last executing test programs:

21.267020448s ago: executing program 5 (id=46):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
lseek(0xffffffffffffffff, 0x80, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0x4008af12, &(0x7f0000000080)={0x1, 0xfffffff8})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00'}, 0x10)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00')
preadv(r5, &(0x7f0000000500)=[{&(0x7f00000008c0)=""/98, 0x62}, {&(0x7f0000000040)=""/123, 0x7b}, {0x0}, {0x0}, {&(0x7f0000000300)=""/254, 0xfe}, {0x0}, {0x0}, {&(0x7f00000005c0)=""/39, 0x27}], 0x8, 0x2000000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000002880)=ANY=[@ANYBLOB="b4000000000b00007910000000000000db100003410000009500740000000000079c69dc7ded5dbe11b62ac5ea9fca11027d19e93adb605feb92de3145e8ed7ac5b8902070213cdfdc646c4890cdeb50347c32060581172b94c6dd22a2b589b6cbad46ed6ef79f7468f5e603950c4f67581c92ef8a7e000017d5f1110ed29d3b2aaf153bcf69bebf18262352ba68d39942c3b567e06411d8879622f74cc431dabd332c4c4702e4c3d41bfb54b574e8947309c7503c3e8ea23e12e064f442e8cbeab77cdf1ebd8465593c0000000000000000000000000000006f429b14459ffd88bee4b9d894ddad0980af53a1feb155f1010400bfb5b81b73035fd5a76985d4710fb6fbfb2a933a09dd6317e77ca962327022fb34017197ff712a35c63cdd0dec053fdbc310f29c6b8be788b559a80135bb7369351b952ade2339eddde60eb16301b0f4640be5852e1cef861b861b7b19ea03dfc83f729d02e9e73db24dd5dfb09d4b1bbbd5dd5daa4615b0845f264f229f9806862e116612ade616b1769e97549d095b0a4d02801406491d77a65fe74f8aa67391e8cb3c000020000000000083b92cdfc143ceba1c18cab05100ecc4"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
capset(&(0x7f0000000000)={0x20080522}, 0x0)

17.433387515s ago: executing program 2 (id=53):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffff, 0x0, @mcast1, 0x8}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, 0x3ed, 0x400, 0x70bd2c, 0x25dfdbfc, "9a7dfdcae8c7", ["", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x1000}, 0x20000040)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
add_key$user(&(0x7f0000000240), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000003c0), 0x0, 0xffffffffffffffff)
openat$incfs(0xffffffffffffff9c, 0x0, 0x80, 0x21)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x20, &(0x7f0000000080)={[{@nr_inodes={'nr_inodes', 0x3d, [0x50]}}]})

16.095790097s ago: executing program 2 (id=57):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000080)={0x0, 0x6})
ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0x800002)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r1 = io_uring_setup(0x192, &(0x7f0000000300)={0x0, 0x4178, 0x400, 0x8000002, 0x3d7})
close_range(r1, 0xffffffffffffffff, 0x0)
ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f0000000240)={&(0x7f00000002c0), &(0x7f0000000280)=""/18, 0x64})

11.172674692s ago: executing program 4 (id=66):
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_si_security={{0x2, 0x7}, {0xfff9, 0x7fff, 0x2, 0x9}}}, 0xa)

9.321159564s ago: executing program 5 (id=69):
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
request_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='].\x00', 0xffffffffffffffff)
write$binfmt_script(r0, &(0x7f00000028c0)={'#! ', './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0xffc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x13, r0, 0x0)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfffffffffefffff3}, 0x0)
iopl(0x3)
pselect6(0x40, &(0x7f00000003c0)={0xc53a, 0x1, 0x4, 0x8001, 0x200, 0x6, 0x6, 0x831}, &(0x7f0000000240)={0x80000001, 0x9, 0x801, 0x409671, 0x8000000000000001, 0x0, 0x8000000000000000, 0xfc41}, &(0x7f0000000300)={0x0, 0x5, 0x0, 0x2000000000001, 0x200, 0x8000, 0x7ff, 0xfffffffffffffffa}, 0x0, &(0x7f0000000480)={&(0x7f0000000180)={[0x4]}, 0x8})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)
r4 = getpid()
sched_setscheduler(r4, 0x2, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000002ac0), 0x0, 0x0)
read$rfkill(r6, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x13, 0xe, &(0x7f0000000500)=ANY=[@ANYRES8=0x0, @ANYRES16=r1, @ANYRESHEX=r5], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
io_submit(0x0, 0x0, 0x0)
setitimer(0x1, &(0x7f00000004c0)={{0x0, 0x2710}, {0x77359400}}, 0x0)

9.236533745s ago: executing program 3 (id=70):
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[], 0x58}}, 0x0)

9.190042304s ago: executing program 4 (id=71):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x8, &(0x7f00000006c0), 0x4, 0x4f3, &(0x7f00000012c0)="$eJzs3c9vVEUcAPDvbru0lEJBOahRQUTRELY/gIZwES4aQ0iMxJMHqO3SNN1lm26JtHIoR+8kknjSP8GbBxNOHrx505sXPJigEg018bDmvV3apb+1P9Z2P5/k9b2ZWfY702Vm9g3sTgAt62hEzEbEnoi4FhE99fxM/YgLtSN53ONHt4fnHt0ezkS1euW3TFqe5EXDn0nsqz9nZ0S8/07ER5mlcSvTM+NDxWJhsp7unSpN9FamZ06NZes5A4P9g33nTp8d2LS2Hil99fDtsUsffPP1Sw++n33zk6Ra3Z/uT8sa27GZak3PRXdDXntEXNqKYE3SXv/7w86T9LZnIuJY2v97oi19NQGA3axa7YlqT2MaANjtkvv/7shk8/W1gO7IZvP52hre4ejKFsuVqZM95Zs3RiJdwzoYuez1sWKhr75WeDBymSTdn14vpAeeSt8tnI6IQxFxt2NvWp4fLhdHmvnGBwBa2L5F8/+fHbX5HwDY5TqbXQEAYNuZ/wGg9Zj/AaD1/Iv536cDAWCXcP8PAK3H/A8ArWfN+f/O9tQDANgW712+nBzVudr3Xz/5pu5TI4XKeL50czg/XJ6cyI+Wy6PFQn64Wl3r+Yrl8kT/mflkZXrmaql888bU1bHS0GjhaiG3lY0BANbl0JH7PyaT/uz5vekRDXs5mKthd8s2uwJA07Q1uwJA0/g8D7SuddzjWwaAXW6ZLXqfsuJ/Ebpn81fYqU48b/0fWtVG1v+tHcDO9t/W/9/a9HoA288cDq2rWs3Y8x8AWow1fmBD//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALao7PTLZfLoX+GzyM5vPR+yPiIORy1wfKxb6IuJARPzQketI0v3NrjQAsEHZXzL1/b9O9BzvXly6J/NXR3qOiI8/v/LZraGpqcn+JP/3+fype/X8gT3NaAAA0OjC0qzaPF0/N9zIP350e/jJsZ1VfHixtrloEneuftRK2qM9PXdGLiK6/sjU0zXJ+5W2TYg/eycinlto/62GCN3pGkht59PF8ZPY+7cg/sLvf3H87FPxs2lZcs6lv4tnN6Eu0GruX6yNk/W+l3Sxev/LxtH0vHz/70xHqI1Lxr9kLJlbMv5l58e/tiXxM2mfPzqfXr0mD898++6SzGpPrexOxAvty8XPzMfPLD/+5o6vs40/vfjysZXKql9EnFi2/U92pC6lw2zvVGmitzI9c2qsNDRaGC3caBsY7B/sO3f67EBvukZd+/ndcjF+PX/ywErxk/Z3rRC/c/X2x2vrbP+Xf1/78JVV4r/x6vKv/+FV4idz4uvrjD/UdWHF7buT+CMrtH+N1z9OrjP+g59nRtb5UABgG1SmZ8aHisXC5BoXyXvNtR7jYmdexGzEZj1huigREf+HdrnYyEWzRyZgqy10+mbXBAAAAAAAAAAAAAAAWEllema8Y4s/rdXsNgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB7/RMAAP//cvTJBw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x0, 0x0, 0x3b, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
gettid()
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r2, 0x400448dd, &(0x7f00000003c0))

9.089383793s ago: executing program 0 (id=72):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./file0\x00', 0x10, &(0x7f0000000a80)=ANY=[], 0x1, 0x11dc, &(0x7f0000001280)="$eJzs3MGLG1UcB/Bf19rW1N2sWqstiA+96GVo9uBFL0G2IA0obSO0gjB1JxoyJiETFiJi9eTVv0M8ehPEm1724t/gbS8eexBHTNR2l3hYdDewfD6X/OD3vuQ9BgbeMG/23/jq40Gvynr5NNbOnIm1cUR6kCLFWvzt83j19R9/euHWnbs32p3O9s2Urrdvt15LKW28+P17n37z0g/Ti+9+u/Hd+djbfH//161f9i7vXdn//fZH/Sr1qzQcTVOe7o1G0/xeWaSdfjXIUnqnLPKqSP1hVUwO9HvlaDyepXy4s94YT4qqSvlwlgbFLE1HaTqZpfzDvD9MWZal9UbwX3S/flDXdURdPx7noq7r+oloxMV4MtZjI5qxGU/F0/FMXIpn43I8F8/HlfmoVc8bAAAAAAAAAAAAAAAAAAAAThfn/wEAAAAAAAAAAAAAAAAAAGD1bt25e6Pd6WzfTOlCRPnlbne3u/hd9Nu96EcZRVyLZvwW89P/C4v6+lud7WtpbjO+KO//lb+/233sYL41/5zA0nxrkU8H8+ej8Wh+K5pxaXl+a2n+Qrzy8iP5LJrx8wcxijJ24s/sw/xnrZTefLtzKH91Pg4AAABOgyz9Y+n+Pcv+rb/IH+H5wKH99dm4ena1ayeimn0yyMuymBxbcS6O/S8UCsX/XKz6zsRJeHjRVz0TAAAAAAAAAAAAjuIkXidc9RoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/2IFjAQAAAABh/tZpdGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBVAAAA//8xgdSv")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x9080, 0x28)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, <r2=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r2)
ioctl$FITRIM(r0, 0x40047211, &(0x7f0000000100)={0xfffffffd, 0xffffffffffffffff, 0x6})

9.033260656s ago: executing program 1 (id=73):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000240)={&(0x7f00004a3000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000740)=""/209, 0xd1, 0x0, &(0x7f00000000c0)=""/61, 0x3d}, &(0x7f0000000340)=0x40)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
sendmsg$unix(r3, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@rights={{0x14, 0x1, 0x1, [r3]}}], 0x18, 0x4800}, 0x8004)

6.91496296s ago: executing program 1 (id=74):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfffffffffffffffe}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
gettid()
sigaltstack(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000c00)=ANY=[@ANYBLOB="18080000feffff3f000000000000001c85100000060000008510000004000000660800000000000018000000000000000000000000000000950000000000000095000000000000009500"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000a334625215feb3080b8749a22377a1344fc773854ebebd3f3a36248532ae6e312c0080430c21b2dad957214289bae450fe07122ab3adfa15bc43243b8b204a1b8ada9bad1a51a7a2121dc92a5d20fb5794c0950b25b7333953d6d0b28b42e3b5b7e2d5e92e6a836efd91a594f992de1e21db4152d60815e732e0b3ac8f98ea0d503428c6ef534e0cde4015392b8dd7d0f5b9731d0e9486ba7fb278bff2f36fa210c86a76c34acf4006524c66fc130d54091552947ed3edfc8dd2b620b3a34f49c2a512af39c39ef812ce0ec919f1df875221a9dc638c", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'veth1\x00', <r8=>0x0})
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r9, 0x0, 0x3}, 0x18)
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x80, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00'}, 0x10)

5.682981421s ago: executing program 3 (id=75):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto$inet(r0, &(0x7f00000000c0)="f461c5bbd75c3583", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x0, @empty}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000000)=0x1004, 0x4)
recvmmsg(r0, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}, 0x8001}], 0x1, 0x130, 0x0)

5.488734117s ago: executing program 5 (id=76):
r0 = socket$nl_route(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000000)="240000005800410f9c00f4f90085b3a85c91fddf080001000501009f0800028001000000", 0x24)
setresuid(0xee00, 0xee01, 0x0)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f00000000c0)={0x9}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@gettaction={0x1c, 0x5a, 0xc6b747b6bf1c6b95, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}]}, 0x1c}}, 0x0)

5.26547029s ago: executing program 0 (id=77):
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sendfile(r1, r0, 0x0, 0x20000008)

5.265214569s ago: executing program 4 (id=78):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = gettid()
kcmp(r1, r0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff)

5.083662652s ago: executing program 3 (id=79):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b35, &(0x7f0000001180)={'batadv0\x00', @local})
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.sched_load_balance\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f00000000c0)=0x100000000, 0x12)

5.075532452s ago: executing program 5 (id=80):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)=<r0=>0x0)
timer_settime(r0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r1 = gettid()
sched_setscheduler(r1, 0x6, &(0x7f0000001280)=0x4)

4.88715119s ago: executing program 0 (id=81):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}}, &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB], 0x48)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = dup2(0xffffffffffffffff, r2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r3}, 0x10)
r4 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xc0b, 0x70bd2a, 0x2001, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0x5, 0xfff1}}}, 0x24}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4000)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)
lgetxattr(0x0, 0x0, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
r8 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r8, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x4e22, @rand_addr=0x51d0174}, 0x10, 0x0, 0x0, &(0x7f0000000340)=[@cswp={0x58, 0x114, 0x7, {{0x4, 0x7f72}, &(0x7f0000000280)=0x67af, 0x0, 0x765, 0x81, 0x5, 0xfffffffffffeffff, 0x54, 0x5}}], 0x58}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wpan1\x00', <r11=>0x0})
r12 = gettid()
r13 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYRESHEX=r0, @ANYRESOCT=r9, @ANYRES8=r13], 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x4040080)
bpf$LINK_DETACH(0x22, &(0x7f00000001c0), 0x4)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r9, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x500, 0x0, 0x2000040}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x34, r10, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, r12}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000000)

4.736243986s ago: executing program 2 (id=82):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x2e, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x40010040)
r3 = socket$kcm(0x2c, 0x3, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
setsockopt$sock_attach_bpf(r3, 0x11b, 0x2, &(0x7f0000000900)=r2, 0x4)

4.562902609s ago: executing program 4 (id=83):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
open(&(0x7f0000000040)='./bus\x00', 0x10d27e, 0x24)
socket$kcm(0x29, 0x2, 0x0)
r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x800, 0x80000000}, &(0x7f0000000040)=<r1=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r0, 0x47ba, 0x1000000, 0x0, 0x0, 0x0)

4.489474387s ago: executing program 3 (id=84):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@setlink={0x30, 0x13, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@IFLA_TARGET_NETNSID={0x8, 0x2e, 0x3}, @IFLA_NET_NS_FD={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x4)

4.379311001s ago: executing program 1 (id=85):
socket$kcm(0x11, 0x200000000000002, 0x300)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee00"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2688634c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

4.243195502s ago: executing program 2 (id=86):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000003000)={0x2}, 0x2)
sendmsg$sock(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x40000)

3.901393697s ago: executing program 0 (id=87):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r3 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)

3.809321497s ago: executing program 5 (id=88):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x10000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000200)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x1241, 0x5015, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0x0, 0x7, [{{0x9, 0x4, 0x0, 0xe, 0x1, 0x3, 0x1, 0x0, 0x8, {0x9, 0x21, 0xfffd, 0xb, 0x1, {0x22, 0x666}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x6, 0x2a, 0xca}}}}}]}}]}}, &(0x7f0000000380)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x0, 0x4, 0x0, 0x4, 0x8, 0x3}, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="050fffff00"], 0x155555555555566f, [{0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x1809}}, {0x65, &(0x7f0000001680)=@lang_id={0x0, 0x3, 0x1001}}]})
pread64(0xffffffffffffffff, 0x0, 0x0, 0x66)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x11)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x20)
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_usb_connect(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)

3.809019561s ago: executing program 3 (id=89):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe)

