last executing test programs: 24.693884499s ago: executing program 2 (id=3816): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/wireless\x00') getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) openat$ptmx(0xffffff9c, 0x0, 0x210d40, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xc8}}, 0x20050800) preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000900)=""/212, 0xd4}, {&(0x7f0000000200)=""/247, 0xf7}], 0x2, 0xa2, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) 18.976648788s ago: executing program 2 (id=3852): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f00000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00'], 0x48) 17.678560704s ago: executing program 2 (id=3857): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000e0000002000000000000000000000000ebffffffffffffff00000000000000000000000a000000000a"], 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000015"], 0xb8}}, 0x0) 17.523872639s ago: executing program 2 (id=3858): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r1 = getpid() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r3, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r1}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r4) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r5, 0xfffffffc) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) 15.061594408s ago: executing program 2 (id=3871): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, 0x0) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, 0x0, 0x24008011) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) connect$pppoe(r1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x4000}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x8, 0x3, 0x254, 0x0, 0x11, 0x148, 0x128, 0x10, 0x1c0, 0x2a8, 0x2a8, 0x1c0, 0x2a8, 0xac, 0x0, {[{{@ip={@multicast2, @private=0xa010101, 0x0, 0x0, 'veth1_vlan\x00', 'rose0\x00', {}, {}, 0x0, 0x0, 0x40}, 0x10, 0xe0, 0x128, 0x1c, {}, [@common=@unspec=@helper={{0x44}, {0x0, 'irc-20000\x00'}}, @common=@unspec=@mark={{0x2c}, {0x6, 0xff7ffff8, 0x1}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'ip6gre0\x00'}}}, {{@ip={@broadcast, @loopback, 0xac418c18f39f1285, 0x0, 'veth0_macvtap\x00', 'syzkaller1\x00', {0xff}, {0xff}, 0x6, 0x2}, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x0, 0x5}, {0x140}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x2b0) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(0xffffffffffffffff, 0xc01864b0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) socket$nl_route(0x10, 0x3, 0x0) 10.603400568s ago: executing program 1 (id=3880): socket$inet6_sctp(0xa, 0x1, 0x84) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r0, 0x0, 0x4000000) getpgid(0x0) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) landlock_restrict_self(0xffffffffffffffff, 0x0) socket(0x840000000002, 0x1, 0x100) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000000)={0xa0000001}) epoll_wait(0xffffffffffffffff, &(0x7f0000000340)=[{}], 0x1, 0x1000) socketpair$unix(0x1, 0x1, 0x0, 0x0) syz_io_uring_setup(0x890, 0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, 0x0, 0x0) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x42, 0x2}, 0x3}}, 0x10) syz_usb_connect(0x0, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090501"], 0x0) truncate(0x0, 0x8) 7.108012822s ago: executing program 1 (id=3892): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/wireless\x00') getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) openat$ptmx(0xffffff9c, 0x0, 0x210d40, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f000000000000000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xc8}}, 0x20050800) preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000900)=""/212, 0xd4}, {&(0x7f0000000200)=""/247, 0xf7}], 0x2, 0xa2, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) 7.107604198s ago: executing program 3 (id=3893): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340), 0x106}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000580)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000004c0), 0x13f, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000240), 0x106, 0x4}}, 0x20) r1 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0xfffffffffffffffe, &(0x7f0000000b40), 0x106}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000900), 0x111}}, 0x20) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000940)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000780), 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x111}}, 0x20) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="06010000246837f73199aee6fdb9291b3091ec1a2d41d2271b00d8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3) 6.946985423s ago: executing program 3 (id=3894): r0 = getpid() r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc1105518, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x8001, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x100000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x4, 0x2000004, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x9]}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TCXONC(r4, 0x540a, 0x0) ioctl$TCXONC(r4, 0x540a, 0x2) kexec_load(0x0, 0x0, 0x0, 0x320000) sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r3, 0x1, 0x70bd2d, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r0}}]}, 0x3c}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2002, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_TSC_KHZ(0xffffffffffffffff, 0xaea2, 0x4) syz_open_dev$sg(&(0x7f0000000380), 0x4, 0x4200) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r7, 0x1, 0x2a, 0x0, 0x0) recvmmsg(r7, &(0x7f0000008880), 0x483, 0x44000102, 0x0) syz_emit_ethernet(0xbe, &(0x7f0000000600)=ANY=[], 0x0) r8 = dup(r6) write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c) socket$inet(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond0\x00'}) ioctl$NS_GET_OWNER_UID(r8, 0xb704, &(0x7f0000000500)) mount$tmpfs(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x4002, &(0x7f0000000540)={[{@inode64}, {@grpquota_block_hardlimit={'grpquota_block_hardlimit', 0x3d, [0x36, 0x78]}}, {@size={'size', 0x3d, [0x2d]}}], [{@dont_appraise}, {@dont_hash}, {@obj_user={'obj_user', 0x3d, '!,}:-@{'}}, {@dont_measure}, {@pcr={'pcr', 0x3d, 0x20000003c}}, {@audit}, {@dont_appraise}, {@fsmagic}]}) 5.830916893s ago: executing program 0 (id=3903): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r0, &(0x7f0000000440)=[{0x84, 0x77, 0x0, 0x0, @tick=0xffffffff, {0x8}, {0x7}, @raw32={[0x2, 0x0, 0x8000000]}}, {0x0, 0x0, 0x5, 0x83, @tick, {0xfd}, {}, @note={0x81}}, {0x6, 0x3, 0x9, 0x3, @tick=0x1, {0x10, 0x5}, {0xc, 0x2}, @control={0x3, 0x7, 0x7fff}}, {0x8, 0x3, 0x6, 0x4, @time={0x1, 0xd93}, {0xba, 0x3}, {0xdb}, @note={0xfc, 0x10, 0x7, 0x6, 0x73ec}}], 0x70) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 5.648166432s ago: executing program 3 (id=3904): execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x800) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x3, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000000)=@generic={0x1, 0xe, 0x6}) 5.364867861s ago: executing program 0 (id=3905): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f00000002c0)="23000000010006", 0x7) mount(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f00000003c0)='gfs2meta\x00', 0xa000, &(0x7f0000000400)='[:\x00') bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x4b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r1 = epoll_create1(0x80000) epoll_pwait2(r1, &(0x7f00000000c0)=[{}], 0x1, &(0x7f0000000000), 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000004000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff1d6405000000000065040400210000000404000001e37c60b7040000000000006a0a00fe000000008500000032000000b70000000000000095000000000000000ce0de7621e5e832249c04112cf7af2b75d0d1f034b1b3fb6bd3ce8fa62c7941272ff49142d860010ab162aa2264ab67e55a00000000000000edfe0969a9ddc125b686a1e83c8790c893d713b3295dad0ea697181d1e85b64126b5d72f204754d1d4a93f24215dee354e93cfc3f50ff23f8432c72012f021c84c59a9d4c142f439d3040cfee621589fb3a2f1407c7cbed48e7026f8d52d4bca2608c79aa4a73732028f88ce07ed1075da4a2ef44e3d8b88873f0b1de87dfb6d15936ec0a27cb554def9e27396df6b7851ffa26237ea6730880f06371beb3b290b7d8629a6f0373fefa0acb60888fc14ad2b83ca03ac2aee792482ced58af4140cc4ce3efef26e00c5b2200a91cb80c6065a697d6fc8aa8b65aee0783b04cff0218ce82c9687b4474da89c474c23727555fc5e5f8ad0f2f7a261140440fce1f12cc6df312accd011d888384283092d987c40bbb46f68c2431b97906f00000000349834fa147bd5923bbd4e606708034931a8f1a89bdf77093a0000427aab8e21e1a33d3fe093547532fce6549dd648ad233e05a7b3ea178007c1c32e871ac81f287c4aabbd153390b16d1d41ee433e3aee000000000009e106d6b5289f0000000000000000000000f7bc9f46cb71f6b889d37807865e3b4e9916dd0f72c9d58ea333b90f8886dcbf5ddda0e42ca08e3303632401f2f5212b40c0e88c957fd767dbfc80b07ad668b4f6f92fb209d7c2dbac597843c8eb7bf92fe6d0bb0b72549795c2ed19e441eb69869844152ba9da0588e42cdbc5fcd245ce5e3ef0dca64931276702a312db7956f0a75eb9caa17d47a6331c7c963cbf86a845ce27c26b7136d3e7207318b1df7a6320c64f18ccd926eaeddcde8d5006d6c38db117fb1115221a66169172720ccca770bff37e59511b2606138377eda44b2f288b491ab8aae0e11a98303b0e407e0f9d21f4a3ebbd3fabf6da9a1a1f869a339fab465d8322b7280b0734fd115a19b33c8644fff71b3c62f2e1b827e2663e06a751182e968c8ab05fb1d0115d4b11d944f2c06acc023a02b7416a9a10218d21503cda13bb5df6c992e52e1c01793b728eac000058ab3b3900d279297dadc127e2f38fc60c23af2e1fefa5a83456647191ba1953d320f59aa261fe79613df6bf43884e9649691e32680d75a541c27ffe74f9d13340f2cf1c7dc2b7db01213216cd4ecfd30efe137641471987289b7e23482e026b26eacd1b97443e2ea2d1d6e31a01ee0ae7fa195a2152b2338b086423a3883f2ce3e2f84e04f4d52c985eac4b46336908599564b47db0e6aa97ee51a360f4382fd99745725d44c77d097f69d19fe86f71c38a0226d44ebe0ecbd959f14b540745cd03b8c9f02b825ba45ca85706c73115f70871db9d2a1bc2a517b39f9648123917a5db07ba4e27f961373767e1ea8f7cc558e483abef1a9923c5cfa2081e430680950b7d7c377726b557ad31fdee17ba7057741f39d29d8ab295222f96297a777bb235416e72c84afef2bdb08fb375147b028b89f15af45bc8976b91158c13c9876daa71e7db0f5a17376be39ea79ce1246c547c740e31c64e5d293e0e5a544dd166010061d6ccae46c173b8e11721e4bce22c16af00000021f80ac6c3971006db853e3c40a5417d6eac09eb0e01ac6bd4c6dacdcb1d6d2ef9c8bdea91c984022821e961236d08f8b9072ec6cb5d5a68833fd5b4e80a5ac2bc6ff323f5ce612b59ce8177956c1affcc8baf4c8b59ab959aff9a7bd81f7c7c1f1bb92ddbeed6bce8041c7f0c1c584e6ae027678ce3cfbfea938aecc3c5119c5875b7fb35dc20f5c7aaae1e276104f607a73fe501c1045873a2b1eb80e95c87f099d98028dc82bdc7ef08c871fb3061c3c5ebd613e6e5e8cf099bb6e8c0441a133c85138b36a02c47fbedf7ed1d3ce74c9ec2c676c0b2d4b5eca61dbf5769b483c2a9f6bec666dae4e81960e9bad7f17cfc3d5bcc7b7f437110ca8ffa908c12086b2227eb202a8d56e0925ba994b05c98c39de44d25932449ddf08e5377814a40877eab4440ca01b3f50d2014a61a7d32105254b424238122386424efa3a7041254f686a5faac120942287f75e8e3db569ce47b120059d774a37e11d013be50cd2cbb00f6d2a23af61ec7d30bb7dc33a92f900b6ff1d29dc61cc40b846040dbafd00c6bcfbcf700"/1664], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x702, 0xe, 0x0, &(0x7f0000000380)="e460334470b8d480eb00c1520813", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 4.670726631s ago: executing program 0 (id=3906): syz_open_dev$video4linux(&(0x7f00000000c0), 0x39b, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000100), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000000000)={0x0, 0x0, {0x9, 0x0, 0x3002, 0x1, 0xc, 0x7, 0x0, 0x362cf9b5827262c9}}) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x6, 0x8}, {0xd, 0x1, 0x6, 0xfffc}}}}, 0x15) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r1, &(0x7f00000027c0)={0xb, 0x10, 0xfa00, {0x0, r2}}, 0x18) unshare(0x2c060000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/syz0\x00', 0x200002, 0x0) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) io_setup(0x6, &(0x7f00000003c0)=0x0) r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200), 0x40140, 0x0) io_submit(r6, 0x1, &(0x7f00000000c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r7, 0x0}]) 2.58704917s ago: executing program 4 (id=3907): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350070696d367265673000000020000000001400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f"], 0xe8}}, 0x0) 2.282727429s ago: executing program 1 (id=3908): bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c000080280001802300"], 0xe8}}, 0x0) 2.245108078s ago: executing program 4 (id=3909): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000380)={0x0, 0x0, {0x3, 0x0, 0x0, 0x3}}) 2.115686331s ago: executing program 4 (id=3910): fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) keyctl$search(0xa, 0x0, &(0x7f0000000140)='big_key\x00', 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) umount2(&(0x7f00000000c0)='./file0\x00', 0x5) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)={0x2, 0x9, 0x0, 0x3, 0x2}, 0x10}}, 0x0) fsopen(&(0x7f0000000200)='tracefs\x00', 0x0) 2.115209989s ago: executing program 1 (id=3911): keyctl$join(0x1, &(0x7f0000000140)={'syz', 0x3}) keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x3}) r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r4}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) 930.218303ms ago: executing program 1 (id=3912): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) memfd_secret(0x80000) 794.506677ms ago: executing program 2 (id=3913): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x7fffffffffffffff]}, 0x8, 0x0) ppoll(&(0x7f0000000000)=[{r0, 0x3092}], 0x1, 0x0, 0x0, 0x0) 397.416234ms ago: executing program 0 (id=3914): openat$uhid(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) io_setup(0x6, &(0x7f0000000540)=0x0) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x300, 0x0, 0x5, 0x0, r1, 0x0}]) 350.944335ms ago: executing program 4 (id=3915): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r0, &(0x7f0000000440)=[{0x84, 0x77, 0x0, 0x0, @tick=0xffffffff, {0x8}, {0x7}, @raw32={[0x2, 0x0, 0x8000000]}}, {0x0, 0x0, 0x5, 0x83, @tick, {0xfd}, {}, @note={0x81}}, {0x6, 0x3, 0x9, 0x3, @tick=0x1, {0x10, 0x5}, {0xc, 0x2}, @control={0x3, 0x7, 0x7fff}}, {0x8, 0x3, 0x6, 0x4, @time={0x1, 0xd93}, {0xba, 0x3}, {0xdb}, @note={0xfc, 0x10, 0x7, 0x6, 0x73ec}}], 0x70) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 311.503202ms ago: executing program 3 (id=3916): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001800010000000000f8dbdf2102200008000000090000000008000100e000000206001c004e20000008000700e000000208000200ffffffff080001"], 0x4c}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x401, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1220}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}]}, 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 263.575778ms ago: executing program 1 (id=3917): socket$inet6_sctp(0xa, 0x1, 0x84) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r0, 0x0, 0x4000000) getpgid(0x0) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) landlock_restrict_self(0xffffffffffffffff, 0x0) socket(0x840000000002, 0x1, 0x100) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000000)={0xa0000001}) epoll_wait(0xffffffffffffffff, &(0x7f0000000340)=[{}], 0x1, 0x1000) socketpair$unix(0x1, 0x1, 0x0, 0x0) syz_io_uring_setup(0x890, 0x0, &(0x7f0000000100)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x0) r6 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r6, 0x0, 0x0) syz_usb_connect(0x0, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090501"], 0x0) truncate(0x0, 0x8) 161.731525ms ago: executing program 4 (id=3918): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x2, 0x0, @empty}, 0x1c) listen(r0, 0x2) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x9, &(0x7f0000000080)=0x1, 0x4) sendto$inet6(r1, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) 161.432215ms ago: executing program 3 (id=3919): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350070696d367265673000000020000000001400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f310000"], 0xe8}}, 0x0) 154.479123ms ago: executing program 0 (id=3920): r0 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) fchdir(r1) creat(&(0x7f0000000040)='./file0\x00', 0x2) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0) 77.850001ms ago: executing program 4 (id=3921): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000a80)=ANY=[], 0x0) 24.671384ms ago: executing program 0 (id=3922): memfd_create(&(0x7f0000000040)='[\v\xdb\xd8\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97#\xd8\xd5\x8c#\nT\t&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xe0\x1fr\x14\xdb\xd3\xcd\xfd\xbdn\xf7k\xbal\x00\b\x00\xc7i\x00\x00\x00\xb5r\xda{\xac9i\xd0\xf46\x8cS\xdc>c\xbc\xd9yf =\x9c\x12\x83Lm\xa5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') fchdir(r0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) 0s ago: executing program 3 (id=3923): syz_open_dev$mouse(&(0x7f0000000000), 0x8, 0x40602) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip6_tables_targets\x00') prlimit64(0x0, 0xd, &(0x7f0000000140)={0x8001, 0x40000000000088}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cpuinfo\x00', 0x0, 0x0) read$FUSE(r4, 0x0, 0x0) lseek(r4, 0xfffffffffffffff5, 0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) lseek(r0, 0x100, 0x0) kernel console output (not intermixed with test programs): [ 680.388632][ T36] bridge_slave_0: left promiscuous mode [ 680.407568][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.608957][ T5843] Bluetooth: hci5: command tx timeout [ 681.860132][T14363] syz.4.2819: attempt to access beyond end of device [ 681.860132][T14363] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 682.013860][ T36] geneve0 (unregistering): left promiscuous mode [ 682.034406][ T36] team0: Port device geneve0 removed [ 682.247847][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 682.258320][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 682.267790][ T36] bond0 (unregistering): Released all slaves [ 682.292680][T14287] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 682.505324][T14287] team0: Port device team_slave_0 added [ 682.541379][T14287] team0: Port device team_slave_1 added [ 682.653577][T14287] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 682.666425][T14287] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 682.699434][T14287] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 682.717962][T14287] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 682.744195][T14287] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 682.785332][T14287] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 682.826054][T14377] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2825'. [ 682.841361][T14367] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 682.853268][T14367] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 682.859692][T14367] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 682.867494][T14367] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 682.886953][T14367] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 682.936718][T14367] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 682.992390][T14367] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 683.015911][T14287] hsr_slave_0: entered promiscuous mode [ 683.033686][T14287] hsr_slave_1: entered promiscuous mode [ 683.266731][ T30] audit: type=1326 audit(1742890160.921:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14384 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 683.398313][ T30] audit: type=1326 audit(1742890160.921:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14384 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 683.505168][ T30] audit: type=1326 audit(1742890160.921:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14384 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 683.621952][ T30] audit: type=1326 audit(1742890160.931:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14384 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 683.654842][T14404] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2831'. [ 683.676053][T14407] netlink: 'syz.4.2832': attribute type 10 has an invalid length. [ 683.685592][ T30] audit: type=1326 audit(1742890160.931:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14384 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 683.781375][ T30] audit: type=1326 audit(1742890160.941:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14384 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 683.827508][T14407] batman_adv: batadv0: Adding interface: team0 [ 683.848492][T14407] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 683.888334][ T30] audit: type=1326 audit(1742890161.001:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14384 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 683.889381][T14407] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 683.918623][ T30] audit: type=1326 audit(1742890161.001:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14384 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 684.197873][T14418] binfmt_misc: register: failed to install interpreter file ./file2 [ 684.392644][T14423] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2838'. [ 684.530221][ T36] IPVS: stopping backup sync thread 11970 ... [ 684.568451][ T5843] Bluetooth: hci1: command 0x0c1a tx timeout [ 684.898669][T14291] Bluetooth: hci4: command 0x0405 tx timeout [ 684.908626][T14291] Bluetooth: hci3: command 0x0c1a tx timeout [ 684.917840][ T5843] Bluetooth: hci5: command 0x0419 tx timeout [ 684.927245][T14291] Bluetooth: hci2: command 0x0c1a tx timeout [ 685.961502][T14440] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2843'. [ 686.024302][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.030813][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.082882][ T5879] IPVS: starting estimator thread 0... [ 686.208350][T14444] IPVS: using max 21 ests per chain, 50400 per kthread [ 686.266312][ T30] audit: type=1326 audit(1742890163.961:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14445 comm="syz.3.2845" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x0 [ 686.385497][T14287] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 686.414798][T14287] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 686.620953][T14287] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 686.645207][T14455] netlink: 'syz.0.2849': attribute type 29 has an invalid length. [ 