last executing test programs: 6.462130252s ago: executing program 1 (id=2533): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0442, 0x11) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f00000000c0)={r2, 0x0, 0x3, 0x5}) ioctl$EXT4_IOC_SETFSUUID(r4, 0x4008662c, &(0x7f0000000180)={0x10, 0x0, "9ec5dcb0eb6fa0232ca1489135432cb0"}) write$tcp_mem(r3, &(0x7f0000000400)={0x19, 0x2d, 0x2, 0x3a, 0x0, 0x2c}, 0x48) mq_notify(r3, 0xffffffffffffffff) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000740)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f00000004c0), 0x208e24b) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYRES8=r4], 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x4000804) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB='L\x00\x00\x00!'], 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r5, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 6.044173469s ago: executing program 1 (id=2535): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001d000100000000000000000007000000", @ANYRES32=r4, @ANYBLOB="000082000a000200aaaaaaaa00000000060005"], 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mount$binder(0x0, 0x0, 0x0, 0x80000, &(0x7f00000003c0)=ANY=[@ANYBLOB]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r6, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x4e26, @broadcast}, 0x10, 0x0}, 0x0) r7 = syz_open_dev$loop(&(0x7f0000000000), 0x2, 0x2000c1) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r9, 0x5423, &(0x7f00000000c0)=0xf) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_bt_hci(r8, 0x400448e2, &(0x7f0000000600)) ioctl$LOOP_SET_FD(r7, 0x4c00, r5) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0xcc, 0xc}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r10 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) lsetxattr$security_ima(&(0x7f0000000480)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x1) r11 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35, 0x0, 0x1}, 0x28) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r10, 0xc018937c, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000eb0626f50000000000080000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x4fa, &(0x7f0000000cc0)=""/4096, 0x40f00, 0x5, '\x00', 0x0, 0x0, r11, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x9}, 0x1, 0x0, 0x0, 0x64, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) 5.193626571s ago: executing program 1 (id=2541): r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000) socket$inet(0x2, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x581, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x4d014}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_VALIDATE={0x8, 0x9, 0xffffffff}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004002}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)) r2 = socket$pppoe(0x18, 0x1, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x6) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) syz_usb_connect$hid(0x2, 0x3f, 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) close(r4) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10}}]}}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x40095505, &(0x7f0000000140)={'syzkaller0\x00', @random="371692e7f7ef"}) ioctl$PPPOEIOCDFWD(r2, 0xb101, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a000000140007800500150000000000080012"], 0x60}}, 0x0) 3.827567466s ago: executing program 0 (id=2547): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000, 0x0, 0xfeffffff}) 3.205754395s ago: executing program 2 (id=2549): socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="020000000400000008000000ffffffff0018"], 0x50) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000001080)={0x0, 0x2b, 0x1, [0x7, 0x40, 0x4, 0x1d, 0x8], [0x81, 0x80, 0xfffffffffffffffc, 0x2, 0x4, 0xfffffffffffffffb, 0x5, 0x7fffffff, 0x1, 0x1, 0x7, 0xf, 0x8000000000000001, 0xa, 0x10000000000e, 0x80, 0xfffffffffffffff8, 0x7faf, 0x938, 0x8, 0x6, 0xfffffffffffff664, 0x3, 0x80000000, 0xfb, 0x3, 0x20000000007, 0x3, 0x5, 0x400000008000008, 0x9, 0x9, 0xc, 0x6, 0xfffd, 0x4, 0xf4, 0xfffffffbfffdfffa, 0x3, 0x800000000000000, 0x5617, 0x1, 0x2, 0x5, 0x2, 0x2, 0x4000006, 0x71, 0x1, 0xfc4, 0x75, 0x40800cb14, 0x3b, 0x80000004, 0x8000000000000001, 0x40000000000756, 0x3, 0x0, 0x1246, 0x3ff, 0x4, 0x642, 0x66, 0x9, 0x1, 0x1, 0x8, 0x401, 0x1, 0x5, 0x9, 0x5, 0xfff, 0xfffffffffffffffe, 0x0, 0x400000000100001, 0xd32d, 0x8, 0x632, 0x7, 0x2, 0x8000000000000000, 0xfffffffffffffff9, 0x1, 0x5, 0x3, 0x7, 0x4, 0xd7, 0x8, 0x3, 0xb, 0x8, 0x8, 0x145, 0x5e9, 0xe51a, 0x40000000053ed, 0x2, 0x80, 0x0, 0x1, 0x402, 0x2, 0x5, 0x8000, 0x4, 0x0, 0xffff, 0x1, 0x19, 0x8, 0x2000000009, 0x4b3, 0x0, 0x34d8, 0xfff2, 0x9, 0xbf7, 0x100000000000b1, 0x8000000000000001]}) r0 = getpid() openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) prlimit64(r0, 0xf, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x3, 0x0, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc22, &(0x7f0000000180)=0x1400200bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b000000000000e2ffffff000080000004000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x10000}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000000040), 0x101, r5}, 0x38) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffff7}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x54b2ac04}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r6, r5}, 0xc) sendmsg$inet(r3, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0xffff, @multicast1}, 0x10, &(0x7f00000014c0)=[{&(0x7f0000000000)="be39", 0xffeb}, {0x0}], 0x2, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}], 0x20}, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r7 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_SET_FORCE_PACK_ID(r7, 0x227b, &(0x7f00000001c0)=0x2001) r8 = fcntl$dupfd(r7, 0x0, r7) readv(r8, &(0x7f0000000080)=[{&(0x7f0000001140)=""/136, 0x3f}], 0x1) r9 = socket$nl_generic(0x10, 0x3, 0x10) dup(r9) 3.2029052s ago: executing program 2 (id=2550): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12011001581c2908570b2885396d0102030109021b00010001000b0904c80201030102030905b5", @ANYRESOCT], 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newtaction={0x64, 0x30, 0x871a15abc695fb3d, 0x0, 0x90000, {}, [{0x50, 0x1, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x5, 0x1ff, 0x5, 0x3acaa292, 0x2}, 0x20}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x24040054}, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000001c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16], 0x68}, 0x1, 0x0, 0x0, 0x4000000}, 0x4814) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @pic={0x3, 0x7, 0xe1, 0x81, 0x9, 0xd9, 0x40, 0x41, 0xfb, 0x5e, 0x9, 0x0, 0x1, 0x40, 0x1, 0x5}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x5, 0x20, 0x3, 0x100000000, 0x106c, 0x100, 0x8000000000000, 0x80000004000080, 0x0, 0x8, 0x0, 0x4, 0x0, 0x8000], 0x1, 0x3c4210}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.953320187s ago: executing program 2 (id=2556): openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) getpid() sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000240)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x40000000000029a, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c) r3 = dup(r2) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x1298c2, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0xa, 0x30, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x3, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x1, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x3c}, 0x2, @in=@empty, 0x3504, 0x4, 0x3, 0x0, 0x0, 0xfffffffe, 0x20000}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) ftruncate(r4, 0x200004) sendfile(r3, r4, 0x0, 0x80001d00c0d1) r6 = socket$inet_tcp(0x2, 0x1, 0x0) openat$comedi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/comedi1\x00', 0x107000, 0x0) setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x4001, 0x3, 0x378, 0x0, 0x700001b, 0x148, 0x0, 0x148, 0x2e0, 0x206, 0x240, 0x2e0, 0x240, 0x7fffffe, 0x0, {[{{@ip={@local, @rand_addr, 0x0, 0x0, 'tunl0\x00', 'bond_slave_1\x00', {0xff}, {}, 0x0, 0x1}, 0x1ea, 0x1e8, 0x220, 0x0, {0x390, 0x8f00}, [@common=@inet=@hashlimit2={{0x150}, {'pim6reg1\x00', {0x5, 0x1ff, 0x1, 0x5, 0x1, 0x100, 0x1, 0x8, 0x20}, {0x8}}}, @common=@inet=@socket2={{0x28}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x1, 0x6275dd3c01ecbf44, 0x2, 0x5, 0x2], 0x4, 0x2}}}]}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r7 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r7, 0x0, 0x8, &(0x7f0000000340)=ANY=[@ANYRES32], 0x1) getsockopt$inet_pktinfo(r7, 0x0, 0x8, &(0x7f00000000c0)={0x0, @local, @local}, &(0x7f0000000140)=0xc) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x2, r8}) socket(0xa, 0x1, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x0, {0x3, 0x2, 0xffffffffffffeffe, 0xffffffffffffffff, 0x0, 0x0, {0x40, 0x8, 0xc, 0xfffc, 0x0, 0x3, 0x0, 0x0, 0x121, 0x2000, 0x0, 0x0, 0x0, 0x501, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) 1.946972156s ago: executing program 3 (id=2557): r0 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0xff76, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x27, 0x2c, 0x3fc, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0) sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 1.782983319s ago: executing program 4 (id=2558): r0 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000001800)={'#! ', './file0', [{0x20, 'm\xf6\\O\xfb\x05\xe3>#Y@x\xb4f\xfeD<\x97!\xddd\x10\x03\xd0Mt\v\xca\x9f\x9d\x0eJ\x00_\xd0\xef'}, {}, {0x20, 'cgr/up\xe7i\r\xb1t\x00'}, {0x20, '/!'}, {0x20, '*@\xb1'}, {0x20, 'syz2 '}, {0x20, 'cgroup.stat\x00'}]}, 0x58) write$UHID_INPUT(r1, &(0x7f00000007c0)={0x8, {"dc5d3b0169633d3eba3eabbc09167be55101d4af4b22a373236464d2dbfaa84399b77bd438a54364a7ebc5bdaab4f9decb7c044318cd59a0af8279bcab35dd7daf7a0ceb381df2c32eff45b13e2c8f40e1895355bf6f165200cb1ca41a155730ee2e9f83183f9fafe029d0401b0770618254a8b2dc87b630072b1e2de160d1afed51b74c14b71ec1b226a324482d14ad586b1a4ce80e458fe45244c01eddeddf3564af838d6d5324f8a77023d6eb7aa14397a0e1413ea1c3dfdf0e3a35b709e627f36fe403ee3117365be5017682f53595f28543062c740a94a794312f5cebc315044b8ea000a5d0f27812ab0ce149d11e6f6f7620c5f3e250bf67d13a1ca39dbb7b8b5a31e3d7ba7ebe5849a7a09b61fc9f2cfc54b89e9cd0105bca49483ce55e0187ce2ad692a18219d881057c04df913a658fccbf4def6aad750ca4796b74d322c67e9d4ee6a530a22dcc35db850b424d6ec9f62495b9f92b000feadd57d26dbd505798c208d91eb0aab0fd97537631b8bf81ce0e2241c4272be4ff69b390e4485d574146b76d1fdbf7fc5334906805534cdae1e47240af7761a18fc8bd0a694be47529da98bc0f98eb7db3fc4a74cbb6e486f4de90fbf2452e72c2e1dca44543ad9ad094b8bc861eef1e814662d0b350339e3a510d459c6f83aabd5fd3dcb38224056d761e7df9b482b9905f1e2135c1929be328ecdb69c007a3efd548502c83106f6df1ab1178fac499eda92ad4373155227ec2df150c919d322ecb3ea37e659285f18a3e2f79b59900ca438df3a1381380a12d3ad7678e0a8d3bdfb40651389b4ac8c66138d442d70eafdc2df8b080028006b17941c4c4fbfac18c8b74e5859b6c243824903d056d800975675bb1913142adbc039a9c68c2f146a0e8903447313f5e5549905f397a9b1f21a93b80c4d04a8ea7a29a50fbc5407a9305bba420edf898ea678d6879489c39692c99bb6dacf61f5f97637b94c1031d635b5423b38b9196fafaaf87b2796eadc21466af5a10281e6a808748969d29efb444c99a4cb2111732a792dbca4376a125a68f7cdac065cc6173dc21caafba48c742d9a7df2f771ff2f5725b22c247d4e0c6106f9f5f6929b69929ab37e9a9b326ce618bb702b883b12026f1300f21f2c7440cac8c5f1210a78aa067211d2827f5dcc7578252c2ccc3f67bab9d1bb6939b21b550788ef550acfed4bf50c0b4fb3ca4d2872ee64f95d611a317d9daaf373a10d868680b2226396c95fa2b0ab4d6fce06c3b42cb97d17a7b5089061537fdeb1a53040869f7befca330358fdba86754fc2e46c2113e1484cb37534af8f0408a7ee313778dab49f08229964298f847ea66c4ec319f64b6a12da585bc59e82e0263c507b397d3efee3b4066f4d25566aa1549f6185f6375f84b65fa8945148b90430c86a5b6fdf58d5c812b98d9dc621fd9a3d9f1a577495356516d1cbcf5e8bb8923b54b247225b9c3892b18a9e137f3620c73405baf9dc8f1ea36f0d4592d5ee32e35676a84dc891f97456f2ac3a4ab58a42bcdc221a4ac8bb28d428add2fcbe5b110a8afd5d23b31e827bd16167b2d88cae024afc04a722ac0b4d45c52512e6b6f102aac4be21bc89ce246539048370553665b0a4336a6db99d0d19399be6437bf21419304331b4342b2c1db580f0c9bf681fdb8e9fa3e025454197bbc82ef93ee2f385660818ec5127080675a8013766469afe3b1e36e81bf2f04c3a26eaf4517551e734d21ba3bc90e48aea0891792970c39f3f528397e9b7ae190f1760fe5960dc763ee0a17939c60bfcac0a8914be82c749e4fe85d1ac5fa733413468fb8941085e8c4d6e0b6d1e62e20da58440facd640ddbb6c1f694b3ca48757a34c5a11668368711a1d4f3a81d31ac30d71277d7ae77882b6841cfa6289e6cce84a3ad57eeb328f831888ac7d3cfcd3a472a48d903f20cec8c8ae8d0bea04ebf7413ef7693f8ed876e49bd5f89d7e1078208ff62712e330fc0341b9ccf26845578d44b1e0c66d1bebc14742baedfabb8e9a2c8f42730360c72997efe0ce786ff330c2eb6e0ff20896f813c2a515ce76f826c11a1c1588eb369231ddeb4a2f9f9591ecdecc74d20aeb50047beb3ab89a9e4e1b805a20b645c79d0bc5d0247fab8ba46a97a07630b1f1cb69b42b568af746063d2c581f057873d64fe6e659b00b4a26745f5fba1fe7406a86b007936c7cfdac53a4c5b0ea9f6604863c8e3f174eddbb09175f6e13cda9a860cf400ef9ed02b895502ac6e6de6a658249c3c6e8a653517eae2231e56e0f120547923c6549ebc1ed14c623637ce3d96af5c93a32e58e2d9659d8b5b145888b52d9a5b5cb3cdf594eb137bcef2ba068cfd2c6ccf7ab6e5b4ec55e9197bfb91c9b8729f7b50cf0b0326f7ea3e712c77674d48545ca2a86744c3c38f149d69cf811beacf7e5f49c7b0e000f1dcf3d7bc0b9c796016820a46495d244c9606a06fe2e14233eda78d69ae4523ad7b708b0c7ead44d7fd376fed60e3cc2ee25e9600adfbe87ac7c8fb8269aec9459602af0f420becda6120ce7d9626c65ae7f860639e8bf664eb4301ec18add0e436c0356c12ab6b4ca35da2b43c4a8c239fd0b59a2ce94843cdfa1667053165053633b062844dbb0d00070fde74fa3178eb5f1f5fd02e2088d8690379f39ab22c080cdcb29d700bac74fabd8a356fe99afe83a5d99aa5024e9158a299eda6c99b6701e64f1d68e7e2c0c6e88396bb535a02d0948f0a250a6e090041c96d9c9acd6134d44d516fd1010c39e572b86b05bb1326a2a4f23f11181186f9c2a01dc7b58c0129f4b851ca9b1e3dc35db7364e29ef646211796b1651511e041345abce427fa5d6e48b8fb078c8432061a4cc518a8f2a2caf709a5c1473a62112a6650afc64eec12f8f9c08cff1b6fbf7a1209fc8661f62303b7c5d49c1d0b32a9f37e81ed9ab6193816d40995ed49c10b9f5752e04d57535a3d16f06c65d32846c31ec9787ec4a965679eb804e86b45d007f38d8104550770dc6f313bc846e43a14a8c21d0628c744e3e83cb998d1b7acfe996541a8c03852dadf9326444c582b481cae844e4f3fe3d638903b38f24633b63adbad841ac6c4c5169d781a0e271e8a967b1c7e986fcb3a66168e86e3559a44fcfa92452260491da9397659af60453f4cd4be2d15439445ec2b4366a79d3283da912d9d499df1242bd174edc235848caa21d2c997aff0e95c7e5cc0803c90fab84e7be7b37909d0e2f3bc9974e3388acb6800baba183ecc8eea8c71c0d65d669e41f99ceae523b7a6b772f3b8ebba1d2127ccc3ddb7ddcb4ec73cbdc26fc87c3848e258a0b5484d3a13e40ec4e4a65dd92f09e9fe1e3e2f8b96c4e363aa3683860dee62dfcf8823ee4a3593a092e0bd9c4cedacf44a272faa164447b01f46a7795642a40c61b0034a37f0e9b792428a0ddcd144fe8263088eaac8016f8f1cd30b55ac90a8f10d785b7570dd9e639a4a068d3fe98a420b9f72e79de817f676c2a224300d749571ad43f59d1fbe838f4566bc7b5f104c384ad87189213152b644d9fcbdf98bafeee569d640ce9045779f1d90024c023a7480a358dee276fba139c14b4fdb12885240903d0e61dc161659a68f62c92b899007e0f2b65bf0a069e9e57c9b6ae50a3b30dd1003fb0eead73ae2f6010b3b356b4060579a4f29935e1f00c01d12e5f44e8e3163d81dfef7ca8560604240c7e96e4454c6971614df306c768121abb3f628e3f1d2d00bf58d1087334c5bdb74d7c949b0ee66a4531ba4e9b922aee3d0f802ed034734507a5913c52966f1f8bd4577840de0253aabc23299dced2a299859c07af9fb0f9c29b6533b9d84d471390d59ab315f5ddb226f6b8dd7889295f0fb1f7bd1adafe4cc520a1e84bf2a59d5b9795aeafc8d6fd66a8228aba8653b98622617ddfeb5d6795c9bd2f35d4a0c386e862675a50e3314c3fbb17aca151c13c7fc8b1d1b72ed0a958537b5ddc9e74bddc2b9571ec3f2b7775b125338d4852a75a60000564c65bb36dfb6bea4aab1ae7a4f285c2177aa98406eb2cc10934aa92d5a9612d4455c84ad200841d289b5c2d5deab0d8e2459598ef183d3dc47f6bad0b9513710600cfa4d69fcd5763cdcc4f2c2b7cd7d4491fd52f4aec82ce846c0988f6f0123e21e900d39c61085e68c9badc350b44004f6c042d64b0d0cbf91ad0592b198f1eeea1e52200bc8e6d62848d6884b10bdde72466039da488be6b340c23148f666f2fe6e032c07dac43586df182aca9116f4600313fa8375c76337ba86bdc391dae6450218f58f047ced64befc6bb5c2a60024669630a6279fedf2fe45e7e19ce582ad96ae0d023eb9b39f5f1e666e73bb038ae38157275be5eb3e7cbc8b05adf53e817646bdc2cfce98e5d162bf7faaca787db8717ab8b27b9e35609c5fb9de9def07f010df8b43cf5c96851eadfdeff0b7bc5826e7e15490ae9c3d14166ee81bef007070e7981235a673804ad89943ee6b51ac63364f7870e121e6ff23a0c7d179527cd58dd7a4ca37247c2bd9efc79b720bb1ee2d39862e98cb81e93cf5b48d5d02ee8ac737ab504c867a1c49e678300803c94fbe978dea918a1e71b9791ee1e4d30056e86c26a4675a8b090be2365c0b451a13ece52a89a7057fe2052e11c6666eb916d823ea66bf217c320acba3b714910734b2c77c2fa586bd7f7664b0d1422adabad2ce2afc10270057f11940fac1a51d023ce48bd04ea39b7f99381b239fd0ddeea0dce7863ec1f8f61775013b6414ecf86e686a340a3148f87a9d7d60a1f2da53436d16fc88d6a4e7c3d55e0dd004cbecc15a5558eb705d82aacb1862ddc251dd5d9cbf1d78f97900ce6e8dab0ea678cb823bd1e7bbd1e927841af08f5427878c19f4f322228f9b36287fc13e7c1293ea875ae73815e052d6c2ebc40df8f7b9d1f76e0b10e35aa160944983d8e6b790df0d9b13f3460657336d81f7d83c0350324b930ec9c7557ce12887f76372e126f504b0980fea27f31a780c05187b9b5353dafc6b101543b24332b96e15bc26b19062e52fa9f86d260ee3a3bc92a133e328407bb85357ee5c45cb87228f0000000000000006b050e9319fe88033f830a8490917a9c0572ebbc549000000000000000015a34abef947b5b9a950e780662de18873e55899c92db3ad00437e8407890afa6b0c04ef861b8bc85fbbe1bb67b3d9ef001409f84b8ec4f01d861cecc143a805b981ab5cf5b605057b63cb2c84ec358e510a69cd8c33a8a62fe4680d0c980145cc709157832bfaef261cb00800000000000000ce9affffd4b1dc7cc9511da0b34bffb9ac216fb8cf7c6572d95627787720d1ba67c6512fcdb16f6329e9668681c404efebad559f81f05971b5efb6b4cca97ad0346753cc0a40a877242d8a808c602b03dc962cee38e646cb18abb079c70d357c30738a70f55cd3c5956a83a1bfcd6649dd765f16bfe968066345df7380bbc0c16b3b5af513d6458c791343952f33a051c5d711c1f35af1b47f3db9bbfb5c040000002b52805d606479879be0b404a28ade5649a3185e0f85a85fc15cd824671c2befdd0da509597c87d869f0bd7ad163ad93ca28fc0c4025eccaafe385ec3fc06c54ebcd7b07b6c7e0197c5b9ef886159a1585ae45248f865be760db6f5bc8f868fc6aefd04e34ecb51159e4cdcc2214b42b1ca9caec13ba3e1b2e7a3c736977b226213d265c2873195122a9b448088c8b50edd549be41c38ab176807b75e7267f86e400", 0x1000}}, 0x1006) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000480)={r1, 0x0, {0x2a00, 0x80010000, 0x500000000000000, 0x2, 0x10000000000, 0x0, 0x0, 0x6, 0x1c, "fee8a2ab78fc5e3e06e00d96072081000000000000002000e60080b8785d96636189e471464934000000000f688e279d23fb800000008000", "2809e8dbe108598948224ad54afac11d87ffffbdb22d0000b420a1a03c5240f45f0f0001177d3d458dd4912861ac000000000000000000eaffa13600008000", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x200000000]}}) 1.753808326s ago: executing program 1 (id=2559): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x4001, 0x3, 0x378, 0x0, 0x700001b, 0x148, 0x0, 0x148, 0x2e0, 0x206, 0x240, 0x2e0, 0x240, 0x7fffffe, 0x0, {[{{@ip={@local, @rand_addr, 0x0, 0x0, 'tunl0\x00', 'bond_slave_1\x00', {0xff}, {}, 0x0, 0x1}, 0x1ea, 0x1e8, 0x208, 0x0, {0x390, 0x8f00}, [@common=@inet=@hashlimit2={{0x150}, {'pim6reg1\x00', {0x100000, 0x1ff, 0x1, 0x5, 0x1, 0x100, 0x1, 0x8, 0x20}, {0x8}}}, @common=@inet=@socket2={{0x28}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x1, 0x6275dd3c01ecbf44, 0x2, 0x5, 0x2], 0x4, 0x2}}}]}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) 1.703297726s ago: executing program 3 (id=2560): openat$uinput(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r1 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000000000002) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r5, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc) r6 = syz_open_procfs(0x0, &(0x7f0000000180)='net/mcfilter\x00') pread64(r6, &(0x7f00000000c0)=""/144, 0x90, 0x5e) truncate(&(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00', 0x6) ioctl$FS_IOC_GETFSUUID(r6, 0x80111500, &(0x7f00000001c0)) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002cbd702000dcdf251a000000"], 0x14}, 0x1, 0x0, 0x0, 0x4008145}, 0x8000) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r8, 0x6, 0x4, &(0x7f0000000080)=0x6, 0x4) getsockopt$inet_mptcp_buf(r8, 0x6, 0x4, 0xfffffffffffffffd, &(0x7f0000000000)) 1.703138539s ago: executing program 0 (id=2561): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r0, 0x8924, &(0x7f0000000000)={'wlan1\x00', @ifru_flags=0x1}) pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="48000000000101020000000000000000000000043400198008000200000000000800010001000000080001006400000008000200c0000000080002000002000008000100150a00001ee031cec705fd946357f6561ecc317bed7ebbfa58d459a7c5c8a0dcb0572ce3b0a9bc24e7ed0c8af0f551b278e5464045724ad8f0dea41abf"], 0x48}, 0x1, 0x0, 0x0, 0x4000940}, 0x4044000) 1.583933228s ago: executing program 0 (id=2562): r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x3, &(0x7f0000000000)='source', &(0x7f0000000100)='[\x8b\xa4[\x13\x9b\x00w#\x9b\x94\xb6@\x874L\xf5U\xd7\xcb+3,\x999\xa9\":|\x98\xc5\x93\xba\x8d\xff\x14\x8ag+\xcd\xb1\x96d&\x8dn\x00\xdb\xd2\r!A\x1dZ\x16\xa3\x84\xa1\f\\%$\xd3\x9f\xf4a\xdb\x10\xd1&\x83\xba\x9d\x91\xf7\x92\xfb}\x91\x8d\xbav5{\xe4M;\xa2:\xe0\xfc\xa2G\xd3bBM\xe3i\xfc\x01\xc2\xa1|\x90\xd5\x8d;U\xe2', 0xffffff9c) 1.57197589s ago: executing program 4 (id=2563): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28, 0x4}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x70, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff3, 0xc}, {}, {0xa, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x40, 0x2, [@TCA_CGROUP_EMATCHES={0x3c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0xe38, 0x9, 0x2, 0xf0}, [@TCA_EM_IPT_HOOK={0x8}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0xa}, @TCA_EM_IPT_MATCH_DATA={0x4}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x40010) 1.514793745s ago: executing program 1 (id=2564): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e23, 0xa, @empty, 0x9}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000480)=[{{&(0x7f0000000040)={0xa, 0x4e23, 0xb, @loopback, 0x1}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000140)='2', 0x1}], 0x1}}], 0x1, 0x8000) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r1, &(0x7f0000000680)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0xab, @loopback, 0x8}, 0x1c, &(0x7f0000000780)=[{&(0x7f0000000900)='2', 0x1}], 0x1, 0x0, 0xa00}}], 0x1, 0x20000014) shutdown(r1, 0x1) 1.419406106s ago: executing program 0 (id=2565): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000180)=ANY=[], 0x8) syz_usb_connect(0x2, 0x36, 0x0, 0x0) clock_gettime(0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x2, &(0x7f00000000c0)=[{0x2006, 0x0, 0x0, 0x7ffc0002}, {0x514c, 0xe3, 0xed, 0x3}]}) personality(0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) r1 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000) ioctl$COMEDI_INSN(r1, 0x8028640c, &(0x7f0000000000)={0x4000000, 0xf, &(0x7f0000000080)=[0x3, 0xfff, 0xc, 0xb, 0x660, 0xfffffff9, 0xe0, 0xfffffff7, 0x9, 0xf5, 0xffffffff, 0x2, 0x0, 0x4, 0x6], 0x0, 0x4}) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004780)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000480)=""/11, 0xb}], 0x1, &(0x7f0000000140)=""/2, 0x2}, 0x6}, {{&(0x7f0000000200)=@hci, 0x80, &(0x7f0000000580)=[{&(0x7f0000000640)=""/4096, 0x1000}, {&(0x7f0000000280)=""/227, 0xe3}, {&(0x7f0000000380)=""/244, 0xf4}, {&(0x7f0000004940)=""/80, 0x50}, {&(0x7f0000001640)=""/208, 0xd0}, {&(0x7f0000001740)=""/158, 0x9e}], 0x6, &(0x7f0000000480)}, 0x1}, {{&(0x7f0000001800)=@x25={0x9, @remote}, 0x80, &(0x7f0000001a00)=[{&(0x7f0000001bc0)=""/187, 0xbb}, {&(0x7f0000001940)=""/78, 0x4e}, {&(0x7f00000019c0)=""/17, 0x11}], 0x3}, 0x6}, {{0x0, 0x0, &(0x7f0000001cc0)=[{&(0x7f0000002e00)=""/71, 0x47}, {&(0x7f0000001880)=""/69, 0x45}, {&(0x7f0000001b40)=""/63, 0x84}, {&(0x7f0000001b80)=""/55, 0x37}, {&(0x7f00000049c0)=""/222, 0xde}], 0x5, &(0x7f0000001d40)=""/4096, 0x1000}, 0x6}, {{&(0x7f0000002d40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x80, &(0x7f0000002e80)=[{&(0x7f0000002dc0)=""/36, 0x24}, {&(0x7f0000000500)=""/115, 0x73}], 0x2}, 0x3}, {{&(0x7f0000002ec0)=@nfc_llcp, 0x80, &(0x7f00000044c0)=[{&(0x7f0000002f40)=""/192, 0xc0}, {&(0x7f0000003000)=""/235, 0xe2}, {&(0x7f0000003100)=""/213, 0xd5}, {&(0x7f0000003200)=""/140, 0x8c}, {&(0x7f00000032c0)=""/197, 0xc5}, {&(0x7f00000033c0)=""/59, 0x3b}, {&(0x7f0000003400)=""/4096, 0x1000}, {&(0x7f0000004400)=""/184, 0xb8}], 0x8}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001a40)=""/145, 0x91}, {&(0x7f0000004600)=""/115, 0x73}, {&(0x7f0000004680)=""/105, 0x69}], 0x3, &(0x7f0000004740)}, 0x1}], 0x7, 0x141, 0x0) msgrcv(0x0, 0x0, 0x0, 0x2, 0x6000) connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r2 = syz_usb_connect(0x2, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="120100001d9167204f17316a3f26010203010902120001000000000904"], 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) syz_usb_control_io$lan78xx(r2, 0x0, 0x0) syz_usb_control_io$rtl8150(r2, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f0000000000)=[{{0x0, 0xff91, &(0x7f0000000100)=[{&(0x7f0000000040)="8233", 0x2}], 0x1}}], 0x1, 0x4400c800) sendto$inet6(r0, &(0x7f0000000300), 0x16, 0x3b60, 0x0, 0xfffffffffffffdfd) 1.134591507s ago: executing program 4 (id=2566): r0 = socket$tipc(0x1e, 0x5, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, 0x0, 0x7, 0xffffffffffffffff, 0x0) bind$tipc(r0, &(0x7f0000000200)=@name={0x1e, 0x2, 0x1, {{0x0, 0x2}, 0x4}}, 0x10) 674.983994ms ago: executing program 3 (id=2567): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r0, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000000)=0x5, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x1d, 0x4, &(0x7f0000000080)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xae}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x87, &(0x7f0000000480)=""/135}, 0x21) 631.43425ms ago: executing program 1 (id=2568): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000) mount(0x0, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x2208004, 0x0) mkdirat(0xffffffffffffffff, 0x0, 0x108) socket(0x84000000002a, 0x1, 0xff) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000050000000000000001000004080000000000000003000000100000000000000000000002000000000300000000000004040000000000002e"], 0x0, 0x4d}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x0, 0x400000, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r2, 0x0, 0x1, 0x0, 0x2}, 0x50) 607.007253ms ago: executing program 4 (id=2569): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x8) getsockopt$sock_buf(r0, 0x1, 0x3d, 0x0, &(0x7f0000000040)) 547.424634ms ago: executing program 3 (id=2570): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c0000001000ff0400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c00028005001d00000000000500010004000000050015"], 0x4c}}, 0x0) 451.53844ms ago: executing program 4 (id=2571): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) shutdown(r0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000340), r0) 407.429828ms ago: executing program 2 (id=2572): mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'wp384-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x8d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 404.002027ms ago: executing program 3 (id=2573): r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x2100) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000040)={0x10000000, 0x3ff, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000300)={&(0x7f00000001c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000200)={r1, r2, r3, 0x0, 0x80000003, 0x80000003, 0x7, 0x0, 0x7, 0x8, 0x60be988f, 0x400001f}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40) socket(0x2, 0xa, 0x300) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r5, &(0x7f0000847fff)='X', 0x1, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x2b233bbb, @loopback}, 0x1c) 331.412075ms ago: executing program 4 (id=2574): bpf$TOKEN_CREATE(0x24, &(0x7f0000000440), 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x10, 0x0, 0x0, &(0x7f0000000380)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc4a}, 0x94) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb80393884d01a507, 0x4008032, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x801) r3 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fffffffffffffe1, 0x161041) ioctl$VIDIOC_SUBDEV_S_FMT(r3, 0xc0585605, &(0x7f0000000080)={0x1, 0x0, {0x0, 0x0, 0x1004, 0x0, 0xa, 0x4}}) ioctl$OCFS2_IOC_REFLINK(r0, 0x40186f04, &(0x7f0000000140)={&(0x7f0000000080)='#! ', 0x0, 0xde}) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000180)={&(0x7f0000c7a000/0x2000)=nil, &(0x7f0000dad000/0x2000)=nil, 0x2000, 0x3}) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) socket$inet_udplite(0x2, 0x2, 0x88) write$binfmt_script(r1, &(0x7f0000000200), 0xfffffd9d) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x2}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f0000000240)={r5, @in={{0x2, 0x4e24, @local}}, 0xf, 0xa2}, &(0x7f0000000300)=0x90) syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12011001173a6140f41515006ed10102030109022400013600a0000904"], 0x0) 326.77058ms ago: executing program 0 (id=2575): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x2) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300), 0x106, 0x3}}, 0x2c) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x7, &(0x7f0000000080)={0xffffffffffffffff}, 0x106, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0xffffffff, @empty, 0xa09b}, {0xa, 0x4e21, 0x8000009, @mcast1, 0x4}, r2, 0x4040099d}}, 0x48) close_range(r0, 0xffffffffffffffff, 0x0) 283.690883ms ago: executing program 3 (id=2576): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, &(0x7f0000002380)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0a00fe1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b4090a79507df79f298129da487130d5f24b46001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad379e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4b9535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024a0041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4fdc4b4861004eefbc17f54f82a804d4a69bf9bc5fa77ee293fbd165a5a68488a010030166565a097b103b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f940b6f0e8c7db4bf23242a18159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c2d7962b0d22772c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac2bba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f407000000000000006d294d366501753a7ac7fedb8d34f5bc381604fcd46105c457e7dd13cab669ab377e4c2422a47e9ffe2d4a2d32f7528751313694bf57704400b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670100be05e7de0940313c5870786554df26236ebced9390cb6940b8375d936a7d2120eca291963eb2d537d8ee4de5c183c160119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d30902208d300e4d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000001c8000000000000003a48cea769470424d28804c024ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee934c679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c031578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6155e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bcdb7c89739f5d81e750d50517a59a3ad09e8802e8f4f000000000facd5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f296115d4a31838eeb20c20bb82aa31771cd379ec83554cea5b473332f2011e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755367fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc05000000000000006c25b96174327d82761c26e329555f9290af4100000000000000749e1338636555009edf66be445d6975d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab0043ebf7c79a953e023f74afad591821610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c1960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000000000027c9a4619a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd5c17d5486b0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dff7aa46e820a74f9530bdcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fdca4e9eda0072f6df342f3e7071e28ef6806b90cc39c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d3133319e069f9648a2ff93060ff073b3a113e47e447c030931651dd315003b7a6a47c912853826c4c65433a2bb560ae99ec4b227eda2e63a1cb1a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7194d1eb3de6a5f99f301f89c2ee627e949cdd22000026a9960503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640000cd9e5f2e236ef5f1e3a94b108eb9750b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a2050000c375c705c798e0e208e4a5259d0bda526b462af45a6e9a84aebe025c8a7f65819f397574db7ab01bd2b3e3cd28c5aec90f8edfe39a00bafd688a7eea04efdeed96f67012bc3f795edb68b5dec80ad31a858eb756c815e7695d00000000000000000000000000000000000000000000000000007ccf0ce549d97510f7f8765408bb702f0000006d4754c68b7064cf31a681421994e1f307f0ab4ff2e33d3c88fea5d218a276b77adfee7c8fb145783ee1f8adbd2c2604eab3a62a28611da1dae5ce60003111ce5c96a1d6e45ee144ffa3dcca32a33f8f0ce2995b7b7aa0bce228cbf37412cbbdebae06edb51a134301d2627d4927287daf9dcae6720334862d3a18094f1edd9e350337cbb804004d1755cfe7d7fa01872fb99815dcfbbc8141f6e1bbb0901ae91357677fd9d2bb00d4f17fb441c2dfa2b424bf46ae299d68ac27792cdac2b63a6038ab5546ba1e5ad6a329f2c627100e0442f865fc6c179ad3edcb6b000000000000000b0000000000000000ac192d48d76e2a8cae83ae850f73fdfbaca81b6b7b1a0d7b517f41fbd46aa24b0f4b8e0202e3a580947f1925ba4de097e8dcb6bd7f686322b45d4a544ca1e83b592d4a6d46d0a0dc39634550bc77d4cabba01b283082e66778de7c61a1a36838d36c2f8e58cef603770ee3d6a9625be0bc21d2be2da69ac9e9c5e88278d39239501b465102ad16d651ea8bb8cee35527c1ad42ac6a565e449929ccb4469bdd6824b64e13579b7188566e735200000000000000000094e05bcda1e96e4c33ccf6d74046e45bafe9d512c43a3e485dedad9a38b34f7fcd00fafcc25dc36716f0e21e0632425b7a1c1a6bc15c3fc07d914c88103411d8d2b77b72a796fd3aaa7ea493c7bc43e63b2b0d05ad5682121682096b224933fa20255d58a680cc2ec200"/3002], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x39) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r0, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1aab}, 