3.808752371s ago: executing program 1 (id=90):
ioctl$RNDADDENTROPY(0xffffffffffffffff, 0x40085203, 0xffffffffffffffff)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0)
syz_mount_image$hfsplus(&(0x7f0000007340), &(0x7f0000000000)='./file2\x00', 0x1600008, &(0x7f0000000040), 0x3, 0x637, &(0x7f00000005c0)="$eJzs3UtsG2kdAPD/OI4TB9TN7qa7Ba1EtJUWRESbh7IQLpSHUA4rtFoOnKPWbay6aZW4KK0QCi9x4MKh4lwOuXFC6j1SOcMF9ZpjJVAvPaDcjGY8dpy386qd7e8Xjb/v8zfzzX/+9jzsyJoA3lrzE1HciCTmJz5bTdub6zO1zfWZoby7FhFpvRBRbBaRLEUkz5vdN9KHr6VP5vMnB63nSXXuixevN182W8XWwkkprQ0fvNxRmguu5VOMR8RAXu412O2oO8a7eeB4+/nvn/YPshlous1XW4mDXmvssXacxU+83wL9I2meN/cYjRjJztDN64DIjw6FNxvd2TvWUQ4AAAAuqHe2Ymut0Wj0Og4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4SPL7/yf5VGjVxyNp3f+/1DF7qYehnomNXgcAAAAAAAAAACfSGOhsfWMrtmI1LrV7k+x//h9njbHs8SvxMFaiEstxLVZjIepRj+WYiojRjoFKqwv1+vJUF0tO77vk9LluNAAAAAAAAAB82f025rf//w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP0giRhoFtk01qqPRqEYEcMRUUrnW4v4V6t+kW30OgAAAAB4A97Ziq1YjUutdiPJPvN/kH3uH46HsRT1qEY9alGJW9l3Ac1P/YXN9Zna5vrMvXTaO+5f/tfIdBlGNmI0v3vYf81XsjnKcTuq2TPX4mbcj1q5c5QrrXj2j+s3r9Kxf5DrMrJbeZlu+Z/zsj+MZhkZbGdkMo8tzeO7h2fih69OuqbxdE1TUWh/8zN2DjkfyctkV9l7u3M+HYUs36kPDs9ExDef/e0Xi7Wlu4u3Vyb6Z5NOqJmJRqOZiaGs1crEh29VJiazbb/cbs/HT+PnMRHj8XksRzV+GQtRj0qMx0+y2kL+fk4fR3dlqrBz6Bs7Wp8fFUkpf12aR9HjxfRxtuylqMbP4n7cikp8mv1Nx1R8N2ZjNuY6XuHLXez1hePt9Ve/lVfSQ/of87I/pHl9tyOvncfc0ayv85ntLL139sfG4tfzSrqO30XEj89wO09ndybSs8Szrzb73j88E3/NrhNWakt3lxcXHnS5vk/yMt2P/tBXZ4n0/fJe+mJlrZ3vjrTv/X37prK+sXZfYU/f5XbfUXtqKb+G2zvSdNb34b59M1nflY6+Pddb7eshAPrYyLdHSuX/lP9Zflr+fXmx/Nnwj4a+N/RRKQb/Mfj94uTAJ4WPkr/H0/j19ud/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg5FYePb67UKtVlo+sJNnN/yO6mrmj0rqd0+EzJ1HMbuRznJFVarXKcPRFGMeq1P4d0fFM0ut4+qEy1G9v/t4el4Dzd71+78H1lUePv1O9t3CncqeyNDg7Ozc5N/vpzPXb1dpApI+VyV5HCZyH7ZN+ryMBAAAAAAAAAAAAunX4zwAG87lO93OCHm8iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcMHNT0RxI5KYmrw2mbY312dq6dSqb89ZjIhCRCS/ikieR9yI5hSjHcMlB63nSXXuixevN19uj1VszV84bLnurOVTjEfEQF6e1Xg3Tz1e0t7CNGFXS6cLDs7M/wMAAP//oEkI4g==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
rename(&(0x7f00000009c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x80)

3.656453507s ago: executing program 4 (id=91):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x8, &(0x7f00000006c0), 0x4, 0x4f3, &(0x7f00000012c0)="$eJzs3c9vVEUcAPDvbru0lEJBOahRQUTRELY/gIZwES4aQ0iMxJMHqO3SNN1lm26JtHIoR+8kknjSP8GbBxNOHrx505sXPJigEg018bDmvV3apb+1P9Z2P5/k9b2ZWfY702Vm9g3sTgAt62hEzEbEnoi4FhE99fxM/YgLtSN53ONHt4fnHt0ezkS1euW3TFqe5EXDn0nsqz9nZ0S8/07ER5mlcSvTM+NDxWJhsp7unSpN9FamZ06NZes5A4P9g33nTp8d2LS2Hil99fDtsUsffPP1Sw++n33zk6Ra3Z/uT8sa27GZak3PRXdDXntEXNqKYE3SXv/7w86T9LZnIuJY2v97oi19NQGA3axa7YlqT2MaANjtkvv/7shk8/W1gO7IZvP52hre4ejKFsuVqZM95Zs3RiJdwzoYuez1sWKhr75WeDBymSTdn14vpAeeSt8tnI6IQxFxt2NvWp4fLhdHmvnGBwBa2L5F8/+fHbX5HwDY5TqbXQEAYNuZ/wGg9Zj/AaD1/Iv536cDAWCXcP8PAK3H/A8ArWfN+f/O9tQDANgW712+nBzVudr3Xz/5pu5TI4XKeL50czg/XJ6cyI+Wy6PFQn64Wl3r+Yrl8kT/mflkZXrmaql888bU1bHS0GjhaiG3lY0BANbl0JH7PyaT/uz5vekRDXs5mKthd8s2uwJA07Q1uwJA0/g8D7SuddzjWwaAXW6ZLXqfsuJ/Ebpn81fYqU48b/0fWtVG1v+tHcDO9t/W/9/a9HoA288cDq2rWs3Y8x8AWow1fmBD//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALao7PTLZfLoX+GzyM5vPR+yPiIORy1wfKxb6IuJARPzQketI0v3NrjQAsEHZXzL1/b9O9BzvXly6J/NXR3qOiI8/v/LZraGpqcn+JP/3+fype/X8gT3NaAAA0OjC0qzaPF0/N9zIP350e/jJsZ1VfHixtrloEneuftRK2qM9PXdGLiK6/sjU0zXJ+5W2TYg/eycinlto/62GCN3pGkht59PF8ZPY+7cg/sLvf3H87FPxs2lZcs6lv4tnN6Eu0GruX6yNk/W+l3Sxev/LxtH0vHz/70xHqI1Lxr9kLJlbMv5l58e/tiXxM2mfPzqfXr0mD898++6SzGpPrexOxAvty8XPzMfPLD/+5o6vs40/vfjysZXKql9EnFi2/U92pC6lw2zvVGmitzI9c2qsNDRaGC3caBsY7B/sO3f67EBvukZd+/ndcjF+PX/ywErxk/Z3rRC/c/X2x2vrbP+Xf1/78JVV4r/x6vKv/+FV4idz4uvrjD/UdWHF7buT+CMrtH+N1z9OrjP+g59nRtb5UABgG1SmZ8aHisXC5BoXyXvNtR7jYmdexGzEZj1huigREf+HdrnYyEWzRyZgqy10+mbXBAAAAAAAAAAAAAAAWEllema8Y4s/rdXsNgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB7/RMAAP//cvTJBw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x0, 0x0, 0x3b, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
gettid()
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r2, 0x400448dd, &(0x7f00000003c0))

3.635261343s ago: executing program 3 (id=92):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x40, 0x20, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000140), 0x1003, r0}, 0x38)

2.779301966s ago: executing program 1 (id=93):
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sendfile(r1, r0, 0x0, 0x20000008)

2.778061529s ago: executing program 2 (id=94):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYBLOB], 0x48)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
setsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, 0x0, 0x0)

2.717856465s ago: executing program 0 (id=95):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r1, 0x0, 0x44080)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2, 0x0, 0x7}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
semctl$SEM_INFO(0x0, 0x0, 0x13, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001940)=@newtaction={0xe98, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{}, 0x97, 0x0, [{0x0, 0x0, 0x9c}, {}]}, [{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, {0x448eade7}, {0x0, 0x0, 0x80000000}, {0x0, 0x0, 0x0, 0x7, 0x5}, {0x0, 0x0, 0x0, 0x2000}, {0x0, 0x0, 0x0, 0x0, 0x400}, {0x0, 0x3c199775}, {0x0, 0x400}, {}, {0x0, 0x1, 0x0, 0x0, 0xfffffffe, 0x8001}, {}, {}, {}, {}, {}, {}, {0x0, 0x3, 0x0, 0x0, 0x4, 0x9}, {}, {0x0, 0x0, 0x100}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0xfffffffc}, {0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, {0x0, 0x4, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x4000bf}, {}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {0x7}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0xd5}, {}, {0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x0, 0x10}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xe6f1}, {}, {0x0, 0x0, 0x0, 0x0, 0x3e0d905c, 0x6}, {0x0, 0x0, 0xfffffffc}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x5, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x57, 0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {0x0, 0x0, 0x0, 0x5}, {}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff}, {}, {}, {0x0, 0x8, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x800000}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, {}, {}, {}, {}, {0x4}, {}, {0xa7}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, {0x0, 0x0, 0x43}, {}, {0xd2, 0x0, 0x0, 0x0, 0x0, 0x20000000}, {}, {0x0, 0xfffffffd, 0x0, 0x0, 0x8}, {}, {0x4, 0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x9}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x80000001}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x1000000}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x10000000}, {}, {}, {0x0, 0x1}, {}, {0x523e, 0xfffffffe}, {}, {0x4, 0x0, 0x0, 0x10}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, {0x0, 0x0, 0x0, 0x0, 0x200}], [{}, {}, {}, {}, {0x3}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {0x5}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {0x4}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x2}, {0x3}, {}, {}, {}, {}, {}, {}, {0x2}, {0x2}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {0x1}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)

1.927888915s ago: executing program 1 (id=96):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f0000000a80)=ANY=[], 0x0)

231.277926ms ago: executing program 0 (id=97):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x8800, &(0x7f00000002c0), 0x1, 0x641, &(0x7f00000003c0)="$eJzs3d9rFNsdAPDvbDa/2yZKaWsfaqAUhdbERC1SCtV3EfvjrX1JTRRrNGJS2ohgBAul0Lc+CH3qQ+2fUcFX/4E+FNo+lQtyudeH60Wue5nJzmbczCabbDYbN58PjDlnJjvnTMw358zZc2YDOLKmImI6Ik5ExL0kYqJwrJr9W8m+Kf2+1588vJ5uSdRqP/84iYePkvXiuZL61/H6i7+Y2Nh1fGBruStrD27PLy0t3q/nZ1bv3JtZWXtw5tad+ZuLNxfvzv1w7uKF8xcuzp7t5PL+WMxcefKb30386eov//7Xt8nsP/59NYlL6dVl0utqfvFwJyVnP9upqG14U9yf/lwvdnjuw+Kzifz3ZFPSvINDLY2BwYj4ZkzEQOF/cyL+8NOeVgzoqloSeRsFHDnJnuJ/ZP8rAhywvB+Q39uX3QeXKLmjBz40ry5vDEhtxP5gROTxX83G/CJGsrGBsdfJe+M8SUR0NDJXl5bx8sXVJ+kWLcbhgO5Yf5yPcje3/0kWm5MxkuXGXlfei/9KYUv3/2w3hQ5tJqeaDm2N/9GyM4zspjig3PrjiPhWvf0fit3EfzUK8f/rPZa/c/wDAAAAAAAA7Xp+OSJ+UDb/r9KY/zNUMv9nPCIu7UP5O7//V8mX6CX7UBxQ8OpyxI9L5//mYReTA/XcV7P5AIPJjVtLi2cj4msRcToGh9P8bNN5K4X0mT8ff9qq/OL8v3RLy3/5oji9uPJRtWkh7sL86ry/BtC5V48jvp3N/z1Z3/P+/J+0/U9K2v80vu+1Wcbx7z27VszXarVHebo8/jfmAgPdVftbxKnS9n+zgU22fz7HTNYfmMl7BVt9521hoVET8Q+9k7b/Y63jv9HzbjyvZ2V35x+KiHNr1Vbh30b8l/f/h5JfDERhKcHv51dX789GDCVXtu6f212doV/l8ZDHSxr/p7+7/fhfo/9fiMPRiFhvs8xvvBv/X6tj2n/onTT+F7bv/08m9fY/sva/0RFoOzH3bPKf2ZlKngt3ra32/3zWpp+u78nG/4C6ypY97QZoT6oLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+4SkR8JZLKdCNdqUxPR4xHxNdjrLK0vLL6/RvLv727kB7LPv+/kn/S78RGPsk//3+ykJ9ryp+LiGMR8ZeB0Sw/fX15aaHXFw8AAAAAAAAAAAAAAAAAAACHxHi25r823Lz+P/X/gV7XDui6av3rDvE+chB1AQ5Wdc+vrA1v3fffzioDHKi9xz/woWs//ge7Wg/g4LWO/zdva5k8nyTFo592uV5A9+n/w9G1x/j39iD0gZL4n+pFPYCDtu2Y3tNGyrv/0Jfc/wMAAAAAQF85dvL5v5KIWP/RaLalhurHTPaH/lbpdQWAnjGHF46u6nKvawD0int8YHNd/+e1suOtZ/8n3akQAAAAAAAAAAAAALDFqRPW/8NRtf36f3P7oZ9ts/6/LPg9LgD6SOuP/tD2Q79zjw/s1Npb/w8AAAAAAAAAAAAAh8DIg9vzS0uL91fWOkxExH9qSUSn52mR+FXJoZ90qayuJtbnD0U19jXxrjtnHoyIw3GBB53IH8HRw2r0+O8SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ8GUAAAD//2OSKo4=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
execve(0x0, 0x0, &(0x7f0000000ac0)={[0x0, 0x0]})
read$FUSE(0xffffffffffffffff, &(0x7f00000042c0)={0x2020}, 0x956)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000000c0)={'#! ', './file0'}, 0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
dup(0xffffffffffffffff)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r3, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
renameat2(r0, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000380)='./file1\x00', 0x2)

230.147063ms ago: executing program 2 (id=98):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfffffffffffffffe}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
gettid()
sigaltstack(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000c00)=ANY=[@ANYBLOB="18080000feffff3f000000000000001c85100000060000008510000004000000660800000000000018000000000000000000000000000000950000000000000095000000000000009500"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000a334625215feb3080b8749a22377a1344fc773854ebebd3f3a36248532ae6e312c0080430c21b2dad957214289bae450fe07122ab3adfa15bc43243b8b204a1b8ada9bad1a51a7a2121dc92a5d20fb5794c0950b25b7333953d6d0b28b42e3b5b7e2d5e92e6a836efd91a594f992de1e21db4152d60815e732e0b3ac8f98ea0d503428c6ef534e0cde4015392b8dd7d0f5b9731d0e9486ba7fb278bff2f36fa210c86a76c34acf4006524c66fc130d54091552947ed3edfc8dd2b620b3a34f49c2a512af39c39ef812ce0ec919f1df875221a9dc638c", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000200)={'veth1\x00', <r9=>0x0})
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r10, 0x0, 0x3}, 0x18)
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x80, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00'}, 0x10)

149.336293ms ago: executing program 4 (id=99):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x2e, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x40010040)
r3 = socket$kcm(0x2c, 0x3, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
setsockopt$sock_attach_bpf(r3, 0x11b, 0x2, &(0x7f0000000900)=r2, 0x4)