686.669732][T14287] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 686.706309][T14456] netlink: 'syz.0.2849': attribute type 29 has an invalid length. [ 686.979638][T14432] Bluetooth: hci5: command 0x0419 tx timeout [ 687.661002][ T30] audit: type=1326 audit(1742890165.361:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14467 comm="syz.2.2853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20fa58d169 code=0x7ffc0000 [ 688.344409][T14484] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2859'. [ 688.455348][T14432] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 688.878495][ T5883] usb 1-1: new high-speed USB device number 65 using dummy_hcd [ 689.058470][T14432] Bluetooth: hci5: command 0x0419 tx timeout [ 689.080569][ T5883] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 689.182591][ T5883] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 689.395813][ T5883] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 689.602967][ T5883] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 689.639953][ T5883] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 689.677022][ T5883] usb 1-1: Product: syz [ 689.695913][ T5883] usb 1-1: Manufacturer: syz [ 689.745052][ T5883] cdc_wdm 1-1:1.0: skipping garbage [ 689.763527][ T5883] cdc_wdm 1-1:1.0: skipping garbage [ 689.778328][ T5883] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 690.748213][ T36] team_slave_1 (unregistering): left promiscuous mode [ 690.769578][ T36] team0 (unregistering): Port device team_slave_1 removed [ 690.909623][ T36] team_slave_0 (unregistering): left promiscuous mode [ 690.918940][ T36] team0 (unregistering): Port device team_slave_0 removed [ 691.128327][T14432] Bluetooth: hci5: command 0x0419 tx timeout [ 692.298497][T14518] netlink: 'syz.3.2875': attribute type 29 has an invalid length. [ 692.319676][ T5883] usb 1-1: USB disconnect, device number 65 [ 692.336305][T14525] vlan2: entered allmulticast mode [ 692.373676][T14525] bond0: entered allmulticast mode [ 692.410272][T14525] bond_slave_0: entered allmulticast mode [ 692.448417][T14525] bond_slave_1: entered allmulticast mode [ 692.479528][T14525] bond0: left allmulticast mode [ 692.498265][T14525] bond_slave_0: left allmulticast mode [ 692.503817][T14525] bond_slave_1: left allmulticast mode [ 692.790325][T14287] 8021q: adding VLAN 0 to HW filter on device bond0 [ 692.875886][T14287] 8021q: adding VLAN 0 to HW filter on device team0 [ 692.942007][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 692.950883][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 693.042072][T14557] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2886'. [ 693.117300][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.124534][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 693.284993][T14287] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 693.348845][T14287] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 693.364236][T14572] syz.3.2891: attempt to access beyond end of device [ 693.364236][T14572] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 693.805670][T14287] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 693.952256][T14287] veth0_vlan: entered promiscuous mode [ 694.006851][T14287] veth1_vlan: entered promiscuous mode [ 694.032620][T14595] loop9: detected capacity change from 0 to 7 [ 694.046991][T14595] Buffer I/O error on dev loop9, logical block 0, async page read [ 694.090780][T14595] Buffer I/O error on dev loop9, logical block 0, async page read [ 694.116920][T14287] veth0_macvtap: entered promiscuous mode [ 694.123882][T14595] Buffer I/O error on dev loop9, logical block 0, async page read [ 694.168717][T14595] Buffer I/O error on dev loop9, logical block 0, async page read [ 694.195007][T14595] Buffer I/O error on dev loop9, logical block 0, async page read [ 694.224554][T14595] Buffer I/O error on dev loop9, logical block 0, async page read [ 694.269840][T14595] Buffer I/O error on dev loop9, logical block 0, async page read [ 694.298354][T14595] ldm_validate_partition_table(): Disk read failed. [ 694.348330][T14595] Buffer I/O error on dev loop9, logical block 0, async page read [ 694.356341][T14595] Buffer I/O error on dev loop9, logical block 0, async page read [ 694.428424][T14595] Buffer I/O error on dev loop9, logical block 0, async page read [ 694.436573][T14595] Dev loop9: unable to read RDB block 0 [ 694.456437][T14595] loop9: unable to read partition table [ 694.472992][T14611] net_ratelimit: 10 callbacks suppressed [ 694.473013][T14611] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 00:00:00:00:00:00 [ 694.499287][T14287] veth1_macvtap: entered promiscuous mode [ 694.520018][T14595] loop9: partition table beyond EOD, truncated [ 694.526557][T14595] loop_reread_partitions: partition scan of loop9 (被ڬdƤݡ [ 694.526557][T14595] U) failed (rc=-5) [ 694.710919][T14287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.741941][T14287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.767287][T14287] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 694.901261][T14287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 694.958315][T14287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.981832][T14627] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2905'. [ 694.996602][T14287] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 695.026572][T14287] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.036365][T14287] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.063284][T14287] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.079227][T14287] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.417419][ T83] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 695.460907][ T83] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 695.540659][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 695.567200][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 697.971208][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 697.982490][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 697.991201][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 698.004259][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 698.025829][ T5839] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 698.035025][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 698.057979][T14701] 9pnet_fd: Insufficient options for proto=fd [ 698.096904][T14432] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 698.564338][T10326] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 698.869193][T10326] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 699.129324][T10326] usb 1-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 699.199469][T10326] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 699.258386][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 699.258407][ T30] audit: type=1326 audit(1742890176.951:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14716 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 699.298306][T10326] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 699.368699][T10326] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 699.386663][T10326] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 699.411803][ T30] audit: type=1326 audit(1742890177.011:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14716 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 699.438486][T10326] usb 1-1: Product: syz [ 699.442747][T10326] usb 1-1: Manufacturer: syz [ 699.455844][T10326] cdc_wdm 1-1:1.0: skipping garbage [ 699.492017][T10326] cdc_wdm 1-1:1.0: skipping garbage [ 699.514433][ T30] audit: type=1326 audit(1742890177.011:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14716 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 699.538217][T10326] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 699.563709][ T30] audit: type=1326 audit(1742890177.011:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14716 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 699.602737][T14696] chnl_net:caif_netlink_parms(): no params data found [ 699.612586][T14723] sd 0:0:1:0: device reset [ 699.648672][ T30] audit: type=1326 audit(1742890177.011:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14716 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 699.671140][ T30] audit: type=1326 audit(1742890177.011:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14716 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 699.693303][ T30] audit: type=1326 audit(1742890177.011:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14716 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 699.715385][ T30] audit: type=1326 audit(1742890177.011:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14716 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 699.968625][ T30] audit: type=1326 audit(1742890177.011:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14716 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 699.991148][ T30] audit: type=1326 audit(1742890177.011:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14716 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 700.190374][T14432] Bluetooth: hci0: command tx timeout [ 700.917011][T14696] bridge0: port 1(bridge_slave_0) entered blocking state [ 700.925548][T14696] bridge0: port 1(bridge_slave_0) entered disabled state [ 700.938511][T14696] bridge_slave_0: entered allmulticast mode [ 700.952996][T14696] bridge_slave_0: entered promiscuous mode [ 700.974866][T14696] bridge0: port 2(bridge_slave_1) entered blocking state [ 700.998260][T14696] bridge0: port 2(bridge_slave_1) entered disabled state [ 701.005627][T14696] bridge_slave_1: entered allmulticast mode [ 701.034251][T14696] bridge_slave_1: entered promiscuous mode [ 701.457072][ T12] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 701.538064][T14696] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 701.586204][T14696] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 701.742512][ T12] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 701.806975][T14696] team0: Port device team_slave_0 added [ 701.842640][T14696] team0: Port device team_slave_1 added [ 702.091433][ T5883] usb 1-1: USB disconnect, device number 66 [ 702.154291][ T12] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 702.255134][T14432] Bluetooth: hci0: command tx timeout [ 702.286196][T14696] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 702.315982][T14696] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 702.427516][T14696] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 702.450568][T14696] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 702.457840][T14696] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 702.490601][T14696] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 702.594302][ T12] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 702.785100][T14764] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2953'. [ 702.821491][T14696] hsr_slave_0: entered promiscuous mode [ 702.828039][T14696] hsr_slave_1: entered promiscuous mode [ 702.953564][T14696] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 702.963904][T14696] Cannot create hsr debugfs directory [ 703.308938][T14432] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 703.558327][ T5883] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 703.710129][ T5883] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 703.733254][ T5883] usb 2-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 703.782879][ T5883] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 703.811588][ T5883] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 703.864179][ T5883] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 703.897247][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 703.926246][ T5883] usb 2-1: Product: syz [ 703.942526][ T5883] usb 2-1: Manufacturer: syz [ 704.025651][ T5883] cdc_wdm 2-1:1.0: skipping garbage [ 704.058355][ T5883] cdc_wdm 2-1:1.0: skipping garbage [ 704.078726][ T12] dvmrp5 (unregistering): left allmulticast mode [ 704.089860][ T5883] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 704.330765][T14432] Bluetooth: hci0: command tx timeout [ 705.607938][ T12] bond0 (unregistering): Released all slaves [ 705.633024][T14797] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2965'. [ 705.998030][T14821] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2975'. [ 706.340788][ T12] hsr_slave_0: left promiscuous mode [ 706.359233][ T12] hsr_slave_1: left promiscuous mode [ 706.389779][ T12] batman_adv: batadv0: Interface deactivated: dummy0 [ 706.415204][ T12] batman_adv: batadv0: Removing interface: dummy0 [ 706.417985][T14432] Bluetooth: hci0: command tx timeout [ 706.551386][ T5883] usb 2-1: USB disconnect, device number 63 [ 706.713706][ T12] veth1_macvtap: left promiscuous mode [ 706.733719][ T12] veth0_macvtap: left promiscuous mode [ 706.761943][ T12] veth1_vlan: left promiscuous mode [ 706.789055][ T12] veth0_vlan: left promiscuous mode [ 708.179881][T14913] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 709.122046][T14920] xt_CT: No such helper "pptp" [ 709.548746][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 709.548836][ T30] audit: type=1800 audit(1742890187.241:881): pid=14937 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.3004" name="SYSV00000000" dev="tmpfs" ino=5 res=0 errno=0 [ 709.587512][T14937] blktrace: Concurrent blktraces are not allowed on sg0 [ 711.100457][T14872] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2983'. [ 711.375245][ T30] audit: type=1326 audit(1742890189.071:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14956 comm="syz.3.3011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 711.479154][ T30] audit: type=1326 audit(1742890189.071:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14956 comm="syz.3.3011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 711.531284][T14696] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 711.587865][ T30] audit: type=1326 audit(1742890189.071:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14956 comm="syz.3.3011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 711.621156][T14696] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 711.661013][T14969] blktrace: Concurrent blktraces are not allowed on sg0 [ 711.678757][T14696] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 711.751306][T14696] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 711.892666][ T30] audit: type=1326 audit(1742890189.071:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14956 comm="syz.3.3011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 711.915041][ T30] audit: type=1326 audit(1742890189.071:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14956 comm="syz.3.3011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 711.965447][ T30] audit: type=1800 audit(1742890189.341:887): pid=14969 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.3014" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0 [ 712.763199][T14982] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3020'. [ 712.892584][T14696] 8021q: adding VLAN 0 to HW filter on device bond0 [ 712.976216][T14696] 8021q: adding VLAN 0 to HW filter on device team0 [ 712.993419][T14881] bridge0: port 1(bridge_slave_0) entered blocking state [ 713.000584][T14881] bridge0: port 1(bridge_slave_0) entered forwarding state [ 713.090469][T14881] bridge0: port 2(bridge_slave_1) entered blocking state [ 713.097604][T14881] bridge0: port 2(bridge_slave_1) entered forwarding state [ 713.213734][T14997] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3023'. [ 713.290668][T14696] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 713.321655][T14696] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 713.521373][ T30] audit: type=1800 audit(1742890191.221:888): pid=15011 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.3027" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0 [ 713.580836][T15011] blktrace: Concurrent blktraces are not allowed on sg0 [ 713.945151][T15021] loop9: detected capacity change from 0 to 7 [ 713.979083][T15021] buffer_io_error: 4 callbacks suppressed [ 713.979104][T15021] Buffer I/O error on dev loop9, logical block 0, async page read [ 713.991627][T14696] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 713.993567][T15021] Buffer I/O error on dev loop9, logical block 0, async page read [ 714.156313][T15021] Buffer I/O error on dev loop9, logical block 0, async page read [ 714.295042][T15021] Buffer I/O error on dev loop9, logical block 0, async page read [ 714.464351][T15021] Buffer I/O error on dev loop9, logical block 0, async page read [ 714.658573][T15021] Buffer I/O error on dev loop9, logical block 0, async page read [ 714.693163][T15021] Buffer I/O error on dev loop9, logical block 0, async page read [ 714.737620][T15021] ldm_validate_partition_table(): Disk read failed. [ 714.773146][T15021] Buffer I/O error on dev loop9, logical block 0, async page read [ 714.796174][T15021] Buffer I/O error on dev loop9, logical block 0, async page read [ 714.829024][T15021] Buffer I/O error on dev loop9, logical block 0, async page read [ 714.837060][T15021] Dev loop9: unable to read RDB block 0 [ 714.844204][T15021] loop9: unable to read partition table [ 714.850538][T15021] loop9: partition table beyond EOD, truncated [ 714.856777][T15021] loop_reread_partitions: partition scan of loop9 (被ڬdƤݡ [ 714.856777][T15021] U) failed (rc=-5) [ 715.018893][ T977] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 715.134285][T14696] veth0_vlan: entered promiscuous mode [ 715.185185][ T977] usb 2-1: Using ep0 maxpacket: 32 [ 715.186860][T14696] veth1_vlan: entered promiscuous mode [ 715.199457][ T977] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 715.215254][ T977] usb 2-1: config 0 has no interface number 0 [ 715.240790][ T977] usb 2-1: config 0 interface 12 has no altsetting 0 [ 715.270847][T14696] veth0_macvtap: entered promiscuous mode [ 715.271940][ T977] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 715.283798][T14696] veth1_macvtap: entered promiscuous mode [ 715.308501][ T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 715.334522][ T977] usb 2-1: Product: syz [ 715.340450][T14696] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 715.348277][ T977] usb 2-1: Manufacturer: syz [ 715.378673][T14696] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 715.386860][ T977] usb 2-1: SerialNumber: syz [ 715.395878][ T977] usb 2-1: config 0 descriptor?? [ 715.406569][T14696] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 715.438042][T14696] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 715.469496][T14696] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 715.494028][T14696] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 715.512288][ T30] audit: type=1800 audit(1742890193.211:889): pid=15038 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.3039" name="SYSV00000000" dev="tmpfs" ino=4 res=0 errno=0 [ 715.532841][T14696] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 715.545577][T15038] blktrace: Concurrent blktraces are not allowed on sg0 [ 715.558331][T14696] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 715.588349][T14696] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 715.615909][T14696] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 715.651386][T14696] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 715.688643][T14696] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 715.697422][T14696] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 715.720239][T14696] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 716.014964][T15052] xt_CT: No such helper "pptp" [ 716.765738][T14881] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 716.798350][T14881] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 716.869697][T14881] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 716.880406][T14881] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 717.096919][ T30] audit: type=1800 audit(1742890194.791:890): pid=15068 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.3051" name="SYSV00000000" dev="tmpfs" ino=6 res=0 errno=0 [ 717.130703][T15068] blktrace: Concurrent blktraces are not allowed on sg0 [ 717.837799][T15089] xt_CT: No such helper "pptp" [ 718.086051][ T30] audit: type=1800 audit(1742890195.781:891): pid=15095 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.3062" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 718.114757][ T5839] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 718.130203][T15095] blktrace: Concurrent blktraces are not allowed on sg0 [ 718.145818][ T5839] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 718.155351][ T5839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 718.165023][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 718.173340][ T5839] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 718.180929][ T5839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 718.537046][ T977] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 718.548038][ T977] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 718.559118][ T977] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 718.566804][ T977] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 718.589282][ T977] usb 2-1: USB disconnect, device number 64 [ 718.655091][T15096] chnl_net:caif_netlink_parms(): no params data found [ 718.655650][T15111] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3067'. [ 718.962627][T15096] bridge0: port 1(bridge_slave_0) entered blocking state [ 719.152899][ T30] audit: type=1800 audit(1742890196.841:892): pid=15126 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.3073" name="SYSV00000000" dev="tmpfs" ino=5 res=0 errno=0 [ 719.190960][T15126] blktrace: Concurrent blktraces are not allowed on sg0 [ 719.209864][T15096] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.228587][T15096] bridge_slave_0: entered allmulticast mode [ 719.235832][T15096] bridge_slave_0: entered promiscuous mode [ 719.250788][T15096] bridge0: port 2(bridge_slave_1) entered blocking state [ 719.258089][T15096] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.286887][T15096] bridge_slave_1: entered allmulticast mode [ 719.534241][T15096] bridge_slave_1: entered promiscuous mode [ 720.179640][T15096] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.233606][T15096] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 720.249718][T14432] Bluetooth: hci4: command tx timeout [ 720.278936][T14881] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 720.423712][T15096] team0: Port device team_slave_0 added [ 720.433842][T15096] team0: Port device team_slave_1 added [ 720.459813][T14881] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 720.606277][T14881] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 720.670890][T15096] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 720.677907][T15096] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 720.734567][ T30] audit: type=1800 audit(1742890198.431:893): pid=15159 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.3086" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 720.745404][T15096] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 720.769061][T15159] blktrace: Concurrent blktraces are not allowed on sg0 [ 720.824101][ T30] audit: type=1326 audit(1742890198.521:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15162 comm="syz.3.