last executing test programs:

1.695924407s ago: executing program 1 (id=2):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r0, 0x0, 0x0)

1.615886992s ago: executing program 0 (id=7):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x40000103, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond0\x00'})
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r5 = socket$inet6(0xa, 0x1, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

1.474008259s ago: executing program 1 (id=9):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vcan0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="240000001800010000000000010000001d01040008000900", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r0], 0x24}}, 0x20008030)

1.472676681s ago: executing program 2 (id=10):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x7, &(0x7f00000006c0)={0x1, 0x0, 0xac1d})
fcntl$lock(r0, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x80, 0x3})
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
unshare(0x22020600)
preadv(r1, &(0x7f0000000640)=[{&(0x7f0000000140)=""/134, 0x86}], 0x1, 0x0, 0x0)

1.472495756s ago: executing program 1 (id=11):
socket$alg(0x26, 0x5, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x109301)
userfaultfd(0x80001)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000780)={0x29e9c934, 0x3, 0x7f, 0x404}, 0x10)
ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, &(0x7f0000002580)={0x0})
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=ANY=[@ANYBLOB="200000001600010a00000000000000000a0000000c0000800800", @ANYRES16=r0], 0x20}, 0x1, 0x0, 0x0, 0x200c0801}, 0x0)

1.393029215s ago: executing program 1 (id=12):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000900)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000940)={0x1c, r0, 0x1, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x880)

1.392808046s ago: executing program 1 (id=13):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
keyctl$set_reqkey_keyring(0xe, 0x7)
request_key(&(0x7f0000000240)='asymmetric\x00', &(0x7f0000000780)={'syz', 0x0}, &(0x7f0000000740)='lon\x00', 0x0)

1.183874855s ago: executing program 2 (id=14):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001080)={0x3c, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)

1.075403975s ago: executing program 1 (id=15):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
r2 = getpid()
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000140)={{0x200002, 0x0, 0x81, 0xfffffffe, 'syz0\x00', 0xf5}, 0x3, 0x400, 0x3e, r2, 0x1, 0x2, 'syz1\x00', &(0x7f0000000640)=['syz0\x00\x9cB\xd1}\xb7\xe2\xde\xb0\xc0\xab\x18]\xe5\xa1\x1anK\xadL\xe0\x00\xfd\xbc\xf2\x89\x8f\xe5)\xa8\xdeuYD\x14\x84\x01\xd3e?\xde/\x80y]\xa6\xb4^\xa66_\xb2RR\r\xc2\xa6\xb2\xa23\x1e\x880$\x87\xcdb\xa1\xf1\x19\x00d\xf1}\"\x9f#\x9a\xd2T\xfc\x84\xce\x8cW[AQ\xc4R\xec\xef7o\x03\x90\x8c\x01O\x89\xb7\r\x90\xd1\xde\xa6`\xbe\x93\xe96\xeei8\x8b~b+\x02\xbfy\x96\xb3\xc2E{=8\b\b\xc5\v\xeac\x98\xd8\x95\xd3\x1f\x03\x00\x9d\x8f\xeb\x16 \xa0u\xad\xc2\xd4UH\x82\xbb\xe5\xd9\x19\xb7P\xfc\xf2\x02{\xba&\x0f/\xb2d\aC\xd0Q\x9e\xb2\x16\xea\xfe\x06\x92`\xdaV\xe3\xb0'], 0xbe})

995.248658ms ago: executing program 2 (id=16):
r0 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r1 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000000a00)=@generic={0xa, "8ab77fa26849ff26650042e2dacd00005efe0000000162e2adacd2737d00ad6f9fa9f3d7145e15dd9d6d2e19c211220940ad5def53b911ba5b9da13641f9826d7012a749f54b901ee80ea6132ca6e88c776553e1833052ca376304313c4b37780136a4b838570400"}, 0x80, 0x0}, 0x0)

815.579401ms ago: executing program 2 (id=17):
syz_emit_ethernet(0x2e, &(0x7f0000000180)={@local, @random="ce3500590a7f", @val={@void, {0x8100, 0x0, 0x0, 0x2}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e23, 0x4e23, 0x8}}}}}, 0x0)

624.986421ms ago: executing program 2 (id=18):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0a41, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})
write$tun(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="0000001801040700ff00c5"], 0x24e2)

529.639953ms ago: executing program 0 (id=19):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0xc000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0)
r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x2000}, 0x18, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1/file4/file7\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000340)={0x2000, r1}, 0x0)
landlock_restrict_self(r0, 0x1)
linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0)

334.073325ms ago: executing program 0 (id=20):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r3, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[], 0x2c}}, 0x0)

333.589274ms ago: executing program 2 (id=21):
r0 = syz_clone(0x2080, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="03010000ac0fce405d05009044310000000109021200010000800409"], 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_PID={0x8, 0x13, r0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x40)

