last executing test programs:

16.429922003s ago: executing program 2 (id=717):
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x80000) (async)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8}]}}}]}, 0x40}}, 0x0) (async)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf250601f2800c0002000700000000000000140001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) (async, rerun: 32)
r2 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000004c0)={'gre0\x00', &(0x7f00000003c0)={'erspan0\x00', <r3=>0x0, 0x0, 0x20, 0x8, 0x7, {{0x32, 0x4, 0x2, 0xf, 0xc8, 0x64, 0x0, 0x1, 0x29, 0x0, @broadcast, @empty, {[@timestamp_addr={0x44, 0xc, 0xb2, 0x1, 0x4, [{@private=0xa010100, 0x9}]}, @timestamp_addr={0x44, 0x3c, 0x38, 0x1, 0xc, [{@multicast2, 0xfffffffc}, {@multicast1, 0x81}, {@multicast1, 0x6}, {@dev={0xac, 0x14, 0x14, 0x40}, 0x3}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x401}, {@remote, 0x9}, {@loopback, 0x428b}]}, @timestamp={0x44, 0x1c, 0xf9, 0x0, 0xe, [0x7, 0x2, 0x9, 0x1, 0x7, 0x10000]}, @ssrr={0x89, 0x13, 0x99, [@rand_addr=0x64010102, @multicast2, @rand_addr=0x64010101, @empty]}, @timestamp={0x44, 0x18, 0x83, 0x0, 0x5, [0x7, 0xfffffff8, 0x5, 0xfff, 0x4]}, @cipso={0x86, 0x16, 0x1, [{0x1, 0x4, "e643"}, {0x1, 0xc, "0a4e14c309f4860ad002"}]}, @timestamp_addr={0x44, 0xc, 0x8b, 0x1, 0xe, [{@multicast2, 0x9}]}]}}}}})
sendmsg$nl_route(r2, &(0x7f00000005c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400020}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)=@ipmr_delroute={0x40, 0x19, 0x10, 0x70bd2a, 0x25dfdbfe, {0x80, 0x0, 0x14, 0x0, 0x0, 0x1, 0xff, 0xb, 0x400}, [@RTA_IP_PROTO={0x5, 0x1b, 0x11}, @RTA_IIF={0x8, 0x3, r3}, @RTA_DPORT={0x6, 0x1d, 0x4e20}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @SEG6_LOCAL_IIF={0x8, 0x6, 0x2}}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x4000050) (async)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@gettaction={0x34, 0x32, 0x89910f7975f42df, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}]}, 0x34}}, 0x0) (async)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x2, 0x3, 0x340, 0x0, 0xb8, 0x0, 0xb8, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@ip={@dev, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'bond_slave_1\x00', 'veth1\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x6020000}}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x3f}}}, {{@ip={@local, @multicast1, 0x0, 0x0, 'veth1_to_hsr\x00', 'nr0\x00'}, 0x0, 0x1c8, 0x1f0, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'bridge_slave_1\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a0) (async)
sendmsg$NL80211_CMD_NOTIFY_RADAR(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xa2081030}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x4c, r4, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x11}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xa}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xb12}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xc}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xff}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x14}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) (async, rerun: 32)
r6 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r7=>0x0}) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) (async)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="500000001000cff500000000ffffffff00000700", @ANYRES32=0x0, @ANYBLOB="000000000140060030001280080001006873720024000280050007000100000008000100", @ANYRES32=r6, @ANYBLOB="08000200", @ANYRES32=r7, @ANYRESOCT=r6], 0x50}}, 0x0)

16.362507526s ago: executing program 2 (id=718):
r0 = syz_open_dev$sndpcmp(&(0x7f0000002000), 0x5d5d, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r0, 0xc2604111, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
connect$pppoe(0xffffffffffffffff, 0x0, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006", @ANYRESDEC=r2], 0x3c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900810076657468000000000400028008000a00", @ANYRES32=r3, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="a428040000000000140035", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'veth1\x00'})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@ipv4_getrule={0x1c, 0x22, 0x264, 0x70bd2b, 0x25dfdbfc, {0x2, 0x20, 0x20, 0x3, 0x4b}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x600}, 0x0)
r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000780), 0x20000, 0x0)
ioctl$KVM_X86_SETUP_MCE(r7, 0x7040, 0x0)
r8 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000180)={0x0, &(0x7f0000000b40)=[@cpuid={0x2, 0x18, {0x9}}, @code={0x1, 0x74, {"64470fc7bc5b4ed81372660f5770dac4222d93647006c481d97504d500000080b9390800003b3b4a000000ba000000000f30c744240000000000c74424024b000000c7442406000000000f01142467660fdbe5c12e00c4c178525ecd6766440f72e36b"}}, @uexit={0x0, 0x18, 0xfff}, @cpuid={0x2, 0x18, {0x8, 0x7fffffff}}, @code={0x1, 0x57, {"c403655d34c805f0811fa5c100003e430f7861b50f01c9c744240022000000c74424020c000000ffc024c4e27930ec66ba400066b874f566ef66b8e2000f00d8c4c19df510f4"}}, @code={0x1, 0x6e, {"660f7c8f008000000f019f10d10000c4a115dc990880000044b0fe460f01c33e66490f38f6680066b89a008ed866410fc7b6050000000f20e035000010000f22e0c744240048b4225ec744240285000000c7442406000000000f011424"}}, @uexit={0x0, 0x18}, @code={0x1, 0x53, {"66baf80cb80af5508aef66bafc0c66b8010066efb9010200000f326526430fc7b4a3005060c1450f072e470fc732c4c2a5374fae430f300f20020f21b466410ffef9"}}, @cpuid={0x2, 0x18, {0xd80c, 0x10}}, @code={0x1, 0x4e, {"64660f382beddd1d0f00000066ba2000ec66b8f2000f00d867f3410fc7b2a6000000670f01ca450f234cf3460f2a862b000000b9310b00000f320f01c8"}}, @code={0x1, 0x57, {"b9980b00000f320f01cbb94e0a00000f32b9b50300000f3266b865008ed8c4631538ea8066ba410066ed8fc960999965900000b805000000b9db5345af0f01d9c4a119df6000"}}], 0x2a9})
syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="0f01b5f9ff0f20c06635020000000f22c00f070f01c30f23220f01dc0fc7740066b9960900000f322e0f01dfb8ee0d8ec0", 0x31}], 0x1, 0x4, &(0x7f0000000140), 0x0)
r9 = socket$packet(0x11, 0x2, 0x300)
r10 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r10, &(0x7f0000000080)={0x18, 0x0, {0x15, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'erspan0\x00'}}, 0x1e)
r11 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x181341, 0x0)
ioctl$PPPIOCATTCHAN(r11, 0x40047438, &(0x7f0000000240)=0x1)
write(r11, &(0x7f0000000280)="04af7f0b4c75", 0x6)
setsockopt$packet_int(r9, 0x107, 0x8, &(0x7f0000000100)=0x42049, 0x4)
recvmmsg(r2, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x45}, 0xfffffffe}], 0x1, 0x40012161, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
sendmsg$tipc(r12, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x91}, 0x0)

16.272381468s ago: executing program 2 (id=723):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000001700)={0x50, r0, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}]}, 0x50}}, 0x0)
r3 = socket(0x2a, 0x5, 0x0)
getsockopt(r3, 0x200000000114, 0x271e, 0x0, &(0x7f0000000040))
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$setregs(0xd, r4, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000280)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1b, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})
ptrace$getregset(0x4204, r4, 0x200, &(0x7f0000000340)={&(0x7f0000000240)=""/204, 0xcc})
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
pipe(&(0x7f0000000580)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r8, 0xc008561c, &(0x7f0000000400)={0xf0f020})
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
splice(r6, 0x0, r9, 0x0, 0x8007fff, 0x0)
ioctl$sock_inet_udp_SIOCOUTQ(r3, 0x5411, &(0x7f00000003c0))
r10 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
mkdirat(r10, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
move_mount(r6, &(0x7f0000000080)='./file0\x00', r10, &(0x7f00000000c0)='./file0\x00', 0x42)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="580100001000010000001000ffdbdf25fe8800000000000000000000000000010000000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0100000000000000000000000000010000000032000000e00000020000000000000000000000000000000000000000000000000000000800000000000000000000000000000000ffffffffffffffff0000000000000000ffffff879200b07f00000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000a000000af000000000000001c00170000000000000000002abd70000000400000000000000000004c001400636d616328616573290000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000823bf4617962e0124888e3714258"], 0x158}, 0x1, 0x0, 0x0, 0x2c058840}, 0x0)
r11 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$unix(0x1, 0x1, 0x0)
write(r7, &(0x7f0000000100)="6a0c9c9d6828dbb85ce46e7fd9833db7e83d9e6b06de29ea43a8f0b413c9bb7350532f487879279d6be4bb3b30ad3b7ccb5a9ed8", 0x34)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r11, 0x80489439, 0x0)

16.099927001s ago: executing program 2 (id=731):
r0 = epoll_create(0x5)
r1 = timerfd_create(0x0, 0x80800)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x300, r1, &(0x7f0000000040)={0x3200001c})
r2 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_FORWARD(r2, 0x40084149, &(0x7f0000000000)=0xd)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x50)

16.099199296s ago: executing program 2 (id=732):
r0 = fsopen(&(0x7f0000000000)='exfat\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000001100)='iocharset', &(0x7f0000001140)='\xe0^@&&}\'\x00', 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b40)=@newtaction={0xf58, 0x30, 0x25, 0x0, 0x0, {}, [{0xf44, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x4}, [{}, {}, {}, {0x0, 0x0, 0x4000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x100}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xff}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}], [{}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}]}}]}, {0x4}, {0xc}, {0xc}}}, @m_bpf={0xf0, 0x2, 0x0, 0x0, {{0x8}, {0x17, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS={0x24, 0x4, [{0x1, 0xff, 0x4, 0x6}, {0x6, 0x9, 0x1, 0x3}, {0x8, 0xa, 0x9, 0xe5ad}, {0x2, 0xfd, 0x3, 0x7}]}]}, {0xa4, 0x6, "aef41341fdedc57514e9e6b7c9a7d6c6f2710911ea3f03808c1cd540f74547537bf4bd3de3af39a159c644fdacd41501de3816424920bd50948bb71277cbcb3af35a087dfca43335c1d1f7676239b2932026b5e5e0d02760eb4305f349000de9580b5ad411948e208801ff4e11df28aa70701228e871fa62bd8e1d2b3abd2494e13f35b5933263a1b9ee64b0161ef7cc4e38117db59c3db871f9eb7078642fdf"}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}, 0xf58}}, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000080)={0x8})
ioctl$sock_inet_SIOCDARP(r2, 0x8953, &(0x7f0000000100)={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x44}}, {0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x4, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 'xfrm0\x00'})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
fsopen(&(0x7f0000000000)='exfat\x00', 0x0) (async)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) (async)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000001100)='iocharset', &(0x7f0000001140)='\xe0^@&&}\'\x00', 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b40)=@newtaction={0xf58, 0x30, 0x25, 0x0, 0x0, {}, [{0xf44, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x4}, [{}, {}, {}, {0x0, 0x0, 0x4000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x100}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xff}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}], [{}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}]}}]}, {0x4}, {0xc}, {0xc}}}, @m_bpf={0xf0, 0x2, 0x0, 0x0, {{0x8}, {0x17, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS={0x24, 0x4, [{0x1, 0xff, 0x4, 0x6}, {0x6, 0x9, 0x1, 0x3}, {0x8, 0xa, 0x9, 0xe5ad}, {0x2, 0xfd, 0x3, 0x7}]}]}, {0xa4, 0x6, "aef41341fdedc57514e9e6b7c9a7d6c6f2710911ea3f03808c1cd540f74547537bf4bd3de3af39a159c644fdacd41501de3816424920bd50948bb71277cbcb3af35a087dfca43335c1d1f7676239b2932026b5e5e0d02760eb4305f349000de9580b5ad411948e208801ff4e11df28aa70701228e871fa62bd8e1d2b3abd2494e13f35b5933263a1b9ee64b0161ef7cc4e38117db59c3db871f9eb7078642fdf"}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}, 0xf58}}, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) (async)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000080)={0x8}) (async)
ioctl$sock_inet_SIOCDARP(r2, 0x8953, &(0x7f0000000100)={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x44}}, {0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x4, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 'xfrm0\x00'}) (async)
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)

16.009816311s ago: executing program 2 (id=734):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x90, 0x0, 0x0, {0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100, 0x0, {0x4, 0x0, 0x200000000e, 0xffff, 0x369, 0x7, 0x4, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x902}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d9600010000000000000000000d00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

1.342713361s ago: executing program 0 (id=1006):
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0200"]) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYRESOCT=r0], 0x38}}, 0x20000804) (async)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080))

1.192400037s ago: executing program 0 (id=1012):
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) (async)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000080)={0x28, 0x4, r1, 0x0, &(0x7f0000e1d000/0x4000)=nil, 0x4000, 0xfffffffffffff000}) (async)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r2, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e}) (async)
r3 = syz_open_dev$radio(&(0x7f0000000140), 0x0, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90b, 0x8000, '\x00', @p_u8=&(0x7f0000000080)}})

1.191963158s ago: executing program 0 (id=1014):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'})
signalfd(r0, &(0x7f0000000000)={[0x30e]}, 0x8)

1.039634118s ago: executing program 32 (id=734):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x90, 0x0, 0x0, {0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100, 0x0, {0x4, 0x0, 0x200000000e, 0xffff, 0x369, 0x7, 0x4, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x902}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d9600010000000000000000000d00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

1.038530701s ago: executing program 0 (id=1022):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000180)={0x1, 0x5, 0x5, &(0x7f0000000100)={0x1c, "b6f5eac76e436afb93e063ed9db4f9bf42fd27e6a154034b28a38d7b6ef7ffe7e6"}}) (async)
ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000180)={0x1, 0x5, 0x5, &(0x7f0000000100)={0x1c, "b6f5eac76e436afb93e063ed9db4f9bf42fd27e6a154034b28a38d7b6ef7ffe7e6"}})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000005}, 0x0) (async)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000005}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x7fffc, {0x0, 0x0, 0x0, r4, {}, {0xffe2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000c061}, 0x400c000)

884.825712ms ago: executing program 0 (id=1026):
creat(&(0x7f00000001c0)='./file0\x00', 0x8)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000)=0x6, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x155)
mount$9p_virtio(&(0x7f0000000180), &(0x7f0000000480)='./file0\x00', &(0x7f0000000040), 0x20, &(0x7f0000000440)=ANY=[@ANYBLOB="78224fc427ed619f319b73733d616e792c63616368653d66736361636865"])
chdir(&(0x7f00000000c0)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x10, r1, 0xc8587000)
write$vhost_msg_v2(r1, &(0x7f0000000580)={0x2, 0x0, {0x0, 0x0, 0x0, 0x2, 0x3}}, 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ftruncate(r1, 0x6)
mount$afs(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1000000, 0x0)

883.760314ms ago: executing program 0 (id=1028):
statx(0xffffffffffffff9c, 0x0, 0x4000, 0x1, 0x0)
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
pipe(0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000010c0), 0x1, 0x0)
ioctl$SNDRV_PCM_IOCTL_LINK(r3, 0x40044160, &(0x7f0000001100)=0x8)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRES8=r2], 0x64}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
r6 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r6, r5, 0xcf)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000001040)=ANY=[@ANYRES16, @ANYRESOCT=r4], 0x48}}, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1, 0x1})
ioctl$HIDIOCINITREPORT(r1, 0x4805, 0x0)
syz_usb_control_io(r0, &(0x7f00000005c0)={0x2c, 0x0, &(0x7f0000000300)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2e}}, 0x0, 0x0, 0x0}, 0x0)

598.136262ms ago: executing program 3 (id=1038):
socket$nl_route(0x10, 0x3, 0x0)
syz_clone(0x2a809000, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='fdinfo/3\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r1, &(0x7f0000000080), 0x1c)
r2 = fcntl$dupfd(r1, 0x0, r1)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x4000)
ioctl$sock_inet6_tcp_SIOCINQ(r2, 0x541b, &(0x7f0000000240))
read$FUSE(r0, &(0x7f0000004100)={0x2020}, 0x2020)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r3, 0xc0105500, &(0x7f0000000140)={0x80, 0x6, 0x303, 0xfffd, 0x13, 0x0, 0x0})
r4 = socket(0x10, 0x3, 0x0)
write(r4, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24)
sendmsg$nl_route_sched(r4, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=@newtaction={0x64, 0x30, 0xb25, 0x0, 0xfffffffe, {}, [{0x50, 0x1, [@m_vlan={0x4c, 0x3, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x8, 0x0, 0x20000000, 0x0, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x0)

522.625622ms ago: executing program 3 (id=1040):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r2, &(0x7f0000002200)=[{{&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x4, 0x0}}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000200)="9a", 0x1}], 0x1}}], 0x1, 0x4000000)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000400)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000040)={0x9, 0xff, 0x2, 0x3, 0x1, 0x0, 0x3, 0x6, r4}, 0x20)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000000c0)={0x8, 0xc4c, 0xc, 0x8, 0x0, 0x40000000, 0x723b9fe7, 0x3, r4}, 0x20)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x80800)
setsockopt$sock_int(r6, 0x1, 0x20, &(0x7f0000000940)=0x1000008, 0x4)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmmsg(r6, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000240)=""/187, 0xbb}], 0x1}, 0x5}], 0x1, 0x100, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="8aee000000000000010000000900eca5a3460000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=r4, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r8, r9, 0x4, 0x0, 0x0, @void, @value}, 0x10)
r10 = socket(0x1, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r8, &(0x7f0000000100), &(0x7f00000001c0)=@tcp=r10}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r8, &(0x7f0000000100), &(0x7f0000000140)=@udp6=r7}, 0x20)
r11 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r11, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000040)={<r12=>0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000})
close_range(r12, 0xffffffffffffffff, 0x0)