0s ago: executing program 5 (id=100):
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x8800, &(0x7f00000002c0), 0x1, 0x641, &(0x7f00000003c0)="$eJzs3d9rFNsdAPDvbDa/2yZKaWsfaqAUhdbERC1SCtV3EfvjrX1JTRRrNGJS2ohgBAul0Lc+CH3qQ+2fUcFX/4E+FNo+lQtyudeH60Wue5nJzmbczCabbDYbN58PjDlnJjvnTMw358zZc2YDOLKmImI6Ik5ExL0kYqJwrJr9W8m+Kf2+1588vJ5uSdRqP/84iYePkvXiuZL61/H6i7+Y2Nh1fGBruStrD27PLy0t3q/nZ1bv3JtZWXtw5tad+ZuLNxfvzv1w7uKF8xcuzp7t5PL+WMxcefKb30386eov//7Xt8nsP/59NYlL6dVl0utqfvFwJyVnP9upqG14U9yf/lwvdnjuw+Kzifz3ZFPSvINDLY2BwYj4ZkzEQOF/cyL+8NOeVgzoqloSeRsFHDnJnuJ/ZP8rAhywvB+Q39uX3QeXKLmjBz40ry5vDEhtxP5gROTxX83G/CJGsrGBsdfJe+M8SUR0NDJXl5bx8sXVJ+kWLcbhgO5Yf5yPcje3/0kWm5MxkuXGXlfei/9KYUv3/2w3hQ5tJqeaDm2N/9GyM4zspjig3PrjiPhWvf0fit3EfzUK8f/rPZa/c/wDAAAAAAAA7Xp+OSJ+UDb/r9KY/zNUMv9nPCIu7UP5O7//V8mX6CX7UBxQ8OpyxI9L5//mYReTA/XcV7P5AIPJjVtLi2cj4msRcToGh9P8bNN5K4X0mT8ff9qq/OL8v3RLy3/5oji9uPJRtWkh7sL86ry/BtC5V48jvp3N/z1Z3/P+/J+0/U9K2v80vu+1Wcbx7z27VszXarVHebo8/jfmAgPdVftbxKnS9n+zgU22fz7HTNYfmMl7BVt9521hoVET8Q+9k7b/Y63jv9HzbjyvZ2V35x+KiHNr1Vbh30b8l/f/h5JfDERhKcHv51dX789GDCVXtu6f212doV/l8ZDHSxr/p7+7/fhfo/9fiMPRiFhvs8xvvBv/X6tj2n/onTT+F7bv/08m9fY/sva/0RFoOzH3bPKf2ZlKngt3ra32/3zWpp+u78nG/4C6ypY97QZoT6oLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+4SkR8JZLKdCNdqUxPR4xHxNdjrLK0vLL6/RvLv727kB7LPv+/kn/S78RGPsk//3+ykJ9ryp+LiGMR8ZeB0Sw/fX15aaHXFw8AAAAAAAAAAAAAAAAAAACHxHi25r823Lz+P/X/gV7XDui6av3rDvE+chB1AQ5Wdc+vrA1v3fffzioDHKi9xz/woWs//ge7Wg/g4LWO/zdva5k8nyTFo592uV5A9+n/w9G1x/j39iD0gZL4n+pFPYCDtu2Y3tNGyrv/0Jfc/wMAAAAAQF85dvL5v5KIWP/RaLalhurHTPaH/lbpdQWAnjGHF46u6nKvawD0int8YHNd/+e1suOtZ/8n3akQAAAAAAAAAAAAALDFqRPW/8NRtf36f3P7oZ9ts/6/LPg9LgD6SOuP/tD2Q79zjw/s1Npb/w8AAAAAAAAAAAAAh8DIg9vzS0uL91fWOkxExH9qSUSn52mR+FXJoZ90qayuJtbnD0U19jXxrjtnHoyIw3GBB53IH8HRw2r0+O8SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ8GUAAAD//2OSKo4=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000180)=0x185000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
execve(0x0, 0x0, &(0x7f0000000ac0))
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/cpuinfo\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
dup(0xffffffffffffffff)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000300), 0x0, 0x0)
mmap$snddsp_control(&(0x7f0000000000/0x3000)=nil, 0x1000, 0x1, 0x11, r3, 0x82000000)
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r3, 0xc0884123, &(0x7f0000000000)={0xd, "7ec94dd0a70f67e6bc1087a0a108e64d2232f60745de4eb7b6a22236fc9d425ddcb498e91dbe9d38693d9a5439f39fd5f836c7aae73703832d2322c47764d025", {0x4, 0x1}})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.121' (ED25519) to the list of known hosts.
[   86.222458][ T5821] cgroup: Unknown subsys name 'net'
[   86.366972][ T5821] cgroup: Unknown subsys name 'cpuset'
[   86.375826][ T5821] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   87.924108][ T5821] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   92.258134][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   92.266434][ T5838] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   92.281527][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   92.289427][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   92.297138][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   92.304734][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   92.313445][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   92.320744][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   92.328057][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   92.335750][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   92.337033][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   92.344407][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   92.357737][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   92.364487][ T5850] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   92.365289][ T5845] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   92.379030][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   92.386612][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   92.386686][ T5845] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   92.399904][ T5851] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   92.403539][ T5840] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   92.415748][ T5851] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   92.432148][ T5851] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   92.443661][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   92.453061][ T5851] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   92.455327][   T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   92.468058][ T5840] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   92.476985][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   92.485039][   T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   92.486540][ T5843] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   92.499445][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   92.500508][ T5838] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   92.515008][ T5838] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   92.580369][ T5143] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   92.589219][ T5143] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   92.600154][ T5143] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   92.613091][ T5143] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   93.182203][ T5836] chnl_net:caif_netlink_parms(): no params data found
[   93.276319][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   93.321859][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   93.454302][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   93.488684][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.499722][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.507932][ T5836] bridge_slave_0: entered allmulticast mode
[   93.515717][ T5836] bridge_slave_0: entered promiscuous mode
[   93.545210][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   93.580191][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.587917][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.595482][ T5836] bridge_slave_1: entered allmulticast mode
[   93.602399][ T5836] bridge_slave_1: entered promiscuous mode
[   93.695177][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.702371][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.713512][ T5854] bridge_slave_0: entered allmulticast mode
[   93.720395][ T5854] bridge_slave_0: entered promiscuous mode
[   93.732410][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.739914][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.747404][ T5833] bridge_slave_0: entered allmulticast mode
[   93.754456][ T5833] bridge_slave_0: entered promiscuous mode
[   93.763973][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.771073][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.778274][ T5833] bridge_slave_1: entered allmulticast mode
[   93.785375][ T5833] bridge_slave_1: entered promiscuous mode
[   93.804438][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.816639][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.834836][ T5844] chnl_net:caif_netlink_parms(): no params data found
[   93.844944][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.852150][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.859964][ T5854] bridge_slave_1: entered allmulticast mode
[   93.867358][ T5854] bridge_slave_1: entered promiscuous mode
[   93.937932][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.968409][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.985142][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.997847][ T5836] team0: Port device team_slave_0 added
[   94.012018][ T5836] team0: Port device team_slave_1 added
[   94.040717][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.137413][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.144854][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.152079][ T5846] bridge_slave_0: entered allmulticast mode
[   94.159292][ T5846] bridge_slave_0: entered promiscuous mode
[   94.181576][ T5854] team0: Port device team_slave_0 added
[   94.188021][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.199082][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.206736][ T5832] bridge_slave_0: entered allmulticast mode
[   94.214051][ T5832] bridge_slave_0: entered promiscuous mode
[   94.226345][ T5833] team0: Port device team_slave_0 added
[   94.238875][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.246533][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.273549][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.287232][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.294334][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.320381][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.334987][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.342196][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.359536][ T5846] bridge_slave_1: entered allmulticast mode
[   94.366883][ T5846] bridge_slave_1: entered promiscuous mode
[   94.375480][ T5854] team0: Port device team_slave_1 added
[   94.390059][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.397565][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.404920][ T5832] bridge_slave_1: entered allmulticast mode
[   94.411973][ T5832] bridge_slave_1: entered promiscuous mode
[   94.429517][ T5833] team0: Port device team_slave_1 added
[   94.485093][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.504164][ T5851] Bluetooth: hci2: command tx timeout
[   94.513326][ T5851] Bluetooth: hci1: command tx timeout
[   94.544758][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.551774][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.578290][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.589001][ T5851] Bluetooth: hci3: command tx timeout
[   94.594762][ T5851] Bluetooth: hci4: command tx timeout
[   94.598014][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.612048][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.622070][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.629651][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.657086][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.663983][ T5851] Bluetooth: hci0: command tx timeout
[   94.673558][ T5143] Bluetooth: hci5: command tx timeout
[   94.678143][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.686165][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.712978][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.771758][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.796682][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.804072][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.830728][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.847775][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.856094][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.863634][ T5844] bridge_slave_0: entered allmulticast mode
[   94.870572][ T5844] bridge_slave_0: entered promiscuous mode
[   94.893062][ T5836] hsr_slave_0: entered promiscuous mode
[   94.899709][ T5836] hsr_slave_1: entered promiscuous mode
[   94.951478][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.958946][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.967933][ T5844] bridge_slave_1: entered allmulticast mode
[   94.975616][ T5844] bridge_slave_1: entered promiscuous mode
[   94.988143][ T5846] team0: Port device team_slave_0 added
[   94.997022][ T5846] team0: Port device team_slave_1 added
[   95.015594][ T5832] team0: Port device team_slave_0 added
[   95.036566][ T5833] hsr_slave_0: entered promiscuous mode
[   95.044205][ T5833] hsr_slave_1: entered promiscuous mode
[   95.052080][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.060365][ T5833] Cannot create hsr debugfs directory
[   95.124196][ T5832] team0: Port device team_slave_1 added
[   95.139183][ T5854] hsr_slave_0: entered promiscuous mode
[   95.147534][ T5854] hsr_slave_1: entered promiscuous mode
[   95.155511][ T5854] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.163410][ T5854] Cannot create hsr debugfs directory
[   95.190744][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.198162][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.224648][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.271285][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.284160][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.302563][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.310644][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.337359][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.414870][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.421885][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.449047][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.494239][ T5844] team0: Port device team_slave_0 added
[   95.510271][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.517450][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.545196][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.584881][ T5844] team0: Port device team_slave_1 added
[   95.719778][ T5846] hsr_slave_0: entered promiscuous mode
[   95.726437][ T5846] hsr_slave_1: entered promiscuous mode
[   95.732559][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.743784][ T5846] Cannot create hsr debugfs directory
[   95.792563][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.799885][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.826642][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.896567][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.904136][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.930358][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.945289][ T5832] hsr_slave_0: entered promiscuous mode
[   95.951662][ T5832] hsr_slave_1: entered promiscuous mode
[   95.957921][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.965715][ T5832] Cannot create hsr debugfs directory
[   96.089359][ T5844] hsr_slave_0: entered promiscuous mode
[   96.096316][ T5844] hsr_slave_1: entered promiscuous mode
[   96.102530][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   96.110313][ T5844] Cannot create hsr debugfs directory
[   96.188040][ T5836] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   96.200606][ T5836] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   96.232226][ T5836] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   96.272377][ T5836] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   96.392373][ T5833] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   96.416036][ T5833] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   96.463043][ T5833] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   96.477852][ T5833] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   96.583749][ T5851] Bluetooth: hci1: command tx timeout
[   96.589234][ T5851] Bluetooth: hci2: command tx timeout
[   96.602429][   T10] cfg80211: failed to load regulatory.db
[   96.608760][ T5854] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   96.640188][ T5854] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   96.651212][ T5854] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   96.664293][ T5851] Bluetooth: hci4: command tx timeout
[   96.664319][ T5143] Bluetooth: hci3: command tx timeout
[   96.687569][ T5854] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   96.717701][ T5846] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   96.730435][ T5846] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   96.753441][ T5143] Bluetooth: hci0: command tx timeout
[   96.753454][ T5851] Bluetooth: hci5: command tx timeout
[   96.762598][ T5846] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   96.810472][ T5846] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   96.906815][ T5832] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   96.921736][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.939311][ T5832] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   96.949923][ T5832] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   96.973287][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.999772][ T5832] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   97.068114][ T5836] 8021q: adding VLAN 0 to HW filter on device team0
[   97.076850][ T5844] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   97.087216][ T5844] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   97.098585][ T5844] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   97.110634][ T5844] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   97.134905][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.142825][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.175011][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.182138][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.207718][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   97.241570][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.248807][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.285949][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.293167][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.346912][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.454861][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.473844][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   97.511959][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   97.528197][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.535493][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.557442][ T5836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   97.588231][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.595445][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.606323][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.613549][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.677006][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.684215][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.769215][ T5846] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   97.780137][ T5846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   97.887552][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.984433][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   97.996041][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.026250][ T5854] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   98.059340][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.066514][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.119523][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.140417][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.180585][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.187964][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.304872][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[   98.388525][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.395723][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.415300][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.422476][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.504158][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.515015][ T5836] veth0_vlan: entered promiscuous mode