204.787436ms ago: executing program 0 (id=22):
r0 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'netdevsim0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)

117.697966ms ago: executing program 0 (id=23):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file0\x00', 0x21e0800, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x10000, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000a40)='.pending_reads\x00', 0x842, 0x0)
ioctl$FICLONE(r0, 0x40049409, r0)

0s ago: executing program 0 (id=24):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfe, 0xc, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
migrate_pages(0x0, 0x9, &(0x7f0000000040)=0x9, &(0x7f0000000380)=0x102)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:44634' (ED25519) to the list of known hosts.
syzkaller login: [   57.000569][ T5777] cgroup: Unknown subsys name 'net'
[   57.096247][ T5777] cgroup: Unknown subsys name 'cpuset'
[   57.106285][ T5777] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   59.575469][ T5777] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   64.897943][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.903122][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.906502][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.910591][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.914477][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.928315][   T56] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.933290][   T56] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.936617][   T56] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.941341][   T56] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.945232][   T56] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   65.006643][   T56] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   65.009851][   T56] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   65.016170][   T56] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   65.023837][   T56] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   65.027343][   T56] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   65.364208][ T5845] chnl_net:caif_netlink_parms(): no params data found
[   65.424646][ T5852] chnl_net:caif_netlink_parms(): no params data found
[   65.432420][ T5849] chnl_net:caif_netlink_parms(): no params data found
[   65.553856][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.556801][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.561069][ T5845] bridge_slave_0: entered allmulticast mode
[   65.565139][ T5845] bridge_slave_0: entered promiscuous mode
[   65.589879][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.592795][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.595773][ T5845] bridge_slave_1: entered allmulticast mode
[   65.600058][ T5845] bridge_slave_1: entered promiscuous mode
[   65.656442][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.659671][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.662522][ T5849] bridge_slave_0: entered allmulticast mode
[   65.666192][ T5849] bridge_slave_0: entered promiscuous mode
[   65.671574][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.674410][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.677330][ T5849] bridge_slave_1: entered allmulticast mode
[   65.681935][ T5849] bridge_slave_1: entered promiscuous mode
[   65.727449][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.730701][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.733684][ T5852] bridge_slave_0: entered allmulticast mode
[   65.737539][ T5852] bridge_slave_0: entered promiscuous mode
[   65.742752][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.745585][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.749284][ T5852] bridge_slave_1: entered allmulticast mode
[   65.753009][ T5852] bridge_slave_1: entered promiscuous mode
[   65.758826][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.779346][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.785240][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.818892][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.838810][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.867433][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.886420][ T5845] team0: Port device team_slave_0 added
[   65.907495][ T5849] team0: Port device team_slave_0 added
[   65.926221][ T5845] team0: Port device team_slave_1 added
[   65.930617][ T5849] team0: Port device team_slave_1 added
[   65.934789][ T5852] team0: Port device team_slave_0 added