271.843424ms ago: executing program 3 (id=1043):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000100)={0x544, r0, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x198, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x5f, 0x5, "59d7c9c21e63fecc540f98020efb69464dfb075ed55d2fd641f51176c7ac6e7441ed125410e7905cbcfa17a13a1ad2d247cd50710378bcd6b3c12f2d4fd01a1cc8781cb5ec1774a3b997f0617b5cbaa593b26c294701ea065a2b7d"}, @ETHTOOL_A_BITSET_BITS={0x124, 0x3, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xb}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x10, 0x2, '/dev/video#\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '[\x00'}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x10, 0x2, '/dev/video#\x00'}]}, {0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '*\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '\'-[\x00'}]}, {0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6d}, @ETHTOOL_A_BITSET_BIT_NAME={0x10, 0x2, '/dev/video#\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x10, 0x2, '/dev/video#\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xc}]}, {0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '/+\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '*\x00'}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x1f0, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x40}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x5db0}, @ETHTOOL_A_BITSET_MASK={0xc6, 0x5, "045b19dd5ff1a14c4839dc0c3fcb0085e3fc015b65082529e897813842dfd19150e89d2b200f684b329e71be4b2d844ca04fc3c9df8cd2f2272ed3d2845838fb92b1980ef9febef3d1bba0ee650a5767fc3e792c0184a5be008db6935c7c8674c615292741f2b6291e034c8182a86fd855ab689f4d5bbbbf21d386b0c13d04de1f8690a6cfdbe04a10ebfae6dbc628c598871690c6d400335eb35f8c950cb125b723593225ac9dd378501e95353d1ba72046e60a67bf5413efae4751fb9617151b6b"}, @ETHTOOL_A_BITSET_VALUE={0x6, 0x4, "48c7"}, @ETHTOOL_A_BITSET_VALUE={0x23, 0x4, "909cb329bb4ee5d1720c7e61610e8cc310165d32c9625506def0d169e8b9b6"}, @ETHTOOL_A_BITSET_MASK={0xe0, 0x5, "c4a700959300490e52d559679fdf5b022cdbd241ab72626845b6888950a76c0329e5581822dd1886bad8a51df32acefd325ac763b8c65a8fa7371f7f17b1260f74ba69f34b1919cbf4ccd1a72a3cfc33c3e0552b45a41aacdf9c1b6d3df24888f8cc6ac6fcd488d7fdd491898fff411ce097d8a85aee730fa6dcb0b5eca892683a68e53d59412809443fc8fdb86ee79aa1135bb9afc0844c2771bee3f5c81b89ed376619fbd2e0571c65e1f98d9391c1e9b13bc742af6e9d83ccbadef01453d4f63f5be80494b17098b57a58d755df7ca02cb7dd70a1448d98ca9b79"}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x19c, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0xd5, 0x5, "2756155b6c5e45242b21578998fd938fa94078b415e466aca0c59ab013fd5e61161b980f7c0f0a481f93f65a3045557d8e512673d4160ec2062fc2e1c71a4878f36b0dda1ffc1fdddc30e35ae618098feaa4373d9626748b39fdb71f1bddd8c4725b1b70962e5fe22dfa64af57702a94e9028f9b74450198866d63cdd1c3c0abe502a2a076871a523a294515a3a2091353d883b78d8beb6449420a7f6f29933053e0382c985217c9a1d1859b83af188c568e90df18c0824e746d943b8a8c8245dc842303707c04c21a48e10822b9ea37eb"}, @ETHTOOL_A_BITSET_VALUE={0xbd, 0x4, "941667a7b1c97ed50bea24f892cf071755468b205e5f34861759df700b26c077a33b37604d8a632062819176e9210afe04df74a9e7fa1fb22897501baee382ee0cf82c54b53df88a289c5a652fd86f178b593d9912013292939f32c2b8556319710874a6e50877965114a66742dea137801c6d320ba8ec20334f9f8a9e76d326db2bc102566664796a9e76684853f3583dee8f039510ec47c07e2804742406893ba6d4fbf94358ba39e7bf5bf73a53a104c56240a478442628"}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0xc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7ff}]}]}, 0x544}, 0x1, 0x0, 0x0, 0x4000000}, 0x20004000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newtaction={0x98, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x84, 0x1, [@m_tunnel_key={0x80, 0x1, 0x0, 0x0, {{0xf}, {0x50, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x0, 0xfffffffd}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xe, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @empty}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x24040081}, 0x880)
r2 = syz_open_dev$vim2m(&(0x7f0000000080), 0x200080000000002, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000040)={0x13, 0x1, 0x2, "7e0efe3287fda55aab2500000000b482b200", 0x30313953})

269.868912ms ago: executing program 1 (id=1044):
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r4=>0x0})
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
getsockopt$bt_BT_CHANNEL_POLICY(r5, 0x112, 0xa, &(0x7f00000000c0)=0xd9, &(0x7f0000000100)=0x4)
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)={0x2c, r3, 0x211, 0x0, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x2c}, 0x1, 0x100000000000000, 0x0, 0x4044059}, 0x40090)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r7, 0x4010ae68, &(0x7f0000000000)={0x6000, 0x0, 0x1})
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@ipv4_newroute={0x2c, 0x18, 0x35f32a6dfa748ddd, 0xfffffffc, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x3}, @RTA_IIF={0x8, 0x3, r4}]}, 0x2c}}, 0x0)
r8 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000006c0), 0x2a00, 0x0)
ioctl$CDROMPLAYMSF(r8, 0x5303, 0x0)
listen(r0, 0x0)
accept(r0, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000100)) (async)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async)
getsockopt$bt_BT_CHANNEL_POLICY(r5, 0x112, 0xa, &(0x7f00000000c0)=0xd9, &(0x7f0000000100)=0x4) (async)
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)={0x2c, r3, 0x211, 0x0, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x2c}, 0x1, 0x100000000000000, 0x0, 0x4044059}, 0x40090) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r7, 0x4010ae68, &(0x7f0000000000)={0x6000, 0x0, 0x1}) (async)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@ipv4_newroute={0x2c, 0x18, 0x35f32a6dfa748ddd, 0xfffffffc, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x3}, @RTA_IIF={0x8, 0x3, r4}]}, 0x2c}}, 0x0) (async)
openat$cdrom(0xffffffffffffff9c, &(0x7f00000006c0), 0x2a00, 0x0) (async)
ioctl$CDROMPLAYMSF(r8, 0x5303, 0x0) (async)
listen(r0, 0x0) (async)
accept(r0, 0x0, 0x0) (async)

269.568257ms ago: executing program 1 (id=1045):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
dup3(r0, r1, 0x80000)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x2c, &(0x7f00000001c0)=0x800, 0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000000f80)="d8000000180081064e81f782db4cb910021d0800fd007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000040012000a00ff150048035c3b61c1d67f6f94007134cf6efb80073f6a5aa8457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001252c330f973f4953d2a6823a45", 0xd8}], 0x1}, 0x4000044)
pread64(r2, &(0x7f0000000280)=""/195, 0xc3, 0x0)

222.78431ms ago: executing program 3 (id=1046):
syz_emit_ethernet(0x24, &(0x7f0000000780)={@local, @random="429e82211cf8", @void, {@ipv4={0x800, @generic={{0x6, 0x4, 0x2, 0x0, 0x18, 0x67, 0x0, 0x2, 0x67, 0x0, @rand_addr=0x64010100, @broadcast, {[@generic={0x7, 0x2}]}}}}}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001480)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x2, [@func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0x0, 0x3}, {0x0, 0x2}, {0x0, 0x3}]}, @func_proto={0x0, 0x0, 0x0, 0x4}, @func_proto={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x56, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000000)={0x1, &(0x7f0000000100)="b71e417f9d7d1d19d98a950c87dfe88c4145ad4e8ec1c33861a68950889948e3e15d0bbb6cef283e704742746084f54425710cd376c326538ae39d128dd1cbfcbd894f4decaf18c966cb163df7734baa8e7e200c2585c04a88a38918793a19d4237ef60f5d0ab537452ea68e4211b1c26ab7ab800a0adac19ccbf5613bf9470960813dc7bf80f63debf2eec9faff910ab8ae9d12a22608ddfdc296ed7d41511e84811a10c9b253b11bab0238ab113126ba3a5501d042a1e8e1f7096bfb667d48fda154905c42e330633b86e093f8e91eab7a8e3152c863bcd5", &(0x7f0000000200)=""/223, 0x4}, 0x20)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000300))

222.325014ms ago: executing program 3 (id=1047):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r1)
sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, r2, 0x1, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x44004}, 0x40000)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x1f6, 0x4)
sendmmsg$inet(r0, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x1}}], 0x1, 0x4000800)

162.632937ms ago: executing program 3 (id=1048):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
listen(0xffffffffffffffff, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r0}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(0x0, 0x2, 0x141121)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_setup(0x1c57, &(0x7f0000000300)={0x0, 0x40ac, 0x10000, 0x2, 0x23f}, 0x0, &(0x7f00000001c0)=<r2=>0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2244, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x7)
ioctl$TIOCSETD(r3, 0x5412, &(0x7f00000000c0)=0xe9)
syz_io_uring_submit(0x0, r2, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1})
getdents64(0xffffffffffffffff, &(0x7f0000000340)=""/87, 0x57)
io_uring_enter(0xffffffffffffffff, 0x1eee, 0x4000, 0x10, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r5=>0x0})
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r6, 0x0, 0x0}, 0x10)
r7 = getpid()
syz_genetlink_get_family_id$tipc2(&(0x7f0000000480), 0xffffffffffffffff)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r8, 0x84, 0x13, &(0x7f0000000000)=0xfff, 0x4)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="020000f8", @ANYRES16=r10, @ANYBLOB="010026bd700000000000250000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008b00", @ANYRES32=r7, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0)

70.973505ms ago: executing program 1 (id=1049):
r0 = syz_open_dev$vim2m(&(0x7f0000001580), 0x57, 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x1c1f81, 0x0) (async, rerun: 64)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) (async, rerun: 64)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500), 0x101, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x15)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600) (async, rerun: 64)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) (async, rerun: 64)
ioctl$TCSETS(r2, 0x40204706, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000310000000000200"}) (async)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r4 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000200)=0x14)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000040)={0x1, @pix_mp={0xe, 0x7, 0x30314247, 0x8, 0x4, [{0x5, 0xfc}, {0x2, 0x8000}, {0x5, 0xda25}, {0x7fffffff, 0x1}, {0x10000, 0x1}, {0x1, 0x5}, {0x9, 0x7c8b}, {0xc, 0xffffffff}], 0x43, 0x27, 0x7, 0x0, 0x7}}) (async, rerun: 32)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x21, 0x1, 0x1, "3a8e080800b3020000000010000f0000000100", 0x3234564e}) (rerun: 32)

70.651394ms ago: executing program 1 (id=1050):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0xa)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000700)=ANY=[@ANYRES16=r1, @ANYRES16, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESOCT=r0, @ANYRES32=r0, @ANYBLOB="2c318de245df67a9b8ee8a592593282fe53e7f74f3faa80fcbab2d1e8e227801d513c93daaf2504cedc0e21a36a3fcc22b00c55bf9df450829bbceb26489ed15e5dc0369fad029cc9a654a25215ea9eccec1fa759ce21d47f47f7d98cdc526ea2b0fb1d07c1e21480d174a3a3f1b9d46d6deda6070ec83a3b3f2b14d4900bde8f82392a93ca0785db2b20caffaca760b5a396ba4258066713c08832bc82b7a46b1aae68f9c1e3763e46fa13c072d662ad047007cbab4c4e81cb3b95e8b23e752394fc734f475691f43821cbfcf0108bfe6d631f11e253e91"])
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000000c0)={'syz0\x00', {0xfff7, 0xc, 0x100, 0xcb}, 0x1d, [0x7b, 0xb7e2, 0x3, 0x9, 0x100, 0x3, 0x1, 0x7, 0x9, 0x80000001, 0x7, 0xa, 0x3, 0x0, 0x7f, 0xd, 0x7fff, 0x6, 0x6, 0x45, 0x6, 0x6, 0x7, 0x7, 0xff, 0x2, 0xfffff5ee, 0x401, 0x0, 0xfc75, 0x8, 0x9, 0x4, 0x2, 0x0, 0x81, 0xfffff765, 0x2, 0x3, 0xfffffff9, 0xa, 0x2, 0x5, 0x0, 0xfffffff7, 0x6, 0x7, 0x4c, 0x1, 0x80, 0x8, 0xa, 0x9, 0x7, 0x8000101, 0xc3c, 0x1733, 0x7fff, 0x7ffc, 0x8, 0x6, 0x5, 0x1, 0x4], [0x10, 0x3, 0x8, 0x8, 0x0, 0x8, 0x4, 0x0, 0x25, 0x10, 0x1, 0x7, 0x8, 0xe62, 0x5, 0x1000, 0x6, 0x13e5, 0x3, 0x23, 0x1000, 0x7, 0x1, 0x3b40, 0x4, 0x1000, 0x5, 0x7fff, 0x8, 0x5a, 0xffff2503, 0x7fffffff, 0x6995, 0x1, 0x80000000, 0x8, 0xdaa, 0x5, 0x1, 0x76c4, 0xfffffffd, 0x5, 0x4, 0x10000, 0xd, 0x2, 0x9, 0x10, 0x4000e, 0x9, 0x7, 0xa, 0x9, 0x6, 0x8, 0x3, 0x6, 0x3a6, 0x8, 0xc0d, 0xfffffffd, 0x9, 0xc, 0xfffffffb], [0xa3, 0x6, 0x6, 0x9, 0x1000, 0x0, 0x80000000, 0x5, 0x7f, 0xa, 0x100, 0x1000, 0xf1, 0x6, 0xc, 0x10000, 0x72, 0xefa, 0x633, 0xd, 0x7, 0x6, 0x80000000, 0x6, 0x0, 0x7, 0x8, 0x2ef3adcb, 0x10, 0x2, 0x8, 0xa, 0x74, 0x4, 0x7, 0x801, 0xfffffff2, 0x63, 0x7, 0x2, 0x3, 0x3, 0x20a7fd9e, 0xfffffffd, 0x2, 0xa1, 0x0, 0x9d, 0x7, 0xa8a, 0x2, 0x6, 0x77, 0x8, 0x1ff, 0x7, 0x7, 0x2, 0x8, 0x2, 0x8, 0x2, 0x3, 0x5], [0x4, 0x4, 0x40000005, 0x8000, 0x493e, 0x3, 0x35ff4447, 0x7, 0x5, 0x7, 0x7fff, 0x5, 0x5, 0x3ff, 0xb88f, 0xffff0000, 0x9, 0xf7df, 0x2, 0x10, 0x8, 0x2, 0xff, 0x8000, 0x5, 0x2, 0x3, 0x0, 0x7, 0x4e6, 0x8, 0x6, 0x1000, 0x8000, 0xc, 0x4, 0x401, 0x1, 0x5, 0x0, 0x9a8, 0xe32, 0x231, 0x3ff, 0x8, 0x1, 0xffff0001, 0x1, 0x1, 0x10, 0x8, 0x5396, 0x6161, 0x9, 0x101, 0x1ff, 0x8, 0x431, 0x6, 0x5, 0x4, 0x7b, 0x7fc, 0x9]}, 0x45c)
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x490420, 0x0, 0x0, 0xcc, 0x0, 0x0, 0x0, 0x100}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x20c01, 0x99)
ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x40806685, &(0x7f0000000180)={0x81, 0x3})
socket$nl_generic(0x10, 0x3, 0x10)
shutdown(0xffffffffffffffff, 0x1)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, 0x0, 0x0)
connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="380000000314010000000000fbdbdf250900020073797a3200007278650014003300767863616e31000000000000000000004d80f028d487baec94e00ecc63af3bf99c391d18849b7382bdf380189877f5e45158af2f015e4ea6da1e07548ce68be57ac70c583bbeea68e2fcaea9ae5607ff103edcf68cd8f53e"], 0x38}, 0x1, 0x0, 0x0, 0x200c08a5}, 0x8000)
getsockopt$IP_VS_SO_GET_SERVICES(r6, 0x0, 0x482, &(0x7f0000000080)=""/39, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)

549.43µs ago: executing program 1 (id=1051):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
r4 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x8, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$inet6(0xa, 0x80002, 0x0) (async)
r5 = socket$inet6(0xa, 0x80002, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000040)={@local, @dev, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x88, 0x0, @empty}, {0x0, 0x0, 0x8, 0x0, @gue={{0x2}}}}}}}, 0x0) (async)
syz_emit_ethernet(0x32, &(0x7f0000000040)={@local, @dev, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x88, 0x0, @empty}, {0x0, 0x0, 0x8, 0x0, @gue={{0x2}}}}}}}, 0x0)
setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) (async)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r4, &(0x7f0000000280), &(0x7f0000001840)=@udp6=r5}, 0x20) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r4, &(0x7f0000000280), &(0x7f0000001840)=@udp6=r5}, 0x20)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r7 = socket(0x10, 0x80002, 0x0)
socket(0x200000000000011, 0x2, 0x0) (async)
r8 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000005400e5ea29bd7000ffffffff07000002", @ANYRES32=r9, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB="01030300ff"], 0x38}, 0x1, 0x0, 0x0, 0x2800}, 0x40084c0)
sendmmsg$alg(r7, &(0x7f00000000c0), 0x492492492492627, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)

0s ago: executing program 1 (id=1052):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@datasec={0x2, 0x0, 0x0, 0xf, 0x2, [], "25ff"}, @datasec={0x0, 0x0, 0x0, 0xf, 0x2, [], "b8b3"}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x38, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x20)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffe}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

0s ago: executing program 1 (id=1053):
syz_open_dev$video(&(0x7f0000000040), 0x305, 0x100000)
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000003c40)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
open(&(0x7f0000000180)='./file0\x00', 0x4f0602, 0x0)
ioctl$VIDIOC_DECODER_CMD(r0, 0xc0485660, &(0x7f0000000080)={0x0, 0x1, @stop_pts=0x6}) (async)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8, 0x951, 0x4c, 0x5}, 0x10)
setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4)
socket$kcm(0x29, 0x2, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r2, &(0x7f00000004c0)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0xfffffff9}, 0x1c, 0x0, 0x0, &(0x7f0000000500)=[@pktinfo={{0x12, 0x11, 0x67, {@ipv4={'\x00', '\xff\xff', @local}}}}], 0x28}}], 0x1, 0x0) (async)
r3 = socket$inet_tcp(0x2, 0x1, 0x0) (async, rerun: 32)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (rerun: 32)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r4, r5, 0x25, 0x2, @val=@perf_event={0xff}}, 0x18) (async)
syz_emit_ethernet(0x66, &(0x7f0000000780)={@broadcast, @random="6487a2bed3d6", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x6c, 0x0, @private}}}}}, 0x0) (async)
syz_emit_ethernet(0xfdef, &(0x7f00000001c0)=ANY=[@ANYRESDEC], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0x80d01, 0x0)
pwrite64(r6, &(0x7f0000000000)="a5", 0xfffffe8c, 0x2)

kernel console output (not intermixed with test programs):