0x50) syz_usb_connect(0x5, 0x36, 0x0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) syz_usb_connect$cdc_ecm(0x4, 0x56, &(0x7f0000000140)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0xd, 0xe8, 0x1, "", [{{0x9, 0x4, 0x0, 0x3, 0x3, 0x2, 0x6, 0x0, 0x5, {{0x7, 0x24, 0x6, 0x0, 0x0, "ea65"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0xffffffc9, 0xa, 0x5, 0x8}, [@dmm={0x7, 0x24, 0x14, 0xe, 0x81}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0x0, 0xff, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x2, 0x1, 0xe9}}}}}]}}]}}, &(0x7f00000004c0)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x310, 0x80, 0x8, 0xf, 0x40, 0x4}, 0x1be, &(0x7f0000000280)={0x5, 0xf, 0x1be, 0x6, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x1, 0x0, 0xd96}, @generic={0xf2, 0x10, 0x2, "12361199b9d7e9333e0711398834a682a827546a23197c6c50925c13c7d206d913b76814de33718f472625ed44220a6bd30536cde3c4be3f59af696559b58ccb1a64ab00b23734c248fd31a45f236b3245f92a81ca1e990ae81b89cc206bfc444057d883e3219f8ce034c58ef2a83decb8994fcaa3e2bdadd1ef31fbe809f33c05ffcdf7c62928d41f300a9d0067dfce39a6e299a438e142334be995cba97fcb834212313f9144dbe894086d6b4e4815e3e07271635e9aed084b531332dccf8f3411ebeebd9b927c7f0b54ba7ce172252cafc1dfdb477f5a7f5d26ca67ddd0f658ae62907adfcfb3e29d846ed30074"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0xb5, 0xd, 0xd8cb}, @ptm_cap={0x3}, @generic={0xa6, 0x10, 0x1, "58eb42d7e1debb5459a54954e37bee3a83b970b0fe48618742a22c8ea8ccf5d07459a6a38cc9643fdf9b09c387c34f07b2b446b7493da91a71800b97e7959cec71cf12f1bb1253c1fbcbb625140069441c02906f7d6a8cbf9b3ac507bee3b37a535651be86ca8fe36b63e8c931d795833232a7a0253fce02969ce27198891b307f1b70bb4d959b2e43cc279530606709386131607fe983ed5ddcdc44e624638eff39a8"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x6, 0x3, 0xa}]}, 0x1, [{0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x416}}]}) ioctl$VIDIOC_ENUM_FREQ_BANDS(r1, 0xc0405665, &(0x7f0000000040)={0x1, 0x5, 0x0, 0x20, 0x0, 0xfffffffe, 0xa}) 223.176468ms ago: executing program 0 (id=2577): r0 = socket(0x80000000000000a, 0x2, 0x0) socket$inet6(0xa, 0x1, 0x8010000000000084) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00') writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='1', 0x1}], 0x1) read$qrtrtun(r3, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, 0x0, &(0x7f00000000c0)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000008004500004400000000002190337bf58400ffffffff050090780a0101026a0000000000000000000000ac1e0001ac14140107be00e0000002000000"], 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r7 = accept4(r6, 0x0, 0x0, 0x80800) sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000640)=""/88, 0x58}, {&(0x7f0000000740)=""/105, 0xfffffe0b}], 0x2}, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) r9 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r8, 0x84, 0x7c, &(0x7f0000000080)={r10, 0x9, 0x7fff}, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={r10, 0x1c, &(0x7f0000000240)=[@in6={0xa, 0x4e24, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3}]}, &(0x7f0000000100)=0x10) socket$netlink(0x10, 0x3, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f00000001c0)=@req3={0x1, 0x3, 0x47, 0x100, 0x1, 0x3, 0x5}, 0x1c) socket$vsock_stream(0x28, 0x1, 0x0) 27.730906ms ago: executing program 2 (id=2578): setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x1b0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) connect$bt_sco(r3, &(0x7f0000000600), 0x8) r4 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000340)=r4) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4}) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000100)={0x0, 0x40, 0x3, 0x7, 0x16, "b0bf2ebb48c849ac0000000003000018bfff40"}) r6 = syz_open_pts(r5, 0x0) ioctl$TIOCCONS(r6, 0x541d) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/73, &(0x7f0000000480)=""/74}) openat2$dir(0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00', &(0x7f00000007c0)={0x80100, 0x8}, 0x18) statx(0xffffffffffffffff, &(0x7f0000000800)='./file0\x00', 0x4000, 0x4, &(0x7f0000000840)) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) r7 = accept(r0, &(0x7f0000000580)=@nfc, &(0x7f0000000080)=0x80) recvfrom$rxrpc(r7, &(0x7f00000006c0)=""/203, 0xcb, 0x12041, &(0x7f0000000180)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x24) ioprio_get$uid(0x3, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x1) syz_open_procfs(0x0, &(0x7f0000000940)='net/ip6_tables_names\x00') 0s ago: executing program 2 (id=2579): r0 = creat(0x0, 0x0) ioctl$XFS_IOC_GET_RESBLKS(r0, 0x80105873, &(0x7f0000000440)) mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x10010, 0xffffffffffffffff, 0x100000000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x5, [@enum={0x3, 0x2, 0x0, 0xf, 0x4000000, [{0x7}, {0xf364, 0x42}]}, @struct={0xe}]}, {0x0, [0x0, 0x0, 0x2e]}}, 0x0, 0x45, 0x0, 0x2, 0x2}, 0x28) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$qrtr(r0, &(0x7f0000000400)={&(0x7f0000000000)={0x2a, 0x4, 0x1}, 0xc, &(0x7f0000000240)=[{&(0x7f0000000300)="21cf715510168f1de88fe15455b446e01007516f12ba06608a9a031f8e27d2b600b499cff73840b2bf65d47931d177469d775ab43de7270475669415c5a87bdc291ee5", 0x43}, {&(0x7f0000000380)="98dde59c212540615ccafc8ee10e3c576f1e062ac30446cbd2dbd9289cb8bf63bce2f0816b97ebef395c0494ffbe7152cfb853425a8997286e20b95b09f33d6cb15cb09f13cabaf1155a8c1653f2785094aa14aca5a50c0796593dd1176d1a005c43329b4797e0021a8ab4bb", 0x6c}], 0x2, &(0x7f0000000580)=[{0xd0, 0x104, 0xffffff81, "9d81e704398f16c99cea8b9df8a1385b05b6be37809e5730257eaccb918c52d6c7dbb737ef8ed2bb0b4640a6b50bf08fe8353c1e40b1550a2551cfb8fd7f55752d87e1c98ecd04a145ad12583eac1936b2d5ca8e919d15ca2c20b62e441d58a5484009ce0f0a4bca319526d773c926eb1dec21325bfe206b05f9d4975a695ac162d41884403e268be7ecda494557b0f91767418e695d87f9341d706bdfe09b97507573eb76b80ef36e90eaf3d5bc07200020c2faaf3c5ec4c7bafd"}, {0x78, 0x1, 0x5, "759658c364042d3c98c90ae1f697c31e5b28ddb84b7522c0defd5c97da2338d9b711911fcd433e821e7024af2d8c65e7c4c04d07d44476be98cde263d25555b044d3ce8352876f6bb4a2a746ad4756f275771f25de6a79ee4e1549973a26f9eefbf61b33"}], 0x148, 0x4000000}, 0x38) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="fef30000", @ANYRES16=0x0, @ANYBLOB="00032bbd7000ffdbdf2505000000080009000f0000000500060005000000080005003ebc0000050002000900000008000500ffff000005"], 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r6, 0x25, 0x4, @void}, 0x10) syz_emit_ethernet(0x66, &(0x7f0000000200)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\x00\t', 0x30, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x5dc, {0x0, 0x6, "8cb02b", 0x9, 0x0, 0x1, @loopback, @local}}}}}}}, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r7, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) connect$inet6(r7, &(0x7f0000000140)={0xa, 0x4e20, 0x8, @remote, 0xb}, 0x1c) syz_emit_ethernet(0xfef3, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000641100fe8000000000000000000000000000bbfe8000000000000000000000000000aa4e200e22"], 0x0) syz_emit_ethernet(0xfef3, &(0x7f0000000200)=ANY=[], 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x1b, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x400, 0x8000, 0x40024e}, &(0x7f00000002c0), &(0x7f0000000040)) ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0) kernel console output (not intermixed with test programs): z.3.400" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa0cef9c799 code=0x0 [ 124.494397][ T7217] netlink: 24 bytes leftover after parsing attributes in process `syz.2.401'. [ 124.660563][ T7224] netlink: 12 bytes leftover after parsing attributes in process `syz.0.403'. [ 125.066248][ T7235] fuse: Unknown parameter 'user_id00000000000000000000' [ 125.218344][ T30] audit: type=1400 audit(1774298964.528:304): avc: denied { setopt } for pid=7247 comm="syz.3.412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 125.351316][ T30] audit: type=1400 audit(1774298964.538:305): avc: denied { ioctl } for pid=7249 comm="syz.2.413" path="socket:[11969]" dev="sockfs" ino=11969 ioctlcmd=0x941f scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 126.246510][ T30] audit: type=1326 audit(1774298965.558:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7265 comm="syz.1.418" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9619f9c799 code=0x0 [ 126.295746][ T7270] tmpfs: Bad value for 'mpol' [ 128.002765][ T30] audit: type=1400 audit(1774298967.318:307): avc: denied { bind } for pid=7284 comm="syz.0.425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 129.499896][ T30] audit: type=1400 audit(1774298968.818:308): avc: denied { bind } for pid=7300 comm="syz.1.429" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 129.547478][ T30] audit: type=1400 audit(1774298968.818:309): avc: denied { setopt } for pid=7300 comm="syz.1.429" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 129.794242][ T30] audit: type=1400 audit(1774298968.978:310): avc: denied { name_bind } for pid=7319 comm="syz.1.435" src=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 130.049057][ T30] audit: type=1400 audit(1774298968.978:311): avc: denied { name_connect } for pid=7319 comm="syz.1.435" dest=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 130.114735][ T30] audit: type=1400 audit(1774298969.428:312): avc: denied { setopt } for pid=7325 comm="syz.3.436" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 130.283989][ T7336] tmpfs: Bad value for 'mpol' [ 131.353218][ T30] audit: type=1326 audit(1774298970.618:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7344 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9619f9c799 code=0x7ffc0000 [ 131.383366][ T30] audit: type=1326 audit(1774298970.618:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7344 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9619f9c799 code=0x7ffc0000 [ 131.431928][ T30] audit: type=1326 audit(1774298970.618:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7344 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f9619f9c799 code=0x7ffc0000 [ 131.562743][ T30] audit: type=1326 audit(1774298970.618:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7344 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9619f9c799 code=0x7ffc0000 [ 131.687899][ T30] audit: type=1326 audit(1774298970.618:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7344 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9619f9c799 code=0x7ffc0000 [ 131.761508][ T30] audit: type=1326 audit(1774298970.618:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7344 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f9619f9c799 code=0x7ffc0000 [ 131.869405][ T30] audit: type=1326 audit(1774298970.618:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7344 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9619f9c799 code=0x7ffc0000 [ 131.927722][ T30] audit: type=1326 audit(1774298970.618:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7344 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f9619f9c799 code=0x7ffc0000 [ 132.036532][ T30] audit: type=1326 audit(1774298970.618:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7344 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9619f9c799 code=0x7ffc0000 [ 132.156789][ T30] audit: type=1326 audit(1774298970.628:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7344 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f9619f9c799 code=0x7ffc0000 [ 132.281653][ T7368] fuse: Bad value for 'user_id' [ 132.322938][ T7368] fuse: Bad value for 'user_id' [ 132.359835][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.367701][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.671295][ T7389] tmpfs: Bad value for 'mpol' [ 134.015002][ T7434] tipc: Enabling of bearer rejected, failed to enable media [ 134.223925][ T7444] tmpfs: Bad value for 'mpol' [ 134.559862][ T7452] 9p: Bad value for 'rfdno' [ 134.747175][ T7462] Cannot find add_set index 0 as target [ 134.780096][ T7462] tmpfs: Bad value for 'mpol' [ 135.614919][ T7480] netlink: 48 bytes leftover after parsing attributes in process `syz.2.489'. [ 136.261728][ T7481] netlink: 8 bytes leftover after parsing attributes in process `syz.4.490'. [ 136.270760][ T7481] netlink: 48 bytes leftover after parsing attributes in process `syz.4.490'. [ 136.360574][ T7481] netlink: 8 bytes leftover after parsing attributes in process `syz.4.490'. [ 136.435312][ T7484] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7484 comm=syz.0.486 [ 136.458087][ T7484] 9pnet_virtio: no channels available for device syz [ 136.590187][ T30] kauditd_printk_skb: 47 callbacks suppressed [ 136.590199][ T30] audit: type=1400 audit(1774298975.908:370): avc: denied { write } for pid=7487 comm="syz.4.495" path="socket:[12252]" dev="sockfs" ino=12252 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 136.643204][ T30] audit: type=1400 audit(1774298975.908:371): avc: denied { connect } for pid=7487 comm="syz.4.495" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 136.709210][ T7498] fuse: Bad value for 'fd' [ 136.856725][ T7510] fuse: Unknown parameter 'user_i00000000000000000000' [ 136.868303][ T7511] fuse: Bad value for 'user_id' [ 136.873195][ T7511] fuse: Bad value for 'user_id' [ 136.955619][ T7517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.506'. [ 136.964545][ T7517] netlink: 48 bytes leftover after parsing attributes in process `syz.2.506'. [ 136.975628][ T7517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.506'. [ 137.063466][ T30] audit: type=1400 audit(1774298976.378:372): avc: denied { bind } for pid=7519 comm="syz.2.507" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 137.097203][ T7526] netlink: 28 bytes leftover after parsing attributes in process `syz.3.508'. [ 137.113268][ T30] audit: type=1400 audit(1774298976.378:373): avc: denied { name_bind } for pid=7519 comm="syz.2.507" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 137.162022][ T30] audit: type=1400 audit(1774298976.378:374): avc: denied { node_bind } for pid=7519 comm="syz.2.507" saddr=172.20.20.170 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 137.292137][ T7538] 9pnet_virtio: no channels available for device syz [ 137.563277][ T5128] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 137.572459][ T5128] Bluetooth: hci1: Injecting HCI hardware error event [ 137.580454][ T5128] Bluetooth: hci1: hardware error 0x00 [ 137.797049][ T7544] fuse: Unknown parameter 'user_i00000000000000000000' [ 137.880386][ T30] audit: type=1326 audit(1774298977.198:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7545 comm="syz.4.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1312f9c799 code=0x7ffc0000 [ 137.939885][ T30] audit: type=1326 audit(1774298977.198:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7545 comm="syz.4.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1312f9c799 code=0x7ffc0000 [ 137.985657][ T7550] netlink: 8 bytes leftover after parsing attributes in process `syz.2.517'. [ 137.994493][ T7550] netlink: 48 bytes leftover after parsing attributes in process `syz.2.517'. [ 138.018162][ T7554] netlink: 'syz.0.518': attribute type 3 has an invalid length. [ 138.023241][ T30] audit: type=1326 audit(1774298977.198:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7545 comm="syz.4.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1312f9c799 code=0x7ffc0000 [ 138.073166][ T30] audit: type=1326 audit(1774298977.198:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7545 comm="syz.4.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1312f9c799 code=0x7ffc0000 [ 138.086335][ T7556] netlink: 'syz.2.520': attribute type 5 has an invalid length. [ 138.240454][ T30] audit: type=1326 audit(1774298977.198:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7545 comm="syz.4.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1312f9c799 code=0x7ffc0000 [ 138.278713][ T822] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 138.963545][ T7584] fuse: Unknown parameter 'user_id00000000000000000000' [ 139.243893][ T791] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 139.814348][ T5128] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 139.825130][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 140.304746][ T7621] fuse: Unknown parameter 'user_id00000000000000000000' [ 140.561960][ T7625] netlink: 'syz.2.544': attribute type 4 has an invalid length. [ 141.350282][ T7641] netlink: 'syz.1.546': attribute type 1 has an invalid length. [ 141.358289][ T7641] __nla_validate_parse: 11 callbacks suppressed [ 141.358308][ T7641] netlink: 4 bytes leftover after parsing attributes in process `syz.1.546'. [ 141.506496][ T7647] 9pnet_virtio: no channels available for device syz [ 141.774923][ T7653] openvswitch: netlink: Actions may not be safe on all matching packets [ 141.794952][ T7649] batadv_slave_1: entered promiscuous mode [ 141.814976][ T7653] vlan2: entered promiscuous mode [ 141.820639][ T7653] vlan2: entered allmulticast mode [ 141.826952][ T7653] hsr_slave_1: entered allmulticast mode [ 141.835698][ T7649] batadv_slave_1: left promiscuous mode [ 141.921178][ T7653] netlink: 4 bytes leftover after parsing attributes in process `syz.4.552'. [ 142.011675][ T7658] netlink: 8 bytes leftover after parsing attributes in process `syz.0.554'. [ 142.022588][ T7658] netlink: 48 bytes leftover after parsing attributes in process `syz.0.554'. [ 142.040600][ T7658] netlink: 8 bytes leftover after parsing attributes in process `syz.0.554'. [ 142.111985][ T7660] fuse: Unknown parameter 'user_id00000000000000000000' [ 142.172463][ T30] kauditd_printk_skb: 35 callbacks suppressed [ 142.172480][ T30] audit: type=1400 audit(1774298981.488:415): avc: denied { accept } for pid=7648 comm="syz.3.551" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 142.565950][ T7678] netlink: 'syz.1.561': attribute type 10 has an invalid length. [ 142.622574][ T7679] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=13331 sclass=netlink_route_socket pid=7679 comm=syz.1.561 [ 143.020070][ T7678] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 143.027996][ T7678] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 143.163187][ T5809] Bluetooth: hci2: command 0x0406 tx timeout [ 143.224093][ T7684] tipc: Failed to remove unknown binding: 66,1,1/0:4279679441/4279679443 [ 144.693953][ T7695] netlink: 8 bytes leftover after parsing attributes in process `syz.4.566'. [ 144.702744][ T7695] netlink: 48 bytes leftover after parsing attributes in process `syz.4.566'. [ 144.733180][ T7695] netlink: 8 bytes leftover after parsing attributes in process `syz.4.566'. [ 144.872756][ T7698] fuse: Bad value for 'fd' [ 144.934039][ T7701] xt_l2tp: unknown flags: 17 [ 145.337965][ T7711] No such timeout policy "syz0" [ 145.424619][ T7723] netlink: 76 bytes leftover after parsing attributes in process `syz.1.574'. [ 145.675461][ T7733] netlink: 12 bytes leftover after parsing attributes in process `syz.2.567'. [ 145.787811][ T7737] macvlan2: entered promiscuous mode [ 146.913203][ T7737] macvlan2: entered allmulticast mode [ 146.920598][ T7737] bond1: entered promiscuous mode [ 146.942798][ T7742] netlink: 8 bytes leftover after parsing attributes in process `syz.4.579'. [ 146.951737][ T7742] netlink: 48 bytes leftover after parsing attributes in process `syz.4.579'. [ 146.967883][ T7737] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 147.009716][ T7737] bond1: left promiscuous mode [ 147.048228][ T7751] fuse: Bad value for 'fd' [ 147.055263][ T7742] netlink: 8 bytes leftover after parsing attributes in process `syz.4.579'. [ 147.439863][ T30] audit: type=1400 audit(1774298986.758:416): avc: denied { read } for pid=7761 comm="syz.4.583" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 147.495502][ T7765] tmpfs: Unknown parameter 'usrquo ' [ 147.513653][ T7765] netlink: 68 bytes leftover after parsing attributes in process `syz.4.583'. [ 147.534976][ T7765] netlink: 24 bytes leftover after parsing attributes in process `syz.4.583'. [ 147.952902][ T7774] netlink: 76 bytes leftover after parsing attributes in process `syz.0.586'. [ 148.391410][ T7790] 9p: Bad value for 'rfdno' [ 148.436496][ T7791] netlink: 'syz.1.590': attribute type 11 has an invalid length. [ 148.631434][ T7793] netlink: 8 bytes leftover after parsing attributes in process `syz.0.591'. [ 148.642676][ T7793] netlink: 48 bytes leftover after parsing attributes in process `syz.0.591'. [ 148.653457][ T7793] netlink: 8 bytes leftover after parsing attributes in process `syz.0.591'. [ 149.957783][ T7807] netlink: 5052 bytes leftover after parsing attributes in process `syz.4.597'. [ 150.541819][ T7805] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5224 sclass=netlink_route_socket pid=7805 comm=syz.0.596 [ 150.836726][ T7832] netlink: 'syz.3.600': attribute type 2 has an invalid length. [ 150.863549][ T7832] xt_TCPMSS: Only works on TCP SYN packets [ 151.105885][ T7843] mmap: syz.0.604 (7843): VmData 37597184 exceed data ulimit 6. Update limits or use boot option ignore_rlimit_data. [ 151.838168][ T30] audit: type=1400 audit(1774298991.158:417): avc: denied { accept } for pid=7854 comm="syz.2.609" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 152.365863][ T7876] openvswitch: netlink: IPv4 tunnel dst address is zero [ 152.385724][ T7878] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9232 sclass=netlink_route_socket pid=7878 comm=syz.4.616 [ 152.525321][ T7884] __nla_validate_parse: 5 callbacks suppressed [ 152.525333][ T7884] netlink: 8 bytes leftover after parsing attributes in process `syz.4.618'. [ 152.542322][ T7884] netlink: 48 bytes leftover after parsing attributes in process `syz.4.618'. [ 152.569181][ T7884] netlink: 8 bytes leftover after parsing attributes in process `syz.4.618'. [ 152.600603][ T30] audit: type=1400 audit(1774298991.918:418): avc: denied { getopt } for pid=7886 comm="syz.3.619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 152.872082][ T7895] netlink: 76 bytes leftover after parsing attributes in process `syz.2.620'. [ 153.248566][ T7893] netlink: 'syz.4.621': attribute type 1 has an invalid length. [ 153.311515][ T7893] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 153.389569][ T30] audit: type=1400 audit(1774298992.708:419): avc: denied { create } for pid=7892 comm="syz.4.621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 153.410340][ T7893] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 153.483442][ T30] audit: type=1400 audit(1774298992.708:420): avc: denied { write } for pid=7892 comm="syz.4.621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 153.767356][ T7903] bond1: (slave gretap1): making interface the new active one [ 153.778505][ T7903] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 153.795222][ T7922] macvlan2: entered promiscuous mode [ 153.801701][ T7922] macvlan2: entered allmulticast mode [ 153.808228][ T7922] bond1: entered promiscuous mode [ 153.823279][ T7922] gretap1: entered promiscuous mode [ 153.829088][ T7922] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 153.838978][ T7922] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 153.855126][ T7922] bond1: left promiscuous mode [ 153.863259][ T7922] gretap1: left promiscuous mode [ 154.152942][ T7931] tipc: Enabling of bearer rejected, failed to enable media [ 154.432064][ T7941] netlink: 76 bytes leftover after parsing attributes in process `syz.3.632'. [ 154.443905][ T7936] netlink: 8 bytes leftover after parsing attributes in process `syz.2.631'. [ 154.467302][ T7936] netlink: 48 bytes leftover after parsing attributes in process `syz.2.631'. [ 154.492396][ T7936] netlink: 8 bytes leftover after parsing attributes in process `syz.2.631'. [ 156.179324][ T30] audit: type=1400 audit(1774298995.498:421): avc: denied { mount } for pid=7947 comm="syz.2.634" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 156.229024][ T7954] overlayfs: failed to resolve '/ $': -2 [ 156.971959][ T7966] netlink: 24 bytes leftover after parsing attributes in process `syz.1.639'. [ 157.013863][ T7966] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 157.514987][ T7975] tmpfs: Bad value for 'mpol' [ 158.014723][ T7984] netlink: 8 bytes leftover after parsing attributes in process `syz.4.644'. [ 158.180428][ T7984] netlink: 48 bytes leftover after parsing attributes in process `syz.4.644'. [ 158.190085][ T7984] netlink: 8 bytes leftover after parsing attributes in process `syz.4.644'. [ 158.461178][ T7992] netlink: 12 bytes leftover after parsing attributes in process `syz.1.646'. [ 158.470224][ T7992] netlink: 4 bytes leftover after parsing attributes in process `syz.1.646'. [ 160.330121][ T8014] netlink: 24 bytes leftover after parsing attributes in process `syz.3.653'. [ 160.492328][ T8020] netlink: 8 bytes leftover after parsing attributes in process `syz.3.655'. [ 160.501746][ T8020] netlink: 48 bytes leftover after parsing attributes in process `syz.3.655'. [ 160.511251][ T8020] netlink: 8 bytes leftover after parsing attributes in process `syz.3.655'. [ 161.663873][ T8037] can: request_module (can-proto-0) failed. [ 161.803611][ T8054] Dead loop on virtual device ip6_vti0, fix it urgently! [ 162.111906][ T8068] trusted_key: encrypted_key: master key parameter 'use' is invalid [ 162.436641][ T8075] netlink: 8 bytes leftover after parsing attributes in process `syz.2.666'. [ 162.685421][ T30] audit: type=1400 audit(1774299002.008:422): avc: denied { setopt } for pid=8076 comm="syz.2.667" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 164.667055][ T8107] overlayfs: failed to clone upperpath [ 165.052362][ T8115] __nla_validate_parse: 2 callbacks suppressed [ 165.052379][ T8115] netlink: 180 bytes leftover after parsing attributes in process `syz.1.678'. [ 165.074148][ T8115] overlayfs: failed to clone upperpath [ 165.119074][ T791] IPVS: starting estimator thread 0... [ 165.249757][ T30] audit: type=1400 audit(1774299004.568:423): avc: denied { ioctl } for pid=8118 comm="syz.4.679" path="socket:[14763]" dev="sockfs" ino=14763 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 165.274426][ T8116] IPVS: using max 45 ests per chain, 108000 per kthread [ 165.420803][ T30] audit: type=1400 audit(1774299004.738:424): avc: denied { ioctl } for pid=8118 comm="syz.4.679" path="socket:[14225]" dev="sockfs" ino=14225 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 165.659333][ T8122] overlayfs: failed to clone upperpath [ 165.694828][ T30] audit: type=1400 audit(1774299005.018:425): avc: denied { write } for pid=8121 comm="syz.1.680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 166.645139][ T8140] infiniband syz2: set down [ 166.649787][ T8140] infiniband syz2: added ipvlan0 [ 168.496592][ T30] audit: type=1400 audit(1774299007.818:426): avc: denied { getopt } for pid=8138 comm="syz.4.686" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 168.654937][ T8140] RDS/IB: syz2: added [ 168.659439][ T8140] smc: adding ib device syz2 with port count 1 [ 168.666153][ T8140] smc: ib device syz2 port 1 has no pnetid [ 169.986720][ T8166] netlink: 'syz.0.689': attribute type 10 has an invalid length. [ 169.995102][ T8166] netlink: 40 bytes leftover after parsing attributes in process `syz.0.689'. [ 170.005538][ T8166] batadv0: entered promiscuous mode [ 170.010793][ T8166] batadv0: entered allmulticast mode [ 170.018755][ T8166] bridge0: port 3(batadv0) entered blocking state [ 170.026233][ T8166] bridge0: port 3(batadv0) entered disabled state [ 170.044358][ T8166] bridge0: port 3(batadv0) entered blocking state [ 170.050864][ T8166] bridge0: port 3(batadv0) entered forwarding state [ 170.095836][ T36] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 170.105974][ T36] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 170.283336][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 172.443857][ T30] audit: type=1400 audit(1774299011.758:427): avc: denied { create } for pid=8189 comm="syz.3.698" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 172.474495][ T8192] netlink: 8 bytes leftover after parsing attributes in process `syz.1.697'. [ 172.477049][ T30] audit: type=1400 audit(1774299011.798:428): avc: denied { sys_admin } for pid=8189 comm="syz.3.698" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 172.507276][ T8192] netlink: 48 bytes leftover after parsing attributes in process `syz.1.697'. [ 172.526272][ T30] audit: type=1400 audit(1774299011.828:429): avc: denied { sys_nice } for pid=8189 comm="syz.3.698" capability=23 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 172.534858][ T8192] netlink: 8 bytes leftover after parsing attributes in process `syz.1.697'. [ 173.477635][ T8214] bridge0: port 3(syz_tun) entered blocking state [ 173.496906][ T8214] bridge0: port 3(syz_tun) entered disabled state [ 173.512804][ T8214] syz_tun: entered allmulticast mode [ 173.564536][ T8220] netlink: 'syz.2.705': attribute type 10 has an invalid length. [ 173.615834][ T8214] syz_tun: entered promiscuous mode [ 173.644308][ T8214] bridge0: port 3(syz_tun) entered blocking state [ 173.651151][ T8214] bridge0: port 3(syz_tun) entered forwarding state [ 174.469627][ T8227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.709'. [ 174.570295][ T8251] xt_limit: Overflow, try lower: 0/0 [ 174.671206][ T8227] team0: Port device team_slave_0 removed [ 174.973025][ T8264] netlink: 8 bytes leftover after parsing attributes in process `syz.0.719'. [ 175.164892][ T30] audit: type=1326 audit(1774299014.378:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8246 comm="syz.4.716" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1312f9c799 code=0x0 [ 178.050884][ T791] IPVS: starting estimator thread 0... [ 178.844433][ T8302] IPVS: using max 75 ests per chain, 180000 per kthread [ 179.589878][ T8327] x_tables: duplicate underflow at hook 1 [ 179.874177][ T30] audit: type=1400 audit(1774299019.188:431): avc: denied { map } for pid=8331 comm="syz.4.739" path="socket:[15021]" dev="sockfs" ino=15021 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 180.668061][ T30] audit: type=1400 audit(1774299019.578:432): avc: denied { read } for pid=8341 comm="syz.4.743" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 180.673279][ T5809] Bluetooth: hci4: command 0x0406 tx timeout [ 180.693973][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 180.699987][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 180.974924][ T8346] xt_hashlimit: size too large, truncated to 1048576 [ 181.192202][ T8356] 9p: Bad value for 'rfdno' [ 184.645296][ T8381] xt_hashlimit: size too large, truncated to 1048576 [ 184.854063][ T8382] bridge0: port 4(batadv1) entered blocking state [ 184.860890][ T8382] bridge0: port 4(batadv1) entered disabled state [ 184.869310][ T8382] batadv1: entered allmulticast mode [ 184.881437][ T8382] batadv1: entered promiscuous mode [ 185.279676][ T30] audit: type=1400 audit(1774299024.568:433): avc: denied { create } for pid=8384 comm="syz.1.753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 185.334795][ T5933] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 185.344682][ T5933] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 185.361718][ T30] audit: type=1400 audit(1774299024.578:434): avc: denied { bind } for pid=8384 comm="syz.1.753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 185.516797][ T30] audit: type=1400 audit(1774299024.828:435): avc: denied { write } for pid=8384 comm="syz.1.753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 186.094733][ T8406] netlink: 12 bytes leftover after parsing attributes in process `syz.4.761'. [ 186.108870][ T8406] dummy0: entered promiscuous mode [ 186.147661][ T8406] dummy0: entered allmulticast mode [ 189.495910][ T8468] dummy0: left promiscuous mode [ 189.501107][ T8468] dummy0: left allmulticast mode [ 189.736779][ T8468] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 190.151509][ T8478] netlink: 28 bytes leftover after parsing attributes in process `syz.3.781'. [ 191.193124][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 191.789441][ T8512] netlink: 8 bytes leftover after parsing attributes in process `syz.1.791'. [ 191.861425][ T8512] netlink: 48 bytes leftover after parsing attributes in process `syz.1.791'. [ 191.959185][ T8512] netlink: 8 bytes leftover after parsing attributes in process `syz.1.791'. [ 192.285925][ T30] audit: type=1326 audit(1774299031.608:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8521 comm="syz.1.797" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9619f9c799 code=0x0 [ 193.817730][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.863270][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.260279][ T8559] netlink: 8 bytes leftover after parsing attributes in process `syz.3.806'. [ 195.279351][ T8559] netlink: 48 bytes leftover after parsing attributes in process `syz.3.806'. [ 195.333236][ T8559] netlink: 8 bytes leftover after parsing attributes in process `syz.3.806'. [ 195.662883][ T30] audit: type=1400 audit(1774299034.978:437): avc: denied { bind } for pid=8574 comm="syz.2.811" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 195.674674][ T8577] netlink: 28 bytes leftover after parsing attributes in process `syz.2.811'. [ 195.704299][ T8577] netlink: 28 bytes leftover after parsing attributes in process `syz.2.811'. [ 197.047526][ T30] audit: type=1800 audit(1774299036.288:438): pid=8599 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.819" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 197.208180][ T30] audit: type=1400 audit(1774299036.528:439): avc: denied { ioctl } for pid=8606 comm="syz.0.824" path="socket:[15848]" dev="sockfs" ino=15848 ioctlcmd=0x89ef scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 197.244838][ T8605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.820'. [ 197.271471][ T8605] netlink: 48 bytes leftover after parsing attributes in process `syz.3.820'. [ 197.340035][ T8616] netlink: 'syz.1.823': attribute type 10 has an invalid length. [ 197.359300][ T8616] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=41235 sclass=netlink_route_socket pid=8616 comm=syz.1.823 [ 197.813191][ T8605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.820'. [ 198.152402][ T30] audit: type=1400 audit(1774299037.468:440): avc: denied { cmd } for pid=8627 comm="syz.1.829" path="socket:[15329]" dev="sockfs" ino=15329 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 198.201689][ T30] audit: type=1400 audit(1774299037.518:441): avc: denied { create } for pid=8629 comm="syz.1.830" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 198.221624][ T30] audit: type=1400 audit(1774299037.538:442): avc: denied { ioctl } for pid=8629 comm="syz.1.830" path="socket:[15864]" dev="sockfs" ino=15864 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 198.247851][ T30] audit: type=1400 audit(1774299037.568:443): avc: denied { bind } for pid=8629 comm="syz.1.830" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 198.269381][ T30] audit: type=1400 audit(1774299037.568:444): avc: denied { read } for pid=8629 comm="syz.1.830" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 198.449481][ T8638] netlink: 4 bytes leftover after parsing attributes in process `syz.4.834'. [ 200.068109][ T8662] netlink: 8 bytes leftover after parsing attributes in process `syz.2.840'. [ 200.132550][ T8662] : entered promiscuous mode [ 200.294745][ T8670] netlink: 20 bytes leftover after parsing attributes in process `syz.1.844'. [ 201.027183][ T30] audit: type=1400 audit(1774299040.328:445): avc: denied { watch_reads } for pid=8681 comm="syz.3.848" path="/165" dev="tmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 201.642368][ T30] audit: type=1400 audit(1774299040.948:446): avc: denied { connect } for pid=8682 comm="syz.4.849" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 202.487099][ T8708] netlink: 20 bytes leftover after parsing attributes in process `syz.3.854'. [ 202.674902][ T8709] FAT-fs (loop3): unable to read boot sector [ 202.681500][ T30] audit: type=1400 audit(1774299041.988:447): avc: denied { create } for pid=8702 comm="syz.1.853" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 202.721961][ T30] audit: type=1400 audit(1774299041.988:448): avc: denied { mounton } for pid=8702 comm="syz.1.853" path="/155/file0" dev="tmpfs" ino=859 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 203.525449][ T30] audit: type=1400 audit(1774299042.848:449): avc: denied { unlink } for pid=5805 comm="syz-executor" name="file0" dev="tmpfs" ino=859 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 203.632933][ T5128] Bluetooth: hci4: hardware error 0x02 [ 203.646074][ T8728] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 203.653865][ T30] audit: type=1400 audit(1774299042.958:450): avc: denied { wake_alarm } for pid=8724 comm="syz.3.863" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 203.697381][ T8728] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 203.848161][ T8735] netlink: 36 bytes leftover after parsing attributes in process `syz.2.865'. [ 203.915034][ T8737] kAFS: unparsable volume name [ 204.540223][ T30] audit: type=1800 audit(1774299043.858:451): pid=8762 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.877" name="nullb0" dev="tmpfs" ino=877 res=0 errno=0 [ 204.818357][ T8750] netlink: 16 bytes leftover after parsing attributes in process `syz.4.870'. [ 205.327882][ T30] audit: type=1400 audit(1774299044.648:452): avc: denied { setattr } for pid=8783 comm="syz.1.886" name="secretmem" dev="secretmem" ino=16548 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 205.727125][ T5128] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 205.758673][ T8798] ./file0: Can't lookup blockdev [ 207.319150][ T30] audit: type=1400 audit(1774299046.638:453): avc: denied { mount } for pid=8839 comm="syz.2.900" name="/" dev="autofs" ino=16600 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 207.372529][ T5128] Bluetooth: hci0: unexpected event for opcode 0x200b [ 207.507246][ T8870] netlink: 'syz.1.904': attribute type 11 has an invalid length. [ 207.507246][ T8869] netlink: 'syz.1.904': attribute type 11 has an invalid length. [ 207.507266][ T8869] netlink: 56 bytes leftover after parsing attributes in process `syz.1.904'. [ 207.531919][ T8870] netlink: 56 bytes leftover after parsing attributes in process `syz.1.904'. [ 207.535540][ T8870] netlink: 'syz.1.904': attribute type 11 has an invalid length. [ 207.549296][ T8870] netlink: 56 bytes leftover after parsing attributes in process `syz.1.904'. [ 207.610368][ T30] audit: type=1400 audit(1774299046.928:454): avc: denied { write } for pid=8876 comm="syz.1.905" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 207.811039][ T8885] overlayfs: failed to clone upperpath [ 209.113103][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 209.595343][ T8905] netlink: 40 bytes leftover after parsing attributes in process `syz.1.908'. [ 209.688795][ T8909] netlink: 'syz.2.913': attribute type 3 has an invalid length. [ 209.785351][ T30] audit: type=1400 audit(1774299049.018:455): avc: denied { name_connect } for pid=8907 comm="syz.2.913" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 210.028642][ T8919] kAFS: unable to lookup cell '(,c¾Ì' [ 210.889560][ T30] audit: type=1400 audit(1774299050.168:456): avc: denied { mount } for pid=8925 comm="syz.1.917" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 213.059561][ T8973] tmpfs: Bad value for 'mpol' [ 213.104618][ T30] audit: type=1400 audit(1774299052.428:457): avc: denied { getopt } for pid=8977 comm="syz.1.929" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 213.141410][ T30] audit: type=1400 audit(1774299052.428:458): avc: denied { write } for pid=8977 comm="syz.1.929" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 214.250992][ T8987] tipc: Can't bind to reserved service type 0 [ 215.896736][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 215.918270][ T30] audit: type=1400 audit(1774299055.218:459): avc: denied { override_creds } for pid=9003 comm="syz.2.937" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 216.133012][ T30] audit: type=1400 audit(1774299055.448:460): avc: denied { listen } for pid=9013 comm="syz.2.941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 216.155034][ T9014] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 217.088100][ T9023] netlink: 36 bytes leftover after parsing attributes in process `syz.0.945'. [ 217.396577][ T9032] overlayfs: failed to clone upperpath [ 220.826032][ T9065] netlink: 16 bytes leftover after parsing attributes in process `syz.3.956'. [ 221.710574][ T9072] batadv_slave_0: entered promiscuous mode [ 221.725059][ T9072] netlink: 'syz.3.958': attribute type 10 has an invalid length. [ 221.732913][ T9072] netlink: 55 bytes leftover after parsing attributes in process `syz.3.958'. [ 221.846377][ T9075] netlink: 64 bytes leftover after parsing attributes in process `syz.2.959'. [ 221.884729][ T30] audit: type=1400 audit(1774299061.208:461): avc: denied { connect } for pid=9077 comm="syz.0.960" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 221.913096][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 222.276597][ T9087] xt_policy: neither incoming nor outgoing policy selected [ 222.831972][ T9071] batadv_slave_0: left promiscuous mode [ 223.861499][ T9104] netlink: 16 bytes leftover after parsing attributes in process `syz.0.969'. [ 223.922106][ T9105] lo speed is unknown, defaulting to 1000 [ 223.928397][ T9105] lo speed is unknown, defaulting to 1000 [ 223.934904][ T9105] lo speed is unknown, defaulting to 1000 [ 223.942604][ T9105] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 223.956340][ T9105] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 223.973352][ T9105] lo speed is unknown, defaulting to 1000 [ 223.980798][ T9105] lo speed is unknown, defaulting to 1000 [ 223.984706][ T30] audit: type=1400 audit(1774299063.298:462): avc: denied { accept } for pid=9102 comm="syz.0.969" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 223.987865][ T9105] lo speed is unknown, defaulting to 1000 [ 224.027665][ T9105] lo speed is unknown, defaulting to 1000 [ 224.034337][ T9105] lo speed is unknown, defaulting to 1000 [ 224.827470][ T9117] tmpfs: Bad value for 'mpol' [ 225.256687][ T9128] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 225.293851][ T9129] netlink: 4 bytes leftover after parsing attributes in process `syz.4.976'. [ 225.375586][ T30] audit: type=1400 audit(1774299064.678:463): avc: denied { mount } for pid=9131 comm="syz.0.977" name="/" dev="configfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 225.404547][ T9133] netlink: 164 bytes leftover after parsing attributes in process `syz.4.976'. [ 225.457527][ T30] audit: type=1400 audit(1774299064.688:464): avc: denied { search } for pid=9131 comm="syz.0.977" name="/" dev="configfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 225.539711][ T30] audit: type=1400 audit(1774299064.688:465): avc: denied { setattr } for pid=9131 comm="syz.0.977" name="/" dev="configfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 225.837316][ T9136] netlink: 8 bytes leftover after parsing attributes in process `syz.0.978'. [ 226.061125][ T9130] overlayfs: failed to resolve './file1/file0': -2 [ 226.517939][ T9153] tmpfs: Bad value for 'mpol' [ 227.000666][ T9167] team0: Device gtp0 is up. Set it down before adding it as a team port [ 227.567245][ T9173] netlink: 4 bytes leftover after parsing attributes in process `syz.4.986'. [ 230.054591][ T9219] tmpfs: Bad value for 'mpol' [ 230.467457][ T30] audit: type=1400 audit(1774299069.778:466): avc: denied { getopt } for pid=9211 comm="syz.0.994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 230.834363][ T9226] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9226 comm=syz.4.996 [ 231.011927][ T9233] netlink: 8 bytes leftover after parsing attributes in process `syz.0.998'. [ 231.996976][ T30] audit: type=1400 audit(1774299071.318:467): avc: denied { setattr } for pid=9246 comm="syz.4.1004" name="PING" dev="sockfs" ino=17064 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 232.023248][ T9247] netlink: 'syz.4.1004': attribute type 3 has an invalid length. [ 232.338824][ T30] audit: type=1400 audit(1774299071.658:468): avc: denied { mount } for pid=9260 comm="syz.2.1012" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 232.697897][ T9272] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1013'. [ 233.602967][ T30] audit: type=1400 audit(1774299072.918:469): avc: denied { setopt } for pid=9278 comm="syz.3.1017" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 233.777339][ T9284] tmpfs: Bad value for 'mpol' [ 233.784387][ T9289] 9p: Bad value for 'rfdno' [ 233.869227][ T30] audit: type=1400 audit(1774299073.178:470): avc: denied { bind } for pid=9281 comm="syz.1.1018" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 234.514016][ T9302] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1024'. [ 234.533108][ T30] audit: type=1400 audit(1774299073.838:471): avc: denied { shutdown } for pid=9304 comm="syz.1.1026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 234.575224][ T9302] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1024'. [ 234.710158][ T9302] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1024'. [ 235.127675][ T9305] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 235.136599][ T9305] overlayfs: missing 'lowerdir' [ 235.182257][ T9305] overlayfs: failed to clone lowerpath [ 236.424248][ T9338] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1035'. [ 236.445107][ T9338] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1035'. [ 237.473842][ T30] audit: type=1400 audit(1774299076.798:472): avc: denied { bind } for pid=9349 comm="syz.4.1040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 237.874804][ T9345] 9p: Bad value for 'rfdno' [ 238.093115][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 238.402645][ T9375] tmpfs: Bad value for 'mpol' [ 239.640418][ T9399] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9399 comm=syz.4.1054 [ 240.125792][ T9410] RDS: rds_bind could not find a transport for fe88::105, load rds_tcp or rds_rdma? [ 240.201804][ T30] audit: type=1400 audit(1774299079.518:473): avc: denied { bind } for pid=9421 comm="syz.0.1061" lport=45088 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 240.461893][ T9428] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1063'. [ 240.470817][ T9428] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1063'. [ 240.481129][ T9428] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1063'. [ 240.895018][ T9442] overlayfs: failed to clone upperpath [ 240.912469][ T9442] overlayfs: failed to clone upperpath [ 241.181243][ T30] audit: type=1400 audit(1774299336.510:474): avc: denied { mounton } for pid=9450 comm="syz.0.1073" path="/254/file0" dev="tmpfs" ino=1374 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 241.691956][ T30] audit: type=1400 audit(1774299337.010:475): avc: denied { create } for pid=9456 comm="syz.4.1076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 243.747246][ T30] audit: type=1400 audit(1774299339.060:476): avc: denied { bind } for pid=9479 comm="syz.1.1084" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 244.117838][ T9489] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1088'. [ 245.150358][ T9504] fusectl: Unknown parameter 'usr ' [ 245.165626][ T9504] overlayfs: failed to clone upperpath [ 246.159352][ T30] audit: type=1400 audit(1774299341.480:477): avc: denied { getopt } for pid=9512 comm="syz.0.1095" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 246.164361][ T5880] libceph: connect (1)[c::]:6789 error -22 [ 246.346849][ T5880] libceph: mon0 (1)[c::]:6789 connect error [ 246.358253][ T9486] ceph: No mds server is up or the cluster is laggy [ 247.589969][ T9535] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1098'. [ 247.734110][ T9546] 9p: Bad value for 'rfdno' [ 247.880251][ T30] audit: type=1400 audit(1774299343.200:478): avc: denied { bind } for pid=9548 comm="syz.2.1105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 247.996246][ T9552] af_packet: tpacket_rcv: packet too big, clamped from 3698 to 4294967272. macoff=96 [ 248.111578][ T9568] netlink: 5256 bytes leftover after parsing attributes in process `syz.3.1102'. [ 248.121432][ T9568] nbd: must specify at least one socket [ 248.218114][ T9572] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1108'. [ 248.527119][ T30] audit: type=1400 audit(1774299343.850:479): avc: denied { connect } for pid=9573 comm="syz.0.1110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 249.231836][ T9590] lo speed is unknown, defaulting to 1000 [ 250.410514][ T9606] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 250.527381][ T9610] netlink: 'syz.1.1123': attribute type 10 has an invalid length. [ 250.539392][ T9610] netlink: 'syz.1.1123': attribute type 10 has an invalid length. [ 250.547887][ T9610] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1123'. [ 252.633109][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 255.239602][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.250151][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.765410][ T9704] xt_NFQUEUE: number of total queues is 0 [ 255.851190][ T9705] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.1141'. [ 256.974664][ T9714] xt_hashlimit: size too large, truncated to 1048576 [ 256.991115][ T9714] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 257.081221][ T9716] kAFS: unable to lookup cell '(,c¾Ì' [ 257.339247][ T30] audit: type=1400 audit(1774299352.660:480): avc: denied { accept } for pid=9712 comm="syz.4.1143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 258.219802][ T9737] overlayfs: failed to clone upperpath [ 258.242837][ T9734] bond2: Removing last arp target with arp_interval on [ 258.251261][ T9734] bond2: entered allmulticast mode [ 258.257647][ T9734] 8021q: adding VLAN 0 to HW filter on device bond2 [ 258.300886][ T9740] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1153'. [ 258.311222][ T9740] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1153'. [ 258.320711][ T9740] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1153'. [ 258.363908][ T9742] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1154'. [ 258.575969][ T9750] tipc: Started in network mode [ 258.580872][ T9750] tipc: Node identity 2, cluster identity 4711 [ 258.587521][ T9750] tipc: Node number set to 2 [ 260.010322][ T9779] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1164'. [ 260.030360][ T9779] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1164'. [ 260.056970][ T9779] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1164'. [ 260.738991][ T9790] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1170'. [ 261.067294][ T9812] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1177'. [ 261.079383][ T9812] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1177'. [ 261.096071][ T9812] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1177'. [ 261.210802][ T9817] netlink: 'syz.3.1180': attribute type 1 has an invalid length. [ 261.258746][ T9817] 8021q: adding VLAN 0 to HW filter on device bond1 [ 261.786222][ T9817] 8021q: adding VLAN 0 to HW filter on device bond1 [ 261.793036][ T9817] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 261.803825][ T9817] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 262.639954][ T9843] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1186'. [ 263.476163][ T9852] netlink: 'syz.0.1188': attribute type 15 has an invalid length. [ 263.484372][ T9852] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1188'. [ 263.498691][ T9852] netlink: 'syz.0.1188': attribute type 15 has an invalid length. [ 263.506543][ T9852] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1188'. [ 263.537635][ T9639] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0 [ 263.577356][ T9639] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0 [ 263.702239][ T9639] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0 [ 263.772938][ T9639] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0 [ 264.036846][ T9867] netlink: 'syz.2.1190': attribute type 3 has an invalid length. [ 264.751483][ T30] audit: type=1400 audit(1774299360.070:481): avc: denied { kexec_image_load } for pid=9877 comm="syz.2.1196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 264.937037][ T9880] can: request_module (can-proto-0) failed. [ 265.412660][ T9892] libceph: resolve 'c' (ret=-3): failed [ 266.225057][ T9901] overlayfs: failed to clone upperpath [ 266.264249][ T9899] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1191'. [ 266.353751][ T9899] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1191'. [ 266.373003][ T9899] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1191'. [ 268.491153][ T9949] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1215'. [ 268.505407][ T9949] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1215'. [ 268.969100][ T9944] overlayfs: missing 'lowerdir' [ 269.031070][ T9949] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1215'. [ 269.698827][ T9954] netlink: 666 bytes leftover after parsing attributes in process `syz.1.1216'. [ 269.745872][ T30] audit: type=1400 audit(1774299365.070:482): avc: denied { bind } for pid=9956 comm="syz.2.1217" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 269.791457][ T30] audit: type=1400 audit(1774299365.070:483): avc: denied { listen } for pid=9956 comm="syz.2.1217" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 269.848829][ T9959] netlink: 'syz.4.1218': attribute type 9 has an invalid length. [ 270.624316][ T9961] netlink: 'syz.2.1220': attribute type 1 has an invalid length. [ 270.764355][ T9961] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 270.781646][ T9961] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 271.026859][ T9961] bond2: (slave gretap1): making interface the new active one [ 271.051429][ T9961] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 271.105110][ T9972] macvlan2: entered promiscuous mode [ 271.112714][ T9972] macvlan2: entered allmulticast mode [ 271.121201][ T9972] bond2: entered promiscuous mode [ 271.126639][ T9972] gretap1: entered promiscuous mode [ 271.132694][ T9972] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 271.173828][ T9972] bond2: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 271.321759][ T9990] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1228'. [ 271.331100][ T9990] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1228'. [ 271.368008][ T9972] bond2: left promiscuous mode [ 271.383645][ T9972] gretap1: left promiscuous mode [ 271.433752][ T9990] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1228'. [ 271.652670][T10000] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1232'. [ 271.664336][T10000] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1232'. [ 271.673278][T10000] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1232'. [ 271.686926][T10000] netlink: 'syz.4.1232': attribute type 4 has an invalid length. [ 271.695661][T10000] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1232'. [ 271.727316][T10000] .`: renamed from bond0 (while UP) [ 271.932734][T10010] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1236'. [ 272.704209][T10024] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1240'. [ 272.714575][T10024] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1240'. [ 273.115046][ T30] audit: type=1400 audit(1774299368.430:484): avc: denied { getopt } for pid=10032 comm="syz.2.1244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 273.758433][ T30] audit: type=1400 audit(1774299368.430:485): avc: denied { accept } for pid=10032 comm="syz.2.1244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 273.831250][T10042] bond3: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 273.847436][T10042] bond3 (unregistering): Released all slaves [ 274.787316][ T30] audit: type=1400 audit(1774299370.110:486): avc: denied { connect } for pid=10052 comm="syz.2.1250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 275.241332][T10067] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 275.250855][T10067] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 275.259927][T10067] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 275.272234][T10067] overlayfs: missing 'lowerdir' [ 276.435355][T10101] overlay: Unknown parameter 'uid<00000000000000000000' [ 277.853964][T10116] bridge0: port 3(syz_tun) entered blocking state [ 278.008132][T10119] netlink: 'syz.1.1269': attribute type 10 has an invalid length. [ 278.051901][T10116] bridge0: port 3(syz_tun) entered disabled state [ 278.064221][T10116] syz_tun: entered allmulticast mode [ 278.070965][T10116] syz_tun: entered promiscuous mode [ 278.080378][T10116] bridge0: port 3(syz_tun) entered blocking state [ 278.086922][T10116] bridge0: port 3(syz_tun) entered forwarding state [ 279.044056][T10146] __nla_validate_parse: 2 callbacks suppressed [ 279.044076][T10146] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1277'. [ 280.614706][T10185] overlayfs: failed to clone upperpath [ 281.737368][T10206] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1301'. [ 283.021558][T10235] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 283.041609][T10235] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 283.042726][T10239] netlink: 'syz.1.1313': attribute type 1 has an invalid length. [ 283.060141][T10235] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 283.068195][T10235] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 283.116934][T10239] 8021q: adding VLAN 0 to HW filter on device bond2 [ 283.132358][T10241] vlan3: entered allmulticast mode [ 283.138041][T10241] veth0_to_bond: entered allmulticast mode [ 283.171685][T10241] bond2: (slave vlan3): making interface the new active one [ 283.185250][T10241] bond2: (slave vlan3): Enslaving as an active interface with an up link [ 285.955678][T10268] overlayfs: failed to resolve './file2': -2 [ 285.976035][T10268] overlayfs: failed to clone lowerpath [ 286.009956][T10276] openvswitch: netlink: IP tunnel dst address not specified [ 286.036161][T10280] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1325'. [ 286.063139][T10280] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1325'. [ 286.689391][ T30] audit: type=1400 audit(1774299381.890:487): avc: denied { mount } for pid=10292 comm="syz.2.1330" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 287.046856][T10299] overlayfs: failed to clone upperpath [ 289.735719][T10338] dummy0: entered allmulticast mode [ 289.897512][ T822] libceph: connect (1)[c::]:6789 error -22 [ 289.913801][ T822] libceph: mon0 (1)[c::]:6789 connect error [ 289.941698][T10346] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1345'. [ 290.195480][ T822] libceph: connect (1)[c::]:6789 error -22 [ 290.201459][ T822] libceph: mon0 (1)[c::]:6789 connect error [ 290.377706][T10356] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1348'. [ 290.416355][T10338] ceph: No mds server is up or the cluster is laggy [ 290.592063][T10362] syz_tun: entered promiscuous mode [ 290.601043][T10362] macvtap1: entered promiscuous mode [ 290.922570][ T30] audit: type=1400 audit(1774299386.240:488): avc: denied { mount } for pid=10363 comm="syz.3.1352" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 290.945860][T10364] overlayfs: missing 'lowerdir' [ 291.819071][T10377] tmpfs: Bad value for 'mpol' [ 292.846440][ T30] audit: type=1400 audit(1774299388.120:489): avc: denied { write } for pid=10392 comm="syz.1.1360" name="file0" dev="tmpfs" ino=1440 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 293.193881][ T30] audit: type=1400 audit(1774299388.130:490): avc: denied { open } for pid=10392 comm="syz.1.1360" path="/264/file0" dev="tmpfs" ino=1440 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 293.223837][ T30] audit: type=1400 audit(1774299388.130:491): avc: denied { ioctl } for pid=10392 comm="syz.1.1360" path="/264/file0" dev="tmpfs" ino=1440 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 294.725571][ T30] audit: type=1400 audit(1774299390.050:492): avc: denied { create } for pid=10413 comm="syz.3.1366" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1 [ 294.983654][T10423] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10423 comm=syz.4.1369 [ 296.227739][T10456] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1381'. [ 296.386918][T10461] 9p: Bad value for 'wfdno' [ 296.412610][ T30] audit: type=1400 audit(1774299391.730:493): avc: denied { read } for pid=10462 comm="syz.1.1384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 296.522538][T10468] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1386'. [ 298.611626][T10500] netlink: 'syz.1.1397': attribute type 4 has an invalid length. [ 299.054662][T10502] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 299.062125][T10502] IPv6: NLM_F_CREATE should be set when creating new route [ 299.071913][ T30] audit: type=1400 audit(2000000000.780:494): avc: denied { lock } for pid=10501 comm="syz.0.1399" path="socket:[20595]" dev="sockfs" ino=20595 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 300.027147][ T30] audit: type=1800 audit(2000000001.740:495): pid=10508 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.1401" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 300.261356][T10520] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1537 sclass=netlink_route_socket