[   65.964620][ T5852] team0: Port device team_slave_1 added
[   66.006689][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.009693][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   66.019990][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.025660][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.028722][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   66.039504][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.056487][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.059289][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   66.067569][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.072967][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.075521][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   66.085259][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.090068][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.092791][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   66.102990][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.115368][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.118198][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   66.129151][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.221766][ T5845] hsr_slave_0: entered promiscuous mode
[   66.225085][ T5845] hsr_slave_1: entered promiscuous mode
[   66.248610][ T5852] hsr_slave_0: entered promiscuous mode
[   66.251736][ T5852] hsr_slave_1: entered promiscuous mode
[   66.254714][ T5852] debugfs: 'hsr0' already exists in 'hsr'
[   66.257049][ T5852] Cannot create hsr debugfs directory
[   66.265967][ T5849] hsr_slave_0: entered promiscuous mode
[   66.269505][ T5849] hsr_slave_1: entered promiscuous mode
[   66.272320][ T5849] debugfs: 'hsr0' already exists in 'hsr'
[   66.274561][ T5849] Cannot create hsr debugfs directory
[   66.622311][ T5852] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   66.632705][ T5852] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   66.641546][ T5852] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   66.654634][ T5852] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   66.711752][ T5849] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   66.717238][ T5849] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   66.723995][ T5849] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   66.739548][ T5849] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   66.790773][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   66.796331][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   66.810192][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   66.819915][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   66.927706][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.962404][ T5852] 8021q: adding VLAN 0 to HW filter on device team0
[   66.974000][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.989294][ T5848] Bluetooth: hci1: command tx timeout
[   66.991706][ T5848] Bluetooth: hci0: command tx timeout
[   66.995187][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.998320][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.014696][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.017662][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.041900][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.052851][ T5849] 8021q: adding VLAN 0 to HW filter on device team0
[   67.063233][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.066128][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.068633][   T56] Bluetooth: hci2: command tx timeout
[   67.078618][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.081430][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.115003][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[   67.151879][  T721] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.154748][  T721] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.172953][  T721] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.175941][  T721] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.273712][ T5845] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   67.385110][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.414801][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.488883][ T5849] veth0_vlan: entered promiscuous mode
[   67.499385][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.505558][ T5852] veth0_vlan: entered promiscuous mode
[   67.515719][ T5849] veth1_vlan: entered promiscuous mode
[   67.528830][ T5852] veth1_vlan: entered promiscuous mode