[   47.955958][ T5929] veth1_vlan: entered promiscuous mode
[   47.962235][ T5928] veth1_vlan: entered promiscuous mode
[   47.967057][ T1142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.968079][ T5931] veth1_vlan: entered promiscuous mode
[   47.969549][ T1142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.991994][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.994534][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.010424][ T5929] veth0_macvtap: entered promiscuous mode
[   48.013426][ T5931] veth0_macvtap: entered promiscuous mode
[   48.019386][ T5931] veth1_macvtap: entered promiscuous mode
[   48.023539][ T5929] veth1_macvtap: entered promiscuous mode
[   48.035472][ T5928] veth0_macvtap: entered promiscuous mode
[   48.038753][ T5939] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   48.044333][ T5931] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.049132][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.051625][ T5928] veth1_macvtap: entered promiscuous mode
[   48.059654][ T5931] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.064013][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.072460][ T5931] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.075141][ T5931] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.078564][ T5931] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.081305][ T5931] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.086326][ T5929] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.089531][ T5929] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.092201][ T5929] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.094880][ T5929] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.101056][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.105405][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.113405][ T5928] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.116158][ T5928] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.119301][ T5928] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.122026][ T5928] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.178519][   T85] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.181561][   T85] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.213348][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.213849][   T85] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.215853][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.222953][   T85] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.240992][ T1142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.243687][ T1142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.262090][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.265279][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.266449][   T85] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.270693][   T85] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.340964][ T6026] netlink: 'syz.2.6': attribute type 11 has an invalid length.
[   48.344095][ T6026] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6'.
[   48.379464][ T6028] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4'.
[   48.382511][ T6028] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4'.
[   48.382742][ T6033] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4'.
[   48.544124][ T6036] geneve2: entered promiscuous mode
[   48.545884][ T6036] geneve2: entered allmulticast mode
[   48.838230][ T6049] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   48.840242][ T6049] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   48.869579][ T6049] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   48.888159][ T6049] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   48.890105][ T6049] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   48.894851][ T6049] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   48.908809][ T6049] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   48.910833][ T6049] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   48.930524][ T6049] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   48.951052][ T6049] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   48.953117][ T6049] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   48.956625][ T6049] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   49.307265][ T6070] mmap: syz.3.17 (6070) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   49.605934][ T6030] Set syz1 is full, maxelem 65536 reached
[   49.648346][ T6073] syz.1.18 uses obsolete (PF_INET,SOCK_PACKET)
[   49.732530][ T6077] netlink: 8 bytes leftover after parsing attributes in process `syz.2.19'.
[   49.814445][ T6082] SELinux: ebitmap: truncated map
[   49.820503][ T6082] SELinux: failed to load policy
[   49.858330][ T6085] process 'syz.0.23' launched '/dev/fd/3' with NULL argv: empty string added
[   49.878516][ T6087] syz_tun: entered allmulticast mode
[   49.897564][ T6087] syz_tun: left allmulticast mode
[   49.977859][   T40] kauditd_printk_skb: 100 callbacks suppressed
[   49.977869][   T40] audit: type=1400 audit(1750534415.900:190): avc:  denied  { read write } for  pid=6090 comm="syz.1.25" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   49.987728][   T40] audit: type=1400 audit(1750534415.900:191): avc:  denied  { open } for  pid=6090 comm="syz.1.25" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   49.995232][   T40] audit: type=1400 audit(1750534415.910:192): avc:  denied  { ioctl } for  pid=6090 comm="syz.1.25" path="/dev/fuse" dev="devtmpfs" ino=105 ioctlcmd=0x127e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   50.006196][   T40] audit: type=1400 audit(1750534415.910:193): avc:  denied  { create } for  pid=6090 comm="syz.1.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   50.013352][   T40] audit: type=1400 audit(1750534415.910:194): avc:  denied  { write } for  pid=6090 comm="syz.1.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   50.027979][   T40] audit: type=1400 audit(1750534415.910:195): avc:  denied  { create } for  pid=6090 comm="syz.1.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[   50.035607][   T40] audit: type=1400 audit(1750534415.910:196): avc:  denied  { ioctl } for  pid=6090 comm="syz.1.25" path="socket:[9318]" dev="sockfs" ino=9318 ioctlcmd=0x89eb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[   50.050001][   T40] audit: type=1400 audit(1750534415.940:197): avc:  denied  { read } for  pid=6099 comm="syz.0.27" name="v4l-subdev0" dev="devtmpfs" ino=965 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   50.059554][   T40] audit: type=1400 audit(1750534415.940:198): avc:  denied  { open } for  pid=6099 comm="syz.0.27" path="/dev/v4l-subdev0" dev="devtmpfs" ino=965 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   50.067801][   T40] audit: type=1400 audit(1750534415.940:199): avc:  denied  { write } for  pid=6099 comm="syz.0.27" path="socket:[7111]" dev="sockfs" ino=7111 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   50.100389][ T6096] Bluetooth: MGMT ver 1.23
[   50.128841][ T6106] netlink: 12 bytes leftover after parsing attributes in process `syz.3.26'.
[   50.130090][ T6098] netlink: 12 bytes leftover after parsing attributes in process `syz.3.26'.
[   50.431095][ T6136] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[   50.433328][ T6136] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   50.437047][ T6136] vhci_hcd vhci_hcd.0: Device attached
[   50.442757][ T6136] vcan0: tx drop: invalid da for name 0x0000000000000002
[   50.449790][ T6137] vhci_hcd: connection closed
[   50.451239][ T1142] vhci_hcd: stop threads
[   50.454364][ T1142] vhci_hcd: release socket
[   50.455815][ T1142] vhci_hcd: disconnect device
[   50.463522][ T6142] Zero length message leads to an empty skb
[   50.598165][ T6149] could not allocate digest TFM handle cryptd(blake2b-160)
[   50.822511][ T6161] evm: overlay not supported
[   50.827037][   T61] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   50.876846][ T5944] Bluetooth: hci0: command 0x040f tx timeout
[   50.956924][ T5944] Bluetooth: hci3: command 0x040f tx timeout
[   50.956946][ T5937] Bluetooth: hci2: command 0x040f tx timeout
[   50.958584][ T5936] Bluetooth: hci1: command 0x040f tx timeout
[   50.998995][   T61] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   51.001878][   T61] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   51.005134][   T61] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[   51.008377][   T61] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[   51.011863][   T61] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[   51.017409][   T61] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   51.020369][   T61] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   51.022918][   T61] usb 8-1: Product: syz
[   51.024276][   T61] usb 8-1: Manufacturer: syz
[   51.031628][   T61] cdc_wdm 8-1:1.0: skipping garbage
[   51.033456][   T61] cdc_wdm 8-1:1.0: skipping garbage
[   51.040234][   T61] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[   51.042204][   T61] cdc_wdm 8-1:1.0: Unknown control protocol
[   51.127814][ T6180] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[   51.129879][ T6180] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   51.132332][ T6180] vhci_hcd vhci_hcd.0: Device attached
[   51.134726][ T6183] vhci_hcd: cannot find a urb of seqnum 4294967226 max seqnum 0
[   51.138816][   T13] vhci_hcd: stop threads
[   51.140283][   T13] vhci_hcd: release socket
[   51.141682][   T13] vhci_hcd: disconnect device
[   51.284263][    C1] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[   51.286787][    C1] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[   51.288907][    C1] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[   51.290966][    C1] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[   51.293155][    C1] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[   51.294969][ T6021] usb 8-1: USB disconnect, device number 2
[   51.295445][    C1] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[   51.299085][    C1] cdc_wdm 8-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[   51.319702][ T6202] binder: 6201:6202 ioctl 40046205 0 returned -22
[   51.479166][ T6211] netlink: 76 bytes leftover after parsing attributes in process `syz.1.58'.
[   51.491486][ T6214] fuse: Bad value for 'group_id'
[   51.493154][ T6214] fuse: Bad value for 'group_id'
[   51.772393][ T6239] netlink: 36 bytes leftover after parsing attributes in process `syz.1.65'.
[   51.926755][   T24] usb 7-1: new low-speed USB device number 2 using dummy_hcd
[   52.076838][   T24] usb 7-1: Invalid ep0 maxpacket: 64
[   52.167229][ T1467] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   52.206871][   T24] usb 7-1: new low-speed USB device number 3 using dummy_hcd
[   52.209669][ T6254] fuse: Bad value for 'fd'
[   52.318443][ T1467] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   52.321551][ T1467] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   52.324416][ T1467] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   52.330507][ T6244] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[   52.339486][ T1467] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[   52.356716][   T24] usb 7-1: Invalid ep0 maxpacket: 64
[   52.358811][   T24] usb usb7-port1: attempt power cycle
[   52.540632][ T6244] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   52.543630][ T6244] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   52.548330][ T6244] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   52.552975][ T6244] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   52.591561][ T5737] usb 6-1: USB disconnect, device number 2
[   52.611747][ T6273] lo speed is unknown, defaulting to 1000
[   52.613802][ T6273] lo speed is unknown, defaulting to 1000
[   52.620397][ T6273] lo speed is unknown, defaulting to 1000
[   52.625190][ T6273] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   52.634626][ T6273] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   52.658574][ T6273] lo speed is unknown, defaulting to 1000
[   52.660287][ T6275] program syz.3.75 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   52.661360][ T6273] lo speed is unknown, defaulting to 1000
[   52.667478][ T6273] lo speed is unknown, defaulting to 1000
[   52.669903][ T6273] lo speed is unknown, defaulting to 1000
[   52.706927][   T24] usb 7-1: new low-speed USB device number 4 using dummy_hcd
[   52.737194][   T24] usb 7-1: Invalid ep0 maxpacket: 64
[   52.743830][ T6281] netlink: 4 bytes leftover after parsing attributes in process `syz.3.78'.
[   52.757961][ T6283] syzkaller1: entered promiscuous mode
[   52.759793][ T6283] syzkaller1: entered allmulticast mode
[   52.866854][   T24] usb 7-1: new low-speed USB device number 5 using dummy_hcd
[   52.882308][ T6285] random: crng reseeded on system resumption
[   52.887568][   T24] usb 7-1: Invalid ep0 maxpacket: 64
[   52.890066][   T24] usb usb7-port1: unable to enumerate USB device
[   52.958641][ T5937] Bluetooth: hci0: command 0x040f tx timeout
[   53.038169][ T5937] Bluetooth: hci3: command 0x040f tx timeout
[   53.038340][ T5944] Bluetooth: hci1: command 0x040f tx timeout
[   53.040736][ T5937] Bluetooth: hci2: command 0x040f tx timeout
[   53.132102][ T6306] netlink: 'syz.3.87': attribute type 1 has an invalid length.
[   53.180412][ T6304] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   53.185114][ T6304] xt_socket: unknown flags 0x50
[   53.223120][ T6316] rtc_cmos 00:05: Alarms can be up to one day in the future
[   53.467644][   T24] usb 8-1: new low-speed USB device number 3 using dummy_hcd
[   53.482725][ T6329] Invalid ELF header magic: != ELF
[   53.617992][   T24] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[   53.620942][   T24] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[   53.625081][   T24] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   53.629697][   T24] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[   53.633972][   T24] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[   53.639968][   T24] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[   53.642874][   T24] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[   53.647050][   T24] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   53.651472][   T24] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[   53.655759][   T24] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[   53.661003][   T24] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[   53.663877][   T24] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[   53.668127][   T24] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   53.672578][   T24] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[   53.677097][   T24] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[   53.683971][   T24] usb 8-1: string descriptor 0 read error: -22
[   53.686420][   T24] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[   53.690107][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   53.698540][   T24] adutux 8-1:168.0: ADU100  now attached to /dev/usb/adutux0
[   53.936774][   T61] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   54.003302][ T5935] rtc_cmos 00:05: Alarms can be up to one day in the future
[   54.006490][ T5935] rtc_cmos 00:05: Alarms can be up to one day in the future
[   54.009792][ T5935] rtc_cmos 00:05: Alarms can be up to one day in the future
[   54.013013][ T5935] rtc_cmos 00:05: Alarms can be up to one day in the future
[   54.015766][ T5935] rtc rtc0: __rtc_set_alarm: err=-22
[   54.066797][ T6343] binder_alloc: binder_alloc_mmap_handler: 6341 200000ffc000-200001000000 already mapped failed -16
[   54.105114][ T6346] netlink: 'syz.0.100': attribute type 1 has an invalid length.
[   54.108363][ T6346] __nla_validate_parse: 3 callbacks suppressed
[   54.108374][ T6346] netlink: 244 bytes leftover after parsing attributes in process `syz.0.100'.
[   54.119686][   T61] usb 6-1: config 0 has an invalid interface number: 104 but max is 0
[   54.123079][   T61] usb 6-1: config 0 has no interface number 0
[   54.125740][   T61] usb 6-1: config 0 interface 104 has no altsetting 0
[   54.130458][   T61] usb 6-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=a1.c9
[   54.133354][   T61] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   54.136236][   T61] usb 6-1: Product: syz
[   54.138049][   T61] usb 6-1: Manufacturer: syz
[   54.139644][   T61] usb 6-1: SerialNumber: syz
[   54.143638][   T61] usb 6-1: config 0 descriptor??
[   54.147902][   T61] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[   54.170810][ T6348] af_packet: tpacket_rcv: packet too big, clamped from 36 to 4294967272. macoff=96
[   54.193220][ T6348] lo speed is unknown, defaulting to 1000
[   54.357601][   T61] gspca_vc032x: reg_r err -71
[   54.360434][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.363736][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.365503][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.365784][ T6360] netlink: 28 bytes leftover after parsing attributes in process `syz.0.104'.
[   54.370265][ T6360] netlink: 16 bytes leftover after parsing attributes in process `syz.0.104'.
[   54.370349][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.375448][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.377786][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.380387][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.383711][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.385883][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.388170][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.389978][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.391704][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.393473][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.395513][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.398633][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.400186][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.401681][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.403145][   T61] gspca_vc032x: I2c Bus Busy Wait 00
[   54.404671][   T61] gspca_vc032x: Unknown sensor...
[   54.406199][   T61] vc032x 6-1:0.104: probe with driver vc032x failed with error -22
[   54.410086][   T61] usb 6-1: USB disconnect, device number 3
[   54.696822][ T6376] netlink: 4 bytes leftover after parsing attributes in process `syz.0.108'.
[   54.719297][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.722070][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.724472][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.727082][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.729554][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.731980][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.734377][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.737095][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.739775][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.742224][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.744602][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.747177][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.749582][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.752112][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.754553][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.757349][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.759752][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.762870][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.766047][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.769234][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.772113][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.774585][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.777031][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.779409][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.781823][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.784224][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.786816][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.789289][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.791706][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.794109][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.796498][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.799044][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.801456][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.803757][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.806053][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.808423][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.810804][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.813193][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.815581][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.817991][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.820330][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.822859][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.825303][   T24] hid-generic 0000:007F:FFFFFFFE.0002: unknown main item tag 0x0
