last executing test programs: 13.572046205s ago: executing program 2 (id=30): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) setreuid(0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = gettid() sched_setscheduler(r3, 0x1, &(0x7f0000000000)=0x2) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/rt_cache\x00') pread64(r4, &(0x7f0000000400)=""/179, 0xb3, 0x8) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newlink={0x28, 0x10, 0x801, 0x2000004, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42005}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x82) get_robust_list(r0, &(0x7f0000001880)=&(0x7f0000001840)={&(0x7f00000001c0), 0x0, &(0x7f0000001800)={&(0x7f0000000200)}}, &(0x7f00000018c0)=0x18) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newlink={0x58, 0x10, 0xffffff1f, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20000, 0x6028d}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @local}, @IFLA_IPTUN_PROTO={0x5, 0x9, 0x4}]}}}, @IFLA_MTU={0x8, 0x4, 0x10000}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x0) 11.986583126s ago: executing program 2 (id=33): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x48001, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x572, 0x0, 0x9}]}) 11.672301256s ago: executing program 2 (id=34): r0 = syz_usb_connect$uac1(0x5, 0xdc, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca000301007000090400000001010000"], 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) sendmsg$unix(0xffffffffffffffff, 0x0, 0x8800) syz_usb_control_io$uac1(r0, &(0x7f0000000640)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0) 11.277463217s ago: executing program 1 (id=35): syz_mount_image$exfat(&(0x7f00000005c0), &(0x7f0000000b00)='./file0\x00', 0x3000050, &(0x7f0000000600)=ANY=[], 0x2, 0x14fe, &(0x7f0000002180)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==") fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff, 0x100) 10.596652947s ago: executing program 3 (id=38): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)={0x84, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x4}, @CTA_EXPECT_MASK={0x30, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @remote}}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @local}}}]}]}, 0x84}}, 0x0) 10.596474061s ago: executing program 1 (id=39): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x2, 0x4000, 0x2000, &(0x7f0000ff8000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x4b, &(0x7f00000001c0)=[@cr4={0x1, 0x3420e5}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10.421007938s ago: executing program 3 (id=41): r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="0d01000009000008250592d20700006a3b010902241700fa0074980904e4ff11070103000905010200ffe0000009058202"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000200)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 9.140861316s ago: executing program 1 (id=43): openat$random(0xffffffffffffff9c, &(0x7f0000000300), 0x242, 0x0) r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x3c, 0x3e9, 0x1, 0x70bd26, 0x25dfdbfb, {0x0, 0x1, 0x1, 0x0, 0xd, 0x80, 0x2, 0x80000000, 0x0, 0x7, 0x9}}, 0x3c}}, 0x20040000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = dup(0xffffffffffffffff) ioctl$USBDEVFS_CONTROL(r4, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x103, 0x0, 0xe0, 0x0, 0x0}) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) process_vm_readv(r1, &(0x7f0000000d00)=[{&(0x7f00000000c0)=""/47, 0x2f}, {&(0x7f0000000240)=""/123, 0x7b}, {0x0}, {0x0}, {&(0x7f00000009c0)=""/159, 0x9f}, {&(0x7f0000000b40)=""/148, 0x94}, {0x0}, {&(0x7f00000006c0)=""/85, 0x55}], 0x8, &(0x7f0000000800)=[{&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f0000000dc0)=""/197, 0xc5}, {&(0x7f0000000540)=""/240, 0xf0}, {&(0x7f00000003c0)=""/13, 0xd}], 0x4, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5) syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040), 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) 8.755943361s ago: executing program 2 (id=45): mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={[{@subsystem='cpuset'}, {@subsystem='memory'}, {@subsystem='cpuacct'}]}) syz_mount_image$ext4(&(0x7f0000000140)='ext2\x00', &(0x7f0000000280)='.\x02\x00', 0x800000, &(0x7f0000000b40)={[{@noquota}, {@mblk_io_submit}, {@debug}, {@test_dummy_encryption}, {@sysvgroups}, {@sysvgroups}, {@mblk_io_submit}, {@dax_never}, {@inlinecrypt}, {@max_batch_time}, {@journal_dev}]}, 0x44, 0xbca, &(0x7f00000029c0)="$eJzs3M1rHOcZAPBnRp+21K5cSql7sUopNrRdyy4ytSnULi695BBIrgELeWWE1h9ICo5kHVbJPxCSnAO5BJKYBB/isy8J5JpL4lxjcgiYoFgJhJAozH5IirSrD3vXI6TfD17N++47u8/z7Hh35oUdB3BgDWd/0oijEXEpiSjUH08jorfa64+o1PZbXloY/35pYTyJlZXnvkkiiYhHSwvjjddK6tuB+qA/Ij79bxK/e2Vz3Jm5+amxcrk0XR+fnL164+TM3Pw/Jq+OXSldKV07deZfo6dHz4ycHW1brT98ef7ud3/+/1eVH9/96fa3r7+dxPkYrM+tr6NdhmN49T1ZrzsixtodLCdd9XrW15l0b/OktMNJAQDQUrruGu4PUYiuWLt4K8RHn+WaHAAAANAWK10RKwAAAMA+l1j/AwAAwD7X+B3Ao6WF8UbL9xcJT9fDCxExVKt/ud5qM91RqW77oyciDj9KYv1trUntaU9sOCIefHH2g6xFh+5D3kplMSL+2Oz4J9X6h6p3cW+uP42IkTbEH94w3mv1/723df3n2xA/7/oBOJjuXaidyDaf/9LV659ocv7rbnLuehx5n/8a13/Lm67/1urvanH99+wOY9x6582breay+v9993/vN1oWP9s+UVG78HAx4k/dzepPVutPWtR/aYcxCj/fLLWa22H9fbsubIdW3oo4Hs3rb0i2/v+JTk5Mlksjtb9NYyx+Mvpeq/ib6u/vQJFbyI7/4Rb1b3f8b+wwxgsXL95pNbf98U+/7k2er/Z664+8NDY7O30qojd5ZvPjp+s3tLfQ2KfxGln9J/6y9ee/Wf1ZiEr9fcjWAov1bTZ+eUPM/9y+9eFW9Wdrvzw//5cf8/i/usMYf/34tROt5tavf7OWxX+Q1NbCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCQRsRgJGlxtZ+mxWLEQET8Pg6n5eszs3+buP7itcvZXMRQ9KQTk+XSSEQUauMkG5+q9tfGpzeM/xkRRyLijcKh6rg4fr18Oe/iAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWDUQEYORpMWISCNiuZCmxWLeWQEAAABtN5R3AgAAAEDHWf8DAADA/mf9DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIcdOXbvfhIRlXOHqi3TW5/ryTUzoNPSvBMActOVdwJAbrrzTgDIzS7X+C4XYB9KtpnvbznT1/ZcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANi7jh+9dz+JiMq5Q9WW6a3P9TR9xrGnmB3QSWneCQC56dpqsnvD2JcF7CsbP+LAwdF8jQ8cJMk28/1r+1R+PdPXsZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2HsGqy1JixGRVvtpWixG/CYihqInmZgsl0Yi4rcR8Xmhpy8b9+WdNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG03Mzc/NVYul6Z1dNrbGaj/E9sr+ez9TrI30qh1cv5iAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFzNz81Nj5XJpeibvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC8zczNT42Vy6XpHXTu7GbndZ28awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID+/BAAA//8S7wcI") r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000240)=0x1, 0x4) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000240)={0xb, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000006c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f00000003c0)=@filter={'filter\x00', 0x42, 0x4, 0x298, 0xffffffff, 0x98, 0x98, 0x98, 0xffffffff, 0xffffffff, 0x250, 0x250, 0x250, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x3e020000, 0x70, 0x98, 0x0, {0x88000000}}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x4}}}, {{@uncond, 0x0, 0x70, 0xd0, 0x0, {0x122}}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}}}}, {{@ip={@rand_addr=0x64010101, @empty, 0xffffffff, 0xffffffff, 'batadv_slave_1\x00', 'veth1_to_batadv\x00', {0xff}, {}, 0x4, 0x2, 0x47}, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2f8) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4) getsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100), &(0x7f0000000180)=0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x56202326, @empty, 0x4000008}, 0x1c) syz_open_dev$ptys(0xc, 0x3, 0x0) unshare(0x64000400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x80) pipe(0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYRES32=r5], 0x20) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x10) 7.833738304s ago: executing program 1 (id=47): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) lstat(&(0x7f00000002c0)='./file1\x00', 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) 7.604100833s ago: executing program 4 (id=48): syz_open_procfs(0x0, &(0x7f00000001c0)='net/vlan/vlan0\x00') signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0) 7.598363025s ago: executing program 0 (id=49): mkdirat(0xffffffffffffff9c, 0x0, 0x108) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0xc) syz_usb_connect(0x0, 0x62, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b0102030109025000010000000009041f0000ff0100000a24010400050201020724070500000508240805040004960d2406010103020001000600060924030505030605810924030601030405050724", @ANYRES8=r0], 0x0) 7.231160029s ago: executing program 3 (id=50): syz_open_dev$tty1(0xc, 0x4, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) accept$unix(0xffffffffffffffff, &(0x7f0000000300), 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x23, &(0x7f0000000040), 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) socket$inet_tcp(0x2, 0x1, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000007cc0), 0x8100, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x33}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x70) 5.231773297s ago: executing program 4 (id=51): write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="15"], 0x15) syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file1\x00', 0x8084, &(0x7f00000001c0)=ANY=[@ANYBLOB="616c6c6f775f7574696d653d30303030303030303030303030303030303030303030372c646f74732c646f74732c6e6f636173652c646f74732c636865636b3d72656c617865642c646f74732c6e6f646f74732c646f74732c0032884758edd2e7a17e3c116a014262927783807ed4e210440ddebdf7d64a629cc9e873202c6d1e1d7dbabad279cb290d8a6c81b9ee715a035afdc5af3e15b932174f56cf4f009847fbc0e187d20fe47e50595251e835b306e05bc51afba211073e289eb499be4d726e3efbbeb1eb175e92b262c4ee4cee83e529784e53c874b73bb376876e2f3b2e667330e12c337d3a8b8cacccd9d86bc4c2f3b8971a79fb8f69af7b1d19592bf6a7186f7d4322045a99eaa207c407ab52aeadaaf1d089c278fccfb2138f"], 0x1, 0x16b, &(0x7f0000000600)="$eJzs20GrElEUB/Azab73avPW0WKgTSupVi2LeEE0UBQualVgbTSE3Eyt/BSt+4JBuGrVDZ3QEkWknJHn77fxwB+958rMXO7AfXPzw6A/Gr8fPZ/GaZZF+0Hk8TOL87gSrahMAgC4TH6kFN9TSulkEmdfI6XUdEcAwL5Z/wHg+Gxd/+831BgAsDf2/wBwfF6+ev30YVFcvMjz04hvk7JX9qrPKn/8pLi4k8+dL781Lctea5HfrfL87/xqXPud31ubd+L2rSqfZY+eFSv59ejvf/oAAABwFLr5wtr9fbe7Ka+qP94PrOzf23GjXds0AIAdjD99HrwdDt99rKE4m4+Y1TvobsWXBv6Wgy1acRBtKLYWs0v2f/9yk08loA7Lm77pTgAAAAAAAAAAAAAAgE3+8ahQJyLWRBGdbScLTmqfKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACz8CgAA//9vQEW+") mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 4.265852337s ago: executing program 1 (id=52): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x20400049, &(0x7f0000000300)={[{@nogrpid}, {@abort}, {@nomblk_io_submit}, {@noblock_validity}, {@nolazytime}, {@orlov}, {@jqfmt_vfsv0}, {@barrier_val={'barrier', 0x3d, 0xd95a}}, {@jqfmt_vfsold}]}, 0x84, 0x4a5, &(0x7f0000000e00)="$eJzs3MtvG0UYAPBv13n0lcYt5dFSqKFURBSSNi3QAxcQSL0gIcEBjiFNq9C0RU2QaFXRFKFyRBw4A0ck/gJOcEHACcQV7gipQr1QOCCjtdepndghseO4xb+f5HhmH575dmeysx7bAfStUvYnidgREb9ExGg127hBqfp06+aV6b9uXplOolx+9Y+kst2fN69M1zbdkT9vz19zLI1IP0hisUm585cun52am5u5mOcnFs69PTF/6fJTs+emzsycmTk/eeLE8WNHn31m8ukNiXMkq+u+9y7s33vyjY9fno7FN7//Mqt/IV9fH0dVseMyS1GKcrlcThuWDlX+Hur41e8sI3XpZKCHFWFdsvafna7BSv8fjULcPnmj8dL7zffasnkVBLomuz7tWrG0elVMDyWV9cD/lT4O/ap2xc/uf2uPzR2B9NaN56s3QFnct/JHdc1AZPftSbF6x17oUvk7IuL1xb8/zR7R9H0IAICN9XU2/nmy2fgvjfvqttuZzw0VI+JwROyOiHsiYk9E3BtR2fb+iHhgneWXluVXjn9+2tpWYGuUjf+ey+e2Gsd/S7M2xUKeG6nEP5icni3EkfyYjMXg8OnZuZmjq5TxzYs/f9RqXalu/Jc9svJrY8G8Hr8PDDfuc2pqYaqTmOvduBaxb6BZ/MnSTEASEXsjYl8br58ds9knvtifpXduX7n+v+NfxQbMM5U/j3i8ev4XY1n8NUm1pFbzkxNbYm7myETWCo40LeOHH6+/Up8frEu3iL+rbb5edv63NW3/efy1blCbr51ffxnXf/2w5T1Nu+1/KHmtkh7Kl707tbBw8WjEUL6gYfnk7X1r+dr2WfxjB5v3/90R/3yW7/dgRGSN+KGIeDgiDuR1fyQiHo2Ig6vE/90Lj721+hFqs/1vgCz+Uy3Of94Cikn9fH0bicLZb79qVf7azv/xSmosX7KW/39rrWBnRw8AAADuDmllDjpJx5fSaTo+Xv0M/57Yls5dmF84XIp3zp+qzlUXYzCtvdM1uvR+aPX9z2JdfnJZ/lhE7Kp80mhrJT8+fWFupNfBQ5/b3qL/Z37r1odegDvHuubRku7VA9h8vq8JfeqTwV7XAOgh13/oX/o/9K9m/f9qxK0eVAXYZK7/0L+a9P9rvagHsPlc/6F/6f/Ql1Z+Jb720xPtfNP/dmL3yTb2Gu6w0LsyUehs94mIaLoq6n+0owuJSNvefUvHpZevlsudVD7d+MOSrvtXMg7kieGIaLlxoXHV1a6e0+XtZ1W+HQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANwV/g0AAP//kjzfrg==") mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x50) syz_usb_connect$uac1(0x0, 0xaa, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x20008040) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000440)='.