[   67.582208][ T5845] veth0_vlan: entered promiscuous mode
[   67.584277][ T5852] veth0_macvtap: entered promiscuous mode
[   67.588310][ T5849] veth0_macvtap: entered promiscuous mode
[   67.593052][ T5852] veth1_macvtap: entered promiscuous mode
[   67.596685][ T5849] veth1_macvtap: entered promiscuous mode
[   67.605326][ T5845] veth1_vlan: entered promiscuous mode
[   67.620776][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.634250][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.638643][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.647015][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.662817][ T5874] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.666936][ T5874] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.682487][ T5874] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.697224][ T5874] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.701896][ T5874] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.704886][ T5874] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.734571][ T5874] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.740819][ T5874] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.771020][ T5845] veth0_macvtap: entered promiscuous mode
[   67.787379][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.793803][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.816802][ T5845] veth1_macvtap: entered promiscuous mode
[   67.859181][   T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.862159][   T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.873017][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.891463][  T721] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.897205][  T721] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.897769][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.931328][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.943903][ T5852] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   67.963136][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.979017][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.987108][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.011469][  T721] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.015342][  T721] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.127928][  T721] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.130990][  T721] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.211927][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.247189][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.292159][ T5908] IPVS: starting estimator thread 0...
[   68.389017][ T5920] IPVS: using max 47 ests per chain, 112800 per kthread
[   69.068706][   T56] Bluetooth: hci0: command tx timeout
[   69.071563][   T56] Bluetooth: hci1: command tx timeout
[   69.082899][ T5946] process 'syz.2.16' launched '/dev/fd/3' with NULL argv: empty string added
[   69.148425][ T5848] Bluetooth: hci2: command tx timeout
[   70.009600][ T5908] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[   70.045414][ T5964] ==================================================================
[   70.048209][ T5964] BUG: KASAN: slab-use-after-free in zpool_get_total_pages+0x46/0x70
[   70.051190][ T5964] Read of size 8 at addr ffff8881049c1310 by task syz.0.24/5964
[   70.054528][ T5964] 
[   70.055485][ T5964] CPU: 0 UID: 0 PID: 5964 Comm: syz.0.24 Not tainted syzkaller #0 PREEMPT(full) 
[   70.055504][ T5964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   70.055511][ T5964] Call Trace:
[   70.055517][ T5964]  <TASK>
[   70.055524][ T5964]  dump_stack_lvl+0x189/0x250
[   70.055547][ T5964]  ? __virt_addr_valid+0x1c8/0x5c0
[   70.055564][ T5964]  ? rcu_is_watching+0x15/0xb0
[   70.055585][ T5964]  ? __kasan_check_byte+0x12/0x40
[   70.055599][ T5964]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.055615][ T5964]  ? rcu_is_watching+0x15/0xb0
[   70.055635][ T5964]  ? lock_release+0x4b/0x3e0
[   70.055648][ T5964]  ? __virt_addr_valid+0x1c8/0x5c0
[   70.055662][ T5964]  ? __virt_addr_valid+0x4a5/0x5c0
[   70.055678][ T5964]  print_report+0xca/0x240
[   70.055691][ T5964]  ? zpool_get_total_pages+0x46/0x70
[   70.055706][ T5964]  kasan_report+0x118/0x150
[   70.055719][ T5964]  ? irqentry_exit+0x74/0x90
[   70.055733][ T5964]  ? zpool_get_total_pages+0x46/0x70
[   70.055751][ T5964]  kasan_check_range+0x2b0/0x2c0
[   70.055768][ T5964]  zpool_get_total_pages+0x46/0x70
[   70.055784][ T5964]  ? zswap_total_pages+0x1f/0x1e0