[   54.830351][   T24] hid-generic 0000:007F:FFFFFFFE.0002: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   54.939015][ T6386] loop5: detected capacity change from 0 to 7
[   54.943480][ T6386] Dev loop5: unable to read RDB block 7
[   54.945350][ T6386]  loop5: AHDI p1 p2 p3
[   54.946768][ T6386] loop5: partition table partially beyond EOD, truncated
[   54.950179][ T6386] loop5: p1 start 1601398130 is beyond EOD, truncated
[   54.952341][ T6386] loop5: p2 start 1702059890 is beyond EOD, truncated
[   55.015539][   T40] kauditd_printk_skb: 102 callbacks suppressed
[   55.015549][   T40] audit: type=1400 audit(1750534420.929:302): avc:  denied  { create } for  pid=6391 comm="syz.1.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   55.024262][   T40] audit: type=1400 audit(1750534420.939:303): avc:  denied  { connect } for  pid=6391 comm="syz.1.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   55.037346][ T5937] Bluetooth: hci0: command 0x040f tx timeout
[   55.116898][ T5937] Bluetooth: hci1: command 0x040f tx timeout
[   55.117722][ T5936] Bluetooth: hci2: command 0x040f tx timeout
[   55.117734][ T5944] Bluetooth: hci3: command 0x040f tx timeout
[   55.226829][ T6021] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[   55.242764][   T40] audit: type=1400 audit(1750534421.159:304): avc:  denied  { write } for  pid=6396 comm="syz.1.116" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[   55.242799][ T6397] random: crng reseeded on system resumption
[   55.256350][ T6397] Unrecognized hibernate image header format!
[   55.258674][ T6397] PM: hibernation: Image mismatch: architecture specific data
[   55.319705][   T40] audit: type=1400 audit(1750534421.239:305): avc:  denied  { create } for  pid=6402 comm="syz.1.118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   55.376753][ T6021] usb 7-1: Using ep0 maxpacket: 8
[   55.383572][ T6021] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   55.386577][ T6021] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   55.389765][ T6021] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   55.392827][ T6021] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   55.397396][ T6021] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   55.400891][ T6021] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   55.574039][   T40] audit: type=1400 audit(1750534421.489:306): avc:  denied  { ioctl } for  pid=6407 comm="syz.1.119" path="socket:[10660]" dev="sockfs" ino=10660 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   55.583306][   T40] audit: type=1400 audit(1750534421.499:307): avc:  denied  { create } for  pid=6407 comm="syz.1.119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   55.589223][   T40] audit: type=1400 audit(1750534421.499:308): avc:  denied  { ioctl } for  pid=6407 comm="syz.1.119" path="socket:[11357]" dev="sockfs" ino=11357 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   55.597850][   T40] audit: type=1400 audit(1750534421.499:309): avc:  denied  { listen } for  pid=6407 comm="syz.1.119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   55.612746][ T6021] usb 7-1: GET_CAPABILITIES returned 0
[   55.614721][ T6021] usbtmc 7-1:16.0: can't read capabilities
[   55.653134][ T6410] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[   55.663360][ T6410] xt_l2tp: v2 doesn't support IP mode
[   55.691591][ T6413] netlink: 32 bytes leftover after parsing attributes in process `syz.0.121'.
[   55.720030][   T40] audit: type=1400 audit(1750534421.639:310): avc:  denied  { write } for  pid=6417 comm="syz.1.122" name="card1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   55.728673][   T40] audit: type=1400 audit(1750534421.649:311): avc:  denied  { setopt } for  pid=6419 comm="syz.0.123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   55.735011][ T6418] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   55.874119][ T5935] usb 7-1: USB disconnect, device number 6
[   55.928763][ T1467] usb 8-1: USB disconnect, device number 3
[   56.104760][ T6454] erofs (device loop3): cannot find valid erofs superblock
[   56.109625][ T6454] netlink: 36 bytes leftover after parsing attributes in process `syz.3.134'.
[   56.146181][ T6456] netlink: 28 bytes leftover after parsing attributes in process `syz.3.135'.
[   56.156794][ T5737] usb 5-1: new low-speed USB device number 2 using dummy_hcd
[   56.245943][ T6465] netlink: 'syz.3.138': attribute type 1 has an invalid length.
[   56.249113][ T6465] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.138'.
[   56.333411][ T5737] usb 5-1: config 0 has no interfaces?
[   56.335261][ T5737] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   56.338361][ T5737] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   56.342340][ T5737] usb 5-1: config 0 descriptor??
[   56.417596][ T6478] netlink: 8 bytes leftover after parsing attributes in process `syz.3.144'.
[   56.427929][ T6475] QAT: Device 7 not found
[   56.480013][ T6484] netlink: 8 bytes leftover after parsing attributes in process `syz.3.147'.
[   56.486996][ T6484] hfsplus: unable to find HFS+ superblock
[   56.556492][ T6490] netlink: 'syz.2.149': attribute type 2 has an invalid length.
[   56.750319][ T6447] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   56.754737][ T6447] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   56.760116][ T5737] usb 5-1: USB disconnect, device number 2
[   56.820525][ T6513] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[   56.823180][ T6513] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   57.031892][ T6541] openvswitch: netlink: IPv6 tunnel dst address is zero
[   57.036900][ T6541] capability: warning: `syz.2.165' uses deprecated v2 capabilities in a way that may be insecure
[   57.112308][ T6555] block device autoloading is deprecated and will be removed.
[   57.116708][ T5937] Bluetooth: hci0: command 0x040f tx timeout
[   57.166390][ T6539] capability: warning: `syz.1.164' uses 32-bit capabilities (legacy support in use)
[   57.176887][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   57.177747][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   57.181408][ T6563] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   57.197064][ T5936] Bluetooth: hci1: command 0x040f tx timeout
[   57.197093][ T5936] Bluetooth: hci2: command 0x040f tx timeout
[   57.197152][ T5937] Bluetooth: hci3: command 0x040f tx timeout
[   57.220905][ T6567] binfmt_misc: register: failed to install interpreter file ./file0
[   57.265262][ T6569] qnx4: no qnx4 filesystem (no root dir).
[   57.307027][ T6582] Bluetooth: MGMT ver 1.23
[   57.444802][ T6602] netlink: 'syz.1.183': attribute type 32 has an invalid length.
[   58.216745][   T61] usb 5-1: new low-speed USB device number 3 using dummy_hcd
[   58.242600][ T6697] 8021q: adding VLAN 0 to HW filter on device bond2
[   58.281365][ T6703] =======================================================
[   58.281365][ T6703] WARNING: The mand mount option has been deprecated and
[   58.281365][ T6703]          and is ignored by this kernel. Remove the mand
[   58.281365][ T6703]          option from the mount to silence this warning.
[   58.281365][ T6703] =======================================================
[   58.346750][   T61] usb 5-1: device descriptor read/64, error -71
[   58.395582][ T6716] ipt_rpfilter: unknown options
[   58.538341][ T6741] syz_tun: entered allmulticast mode
[   58.545633][ T6741] dvmrp1: entered allmulticast mode
[   58.587003][   T61] usb 5-1: new low-speed USB device number 4 using dummy_hcd
[   58.637289][ T6761] xt_l2tp: missing protocol rule (udp|l2tpip)
[   58.716726][   T61] usb 5-1: device descriptor read/64, error -71
[   58.786162][ T6772] syz.3.222: attempt to access beyond end of device
[   58.786162][ T6772] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0
[   58.791999][ T6772] syz.3.222: attempt to access beyond end of device
[   58.791999][ T6772] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0
[   58.795990][ T6772] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[   58.799434][ T6772] syz.3.222: attempt to access beyond end of device
[   58.799434][ T6772] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0
[   58.803320][ T6772] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[   58.806989][ T6772] syz.3.222: attempt to access beyond end of device
[   58.806989][ T6772] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0
[   58.811079][ T6772] syz.3.222: attempt to access beyond end of device
[   58.811079][ T6772] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0
[   58.815036][ T6772] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[   58.818703][ T6772] syz.3.222: attempt to access beyond end of device
[   58.818703][ T6772] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0
[   58.822912][ T6772] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[   58.826095][ T6772] syz.3.222: attempt to access beyond end of device
[   58.826095][ T6772] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0
[   58.830341][ T6772] syz.3.222: attempt to access beyond end of device
[   58.830341][ T6772] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0
[   58.830568][   T61] usb usb5-port1: attempt power cycle
[   58.834337][ T6772] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[   58.839252][ T6772] syz.3.222: attempt to access beyond end of device
[   58.839252][ T6772] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0
[   58.843191][ T6772] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[   58.846824][ T6772] syz.3.222: attempt to access beyond end of device
[   58.846824][ T6772] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[   58.850864][ T6772] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[   58.853896][ T6772] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[   58.857621][ T6772] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[   59.176732][   T61] usb 5-1: new low-speed USB device number 5 using dummy_hcd
[   59.196750][ T5944] Bluetooth: hci0: command 0x040f tx timeout
[   59.197194][   T61] usb 5-1: device descriptor read/8, error -71
[   59.276754][ T5944] Bluetooth: hci3: command 0x040f tx timeout
[   59.277113][ T5937] Bluetooth: hci2: command 0x040f tx timeout
[   59.279087][ T5944] Bluetooth: hci1: command 0x040f tx timeout
[   59.383567][ T6794] kvm: user requested TSC rate below hardware speed
[   59.446760][   T61] usb 5-1: new low-speed USB device number 6 using dummy_hcd
[   59.467581][   T61] usb 5-1: device descriptor read/8, error -71
[   59.576905][   T61] usb usb5-port1: unable to enumerate USB device
[   59.603383][ T6797] syzkaller1: entered promiscuous mode
[   59.605178][ T6797] syzkaller1: entered allmulticast mode
[   59.748371][ T6799] netlink: 'syz.2.230': attribute type 11 has an invalid length.
[   59.931404][ T6813] __nla_validate_parse: 12 callbacks suppressed
[   59.931415][ T6813] netlink: 10 bytes leftover after parsing attributes in process `syz.2.233'.
[   60.017092][   T40] kauditd_printk_skb: 25072 callbacks suppressed
[   60.017108][   T40] audit: type=1326 audit(1750534425.919:25326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6780 comm="syz.1.225" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d9bf8e929 code=0x7ff00000
[   60.029866][   T40] audit: type=1326 audit(1750534425.939:25385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6780 comm="syz.1.225" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d9bf8e929 code=0x7ff00000
[   60.041188][   T40] audit: type=1326 audit(1750534425.939:25386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6780 comm="syz.1.225" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d9bf8e929 code=0x7ff00000
[   60.048713][   T40] audit: type=1326 audit(1750534425.939:25387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6780 comm="syz.1.225" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d9bf8e929 code=0x7ff00000
[   60.058272][   T40] audit: type=1326 audit(1750534425.939:25388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6780 comm="syz.1.225" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d9bf8e929 code=0x7ff00000
[   60.068430][   T40] audit: type=1326 audit(1750534425.939:25389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6780 comm="syz.1.225" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d9bf8e929 code=0x7ff00000
[   60.078027][   T40] audit: type=1326 audit(1750534425.939:25390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6780 comm="syz.1.225" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d9bf8e929 code=0x7ff00000
[   60.089051][   T40] audit: type=1326 audit(1750534425.939:25391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6780 comm="syz.1.225" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d9bf8e929 code=0x7ff00000
[   60.097437][   T40] audit: type=1326 audit(1750534425.939:25392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6780 comm="syz.1.225" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d9bf8e929 code=0x7ff00000
[   60.105936][   T40] audit: type=1326 audit(1750534425.939:25393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6780 comm="syz.1.225" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d9bf8e929 code=0x7ff00000
[   60.177633][ T6830] JFS: discard option not supported on device
[   60.180480][ T6830] Mount JFS Failure: -5
[   60.208143][ T6830] x_tables: ip6_tables: sctp match: only valid for protocol 132
[   60.255057][ T6839] netlink: 28 bytes leftover after parsing attributes in process `syz.3.243'.
[   60.439278][ T6846] delete_channel: no stack
[   60.519542][ T5944] Bluetooth: hci2: SCO packet for unknown connection handle 200
[   61.160192][ T6876] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   61.592506][ T6903] Driver unsupported XDP return value 0 on prog  (id 24) dev N/A, expect packet loss!
[   61.620376][ T6905] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.625893][ T6905] bond0: (slave rose0): Enslaving as an active interface with an up link
[   61.713952][ T6907] netlink: 8 bytes leftover after parsing attributes in process `syz.0.265'.
[   61.771765][ T6907] tipc: Started in network mode
[   61.773669][ T6907] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[   61.778641][ T6907] tipc: Enabled bearer <udp:s>, priority 10
[   61.841179][  T837] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[   61.926208][ T6912] netlink: 12 bytes leftover after parsing attributes in process `syz.1.267'.
[   61.941526][ T6913] erofs (device loop1): cannot find valid erofs superblock
[   61.944777][ T6912] erofs (device loop1): cannot find valid erofs superblock
[   62.013463][ T6913] veth3: entered promiscuous mode
[   62.015909][ T6913] bridge1: port 1(veth3) entered blocking state
[   62.016929][  T837] usb 8-1: Using ep0 maxpacket: 32
[   62.020372][ T6913] bridge1: port 1(veth3) entered disabled state
[   62.022745][ T6913] veth3: entered allmulticast mode
[   62.024723][  T837] usb 8-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   62.028070][  T837] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   62.032095][  T837] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[   62.039933][  T837] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   62.043740][  T837] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   62.047271][  T837] usb 8-1: Product: Ц
[   62.048605][  T837] usb 8-1: Manufacturer: 쇚ᓭ霼�䷓檘拚駜�疽닿쟞�ꪒᛳ
[   62.051583][  T837] usb 8-1: SerialNumber: 鉌修⽬�뭭婙豣翮棕�⵳⼪湤���懦鼖들�ꡉ怬ﰦ㗬䵰赮ຘ譥ꩬ眪豨倻㥢䳳酋㱷㣜ܭ敼䃯ܙ嫚�暋��䈆㩾⊔ꃡ眠䶣ᾤ䒰趒ꮠ⃿䣪�烽钠킡
[   62.065739][ T6916] veth5: entered promiscuous mode
[   62.066269][ T6922] netlink: 8 bytes leftover after parsing attributes in process `syz.0.269'.
[   62.067788][ T6916] bridge1: port 2(veth5) entered blocking state
[   62.072320][ T6916] bridge1: port 2(veth5) entered disabled state
[   62.074365][ T6916] veth5: entered allmulticast mode
[   62.079813][ T6922] netlink: 'syz.0.269': attribute type 1 has an invalid length.
[   62.083002][ T6922] netlink: 204 bytes leftover after parsing attributes in process `syz.0.269'.
[   62.086986][ T6922] netlink: 8 bytes leftover after parsing attributes in process `syz.0.269'.
[   62.093879][ T6924] lo speed is unknown, defaulting to 1000
[   62.156021][ T6935] geneve2: entered allmulticast mode
[   62.202055][ T6924] sch_fq: defrate 4294967292 ignored.
[   62.267133][  T837] usb 8-1: 0:2 : does not exist
[   62.277775][  T837] usb 8-1: USB disconnect, device number 4
[   62.304153][ T5947] udevd[5947]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   62.304386][ T6944] netlink: 'syz.0.276': attribute type 1 has an invalid length.
[   62.485887][ T6967] input: syz1 as /devices/virtual/input/input5
[   62.721033][ T6972] ptrace attach of "/syz-executor exec"[5928] was attempted by "/syz-executor exec"[6972]
[   62.735929][ T6972] batadv_slave_1: entered promiscuous mode
[   62.800499][ T5997] tipc: Node number set to 4269801488
[   62.935978][ T6978] kvm: user requested TSC rate below hardware speed
[   63.030561][ T6982] netlink: 28 bytes leftover after parsing attributes in process `syz.3.289'.
[   63.034455][ T6982] netlink: 240 bytes leftover after parsing attributes in process `syz.3.289'.
[   63.067976][ T6984] netlink: 'syz.3.290': attribute type 1 has an invalid length.
[   63.077270][ T6985] bond3 (unregistering): Released all slaves
[   63.085949][ T6984] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[   63.169230][ T6993] netlink: 'syz.3.292': attribute type 10 has an invalid length.
[   63.176115][ T6993] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.179196][ T6993] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.188505][ T6993] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.190666][ T6993] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.193895][ T6993] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.196916][ T6993] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.201569][ T6993] bond0: (slave bridge0): Enslaving as an active interface with an up link
[   63.206832][ T6993] bridge_slave_1: left allmulticast mode
[   63.208616][ T6993] bridge_slave_1: left promiscuous mode
[   63.210513][ T6993] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.214712][ T6993] bridge_slave_0: left allmulticast mode
[   63.217008][ T6993] bridge_slave_0: left promiscuous mode
[   63.219220][ T6993] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.232243][ T6993] bond0: (slave bridge0): Releasing backup interface
[   63.283369][ T6962] batadv_slave_1: left promiscuous mode
[   63.335919][  T838] cfg80211: failed to load regulatory.db
[   63.402100][ T7002] PM: Enabling pm_trace changes system date and time during resume.
[   63.402100][ T7002] PM: Correct system time has to be restored manually after resume.
[   63.426301][ T7005] netlink: 4 bytes leftover after parsing attributes in process `syz.3.298'.
[   63.432948][ T7007] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[   63.443087][ T7001] warning: `syz.1.297' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   63.520871][ T7018] syzkaller1: entered promiscuous mode
[   63.522693][ T7018] syzkaller1: entered allmulticast mode
[   63.696952][ T5998] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   63.757739][ T5944] Bluetooth: hci0: ACL packet for unknown connection handle 200
[   63.795709][ T7037] tmpfs: Group quota inode hardlimit too large.
[   63.857570][ T7040] trusted_key: syz.2.310 sent an empty control message without MSG_MORE.
[   63.867042][ T5998] usb 5-1: Using ep0 maxpacket: 32
[   63.870789][ T5998] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[   63.873386][ T5998] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[   63.877381][ T5998] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[   63.880836][ T5998] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[   63.896799][ T5998] usb 5-1: config 0 interface 0 has no altsetting 0
[   63.900739][ T5998] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[   63.903903][ T5998] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[   63.909940][ T5998] usb 5-1: Product: syz
[   63.911327][ T5998] usb 5-1: Manufacturer: syz
[   63.912777][ T5998] usb 5-1: SerialNumber: syz
[   63.915251][ T7047] overlay: Bad value for 'uuid'
[   63.917510][ T7048] vcan0: MTU too low for tipc bearer
[   63.920237][ T5998] usb 5-1: config 0 descriptor??
[   63.922067][ T7048] tipc: Enabling of bearer <eth:vcan0> rejected, failed to enable media
[   63.926457][ T5998] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[   63.932103][ T5998] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[   63.963941][ T7056] netlink: 'syz.2.314': attribute type 6 has an invalid length.
[   64.041406][ T7067] fuse: Bad value for 'fd'
[   64.152789][ T7069] sctp: [Deprecated]: syz.1.320 (pid 7069) Use of int in maxseg socket option.
[   64.152789][ T7069] Use struct sctp_assoc_value instead
[   64.539369][ T7090] FAULT_INJECTION: forcing a failure.