[   98.589663][ T5836] veth1_vlan: entered promiscuous mode
[   98.663870][ T5143] Bluetooth: hci2: command tx timeout
[   98.663887][ T5851] Bluetooth: hci1: command tx timeout
[   98.711155][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.740459][ T5846] veth0_vlan: entered promiscuous mode
[   98.746667][ T5851] Bluetooth: hci4: command tx timeout
[   98.754020][ T5851] Bluetooth: hci3: command tx timeout
[   98.779267][ T5846] veth1_vlan: entered promiscuous mode
[   98.796724][ T5833] veth0_vlan: entered promiscuous mode
[   98.824733][ T5851] Bluetooth: hci5: command tx timeout
[   98.830195][ T5851] Bluetooth: hci0: command tx timeout
[   98.857655][ T5833] veth1_vlan: entered promiscuous mode
[   98.923787][ T5836] veth0_macvtap: entered promiscuous mode
[   98.942436][ T5836] veth1_macvtap: entered promiscuous mode
[   98.951985][ T5833] veth0_macvtap: entered promiscuous mode
[   98.997867][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.036573][ T5833] veth1_macvtap: entered promiscuous mode
[   99.074648][ T5854] veth0_vlan: entered promiscuous mode
[   99.091793][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.112550][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   99.126689][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.138783][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.155015][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.168577][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   99.179460][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.191076][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.203103][ T5836] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.212028][ T5836] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.221632][ T5836] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.231059][ T5836] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.256041][ T5846] veth0_macvtap: entered promiscuous mode
[   99.286737][ T5833] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.302234][ T5833] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.311381][ T5833] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.321292][ T5833] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.341992][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.370691][ T5846] veth1_macvtap: entered promiscuous mode
[   99.386654][ T5854] veth1_vlan: entered promiscuous mode
[   99.482139][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   99.494530][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.505793][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   99.516892][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.528221][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.608109][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   99.630614][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.645494][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   99.661172][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.672352][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.690333][ T5854] veth0_macvtap: entered promiscuous mode
[   99.701837][ T3461] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.724780][ T3461] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.747269][ T5846] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.759385][ T5846] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.768657][ T5846] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.778390][ T5846] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.809769][ T5854] veth1_macvtap: entered promiscuous mode
[   99.845616][ T5832] veth0_vlan: entered promiscuous mode
[   99.870169][ T5832] veth1_vlan: entered promiscuous mode
[   99.908414][ T2993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.923337][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.934816][ T2993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.948095][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.976392][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   99.988463][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.998451][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  100.009041][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.019253][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  100.031011][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.042732][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.109797][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.121728][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.132328][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.143545][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.153476][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.164385][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.176425][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.191621][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.209354][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.268071][ T5854] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.277641][ T5854] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.289369][ T5854] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.293967][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  100.308324][ T5854] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.330377][ T5832] veth0_macvtap: entered promiscuous mode
[  100.358248][ T5844] veth0_vlan: entered promiscuous mode
[  100.381244][ T5844] veth1_vlan: entered promiscuous mode
[  100.394675][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.418322][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.461307][ T5832] veth1_macvtap: entered promiscuous mode
[  100.555187][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.586171][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.624908][ T5844] veth0_macvtap: entered promiscuous mode
[  100.652675][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  100.670294][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.680652][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  100.691926][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.702074][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  100.712930][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.723110][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  100.735025][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.745881][ T5143] Bluetooth: hci2: command tx timeout
[  100.753041][ T5851] Bluetooth: hci1: command tx timeout
[  100.759837][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.787706][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.799378][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.809381][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.819987][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.830456][ T5851] Bluetooth: hci3: command tx timeout
[  100.836212][ T5143] Bluetooth: hci4: command tx timeout
[  100.841713][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.853923][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.864351][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.874966][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.887742][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.911407][ T5844] veth1_macvtap: entered promiscuous mode
[  100.913472][ T5851] Bluetooth: hci0: command tx timeout
[  100.922601][ T5851] Bluetooth: hci5: command tx timeout
[  100.965988][ T5832] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.975349][ T5832] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.984316][ T5832] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.993334][ T5832] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.013026][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.020907][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.131083][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  101.169517][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.194206][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  101.211828][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.223291][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  101.242670][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.254082][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  101.273381][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.284293][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  101.295211][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.309585][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.333735][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  101.347249][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.388263][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  101.425185][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.283390][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  102.513902][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  102.524490][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.534836][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  102.590856][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  102.692786][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  103.318785][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  103.328922][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  103.339418][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  103.351862][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.393187][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  103.401932][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  103.411270][    T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!!
[  103.888134][ T2993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.927455][ T2993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.934521][ T5844] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.953859][ T5844] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.965030][ T5956] =======================================================
[  103.965030][ T5956] WARNING: The mand mount option has been deprecated and
[  103.965030][ T5956]          and is ignored by this kernel. Remove the mand
[  103.965030][ T5956]          option from the mount to silence this warning.
[  103.965030][ T5956] =======================================================
[  104.000464][ T5844] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  104.009363][ T5844] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  104.137560][ T2993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.191182][ T2993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.378876][ T5961] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  104.398060][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.428403][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.542358][ T1081] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.583728][ T1081] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.689116][ T2993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.722261][ T2993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.913410][ T5899] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  104.932007][   T10] kernel read not supported for file /vcs (pid: 10 comm: kworker/0:1)
[  105.117260][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  105.117442][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  105.117588][ T5899] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  105.117863][ T5899] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  105.117984][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  105.237574][ T5899] usb 2-1: config 0 descriptor??
[  105.388849][ T5981] netlink: 'syz.3.14': attribute type 4 has an invalid length.
[  105.389172][ T5981] netlink: 17 bytes leftover after parsing attributes in process `syz.3.14'.
[  105.452807][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  106.015306][ T5899] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[  106.041734][ T5899] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  106.275811][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  107.525786][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  107.813488][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  108.653220][  T903] usb 2-1: reset high-speed USB device number 2 using dummy_hcd
[  108.839600][ T5996] loop5: detected capacity change from 0 to 512
[  108.946815][ T5996] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.026518][ T5996] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  114.023266][  T903] usb 2-1: device descriptor read/64, error -110
[  114.048241][ T5844] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.204856][ T6013] loop0: detected capacity change from 0 to 1024
[  114.252454][ T6013] EXT4-fs: Ignoring removed orlov option
[  114.272643][ T6016] loop1: detected capacity change from 0 to 8
[  114.316490][ T6013] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  114.352418][ T6017] xt_cluster: node mask cannot exceed total number of nodes
[  114.403774][ T6017] netlink: 48 bytes leftover after parsing attributes in process `syz.4.24'.
[  114.435719][ T6013] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  114.516040][ T6017] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.24' sets config #1
[  114.671281][ T6027] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  114.934627][    T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  115.937811][ T5971] usb 2-1: USB disconnect, device number 2
[  118.174753][    T9] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  118.202054][ T6038] loop1: detected capacity change from 0 to 128
[  118.223606][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.242842][ T6038] EXT4-fs: Ignoring removed nobh option
[  118.267214][    T9] usb 1-1: config 0 descriptor??
[  118.295291][    T9] cp210x 1-1:0.0: cp210x converter detected
[  118.355852][ T6038] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  118.944783][ T5851] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  118.953269][ T5851] Bluetooth: hci3: Injecting HCI hardware error event
[  118.961538][ T5851] Bluetooth: hci3: hardware error 0x00
[  119.330695][ T6038] ext4 filesystem being mounted at /3/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  119.721962][ T6038] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.730338][ T6038] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.843837][ T6038] bridge_slave_1: left allmulticast mode
[  119.849736][ T6038] bridge_slave_1: left promiscuous mode
[  119.866403][ T6051] loop3: detected capacity change from 0 to 128
[  119.892912][    T9] cp210x 1-1:0.0: failed to get vendor val 0x370b size 1: -71
[  119.904350][ T6038] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.922389][    T9] cp210x 1-1:0.0: querying part number failed
[  119.934005][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.951589][    T9] usb 1-1: cp210x converter now attached to ttyUSB0
[  119.973143][ T6038] bridge_slave_0: left allmulticast mode
[  120.149034][ T6038] bridge_slave_0: left promiscuous mode
[  120.421517][ T6038] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.951359][    T9] usb 1-1: USB disconnect, device number 2
[  120.973916][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  120.982397][    T9] cp210x 1-1:0.0: device disconnected
[  121.136958][ T5851] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  121.760507][ T6062] netlink: 'syz.0.34': attribute type 4 has an invalid length.
[  121.793011][ T6062] netlink: 17 bytes leftover after parsing attributes in process `syz.0.34'.
[  122.078518][ T5854] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  122.252494][ T6072] loop2: detected capacity change from 0 to 8
[  122.429381][ T6078] loop1: detected capacity change from 0 to 1024
[  122.475727][ T6078] EXT4-fs: inline encryption not supported
[  122.503205][ T6078] EXT4-fs: Ignoring removed orlov option
[  122.523079][ T5971] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  122.534463][ T6078] EXT4-fs (loop1): stripe (4) is not aligned with cluster size (16), stripe is disabled
[  122.603642][ T6078] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended
[  122.627724][ T6078] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  122.725511][ T5971] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  122.776177][ T5971] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.788861][ T6091] loop5: detected capacity change from 0 to 256
[  122.834563][ T5971] usb 1-1: config 0 descriptor??