[   70.055796][ T5964]  zswap_total_pages+0xf6/0x1e0
[   70.055806][ T5964]  zswap_store+0x52f/0x1f40
[   70.055819][ T5964]  ? __lock_acquire+0xab9/0xd20
[   70.055840][ T5964]  ? do_raw_spin_lock+0x121/0x290
[   70.055857][ T5964]  ? __pfx_zswap_store+0x10/0x10
[   70.055872][ T5964]  ? do_raw_spin_unlock+0x4d/0x240
[   70.055888][ T5964]  ? _raw_spin_unlock+0x28/0x50
[   70.055908][ T5964]  ? swap_entry_swapped+0x139/0x1c0
[   70.055932][ T5964]  ? folio_free_swap+0x1ed/0x370
[   70.055946][ T5964]  swap_writeout+0x710/0xd70
[   70.055965][ T5964]  shrink_folio_list+0x3011/0x4c70
[   70.055994][ T5964]  ? __pfx_shrink_folio_list+0x10/0x10
[   70.056028][ T5964]  ? css_rstat_updated+0x23a/0x4f0
[   70.056073][ T5964]  reclaim_folio_list+0xeb/0x500
[   70.056098][ T5964]  ? __pfx_reclaim_folio_list+0x10/0x10
[   70.056115][ T5964]  ? lru_gen_update_size+0x818/0xd20
[   70.056130][ T5964]  ? __mod_zone_page_state+0xd7/0x140
[   70.056152][ T5964]  ? lru_gen_del_folio+0x359/0x540
[   70.056165][ T5964]  reclaim_pages+0x454/0x520
[   70.056181][ T5964]  ? __pfx_reclaim_pages+0x10/0x10
[   70.056193][ T5964]  ? madvise_cold_or_pageout_pte_range+0x194b/0x1d00
[   70.056210][ T5964]  madvise_cold_or_pageout_pte_range+0x1974/0x1d00
[   70.056233][ T5964]  ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10
[   70.056250][ T5964]  ? free_unref_folios+0x116a/0x14f0
[   70.056266][ T5964]  walk_pgd_range+0xfe9/0x1d40
[   70.056292][ T5964]  ? __pfx_walk_pgd_range+0x10/0x10
[   70.056309][ T5964]  ? rcu_is_watching+0x15/0xb0
[   70.056330][ T5964]  ? lru_add+0xa2f/0xd80
[   70.056346][ T5964]  ? lru_add+0x198/0xd80
[   70.056362][ T5964]  __walk_page_range+0x14c/0x710
[   70.056378][ T5964]  ? __pfx_lru_add+0x10/0x10
[   70.056393][ T5964]  ? __pfx_folio_batch_move_lru+0x10/0x10
[   70.056410][ T5964]  ? __lock_acquire+0xab9/0xd20
[   70.056432][ T5964]  walk_page_range_vma+0x393/0x440
[   70.056445][ T5964]  ? mlock_drain_local+0x79/0x490
[   70.056457][ T5964]  ? __pfx_walk_page_range_vma+0x10/0x10
[   70.056476][ T5964]  ? mlock_drain_local+0x79/0x490
[   70.056494][ T5964]  madvise_vma_behavior+0x311f/0x3a10
[   70.056512][ T5964]  ? __pfx_madvise_vma_behavior+0x10/0x10
[   70.056526][ T5964]  ? __lock_acquire+0xab9/0xd20
[   70.056537][ T5964]  ? finish_task_switch+0x18b/0x950
[   70.056560][ T5964]  ? mas_next_slot+0xc20/0xcf0
[   70.056587][ T5964]  ? mt_find+0x46f/0x5e0
[   70.056600][ T5964]  ? mt_find+0x15c/0x5e0
[   70.056613][ T5964]  ? __pfx_mt_find+0x10/0x10
[   70.056631][ T5964]  ? find_vma+0xe7/0x160
[   70.056644][ T5964]  ? preempt_schedule+0xae/0xc0
[   70.056658][ T5964]  madvise_walk_vmas+0x51c/0xa30
[   70.056676][ T5964]  ? __pfx_madvise_walk_vmas+0x10/0x10
[   70.056691][ T5964]  ? blk_start_plug+0x6f/0x1b0
[   70.056712][ T5964]  madvise_do_behavior+0x38e/0x550
[   70.056728][ T5964]  ? __pfx_madvise_do_behavior+0x10/0x10
[   70.056738][ T5964]  ? down_read+0x1ad/0x2e0
[   70.056753][ T5964]  do_madvise+0x1bc/0x270
[   70.056767][ T5964]  ? __pfx_do_madvise+0x10/0x10
[   70.056783][ T5964]  ? lockdep_hardirqs_on+0x9c/0x150
[   70.056800][ T5964]  ? __get_user_nocheck_1+0x9/0x20
[   70.056821][ T5964]  __x64_sys_madvise+0xa7/0xc0
[   70.056835][ T5964]  do_syscall_64+0xfa/0xfa0
[   70.056848][ T5964]  ? lockdep_hardirqs_on+0x9c/0x150
[   70.056857][ T5964]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.056868][ T5964]  ? exc_page_fault+0xab/0x100
[   70.056881][ T5964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.056895][ T5964] RIP: 0033:0x7f9f6038ec29
[   70.056909][ T5964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.056937][ T5964] RSP: 002b:00007f9f61138038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   70.056954][ T5964] RAX: ffffffffffffffda RBX: 00007f9f605d5fa0 RCX: 00007f9f6038ec29
[   70.056965][ T5964] RDX: 0000000000000015 RSI: 7fffffffffffffff RDI: 0000200000000000
[   70.056975][ T5964] RBP: 00007f9f60411e41 R08: 0000000000000000 R09: 0000000000000000
[   70.056984][ T5964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.056993][ T5964] R13: 00007f9f605d6038 R14: 00007f9f605d5fa0 R15: 00007ffdb2400638
[   70.057004][ T5964]  </TASK>
[   70.057008][ T5964] 
[   70.247692][ T5964] Allocated by task 1:
[   70.249254][ T5964]  kasan_save_track+0x3e/0x80
[   70.250926][ T5964]  __kasan_slab_alloc+0x6c/0x80
[   70.252744][ T5964]  kmem_cache_alloc_noprof+0x367/0x6e0
[   70.254797][ T5964]  acpi_ps_alloc_op+0x16d/0x350
[   70.256500][ T5964]  acpi_ps_create_op+0x3a2/0xb30