pid=10520 comm=syz.4.1406 [ 300.313421][T10518] netlink: 'syz.4.1406': attribute type 13 has an invalid length. [ 300.321307][T10518] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1406'. [ 300.343725][ T9] Process accounting resumed [ 300.343800][T10520] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1537 sclass=netlink_route_socket pid=10520 comm=syz.4.1406 [ 301.828507][T10538] lo speed is unknown, defaulting to 1000 [ 302.730035][T10544] trusted_key: encrypted_key: insufficient parameters specified [ 302.769947][T10544] netlink: 'syz.3.1410': attribute type 10 has an invalid length. [ 302.789276][T10544] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1410'. [ 302.885176][T10545] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 303.072460][ T30] audit: type=1400 audit(2000000004.780:496): avc: denied { ioctl } for pid=10551 comm="syz.3.1411" path="socket:[20219]" dev="sockfs" ino=20219 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 303.361690][T10555] netlink: 'syz.0.1412': attribute type 1 has an invalid length. [ 303.395344][T10555] netlink: 'syz.0.1412': attribute type 2 has an invalid length. [ 303.418399][T10555] netlink: 'syz.0.1412': attribute type 3 has an invalid length. [ 304.194698][T10571] xt_addrtype: ipv6 BLACKHOLE matching not supported [ 304.709180][T10592] overlayfs: failed to clone upperpath [ 305.249769][T10598] tmpfs: Bad value for 'mpol' [ 305.457079][T10602] overlayfs: failed to clone lowerpath [ 305.723932][T10604] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1424'. [ 307.441163][T10637] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1433'. [ 307.452729][ T30] audit: type=1400 audit(2000000009.150:497): avc: denied { write } for pid=10633 comm="syz.0.1433" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 309.149169][T10664] dummy0: entered promiscuous mode [ 309.159279][T10664] dummy0: left promiscuous mode [ 309.701492][T10670] CIFS mount error: No usable UNC path provided in device string! [ 309.701492][T10670] [ 309.711601][T10670] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 310.166846][T10673] netlink: 'syz.1.1444': attribute type 1 has an invalid length. [ 310.178202][T10673] TCP: TCP_TX_DELAY enabled [ 310.432186][T10683] netlink: 190972 bytes leftover after parsing attributes in process `syz.0.1446'. [ 310.459515][T10685] xt_hashlimit: size too large, truncated to 1048576 [ 311.094540][T10691] tipc: Started in network mode [ 311.115239][T10691] tipc: Node identity fe80000000000000000000000000004, cluster identity 4711 [ 311.128758][T10691] tipc: Enabling of bearer rejected, failed to enable media [ 311.352767][T10704] xt_HMARK: spi-set and port-set can't be combined [ 311.599005][T10707] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1451'. [ 312.346985][T10725] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1456'. [ 313.198932][T10735] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1458'. [ 313.321241][T10735] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1458'. [ 313.337102][T10735] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1458'. [ 313.548846][T10754] overlay: Unknown parameter 'þÿÿú' [ 316.819816][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.828301][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.662656][ T30] audit: type=1400 audit(2000000275.359:498): avc: denied { read } for pid=10809 comm="syz.3.1481" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 318.108660][T10823] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15 sclass=netlink_route_socket pid=10823 comm=syz.0.1482 [ 318.196179][T10776] lo speed is unknown, defaulting to 1000 [ 318.393929][ T30] audit: type=1400 audit(2000000276.109:499): avc: denied { map } for pid=10832 comm="syz.2.1486" path="socket:[21566]" dev="sockfs" ino=21566 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 318.425250][T10840] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1485'. [ 319.469449][T10859] xt_policy: neither incoming nor outgoing policy selected [ 319.905439][ T30] audit: type=1400 audit(2000000277.620:500): avc: denied { lock } for pid=10860 comm="syz.1.1494" path="socket:[21589]" dev="sockfs" ino=21589 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 320.015117][T10863] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 320.543424][T10872] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.1498'. [ 322.453386][T10901] overlay: ./file0 is not a directory [ 322.584671][ T30] audit: type=1400 audit(2000000280.302:501): avc: denied { watch } for pid=10888 comm="syz.0.1501" path="/352/bus/file1" dev="tmpfs" ino=1907 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 322.680212][ T30] audit: type=1400 audit(2000000280.302:502): avc: denied { watch_sb watch_reads } for pid=10888 comm="syz.0.1501" path="/352/bus/file1" dev="tmpfs" ino=1907 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 323.128591][ T30] audit: type=1400 audit(2000000280.832:503): avc: denied { shutdown } for pid=10911 comm="syz.1.1509" laddr=::ffff:172.20.20.170 lport=255 faddr=::ffff:172.20.20.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 324.742081][T10933] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1515'. [ 324.770337][T10933] batadv1: left allmulticast mode [ 324.802651][T10933] batadv1: left promiscuous mode [ 324.818683][T10933] bridge0: port 4(batadv1) entered disabled state [ 324.844242][T10933] bridge0: port 3(batadv0) entered disabled state [ 324.869579][T10933] bridge_slave_1: left allmulticast mode [ 324.875485][T10933] bridge_slave_1: left promiscuous mode [ 324.882514][T10933] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.892093][T10933] bridge_slave_0: left allmulticast mode [ 324.899012][T10933] bridge_slave_0: left promiscuous mode [ 324.941846][T10933] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.975910][T10951] netlink: 'syz.3.1520': attribute type 10 has an invalid length. [ 324.984392][T10951] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1520'. [ 325.239159][ T30] audit: type=1400 audit(2000000282.953:504): avc: denied { listen } for pid=10932 comm="syz.0.1515" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 325.300094][T10933] bond0: (slave bridge0): Releasing backup interface [ 325.319418][ T30] audit: type=1400 audit(2000000282.953:505): avc: denied { accept } for pid=10932 comm="syz.0.1515" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 325.492982][T10951] batadv0: entered promiscuous mode [ 325.498869][T10951] batadv0: entered allmulticast mode [ 325.504438][T10951] bridge0: port 3(batadv0) entered blocking state [ 325.512379][T10951] bridge0: port 3(batadv0) entered disabled state [ 325.521974][T10951] bridge0: port 3(batadv0) entered blocking state [ 325.528699][T10951] bridge0: port 3(batadv0) entered forwarding state [ 325.555098][ T9633] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 325.564931][ T9633] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 325.572299][ T30] audit: type=1400 audit(2000000283.293:506): avc: denied { create } for pid=10958 comm="syz.4.1521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 325.991991][T10968] overlayfs: failed to clone upperpath [ 326.360720][ T30] audit: type=1326 audit(2000000284.083:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10965 comm="syz.3.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0cef9c799 code=0x7ffc0000 [ 326.403286][ T30] audit: type=1326 audit(2000000284.083:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10965 comm="syz.3.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0cef9c799 code=0x7ffc0000 [ 326.611183][ T30] audit: type=1326 audit(2000000284.113:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10965 comm="syz.3.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fa0cef9c799 code=0x7ffc0000 [ 326.638293][ T30] audit: type=1326 audit(2000000284.113:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10965 comm="syz.3.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0cef9c799 code=0x7ffc0000 [ 326.682107][ T30] audit: type=1326 audit(2000000284.113:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10965 comm="syz.3.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa0cef9c799 code=0x7ffc0000 [ 326.739188][T10981] netlink: 186628 bytes leftover after parsing attributes in process `syz.4.1527'. [ 328.819491][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 328.819509][ T30] audit: type=1400 audit(2000000286.545:548): avc: denied { accept } for pid=11018 comm="syz.3.1541" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 328.943219][T11030] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1545'. [ 328.982320][ T30] audit: type=1400 audit(2000000286.705:549): avc: denied { connect } for pid=11029 comm="syz.3.1545" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 329.682872][T11055] netlink: 666 bytes leftover after parsing attributes in process `syz.1.1554'. [ 329.773464][T11059] 9p: Bad value for 'rfdno' [ 329.978391][T11064] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1559'. [ 330.007926][T11064] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1559'. [ 330.296028][T11057] lo speed is unknown, defaulting to 1000 [ 330.793779][ T30] audit: type=1400 audit(2000000288.516:550): avc: denied { write } for pid=11070 comm="syz.2.1561" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 330.852404][ T30] audit: type=1400 audit(2000000288.516:551): avc: denied { read } for pid=11070 comm="syz.2.1561" path="socket:[21229]" dev="sockfs" ino=21229 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 331.963828][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 331.983847][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 332.085960][ T30] audit: type=1400 audit(2000000289.786:552): avc: denied { setopt } for pid=11070 comm="syz.2.1561" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 333.354291][T11101] netlink: 'syz.3.1570': attribute type 2 has an invalid length. [ 333.879147][T11117] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11117 comm=syz.4.1573 [ 333.894121][T11117] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1573'. [ 338.529330][T11200] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1600'. [ 338.780513][ T30] audit: type=1400 audit(2000000296.400:553): avc: denied { mounton } for pid=11195 comm="syz.0.1601" path="/" dev="nullfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 338.975714][ T30] audit: type=1400 audit(2000000296.680:554): avc: denied { ioctl } for pid=11207 comm="syz.4.1604" path="socket:[22065]" dev="sockfs" ino=22065 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 339.004239][T11208] netlink: 'syz.4.1604': attribute type 10 has an invalid length. [ 339.012788][T11208] wlan1: mtu less than device minimum [ 339.018160][T11208] .`: (slave wlan1): Error -22 calling dev_set_mtu [ 340.848421][T11250] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1616'. [ 340.955054][T11255] SELinux: Context system_u:object_r: is not valid (left unmapped). [ 340.965487][ T30] audit: type=1400 audit(2000000298.691:555): avc: denied { relabelto } for pid=11248 comm="syz.3.1617" name="file0" dev="tmpfs" ino=1764 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:" [ 340.996724][ T30] audit: type=1400 audit(2000000298.691:556): avc: denied { associate } for pid=11248 comm="syz.3.1617" name="file0" dev="tmpfs" ino=1764 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:" [ 341.421879][T11259] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1619'. [ 341.486792][ T30] audit: type=1400 audit(2000000299.211:557): avc: denied { rmdir } for pid=5806 comm="syz-executor" name="file0" dev="tmpfs" ino=1764 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:" [ 341.530172][T11265] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1622'. [ 341.636804][T11269] overlayfs: failed to clone upperpath [ 341.921194][T11278] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1627'. [ 342.346619][ T30] audit: type=1400 audit(2000000300.071:558): avc: denied { mounton } for pid=11286 comm="syz.3.1628" path="/file0" dev="ramfs" ino=21491 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 342.434333][T11295] netlink: 'syz.3.1632': attribute type 29 has an invalid length. [ 342.443678][T11295] netlink: 'syz.3.1632': attribute type 29 has an invalid length. [ 342.483294][T11295] netlink: 'syz.3.1632': attribute type 32 has an invalid length. [ 342.491481][T11295] netlink: 500 bytes leftover after parsing attributes in process `syz.3.1632'. [ 342.671325][T11306] overlayfs: failed to clone upperpath [ 342.677576][T11306] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1636'. [ 342.687058][T11307] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1636'. [ 342.698159][T11306] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 342.790654][T11313] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1639'. [ 342.802196][T11313] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1639'. [ 344.341200][T11354] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1652'. [ 344.446505][ T30] audit: type=1326 audit(2000000302.173:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11355 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9619f9c799 code=0x7ffc0000 [ 344.513962][ T30] audit: type=1326 audit(2000000302.183:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11355 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9619f9c799 code=0x7ffc0000 [ 347.469616][T11397] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 347.901497][ T30] audit: type=1400 audit(2000000305.274:561): avc: denied { mount } for pid=11393 comm="syz.3.1664" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 349.157662][T11418] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1672'. [ 349.248413][T11426] macvlan3: entered promiscuous mode [ 349.253709][T11426] macvlan3: entered allmulticast mode [ 349.325507][T11426] bond0: entered promiscuous mode [ 349.330896][T11426] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 349.576022][T11426] bond0: left promiscuous mode [ 350.573809][T11446] sctp: [Deprecated]: syz.2.1679 (pid 11446) Use of int in max_burst socket option deprecated. [ 350.573809][T11446] Use struct sctp_assoc_value instead [ 350.617698][T11446] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1679'. [ 350.671887][T11448] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1680'. [ 351.042889][ T30] audit: type=1400 audit(2000000308.776:562): avc: denied { write } for pid=11463 comm="syz.0.1685" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 351.739458][ T30] audit: type=1400 audit(2000000309.466:563): avc: denied { getopt } for pid=11472 comm="syz.2.1688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 351.777602][T11474] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1688'. [ 352.251292][T11485] netlink: 'syz.4.1692': attribute type 10 has an invalid length. [ 352.262348][T11485] wlan1: mtu less than device minimum [ 352.268014][T11485] .`: (slave wlan1): Error -22 calling dev_set_mtu [ 353.616047][T11518] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 354.590326][T11527] lo speed is unknown, defaulting to 1000 [ 355.550284][T11539] netlink: 180 bytes leftover after parsing attributes in process `syz.2.1704'. [ 355.563307][T11539] overlayfs: missing 'lowerdir' [ 355.619780][T11540] netlink: 'syz.2.1704': attribute type 9 has an invalid length. [ 355.628246][T11540] netlink: 'syz.2.1704': attribute type 11 has an invalid length. [ 355.636628][T11540] netlink: 'syz.2.1704': attribute type 12 has an invalid length. [ 355.645007][T11540] netlink: 210020 bytes leftover after parsing attributes in process `syz.2.1704'. [ 355.654947][T11540] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1704'. [ 355.965799][T11544] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1706'. [ 356.987236][T11560] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1710'. [ 358.155140][T11587] openvswitch: netlink: VXLAN extension 111 out of range max 1 [ 359.177467][T11593] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1719'. [ 359.528172][T11595] overlayfs: failed to clone upperpath [ 361.249199][ T30] audit: type=1400 audit(2000000318.981:564): avc: denied { ioctl } for pid=11630 comm="syz.0.1730" path="socket:[23012]" dev="sockfs" ino=23012 ioctlcmd=0x8902 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 361.347892][ T30] audit: type=1400 audit(2000000319.011:565): avc: denied { read } for pid=11630 comm="syz.0.1730" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 361.476668][ T30] audit: type=1400 audit(2000000319.211:566): avc: denied { name_bind } for pid=11635 comm="syz.1.1733" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 361.569245][ T30] audit: type=1400 audit(2000000319.241:567): avc: denied { node_bind } for pid=11635 comm="syz.1.1733" saddr=172.20.20.170 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 363.527868][T11676] bond2: (slave vlan3): Releasing active interface [ 363.565064][T11676] bond0: (slave bond_slave_0): Releasing backup interface [ 363.697552][T11670] lo speed is unknown, defaulting to 1000 [ 364.017203][T11693] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=272 sclass=netlink_route_socket pid=11693 comm=syz.0.1751 [ 364.278990][T11704] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1754'. [ 365.008491][T11732] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1762'. [ 365.635276][T11747] openvswitch: netlink: IP tunnel TTL not specified. [ 366.371358][T11760] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1769'. [ 366.378899][T11762] netlink: 'syz.1.1767': attribute type 4 has an invalid length. [ 366.416293][T11760] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1769'. [ 368.864914][T11804] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.213515][T11804] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.771391][T11804] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.846421][T11804] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.045383][ T9639] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.079317][ T86] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.102369][ T86] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.143071][ T86] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.203739][T11842] tipc: Enabling of bearer rejected, failed to enable media [ 371.756879][T11862] 9p: Bad value for 'rfdno' [ 373.484603][T11887] netlink: 'syz.2.1809': attribute type 1 has an invalid length. [ 373.513662][T11887] 8021q: adding VLAN 0 to HW filter on device bond3 [ 373.547638][T11887] bond3: (slave geneve2): making interface the new active one [ 373.556359][T11887] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 375.902892][T11930] xt_hashlimit: size too large, truncated to 1048576 [ 375.969187][T11931] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1820'. [ 378.084352][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.090665][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.366692][T11949] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1825'. [ 379.509773][T11952] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 379.662652][T11959] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1829'. [ 379.671691][ T30] audit: type=1400 audit(2000000337.410:568): avc: denied { bind } for pid=11958 comm="syz.2.1829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 380.047586][T11965] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1832'. [ 380.824641][T11985] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1840'. [ 381.630791][T12001] 9p: Bad value for 'rfdno' [ 381.660941][T12003] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 381.828708][T12009] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1845'. [ 382.547292][T12020] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 382.826709][T12031] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1858'. [ 382.994115][ T30] audit: type=1400 audit(2000000340.742:569): avc: denied { setopt } for pid=12033 comm="syz.1.1860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 384.226790][T12073] bond3 (unregistering): Released all slaves [ 384.283170][T12060] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1869'. [ 384.293500][T12060] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1869'. [ 384.383030][T12082] futex_wake_op: syz.1.1876 tries to shift op by -1; fix this program [ 386.068336][T12104] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1884'. [ 386.831117][T12106] lo speed is unknown, defaulting to 1000 [ 388.507636][T12149] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1896'. [ 388.634877][ T30] audit: type=1400 audit(2000000346.255:570): avc: denied { getopt } for pid=12146 comm="syz.2.1896" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 389.520393][T12159] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1899'. [ 389.718142][ T30] audit: type=1400 audit(2000000000.030:571): avc: denied { getopt } for pid=12154 comm="syz.4.1898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 389.749293][T12156] bridge0: entered promiscuous mode [ 389.776931][T12156] bridge0: port 3(vlan2) entered blocking state [ 389.793498][T12174] ./file0: Can't lookup blockdev [ 389.812281][T12156] bridge0: port 3(vlan2) entered disabled state [ 389.869040][T12156] vlan2: entered allmulticast mode [ 389.875940][T12156] bridge0: entered allmulticast mode [ 389.916705][T12178] nftables ruleset with unbound chain [ 389.922698][T12156] vlan2: left allmulticast mode [ 389.928795][T12156] bridge0: left allmulticast mode [ 389.974423][T12156] bridge0: left promiscuous mode [ 390.259393][T12187] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1907'. [ 391.026798][T12200] No such timeout policy "syz0" [ 391.241429][T12205] netlink: 'syz.2.1913': attribute type 12 has an invalid length. [ 391.249789][T12205] netlink: 'syz.2.1913': attribute type 29 has an invalid length. [ 391.258060][T12205] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1913'. [ 391.344551][T12209] netlink: 1788 bytes leftover after parsing attributes in process `syz.2.1917'. [ 392.216318][T12229] tmpfs: Bad value for 'mpol' [ 392.467641][T12233] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1925'. [ 392.957947][ T5128] Bluetooth: hci2: unexpected event for opcode 0x1003 [ 393.346345][T12250] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54272 sclass=netlink_route_socket pid=12250 comm=syz.0.1931 [ 393.380857][T12250] syz.0.1931 (12250): attempted to duplicate a private mapping with mremap. This is not supported. [ 394.045074][T12256] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 394.240732][ T5128] Bluetooth: hci2: unexpected event for opcode 0x0c26 [ 394.953453][T12278] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1930'. [ 395.152491][T12283] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 395.900831][T12296] 9p: Bad value for 'rfdno' [ 395.905703][T12295] 9p: Bad value for 'rfdno' [ 396.041091][T12304] netlink: 'syz.2.1945': attribute type 10 has an invalid length. [ 396.090572][T12305] tmpfs: Bad value for 'mpol' [ 396.376748][T12311] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1947'. [ 396.405474][T12313] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 397.032061][ T5128] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 397.041506][ T5128] Bluetooth: hci2: Injecting HCI hardware error event [ 397.049780][ T5812] Bluetooth: hci2: hardware error 0x00 [ 397.469476][T12335] fuse: Bad value for 'fd' [ 398.782429][T12353] could not open pipe file descriptor [ 399.291406][T12362] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1965'. [ 399.669762][ T5812] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 400.341295][T12390] tmpfs: Bad value for 'mpol' [ 401.054761][T12399] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1979'. [ 401.686410][ T5812] Bluetooth: hci0: hardware error 0x02 [ 401.901642][T12419] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 401.920978][T12419] netlink: 'syz.2.1985': attribute type 3 has an invalid length. [ 402.018101][T12419] netlink: 'syz.2.1985': attribute type 3 has an invalid length. [ 402.203502][T12419] netlink: 'syz.2.1985': attribute type 3 has an invalid length. [ 402.254418][T12419] netlink: 'syz.2.1985': attribute type 3 has an invalid length. [ 402.274280][T12419] netlink: 'syz.2.1985': attribute type 3 has an invalid length. [ 402.290402][T12419] netlink: 'syz.2.1985': attribute type 3 has an invalid length. [ 402.301722][T12419] netlink: 'syz.2.1985': attribute type 3 has an invalid length. [ 402.319607][T12419] netlink: 'syz.2.1985': attribute type 3 has an invalid length. [ 402.330418][T12419] netlink: 'syz.2.1985': attribute type 3 has an invalid length. [ 402.381925][T12419] netlink: 'syz.2.1985': attribute type 3 has an invalid length. [ 402.414867][ T30] audit: type=1400 audit(2000000012.716:572): avc: denied { setopt } for pid=12436 comm="syz.4.1989" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 402.747529][T12446] tmpfs: Bad value for 'mpol' [ 403.364989][T12453] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 403.461392][ T30] audit: type=1400 audit(2000000013.706:573): avc: denied { map } for pid=12452 comm="syz.1.1994" path="socket:[25201]" dev="sockfs" ino=25201 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 403.494131][T12455] overlayfs: failed to clone lowerpath [ 403.517136][ T30] audit: type=1400 audit(2000000013.706:574): avc: denied { read } for pid=12452 comm="syz.1.1994" path="socket:[25201]" dev="sockfs" ino=25201 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 403.526939][T12457] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1996'. [ 403.748024][ T5812] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 404.270221][T12473] netlink: 566 bytes leftover after parsing attributes in process `syz.4.2001'. [ 404.493615][T12483] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2004'. [ 404.668738][T12517] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2005'. [ 404.845324][T12563] tmpfs: Bad value for 'mpol' [ 404.972940][T12587] overlayfs: failed to clone upperpath [ 404.981026][T12485] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2000'. [ 405.427341][T13031] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2003'. [ 405.436369][T13031] batadv0: entered promiscuous mode [ 405.442222][T13031] batadv0: entered allmulticast mode [ 405.449927][T13031] bridge0: port 3(batadv0) entered blocking state [ 405.456493][T13031] bridge0: port 3(batadv0) entered disabled state [ 405.471731][T13031] bridge0: port 3(batadv0) entered blocking state [ 405.478299][T13031] bridge0: port 3(batadv0) entered forwarding state [ 405.555768][ T12] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 405.565659][ T12] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 406.088923][T13083] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2011'. [ 406.802332][T13128] overlayfs: failed to clone upperpath [ 406.832309][T13128] overlayfs: failed to clone upperpath [ 407.679482][ T30] audit: type=1400 audit(2000000017.898:575): avc: denied { write } for pid=13416 comm="syz.4.2017" path="socket:[25960]" dev="sockfs" ino=25960 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 409.572537][T13463] tmpfs: Bad value for 'mpol' [ 409.585234][T13468] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2030'. [ 409.618086][T13468] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2030'. [ 409.644808][T13474] vlan2: entered promiscuous mode [ 409.650784][T13474] vlan2: entered allmulticast mode [ 409.657142][T13474] hsr_slave_1: entered allmulticast mode [ 409.828464][T13480] 9p: Bad value for 'rfdno' [ 410.085407][ T30] audit: type=1326 audit(2000000020.330:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13475 comm="syz.2.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 410.267885][ T30] audit: type=1326 audit(2000000020.330:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13475 comm="syz.2.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 410.314706][ T30] audit: type=1326 audit(2000000020.330:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13475 comm="syz.2.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 410.358011][ T30] audit: type=1326 audit(2000000020.330:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13475 comm="syz.2.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 410.402308][ T30] audit: type=1326 audit(2000000020.330:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13475 comm="syz.2.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 410.427962][ T30] audit: type=1326 audit(2000000020.330:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13475 comm="syz.2.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 410.446492][T13494] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2038'. [ 410.451777][ T30] audit: type=1326 audit(2000000020.340:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13475 comm="syz.2.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 410.484985][ T30] audit: type=1326 audit(2000000020.340:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13475 comm="syz.2.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 410.508911][ T30] audit: type=1326 audit(2000000020.340:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13475 comm="syz.2.