[  122.856508][ T6091] exFAT-fs (loop5): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d)
[  122.859316][ T5971] cp210x 1-1:0.0: cp210x converter detected
[  123.020913][ T5854] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.136209][ T5971] cp210x 1-1:0.0: failed to get vendor val 0x370b size 1: -71
[  127.158745][ T5971] cp210x 1-1:0.0: querying part number failed
[  127.253370][ T5971] usb 1-1: cp210x converter now attached to ttyUSB0
[  127.325612][ T5971] usb 1-1: USB disconnect, device number 3
[  127.390404][ T5971] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  127.606504][ T5971] cp210x 1-1:0.0: device disconnected
[  128.173726][ T6114] input: syz0 as /devices/virtual/input/input5
[  128.543062][ T6114] loop0: detected capacity change from 0 to 2048
[  128.700310][ T6114] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  131.748927][ T6130] loop3: detected capacity change from 0 to 1764
[  131.784399][  T903] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  131.974263][  T903] usb 5-1: Using ep0 maxpacket: 16
[  132.022994][  T903] usb 5-1: config 0 has an invalid interface number: 214 but max is 0
[  132.125992][  T903] usb 5-1: config 0 has no interface number 0
[  132.203313][  T903] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  132.299760][  T903] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  132.299803][  T903] usb 5-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  132.299838][  T903] usb 5-1: Manufacturer: syz
[  132.299864][  T903] usb 5-1: SerialNumber: syz
[  132.343572][  T903] usb 5-1: config 0 descriptor??
[  133.061878][  T903] usbtouchscreen 5-1:0.214: probe with driver usbtouchscreen failed with error -71
[  133.183676][  T903] usb 5-1: USB disconnect, device number 2
[  136.433019][ T5851] Bluetooth: hci1: Malformed Event: 0x02
[  137.593108][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  137.599774][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  138.361516][ T6177] loop4: detected capacity change from 0 to 512
[  141.234404][ T6177] EXT4-fs: error -4 creating inode table initialization thread
[  141.243431][ T6177] EXT4-fs (loop4): mount failed
[  142.102354][   T30] audit: type=1326 audit(1742909429.935:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.5.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdadc929359 code=0x7ffc0000
[  142.200450][   T30] audit: type=1326 audit(1742909429.975:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.5.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdadc929359 code=0x7ffc0000
[  142.298443][   T30] audit: type=1326 audit(1742909429.975:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.5.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdadc98d169 code=0x7ffc0000
[  142.328961][ T6214] Zero length message leads to an empty skb
[  142.372509][   T30] audit: type=1326 audit(1742909429.975:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.5.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdadc929359 code=0x7ffc0000
[  142.415778][   T30] audit: type=1326 audit(1742909429.975:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.5.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdadc98d169 code=0x7ffc0000
[  142.501519][   T30] audit: type=1326 audit(1742909429.975:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.5.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdadc929359 code=0x7ffc0000
[  142.685458][   T30] audit: type=1326 audit(1742909429.975:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.5.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdadc98d169 code=0x7ffc0000
[  142.831524][   T30] audit: type=1326 audit(1742909429.975:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.5.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdadc98d169 code=0x7ffc0000
[  142.864272][ T6222] loop4: detected capacity change from 0 to 1024
[  142.883218][ T6222] EXT4-fs: Ignoring removed nobh option
[  142.888858][ T6222] EXT4-fs: Ignoring removed bh option
[  142.904842][   T30] audit: type=1326 audit(1742909429.975:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.5.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdadc98d169 code=0x7ffc0000
[  143.043700][ T6222] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.087801][   T30] audit: type=1326 audit(1742909429.975:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.5.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdadc98d169 code=0x7ffc0000
[  143.367154][ T5833] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.483100][ T5971] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  143.711269][ T5971] usb 6-1: unable to get BOS descriptor set
[  143.782560][ T5971] usb 6-1: not running at top speed; connect to a high speed hub
[  143.945529][ T5971] usb 6-1: config 1 interface 0 has no altsetting 0
[  144.118230][ T5971] usb 6-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.40
[  144.184466][ T5971] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.951592][ T6249] loop4: detected capacity change from 0 to 512
[  145.047498][ T6249] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.129116][ T6249] ext4 filesystem being mounted at /17/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  145.427193][ T5971] usbhid 6-1:1.0: can't add hid device: -71
[  145.442845][ T5851] Bluetooth: hci5: command tx timeout
[  145.472993][ T5971] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[  146.738329][ T6256] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  146.835018][ T5971] usb 6-1: USB disconnect, device number 2
[  146.929608][ T5833] EXT4-fs error (device loop4): ext4_empty_dir:3094: inode #12: comm syz-executor: invalid size
[  146.995232][ T5833] EXT4-fs error (device loop4): ext4_empty_dir:3094: inode #12: comm syz-executor: invalid size
[  147.017448][ T6257] BUG: Bad page state in process syz.1.96  pfn:5ba2c
[  147.024327][ T6257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x5ba2c
[  147.034490][ T6257] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  147.041647][ T6257] raw: 00fff00000000000 dead000000000040 ffff888021aec000 0000000000000000
[  147.050338][ T6257] raw: ffff888000000000 3fffffffffffffff 00000000ffffffff 0000000000000000
[  147.058991][ T6257] page dumped because: page_pool leak
[  147.064419][ T6257] page_owner tracks the page as allocated
[  147.070352][ T6257] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6257, tgid 6254 (syz.1.96), ts 147017333581, free_ts 146993430352
[  147.087317][ T6257]  post_alloc_hook+0x181/0x1b0
[  147.092146][ T6257]  get_page_from_freelist+0xfce/0x2f80
[  147.097799][ T6257]  __alloc_frozen_pages_noprof+0x221/0x2470
[  147.103802][ T6257]  alloc_pages_bulk_noprof+0x6f9/0x1390
[  147.109409][ T6257]  __page_pool_alloc_pages_slow+0x18c/0x770
[  147.115394][ T6257]  page_pool_alloc_netmems+0xc4/0x160
[  147.120835][ T6257]  page_pool_alloc_frag_netmem+0x220/0x760
[  147.126752][ T6257]  skb_pp_cow_data+0x571/0xf10
[  147.131577][ T6257]  skb_cow_data_for_xdp+0x88/0xb0
[  147.136706][ T6257]  do_xdp_generic+0x3f1/0xe70
[  147.141439][ T6257]  tun_get_user+0x1e04/0x3e50
[  147.146231][ T6257]  tun_chr_write_iter+0xdc/0x210
[  147.151231][ T6257]  vfs_write+0x5b1/0x1150
[  147.155656][ T6257]  ksys_write+0x12b/0x250
[  147.160048][ T6257]  do_syscall_64+0xcd/0x250
[  147.164642][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.170617][ T6257] page last free pid 15 tgid 15 stack trace:
[  147.176659][ T6257]  free_frozen_pages+0x6db/0xfb0
[  147.179804][ T6261] loop5: detected capacity change from 0 to 1024
[  147.181641][ T6257]  tlb_remove_table_rcu+0x116/0x1a0
[  147.193309][ T6257]  rcu_core+0x7a0/0x14d0
[  147.197597][ T6257]  handle_softirqs+0x216/0x8f0
[  147.202428][ T6257]  run_ksoftirqd+0x3a/0x60
[  147.206955][ T6257]  smpboot_thread_fn+0x664/0xa30
[  147.211936][ T6257]  kthread+0x3b2/0x750
[  147.216151][ T6257]  ret_from_fork+0x48/0x80
[  147.220624][ T6257]  ret_from_fork_asm+0x1a/0x30
[  147.225472][ T6257] Modules linked in:
[  147.229400][ T6257] CPU: 0 UID: 0 PID: 6257 Comm: syz.1.96 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0
[  147.229443][ T6257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  147.229465][ T6257] Call Trace:
[  147.229475][ T6257]  <TASK>
[  147.229488][ T6257]  dump_stack_lvl+0x16c/0x1f0
[  147.229545][ T6257]  bad_page+0xb3/0x1f0
[  147.229584][ T6257]  ? __pfx_bad_page+0x10/0x10
[  147.229621][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.229686][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.229753][ T6257]  ? page_bad_reason+0x9d/0x1e0
[  147.229795][ T6257]  free_frozen_pages+0x701/0xfb0
[  147.229861][ T6257]  page_frag_free+0x255/0x2a0
[  147.229899][ T6257]  __xdp_return+0x363/0xac0
[  147.229958][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.230020][ T6257]  ? kmem_cache_free+0x2e2/0x4d0
[  147.230082][ T6257]  bpf_xdp_adjust_tail+0x9de/0xf70
[  147.230167][ T6257]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  147.230199][ T6257]  bpf_prog_run_generic_xdp+0x623/0x1500
[  147.230268][ T6257]  do_xdp_generic+0x70a/0xe70
[  147.230319][ T6257]  ? __pfx_do_xdp_generic+0x10/0x10
[  147.230375][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.230452][ T6257]  ? tun_get_user+0x1d55/0x3e50
[  147.230513][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.230584][ T6257]  tun_get_user+0x1e04/0x3e50
[  147.230649][ T6257]  ? in_gate_area+0xd0/0x100
[  147.230704][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.230777][ T6257]  ? __pfx_tun_get_user+0x10/0x10
[  147.230834][ T6257]  ? find_held_lock+0x2d/0x110
[  147.230879][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.230948][ T6257]  ? __pfx_lock_release+0x10/0x10
[  147.231011][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.231086][ T6257]  tun_chr_write_iter+0xdc/0x210
[  147.231150][ T6257]  vfs_write+0x5b1/0x1150
[  147.231206][ T6257]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  147.231269][ T6257]  ? __pfx_lock_release+0x10/0x10
[  147.231323][ T6257]  ? __pfx_vfs_write+0x10/0x10
[  147.231381][ T6257]  ? lock_acquire+0x2f/0xb0
[  147.231432][ T6257]  ? __fget_files+0x40/0x3b0
[  147.231509][ T6257]  ksys_write+0x12b/0x250
[  147.231564][ T6257]  ? __pfx_ksys_write+0x10/0x10
[  147.231623][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.231697][ T6257]  do_syscall_64+0xcd/0x250
[  147.231762][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.231816][ T6257] RIP: 0033:0x7fe51838bc1f
[  147.231844][ T6257] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  147.231879][ T6257] RSP: 002b:00007fe519231000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  147.231912][ T6257] RAX: ffffffffffffffda RBX: 00007fe5185a5fa0 RCX: 00007fe51838bc1f
[  147.231937][ T6257] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  147.231960][ T6257] RBP: 00007fe51840e2a0 R08: 0000000000000000 R09: 0000000000000000
[  147.231982][ T6257] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  147.232005][ T6257] R13: 0000000000000000 R14: 00007fe5185a5fa0 R15: 00007fff0b8c5c38
[  147.232049][ T6257]  </TASK>
[  147.232062][ T6257] Disabling lock debugging due to kernel taint
[  147.370070][ T5833] EXT4-fs error (device loop4): ext4_empty_dir:3094: inode #12: comm syz-executor: invalid size
[  147.374945][ T6257] BUG: Bad page state in process syz.1.96  pfn:5dea6
[  147.374967][ T6257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805dea6000 pfn:0x5dea6
[  147.375001][ T6257] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  147.404499][ T6261] EXT4-fs (loop5): Can't support bigalloc feature without extents feature
[  147.404499][ T6261] 
[  147.405362][ T6257] raw: 00fff00000000000 dead000000000040 ffff888021aec000 0000000000000000
[  147.413133][ T6261] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities
[  147.415891][ T6257] raw: ffff88805dea6000 0000000000000001 00000000ffffffff 0000000000000000
[  147.607540][ T6257] page dumped because: page_pool leak
[  147.612964][ T6257] page_owner tracks the page as allocated
[  147.618698][ T6257] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6257, tgid 6254 (syz.1.96), ts 147017319690, free_ts 146993449821
[  147.635631][ T6257]  post_alloc_hook+0x181/0x1b0
[  147.637562][ T5833] EXT4-fs error (device loop4): ext4_empty_dir:3094: inode #12: comm syz-executor: invalid size
[  147.640424][ T6257]  get_page_from_freelist+0xfce/0x2f80
[  147.656524][ T6257]  __alloc_frozen_pages_noprof+0x221/0x2470
[  147.662537][ T6257]  alloc_pages_bulk_noprof+0x6f9/0x1390
[  147.668398][ T6257]  __page_pool_alloc_pages_slow+0x18c/0x770
[  147.675068][ T6257]  page_pool_alloc_netmems+0xc4/0x160
[  147.680966][ T6257]  skb_pp_cow_data+0x776/0xf10
[  147.686227][ T6257]  skb_cow_data_for_xdp+0x88/0xb0
[  147.691683][ T6257]  do_xdp_generic+0x3f1/0xe70
[  147.696662][ T6257]  tun_get_user+0x1e04/0x3e50
[  147.701814][ T6257]  tun_chr_write_iter+0xdc/0x210
[  147.702922][ T5833] EXT4-fs error (device loop4): ext4_empty_dir:3094: inode #12: comm syz-executor: invalid size
[  147.706898][ T6257]  vfs_write+0x5b1/0x1150
[  147.721704][ T6257]  ksys_write+0x12b/0x250
[  147.726278][ T6257]  do_syscall_64+0xcd/0x250
[  147.731229][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.737695][ T6257] page last free pid 15 tgid 15 stack trace:
[  147.744221][ T6257]  free_frozen_pages+0x6db/0xfb0
[  147.749349][ T6257]  tlb_remove_table_rcu+0x116/0x1a0
[  147.754963][ T6257]  rcu_core+0x7a0/0x14d0
[  147.759801][ T6257]  handle_softirqs+0x216/0x8f0
[  147.765025][ T6257]  run_ksoftirqd+0x3a/0x60
[  147.769815][ T6257]  smpboot_thread_fn+0x664/0xa30
[  147.775258][ T6257]  kthread+0x3b2/0x750
[  147.779596][ T6257]  ret_from_fork+0x48/0x80
[  147.784566][ T6257]  ret_from_fork_asm+0x1a/0x30
[  147.790163][ T6257] Modules linked in:
[  147.794502][ T6257] CPU: 0 UID: 0 PID: 6257 Comm: syz.1.96 Tainted: G    B              6.14.0-syzkaller-00685-g3ba7dfb8da62 #0
[  147.794551][ T6257] Tainted: [B]=BAD_PAGE
[  147.794562][ T6257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  147.794582][ T6257] Call Trace:
[  147.794593][ T6257]  <TASK>
[  147.794604][ T6257]  dump_stack_lvl+0x16c/0x1f0
[  147.794654][ T6257]  bad_page+0xb3/0x1f0
[  147.794688][ T6257]  ? __pfx_bad_page+0x10/0x10
[  147.794731][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.794789][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.794844][ T6257]  ? page_bad_reason+0x9d/0x1e0
[  147.794879][ T6257]  free_frozen_pages+0x701/0xfb0
[  147.794932][ T6257]  page_frag_free+0x255/0x2a0
[  147.794964][ T6257]  __xdp_return+0x363/0xac0
[  147.795015][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.795070][ T6257]  ? kmem_cache_free+0x2e2/0x4d0
[  147.795122][ T6257]  bpf_xdp_adjust_tail+0x9de/0xf70
[  147.795187][ T6257]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  147.795212][ T6257]  bpf_prog_run_generic_xdp+0x623/0x1500
[  147.795263][ T6257]  do_xdp_generic+0x70a/0xe70
[  147.795304][ T6257]  ? __pfx_do_xdp_generic+0x10/0x10
[  147.795349][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.795411][ T6257]  ? tun_get_user+0x1d55/0x3e50
[  147.795464][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.795522][ T6257]  tun_get_user+0x1e04/0x3e50
[  147.795575][ T6257]  ? in_gate_area+0xd0/0x100
[  147.795620][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.795676][ T6257]  ? __pfx_tun_get_user+0x10/0x10
[  147.795733][ T6257]  ? find_held_lock+0x2d/0x110
[  147.795771][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.795828][ T6257]  ? __pfx_lock_release+0x10/0x10
[  147.795879][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.795940][ T6257]  tun_chr_write_iter+0xdc/0x210
[  147.795994][ T6257]  vfs_write+0x5b1/0x1150
[  147.796042][ T6257]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  147.796096][ T6257]  ? __pfx_lock_release+0x10/0x10
[  147.796143][ T6257]  ? __pfx_vfs_write+0x10/0x10
[  147.796192][ T6257]  ? lock_acquire+0x2f/0xb0
[  147.796237][ T6257]  ? __fget_files+0x40/0x3b0
[  147.796296][ T6257]  ksys_write+0x12b/0x250
[  147.796343][ T6257]  ? __pfx_ksys_write+0x10/0x10
[  147.796391][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  147.796452][ T6257]  do_syscall_64+0xcd/0x250
[  147.796503][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.796551][ T6257] RIP: 0033:0x7fe51838bc1f
[  147.796574][ T6257] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  147.796606][ T6257] RSP: 002b:00007fe519231000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  147.796635][ T6257] RAX: ffffffffffffffda RBX: 00007fe5185a5fa0 RCX: 00007fe51838bc1f
[  147.796657][ T6257] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  147.796678][ T6257] RBP: 00007fe51840e2a0 R08: 0000000000000000 R09: 0000000000000000
[  147.796698][ T6257] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  147.796722][ T6257] R13: 0000000000000000 R14: 00007fe5185a5fa0 R15: 00007fff0b8c5c38
[  147.796753][ T6257]  </TASK>
[  147.796810][ T6257] BUG: Bad page state in process syz.1.96  pfn:32b3d
[  147.935050][ T5833] EXT4-fs error (device loop4): ext4_empty_dir:3094: inode #12: comm syz-executor: invalid size
[  147.935759][ T6257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x32b3d
[  147.951814][ T5833] EXT4-fs error (device loop4): ext4_empty_dir:3094: inode #12: comm syz-executor: invalid size
[  147.956056][ T6257] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  147.956121][ T6257] raw: 00fff00000000000 dead000000000040 ffff888021aec000 0000000000000000
[  147.956155][ T6257] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  147.956176][ T6257] page dumped because: page_pool leak
[  147.956191][ T6257] page_owner tracks the page as allocated
[  147.956204][ T6257] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6257, tgid 6254 (syz.1.96), ts 147017306561, free_ts 146993469882
[  147.956259][ T6257]  post_alloc_hook+0x181/0x1b0
[  147.956315][ T6257]  get_page_from_freelist+0xfce/0x2f80