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 720.874864][ T30] audit: type=1326 audit(1742890198.521:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15162 comm="syz.3.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 720.905905][T14881] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 720.918408][ T30] audit: type=1326 audit(1742890198.541:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15162 comm="syz.3.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 720.944740][ T30] audit: type=1326 audit(1742890198.541:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15162 comm="syz.3.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 720.969647][ T30] audit: type=1326 audit(1742890198.541:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15162 comm="syz.3.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 720.972496][T15096] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 720.991726][ T30] audit: type=1326 audit(1742890198.541:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15162 comm="syz.3.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 721.027059][T15096] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 721.082278][T15096] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 721.102256][ T30] audit: type=1326 audit(1742890198.541:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15162 comm="syz.3.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 721.197105][ T30] audit: type=1326 audit(1742890198.551:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15162 comm="syz.3.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 721.258640][ T30] audit: type=1326 audit(1742890198.551:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15162 comm="syz.3.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe98918d169 code=0x7ffc0000 [ 721.294900][T15096] hsr_slave_0: entered promiscuous mode [ 721.316442][T15096] hsr_slave_1: entered promiscuous mode [ 721.327872][T15096] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 721.345047][T15096] Cannot create hsr debugfs directory [ 721.524496][T15184] netlink: 'syz.3.3097': attribute type 1 has an invalid length. [ 721.671133][T15188] blktrace: Concurrent blktraces are not allowed on sg0 [ 721.835521][T14881] bridge0: left allmulticast mode [ 722.344933][T14432] Bluetooth: hci4: command tx timeout [ 723.386287][T14881] team0: Port device geneve0 removed [ 723.407388][T15234] blktrace: Concurrent blktraces are not allowed on sg0 [ 723.468836][T15236] netlink: 'syz.1.3112': attribute type 10 has an invalid length. [ 723.469007][T14881] bridge0 (unregistering): left promiscuous mode [ 723.476849][T15236] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3112'. [ 723.642423][T14881] bond0 (unregistering): Released all slaves [ 723.718960][T15236] team0: Port device geneve0 added [ 724.458474][T14432] Bluetooth: hci4: command tx timeout [ 725.041684][T15262] blktrace: Concurrent blktraces are not allowed on sg0 [ 725.632980][T14881] IPVS: stopping backup sync thread 7996 ... [ 725.834307][T15096] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 726.028239][ T30] kauditd_printk_skb: 31 callbacks suppressed [ 726.028262][ T30] audit: type=1800 audit(1742890203.721:934): pid=15300 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.3134" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0 [ 726.085107][T15300] blktrace: Concurrent blktraces are not allowed on sg0 [ 726.098232][T15096] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 726.488940][T14432] Bluetooth: hci4: command tx timeout [ 726.750895][T15096] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 726.829442][T15096] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 726.870800][T15307] 9pnet_fd: Insufficient options for proto=fd [ 726.991256][T15309] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 727.459824][T14881] hsr_slave_0: left promiscuous mode [ 727.504854][T14881] hsr_slave_1: left promiscuous mode [ 727.582286][T14881] veth1_macvtap: left promiscuous mode [ 727.587856][T14881] veth0_macvtap: left promiscuous mode [ 727.628861][ T30] audit: type=1800 audit(1742890205.331:935): pid=15332 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.3146" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0 [ 727.682389][T15332] blktrace: Concurrent blktraces are not allowed on sg0 [ 728.936104][T15308] [U]  [ 730.217914][T15096] 8021q: adding VLAN 0 to HW filter on device bond0 [ 730.304809][T15096] 8021q: adding VLAN 0 to HW filter on device team0 [ 730.342091][T14854] bridge0: port 1(bridge_slave_0) entered blocking state [ 730.349380][T14854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 730.451362][T14854] bridge0: port 2(bridge_slave_1) entered blocking state [ 730.458725][T14854] bridge0: port 2(bridge_slave_1) entered forwarding state [ 730.531749][T15361] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 730.688078][T15361] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 730.707745][T15369] blktrace: Concurrent blktraces are not allowed on sg0 [ 730.715691][ T30] audit: type=1800 audit(1742890208.391:936): pid=15369 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.3157" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 730.843693][T15361] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.088520][T15361] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.200038][T15361] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.244736][T15361] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.300966][T15361] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.359519][T15361] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.378189][ T30] audit: type=1800 audit(1742890210.061:937): pid=15404 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.3169" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0 [ 732.404693][T15404] blktrace: Concurrent blktraces are not allowed on sg0 [ 732.436931][T15096] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 732.585712][T15096] veth0_vlan: entered promiscuous mode [ 732.622227][T15096] veth1_vlan: entered promiscuous mode [ 732.770046][T15096] veth0_macvtap: entered promiscuous mode [ 732.795932][T15096] veth1_macvtap: entered promiscuous mode [ 732.933717][T15096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 732.944698][T15096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 732.957181][T15096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 732.973208][T15096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 732.983598][T15096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 732.995276][T15096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.142593][T15096] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 733.560744][T15096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 733.608192][T15096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.648266][T15096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 733.686940][T15096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.707579][T15096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 733.738405][T15096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.799596][T15096] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 733.883217][T15096] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 733.935896][T15096] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 734.014198][T15096] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 734.071803][T15096] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 734.134296][ T30] audit: type=1800 audit(1742890211.811:938): pid=15440 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.3183" name="SYSV00000000" dev="tmpfs" ino=8 res=0 errno=0 [ 734.178967][T15440] blktrace: Concurrent blktraces are not allowed on sg0 [ 734.362959][T14856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 734.398350][T14856] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 734.478420][T14888] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 734.486341][T14888] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 736.462270][ T30] audit: type=1326 audit(1742890214.151:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15496 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 736.934298][ T30] audit: type=1326 audit(1742890214.171:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15496 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 737.189040][T15512] batman_adv: batadv0: Adding interface: dummy0 [ 737.195373][T15512] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 737.238489][ T30] audit: type=1326 audit(1742890214.171:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15496 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 737.297374][T15512] batman_adv: batadv0: Interface activated: dummy0 [ 737.306769][ T30] audit: type=1326 audit(1742890214.171:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15496 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 737.356008][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 737.357042][T15521] batadv0: mtu less than device minimum [ 737.370327][ T30] audit: type=1326 audit(1742890214.171:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15496 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 737.370576][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 737.424001][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 737.490615][T15521] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 737.494871][ T30] audit: type=1326 audit(1742890214.171:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15496 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 737.503474][T15521] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 737.535839][T15521] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 737.548545][T15521] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 737.548801][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 737.562119][T15521] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 737.567961][ T5839] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 737.579533][T15521] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 737.587178][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 737.596838][T15521] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 737.614389][T15521] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 737.627481][T15521] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 737.681921][ T30] audit: type=1326 audit(1742890214.171:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15496 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 737.713999][ T30] audit: type=1326 audit(1742890214.171:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15496 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 737.735904][ T30] audit: type=1326 audit(1742890214.171:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15496 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 737.759063][ T30] audit: type=1326 audit(1742890214.171:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15496 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 737.790183][ T30] audit: type=1326 audit(1742890214.171:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15496 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 737.812201][ T30] audit: type=1326 audit(1742890214.201:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15496 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 738.008731][ T30] audit: type=1326 audit(1742890214.201:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15496 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 738.666837][ T30] audit: type=1326 audit(1742890214.211:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15496 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 738.690559][T15517] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 738.691647][ T30] audit: type=1326 audit(1742890214.211:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15496 comm="syz.1.3199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 738.971083][T15534] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3206'. [ 739.032983][T15534] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3206'. [ 739.652352][T15516] chnl_net:caif_netlink_parms(): no params data found [ 739.769115][ T5839] Bluetooth: hci2: command tx timeout [ 740.112415][T15569] blktrace: Concurrent blktraces are not allowed on sg0 [ 740.376126][T15561] xt_CT: No such helper "pptp" [ 740.858384][T15516] bridge0: port 1(bridge_slave_0) entered blocking state [ 740.894832][T15516] bridge0: port 1(bridge_slave_0) entered disabled state [ 740.933287][T15516] bridge_slave_0: entered allmulticast mode [ 740.988300][T15516] bridge_slave_0: entered promiscuous mode [ 741.043940][T15516] bridge0: port 2(bridge_slave_1) entered blocking state [ 741.083331][T15516] bridge0: port 2(bridge_slave_1) entered disabled state [ 741.108554][T15516] bridge_slave_1: entered allmulticast mode [ 741.115940][T15516] bridge_slave_1: entered promiscuous mode [ 741.221267][ T12] bridge_slave_1: left promiscuous mode [ 741.228633][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 741.287180][ T12] bridge_slave_0: left promiscuous mode [ 741.319650][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 741.849049][ T5839] Bluetooth: hci2: command tx timeout [ 741.891383][T15606] blktrace: Concurrent blktraces are not allowed on sg0 [ 742.254682][T15615] xt_CT: No such helper "pptp" [ 742.608748][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 742.792577][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 742.933969][ T12] bond0 (unregistering): Released all slaves [ 743.310654][T15516] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 743.499057][T15630] sd 0:0:1:0: device reset [ 743.499824][T15516] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 743.505049][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 743.505068][ T30] audit: type=1800 audit(1742890221.201:959): pid=15633 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.3240" name="SYSV00000000" dev="tmpfs" ino=4 res=0 errno=0 [ 743.600251][T15633] blktrace: Concurrent blktraces are not allowed on sg0 [ 743.615358][ T30] audit: type=1326 audit(1742890221.311:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15636 comm="syz.1.3241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 743.646669][ T30] audit: type=1326 audit(1742890221.341:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15636 comm="syz.1.3241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 743.678025][ T30] audit: type=1326 audit(1742890221.371:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15636 comm="syz.1.3241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 743.713487][T15516] team0: Port device team_slave_0 added [ 743.738907][ T30] audit: type=1326 audit(1742890221.371:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15636 comm="syz.1.3241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 743.745910][T15516] team0: Port device team_slave_1 added [ 743.818349][ T30] audit: type=1326 audit(1742890221.371:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15636 comm="syz.1.3241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 743.918366][ T30] audit: type=1326 audit(1742890221.401:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15636 comm="syz.1.3241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 743.950070][ T5839] Bluetooth: hci2: command tx timeout [ 743.973996][ T30] audit: type=1326 audit(1742890221.401:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15636 comm="syz.1.3241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 744.005053][ T30] audit: type=1326 audit(1742890221.401:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15636 comm="syz.1.3241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 744.026861][ T30] audit: type=1326 audit(1742890221.401:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15636 comm="syz.1.3241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 744.070475][T15643] xt_CT: No such helper "pptp" [ 744.164101][T15516] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 744.198229][T15516] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 744.265350][T15516] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 744.301297][T15516] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 744.315937][T15516] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 744.376040][T15516] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 744.475848][T15661] geneve0: entered allmulticast mode [ 744.712595][T15516] hsr_slave_0: entered promiscuous mode [ 744.750142][T15516] hsr_slave_1: entered promiscuous mode [ 744.769743][T15516] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 744.801534][T15670] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3248'. [ 744.811663][T15516] Cannot create hsr debugfs directory [ 744.973309][ T12] hsr_slave_0: left promiscuous mode [ 744.986704][ T12] hsr_slave_1: left promiscuous mode [ 745.013310][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 745.065432][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 745.229036][T15679] blktrace: Concurrent blktraces are not allowed on sg0 [ 746.078303][ T5839] Bluetooth: hci2: command tx timeout [ 746.115483][T15687] xt_CT: No such helper "pptp" [ 746.357821][T15700] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3259'. [ 746.497795][T15705] blktrace: Concurrent blktraces are not allowed on sg0 [ 747.450817][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.458165][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.775189][ T12] team0 (unregistering): Port device team_slave_1 removed [ 747.867902][ T12] team0 (unregistering): Port device team_slave_0 removed [ 748.327322][T15728] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3274'. [ 748.510767][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 748.510785][ T30] audit: type=1326 audit(1742890226.211:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15731 comm="syz.4.3276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f163898d169 code=0x7ffc0000 [ 748.556733][ T30] audit: type=1326 audit(1742890226.231:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15731 comm="syz.4.3276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f163898d169 code=0x7ffc0000 [ 748.587960][ T30] audit: type=1326 audit(1742890226.231:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15731 comm="syz.4.3276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f163898d169 code=0x7ffc0000 [ 748.621054][ T30] audit: type=1326 audit(1742890226.241:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15731 comm="syz.4.3276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f163898d169 code=0x7ffc0000 [ 748.652060][ T30] audit: type=1326 audit(1742890226.241:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15731 comm="syz.4.3276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f163898d169 code=0x7ffc0000 [ 748.677676][ T30] audit: type=1326 audit(1742890226.241:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15731 comm="syz.4.3276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f163898d169 code=0x7ffc0000 [ 748.699778][ T30] audit: type=1326 audit(1742890226.251:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15731 comm="syz.4.3276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f163898d169 code=0x7ffc0000 [ 748.722717][ T30] audit: type=1326 audit(1742890226.251:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15731 comm="syz.4.3276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f163898d169 code=0x7ffc0000 [ 748.754837][ T30] audit: type=1326 audit(1742890226.251:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15731 comm="syz.4.3276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f163898d169 code=0x7ffc0000 [ 748.786762][ T30] audit: type=1326 audit(1742890226.251:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15731 comm="syz.4.3276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f163898d169 code=0x7ffc0000 [ 748.859182][T15736] blktrace: Concurrent blktraces are not allowed on sg0 [ 748.905530][T15702] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 749.200094][T15702] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 750.034845][T15702] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 750.307008][T15762] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3284'. [ 750.450306][T15702] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 750.541484][T15770] blktrace: Concurrent blktraces are not allowed on sg0 [ 750.760562][T15702] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.789799][T15702] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 751.246644][ T10] hid-generic 0000:0000:0000.001C: unknown main item tag 0x0 [ 751.264715][ T10] hid-generic 0000:0000:0000.001C: hidraw0: HID v0.00 Device [syz1] on syz0 [ 752.495345][T15797] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3296'. [ 752.535581][T15702] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 752.573008][T15702] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 752.645285][ T12] IPVS: stop unused estimator thread 0... [ 752.707398][T15801] blktrace: Concurrent blktraces are