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 410.595580][T13494] gretap0: entered promiscuous mode [ 410.601327][T13494] macvtap1: entered promiscuous mode [ 410.606893][T13494] macvtap1: entered allmulticast mode [ 410.612273][T13494] gretap0: entered allmulticast mode [ 410.636855][T13494] IPv6: NLM_F_CREATE should be specified when creating new route [ 410.647060][T13500] validate_nla: 42 callbacks suppressed [ 410.647078][T13500] netlink: 'syz.2.2042': attribute type 4 has an invalid length. [ 411.149840][T13519] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2045'. [ 411.273784][T13521] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 411.945976][T13542] netlink: 'syz.3.2050': attribute type 10 has an invalid length. [ 411.954471][T13542] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2050'. [ 411.963450][T13542] bond0: entered promiscuous mode [ 411.969132][T13542] bond_slave_0: entered promiscuous mode [ 411.976169][T13542] bond_slave_1: entered promiscuous mode [ 411.982569][T13542] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 411.991533][T13542] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 412.000648][T13542] bridge0: port 4(bond0) entered blocking state [ 412.008217][T13542] bridge0: port 4(bond0) entered disabled state [ 412.015667][T13542] bond0: entered allmulticast mode [ 412.020992][T13542] bond_slave_0: entered allmulticast mode [ 412.027320][T13542] bond_slave_1: entered allmulticast mode [ 412.033126][T13542] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 412.042173][T13542] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 412.090526][T13542] bridge0: port 4(bond0) entered blocking state [ 412.096895][T13542] bridge0: port 4(bond0) entered forwarding state [ 413.694482][T13581] IPv6: Can't replace route, no match found [ 414.671240][T13599] netlink: 'syz.1.2073': attribute type 12 has an invalid length. [ 414.692624][T13599] netlink: 'syz.1.2073': attribute type 29 has an invalid length. [ 414.708368][T13599] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2073'. [ 414.722479][T13599] netlink: 'syz.1.2073': attribute type 1 has an invalid length. [ 414.739329][T13599] netlink: 'syz.1.2073': attribute type 2 has an invalid length. [ 414.748313][T13599] netlink: 7 bytes leftover after parsing attributes in process `syz.1.2073'. [ 414.783324][T13599] trusted_key: encrypted_key: master key parameter ':syz' is invalid [ 415.293197][T13610] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2075'. [ 415.951132][T13629] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2081'. [ 416.235807][T13637] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2082'. [ 416.244973][T13637] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2082'. [ 416.655775][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 416.655794][ T30] audit: type=1400 audit(2000000026.473:596): avc: denied { ioctl } for pid=13626 comm="syz.3.2080" path="socket:[26207]" dev="sockfs" ino=26207 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 416.707809][T13639] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2082'. [ 417.428791][ T5924] libceph: connect (1)[c::]:6789 error -101 [ 417.444773][ T5924] libceph: mon0 (1)[c::]:6789 connect error [ 417.633152][T13649] ceph: No mds server is up or the cluster is laggy [ 419.783201][T13685] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2095'. [ 419.811569][T13688] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2094'. [ 420.569987][T13698] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 420.622220][T13700] ipt_ECN: cannot use operation on non-tcp rule [ 421.286109][T13708] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 421.641253][T13723] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2105'. [ 422.092805][T13726] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2110'. [ 422.372358][T13721] netlink: 'syz.4.2108': attribute type 21 has an invalid length. [ 422.381122][T13721] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2108'. [ 422.391262][T13721] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2108'. [ 422.403847][T13721] netlink: 'syz.4.2108': attribute type 21 has an invalid length. [ 422.412870][T13721] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2108'. [ 422.511977][T13721] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2108'. [ 424.309785][ T9642] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 424.321503][ T9642] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 424.645429][T13769] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 424.659991][T13769] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2123'. [ 425.700693][ T30] audit: type=1400 audit(2000000036.028:597): avc: denied { map } for pid=13771 comm="syz.3.2124" path="socket:[26827]" dev="sockfs" ino=26827 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 425.734596][T13772] netlink: 'syz.3.2124': attribute type 21 has an invalid length. [ 425.742672][T13772] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2124'. [ 427.225979][T13800] overlayfs: missing 'lowerdir' [ 427.728248][T13828] fuse: Unknown parameter '184467440737095516150x0000000000000007000000000000000000000030x000000000000000600000000000000000000' [ 428.462108][T13869] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2153'. [ 428.622129][T13872] No such timeout policy "syz0" [ 429.462991][T13884] overlayfs: failed to clone upperpath [ 431.282461][T13916] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2170'. [ 431.291811][T13916] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2170'. [ 431.323757][T13920] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2170'. [ 431.367246][T13920] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2170'. [ 431.461536][T13928] netlink: 798 bytes leftover after parsing attributes in process `syz.4.2172'. [ 431.677636][T13944] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2175'. [ 433.846896][T13967] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 434.068355][T13978] netlink: 'syz.0.2189': attribute type 10 has an invalid length. [ 434.138110][T13981] overlayfs: failed to clone upperpath [ 435.206777][ T30] audit: type=1326 audit(2000000045.532:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13998 comm="syz.4.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1312f9c799 code=0x7fc00000 [ 435.296259][T14011] xt_hashlimit: size too large, truncated to 1048576 [ 435.305444][ T30] audit: type=1326 audit(2000000045.532:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13998 comm="syz.4.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f1312f9c799 code=0x7fc00000 [ 435.392176][ T30] audit: type=1326 audit(2000000045.532:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13998 comm="syz.4.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1312f9c799 code=0x7fc00000 [ 435.512047][ T30] audit: type=1326 audit(2000000045.532:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13998 comm="syz.4.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1312f9c799 code=0x7fc00000 [ 435.574830][ T30] audit: type=1326 audit(2000000045.532:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13998 comm="syz.4.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1312f9c799 code=0x7fc00000 [ 435.739601][T14020] overlayfs: failed to clone upperpath [ 435.817962][ T30] audit: type=1326 audit(2000000045.532:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13998 comm="syz.4.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1312f9c799 code=0x7fc00000 [ 435.843544][ T30] audit: type=1326 audit(2000000045.532:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13998 comm="syz.4.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1312f9c799 code=0x7fc00000 [ 435.869514][ T30] audit: type=1326 audit(2000000045.532:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13998 comm="syz.4.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1312f9c799 code=0x7fc00000 [ 435.906047][ T30] audit: type=1326 audit(2000000045.532:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13998 comm="syz.4.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1312f9c799 code=0x7fc00000 [ 435.959496][ T30] audit: type=1326 audit(2000000045.532:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13998 comm="syz.4.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1312f9c799 code=0x7fc00000 [ 436.527906][T14047] 9p: Bad value for 'rfdno' [ 436.584551][T14055] netlink: 'syz.1.2212': attribute type 13 has an invalid length. [ 436.652339][T14058] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 436.918945][T14077] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2216'. [ 437.516233][T14100] lo speed is unknown, defaulting to 1000 [ 437.760715][T14101] netlink: 'syz.0.2225': attribute type 39 has an invalid length. [ 438.062841][T14120] netlink: 180 bytes leftover after parsing attributes in process `syz.2.2230'. [ 438.073781][T14120] overlayfs: failed to clone upperpath [ 438.553364][T14138] overlayfs: failed to clone upperpath [ 438.563894][T14136] netlink: 'syz.3.2236': attribute type 1 has an invalid length. [ 438.574590][T14136] netlink: 2108 bytes leftover after parsing attributes in process `syz.3.2236'. [ 438.718696][T14141] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 439.782809][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.789162][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.355534][T14173] tipc: Enabling of bearer rejected, failed to enable media [ 443.153168][T14209] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=14209 comm=syz.2.2257 [ 443.720871][T14231] netlink: 'syz.2.2262': attribute type 10 has an invalid length. [ 443.728927][T14231] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2262'. [ 444.822654][T14248] overlayfs: failed to clone upperpath [ 445.260000][T14241] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2268'. [ 445.279936][T14241] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2268'. [ 445.408285][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 445.408302][ T30] audit: type=1400 audit(2000000055.737:628): avc: denied { map } for pid=14240 comm="syz.4.2268" path="socket:[28081]" dev="sockfs" ino=28081 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 445.515706][T14261] netlink: 'syz.3.2274': attribute type 3 has an invalid length. [ 445.534897][ T30] audit: type=1400 audit(2000000055.747:629): avc: denied { read } for pid=14240 comm="syz.4.2268" path="socket:[28081]" dev="sockfs" ino=28081 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 445.595389][T14264] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14264 comm=syz.0.2275 [ 446.525584][ T30] audit: type=1326 audit(2000000056.858:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14275 comm="syz.2.2280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 446.656749][ T30] audit: type=1326 audit(2000000056.888:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14275 comm="syz.2.2280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 446.710091][ T30] audit: type=1326 audit(2000000056.888:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14275 comm="syz.2.2280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 446.752129][T14287] netlink: 'syz.3.2284': attribute type 1 has an invalid length. [ 446.777956][ T30] audit: type=1326 audit(2000000056.888:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14275 comm="syz.2.2280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 446.813782][ T30] audit: type=1326 audit(2000000056.888:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14275 comm="syz.2.2280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 447.267943][ T30] audit: type=1326 audit(2000000056.888:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14275 comm="syz.2.2280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 447.291546][ T30] audit: type=1326 audit(2000000056.888:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14275 comm="syz.2.2280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 447.315324][ T30] audit: type=1326 audit(2000000056.888:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14275 comm="syz.2.2280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 447.345752][T14287] 8021q: adding VLAN 0 to HW filter on device bond2 [ 447.710488][T14290] vlan0: entered allmulticast mode [ 447.725032][T14290] veth0_to_bond: entered allmulticast mode [ 447.750987][T14290] bond2: (slave vlan0): making interface the new active one [ 447.770901][T14290] bond2: (slave vlan0): Enslaving as an active interface with an up link [ 447.881870][T14305] fuse: Bad value for 'fd' [ 447.971841][T14305] lo speed is unknown, defaulting to 1000 [ 449.243249][T14336] overlayfs: failed to clone upperpath [ 452.665334][T14396] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2317'. [ 452.681667][ T30] kauditd_printk_skb: 42 callbacks suppressed [ 452.681678][ T30] audit: type=1400 audit(2000000063.011:680): avc: denied { read } for pid=14391 comm="syz.1.2318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 453.880989][T14416] 9p: Bad value for 'rfdno' [ 455.291365][T14443] tmpfs: Bad value for 'mpol' [ 456.725954][T14459] netlink: 'syz.2.2336': attribute type 3 has an invalid length. [ 457.964362][T14489] batadv_slave_0: Caught tx_queue_len zero misconfig [ 459.674583][T14503] lo speed is unknown, defaulting to 1000 [ 459.710691][ C1] vcan0: j1939_tp_rxtimer: 0xffff888076b64800: rx timeout, send abort [ 459.720813][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888076b64800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 459.747321][ T30] audit: type=1400 audit(2000000070.085:681): avc: denied { read } for pid=5159 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 460.906446][ T30] audit: type=1400 audit(2000000070.085:682): avc: denied { search } for pid=5159 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 461.779769][T14513] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2350'. [ 461.829001][ T30] audit: type=1400 audit(2000000070.085:683): avc: denied { search } for pid=5159 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 461.904065][ T30] audit: type=1400 audit(2000000070.085:684): avc: denied { add_name } for pid=5159 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 461.947990][ T30] audit: type=1400 audit(2000000070.085:685): avc: denied { create } for pid=5159 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 462.029113][ T30] audit: type=1400 audit(2000000070.085:686): avc: denied { append open } for pid=5159 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 462.127860][ T30] audit: type=1400 audit(2000000070.085:687): avc: denied { getattr } for pid=5159 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 462.207804][ T30] audit: type=1400 audit(2000000072.176:688): avc: denied { create } for pid=14519 comm="syz.0.2353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 462.387211][ T30] audit: type=1400 audit(2000000072.176:689): avc: denied { ioctl } for pid=14519 comm="syz.0.2353" path="socket:[28748]" dev="sockfs" ino=28748 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 462.464639][ T30] audit: type=1400 audit(2000000072.176:690): avc: denied { bind } for pid=14519 comm="syz.0.2353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 462.479984][T14541] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2355'. [ 462.493431][T14541] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 462.621138][T14541] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 463.258688][T14559] netlink: 'syz.3.2361': attribute type 5 has an invalid length. [ 463.294388][ T5924] libceph: connect (1)[c::]:6789 error -22 [ 463.300571][ T5924] libceph: mon0 (1)[c::]:6789 connect error [ 463.394690][T14566] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65296 sclass=netlink_route_socket pid=14566 comm=syz.3.2363 [ 463.457763][T14561] ceph: No mds server is up or the cluster is laggy [ 463.558416][ T5924] libceph: connect (1)[c::]:6789 error -22 [ 463.564433][ T5924] libceph: mon0 (1)[c::]:6789 connect error [ 463.932961][T14585] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2367'. [ 465.079543][T14576] lo speed is unknown, defaulting to 1000 [ 465.297333][T14612] ksmbd: Unknown IPC event: 4, ignore. [ 465.841858][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 465.841870][ T30] audit: type=1326 audit(2000000076.188:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14617 comm="syz.3.2377" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa0cef9c799 code=0x0 [ 465.893216][T14625] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.2377'. [ 467.444836][ T30] audit: type=1800 audit(2000000077.788:695): pid=14647 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.2385" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0 [ 468.836989][ T30] audit: type=1400 audit(2000000079.179:696): avc: denied { setopt } for pid=14653 comm="syz.4.2386" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 468.838694][T14654] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2386'. [ 469.108239][ T30] audit: type=1400 audit(2000000079.449:697): avc: denied { node_bind } for pid=14657 comm="syz.4.2387" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 469.881110][T14671] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2390'. [ 469.903451][T14671] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 469.981204][T14671] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 471.321998][T14712] netlink: 43 bytes leftover after parsing attributes in process `syz.3.2397'. [ 471.331172][T14712] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2397'. [ 472.772371][T15616] netlink: 'syz.4.2405': attribute type 2 has an invalid length. [ 472.781654][T15616] overlayfs: failed to clone upperpath [ 472.873623][T15623] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2408'. [ 472.913330][T15623] bridge0: port 3(batadv0) entered disabled state [ 472.931495][T15623] bridge_slave_1: left allmulticast mode [ 472.948369][T15623] bridge_slave_1: left promiscuous mode [ 472.968570][T15623] bridge0: port 2(bridge_slave_1) entered disabled state [ 472.979002][ T30] audit: type=1400 audit(473.070:698): avc: denied { map } for pid=15622 comm="syz.4.2408" path="socket:[29970]" dev="sockfs" ino=29970 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 473.019777][T15623] bridge_slave_0: left allmulticast mode [ 473.035039][T15623] bridge_slave_0: left promiscuous mode [ 473.040994][T15632] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2409'. [ 473.050282][ T30] audit: type=1400 audit(473.070:699): avc: denied { read accept } for pid=15622 comm="syz.4.2408" path="socket:[29970]" dev="sockfs" ino=29970 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 473.075128][T15623] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.272459][T15638] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 473.518358][T15648] netlink: 'syz.3.2415': attribute type 10 has an invalid length. [ 476.380101][T15693] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 476.646217][T15693] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 476.878171][T15765] batadv_slave_0: Caught tx_queue_len zero misconfig [ 478.245002][T16054] ip6tnl0: Caught tx_queue_len zero misconfig [ 478.337102][T16056] netlink: 2796 bytes leftover after parsing attributes in process `syz.4.2440'. [ 478.408444][T16057] sctp: [Deprecated]: syz.2.2442 (pid 16057) Use of int in maxseg socket option. [ 478.408444][T16057] Use struct sctp_assoc_value instead [ 479.564406][T16077] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2450'. [ 480.012112][T16077] : entered promiscuous mode [ 480.084734][T16083] cgroup: Need name or subsystem set [ 480.183539][T16083] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2451'. [ 480.769955][T16093] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7952 sclass=netlink_route_socket pid=16093 comm=syz.3.2453 [ 480.786848][T16093] netlink: 'syz.3.2453': attribute type 10 has an invalid length. [ 480.794755][T16093] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2453'. [ 481.379765][ T30] audit: type=1326 audit(2000000005.170:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16098 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a2bb9c799 code=0x7ffc0000 [ 481.551629][T16130] overlayfs: missing 'lowerdir' [ 481.578834][ T30] audit: type=1326 audit(2000000005.170:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16098 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a2bb9c799 code=0x7ffc0000 [ 481.668820][ T30] audit: type=1326 audit(2000000005.170:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16098 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f0a2bb9c799 code=0x7ffc0000 [ 481.682515][T16135] netlink: 'syz.1.2465': attribute type 1 has an invalid length. [ 481.731595][ T30] audit: type=1326 audit(2000000005.170:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16098 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a2bb9c799 code=0x7ffc0000 [ 482.042506][ T30] audit: type=1326 audit(2000000005.170:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16098 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f0a2bb9c799 code=0x7ffc0000 [ 482.217114][ T30] audit: type=1326 audit(2000000005.170:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16098 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a2bb9c799 code=0x7ffc0000 [ 482.374215][ T30] audit: type=1326 audit(2000000005.170:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16098 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a2bb9c799 code=0x7ffc0000 [ 482.398137][ T30] audit: type=1326 audit(2000000005.170:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16098 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f0a2bb9c799 code=0x7ffc0000 [ 482.529655][ T30] audit: type=1326 audit(2000000005.180:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16098 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a2bb9c799 code=0x7ffc0000 [ 482.620492][ T30] audit: type=1326 audit(2000000005.180:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16098 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f0a2bb9c799 code=0x7ffc0000 [ 483.188474][T16161] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2471'. [ 483.882083][T16171] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1 sclass=netlink_route_socket pid=16171 comm=syz.3.2474 [ 483.895981][T16171] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2474'. [ 484.154747][T16184] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 484.957051][T16187] overlay: Unknown parameter 'smackfshat' [ 487.606792][T16220] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2491'. [ 487.826174][T16222] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2493'. [ 487.907301][T16224] overlayfs: empty lowerdir [ 488.055269][T16226] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2494'. [ 488.487363][T16237] veth0_to_hsr: Caught tx_queue_len zero misconfig [ 489.258848][T16251] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2500'. [ 489.278806][T16251] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 489.375515][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 489.375531][ T30] audit: type=1400 audit(2000000013.220:749): avc: denied { setopt } for pid=16256 comm="syz.1.2501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 489.414773][ T30] audit: type=1400 audit(2000000013.260:750): avc: denied { write } for pid=16256 comm="syz.1.2501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 490.163516][T16268] netlink: 'syz.1.2505': attribute type 1 has an invalid length. [ 490.231267][T16268] bond4: entered promiscuous mode [ 490.275879][T16268] bond4: entered allmulticast mode [ 490.316096][T16268] 8021q: adding VLAN 0 to HW filter on device bond4 [ 490.412385][T16273] bridge4: entered promiscuous mode [ 490.445238][T16273] bridge4: entered allmulticast mode [ 490.452218][ T9629] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 490.480817][T16273] bond4: (slave bridge4): Enslaving as an active interface with an up link [ 490.584214][ T9629] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 490.993731][ T30] audit: type=1400 audit(2000000014.840:751): avc: denied { connect } for pid=16302 comm="syz.0.2514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 491.559443][T16316] overlayfs: failed to clone upperpath [ 491.606501][T16318] netlink: 348 bytes leftover after parsing attributes in process `syz.2.2516'. [ 491.626250][ T30] audit: type=1326 audit(2000000015.470:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16312 comm="syz.2.2516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 491.802021][ T30] audit: type=1326 audit(2000000015.470:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16312 comm="syz.2.2516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7904d9c799 code=0x7ffc0000 [ 491.915580][ T30] audit: type=1400 audit(2000000015.760:754): avc: denied { map } for pid=16321 comm="syz.4.2520" path="pipe:[29644]" dev="pipefs" ino=29644 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 492.117623][ T30] audit: type=1326 audit(2000000015.960:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16326 comm="syz.4.2521" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1312f9c799 code=0x0 [ 492.236874][T16343] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2519'. [ 492.246067][T16343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 492.451604][T16343] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 492.724080][T16351] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2525'. [ 492.840472][T16355] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 494.349271][T16396] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2539'. [ 494.460643][T16404] 9pnet_fd: Insufficient options for proto=fd [ 494.664277][T16404] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2540'. [ 494.780078][T16415] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 495.460484][T16392] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2538'. [ 495.710877][T16407] bond5: option arp_validate: invalid value (18446744073709551615) [ 495.836330][T16407] bond5 (unregistering): Released all slaves [ 495.901401][T16430] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2548'. [ 497.679592][T16450] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2555'. [ 497.975752][T16459] xt_NFQUEUE: number of total queues is 0 [ 499.765082][T16515] BUG: Bad page state in process syz.2.2579 pfn:7b784 [ 499.772007][T16515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807b784000 pfn:0x7b784 [ 499.782086][T16515] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 499.789205][T16515] raw: 00fff00000000000 dead000000000040 ffff88801bbcb000 0000000000000000 [ 499.797798][T16515] raw: ffff88807b784000 3fffffffffffffff 00000000ffffffff 0000000000000000 [ 499.806374][T16515] page dumped because: page_pool leak [ 499.811740][T16515] page_owner tracks the page as allocated [ 499.817476][T16515] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16515, tgid 16514 (syz.2.2579), ts 499765023097, free_ts 499581059293 [ 499.817865][T16516] BUG: Bad page state in process syz.2.2579 pfn:37267 [ 499.834709][T16515] post_alloc_hook+0x153/0x170 [ 499.834746][T16515] get_page_from_freelist+0x111d/0x3140 [ 499.841579][T16516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888037267000 pfn:0x37267 [ 499.846359][T16515] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 499.851938][T16516] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 499.861962][T16515] alloc_pages_bulk_noprof+0x782/0x1490 [ 499.868149][T16516] raw: 00fff00000000000 dead000000000040 ffff88801bbc8000 0000000000000000 [ 499.875227][T16515] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 499.880755][T16516] raw: ffff888037267000 3fffffffffffffff 00000000ffffffff 0000000000000000 [ 499.889320][T16515] page_pool_alloc_netmems+0xc4/0x1a0 [ 499.895371][T16516] page dumped because: page_pool leak [ 499.895381][T16516] page_owner tracks the page as allocated [ 499.903943][T16515] page_pool_alloc_frag_netmem+0x21d/0xa00 [ 499.909285][T16516] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16516, tgid 16514 (syz.2.2579), ts 499817793264, free_ts 499682354762 [ 499.914639][T16515] skb_pp_cow_data+0x5be/0xea0 [ 499.920328][T16516] post_alloc_hook+0x153/0x170 [ 499.926129][T16515] skb_cow_data_for_xdp+0x88/0xb0 [ 499.926153][T16515] do_xdp_generic+0x56b/0x12c0 [ 499.943321][T16516] get_page_from_freelist+0x111d/0x3140 [ 499.948054][T16515] tun_get_user+0x1bd2/0x3e10 [ 499.952809][T16516] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 499.957813][T16515] tun_chr_write_iter+0xdc/0x200 [ 499.962561][T16516] alloc_pages_bulk_noprof+0x782/0x1490 [ 499.968070][T16515] vfs_write+0x6ac/0x1070 [ 499.972729][T16516] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 499.978585][T16515] ksys_write+0x12a/0x250 [ 499.983507][T16516] page_pool_alloc_netmems+0xc4/0x1a0 [ 499.989018][T16515] do_syscall_64+0x106/0xf80 [ 499.993331][T16516] page_pool_alloc_frag_netmem+0x21d/0xa00 [ 499.999377][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.003693][T16516] skb_pp_cow_data+0x5be/0xea0 [ 500.009030][T16515] page last free pid 16511 tgid 16507 stack trace: [ 500.013602][T16516] skb_cow_data_for_xdp+0x88/0xb0 [ 500.019391][T16515] __free_frozen_pages+0x7e1/0x10d0 [ 500.025254][T16516] do_xdp_generic+0x56b/0x12c0 [ 500.029985][T16515] __folio_put+0x3b4/0x540 [ 500.036477][T16516] tun_get_user+0x1bd2/0x3e10 [ 500.041460][T16515] af_alg_free_resources+0x735/0x920 [ 500.046642][T16516] tun_chr_write_iter+0xdc/0x200 [ 500.051388][T16515] skcipher_recvmsg+0xbbc/0x1020 [ 500.055788][T16516] vfs_write+0x6ac/0x1070 [ 500.060428][T16515] sock_recvmsg+0x1a4/0x1f0 [ 500.065698][T16516] ksys_write+0x12a/0x250 [ 500.070603][T16515] ____sys_recvmsg+0x218/0x640 [ 500.075523][T16516] do_syscall_64+0x106/0xf80 [ 500.079819][T16515] ___sys_recvmsg+0x16a/0x1a0 [ 500.084308][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.088602][T16515] __sys_recvmsg+0x16d/0x220 [ 500.093349][T16516] page last free pid 0 tgid 0 stack trace: [ 500.097917][T16515] do_syscall_64+0x106/0xf80 [ 500.102578][T16516] __free_frozen_pages+0x7e1/0x10d0 [ 500.108434][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.113013][T16516] tlb_remove_table_rcu+0x2cf/0x380 [ 500.118785][T16515] Modules linked in: [ 500.123355][T16516] rcu_core+0x5a2/0x10d0 [ 500.128523][T16515] CPU: 0 UID: 0 PID: 16515 Comm: syz.2.2579 Not tainted syzkaller #0 PREEMPT(full) [ 500.128543][T16515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 500.128551][T16515] Call Trace: [ 500.128560][T16515] [ 500.128568][T16515] dump_stack_lvl+0x100/0x190 [ 500.128595][T16515] bad_page.cold+0xbe/0xdf [ 500.128618][T16515] ? __pfx_bad_page+0x10/0x10 [ 500.128633][T16515] ? page_bad_reason+0x98/0x200 [ 500.128657][T16515] __free_frozen_pages+0x825/0x10d0 [ 500.128679][T16515] ? mark_held_locks+0x40/0x70 [ 500.128697][T16515] page_frag_free+0x284/0x2e0 [ 500.128722][T16515] __xdp_return+0x3cd/0xbb0 [ 500.128745][T16515] ? kmem_cache_free+0x124/0x6a0 [ 500.128763][T16515] ? skb_release_data+0x7a0/0x9d0 [ 500.128786][T16515] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 500.128818][T16515] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 500.128834][T16515] bpf_prog_run_generic_xdp+0x614/0x1610 [ 500.128862][T16515] do_xdp_generic+0x92e/0x12c0 [ 500.128882][T16515] ? __pfx_do_xdp_generic+0x10/0x10 [ 500.128898][T16515] ? __lock_acquire+0x4a5/0x2630 [ 500.128932][T16515] tun_get_user+0x1bd2/0x3e10 [ 500.128966][T16515] ? __pfx_tun_get_user+0x10/0x10 [ 500.128991][T16515] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 500.129017][T16515] ? find_held_lock+0x2b/0x80 [ 500.129036][T16515] ? tun_get+0x191/0x370 [ 500.129057][T16515] ? tun_get+0x191/0x370 [ 500.129085][T16515] tun_chr_write_iter+0xdc/0x200 [ 500.129110][T16515] vfs_write+0x6ac/0x1070 [ 500.129125][T16515] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 500.129152][T16515] ? __pfx_vfs_write+0x10/0x10 [ 500.129164][T16515] ? find_held_lock+0x2b/0x80 [ 500.129197][T16515] ksys_write+0x12a/0x250 [ 500.129212][T16515] ? __pfx_ksys_write+0x10/0x10 [ 500.129232][T16515] do_syscall_64+0x106/0xf80 [ 500.129253][T16515] ? clear_bhb_loop+0x40/0x90 [ 500.129272][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.129288][T16515] RIP: 0033:0x7f7904d5cfce [ 500.129302][T16515] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 500.129317][T16515] RSP: 002b:00007f7905d02fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 500.129332][T16515] RAX: ffffffffffffffda RBX: 00007f7905d036c0 RCX: 00007f7904d5cfce [ 500.129342][T16515] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 500.129351][T16515] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 500.129360][T16515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 500.129373][T16515] R13: 00007f7905016038 R14: 00007f7905015fa0 R15: 00007ffc137b8038 [ 500.129395][T16515] [ 500.129401][T16515] Disabling lock debugging due to kernel taint [ 500.134391][T16516] handle_softirqs+0x1eb/0x9e0 [ 500.139562][T16515] BUG: Bad page state in process syz.2.2579 pfn:347ec [ 500.143462][T16516] __irq_exit_rcu+0xef/0x150 [ 500.147686][T16515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880497324c0 pfn:0x347ec [ 500.157041][T16516] irq_exit_rcu+0x9/0x30 [ 500.167081][T16515] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 500.170334][T16516] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 500.173258][T16515] raw: 00fff00000000000 dead000000000040 ffff88801bbcb000 0000000000000000 [ 500.177899][T16516] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 500.182296][T16515] raw: ffff8880497324c0 0000000000000001 00000000ffffffff 0000000000000000 [ 500.186954][T16516] Modules linked in: [ 500.191775][T16515] page dumped because: page_pool leak [ 500.191785][T16515] page_owner tracks the page as allocated [ 500.196949][T16516] CPU: 1 UID: 0 PID: 16516 