[   64.539369][ T7090] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   64.543460][ T7090] CPU: 2 UID: 0 PID: 7090 Comm: syz.3.326 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[   64.543476][ T7090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   64.543483][ T7090] Call Trace:
[   64.543487][ T7090]  <TASK>
[   64.543491][ T7090]  dump_stack_lvl+0x16c/0x1f0
[   64.543527][ T7090]  should_fail_ex+0x512/0x640
[   64.543548][ T7090]  _copy_from_user+0x2e/0xd0
[   64.543575][ T7090]  copy_msghdr_from_user+0x98/0x160
[   64.543594][ T7090]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   64.543616][ T7090]  ___sys_sendmsg+0xfe/0x1d0
[   64.543632][ T7090]  ? __pfx____sys_sendmsg+0x10/0x10
[   64.543646][ T7090]  ? __lock_acquire+0x622/0x1c90
[   64.543681][ T7090]  __sys_sendmsg+0x16d/0x220
[   64.543697][ T7090]  ? __pfx___sys_sendmsg+0x10/0x10
[   64.543721][ T7090]  do_syscall_64+0xcd/0x4c0
[   64.543738][ T7090]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.543749][ T7090] RIP: 0033:0x7f92e1d8e929
[   64.543758][ T7090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   64.543768][ T7090] RSP: 002b:00007f92e2cb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   64.543778][ T7090] RAX: ffffffffffffffda RBX: 00007f92e1fb5fa0 RCX: 00007f92e1d8e929
[   64.543785][ T7090] RDX: 0000000000008040 RSI: 00002000000003c0 RDI: 0000000000000004
[   64.543791][ T7090] RBP: 00007f92e2cb4090 R08: 0000000000000000 R09: 0000000000000000
[   64.543797][ T7090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   64.543803][ T7090] R13: 0000000000000000 R14: 00007f92e1fb5fa0 R15: 00007ffd8a0efe28
[   64.543816][ T7090]  </TASK>
[   64.693622][ T7101] trusted_key: encrypted_key: master key parameter 'user' is invalid
[   64.701911][ T7101] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7101 comm=syz.2.328
[   64.840271][ T7106] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   64.885029][ T7121] misc userio: No port type given on /dev/userio
[   64.910287][ T7121] loop6: detected capacity change from 0 to 524287999
[   64.912089][ T7123] FAULT_INJECTION: forcing a failure.
[   64.912089][ T7123] name failslab, interval 1, probability 0, space 0, times 1
[   64.917169][ T7123] CPU: 3 UID: 0 PID: 7123 Comm: syz.2.338 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[   64.917185][ T7123] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   64.917192][ T7123] Call Trace:
[   64.917197][ T7123]  <TASK>
[   64.917201][ T7123]  dump_stack_lvl+0x16c/0x1f0
[   64.917221][ T7123]  should_fail_ex+0x512/0x640
[   64.917237][ T7123]  ? __kmalloc_noprof+0xbf/0x510
[   64.917252][ T7123]  ? sock_kmalloc+0x111/0x170
[   64.917263][ T7123]  should_failslab+0xc2/0x120
[   64.917279][ T7123]  __kmalloc_noprof+0xd2/0x510
[   64.917292][ T7123]  ? do_raw_spin_lock+0x12c/0x2b0
[   64.917308][ T7123]  sock_kmalloc+0x111/0x170
[   64.917319][ T7123]  hash_alloc_result+0xd7/0x150
[   64.917336][ T7123]  hash_sendmsg+0x6df/0xfb0
[   64.917358][ T7123]  ____sys_sendmsg+0xa98/0xc70
[   64.917369][ T7123]  ? copy_msghdr_from_user+0x10a/0x160
[   64.917385][ T7123]  ? __pfx_____sys_sendmsg+0x10/0x10
[   64.917403][ T7123]  ___sys_sendmsg+0x134/0x1d0
[   64.917419][ T7123]  ? __pfx____sys_sendmsg+0x10/0x10
[   64.917433][ T7123]  ? __lock_acquire+0x622/0x1c90
[   64.917477][ T7123]  __sys_sendmsg+0x16d/0x220
[   64.917495][ T7123]  ? __pfx___sys_sendmsg+0x10/0x10
[   64.917519][ T7123]  do_syscall_64+0xcd/0x4c0
[   64.917537][ T7123]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.917548][ T7123] RIP: 0033:0x7f265538e929
[   64.917557][ T7123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   64.917568][ T7123] RSP: 002b:00007f2656251038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   64.917578][ T7123] RAX: ffffffffffffffda RBX: 00007f26555b5fa0 RCX: 00007f265538e929
[   64.917584][ T7123] RDX: 0000000000008040 RSI: 00002000000003c0 RDI: 0000000000000004
[   64.917591][ T7123] RBP: 00007f2656251090 R08: 0000000000000000 R09: 0000000000000000
[   64.917596][ T7123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   64.917602][ T7123] R13: 0000000000000000 R14: 00007f26555b5fa0 R15: 00007ffeaa8a14d8
[   64.917616][ T7123]  </TASK>
[   65.336747][   T24] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[   65.480989][ T7135] openvswitch: netlink: IP tunnel dst address not specified
[   65.488474][   T24] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   65.491717][   T24] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   65.494607][   T24] usb 7-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   65.497975][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.502032][   T24] usb 7-1: config 0 descriptor??
[   65.538898][ T7138] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.343' sets config #1
[   65.718581][   T40] kauditd_printk_skb: 24609 callbacks suppressed
[   65.718593][   T40] audit: type=1400 audit(1750534431.639:50003): avc:  denied  { bind } for  pid=7132 comm="syz.2.341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   65.721878][ T5935] usb 7-1: USB disconnect, device number 7
[   66.394652][ T7154] netlink: 'syz.3.347': attribute type 10 has an invalid length.
[   66.402711][ T7154] 8021q: adding VLAN 0 to HW filter on device team0
[   66.407188][ T7154] bond0: (slave team0): Enslaving as an active interface with an up link
[   66.416566][   T40] audit: type=1400 audit(1750534432.329:50004): avc:  denied  { watch_reads } for  pid=7153 comm="syz.3.347" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=3079 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   66.418446][ T7156] __nla_validate_parse: 5 callbacks suppressed
[   66.418455][ T7156] netlink: 28 bytes leftover after parsing attributes in process `syz.2.348'.
[   66.430717][ T7156] netlink: 8 bytes leftover after parsing attributes in process `syz.2.348'.
[   66.479343][  T837] usb 5-1: USB disconnect, device number 7
[   66.479347][    C2] ldusb 5-1:0.0: usb_submit_urb failed (-19)
[   66.484982][  T837] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[   66.512415][ T7162] bridge0: entered promiscuous mode
[   66.514957][ T7162] macvlan2: entered promiscuous mode
[   66.521137][ T7162] netlink: 'syz.2.350': attribute type 1 has an invalid length.
[   66.527742][ T7162] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[   66.569391][ T7165] netlink: 20 bytes leftover after parsing attributes in process `syz.0.351'.
[   66.577074][ T7166] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[   66.617688][ T7170] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[   66.650366][   T40] audit: type=1400 audit(1750534432.569:50005): avc:  denied  { read } for  pid=7172 comm="syz.0.355" name="fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   66.658424][   T40] audit: type=1400 audit(1750534432.569:50006): avc:  denied  { open } for  pid=7172 comm="syz.0.355" path="/dev/fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   66.658451][   T40] audit: type=1400 audit(1750534432.569:50007): avc:  denied  { ioctl } for  pid=7172 comm="syz.0.355" path="/dev/fb1" dev="devtmpfs" ino=640 ioctlcmd=0x4610 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   66.927263][   T40] audit: type=1400 audit(1750534432.849:50008): avc:  denied  { ioctl } for  pid=7189 comm="syz.0.361" path="/dev/ndctl0" dev="devtmpfs" ino=109 ioctlcmd=0xaea3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[   66.941421][   T40] audit: type=1400 audit(1750534432.849:50009): avc:  denied  { read write } for  pid=7189 comm="syz.0.361" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[   66.956755][   T40] audit: type=1400 audit(1750534432.849:50010): avc:  denied  { open } for  pid=7189 comm="syz.0.361" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[   66.964178][   T40] audit: type=1400 audit(1750534432.849:50011): avc:  denied  { ioctl } for  pid=7189 comm="syz.0.361" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x937d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[   66.999242][ T7190] could not allocate digest TFM handle crc32c-intel
[   67.035103][ T7195] tipc: New replicast peer: 255.255.255.255
[   67.038451][ T7195] tipc: Enabled bearer <udp:syz2>, priority 10
[   67.040942][   T40] audit: type=1400 audit(1750534432.959:50012): avc:  denied  { write } for  pid=7194 comm="syz.0.363" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   67.044858][ T7195] program syz.0.363 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   67.119544][ T7200] netlink: 24 bytes leftover after parsing attributes in process `syz.2.365'.
[   67.223510][ T7215] netlink: 12 bytes leftover after parsing attributes in process `syz.3.362'.
[   67.295127][ T7230] fuse: Unknown parameter ''
[   67.297905][ T7230] fuse: Unknown parameter ''
[   67.299581][ T7230] fuse: Unknown parameter ''
[   67.301397][ T7233] netlink: 'syz.0.376': attribute type 3 has an invalid length.
[   67.302261][ T7230] fuse: Unknown parameter ''
[   67.303966][ T7233] netlink: 'syz.0.376': attribute type 1 has an invalid length.
[   67.315184][ T7237] tipc: Can't bind to reserved service type 0
[   67.323191][ T7237] 9pnet_fd: Insufficient options for proto=fd
[   67.358525][ T7243] netlink: 8 bytes leftover after parsing attributes in process `syz.1.381'.
[   67.420103][ T7243] netlink: 28 bytes leftover after parsing attributes in process `syz.1.381'.
[   67.440770][ T7250] vlan2: entered allmulticast mode
[   67.442452][ T7250] bond0: entered allmulticast mode
[   67.444144][ T7250] bond_slave_0: entered allmulticast mode
[   67.445931][ T7250] bond_slave_1: entered allmulticast mode
[   67.448212][ T7252] random: crng reseeded on system resumption
[   67.520861][ T7257] netlink: 12 bytes leftover after parsing attributes in process `syz.1.387'.
[   67.586623][ T7262] netlink: 8 bytes leftover after parsing attributes in process `syz.0.389'.
[   67.591008][ T7262] netlink: 'syz.0.389': attribute type 2 has an invalid length.
[   67.595158][ T7262] netlink: 8 bytes leftover after parsing attributes in process `syz.0.389'.
[   67.706761][ T5935] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[   67.742633][ T7285] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[   67.742689][ T7284] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[   67.745568][ T7285] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[   67.751054][ T7284] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[   67.814934][ T7285] overlayfs: overlapping lowerdir path
[   67.846711][ T5935] usb 7-1: device descriptor read/64, error -71
[   68.107754][ T5935] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[   68.239123][ T5935] usb 7-1: device descriptor read/64, error -71
[   68.356922][ T5935] usb usb7-port1: attempt power cycle
[   68.383476][ T7301] overlay: Unknown parameter 'mask'
[   68.418116][ T7303] xt_hashlimit: size too large, truncated to 1048576
[   68.428648][ T7304] xt_hashlimit: size too large, truncated to 1048576
[   68.627791][ T7314] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7314 comm=syz.3.402
[   68.706761][ T5935] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[   68.737222][ T5935] usb 7-1: device descriptor read/8, error -71
[   68.986825][ T5935] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[   69.007965][ T5935] usb 7-1: device descriptor read/8, error -71
[   69.029155][ T7346] bridge0: entered promiscuous mode
[   69.127110][ T5935] usb usb7-port1: unable to enumerate USB device
[   69.653365][ T7379] mmap: syz.1.425 (7379): VmData 37466112 exceed data ulimit 4. Update limits or use boot option ignore_rlimit_data.
[   69.862861][ T7386] netlink: 'syz.3.427': attribute type 1 has an invalid length.
[   70.753365][ T7426] No control pipe specified
[   70.761763][ T5944] Bluetooth: hci0: unexpected event 0x2c length: 15 < 17
[   70.835823][   T40] kauditd_printk_skb: 28 callbacks suppressed
[   70.835834][   T40] audit: type=1400 audit(1750534436.749:50041): avc:  denied  { bind } for  pid=7435 comm="syz.3.442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   70.873624][   T40] audit: type=1400 audit(1750534436.789:50042): avc:  denied  { connect } for  pid=7435 comm="syz.3.442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   70.877986][ T7436] ip6tnl2: entered promiscuous mode
[   70.896230][   T40] audit: type=1804 audit(1750534436.809:50043): pid=7442 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.444" name="/newroot/96/file0" dev="tmpfs" ino=547 res=1 errno=0
[   70.899984][ T7442] bridge0: port 3(syz_tun) entered blocking state
[   70.905495][ T7442] bridge0: port 3(syz_tun) entered disabled state
[   70.907929][ T7442] syz_tun: entered allmulticast mode
[   70.910314][ T7442] syz_tun: entered promiscuous mode
[   70.912212][ T7442] bridge0: port 3(syz_tun) entered blocking state
[   70.914336][ T7442] bridge0: port 3(syz_tun) entered forwarding state
[   70.921398][ T7442] syz_tun: left allmulticast mode
[   70.922987][ T7442] syz_tun: left promiscuous mode
[   70.924588][ T7442] bridge0: port 3(syz_tun) entered disabled state
[   70.928020][   T40] audit: type=1400 audit(1750534436.839:50044): avc:  denied  { view } for  pid=7435 comm="syz.3.442" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[   70.939165][ T7442] bridge_slave_0: left allmulticast mode
[   70.941189][ T7442] bridge_slave_0: left promiscuous mode
[   70.943098][ T7442] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.948117][ T7442] bridge_slave_1: left allmulticast mode
[   70.949947][ T7442] bridge_slave_1: left promiscuous mode
[   70.952131][ T7442] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.958211][ T7442] bond0: (slave bond_slave_0): Releasing backup interface
[   70.962471][ T7442] bond0: (slave bond_slave_1): Releasing backup interface
[   70.974698][ T7442] team0: Port device team_slave_0 removed
[   70.982430][ T7442] team0: Port device team_slave_1 removed
[   70.984724][ T7442] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   70.987515][ T7442] batman_adv: batadv0: Removing interface: batadv_slave_0
[   70.990688][ T7442] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   70.993580][ T7442] batman_adv: batadv0: Removing interface: batadv_slave_1
[   71.087413][ T7447] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[   71.090636][ T7447] netlink: 'syz.3.445': attribute type 10 has an invalid length.
[   71.093521][ T7447] hsr0: entered promiscuous mode
[   71.097011][ T7447] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[   71.100340][ T7447] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[   71.104180][ T7447] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[   71.130245][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[   71.132401][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[   71.154471][   T40] audit: type=1400 audit(1750534437.069:50045): avc:  denied  { ioctl } for  pid=7450 comm="syz.3.446" path="socket:[14137]" dev="sockfs" ino=14137 ioctlcmd=0x9439 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   71.231507][   T40] audit: type=1400 audit(1750534437.149:50046): avc:  denied  { module_load } for  pid=7459 comm="syz.2.449" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=3080 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[   71.360825][ T7474] openvswitch: netlink: Message has 8 unknown bytes.
[   71.373400][ T7477] sch_tbf: burst 19872 is lower than device lo mtu (39799) !
[   71.392744][   T40] audit: type=1400 audit(1750534437.309:50047): avc:  denied  { ioctl } for  pid=7478 comm="syz.3.456" path="socket:[16279]" dev="sockfs" ino=16279 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   71.421169][ T7481] openvswitch: netlink: Missing key (keys=40, expected=2000)
[   71.423691][ T7481] openvswitch: netlink: Missing key (keys=40, expected=2000)
[   71.426091][ T7481] openvswitch: netlink: Missing key (keys=40, expected=2000)
[   71.429843][ T7481] openvswitch: netlink: Missing key (keys=40, expected=2000)
[   71.432719][ T7481] openvswitch: netlink: Missing key (keys=40, expected=2000)
[   71.435835][ T7481] openvswitch: netlink: Missing key (keys=40, expected=2000)
[   71.438919][ T7481] openvswitch: netlink: Missing key (keys=40, expected=2000)
[   71.441377][ T7481] openvswitch: netlink: Missing key (keys=40, expected=2000)
[   71.443819][ T7481] openvswitch: netlink: Missing key (keys=40, expected=2000)
[   71.451703][   T40] audit: type=1400 audit(1750534437.369:50048): avc:  denied  { read } for  pid=5326 comm="acpid" name="mouse2" dev="devtmpfs" ino=2906 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[   71.461092][   T40] audit: type=1400 audit(1750534437.369:50049): avc:  denied  { open } for  pid=5326 comm="acpid" path="/dev/input/mouse2" dev="devtmpfs" ino=2906 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[   71.468255][   T40] audit: type=1400 audit(1750534437.369:50050): avc:  denied  { ioctl } for  pid=5326 comm="acpid" path="/dev/input/mouse2" dev="devtmpfs" ino=2906 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[   71.502748][ T7493] netlink: 'syz.3.460': attribute type 5 has an invalid length.
[   71.547379][ T7500] lo speed is unknown, defaulting to 1000
[   71.896206][ T7523] exFAT-fs (nullb0): mounting with "discard" option, but the device does not support discard
[   71.900824][ T7523] exFAT-fs (nullb0): invalid boot record signature
[   71.903257][ T7523] exFAT-fs (nullb0): failed to read boot sector
[   71.905219][ T7523] exFAT-fs (nullb0): failed to recognize exfat type
[   71.926233][ T7525] __nla_validate_parse: 41 callbacks suppressed
[   71.926243][ T7525] netlink: 4 bytes leftover after parsing attributes in process `syz.3.472'.
[   71.933929][ T7525] netlink: 4 bytes leftover after parsing attributes in process `syz.3.472'.
[   71.937403][ T7525] netlink: 60 bytes leftover after parsing attributes in process `syz.3.472'.
[   71.989367][ T5944] Bluetooth: hci0: unexpected event for opcode 0x2006
[   72.067664][ T7540] netlink: 12 bytes leftover after parsing attributes in process `syz.2.476'.
[   72.077435][ T7540] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   72.080283][ T7540] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   72.082991][ T7540] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   72.085681][ T7540] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   72.088989][ T7540] vxlan0: entered promiscuous mode
[   72.126339][ T7543] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   72.129428][ T7543] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   72.132282][ T7543] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   72.135011][ T7543] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   72.169715][ T7549] tmpfs: Unknown parameter '&æ}¾"'
[   72.201154][ T7551] tmpfs: Group quota inode hardlimit too large.
[   72.208417][ T5997] hid-generic 0000:007F:FFFFFFFE.0003: unknown main item tag 0x0
[   72.210947][ T5997] hid-generic 0000:007F:FFFFFFFE.0003: unknown main item tag 0x0
[   72.213394][ T5997] hid-generic 0000:007F:FFFFFFFE.0003: unknown main item tag 0x0
[   72.215894][ T5997] hid-generic 0000:007F:FFFFFFFE.0003: unknown main item tag 0x0
[   72.219766][ T5997] hid-generic 0000:007F:FFFFFFFE.0003: collection stack underflow
[   72.222171][ T5997] hid-generic 0000:007F:FFFFFFFE.0003: item 0 0 0 12 parsing failed
[   72.224861][ T5997] hid-generic 0000:007F:FFFFFFFE.0003: probe with driver hid-generic failed with error -22
[   72.254667][ T5944] Bluetooth: hci2: unexpected event for opcode 0x2039
[   72.258355][ T7553] netlink: 'syz.3.482': attribute type 10 has an invalid length.
[   72.260809][ T7553] netlink: 40 bytes leftover after parsing attributes in process `syz.3.482'.
[   72.263733][ T7553] dummy0: entered promiscuous mode
[   72.641846][ T7563] FAT-fs (sr0): bogus number of reserved sectors
[   72.645023][ T7563] FAT-fs (sr0): Can't find a valid FAT filesystem
[   73.975973][ T7570] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   74.654273][ T7603] xt_time: unknown flags 0xb4
[   74.659773][ T7603] xt_l2tp: missing protocol rule (udp|l2tpip)
[   74.766744][   T24] usb 7-1: new low-speed USB device number 12 using dummy_hcd
[   74.914279][ T7616] set match dimension is over the limit!
[   74.918021][   T24] usb 7-1: config 115 has no interfaces?
[   74.920277][   T24] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   74.923092][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.948386][ T7618] mkiss: ax0: crc mode is auto.
[   75.223470][ T7623] netlink: 'syz.3.508': attribute type 1 has an invalid length.
[   75.331053][ T7597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   75.334097][ T7597] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   75.346058][   T85] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.349235][   T85] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.354473][ T7597] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   75.399060][   T24] usb 7-1: string descriptor 0 read error: -71