not allowed on sg0 [ 753.871935][T15820] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3299'. [ 754.970960][T15516] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 754.980697][T15516] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 755.108421][ T30] kauditd_printk_skb: 51 callbacks suppressed [ 755.108441][ T30] audit: type=1326 audit(1742890232.801:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15835 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 755.163614][ T30] audit: type=1326 audit(1742890232.801:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15835 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 755.171648][T15516] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 755.207775][ T30] audit: type=1326 audit(1742890232.861:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15835 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 755.317095][ T30] audit: type=1326 audit(1742890232.861:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15835 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 755.403473][T15516] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 755.418396][ T30] audit: type=1326 audit(1742890232.861:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15835 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 755.594544][ T30] audit: type=1326 audit(1742890232.861:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15835 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 755.623277][T15844] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 755.682210][ T30] audit: type=1326 audit(1742890232.861:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15835 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 755.785829][ T30] audit: type=1326 audit(1742890232.861:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15835 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 755.833390][T15844] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 755.873636][ T30] audit: type=1326 audit(1742890232.861:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15835 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 755.939930][T15844] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.016127][ T30] audit: type=1326 audit(1742890232.861:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15835 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 756.156037][T15844] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.246852][T15516] 8021q: adding VLAN 0 to HW filter on device bond0 [ 756.345470][T15516] 8021q: adding VLAN 0 to HW filter on device team0 [ 756.415026][T15844] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 756.457397][T14888] bridge0: port 1(bridge_slave_0) entered blocking state [ 756.464613][T14888] bridge0: port 1(bridge_slave_0) entered forwarding state [ 756.533320][T15844] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 756.609533][T14870] bridge0: port 2(bridge_slave_1) entered blocking state [ 756.616665][T14870] bridge0: port 2(bridge_slave_1) entered forwarding state [ 756.706902][T15844] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 756.777109][T15844] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 758.705493][T15516] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 758.802357][T15911] xt_CT: No such helper "pptp" [ 758.853704][T15516] veth0_vlan: entered promiscuous mode [ 758.904123][T15516] veth1_vlan: entered promiscuous mode [ 758.975505][T15516] veth0_macvtap: entered promiscuous mode [ 759.019682][T15516] veth1_macvtap: entered promiscuous mode [ 759.070905][T15516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 759.093834][T15516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 759.129029][T15516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 759.158350][T15516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 759.188378][T15516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 759.204355][T15516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 759.215925][T15516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 759.232502][T15516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 759.246606][T15516] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 759.305697][T15516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 759.348515][T15516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 759.376830][T15516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 759.619049][T15516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 759.629161][T15516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 759.640435][T15516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 759.650510][T15516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 759.661302][T15516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 759.672499][T15516] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 759.905263][T15516] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.081566][T15516] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.318845][T15516] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.374168][T15516] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.564920][T15954] sd 0:0:1:0: device reset [ 760.816262][T15964] usb usb8: usbfs: process 15964 (syz.0.3340) did not claim interface 0 before use [ 760.842466][T14857] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 760.871263][T14857] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 761.003157][T14881] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 761.003182][T14881] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 761.602428][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 761.602447][ T30] audit: type=1107 audit(2000000003.330:1066): pid=16001 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='' [ 761.999334][ T30] audit: type=1326 audit(2000000003.730:1067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16013 comm="syz.3.3353" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb68658d169 code=0x0 [ 762.344992][T14857] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 762.451221][T14432] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 762.461561][T14432] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 762.477762][T14432] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 762.502368][T14432] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 762.511356][T14432] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 762.520492][T14432] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 762.581812][T14857] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 762.677675][T14857] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 762.750901][T14857] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 762.903686][ T30] audit: type=1326 audit(2000000000.690:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16047 comm="syz.0.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 763.003990][ T30] audit: type=1326 audit(2000000000.690:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16047 comm="syz.0.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 763.064478][ T30] audit: type=1326 audit(2000000000.690:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16047 comm="syz.0.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 763.141225][ T30] audit: type=1326 audit(2000000000.690:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16047 comm="syz.0.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 763.354877][ T30] audit: type=1326 audit(2000000000.690:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16047 comm="syz.0.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 763.458602][ T30] audit: type=1326 audit(2000000000.690:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16047 comm="syz.0.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 763.570481][ T30] audit: type=1326 audit(2000000000.690:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16047 comm="syz.0.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 763.626295][T16026] chnl_net:caif_netlink_parms(): no params data found [ 763.674541][T14857] bridge_slave_1: left allmulticast mode [ 763.681444][T14857] bridge_slave_1: left promiscuous mode [ 763.691593][ T30] audit: type=1326 audit(2000000000.690:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16047 comm="syz.0.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 763.716168][T14857] bridge0: port 2(bridge_slave_1) entered disabled state [ 763.800581][T14857] bridge_slave_0: left allmulticast mode [ 763.806833][T14857] bridge_slave_0: left promiscuous mode [ 763.818489][T14857] bridge0: port 1(bridge_slave_0) entered disabled state [ 764.473605][T16084] io-wq is not configured for unbound workers [ 764.514219][T16084] netlink: 14 bytes leftover after parsing attributes in process `syz.3.3370'. [ 764.570147][ T5839] Bluetooth: hci1: command tx timeout [ 765.658787][T14857] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 765.670737][T14857] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 765.681045][T14857] bond0 (unregistering): Released all slaves [ 765.958833][T16084] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 765.978649][T16084] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 765.990476][T16084] bond0 (unregistering): Released all slaves [ 766.499823][T16026] bridge0: port 1(bridge_slave_0) entered blocking state [ 766.522418][T16026] bridge0: port 1(bridge_slave_0) entered disabled state [ 766.548602][T16026] bridge_slave_0: entered allmulticast mode [ 766.562685][T16026] bridge_slave_0: entered promiscuous mode [ 766.626142][T16026] bridge0: port 2(bridge_slave_1) entered blocking state [ 766.653125][ T5839] Bluetooth: hci1: command tx timeout [ 766.675848][T16026] bridge0: port 2(bridge_slave_1) entered disabled state [ 766.693852][T16026] bridge_slave_1: entered allmulticast mode [ 766.705281][T16026] bridge_slave_1: entered promiscuous mode [ 766.896410][T14857] hsr_slave_0: left promiscuous mode [ 766.965946][T14857] hsr_slave_1: left promiscuous mode [ 766.975572][T14857] batman_adv: batadv0: Removing interface: team0 [ 767.006519][T14857] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 767.027071][T14857] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 767.089127][T14857] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 767.118297][T14857] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 767.143408][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 767.143461][ T30] audit: type=1326 audit(2000000004.920:1099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16133 comm="syz.1.3388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 767.200571][T14857] veth1_macvtap: left promiscuous mode [ 767.217151][T14857] veth0_macvtap: left promiscuous mode [ 767.223207][T14857] veth1_vlan: left promiscuous mode [ 767.236786][ T30] audit: type=1326 audit(2000000004.920:1100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16133 comm="syz.1.3388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 767.259051][T14857] veth0_vlan: left promiscuous mode [ 767.289468][ T30] audit: type=1326 audit(2000000004.930:1101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16133 comm="syz.1.3388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 767.378232][ T30] audit: type=1326 audit(2000000004.930:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16133 comm="syz.1.3388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 767.445317][ T30] audit: type=1326 audit(2000000004.930:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16133 comm="syz.1.3388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 767.510549][ T30] audit: type=1326 audit(2000000004.930:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16133 comm="syz.1.3388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 767.544259][ T30] audit: type=1326 audit(2000000004.960:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16133 comm="syz.1.3388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 767.581183][ T30] audit: type=1326 audit(2000000004.960:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16133 comm="syz.1.3388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 767.620537][ T30] audit: type=1326 audit(2000000004.960:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16133 comm="syz.1.3388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 767.661366][ T30] audit: type=1326 audit(2000000005.000:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16133 comm="syz.1.3388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 768.728878][ T5839] Bluetooth: hci1: command tx timeout [ 768.934719][T14857] team0 (unregistering): Port device team_slave_1 removed [ 768.990413][T14857] team0 (unregistering): Port device team_slave_0 removed [ 769.590359][T16141] smc: net device bond0 applied user defined pnetid SYZ0 [ 769.646885][T16026] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 769.671037][T16026] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 769.908246][T16026] team0: Port device team_slave_0 added [ 769.919556][T16026] team0: Port device team_slave_1 added [ 770.154576][T16026] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 770.182294][T16026] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 770.255534][T16026] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 770.320397][T16026] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 770.342424][T16172] blktrace: Concurrent blktraces are not allowed on sg0 [ 770.350327][T16026] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 770.419295][T16026] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 770.497482][T14857] IPVS: stop unused estimator thread 0... [ 770.628865][T16026] hsr_slave_0: entered promiscuous mode [ 770.639248][T16026] hsr_slave_1: entered promiscuous mode [ 770.658882][T16026] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 770.680719][T16026] Cannot create hsr debugfs directory [ 770.814715][ T5839] Bluetooth: hci1: command tx timeout [ 771.078971][T16199] pim6reg: entered allmulticast mode [ 771.529703][T16208] blktrace: Concurrent blktraces are not allowed on sg0 [ 771.756008][T16214] Invalid ELF header magic: != ELF [ 772.229823][T16236] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3427'. [ 772.381269][ T30] kauditd_printk_skb: 43 callbacks suppressed [ 772.381288][ T30] audit: type=1800 audit(2000000010.170:1152): pid=16241 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.3428" name="SYSV00000000" dev="tmpfs" ino=4 res=0 errno=0 [ 772.420544][T16026] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 772.436299][T16241] blktrace: Concurrent blktraces are not allowed on sg0 [ 772.449230][T16026] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 772.472588][T16026] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 772.486385][T16026] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 772.678658][T16026] 8021q: adding VLAN 0 to HW filter on device bond0 [ 772.710418][T16026] 8021q: adding VLAN 0 to HW filter on device team0 [ 772.740351][T14870] bridge0: port 1(bridge_slave_0) entered blocking state [ 772.747503][T14870] bridge0: port 1(bridge_slave_0) entered forwarding state [ 772.819725][T14888] bridge0: port 2(bridge_slave_1) entered blocking state [ 772.826966][T14888] bridge0: port 2(bridge_slave_1) entered forwarding state [ 772.978054][ T30] audit: type=1326 audit(2000000010.760:1153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.3430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 773.070247][ T30] audit: type=1326 audit(2000000010.760:1154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.3430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 773.076218][T16255] netlink: 200 bytes leftover after parsing attributes in process `syz.1.3430'. [ 773.157740][ T30] audit: type=1326 audit(2000000010.760:1155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.3430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 773.267407][ T30] audit: type=1326 audit(2000000010.760:1156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.3430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 773.395119][ T30] audit: type=1326 audit(2000000010.760:1157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.3430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 774.252571][ T30] audit: type=1326 audit(2000000010.760:1158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.3430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 774.274639][ T30] audit: type=1326 audit(2000000010.760:1159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.3430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1ec978f087 code=0x7ffc0000 [ 774.297967][ T30] audit: type=1326 audit(2000000010.760:1160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.3430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f1ec978effc code=0x7ffc0000 [ 774.321959][ T30] audit: type=1326 audit(2000000010.760:1161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.3430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f1ec978ef34 code=0x7ffc0000 [ 779.039561][T16343] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.102685][T16026] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 779.118862][T16343] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.227448][T16343] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.372088][T16343] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.455947][T16372] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 779.500065][T16372] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.620920][T16343] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 779.648034][T16343] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 779.666214][T16372] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.716054][T16343] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 779.753662][T16026] veth0_vlan: entered promiscuous mode [ 779.796196][T16372] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.853329][ T30] kauditd_printk_skb: 62 callbacks suppressed [ 779.853343][ T30] audit: type=1800 audit(2000000017.640:1224): pid=16385 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.3474" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 779.882575][T16343] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 779.894454][T16385] blktrace: Concurrent blktraces are not allowed on sg0 [ 779.983653][T16026] veth1_vlan: entered promiscuous mode [ 780.018969][T16372] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 780.195257][T16026] veth0_macvtap: entered promiscuous mode [ 780.303149][T16372] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.314260][T16026] veth1_macvtap: entered promiscuous mode [ 780.426884][T16372] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.444085][T16026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.484717][T16371] [U]  [ 780.504441][T16026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.514754][T16026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.526598][T16026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.536665][T16026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.547584][T16026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.557522][T16026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.568639][T16026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.580199][T16026] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 780.596105][T16372] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.631458][T16026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.658680][T16026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.670251][T16026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.681895][T16026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.692378][T16026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.708460][T16026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.725922][T16026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.749705][T16026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.762002][T16026] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 780.775113][T16372] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.870230][T16026] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.880194][T16026] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.894574][T16026] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.946854][T16026] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.151912][ T30] audit: type=1800 audit(2000000018.940:1225): pid=16410 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.3486" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0 [ 781.183054][T14842] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 781.198455][T16410] blktrace: Concurrent blktraces are not allowed on sg0 [ 781.215555][T14842] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 781.309340][T14842] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 781.317362][T14842] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 782.904124][T16435] pimreg: entered allmulticast mode [ 782.937892][T16440] pimreg: left allmulticast mode [ 783.148359][ T977] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 783.402096][ T977] usb 3-1: Using ep0 maxpacket: 32 [ 783.556103][ T977] usb 3-1: config 0 has an invalid interface number: 12 but max is 0 [ 783.572432][ T977] usb 3-1: config 0 has no interface number 0 [ 783.581369][ T977] usb 3-1: config 0 interface 12 has no altsetting 0 [ 783.592399][ T977] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 783.607014][ T977] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 783.632903][ T977] usb 3-1: Product: syz [ 783.647387][ T977] usb 3-1: Manufacturer: syz [ 783.652621][ T977] usb 3-1: SerialNumber: syz [ 783.737201][ T977] usb 3-1: config 0 descriptor?? [ 784.014818][T16453] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3499'. [ 784.039401][ T30] audit: type=1800 audit(2000000021.810:1226): pid=16458 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.3500" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0 [ 784.078473][T16453] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3499'. [ 784.104186][T16458] blktrace: Concurrent blktraces are not allowed on sg0 [ 784.304307][ T30] audit: type=1326 audit(2000000022.090:1227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16464 