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 500.196973][T16516] Tainted: [B]=BAD_PAGE [ 500.196978][T16516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 500.196987][T16516] Call Trace: [ 500.196995][T16516] [ 500.197001][T16516] dump_stack_lvl+0x100/0x190 [ 500.197026][T16516] bad_page.cold+0xbe/0xdf [ 500.197048][T16516] ? __pfx_bad_page+0x10/0x10 [ 500.197063][T16516] ? page_bad_reason+0x98/0x200 [ 500.197086][T16516] __free_frozen_pages+0x825/0x10d0 [ 500.197105][T16516] ? mark_held_locks+0x40/0x70 [ 500.197121][T16516] page_frag_free+0x284/0x2e0 [ 500.197143][T16516] __xdp_return+0x3cd/0xbb0 [ 500.197165][T16516] ? kmem_cache_free+0x124/0x6a0 [ 500.197188][T16516] ? skb_release_data+0x7a0/0x9d0 [ 500.197209][T16516] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 500.197235][T16516] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 500.197248][T16516] bpf_prog_run_generic_xdp+0x614/0x1610 [ 500.197269][T16516] do_xdp_generic+0x92e/0x12c0 [ 500.197286][T16516] ? __pfx_do_xdp_generic+0x10/0x10 [ 500.197301][T16516] ? __lock_acquire+0x4a5/0x2630 [ 500.197322][T16516] tun_get_user+0x1bd2/0x3e10 [ 500.197350][T16516] ? __pfx_tun_get_user+0x10/0x10 [ 500.197373][T16516] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 500.197394][T16516] ? find_held_lock+0x2b/0x80 [ 500.197412][T16516] ? tun_get+0x191/0x370 [ 500.197432][T16516] ? tun_get+0x191/0x370 [ 500.197455][T16516] tun_chr_write_iter+0xdc/0x200 [ 500.197478][T16516] vfs_write+0x6ac/0x1070 [ 500.197492][T16516] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 500.197516][T16516] ? __pfx_vfs_write+0x10/0x10 [ 500.197528][T16516] ? find_held_lock+0x2b/0x80 [ 500.197553][T16516] ksys_write+0x12a/0x250 [ 500.197565][T16516] ? __pfx_ksys_write+0x10/0x10 [ 500.197581][T16516] do_syscall_64+0x106/0xf80 [ 500.197601][T16516] ? clear_bhb_loop+0x40/0x90 [ 500.197618][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.197634][T16516] RIP: 0033:0x7f7904d5cfce [ 500.197646][T16516] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 500.197660][T16516] RSP: 002b:00007f7905ce1fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 500.197675][T16516] RAX: ffffffffffffffda RBX: 00007f7905ce26c0 RCX: 00007f7904d5cfce [ 500.197685][T16516] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 500.197694][T16516] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 500.197704][T16516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 500.197713][T16516] R13: 00007f7905016128 R14: 00007f7905016090 R15: 00007ffc137b8038 [ 500.197727][T16516] [ 500.197736][T16516] BUG: Bad page state in process syz.2.2579 pfn:75ddd [ 500.201682][T16515] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16515, tgid 16514 (syz.2.2579), ts 499765016184, free_ts 499581069745 [ 500.206329][T16516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888075ddd000 pfn:0x75ddd [ 500.210799][T16515] post_alloc_hook+0x153/0x170 [ 500.215713][T16516] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 500.220699][T16515] get_page_from_freelist+0x111d/0x3140 [ 500.225800][T16516] raw: 00fff00000000000 dead000000000040 ffff88801bbc8000 0000000000000000 [ 500.231239][T16515] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 500.236855][T16516] raw: ffff888075ddd000 0000000000000001 00000000ffffffff 0000000000000000 [ 500.241572][T16515] alloc_pages_bulk_noprof+0x782/0x1490 [ 500.246745][T16516] page dumped because: page_pool leak [ 500.251644][T16515] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 500.251675][T16515] page_pool_alloc_netmems+0xc4/0x1a0 [ 500.256324][T16516] page_owner tracks the page as allocated [ 500.261310][T16515] skb_pp_cow_data+0x7f9/0xea0 [ 500.266747][T16516] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16516, tgid 16514 (syz.2.2579), ts 499817781476, free_ts 499682377338 [ 500.271395][T16515] skb_cow_data_for_xdp+0x88/0xb0 [ 500.275617][T16516] post_alloc_hook+0x153/0x170 [ 500.279831][T16515] do_xdp_generic+0x56b/0x12c0 [ 500.284744][T16516] get_page_from_freelist+0x111d/0x3140 [ 500.289037][T16515] tun_get_user+0x1bd2/0x3e10 [ 500.294568][T16516] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 500.299297][T16515] tun_chr_write_iter+0xdc/0x200 [ 500.303956][T16516] alloc_pages_bulk_noprof+0x782/0x1490 [ 500.308248][T16515] vfs_write+0x6ac/0x1070 [ 500.313075][T16516] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 500.317635][T16515] ksys_write+0x12a/0x250 [ 500.322290][T16516] page_pool_alloc_netmems+0xc4/0x1a0 [ 500.328157][T16515] do_syscall_64+0x106/0xf80 [ 500.332555][T16516] skb_pp_cow_data+0x7f9/0xea0 [ 500.352137][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.360522][T16516] skb_cow_data_for_xdp+0x88/0xb0 [ 500.368474][T16515] page last free pid 16511 tgid 16507 stack trace: [ 500.376440][T16516] do_xdp_generic+0x56b/0x12c0 [ 500.384427][T16515] __free_frozen_pages+0x7e1/0x10d0 [ 500.392398][T16516] tun_get_user+0x1bd2/0x3e10 [ 500.400347][T16515] __folio_put+0x3b4/0x540 [ 500.403369][T16516] tun_chr_write_iter+0xdc/0x200 [ 500.409489][T16515] af_alg_free_resources+0x735/0x920 [ 500.414235][T16516] vfs_write+0x6ac/0x1070 [ 500.421132][T16515] skcipher_recvmsg+0xbbc/0x1020 [ 500.425701][T16516] ksys_write+0x12a/0x250 [ 500.435733][T16515] sock_recvmsg+0x1a4/0x1f0 [ 500.439963][T16516] do_syscall_64+0x106/0xf80 [ 500.447047][T16515] ____sys_recvmsg+0x218/0x640 [ 500.452675][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.461235][T16515] ___sys_recvmsg+0x16a/0x1a0 [ 500.467198][T16516] page last free pid 0 tgid 0 stack trace: [ 500.475752][T16515] __sys_recvmsg+0x16d/0x220 [ 500.479616][T16516] __free_frozen_pages+0x7e1/0x10d0 [ 500.485081][T16515] do_syscall_64+0x106/0xf80 [ 500.490770][T16516] tlb_remove_table_rcu+0x2cf/0x380 [ 500.501681][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.505807][T16516] rcu_core+0x5a2/0x10d0 [ 500.515862][T16515] Modules linked in: [ 500.519122][T16516] handle_softirqs+0x1eb/0x9e0 [ 500.522047][T16515] CPU: 0 UID: 0 PID: 16515 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 500.522070][T16515] Tainted: [B]=BAD_PAGE [ 500.522075][T16515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 500.522084][T16515] Call Trace: [ 500.522091][T16515] [ 500.522098][T16515] dump_stack_lvl+0x100/0x190 [ 500.522123][T16515] bad_page.cold+0xbe/0xdf [ 500.522145][T16515] ? __pfx_bad_page+0x10/0x10 [ 500.522159][T16515] ? page_bad_reason+0x98/0x200 [ 500.522183][T16515] __free_frozen_pages+0x825/0x10d0 [ 500.522202][T16515] ? mark_held_locks+0x40/0x70 [ 500.522218][T16515] page_frag_free+0x284/0x2e0 [ 500.522241][T16515] __xdp_return+0x3cd/0xbb0 [ 500.522264][T16515] ? kmem_cache_free+0x124/0x6a0 [ 500.522282][T16515] ? skb_release_data+0x7a0/0x9d0 [ 500.522303][T16515] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 500.522330][T16515] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 500.522343][T16515] bpf_prog_run_generic_xdp+0x614/0x1610 [ 500.522369][T16515] do_xdp_generic+0x92e/0x12c0 [ 500.522386][T16515] ? __pfx_do_xdp_generic+0x10/0x10 [ 500.522401][T16515] ? __lock_acquire+0x4a5/0x2630 [ 500.522423][T16515] tun_get_user+0x1bd2/0x3e10 [ 500.522450][T16515] ? __pfx_tun_get_user+0x10/0x10 [ 500.522473][T16515] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 500.522494][T16515] ? find_held_lock+0x2b/0x80 [ 500.522513][T16515] ? tun_get+0x191/0x370 [ 500.522532][T16515] ? tun_get+0x191/0x370 [ 500.522555][T16515] tun_chr_write_iter+0xdc/0x200 [ 500.522579][T16515] vfs_write+0x6ac/0x1070 [ 500.522593][T16515] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 500.522617][T16515] ? __pfx_vfs_write+0x10/0x10 [ 500.522629][T16515] ? find_held_lock+0x2b/0x80 [ 500.522653][T16515] ksys_write+0x12a/0x250 [ 500.522666][T16515] ? __pfx_ksys_write+0x10/0x10 [ 500.522682][T16515] do_syscall_64+0x106/0xf80 [ 500.522702][T16515] ? clear_bhb_loop+0x40/0x90 [ 500.522719][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.522735][T16515] RIP: 0033:0x7f7904d5cfce [ 500.522748][T16515] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 500.522762][T16515] RSP: 002b:00007f7905d02fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 500.522777][T16515] RAX: ffffffffffffffda RBX: 00007f7905d036c0 RCX: 00007f7904d5cfce [ 500.522787][T16515] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 500.522796][T16515] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 500.522805][T16515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 500.522814][T16515] R13: 00007f7905016038 R14: 00007f7905015fa0 R15: 00007ffc137b8038 [ 500.522829][T16515] [ 500.522838][T16515] BUG: Bad page state in process syz.2.2579 pfn:49290 [ 500.526682][T16516] __irq_exit_rcu+0xef/0x150 [ 500.531066][T16515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888049290000 pfn:0x49290 [ 500.535722][T16516] irq_exit_rcu+0x9/0x30 [ 500.540539][T16515] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 500.545712][T16516] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 500.550446][T16515] raw: 00fff00000000000 dead000000000040 ffff88801bbcb000 0000000000000000 [ 500.555119][T16516] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 500.559586][T16515] raw: ffff888049290000 0000000000000001 00000000ffffffff 0000000000000000 [ 500.564495][T16516] Modules linked in: [ 500.569482][T16515] page dumped because: page_pool leak [ 500.574571][T16516] [ 500.579993][T16515] page_owner tracks the page as allocated [ 500.585603][T16516] CPU: 1 UID: 0 PID: 16516 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 500.585625][T16516] Tainted: [B]=BAD_PAGE [ 500.585631][T16516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 500.585639][T16516] Call Trace: [ 500.585644][T16516] [ 500.585650][T16516] dump_stack_lvl+0x100/0x190 [ 500.585674][T16516] bad_page.cold+0xbe/0xdf [ 500.585695][T16516] ? __pfx_bad_page+0x10/0x10 [ 500.585709][T16516] ? page_bad_reason+0x98/0x200 [ 500.585732][T16516] __free_frozen_pages+0x825/0x10d0 [ 500.585751][T16516] ? mark_held_locks+0x40/0x70 [ 500.585766][T16516] page_frag_free+0x284/0x2e0 [ 500.585788][T16516] __xdp_return+0x3cd/0xbb0 [ 500.585810][T16516] ? kmem_cache_free+0x124/0x6a0 [ 500.585828][T16516] ? skb_release_data+0x7a0/0x9d0 [ 500.585848][T16516] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 500.585874][T16516] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 500.585887][T16516] bpf_prog_run_generic_xdp+0x614/0x1610 [ 500.585907][T16516] do_xdp_generic+0x92e/0x12c0 [ 500.585924][T16516] ? __pfx_do_xdp_generic+0x10/0x10 [ 500.585939][T16516] ? __lock_acquire+0x4a5/0x2630 [ 500.585968][T16516] tun_get_user+0x1bd2/0x3e10 [ 500.585995][T16516] ? __pfx_tun_get_user+0x10/0x10 [ 500.586018][T16516] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 500.586038][T16516] ? find_held_lock+0x2b/0x80 [ 500.586057][T16516] ? tun_get+0x191/0x370 [ 500.586076][T16516] ? tun_get+0x191/0x370 [ 500.586098][T16516] tun_chr_write_iter+0xdc/0x200 [ 500.586127][T16516] vfs_write+0x6ac/0x1070 [ 500.586140][T16516] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 500.586164][T16516] ? __pfx_vfs_write+0x10/0x10 [ 500.586176][T16516] ? find_held_lock+0x2b/0x80 [ 500.586201][T16516] ksys_write+0x12a/0x250 [ 500.586214][T16516] ? __pfx_ksys_write+0x10/0x10 [ 500.586229][T16516] do_syscall_64+0x106/0xf80 [ 500.586249][T16516] ? clear_bhb_loop+0x40/0x90 [ 500.586266][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.586281][T16516] RIP: 0033:0x7f7904d5cfce [ 500.586293][T16516] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 500.586307][T16516] RSP: 002b:00007f7905ce1fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 500.586321][T16516] RAX: ffffffffffffffda RBX: 00007f7905ce26c0 RCX: 00007f7904d5cfce [ 500.586331][T16516] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 500.586340][T16516] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 500.586349][T16516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 500.586358][T16516] R13: 00007f7905016128 R14: 00007f7905016090 R15: 00007ffc137b8038 [ 500.586373][T16516] [ 500.586380][T16516] BUG: Bad page state in process syz.2.2579 pfn:39663 [ 500.590326][T16515] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16515, tgid 16514 (syz.2.2579), ts 499765009410, free_ts 499581080047 [ 500.595506][T16516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888039663000 pfn:0x39663 [ 500.600413][T16515] post_alloc_hook+0x153/0x170 [ 500.605076][T16516] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 500.610063][T16515] get_page_from_freelist+0x111d/0x3140 [ 500.615508][T16516] raw: 00fff00000000000 dead000000000040 ffff88801bbc8000 0000000000000000 [ 500.620164][T16515] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 500.624384][T16516] raw: ffff888039663000 0000000000000001 00000000ffffffff 0000000000000000 [ 500.628596][T16515] alloc_pages_bulk_noprof+0x782/0x1490 [ 500.633501][T16516] page dumped because: page_pool leak [ 500.637795][T16515] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 500.643318][T16516] page_owner tracks the page as allocated [ 500.648044][T16515] page_pool_alloc_netmems+0xc4/0x1a0 [ 500.652700][T16516] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16516, tgid 16514 (syz.2.2579), ts 499817752669, free_ts 499682400037 [ 500.657016][T16515] skb_pp_cow_data+0x7f9/0xea0 [ 500.661846][T16516] post_alloc_hook+0x153/0x170 [ 500.666406][T16515] skb_cow_data_for_xdp+0x88/0xb0 [ 500.671048][T16516] get_page_from_freelist+0x111d/0x3140 [ 500.676947][T16515] do_xdp_generic+0x56b/0x12c0 [ 500.681355][T16516] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 500.700942][T16515] tun_get_user+0x1bd2/0x3e10 [ 500.709329][T16516] alloc_pages_bulk_noprof+0x782/0x1490 [ 500.717280][T16515] tun_chr_write_iter+0xdc/0x200 [ 500.725245][T16516] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 500.733185][T16515] vfs_write+0x6ac/0x1070 [ 500.741128][T16516] page_pool_alloc_netmems+0xc4/0x1a0 [ 500.749080][T16515] ksys_write+0x12a/0x250 [ 500.752096][T16516] skb_pp_cow_data+0x7f9/0xea0 [ 500.758903][T16515] do_syscall_64+0x106/0xf80 [ 500.776082][T16516] skb_cow_data_for_xdp+0x88/0xb0 [ 500.786112][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.790848][T16516] do_xdp_generic+0x56b/0x12c0 [ 500.797930][T16515] page last free pid 16511 tgid 16507 stack trace: [ 500.803454][T16516] tun_get_user+0x1bd2/0x3e10 [ 500.812014][T16515] __free_frozen_pages+0x7e1/0x10d0 [ 500.817890][T16516] tun_chr_write_iter+0xdc/0x200 [ 500.826459][T16515] __folio_put+0x3b4/0x540 [ 500.831987][T16516] vfs_write+0x6ac/0x1070 [ 500.837323][T16515] af_alg_free_resources+0x735/0x920 [ 500.843369][T16516] ksys_write+0x12a/0x250 [ 500.848706][T16515] skcipher_recvmsg+0xbbc/0x1020 [ 500.854401][T16516] do_syscall_64+0x106/0xf80 [ 500.859142][T16515] sock_recvmsg+0x1a4/0x1f0 [ 500.876318][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.881311][T16515] ____sys_recvmsg+0x218/0x640 [ 500.886056][T16516] page last free pid 0 tgid 0 stack trace: [ 500.890799][T16515] ___sys_recvmsg+0x16a/0x1a0 [ 500.896323][T16516] __free_frozen_pages+0x7e1/0x10d0 [ 500.900968][T16515] __sys_recvmsg+0x16d/0x220 [ 500.906874][T16516] tlb_remove_table_rcu+0x2cf/0x380 [ 500.911785][T16515] do_syscall_64+0x106/0xf80 [ 500.917297][T16516] rcu_core+0x5a2/0x10d0 [ 500.921595][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.927638][T16516] handle_softirqs+0x1eb/0x9e0 [ 500.931942][T16515] Modules linked in: [ 500.937279][T16516] __irq_exit_rcu+0xef/0x150 [ 500.941862][T16515] CPU: 0 UID: 0 PID: 16515 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 500.941886][T16515] Tainted: [B]=BAD_PAGE [ 500.941892][T16515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 500.941901][T16515] Call Trace: [ 500.941909][T16515] [ 500.941916][T16515] dump_stack_lvl+0x100/0x190 [ 500.941941][T16515] bad_page.cold+0xbe/0xdf [ 500.941963][T16515] ? __pfx_bad_page+0x10/0x10 [ 500.941978][T16515] ? page_bad_reason+0x98/0x200 [ 500.942000][T16515] __free_frozen_pages+0x825/0x10d0 [ 500.942019][T16515] ? mark_held_locks+0x40/0x70 [ 500.942034][T16515] page_frag_free+0x284/0x2e0 [ 500.942057][T16515] __xdp_return+0x3cd/0xbb0 [ 500.942078][T16515] ? kmem_cache_free+0x124/0x6a0 [ 500.942097][T16515] ? skb_release_data+0x7a0/0x9d0 [ 500.942117][T16515] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 500.942143][T16515] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 500.942156][T16515] bpf_prog_run_generic_xdp+0x614/0x1610 [ 500.942177][T16515] do_xdp_generic+0x92e/0x12c0 [ 500.942194][T16515] ? __pfx_do_xdp_generic+0x10/0x10 [ 500.942209][T16515] ? __lock_acquire+0x4a5/0x2630 [ 500.942230][T16515] tun_get_user+0x1bd2/0x3e10 [ 500.942257][T16515] ? __pfx_tun_get_user+0x10/0x10 [ 500.942280][T16515] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 500.942301][T16515] ? find_held_lock+0x2b/0x80 [ 500.942319][T16515] ? tun_get+0x191/0x370 [ 500.942344][T16515] ? tun_get+0x191/0x370 [ 500.942367][T16515] tun_chr_write_iter+0xdc/0x200 [ 500.942391][T16515] vfs_write+0x6ac/0x1070 [ 500.942404][T16515] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 500.942428][T16515] ? __pfx_vfs_write+0x10/0x10 [ 500.942440][T16515] ? find_held_lock+0x2b/0x80 [ 500.942465][T16515] ksys_write+0x12a/0x250 [ 500.942478][T16515] ? __pfx_ksys_write+0x10/0x10 [ 500.942494][T16515] do_syscall_64+0x106/0xf80 [ 500.942514][T16515] ? clear_bhb_loop+0x40/0x90 [ 500.942531][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.942546][T16515] RIP: 0033:0x7f7904d5cfce [ 500.942560][T16515] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 500.942574][T16515] RSP: 002b:00007f7905d02fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 500.942588][T16515] RAX: ffffffffffffffda RBX: 00007f7905d036c0 RCX: 00007f7904d5cfce [ 500.942598][T16515] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 500.942608][T16515] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 500.942617][T16515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 500.942626][T16515] R13: 00007f7905016038 R14: 00007f7905015fa0 R15: 00007ffc137b8038 [ 500.942640][T16515] [ 500.942650][T16515] BUG: Bad page state in process syz.2.2579 pfn:3921f [ 500.946586][T16516] irq_exit_rcu+0x9/0x30 [ 500.952461][T16515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x3921f [ 500.957459][T16516] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 500.963978][T16515] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 500.968710][T16516] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 500.973904][T16515] raw: 00fff00000000000 dead000000000040 ffff88801bbcb000 0000000000000000 [ 500.978545][T16516] Modules linked in: [ 500.982954][T16515] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 500.987863][T16516] CPU: 1 UID: 0 PID: 16516 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 500.987887][T16516] Tainted: [B]=BAD_PAGE [ 500.987892][T16516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 500.987902][T16516] Call Trace: [ 500.987911][T16516] [ 500.987918][T16516] dump_stack_lvl+0x100/0x190 [ 500.987943][T16516] bad_page.cold+0xbe/0xdf [ 500.987966][T16516] ? __pfx_bad_page+0x10/0x10 [ 500.987981][T16516] ? page_bad_reason+0x98/0x200 [ 500.988004][T16516] __free_frozen_pages+0x825/0x10d0 [ 500.988023][T16516] ? mark_held_locks+0x40/0x70 [ 500.988039][T16516] page_frag_free+0x284/0x2e0 [ 500.988063][T16516] __xdp_return+0x3cd/0xbb0 [ 500.988085][T16516] ? kmem_cache_free+0x124/0x6a0 [ 500.988111][T16516] ? skb_release_data+0x7a0/0x9d0 [ 500.988131][T16516] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 500.988158][T16516] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 500.988171][T16516] bpf_prog_run_generic_xdp+0x614/0x1610 [ 500.988192][T16516] do_xdp_generic+0x92e/0x12c0 [ 500.988209][T16516] ? __pfx_do_xdp_generic+0x10/0x10 [ 500.988224][T16516] ? __lock_acquire+0x4a5/0x2630 [ 500.988245][T16516] tun_get_user+0x1bd2/0x3e10 [ 500.988273][T16516] ? __pfx_tun_get_user+0x10/0x10 [ 500.988296][T16516] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 500.988317][T16516] ? find_held_lock+0x2b/0x80 [ 500.988336][T16516] ? tun_get+0x191/0x370 [ 500.988356][T16516] ? tun_get+0x191/0x370 [ 500.988378][T16516] tun_chr_write_iter+0xdc/0x200 [ 500.988402][T16516] vfs_write+0x6ac/0x1070 [ 500.988416][T16516] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 500.988440][T16516] ? __pfx_vfs_write+0x10/0x10 [ 500.988452][T16516] ? find_held_lock+0x2b/0x80 [ 500.988477][T16516] ksys_write+0x12a/0x250 [ 500.988490][T16516] ? __pfx_ksys_write+0x10/0x10 [ 500.988506][T16516] do_syscall_64+0x106/0xf80 [ 500.988527][T16516] ? clear_bhb_loop+0x40/0x90 [ 500.988544][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.988559][T16516] RIP: 0033:0x7f7904d5cfce [ 500.988572][T16516] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 500.988587][T16516] RSP: 002b:00007f7905ce1fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 500.988601][T16516] RAX: ffffffffffffffda RBX: 00007f7905ce26c0 RCX: 00007f7904d5cfce [ 500.988611][T16516] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 500.988620][T16516] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 500.988630][T16516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 500.988639][T16516] R13: 00007f7905016128 R14: 00007f7905016090 R15: 00007ffc137b8038 [ 500.988653][T16516] [ 500.988663][T16516] BUG: Bad page state in process syz.2.2579 pfn:57e2f [ 500.993120][T16515] page dumped because: page_pool leak [ 500.993130][T16515] page_owner tracks the page as allocated [ 500.997420][T16516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888057e2f000 pfn:0x57e2f [ 501.002335][T16515] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16515, tgid 16514 (syz.2.2579), ts 499765002974, free_ts 499581090246 [ 501.006651][T16516] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 501.011122][T16515] post_alloc_hook+0x153/0x170 [ 501.015696][T16516] raw: 00fff00000000000 dead000000000040 ffff88801bbc8000 0000000000000000 [ 501.020417][T16515] get_page_from_freelist+0x111d/0x3140 [ 501.026309][T16516] raw: ffff888057e2f000 0000000000000001 00000000ffffffff 0000000000000000 [ 501.030946][T16515] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 501.036730][T16516] page dumped because: page_pool leak [ 501.041294][T16515] alloc_pages_bulk_noprof+0x782/0x1490 [ 501.046485][T16516] page_owner tracks the page as allocated [ 501.051059][T16515] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 501.056235][T16516] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16516, tgid 16514 (syz.2.2579), ts 499817741556, free_ts 499682424242 [ 501.062101][T16515] page_pool_alloc_netmems+0xc4/0x1a0 [ 501.066336][T16516] post_alloc_hook+0x153/0x170 [ 501.070211][T16515] skb_pp_cow_data+0x7f9/0xea0 [ 501.074960][T16516] get_page_from_freelist+0x111d/0x3140 [ 501.085884][T16515] skb_cow_data_for_xdp+0x88/0xb0 [ 501.090008][T16516] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 501.100051][T16515] do_xdp_generic+0x56b/0x12c0 [ 501.103327][T16516] alloc_pages_bulk_noprof+0x782/0x1490 [ 501.106247][T16515] tun_get_user+0x1bd2/0x3e10 [ 501.110905][T16516] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 501.115297][T16515] tun_chr_write_iter+0xdc/0x200 [ 501.119945][T16516] page_pool_alloc_netmems+0xc4/0x1a0 [ 501.124774][T16515] vfs_write+0x6ac/0x1070 [ 501.129941][T16516] skb_pp_cow_data+0x7f9/0xea0 [ 501.134681][T16515] ksys_write+0x12a/0x250 [ 501.139337][T16516] skb_cow_data_for_xdp+0x88/0xb0 [ 501.143839][T16515] do_syscall_64+0x106/0xf80 [ 501.148745][T16516] do_xdp_generic+0x56b/0x12c0 [ 501.153747][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.158916][T16516] tun_get_user+0x1bd2/0x3e10 [ 501.164443][T16515] page last free pid 16511 tgid 16507 stack trace: [ 501.170066][T16516] tun_chr_write_iter+0xdc/0x200 [ 501.174840][T16515] __free_frozen_pages+0x7e1/0x10d0 [ 501.180019][T16516] vfs_write+0x6ac/0x1070 [ 501.184945][T16515] __folio_put+0x3b4/0x540 [ 501.189588][T16516] ksys_write+0x12a/0x250 [ 501.194590][T16515] af_alg_free_resources+0x735/0x920 [ 501.200023][T16516] do_syscall_64+0x106/0xf80 [ 501.204706][T16515] skcipher_recvmsg+0xbbc/0x1020 [ 501.208913][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.213141][T16515] sock_recvmsg+0x1a4/0x1f0 [ 501.218050][T16516] page last free pid 0 tgid 0 stack trace: [ 501.222357][T16515] ____sys_recvmsg+0x218/0x640 [ 501.227898][T16516] __free_frozen_pages+0x7e1/0x10d0 [ 501.232642][T16515] ___sys_recvmsg+0x16a/0x1a0 [ 501.237298][T16516] tlb_remove_table_rcu+0x2cf/0x380 [ 501.241593][T16515] __sys_recvmsg+0x16d/0x220 [ 501.246424][T16516] rcu_core+0x5a2/0x10d0 [ 501.250996][T16515] do_syscall_64+0x106/0xf80 [ 501.255672][T16516] handle_softirqs+0x1eb/0x9e0 [ 501.261528][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.265921][T16516] __irq_exit_rcu+0xef/0x150 [ 501.285503][T16515] Modules linked in: [ 501.294089][T16516] irq_exit_rcu+0x9/0x30 [ 501.302077][T16515] CPU: 0 UID: 0 PID: 16515 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 501.302101][T16515] Tainted: [B]=BAD_PAGE [ 501.302106][T16515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 501.302116][T16515] Call Trace: [ 501.302123][T16515] [ 501.302129][T16515] dump_stack_lvl+0x100/0x190 [ 501.302155][T16515] bad_page.cold+0xbe/0xdf [ 501.302178][T16515] ? __pfx_bad_page+0x10/0x10 [ 501.302192][T16515] ? page_bad_reason+0x98/0x200 [ 501.302216][T16515] __free_frozen_pages+0x825/0x10d0 [ 501.302235][T16515] ? mark_held_locks+0x40/0x70 [ 501.302251][T16515] page_frag_free+0x284/0x2e0 [ 501.302274][T16515] __xdp_return+0x3cd/0xbb0 [ 501.302295][T16515] ? kmem_cache_free+0x124/0x6a0 [ 501.302314][T16515] ? skb_release_data+0x7a0/0x9d0 [ 501.302334][T16515] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 501.302365][T16515] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 501.302379][T16515] bpf_prog_run_generic_xdp+0x614/0x1610 [ 501.302400][T16515] do_xdp_generic+0x92e/0x12c0 [ 501.302417][T16515] ? __pfx_do_xdp_generic+0x10/0x10 [ 501.302433][T16515] ? __lock_acquire+0x4a5/0x2630 [ 501.302454][T16515] tun_get_user+0x1bd2/0x3e10 [ 501.302481][T16515] ? __pfx_tun_get_user+0x10/0x10 [ 501.302504][T16515] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 501.302525][T16515] ? find_held_lock+0x2b/0x80 [ 501.302543][T16515] ? tun_get+0x191/0x370 [ 501.302563][T16515] ? tun_get+0x191/0x370 [ 501.302585][T16515] tun_chr_write_iter+0xdc/0x200 [ 501.302609][T16515] vfs_write+0x6ac/0x1070 [ 501.302623][T16515] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 501.302646][T16515] ? __pfx_vfs_write+0x10/0x10 [ 501.302659][T16515] ? find_held_lock+0x2b/0x80 [ 501.302684][T16515] ksys_write+0x12a/0x250 [ 501.302697][T16515] ? __pfx_ksys_write+0x10/0x10 [ 501.302713][T16515] do_syscall_64+0x106/0xf80 [ 501.302735][T16515] ? clear_bhb_loop+0x40/0x90 [ 501.302752][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.302768][T16515] RIP: 0033:0x7f7904d5cfce [ 501.302781][T16515] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 501.302795][T16515] RSP: 002b:00007f7905d02fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 501.302811][T16515] RAX: ffffffffffffffda RBX: 00007f7905d036c0 RCX: 00007f7904d5cfce [ 501.302821][T16515] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 501.302831][T16515] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 501.302840][T16515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 501.302850][T16515] R13: 00007f7905016038 R14: 00007f7905015fa0 R15: 00007ffc137b8038 [ 501.302865][T16515] [ 501.302874][T16515] BUG: Bad page state in process syz.2.2579 pfn:22707 [ 501.310022][T16516] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 501.318079][T16515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22707 [ 501.326050][T16516] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 501.334000][T16515] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 501.336994][T16516] Modules linked in: [ 501.343824][T16515] raw: 00fff00000000000 dead000000000040 ffff88801bbcb000 0000000000000000 [ 501.348393][T16516] CPU: 1 UID: 0 PID: 16516 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 501.348417][T16516] Tainted: [B]=BAD_PAGE [ 501.348422][T16516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 501.348430][T16516] Call Trace: [ 501.348435][T16516] [ 501.348441][T16516] dump_stack_lvl+0x100/0x190 [ 501.348465][T16516] bad_page.cold+0xbe/0xdf [ 501.348486][T16516] ? __pfx_bad_page+0x10/0x10 [ 501.348500][T16516] ? page_bad_reason+0x98/0x200 [ 501.348523][T16516] __free_frozen_pages+0x825/0x10d0 [ 501.348542][T16516] ? mark_held_locks+0x40/0x70 [ 501.348558][T16516] page_frag_free+0x284/0x2e0 [ 501.348580][T16516] __xdp_return+0x3cd/0xbb0 [ 501.348602][T16516] ? kmem_cache_free+0x124/0x6a0 [ 501.348620][T16516] ? skb_release_data+0x7a0/0x9d0 [ 501.348640][T16516] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 501.348666][T16516] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 501.348679][T16516] bpf_prog_run_generic_xdp+0x614/0x1610 [ 501.348700][T16516] do_xdp_generic+0x92e/0x12c0 [ 501.348716][T16516] ? __pfx_do_xdp_generic+0x10/0x10 [ 501.348731][T16516] ? __lock_acquire+0x4a5/0x2630 [ 501.348753][T16516] tun_get_user+0x1bd2/0x3e10 [ 501.348779][T16516] ? __pfx_tun_get_user+0x10/0x10 [ 501.348802][T16516] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 501.348822][T16516] ? find_held_lock+0x2b/0x80 [ 501.348840][T16516] ? tun_get+0x191/0x370 [ 501.348860][T16516] ? tun_get+0x191/0x370 [ 501.348883][T16516] tun_chr_write_iter+0xdc/0x200 [ 501.348906][T16516] vfs_write+0x6ac/0x1070 [ 501.348919][T16516] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 501.348943][T16516] ? __pfx_vfs_write+0x10/0x10 [ 501.348956][T16516] ? find_held_lock+0x2b/0x80 [ 501.348980][T16516] ksys_write+0x12a/0x250 [ 501.348993][T16516] ? __pfx_ksys_write+0x10/0x10 [ 501.349009][T16516] do_syscall_64+0x106/0xf80 [ 501.349029][T16516] ? clear_bhb_loop+0x40/0x90 [ 501.349046][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.349062][T16516] RIP: 0033:0x7f7904d5cfce [ 501.349073][T16516] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 501.349087][T16516] RSP: 002b:00007f7905ce1fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 501.349107][T16516] RAX: ffffffffffffffda RBX: 00007f7905ce26c0 RCX: 00007f7904d5cfce [ 501.349117][T16516] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 501.349126][T16516] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 501.349135][T16516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 501.349144][T16516] R13: 00007f7905016128 R14: 00007f7905016090 R15: 00007ffc137b8038 [ 501.349158][T16516] [ 501.349167][T16516] BUG: Bad page state in process syz.2.2579 pfn:354e2 [ 501.358428][T16515] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 501.362643][T16516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880354e2000 pfn:0x354e2 [ 501.369714][T16515] page dumped because: page_pool leak [ 501.375320][T16516] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 501.383890][T16515] page_owner tracks the page as allocated [ 501.383897][T16515] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16515, tgid 16514 (syz.2.2579), ts 499764996117, free_ts 499581100253 [ 501.389843][T16516] raw: 00fff00000000000 dead000000000040 ffff88801bbc8000 0000000000000000 [ 501.398394][T16515] post_alloc_hook+0x153/0x170 [ 501.402276][T16516] raw: ffff8880354e2000 0000000000000001 00000000ffffffff 0000000000000000 [ 501.407604][T16515] get_page_from_freelist+0x111d/0x3140 [ 501.409959][T16516] page dumped because: page_pool leak [ 501.415652][T16515] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 501.426561][T16516] page_owner tracks the page as allocated [ 