\x00', 0x449) io_setup(0x9, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) getdents(r0, 0x0, 0x0) getdents(r0, 0x0, 0x0) 4.12228343s ago: executing program 2 (id=53): sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x1, 0xd00, 0x80000000, {0x77359400}, {}, {}, 0x1, @canfd={{0x0, 0x0, 0x1, 0x1}, 0x38, 0x0, 0x0, 0x0, "dc5a0ed20407f2bd0690bfe106dae015ddf047a63e388c3a17049dc942090000000000000018195704fd22e15c26b0555e6a957c3f2dc86a355f4806c9e4f761"}}, 0x80}}, 0x40000) ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, 0x0) syz_usb_connect(0x2, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100005c3f6b200304a4bc23d7010203010902120001000000000904"], 0x0) 4.039713991s ago: executing program 0 (id=54): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) io_cancel(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000400)={[{@nojournal_checksum}, {@nombcache}, {@barrier}, {@nogrpid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@usrquota}, {@jqfmt_vfsold}, {@test_dummy_encryption}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@sysvgroups}, {@discard}], [{@smackfsdef={'smackfsdef', 0x3d, 'min_batch_time'}}, {@hash}, {@pcr={'pcr', 0x3d, 0x24}}]}, 0xff, 0x575, &(0x7f00000009c0)="$eJzs3U1rG0cfAPD/ynLenycOhEB7KKE5NCWNHNt9SaGH9Fja0EB7T4WtmGA5CpYcYjfQ5NBceimhUEoDpR+g9x5Dv0A/RaANhBJMe+jFZeXdRLYlW7aVyI5+P1hnRzPy7F+zM5ndWaMABtbJ9Ech4pWI+DaJONqSV4ws8+RKuaUntybTLYnl5c/+SiLJXsvLJ9m/h/NEMeK3ryPOFFZVOZL+qC8szpSr1cpc9uJoY/b6aH1h8ezV2fJ0ZbpybXxi4vw7E+Pvv/fu2kNObm8z1jcv/fPDpw8+Ov/NqaXvf3l07F4SF+JIltcaxw6sOrSTK59u04U1Bcd6UNlukvT7ANiWoayfD0c6BhyNoazXAy+/ryJiuSsx0l05YO9Iuuz/wMsmnwfk1/Y9ug7eMx5/uHIBtD7+Ynb1fqB5bXRoKVl1ZZTkNzJ2KK3j1z/v30u36N19CIBN3b4TEeeKxfXjX9Jy93J7znVRZm0dxj94cR6k85+32s1/Ck/nP9Fm/nO4Td/djs37f+FRD6rpKJ3/fdB2/pstWo3EyFCW+l8zOZxcuVqtpGPb/yPidAzvT9MbreecX3q43Cmvdf6Xbmn9+VwwO45Hxf2r3zNVbpR3FvUzj+9EvNp2/ps8bf+kTfunn8elLus4Ubn/Wqe8zeN/vpZ/jnijbfs/W9FKNl6fHG2eD6P5WbHe33dP/N6p/n7Hn7b/oY3jH0la12vrW6/jpwP/VjrldYx/X16i/fm/L/m8uZ8Xu1luNObGIvYln6x/ffzZe/N0Xj6N//Spjce/duf/wYj4osv47x6/27Hojtq/B4uuafxTW2r/re0Mz5SrDz/+8setx38xuzuRtv/bzbKns/d0M/51e4A7/wQBAAAAAABg9yhExJFICqWn+4VCqbTyfMfxOFSo1uqNM1dqr0czr/n8QyFf6T7a8jzEWPY8bJ4eX5OeiIhjEfHd0MFmujRZq071O3gAAAAAAAAAAAAAAAAAAADYJQ53+Pv/1B9D/T464Lnzld8wuDbt/734pidgV/L/Pwwu/R8Gl/4Pg0v/h8Gl/8Pg0v9hcOn/MLj0fwAAAAAAAAAAAAAAAAAAAAAAAAAAAOipSxcvptvy0pNbk2l66sbC/EztxtmpSn2mNDs/WZqszV0vTddq09VKabI2u9nvq9Zq18fGY/7maKNSb4zWFxYvz9bmrzUuX50tT1cuV4ZfSFQAAAAAAAAAAAAAAAAAAACwt9QXFmfK1Wplzs5g7OzPGr5nv7C4O+LaMzsHI6J/tc93XbjPAxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtPgvAAD//2ysM+A=") socket$inet_udp(0x2, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r3) sendmsg$NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="46000000dfbd0f566a178a49cb", @ANYRES16=r4, @ANYRES32=0x0, @ANYBLOB="0c0099000400000004003e00"], 0x30}}, 0x0) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r5, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a", 0x83}], 0x1}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c1fedaec3144d1ee66a0eb0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc920810eaefd5f9a171e9d32ab46b42e3e78c60087318bab42e94653cbdd600fba37c5a31d095500e91d02256f101e82447e34733220cdaaabc947f5b815080b5214c94a06fe96450ea42f48006c032b24d9e8d7228", 0x12e}, {&(0x7f0000001b00)="1791613d45501cb6a8d8eaeb96ee68b2d8daad34b8c528b97ead9f051e427e309b714d3d12d8d401ee42a68183b0e95a5b22ea", 0x33}, {&(0x7f0000000140)="8418ed4842f5f8b34b578d0d108851b3aed87622d6174f230bfde4a110c15f875606b85b5309ad26babede7c2920ef3f8a73ea45d5a48662152f64bdfcd2b256eca1ae5a0f938a33db7cf70171ad482d35295e80eb0212c26f3ba3cd5f64accba9792f5f6d369f0ad62bf83dc1fe651312622298f71938ea90fa25cf3b97d409618c62d303e363f209a3aa", 0x8b}], 0x3}}], 0x2, 0x2090) sendto$inet(r5, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) shutdown(r5, 0x1) r6 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x328, 0xa8, 0x1e8, 0xfeffffff, 0x290, 0xa8, 0x290, 0x290, 0xffffffff, 0x290, 0x290, 0x5, 0x0, {[{{@ip={@broadcast, @remote, 0x0, 0x0, 'dummy0\x00', 'geneve0\x00'}, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @port, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0x98, 0x0, {0x0, 0x7}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x1e8}}, {{@ip={@rand_addr=0x64010100, @multicast1, 0x0, 0xffffffff, 'veth1_to_bond\x00', 'ip_vti0\x00', {0xff}, {0xff}, 0x89, 0x1, 0xa}, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @local, @local, @icmp_id=0x67, @gre_key=0x4}}}}, {{@ip={@private, @local, 0x0, 0x0, 'veth1_virt_wifi\x00', 'pim6reg0\x00'}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @local, @loopback, @icmp_id=0x67, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x388) 3.854985116s ago: executing program 4 (id=55): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fe, 0x82) r1 = dup(r0) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, 0x0) 2.836113413s ago: executing program 3 (id=56): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x804, &(0x7f00000001c0)=ANY=[@ANYBLOB="756e695f786c6174653d302c757466383d312c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c73686f72746e616d653d6d697865642c757466383d302c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c757466383d312c6572726f72733d72656d6f756e742d726f2c636865636b3d7374726963742c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c696f636861727365743d63703934392c757466383d302c636f6465706167653d3836392c00a8c083848e73321f9801dfbaddc615fa29c04eac3de3814ed0b60507d2eb356434ab8f52dfa5d498ced1d32d399d4bd8a72813cc3ef7026a6449360c807c7b7252b89f0af8422df7ae9a966c845aa03291cd9889c4c7ad6950b1bc19f680ee64eec3b4e734f1094591acb6dc3dd17df828333de719cf03c78268de6080d71f4417b812201d8627ee2322f6c25bce1116a6"], 0x1, 0x296, &(0x7f0000000340)="$eJzs3cFqK2UUAOAzyaRJdJEuXIlwB3Th6nLrC9giVxALgpKFutCLNxekCRduIVAV067cuPUJfB434gv4AIo7K4gjk5kkU5lUU9tG7Pdtcjj/OfOfdKbtKn8+fmly9Pjp8ZOzL36MXi+J1n7sx3kSu9GKhdNo9MPPzXkA4D/uPM/jl7zULVMnFys6azrT1o0PBwDciPr//23PAgDcjvfe/+Dtg8PDh+9mWS9i8tV0mET5Wq4fPIlPYxyjeBCD+D0iXyrjN986fBhpVtiNVyaz6bDonHz0XXX9g58i5v17MYjd5v69rFTrn02HnXiu2n9/HKN3vo1BvNDc/1pDfwx34tWXa/Pfj0F8/0k8jXE8rmZb9H+5l2Vv5N/8+vmHRbboT2bTYXdZl5bV7Vu/OQAAAAAAAAAAAAAAAAAAAAAA/G/dz5Zq5/f8VjsRsGm9eC37V+cDnS/P5CnMaufzPMiyLE/K+lV/Gi+m1dE6AAAAAAAAAAAAAAAAAAAAcMcdn3x29Gg8Hj271mDxsf6GpfjjYqYbEVff694/Ku6sMtGuRhsnEZvt1YnuvPPvi9sbXrlfzDN6lqRxfbcgWWb69aV7Ue5VZPplUMv86917MQ8WT9fRo2T9zU3nQa/pIbmGIG94/NoXa1rzCeeZnb+296t30HDl/iW77zx/pZnzwZqlJCI6yx/m5dfpXLbF619v+vte1p/exh8hAAAAAAAAAAAAAAAAAABgbvWh34bFsy0MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbsPr+/w2CWdW8riZvF0EaVWbLbxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA74M8AAAD//6wla2M=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) mknod(&(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x264900, 0x108) 2.697704515s ago: executing program 0 (id=57): openat$random(0xffffffffffffff9c, &(0x7f0000000300), 0x242, 0x0) r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x3c, 0x3e9, 0x1, 0x70bd26, 0x25dfdbfb, {0x0, 0x1, 0x1, 0x0, 0xd, 0x80, 0x2, 0x80000000, 0x0, 0x7, 0x9}}, 0x3c}}, 0x20040000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2) r5 = dup(r4) ioctl$USBDEVFS_CONTROL(r5, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x103, 0x0, 0xe0, 0x0, 0x0}) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) process_vm_readv(r1, &(0x7f0000000d00)=[{&(0x7f00000000c0)=""/47, 0x2f}, {&(0x7f0000000240)=""/123, 0x7b}, {0x0}, {0x0}, {&(0x7f00000009c0)=""/159, 0x9f}, {&(0x7f0000000b40)=""/148, 0x94}, {0x0}, {&(0x7f00000006c0)=""/85, 0x55}], 0x8, &(0x7f0000000800)=[{&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f0000000dc0)=""/197, 0xc5}, {&(0x7f0000000540)=""/240, 0xf0}, {&(0x7f00000003c0)=""/13, 0xd}], 0x4, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5) syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040), 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) 2.597816174s ago: executing program 4 (id=58): socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x8, &(0x7f00000000c0)={[{@journal_dev={'journal_dev', 0x3d, 0xf}}, {@sb={'sb', 0x3d, 0x1}}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) fsmount(r3, 0x0, 0x80) syz_emit_ethernet(0x6e, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd6000021000383aff20010000000000000000000000000000ff02000000000000000000000000000104009078000000036b59be3a0000330000000000000000000000ffffe0000001200100000000000000000000000000012b0006d0680000004d4a5320c4d5ff4597c2298069bc39a55dffc159209164a95e34b4fc931f209bc60e9662c3ae56394841d79b95ff38ea3594003cc20ca6709a30278a0400000000000000f4c74eb693bf204c4c07198e5f08c282d18be76226fa2f21b0554f7e25907942b37be048c50d66927196c56cd346953ee1a73648f1834743"], 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, &(0x7f0000001d80), &(0x7f0000001d40)=r4}, 0x20) r5 = syz_io_uring_setup(0x1f00, &(0x7f00000016c0)={0x0, 0x0, 0x2000}, &(0x7f0000000080)=0x0, &(0x7f0000000040)) syz_emit_ethernet(0x3e, &(0x7f0000000580)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450000300000000000019078ac1efc01ac1414aa0304907803f8fffe4500000000000003002f0000ac14140ae0000001"], 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r7 = fsmount(0xffffffffffffffff, 0x0, 0x86) fchdir(r7) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r8, &(0x7f00000005c0)='\"', 0x1, 0x4fed0) sendfile(r8, r8, 0x0, 0xe3aa6ea) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x40, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r5, 0x7, 0x464f, 0x1, 0x0, 0x0) io_uring_enter(r5, 0x3961, 0x0, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x231a, 0x0, 0x0, 0x0, 0x0) 2.487989151s ago: executing program 3 (id=59): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='loginuid\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) r1 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8) gettid() read$FUSE(r1, &(0x7f00000008c0)={0x2020}, 0xfffffef0) timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) 1.667462829s ago: executing program 0 (id=60): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000340)='./bus\x00', 0x41, &(0x7f00000002c0)={[{@lazytime}, {@stripe={'stripe', 0x3d, 0x88}}, {@bh}, {@nodelalloc}, {@noblock_validity}, {}, {@mblk_io_submit}, {@acl}, {@resgid}], [], 0x3d}, 0x1, 0x522, &(0x7f00000007c0)="$eJzs3UFsI1cZAOB/HDvd7KZNChygEqXQot0VrJ00tI16KEVCcKoElPsSEieK4sRR7LSbqIKsOHBEQgiQOJULFyROnJBQJS4cEVIlOIMAgRBs4YAEdCrb43Q3GSfZjWNn4++TJvPmeeb97zma8byZp5kARtZTEfFyRLybpun1iJjK8scjotBK7HWm1nrv3HljsTUlkaav/iOJJMvrlpW2PRJXss0uRcRXvhjx9eRw3MbO7tpCrVbdypYrzfXNSmNn98bq+sJKdaW6MTc3+/z8C/PPzc/0pZ2TEfHS5//y/e/85Asv/fLTr//x5t+ufSPJ8uNAO+5T8agPO00vtb+LuzfYesBg51Gx3cLMRN4aY4dybp9xnQAA6O0DEfGJiLgeUzF29OksAAAA8BBKPzsZ/0u69+4OGe+RDwAAADxECu0xsEmhnI33nYxCoVyO9hjeD8XlQq3eaH5qub69sdQZKzsdpcLyaq06k40Vno5S0lqebaffX372wPJcRDweEd+bmmgvlxfrtaVhX/wAAACAEXHlQP//31Od/j8AAABwwUwPuwIAAADAmdP/BwAAgItP/x8AAAAutC+98kprSrvvv156bWd7rf7ajaVqY628vr1YXqxvbZZX6vWV9jP71o8rr1avb34mNrZvVZrVRrPS2Nm9uV7f3mjeXL3nFdgAAADAAD3+sbd+n0TE3osT7all/GSbnnA14Lwq7qeSbJ6zW//hsc78zwOqFDAQY8OuADA0xWFXABia0rArAAxdcsznPQfv/Cabf7y/9QEAAPrv6kfy7/8ff11wrzCA6gFnyP0/GF32fxhd7fP8k47kdcYPF0rJGQCMvFPf/z9Wmt5XhQAAgL6bbE9JoZxd3puMQqFcjni0/VqAUrK8WqvORMRjEfG7qdIjreXZ9pbJsX0GAAAAAAAAAAAAAAAAAAAAAAAAAKAjTZNIAQAAgAstovDX5FedZ/lfnXpm8uD1gfHkP1ORvSL09R+9+oNbC83m1mwr/5/7+c0fZvnPDuMKBgAAAIyE4v2s3O2nd/vxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANBP79x5Y7E7DTLu3z8XEdN58YtxqT2/FKWIuPyvJIp3bZdExFgf4k+0/nw4L37SqtZ+yLz4E2+ePv7e7SPjx3T2LeTFv3L68DDS3modf17O2/8K8VR7nr//FSPuWX5QvY9/sX/8G+ux/z96whhPvP2zSs/4tyOeKOYff7rxkx7xn84r8OffPpT1ta/u7vaKn74ZcTX39ye5J1alub5Zaezs3lhdX1iprlQ35uZmn59/Yf65+ZnK8mqtmv3NjfHdj/7i3aPaf7lH/Olj2v9MTnnjOXn/f/vWnQ92kqW8+Neezon/6x9naxyOX8h++z6ZpVufX+2m9zrpuz35098+eVT7l3q0/7j//7VehR5w/cvf+tMJVwUABqCxs7u2UKtVt85H4sXoe8mtHv7Q2/XwJf6bnotqnG3im30tME3TtLVPnaKcJAb3JSRHV3XYRyYAAKDf3j/pH3ZNAAAAAAAAAAAAAAAAAAAAYHQN4kljB2Pu7aeSfjxCGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgL94LAAD//wnq4Ao=") 1.498835391s ago: executing program 0 (id=61): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) sendmsg$sock(r1, 0x0, 0x4004890) 1.351283618s ago: executing program 2 (id=62): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000580)={0x24, &(0x7f00000003c0)={0x20, 0x24, 0x9, {0x9, 0x3, "df29591e358c5e"}}, 0x0, 0x0, 0x0}, 0x0) 768.431665ms ago: executing program 1 (id=63): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000044, &(0x7f0000000280)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@init_itable}, {@init_itable_val={'init_itable', 0x3d, 0x4c}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@stripe={'stripe', 0x3d, 0x9}}, {@nouid32}, {@quota}, {@user_xattr}, {@nouid32}, {@init_itable}]}, 0x1, 0x576, &(0x7f00000005c0)="$eJzs3d9rW1UcAPDvTZv91nUwhopIYQ9O5tK19ccEH+aj6HCgz87QZmU0XUaTjrUOtj24FxFkCCIOxXd990mG/4B/gY8DHQwZRR98idz0psvWpM26rOnM5wN3uyf35p7zzbnf03NzExLAwBpN/8lFPB8RXyYR+yMiybYNR7ZxdGW/5XuXp9IliXr9w7+Sxn5puXms5vP2ZoXnIuLXzyKO5tbWW11cmi2Wy6X5rDxWm7swVl1cOnZurjhTmimdn5icPPH65MRbb77Rs1hfOf3PNx/cevfE54eXv/7pzoEbSZyMfdm21jgew9XWwmiMZq9JPk4+tOP4yn+9qHNbSPrdADZlKMvzfKRjwP4YyrIe+P+7EhF1YEAl8h8GVHMe0Ly279F18FPj7jsrF0Br4x9eeW8kdjWujfYsJw9cGaXXuyM9qD+t4+c/b95Il+jd+xAAG7p6LSKODw+vHf+SbPzbvONd7PNwHcY/2Dq30vnPq+3mP7nV+U+0mf/sbZO7m7Fx/ufu9KCajtL539tt57+rN61GhrLSM405Xz45e65cSse2ZyPiSOR3puXxdeo4sXy73mlb6/wvXdL6m3PBrB13hnc++JzpYq34ODG3unst4oW2899ktf+TNv2fvh6nu6zjUOnmS522bRz/k1X/IeLltv1//45Wsv79ybHG+TDWPCvW+vv6od861d/v+NP+37N+/CNJ6/3a6qPX8f2uf0udtj0Qf3R//u9IPmqs78geu1Ss1ebHI3Yk7699fOL+c5vl5v5p/EcOrz/+3T//f1k9zu6I+KTL+K8f/PHFXd3E36f+n36k/n/0ldvvffptp/q7G/9ea6wdyR7pZvzboF352PTZDAAAAAAAANtXLiL2RZIrrK7ncoXCyuc7DsaeXLlSrR09W1k4Px2N78qORD7XvNO9v+XzEOPZ52Gb5YmHypMRcSAivhra3SgXpirl6X4HDwAAAAAAAAAAAAAAAAAAANvE3g7f/0/9MdTv1gFPnJ/8hsG1Yf53+qWnU9/1vjHAlvL3HwaX/IfBJf9hcMl/GFzyHwaX/IfBJf9hcMl/AAAAAAAAAAAAAAAAAAAAAAAAAAAA6KnTp06lS3353uWptDx9cXFhtnLx2HSpOluYW5gqTFXmLxRmKpWZcqkwVZnb6HjlSuXC+EQsXBqrlaq1seri0pm5ysL52plzc8WZ0plSfkuiAgAAAAAAAAAAAAAAAAAAgKdLdXFptlgul+atbP1K/UpEv5uRZCfCpo8z/MRa+MXvHx/dDt00mCt9HpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMV/AQAA//9L+TWE") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b) ftruncate(r1, 0x5) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) 687.700435ms ago: executing program 3 (id=64): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x108) r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0xc) syz_usb_connect(0x0, 0x62, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b0102030109025000010000000009041f0000ff0100000a24010400050201020724070500000508240805040004960d2406010103020001000600060924030505030605810924030601030405050724", @ANYRES8=r0], 0x0) 616.510037ms ago: executing program 4 (id=65): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x4, 0xfc, 0xd, 0x400, 0x11, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, 0x40, 0x7, 0x8}}) 97.330547ms ago: executing program 4 (id=66): syz_emit_ethernet(0x0, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="00000c000000070001a1"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000940)={0x2c, &(0x7f0000000700)={0x40, 0x16, 0xb, "dcb6b58bd5dc7e4b7e4648"}, 0x0, 0x0, 0x0, 0x0}) 0s ago: executing program 0 (id=67): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x6e, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @mcast1, @loopback={0x0, 0xffffac1414aa}, [], "1e520b4c951ee12e"}}}}}}}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2, 0x25, 0x4, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000400)=ANY=[], 0x0) syz_mount_image$fuse(&(0x7f0000000380), &(0x7f0000000480)='./file0\x00', 0x80400b, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.134' (ED25519) to the list of known hosts. [ 79.957375][ T5814] cgroup: Unknown subsys name 'net' [ 80.089405][ T5814] cgroup: Unknown subsys name 'cpuset' [ 80.098477][ T5814] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 81.771161][ T5814] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 83.965490][ T5828] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.976158][ T5828] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.000968][ T5831] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.010168][ T5831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.018737][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.051854][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.060223][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.071026][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.080734][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.104593][ T5149] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.112525][ T5837] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.121745][ T5149] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.127141][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 84.130098][ T5149] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.143820][ T5149] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.153306][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.164067][ T5828] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 84.180166][ T5828] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 84.188458][ T5828] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 84.196581][ T5828] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 84.204876][ T5828] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.213583][ T5843] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.221919][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.226569][ T5828] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.239109][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.832698][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 84.895405][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 85.089495][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 85.116080][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 85.265062][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.273280][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.280898][ T5840] bridge_slave_0: entered allmulticast mode [ 85.288446][ T5840] bridge_slave_0: entered promiscuous mode [ 85.331480][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.339093][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.346665][ T5826] bridge_slave_0: entered allmulticast mode [ 85.354284][ T5826] bridge_slave_0: entered promiscuous mode [ 85.377082][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.384779][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.393043][ T5840] bridge_slave_1: entered allmulticast mode [ 85.402768][ T5840] bridge_slave_1: entered promiscuous mode [ 85.417479][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 85.439798][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.447522][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.454961][ T5826] bridge_slave_1: entered allmulticast mode [ 85.462912][ T5826] bridge_slave_1: entered promiscuous mode [ 85.583763][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.591251][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.599066][ T5834] bridge_slave_0: entered allmulticast mode [ 85.606873][ T5834] bridge_slave_0: entered promiscuous mode [ 85.620977][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.663982][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.674328][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.681824][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.689391][ T5834] bridge_slave_1: entered allmulticast mode [ 85.697121][ T5834] bridge_slave_1: entered promiscuous mode [ 85.707841][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.724041][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.732333][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.740241][ T5829] bridge_slave_0: entered allmulticast mode [ 85.747810][ T5829] bridge_slave_0: entered promiscuous mode [ 85.759756][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.814469][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.821880][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.829427][ T5829] bridge_slave_1: entered allmulticast mode [ 85.837084][ T5829] bridge_slave_1: entered promiscuous mode [ 85.906359][ T5826] team0: Port device team_slave_0 added [ 85.917285][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.929897][ T5840] team0: Port device team_slave_0 added [ 85.964779][ T5826] team0: Port device team_slave_1 added [ 85.975879][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.007881][ T5840] team0: Port device team_slave_1 added [ 86.031099][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.095768][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.096155][ T5828] Bluetooth: hci0: command tx timeout [ 86.103651][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.118314][ T5835] bridge_slave_0: entered allmulticast mode [ 86.126219][ T5835] bridge_slave_0: entered promiscuous mode [ 86.138040][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.174620][ T5834] team0: Port device team_slave_0 added [ 86.182754][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.190221][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.217654][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.245927][ T5828] Bluetooth: hci4: command tx timeout [ 86.245927][ T51] Bluetooth: hci1: command tx timeout [ 86.251535][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.264740][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.291893][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.305236][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.313229][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.321098][ T5835] bridge_slave_1: entered allmulticast mode [ 86.327814][ T5828] Bluetooth: hci3: command tx timeout [ 86.333469][ T51] Bluetooth: hci2: command tx timeout [ 86.341062][ T5835] bridge_slave_1: entered promiscuous mode [ 86.363603][ T5834] team0: Port device team_slave_1 added [ 86.371415][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.378862][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.406307][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.418915][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.425947][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.452293][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.548325][ T5829] team0: Port device team_slave_0 added [ 86.558799][ T5829] team0: Port device team_slave_1 added [ 86.566880][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.574144][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.601027][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.620156][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.627316][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.653981][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.671112][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.686399][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.756209][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.763183][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.789696][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.803640][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.810658][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.837585][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.906908][ T5826] hsr_slave_0: entered promiscuous mode [ 86.914360][ T5826] hsr_slave_1: entered promiscuous mode [ 86.998566][ T5835] team0: Port device team_slave_0 added [ 87.064219][ T5840] hsr_slave_0: entered promiscuous mode [ 87.074049][ T5840] hsr_slave_1: entered promiscuous mode [ 87.083001][ T5840] debugfs: 'hsr0' already exists in 'hsr' [ 87.089286][ T5840] Cannot create hsr debugfs directory [ 87.099767][ T5835] team0: Port device team_slave_1 added [ 87.158986][ T5829] hsr_slave_0: entered promiscuous mode [ 87.167198][ T5829] hsr_slave_1: entered promiscuous mode [ 87.176684][ T5829] debugfs: 'hsr0' already exists in 'hsr' [ 87.183070][ T5829] Cannot create hsr debugfs directory [ 87.228754][ T5834] hsr_slave_0: entered promiscuous mode [ 87.237124][ T5834] hsr_slave_1: entered promiscuous mode [ 87.243792][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 87.250221][ T5834] Cannot create hsr debugfs directory [ 87.294190][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.301544][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.328222][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.342183][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.349884][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.376467][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.674518][ T5835] hsr_slave_0: entered promiscuous mode [ 87.681861][ T5835] hsr_slave_1: entered promiscuous mode [ 87.689187][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 87.695234][ T5835] Cannot create hsr debugfs directory [ 88.163652][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.171217][ T51] Bluetooth: hci0: command tx timeout [ 88.194669][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.207396][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.229690][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.281482][ T5829] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 88.302592][ T5829] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 88.313225][ T5829] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 88.325590][ T51] Bluetooth: hci4: command tx timeout [ 88.334637][ T5829] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 88.336637][ T51] Bluetooth: hci1: command tx timeout [ 88.405542][ T51] Bluetooth: hci2: command tx timeout [ 88.405642][ T5828] Bluetooth: hci3: command tx timeout [ 88.468545][ T5834] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.480284][ T5834] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.492262][ T5834] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.505076][ T5834] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.611828][ T5835] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.630678][ T5835] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.643621][ T5835] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.677072][ T5835] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.795109][ T5826] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.809903][ T5826] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.820598][ T5826] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.832621][ T5826] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.867595][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.979996][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.992694][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.033925][ T157] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.041217][ T157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.064415][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.092535][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.099686][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.127235][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.134402][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.174105][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.183806][ T157] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.191163][ T157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.273141][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.308192][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.315530][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.365298][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.372641][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.404654][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.508949][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.548812][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.607070][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.614319][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.690800][ T81] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.698189][ T81] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.742479][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.821466][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.828758][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.904421][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.911810][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.048865][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.081927][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.246093][ T5828] Bluetooth: hci0: command tx timeout [ 90.261191][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.373877][ T5840] veth0_vlan: entered promiscuous mode [ 90.407251][ T5828] Bluetooth: hci1: command tx timeout [ 90.407263][ T51] Bluetooth: hci4: command tx timeout [ 90.446497][ T5840] veth1_vlan: entered promiscuous mode [ 90.488919][ T5828] Bluetooth: hci2: command tx timeout [ 90.490675][ T51] Bluetooth: hci3: command tx timeout [ 90.654504][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.695319][ T5834] veth0_vlan: entered promiscuous mode [ 90.731443][ T5840] veth0_macvtap: entered promiscuous mode [ 90.748390][ T5834] veth1_vlan: entered promiscuous mode [ 90.773817][ T5840] veth1_macvtap: entered promiscuous mode [ 90.830926][ T5829] veth0_vlan: entered promiscuous mode [ 90.862692][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.905064][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.920089][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.936691][ T5835] veth0_vlan: entered promiscuous mode [ 90.962226][ T5829] veth1_vlan: entered promiscuous mode [ 90.978479][ T157] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.988726][ T157] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.003002][ T5835] veth1_vlan: entered promiscuous mode [ 91.016879][ T157] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.026641][ T157] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.107623][ T5834] veth0_macvtap: entered promiscuous mode [ 91.151592][ T5834] veth1_macvtap: entered promiscuous mode [ 91.204972][ T5829] veth0_macvtap: entered promiscuous mode [ 91.222652][ T5829] veth1_macvtap: entered promiscuous mode [ 91.266998][ T157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.278972][ T157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.298648][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.319586][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.336786][ T5826] veth0_vlan: entered promiscuous mode [ 91.366225][ T5835] veth0_macvtap: entered promiscuous mode [ 91.384338][ T35] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.403935][ T5835] veth1_macvtap: entered promiscuous mode [ 91.415604][ T35] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.439696][ T35] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.449577][ T35] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.460658][ T157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.475701][ T157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.487470][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.499177][ T5826] veth1_vlan: entered promiscuous mode [ 91.536899][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.592469][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.607589][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.627541][ T157] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.631922][ T5840] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 91.637704][ T157] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.676912][ T157] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.691271][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.797031][ T157] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.809179][ T157] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.835106][ T5826] veth0_macvtap: entered promiscuous mode [ 91.920113][ T157] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.935180][ T157] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.952820][ T5826] veth1_macvtap: entered promiscuous mode [ 92.021253][ T9] cfg80211: failed to load regulatory.db [ 92.170308][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.186930][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.325714][ T51] Bluetooth: hci0: command tx timeout [ 92.485472][ T51] Bluetooth: hci4: command tx timeout [ 92.492047][ T51] Bluetooth: hci1: command tx timeout [ 92.566605][ T5828] Bluetooth: hci2: command tx timeout [ 92.574560][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.582790][ T5828] Bluetooth: hci3: command tx timeout [ 92.746515][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.771326][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.813123][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.822371][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.831566][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.952227][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.971260][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.089929][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.104463][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.132377][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.166146][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.171166][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.195413][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.311955][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.331597][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.335385][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.371890][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.583471][ T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.656672][ T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.656947][ T5963] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 94.742868][ T5979] loop3: detected capacity change from 0 to 512 [ 94.756818][ T5979] EXT4-fs: Ignoring removed i_version option [ 94.813268][ T5979] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.543644][ T5840] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.950128][ T6007] loop2: detected capacity change from 0 to 512 [ 97.317737][ T6007] FAT-fs (loop2): Directory bread(block 199916) failed [ 97.437516][ T6007] FAT-fs (loop2): Directory bread(block 199917) failed [ 97.646263][ T6007] FAT-fs (loop2): Directory bread(block 199918) failed [ 97.709489][ T6007] FAT-fs (loop2): Directory bread(block 199919) failed [ 97.805889][ T6007] FAT-fs (loop2): Directory bread(block 199920) failed [ 97.815176][ T6007] FAT-fs (loop2): Directory bread(block 199921) failed [ 97.838918][ T6007] FAT-fs (loop2): Directory bread(block 199922) failed [ 97.858762][ T6007] FAT-fs (loop2): Directory bread(block 199923) failed [ 97.954875][ T6007] FAT-fs (loop2): Directory bread(block 199916) failed [ 97.976317][ T6007] FAT-fs (loop2): Directory bread(block 199917) failed [ 98.202040][ T5918] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 98.222671][ T6024] netlink: 4 bytes leftover after parsing attributes in process `syz.2.20'. [ 98.252103][ T6024] netlink: 4 bytes leftover after parsing attributes in process `syz.2.20'. [ 98.264825][ T6024] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 98.386158][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.424562][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 98.526013][ T5918] usb 4-1: Using ep0 maxpacket: 16 [ 98.534971][ T5918] usb 4-1: config 1 has an invalid interface number: 105 but max is 0 [ 98.544289][ T5918] usb 4-1: config 1 has no interface number 0 [ 98.554347][ T5918] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 98.567969][ T5918] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 98.596532][ T5918] usb 4-1: config 1 interface 105 has no altsetting 0 [ 98.615002][ T5918] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 98.624722][ T5918] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 98.648415][ T5918] usb 4-1: Product: syz [ 98.657168][ T5918] usb 4-1: Manufacturer: syz [ 98.666139][ T5918] usb 4-1: SerialNumber: syz [ 98.694503][ T6019] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 98.706258][ T6019] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 98.766508][ T987] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 98.961511][ T987] usb 1-1: Using ep0 maxpacket: 32 [ 99.687146][ T987] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.701839][ T6019] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 99.715673][ T987] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.716281][ T6019] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 99.748425][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 99.817098][ T6040] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.825155][ T6040] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.901634][ T987] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 99.940525][ T987] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.974497][ T6040] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 99.979281][ T987] usb 1-1: config 0 descriptor?? [ 99.989093][ T6040] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 100.043059][ T987] hub 1-1:0.0: USB hub found [ 100.242526][ T987] hub 1-1:0.0: 1 port detected [ 100.247654][ T49] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.271278][ T49] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.286401][ T5918] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32 [ 100.320157][ T49] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.330270][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 100.345674][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.368770][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.396592][ T49] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.413255][ T5918] aqc111 4-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, f8:29:70:c6:36:f5 [ 100.570631][ T5918] usb 4-1: USB disconnect, device number 2 [ 100.625935][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 100.687722][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.783593][ T5918] aqc111 4-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 100.826383][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.865682][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.900846][ T987] hub 1-1:0.0: activate --> -90 [ 100.906401][ T5918] aqc111 4-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 100.919409][ T5918] aqc111 4-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 100.937382][ T5918] aqc111 4-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 100.976082][ T5889] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 101.100892][ T6057] loop1: detected capacity change from 0 to 256 [ 101.116255][ T6057] ======================================================= [ 101.116255][ T6057] WARNING: The mand mount option has been deprecated and [ 101.116255][ T6057] and is ignored by this kernel. Remove the mand [ 101.116255][ T6057] option from the mount to silence this warning. [ 101.116255][ T6057] ======================================================= [ 101.175415][ T5889] usb 3-1: Using ep0 maxpacket: 16 [ 101.191048][ T5889] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 101.217619][ T5889] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 101.250356][ T6057] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 101.252811][ T5889] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 101.296162][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.304318][ T6057] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 101.341194][ T5889] usb 3-1: Product: syz [ 101.361030][ T5889] usb 3-1: Manufacturer: syz [ 101.374087][ T987] usb 1-1-port1: config error [ 101.381590][ T5918] usb 1-1: USB disconnect, device number 2 [ 101.389445][ T6057] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 101.416570][ T5889] usb 3-1: SerialNumber: syz [ 101.467467][ T6057] exFAT-fs (loop1): failed to load alloc-bitmap [ 101.487865][ T6057] exFAT-fs (loop1): failed to recognize exfat type [ 101.889045][ T5889] usb 3-1: cannot find UAC_HEADER [ 102.099539][ T5889] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 102.190826][ T5889] usb 3-1: USB disconnect, device number 2 [ 103.167881][ T987] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 103.736296][ T6081] udevd[6081]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 104.275366][ T987] usb 4-1: Using ep0 maxpacket: 8 [ 104.400638][ T6103] cgroup: Unknown subsys name 'cpuset' [ 104.406207][ T987] usb 4-1: config index 0 descriptor too short (expected 5924, got 36) [ 104.414625][ T987] usb 4-1: config 250 has an invalid interface number: 228 but max is -1 [ 104.429413][ T987] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 104.439684][ T987] usb 4-1: config 250 has no interface number 0 [ 104.446727][ T987] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 104.458728][ T987] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 104.488975][ T987] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 104.530150][ T987] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 104.575326][ T987] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 104.645343][ T987] usb 4-1: config 250 interface 228 has no altsetting 0 [ 104.679869][ T6103] loop2: detected capacity change from 0 to 4096 [ 104.701647][ T987] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 104.726774][ T987] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 104.744668][ T6103] EXT4-fs: Ignoring removed mblk_io_submit option [ 104.765472][ T987] usb 4-1: Product: syz [ 104.769751][ T987] usb 4-1: SerialNumber: syz [ 104.786927][ T6103] EXT4-fs: Ignoring removed mblk_io_submit option [ 104.793537][ T6103] EXT4-fs: inline encryption not supported [ 104.820393][ T987] hub 4-1:250.228: bad descriptor, ignoring hub [ 104.838692][ T987] hub 4-1:250.228: probe with driver hub failed with error -5 [ 104.859843][ T6103] EXT4-fs: Mount option(s) incompatible with ext2 [ 105.016262][ T987] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 3 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 105.185379][ T5932] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 105.187272][ T987] usb 4-1: USB disconnect, device number 3 [ 106.520258][ T5932] usb 1-1: Using ep0 maxpacket: 8 [ 106.549007][ T5932] usb 1-1: config 0 has an invalid interface number: 31 but max is 0 [ 106.549042][ T5932] usb 1-1: config 0 has no interface number 0 [ 106.552600][ T5932] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 106.552632][ T5932] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.552653][ T5932] usb 1-1: Product: syz [ 106.552669][ T5932] usb 1-1: Manufacturer: syz [ 106.552684][ T5932] usb 1-1: SerialNumber: syz [ 106.575099][ T5932] usb 1-1: config 0 descriptor?? [ 106.994515][ T5932] uvcvideo 1-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 106.994629][ T5932] uvcvideo 1-1:0.31: No valid video chain found. [ 107.243062][ T6131] capability: warning: `syz.3.50' uses deprecated v2 capabilities in a way that may be insecure [ 107.902119][ T987] usblp0: removed [ 107.958841][ T5932] usb 1-1: USB disconnect, device number 3 [ 108.135820][ T6133] loop4: detected capacity change from 0 to 128 [ 108.272303][ T6138] loop1: detected capacity change from 0 to 512 [ 108.322465][ T6138] EXT4-fs: Ignoring removed nomblk_io_submit option [ 108.360125][ T6138] EXT4-fs: Ignoring removed orlov option [ 108.487593][ T6138] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 108.555472][ T5904] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 108.593286][ T6138] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c018, mo2=0102] [ 108.638841][ T6138] EXT4-fs (loop1): couldn't mount RDWR because of unsupported optional features (80) [ 108.677713][ T6138] EXT4-fs (loop1): Skipping orphan cleanup due to unknown ROCOMPAT features [ 108.988349][ T6138] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 109.477733][ T5904] usb 3-1: config 0 has an invalid interface number: 9 but max is 0 [ 109.513019][ T6138] EXT4-fs warning (device loop1): dx_probe:861: inode #2: comm syz.1.52: dx entry: limit 65535 != root limit 120 [ 109.548374][ T5904] usb 3-1: config 0 has no interface number 0 [ 109.582535][ T6152] loop3: detected capacity change from 0 to 256 [ 109.594205][ T5904] usb 3-1: New USB device found, idVendor=0403, idProduct=bca4, bcdDevice=d7.23 [ 109.624410][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.633994][ T6138] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.52: Corrupt directory, running e2fsck is recommended [ 109.655495][ T5904] usb 3-1: Product: syz [ 109.660311][ T5904] usb 3-1: Manufacturer: syz [ 109.675805][ T6138] EXT4-fs error (device loop1): ext4_readdir:265: inode #2: block 3: comm syz.1.52: path /11/file0: bad entry in directory: directory entry overrun - offset=0, inode=4294967295, rec_len=65552, size=1024 fake=0 [ 109.716577][ T6155] EXT4-fs error (device loop1): htree_dirblock_to_tree:1080: inode #2: block 3: comm syz.1.52: bad entry in directory: directory entry overrun - offset=0, inode=4294967295, rec_len=65552, size=1024 fake=0 [ 109.735395][ T5904] usb 3-1: SerialNumber: syz [ 109.763039][ T5904] usb 3-1: config 0 descriptor?? [ 109.963203][ T6157] loop4: detected capacity change from 0 to 512 [ 110.514241][ T5904] ftdi_sio 3-1:0.9: FTDI USB Serial Device converter detected [ 110.525951][ T5904] ftdi_sio ttyUSB0: unknown device type: 0xd723 [ 110.537251][ T5904] usb 3-1: USB disconnect, device number 3 [ 110.545389][ T5904] ftdi_sio 3-1:0.9: device disconnected [ 110.695085][ T6157] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.770277][ T6157] ext4 filesystem being mounted at /13/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 111.425080][ T5835] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.442092][ T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 111.636718][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 111.664242][ T5829] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.699132][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 111.741921][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 111.765893][ T24] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 111.775042][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.826974][ T24] usb 3-1: config 0 descriptor?? [ 111.843752][ T24] hub 3-1:0.0: USB hub found [ 111.856996][ T6182] loop1: detected capacity change from 0 to 1024 [ 111.866107][ T5904] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 111.914911][ T6182] EXT4-fs (loop1): stripe (9) is not aligned with cluster size (16), stripe is disabled [ 111.960523][ T6182] EXT4-fs (loop1): can't mount with data_err=abort, fs mounted w/o journal [ 112.036794][ T5904] usb 4-1: Using ep0 maxpacket: 8 [ 112.050013][ T5904] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 112.076524][ T5904] usb 4-1: config 0 has no interface number 0 [ 112.077288][ T24] hub 3-1:0.0: config failed, can't read hub descriptor (err -90) [ 112.102953][ T5904] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 112.123246][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.157097][ T5904] usb 4-1: Product: syz [ 112.161409][ T5904] usb 4-1: Manufacturer: syz [ 112.179604][ T5904] usb 4-1: SerialNumber: syz [ 112.188550][ T5904] usb 4-1: config 0 descriptor?? [ 112.299734][ T24] usbhid 3-1:0.0: can't add hid device: -71 [ 112.308073][ T6192] BUG: Bad page state in process syz.0.67 pfn:304a6 [ 112.314860][ T6192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x304a6 [ 112.323774][ T6192] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 112.331026][ T6192] raw: 00fff00000000000 dead000000000040 ffff88801b17c000 0000000000000000 [ 112.340665][ T6192] raw: 0000000000000000 3fffffffffffffff 00000000ffffffff 0000000000000000 [ 112.349354][ T6192] page dumped because: page_pool leak [ 112.354823][ T6192] page_owner tracks the page as allocated [ 112.360894][ T6192] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6192, tgid 6190 (syz.0.67), ts 112307898261, free_ts 111417181678 [ 112.378007][ T6192] post_alloc_hook+0x231/0x280 [ 112.382922][ T6192] get_page_from_freelist+0x24dc/0x2580 [ 112.388721][ T6192] __alloc_frozen_pages_noprof+0x18d/0x380 [ 112.395308][ T6192] alloc_pages_bulk_noprof+0x558/0x700 [ 112.401000][ T6192] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 112.407289][ T6192] page_pool_alloc_frag_netmem+0x421/0x9b0 [ 112.408202][ T5904] uvcvideo 4-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 112.413748][ T6192] skb_pp_cow_data+0xc43/0x1680 [ 112.413784][ T6192] do_xdp_generic+0x76b/0x12e0 [ 112.431832][ T6192] tun_get_user+0x247d/0x3dd0 [ 112.436691][ T6192] tun_chr_write_iter+0x113/0x210 [ 112.441766][ T6192] vfs_write+0x61d/0xb90 [ 112.446453][ T6192] ksys_write+0x150/0x270 [ 112.449329][ T5904] uvcvideo 4-1:0.31: No valid video chain found. [ 112.450910][ T6192] do_syscall_64+0x14d/0xf80 [ 112.450954][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.450974][ T6192] page last free pid 5932 tgid 5932 stack trace: [ 112.450988][ T6192] __free_frozen_pages+0xc2b/0xdb0 [ 112.451010][ T6192] vfree+0x25a/0x400 [ 112.451027][ T6192] delayed_vfree_work+0x55/0x80 [ 112.451048][ T6192] process_one_work+0x949/0x1650 [ 112.451072][ T6192] worker_thread+0xb46/0x1140 [ 112.451097][ T6192] kthread+0x388/0x470 [ 112.451117][ T6192] ret_from_fork+0x51e/0xb90 [ 112.451143][ T6192] ret_from_fork_asm+0x1a/0x30 [ 112.451163][ T6192] Modules linked in: [ 112.451189][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz.0.67 Not tainted syzkaller #0 PREEMPT(full) [ 112.451211][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 112.451222][ T6192] Call Trace: [ 112.451230][ T6192] [ 112.451239][ T6192] dump_stack_lvl+0xe8/0x150 [ 112.451270][ T6192] bad_page+0x17f/0x1c0 [ 112.451300][ T6192] __free_frozen_pages+0xd62/0xdb0 [ 112.451332][ T6192] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 112.451383][ T6192] bpf_xdp_adjust_tail+0x1d6/0x220 [ 112.451414][ T6192] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 112.451434][ T6192] bpf_prog_run_generic_xdp+0x603/0x1490 [ 112.451494][ T6192] do_xdp_generic+0xac5/0x12e0 [ 112.451536][ T6192] ? __pfx_do_xdp_generic+0x10/0x10 [ 112.451597][ T6192] ? tun_get_user+0x2354/0x3dd0 [ 112.451620][ T6192] tun_get_user+0x247d/0x3dd0 [ 112.451666][ T6192] ? __pfx_tun_get_user+0x10/0x10 [ 112.451685][ T6192] ? aa_file_perm+0x192/0x15e0 [ 112.451714][ T6192] ? save_netdev_trace_buffer+0x4f7/0x610 [ 112.451755][ T6192] ? ref_tracker_alloc+0x363/0x4d0 [ 112.451776][ T6192] ? tun_chr_write_iter+0x60/0x210 [ 112.451803][ T6192] ? vfs_write+0x61d/0xb90 [ 112.451823][ T6192] ? ksys_write+0x150/0x270 [ 112.451843][ T6192] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 112.451871][ T6192] ? tun_get+0x1c/0x2f0 [ 112.451899][ T6192] ? tun_get+0x1c/0x2f0 [ 112.451928][ T6192] ? tun_get+0x1c/0x2f0 [ 112.451956][ T6192] tun_chr_write_iter+0x113/0x210 [ 112.451982][ T6192] vfs_write+0x61d/0xb90 [ 112.452009][ T6192] ? __pfx_vfs_write+0x10/0x10 [ 112.452038][ T6192] ? __fget_files+0x2a/0x420 [ 112.452069][ T6192] ksys_write+0x150/0x270 [ 112.452090][ T6192] ? __pfx_ksys_write+0x10/0x10 [ 112.452119][ T6192] do_syscall_64+0x14d/0xf80 [ 112.452140][ T6192] ? trace_irq_disable+0x3b/0x150 [ 112.452155][ T6192] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.452172][ T6192] ? clear_bhb_loop+0x40/0x90 [ 112.452194][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.452211][ T6192] RIP: 0033:0x7f84a295cece [ 112.452228][ T6192] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 112.452243][ T6192] RSP: 002b:00007f84a37f7fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 112.452261][ T6192] RAX: ffffffffffffffda RBX: 00007f84a37f86c0 RCX: 00007f84a295cece [ 112.452274][ T6192] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 112.452285][ T6192] RBP: 00007f84a2a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 112.452297][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.452308][ T6192] R13: 00007f84a2c16038 R14: 00007f84a2c15fa0 R15: 00007fff65896fe8 [ 112.452338][ T6192] [ 112.452345][ T6192] Disabling lock debugging due to kernel taint [ 112.482768][ T5904] usb 4-1: USB disconnect, device number 4 [ 112.484583][ T6192] BUG: Bad page state in process syz.0.67 pfn:304a7 [ 112.484603][ T6192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x304a7 [ 112.793608][ T6196] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 112.794504][ T6192] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 112.835285][ T6192] raw: 00fff00000000000 dead000000000040 ffff88801b17c000 0000000000000000 [ 112.844069][ T6192] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 112.852814][ T6192] page dumped because: page_pool leak [ 112.858332][ T6192] page_owner tracks the page as allocated [ 112.864163][ T6192] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6192, tgid 6190 (syz.0.67), ts 112307878730, free_ts 111417195135 [ 112.881269][ T6192] post_alloc_hook+0x231/0x280 [ 112.886200][ T6192] get_page_from_freelist+0x24dc/0x2580 [ 112.891790][ T6192] __alloc_frozen_pages_noprof+0x18d/0x380 [ 112.897691][ T6192] alloc_pages_bulk_noprof+0x558/0x700 [ 112.903367][ T6192] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 112.909594][ T6192] skb_pp_cow_data+0xc21/0x1680 [ 112.914568][ T6192] do_xdp_generic+0x76b/0x12e0 [ 112.919408][ T6192] tun_get_user+0x247d/0x3dd0 [ 112.924674][ T6192] tun_chr_write_iter+0x113/0x210 [ 112.929766][ T6192] vfs_write+0x61d/0xb90 [ 112.934042][ T6192] ksys_write+0x150/0x270 [ 112.938433][ T6192] do_syscall_64+0x14d/0xf80 [ 112.943233][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.949284][ T6192] page last free pid 5932 tgid 5932 stack trace: [ 112.955664][ T6192] __free_frozen_pages+0xc2b/0xdb0 [ 112.961304][ T6192] vfree+0x25a/0x400 [ 112.965299][ T6192] delayed_vfree_work+0x55/0x80 [ 112.970375][ T6192] process_one_work+0x949/0x1650 [ 112.975502][ T6192] worker_thread+0xb46/0x1140 [ 112.980266][ T6192] kthread+0x388/0x470 [ 112.984359][ T6192] ret_from_fork+0x51e/0xb90 [ 112.989129][ T6192] ret_from_fork_asm+0x1a/0x30 [ 112.993920][ T6192] Modules linked in: [ 112.997908][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz.0.67 Tainted: G B syzkaller #0 PREEMPT(full) [ 112.997939][ T6192] Tainted: [B]=BAD_PAGE [ 112.997946][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 112.997958][ T6192] Call Trace: [ 112.997965][ T6192] [ 112.997973][ T6192] dump_stack_lvl+0xe8/0x150 [ 112.998005][ T6192] bad_page+0x17f/0x1c0 [ 112.998034][ T6192] __free_frozen_pages+0xd62/0xdb0 [ 112.998059][ T6192] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 112.998096][ T6192] bpf_xdp_adjust_tail+0x1d6/0x220 [ 112.998122][ T6192] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 112.998141][ T6192] bpf_prog_run_generic_xdp+0x603/0x1490 [ 112.998181][ T6192] do_xdp_generic+0xac5/0x12e0 [ 112.998214][ T6192] ? __pfx_do_xdp_generic+0x10/0x10 [ 112.998254][ T6192] ? tun_get_user+0x2354/0x3dd0 [ 112.998275][ T6192] tun_get_user+0x247d/0x3dd0 [ 112.998305][ T6192] ? __pfx_tun_get_user+0x10/0x10 [ 112.998324][ T6192] ? aa_file_perm+0x192/0x15e0 [ 112.998348][ T6192] ? save_netdev_trace_buffer+0x4f7/0x610 [ 112.998381][ T6192] ? ref_tracker_alloc+0x363/0x4d0 [ 112.998402][ T6192] ? tun_chr_write_iter+0x60/0x210 [ 112.998421][ T6192] ? vfs_write+0x61d/0xb90 [ 112.998439][ T6192] ? ksys_write+0x150/0x270 [ 112.998458][ T6192] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 112.998479][ T6192] ? tun_get+0x1c/0x2f0 [ 112.998501][ T6192] ? tun_get+0x1c/0x2f0 [ 112.998532][ T6192] ? tun_get+0x1c/0x2f0 [ 112.998553][ T6192] tun_chr_write_iter+0x113/0x210 [ 112.998574][ T6192] vfs_write+0x61d/0xb90 [ 112.998597][ T6192] ? __pfx_vfs_write+0x10/0x10 [ 112.998618][ T6192] ? __fget_files+0x2a/0x420 [ 112.998649][ T6192] ksys_write+0x150/0x270 [ 112.998670][ T6192] ? __pfx_ksys_write+0x10/0x10 [ 112.998694][ T6192] do_syscall_64+0x14d/0xf80 [ 112.998721][ T6192] ? trace_irq_disable+0x3b/0x150 [ 112.998738][ T6192] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.998757][ T6192] ? clear_bhb_loop+0x40/0x90 [ 112.998777][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.998795][ T6192] RIP: 0033:0x7f84a295cece [ 112.998810][ T6192] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 112.998825][ T6192] RSP: 002b:00007f84a37f7fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 112.998855][ T6192] RAX: ffffffffffffffda RBX: 00007f84a37f86c0 RCX: 00007f84a295cece [ 112.998869][ T6192] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 112.998882][ T6192] RBP: 00007f84a2a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 112.998893][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.998904][ T6192] R13: 00007f84a2c16038 R14: 00007f84a2c15fa0 R15: 00007fff65896fe8 [ 112.998941][ T6192] [ 112.998953][ T6192] BUG: Bad page state in process syz.0.67 pfn:56b30 [ 113.278339][ T6192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888056b34000 pfn:0x56b30 [ 113.288687][ T6192] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 113.295867][ T6192] raw: 00fff00000000000 dead000000000040 ffff88801b17c000 0000000000000000 [ 113.304569][ T6192] raw: ffff888056b34000 0000000000000001 00000000ffffffff 0000000000000000 [ 113.313310][ T6192] page dumped because: page_pool leak [ 113.318789][ T6192] page_owner tracks the page as allocated [ 113.324613][ T6192] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6192, tgid 6190 (syz.0.67), ts 112307859804, free_ts 111417276113 [ 113.341856][ T6192] post_alloc_hook+0x231/0x280 [ 113.346867][ T6192] get_page_from_freelist+0x24dc/0x2580 [ 113.352452][ T6192] __alloc_frozen_pages_noprof+0x18d/0x380 [ 113.358342][ T6192] alloc_pages_bulk_noprof+0x558/0x700 [ 113.364058][ T6192] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 113.370203][ T6192] skb_pp_cow_data+0xc21/0x1680 [ 113.375106][ T6192] do_xdp_generic+0x76b/0x12e0 [ 113.379953][ T6192] tun_get_user+0x247d/0x3dd0 [ 113.384845][ T6192] tun_chr_write_iter+0x113/0x210 [ 113.390016][ T6192] vfs_write+0x61d/0xb90 [ 113.394374][ T6192] ksys_write+0x150/0x270 [ 113.398767][ T6192] do_syscall_64+0x14d/0xf80 [ 113.403538][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.409530][ T6192] page last free pid 5932 tgid 5932 stack trace: [ 113.415982][ T6192] __free_frozen_pages+0xc2b/0xdb0 [ 113.421140][ T6192] vfree+0x25a/0x400 [ 113.425067][ T6192] delayed_vfree_work+0x55/0x80 [ 113.429985][ T6192] process_one_work+0x949/0x1650 [ 113.434972][ T6192] worker_thread+0xb46/0x1140 [ 113.439727][ T6192] kthread+0x388/0x470 [ 113.443831][ T6192] ret_from_fork+0x51e/0xb90 [ 113.448495][ T6192] ret_from_fork_asm+0x1a/0x30 [ 113.453313][ T6192] Modules linked in: [ 113.457278][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz.0.67 Tainted: G B syzkaller #0 PREEMPT(full) [ 113.457309][ T6192] Tainted: [B]=BAD_PAGE [ 113.457316][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 113.457328][ T6192] Call Trace: [ 113.457336][ T6192] [ 113.457343][ T6192] dump_stack_lvl+0xe8/0x150 [ 113.457374][ T6192] bad_page+0x17f/0x1c0 [ 113.457400][ T6192] __free_frozen_pages+0xd62/0xdb0 [ 113.457424][ T6192] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 113.457460][ T6192] bpf_xdp_adjust_tail+0x1d6/0x220 [ 113.457486][ T6192] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 113.457504][ T6192] bpf_prog_run_generic_xdp+0x603/0x1490 [ 113.457544][ T6192] do_xdp_generic+0xac5/0x12e0 [ 113.457575][ T6192] ? __pfx_do_xdp_generic+0x10/0x10 [ 113.457612][ T6192] ? tun_get_user+0x2354/0x3dd0 [ 113.457633][ T6192] tun_get_user+0x247d/0x3dd0 [ 113.457662][ T6192] ? __pfx_tun_get_user+0x10/0x10 [ 113.457680][ T6192] ? aa_file_perm+0x192/0x15e0 [ 113.457704][ T6192] ? save_netdev_trace_buffer+0x4f7/0x610 [ 113.457733][ T6192] ? ref_tracker_alloc+0x363/0x4d0 [ 113.457751][ T6192] ? tun_chr_write_iter+0x60/0x210 [ 113.457769][ T6192] ? vfs_write+0x61d/0xb90 [ 113.457787][ T6192] ? ksys_write+0x150/0x270 [ 113.457805][ T6192] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 113.457825][ T6192] ? tun_get+0x1c/0x2f0 [ 113.457855][ T6192] ? tun_get+0x1c/0x2f0 [ 113.457874][ T6192] ? tun_get+0x1c/0x2f0 [ 113.457895][ T6192] tun_chr_write_iter+0x113/0x210 [ 113.457916][ T6192] vfs_write+0x61d/0xb90 [ 113.457938][ T6192] ? __pfx_vfs_write+0x10/0x10 [ 113.457961][ T6192] ? __fget_files+0x2a/0x420 [ 113.457992][ T6192] ksys_write+0x150/0x270 [ 113.458012][ T6192] ? __pfx_ksys_write+0x10/0x10 [ 113.458037][ T6192] do_syscall_64+0x14d/0xf80 [ 113.458062][ T6192] ? trace_irq_disable+0x3b/0x150 [ 113.458079][ T6192] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.458099][ T6192] ? clear_bhb_loop+0x40/0x90 [ 113.458119][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.458138][ T6192] RIP: 0033:0x7f84a295cece [ 113.458155][ T6192] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 113.458171][ T6192] RSP: 002b:00007f84a37f7fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 113.458193][ T6192] RAX: ffffffffffffffda RBX: 00007f84a37f86c0 RCX: 00007f84a295cece [ 113.458207][ T6192] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 113.458220][ T6192] RBP: 00007f84a2a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 113.458232][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 113.458243][ T6192] R13: 00007f84a2c16038 R14: 00007f84a2c15fa0 R15: 00007fff65896fe8 [ 113.458264][ T6192] [ 113.458275][ T6192] BUG: Bad page state in process syz.0.67 pfn:56b31 [ 113.737238][ T6192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffffffffffffff pfn:0x56b31 [ 113.747463][ T6192] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 113.754708][ T6192] raw: 00fff00000000000 dead000000000040 ffff88801b17c000 0000000000000000 [ 113.763544][ T6192] raw: ffffffffffffffff 0000000000000001 00000000ffffffff 0000000000000000 [ 113.772297][ T6192] page dumped because: page_pool leak [ 113.777722][ T6192] page_owner tracks the page as allocated [ 113.783465][ T6192] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6192, tgid 6190 (syz.0.67), ts 112307840909, free_ts 111417290234 [ 113.800574][ T6192] post_alloc_hook+0x231/0x280 [ 113.805492][ T6192] get_page_from_freelist+0x24dc/0x2580 [ 113.811162][ T6192] __alloc_frozen_pages_noprof+0x18d/0x380 [ 113.817129][ T6192] alloc_pages_bulk_noprof+0x558/0x700 [ 113.822813][ T6192] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 113.828971][ T6192] skb_pp_cow_data+0xc21/0x1680 [ 113.833875][ T6192] do_xdp_generic+0x76b/0x12e0 [ 113.838900][ T6192] tun_get_user+0x247d/0x3dd0 [ 113.843730][ T6192] tun_chr_write_iter+0x113/0x210 [ 113.848836][ T6192] vfs_write+0x61d/0xb90 [ 113.853125][ T6192] ksys_write+0x150/0x270 [ 113.857720][ T6192] do_syscall_64+0x14d/0xf80 [ 113.862443][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.869025][ T6192] page last free pid 5932 tgid 5932 stack trace: [ 113.875435][ T6192] __free_frozen_pages+0xc2b/0xdb0 [ 113.880786][ T6192] vfree+0x25a/0x400 [ 113.884893][ T6192] delayed_vfree_work+0x55/0x80 [ 113.889998][ T6192] process_one_work+0x949/0x1650 [ 113.894979][ T6192] worker_thread+0xb46/0x1140 [ 113.899813][ T6192] kthread+0x388/0x470 [ 113.904107][ T6192] ret_from_fork+0x51e/0xb90 [ 113.908882][ T6192] ret_from_fork_asm+0x1a/0x30 [ 113.913767][ T6192] Modules linked in: [ 113.918071][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz.0.67 Tainted: G B syzkaller #0 PREEMPT(full) [ 113.918102][ T6192] Tainted: [B]=BAD_PAGE [ 113.918109][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 113.918120][ T6192] Call Trace: [ 113.918128][ T6192] [ 113.918135][ T6192] dump_stack_lvl+0xe8/0x150 [ 113.918167][ T6192] bad_page+0x17f/0x1c0 [ 113.918196][ T6192] __free_frozen_pages+0xd62/0xdb0 [ 113.918221][ T6192] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 113.918259][ T6192] bpf_xdp_adjust_tail+0x1d6/0x220 [ 113.918285][ T6192] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 113.918303][ T6192] bpf_prog_run_generic_xdp+0x603/0x1490 [ 113.918343][ T6192] do_xdp_generic+0xac5/0x12e0 [ 113.918375][ T6192] ? __pfx_do_xdp_generic+0x10/0x10 [ 113.918415][ T6192] ? tun_get_user+0x2354/0x3dd0 [ 113.918437][ T6192] tun_get_user+0x247d/0x3dd0 [ 113.918464][ T6192] ? __pfx_tun_get_user+0x10/0x10 [ 113.918483][ T6192] ? aa_file_perm+0x192/0x15e0 [ 113.918507][ T6192] ? save_netdev_trace_buffer+0x4f7/0x610 [ 113.918541][ T6192] ? ref_tracker_alloc+0x363/0x4d0 [ 113.918561][ T6192] ? tun_chr_write_iter+0x60/0x210 [ 113.918579][ T6192] ? vfs_write+0x61d/0xb90 [ 113.918599][ T6192] ? ksys_write+0x150/0x270 [ 113.918618][ T6192] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 113.918640][ T6192] ? tun_get+0x1c/0x2f0 [ 113.918761][ T6192] ? tun_get+0x1c/0x2f0 [ 113.918781][ T6192] ? tun_get+0x1c/0x2f0 [ 113.918802][ T6192] tun_chr_write_iter+0x113/0x210 [ 113.918825][ T6192] vfs_write+0x61d/0xb90 [ 113.918849][ T6192] ? __pfx_vfs_write+0x10/0x10 [ 113.918871][ T6192] ? __fget_files+0x2a/0x420 [ 113.918903][ T6192] ksys_write+0x150/0x270 [ 113.918925][ T6192] ? __pfx_ksys_write+0x10/0x10 [ 113.918949][ T6192] do_syscall_64+0x14d/0xf80 [ 113.918975][ T6192] ? trace_irq_disable+0x3b/0x150 [ 113.918990][ T6192] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.919010][ T6192] ? clear_bhb_loop+0x40/0x90 [ 113.919032][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.919052][ T6192] RIP: 0033:0x7f84a295cece [ 113.919071][ T6192] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 113.919088][ T6192] RSP: 002b:00007f84a37f7fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 113.919111][ T6192] RAX: ffffffffffffffda RBX: 00007f84a37f86c0 RCX: 00007f84a295cece [ 113.919126][ T6192] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 113.919138][ T6192] RBP: 00007f84a2a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 113.919151][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 113.919163][ T6192] R13: 00007f84a2c16038 R14: 00007f84a2c15fa0 R15: 00007fff65896fe8 [ 113.919185][ T6192] [ 113.919197][ T6192] BUG: Bad page state in process syz.0.67 pfn:56b32 [ 114.201134][ T6192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56b32 [ 114.209981][ T6192] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 114.217149][ T6192] raw: 00fff00000000000 dead000000000040 ffff88801b17c000 0000000000000000 [ 114.225892][ T6192] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 114.234495][ T6192] page dumped because: page_pool leak [ 114.239917][ T6192] page_owner tracks the page as allocated [ 114.245845][ T6192] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6192, tgid 6190 (syz.0.67), ts 112307821963, free_ts 111417303911 [ 114.262798][ T6192] post_alloc_hook+0x231/0x280 [ 114.267828][ T6192] get_page_from_freelist+0x24dc/0x2580 [ 114.273506][ T6192] __alloc_frozen_pages_noprof+0x18d/0x380 [ 114.279372][ T6192] alloc_pages_bulk_noprof+0x558/0x700 [ 114.284875][ T6192] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 114.291084][ T6192] skb_pp_cow_data+0xc21/0x1680 [ 114.296008][ T6192] do_xdp_generic+0x76b/0x12e0 [ 114.300814][ T6192] tun_get_user+0x247d/0x3dd0 [ 114.305562][ T6192] tun_chr_write_iter+0x113/0x210 [ 114.310623][ T6192] vfs_write+0x61d/0xb90 [ 114.314900][ T6192] ksys_write+0x150/0x270 [ 114.319499][ T6192] do_syscall_64+0x14d/0xf80 [ 114.324127][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.330189][ T6192] page last free pid 5932 tgid 5932 stack trace: [ 114.336573][ T6192] __free_frozen_pages+0xc2b/0xdb0 [ 114.341821][ T6192] vfree+0x25a/0x400 [ 114.345878][ T6192] delayed_vfree_work+0x55/0x80 [ 114.350757][ T6192] process_one_work+0x949/0x1650 [ 114.355763][ T6192] worker_thread+0xb46/0x1140 [ 114.360509][ T6192] kthread+0x388/0x470 [ 114.364612][ T6192] ret_from_fork+0x51e/0xb90 [ 114.369299][ T6192] ret_from_fork_asm+0x1a/0x30 [ 114.374111][ T6192] Modules linked in: [ 114.378193][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz.0.67 Tainted: G B syzkaller #0 PREEMPT(full) [ 114.378225][ T6192] Tainted: [B]=BAD_PAGE [ 114.378231][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 114.378242][ T6192] Call Trace: [ 114.378250][ T6192] [ 114.378258][ T6192] dump_stack_lvl+0xe8/0x150 [ 114.378290][ T6192] bad_page+0x17f/0x1c0 [ 114.378317][ T6192] __free_frozen_pages+0xd62/0xdb0 [ 114.378341][ T6192] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 114.378378][ T6192] bpf_xdp_adjust_tail+0x1d6/0x220 [ 114.378402][ T6192] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 114.378420][ T6192] bpf_prog_run_generic_xdp+0x603/0x1490 [ 114.378458][ T6192] do_xdp_generic+0xac5/0x12e0 [ 114.378490][ T6192] ? __pfx_do_xdp_generic+0x10/0x10 [ 114.378528][ T6192] ? tun_get_user+0x2354/0x3dd0 [ 114.378548][ T6192] tun_get_user+0x247d/0x3dd0 [ 114.378577][ T6192] ? __pfx_tun_get_user+0x10/0x10 [ 114.378597][ T6192] ? aa_file_perm+0x192/0x15e0 [ 114.378618][ T6192] ? save_netdev_trace_buffer+0x4f7/0x610 [ 114.378651][ T6192] ? ref_tracker_alloc+0x363/0x4d0 [ 114.378670][ T6192] ? tun_chr_write_iter+0x60/0x210 [ 114.378688][ T6192] ? vfs_write+0x61d/0xb90 [ 114.378706][ T6192] ? ksys_write+0x150/0x270 [ 114.378725][ T6192] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 114.378745][ T6192] ? tun_get+0x1c/0x2f0 [ 114.378767][ T6192] ? tun_get+0x1c/0x2f0 [ 114.378785][ T6192] ? tun_get+0x1c/0x2f0 [ 114.378805][ T6192] tun_chr_write_iter+0x113/0x210 [ 114.378826][ T6192] vfs_write+0x61d/0xb90 [ 114.378848][ T6192] ? __pfx_vfs_write+0x10/0x10 [ 114.378880][ T6192] ? __fget_files+0x2a/0x420 [ 114.378911][ T6192] ksys_write+0x150/0x270 [ 114.378932][ T6192] ? __pfx_ksys_write+0x10/0x10 [ 114.378955][ T6192] do_syscall_64+0x14d/0xf80 [ 114.378990][ T6192] ? trace_irq_disable+0x3b/0x150 [ 114.379007][ T6192] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.379026][ T6192] ? clear_bhb_loop+0x40/0x90 [ 114.379046][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.379065][ T6192] RIP: 0033:0x7f84a295cece [ 114.379082][ T6192] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 114.379098][ T6192] RSP: 002b:00007f84a37f7fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 114.379119][ T6192] RAX: ffffffffffffffda RBX: 00007f84a37f86c0 RCX: 00007f84a295cece [ 114.379133][ T6192] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 114.379145][ T6192] RBP: 00007f84a2a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 114.379157][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.379168][ T6192] R13: 00007f84a2c16038 R14: 00007f84a2c15fa0 R15: 00007fff65896fe8 [ 114.379188][ T6192] [ 114.379198][ T6192] BUG: Bad page state in process syz.0.67 pfn:56b33 [ 114.658409][ T6192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56b33 [ 114.667235][ T6192] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 114.674553][ T6192] raw: 00fff00000000000 dead000000000040 ffff88801b17c000 0000000000000000 [ 114.683457][ T6192] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 114.692074][ T6192] page dumped because: page_pool leak [ 114.697486][ T6192] page_owner tracks the page as allocated [ 114.703385][ T6192] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6192, tgid 6190 (syz.0.67), ts 112307803979, free_ts 111417317244 [ 114.720287][ T6192] post_alloc_hook+0x231/0x280 [ 114.725087][ T6192] get_page_from_freelist+0x24dc/0x2580 [ 114.730674][ T6192] __alloc_frozen_pages_noprof+0x18d/0x380 [ 114.736556][ T6192] alloc_pages_bulk_noprof+0x558/0x700 [ 114.742336][ T6192] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 114.748595][ T6192] skb_pp_cow_data+0xc21/0x1680 [ 114.753496][ T6192] do_xdp_generic+0x76b/0x12e0 [ 114.758330][ T6192] tun_get_user+0x247d/0x3dd0 [ 114.763043][ T6192] tun_chr_write_iter+0x113/0x210 [ 114.768135][ T6192] vfs_write+0x61d/0xb90 [ 114.772425][ T6192] ksys_write+0x150/0x270 [ 114.776832][ T6192] do_syscall_64+0x14d/0xf80 [ 114.781471][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.787558][ T6192] page last free pid 5932 tgid 5932 stack trace: [ 114.794001][ T6192] __free_frozen_pages+0xc2b/0xdb0 [ 114.799258][ T6192] vfree+0x25a/0x400 [ 114.803431][ T6192] delayed_vfree_work+0x55/0x80 [ 114.808425][ T6192] process_one_work+0x949/0x1650 [ 114.813487][ T6192] worker_thread+0xb46/0x1140 [ 114.818219][ T6192] kthread+0x388/0x470 [ 114.822314][ T6192] ret_from_fork+0x51e/0xb90 [ 114.826964][ T6192] ret_from_fork_asm+0x1a/0x30 [ 114.827913][ T6210] Zero length message leads to an empty skb [ 114.831801][ T6192] Modules linked in: [ 114.831827][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz.0.67 Tainted: G B syzkaller #0 PREEMPT(full) [ 114.831855][ T6192] Tainted: [B]=BAD_PAGE [ 114.831870][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 114.831879][ T6192] Call Trace: [ 114.831885][ T6192] [ 114.831892][ T6192] dump_stack_lvl+0xe8/0x150 [ 114.831920][ T6192] bad_page+0x17f/0x1c0 [ 114.831944][ T6192] __free_frozen_pages+0xd62/0xdb0 [ 114.831966][ T6192] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 114.831997][ T6192] bpf_xdp_adjust_tail+0x1d6/0x220 [ 114.832019][ T6192] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 114.832035][ T6192] bpf_prog_run_generic_xdp+0x603/0x1490 [ 114.832069][ T6192] do_xdp_generic+0xac5/0x12e0 [ 114.832096][ T6192] ? __pfx_do_xdp_generic+0x10/0x10 [ 114.832130][ T6192] ? tun_get_user+0x2354/0x3dd0 [ 114.832148][ T6192] tun_get_user+0x247d/0x3dd0 [ 114.832173][ T6192] ? __pfx_tun_get_user+0x10/0x10 [ 114.832190][ T6192] ? aa_file_perm+0x192/0x15e0 [ 114.832209][ T6192] ? save_netdev_trace_buffer+0x4f7/0x610 [ 114.832236][ T6192] ? ref_tracker_alloc+0x363/0x4d0 [ 114.832253][ T6192] ? tun_chr_write_iter+0x60/0x210 [ 114.832270][ T6192] ? vfs_write+0x61d/0xb90 [ 114.832286][ T6192] ? ksys_write+0x150/0x270 [ 114.832302][ T6192] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 114.832321][ T6192] ? tun_get+0x1c/0x2f0 [ 114.832340][ T6192] ? tun_get+0x1c/0x2f0 [ 