comm="syz.3.3506" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb68658d169 code=0x0 [ 784.430629][T16469] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 784.591971][T16469] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 785.793501][T16469] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.046052][T16469] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.357397][T16469] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.397988][T16469] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.459798][T16469] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.514886][T16469] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.586882][ T30] audit: type=1800 audit(2000000024.370:1228): pid=16499 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.3516" name="SYSV00000000" dev="tmpfs" ino=4 res=0 errno=0 [ 786.622474][T16499] blktrace: Concurrent blktraces are not allowed on sg0 [ 786.726399][ T30] audit: type=1326 audit(2000000024.510:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16502 comm="syz.0.3520" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x0 [ 786.826641][T16509] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3523'. [ 786.839181][T16508] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3522'. [ 786.850032][T16509] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3523'. [ 788.030510][ T977] f81534 3-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 788.039562][ T977] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71 [ 788.049512][ T977] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 788.057161][ T977] f81534 3-1:0.12: probe with driver f81534 failed with error -71 [ 788.079410][ T977] usb 3-1: USB disconnect, device number 75 [ 788.205879][ T30] audit: type=1800 audit(2000000025.990:1230): pid=16530 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.3532" name="SYSV00000000" dev="tmpfs" ino=8 res=0 errno=0 [ 788.251340][T16530] blktrace: Concurrent blktraces are not allowed on sg0 [ 788.462720][T16542] netlink: 'syz.4.3536': attribute type 27 has an invalid length. [ 788.548719][ T30] audit: type=1326 audit(2000000026.330:1231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16545 comm="syz.1.3539" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x0 [ 788.865527][T16542] bridge0: port 2(bridge_slave_1) entered disabled state [ 788.874748][T16542] bridge0: port 1(bridge_slave_0) entered disabled state [ 789.644114][ T24] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 789.688076][T16542] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 789.744638][ T30] audit: type=1800 audit(2000000027.530:1232): pid=16566 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.3547" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0 [ 789.759117][T16542] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 789.797029][T16566] blktrace: Concurrent blktraces are not allowed on sg0 [ 789.804690][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 789.827132][ T24] usb 3-1: config 0 has an invalid interface number: 12 but max is 0 [ 789.839103][ T24] usb 3-1: config 0 has no interface number 0 [ 789.845259][ T24] usb 3-1: config 0 interface 12 has no altsetting 0 [ 789.861936][ T24] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 789.877416][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 789.887860][ T24] usb 3-1: Product: syz [ 789.897715][ T24] usb 3-1: Manufacturer: syz [ 789.904382][ T24] usb 3-1: SerialNumber: syz [ 789.916499][ T24] usb 3-1: config 0 descriptor?? [ 789.999376][T16572] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3550'. [ 790.052270][T16542] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 790.066983][T16542] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 790.082313][T16542] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 790.096268][T16577] netlink: 'syz.0.3550': attribute type 10 has an invalid length. [ 790.105270][T16577] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3550'. [ 790.114988][T16542] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 790.293177][T16572] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 790.383400][T16577] team0: Failed to send port change of device geneve0 via netlink (err -105) [ 790.401436][T16577] team0: Failed to send options change via netlink (err -105) [ 790.426948][T16577] team0: Port device geneve0 added [ 790.457864][T16572] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 790.474963][ T30] audit: type=1326 audit(2000000028.260:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16582 comm="syz.1.3555" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x0 [ 790.781728][T16572] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 790.952542][T16572] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 791.809149][T16572] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.835140][T16572] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.884155][T16572] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.920949][T16572] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.976660][ T30] audit: type=1800 audit(2000000029.760:1234): pid=16600 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.3560" name="SYSV00000000" dev="tmpfs" ino=5 res=0 errno=0 [ 792.049198][T16600] blktrace: Concurrent blktraces are not allowed on sg0 [ 792.124934][ T30] audit: type=1800 audit(2000000029.910:1235): pid=16602 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.3561" name="SYSV00000000" dev="tmpfs" ino=5 res=0 errno=0 [ 792.149265][T16602] blktrace: Concurrent blktraces are not allowed on sg0 [ 792.180414][ T30] audit: type=1326 audit(2000000029.910:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16601 comm="syz.1.3561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 792.243216][ T30] audit: type=1326 audit(2000000029.910:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16601 comm="syz.1.3561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 792.307247][ T30] audit: type=1326 audit(2000000029.910:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16601 comm="syz.1.3561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 792.332814][ T30] audit: type=1326 audit(2000000029.910:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16601 comm="syz.1.3561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 792.408413][ T30] audit: type=1326 audit(2000000029.910:1240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16601 comm="syz.1.3561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 792.468342][ T30] audit: type=1326 audit(2000000029.910:1241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16601 comm="syz.1.3561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 792.500464][ T30] audit: type=1326 audit(2000000029.910:1242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16601 comm="syz.1.3561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 792.531470][ T30] audit: type=1326 audit(2000000029.910:1243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16601 comm="syz.1.3561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7f1ec978d169 code=0x7ffc0000 [ 793.942577][ T24] f81534 3-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 793.952434][ T24] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71 [ 793.959863][ T24] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 793.967527][ T24] f81534 3-1:0.12: probe with driver f81534 failed with error -71 [ 793.987466][ T24] usb 3-1: USB disconnect, device number 76 [ 794.019620][T16627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3570'. [ 794.041620][T16627] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3570'. [ 794.069705][T16627] bond1: entered promiscuous mode [ 794.075133][T16627] bond1: entered allmulticast mode [ 794.081003][T16627] 8021q: adding VLAN 0 to HW filter on device bond1 [ 794.988257][ T5928] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 795.178411][ T5928] usb 1-1: Using ep0 maxpacket: 32 [ 795.194195][ T5928] usb 1-1: config 0 has an invalid interface number: 12 but max is 0 [ 795.206631][ T5928] usb 1-1: config 0 has no interface number 0 [ 795.219157][ T5928] usb 1-1: config 0 interface 12 has no altsetting 0 [ 795.229967][ T5928] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 795.248430][ T5928] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 795.271411][ T5928] usb 1-1: Product: syz [ 795.281419][ T5928] usb 1-1: Manufacturer: syz [ 795.301791][ T5928] usb 1-1: SerialNumber: syz [ 795.316240][ T5928] usb 1-1: config 0 descriptor?? [ 796.847695][T16694] netlink: 4796 bytes leftover after parsing attributes in process `syz.3.3598'. [ 796.878878][T16694] netlink: 4796 bytes leftover after parsing attributes in process `syz.3.3598'. [ 796.937331][T16696] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3599'. [ 797.259128][T16704] netlink: 'syz.4.3602': attribute type 4 has an invalid length. [ 797.287628][T16704] netlink: 'syz.4.3602': attribute type 4 has an invalid length. [ 798.039326][T16705] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3603'. [ 799.063340][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 799.063362][ T30] audit: type=1326 audit(2000000036.850:1278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16721 comm="syz.4.3609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507d78d169 code=0x7ffc0000 [ 799.092200][ T5928] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 799.099848][ T5928] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71 [ 799.117407][ T5928] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 799.125479][ T30] audit: type=1326 audit(2000000036.850:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16721 comm="syz.4.3609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507d78d169 code=0x7ffc0000 [ 799.147528][ T5928] f81534 1-1:0.12: probe with driver f81534 failed with error -71 [ 799.172671][ T5928] usb 1-1: USB disconnect, device number 67 [ 799.203306][ T30] audit: type=1326 audit(2000000036.880:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16721 comm="syz.4.3609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f507d78d169 code=0x7ffc0000 [ 799.258215][ T30] audit: type=1326 audit(2000000036.880:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16721 comm="syz.4.3609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507d78d169 code=0x7ffc0000 [ 799.308201][ T30] audit: type=1326 audit(2000000036.880:1282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16721 comm="syz.4.3609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507d78d169 code=0x7ffc0000 [ 799.491427][T16726] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3611'. [ 799.606449][T16654] net_ratelimit: 10 callbacks suppressed [ 799.606472][T16654] Set syz1 is full, maxelem 65536 reached [ 799.761037][ T30] audit: type=1326 audit(2000000037.550:1283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16727 comm="syz.2.3612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 799.848257][ T30] audit: type=1326 audit(2000000037.550:1284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16727 comm="syz.2.3612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 799.938717][ T30] audit: type=1326 audit(2000000037.550:1285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16727 comm="syz.2.3612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 800.008475][ T30] audit: type=1326 audit(2000000037.580:1286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16727 comm="syz.2.3612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 800.063007][ T30] audit: type=1326 audit(2000000037.590:1287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16727 comm="syz.2.3612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 801.286778][T16781] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3633'. [ 801.295827][T16781] batman_adv: batadv0: Interface deactivated: dummy0 [ 801.329063][T16781] batman_adv: batadv0: Removing interface: dummy0 [ 801.391839][T16781] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 801.435716][T16781] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 801.487387][T16781] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 801.504908][T16781] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 802.800635][T16798] xt_CT: No such helper "pptp" [ 803.072549][T16804] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3641'. [ 803.965110][T16828] xt_CT: No such helper "pptp" [ 804.207319][ T30] kauditd_printk_skb: 60 callbacks suppressed [ 804.207341][ T30] audit: type=1326 audit(2000000041.990:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16808 comm="syz.2.3644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 804.299031][ T30] audit: type=1326 audit(2000000041.990:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16808 comm="syz.2.3644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 804.397097][T16840] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3657'. [ 804.879605][ T30] audit: type=1326 audit(2000000042.670:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16851 comm="syz.3.3663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 804.946349][T16854] xt_CT: No such helper "pptp" [ 804.952663][ T30] audit: type=1326 audit(2000000042.670:1351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16851 comm="syz.3.3663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 805.029890][ T30] audit: type=1326 audit(2000000042.700:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16851 comm="syz.3.3663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 805.093508][ T30] audit: type=1326 audit(2000000042.700:1353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16851 comm="syz.3.3663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 805.148254][ T30] audit: type=1326 audit(2000000042.700:1354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16851 comm="syz.3.3663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 805.203148][T16867] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3669'. [ 805.218243][ T30] audit: type=1326 audit(2000000042.700:1355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16851 comm="syz.3.3663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 805.277509][ T30] audit: type=1326 audit(2000000042.700:1356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16851 comm="syz.3.3663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 805.330973][ T30] audit: type=1326 audit(2000000042.700:1357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16851 comm="syz.3.3663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 806.094356][T16890] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 806.138282][T16884] xt_CT: No such helper "pptp" [ 806.285609][T16890] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 806.485654][T16890] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 806.685711][T16890] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 806.807335][T16890] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 807.058825][T16888] [U]  [ 807.119862][T16890] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.168587][T16890] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.205239][T16890] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.258773][T16890] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.315400][T16766] Set syz1 is full, maxelem 65536 reached [ 808.005382][T16927] ======================================================= [ 808.005382][T16927] WARNING: The mand mount option has been deprecated and [ 808.005382][T16927] and is ignored by this kernel. Remove the mand [ 808.005382][T16927] option from the mount to silence this warning. [ 808.005382][T16927] ======================================================= [ 808.276670][T16943] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 808.302425][T16943] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.658472][T16943] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.821195][T16943] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.890462][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.897029][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.942077][T16943] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 809.152115][T16943] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.216711][ T30] kauditd_printk_skb: 31 callbacks suppressed [ 809.216726][ T30] audit: type=1326 audit(2000000047.000:1389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16961 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 809.282367][T16943] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.326738][ T30] audit: type=1326 audit(2000000047.000:1390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16961 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 809.350779][ T30] audit: type=1326 audit(2000000047.040:1391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16961 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 809.373206][ T30] audit: type=1326 audit(2000000047.040:1392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16961 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 809.396265][ T30] audit: type=1326 audit(2000000047.070:1393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16961 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f99ae98bad0 code=0x7ffc0000 [ 809.419119][ T30] audit: type=1326 audit(2000000047.070:1394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16961 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 809.454678][ T30] audit: type=1326 audit(2000000047.080:1395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16961 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 809.534147][T16942] [U]  [ 809.534895][ T30] audit: type=1326 audit(2000000047.080:1396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16961 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 809.565451][ T30] audit: type=1326 audit(2000000047.090:1397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16961 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 809.587366][ T30] audit: type=1326 audit(2000000047.100:1398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16961 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 809.634651][T16943] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.729327][T16943] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.257193][T17029] hub 2-0:1.0: USB hub found [ 812.325327][T17029] hub 2-0:1.0: 1 port detected [ 813.179543][T17037] netlink: 'syz.2.3737': attribute type 21 has an invalid length. [ 813.220405][T17037] netlink: 'syz.2.3737': attribute type 20 has an invalid length. [ 813.521506][T17043] xt_CT: No such helper "pptp" [ 813.664594][T17051] IPv6: Can't replace route, no match found [ 813.736042][T17056] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3745'. [ 813.852842][T17063] 9pnet_fd: Insufficient options for proto=fd [ 815.222273][T17062] pimreg: entered allmulticast mode [ 815.291058][T17062] pimreg: left allmulticast mode [ 815.701491][T17085] tmpfs: Bad value for 'mpol' [ 815.718474][T17080] xt_CT: No such helper "pptp" [ 816.758205][T17112] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 817.761872][ T30] kauditd_printk_skb: 113 callbacks suppressed [ 817.761893][ T30] audit: type=1326 audit(2000000055.550:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17118 comm="syz.4.3769" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f507d78d169 code=0x0 [ 818.458872][ T30] audit: type=1326 audit(2000000056.250:1513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17134 comm="syz.2.3777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 818.521764][ T30] audit: type=1326 audit(2000000056.290:1514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17134 comm="syz.2.3777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 818.768595][ T30] audit: type=1326 audit(2000000056.290:1515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17134 comm="syz.2.3777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 818.881798][ T30] audit: type=1326 audit(2000000056.290:1516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17134 comm="syz.2.3777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 820.396525][ T30] audit: type=1326 audit(2000000058.180:1517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17160 comm="syz.2.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 820.498340][ T30] audit: type=1326 audit(2000000058.180:1518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17160 comm="syz.2.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 820.708334][ T30] audit: type=1326 audit(2000000058.220:1519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17160 comm="syz.2.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 821.025704][ T30] audit: type=1326 audit(2000000058.220:1520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17160 comm="syz.2.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 821.137118][ T30] audit: type=1326 audit(2000000058.220:1521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17160 comm="syz.2.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99ae98d169 code=0x7ffc0000 [ 821.208281][T14432] Bluetooth: hci0: command 0x0406 tx timeout [ 824.519270][T17204] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 824.619943][T17204] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 824.835853][T17204] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 826.154705][T17204] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 826.282428][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 826.282450][ T30] audit: type=1326 audit(2000000064.060:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17222 comm="syz.3.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 826.313732][T17203] [U]  [ 826.368521][ T30] audit: type=1326 audit(2000000064.060:1527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17222 comm="syz.3.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 826.390776][ T30] audit: type=1326 audit(2000000064.120:1528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17222 comm="syz.3.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 826.415535][ T30] audit: type=1326 audit(2000000064.120:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17222 comm="syz.3.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 826.437668][ T30] audit: type=1326 audit(2000000064.120:1530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17222 comm="syz.3.