501.430681][T16515] alloc_pages_bulk_noprof+0x782/0x1490 [ 501.440722][T16516] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16516, tgid 16514 (syz.2.2579), ts 499817729552, free_ts 499682447150 [ 501.443986][T16515] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 501.446898][T16516] post_alloc_hook+0x153/0x170 [ 501.451541][T16515] page_pool_alloc_netmems+0xc4/0x1a0 [ 501.455937][T16516] get_page_from_freelist+0x111d/0x3140 [ 501.460576][T16515] skb_pp_cow_data+0x7f9/0xea0 [ 501.465412][T16516] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 501.470579][T16515] skb_cow_data_for_xdp+0x88/0xb0 [ 501.475331][T16516] alloc_pages_bulk_noprof+0x782/0x1490 [ 501.479975][T16515] do_xdp_generic+0x56b/0x12c0 [ 501.484456][T16516] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 501.489356][T16515] tun_get_user+0x1bd2/0x3e10 [ 501.494359][T16516] page_pool_alloc_netmems+0xc4/0x1a0 [ 501.499432][T16515] tun_chr_write_iter+0xdc/0x200 [ 501.504874][T16516] skb_pp_cow_data+0x7f9/0xea0 [ 501.510482][T16515] vfs_write+0x6ac/0x1070 [ 501.515224][T16516] skb_cow_data_for_xdp+0x88/0xb0 [ 501.520387][T16515] ksys_write+0x12a/0x250 [ 501.525316][T16516] do_xdp_generic+0x56b/0x12c0 [ 501.529961][T16515] do_syscall_64+0x106/0xf80 [ 501.534979][T16516] tun_get_user+0x1bd2/0x3e10 [ 501.540402][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.545065][T16516] tun_chr_write_iter+0xdc/0x200 [ 501.549262][T16515] page last free pid 16511 tgid 16507 stack trace: [ 501.553482][T16516] vfs_write+0x6ac/0x1070 [ 501.558397][T16515] __free_frozen_pages+0x7e1/0x10d0 [ 501.562735][T16516] ksys_write+0x12a/0x250 [ 501.568250][T16515] __folio_put+0x3b4/0x540 [ 501.573007][T16516] do_syscall_64+0x106/0xf80 [ 501.577651][T16515] af_alg_free_resources+0x735/0x920 [ 501.581978][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.586801][T16515] skcipher_recvmsg+0xbbc/0x1020 [ 501.591454][T16516] page last free pid 0 tgid 0 stack trace: [ 501.596141][T16515] sock_recvmsg+0x1a4/0x1f0 [ 501.602016][T16516] __free_frozen_pages+0x7e1/0x10d0 [ 501.606406][T16515] ____sys_recvmsg+0x218/0x640 [ 501.626025][T16516] tlb_remove_table_rcu+0x2cf/0x380 [ 501.634448][T16515] ___sys_recvmsg+0x16a/0x1a0 [ 501.642439][T16516] rcu_core+0x5a2/0x10d0 [ 501.650388][T16515] __sys_recvmsg+0x16d/0x220 [ 501.658355][T16516] handle_softirqs+0x1eb/0x9e0 [ 501.666319][T16515] do_syscall_64+0x106/0xf80 [ 501.674274][T16516] __irq_exit_rcu+0xef/0x150 [ 501.677267][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.684091][T16516] irq_exit_rcu+0x9/0x30 [ 501.701244][T16515] Modules linked in: [ 501.711282][T16516] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 501.716023][T16515] CPU: 0 UID: 0 PID: 16515 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 501.716047][T16515] Tainted: [B]=BAD_PAGE [ 501.716052][T16515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 501.716062][T16515] Call Trace: [ 501.716069][T16515] [ 501.716076][T16515] dump_stack_lvl+0x100/0x190 [ 501.716101][T16515] bad_page.cold+0xbe/0xdf [ 501.716123][T16515] ? __pfx_bad_page+0x10/0x10 [ 501.716137][T16515] ? page_bad_reason+0x98/0x200 [ 501.716160][T16515] __free_frozen_pages+0x825/0x10d0 [ 501.716179][T16515] ? mark_held_locks+0x40/0x70 [ 501.716200][T16515] page_frag_free+0x284/0x2e0 [ 501.716222][T16515] __xdp_return+0x3cd/0xbb0 [ 501.716244][T16515] ? kmem_cache_free+0x124/0x6a0 [ 501.716263][T16515] ? skb_release_data+0x7a0/0x9d0 [ 501.716284][T16515] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 501.716311][T16515] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 501.716324][T16515] bpf_prog_run_generic_xdp+0x614/0x1610 [ 501.716344][T16515] do_xdp_generic+0x92e/0x12c0 [ 501.716361][T16515] ? __pfx_do_xdp_generic+0x10/0x10 [ 501.716376][T16515] ? __lock_acquire+0x4a5/0x2630 [ 501.716397][T16515] tun_get_user+0x1bd2/0x3e10 [ 501.716424][T16515] ? __pfx_tun_get_user+0x10/0x10 [ 501.716447][T16515] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 501.716468][T16515] ? find_held_lock+0x2b/0x80 [ 501.716486][T16515] ? tun_get+0x191/0x370 [ 501.716506][T16515] ? tun_get+0x191/0x370 [ 501.716529][T16515] tun_chr_write_iter+0xdc/0x200 [ 501.716552][T16515] vfs_write+0x6ac/0x1070 [ 501.716566][T16515] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 501.716590][T16515] ? __pfx_vfs_write+0x10/0x10 [ 501.716602][T16515] ? find_held_lock+0x2b/0x80 [ 501.716627][T16515] ksys_write+0x12a/0x250 [ 501.716640][T16515] ? __pfx_ksys_write+0x10/0x10 [ 501.716656][T16515] do_syscall_64+0x106/0xf80 [ 501.716675][T16515] ? clear_bhb_loop+0x40/0x90 [ 501.716692][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.716708][T16515] RIP: 0033:0x7f7904d5cfce [ 501.716720][T16515] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 501.716735][T16515] RSP: 002b:00007f7905d02fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 501.716749][T16515] RAX: ffffffffffffffda RBX: 00007f7905d036c0 RCX: 00007f7904d5cfce [ 501.716760][T16515] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 501.716769][T16515] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 501.716778][T16515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 501.716787][T16515] R13: 00007f7905016038 R14: 00007f7905015fa0 R15: 00007ffc137b8038 [ 501.716802][T16515] [ 501.716812][T16515] BUG: Bad page state in process syz.2.2579 pfn:78f22 [ 501.723101][T16516] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 501.728613][T16515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078f222d0 pfn:0x78f22 [ 501.737171][T16516] Modules linked in: [ 501.743041][T16515] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 501.751589][T16516] [ 501.751600][T16516] CPU: 1 UID: 0 PID: 16516 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 501.751622][T16516] Tainted: [B]=BAD_PAGE [ 501.751626][T16516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 501.751635][T16516] Call Trace: [ 501.751640][T16516] [ 501.751646][T16516] dump_stack_lvl+0x100/0x190 [ 501.751674][T16516] bad_page.cold+0xbe/0xdf [ 501.751695][T16516] ? __pfx_bad_page+0x10/0x10 [ 501.751709][T16516] ? page_bad_reason+0x98/0x200 [ 501.751732][T16516] __free_frozen_pages+0x825/0x10d0 [ 501.751751][T16516] ? mark_held_locks+0x40/0x70 [ 501.751765][T16516] page_frag_free+0x284/0x2e0 [ 501.751788][T16516] __xdp_return+0x3cd/0xbb0 [ 501.751809][T16516] ? kmem_cache_free+0x124/0x6a0 [ 501.751828][T16516] ? skb_release_data+0x7a0/0x9d0 [ 501.751848][T16516] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 501.751874][T16516] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 501.751886][T16516] bpf_prog_run_generic_xdp+0x614/0x1610 [ 501.751907][T16516] do_xdp_generic+0x92e/0x12c0 [ 501.751924][T16516] ? __pfx_do_xdp_generic+0x10/0x10 [ 501.751938][T16516] ? __lock_acquire+0x4a5/0x2630 [ 501.751960][T16516] tun_get_user+0x1bd2/0x3e10 [ 501.751986][T16516] ? __pfx_tun_get_user+0x10/0x10 [ 501.752009][T16516] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 501.752029][T16516] ? find_held_lock+0x2b/0x80 [ 501.752047][T16516] ? tun_get+0x191/0x370 [ 501.752067][T16516] ? tun_get+0x191/0x370 [ 501.752090][T16516] tun_chr_write_iter+0xdc/0x200 [ 501.752113][T16516] vfs_write+0x6ac/0x1070 [ 501.752127][T16516] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 501.752150][T16516] ? __pfx_vfs_write+0x10/0x10 [ 501.752162][T16516] ? find_held_lock+0x2b/0x80 [ 501.752186][T16516] ksys_write+0x12a/0x250 [ 501.752200][T16516] ? __pfx_ksys_write+0x10/0x10 [ 501.752216][T16516] do_syscall_64+0x106/0xf80 [ 501.752235][T16516] ? clear_bhb_loop+0x40/0x90 [ 501.752252][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.752268][T16516] RIP: 0033:0x7f7904d5cfce [ 501.752279][T16516] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 501.752293][T16516] RSP: 002b:00007f7905ce1fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 501.752306][T16516] RAX: ffffffffffffffda RBX: 00007f7905ce26c0 RCX: 00007f7904d5cfce [ 501.752316][T16516] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 501.752326][T16516] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 501.752335][T16516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 501.752344][T16516] R13: 00007f7905016128 R14: 00007f7905016090 R15: 00007ffc137b8038 [ 501.752358][T16516] [ 501.752379][T16516] BUG: Bad page state in process syz.2.2579 pfn:2acbe [ 501.757116][T16515] raw: 00fff00000000000 dead000000000040 ffff88801bbcb000 0000000000000000 [ 501.762449][T16516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802acbe000 pfn:0x2acbe [ 501.768494][T16515] raw: ffff888078f222d0 0000000000000001 00000000ffffffff 0000000000000000 [ 501.774184][T16516] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 501.779521][T16515] page dumped because: page_pool leak [ 501.796694][T16516] raw: 00fff00000000000 dead000000000040 ffff88801bbc8000 0000000000000000 [ 501.801418][T16515] page_owner tracks the page as allocated [ 501.806165][T16516] raw: ffff88802acbe000 0000000000000001 00000000ffffffff 0000000000000000 [ 501.811151][T16515] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16515, tgid 16514 (syz.2.2579), ts 499764989059, free_ts 499581110635 [ 501.816675][T16516] page dumped because: page_pool leak [ 501.821401][T16515] post_alloc_hook+0x153/0x170 [ 501.827271][T16516] page_owner tracks the page as allocated [ 501.831917][T16515] get_page_from_freelist+0x111d/0x3140 [ 501.837448][T16516] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16516, tgid 16514 (syz.2.2579), ts 499817717851, free_ts 499682470011 [ 501.842360][T16515] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 501.848392][T16516] post_alloc_hook+0x153/0x170 [ 501.852697][T16515] alloc_pages_bulk_noprof+0x782/0x1490 [ 501.858035][T16516] get_page_from_freelist+0x111d/0x3140 [ 501.862346][T16515] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 501.867074][T16516] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 501.871642][T16515] page_pool_alloc_netmems+0xc4/0x1a0 [ 501.871685][T16515] skb_pp_cow_data+0x7f9/0xea0 [ 501.876679][T16516] alloc_pages_bulk_noprof+0x782/0x1490 [ 501.882570][T16515] skb_cow_data_for_xdp+0x88/0xb0 [ 501.887305][T16516] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 501.893802][T16515] do_xdp_generic+0x56b/0x12c0 [ 501.898461][T16516] page_pool_alloc_netmems+0xc4/0x1a0 [ 501.903635][T16515] tun_get_user+0x1bd2/0x3e10 [ 501.908550][T16516] skb_pp_cow_data+0x7f9/0xea0 [ 501.912942][T16515] tun_chr_write_iter+0xdc/0x200 [ 501.917242][T16516] skb_cow_data_for_xdp+0x88/0xb0 [ 501.922499][T16515] vfs_write+0x6ac/0x1070 [ 501.926794][T16516] do_xdp_generic+0x56b/0x12c0 [ 501.931704][T16515] ksys_write+0x12a/0x250 [ 501.936267][T16516] tun_get_user+0x1bd2/0x3e10 [ 501.940737][T16515] do_syscall_64+0x106/0xf80 [ 501.946615][T16516] tun_chr_write_iter+0xdc/0x200 [ 501.951344][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.957128][T16516] vfs_write+0x6ac/0x1070 [ 501.961778][T16515] page last free pid 16511 tgid 16507 stack trace: [ 501.966941][T16516] ksys_write+0x12a/0x250 [ 501.971498][T16515] __free_frozen_pages+0x7e1/0x10d0 [ 501.976671][T16516] do_syscall_64+0x106/0xf80 [ 501.981223][T16515] __folio_put+0x3b4/0x540 [ 501.985442][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.991304][T16515] af_alg_free_resources+0x735/0x920 [ 501.996058][T16516] page last free pid 0 tgid 0 stack trace: [ 501.999917][T16515] skcipher_recvmsg+0xbbc/0x1020 [ 502.004487][T16516] __free_frozen_pages+0x7e1/0x10d0 [ 502.015386][T16515] sock_recvmsg+0x1a4/0x1f0 [ 502.019598][T16516] tlb_remove_table_rcu+0x2cf/0x380 [ 502.029633][T16515] ____sys_recvmsg+0x218/0x640 [ 502.032897][T16516] rcu_core+0x5a2/0x10d0 [ 502.035803][T16515] ___sys_recvmsg+0x16a/0x1a0 [ 502.040446][T16516] handle_softirqs+0x1eb/0x9e0 [ 502.044835][T16515] __sys_recvmsg+0x16d/0x220 [ 502.049480][T16516] __irq_exit_rcu+0xef/0x150 [ 502.054311][T16515] do_syscall_64+0x106/0xf80 [ 502.059474][T16516] irq_exit_rcu+0x9/0x30 [ 502.064234][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.068898][T16516] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 502.073400][T16515] Modules linked in: [ 502.078315][T16516] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 502.083315][T16515] [ 502.083329][T16515] CPU: 0 UID: 0 PID: 16515 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 502.083357][T16515] Tainted: [B]=BAD_PAGE [ 502.083362][T16515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 502.083371][T16515] Call Trace: [ 502.083379][T16515] [ 502.083386][T16515] dump_stack_lvl+0x100/0x190 [ 502.083411][T16515] bad_page.cold+0xbe/0xdf [ 502.083433][T16515] ? __pfx_bad_page+0x10/0x10 [ 502.083448][T16515] ? page_bad_reason+0x98/0x200 [ 502.083471][T16515] __free_frozen_pages+0x825/0x10d0 [ 502.083490][T16515] ? mark_held_locks+0x40/0x70 [ 502.083506][T16515] page_frag_free+0x284/0x2e0 [ 502.083529][T16515] __xdp_return+0x3cd/0xbb0 [ 502.083551][T16515] ? kmem_cache_free+0x124/0x6a0 [ 502.083570][T16515] ? skb_release_data+0x7a0/0x9d0 [ 502.083591][T16515] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 502.083617][T16515] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 502.083630][T16515] bpf_prog_run_generic_xdp+0x614/0x1610 [ 502.083651][T16515] do_xdp_generic+0x92e/0x12c0 [ 502.083669][T16515] ? __pfx_do_xdp_generic+0x10/0x10 [ 502.083684][T16515] ? __lock_acquire+0x4a5/0x2630 [ 502.083705][T16515] tun_get_user+0x1bd2/0x3e10 [ 502.083733][T16515] ? __pfx_tun_get_user+0x10/0x10 [ 502.083757][T16515] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 502.083777][T16515] ? find_held_lock+0x2b/0x80 [ 502.083796][T16515] ? tun_get+0x191/0x370 [ 502.083815][T16515] ? tun_get+0x191/0x370 [ 502.083838][T16515] tun_chr_write_iter+0xdc/0x200 [ 502.083862][T16515] vfs_write+0x6ac/0x1070 [ 502.083876][T16515] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 502.083900][T16515] ? __pfx_vfs_write+0x10/0x10 [ 502.083912][T16515] ? find_held_lock+0x2b/0x80 [ 502.083936][T16515] ksys_write+0x12a/0x250 [ 502.083949][T16515] ? __pfx_ksys_write+0x10/0x10 [ 502.083965][T16515] do_syscall_64+0x106/0xf80 [ 502.083986][T16515] ? clear_bhb_loop+0x40/0x90 [ 502.084003][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.084019][T16515] RIP: 0033:0x7f7904d5cfce [ 502.084031][T16515] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 502.084046][T16515] RSP: 002b:00007f7905d02fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 502.084060][T16515] RAX: ffffffffffffffda RBX: 00007f7905d036c0 RCX: 00007f7904d5cfce [ 502.084070][T16515] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 502.084080][T16515] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 502.084089][T16515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 502.084098][T16515] R13: 00007f7905016038 R14: 00007f7905015fa0 R15: 00007ffc137b8038 [ 502.084112][T16515] [ 502.084122][T16515] BUG: Bad page state in process syz.2.2579 pfn:34eb5 [ 502.088395][T16516] Modules linked in: [ 502.093833][T16515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888034eb5fe0 pfn:0x34eb5 [ 502.099439][T16516] CPU: 1 UID: 0 PID: 16516 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 502.099462][T16516] Tainted: [B]=BAD_PAGE [ 502.099467][T16516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 502.099476][T16516] Call Trace: [ 502.099480][T16516] [ 502.099486][T16516] dump_stack_lvl+0x100/0x190 [ 502.099509][T16516] bad_page.cold+0xbe/0xdf [ 502.099531][T16516] ? __pfx_bad_page+0x10/0x10 [ 502.099545][T16516] ? page_bad_reason+0x98/0x200 [ 502.099567][T16516] __free_frozen_pages+0x825/0x10d0 [ 502.099586][T16516] ? mark_held_locks+0x40/0x70 [ 502.099601][T16516] page_frag_free+0x284/0x2e0 [ 502.099623][T16516] __xdp_return+0x3cd/0xbb0 [ 502.099644][T16516] ? kmem_cache_free+0x124/0x6a0 [ 502.099663][T16516] ? skb_release_data+0x7a0/0x9d0 [ 502.099682][T16516] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 502.099708][T16516] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 502.099721][T16516] bpf_prog_run_generic_xdp+0x614/0x1610 [ 502.099741][T16516] do_xdp_generic+0x92e/0x12c0 [ 502.099758][T16516] ? __pfx_do_xdp_generic+0x10/0x10 [ 502.099773][T16516] ? __lock_acquire+0x4a5/0x2630 [ 502.099795][T16516] tun_get_user+0x1bd2/0x3e10 [ 502.099821][T16516] ? __pfx_tun_get_user+0x10/0x10 [ 502.099844][T16516] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 502.099864][T16516] ? find_held_lock+0x2b/0x80 [ 502.099883][T16516] ? tun_get+0x191/0x370 [ 502.099903][T16516] ? tun_get+0x191/0x370 [ 502.099925][T16516] tun_chr_write_iter+0xdc/0x200 [ 502.099949][T16516] vfs_write+0x6ac/0x1070 [ 502.099962][T16516] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 502.099986][T16516] ? __pfx_vfs_write+0x10/0x10 [ 502.099998][T16516] ? find_held_lock+0x2b/0x80 [ 502.100022][T16516] ksys_write+0x12a/0x250 [ 502.100036][T16516] ? __pfx_ksys_write+0x10/0x10 [ 502.100051][T16516] do_syscall_64+0x106/0xf80 [ 502.100071][T16516] ? clear_bhb_loop+0x40/0x90 [ 502.100088][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.100108][T16516] RIP: 0033:0x7f7904d5cfce [ 502.100120][T16516] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 502.100133][T16516] RSP: 002b:00007f7905ce1fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 502.100147][T16516] RAX: ffffffffffffffda RBX: 00007f7905ce26c0 RCX: 00007f7904d5cfce [ 502.100157][T16516] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 502.100166][T16516] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 502.100175][T16516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 502.100184][T16516] R13: 00007f7905016128 R14: 00007f7905016090 R15: 00007ffc137b8038 [ 502.100198][T16516] [ 502.100205][T16516] BUG: Bad page state in process syz.2.2579 pfn:370a5 [ 502.104182][T16515] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 502.109360][T16516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880370a5000 pfn:0x370a5 [ 502.114280][T16515] raw: 00fff00000000000 dead000000000040 ffff88801bbcb000 0000000000000000 [ 502.118918][T16516] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 502.123922][T16515] raw: ffff888034eb5fe0 0000000000000001 00000000ffffffff 0000000000000000 [ 502.129363][T16516] raw: 00fff00000000000 dead000000000040 ffff88801bbc8000 0000000000000000 [ 502.134042][T16515] page dumped because: page_pool leak [ 502.138258][T16516] raw: ffff8880370a5000 0000000000000001 00000000ffffffff 0000000000000000 [ 502.142487][T16515] page_owner tracks the page as allocated [ 502.147389][T16516] page dumped because: page_pool leak [ 502.151691][T16515] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16515, tgid 16514 (syz.2.2579), ts 499764981915, free_ts 499581120740 [ 502.157204][T16516] page_owner tracks the page as allocated [ 502.161943][T16515] post_alloc_hook+0x153/0x170 [ 502.166587][T16516] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16516, tgid 16514 (syz.2.2579), ts 499817706373, free_ts 499682494521 [ 502.170894][T16515] get_page_from_freelist+0x111d/0x3140 [ 502.175726][T16516] post_alloc_hook+0x153/0x170 [ 502.180281][T16515] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 502.185043][T16516] get_page_from_freelist+0x111d/0x3140 [ 502.190902][T16515] alloc_pages_bulk_noprof+0x782/0x1490 [ 502.195297][T16516] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 502.214889][T16515] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 502.223365][T16516] alloc_pages_bulk_noprof+0x782/0x1490 [ 502.231316][T16515] page_pool_alloc_netmems+0xc4/0x1a0 [ 502.239270][T16516] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 502.247223][T16515] skb_pp_cow_data+0x7f9/0xea0 [ 502.255177][T16516] page_pool_alloc_netmems+0xc4/0x1a0 [ 502.263214][T16515] skb_cow_data_for_xdp+0x88/0xb0 [ 502.266236][T16516] skb_pp_cow_data+0x7f9/0xea0 [ 502.273068][T16515] do_xdp_generic+0x56b/0x12c0 [ 502.277276][T16516] skb_cow_data_for_xdp+0x88/0xb0 [ 502.287319][T16515] tun_get_user+0x1bd2/0x3e10 [ 502.292953][T16516] do_xdp_generic+0x56b/0x12c0 [ 502.300039][T16515] tun_chr_write_iter+0xdc/0x200 [ 502.306009][T16516] tun_get_user+0x1bd2/0x3e10 [ 502.314577][T16515] vfs_write+0x6ac/0x1070 [ 502.318438][T16516] tun_chr_write_iter+0xdc/0x200 [ 502.327012][T16515] ksys_write+0x12a/0x250 [ 502.337924][T16516] vfs_write+0x6ac/0x1070 [ 502.342056][T16515] do_syscall_64+0x106/0xf80 [ 502.352270][T16516] ksys_write+0x12a/0x250 [ 502.355521][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.358427][T16516] do_syscall_64+0x106/0xf80 [ 502.363080][T16515] page last free pid 16511 tgid 16507 stack trace: [ 502.367470][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.372127][T16515] __free_frozen_pages+0x7e1/0x10d0 [ 502.376946][T16516] page last free pid 0 tgid 0 stack trace: [ 502.382135][T16515] __folio_put+0x3b4/0x540 [ 502.386877][T16516] __free_frozen_pages+0x7e1/0x10d0 [ 502.391524][T16515] af_alg_free_resources+0x735/0x920 [ 502.396019][T16516] tlb_remove_table_rcu+0x2cf/0x380 [ 502.400930][T16515] skcipher_recvmsg+0xbbc/0x1020 [ 502.405967][T16516] rcu_core+0x5a2/0x10d0 [ 502.411043][T16515] sock_recvmsg+0x1a4/0x1f0 [ 502.416506][T16516] handle_softirqs+0x1eb/0x9e0 [ 502.422131][T16515] ____sys_recvmsg+0x218/0x640 [ 502.426862][T16516] __irq_exit_rcu+0xef/0x150 [ 502.432034][T16515] ___sys_recvmsg+0x16a/0x1a0 [ 502.436938][T16516] irq_exit_rcu+0x9/0x30 [ 502.441587][T16515] __sys_recvmsg+0x16d/0x220 [ 502.446588][T16516] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 502.452020][T16515] do_syscall_64+0x106/0xf80 [ 502.456671][T16516] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 502.460878][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.465111][T16516] Modules linked in: [ 502.470009][T16515] Modules linked in: [ 502.474313][T16516] [ 502.479826][T16515] CPU: 0 UID: 0 PID: 16515 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 502.479850][T16515] Tainted: [B]=BAD_PAGE [ 502.479856][T16515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 502.479865][T16515] Call Trace: [ 502.479873][T16515] [ 502.479880][T16515] dump_stack_lvl+0x100/0x190 [ 502.479905][T16515] bad_page.cold+0xbe/0xdf [ 502.479928][T16515] ? __pfx_bad_page+0x10/0x10 [ 502.479942][T16515] ? page_bad_reason+0x98/0x200 [ 502.479965][T16515] __free_frozen_pages+0x825/0x10d0 [ 502.479985][T16515] ? mark_held_locks+0x40/0x70 [ 502.480002][T16515] page_frag_free+0x284/0x2e0 [ 502.480025][T16515] __xdp_return+0x3cd/0xbb0 [ 502.480048][T16515] ? kmem_cache_free+0x124/0x6a0 [ 502.480067][T16515] ? skb_release_data+0x7a0/0x9d0 [ 502.480088][T16515] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 502.480115][T16515] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 502.480129][T16515] bpf_prog_run_generic_xdp+0x614/0x1610 [ 502.480151][T16515] do_xdp_generic+0x92e/0x12c0 [ 502.480168][T16515] ? __pfx_do_xdp_generic+0x10/0x10 [ 502.480185][T16515] ? __lock_acquire+0x4a5/0x2630 [ 502.480207][T16515] tun_get_user+0x1bd2/0x3e10 [ 502.480235][T16515] ? __pfx_tun_get_user+0x10/0x10 [ 502.480258][T16515] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 502.480278][T16515] ? find_held_lock+0x2b/0x80 [ 502.480298][T16515] ? tun_get+0x191/0x370 [ 502.480318][T16515] ? tun_get+0x191/0x370 [ 502.480347][T16515] tun_chr_write_iter+0xdc/0x200 [ 502.480371][T16515] vfs_write+0x6ac/0x1070 [ 502.480385][T16515] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 502.480409][T16515] ? __pfx_vfs_write+0x10/0x10 [ 502.480423][T16515] ? find_held_lock+0x2b/0x80 [ 502.480448][T16515] ksys_write+0x12a/0x250 [ 502.480462][T16515] ? __pfx_ksys_write+0x10/0x10 [ 502.480478][T16515] do_syscall_64+0x106/0xf80 [ 502.480498][T16515] ? clear_bhb_loop+0x40/0x90 [ 502.480516][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.480532][T16515] RIP: 0033:0x7f7904d5cfce [ 502.480546][T16515] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 502.480561][T16515] RSP: 002b:00007f7905d02fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 502.480577][T16515] RAX: ffffffffffffffda RBX: 00007f7905d036c0 RCX: 00007f7904d5cfce [ 502.480587][T16515] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 502.480597][T16515] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 502.480607][T16515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 502.480616][T16515] R13: 00007f7905016038 R14: 00007f7905015fa0 R15: 00007ffc137b8038 [ 502.480631][T16515] [ 502.480641][T16515] BUG: Bad page state in process syz.2.2579 pfn:3ec05 [ 502.484565][T16516] CPU: 1 UID: 0 PID: 16516 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 502.484587][T16516] Tainted: [B]=BAD_PAGE [ 502.484593][T16516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 502.484601][T16516] Call Trace: [ 502.484606][T16516] [ 502.484611][T16516] dump_stack_lvl+0x100/0x190 [ 502.484634][T16516] bad_page.cold+0xbe/0xdf [ 502.484655][T16516] ? __pfx_bad_page+0x10/0x10 [ 502.484669][T16516] ? page_bad_reason+0x98/0x200 [ 502.484691][T16516] __free_frozen_pages+0x825/0x10d0 [ 502.484710][T16516] ? mark_held_locks+0x40/0x70 [ 502.484724][T16516] page_frag_free+0x284/0x2e0 [ 502.484747][T16516] __xdp_return+0x3cd/0xbb0 [ 502.484768][T16516] ? kmem_cache_free+0x124/0x6a0 [ 502.484786][T16516] ? skb_release_data+0x7a0/0x9d0 [ 502.484806][T16516] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 502.484832][T16516] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 502.484844][T16516] bpf_prog_run_generic_xdp+0x614/0x1610 [ 502.484865][T16516] do_xdp_generic+0x92e/0x12c0 [ 502.484881][T16516] ? __pfx_do_xdp_generic+0x10/0x10 [ 502.484896][T16516] ? __lock_acquire+0x4a5/0x2630 [ 502.484918][T16516] tun_get_user+0x1bd2/0x3e10 [ 502.484944][T16516] ? __pfx_tun_get_user+0x10/0x10 [ 502.484967][T16516] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 502.484987][T16516] ? find_held_lock+0x2b/0x80 [ 502.485006][T16516] ? tun_get+0x191/0x370 [ 502.485025][T16516] ? tun_get+0x191/0x370 [ 502.485048][T16516] tun_chr_write_iter+0xdc/0x200 [ 502.485072][T16516] vfs_write+0x6ac/0x1070 [ 502.485086][T16516] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 502.485115][T16516] ? __pfx_vfs_write+0x10/0x10 [ 502.485127][T16516] ? find_held_lock+0x2b/0x80 [ 502.485151][T16516] ksys_write+0x12a/0x250 [ 502.485164][T16516] ? __pfx_ksys_write+0x10/0x10 [ 502.485180][T16516] do_syscall_64+0x106/0xf80 [ 502.485199][T16516] ? clear_bhb_loop+0x40/0x90 [ 502.485216][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.485231][T16516] RIP: 0033:0x7f7904d5cfce [ 502.485242][T16516] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 502.485257][T16516] RSP: 002b:00007f7905ce1fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 502.485270][T16516] RAX: ffffffffffffffda RBX: 00007f7905ce26c0 RCX: 00007f7904d5cfce [ 502.485280][T16516] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 502.485289][T16516] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 502.485298][T16516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 502.485307][T16516] R13: 00007f7905016128 R14: 00007f7905016090 R15: 00007ffc137b8038 [ 502.485322][T16516] [ 502.485328][T16516] BUG: Bad page state in process syz.2.2579 pfn:5824d [ 502.489206][T16515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3ec05 [ 502.493512][T16516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805824d000 pfn:0x5824d [ 502.498324][T16515] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 502.502897][T16516] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 502.507549][T16515] raw: 00fff00000000000 dead000000000040 ffff88801bbcb000 0000000000000000 [ 502.513417][T16516] raw: 00fff00000000000 dead000000000040 ffff88801bbc8000 0000000000000000 [ 502.517802][T16515] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 502.537389][T16516] raw: ffff88805824d000 0000000000000001 00000000ffffffff 0000000000000000 [ 502.545765][T16515] page dumped because: page_pool leak [ 502.545776][T16515] page_owner tracks the page as allocated [ 502.553727][T16516] page dumped because: page_pool leak [ 502.561685][T16515] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16515, tgid 16514 (syz.2.2579), ts 499764974876, free_ts 499581131103 [ 502.569628][T16516] page_owner tracks the page as allocated [ 502.577582][T16515] post_alloc_hook+0x153/0x170 [ 502.585602][T16516] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16516, tgid 16514 (syz.2.2579), ts 499817694906, free_ts 499682516651 [ 502.588591][T16515] get_page_from_freelist+0x111d/0x3140 [ 502.595417][T16516] post_alloc_hook+0x153/0x170 [ 502.600836][T16515] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 502.606538][T16516] get_page_from_freelist+0x111d/0x3140 [ 502.616572][T16515] alloc_pages_bulk_noprof+0x782/0x1490 [ 502.633814][T16516] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 502.640887][T16515] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 502.645630][T16516] alloc_pages_bulk_noprof+0x782/0x1490 [ 502.654189][T16515] page_pool_alloc_netmems+0xc4/0x1a0 [ 502.659703][T16516] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 502.668263][T16515] skb_pp_cow_data+0x7f9/0xea0 [ 502.674135][T16516] page_pool_alloc_netmems+0xc4/0x1a0 [ 502.679478][T16515] skb_cow_data_for_xdp+0x88/0xb0 [ 502.685003][T16516] skb_pp_cow_data+0x7f9/0xea0 [ 502.690689][T16515] do_xdp_generic+0x56b/0x12c0 [ 502.696733][T16516] skb_cow_data_for_xdp+0x88/0xb0 [ 502.713901][T16515] tun_get_user+0x1bd2/0x3e10 [ 502.719242][T16516] do_xdp_generic+0x56b/0x12c0 [ 502.723983][T16515] tun_chr_write_iter+0xdc/0x200 [ 502.728715][T16516] tun_get_user+0x1bd2/0x3e10 [ 502.734237][T16515] vfs_write+0x6ac/0x1070 [ 502.739245][T16516] tun_chr_write_iter+0xdc/0x200 [ 502.745114][T16515] ksys_write+0x12a/0x250 [ 502.749845][T16516] vfs_write+0x6ac/0x1070 [ 502.755364][T16515] do_syscall_64+0x106/0xf80 [ 502.760015][T16516] ksys_write+0x12a/0x250 [ 502.766059][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.770964][T16516] do_syscall_64+0x106/0xf80 [ 502.776315][T16515] page last free pid 16511 tgid 16507 stack trace: [ 502.780621][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.785361][T16515] __free_frozen_pages+0x7e1/0x10d0 [ 502.789662][T16516] page last free pid 0 tgid 0 stack trace: [ 502.794665][T16515] __folio_put+0x3b4/0x540 [ 502.799226][T16516] __free_frozen_pages+0x7e1/0x10d0 [ 502.803965][T16515] af_alg_free_resources+0x735/0x920 [ 502.809826][T16516] tlb_remove_table_rcu+0x2cf/0x380 [ 502.814499][T16515] skcipher_recvmsg+0xbbc/0x1020 [ 502.820968][T16516] rcu_core+0x5a2/0x10d0 [ 502.825881][T16515] sock_recvmsg+0x1a4/0x1f0 [ 502.831045][T16516] handle_softirqs+0x1eb/0x9e0 [ 502.835352][T16515] ____sys_recvmsg+0x218/0x640 [ 502.839745][T16516] __irq_exit_rcu+0xef/0x150 [ 502.844052][T16515] ___sys_recvmsg+0x16a/0x1a0 [ 502.849301][T16516] irq_exit_rcu+0x9/0x30 [ 502.853875][T16515] __sys_recvmsg+0x16d/0x220 [ 502.858781][T16516] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 502.864648][T16515] do_syscall_64+0x106/0xf80 [ 502.869118][T16516] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 502.874905][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.879634][T16516] Modules linked in: [ 502.884805][T16515] Modules linked in: [ 502.889457][T16516] CPU: 1 UID: 0 PID: 16516 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 502.889480][T16516] Tainted: [B]=BAD_PAGE [ 502.889485][T16516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 502.889494][T16516] Call Trace: [ 502.889502][T16516] [ 502.889509][T16516] dump_stack_lvl+0x100/0x190 [ 502.889533][T16516] bad_page.cold+0xbe/0xdf [ 502.889555][T16516] ? __pfx_bad_page+0x10/0x10 [ 502.889569][T16516] ? page_bad_reason+0x98/0x200 [ 502.889592][T16516] __free_frozen_pages+0x825/0x10d0 [ 502.889610][T16516] ? mark_held_locks+0x40/0x70 [ 