[   70.258215][ T5964]  acpi_ps_parse_loop+0x5ea/0x1ab0
[   70.260047][ T5964]  acpi_ps_parse_aml+0x22d/0x9b0
[   70.261734][ T5964]  acpi_ps_execute_method+0x58d/0x7c0
[   70.263561][ T5964]  acpi_ns_evaluate+0x5a6/0xa20
[   70.265344][ T5964]  acpi_ut_evaluate_object+0x126/0x4c0
[   70.267243][ T5964]  acpi_rs_get_method_data+0x8f/0x110
[   70.269106][ T5964]  acpi_walk_resources+0x14b/0x4e0
[   70.270683][ T5964]  acpi_mipi_check_crs_csi2+0xe4/0x520
[   70.272511][ T5964]  acpi_bus_check_add+0x284/0x820
[   70.274275][ T5964]  acpi_ns_walk_namespace+0x26b/0x690
[   70.276046][ T5964]  acpi_walk_namespace+0xe8/0x130
[   70.277987][ T5964]  acpi_bus_scan+0xe8/0x4b0
[   70.279621][ T5964]  acpi_scan_init+0x1b0/0x550
[   70.281483][ T5964]  acpi_init+0x130/0x1f0
[   70.282886][ T5964]  do_one_initcall+0x236/0x820
[   70.284439][ T5964]  do_initcall_level+0x104/0x190
[   70.286147][ T5964]  do_initcalls+0x59/0xa0
[   70.287828][ T5964]  kernel_init_freeable+0x334/0x4b0
[   70.289818][ T5964]  kernel_init+0x1d/0x1d0
[   70.291526][ T5964]  ret_from_fork+0x4bc/0x870
[   70.293306][ T5964]  ret_from_fork_asm+0x1a/0x30
[   70.295206][ T5964] 
[   70.296158][ T5964] Freed by task 1:
[   70.297596][ T5964]  kasan_save_track+0x3e/0x80
[   70.299411][ T5964]  __kasan_save_free_info+0x46/0x50
[   70.301384][ T5964]  __kasan_slab_free+0x5c/0x80
[   70.303202][ T5964]  kmem_cache_free+0x19b/0x690
[   70.304778][ T5964]  acpi_os_release_object+0x1d/0x30
[   70.306499][ T5964]  acpi_ps_delete_parse_tree+0x97/0xe0
[   70.308227][ T5964]  acpi_ps_complete_this_op+0x74c/0x8a0
[   70.309880][ T5964]  acpi_ps_complete_op+0x86/0xa90
[   70.311602][ T5964]  acpi_ps_parse_loop+0xd46/0x1ab0
[   70.313553][ T5964]  acpi_ps_parse_aml+0x22d/0x9b0
[   70.315125][ T5964]  acpi_ps_execute_method+0x58d/0x7c0
[   70.316970][ T5964]  acpi_ns_evaluate+0x5a6/0xa20
[   70.318775][ T5964]  acpi_ut_evaluate_object+0x126/0x4c0
[   70.320929][ T5964]  acpi_rs_get_method_data+0x8f/0x110
[   70.323116][ T5964]  acpi_walk_resources+0x14b/0x4e0
[   70.325090][ T5964]  acpi_mipi_check_crs_csi2+0xe4/0x520
[   70.327040][ T5964]  acpi_bus_check_add+0x284/0x820
[   70.328768][ T5964]  acpi_ns_walk_namespace+0x26b/0x690
[   70.330731][ T5964]  acpi_walk_namespace+0xe8/0x130
[   70.332772][ T5964]  acpi_bus_scan+0xe8/0x4b0
[   70.334605][ T5964]  acpi_scan_init+0x1b0/0x550
[   70.336474][ T5964]  acpi_init+0x130/0x1f0
[   70.338120][ T5964]  do_one_initcall+0x236/0x820
[   70.339989][ T5964]  do_initcall_level+0x104/0x190
[   70.341925][ T5964]  do_initcalls+0x59/0xa0
[   70.343625][ T5964]  kernel_init_freeable+0x334/0x4b0
[   70.345643][ T5964]  kernel_init+0x1d/0x1d0
[   70.347364][ T5964]  ret_from_fork+0x4bc/0x870
[   70.349007][ T5964]  ret_from_fork_asm+0x1a/0x30
[   70.350523][ T5964] 
[   70.351290][ T5964] The buggy address belongs to the object at ffff8881049c1310
[   70.351290][ T5964]  which belongs to the cache Acpi-ParseExt of size 80
[   70.355621][ T5964] The buggy address is located 0 bytes inside of
[   70.355621][ T5964]  freed 80-byte region [ffff8881049c1310, ffff8881049c1360)
[   70.360661][ T5964] 
[   70.361605][ T5964] The buggy address belongs to the physical page:
[   70.364103][ T5964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8881049c1d20 pfn:0x1049c1
[   70.368033][ T5964] anon flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff)
[   70.371074][ T5964] page_type: f5(slab)
[   70.372788][ T5964] raw: 057ff00000000000 ffff88801a894c80 0000000000000000 0000000000000001
[   70.376128][ T5964] raw: ffff8881049c1d20 0000000000240000 00000000f5000000 0000000000000000
[   70.379419][ T5964] page dumped because: kasan: bad access detected
[   70.381684][ T5964] page_owner tracks the page as allocated
[   70.383477][ T5964] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 3318778766, free_ts 3284902354
[   70.389054][ T5964]  post_alloc_hook+0x240/0x2a0
[   70.390560][ T5964]  get_page_from_freelist+0x21e4/0x22c0
[   70.392335][ T5964]  __alloc_frozen_pages_noprof+0x181/0x370
[   70.394157][ T5964]  alloc_pages_mpol+0x232/0x4a0
[   70.395724][ T5964]  allocate_slab+0x96/0x3a0
[   70.397238][ T5964]  ___slab_alloc+0xe94/0x1920
[   70.398763][ T5964]  __slab_alloc+0x65/0x100
[   70.400210][ T5964]  kmem_cache_alloc_noprof+0x3f9/0x6e0
[   70.401935][ T5964]  acpi_ps_create_scope_op+0x187/0x340
[   70.403663][ T5964]  acpi_ps_execute_method+0x1af/0x7c0
[   70.405409][ T5964]  acpi_ns_evaluate+0x5a6/0xa20
[   70.406916][ T5964]  acpi_evaluate_object+0x53f/0xa10