114.832356][ T6192] ? tun_get+0x1c/0x2f0 [ 114.832374][ T6192] tun_chr_write_iter+0x113/0x210 [ 114.832393][ T6192] vfs_write+0x61d/0xb90 [ 114.832413][ T6192] ? __pfx_vfs_write+0x10/0x10 [ 114.832433][ T6192] ? __fget_files+0x2a/0x420 [ 114.832459][ T6192] ksys_write+0x150/0x270 [ 114.832477][ T6192] ? __pfx_ksys_write+0x10/0x10 [ 114.832497][ T6192] do_syscall_64+0x14d/0xf80 [ 114.832519][ T6192] ? trace_irq_disable+0x3b/0x150 [ 114.832534][ T6192] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.832551][ T6192] ? clear_bhb_loop+0x40/0x90 [ 114.832569][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.832586][ T6192] RIP: 0033:0x7f84a295cece [ 114.832603][ T6192] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 114.832624][ T6192] RSP: 002b:00007f84a37f7fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 114.832643][ T6192] RAX: ffffffffffffffda RBX: 00007f84a37f86c0 RCX: 00007f84a295cece [ 114.832656][ T6192] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 114.832668][ T6192] RBP: 00007f84a2a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 114.832678][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.832688][ T6192] R13: 00007f84a2c16038 R14: 00007f84a2c15fa0 R15: 00007fff65896fe8 [ 114.832707][ T6192] [ 114.832718][ T6192] BUG: Bad page state in process syz.0.67 pfn:56b34 [ 115.118350][ T6192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56b34 [ 115.127345][ T6192] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 115.134481][ T6192] raw: 00fff00000000000 dead000000000040 ffff88801b17c000 0000000000000000 [ 115.143099][ T6192] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 115.151712][ T6192] page dumped because: page_pool leak [ 115.157122][ T6192] page_owner tracks the page as allocated [ 115.162846][ T6192] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6192, tgid 6190 (syz.0.67), ts 112307785745, free_ts 111417330239 [ 115.179902][ T6192] post_alloc_hook+0x231/0x280 [ 115.184777][ T6192] get_page_from_freelist+0x24dc/0x2580 [ 115.190445][ T6192] __alloc_frozen_pages_noprof+0x18d/0x380 [ 115.196290][ T6192] alloc_pages_bulk_noprof+0x558/0x700 [ 115.201764][ T6192] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 115.207899][ T6192] skb_pp_cow_data+0xc21/0x1680 [ 115.212780][ T6192] do_xdp_generic+0x76b/0x12e0 [ 115.217615][ T6192] tun_get_user+0x247d/0x3dd0 [ 115.222330][ T6192] tun_chr_write_iter+0x113/0x210 [ 115.227422][ T6192] vfs_write+0x61d/0xb90 [ 115.231690][ T6192] ksys_write+0x150/0x270 [ 115.236160][ T6192] do_syscall_64+0x14d/0xf80 [ 115.240784][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.246815][ T6192] page last free pid 5932 tgid 5932 stack trace: [ 115.253260][ T6192] __free_frozen_pages+0xc2b/0xdb0 [ 115.258538][ T6192] vfree+0x25a/0x400 [ 115.262680][ T6192] delayed_vfree_work+0x55/0x80 [ 115.267608][ T6192] process_one_work+0x949/0x1650 [ 115.272582][ T6192] worker_thread+0xb46/0x1140 [ 115.277356][ T6192] kthread+0x388/0x470 [ 115.281452][ T6192] ret_from_fork+0x51e/0xb90 [ 115.286115][ T6192] ret_from_fork_asm+0x1a/0x30 [ 115.290913][ T6192] Modules linked in: [ 115.294942][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz.0.67 Tainted: G B syzkaller #0 PREEMPT(full) [ 115.294973][ T6192] Tainted: [B]=BAD_PAGE [ 115.294980][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 115.294992][ T6192] Call Trace: [ 115.295000][ T6192] [ 115.295008][ T6192] dump_stack_lvl+0xe8/0x150 [ 115.295040][ T6192] bad_page+0x17f/0x1c0 [ 115.295068][ T6192] __free_frozen_pages+0xd62/0xdb0 [ 115.295093][ T6192] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 115.295130][ T6192] bpf_xdp_adjust_tail+0x1d6/0x220 [ 115.295156][ T6192] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 115.295174][ T6192] bpf_prog_run_generic_xdp+0x603/0x1490 [ 115.295214][ T6192] do_xdp_generic+0xac5/0x12e0 [ 115.295248][ T6192] ? __pfx_do_xdp_generic+0x10/0x10 [ 115.295281][ T6192] ? tun_get_user+0x2354/0x3dd0 [ 115.295300][ T6192] tun_get_user+0x247d/0x3dd0 [ 115.295326][ T6192] ? __pfx_tun_get_user+0x10/0x10 [ 115.295344][ T6192] ? aa_file_perm+0x192/0x15e0 [ 115.295363][ T6192] ? save_netdev_trace_buffer+0x4f7/0x610 [ 115.295391][ T6192] ? ref_tracker_alloc+0x363/0x4d0 [ 115.295409][ T6192] ? tun_chr_write_iter+0x60/0x210 [ 115.295426][ T6192] ? vfs_write+0x61d/0xb90 [ 115.295442][ T6192] ? ksys_write+0x150/0x270 [ 115.295459][ T6192] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 115.295480][ T6192] ? tun_get+0x1c/0x2f0 [ 115.295500][ T6192] ? tun_get+0x1c/0x2f0 [ 115.295517][ T6192] ? tun_get+0x1c/0x2f0 [ 115.295538][ T6192] tun_chr_write_iter+0x113/0x210 [ 115.295558][ T6192] vfs_write+0x61d/0xb90 [ 115.295588][ T6192] ? __pfx_vfs_write+0x10/0x10 [ 115.295608][ T6192] ? __fget_files+0x2a/0x420 [ 115.295637][ T6192] ksys_write+0x150/0x270 [ 115.295655][ T6192] ? __pfx_ksys_write+0x10/0x10 [ 115.295679][ T6192] do_syscall_64+0x14d/0xf80 [ 115.295704][ T6192] ? trace_irq_disable+0x3b/0x150 [ 115.295719][ T6192] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.295737][ T6192] ? clear_bhb_loop+0x40/0x90 [ 115.295757][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.295776][ T6192] RIP: 0033:0x7f84a295cece [ 115.295793][ T6192] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 115.295809][ T6192] RSP: 002b:00007f84a37f7fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 115.295831][ T6192] RAX: ffffffffffffffda RBX: 00007f84a37f86c0 RCX: 00007f84a295cece [ 115.295845][ T6192] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 115.295857][ T6192] RBP: 00007f84a2a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 115.295870][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.295881][ T6192] R13: 00007f84a2c16038 R14: 00007f84a2c15fa0 R15: 00007fff65896fe8 [ 115.295903][ T6192] [ 115.567775][ T6192] BUG: Bad page state in process syz.0.67 pfn:56b35 [ 115.574565][ T6192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56b35 [ 115.583466][ T6192] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 115.590643][ T6192] raw: 00fff00000000000 dead000000000040 ffff88801b17c000 0000000000000000 [ 115.599270][ T6192] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 115.607989][ T6192] page dumped because: page_pool leak [ 115.613561][ T6192] page_owner tracks the page as allocated [ 115.619421][ T6192] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6192, tgid 6190 (syz.0.67), ts 112307768335, free_ts 111417343814 [ 115.636410][ T6192] post_alloc_hook+0x231/0x280 [ 115.641317][ T6192] get_page_from_freelist+0x24dc/0x2580 [ 115.646897][ T6192] __alloc_frozen_pages_noprof+0x18d/0x380 [ 115.652724][ T6192] alloc_pages_bulk_noprof+0x558/0x700 [ 115.658388][ T6192] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 115.664562][ T6192] skb_pp_cow_data+0xc21/0x1680 [ 115.669448][ T6192] do_xdp_generic+0x76b/0x12e0 [ 115.674236][ T6192] tun_get_user+0x247d/0x3dd0 [ 115.678992][ T6192] tun_chr_write_iter+0x113/0x210 [ 115.684064][ T6192] vfs_write+0x61d/0xb90 [ 115.688363][ T6192] ksys_write+0x150/0x270 [ 115.692795][ T6192] do_syscall_64+0x14d/0xf80 [ 115.697428][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.703440][ T6192] page last free pid 5932 tgid 5932 stack trace: [ 115.709790][ T6192] __free_frozen_pages+0xc2b/0xdb0 [ 115.715091][ T6192] vfree+0x25a/0x400 [ 115.719039][ T6192] delayed_vfree_work+0x55/0x80 [ 115.724001][ T6192] process_one_work+0x949/0x1650 [ 115.729009][ T6192] worker_thread+0xb46/0x1140 [ 115.733752][ T6192] kthread+0x388/0x470 [ 115.737887][ T6192] ret_from_fork+0x51e/0xb90 [ 115.742586][ T6192] ret_from_fork_asm+0x1a/0x30 [ 115.747465][ T6192] Modules linked in: [ 115.751380][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz.0.67 Tainted: G B syzkaller #0 PREEMPT(full) [ 115.751400][ T6192] Tainted: [B]=BAD_PAGE [ 115.751404][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 115.751411][ T6192] Call Trace: [ 115.751416][ T6192] [ 115.751421][ T6192] dump_stack_lvl+0xe8/0x150 [ 115.751439][ T6192] bad_page+0x17f/0x1c0 [ 115.751455][ T6192] __free_frozen_pages+0xd62/0xdb0 [ 115.751468][ T6192] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 115.751489][ T6192] bpf_xdp_adjust_tail+0x1d6/0x220 [ 115.751504][ T6192] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 115.751515][ T6192] bpf_prog_run_generic_xdp+0x603/0x1490 [ 115.751537][ T6192] do_xdp_generic+0xac5/0x12e0 [ 115.751555][ T6192] ? __pfx_do_xdp_generic+0x10/0x10 [ 115.751576][ T6192] ? tun_get_user+0x2354/0x3dd0 [ 115.751588][ T6192] tun_get_user+0x247d/0x3dd0 [ 115.751605][ T6192] ? __pfx_tun_get_user+0x10/0x10 [ 115.751646][ T6192] ? aa_file_perm+0x192/0x15e0 [ 115.751659][ T6192] ? save_netdev_trace_buffer+0x4f7/0x610 [ 115.751678][ T6192] ? ref_tracker_alloc+0x363/0x4d0 [ 115.751690][ T6192] ? tun_chr_write_iter+0x60/0x210 [ 115.751700][ T6192] ? vfs_write+0x61d/0xb90 [ 115.751711][ T6192] ? ksys_write+0x150/0x270 [ 115.751722][ T6192] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 115.751733][ T6192] ? tun_get+0x1c/0x2f0 [ 115.751745][ T6192] ? tun_get+0x1c/0x2f0 [ 115.751756][ T6192] ? tun_get+0x1c/0x2f0 [ 115.751767][ T6192] tun_chr_write_iter+0x113/0x210 [ 115.751779][ T6192] vfs_write+0x61d/0xb90 [ 115.751792][ T6192] ? __pfx_vfs_write+0x10/0x10 [ 115.751810][ T6192] ? __fget_files+0x2a/0x420 [ 115.751827][ T6192] ksys_write+0x150/0x270 [ 115.751839][ T6192] ? __pfx_ksys_write+0x10/0x10 [ 115.751852][ T6192] do_syscall_64+0x14d/0xf80 [ 115.751867][ T6192] ? trace_irq_disable+0x3b/0x150 [ 115.751877][ T6192] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.751888][ T6192] ? clear_bhb_loop+0x40/0x90 [ 115.751900][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.751911][ T6192] RIP: 0033:0x7f84a295cece [ 115.751921][ T6192] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 115.751930][ T6192] RSP: 002b:00007f84a37f7fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 115.751943][ T6192] RAX: ffffffffffffffda RBX: 00007f84a37f86c0 RCX: 00007f84a295cece [ 115.751952][ T6192] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 115.751959][ T6192] RBP: 00007f84a2a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 115.751966][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.751972][ T6192] R13: 00007f84a2c16038 R14: 00007f84a2c15fa0 R15: 00007fff65896fe8 [ 115.751984][ T6192] [ 115.751991][ T6192] BUG: Bad page state in process syz.0.67 pfn:56b36 [ 116.030896][ T6192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56b36 [ 116.039907][ T6192] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 116.047096][ T6192] raw: 00fff00000000000 dead000000000040 ffff88801b17c000 0000000000000000 [ 116.055730][ T6192] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 116.064331][ T6192] page dumped because: page_pool leak [ 116.069778][ T6192] page_owner tracks the page as allocated [ 116.075567][ T6192] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6192, tgid 6190 (syz.0.67), ts 112307748900, free_ts 111417357869 [ 116.092660][ T6192] post_alloc_hook+0x231/0x280 [ 116.097726][ T6192] get_page_from_freelist+0x24dc/0x2580 [ 116.103395][ T6192] __alloc_frozen_pages_noprof+0x18d/0x380 [ 116.109260][ T6192] alloc_pages_bulk_noprof+0x558/0x700 [ 116.114751][ T6192] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 116.120962][ T6192] skb_pp_cow_data+0xc21/0x1680 [ 116.125942][ T6192] do_xdp_generic+0x76b/0x12e0 [ 116.130846][ T6192] tun_get_user+0x247d/0x3dd0 [ 116.135595][ T6192] tun_chr_write_iter+0x113/0x210 [ 116.140651][ T6192] vfs_write+0x61d/0xb90 [ 116.144923][ T6192] ksys_write+0x150/0x270 [ 116.149306][ T6192] do_syscall_64+0x14d/0xf80 [ 116.153917][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.159859][ T6192] page last free pid 5932 tgid 5932 stack trace: [ 116.166228][ T6192] __free_frozen_pages+0xc2b/0xdb0 [ 116.171365][ T6192] vfree+0x25a/0x400 [ 116.175291][ T6192] delayed_vfree_work+0x55/0x80 [ 116.180168][ T6192] process_one_work+0x949/0x1650 [ 116.185194][ T6192] worker_thread+0xb46/0x1140 [ 116.189919][ T6192] kthread+0x388/0x470 [ 116.194095][ T6192] ret_from_fork+0x51e/0xb90 [ 116.198768][ T6192] ret_from_fork_asm+0x1a/0x30 [ 116.203632][ T6192] Modules linked in: [ 116.207585][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz.0.67 Tainted: G B syzkaller #0 PREEMPT(full) [ 116.207611][ T6192] Tainted: [B]=BAD_PAGE [ 116.207617][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 116.207628][ T6192] Call Trace: [ 116.207635][ T6192] [ 116.207642][ T6192] dump_stack_lvl+0xe8/0x150 [ 116.207671][ T6192] bad_page+0x17f/0x1c0 [ 116.207696][ T6192] __free_frozen_pages+0xd62/0xdb0 [ 116.207717][ T6192] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 116.207752][ T6192] bpf_xdp_adjust_tail+0x1d6/0x220 [ 116.207775][ T6192] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 116.207793][ T6192] bpf_prog_run_generic_xdp+0x603/0x1490 [ 116.207832][ T6192] do_xdp_generic+0xac5/0x12e0 [ 116.207864][ T6192] ? __pfx_do_xdp_generic+0x10/0x10 [ 116.207902][ T6192] ? tun_get_user+0x2354/0x3dd0 [ 116.207932][ T6192] tun_get_user+0x247d/0x3dd0 [ 116.207959][ T6192] ? __pfx_tun_get_user+0x10/0x10 [ 116.207977][ T6192] ? aa_file_perm+0x192/0x15e0 [ 116.208000][ T6192] ? save_netdev_trace_buffer+0x4f7/0x610 [ 116.208033][ T6192] ? ref_tracker_alloc+0x363/0x4d0 [ 116.208051][ T6192] ? tun_chr_write_iter+0x60/0x210 [ 116.208069][ T6192] ? vfs_write+0x61d/0xb90 [ 116.208087][ T6192] ? ksys_write+0x150/0x270 [ 116.208105][ T6192] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 116.208125][ T6192] ? tun_get+0x1c/0x2f0 [ 116.208146][ T6192] ? tun_get+0x1c/0x2f0 [ 116.208165][ T6192] ? tun_get+0x1c/0x2f0 [ 116.208185][ T6192] tun_chr_write_iter+0x113/0x210 [ 116.208206][ T6192] vfs_write+0x61d/0xb90 [ 116.208228][ T6192] ? __pfx_vfs_write+0x10/0x10 [ 116.208251][ T6192] ? __fget_files+0x2a/0x420 [ 116.208280][ T6192] ksys_write+0x150/0x270 [ 116.208301][ T6192] ? __pfx_ksys_write+0x10/0x10 [ 116.208324][ T6192] do_syscall_64+0x14d/0xf80 [ 116.208348][ T6192] ? trace_irq_disable+0x3b/0x150 [ 116.208364][ T6192] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.208384][ T6192] ? clear_bhb_loop+0x40/0x90 [ 116.208404][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.208422][ T6192] RIP: 0033:0x7f84a295cece [ 116.208439][ T6192] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 116.208456][ T6192] RSP: 