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 826.468400][ T30] audit: type=1326 audit(2000000064.120:1531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17222 comm="syz.3.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 826.490396][ T30] audit: type=1326 audit(2000000064.120:1532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17222 comm="syz.3.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 826.513456][ T30] audit: type=1326 audit(2000000064.120:1533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17222 comm="syz.3.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 826.569650][T17204] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 826.611666][ T30] audit: type=1326 audit(2000000064.150:1534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17222 comm="syz.3.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 826.688329][ T30] audit: type=1326 audit(2000000064.150:1535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17222 comm="syz.3.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb68658d169 code=0x7ffc0000 [ 826.921897][T17204] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.982840][T17204] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.089337][T17204] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.171976][T17204] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 829.765917][T17272] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 830.210027][T17288] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.387637][T17288] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.484584][T17302] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 831.509826][T17288] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.532267][T17302] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.581896][T17288] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.637368][T17302] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.713322][T17288] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.744402][T17302] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.845874][T17288] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.896597][T17288] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.919031][T17288] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.952183][T17302] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 832.669125][T17301] [U]  [ 832.818289][ T5879] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 832.988573][ T5879] usb 2-1: Using ep0 maxpacket: 8 [ 833.011452][ T5879] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 833.066851][ T5879] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 833.113229][ T5879] usb 2-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 833.136770][ T5879] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 833.158314][ T5879] usb 2-1: Product: syz [ 834.005767][ T5879] usb 2-1: Manufacturer: syz [ 834.011596][ T5879] usb 2-1: SerialNumber: syz [ 834.028961][ T5879] usb 2-1: config 0 descriptor?? [ 834.099051][T17338] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3857'. [ 834.401466][T17341] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 834.484361][T17302] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 834.504757][T17302] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 834.597441][T17341] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 834.647182][T17302] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 834.677181][T17302] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 834.729985][T17341] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 834.949127][T17341] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 835.271874][T17341] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 835.288664][T17341] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 835.305426][T17341] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 835.323588][T17341] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 836.251613][T16407] usb 2-1: USB disconnect, device number 65 [ 836.411878][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 836.411899][ T30] audit: type=1326 audit(2000000074.200:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17367 comm="syz.0.3868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 836.834781][ T30] audit: type=1326 audit(2000000074.330:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17367 comm="syz.0.3868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 836.893152][ T30] audit: type=1326 audit(2000000074.330:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17367 comm="syz.0.3868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 837.806126][ T30] audit: type=1326 audit(2000000074.390:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17367 comm="syz.0.3868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 838.307392][ T30] audit: type=1326 audit(2000000074.410:1559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17367 comm="syz.0.3868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 838.619332][ T30] audit: type=1326 audit(2000000074.410:1560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17367 comm="syz.0.3868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 838.649203][ T30] audit: type=1326 audit(2000000074.640:1561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17367 comm="syz.0.3868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 838.671346][ T30] audit: type=1326 audit(2000000074.650:1562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17367 comm="syz.0.3868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 838.694460][ T30] audit: type=1326 audit(2000000074.650:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17367 comm="syz.0.3868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c078d169 code=0x7ffc0000 [ 839.327742][T17385] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 841.189110][T17404] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3876'. [ 841.213602][T17384] [U]  [ 841.488318][ T5928] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 841.579479][T17411] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3882'. [ 841.661431][ T5928] usb 2-1: Using ep0 maxpacket: 8 [ 841.686105][ T5928] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 841.696706][ T5839] Bluetooth: hci4: command 0x0406 tx timeout [ 841.738343][ T5928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 841.840875][ T5928] usb 2-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 841.873623][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 841.895689][ T5928] usb 2-1: Product: syz [ 841.905983][ T5928] usb 2-1: Manufacturer: syz [ 841.916890][ T5928] usb 2-1: SerialNumber: syz [ 841.936768][ T5928] usb 2-1: config 0 descriptor?? [ 842.100658][ T30] audit: type=1326 audit(2000000079.850:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17424 comm="syz.0.3889" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc2c078d169 code=0x0 [ 844.507081][T16407] usb 2-1: USB disconnect, device number 66 [ 844.609159][T17433] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3891'. [ 844.769271][T17439] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 844.805504][T17441] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3895'. [ 844.827091][T17439] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 844.976126][T17439] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 845.116838][T17439] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 845.296728][T17439] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 845.487284][T17439] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 845.521434][T17439] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 845.550825][T17439] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 845.594035][T17439] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 845.810165][T17438] [U]  [ 846.128281][ T10] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 846.563498][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 846.699148][T17470] Bluetooth: MGMT ver 1.23 [ 846.774292][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 846.892504][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 846.934593][ T10] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 846.956195][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 847.025027][ T10] usb 5-1: Product: syz [ 847.172653][ T10] usb 5-1: Manufacturer: syz [ 847.177330][ T10] usb 5-1: SerialNumber: syz [ 847.210460][ T10] usb 5-1: config 0 descriptor?? [ 847.378315][ T5879] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 847.574248][ T5879] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 847.583300][ T5879] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 847.599076][ T5879] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 847.611362][ T5879] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 847.644730][ T5879] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 847.721880][ T5879] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 847.734411][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 847.742601][ T5879] usb 1-1: Product: syz [ 847.747017][ T5879] usb 1-1: Manufacturer: syz [ 847.781575][ T5879] cdc_wdm 1-1:1.0: skipping garbage [ 847.787330][ T5879] cdc_wdm 1-1:1.0: skipping garbage [ 847.811634][ T5879] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 847.818015][ T5879] cdc_wdm 1-1:1.0: Unknown control protocol [ 849.035797][ T977] usb 5-1: USB disconnect, device number 62 [ 849.258479][T17477] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3907'. [ 849.405881][T17380] Set syz1 is full, maxelem 65536 reached [ 851.094683][ T911] usb 1-1: USB disconnect, device number 68 [ 851.564327][T17504] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3919'. [ 851.666560][T17509] BUG: Bad page state in process syz.4.3921 pfn:7e8f8 [ 851.673590][T17509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807e8f8000 pfn:0x7e8f8 [ 851.683767][T17509] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 851.691097][T17509] raw: 00fff00000000000 dead000000000040 ffff888022aff000 0000000000000000 [ 851.699796][T17509] raw: ffff88807e8f8000 3fffffffffffffff 00000000ffffffff 0000000000000000 [ 851.708480][T17509] page dumped because: page_pool leak [ 851.713899][T17509] page_owner tracks the page as allocated [ 851.720213][T17509] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 17509, tgid 17508 (syz.4.3921), ts 851666439683, free_ts 851572976513 [ 851.737725][T17509] post_alloc_hook+0x1f4/0x240 [ 851.742612][T17509] get_page_from_freelist+0x3651/0x37a0 [ 851.748309][T17509] __alloc_frozen_pages_noprof+0x292/0x710 [ 851.754199][T17509] alloc_pages_bulk_noprof+0x847/0xae0 [ 851.759790][T17509] __page_pool_alloc_pages_slow+0x11f/0x690 [ 851.765748][T17509] page_pool_alloc_frag_netmem+0x59c/0x940 [ 851.771676][T17509] skb_pp_cow_data+0xcea/0x1720 [ 851.776601][T17509] do_xdp_generic+0x505/0xd30 [ 851.781397][T17509] tun_get_user+0x2a4b/0x4860 [ 851.786178][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 851.791332][T17509] vfs_write+0xacf/0xd10 [ 851.795640][T17509] ksys_write+0x18f/0x2b0 [ 851.800174][T17509] do_syscall_64+0xf3/0x230 [ 851.804740][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 851.810754][T17509] page last free pid 23 tgid 23 stack trace: [ 851.816784][T17509] free_frozen_pages+0xe04/0x10e0 [ 851.821918][T17509] rcu_core+0xaaa/0x17a0 [ 851.826224][T17509] handle_softirqs+0x2d4/0x9b0 [ 851.831090][T17509] run_ksoftirqd+0xca/0x130 [ 851.835650][T17509] smpboot_thread_fn+0x544/0xa30 [ 851.840702][T17509] kthread+0x7a9/0x920 [ 851.844834][T17509] ret_from_fork+0x4b/0x80 [ 851.849386][T17509] ret_from_fork_asm+0x1a/0x30 [ 851.854212][T17509] Modules linked in: [ 851.858249][T17509] CPU: 1 UID: 0 PID: 17509 Comm: syz.4.3921 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 851.858279][T17509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 851.858294][T17509] Call Trace: [ 851.858303][T17509] [ 851.858314][T17509] dump_stack_lvl+0x241/0x360 [ 851.858366][T17509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 851.858403][T17509] ? __pfx_print_modules+0x10/0x10 [ 851.858449][T17509] bad_page+0x176/0x1d0 [ 851.858484][T17509] free_frozen_pages+0x1079/0x10e0 [ 851.858520][T17509] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 851.858570][T17509] bpf_xdp_adjust_tail+0x1c6/0x210 [ 851.858605][T17509] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 851.858626][T17509] bpf_prog_run_generic_xdp+0x686/0x1510 [ 851.858693][T17509] do_xdp_generic+0x757/0xd30 [ 851.858726][T17509] ? __pfx_do_xdp_generic+0x10/0x10 [ 851.858771][T17509] ? __local_bh_disable_ip+0x179/0x220 [ 851.858802][T17509] ? __pfx_eth_type_trans+0x10/0x10 [ 851.858837][T17509] ? tun_get_user+0x2914/0x4860 [ 851.858872][T17509] tun_get_user+0x2a4b/0x4860 [ 851.858922][T17509] ? __lock_acquire+0x1397/0x2100 [ 851.858962][T17509] ? __pfx_tun_get_user+0x10/0x10 [ 851.859017][T17509] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 851.859050][T17509] ? tun_get+0x1e/0x2f0 [ 851.859083][T17509] ? __pfx_lock_release+0x10/0x10 [ 851.859130][T17509] ? tun_get+0x1e/0x2f0 [ 851.859162][T17509] ? tun_get+0x27d/0x2f0 [ 851.859198][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 851.859243][T17509] vfs_write+0xacf/0xd10 [ 851.859277][T17509] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 851.859312][T17509] ? __pfx_vfs_write+0x10/0x10 [ 851.859353][T17509] ? __fget_files+0x2a/0x420 [ 851.859381][T17509] ? __fget_files+0x2a/0x420 [ 851.859413][T17509] ksys_write+0x18f/0x2b0 [ 851.859445][T17509] ? __pfx_ksys_write+0x10/0x10 [ 851.859475][T17509] ? do_syscall_64+0x100/0x230 [ 851.859508][T17509] ? do_syscall_64+0xb6/0x230 [ 851.859542][T17509] do_syscall_64+0xf3/0x230 [ 851.859572][T17509] ? clear_bhb_loop+0x35/0x90 [ 851.859608][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 851.859639][T17509] RIP: 0033:0x7f507d78bc1f [ 851.859658][T17509] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 851.859677][T17509] RSP: 002b:00007f507e5a7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 851.859701][T17509] RAX: ffffffffffffffda RBX: 00007f507d9a5fa0 RCX: 00007f507d78bc1f [ 851.859718][T17509] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 851.859734][T17509] RBP: 00007f507d80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 851.859749][T17509] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 851.859763][T17509] R13: 0000000000000000 R14: 00007f507d9a5fa0 R15: 00007ffda7d2a7e8 [ 851.859796][T17509] [ 851.859806][T17509] Disabling lock debugging due to kernel taint [ 852.142197][T17509] BUG: Bad page state in process syz.4.3921 pfn:2876b [ 852.149169][T17509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802876b000 pfn:0x2876b [ 852.159316][T17509] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 852.166477][T17509] raw: 00fff00000000000 dead000000000040 ffff888022aff000 0000000000000000 [ 852.175151][T17509] raw: ffff88802876b000 0000000000000001 00000000ffffffff 0000000000000000 [ 852.183820][T17509] page dumped because: page_pool leak [ 852.189260][T17509] page_owner tracks the page as allocated [ 852.195003][T17509] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 17509, tgid 17508 (syz.4.3921), ts 851666421080, free_ts 851572994383 [ 852.212291][T17509] post_alloc_hook+0x1f4/0x240 [ 852.217106][T17509] get_page_from_freelist+0x3651/0x37a0 [ 852.222743][T17509] __alloc_frozen_pages_noprof+0x292/0x710 [ 852.228633][T17509] alloc_pages_bulk_noprof+0x847/0xae0 [ 852.234143][T17509] __page_pool_alloc_pages_slow+0x11f/0x690 [ 852.240133][T17509] skb_pp_cow_data+0xcc8/0x1720 [ 852.245103][T17509] do_xdp_generic+0x505/0xd30 [ 852.249860][T17509] tun_get_user+0x2a4b/0x4860 [ 852.254589][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 852.259708][T17509] vfs_write+0xacf/0xd10 [ 852.263996][T17509] ksys_write+0x18f/0x2b0 [ 852.268415][T17509] do_syscall_64+0xf3/0x230 [ 852.273174][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 852.279249][T17509] page last free pid 23 tgid 23 stack trace: [ 852.285255][T17509] free_frozen_pages+0xe04/0x10e0 [ 852.290363][T17509] rcu_core+0xaaa/0x17a0 [ 852.294653][T17509] handle_softirqs+0x2d4/0x9b0 [ 852.299491][T17509] run_ksoftirqd+0xca/0x130 [ 852.304027][T17509] smpboot_thread_fn+0x544/0xa30 [ 852.309109][T17509] kthread+0x7a9/0x920 [ 852.313217][T17509] ret_from_fork+0x4b/0x80 [ 852.317665][T17509] ret_from_fork_asm+0x1a/0x30 [ 852.322510][T17509] Modules linked in: [ 852.326435][T17509] CPU: 1 UID: 0 PID: 17509 Comm: syz.4.3921 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 852.326468][T17509] Tainted: [B]=BAD_PAGE [ 852.326477][T17509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 852.326492][T17509] Call Trace: [ 852.326503][T17509] [ 852.326514][T17509] dump_stack_lvl+0x241/0x360 [ 852.326555][T17509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 852.326591][T17509] ? __pfx_print_modules+0x10/0x10 [ 852.326628][T17509] bad_page+0x176/0x1d0 [ 852.326662][T17509] free_frozen_pages+0x1079/0x10e0 [ 852.326693][T17509] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 852.326735][T17509] bpf_xdp_adjust_tail+0x1c6/0x210 [ 852.326765][T17509] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 852.326785][T17509] bpf_prog_run_generic_xdp+0x686/0x1510 [ 852.326837][T17509] do_xdp_generic+0x757/0xd30 [ 852.326863][T17509] ? __pfx_do_xdp_generic+0x10/0x10 [ 852.326890][T17509] ? __local_bh_disable_ip+0x179/0x220 [ 852.326918][T17509] ? __pfx_eth_type_trans+0x10/0x10 [ 852.326949][T17509] ? tun_get_user+0x2914/0x4860 [ 852.326984][T17509] tun_get_user+0x2a4b/0x4860 [ 852.327027][T17509] ? __lock_acquire+0x1397/0x2100 [ 852.327062][T17509] ? __pfx_tun_get_user+0x10/0x10 [ 852.327114][T17509] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 852.327147][T17509] ? tun_get+0x1e/0x2f0 [ 852.327180][T17509] ? __pfx_lock_release+0x10/0x10 [ 852.327219][T17509] ? tun_get+0x1e/0x2f0 [ 852.327252][T17509] ? tun_get+0x27d/0x2f0 [ 852.327286][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 852.327323][T17509] vfs_write+0xacf/0xd10 [ 852.327354][T17509] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 852.327390][T17509] ? __pfx_vfs_write+0x10/0x10 [ 852.327420][T17509] ? __fget_files+0x2a/0x420 [ 852.327445][T17509] ? __fget_files+0x2a/0x420 [ 852.327473][T17509] ksys_write+0x18f/0x2b0 [ 852.327502][T17509] ? __pfx_ksys_write+0x10/0x10 [ 852.327532][T17509] ? do_syscall_64+0x100/0x230 [ 852.327564][T17509] ? do_syscall_64+0xb6/0x230 [ 852.327596][T17509] do_syscall_64+0xf3/0x230 [ 852.327627][T17509] ? clear_bhb_loop+0x35/0x90 [ 852.327663][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 852.327695][T17509] RIP: 0033:0x7f507d78bc1f [ 852.327714][T17509] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 852.327734][T17509] RSP: 002b:00007f507e5a7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 852.327759][T17509] RAX: ffffffffffffffda RBX: 00007f507d9a5fa0 RCX: 00007f507d78bc1f [ 852.327775][T17509] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 852.327789][T17509] RBP: 00007f507d80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 852.327803][T17509] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 852.327817][T17509] R13: 0000000000000000 R14: 00007f507d9a5fa0 R15: 00007ffda7d2a7e8 [ 852.327840][T17509] [ 852.327854][T17509] BUG: Bad page state in process syz.4.3921 pfn:2f4c0 [ 852.616219][T17509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802f4c0000 pfn:0x2f4c0 [ 852.626377][T17509] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 852.633554][T17509] raw: 00fff00000000000 dead000000000040 ffff888022aff000 0000000000000000 [ 852.642199][T17509] raw: ffff88802f4c0000 0000000000000001 00000000ffffffff 0000000000000000 [ 852.650841][T17509] page dumped because: page_pool leak [ 852.656282][T17509] page_owner tracks the page as allocated [ 852.662061][T17509] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 17509, tgid 17508 (syz.4.3921), ts 851666408338, free_ts 851573013088 [ 852.679503][T17509] post_alloc_hook+0x1f4/0x240 [ 852.684314][T17509] get_page_from_freelist+0x3651/0x37a0 [ 852.690034][T17509] __alloc_frozen_pages_noprof+0x292/0x710 [ 852.695920][T17509] alloc_pages_bulk_noprof+0x847/0xae0 [ 852.701465][T17509] __page_pool_alloc_pages_slow+0x11f/0x690 [ 852.707399][T17509] skb_pp_cow_data+0xcc8/0x1720 [ 852.712350][T17509] do_xdp_generic+0x505/0xd30 [ 852.717075][T17509] tun_get_user+0x2a4b/0x4860 [ 852.721831][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 852.726995][T17509] vfs_write+0xacf/0xd10 [ 852.731327][T17509] ksys_write+0x18f/0x2b0 [ 852.735715][T17509] do_syscall_64+0xf3/0x230 [ 852.740309][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 852.746259][T17509] page last free pid 23 tgid 23 stack trace: [ 852.752349][T17509] free_frozen_pages+0xe04/0x10e0 [ 852.757415][T17509] rcu_core+0xaaa/0x17a0 [ 852.761742][T17509] handle_softirqs+0x2d4/0x9b0 [ 852.766537][T17509] run_ksoftirqd+0xca/0x130 [ 852.771130][T17509] smpboot_thread_fn+0x544/0xa30 [ 852.776117][T17509] kthread+0x7a9/0x920 [ 852.780270][T17509] ret_from_fork+0x4b/0x80 [ 852.784724][T17509] ret_from_fork_asm+0x1a/0x30 [ 852.789571][T17509] Modules linked in: [ 852.793507][T17509] CPU: 1 UID: 0 PID: 17509 Comm: syz.4.3921 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 852.793542][T17509] Tainted: [B]=BAD_PAGE [ 852.793552][T17509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 852.793566][T17509] Call Trace: [ 852.793577][T17509] [ 852.793588][T17509] dump_stack_lvl+0x241/0x360 [ 852.793631][T17509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 852.793668][T17509] ? __pfx_print_modules+0x10/0x10 [ 852.793704][T17509] bad_page+0x176/0x1d0 [ 852.793738][T17509] free_frozen_pages+0x1079/0x10e0 [ 852.793769][T17509] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 852.793811][T17509] bpf_xdp_adjust_tail+0x1c6/0x210 [ 852.793841][T17509] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 852.793862][T17509] bpf_prog_run_generic_xdp+0x686/0x1510 [ 852.793914][T17509] do_xdp_generic+0x757/0xd30 [ 852.793940][T17509] ? __pfx_do_xdp_generic+0x10/0x10 [ 852.793966][T17509] ? __local_bh_disable_ip+0x179/0x220 [ 852.793994][T17509] ? __pfx_eth_type_trans+0x10/0x10 [ 