[   70.408520][ T5964]  acpi_execute_simple_method+0xf1/0x140
[   70.410262][ T5964]  acpi_bus_init_irq+0xd7/0x150
[   70.411812][ T5964]  acpi_bus_init+0x472/0x550
[   70.413345][ T5964]  acpi_init+0xa1/0x1f0
[   70.414738][ T5964] page last free pid 1 tgid 1 stack trace:
[   70.416626][ T5964]  __free_frozen_pages+0xbc4/0xd30
[   70.418586][ T5964]  __kmem_cache_do_shrink+0x329/0x380
[   70.420639][ T5964]  acpi_os_purge_cache+0x15/0x20
[   70.422585][ T5964]  acpi_purge_cached_objects+0xb8/0xd0
[   70.424422][ T5964]  acpi_initialize_objects+0x10/0x70
[   70.426575][ T5964]  acpi_bus_init+0xb4/0x550
[   70.428159][ T5964]  acpi_init+0xa1/0x1f0
[   70.429569][ T5964]  do_one_initcall+0x236/0x820
[   70.431226][ T5964]  do_initcall_level+0x104/0x190
[   70.432909][ T5964]  do_initcalls+0x59/0xa0
[   70.434632][ T5964]  kernel_init_freeable+0x334/0x4b0
[   70.436366][ T5964]  kernel_init+0x1d/0x1d0
[   70.437735][ T5964]  ret_from_fork+0x4bc/0x870
[   70.439222][ T5964]  ret_from_fork_asm+0x1a/0x30
[   70.440809][ T5964] 
[   70.441626][ T5964] Memory state around the buggy address:
[   70.443689][ T5964]  ffff8881049c1200: fb fb fc fc fc fc fa fb fb fb fb fb fb fb fb fb
[   70.446730][ T5964]  ffff8881049c1280: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fc fc
[   70.449587][ T5964] >ffff8881049c1300: fc fc fa fb fb fb fb fb fb fb fb fb fc fc fc fc
[   70.452563][ T5964]                          ^
[   70.454270][ T5964]  ffff8881049c1380: fa fb fb fb fb fb fb fb fb fb fc fc fc fc fa fb
[   70.457063][ T5964]  ffff8881049c1400: fb fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb
[   70.460102][ T5964] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   70.487071][ T5964] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   70.489909][ T5964] CPU: 0 UID: 0 PID: 5964 Comm: syz.0.24 Not tainted syzkaller #0 PREEMPT(full) 
[   70.493259][ T5964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   70.496742][ T5964] Call Trace:
[   70.497852][ T5964]  <TASK>
[   70.498932][ T5964]  dump_stack_lvl+0x99/0x250
[   70.500680][ T5964]  ? __asan_memcpy+0x40/0x70
[   70.502437][ T5964]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.504360][ T5964]  ? __pfx__printk+0x10/0x10
[   70.506210][ T5964]  vpanic+0x237/0x6d0
[   70.507720][ T5964]  ? __pfx_vpanic+0x10/0x10
[   70.509544][ T5964]  ? preempt_schedule_common+0x83/0xd0
[   70.511614][ T5964]  ? preempt_schedule+0xae/0xc0
[   70.513516][ T5964]  panic+0xb9/0xc0
[   70.514874][ T5964]  ? __pfx_panic+0x10/0x10
[   70.516640][ T5964]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   70.518812][ T5964]  ? zpool_get_total_pages+0x46/0x70
[   70.520843][ T5964]  check_panic_on_warn+0x89/0xb0
[   70.522789][ T5964]  ? zpool_get_total_pages+0x46/0x70
[   70.524705][ T5964]  end_report+0x78/0x160
[   70.526356][ T5964]  kasan_report+0x129/0x150
[   70.528132][ T5964]  ? irqentry_exit+0x74/0x90
[   70.529818][ T5964]  ? zpool_get_total_pages+0x46/0x70
[   70.531821][ T5964]  kasan_check_range+0x2b0/0x2c0
[   70.533680][ T5964]  zpool_get_total_pages+0x46/0x70
[   70.535588][ T5964]  ? zswap_total_pages+0x1f/0x1e0
[   70.537452][ T5964]  zswap_total_pages+0xf6/0x1e0
[   70.539299][ T5964]  zswap_store+0x52f/0x1f40
[   70.541070][ T5964]  ? __lock_acquire+0xab9/0xd20
[   70.542964][ T5964]  ? do_raw_spin_lock+0x121/0x290
[   70.544781][ T5964]  ? __pfx_zswap_store+0x10/0x10
[   70.546482][ T5964]  ? do_raw_spin_unlock+0x4d/0x240
[   70.548270][ T5964]  ? _raw_spin_unlock+0x28/0x50
[   70.550085][ T5964]  ? swap_entry_swapped+0x139/0x1c0
[   70.551911][ T5964]  ? folio_free_swap+0x1ed/0x370
[   70.553648][ T5964]  swap_writeout+0x710/0xd70
[   70.555262][ T5964]  shrink_folio_list+0x3011/0x4c70
[   70.557139][ T5964]  ? __pfx_shrink_folio_list+0x10/0x10
[   70.559281][ T5964]  ? css_rstat_updated+0x23a/0x4f0
[   70.561270][ T5964]  reclaim_folio_list+0xeb/0x500
[   70.563093][ T5964]  ? __pfx_reclaim_folio_list+0x10/0x10
[   70.565182][ T5964]  ? lru_gen_update_size+0x818/0xd20
[   70.567190][ T5964]  ? __mod_zone_page_state+0xd7/0x140
[   70.569115][ T5964]  ? lru_gen_del_folio+0x359/0x540
[   70.570777][ T5964]  reclaim_pages+0x454/0x520
[   70.572366][ T5964]  ? __pfx_reclaim_pages+0x10/0x10
[   70.574270][ T5964]  ? madvise_cold_or_pageout_pte_range+0x194b/0x1d00
[   70.576421][ T5964]  madvise_cold_or_pageout_pte_range+0x1974/0x1d00
[   70.578864][ T5964]  ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10
[   70.581222][ T5964]  ? free_unref_folios+0x116a/0x14f0