002b:00007f84a37f7fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 116.208477][ T6192] RAX: ffffffffffffffda RBX: 00007f84a37f86c0 RCX: 00007f84a295cece [ 116.208491][ T6192] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 116.208503][ T6192] RBP: 00007f84a2a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 116.208534][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 116.208545][ T6192] R13: 00007f84a2c16038 R14: 00007f84a2c15fa0 R15: 00007fff65896fe8 [ 116.208566][ T6192] [ 116.208587][ T6192] BUG: Bad page state in process syz.0.67 pfn:56b37 [ 116.487756][ T6192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56b37 [ 116.496817][ T6192] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 116.503968][ T6192] raw: 00fff00000000000 dead000000000040 ffff88801b17c000 0000000000000000 [ 116.512779][ T6192] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 116.521393][ T6192] page dumped because: page_pool leak [ 116.526786][ T6192] page_owner tracks the page as allocated [ 116.532511][ T6192] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6192, tgid 6190 (syz.0.67), ts 112307729937, free_ts 111417371077 [ 116.549404][ T6192] post_alloc_hook+0x231/0x280 [ 116.554448][ T6192] get_page_from_freelist+0x24dc/0x2580 [ 116.560025][ T6192] __alloc_frozen_pages_noprof+0x18d/0x380 [ 116.565979][ T6192] alloc_pages_bulk_noprof+0x558/0x700 [ 116.571490][ T6192] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 116.577721][ T6192] skb_pp_cow_data+0xc21/0x1680 [ 116.582604][ T6192] do_xdp_generic+0x76b/0x12e0 [ 116.587436][ T6192] tun_get_user+0x247d/0x3dd0 [ 116.592168][ T6192] tun_chr_write_iter+0x113/0x210 [ 116.597220][ T6192] vfs_write+0x61d/0xb90 [ 116.601479][ T6192] ksys_write+0x150/0x270 [ 116.605836][ T6192] do_syscall_64+0x14d/0xf80 [ 116.610450][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.616452][ T6192] page last free pid 5932 tgid 5932 stack trace: [ 116.622785][ T6192] __free_frozen_pages+0xc2b/0xdb0 [ 116.627956][ T6192] vfree+0x25a/0x400 [ 116.631968][ T6192] delayed_vfree_work+0x55/0x80 [ 116.636856][ T6192] process_one_work+0x949/0x1650 [ 116.641829][ T6192] worker_thread+0xb46/0x1140 [ 116.646748][ T6192] kthread+0x388/0x470 [ 116.650935][ T6192] ret_from_fork+0x51e/0xb90 [ 116.655721][ T6192] ret_from_fork_asm+0x1a/0x30 [ 116.660516][ T6192] Modules linked in: [ 116.664411][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz.0.67 Tainted: G B syzkaller #0 PREEMPT(full) [ 116.664429][ T6192] Tainted: [B]=BAD_PAGE [ 116.664433][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 116.664440][ T6192] Call Trace: [ 116.664446][ T6192] [ 116.664452][ T6192] dump_stack_lvl+0xe8/0x150 [ 116.664471][ T6192] bad_page+0x17f/0x1c0 [ 116.664488][ T6192] __free_frozen_pages+0xd62/0xdb0 [ 116.664502][ T6192] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 116.664523][ T6192] bpf_xdp_adjust_tail+0x1d6/0x220 [ 116.664537][ T6192] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 116.664548][ T6192] bpf_prog_run_generic_xdp+0x603/0x1490 [ 116.664569][ T6192] do_xdp_generic+0xac5/0x12e0 [ 116.664587][ T6192] ? __pfx_do_xdp_generic+0x10/0x10 [ 116.664608][ T6192] ? tun_get_user+0x2354/0x3dd0 [ 116.664620][ T6192] tun_get_user+0x247d/0x3dd0 [ 116.664642][ T6192] ? __pfx_tun_get_user+0x10/0x10 [ 116.664653][ T6192] ? aa_file_perm+0x192/0x15e0 [ 116.664666][ T6192] ? save_netdev_trace_buffer+0x4f7/0x610 [ 116.664684][ T6192] ? ref_tracker_alloc+0x363/0x4d0 [ 116.664702][ T6192] ? tun_chr_write_iter+0x60/0x210 [ 116.664713][ T6192] ? vfs_write+0x61d/0xb90 [ 116.664726][ T6192] ? ksys_write+0x150/0x270 [ 116.664738][ T6192] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 116.664750][ T6192] ? tun_get+0x1c/0x2f0 [ 116.664762][ T6192] ? tun_get+0x1c/0x2f0 [ 116.664772][ T6192] ? tun_get+0x1c/0x2f0 [ 116.664783][ T6192] tun_chr_write_iter+0x113/0x210 [ 116.664795][ T6192] vfs_write+0x61d/0xb90 [ 116.664808][ T6192] ? __pfx_vfs_write+0x10/0x10 [ 116.664820][ T6192] ? __fget_files+0x2a/0x420 [ 116.664845][ T6192] ksys_write+0x150/0x270 [ 116.664856][ T6192] ? __pfx_ksys_write+0x10/0x10 [ 116.664869][ T6192] do_syscall_64+0x14d/0xf80 [ 116.664885][ T6192] ? trace_irq_disable+0x3b/0x150 [ 116.664895][ T6192] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.664906][ T6192] ? clear_bhb_loop+0x40/0x90 [ 116.664918][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.664929][ T6192] RIP: 0033:0x7f84a295cece [ 116.664940][ T6192] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 116.664949][ T6192] RSP: 002b:00007f84a37f7fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 116.664961][ T6192] RAX: ffffffffffffffda RBX: 00007f84a37f86c0 RCX: 00007f84a295cece [ 116.664969][ T6192] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 116.664977][ T6192] RBP: 00007f84a2a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 116.664984][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 116.664990][ T6192] R13: 00007f84a2c16038 R14: 00007f84a2c15fa0 R15: 00007fff65896fe8 [ 116.665001][ T6192] [ 116.665009][ T6192] BUG: Bad page state in process syz.0.67 pfn:7c7c0 [ 116.942490][ T6192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807c7c0000 pfn:0x7c7c0 [ 116.952668][ T6192] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 116.959822][ T6192] raw: 00fff00000000000 dead000000000040 ffff88801b17c000 0000000000000000 [ 116.968484][ T6192] raw: ffff88807c7c0000 0000000000000001 00000000ffffffff 0000000000000000 [ 116.977139][ T6192] page dumped because: page_pool leak [ 116.982504][ T6192] page_owner tracks the page as allocated [ 116.988245][ T6192] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6192, tgid 6190 (syz.0.67), ts 112307710905, free_ts 111417420635 [ 117.005343][ T6192] post_alloc_hook+0x231/0x280 [ 117.010157][ T6192] get_page_from_freelist+0x24dc/0x2580 [ 117.015881][ T6192] __alloc_frozen_pages_noprof+0x18d/0x380 [ 117.021907][ T6192] alloc_pages_bulk_noprof+0x558/0x700 [ 117.027456][ T6192] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 117.033664][ T6192] skb_pp_cow_data+0xc21/0x1680 [ 117.038793][ T6192] do_xdp_generic+0x76b/0x12e0 [ 117.043622][ T6192] tun_get_user+0x247d/0x3dd0 [ 117.048369][ T6192] tun_chr_write_iter+0x113/0x210 [ 117.053494][ T6192] vfs_write+0x61d/0xb90 [ 117.057797][ T6192] ksys_write+0x150/0x270 [ 117.062154][ T6192] do_syscall_64+0x14d/0xf80 [ 117.067309][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.073245][ T6192] page last free pid 5932 tgid 5932 stack trace: [ 117.079689][ T6192] __free_frozen_pages+0xc2b/0xdb0 [ 117.084837][ T6192] vfree+0x25a/0x400 [ 117.088881][ T6192] delayed_vfree_work+0x55/0x80 [ 117.093760][ T6192] process_one_work+0x949/0x1650 [ 117.098859][ T6192] worker_thread+0xb46/0x1140 [ 117.103567][ T6192] kthread+0x388/0x470 [ 117.107689][ T6192] ret_from_fork+0x51e/0xb90 [ 117.112301][ T6192] ret_from_fork_asm+0x1a/0x30 [ 117.117277][ T6192] Modules linked in: [ 117.121214][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz.0.67 Tainted: G B syzkaller #0 PREEMPT(full) [ 117.121234][ T6192] Tainted: [B]=BAD_PAGE [ 117.121238][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 117.121245][ T6192] Call Trace: [ 117.121250][ T6192] [ 117.121255][ T6192] dump_stack_lvl+0xe8/0x150 [ 117.121274][ T6192] bad_page+0x17f/0x1c0 [ 117.121292][ T6192] __free_frozen_pages+0xd62/0xdb0 [ 117.121310][ T6192] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 117.121330][ T6192] bpf_xdp_adjust_tail+0x1d6/0x220 [ 117.121345][ T6192] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 117.121355][ T6192] bpf_prog_run_generic_xdp+0x603/0x1490 [ 117.121377][ T6192] do_xdp_generic+0xac5/0x12e0 [ 117.121395][ T6192] ? __pfx_do_xdp_generic+0x10/0x10 [ 117.121419][ T6192] ? tun_get_user+0x2354/0x3dd0 [ 117.121431][ T6192] tun_get_user+0x247d/0x3dd0 [ 117.121453][ T6192] ? __pfx_tun_get_user+0x10/0x10 [ 117.121466][ T6192] ? aa_file_perm+0x192/0x15e0 [ 117.121479][ T6192] ? save_netdev_trace_buffer+0x4f7/0x610 [ 117.121498][ T6192] ? ref_tracker_alloc+0x363/0x4d0 [ 117.121509][ T6192] ? tun_chr_write_iter+0x60/0x210 [ 117.121519][ T6192] ? vfs_write+0x61d/0xb90 [ 117.121529][ T6192] ? ksys_write+0x150/0x270 [ 117.121540][ T6192] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 117.121552][ T6192] ? tun_get+0x1c/0x2f0 [ 117.121564][ T6192] ? tun_get+0x1c/0x2f0 [ 117.121574][ T6192] ? tun_get+0x1c/0x2f0 [ 117.121639][ T6192] tun_chr_write_iter+0x113/0x210 [ 117.121651][ T6192] vfs_write+0x61d/0xb90 [ 117.121664][ T6192] ? __pfx_vfs_write+0x10/0x10 [ 117.121676][ T6192] ? __fget_files+0x2a/0x420 [ 117.121694][ T6192] ksys_write+0x150/0x270 [ 117.121706][ T6192] ? __pfx_ksys_write+0x10/0x10 [ 117.121719][ T6192] do_syscall_64+0x14d/0xf80 [ 117.121734][ T6192] ? trace_irq_disable+0x3b/0x150 [ 117.121744][ T6192] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.121755][ T6192] ? clear_bhb_loop+0x40/0x90 [ 117.121767][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.121778][ T6192] RIP: 0033:0x7f84a295cece [ 117.121789][ T6192] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 117.121803][ T6192] RSP: 002b:00007f84a37f7fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 117.121816][ T6192] RAX: ffffffffffffffda RBX: 00007f84a37f86c0 RCX: 00007f84a295cece [ 117.121825][ T6192] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 117.121835][ T6192] RBP: 00007f84a2a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 117.121842][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.121848][ T6192] R13: 00007f84a2c16038 R14: 00007f84a2c15fa0 R15: 00007fff65896fe8 [ 117.121860][ T6192] [ 117.121867][ T6192] BUG: Bad page state in process syz.0.67 pfn:7bbb2 [ 117.400718][ T6192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807bbb2a00 pfn:0x7bbb2 [ 117.410815][ T6192] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 117.418056][ T6192] raw: 00fff00000000000 dead000000000040 ffff88801b17c000 0000000000000000 [ 117.426778][ T6192] raw: ffff88807bbb2a00 0000000000000001 00000000ffffffff 0000000000000000 [ 117.435382][ T6192] page dumped because: page_pool leak [ 117.440757][ T6192] page_owner tracks the page as allocated [ 117.446678][ T6192] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6192, tgid 6190 (syz.0.67), ts 112307691290, free_ts 111465988284 [ 117.463845][ T6192] post_alloc_hook+0x231/0x280 [ 117.468669][ T6192] get_page_from_freelist+0x24dc/0x2580 [ 117.474343][ T6192] __alloc_frozen_pages_noprof+0x18d/0x380 [ 117.480235][ T6192] alloc_pages_bulk_noprof+0x558/0x700 [ 117.485825][ T6192] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 117.492272][ T6192] skb_pp_cow_data+0xc21/0x1680 [ 117.497154][ T6192] do_xdp_generic+0x76b/0x12e0 [ 117.501969][ T6192] tun_get_user+0x247d/0x3dd0 [ 117.506860][ T6192] tun_chr_write_iter+0x113/0x210 [ 117.512009][ T6192] vfs_write+0x61d/0xb90 [ 117.516344][ T6192] ksys_write+0x150/0x270 [ 117.520917][ T6192] do_syscall_64+0x14d/0xf80 [ 117.525581][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.531622][ T6192] page last free pid 23 tgid 23 stack trace: [ 117.537714][ T6192] __free_frozen_pages+0xc2b/0xdb0 [ 117.542841][ T6192] tlb_remove_table_rcu+0x85/0x100 [ 117.547991][ T6192] rcu_core+0x7cd/0x1070 [ 117.552434][ T6192] handle_softirqs+0x22a/0x870 [ 117.557231][ T6192] run_ksoftirqd+0x36/0x60 [ 117.561928][ T6192] smpboot_thread_fn+0x541/0xa50 [ 117.566995][ T6192] kthread+0x388/0x470 [ 117.571162][ T6192] ret_from_fork+0x51e/0xb90 [ 117.575839][ T6192] ret_from_fork_asm+0x1a/0x30 [ 117.580828][ T6192] Modules linked in: [ 117.584777][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz.0.67 Tainted: G B syzkaller #0 PREEMPT(full) [ 117.584796][ T6192] Tainted: [B]=BAD_PAGE [ 117.584800][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 117.584807][ T6192] Call Trace: [ 117.584812][ T6192] [ 117.584817][ T6192] dump_stack_lvl+0xe8/0x150 [ 117.584841][ T6192] bad_page+0x17f/0x1c0 [ 117.584858][ T6192] __free_frozen_pages+0xd62/0xdb0 [ 117.584871][ T6192] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 117.584892][ T6192] bpf_xdp_adjust_tail+0x1d6/0x220 [ 117.584906][ T6192] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 117.584917][ T6192] bpf_prog_run_generic_xdp+0x603/0x1490 [ 117.584938][ T6192] do_xdp_generic+0xac5/0x12e0 [ 117.584956][ T6192] ? __pfx_do_xdp_generic+0x10/0x10 [ 117.584977][ T6192] ? tun_get_user+0x2354/0x3dd0 [ 117.584990][ T6192] tun_get_user+0x247d/0x3dd0 [ 117.585005][ T6192] ? __pfx_tun_get_user+0x10/0x10 [ 117.585016][ T6192] ? aa_file_perm+0x192/0x15e0 [ 117.585029][ T6192] ? save_netdev_trace_buffer+0x4f7/0x610 [ 117.585048][ T6192] ? ref_tracker_alloc+0x363/0x4d0 [ 117.585060][ T6192] ? tun_chr_write_iter+0x60/0x210 [ 117.585070][ T6192] ? vfs_write+0x61d/0xb90 [ 117.585081][ T6192] ? ksys_write+0x150/0x270 [ 117.585091][ T6192] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 117.585103][ T6192] ? tun_get+0x1c/0x2f0 [ 117.585115][ T6192] ? tun_get+0x1c/0x2f0 [ 117.585125][ T6192] ? tun_get+0x1c/0x2f0 [ 117.585137][ T6192] tun_chr_write_iter+0x113/0x210 [ 117.585149][ T6192] vfs_write+0x61d/0xb90 [ 117.585161][ T6192] ? __pfx_vfs_write+0x10/0x10 [ 117.585174][ T6192] ? __fget_files+0x2a/0x420 [ 117.585191][ T6192] ksys_write+0x150/0x270 [ 117.585203][ T6192] ? __pfx_ksys_write+0x10/0x10 [ 117.585216][ T6192] do_syscall_64+0x14d/0xf80 [ 117.585242][ T6192] ? trace_irq_disable+0x3b/0x150 [ 117.585257][ T6192] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.585274][ T6192] ? clear_bhb_loop+0x40/0x90 [ 117.585293][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.585311][ T6192] RIP: 0033:0x7f84a295cece [ 117.585327][ T6192] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 117.585341][ T6192] RSP: 002b:00007f84a37f7fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 117.585355][ T6192] RAX: ffffffffffffffda RBX: 00007f84a37f86c0 RCX: 00007f84a295cece [ 117.585364][ T6192] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 117.585371][ T6192] RBP: 00007f84a2a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 117.585378][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.585385][ T6192] R13: 00007f84a2c16038 R14: 00007f84a2c15fa0 R15: 00007fff65896fe8 [ 117.585396][ T6192] [ 118.079709][ T24] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 118.106107][ T24] usb 3-1: USB disconnect, device number 4