[  147.956372][ T6257]  __alloc_frozen_pages_noprof+0x221/0x2470
[  147.990280][ T5833] EXT4-fs error (device loop4): ext4_empty_dir:3094: inode #12: comm syz-executor: invalid size
[  147.993864][ T6257]  alloc_pages_bulk_noprof+0x6f9/0x1390
[  147.993931][ T6257]  __page_pool_alloc_pages_slow+0x18c/0x770
[  148.025816][ T5833] EXT4-fs error (device loop4): ext4_empty_dir:3094: inode #12: comm syz-executor: invalid size
[  148.028637][ T6257]  page_pool_alloc_netmems+0xc4/0x160
[  148.158058][ T5833] EXT4-fs error (device loop4): ext4_empty_dir:3094: inode #12: comm syz-executor: invalid size
[  148.166357][ T6257]  skb_pp_cow_data+0x776/0xf10
[  148.166437][ T6257]  skb_cow_data_for_xdp+0x88/0xb0
[  148.166491][ T6257]  do_xdp_generic+0x3f1/0xe70
[  148.290063][ T6257]  tun_get_user+0x1e04/0x3e50
[  148.295446][ T6257]  tun_chr_write_iter+0xdc/0x210
[  148.300919][ T6257]  vfs_write+0x5b1/0x1150
[  148.307028][ T6257]  ksys_write+0x12b/0x250
[  148.311974][ T6257]  do_syscall_64+0xcd/0x250
[  148.317470][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.324709][ T6257] page last free pid 15 tgid 15 stack trace:
[  148.331948][ T6257]  free_frozen_pages+0x6db/0xfb0
[  148.338041][ T6257]  tlb_remove_table_rcu+0x116/0x1a0
[  148.342976][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout
[  148.343916][ T6257]  rcu_core+0x7a0/0x14d0
[  148.355066][ T6257]  handle_softirqs+0x216/0x8f0
[  148.361416][ T6257]  run_ksoftirqd+0x3a/0x60
[  148.367109][ T6257]  smpboot_thread_fn+0x664/0xa30
[  148.372773][ T6257]  kthread+0x3b2/0x750
[  148.377581][ T6257]  ret_from_fork+0x48/0x80
[  148.383189][ T6257]  ret_from_fork_asm+0x1a/0x30
[  148.389697][ T6257] Modules linked in:
[  148.394819][ T6257] CPU: 0 UID: 0 PID: 6257 Comm: syz.1.96 Tainted: G    B              6.14.0-syzkaller-00685-g3ba7dfb8da62 #0
[  148.394872][ T6257] Tainted: [B]=BAD_PAGE
[  148.394884][ T6257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  148.394905][ T6257] Call Trace:
[  148.394916][ T6257]  <TASK>
[  148.394928][ T6257]  dump_stack_lvl+0x16c/0x1f0
[  148.394989][ T6257]  bad_page+0xb3/0x1f0
[  148.395027][ T6257]  ? __pfx_bad_page+0x10/0x10
[  148.395064][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.395127][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.395187][ T6257]  ? page_bad_reason+0x9d/0x1e0
[  148.395226][ T6257]  free_frozen_pages+0x701/0xfb0
[  148.395284][ T6257]  page_frag_free+0x255/0x2a0
[  148.395319][ T6257]  __xdp_return+0x363/0xac0
[  148.395374][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.395434][ T6257]  ? kmem_cache_free+0x2e2/0x4d0
[  148.395499][ T6257]  bpf_xdp_adjust_tail+0x9de/0xf70
[  148.395573][ T6257]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  148.395600][ T6257]  bpf_prog_run_generic_xdp+0x623/0x1500
[  148.395655][ T6257]  do_xdp_generic+0x70a/0xe70
[  148.395699][ T6257]  ? __pfx_do_xdp_generic+0x10/0x10
[  148.395747][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.395815][ T6257]  ? tun_get_user+0x1d55/0x3e50
[  148.395872][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.395935][ T6257]  tun_get_user+0x1e04/0x3e50
[  148.395997][ T6257]  ? in_gate_area+0xd0/0x100
[  148.396046][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.396107][ T6257]  ? __pfx_tun_get_user+0x10/0x10
[  148.396162][ T6257]  ? find_held_lock+0x2d/0x110
[  148.396202][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.396265][ T6257]  ? __pfx_lock_release+0x10/0x10
[  148.396321][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.396387][ T6257]  tun_chr_write_iter+0xdc/0x210
[  148.396445][ T6257]  vfs_write+0x5b1/0x1150
[  148.396497][ T6257]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  148.396556][ T6257]  ? __pfx_lock_release+0x10/0x10
[  148.396609][ T6257]  ? __pfx_vfs_write+0x10/0x10
[  148.396663][ T6257]  ? lock_acquire+0x2f/0xb0
[  148.396714][ T6257]  ? __fget_files+0x40/0x3b0
[  148.396779][ T6257]  ksys_write+0x12b/0x250
[  148.396831][ T6257]  ? __pfx_ksys_write+0x10/0x10
[  148.396883][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.396949][ T6257]  do_syscall_64+0xcd/0x250
[  148.397009][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.397062][ T6257] RIP: 0033:0x7fe51838bc1f
[  148.397087][ T6257] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  148.397122][ T6257] RSP: 002b:00007fe519231000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  148.397155][ T6257] RAX: ffffffffffffffda RBX: 00007fe5185a5fa0 RCX: 00007fe51838bc1f
[  148.397179][ T6257] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  148.397202][ T6257] RBP: 00007fe51840e2a0 R08: 0000000000000000 R09: 0000000000000000
[  148.397225][ T6257] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  148.397247][ T6257] R13: 0000000000000000 R14: 00007fe5185a5fa0 R15: 00007fff0b8c5c38
[  148.397282][ T6257]  </TASK>
[  148.700375][ T6257] BUG: Bad page state in process syz.1.96  pfn:7c3a6
[  148.707316][ T6257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807c3a6dc0 pfn:0x7c3a6
[  148.717713][ T6257] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  148.725074][ T6257] raw: 00fff00000000000 dead000000000040 ffff888021aec000 0000000000000000
[  148.734163][ T6257] raw: ffff88807c3a6dc0 0000000000000001 00000000ffffffff 0000000000000000
[  148.743201][ T6257] page dumped because: page_pool leak
[  148.748836][ T6257] page_owner tracks the page as allocated
[  148.755154][ T6257] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6257, tgid 6254 (syz.1.96), ts 147017292881, free_ts 146993490141
[  148.772171][ T6257]  post_alloc_hook+0x181/0x1b0
[  148.777413][ T6257]  get_page_from_freelist+0xfce/0x2f80
[  148.783595][ T6257]  __alloc_frozen_pages_noprof+0x221/0x2470
[  148.790021][ T6257]  alloc_pages_bulk_noprof+0x6f9/0x1390
[  148.796066][ T6257]  __page_pool_alloc_pages_slow+0x18c/0x770
[  148.802343][ T6257]  page_pool_alloc_netmems+0xc4/0x160
[  148.808108][ T6257]  skb_pp_cow_data+0x776/0xf10
[  148.813672][ T6257]  skb_cow_data_for_xdp+0x88/0xb0
[  148.819091][ T6257]  do_xdp_generic+0x3f1/0xe70
[  148.824076][ T6257]  tun_get_user+0x1e04/0x3e50
[  148.828924][ T6257]  tun_chr_write_iter+0xdc/0x210
[  148.834202][ T6257]  vfs_write+0x5b1/0x1150
[  148.838824][ T6257]  ksys_write+0x12b/0x250
[  148.843487][ T6257]  do_syscall_64+0xcd/0x250
[  148.848375][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.854680][ T6257] page last free pid 15 tgid 15 stack trace:
[  148.861181][ T6257]  free_frozen_pages+0x6db/0xfb0
[  148.866372][ T6257]  tlb_remove_table_rcu+0x116/0x1a0
[  148.871803][ T6257]  rcu_core+0x7a0/0x14d0
[  148.876303][ T6257]  handle_softirqs+0x216/0x8f0
[  148.881326][ T6257]  run_ksoftirqd+0x3a/0x60
[  148.886087][ T6257]  smpboot_thread_fn+0x664/0xa30
[  148.891354][ T6257]  kthread+0x3b2/0x750
[  148.896597][ T6257]  ret_from_fork+0x48/0x80
[  148.901540][ T6257]  ret_from_fork_asm+0x1a/0x30
[  148.907820][ T6257] Modules linked in:
[  148.912785][ T6257] CPU: 0 UID: 0 PID: 6257 Comm: syz.1.96 Tainted: G    B              6.14.0-syzkaller-00685-g3ba7dfb8da62 #0
[  148.912839][ T6257] Tainted: [B]=BAD_PAGE
[  148.912852][ T6257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  148.912873][ T6257] Call Trace:
[  148.912883][ T6257]  <TASK>
[  148.912895][ T6257]  dump_stack_lvl+0x16c/0x1f0
[  148.912949][ T6257]  bad_page+0xb3/0x1f0
[  148.912994][ T6257]  ? __pfx_bad_page+0x10/0x10
[  148.913030][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.913094][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.913156][ T6257]  ? page_bad_reason+0x9d/0x1e0
[  148.913197][ T6257]  free_frozen_pages+0x701/0xfb0
[  148.913256][ T6257]  page_frag_free+0x255/0x2a0
[  148.913294][ T6257]  __xdp_return+0x363/0xac0
[  148.913351][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.913413][ T6257]  ? kmem_cache_free+0x2e2/0x4d0
[  148.913471][ T6257]  bpf_xdp_adjust_tail+0x9de/0xf70
[  148.913545][ T6257]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  148.913574][ T6257]  bpf_prog_run_generic_xdp+0x623/0x1500
[  148.913631][ T6257]  do_xdp_generic+0x70a/0xe70
[  148.913677][ T6257]  ? __pfx_do_xdp_generic+0x10/0x10
[  148.913727][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.913797][ T6257]  ? tun_get_user+0x1d55/0x3e50
[  148.913856][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.913921][ T6257]  tun_get_user+0x1e04/0x3e50
[  148.913990][ T6257]  ? in_gate_area+0xd0/0x100
[  148.914041][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.914103][ T6257]  ? __pfx_tun_get_user+0x10/0x10
[  148.914158][ T6257]  ? find_held_lock+0x2d/0x110
[  148.914199][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.914262][ T6257]  ? __pfx_lock_release+0x10/0x10
[  148.914319][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.914388][ T6257]  tun_chr_write_iter+0xdc/0x210
[  148.914448][ T6257]  vfs_write+0x5b1/0x1150
[  148.914502][ T6257]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  148.914562][ T6257]  ? __pfx_lock_release+0x10/0x10
[  148.914614][ T6257]  ? __pfx_vfs_write+0x10/0x10
[  148.914668][ T6257]  ? lock_acquire+0x2f/0xb0
[  148.914721][ T6257]  ? __fget_files+0x40/0x3b0
[  148.914787][ T6257]  ksys_write+0x12b/0x250
[  148.914840][ T6257]  ? __pfx_ksys_write+0x10/0x10
[  148.914894][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.914963][ T6257]  do_syscall_64+0xcd/0x250
[  148.915028][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.915082][ T6257] RIP: 0033:0x7fe51838bc1f
[  148.915109][ T6257] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  148.915145][ T6257] RSP: 002b:00007fe519231000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  148.915178][ T6257] RAX: ffffffffffffffda RBX: 00007fe5185a5fa0 RCX: 00007fe51838bc1f
[  148.915203][ T6257] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  148.915226][ T6257] RBP: 00007fe51840e2a0 R08: 0000000000000000 R09: 0000000000000000
[  148.915249][ T6257] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  148.915272][ T6257] R13: 0000000000000000 R14: 00007fe5185a5fa0 R15: 00007fff0b8c5c38
[  148.915307][ T6257]  </TASK>
[  149.218196][ T6257] BUG: Bad page state in process syz.1.96  pfn:7e8f2
[  149.225325][ T6257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807e8f2280 pfn:0x7e8f2
[  149.235833][ T6257] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  149.244945][ T6257] raw: 00fff00000000000 dead000000000040 ffff888021aec000 0000000000000000
[  149.254227][ T6257] raw: ffff88807e8f2280 0000000000000001 00000000ffffffff 0000000000000000
[  149.263256][ T6257] page dumped because: page_pool leak
[  149.269136][ T6257] page_owner tracks the page as allocated
[  149.275295][ T6257] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6257, tgid 6254 (syz.1.96), ts 147017279631, free_ts 146993510621
[  149.292627][ T6257]  post_alloc_hook+0x181/0x1b0
[  149.297780][ T6257]  get_page_from_freelist+0xfce/0x2f80
[  149.303722][ T6257]  __alloc_frozen_pages_noprof+0x221/0x2470
[  149.309930][ T6257]  alloc_pages_bulk_noprof+0x6f9/0x1390
[  149.315920][ T6257]  __page_pool_alloc_pages_slow+0x18c/0x770
[  149.322300][ T6257]  page_pool_alloc_netmems+0xc4/0x160
[  149.328409][ T6257]  skb_pp_cow_data+0x776/0xf10
[  149.333703][ T6257]  skb_cow_data_for_xdp+0x88/0xb0
[  149.339131][ T6257]  do_xdp_generic+0x3f1/0xe70
[  149.344416][ T6257]  tun_get_user+0x1e04/0x3e50
[  149.349411][ T6257]  tun_chr_write_iter+0xdc/0x210
[  149.354917][ T6257]  vfs_write+0x5b1/0x1150
[  149.359658][ T6257]  ksys_write+0x12b/0x250
[  149.365575][ T6257]  do_syscall_64+0xcd/0x250
[  149.370685][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.377156][ T6257] page last free pid 15 tgid 15 stack trace:
[  149.383697][ T6257]  free_frozen_pages+0x6db/0xfb0
[  149.389350][ T6257]  tlb_remove_table_rcu+0x116/0x1a0
[  149.395235][ T6257]  rcu_core+0x7a0/0x14d0
[  149.400355][ T6257]  handle_softirqs+0x216/0x8f0
[  149.405846][ T6257]  run_ksoftirqd+0x3a/0x60
[  149.410476][ T6257]  smpboot_thread_fn+0x664/0xa30
[  149.416078][ T6257]  kthread+0x3b2/0x750
[  149.420518][ T6257]  ret_from_fork+0x48/0x80
[  149.425523][ T6257]  ret_from_fork_asm+0x1a/0x30
[  149.430774][ T6257] Modules linked in:
[  149.435018][ T6257] CPU: 0 UID: 0 PID: 6257 Comm: syz.1.96 Tainted: G    B              6.14.0-syzkaller-00685-g3ba7dfb8da62 #0
[  149.435069][ T6257] Tainted: [B]=BAD_PAGE
[  149.435081][ T6257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  149.435102][ T6257] Call Trace:
[  149.435112][ T6257]  <TASK>
[  149.435124][ T6257]  dump_stack_lvl+0x16c/0x1f0
[  149.435177][ T6257]  bad_page+0xb3/0x1f0
[  149.435218][ T6257]  ? __pfx_bad_page+0x10/0x10
[  149.435256][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.435316][ T6257]  ? page_bad_reason+0x9d/0x1e0
[  149.435356][ T6257]  free_frozen_pages+0x701/0xfb0
[  149.435414][ T6257]  page_frag_free+0x255/0x2a0
[  149.435448][ T6257]  __xdp_return+0x363/0xac0
[  149.435503][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.435563][ T6257]  ? kmem_cache_free+0x2e2/0x4d0
[  149.435619][ T6257]  bpf_xdp_adjust_tail+0x9de/0xf70
[  149.435691][ T6257]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  149.435719][ T6257]  bpf_prog_run_generic_xdp+0x623/0x1500
[  149.435775][ T6257]  do_xdp_generic+0x70a/0xe70
[  149.435820][ T6257]  ? __pfx_do_xdp_generic+0x10/0x10
[  149.435867][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.435934][ T6257]  ? tun_get_user+0x1d55/0x3e50
[  149.436000][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.436065][ T6257]  tun_get_user+0x1e04/0x3e50
[  149.436124][ T6257]  ? in_gate_area+0xd0/0x100
[  149.436174][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.436237][ T6257]  ? __pfx_tun_get_user+0x10/0x10
[  149.436293][ T6257]  ? find_held_lock+0x2d/0x110
[  149.436335][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.436398][ T6257]  ? __pfx_lock_release+0x10/0x10
[  149.436453][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.436520][ T6257]  tun_chr_write_iter+0xdc/0x210
[  149.436580][ T6257]  vfs_write+0x5b1/0x1150
[  149.436634][ T6257]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  149.436694][ T6257]  ? __pfx_lock_release+0x10/0x10
[  149.436747][ T6257]  ? __pfx_vfs_write+0x10/0x10
[  149.436802][ T6257]  ? lock_acquire+0x2f/0xb0
[  149.436852][ T6257]  ? __fget_files+0x40/0x3b0
[  149.436917][ T6257]  ksys_write+0x12b/0x250
[  149.436974][ T6257]  ? __pfx_ksys_write+0x10/0x10
[  149.437027][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.437093][ T6257]  do_syscall_64+0xcd/0x250
[  149.437150][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.437203][ T6257] RIP: 0033:0x7fe51838bc1f
[  149.437229][ T6257] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  149.437265][ T6257] RSP: 002b:00007fe519231000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  149.437298][ T6257] RAX: ffffffffffffffda RBX: 00007fe5185a5fa0 RCX: 00007fe51838bc1f
[  149.437323][ T6257] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  149.437346][ T6257] RBP: 00007fe51840e2a0 R08: 0000000000000000 R09: 0000000000000000
[  149.437369][ T6257] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  149.437392][ T6257] R13: 0000000000000000 R14: 00007fe5185a5fa0 R15: 00007fff0b8c5c38
[  149.437427][ T6257]  </TASK>
[  149.437474][ T6257] BUG: Bad page state in process syz.1.96  pfn:2f807
[  149.741963][ T6257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802f807780 pfn:0x2f807
[  149.752821][ T6257] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  149.760443][ T6257] raw: 00fff00000000000 dead000000000040 ffff888021aec000 0000000000000000
[  149.770410][ T6257] raw: ffff88802f807780 0000000000000001 00000000ffffffff 0000000000000000
[  149.779333][ T6257] page dumped because: page_pool leak
[  149.785485][ T6257] page_owner tracks the page as allocated
[  149.791589][ T6257] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6257, tgid 6254 (syz.1.96), ts 147017266581, free_ts 146993531891
[  149.809161][ T6257]  post_alloc_hook+0x181/0x1b0
[  149.814444][ T6257]  get_page_from_freelist+0xfce/0x2f80
[  149.820610][ T6257]  __alloc_frozen_pages_noprof+0x221/0x2470
[  149.827087][ T6257]  alloc_pages_bulk_noprof+0x6f9/0x1390
[  149.833581][ T6257]  __page_pool_alloc_pages_slow+0x18c/0x770
[  149.839745][ T6257]  page_pool_alloc_netmems+0xc4/0x160
[  149.845559][ T6257]  skb_pp_cow_data+0x776/0xf10
[  149.850806][ T6257]  skb_cow_data_for_xdp+0x88/0xb0
[  149.856899][ T6257]  do_xdp_generic+0x3f1/0xe70
[  149.862810][ T6257]  tun_get_user+0x1e04/0x3e50
[  149.867874][ T6257]  tun_chr_write_iter+0xdc/0x210
[  149.874611][ T6257]  vfs_write+0x5b1/0x1150
[  149.879534][ T6257]  ksys_write+0x12b/0x250
[  149.885541][ T6257]  do_syscall_64+0xcd/0x250
[  149.890819][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.898070][ T6257] page last free pid 15 tgid 15 stack trace:
[  149.904702][ T6257]  free_frozen_pages+0x6db/0xfb0
[  149.910096][ T6257]  tlb_remove_table_rcu+0x116/0x1a0
[  149.916137][ T6257]  rcu_core+0x7a0/0x14d0
[  149.921243][ T6257]  handle_softirqs+0x216/0x8f0
[  149.927125][ T6257]  run_ksoftirqd+0x3a/0x60
[  149.931839][ T6257]  smpboot_thread_fn+0x664/0xa30
[  149.937335][ T6257]  kthread+0x3b2/0x750
[  149.941922][ T6257]  ret_from_fork+0x48/0x80
[  149.947099][ T6257]  ret_from_fork_asm+0x1a/0x30
[  149.952150][ T6257] Modules linked in:
[  149.956634][ T6257] CPU: 0 UID: 0 PID: 6257 Comm: syz.1.96 Tainted: G    B              6.14.0-syzkaller-00685-g3ba7dfb8da62 #0
[  149.956688][ T6257] Tainted: [B]=BAD_PAGE
[  149.956701][ T6257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  149.956723][ T6257] Call Trace:
[  149.956741][ T6257]  <TASK>
[  149.956750][ T6257]  dump_stack_lvl+0x16c/0x1f0
[  149.956791][ T6257]  bad_page+0xb3/0x1f0
[  149.956819][ T6257]  ? __pfx_bad_page+0x10/0x10
