ T5967]  ? clear_bhb_loop+0x60/0xb0
[   96.890412][ T5967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.890438][ T5967] RIP: 0033:0x7fd26d98ebe9
[   96.890459][ T5967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.890482][ T5967] RSP: 002b:00007fd26bbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   96.890510][ T5967] RAX: ffffffffffffffda RBX: 00007fd26dbc5fa0 RCX: 00007fd26d98ebe9
[   96.890530][ T5967] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000004
[   96.890547][ T5967] RBP: 00007fd26da11e19 R08: 0000000000000000 R09: 0000000000000000
[   96.890572][ T5967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   96.890588][ T5967] R13: 00007fd26dbc6038 R14: 00007fd26dbc5fa0 R15: 00007ffe9d68ac88
[   96.890619][ T5967]  </TASK>
[   96.891841][ T5967] Kernel Offset: disabled