[   75.406367][   T24] usb 7-1: USB disconnect, device number 12
[   75.891913][   T40] kauditd_printk_skb: 48 callbacks suppressed
[   75.891927][   T40] audit: type=1400 audit(1750534441.809:50099): avc:  denied  { read } for  pid=7631 comm="syz.0.511" name="file0" dev="tmpfs" ino=575 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   75.903366][   T40] audit: type=1400 audit(1750534441.809:50100): avc:  denied  { open } for  pid=7631 comm="syz.0.511" path="/103/file0" dev="tmpfs" ino=575 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   75.912377][   T40] audit: type=1400 audit(1750534441.809:50101): avc:  denied  { ioctl } for  pid=7631 comm="syz.0.511" path="/103/file0" dev="tmpfs" ino=575 ioctlcmd=0x1285 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   75.980899][ T7639] netlink: 'syz.0.514': attribute type 1 has an invalid length.
[   76.114459][ T7652] netlink: 12 bytes leftover after parsing attributes in process `syz.0.520'.
[   76.161064][ T7657] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0
[   76.183693][ T7661] bridge_slave_0: left allmulticast mode
[   76.185511][ T7661] bridge_slave_0: left promiscuous mode
[   76.188186][ T7661] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.192169][ T7661] bridge_slave_1: left allmulticast mode
[   76.193955][ T7661] bridge_slave_1: left promiscuous mode
[   76.195785][ T7661] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.201198][ T7661] bond0: (slave bond_slave_0): Releasing backup interface
[   76.203685][ T7661] bond_slave_0: left allmulticast mode
[   76.208571][ T7661] bond0: (slave bond_slave_1): Releasing backup interface
[   76.211503][ T7661] bond_slave_1: left allmulticast mode
[   76.221798][ T7661] team0: Port device team_slave_0 removed
[   76.227817][ T7661] team0: Port device team_slave_1 removed
[   76.230154][ T7661] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   76.232557][ T7661] batman_adv: batadv0: Removing interface: batadv_slave_0
[   76.235545][ T7661] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   76.239312][ T7661] batman_adv: batadv0: Removing interface: batadv_slave_1
[   76.246751][   T29] lo speed is unknown, defaulting to 1000
[   76.260922][ T7662] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.522'.
[   76.269031][   T40] audit: type=1400 audit(1750534442.189:50102): avc:  denied  { bind } for  pid=7658 comm="syz.3.522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   76.272493][ T7665] xt_cluster: you have exceeded the maximum number of cluster nodes (4095 > 32)
[   76.283094][   T40] audit: type=1400 audit(1750534442.199:50103): avc:  denied  { create } for  pid=7664 comm="syz.0.524" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=netlink_route_socket permissive=1
[   76.286406][ T7665] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[   76.289606][   T40] audit: type=1400 audit(1750534442.199:50104): avc:  denied  { create } for  pid=7664 comm="syz.0.524" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=unix_dgram_socket permissive=1
[   76.299683][   T40] audit: type=1400 audit(1750534442.199:50105): avc:  denied  { bind } for  pid=7664 comm="syz.0.524" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=unix_dgram_socket permissive=1
[   76.305894][   T40] audit: type=1400 audit(1750534442.199:50106): avc:  denied  { write } for  pid=7664 comm="syz.0.524" path="/109/file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=unix_dgram_socket permissive=1
[   76.312757][   T40] audit: type=1400 audit(1750534442.199:50107): avc:  denied  { sendto } for  pid=7664 comm="syz.0.524" path="/109/file0" scontext=system_u:object_r:hugetlbfs_t tcontext=system_u:object_r:hugetlbfs_t tclass=unix_dgram_socket permissive=1
[   76.319752][   T40] audit: type=1400 audit(1750534442.199:50108): avc:  denied  { create } for  pid=7664 comm="syz.0.524" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=netlink_generic_socket permissive=1
[   76.329578][ T7667] syz_tun: entered promiscuous mode
[   76.332696][ T7667] syz_tun: left promiscuous mode
[   76.406715][   T24] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[   76.409179][ T7670] tc_dump_action: action bad kind
[   76.436613][ T7672] netlink: 8 bytes leftover after parsing attributes in process `syz.0.527'.
[   76.441065][ T7672] bond0: entered promiscuous mode
[   76.506364][ T7678] bridge2: entered promiscuous mode
[   76.578765][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[   76.582112][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[   76.585386][   T24] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[   76.588434][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.592123][   T24] usb 7-1: config 0 descriptor??
[   76.595847][ T7657] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   77.070574][ T7688] netlink: 4 bytes leftover after parsing attributes in process `syz.3.532'.
[   77.074464][ T7688] netlink: 12 bytes leftover after parsing attributes in process `syz.3.532'.
[   77.207409][ T7695] netlink: 8 bytes leftover after parsing attributes in process `syz.3.535'.
[   77.210231][ T7695] netlink: 24 bytes leftover after parsing attributes in process `syz.3.535'.
[   77.484650][ T7705] netlink: 24 bytes leftover after parsing attributes in process `syz.0.538'.
[   77.562868][ T7713] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=32768 sclass=netlink_route_socket pid=7713 comm=syz.3.540
[   77.570255][   T24] usbhid 7-1:0.0: can't add hid device: -71
[   77.572273][   T24] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[   77.575769][   T24] usb 7-1: USB disconnect, device number 13
[   78.460905][ T6021] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[   78.606742][ T6021] usb 7-1: Using ep0 maxpacket: 8
[   78.609953][ T6021] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   78.613187][ T6021] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   78.615897][ T6021] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.620050][ T6021] usb 7-1: config 0 descriptor??
[   78.766832][ T5997] usb 8-1: new full-speed USB device number 5 using dummy_hcd
[   78.949391][ T5997] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   78.952518][ T5997] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   78.957768][ T5997] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   78.960611][ T5997] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   79.020888][ T7762] netlink: 8 bytes leftover after parsing attributes in process `syz.0.554'.
[   79.023579][ T7762] netlink: 24 bytes leftover after parsing attributes in process `syz.0.554'.
[   79.049846][ T6021] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[   79.057890][ T6021] usb 7-1: USB disconnect, device number 14
[   79.171659][ T5997] usb 8-1: GET_CAPABILITIES returned 0
[   79.173380][ T5997] usbtmc 8-1:16.0: can't read capabilities
[   79.181414][ T5997] usb 8-1: USB disconnect, device number 5
[   79.247807][ T7773] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[   79.247807][ T7773] The task syz.0.556 (7773) triggered the difference, watch for misbehavior.
[   79.270106][ T7774] can0: slcan on ptm0.
[   79.356930][ T7774] block device autoloading is deprecated and will be removed.
[   79.477469][ T7774] can0 (unregistered): slcan off ptm0.
[   79.519329][ T7776] netlink: 'syz.3.558': attribute type 10 has an invalid length.
[   79.525308][ T7776] netlink: 'syz.3.558': attribute type 10 has an invalid length.
[   79.821912][   T24] hid (null): unknown global tag 0xdf
[   79.825975][   T24] hid (null): report_id 20580 is invalid
[   79.831950][   T24] hid (null): unknown global tag 0xe
[   79.839972][   T24] hid-generic 0007:0007:0800.0004: unknown main item tag 0x0
[   79.844991][   T24] hid-generic 0007:0007:0800.0004: unknown main item tag 0x1
[   79.854342][   T24] hid-generic 0007:0007:0800.0004: unexpected long global item
[   79.860267][   T24] hid-generic 0007:0007:0800.0004: probe with driver hid-generic failed with error -22
[   79.910768][ T7806] netlink: 36 bytes leftover after parsing attributes in process `syz.3.569'.
[   79.997779][ T7809] pim6reg1: entered promiscuous mode
[   79.999498][ T7809] pim6reg1: entered allmulticast mode
[   80.104544][ T7818] netlink: 8 bytes leftover after parsing attributes in process `syz.0.572'.
[   80.110721][ T7818] netlink: 4 bytes leftover after parsing attributes in process `syz.0.572'.
[   80.114089][ T7818] netlink: 'syz.0.572': attribute type 12 has an invalid length.
[   80.197577][ T7822] netlink: 'syz.0.573': attribute type 5 has an invalid length.
[   80.258491][ T7826] syzkaller1: entered promiscuous mode
[   80.260192][ T7826] syzkaller1: entered allmulticast mode
[   80.996947][ T7858] cgroup: subsys name conflicts with all
[   81.034613][   T40] kauditd_printk_skb: 25 callbacks suppressed
[   81.034628][   T40] audit: type=1400 audit(1750534446.949:50134): avc:  denied  { getopt } for  pid=7859 comm="syz.3.586" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   81.211385][ T7872] netlink: 'syz.3.590': attribute type 3 has an invalid length.
[   81.680503][ T7915] tmpfs: Bad value for 'mpol'
[   81.696208][ T7919] net_ratelimit: 57 callbacks suppressed
[   81.696220][ T7919] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   81.990903][ T7938] program syz.2.611 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   82.032242][   T40] audit: type=1400 audit(1750534447.949:50135): avc:  denied  { write } for  pid=7934 comm="syz.3.610" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   82.216222][ T7951] bond0: entered promiscuous mode
[   82.218384][ T7951] bond_slave_0: entered promiscuous mode
[   82.220722][ T7951] bond_slave_1: entered promiscuous mode
[   82.222858][ T7951] team0: entered promiscuous mode
[   82.224939][ T7951] team_slave_0: entered promiscuous mode
[   82.228379][ T7951] team_slave_1: entered promiscuous mode
[   82.271548][ T7953] bridge4: entered promiscuous mode
[   82.273518][ T7953] bridge4: entered allmulticast mode
[   82.281244][   T40] audit: type=1400 audit(1750534448.199:50136): avc:  denied  { mount } for  pid=7947 comm="syz.2.613" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[   82.352500][ T5944] Bluetooth: hci2: unexpected event for opcode 0x0413
[   82.382931][ T7966] __nla_validate_parse: 7 callbacks suppressed
[   82.382943][ T7966] netlink: 8 bytes leftover after parsing attributes in process `syz.3.618'.
[   82.388045][ T7966] netlink: 4 bytes leftover after parsing attributes in process `syz.3.618'.
[   82.499531][ T1467] libceph: connect (1)[c::]:6789 error -101
[   82.502048][ T1467] libceph: mon0 (1)[c::]:6789 connect error
[   82.522441][   T40] audit: type=1400 audit(1750534448.439:50137): avc:  denied  { write } for  pid=7974 comm="syz.0.621" path="socket:[30856]" dev="sockfs" ino=30856 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[   82.531659][   T40] audit: type=1400 audit(1750534448.449:50138): avc:  denied  { read } for  pid=7974 comm="syz.0.621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[   82.539963][   T40] audit: type=1400 audit(1750534448.449:50139): avc:  denied  { write } for  pid=7974 comm="syz.0.621" name="usbmon6" dev="devtmpfs" ino=756 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   82.547272][ T1467] libceph: connect (1)[c::]:6789 error -101
[   82.550911][ T1467] libceph: mon0 (1)[c::]:6789 connect error
[   82.618181][ T7971] ceph: No mds server is up or the cluster is laggy
[   82.618409][ T7976] ceph: No mds server is up or the cluster is laggy
[   82.670896][   T40] audit: type=1400 audit(1750534448.589:50140): avc:  denied  { unmount } for  pid=5931 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[   82.698797][ T7993] netlink: 'syz.3.624': attribute type 10 has an invalid length.
[   82.701165][ T7993] hsr_slave_0: entered allmulticast mode
[   82.703344][ T7993] team0: Device hsr_slave_0 is up. Set it down before adding it as a team port
[   82.815931][ T8002] netlink: 'syz.1.630': attribute type 1 has an invalid length.
[   82.829744][ T8002] 8021q: adding VLAN 0 to HW filter on device bond1
[   82.854995][ T8002] bond1: (slave geneve2): making interface the new active one
[   82.858667][ T8002] bond1: (slave geneve2): Enslaving as an active interface with an up link
[   82.863048][   T40] audit: type=1400 audit(1750534448.779:50141): avc:  denied  { map } for  pid=8000 comm="syz.1.630" path="/proc/355/task/356/smaps" dev="proc" ino=30639 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[   82.863139][ T8002] netlink: 8 bytes leftover after parsing attributes in process `syz.1.630'.
[   82.880985][   T40] audit: type=1400 audit(1750534448.799:50142): avc:  denied  { write } for  pid=8011 comm="syz.0.633" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   82.883299][ T8012] netlink: 12 bytes leftover after parsing attributes in process `syz.0.633'.
[   82.896853][   T40] audit: type=1400 audit(1750534448.809:50143): avc:  denied  { getopt } for  pid=8011 comm="syz.0.633" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   83.026834][ T6157] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[   83.075085][ T8025] binder: 8023:8025 ioctl 400c620e 200000001580 returned -22
[   83.075630][ T8026] binder: 8023:8026 ioctl 400c620e 200000001580 returned -22
[   83.081238][ T8025] fuse: Bad value for 'user_id'
[   83.082800][ T8025] fuse: Bad value for 'user_id'
[   83.142589][ T8028] netlink: 'syz.1.639': attribute type 23 has an invalid length.
[   83.179064][ T6157] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[   83.182367][ T6157] usb 8-1: config 0 interface 0 has no altsetting 0
[   83.186216][ T6157] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[   83.191037][ T6157] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[   83.193506][ T6157] usb 8-1: Product: syz
[   83.194871][ T6157] usb 8-1: Manufacturer: syz
[   83.196238][ T6157] usb 8-1: SerialNumber: syz
[   83.202569][ T6157] usb 8-1: config 0 descriptor??
[   83.206925][ T6157] usb 8-1: selecting invalid altsetting 0
[   83.307177][ T8048] program syz.0.644 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   83.413695][ T6157] usb 8-1: USB disconnect, device number 6
[   83.638536][ T8003] netlink: 12 bytes leftover after parsing attributes in process `syz.3.629'.
[   83.656236][ T8003] 8021q: adding VLAN 0 to HW filter on device bond3
[   83.692325][ T8062] use of bytesused == 0 is deprecated and will be removed in the future,
[   83.695397][ T8062] use the actual size instead.
[   84.079800][ T8088] input: syz0 as /devices/virtual/input/input9
[   84.163308][ T8093] PM: Enabling pm_trace changes system date and time during resume.
[   84.163308][ T8093] PM: Correct system time has to be restored manually after resume.
[   84.188373][ T8095] ip6t_rpfilter: unknown options
[   84.305222][ T8108] netlink: 8 bytes leftover after parsing attributes in process `syz.1.664'.
[   84.308147][ T8108] netlink: 4 bytes leftover after parsing attributes in process `syz.1.664'.
[   84.313483][ T8108] netlink: 12 bytes leftover after parsing attributes in process `syz.1.664'.
[   84.319385][ T8108] xfrm1: entered promiscuous mode
[   84.320955][ T8108] xfrm1: entered allmulticast mode
[   84.665270][ T8133] fuse: Bad value for 'fd'
[   85.332088][ T8145] rtc_cmos 00:05: Alarms can be up to one day in the future
[   85.557128][ T8165] netlink: 8 bytes leftover after parsing attributes in process `syz.2.682'.
[   85.559988][ T8165] netlink: 24 bytes leftover after parsing attributes in process `syz.2.682'.
[   85.615782][ T8175] random: crng reseeded on system resumption
[   85.812844][ T8183] loop2: detected capacity change from 0 to 7
[   85.819443][ T5929]  loop2:
[   85.820684][ T5929] loop2: partition table partially beyond EOD, truncated
[   85.836318][ T8183]  loop2:
[   85.839273][ T8183] loop2: partition table partially beyond EOD, truncated
[   85.843403][ T5341]  loop2:
[   85.844622][ T5341] loop2: partition table partially beyond EOD, truncated
[   86.003138][ T5935] rtc_cmos 00:05: Alarms can be up to one day in the future
[   86.006536][ T5935] rtc_cmos 00:05: Alarms can be up to one day in the future
[   86.010675][ T5935] rtc_cmos 00:05: Alarms can be up to one day in the future
[   86.015297][ T5935] rtc_cmos 00:05: Alarms can be up to one day in the future
[   86.019317][ T5935] rtc rtc0: __rtc_set_alarm: err=-22
[   86.158147][ T5944] Bluetooth: hci0: command 0x040f tx timeout
[   86.160772][ T1467] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[   86.163679][ T1467] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[   86.179157][   T40] kauditd_printk_skb: 21 callbacks suppressed
[   86.179170][   T40] audit: type=1400 audit(1750534452.099:50165): avc:  denied  { unmount } for  pid=5929 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[   86.221023][ T8208] loop2: detected capacity change from 0 to 7
[   86.225153][ T5947]  loop2:
[   86.226291][ T5947] loop2: partition table partially beyond EOD, truncated
[   86.242518][ T8208]  loop2:
[   86.243536][ T8208] loop2: partition table partially beyond EOD, truncated
[   86.283240][ T8212] SELinux: security policydb version 18 (MLS) not backwards compatible
[   86.284554][   T40] audit: type=1400 audit(1750534452.199:50166): avc:  denied  { load_policy } for  pid=8211 comm="syz.0.702" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   86.289229][ T8212] SELinux: failed to load policy
[   86.302850][ T8214] SELinux: security policydb version 18 (MLS) not backwards compatible
[   86.306017][ T8214] SELinux: failed to load policy
[   86.369990][ T8217] unsupported nla_type 14345
[   86.398443][ T5944] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[   86.403159][ T5944] Bluetooth: hci2: Injecting HCI hardware error event
[   86.407291][ T5936] Bluetooth: hci2: hardware error 0x00
[   86.558085][   T40] audit: type=1400 audit(1750534452.479:50167): avc:  denied  { getopt } for  pid=8225 comm="syz.0.707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[   86.620949][ T8234] loop2: detected capacity change from 0 to 7
[   86.624966][ T8234]  loop2:
[   86.626078][ T8234] loop2: partition table partially beyond EOD, truncated
[   86.759509][ T8256] netlink: 'syz.2.717': attribute type 1 has an invalid length.
[   86.770928][   T40] audit: type=1400 audit(1750534452.689:50168): avc:  denied  { unmount } for  pid=8259 comm="syz.0.716" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   86.813214][ T8265] netlink: 'syz.2.718': attribute type 1 has an invalid length.
[   86.838296][ T8265] 8021q: adding VLAN 0 to HW filter on device bond1
[   87.044674][ T8300] vlan2: entered allmulticast mode
[   87.120682][   T40] audit: type=1400 audit(1750534453.039:50169): avc:  denied  { setattr } for  pid=5929 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   87.481327][ T8328] syzkaller0: entered promiscuous mode
[   87.483504][ T8328] syzkaller0: entered allmulticast mode
[   87.496940][ T8328] vcan0: entered allmulticast mode
[   88.236842][ T5944] Bluetooth: hci1: command 0x040f tx timeout
[   88.244894][ T1467] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[   88.248140][ T1467] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[   88.487089][ T5936] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[   88.717932][ T8356] cgroup: No subsys list or none specified
[   88.841189][ T8370] syz.3.751 (8370) used obsolete PPPIOCDETACH ioctl
[   88.961412][   T40] audit: type=1400 audit(1750534454.879:50170): avc:  denied  { nlmsg_read } for  pid=8380 comm="syz.0.755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   89.036489][ T8389] misc userio: Invalid payload size
[   89.239196][ T8409] lo speed is unknown, defaulting to 1000
[   89.249950][ T8410] __nla_validate_parse: 12 callbacks suppressed
[   89.249965][ T8410] netlink: 8 bytes leftover after parsing attributes in process `syz.3.763'.
[   89.379438][ T8428] fuse: Bad value for 'fd'
[   89.394744][ T8431] ip6t_srh: unknown srh invflags 7D00
[   89.429032][ T8436] syz_tun: entered allmulticast mode
[   89.431758][ T8434] syz_tun: left allmulticast mode
[   89.446308][ T8437] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[   89.456204][ T8437] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[   89.463824][ T8437] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[   89.463829][   T40] audit: type=1400 audit(1750534455.379:50171): avc:  denied  { firmware_load } for  pid=8433 comm="syz.3.770" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   89.509024][   T40] audit: type=1326 audit(1750534455.429:50172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8445 comm="syz.1.773" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6d9bf8e929 code=0x0
[   89.630705][ T8452] netlink: 'syz.0.775': attribute type 10 has an invalid length.
[   89.638839][ T8452] 8021q: adding VLAN 0 to HW filter on device team0
[   89.642139][ T8452] team0: entered promiscuous mode
[   89.644200][ T8452] team0: entered allmulticast mode
[   89.646285][ T8452] bond0: (slave team0): Enslaving as an active interface with an up link