[  149.956846][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.956893][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.956938][ T6257]  ? page_bad_reason+0x9d/0x1e0
[  149.956967][ T6257]  free_frozen_pages+0x701/0xfb0
[  149.957011][ T6257]  page_frag_free+0x255/0x2a0
[  149.957038][ T6257]  __xdp_return+0x363/0xac0
[  149.957079][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.957124][ T6257]  ? kmem_cache_free+0x2e2/0x4d0
[  149.957166][ T6257]  bpf_xdp_adjust_tail+0x9de/0xf70
[  149.957220][ T6257]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  149.957241][ T6257]  bpf_prog_run_generic_xdp+0x623/0x1500
[  149.957283][ T6257]  do_xdp_generic+0x70a/0xe70
[  149.957316][ T6257]  ? __pfx_do_xdp_generic+0x10/0x10
[  149.957352][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.957403][ T6257]  ? tun_get_user+0x1d55/0x3e50
[  149.957446][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.957494][ T6257]  tun_get_user+0x1e04/0x3e50
[  149.957538][ T6257]  ? in_gate_area+0xd0/0x100
[  149.957575][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.957621][ T6257]  ? __pfx_tun_get_user+0x10/0x10
[  149.957662][ T6257]  ? find_held_lock+0x2d/0x110
[  149.957692][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.957750][ T6257]  ? __pfx_lock_release+0x10/0x10
[  149.957810][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.957871][ T6257]  tun_chr_write_iter+0xdc/0x210
[  149.957915][ T6257]  vfs_write+0x5b1/0x1150
[  149.957955][ T6257]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  149.958000][ T6257]  ? __pfx_lock_release+0x10/0x10
[  149.958039][ T6257]  ? __pfx_vfs_write+0x10/0x10
[  149.958079][ T6257]  ? lock_acquire+0x2f/0xb0
[  149.958116][ T6257]  ? __fget_files+0x40/0x3b0
[  149.958165][ T6257]  ksys_write+0x12b/0x250
[  149.958203][ T6257]  ? __pfx_ksys_write+0x10/0x10
[  149.958243][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  149.958293][ T6257]  do_syscall_64+0xcd/0x250
[  149.958334][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.958373][ T6257] RIP: 0033:0x7fe51838bc1f
[  149.958393][ T6257] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  149.958419][ T6257] RSP: 002b:00007fe519231000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  149.958444][ T6257] RAX: ffffffffffffffda RBX: 00007fe5185a5fa0 RCX: 00007fe51838bc1f
[  149.958461][ T6257] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  149.958478][ T6257] RBP: 00007fe51840e2a0 R08: 0000000000000000 R09: 0000000000000000
[  149.958495][ T6257] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  149.958511][ T6257] R13: 0000000000000000 R14: 00007fe5185a5fa0 R15: 00007fff0b8c5c38
[  149.958536][ T6257]  </TASK>
[  150.261669][ T6257] BUG: Bad page state in process syz.1.96  pfn:7263d
[  150.268742][ T6257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807263dc80 pfn:0x7263d
[  150.279268][ T6257] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  150.287492][ T6257] raw: 00fff00000000000 dead000000000040 ffff888021aec000 0000000000000000
[  150.296707][ T6257] raw: ffff88807263dc80 0000000000000001 00000000ffffffff 0000000000000000
[  150.306883][ T6257] page dumped because: page_pool leak
[  150.313313][ T6257] page_owner tracks the page as allocated
[  150.319351][ T6257] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6257, tgid 6254 (syz.1.96), ts 147017253271, free_ts 146993552131
[  150.337025][ T6257]  post_alloc_hook+0x181/0x1b0
[  150.341988][ T6257]  get_page_from_freelist+0xfce/0x2f80
[  150.347873][ T6257]  __alloc_frozen_pages_noprof+0x221/0x2470
[  150.355334][ T6257]  alloc_pages_bulk_noprof+0x6f9/0x1390
[  150.361452][ T6257]  __page_pool_alloc_pages_slow+0x18c/0x770
[  150.367722][ T6257]  page_pool_alloc_netmems+0xc4/0x160
[  150.373479][ T6257]  skb_pp_cow_data+0x776/0xf10
[  150.378358][ T6257]  skb_cow_data_for_xdp+0x88/0xb0
[  150.383956][ T6257]  do_xdp_generic+0x3f1/0xe70
[  150.388825][ T6257]  tun_get_user+0x1e04/0x3e50
[  150.394844][ T6257]  tun_chr_write_iter+0xdc/0x210
[  150.400089][ T6257]  vfs_write+0x5b1/0x1150
[  150.405032][ T6257]  ksys_write+0x12b/0x250
[  150.409600][ T6257]  do_syscall_64+0xcd/0x250
[  150.415039][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.421334][ T6257] page last free pid 15 tgid 15 stack trace:
[  150.428185][ T6257]  free_frozen_pages+0x6db/0xfb0
[  150.433826][ T6257]  tlb_remove_table_rcu+0x116/0x1a0
[  150.439437][ T6257]  rcu_core+0x7a0/0x14d0
[  150.444718][ T6257]  handle_softirqs+0x216/0x8f0
[  150.449806][ T6257]  run_ksoftirqd+0x3a/0x60
[  150.455131][ T6257]  smpboot_thread_fn+0x664/0xa30
[  150.460788][ T6257]  kthread+0x3b2/0x750
[  150.465464][ T6257]  ret_from_fork+0x48/0x80
[  150.470311][ T6257]  ret_from_fork_asm+0x1a/0x30
[  150.476690][ T6257] Modules linked in:
[  150.480931][ T6257] CPU: 0 UID: 0 PID: 6257 Comm: syz.1.96 Tainted: G    B              6.14.0-syzkaller-00685-g3ba7dfb8da62 #0
[  150.480983][ T6257] Tainted: [B]=BAD_PAGE
[  150.480993][ T6257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  150.481009][ T6257] Call Trace:
[  150.481017][ T6257]  <TASK>
[  150.481026][ T6257]  dump_stack_lvl+0x16c/0x1f0
[  150.481067][ T6257]  bad_page+0xb3/0x1f0
[  150.481095][ T6257]  ? __pfx_bad_page+0x10/0x10
[  150.481122][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  150.481168][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  150.481213][ T6257]  ? page_bad_reason+0x9d/0x1e0
[  150.481242][ T6257]  free_frozen_pages+0x701/0xfb0
[  150.481286][ T6257]  page_frag_free+0x255/0x2a0
[  150.481312][ T6257]  __xdp_return+0x363/0xac0
[  150.481353][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  150.481398][ T6257]  ? kmem_cache_free+0x2e2/0x4d0
[  150.481440][ T6257]  bpf_xdp_adjust_tail+0x9de/0xf70
[  150.481494][ T6257]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  150.481522][ T6257]  bpf_prog_run_generic_xdp+0x623/0x1500
[  150.481581][ T6257]  do_xdp_generic+0x70a/0xe70
[  150.481620][ T6257]  ? __pfx_do_xdp_generic+0x10/0x10
[  150.481656][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  150.481707][ T6257]  ? tun_get_user+0x1d55/0x3e50
[  150.481756][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  150.481805][ T6257]  tun_get_user+0x1e04/0x3e50
[  150.481848][ T6257]  ? in_gate_area+0xd0/0x100
[  150.481885][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  150.481931][ T6257]  ? __pfx_tun_get_user+0x10/0x10
[  150.481973][ T6257]  ? find_held_lock+0x2d/0x110
[  150.482006][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  150.482053][ T6257]  ? __pfx_lock_release+0x10/0x10
[  150.482095][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  150.482146][ T6257]  tun_chr_write_iter+0xdc/0x210
[  150.482189][ T6257]  vfs_write+0x5b1/0x1150
[  150.482228][ T6257]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  150.482272][ T6257]  ? __pfx_lock_release+0x10/0x10
[  150.482311][ T6257]  ? __pfx_vfs_write+0x10/0x10
[  150.482351][ T6257]  ? lock_acquire+0x2f/0xb0
[  150.482389][ T6257]  ? __fget_files+0x40/0x3b0
[  150.482438][ T6257]  ksys_write+0x12b/0x250
[  150.482477][ T6257]  ? __pfx_ksys_write+0x10/0x10
[  150.482516][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  150.482566][ T6257]  do_syscall_64+0xcd/0x250
[  150.482609][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.482665][ T6257] RIP: 0033:0x7fe51838bc1f
[  150.482691][ T6257] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  150.482718][ T6257] RSP: 002b:00007fe519231000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  150.482758][ T6257] RAX: ffffffffffffffda RBX: 00007fe5185a5fa0 RCX: 00007fe51838bc1f
[  150.482783][ T6257] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  150.482807][ T6257] RBP: 00007fe51840e2a0 R08: 0000000000000000 R09: 0000000000000000
[  150.482830][ T6257] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  150.482852][ T6257] R13: 0000000000000000 R14: 00007fe5185a5fa0 R15: 00007fff0b8c5c38
[  150.482887][ T6257]  </TASK>
[  150.785931][ T6257] BUG: Bad page state in process syz.1.96  pfn:27ebc
[  150.793428][ T6257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888027ebc640 pfn:0x27ebc
[  150.803958][ T6257] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  150.812717][ T6257] raw: 00fff00000000000 dead000000000040 ffff888021aec000 0000000000000000
[  150.821423][ T6257] raw: ffff888027ebc640 0000000000000001 00000000ffffffff 0000000000000000
[  150.830616][ T6257] page dumped because: page_pool leak
[  150.836459][ T6257] page_owner tracks the page as allocated
[  150.842579][ T6257] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6257, tgid 6254 (syz.1.96), ts 147017239600, free_ts 146993572611
[  150.859839][ T6257]  post_alloc_hook+0x181/0x1b0
[  150.865156][ T6257]  get_page_from_freelist+0xfce/0x2f80
[  150.870893][ T6257]  __alloc_frozen_pages_noprof+0x221/0x2470
[  150.877986][ T6257]  alloc_pages_bulk_noprof+0x6f9/0x1390
[  150.884196][ T6257]  __page_pool_alloc_pages_slow+0x18c/0x770
[  150.890687][ T6257]  page_pool_alloc_netmems+0xc4/0x160
[  150.897153][ T6257]  skb_pp_cow_data+0x776/0xf10
[  150.902810][ T6257]  skb_cow_data_for_xdp+0x88/0xb0
[  150.908749][ T6257]  do_xdp_generic+0x3f1/0xe70
[  150.914830][ T6257]  tun_get_user+0x1e04/0x3e50
[  150.920892][ T6257]  tun_chr_write_iter+0xdc/0x210
[  150.926498][ T6257]  vfs_write+0x5b1/0x1150
[  150.933571][ T6257]  ksys_write+0x12b/0x250
[  150.941135][ T6257]  do_syscall_64+0xcd/0x250
[  150.946940][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.954616][ T6257] page last free pid 15 tgid 15 stack trace:
[  150.963458][ T6257]  free_frozen_pages+0x6db/0xfb0
[  150.969253][ T6257]  tlb_remove_table_rcu+0x116/0x1a0
[  150.975051][ T6257]  rcu_core+0x7a0/0x14d0
[  150.979546][ T6257]  handle_softirqs+0x216/0x8f0
[  150.984946][ T6257]  run_ksoftirqd+0x3a/0x60
[  150.989729][ T6257]  smpboot_thread_fn+0x664/0xa30
[  150.995351][ T6257]  kthread+0x3b2/0x750
[  151.000322][ T6257]  ret_from_fork+0x48/0x80
[  151.005591][ T6257]  ret_from_fork_asm+0x1a/0x30
[  151.010618][ T6257] Modules linked in:
[  151.015060][ T6257] CPU: 0 UID: 0 PID: 6257 Comm: syz.1.96 Tainted: G    B              6.14.0-syzkaller-00685-g3ba7dfb8da62 #0
[  151.015110][ T6257] Tainted: [B]=BAD_PAGE
[  151.015120][ T6257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  151.015135][ T6257] Call Trace:
[  151.015143][ T6257]  <TASK>
[  151.015152][ T6257]  dump_stack_lvl+0x16c/0x1f0
[  151.015193][ T6257]  bad_page+0xb3/0x1f0
[  151.015220][ T6257]  ? __pfx_bad_page+0x10/0x10
[  151.015247][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.015293][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.015339][ T6257]  ? page_bad_reason+0x9d/0x1e0
[  151.015380][ T6257]  free_frozen_pages+0x701/0xfb0
[  151.015435][ T6257]  page_frag_free+0x255/0x2a0
[  151.015462][ T6257]  __xdp_return+0x363/0xac0
[  151.015502][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.015547][ T6257]  ? kmem_cache_free+0x2e2/0x4d0
[  151.015588][ T6257]  bpf_xdp_adjust_tail+0x9de/0xf70
[  151.015641][ T6257]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  151.015663][ T6257]  bpf_prog_run_generic_xdp+0x623/0x1500
[  151.015704][ T6257]  do_xdp_generic+0x70a/0xe70
[  151.015737][ T6257]  ? __pfx_do_xdp_generic+0x10/0x10
[  151.015775][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.015825][ T6257]  ? tun_get_user+0x1d55/0x3e50
[  151.015868][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.015915][ T6257]  tun_get_user+0x1e04/0x3e50
[  151.015958][ T6257]  ? in_gate_area+0xd0/0x100
[  151.015995][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.016045][ T6257]  ? __pfx_tun_get_user+0x10/0x10
[  151.016086][ T6257]  ? find_held_lock+0x2d/0x110
[  151.016116][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.016162][ T6257]  ? __pfx_lock_release+0x10/0x10
[  151.016204][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.016253][ T6257]  tun_chr_write_iter+0xdc/0x210
[  151.016296][ T6257]  vfs_write+0x5b1/0x1150
[  151.016335][ T6257]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  151.016378][ T6257]  ? __pfx_lock_release+0x10/0x10
[  151.016417][ T6257]  ? __pfx_vfs_write+0x10/0x10
[  151.016462][ T6257]  ? lock_acquire+0x2f/0xb0
[  151.016515][ T6257]  ? __fget_files+0x40/0x3b0
[  151.016567][ T6257]  ksys_write+0x12b/0x250
[  151.016605][ T6257]  ? __pfx_ksys_write+0x10/0x10
[  151.016644][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.016693][ T6257]  do_syscall_64+0xcd/0x250
[  151.016734][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.016775][ T6257] RIP: 0033:0x7fe51838bc1f
[  151.016795][ T6257] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  151.016820][ T6257] RSP: 002b:00007fe519231000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  151.016845][ T6257] RAX: ffffffffffffffda RBX: 00007fe5185a5fa0 RCX: 00007fe51838bc1f
[  151.016862][ T6257] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  151.016879][ T6257] RBP: 00007fe51840e2a0 R08: 0000000000000000 R09: 0000000000000000
[  151.016895][ T6257] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  151.016911][ T6257] R13: 0000000000000000 R14: 00007fe5185a5fa0 R15: 00007fff0b8c5c38
[  151.016937][ T6257]  </TASK>
[  151.319729][ T6257] BUG: Bad page state in process syz.1.96  pfn:2927b
[  151.326930][ T6257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802927bdc0 pfn:0x2927b
[  151.338686][ T6257] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  151.346930][ T6257] raw: 00fff00000000000 dead000000000040 ffff888021aec000 0000000000000000
[  151.357180][ T6257] raw: ffff88802927bdc0 0000000000000001 00000000ffffffff 0000000000000000
[  151.366285][ T6257] page dumped because: page_pool leak
[  151.375734][ T6257] page_owner tracks the page as allocated
[  151.382813][ T6257] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6257, tgid 6254 (syz.1.96), ts 147017226591, free_ts 146993592852
[  151.399909][ T6257]  post_alloc_hook+0x181/0x1b0
[  151.405889][ T6257]  get_page_from_freelist+0xfce/0x2f80
[  151.411947][ T6257]  __alloc_frozen_pages_noprof+0x221/0x2470
[  151.418295][ T6257]  alloc_pages_bulk_noprof+0x6f9/0x1390
[  151.424222][ T6257]  __page_pool_alloc_pages_slow+0x18c/0x770
[  151.430971][ T6257]  page_pool_alloc_netmems+0xc4/0x160
[  151.436757][ T6257]  skb_pp_cow_data+0x776/0xf10
[  151.441976][ T6257]  skb_cow_data_for_xdp+0x88/0xb0
[  151.447865][ T6257]  do_xdp_generic+0x3f1/0xe70
[  151.453158][ T6257]  tun_get_user+0x1e04/0x3e50
[  151.458443][ T6257]  tun_chr_write_iter+0xdc/0x210
[  151.465067][ T6257]  vfs_write+0x5b1/0x1150
[  151.469646][ T6257]  ksys_write+0x12b/0x250
[  151.474622][ T6257]  do_syscall_64+0xcd/0x250
[  151.479939][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.486692][ T6257] page last free pid 15 tgid 15 stack trace:
[  151.493413][ T6257]  free_frozen_pages+0x6db/0xfb0
[  151.500061][ T6257]  tlb_remove_table_rcu+0x116/0x1a0
[  151.506729][ T6257]  rcu_core+0x7a0/0x14d0
[  151.511239][ T6257]  handle_softirqs+0x216/0x8f0
[  151.516854][ T6257]  run_ksoftirqd+0x3a/0x60
[  151.521605][ T6257]  smpboot_thread_fn+0x664/0xa30
[  151.527019][ T6257]  kthread+0x3b2/0x750
[  151.531374][ T6257]  ret_from_fork+0x48/0x80
[  151.536275][ T6257]  ret_from_fork_asm+0x1a/0x30
[  151.541904][ T6257] Modules linked in:
[  151.546233][ T6257] CPU: 0 UID: 0 PID: 6257 Comm: syz.1.96 Tainted: G    B              6.14.0-syzkaller-00685-g3ba7dfb8da62 #0
[  151.546286][ T6257] Tainted: [B]=BAD_PAGE
[  151.546298][ T6257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  151.546318][ T6257] Call Trace:
[  151.546325][ T6257]  <TASK>
[  151.546335][ T6257]  dump_stack_lvl+0x16c/0x1f0
[  151.546375][ T6257]  bad_page+0xb3/0x1f0
[  151.546402][ T6257]  ? __pfx_bad_page+0x10/0x10
[  151.546429][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.546475][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.546519][ T6257]  ? page_bad_reason+0x9d/0x1e0
[  151.546548][ T6257]  free_frozen_pages+0x701/0xfb0
[  151.546591][ T6257]  page_frag_free+0x255/0x2a0
[  151.546617][ T6257]  __xdp_return+0x363/0xac0
[  151.546658][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.546711][ T6257]  ? kmem_cache_free+0x2e2/0x4d0
[  151.546849][ T6257]  bpf_xdp_adjust_tail+0x9de/0xf70
[  151.546913][ T6257]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  151.546935][ T6257]  bpf_prog_run_generic_xdp+0x623/0x1500
[  151.546978][ T6257]  do_xdp_generic+0x70a/0xe70
[  151.547012][ T6257]  ? __pfx_do_xdp_generic+0x10/0x10
[  151.547047][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.547102][ T6257]  ? tun_get_user+0x1d55/0x3e50
[  151.547145][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.547192][ T6257]  tun_get_user+0x1e04/0x3e50
[  151.547236][ T6257]  ? in_gate_area+0xd0/0x100
[  151.547272][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.547342][ T6257]  ? __pfx_tun_get_user+0x10/0x10
[  151.547395][ T6257]  ? find_held_lock+0x2d/0x110
[  151.547433][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.547490][ T6257]  ? __pfx_lock_release+0x10/0x10
[  151.547543][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.547605][ T6257]  tun_chr_write_iter+0xdc/0x210
[  151.547649][ T6257]  vfs_write+0x5b1/0x1150
[  151.547688][ T6257]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  151.547740][ T6257]  ? __pfx_lock_release+0x10/0x10
[  151.547778][ T6257]  ? __pfx_vfs_write+0x10/0x10
[  151.547818][ T6257]  ? lock_acquire+0x2f/0xb0
[  151.547854][ T6257]  ? __fget_files+0x40/0x3b0
[  151.547903][ T6257]  ksys_write+0x12b/0x250
[  151.547941][ T6257]  ? __pfx_ksys_write+0x10/0x10
[  151.547981][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  151.548030][ T6257]  do_syscall_64+0xcd/0x250
[  151.548072][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.548111][ T6257] RIP: 0033:0x7fe51838bc1f