502.889626][T16516] page_frag_free+0x284/0x2e0 [ 502.889649][T16516] __xdp_return+0x3cd/0xbb0 [ 502.889671][T16516] ? kmem_cache_free+0x124/0x6a0 [ 502.889690][T16516] ? skb_release_data+0x7a0/0x9d0 [ 502.889710][T16516] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 502.889737][T16516] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 502.889749][T16516] bpf_prog_run_generic_xdp+0x614/0x1610 [ 502.889770][T16516] do_xdp_generic+0x92e/0x12c0 [ 502.889787][T16516] ? __pfx_do_xdp_generic+0x10/0x10 [ 502.889802][T16516] ? __lock_acquire+0x4a5/0x2630 [ 502.889824][T16516] tun_get_user+0x1bd2/0x3e10 [ 502.889851][T16516] ? __pfx_tun_get_user+0x10/0x10 [ 502.889874][T16516] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 502.889894][T16516] ? find_held_lock+0x2b/0x80 [ 502.889913][T16516] ? tun_get+0x191/0x370 [ 502.889933][T16516] ? tun_get+0x191/0x370 [ 502.889955][T16516] tun_chr_write_iter+0xdc/0x200 [ 502.889979][T16516] vfs_write+0x6ac/0x1070 [ 502.889992][T16516] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 502.890016][T16516] ? __pfx_vfs_write+0x10/0x10 [ 502.890028][T16516] ? find_held_lock+0x2b/0x80 [ 502.890052][T16516] ksys_write+0x12a/0x250 [ 502.890065][T16516] ? __pfx_ksys_write+0x10/0x10 [ 502.890081][T16516] do_syscall_64+0x106/0xf80 [ 502.890107][T16516] ? clear_bhb_loop+0x40/0x90 [ 502.890124][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.890139][T16516] RIP: 0033:0x7f7904d5cfce [ 502.890152][T16516] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 502.890166][T16516] RSP: 002b:00007f7905ce1fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 502.890180][T16516] RAX: ffffffffffffffda RBX: 00007f7905ce26c0 RCX: 00007f7904d5cfce [ 502.890190][T16516] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 502.890200][T16516] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 502.890208][T16516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 502.890217][T16516] R13: 00007f7905016128 R14: 00007f7905016090 R15: 00007ffc137b8038 [ 502.890231][T16516] [ 502.890241][T16516] BUG: Bad page state in process syz.2.2579 pfn:33a7a [ 502.894635][T16515] CPU: 0 UID: 0 PID: 16515 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 502.894657][T16515] Tainted: [B]=BAD_PAGE [ 502.894662][T16515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 502.894670][T16515] Call Trace: [ 502.894675][T16515] [ 502.894680][T16515] dump_stack_lvl+0x100/0x190 [ 502.894703][T16515] bad_page.cold+0xbe/0xdf [ 502.894724][T16515] ? __pfx_bad_page+0x10/0x10 [ 502.894738][T16515] ? page_bad_reason+0x98/0x200 [ 502.894760][T16515] __free_frozen_pages+0x825/0x10d0 [ 502.894779][T16515] ? mark_held_locks+0x40/0x70 [ 502.894793][T16515] page_frag_free+0x284/0x2e0 [ 502.894816][T16515] __xdp_return+0x3cd/0xbb0 [ 502.894836][T16515] ? kmem_cache_free+0x124/0x6a0 [ 502.894855][T16515] ? skb_release_data+0x7a0/0x9d0 [ 502.894874][T16515] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 502.894900][T16515] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 502.894912][T16515] bpf_prog_run_generic_xdp+0x614/0x1610 [ 502.894932][T16515] do_xdp_generic+0x92e/0x12c0 [ 502.894949][T16515] ? __pfx_do_xdp_generic+0x10/0x10 [ 502.894964][T16515] ? __lock_acquire+0x4a5/0x2630 [ 502.894986][T16515] tun_get_user+0x1bd2/0x3e10 [ 502.895012][T16515] ? __pfx_tun_get_user+0x10/0x10 [ 502.895034][T16515] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 502.895054][T16515] ? find_held_lock+0x2b/0x80 [ 502.895072][T16515] ? tun_get+0x191/0x370 [ 502.895092][T16515] ? tun_get+0x191/0x370 [ 502.895114][T16515] tun_chr_write_iter+0xdc/0x200 [ 502.895138][T16515] vfs_write+0x6ac/0x1070 [ 502.895151][T16515] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 502.895175][T16515] ? __pfx_vfs_write+0x10/0x10 [ 502.895187][T16515] ? find_held_lock+0x2b/0x80 [ 502.895211][T16515] ksys_write+0x12a/0x250 [ 502.895225][T16515] ? __pfx_ksys_write+0x10/0x10 [ 502.895241][T16515] do_syscall_64+0x106/0xf80 [ 502.895260][T16515] ? clear_bhb_loop+0x40/0x90 [ 502.895276][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.895291][T16515] RIP: 0033:0x7f7904d5cfce [ 502.895302][T16515] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 502.895315][T16515] RSP: 002b:00007f7905d02fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 502.895328][T16515] RAX: ffffffffffffffda RBX: 00007f7905d036c0 RCX: 00007f7904d5cfce [ 502.895343][T16515] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 502.895352][T16515] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 502.895361][T16515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 502.895370][T16515] R13: 00007f7905016038 R14: 00007f7905015fa0 R15: 00007ffc137b8038 [ 502.895384][T16515] [ 502.895391][T16515] BUG: Bad page state in process syz.2.2579 pfn:4ae27 [ 502.899192][T16516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888033a7a000 pfn:0x33a7a [ 502.903422][T16515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ae27 [ 502.907996][T16516] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 502.912737][T16515] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 502.918608][T16516] raw: 00fff00000000000 dead000000000040 ffff88801bbc8000 0000000000000000 [ 502.923170][T16515] raw: 00fff00000000000 dead000000000040 ffff88801bbcb000 0000000000000000 [ 502.927033][T16516] raw: ffff888033a7a000 0000000000000001 00000000ffffffff 0000000000000000 [ 502.931241][T16515] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 502.942142][T16516] page dumped because: page_pool leak [ 502.946265][T16515] page dumped because: page_pool leak [ 502.956315][T16516] page_owner tracks the page as allocated [ 502.959568][T16515] page_owner tracks the page as allocated [ 502.962521][T16516] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16516, tgid 16514 (syz.2.2579), ts 499817683178, free_ts 499682560994 [ 502.967174][T16515] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16515, tgid 16514 (syz.2.2579), ts 499764968396, free_ts 499581141833 [ 502.971559][T16516] post_alloc_hook+0x153/0x170 [ 502.976218][T16515] post_alloc_hook+0x153/0x170 [ 502.981032][T16516] get_page_from_freelist+0x111d/0x3140 [ 502.986207][T16515] get_page_from_freelist+0x111d/0x3140 [ 502.990938][T16516] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 502.995603][T16515] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 503.000087][T16516] alloc_pages_bulk_noprof+0x782/0x1490 [ 503.005022][T16515] alloc_pages_bulk_noprof+0x782/0x1490 [ 503.010015][T16516] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 503.015112][T16515] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 503.020534][T16516] page_pool_alloc_netmems+0xc4/0x1a0 [ 503.026145][T16515] page_pool_alloc_netmems+0xc4/0x1a0 [ 503.030873][T16516] skb_pp_cow_data+0x7f9/0xea0 [ 503.036045][T16515] skb_pp_cow_data+0x7f9/0xea0 [ 503.040950][T16516] skb_cow_data_for_xdp+0x88/0xb0 [ 503.045602][T16515] skb_cow_data_for_xdp+0x88/0xb0 [ 503.050593][T16516] do_xdp_generic+0x56b/0x12c0 [ 503.056032][T16515] do_xdp_generic+0x56b/0x12c0 [ 503.060675][T16516] tun_get_user+0x1bd2/0x3e10 [ 503.064893][T16515] tun_get_user+0x1bd2/0x3e10 [ 503.069110][T16516] tun_chr_write_iter+0xdc/0x200 [ 503.074023][T16515] tun_chr_write_iter+0xdc/0x200 [ 503.078319][T16516] vfs_write+0x6ac/0x1070 [ 503.083838][T16515] vfs_write+0x6ac/0x1070 [ 503.088569][T16516] ksys_write+0x12a/0x250 [ 503.093221][T16515] ksys_write+0x12a/0x250 [ 503.097526][T16516] do_syscall_64+0x106/0xf80 [ 503.102354][T16515] do_syscall_64+0x106/0xf80 [ 503.106914][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.111558][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.117429][T16516] page last free pid 0 tgid 0 stack trace: [ 503.121816][T16515] page last free pid 16511 tgid 16507 stack trace: [ 503.141417][T16516] __free_frozen_pages+0x7e1/0x10d0 [ 503.149821][T16515] __free_frozen_pages+0x7e1/0x10d0 [ 503.157797][T16516] tlb_remove_table_rcu+0x2cf/0x380 [ 503.165760][T16515] __folio_put+0x3b4/0x540 [ 503.173740][T16516] rcu_core+0x5a2/0x10d0 [ 503.181690][T16515] af_alg_free_resources+0x735/0x920 [ 503.189634][T16516] handle_softirqs+0x1eb/0x9e0 [ 503.192637][T16515] skcipher_recvmsg+0xbbc/0x1020 [ 503.199453][T16516] __irq_exit_rcu+0xef/0x150 [ 503.205061][T16515] sock_recvmsg+0x1a4/0x1f0 [ 503.213803][T16516] irq_exit_rcu+0x9/0x30 [ 503.219747][T16515] ____sys_recvmsg+0x218/0x640 [ 503.226834][T16516] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 503.230695][T16515] ___sys_recvmsg+0x16a/0x1a0 [ 503.239271][T16516] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 503.250186][T16515] __sys_recvmsg+0x16d/0x220 [ 503.254323][T16516] Modules linked in: [ 503.264454][T16515] do_syscall_64+0x106/0xf80 [ 503.267712][T16516] [ 503.267726][T16516] CPU: 1 UID: 0 PID: 16516 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 503.267748][T16516] Tainted: [B]=BAD_PAGE [ 503.267754][T16516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 503.267763][T16516] Call Trace: [ 503.267770][T16516] [ 503.267777][T16516] dump_stack_lvl+0x100/0x190 [ 503.267802][T16516] bad_page.cold+0xbe/0xdf [ 503.267825][T16516] ? __pfx_bad_page+0x10/0x10 [ 503.267839][T16516] ? page_bad_reason+0x98/0x200 [ 503.267863][T16516] __free_frozen_pages+0x825/0x10d0 [ 503.267882][T16516] ? mark_held_locks+0x40/0x70 [ 503.267898][T16516] page_frag_free+0x284/0x2e0 [ 503.267920][T16516] __xdp_return+0x3cd/0xbb0 [ 503.267942][T16516] ? kmem_cache_free+0x124/0x6a0 [ 503.267961][T16516] ? skb_release_data+0x7a0/0x9d0 [ 503.267982][T16516] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 503.268008][T16516] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 503.268021][T16516] bpf_prog_run_generic_xdp+0x614/0x1610 [ 503.268042][T16516] do_xdp_generic+0x92e/0x12c0 [ 503.268058][T16516] ? __pfx_do_xdp_generic+0x10/0x10 [ 503.268074][T16516] ? __lock_acquire+0x4a5/0x2630 [ 503.268095][T16516] tun_get_user+0x1bd2/0x3e10 [ 503.268127][T16516] ? __pfx_tun_get_user+0x10/0x10 [ 503.268150][T16516] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 503.268169][T16516] ? find_held_lock+0x2b/0x80 [ 503.268188][T16516] ? tun_get+0x191/0x370 [ 503.268208][T16516] ? tun_get+0x191/0x370 [ 503.268231][T16516] tun_chr_write_iter+0xdc/0x200 [ 503.268255][T16516] vfs_write+0x6ac/0x1070 [ 503.268270][T16516] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 503.268293][T16516] ? __pfx_vfs_write+0x10/0x10 [ 503.268305][T16516] ? find_held_lock+0x2b/0x80 [ 503.268329][T16516] ksys_write+0x12a/0x250 [ 503.268342][T16516] ? __pfx_ksys_write+0x10/0x10 [ 503.268358][T16516] do_syscall_64+0x106/0xf80 [ 503.268378][T16516] ? clear_bhb_loop+0x40/0x90 [ 503.268395][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.268411][T16516] RIP: 0033:0x7f7904d5cfce [ 503.268424][T16516] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 503.268438][T16516] RSP: 002b:00007f7905ce1fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 503.268453][T16516] RAX: ffffffffffffffda RBX: 00007f7905ce26c0 RCX: 00007f7904d5cfce [ 503.268463][T16516] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 503.268472][T16516] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 503.268481][T16516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 503.268490][T16516] R13: 00007f7905016128 R14: 00007f7905016090 R15: 00007ffc137b8038 [ 503.268505][T16516] [ 503.268515][T16516] BUG: Bad page state in process syz.2.2579 pfn:2eb47 [ 503.270618][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.275286][T16516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802eb47000 pfn:0x2eb47 [ 503.279654][T16515] Modules linked in: [ 503.284327][T16516] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 503.289145][T16515] CPU: 0 UID: 0 PID: 16515 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 503.289167][T16515] Tainted: [B]=BAD_PAGE [ 503.289173][T16515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 503.289181][T16515] Call Trace: [ 503.289186][T16515] [ 503.289191][T16515] dump_stack_lvl+0x100/0x190 [ 503.289215][T16515] bad_page.cold+0xbe/0xdf [ 503.289236][T16515] ? __pfx_bad_page+0x10/0x10 [ 503.289250][T16515] ? page_bad_reason+0x98/0x200 [ 503.289273][T16515] __free_frozen_pages+0x825/0x10d0 [ 503.289292][T16515] ? mark_held_locks+0x40/0x70 [ 503.289306][T16515] page_frag_free+0x284/0x2e0 [ 503.289329][T16515] __xdp_return+0x3cd/0xbb0 [ 503.289351][T16515] ? kmem_cache_free+0x124/0x6a0 [ 503.289373][T16515] ? skb_release_data+0x7a0/0x9d0 [ 503.289394][T16515] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 503.289420][T16515] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 503.289432][T16515] bpf_prog_run_generic_xdp+0x614/0x1610 [ 503.289452][T16515] do_xdp_generic+0x92e/0x12c0 [ 503.289469][T16515] ? __pfx_do_xdp_generic+0x10/0x10 [ 503.289484][T16515] ? __lock_acquire+0x4a5/0x2630 [ 503.289506][T16515] tun_get_user+0x1bd2/0x3e10 [ 503.289532][T16515] ? __pfx_tun_get_user+0x10/0x10 [ 503.289555][T16515] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 503.289575][T16515] ? find_held_lock+0x2b/0x80 [ 503.289594][T16515] ? tun_get+0x191/0x370 [ 503.289613][T16515] ? tun_get+0x191/0x370 [ 503.289636][T16515] tun_chr_write_iter+0xdc/0x200 [ 503.289659][T16515] vfs_write+0x6ac/0x1070 [ 503.289673][T16515] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 503.289697][T16515] ? __pfx_vfs_write+0x10/0x10 [ 503.289709][T16515] ? find_held_lock+0x2b/0x80 [ 503.289734][T16515] ksys_write+0x12a/0x250 [ 503.289747][T16515] ? __pfx_ksys_write+0x10/0x10 [ 503.289763][T16515] do_syscall_64+0x106/0xf80 [ 503.289783][T16515] ? clear_bhb_loop+0x40/0x90 [ 503.289800][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.289815][T16515] RIP: 0033:0x7f7904d5cfce [ 503.289826][T16515] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 503.289840][T16515] RSP: 002b:00007f7905d02fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 503.289854][T16515] RAX: ffffffffffffffda RBX: 00007f7905d036c0 RCX: 00007f7904d5cfce [ 503.289864][T16515] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 503.289873][T16515] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 503.289882][T16515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 503.289891][T16515] R13: 00007f7905016038 R14: 00007f7905015fa0 R15: 00007ffc137b8038 [ 503.289905][T16515] [ 503.289913][T16515] BUG: Bad page state in process syz.2.2579 pfn:7665e [ 503.294326][T16516] raw: 00fff00000000000 dead000000000040 ffff88801bbc8000 0000000000000000 [ 503.299065][T16515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7665e [ 503.303732][T16516] raw: ffff88802eb47000 0000000000000001 00000000ffffffff 0000000000000000 [ 503.308194][T16515] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 503.313108][T16516] page dumped because: page_pool leak [ 503.318101][T16515] raw: 00fff00000000000 dead000000000040 ffff88801bbcb000 0000000000000000 [ 503.323191][T16516] page_owner tracks the page as allocated [ 503.328618][T16515] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 503.334221][T16516] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16516, tgid 16514 (syz.2.2579), ts 499817671866, free_ts 499682584525 [ 503.338951][T16515] page dumped because: page_pool leak [ 503.344129][T16516] post_alloc_hook+0x153/0x170 [ 503.349028][T16515] page_owner tracks the page as allocated [ 503.353688][T16516] get_page_from_freelist+0x111d/0x3140 [ 503.358677][T16515] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16515, tgid 16514 (syz.2.2579), ts 499764961858, free_ts 499581152698 [ 503.364129][T16516] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 503.368771][T16515] post_alloc_hook+0x153/0x170 [ 503.372992][T16516] alloc_pages_bulk_noprof+0x782/0x1490 [ 503.377200][T16515] get_page_from_freelist+0x111d/0x3140 [ 503.382146][T16516] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 503.386437][T16515] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 503.391960][T16516] page_pool_alloc_netmems+0xc4/0x1a0 [ 503.396690][T16515] alloc_pages_bulk_noprof+0x782/0x1490 [ 503.401338][T16516] skb_pp_cow_data+0x7f9/0xea0 [ 503.405659][T16515] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 503.410478][T16516] skb_cow_data_for_xdp+0x88/0xb0 [ 503.415051][T16515] page_pool_alloc_netmems+0xc4/0x1a0 [ 503.419693][T16516] do_xdp_generic+0x56b/0x12c0 [ 503.425558][T16515] skb_pp_cow_data+0x7f9/0xea0 [ 503.429953][T16516] tun_get_user+0x1bd2/0x3e10 [ 503.449535][T16515] skb_cow_data_for_xdp+0x88/0xb0 [ 503.457924][T16516] tun_chr_write_iter+0xdc/0x200 [ 503.465873][T16515] do_xdp_generic+0x56b/0x12c0 [ 503.473829][T16516] vfs_write+0x6ac/0x1070 [ 503.481778][T16515] tun_get_user+0x1bd2/0x3e10 [ 503.489721][T16516] ksys_write+0x12a/0x250 [ 503.497671][T16515] tun_chr_write_iter+0xdc/0x200 [ 503.500666][T16516] do_syscall_64+0x106/0xf80 [ 503.507494][T16515] vfs_write+0x6ac/0x1070 [ 503.516061][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.526092][T16515] ksys_write+0x12a/0x250 [ 503.531432][T16516] page last free pid 0 tgid 0 stack trace: [ 503.538511][T16515] do_syscall_64+0x106/0xf80 [ 503.544207][T16516] __free_frozen_pages+0x7e1/0x10d0 [ 503.561357][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.569919][T16516] tlb_remove_table_rcu+0x2cf/0x380 [ 503.574659][T16515] page last free pid 16511 tgid 16507 stack trace: [ 503.583219][T16516] rcu_core+0x5a2/0x10d0 [ 503.588736][T16515] __free_frozen_pages+0x7e1/0x10d0 [ 503.594086][T16516] handle_softirqs+0x1eb/0x9e0 [ 503.599942][T16515] __folio_put+0x3b4/0x540 [ 503.605638][T16516] __irq_exit_rcu+0xef/0x150 [ 503.611147][T16515] af_alg_free_resources+0x735/0x920 [ 503.628307][T16516] irq_exit_rcu+0x9/0x30 [ 503.634347][T16515] skcipher_recvmsg+0xbbc/0x1020 [ 503.639081][T16516] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 503.644431][T16515] sock_recvmsg+0x1a4/0x1f0 [ 503.649954][T16516] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 503.654693][T16515] ____sys_recvmsg+0x218/0x640 [ 503.660557][T16516] Modules linked in: [ 503.665555][T16515] ___sys_recvmsg+0x16a/0x1a0 [ 503.671068][T16516] [ 503.671080][T16516] CPU: 1 UID: 0 PID: 16516 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 503.671102][T16516] Tainted: [B]=BAD_PAGE [ 503.671107][T16516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 503.671120][T16516] Call Trace: [ 503.671128][T16516] [ 503.671134][T16516] dump_stack_lvl+0x100/0x190 [ 503.671158][T16516] bad_page.cold+0xbe/0xdf [ 503.671179][T16516] ? __pfx_bad_page+0x10/0x10 [ 503.671193][T16516] ? page_bad_reason+0x98/0x200 [ 503.671216][T16516] __free_frozen_pages+0x825/0x10d0 [ 503.671235][T16516] ? mark_held_locks+0x40/0x70 [ 503.671250][T16516] page_frag_free+0x284/0x2e0 [ 503.671273][T16516] __xdp_return+0x3cd/0xbb0 [ 503.671295][T16516] ? kmem_cache_free+0x124/0x6a0 [ 503.671313][T16516] ? skb_release_data+0x7a0/0x9d0 [ 503.671333][T16516] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 503.671359][T16516] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 503.671372][T16516] bpf_prog_run_generic_xdp+0x614/0x1610 [ 503.671393][T16516] do_xdp_generic+0x92e/0x12c0 [ 503.671410][T16516] ? __pfx_do_xdp_generic+0x10/0x10 [ 503.671425][T16516] ? __lock_acquire+0x4a5/0x2630 [ 503.671446][T16516] tun_get_user+0x1bd2/0x3e10 [ 503.671473][T16516] ? __pfx_tun_get_user+0x10/0x10 [ 503.671496][T16516] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 503.671516][T16516] ? find_held_lock+0x2b/0x80 [ 503.671534][T16516] ? tun_get+0x191/0x370 [ 503.671554][T16516] ? tun_get+0x191/0x370 [ 503.671577][T16516] tun_chr_write_iter+0xdc/0x200 [ 503.671600][T16516] vfs_write+0x6ac/0x1070 [ 503.671614][T16516] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 503.671638][T16516] ? __pfx_vfs_write+0x10/0x10 [ 503.671653][T16516] ? find_held_lock+0x2b/0x80 [ 503.671678][T16516] ksys_write+0x12a/0x250 [ 503.671691][T16516] ? __pfx_ksys_write+0x10/0x10 [ 503.671707][T16516] do_syscall_64+0x106/0xf80 [ 503.671726][T16516] ? clear_bhb_loop+0x40/0x90 [ 503.671743][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.671759][T16516] RIP: 0033:0x7f7904d5cfce [ 503.671770][T16516] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 503.671784][T16516] RSP: 002b:00007f7905ce1fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 503.671798][T16516] RAX: ffffffffffffffda RBX: 00007f7905ce26c0 RCX: 00007f7904d5cfce [ 503.671808][T16516] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 503.671818][T16516] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 503.671827][T16516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 503.671837][T16516] R13: 00007f7905016128 R14: 00007f7905016090 R15: 00007ffc137b8038 [ 503.671851][T16516] [ 503.671873][T16516] BUG: Bad page state in process syz.2.2579 pfn:28f1a [ 503.675810][T16515] __sys_recvmsg+0x16d/0x220 [ 503.681858][T16516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888028f1a000 pfn:0x28f1a [ 503.686520][T16515] do_syscall_64+0x106/0xf80 [ 503.691873][T16516] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 503.696773][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.701512][T16516] raw: 00fff00000000000 dead000000000040 ffff88801bbc8000 0000000000000000 [ 503.705810][T16515] Modules linked in: [ 503.710826][T16516] raw: ffff888028f1a000 0000000000000001 00000000ffffffff 0000000000000000 [ 503.715131][T16515] CPU: 0 UID: 0 PID: 16515 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 503.715153][T16515] Tainted: [B]=BAD_PAGE [ 503.715159][T16515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 503.715168][T16515] Call Trace: [ 503.715173][T16515] [ 503.715179][T16515] dump_stack_lvl+0x100/0x190 [ 503.715203][T16515] bad_page.cold+0xbe/0xdf [ 503.715224][T16515] ? __pfx_bad_page+0x10/0x10 [ 503.715238][T16515] ? page_bad_reason+0x98/0x200 [ 503.715260][T16515] __free_frozen_pages+0x825/0x10d0 [ 503.715279][T16515] ? mark_held_locks+0x40/0x70 [ 503.715293][T16515] page_frag_free+0x284/0x2e0 [ 503.715316][T16515] __xdp_return+0x3cd/0xbb0 [ 503.715337][T16515] ? kmem_cache_free+0x124/0x6a0 [ 503.715355][T16515] ? skb_release_data+0x7a0/0x9d0 [ 503.715380][T16515] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 503.715406][T16515] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 503.715418][T16515] bpf_prog_run_generic_xdp+0x614/0x1610 [ 503.715439][T16515] do_xdp_generic+0x92e/0x12c0 [ 503.715456][T16515] ? __pfx_do_xdp_generic+0x10/0x10 [ 503.715471][T16515] ? __lock_acquire+0x4a5/0x2630 [ 503.715492][T16515] tun_get_user+0x1bd2/0x3e10 [ 503.715518][T16515] ? __pfx_tun_get_user+0x10/0x10 [ 503.715541][T16515] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 503.715560][T16515] ? find_held_lock+0x2b/0x80 [ 503.715579][T16515] ? tun_get+0x191/0x370 [ 503.715599][T16515] ? tun_get+0x191/0x370 [ 503.715621][T16515] tun_chr_write_iter+0xdc/0x200 [ 503.715644][T16515] vfs_write+0x6ac/0x1070 [ 503.715658][T16515] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 503.715681][T16515] ? __pfx_vfs_write+0x10/0x10 [ 503.715693][T16515] ? find_held_lock+0x2b/0x80 [ 503.715717][T16515] ksys_write+0x12a/0x250 [ 503.715731][T16515] ? __pfx_ksys_write+0x10/0x10 [ 503.715746][T16515] do_syscall_64+0x106/0xf80 [ 503.715766][T16515] ? clear_bhb_loop+0x40/0x90 [ 503.715783][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.715798][T16515] RIP: 0033:0x7f7904d5cfce [ 503.715810][T16515] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 503.715824][T16515] RSP: 002b:00007f7905d02fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 503.715838][T16515] RAX: ffffffffffffffda RBX: 00007f7905d036c0 RCX: 00007f7904d5cfce [ 503.715848][T16515] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 503.715857][T16515] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 503.715867][T16515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 503.715875][T16515] R13: 00007f7905016038 R14: 00007f7905015fa0 R15: 00007ffc137b8038 [ 503.715890][T16515] [ 503.715897][T16515] BUG: Bad page state in process syz.2.2579 pfn:4ae25 [ 503.719859][T16516] page dumped because: page_pool leak [ 503.724427][T16515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ae25 [ 503.729071][T16516] page_owner tracks the page as allocated [ 503.734937][T16515] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 503.739841][T16516] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16516, tgid 16514 (syz.2.2579), ts 499817660413, free_ts 499682607752 [ 503.746325][T16515] raw: 00fff00000000000 dead000000000040 ffff88801bbcb000 0000000000000000 [ 503.750617][T16516] post_alloc_hook+0x153/0x170 [ 503.755804][T16515] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 503.760097][T16516] get_page_from_freelist+0x111d/0x3140 [ 503.764492][T16515] page dumped because: page_pool leak [ 503.764501][T16515] page_owner tracks the page as allocated [ 503.769050][T16516] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 503.774310][T16515] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16515, tgid 16514 (syz.2.2579), ts 499764955670, free_ts 499760957698 [ 503.780171][T16516] alloc_pages_bulk_noprof+0x782/0x1490 [ 503.785104][T16515] post_alloc_hook+0x153/0x170 [ 503.790889][T16516] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 503.795373][T16515] get_page_from_freelist+0x111d/0x3140 [ 503.800534][T16516] page_pool_alloc_netmems+0xc4/0x1a0 [ 503.805272][T16515] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 503.810437][T16516] skb_pp_cow_data+0x7f9/0xea0 [ 503.815092][T16515] alloc_pages_bulk_noprof+0x782/0x1490 [ 503.819306][T16516] skb_cow_data_for_xdp+0x88/0xb0 [ 503.823887][T16515] __page_pool_alloc_netmems_slow+0x1c6/0xc10 [ 503.828620][T16516] do_xdp_generic+0x56b/0x12c0 [ 503.833185][T16515] page_pool_alloc_netmems+0xc4/0x1a0 [ 503.837744][T16516] tun_get_user+0x1bd2/0x3e10 [ 503.843613][T16515] skb_pp_cow_data+0x7f9/0xea0 [ 503.847823][T16516] tun_chr_write_iter+0xdc/0x200 [ 503.851694][T16515] skb_cow_data_for_xdp+0x88/0xb0 [ 503.857302][T16516] vfs_write+0x6ac/0x1070 [ 503.868243][T16515] do_xdp_generic+0x56b/0x12c0 [ 503.872380][T16516] ksys_write+0x12a/0x250 [ 503.882413][T16515] tun_get_user+0x1bd2/0x3e10 [ 503.885667][T16516] do_syscall_64+0x106/0xf80 [ 503.888581][T16515] tun_chr_write_iter+0xdc/0x200 [ 503.893235][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.897614][T16515] vfs_write+0x6ac/0x1070 [ 503.902283][T16516] page last free pid 0 tgid 0 stack trace: [ 503.907111][T16515] ksys_write+0x12a/0x250 [ 503.912313][T16516] __free_frozen_pages+0x7e1/0x10d0 [ 503.917045][T16515] do_syscall_64+0x106/0xf80 [ 503.921704][T16516] tlb_remove_table_rcu+0x2cf/0x380 [ 503.926169][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.931074][T16516] rcu_core+0x5a2/0x10d0 [ 503.936075][T16515] page last free pid 16515 tgid 16514 stack trace: [ 503.941150][T16516] handle_softirqs+0x1eb/0x9e0 [ 503.946584][T16515] __free_frozen_pages+0x7e1/0x10d0 [ 503.952208][T16516] __irq_exit_rcu+0xef/0x150 [ 503.956937][T16515] __kasan_populate_vmalloc+0x164/0x210 [ 503.962118][T16516] irq_exit_rcu+0x9/0x30 [ 503.967018][T16515] alloc_vmap_area+0x95d/0x2bd0 [ 503.971675][T16516] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 503.976662][T16515] __get_vm_area_node+0x1ca/0x330 [ 503.982106][T16516] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 503.986936][T16515] __vmalloc_node_range_noprof+0x213/0x1530 [ 503.991147][T16516] Modules linked in: [ 503.995366][T16515] __vmalloc_node_noprof+0xad/0xf0 [ 504.000277][T16516] CPU: 1 UID: 0 PID: 16516 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 504.000300][T16516] Tainted: [B]=BAD_PAGE [ 504.000306][T16516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 504.000314][T16516] Call Trace: [ 504.000323][T16516] [ 504.000330][T16516] dump_stack_lvl+0x100/0x190 [ 504.000358][T16516] bad_page.cold+0xbe/0xdf [ 504.000380][T16516] ? __pfx_bad_page+0x10/0x10 [ 504.000394][T16516] ? page_bad_reason+0x98/0x200 [ 504.000417][T16516] __free_frozen_pages+0x825/0x10d0 [ 504.000436][T16516] ? mark_held_locks+0x40/0x70 [ 504.000452][T16516] page_frag_free+0x284/0x2e0 [ 504.000474][T16516] __xdp_return+0x3cd/0xbb0 [ 504.000497][T16516] ? kmem_cache_free+0x124/0x6a0 [ 504.000515][T16516] ? skb_release_data+0x7a0/0x9d0 [ 504.000536][T16516] bpf_xdp_adjust_tail+0x8a1/0xbb0 [ 504.000562][T16516] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 504.000575][T16516] bpf_prog_run_generic_xdp+0x614/0x1610 [ 504.000597][T16516] do_xdp_generic+0x92e/0x12c0 [ 504.000613][T16516] ? __pfx_do_xdp_generic+0x10/0x10 [ 504.000628][T16516] ? __lock_acquire+0x4a5/0x2630 [ 504.000650][T16516] tun_get_user+0x1bd2/0x3e10 [ 504.000677][T16516] ? __pfx_tun_get_user+0x10/0x10 [ 504.000700][T16516] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 504.000721][T16516] ? find_held_lock+0x2b/0x80 [ 504.000740][T16516] ? tun_get+0x191/0x370 [ 504.000760][T16516] ? tun_get+0x191/0x370 [ 504.000782][T16516] tun_chr_write_iter+0xdc/0x200 [ 504.000806][T16516] vfs_write+0x6ac/0x1070 [ 504.000820][T16516] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 504.000844][T16516] ? __pfx_vfs_write+0x10/0x10 [ 504.000856][T16516] ? find_held_lock+0x2b/0x80 [ 504.000881][T16516] ksys_write+0x12a/0x250 [ 504.000894][T16516] ? __pfx_ksys_write+0x10/0x10 [ 504.000910][T16516] do_syscall_64+0x106/0xf80 [ 504.000930][T16516] ? clear_bhb_loop+0x40/0x90 [ 504.000947][T16516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.000963][T16516] RIP: 0033:0x7f7904d5cfce [ 504.000975][T16516] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 504.000989][T16516] RSP: 002b:00007f7905ce1fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 504.001004][T16516] RAX: ffffffffffffffda RBX: 00007f7905ce26c0 RCX: 00007f7904d5cfce [ 504.001014][T16516] RDX: 000000000000fef3 RSI: 0000200000000200 RDI: 00000000000000c8 [ 504.001024][T16516] RBP: 00007f7904e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 504.001033][T16516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 504.001042][T16516] R13: 00007f7905016128 R14: 00007f7905016090 R15: 00007ffc137b8038 [ 504.001056][T16516] [ 504.001065][T16516] BUG: Bad page state in process syz.2.2579 pfn:6a420 [ 504.004577][T16515] bpf_prog_calc_tag+0x69/0x380 [ 504.010095][T16516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x6a420 [ 504.014834][T16515] resolve_pseudo_ldimm64+0xd2/0x1970 [ 504.019485][T16516] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 504.023789][T16515] bpf_check+0x7460/0xcd50 [ 504.028614][T16516] raw: 00fff00000000000 dead000000000040 ffff88801bbc8000 0000000000000000 [ 504.033197][T16515] bpf_prog_load+0x1c86/0x2c20 [ 504.037851][T16516] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 504.043713][T16515] __sys_bpf+0x223a/0x4b90 [ 504.048097][T16516] page dumped because: page_pool leak [ 504.067681][T16515] __x64_sys_bpf+0x7b/0xc0 [ 504.076089][T16516] page_owner tracks the page as allocated [ 504.076097][T16516] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 16516, tgid 16514 (syz.2.2579), ts 499817649128, free_ts 499682631355 [ 504.084043][T16515] do_syscall_64+0x106/0xf80 [ 504.092002][T16516] post_alloc_hook+0x153/0x170 [ 504.099940][T16515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.107900][T16516] get_page_from_freelist+0x111d/0x3140 [ 504.115853][T16515] Modules linked in: [ 504.118857][T16516] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 504.125687][T16515] CPU: 0 UID: 0 PID: 16515 Comm: syz.2.2579 Tainted: G B syzkaller #0 PREEMPT(full) [ 504.125709][T16515] Tainted: [B]=BAD_PAGE [ 504.125715][T16515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 504.125724][T16515] Call Trace: [ 504.125730][T16515] [ 504.125736][T16515] dump_stack_lvl+0x100/0x190 [ 504.125760][T16515] bad_page.cold+0xbe/0xdf