[   89.655460][   T40] audit: type=1400 audit(1750534455.569:50173): avc:  denied  { read write } for  pid=8451 comm="syz.0.775" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   89.656428][ T8452] loop6: detected capacity change from 0 to 524287999
[   89.668210][ T8452] Buffer I/O error on dev loop6, logical block 0, async page read
[   89.670772][ T8452] Buffer I/O error on dev loop6, logical block 0, async page read
[   89.673687][ T8452] Buffer I/O error on dev loop6, logical block 0, async page read
[   89.676273][ T8452] Buffer I/O error on dev loop6, logical block 0, async page read
[   89.681342][   T40] audit: type=1400 audit(1750534455.569:50174): avc:  denied  { open } for  pid=8451 comm="syz.0.775" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   89.681837][ T8452] Buffer I/O error on dev loop6, logical block 0, async page read
[   89.691122][ T8452] Buffer I/O error on dev loop6, logical block 0, async page read
[   89.694643][ T8452] Buffer I/O error on dev loop6, logical block 0, async page read
[   89.697841][ T8452] Buffer I/O error on dev loop6, logical block 0, async page read
[   89.700323][ T8452] ldm_validate_partition_table(): Disk read failed.
[   89.702408][ T8452] Buffer I/O error on dev loop6, logical block 0, async page read
[   89.704886][ T8452] Buffer I/O error on dev loop6, logical block 0, async page read
[   89.708188][ T8452] Dev loop6: unable to read RDB block 0
[   89.710156][ T8452]  loop6: unable to read partition table
[   89.712012][ T8452] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[   89.717104][ T8458] ldm_validate_partition_table(): Disk read failed.
[   89.719483][ T8458] Dev loop6: unable to read RDB block 0
[   89.721512][ T8458]  loop6: unable to read partition table
[   89.860648][ T5341] ldm_validate_partition_table(): Disk read failed.
[   89.862913][ T5341] Dev loop6: unable to read RDB block 0
[   89.864863][ T5341]  loop6: unable to read partition table
[   89.944827][ T8470] netlink: 16 bytes leftover after parsing attributes in process `syz.1.781'.
[   89.965723][ T8470] netlink: 48 bytes leftover after parsing attributes in process `syz.1.781'.
[   89.975164][ T8470] netlink: 24 bytes leftover after parsing attributes in process `syz.1.781'.
[   90.045687][ T8478] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[   90.048076][ T8478] UDF-fs: Scanning with blocksize 2048 failed
[   90.051466][ T8478] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[   90.053835][ T8478] UDF-fs: Scanning with blocksize 4096 failed
[   90.321414][ T8515] netlink: 4 bytes leftover after parsing attributes in process `syz.3.794'.
[   90.348947][  T837] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   90.403633][ T8515] hsr_slave_1 (unregistering): left promiscuous mode
[   90.497854][  T837] usb 5-1: too many configurations: 151, using maximum allowed: 8
[   90.514069][  T837] usb 5-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7
[   90.518016][  T837] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130
[   90.521006][  T837] usb 5-1: Product: syz
[   90.522789][  T837] usb 5-1: Manufacturer: syz
[   90.526727][  T837] usb 5-1: SerialNumber: syz
[   90.530937][  T837] usb 5-1: config 0 descriptor??
[   90.556806][ T5936] Bluetooth: hci3: command 0x040f tx timeout
[   90.558783][ T1467] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[   90.560693][ T1467] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[   90.666168][ T8538] netlink: 4 bytes leftover after parsing attributes in process `syz.1.803'.
[   90.670114][ T8538] netlink: 16 bytes leftover after parsing attributes in process `syz.1.803'.
[   90.737828][ T8498] netlink: 4 bytes leftover after parsing attributes in process `syz.0.789'.
[   90.741040][ T8498] openvswitch: netlink: Missing key (keys=40, expected=200000)
[   90.747049][  T837] usb 5-1: USB disconnect, device number 8
[   91.298425][ T8571] input: syz1 as /devices/virtual/input/input10
[   91.304788][ T8571] block nbd3: NBD_DISCONNECT
[   91.325384][ T8571] bio_check_eod: 4 callbacks suppressed
[   91.325395][ T8571] syz.3.813: attempt to access beyond end of device
[   91.325395][ T8571] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0
[   91.333695][ T8571] SQUASHFS error: Failed to read block 0x0: -5
[   91.335692][ T8571] unable to read squashfs_super_block
[   91.367919][ T8575] netlink: zone id is out of range
[   91.369584][ T8575] netlink: zone id is out of range
[   91.371328][ T8575] netlink: zone id is out of range
[   91.372955][ T8575] netlink: zone id is out of range
[   91.374790][ T8575] netlink: zone id is out of range
[   91.376413][ T8575] netlink: zone id is out of range
[   91.379676][ T8575] netlink: zone id is out of range
[   91.381316][ T8575] netlink: zone id is out of range
[   91.382952][ T8575] netlink: zone id is out of range
[   91.576076][   T40] kauditd_printk_skb: 1 callbacks suppressed
[   91.576088][   T40] audit: type=1400 audit(1750534457.489:50176): avc:  denied  { ioctl } for  pid=8602 comm="syz.0.824" path="socket:[33926]" dev="sockfs" ino=33926 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[   91.824011][ T8621] netlink: 8 bytes leftover after parsing attributes in process `syz.1.830'.
[   91.825156][ T8620] netlink: 8 bytes leftover after parsing attributes in process `syz.1.830'.
[   91.847684][   T29] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[   92.008280][   T29] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   92.011448][   T29] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[   92.014842][   T29] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[   92.019041][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.025212][   T29] usb 5-1: config 0 descriptor??
[   92.029048][   T29] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[   92.032080][   T29] dvb-usb: bulk message failed: -22 (3/0)
[   92.041497][   T29] dvb-usb: will use the device's hardware PID filter (table count: 16).
[   92.045474][   T29] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[   92.049430][   T29] usb 5-1: media controller created
[   92.052459][   T29] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   92.072127][   T29] dvb-usb: bulk message failed: -22 (6/0)
[   92.074253][   T29] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[   92.087367][   T29] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb5/5-1/input/input11
[   92.096050][   T29] dvb-usb: schedule remote query interval to 150 msecs.
[   92.098659][   T29] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[   92.152887][ T8642] netlink: 'syz.3.836': attribute type 23 has an invalid length.
[   92.185242][ T8647] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=8647 comm=syz.1.837
[   92.189727][   T40] audit: type=1400 audit(1750534458.109:50177): avc:  denied  { setattr } for  pid=8648 comm="syz.3.838" name="SCO" dev="sockfs" ino=31660 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   92.189914][ T8649] usb usb1: usbfs: process 8649 (syz.3.838) did not claim interface 0 before use
[   92.210241][   T40] audit: type=1400 audit(1750534458.129:50178): avc:  denied  { map } for  pid=8648 comm="syz.3.838" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=758 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   92.237310][   T29] usb 5-1: USB disconnect, device number 9
[   92.300000][   T29] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[   92.377321][ T8659] overlayfs: failed to resolve './file0': -2
[   92.480811][   T40] audit: type=1400 audit(1750534458.399:50179): avc:  denied  { map } for  pid=8662 comm="syz.0.842" path="/dev/zero" dev="devtmpfs" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1
[   92.523689][ T8661] syz.3.841: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[   92.540428][ T8661] CPU: 0 UID: 0 PID: 8661 Comm: syz.3.841 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[   92.540447][ T8661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   92.540454][ T8661] Call Trace:
[   92.540458][ T8661]  <TASK>
[   92.540462][ T8661]  dump_stack_lvl+0x16c/0x1f0
[   92.540497][ T8661]  warn_alloc+0x248/0x3a0
[   92.540514][ T8661]  ? __pfx_warn_alloc+0x10/0x10
[   92.540533][ T8661]  ? hash_netiface_create+0x3ec/0x1250
[   92.540550][ T8661]  ? __vmalloc_node_noprof+0xad/0xf0
[   92.540565][ T8661]  __vmalloc_node_range_noprof+0x101b/0x14b0
[   92.540576][ T8661]  ? nfnetlink_rcv_msg+0x9f9/0x1200
[   92.540594][ T8661]  ? hash_netiface_create+0x3ec/0x1250
[   92.540613][ T8661]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   92.540626][ T8661]  ? __alloc_pages_noprof+0xb/0x1b0
[   92.540639][ T8661]  ? ___kmalloc_large_node+0x84/0x1e0
[   92.540653][ T8661]  __kvmalloc_node_noprof+0x30a/0x620
[   92.540667][ T8661]  ? hash_netiface_create+0x3ec/0x1250
[   92.540683][ T8661]  ? hash_netiface_create+0x3ec/0x1250
[   92.540701][ T8661]  ? hash_netiface_create+0x3ec/0x1250
[   92.540716][ T8661]  hash_netiface_create+0x3ec/0x1250
[   92.540732][ T8661]  ? __nla_parse+0x13/0x60
[   92.540747][ T8661]  ? __pfx_hash_netiface_create+0x10/0x10
[   92.540764][ T8661]  ip_set_create+0x7e1/0x14d0
[   92.540783][ T8661]  ? __pfx_ip_set_create+0x10/0x10
[   92.540808][ T8661]  ? find_held_lock+0x2b/0x80
[   92.540826][ T8661]  nfnetlink_rcv_msg+0x9f9/0x1200
[   92.540844][ T8661]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   92.540860][ T8661]  ? __lock_acquire+0x622/0x1c90
[   92.540888][ T8661]  ? avc_has_perm_noaudit+0x149/0x3b0
[   92.540903][ T8661]  netlink_rcv_skb+0x155/0x420
[   92.540915][ T8661]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   92.540942][ T8661]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   92.540960][ T8661]  ? ns_capable+0xd7/0x110
[   92.540974][ T8661]  nfnetlink_rcv+0x1b3/0x430
[   92.540988][ T8661]  ? __pfx_nfnetlink_rcv+0x10/0x10
[   92.541001][ T8661]  ? netlink_deliver_tap+0x1ae/0xd30
[   92.541014][ T8661]  netlink_unicast+0x53a/0x7f0
[   92.541027][ T8661]  ? __pfx_netlink_unicast+0x10/0x10
[   92.541043][ T8661]  netlink_sendmsg+0x8d1/0xdd0
[   92.541061][ T8661]  ? __pfx_netlink_sendmsg+0x10/0x10
[   92.541078][ T8661]  ____sys_sendmsg+0xa98/0xc70
[   92.541091][ T8661]  ? copy_msghdr_from_user+0x10a/0x160
[   92.541107][ T8661]  ? __pfx_____sys_sendmsg+0x10/0x10
[   92.541117][ T8661]  ? preempt_schedule_thunk+0x16/0x30
[   92.541134][ T8661]  ? try_to_wake_up+0xa2f/0x1680
[   92.541150][ T8661]  ___sys_sendmsg+0x134/0x1d0
[   92.541167][ T8661]  ? __pfx____sys_sendmsg+0x10/0x10
[   92.541181][ T8661]  ? __lock_acquire+0x622/0x1c90
[   92.541215][ T8661]  __sys_sendmsg+0x16d/0x220
[   92.541231][ T8661]  ? __pfx___sys_sendmsg+0x10/0x10
[   92.541247][ T8661]  ? __x64_sys_futex+0x1e0/0x4c0
[   92.541272][ T8661]  do_syscall_64+0xcd/0x4c0
[   92.541289][ T8661]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.541301][ T8661] RIP: 0033:0x7f92e1d8e929
[   92.541310][ T8661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.541321][ T8661] RSP: 002b:00007f92e2cb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   92.541332][ T8661] RAX: ffffffffffffffda RBX: 00007f92e1fb5fa0 RCX: 00007f92e1d8e929
[   92.541338][ T8661] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004
[   92.541345][ T8661] RBP: 00007f92e1e10b39 R08: 0000000000000000 R09: 0000000000000000
[   92.541351][ T8661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   92.541357][ T8661] R13: 0000000000000000 R14: 00007f92e1fb5fa0 R15: 00007ffd8a0efe28
[   92.541371][ T8661]  </TASK>
[   92.541447][ T8661] Mem-Info:
[   92.661349][ T8661] active_anon:11258 inactive_anon:0 isolated_anon:0
[   92.661349][ T8661]  active_file:13328 inactive_file:41123 isolated_file:0
[   92.661349][ T8661]  unevictable:1768 dirty:35 writeback:0
[   92.661349][ T8661]  slab_reclaimable:11733 slab_unreclaimable:75492
[   92.661349][ T8661]  mapped:24699 shmem:2400 pagetables:1127
[   92.661349][ T8661]  sec_pagetables:307 bounce:0
[   92.661349][ T8661]  kernel_misc_reclaimable:0
[   92.661349][ T8661]  free:434717 free_pcp:28788 free_cma:0
[   92.678980][ T8661] Node 0 active_anon:45032kB inactive_anon:0kB active_file:53312kB inactive_file:164288kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:98796kB dirty:140kB writeback:0kB shmem:6064kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12624kB pagetables:4332kB sec_pagetables:1228kB all_unreclaimable? no Balloon:0kB
[   92.691888][ T8661] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:112kB pagetables:176kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   92.704260][ T8661] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   92.712560][ T8679] Process accounting resumed
[   92.712989][ T8661] lowmem_reserve[]: 0 1235 1235 1235 1235
[   92.716497][ T8661] Node 0 DMA32 free:116524kB boost:0kB min:27516kB low:34392kB high:41268kB reserved_highatomic:0KB free_highatomic:0KB active_anon:45032kB inactive_anon:0kB active_file:53312kB inactive_file:164288kB unevictable:3536kB writepending:140kB present:2080628kB managed:1264732kB mlocked:0kB bounce:0kB free_pcp:92976kB local_pcp:28256kB free_cma:0kB
[   92.726600][ T8661] lowmem_reserve[]: 0 0 0 0 0
[   92.728201][ T8661] Node 1 Normal free:1605840kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB writepending:0kB present:2097152kB managed:1781956kB mlocked:0kB bounce:0kB free_pcp:21740kB local_pcp:4048kB free_cma:0kB
[   92.738185][ T8661] lowmem_reserve[]: 0 0 0 0 0
[   92.739721][ T8661] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   92.743679][ T8661] Node 0 DMA32: 783*4kB (UME) 949*8kB (UM) 645*16kB (UME) 439*32kB (UME) 383*64kB (UME) 34*128kB (UME) 34*256kB (UME) 17*512kB (UME) 11*1024kB (UME) 6*2048kB (UME) 3*4096kB (UM) = 117204kB
[   92.750699][ T8661] Node 1 Normal: 2*4kB (ME) 11*8kB (ME) 21*16kB (UME) 41*32kB (UME) 20*64kB (UME) 12*128kB (UME) 3*256kB (UE) 4*512kB (UM) 1*1024kB (E) 2*2048kB (ME) 389*4096kB (M) = 1605840kB
[   92.756479][ T8661] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   92.764623][ T8661] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   92.771512][ T8661] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   92.771525][ T8661] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   92.771534][ T8661] 56848 total pagecache pages
[   92.771539][ T8661] 0 pages in swap cache
[   92.771543][ T8661] Free swap  = 124996kB
[   92.771548][ T8661] Total swap = 124996kB
[   92.771553][ T8661] 1048443 pages RAM
[   92.771557][ T8661] 0 pages HighMem/MovableOnly
[   92.771561][ T8661] 282931 pages reserved
[   92.771566][ T8661] 0 pages cma reserved
[   92.787311][   T40] audit: type=1800 audit(1750534458.699:50180): pid=8681 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.1.846" name="/newroot/184/file0" dev="tmpfs" ino=1024 res=0 errno=0
[   92.808408][   T40] audit: type=1400 audit(1750534458.729:50181): avc:  denied  { append } for  pid=8683 comm="syz.0.847" name="rtc0" dev="devtmpfs" ino=944 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   92.857793][ T8694] overlayfs: failed to clone upperpath
[   92.912918][   T40] audit: type=1400 audit(1750534458.829:50182): avc:  denied  { read } for  pid=8701 comm="syz.0.854" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   92.920639][ T8704] netlink: 'syz.1.855': attribute type 11 has an invalid length.
[   93.021242][   T40] audit: type=1400 audit(1750534458.939:50183): avc:  denied  { setopt } for  pid=8701 comm="syz.0.854" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   93.393383][ T8723] netlink: 'syz.3.858': attribute type 6 has an invalid length.
[   93.397049][ T8723] netlink: 'syz.3.858': attribute type 5 has an invalid length.
[   93.400384][ T8723] netlink: 'syz.3.858': attribute type 4 has an invalid length.
[   93.856399][ T8748] IPv6: sit1: Disabled Multicast RS
[   93.860528][ T8748] sit1: entered allmulticast mode
[   94.822159][ T8770] overlayfs: failed to clone lowerpath
[   94.924697][ T8776] Bluetooth: hci4: Frame reassembly failed (-84)
[   94.926496][ T8777] netlink: 'syz.1.877': attribute type 30 has an invalid length.
[   94.930806][ T8777] __nla_validate_parse: 7 callbacks suppressed
[   94.930815][ T8777] netlink: 8 bytes leftover after parsing attributes in process `syz.1.877'.
[   94.939174][ T8777] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.972420][ T8780] netlink: 28 bytes leftover after parsing attributes in process `syz.1.878'.
[   94.975313][ T8780] netlink: 'syz.1.878': attribute type 7 has an invalid length.
[   94.978905][ T8780] netlink: 'syz.1.878': attribute type 8 has an invalid length.
[   94.981345][ T8780] netlink: 4 bytes leftover after parsing attributes in process `syz.1.878'.
[   95.936740][   T61] usb 5-1: new low-speed USB device number 10 using dummy_hcd
[   95.974951][ T8796] netlink: 'syz.1.884': attribute type 12 has an invalid length.
[   95.978691][ T8797] netlink: 'syz.1.884': attribute type 12 has an invalid length.
[   96.066731][   T61] usb 5-1: device descriptor read/64, error -71
[   96.269090][ T8810] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8810 comm=syz.1.890
[   96.276173][ T8810] netlink: 'syz.1.890': attribute type 39 has an invalid length.
[   96.316912][   T61] usb 5-1: new low-speed USB device number 11 using dummy_hcd
[   96.446802][   T61] usb 5-1: device descriptor read/64, error -71
[   96.557034][   T61] usb usb5-port1: attempt power cycle
[   96.896757][   T61] usb 5-1: new low-speed USB device number 12 using dummy_hcd
[   96.917142][   T61] usb 5-1: device descriptor read/8, error -71
[   96.956772][ T5944] Bluetooth: hci4: command 0xfc11 tx timeout
[   96.959843][ T5936] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[   97.055468][ T8819] CIFS: iocharset name too long
[   97.103027][ T8819] loop6: detected capacity change from 0 to 524287999
[   97.105635][ T8819] buffer_io_error: 39 callbacks suppressed
[   97.105644][ T8819] Buffer I/O error on dev loop6, logical block 0, async page read
[   97.110779][ T8819] Buffer I/O error on dev loop6, logical block 0, async page read
[   97.113275][ T8819] Buffer I/O error on dev loop6, logical block 0, async page read
[   97.115882][ T8819] Buffer I/O error on dev loop6, logical block 0, async page read
[   97.120065][ T8819] Buffer I/O error on dev loop6, logical block 0, async page read
[   97.123223][ T8819] Buffer I/O error on dev loop6, logical block 0, async page read
[   97.126311][ T8819] Buffer I/O error on dev loop6, logical block 0, async page read
[   97.131085][ T8819] Buffer I/O error on dev loop6, logical block 0, async page read
[   97.134208][ T8819] ldm_validate_partition_table(): Disk read failed.
[   97.136302][ T8819] Buffer I/O error on dev loop6, logical block 0, async page read
[   97.138910][ T8819] Buffer I/O error on dev loop6, logical block 0, async page read
[   97.142048][ T8819] Dev loop6: unable to read RDB block 0
[   97.144458][ T8819]  loop6: unable to read partition table
[   97.147737][ T8819] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[   97.176891][   T61] usb 5-1: new low-speed USB device number 13 using dummy_hcd
[   97.205047][   T40] audit: type=1400 audit(1750534463.119:50184): avc:  denied  { shutdown } for  pid=8818 comm="syz.3.894" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   97.207162][   T61] usb 5-1: device descriptor read/8, error -71
[   97.219073][ T8819] ldm_validate_partition_table(): Disk read failed.
[   97.221322][ T8819] Dev loop6: unable to read RDB block 0
[   97.223258][ T8819]  loop6: unable to read partition table
[   97.225128][ T8819] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[   97.324640][   T61] usb usb5-port1: unable to enumerate USB device
[   97.387237][ T8833] net_ratelimit: 2 callbacks suppressed
[   97.387248][ T8833] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   97.688325][   T40] audit: type=1400 audit(1750534463.609:50185): avc:  denied  { connect } for  pid=8852 comm="syz.1.907" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   97.757865][   T40] audit: type=1400 audit(1750534463.669:50186): avc:  denied  { create } for  pid=8876 comm="syz.3.910" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[   97.925939][ T8894] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[   97.960633][ T8896] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.916'.
[   98.152837][   T40] audit: type=1400 audit(1750534464.069:50187): avc:  denied  { map } for  pid=8900 comm="syz.3.918" path="socket:[35132]" dev="sockfs" ino=35132 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   98.160910][   T40] audit: type=1400 audit(1750534464.069:50188): avc:  denied  { read accept } for  pid=8900 comm="syz.3.918" path="socket:[35132]" dev="sockfs" ino=35132 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   98.473410][ T8928] xt_hashlimit: size too large, truncated to 1048576
[   98.486484][ T8927] program syz.3.924 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   98.740973][ T8938] dvmrp0: entered allmulticast mode
[   98.743225][ T8937] dvmrp0: left allmulticast mode