[  151.548131][ T6257] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  151.548157][ T6257] RSP: 002b:00007fe519231000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  151.548182][ T6257] RAX: ffffffffffffffda RBX: 00007fe5185a5fa0 RCX: 00007fe51838bc1f
[  151.548199][ T6257] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  151.548216][ T6257] RBP: 00007fe51840e2a0 R08: 0000000000000000 R09: 0000000000000000
[  151.548232][ T6257] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  151.548248][ T6257] R13: 0000000000000000 R14: 00007fe5185a5fa0 R15: 00007fff0b8c5c38
[  151.548274][ T6257]  </TASK>
[  151.851231][ T6257] BUG: Bad page state in process syz.1.96  pfn:7c91e
[  151.858182][ T6257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x7c91e
[  151.871362][ T6257] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  151.882107][ T6257] raw: 00fff00000000000 dead000000000040 ffff888021aec000 0000000000000000
[  151.892254][ T6257] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  151.901383][ T6257] page dumped because: page_pool leak
[  151.907051][ T6257] page_owner tracks the page as allocated
[  151.913530][ T6257] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6257, tgid 6254 (syz.1.96), ts 147017213621, free_ts 146993613532
[  151.930809][ T6257]  post_alloc_hook+0x181/0x1b0
[  151.936409][ T6257]  get_page_from_freelist+0xfce/0x2f80
[  151.942128][ T6257]  __alloc_frozen_pages_noprof+0x221/0x2470
[  151.948818][ T6257]  alloc_pages_bulk_noprof+0x6f9/0x1390
[  151.955739][ T6257]  __page_pool_alloc_pages_slow+0x18c/0x770
[  151.961900][ T6257]  page_pool_alloc_netmems+0xc4/0x160
[  151.967642][ T6257]  skb_pp_cow_data+0x776/0xf10
[  151.972773][ T6257]  skb_cow_data_for_xdp+0x88/0xb0
[  151.978213][ T6257]  do_xdp_generic+0x3f1/0xe70
[  151.984976][ T6257]  tun_get_user+0x1e04/0x3e50
[  151.990298][ T6257]  tun_chr_write_iter+0xdc/0x210
[  151.996149][ T6257]  vfs_write+0x5b1/0x1150
[  152.000649][ T6257]  ksys_write+0x12b/0x250
[  152.005305][ T6257]  do_syscall_64+0xcd/0x250
[  152.010218][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.017624][ T6257] page last free pid 15 tgid 15 stack trace:
[  152.024223][ T6257]  free_frozen_pages+0x6db/0xfb0
[  152.030108][ T6257]  tlb_remove_table_rcu+0x116/0x1a0
[  152.035659][ T6257]  rcu_core+0x7a0/0x14d0
[  152.040368][ T6257]  handle_softirqs+0x216/0x8f0
[  152.045868][ T6257]  run_ksoftirqd+0x3a/0x60
[  152.050800][ T6257]  smpboot_thread_fn+0x664/0xa30
[  152.056268][ T6257]  kthread+0x3b2/0x750
[  152.060783][ T6257]  ret_from_fork+0x48/0x80
[  152.065666][ T6257]  ret_from_fork_asm+0x1a/0x30
[  152.071011][ T6257] Modules linked in:
[  152.076338][ T6257] CPU: 0 UID: 0 PID: 6257 Comm: syz.1.96 Tainted: G    B              6.14.0-syzkaller-00685-g3ba7dfb8da62 #0
[  152.076389][ T6257] Tainted: [B]=BAD_PAGE
[  152.076404][ T6257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  152.076425][ T6257] Call Trace:
[  152.076435][ T6257]  <TASK>
[  152.076447][ T6257]  dump_stack_lvl+0x16c/0x1f0
[  152.076500][ T6257]  bad_page+0xb3/0x1f0
[  152.076540][ T6257]  ? __pfx_bad_page+0x10/0x10
[  152.076575][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.076635][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.076694][ T6257]  ? page_bad_reason+0x9d/0x1e0
[  152.076736][ T6257]  free_frozen_pages+0x701/0xfb0
[  152.076805][ T6257]  page_frag_free+0x255/0x2a0
[  152.076840][ T6257]  __xdp_return+0x363/0xac0
[  152.076897][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.076956][ T6257]  ? kmem_cache_free+0x2e2/0x4d0
[  152.077011][ T6257]  bpf_xdp_adjust_tail+0x9de/0xf70
[  152.077083][ T6257]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  152.077110][ T6257]  bpf_prog_run_generic_xdp+0x623/0x1500
[  152.077165][ T6257]  do_xdp_generic+0x70a/0xe70
[  152.077212][ T6257]  ? __pfx_do_xdp_generic+0x10/0x10
[  152.077259][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.077326][ T6257]  ? tun_get_user+0x1d55/0x3e50
[  152.077385][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.077436][ T6257]  tun_get_user+0x1e04/0x3e50
[  152.077483][ T6257]  ? in_gate_area+0xd0/0x100
[  152.077520][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.077565][ T6257]  ? __pfx_tun_get_user+0x10/0x10
[  152.077606][ T6257]  ? find_held_lock+0x2d/0x110
[  152.077639][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.077686][ T6257]  ? __pfx_lock_release+0x10/0x10
[  152.077727][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.077784][ T6257]  tun_chr_write_iter+0xdc/0x210
[  152.077837][ T6257]  vfs_write+0x5b1/0x1150
[  152.077891][ T6257]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  152.077941][ T6257]  ? __pfx_lock_release+0x10/0x10
[  152.077980][ T6257]  ? __pfx_vfs_write+0x10/0x10
[  152.078021][ T6257]  ? lock_acquire+0x2f/0xb0
[  152.078058][ T6257]  ? __fget_files+0x40/0x3b0
[  152.078112][ T6257]  ksys_write+0x12b/0x250
[  152.078150][ T6257]  ? __pfx_ksys_write+0x10/0x10
[  152.078189][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.078238][ T6257]  do_syscall_64+0xcd/0x250
[  152.078283][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.078322][ T6257] RIP: 0033:0x7fe51838bc1f
[  152.078342][ T6257] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  152.078367][ T6257] RSP: 002b:00007fe519231000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  152.078392][ T6257] RAX: ffffffffffffffda RBX: 00007fe5185a5fa0 RCX: 00007fe51838bc1f
[  152.078409][ T6257] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  152.078426][ T6257] RBP: 00007fe51840e2a0 R08: 0000000000000000 R09: 0000000000000000
[  152.078447][ T6257] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  152.078463][ T6257] R13: 0000000000000000 R14: 00007fe5185a5fa0 R15: 00007fff0b8c5c38
[  152.078488][ T6257]  </TASK>
[  152.381556][ T6257] BUG: Bad page state in process syz.1.96  pfn:12656
[  152.388801][ T6257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888012656d80 pfn:0x12656
[  152.400326][ T6257] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  152.409470][ T6257] raw: 00fff00000000000 dead000000000040 ffff888021aec000 0000000000000000
[  152.418778][ T6257] raw: ffff888012656d80 0000000000000001 00000000ffffffff 0000000000000000
[  152.427787][ T6257] page dumped because: page_pool leak
[  152.433709][ T6257] page_owner tracks the page as allocated
[  152.439601][ T6257] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6257, tgid 6254 (syz.1.96), ts 147017200850, free_ts 146993633701
[  152.457137][ T6257]  post_alloc_hook+0x181/0x1b0
[  152.462180][ T6257]  get_page_from_freelist+0xfce/0x2f80
[  152.468461][ T6257]  __alloc_frozen_pages_noprof+0x221/0x2470
[  152.474923][ T6257]  alloc_pages_bulk_noprof+0x6f9/0x1390
[  152.480913][ T6257]  __page_pool_alloc_pages_slow+0x18c/0x770
[  152.487418][ T6257]  page_pool_alloc_netmems+0xc4/0x160
[  152.493125][ T6257]  skb_pp_cow_data+0x776/0xf10
[  152.501123][ T6257]  skb_cow_data_for_xdp+0x88/0xb0
[  152.506699][ T6257]  do_xdp_generic+0x3f1/0xe70
[  152.514525][ T6257]  tun_get_user+0x1e04/0x3e50
[  152.519664][ T6257]  tun_chr_write_iter+0xdc/0x210
[  152.525272][ T6257]  vfs_write+0x5b1/0x1150
[  152.529980][ T6257]  ksys_write+0x12b/0x250
[  152.534779][ T6257]  do_syscall_64+0xcd/0x250
[  152.539614][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.546009][ T6257] page last free pid 15 tgid 15 stack trace:
[  152.552195][ T6257]  free_frozen_pages+0x6db/0xfb0
[  152.557770][ T6257]  tlb_remove_table_rcu+0x116/0x1a0
[  152.563808][ T6257]  rcu_core+0x7a0/0x14d0
[  152.568267][ T6257]  handle_softirqs+0x216/0x8f0
[  152.573612][ T6257]  run_ksoftirqd+0x3a/0x60
[  152.578521][ T6257]  smpboot_thread_fn+0x664/0xa30
[  152.584818][ T6257]  kthread+0x3b2/0x750
[  152.589077][ T6257]  ret_from_fork+0x48/0x80
[  152.593880][ T6257]  ret_from_fork_asm+0x1a/0x30
[  152.599055][ T6257] Modules linked in:
[  152.603488][ T6257] CPU: 0 UID: 0 PID: 6257 Comm: syz.1.96 Tainted: G    B              6.14.0-syzkaller-00685-g3ba7dfb8da62 #0
[  152.603542][ T6257] Tainted: [B]=BAD_PAGE
[  152.603554][ T6257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  152.603577][ T6257] Call Trace:
[  152.603588][ T6257]  <TASK>
[  152.603600][ T6257]  dump_stack_lvl+0x16c/0x1f0
[  152.603657][ T6257]  bad_page+0xb3/0x1f0
[  152.603697][ T6257]  ? __pfx_bad_page+0x10/0x10
[  152.603736][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.603802][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.603866][ T6257]  ? page_bad_reason+0x9d/0x1e0
[  152.603908][ T6257]  free_frozen_pages+0x701/0xfb0
[  152.603970][ T6257]  page_frag_free+0x255/0x2a0
[  152.604012][ T6257]  __xdp_return+0x363/0xac0
[  152.604068][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.604127][ T6257]  ? kmem_cache_free+0x2e2/0x4d0
[  152.604184][ T6257]  bpf_xdp_adjust_tail+0x9de/0xf70
[  152.604255][ T6257]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  152.604283][ T6257]  bpf_prog_run_generic_xdp+0x623/0x1500
[  152.604338][ T6257]  do_xdp_generic+0x70a/0xe70
[  152.604382][ T6257]  ? __pfx_do_xdp_generic+0x10/0x10
[  152.604428][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.604495][ T6257]  ? tun_get_user+0x1d55/0x3e50
[  152.604552][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.604616][ T6257]  tun_get_user+0x1e04/0x3e50
[  152.604691][ T6257]  ? in_gate_area+0xd0/0x100
[  152.604740][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.604801][ T6257]  ? __pfx_tun_get_user+0x10/0x10
[  152.604855][ T6257]  ? find_held_lock+0x2d/0x110
[  152.604896][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.604958][ T6257]  ? __pfx_lock_release+0x10/0x10
[  152.605020][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.605087][ T6257]  tun_chr_write_iter+0xdc/0x210
[  152.605144][ T6257]  vfs_write+0x5b1/0x1150
[  152.605198][ T6257]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  152.605256][ T6257]  ? __pfx_lock_release+0x10/0x10
[  152.605307][ T6257]  ? __pfx_vfs_write+0x10/0x10
[  152.605360][ T6257]  ? lock_acquire+0x2f/0xb0
[  152.605410][ T6257]  ? __fget_files+0x40/0x3b0
[  152.605475][ T6257]  ksys_write+0x12b/0x250
[  152.605532][ T6257]  ? __pfx_ksys_write+0x10/0x10
[  152.605587][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.605653][ T6257]  do_syscall_64+0xcd/0x250
[  152.605708][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.605760][ T6257] RIP: 0033:0x7fe51838bc1f
[  152.605787][ T6257] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  152.605822][ T6257] RSP: 002b:00007fe519231000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  152.605855][ T6257] RAX: ffffffffffffffda RBX: 00007fe5185a5fa0 RCX: 00007fe51838bc1f
[  152.605878][ T6257] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  152.605901][ T6257] RBP: 00007fe51840e2a0 R08: 0000000000000000 R09: 0000000000000000
[  152.605923][ T6257] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  152.605945][ T6257] R13: 0000000000000000 R14: 00007fe5185a5fa0 R15: 00007fff0b8c5c38
[  152.605979][ T6257]  </TASK>
[  152.606036][ T6257] BUG: Bad page state in process syz.1.96  pfn:3430d
[  152.941106][ T6257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x3430d
[  152.951760][ T6257] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  152.959676][ T6257] raw: 00fff00000000000 dead000000000040 ffff888021aec000 0000000000000000
[  152.968873][ T6257] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  152.978985][ T6257] page dumped because: page_pool leak
[  152.984901][ T6257] page_owner tracks the page as allocated
[  152.990813][ T6257] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6257, tgid 6254 (syz.1.96), ts 147017187271, free_ts 146993653922
[  153.009055][ T6257]  post_alloc_hook+0x181/0x1b0
[  153.014189][ T6257]  get_page_from_freelist+0xfce/0x2f80
[  153.020024][ T6257]  __alloc_frozen_pages_noprof+0x221/0x2470
[  153.026915][ T6257]  alloc_pages_bulk_noprof+0x6f9/0x1390
[  153.033342][ T6257]  __page_pool_alloc_pages_slow+0x18c/0x770
[  153.039496][ T6257]  page_pool_alloc_netmems+0xc4/0x160
[  153.045409][ T6257]  skb_pp_cow_data+0x776/0xf10
[  153.050514][ T6257]  skb_cow_data_for_xdp+0x88/0xb0
[  153.056071][ T6257]  do_xdp_generic+0x3f1/0xe70
[  153.061564][ T6257]  tun_get_user+0x1e04/0x3e50
[  153.066986][ T6257]  tun_chr_write_iter+0xdc/0x210
[  153.072253][ T6257]  vfs_write+0x5b1/0x1150
[  153.077131][ T6257]  ksys_write+0x12b/0x250
[  153.081733][ T6257]  do_syscall_64+0xcd/0x250
[  153.086583][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.092766][ T6257] page last free pid 15 tgid 15 stack trace:
[  153.099396][ T6257]  free_frozen_pages+0x6db/0xfb0
[  153.105238][ T6257]  tlb_remove_table_rcu+0x116/0x1a0
[  153.111381][ T6257]  rcu_core+0x7a0/0x14d0
[  153.116271][ T6257]  handle_softirqs+0x216/0x8f0
[  153.121949][ T6257]  run_ksoftirqd+0x3a/0x60
[  153.127228][ T6257]  smpboot_thread_fn+0x664/0xa30
[  153.132802][ T6257]  kthread+0x3b2/0x750
[  153.138316][ T6257]  ret_from_fork+0x48/0x80
[  153.143254][ T6257]  ret_from_fork_asm+0x1a/0x30
[  153.149110][ T6257] Modules linked in:
[  153.153330][ T6257] CPU: 0 UID: 0 PID: 6257 Comm: syz.1.96 Tainted: G    B              6.14.0-syzkaller-00685-g3ba7dfb8da62 #0
[  153.153380][ T6257] Tainted: [B]=BAD_PAGE
[  153.153392][ T6257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  153.153413][ T6257] Call Trace:
[  153.153424][ T6257]  <TASK>
[  153.153436][ T6257]  dump_stack_lvl+0x16c/0x1f0
[  153.153488][ T6257]  bad_page+0xb3/0x1f0
[  153.153526][ T6257]  ? __pfx_bad_page+0x10/0x10
[  153.153561][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.153622][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.153681][ T6257]  ? page_bad_reason+0x9d/0x1e0
[  153.153719][ T6257]  free_frozen_pages+0x701/0xfb0
[  153.153784][ T6257]  page_frag_free+0x255/0x2a0
[  153.153819][ T6257]  __xdp_return+0x363/0xac0
[  153.153874][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.153932][ T6257]  ? kmem_cache_free+0x2e2/0x4d0
[  153.153988][ T6257]  bpf_xdp_adjust_tail+0x9de/0xf70
[  153.154058][ T6257]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  153.154086][ T6257]  bpf_prog_run_generic_xdp+0x623/0x1500
[  153.154140][ T6257]  do_xdp_generic+0x70a/0xe70
[  153.154184][ T6257]  ? __pfx_do_xdp_generic+0x10/0x10
[  153.154232][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.154299][ T6257]  ? tun_get_user+0x1d55/0x3e50
[  153.154355][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.154418][ T6257]  tun_get_user+0x1e04/0x3e50
[  153.154474][ T6257]  ? in_gate_area+0xd0/0x100
[  153.154523][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.154582][ T6257]  ? __pfx_tun_get_user+0x10/0x10
[  153.154636][ T6257]  ? find_held_lock+0x2d/0x110
[  153.154677][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.154745][ T6257]  ? __pfx_lock_release+0x10/0x10
[  153.154801][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.154866][ T6257]  tun_chr_write_iter+0xdc/0x210
[  153.154928][ T6257]  vfs_write+0x5b1/0x1150
[  153.154979][ T6257]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  153.155037][ T6257]  ? __pfx_lock_release+0x10/0x10
[  153.155088][ T6257]  ? __pfx_vfs_write+0x10/0x10
[  153.155140][ T6257]  ? lock_acquire+0x2f/0xb0
[  153.155189][ T6257]  ? __fget_files+0x40/0x3b0
[  153.155253][ T6257]  ksys_write+0x12b/0x250
[  153.155303][ T6257]  ? __pfx_ksys_write+0x10/0x10
[  153.155354][ T6257]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.155420][ T6257]  do_syscall_64+0xcd/0x250
[  153.155475][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.155527][ T6257] RIP: 0033:0x7fe51838bc1f
[  153.155552][ T6257] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  153.155586][ T6257] RSP: 002b:00007fe519231000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  153.155618][ T6257] RAX: ffffffffffffffda RBX: 00007fe5185a5fa0 RCX: 00007fe51838bc1f
[  153.155641][ T6257] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  153.155664][ T6257] RBP: 00007fe51840e2a0 R08: 0000000000000000 R09: 0000000000000000
[  153.155685][ T6257] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  153.155707][ T6257] R13: 0000000000000000 R14: 00007fe5185a5fa0 R15: 00007fff0b8c5c38
[  153.155748][ T6257]  </TASK>
[  153.943606][ T5833] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.976508][ T2993] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.057023][ T2993] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.128072][ T2993] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.196466][ T2993] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.353087][ T2993] bridge_slave_1: left allmulticast mode
[  154.358766][ T2993] bridge_slave_1: left promiscuous mode
[  154.393245][ T2993] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.401647][ T2993] bridge_slave_0: left allmulticast mode
[  154.412998][ T2993] bridge_slave_0: left promiscuous mode
[  154.433067][ T2993] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.607211][ T2993] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  154.627498][ T2993] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  154.653837][ T2993] bond0 (unregistering): Released all slaves
[  154.872781][ T2993] hsr_slave_0: left promiscuous mode
[  154.882281][ T2993] hsr_slave_1: left promiscuous mode
[  154.893555][ T2993] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  154.932492][ T2993] batman_adv: batadv0: Removing interface: batadv_slave_0
[  154.972847][ T2993] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  154.983032][ T2993] batman_adv: batadv0: Removing interface: batadv_slave_1
[  155.015220][ T2993] veth1_macvtap: left promiscuous mode
[  155.046376][ T2993] veth0_macvtap: left promiscuous mode
[  155.051984][ T2993] veth1_vlan: left promiscuous mode
[  155.078903][ T2993] veth0_vlan: left promiscuous mode
[  155.372064][ T2993] team0 (unregistering): Port device team_slave_1 removed
[  155.390118][ T2993] team0 (unregistering): Port device team_slave_0 removed