[   70.583220][ T5964]  walk_pgd_range+0xfe9/0x1d40
[   70.585102][ T5964]  ? __pfx_walk_pgd_range+0x10/0x10
[   70.586973][ T5964]  ? rcu_is_watching+0x15/0xb0
[   70.588705][ T5964]  ? lru_add+0xa2f/0xd80
[   70.590378][ T5964]  ? lru_add+0x198/0xd80
[   70.592044][ T5964]  __walk_page_range+0x14c/0x710
[   70.594008][ T5964]  ? __pfx_lru_add+0x10/0x10
[   70.595878][ T5964]  ? __pfx_folio_batch_move_lru+0x10/0x10
[   70.598129][ T5964]  ? __lock_acquire+0xab9/0xd20
[   70.599673][ T5964]  walk_page_range_vma+0x393/0x440
[   70.601544][ T5964]  ? mlock_drain_local+0x79/0x490
[   70.603599][ T5964]  ? __pfx_walk_page_range_vma+0x10/0x10
[   70.605800][ T5964]  ? mlock_drain_local+0x79/0x490
[   70.607630][ T5964]  madvise_vma_behavior+0x311f/0x3a10
[   70.609635][ T5964]  ? __pfx_madvise_vma_behavior+0x10/0x10
[   70.611892][ T5964]  ? __lock_acquire+0xab9/0xd20
[   70.613648][ T5964]  ? finish_task_switch+0x18b/0x950
[   70.615308][ T5964]  ? mas_next_slot+0xc20/0xcf0
[   70.616869][ T5964]  ? mt_find+0x46f/0x5e0
[   70.618253][ T5964]  ? mt_find+0x15c/0x5e0
[   70.619608][ T5964]  ? __pfx_mt_find+0x10/0x10
[   70.621025][ T5964]  ? find_vma+0xe7/0x160
[   70.622350][ T5964]  ? preempt_schedule+0xae/0xc0
[   70.623852][ T5964]  madvise_walk_vmas+0x51c/0xa30
[   70.625371][ T5964]  ? __pfx_madvise_walk_vmas+0x10/0x10
[   70.627062][ T5964]  ? blk_start_plug+0x6f/0x1b0
[   70.628558][ T5964]  madvise_do_behavior+0x38e/0x550
[   70.630125][ T5964]  ? __pfx_madvise_do_behavior+0x10/0x10
[   70.631846][ T5964]  ? down_read+0x1ad/0x2e0
[   70.633348][ T5964]  do_madvise+0x1bc/0x270
[   70.634722][ T5964]  ? __pfx_do_madvise+0x10/0x10
[   70.636225][ T5964]  ? lockdep_hardirqs_on+0x9c/0x150
[   70.638008][ T5964]  ? __get_user_nocheck_1+0x9/0x20
[   70.639611][ T5964]  __x64_sys_madvise+0xa7/0xc0
[   70.641109][ T5964]  do_syscall_64+0xfa/0xfa0
[   70.642569][ T5964]  ? lockdep_hardirqs_on+0x9c/0x150
[   70.644516][ T5964]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.646496][ T5964]  ? exc_page_fault+0xab/0x100
[   70.648308][ T5964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.650262][ T5964] RIP: 0033:0x7f9f6038ec29
[   70.651683][ T5964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.657564][ T5964] RSP: 002b:00007f9f61138038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   70.660228][ T5964] RAX: ffffffffffffffda RBX: 00007f9f605d5fa0 RCX: 00007f9f6038ec29
[   70.662776][ T5964] RDX: 0000000000000015 RSI: 7fffffffffffffff RDI: 0000200000000000
[   70.665225][ T5964] RBP: 00007f9f60411e41 R08: 0000000000000000 R09: 0000000000000000
[   70.667710][ T5964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.670181][ T5964] R13: 00007f9f605d6038 R14: 00007f9f605d5fa0 R15: 00007ffdb2400638
[   70.672659][ T5964]  </TASK>
[   70.674297][ T5964] Kernel Offset: disabled
[   70.675671][ T5964] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:30:23  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000066 RBX=0000000000000066 RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000215e RDI=000000000000215f RBP=00000000000003f8 RSP=ffffc90003ee5f70
R8 =ffff888020a40237 R9 =1ffff11004148046 R10=dffffc0000000000 R11=ffffffff855472f0
R12=dffffc0000000000 R13=ffffffff99d38910 R14=ffffffff9a02d140 R15=0000000000000000
RIP=ffffffff8554736c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f9f611386c0 ffffffff 00c00000
GS =0000 ffff8880b83dd000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32423ffc CR3=0000000028eba000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f9f605a7498 00007f9f605a7470 XMM03=00007f9f605a74a8 00007f9f605a74a0
XMM04=00007f9f6110d100 00007f9f605a7460 XMM05=00007f9f605a7478 00007f9f605a74c0
XMM06=00007f9f605a74b8 00007f9f605a74b0 XMM07=00007f9f605a74a8 00007f9f605a74a0
XMM08=0000000000000000 00007f9f60412f0f XMM09=0000000000000000 00007f9f60412fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ebea796be80ab100 RBX=ffffffff8196a397 RCX=ebea796be80ab100 RDX=0000000000000001
RSI=ffffffff8dbc4329 RDI=ffffffff8c03aae0 RBP=ffffc90000177f10 RSP=ffffc90000177de0
R8 =ffff888136632fdb R9 =1ffff11026cc65fb R10=dffffc0000000000 R11=ffffed1026cc65fc
R12=ffffffff8fc45d30 R13=0000000000000001 R14=0000000000000001 R15=1ffff110200d4000
RIP=ffffffff8b841dd3 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a39dd000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055dfa0499000 CR3=000000010e4c4000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000001a4 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