852.794025][T17509] ? tun_get_user+0x2914/0x4860 [ 852.794061][T17509] tun_get_user+0x2a4b/0x4860 [ 852.794104][T17509] ? __lock_acquire+0x1397/0x2100 [ 852.794139][T17509] ? __pfx_tun_get_user+0x10/0x10 [ 852.794184][T17509] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 852.794215][T17509] ? tun_get+0x1e/0x2f0 [ 852.794248][T17509] ? __pfx_lock_release+0x10/0x10 [ 852.794293][T17509] ? tun_get+0x1e/0x2f0 [ 852.794325][T17509] ? tun_get+0x27d/0x2f0 [ 852.794360][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 852.794396][T17509] vfs_write+0xacf/0xd10 [ 852.794427][T17509] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 852.794462][T17509] ? __pfx_vfs_write+0x10/0x10 [ 852.794491][T17509] ? __fget_files+0x2a/0x420 [ 852.794516][T17509] ? __fget_files+0x2a/0x420 [ 852.794544][T17509] ksys_write+0x18f/0x2b0 [ 852.794573][T17509] ? __pfx_ksys_write+0x10/0x10 [ 852.794602][T17509] ? do_syscall_64+0x100/0x230 [ 852.794634][T17509] ? do_syscall_64+0xb6/0x230 [ 852.794665][T17509] do_syscall_64+0xf3/0x230 [ 852.794695][T17509] ? clear_bhb_loop+0x35/0x90 [ 852.794730][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 852.794762][T17509] RIP: 0033:0x7f507d78bc1f [ 852.794781][T17509] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 852.794800][T17509] RSP: 002b:00007f507e5a7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 852.794824][T17509] RAX: ffffffffffffffda RBX: 00007f507d9a5fa0 RCX: 00007f507d78bc1f [ 852.794841][T17509] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 852.794856][T17509] RBP: 00007f507d80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 852.794870][T17509] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 852.794883][T17509] R13: 0000000000000000 R14: 00007f507d9a5fa0 R15: 00007ffda7d2a7e8 [ 852.794907][T17509] [ 852.794920][T17509] BUG: Bad page state in process syz.4.3921 pfn:69e8d [ 853.082098][T17509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888069e8d000 pfn:0x69e8d [ 853.092212][T17509] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 853.099446][T17509] raw: 00fff00000000000 dead000000000040 ffff888022aff000 0000000000000000 [ 853.108044][T17509] raw: ffff888069e8d000 0000000000000001 00000000ffffffff 0000000000000000 [ 853.116696][T17509] page dumped because: page_pool leak [ 853.122124][T17509] page_owner tracks the page as allocated [ 853.127851][T17509] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 17509, tgid 17508 (syz.4.3921), ts 851666394839, free_ts 851588147622 [ 853.145088][T17509] post_alloc_hook+0x1f4/0x240 [ 853.149931][T17509] get_page_from_freelist+0x3651/0x37a0 [ 853.155517][T17509] __alloc_frozen_pages_noprof+0x292/0x710 [ 853.161378][T17509] alloc_pages_bulk_noprof+0x847/0xae0 [ 853.166854][T17509] __page_pool_alloc_pages_slow+0x11f/0x690 [ 853.172806][T17509] skb_pp_cow_data+0xcc8/0x1720 [ 853.177679][T17509] do_xdp_generic+0x505/0xd30 [ 853.182428][T17509] tun_get_user+0x2a4b/0x4860 [ 853.187130][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 853.192221][T17509] vfs_write+0xacf/0xd10 [ 853.196482][T17509] ksys_write+0x18f/0x2b0 [ 853.200865][T17509] do_syscall_64+0xf3/0x230 [ 853.205382][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 853.211320][T17509] page last free pid 5198 tgid 5198 stack trace: [ 853.217645][T17509] free_frozen_pages+0xe04/0x10e0 [ 853.222725][T17509] rcu_core+0xaaa/0x17a0 [ 853.227011][T17509] handle_softirqs+0x2d4/0x9b0 [ 853.231812][T17509] __irq_exit_rcu+0xf7/0x220 [ 853.236407][T17509] irq_exit_rcu+0x9/0x30 [ 853.240677][T17509] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 853.246337][T17509] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 853.252374][T17509] Modules linked in: [ 853.256299][T17509] CPU: 1 UID: 0 PID: 17509 Comm: syz.4.3921 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 853.256323][T17509] Tainted: [B]=BAD_PAGE [ 853.256329][T17509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 853.256340][T17509] Call Trace: [ 853.256348][T17509] [ 853.256356][T17509] dump_stack_lvl+0x241/0x360 [ 853.256387][T17509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 853.256412][T17509] ? __pfx_print_modules+0x10/0x10 [ 853.256438][T17509] bad_page+0x176/0x1d0 [ 853.256462][T17509] free_frozen_pages+0x1079/0x10e0 [ 853.256483][T17509] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 853.256514][T17509] bpf_xdp_adjust_tail+0x1c6/0x210 [ 853.256535][T17509] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 853.256549][T17509] bpf_prog_run_generic_xdp+0x686/0x1510 [ 853.256585][T17509] do_xdp_generic+0x757/0xd30 [ 853.256603][T17509] ? __pfx_do_xdp_generic+0x10/0x10 [ 853.256622][T17509] ? __local_bh_disable_ip+0x179/0x220 [ 853.256641][T17509] ? __pfx_eth_type_trans+0x10/0x10 [ 853.256662][T17509] ? tun_get_user+0x2914/0x4860 [ 853.256687][T17509] tun_get_user+0x2a4b/0x4860 [ 853.256718][T17509] ? __lock_acquire+0x1397/0x2100 [ 853.256743][T17509] ? __pfx_tun_get_user+0x10/0x10 [ 853.256774][T17509] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 853.256796][T17509] ? tun_get+0x1e/0x2f0 [ 853.256820][T17509] ? __pfx_lock_release+0x10/0x10 [ 853.256847][T17509] ? tun_get+0x1e/0x2f0 [ 853.256870][T17509] ? tun_get+0x27d/0x2f0 [ 853.256894][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 853.256920][T17509] vfs_write+0xacf/0xd10 [ 853.256944][T17509] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 853.256970][T17509] ? __pfx_vfs_write+0x10/0x10 [ 853.256990][T17509] ? __fget_files+0x2a/0x420 [ 853.257010][T17509] ? __fget_files+0x2a/0x420 [ 853.257037][T17509] ksys_write+0x18f/0x2b0 [ 853.257066][T17509] ? __pfx_ksys_write+0x10/0x10 [ 853.257094][T17509] ? do_syscall_64+0x100/0x230 [ 853.257127][T17509] ? do_syscall_64+0xb6/0x230 [ 853.257156][T17509] do_syscall_64+0xf3/0x230 [ 853.257178][T17509] ? clear_bhb_loop+0x35/0x90 [ 853.257215][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 853.257237][T17509] RIP: 0033:0x7f507d78bc1f [ 853.257251][T17509] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 853.257265][T17509] RSP: 002b:00007f507e5a7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 853.257282][T17509] RAX: ffffffffffffffda RBX: 00007f507d9a5fa0 RCX: 00007f507d78bc1f [ 853.257295][T17509] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 853.257306][T17509] RBP: 00007f507d80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 853.257316][T17509] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 853.257326][T17509] R13: 0000000000000000 R14: 00007f507d9a5fa0 R15: 00007ffda7d2a7e8 [ 853.257343][T17509] [ 853.257353][T17509] BUG: Bad page state in process syz.4.3921 pfn:5e592 [ 853.544853][T17509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805e592000 pfn:0x5e592 [ 853.554978][T17509] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 853.562128][T17509] raw: 00fff00000000000 dead000000000040 ffff888022aff000 0000000000000000 [ 853.570781][T17509] raw: ffff88805e592000 0000000000000001 00000000ffffffff 0000000000000000 [ 853.579427][T17509] page dumped because: page_pool leak [ 853.584835][T17509] page_owner tracks the page as allocated [ 853.590595][T17509] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 17509, tgid 17508 (syz.4.3921), ts 851666381496, free_ts 851588173996 [ 853.607925][T17509] post_alloc_hook+0x1f4/0x240 [ 853.612738][T17509] get_page_from_freelist+0x3651/0x37a0 [ 853.618364][T17509] __alloc_frozen_pages_noprof+0x292/0x710 [ 853.624199][T17509] alloc_pages_bulk_noprof+0x847/0xae0 [ 853.629713][T17509] __page_pool_alloc_pages_slow+0x11f/0x690 [ 853.635624][T17509] skb_pp_cow_data+0xcc8/0x1720 [ 853.640546][T17509] do_xdp_generic+0x505/0xd30 [ 853.645230][T17509] tun_get_user+0x2a4b/0x4860 [ 853.650003][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 853.655052][T17509] vfs_write+0xacf/0xd10 [ 853.659351][T17509] ksys_write+0x18f/0x2b0 [ 853.663710][T17509] do_syscall_64+0xf3/0x230 [ 853.668319][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 853.674266][T17509] page last free pid 5198 tgid 5198 stack trace: [ 853.680649][T17509] free_frozen_pages+0xe04/0x10e0 [ 853.685695][T17509] rcu_core+0xaaa/0x17a0 [ 853.690463][T17509] handle_softirqs+0x2d4/0x9b0 [ 853.695253][T17509] __irq_exit_rcu+0xf7/0x220 [ 853.699989][T17509] irq_exit_rcu+0x9/0x30 [ 853.704464][T17509] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 853.710175][T17509] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 853.716200][T17509] Modules linked in: [ 853.720135][T17509] CPU: 1 UID: 0 PID: 17509 Comm: syz.4.3921 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 853.720186][T17509] Tainted: [B]=BAD_PAGE [ 853.720193][T17509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 853.720204][T17509] Call Trace: [ 853.720210][T17509] [ 853.720217][T17509] dump_stack_lvl+0x241/0x360 [ 853.720247][T17509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 853.720273][T17509] ? __pfx_print_modules+0x10/0x10 [ 853.720299][T17509] bad_page+0x176/0x1d0 [ 853.720322][T17509] free_frozen_pages+0x1079/0x10e0 [ 853.720344][T17509] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 853.720374][T17509] bpf_xdp_adjust_tail+0x1c6/0x210 [ 853.720394][T17509] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 853.720408][T17509] bpf_prog_run_generic_xdp+0x686/0x1510 [ 853.720445][T17509] do_xdp_generic+0x757/0xd30 [ 853.720463][T17509] ? __pfx_do_xdp_generic+0x10/0x10 [ 853.720481][T17509] ? __local_bh_disable_ip+0x179/0x220 [ 853.720499][T17509] ? __pfx_eth_type_trans+0x10/0x10 [ 853.720521][T17509] ? tun_get_user+0x2914/0x4860 [ 853.720546][T17509] tun_get_user+0x2a4b/0x4860 [ 853.720576][T17509] ? __lock_acquire+0x1397/0x2100 [ 853.720601][T17509] ? __pfx_tun_get_user+0x10/0x10 [ 853.720632][T17509] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 853.720654][T17509] ? tun_get+0x1e/0x2f0 [ 853.720678][T17509] ? __pfx_lock_release+0x10/0x10 [ 853.720705][T17509] ? tun_get+0x1e/0x2f0 [ 853.720728][T17509] ? tun_get+0x27d/0x2f0 [ 853.720752][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 853.720778][T17509] vfs_write+0xacf/0xd10 [ 853.720800][T17509] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 853.720825][T17509] ? __pfx_vfs_write+0x10/0x10 [ 853.720845][T17509] ? __fget_files+0x2a/0x420 [ 853.720862][T17509] ? __fget_files+0x2a/0x420 [ 853.720881][T17509] ksys_write+0x18f/0x2b0 [ 853.720902][T17509] ? __pfx_ksys_write+0x10/0x10 [ 853.720928][T17509] ? do_syscall_64+0x100/0x230 [ 853.720952][T17509] ? do_syscall_64+0xb6/0x230 [ 853.720974][T17509] do_syscall_64+0xf3/0x230 [ 853.720995][T17509] ? clear_bhb_loop+0x35/0x90 [ 853.721019][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 853.721042][T17509] RIP: 0033:0x7f507d78bc1f [ 853.721055][T17509] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 853.721074][T17509] RSP: 002b:00007f507e5a7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 853.721105][T17509] RAX: ffffffffffffffda RBX: 00007f507d9a5fa0 RCX: 00007f507d78bc1f [ 853.721122][T17509] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 853.721137][T17509] RBP: 00007f507d80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 853.721153][T17509] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 853.721165][T17509] R13: 0000000000000000 R14: 00007f507d9a5fa0 R15: 00007ffda7d2a7e8 [ 853.721182][T17509] [ 853.721192][T17509] BUG: Bad page state in process syz.4.3921 pfn:68aac [ 854.009112][T17509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888068aac000 pfn:0x68aac [ 854.019236][T17509] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 854.026482][T17509] raw: 00fff00000000000 dead000000000040 ffff888022aff000 0000000000000000 [ 854.035155][T17509] raw: ffff888068aac000 0000000000000001 00000000ffffffff 0000000000000000 [ 854.043775][T17509] page dumped because: page_pool leak [ 854.049269][T17509] page_owner tracks the page as allocated [ 854.055031][T17509] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 17509, tgid 17508 (syz.4.3921), ts 851666368461, free_ts 851588197781 [ 854.073409][T17509] post_alloc_hook+0x1f4/0x240 [ 854.078228][T17509] get_page_from_freelist+0x3651/0x37a0 [ 854.083789][T17509] __alloc_frozen_pages_noprof+0x292/0x710 [ 854.089731][T17509] alloc_pages_bulk_noprof+0x847/0xae0 [ 854.095204][T17509] __page_pool_alloc_pages_slow+0x11f/0x690 [ 854.101183][T17509] skb_pp_cow_data+0xcc8/0x1720 [ 854.106046][T17509] do_xdp_generic+0x505/0xd30 [ 854.110773][T17509] tun_get_user+0x2a4b/0x4860 [ 854.115470][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 854.120537][T17509] vfs_write+0xacf/0xd10 [ 854.124788][T17509] ksys_write+0x18f/0x2b0 [ 854.129161][T17509] do_syscall_64+0xf3/0x230 [ 854.133674][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 854.139604][T17509] page last free pid 5198 tgid 5198 stack trace: [ 854.145934][T17509] free_frozen_pages+0xe04/0x10e0 [ 854.151012][T17509] rcu_core+0xaaa/0x17a0 [ 854.155282][T17509] handle_softirqs+0x2d4/0x9b0 [ 854.160092][T17509] __irq_exit_rcu+0xf7/0x220 [ 854.164798][T17509] irq_exit_rcu+0x9/0x30 [ 854.169121][T17509] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 854.174789][T17509] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 854.180830][T17509] Modules linked in: [ 854.185101][T17509] CPU: 1 UID: 0 PID: 17509 Comm: syz.4.3921 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 854.185125][T17509] Tainted: [B]=BAD_PAGE [ 854.185132][T17509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 854.185143][T17509] Call Trace: [ 854.185151][T17509] [ 854.185159][T17509] dump_stack_lvl+0x241/0x360 [ 854.185189][T17509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 854.185214][T17509] ? __pfx_print_modules+0x10/0x10 [ 854.185240][T17509] bad_page+0x176/0x1d0 [ 854.185264][T17509] free_frozen_pages+0x1079/0x10e0 [ 854.185285][T17509] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 854.185315][T17509] bpf_xdp_adjust_tail+0x1c6/0x210 [ 854.185335][T17509] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 854.185349][T17509] bpf_prog_run_generic_xdp+0x686/0x1510 [ 854.185386][T17509] do_xdp_generic+0x757/0xd30 [ 854.185409][T17509] ? __pfx_do_xdp_generic+0x10/0x10 [ 854.185427][T17509] ? __local_bh_disable_ip+0x179/0x220 [ 854.185447][T17509] ? __pfx_eth_type_trans+0x10/0x10 [ 854.185468][T17509] ? tun_get_user+0x2914/0x4860 [ 854.185493][T17509] tun_get_user+0x2a4b/0x4860 [ 854.185523][T17509] ? __lock_acquire+0x1397/0x2100 [ 854.185549][T17509] ? __pfx_tun_get_user+0x10/0x10 [ 854.185580][T17509] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 854.185602][T17509] ? tun_get+0x1e/0x2f0 [ 854.185626][T17509] ? __pfx_lock_release+0x10/0x10 [ 854.185653][T17509] ? tun_get+0x1e/0x2f0 [ 854.185676][T17509] ? tun_get+0x27d/0x2f0 [ 854.185700][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 854.185725][T17509] vfs_write+0xacf/0xd10 [ 854.185748][T17509] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 854.185773][T17509] ? __pfx_vfs_write+0x10/0x10 [ 854.185793][T17509] ? __fget_files+0x2a/0x420 [ 854.185811][T17509] ? __fget_files+0x2a/0x420 [ 854.185829][T17509] ksys_write+0x18f/0x2b0 [ 854.185850][T17509] ? __pfx_ksys_write+0x10/0x10 [ 854.185870][T17509] ? do_syscall_64+0x100/0x230 [ 854.185901][T17509] ? do_syscall_64+0xb6/0x230 [ 854.185923][T17509] do_syscall_64+0xf3/0x230 [ 854.185944][T17509] ? clear_bhb_loop+0x35/0x90 [ 854.185968][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 854.185991][T17509] RIP: 0033:0x7f507d78bc1f [ 854.186010][T17509] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 854.186030][T17509] RSP: 002b:00007f507e5a7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 854.186055][T17509] RAX: ffffffffffffffda RBX: 00007f507d9a5fa0 RCX: 00007f507d78bc1f [ 854.186074][T17509] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 854.186091][T17509] RBP: 00007f507d80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 854.186102][T17509] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 854.186111][T17509] R13: 0000000000000000 R14: 00007f507d9a5fa0 R15: 00007ffda7d2a7e8 [ 854.186128][T17509] [ 854.186139][T17509] BUG: Bad page state in process syz.4.3921 pfn:7bc74 [ 854.473782][T17509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807bc74000 pfn:0x7bc74 [ 854.483941][T17509] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 854.491129][T17509] raw: 00fff00000000000 dead000000000040 ffff888022aff000 0000000000000000 [ 854.499791][T17509] raw: ffff88807bc74000 0000000000000001 00000000ffffffff 0000000000000000 [ 854.508449][T17509] page dumped because: page_pool leak [ 854.513856][T17509] page_owner tracks the page as allocated [ 854.519637][T17509] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 17509, tgid 17508 (syz.4.3921), ts 851666355064, free_ts 851588223750 [ 854.536880][T17509] post_alloc_hook+0x1f4/0x240 [ 854.541715][T17509] get_page_from_freelist+0x3651/0x37a0 [ 854.547274][T17509] __alloc_frozen_pages_noprof+0x292/0x710 [ 854.553142][T17509] alloc_pages_bulk_noprof+0x847/0xae0 [ 854.558674][T17509] __page_pool_alloc_pages_slow+0x11f/0x690 [ 854.564612][T17509] skb_pp_cow_data+0xcc8/0x1720 [ 854.569505][T17509] do_xdp_generic+0x505/0xd30 [ 854.574188][T17509] tun_get_user+0x2a4b/0x4860 [ 854.578927][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 854.583983][T17509] vfs_write+0xacf/0xd10 [ 854.588283][T17509] ksys_write+0x18f/0x2b0 [ 854.592629][T17509] do_syscall_64+0xf3/0x230 [ 854.597176][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 854.603142][T17509] page last free pid 5198 tgid 5198 stack trace: [ 854.609525][T17509] free_frozen_pages+0xe04/0x10e0 [ 854.614556][T17509] rcu_core+0xaaa/0x17a0 [ 854.618838][T17509] handle_softirqs+0x2d4/0x9b0 [ 854.623612][T17509] __irq_exit_rcu+0xf7/0x220 [ 854.628240][T17509] irq_exit_rcu+0x9/0x30 [ 854.632487][T17509] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 854.638174][T17509] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 854.644179][T17509] Modules linked in: [ 854.648168][T17509] CPU: 1 UID: 0 PID: 17509 Comm: syz.4.3921 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 854.648192][T17509] Tainted: [B]=BAD_PAGE [ 854.648198][T17509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 854.648209][T17509] Call Trace: [ 854.648217][T17509] [ 854.648225][T17509] dump_stack_lvl+0x241/0x360 [ 854.648254][T17509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 854.648280][T17509] ? __pfx_print_modules+0x10/0x10 [ 854.648305][T17509] bad_page+0x176/0x1d0 [ 854.648338][T17509] free_frozen_pages+0x1079/0x10e0 [ 854.648368][T17509] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 854.648409][T17509] bpf_xdp_adjust_tail+0x1c6/0x210 [ 854.648430][T17509] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 854.648444][T17509] bpf_prog_run_generic_xdp+0x686/0x1510 [ 854.648481][T17509] do_xdp_generic+0x757/0xd30 [ 854.648499][T17509] ? __pfx_do_xdp_generic+0x10/0x10 [ 854.648518][T17509] ? __local_bh_disable_ip+0x179/0x220 [ 854.648537][T17509] ? __pfx_eth_type_trans+0x10/0x10 [ 854.648558][T17509] ? tun_get_user+0x2914/0x4860 [ 854.648583][T17509] tun_get_user+0x2a4b/0x4860 [ 854.648614][T17509] ? __lock_acquire+0x1397/0x2100 [ 854.648639][T17509] ? __pfx_tun_get_user+0x10/0x10 [ 854.648670][T17509] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 854.648693][T17509] ? tun_get+0x1e/0x2f0 [ 854.648715][T17509] ? __pfx_lock_release+0x10/0x10 [ 854.648743][T17509] ? tun_get+0x1e/0x2f0 [ 854.648766][T17509] ? tun_get+0x27d/0x2f0 [ 854.648790][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 854.648815][T17509] vfs_write+0xacf/0xd10 [ 854.648845][T17509] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 854.648887][T17509] ? __pfx_vfs_write+0x10/0x10 [ 854.648915][T17509] ? __fget_files+0x2a/0x420 [ 854.648933][T17509] ? __fget_files+0x2a/0x420 [ 854.648952][T17509] ksys_write+0x18f/0x2b0 [ 854.648973][T17509] ? __pfx_ksys_write+0x10/0x10 [ 854.648993][T17509] ? do_syscall_64+0x100/0x230 [ 854.649016][T17509] ? do_syscall_64+0xb6/0x230 [ 854.649037][T17509] do_syscall_64+0xf3/0x230 [ 854.649059][T17509] ? clear_bhb_loop+0x35/0x90 [ 854.649083][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 854.649106][T17509] RIP: 0033:0x7f507d78bc1f [ 854.649119][T17509] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 854.649134][T17509] RSP: 002b:00007f507e5a7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 854.649151][T17509] RAX: ffffffffffffffda RBX: 00007f507d9a5fa0 RCX: 00007f507d78bc1f [ 854.649163][T17509] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 854.649174][T17509] RBP: 00007f507d80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 854.649185][T17509] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 854.649194][T17509] R13: 0000000000000000 R14: 00007f507d9a5fa0 R15: 00007ffda7d2a7e8 [ 854.649211][T17509] [ 854.649221][T17509] BUG: Bad page state in process syz.4.3921 pfn:33c91 [ 854.936906][T17509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888033c91000 pfn:0x33c91 [ 854.947015][T17509] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 854.954212][T17509] raw: 00fff00000000000 dead000000000040 ffff888022aff000 0000000000000000 [ 854.962872][T17509] raw: ffff888033c91000 0000000000000001 00000000ffffffff 0000000000000000 [ 854.971490][T17509] page dumped because: page_pool leak [ 854.976862][T17509] page_owner tracks the page as allocated [ 854.982617][T17509] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 17509, tgid 17508 (syz.4.3921), ts 851666341658, free_ts 851588247866 [ 854.999987][T17509] post_alloc_hook+0x1f4/0x240 [ 855.004795][T17509] get_page_from_freelist+0x3651/0x37a0 [ 855.010398][T17509] __alloc_frozen_pages_noprof+0x292/0x710 [ 855.016223][T17509] alloc_pages_bulk_noprof+0x847/0xae0 [ 855.021725][T17509] __page_pool_alloc_pages_slow+0x11f/0x690 [ 855.027732][T17509] skb_pp_cow_data+0xcc8/0x1720 [ 855.032661][T17509] do_xdp_generic+0x505/0xd30 [ 855.037376][T17509] tun_get_user+0x2a4b/0x4860 [ 855.042111][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 855.047154][T17509] vfs_write+0xacf/0xd10 [ 855.051438][T17509] ksys_write+0x18f/0x2b0 [ 855.055780][T17509] do_syscall_64+0xf3/0x230 [ 855.060352][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 855.066280][T17509] page last free pid 5198 tgid 5198 stack trace: [ 855.072660][T17509] free_frozen_pages+0xe04/0x10e0 [ 855.077698][T17509] rcu_core+0xaaa/0x17a0 [ 855.082012][T17509] handle_softirqs+0x2d4/0x9b0 [ 855.086782][T17509] __irq_exit_rcu+0xf7/0x220 [ 855.091587][T17509] irq_exit_rcu+0x9/0x30 [ 855.095851][T17509] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 855.101540][T17509] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 855.107540][T17509] Modules linked in: [ 855.111562][T17509] CPU: 1 UID: 0 PID: 17509 Comm: syz.4.3921 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 855.111587][T17509] Tainted: [B]=BAD_PAGE [ 855.111593][T17509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 855.111603][T17509] Call Trace: [ 855.111610][T17509] [ 855.111619][T17509] dump_stack_lvl+0x241/0x360 [ 855.111659][T17509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 855.111694][T17509] ? __pfx_print_modules+0x10/0x10 [ 855.111732][T17509] bad_page+0x176/0x1d0 [ 855.111757][T17509] free_frozen_pages+0x1079/0x10e0 [ 855.111779][T17509] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 855.111824][T17509] bpf_xdp_adjust_tail+0x1c6/0x210 [ 855.111845][T17509] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 855.111859][T17509] bpf_prog_run_generic_xdp+0x686/0x1510 [ 855.111895][T17509] do_xdp_generic+0x757/0xd30 [ 855.111913][T17509] ? __pfx_do_xdp_generic+0x10/0x10 [ 855.111932][T17509] ? __local_bh_disable_ip+0x179/0x220 [ 855.111951][T17509] ? __pfx_eth_type_trans+0x10/0x10 [ 855.111972][T17509] ? tun_get_user+0x2914/0x4860 [ 855.111997][T17509] tun_get_user+0x2a4b/0x4860 [ 855.112027][T17509] ? __lock_acquire+0x1397/0x2100 [ 855.112054][T17509] ? __pfx_tun_get_user+0x10/0x10 [ 855.112086][T17509] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 855.112108][T17509] ? tun_get+0x1e/0x2f0 [ 855.112131][T17509] ? __pfx_lock_release+0x10/0x10 [ 855.112159][T17509] ? tun_get+0x1e/0x2f0 [ 855.112182][T17509] ? tun_get+0x27d/0x2f0 [ 855.112205][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 855.112231][T17509] vfs_write+0xacf/0xd10 [ 855.112253][T17509] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 855.112278][T17509] ? __pfx_vfs_write+0x10/0x10 [ 855.112298][T17509] ? __fget_files+0x2a/0x420 [ 855.112316][T17509] ? __fget_files+0x2a/0x420 [ 855.112335][T17509] ksys_write+0x18f/0x2b0 [ 855.112356][T17509] ? __pfx_ksys_write+0x10/0x10 [ 855.112376][T17509] ? do_syscall_64+0x100/0x230 [ 855.112399][T17509] ? do_syscall_64+0xb6/0x230 [ 855.112421][T17509] do_syscall_64+0xf3/0x230 [ 855.112442][T17509] ? clear_bhb_loop+0x35/0x90 [ 855.112467][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 855.112490][T17509] RIP: 0033:0x7f507d78bc1f [ 855.112504][T17509] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 855.112518][T17509] RSP: 002b:00007f507e5a7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 855.112536][T17509] RAX: ffffffffffffffda RBX: 00007f507d9a5fa0 RCX: 00007f507d78bc1f [ 855.112548][T17509] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 855.112559][T17509] RBP: 00007f507d80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 855.112569][T17509] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 855.112579][T17509] R13: 0000000000000000 R14: 00007f507d9a5fa0 R15: 00007ffda7d2a7e8 [ 855.112596][T17509] [ 855.112606][T17509] BUG: Bad page state in process syz.4.3921 pfn:32da0 [ 855.399708][T17509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888032da0000 pfn:0x32da0 [ 855.409812][T17509] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 855.416930][T17509] raw: 00fff00000000000 dead000000000040 ffff888022aff000 0000000000000000 [ 855.425602][T17509] raw: ffff888032da0000 0000000000000001 00000000ffffffff 0000000000000000 [ 855.434235][T17509] page dumped because: page_pool leak [ 855.439660][T17509] page_owner tracks the page as allocated [ 855.445390][T17509] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 17509, tgid 17508 (syz.4.3921), ts 851666328524, free_ts 851588273375 [ 855.462654][T17509] post_alloc_hook+0x1f4/0x240 [ 855.467460][T17509] get_page_from_freelist+0x3651/0x37a0 [ 855.473078][T17509] __alloc_frozen_pages_noprof+0x292/0x710 [ 855.478929][T17509] alloc_pages_bulk_noprof+0x847/0xae0 [ 855.484406][T17509] __page_pool_alloc_pages_slow+0x11f/0x690 [ 855.490422][T17509] skb_pp_cow_data+0xcc8/0x1720 [ 855.495296][T17509] do_xdp_generic+0x505/0xd30 [ 855.500031][T17509] tun_get_user+0x2a4b/0x4860 [ 855.504739][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 855.509804][T17509] vfs_write+0xacf/0xd10 [ 855.514066][T17509] ksys_write+0x18f/0x2b0 [ 855.518429][T17509] do_syscall_64+0xf3/0x230 [ 855.522994][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 855.528932][T17509] page last free pid 5198 tgid 5198 stack trace: [ 855.535254][T17509] free_frozen_pages+0xe04/0x10e0 [ 855.540319][T17509] rcu_core+0xaaa/0x17a0 [ 855.544576][T17509] handle_softirqs+0x2d4/0x9b0 [ 855.549383][T17509] __irq_exit_rcu+0xf7/0x220 [ 855.554001][T17509] irq_exit_rcu+0x9/0x30 [ 855.558275][T17509] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 855.563924][T17509] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 855.569953][T17509] Modules linked in: [ 855.573880][T17509] CPU: 1 UID: 0 PID: 17509 Comm: syz.4.3921 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 855.573904][T17509] Tainted: [B]=BAD_PAGE [ 855.573910][T17509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 855.573919][T17509] Call Trace: [ 855.573928][T17509] [ 855.573936][T17509] dump_stack_lvl+0x241/0x360 [ 855.573966][T17509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 855.574002][T17509] ? __pfx_print_modules+0x10/0x10 [ 855.574028][T17509] bad_page+0x176/0x1d0 [ 855.574051][T17509] free_frozen_pages+0x1079/0x10e0 [ 855.574073][T17509] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 855.574103][T17509] bpf_xdp_adjust_tail+0x1c6/0x210 [ 855.574123][T17509] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 855.574137][T17509] bpf_prog_run_generic_xdp+0x686/0x1510 [ 855.574173][T17509] do_xdp_generic+0x757/0xd30 [ 855.574191][T17509] ? __pfx_do_xdp_generic+0x10/0x10 [ 855.574209][T17509] ? __local_bh_disable_ip+0x179/0x220 [ 855.574228][T17509] ? __pfx_eth_type_trans+0x10/0x10 [ 855.574249][T17509] ? tun_get_user+0x2914/0x4860 [ 855.574275][T17509] tun_get_user+0x2a4b/0x4860 [ 855.574305][T17509] ? __lock_acquire+0x1397/0x2100 [ 855.574329][T17509] ? __pfx_tun_get_user+0x10/0x10 [ 855.574361][T17509] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 855.574383][T17509] ? tun_get+0x1e/0x2f0 [ 855.574407][T17509] ? __pfx_lock_release+0x10/0x10 [ 855.574434][T17509] ? tun_get+0x1e/0x2f0 [ 855.574456][T17509] ? tun_get+0x27d/0x2f0 [ 855.574480][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 855.574506][T17509] vfs_write+0xacf/0xd10 [ 855.574527][T17509] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 855.574552][T17509] ? __pfx_vfs_write+0x10/0x10 [ 855.574575][T17509] ? __fget_files+0x2a/0x420 [ 855.574599][T17509] ? __fget_files+0x2a/0x420 [ 855.574626][T17509] ksys_write+0x18f/0x2b0 [ 855.574656][T17509] ? __pfx_ksys_write+0x10/0x10 [ 855.574678][T17509] ? do_syscall_64+0x100/0x230 [ 855.574701][T17509] ? do_syscall_64+0xb6/0x230 [ 855.574723][T17509] do_syscall_64+0xf3/0x230 [ 855.574746][T17509] ? clear_bhb_loop+0x35/0x90 [ 855.574770][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 855.574792][T17509] RIP: 0033:0x7f507d78bc1f [ 855.574806][T17509] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 855.574820][T17509] RSP: 002b:00007f507e5a7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 855.574836][T17509] RAX: ffffffffffffffda RBX: 00007f507d9a5fa0 RCX: 00007f507d78bc1f [ 855.574848][T17509] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 855.574859][T17509] RBP: 00007f507d80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 855.574869][T17509] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 855.574878][T17509] R13: 0000000000000000 R14: 00007f507d9a5fa0 R15: 00007ffda7d2a7e8 [ 855.574895][T17509] [ 855.574905][T17509] BUG: Bad page state in process syz.4.3921 pfn:3541e [ 855.861856][T17509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803541e380 pfn:0x3541e [ 855.871962][T17509] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 855.879221][T17509] raw: 00fff00000000000 dead000000000040 ffff888022aff000 0000000000000000 [ 855.887830][T17509] raw: ffff88803541e380 0000000000000001 00000000ffffffff 0000000000000000 [ 855.896452][T17509] page dumped because: page_pool leak [ 855.901856][T17509] page_owner tracks the page as allocated [ 855.907575][T17509] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 17509, tgid 17508 (syz.4.3921), ts 851666315381, free_ts 851628715330 [ 855.924817][T17509] post_alloc_hook+0x1f4/0x240 [ 855.929625][T17509] get_page_from_freelist+0x3651/0x37a0 [ 855.935184][T17509] __alloc_frozen_pages_noprof+0x292/0x710 [ 855.941055][T17509] alloc_pages_bulk_noprof+0x847/0xae0 [ 855.946526][T17509] __page_pool_alloc_pages_slow+0x11f/0x690 [ 855.952466][T17509] skb_pp_cow_data+0xcc8/0x1720 [ 855.957334][T17509] do_xdp_generic+0x505/0xd30 [ 855.962057][T17509] tun_get_user+0x2a4b/0x4860 [ 855.966747][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 855.971843][T17509] vfs_write+0xacf/0xd10 [ 855.976105][T17509] ksys_write+0x18f/0x2b0 [ 855.980501][T17509] do_syscall_64+0xf3/0x230 [ 855.985021][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 855.991010][T17509] page last free pid 23 tgid 23 stack trace: [ 855.997010][T17509] free_frozen_pages+0xe04/0x10e0 [ 856.002082][T17509] __tlb_remove_table+0x33c/0x420 [ 856.007144][T17509] tlb_remove_table_rcu+0x76/0xf0 [ 856.012230][T17509] rcu_core+0xaaa/0x17a0 [ 856.016490][T17509] handle_softirqs+0x2d4/0x9b0 [ 856.021287][T17509] run_ksoftirqd+0xca/0x130 [ 856.025821][T17509] smpboot_thread_fn+0x544/0xa30 [ 856.030820][T17509] kthread+0x7a9/0x920 [ 856.034995][T17509] ret_from_fork+0x4b/0x80 [ 856.039472][T17509] ret_from_fork_asm+0x1a/0x30 [ 856.044272][T17509] Modules linked in: [ 856.048232][T17509] CPU: 1 UID: 0 PID: 17509 Comm: syz.4.3921 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 856.048257][T17509] Tainted: [B]=BAD_PAGE [ 856.048263][T17509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 856.048273][T17509] Call Trace: [ 856.048281][T17509] [ 856.048290][T17509] dump_stack_lvl+0x241/0x360 [ 856.048320][T17509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 856.048345][T17509] ? __pfx_print_modules+0x10/0x10 [ 856.048372][T17509] bad_page+0x176/0x1d0 [ 856.048402][T17509] free_frozen_pages+0x1079/0x10e0 [ 856.048433][T17509] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 856.048473][T17509] bpf_xdp_adjust_tail+0x1c6/0x210 [ 856.048504][T17509] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 856.048517][T17509] bpf_prog_run_generic_xdp+0x686/0x1510 [ 856.048554][T17509] do_xdp_generic+0x757/0xd30 [ 856.048572][T17509] ? __pfx_do_xdp_generic+0x10/0x10 [ 856.048591][T17509] ? __local_bh_disable_ip+0x179/0x220 [ 856.048610][T17509] ? __pfx_eth_type_trans+0x10/0x10 [ 856.048631][T17509] ? tun_get_user+0x2914/0x4860 [ 856.048656][T17509] tun_get_user+0x2a4b/0x4860 [ 856.048693][T17509] ? __lock_acquire+0x1397/0x2100 [ 856.048718][T17509] ? __pfx_tun_get_user+0x10/0x10 [ 856.048750][T17509] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 856.048772][T17509] ? tun_get+0x1e/0x2f0 [ 856.048795][T17509] ? __pfx_lock_release+0x10/0x10 [ 856.048823][T17509] ? tun_get+0x1e/0x2f0 [ 856.048846][T17509] ? tun_get+0x27d/0x2f0 [ 856.048869][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 856.048895][T17509] vfs_write+0xacf/0xd10 [ 856.048917][T17509] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 856.048943][T17509] ? __pfx_vfs_write+0x10/0x10 [ 856.048964][T17509] ? __fget_files+0x2a/0x420 [ 856.048982][T17509] ? __fget_files+0x2a/0x420 [ 856.049001][T17509] ksys_write+0x18f/0x2b0 [ 856.049022][T17509] ? __pfx_ksys_write+0x10/0x10 [ 856.049042][T17509] ? do_syscall_64+0x100/0x230 [ 856.049065][T17509] ? do_syscall_64+0xb6/0x230 [ 856.049087][T17509] do_syscall_64+0xf3/0x230 [ 856.049108][T17509] ? clear_bhb_loop+0x35/0x90 [ 856.049133][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.049156][T17509] RIP: 0033:0x7f507d78bc1f [ 856.049170][T17509] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 856.049183][T17509] RSP: 002b:00007f507e5a7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 856.049200][T17509] RAX: ffffffffffffffda RBX: 00007f507d9a5fa0 RCX: 00007f507d78bc1f [ 856.049212][T17509] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 856.049223][T17509] RBP: 00007f507d80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 856.049234][T17509] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 856.049244][T17509] R13: 0000000000000000 R14: 00007f507d9a5fa0 R15: 00007ffda7d2a7e8 [ 856.049261][T17509] [ 856.049271][T17509] BUG: Bad page state in process syz.4.3921 pfn:35449 [ 856.337645][T17509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x35449 [ 856.347796][T17509] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 856.355057][T17509] raw: 00fff00000000000 dead000000000040 ffff888022aff000 0000000000000000 [ 856.363806][T17509] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 856.372520][T17509] page dumped because: page_pool leak [ 856.377906][T17509] page_owner tracks the page as allocated [ 856.383692][T17509] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 17509, tgid 17508 (syz.4.3921), ts 851666302258, free_ts 851628739050 [ 856.401063][T17509] post_alloc_hook+0x1f4/0x240 [ 856.405844][T17509] get_page_from_freelist+0x3651/0x37a0 [ 856.411462][T17509] __alloc_frozen_pages_noprof+0x292/0x710 [ 856.417296][T17509] alloc_pages_bulk_noprof+0x847/0xae0 [ 856.422824][T17509] __page_pool_alloc_pages_slow+0x11f/0x690 [ 856.428773][T17509] skb_pp_cow_data+0xcc8/0x1720 [ 856.433642][T17509] do_xdp_generic+0x505/0xd30 [ 856.438368][T17509] tun_get_user+0x2a4b/0x4860 [ 856.443087][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 856.448179][T17509] vfs_write+0xacf/0xd10 [ 856.452455][T17509] ksys_write+0x18f/0x2b0 [ 856.456823][T17509] do_syscall_64+0xf3/0x230 [ 856.461399][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.467454][T17509] page last free pid 23 tgid 23 stack trace: [ 856.473514][T17509] free_frozen_pages+0xe04/0x10e0 [ 856.478580][T17509] __tlb_remove_table+0x33c/0x420 [ 856.483642][T17509] tlb_remove_table_rcu+0x76/0xf0 [ 856.488715][T17509] rcu_core+0xaaa/0x17a0 [ 856.492977][T17509] handle_softirqs+0x2d4/0x9b0 [ 856.497765][T17509] run_ksoftirqd+0xca/0x130 [ 856.502335][T17509] smpboot_thread_fn+0x544/0xa30 [ 856.507286][T17509] kthread+0x7a9/0x920 [ 856.511417][T17509] ret_from_fork+0x4b/0x80 [ 856.515841][T17509] ret_from_fork_asm+0x1a/0x30 [ 856.520657][T17509] Modules linked in: [ 856.524576][T17509] CPU: 1 UID: 0 PID: 17509 Comm: syz.4.3921 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 856.524599][T17509] Tainted: [B]=BAD_PAGE [ 856.524605][T17509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 856.524615][T17509] Call Trace: [ 856.524623][T17509] [ 856.524631][T17509] dump_stack_lvl+0x241/0x360 [ 856.524661][T17509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 856.524687][T17509] ? __pfx_print_modules+0x10/0x10 [ 856.524720][T17509] bad_page+0x176/0x1d0 [ 856.524744][T17509] free_frozen_pages+0x1079/0x10e0 [ 856.524766][T17509] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 856.524796][T17509] bpf_xdp_adjust_tail+0x1c6/0x210 [ 856.524817][T17509] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 856.524830][T17509] bpf_prog_run_generic_xdp+0x686/0x1510 [ 856.524867][T17509] do_xdp_generic+0x757/0xd30 [ 856.524885][T17509] ? __pfx_do_xdp_generic+0x10/0x10 [ 856.524904][T17509] ? __local_bh_disable_ip+0x179/0x220 [ 856.524922][T17509] ? __pfx_eth_type_trans+0x10/0x10 [ 856.524945][T17509] ? tun_get_user+0x2914/0x4860 [ 856.524971][T17509] tun_get_user+0x2a4b/0x4860 [ 856.525003][T17509] ? __lock_acquire+0x1397/0x2100 [ 856.525028][T17509] ? __pfx_tun_get_user+0x10/0x10 [ 856.525060][T17509] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 856.525093][T17509] ? tun_get+0x1e/0x2f0 [ 856.525126][T17509] ? __pfx_lock_release+0x10/0x10 [ 856.525164][T17509] ? tun_get+0x1e/0x2f0 [ 856.525187][T17509] ? tun_get+0x27d/0x2f0 [ 856.525211][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 856.525237][T17509] vfs_write+0xacf/0xd10 [ 856.525259][T17509] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 856.525283][T17509] ? __pfx_vfs_write+0x10/0x10 [ 856.525304][T17509] ? __fget_files+0x2a/0x420 [ 856.525321][T17509] ? __fget_files+0x2a/0x420 [ 856.525339][T17509] ksys_write+0x18f/0x2b0 [ 856.525360][T17509] ? __pfx_ksys_write+0x10/0x10 [ 856.525380][T17509] ? do_syscall_64+0x100/0x230 [ 856.525405][T17509] ? do_syscall_64+0xb6/0x230 [ 856.525427][T17509] do_syscall_64+0xf3/0x230 [ 856.525448][T17509] ? clear_bhb_loop+0x35/0x90 [ 856.525472][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.525495][T17509] RIP: 0033:0x7f507d78bc1f [ 856.525508][T17509] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 856.525521][T17509] RSP: 002b:00007f507e5a7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 856.525538][T17509] RAX: ffffffffffffffda RBX: 00007f507d9a5fa0 RCX: 00007f507d78bc1f [ 856.525551][T17509] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 856.525561][T17509] RBP: 00007f507d80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 856.525571][T17509] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 856.525581][T17509] R13: 0000000000000000 R14: 00007f507d9a5fa0 R15: 00007ffda7d2a7e8 [ 856.525598][T17509] [ 856.525608][T17509] BUG: Bad page state in process syz.4.3921 pfn:6956d [ 856.815721][T17509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6956d [ 856.824526][T17509] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 856.831766][T17509] raw: 00fff00000000000 dead000000000040 ffff888022aff000 0000000000000000 [ 856.840401][T17509] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 856.849014][T17509] page dumped because: page_pool leak [ 856.854384][T17509] page_owner tracks the page as allocated [ 856.860131][T17509] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 17509, tgid 17508 (syz.4.3921), ts 851666288964, free_ts 851628760800 [ 856.877367][T17509] post_alloc_hook+0x1f4/0x240 [ 856.882166][T17509] get_page_from_freelist+0x3651/0x37a0 [ 856.887813][T17509] __alloc_frozen_pages_noprof+0x292/0x710 [ 856.893666][T17509] alloc_pages_bulk_noprof+0x847/0xae0 [ 856.899266][T17509] __page_pool_alloc_pages_slow+0x11f/0x690 [ 856.905195][T17509] skb_pp_cow_data+0xcc8/0x1720 [ 856.910101][T17509] do_xdp_generic+0x505/0xd30 [ 856.914799][T17509] tun_get_user+0x2a4b/0x4860 [ 856.919557][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 856.924600][T17509] vfs_write+0xacf/0xd10 [ 856.928896][T17509] ksys_write+0x18f/0x2b0 [ 856.933236][T17509] do_syscall_64+0xf3/0x230 [ 856.937771][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.943715][T17509] page last free pid 23 tgid 23 stack trace: [ 856.949757][T17509] free_frozen_pages+0xe04/0x10e0 [ 856.954789][T17509] __tlb_remove_table+0x33c/0x420 [ 856.959861][T17509] tlb_remove_table_rcu+0x76/0xf0 [ 856.964899][T17509] rcu_core+0xaaa/0x17a0 [ 856.969195][T17509] handle_softirqs+0x2d4/0x9b0 [ 856.973967][T17509] run_ksoftirqd+0xca/0x130 [ 856.978515][T17509] smpboot_thread_fn+0x544/0xa30 [ 856.983470][T17509] kthread+0x7a9/0x920 [ 856.987558][T17509] ret_from_fork+0x4b/0x80 [ 856.992043][T17509] ret_from_fork_asm+0x1a/0x30 [ 856.996844][T17509] Modules linked in: [ 857.000779][T17509] CPU: 1 UID: 0 PID: 17509 Comm: syz.4.3921 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 857.000802][T17509] Tainted: [B]=BAD_PAGE [ 857.000808][T17509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 857.000825][T17509] Call Trace: [ 857.000832][T17509] [ 857.000840][T17509] dump_stack_lvl+0x241/0x360 [ 857.000870][T17509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 857.000895][T17509] ? __pfx_print_modules+0x10/0x10 [ 857.000922][T17509] bad_page+0x176/0x1d0 [ 857.000945][T17509] free_frozen_pages+0x1079/0x10e0 [ 857.000967][T17509] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 857.000997][T17509] bpf_xdp_adjust_tail+0x1c6/0x210 [ 857.001017][T17509] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 857.001031][T17509] bpf_prog_run_generic_xdp+0x686/0x1510 [ 857.001068][T17509] do_xdp_generic+0x757/0xd30 [ 857.001086][T17509] ? __pfx_do_xdp_generic+0x10/0x10 [ 857.001105][T17509] ? __local_bh_disable_ip+0x179/0x220 [ 857.001123][T17509] ? __pfx_eth_type_trans+0x10/0x10 [ 857.001145][T17509] ? tun_get_user+0x2914/0x4860 [ 857.001171][T17509] tun_get_user+0x2a4b/0x4860 [ 857.001201][T17509] ? __lock_acquire+0x1397/0x2100 [ 857.001226][T17509] ? __pfx_tun_get_user+0x10/0x10 [ 857.001258][T17509] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 857.001281][T17509] ? tun_get+0x1e/0x2f0 [ 857.001304][T17509] ? __pfx_lock_release+0x10/0x10 [ 857.001331][T17509] ? tun_get+0x1e/0x2f0 [ 857.001354][T17509] ? tun_get+0x27d/0x2f0 [ 857.001378][T17509] tun_chr_write_iter+0x10d/0x1f0 [ 857.001404][T17509] vfs_write+0xacf/0xd10 [ 857.001427][T17509] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 857.001451][T17509] ? __pfx_vfs_write+0x10/0x10 [ 857.001472][T17509] ? __fget_files+0x2a/0x420 [ 857.001490][T17509] ? __fget_files+0x2a/0x420 [ 857.001508][T17509] ksys_write+0x18f/0x2b0 [ 857.001529][T17509] ? __pfx_ksys_write+0x10/0x10 [ 857.001550][T17509] ? do_syscall_64+0x100/0x230 [ 857.001574][T17509] ? do_syscall_64+0xb6/0x230 [ 857.001597][T17509] do_syscall_64+0xf3/0x230 [ 857.001618][T17509] ? clear_bhb_loop+0x35/0x90 [ 857.001643][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 857.001666][T17509] RIP: 0033:0x7f507d78bc1f [ 857.001679][T17509] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 857.001693][T17509] RSP: 002b:00007f507e5a7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 857.001709][T17509] RAX: ffffffffffffffda RBX: 00007f507d9a5fa0 RCX: 00007f507d78bc1f [ 857.001727][T17509] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 857.001741][T17509] RBP: 00007f507d80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 857.001756][T17509] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 857.001770][T17509] R13: 0000000000000000 R14: 00007f507d9a5fa0 R15: 00007ffda7d2a7e8 [ 857.001795][T17509]