[   98.866151][ T8945] netlink: 'syz.0.930': attribute type 5 has an invalid length.
[   98.870697][ T8945] netlink: 4 bytes leftover after parsing attributes in process `syz.0.930'.
[   98.871632][   T40] audit: type=1400 audit(1750534464.789:50189): avc:  denied  { map } for  pid=8944 comm="syz.3.931" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   98.883491][   T40] audit: type=1400 audit(1750534464.789:50190): avc:  denied  { execute } for  pid=8944 comm="syz.3.931" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   98.986513][ T8968] bond0: (slave team0): Releasing backup interface
[   98.991513][ T8968] team0: left promiscuous mode
[   98.993563][ T8968] team0: left allmulticast mode
[   99.016791][   T40] audit: type=1400 audit(1750534464.929:50191): avc:  denied  { bind } for  pid=8967 comm="syz.0.936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   99.025673][ T8968] lo speed is unknown, defaulting to 1000
[   99.063490][ T8968] netlink: 28 bytes leftover after parsing attributes in process `syz.0.936'.
[   99.066313][ T8968] netlink: 32 bytes leftover after parsing attributes in process `syz.0.936'.
[   99.156628][ T8981] overlayfs: conflicting lowerdir path
[   99.190608][   T40] audit: type=1400 audit(1750534465.109:50192): avc:  denied  { connect } for  pid=8985 comm="syz.3.942" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   99.226031][   T40] audit: type=1400 audit(1750534465.139:50193): avc:  denied  { getopt } for  pid=8982 comm="syz.0.941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   99.382558][ T9023] kvm: emulating exchange as write
[   99.415060][ T9037] bond0: (slave team0): Releasing backup interface
[   99.420345][ T9037] team0: left promiscuous mode
[   99.422126][ T9037] team_slave_0: left promiscuous mode
[   99.424025][ T9037] team_slave_1: left promiscuous mode
[   99.430834][ T9037] bond0: (slave bond_slave_0): Releasing backup interface
[   99.433369][ T9037] bond_slave_0: left promiscuous mode
[   99.438219][ T9037] bond0: (slave bond_slave_1): Releasing backup interface
[   99.443282][ T9037] bond_slave_1: left promiscuous mode
[   99.455181][ T9037] team0: Port device team_slave_0 removed
[   99.466249][ T9037] team0: Port device team_slave_1 removed
[   99.468999][ T9037] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   99.471474][ T9037] batman_adv: batadv0: Removing interface: batadv_slave_0
[   99.474606][ T9037] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   99.475175][ T9042] netlink: 8 bytes leftover after parsing attributes in process `syz.3.951'.
[   99.477900][ T9037] batman_adv: batadv0: Removing interface: batadv_slave_1
[   99.533095][ T9048] misc userio: No port type given on /dev/userio
[   99.565793][ T9052] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[   99.570082][ T9052] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[   99.586573][ T9049] trusted_key: encrypted_key: insufficient parameters specified
[  100.076053][ T9060] ip6t_srh: unknown srh invflags 7D00
[  100.522104][ T9086] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  100.527849][ T9086] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  100.538953][ T9085] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  100.646141][ T9109] netlink: 8 bytes leftover after parsing attributes in process `syz.3.972'.
[  100.652062][ T9109] netlink: 8 bytes leftover after parsing attributes in process `syz.3.972'.
[  100.661032][ T9111] xt_ipcomp: unknown flags 12
[  100.694091][ T9117] x_tables: duplicate underflow at hook 1
[  100.780786][ T9129] pimreg: entered allmulticast mode
[  100.850438][ T9140] fuse: Invalid rootmode
[  100.852094][ T9140] netlink: 8 bytes leftover after parsing attributes in process `syz.0.984'.
[  100.854850][ T9140] netlink: 20 bytes leftover after parsing attributes in process `syz.0.984'.
[  100.860727][ T9140] geneve3: entered promiscuous mode
[  100.862424][ T9140] geneve3: entered allmulticast mode
[  101.233654][ T9179] netlink: 4 bytes leftover after parsing attributes in process `syz.0.995'.
[  101.715010][ T9196] Bluetooth: Invalid esc byte 0xdb
[  101.902737][ T9223] delete_channel: no stack
[  101.933923][ T9230] netlink: 'syz.3.1011': attribute type 15 has an invalid length.
[  101.939627][ T9230] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1011'.
[  101.970507][ T9230] Falling back ldisc for ptm0.
[  102.008472][ T9240] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1015'.
[  102.222300][ T9281] kAFS: Can only specify source 'none' with -o dyn
[  102.272519][ T5944] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  102.280142][ T5944] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  102.282911][ T5944] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.287898][ T5944] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.290357][ T5944] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  102.300023][ T5936] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  102.303056][ T5936] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  102.307317][ T5936] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.311782][ T5936] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.312431][ T9289] loop2: detected capacity change from 0 to 7
[  102.315007][ T5936] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  102.317853][ T5947]  loop2:
[  102.319355][ T5947] loop2: partition table partially beyond EOD, truncated
[  102.326751][ T9289]  loop2:
[  102.327775][ T9289] loop2: partition table partially beyond EOD, truncated
[  102.335196][ T9286] lo speed is unknown, defaulting to 1000
[  102.424470][ T9286] chnl_net:caif_netlink_parms(): no params data found
[  102.467836][   T40] kauditd_printk_skb: 16 callbacks suppressed
[  102.467847][   T40] audit: type=1400 audit(1750534468.389:50210): avc:  denied  { write } for  pid=9309 comm="syz.3.1035" name="mice" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  102.500452][ T9286] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.503412][ T9286] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.506227][ T9286] bridge_slave_0: entered allmulticast mode
[  102.506797][ T1467] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  102.509226][ T9286] bridge_slave_0: entered promiscuous mode
[  102.513734][ T9286] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.515999][ T9286] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.518387][ T9286] bridge_slave_1: entered allmulticast mode
[  102.521006][ T9286] bridge_slave_1: entered promiscuous mode
[  102.558035][ T9286] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.563847][ T9286] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.578356][ T9316] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1038'.
[  102.600819][ T9286] team0: Port device team_slave_0 added
[  102.604115][ T9286] team0: Port device team_slave_1 added
[  102.642556][ T9328] Invalid source name
[  102.643915][ T9328] UBIFS error (pid: 9328): cannot open "ubifs", error -22
[  102.650631][ T9286] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.655139][ T9286] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.663994][ T9286] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.669385][ T9286] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.671725][ T9286] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.680950][ T9286] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.688390][ T1467] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  102.692368][ T1467] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  102.696388][ T1467] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  102.703844][ T1467] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  102.713411][ T1467] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  102.716192][ T1467] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  102.718937][ T1467] usb 5-1: Manufacturer: syz
[  102.721950][ T1467] usb 5-1: config 0 descriptor??
[  102.746605][ T9286] hsr_slave_0: entered promiscuous mode
[  102.750765][ T9286] hsr_slave_1: entered promiscuous mode
[  102.753276][ T9286] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  102.755895][ T9286] Cannot create hsr debugfs directory
[  102.863943][ T9286] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  102.869026][ T9286] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  102.873289][ T9286] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  102.877219][ T9286] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  102.892226][   T40] audit: type=1400 audit(1750534468.809:50211): avc:  denied  { listen } for  pid=9334 comm="syz.1.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  102.898777][   T40] audit: type=1400 audit(1750534468.809:50212): avc:  denied  { accept } for  pid=9334 comm="syz.1.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  102.931280][ T9286] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.945282][ T9286] 8021q: adding VLAN 0 to HW filter on device team0
[  102.951200][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.953514][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.960758][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.963009][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.010237][ T9353] sp0: Synchronizing with TNC
[  103.013422][ T9353] sp0: Found TNC
[  103.074746][ T9286] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.108004][ T9366] fuse: Unknown parameter ''
[  103.113775][ T9366] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1050'.
[  103.119746][   T40] audit: type=1400 audit(1750534469.039:50213): avc:  denied  { getopt } for  pid=9365 comm="syz.1.1050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  103.140065][ T1467] appleir 0003:05AC:8243.0005: unknown main item tag 0x0
[  103.143020][ T1467] appleir 0003:05AC:8243.0005: No inputs registered, leaving
[  103.155404][ T1467] appleir 0003:05AC:8243.0005: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[  103.212176][ T9286] veth0_vlan: entered promiscuous mode
[  103.218149][ T9286] veth1_vlan: entered promiscuous mode
[  103.227910][ T9380] BUG: Bad page state in process syz.1.1053  pfn:3b0cd
[  103.230211][ T9380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2000008b5 pfn:0x3b0cd
[  103.233932][ T9286] veth0_macvtap: entered promiscuous mode
[  103.234517][ T9380] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  103.237457][   T40] audit: type=1400 audit(1750534469.159:50214): avc:  denied  { read } for  pid=5323 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  103.238893][ T9380] raw: 00fff00000000000 dead000000000040 ffff888022275000 0000000000000000
[  103.246193][   T40] audit: type=1400 audit(1750534469.159:50215): avc:  denied  { search } for  pid=5323 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  103.248680][ T9380] raw: 00000002000008b5 3fffffffffffffff 00000000ffffffff 0000000000000000
[  103.248689][ T9380] page dumped because: page_pool leak
[  103.248696][ T9380] page_owner tracks the page as allocated
[  103.248702][ T9380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 9380, tgid 9377 (syz.1.1053), ts 103227847907, free_ts 101034743441
[  103.248721][ T9380]  post_alloc_hook+0x1c0/0x230
[  103.248747][ T9380]  get_page_from_freelist+0x1321/0x3890
[  103.248761][ T9380]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  103.255900][   T40] audit: type=1400 audit(1750534469.159:50216): avc:  denied  { search } for  pid=5323 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  103.259185][ T9380]  alloc_pages_bulk_noprof+0x71c/0x1410
[  103.259214][ T9380]  __page_pool_alloc_pages_slow+0x193/0xc30
[  103.259242][ T9380]  page_pool_alloc_netmems+0xc4/0x190
[  103.259258][ T9380]  page_pool_alloc_frag_netmem+0x219/0x9c0
[  103.259274][ T9380]  skb_pp_cow_data+0x584/0xff0
[  103.261633][   T40] audit: type=1400 audit(1750534469.159:50217): avc:  denied  { add_name } for  pid=5323 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  103.263262][ T9380]  skb_cow_data_for_xdp+0x88/0xb0
[  103.266623][ T9286] veth1_macvtap: entered promiscuous mode
[  103.272771][ T9286] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.273695][ T9380]  do_xdp_generic+0x530/0x1320
[  103.280317][   T40] audit: type=1400 audit(1750534469.159:50218): avc:  denied  { create } for  pid=5323 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  103.280343][   T40] audit: type=1400 audit(1750534469.159:50219): avc:  denied  { append open } for  pid=5323 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  103.282096][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  103.318473][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  103.320305][ T9380]  __netif_receive_skb+0x1d/0x160
[  103.321874][ T9380]  netif_receive_skb+0x137/0x7b0
[  103.323431][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  103.325091][ T9380]  tun_get_user+0x28a2/0x3b80
[  103.326600][ T9380] page last free pid 9154 tgid 9152 stack trace:
[  103.328609][ T9380]  __free_frozen_pages+0x7fe/0x1180
[  103.330266][ T9380]  vfree+0x1fd/0xb50
[  103.331498][ T9380]  snd_dma_free_pages+0x51/0x70
[  103.333036][ T9380]  snd_pcm_lib_free_pages+0x172/0x390
[  103.334743][ T9380]  snd_pcm_release_substream.part.0+0x2a8/0x340
[  103.335107][   T29] usb 5-1: USB disconnect, device number 14
[  103.336731][ T9380]  snd_pcm_release_substream+0x5b/0x70
[  103.336747][ T9380]  snd_pcm_oss_release+0x16f/0x310
[  103.336758][ T9380]  __fput+0x3ff/0xb70
[  103.336774][ T9380]  task_work_run+0x150/0x240
[  103.336785][ T9380]  do_exit+0x864/0x2bd0
[  103.336799][ T9380]  do_group_exit+0xd3/0x2a0
[  103.336813][ T9380]  get_signal+0x2673/0x26d0
[  103.336825][ T9380]  arch_do_signal_or_restart+0x8f/0x7d0
[  103.336837][ T9380]  exit_to_user_mode_loop+0x84/0x110
[  103.336848][ T9380]  do_syscall_64+0x3f6/0x4c0
[  103.336865][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.336877][ T9380] Modules linked in:
[  103.336888][ T9380] CPU: 2 UID: 0 PID: 9380 Comm: syz.1.1053 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  103.336902][ T9380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  103.336909][ T9380] Call Trace:
[  103.336913][ T9380]  <TASK>
[  103.336917][ T9380]  dump_stack_lvl+0x16c/0x1f0
[  103.336934][ T9380]  bad_page+0xcf/0x220
[  103.336950][ T9380]  ? __pfx_bad_page+0x10/0x10
[  103.336966][ T9380]  ? page_bad_reason+0x9d/0x1f0
[  103.336982][ T9380]  __free_frozen_pages+0x824/0x1180
[  103.336995][ T9380]  ? mark_held_locks+0x49/0x80
[  103.337013][ T9380]  page_frag_free+0x27f/0x2e0
[  103.337029][ T9380]  __xdp_return+0x38e/0xa90
[  103.337040][ T9380]  ? kmem_cache_free+0x2d1/0x4d0
[  103.337055][ T9380]  bpf_xdp_adjust_tail+0xa11/0xfd0
[  103.337074][ T9380]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  103.337083][ T9380]  bpf_prog_run_generic_xdp+0x626/0x1530
[  103.337105][ T9380]  do_xdp_generic+0x8e6/0x1320
[  103.337121][ T9380]  ? __pfx_do_xdp_generic+0x10/0x10
[  103.337148][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  103.337166][ T9380]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  103.337179][ T9380]  ? __skb_flow_dissect+0x11b2/0x7d90
[  103.337193][ T9380]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  103.337212][ T9380]  ? __pfx___skb_flow_dissect+0x10/0x10
[  103.337224][ T9380]  ? do_user_addr_fault+0x829/0x1370
[  103.337242][ T9380]  ? __lock_acquire+0xb8a/0x1c90
[  103.337261][ T9380]  ? __lock_acquire+0x622/0x1c90
[  103.337280][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  103.337295][ T9380]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  103.337310][ T9380]  ? lock_acquire+0x179/0x350
[  103.337330][ T9380]  __netif_receive_skb+0x1d/0x160
[  103.337345][ T9380]  netif_receive_skb+0x137/0x7b0
[  103.337359][ T9380]  ? __pfx_netif_receive_skb+0x10/0x10
[  103.337373][ T9380]  ? __pfx__copy_from_iter+0x10/0x10
[  103.337392][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  103.337409][ T9380]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  103.337428][ T9380]  ? tun_get_user+0x1c0d/0x3b80
[  103.337443][ T9380]  ? rcu_is_watching+0x12/0xc0
[  103.337458][ T9380]  tun_get_user+0x28a2/0x3b80
[  103.337494][ T9380]  ? __pfx_tun_get_user+0x10/0x10
[  103.337512][ T9380]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  103.337532][ T9380]  ? find_held_lock+0x2b/0x80
[  103.337545][ T9380]  ? tun_get+0x191/0x370
[  103.337563][ T9380]  tun_chr_write_iter+0xdc/0x210
[  103.337580][ T9380]  vfs_write+0x6c4/0x1150
[  103.337594][ T9380]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  103.337612][ T9380]  ? __pfx_vfs_write+0x10/0x10
[  103.337624][ T9380]  ? find_held_lock+0x2b/0x80
[  103.337645][ T9380]  ksys_write+0x12a/0x250
[  103.337663][ T9380]  ? __pfx_ksys_write+0x10/0x10
[  103.337681][ T9380]  do_syscall_64+0xcd/0x4c0
[  103.337698][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.337710][ T9380] RIP: 0033:0x7f6d9bf8d3df
[  103.337719][ T9380] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  103.337730][ T9380] RSP: 002b:00007f6d9ce5c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  103.337740][ T9380] RAX: ffffffffffffffda RBX: 00007f6d9c1b6160 RCX: 00007f6d9bf8d3df
[  103.337746][ T9380] RDX: 000000000000fdef RSI: 00002000000001c0 RDI: 00000000000000c8
[  103.337753][ T9380] RBP: 00007f6d9c010b39 R08: 0000000000000000 R09: 0000000000000000
[  103.337759][ T9380] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  103.337765][ T9380] R13: 0000000000000000 R14: 00007f6d9c1b6160 R15: 00007ffd8a60aa88
[  103.337780][ T9380]  </TASK>
[  103.337784][ T9380] Disabling lock debugging due to kernel taint
[  103.466965][ T9380] BUG: Bad page state in process syz.1.1053  pfn:2acb3
[  103.469056][ T9380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2000008b4 pfn:0x2acb3
[  103.471951][ T9380] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  103.474086][ T9380] raw: 00fff00000000000 dead000000000040 ffff888022275000 0000000000000000
[  103.476691][ T9380] raw: 00000002000008b4 0000000000000001 00000000ffffffff 0000000000000000
[  103.479280][ T9380] page dumped because: page_pool leak
[  103.480871][ T9380] page_owner tracks the page as allocated
[  103.482571][ T9380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 9380, tgid 9377 (syz.1.1053), ts 103227841238, free_ts 101034749781
[  103.487796][ T9380]  post_alloc_hook+0x1c0/0x230
[  103.489247][ T9380]  get_page_from_freelist+0x1321/0x3890
[  103.490952][ T9380]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  103.492722][ T9380]  alloc_pages_bulk_noprof+0x71c/0x1410
[  103.494420][ T9380]  __page_pool_alloc_pages_slow+0x193/0xc30
[  103.496297][ T9380]  page_pool_alloc_netmems+0xc4/0x190
[  103.498032][ T9380]  skb_pp_cow_data+0x7c0/0xff0
[  103.499529][ T9380]  skb_cow_data_for_xdp+0x88/0xb0
[  103.501077][ T9380]  do_xdp_generic+0x530/0x1320
[  103.502595][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  103.504710][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  103.506588][ T9380]  __netif_receive_skb+0x1d/0x160
[  103.508320][ T9380]  netif_receive_skb+0x137/0x7b0
[  103.509891][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  103.511622][ T9380]  tun_get_user+0x28a2/0x3b80
[  103.513111][ T9380]  tun_chr_write_iter+0xdc/0x210
[  103.514726][ T9380] page last free pid 9154 tgid 9152 stack trace:
[  103.516743][ T9380]  __free_frozen_pages+0x7fe/0x1180
[  103.518382][ T9380]  vfree+0x1fd/0xb50
[  103.519619][ T9380]  snd_dma_free_pages+0x51/0x70
[  103.521145][ T9380]  snd_pcm_lib_free_pages+0x172/0x390
[  103.522818][ T9380]  snd_pcm_release_substream.part.0+0x2a8/0x340
[  103.524751][ T9380]  snd_pcm_release_substream+0x5b/0x70
[  103.526345][ T9380]  snd_pcm_oss_release+0x16f/0x310
[  103.528035][ T9380]  __fput+0x3ff/0xb70
[  103.529394][ T9380]  task_work_run+0x150/0x240
[  103.530861][ T9380]  do_exit+0x864/0x2bd0
[  103.532174][ T9380]  do_group_exit+0xd3/0x2a0
[  103.533639][ T9380]  get_signal+0x2673/0x26d0
[  103.535080][ T9380]  arch_do_signal_or_restart+0x8f/0x7d0
[  103.536880][ T9380]  exit_to_user_mode_loop+0x84/0x110
[  103.538531][ T9380]  do_syscall_64+0x3f6/0x4c0
[  103.539991][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.541839][ T9380] Modules linked in:
[  103.543079][ T9380] CPU: 2 UID: 0 PID: 9380 Comm: syz.1.1053 Tainted: G    B               6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  103.543095][ T9380] Tainted: [B]=BAD_PAGE
[  103.543099][ T9380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  103.543106][ T9380] Call Trace:
[  103.543110][ T9380]  <TASK>
[  103.543114][ T9380]  dump_stack_lvl+0x16c/0x1f0
[  103.543130][ T9380]  bad_page+0xcf/0x220
[  103.543146][ T9380]  ? __pfx_bad_page+0x10/0x10
[  103.543161][ T9380]  ? page_bad_reason+0x9d/0x1f0
[  103.543176][ T9380]  __free_frozen_pages+0x824/0x1180
[  103.543188][ T9380]  ? mark_held_locks+0x49/0x80
[  103.543206][ T9380]  page_frag_free+0x27f/0x2e0
[  103.543222][ T9380]  __xdp_return+0x38e/0xa90
[  103.543232][ T9380]  ? kmem_cache_free+0x2d1/0x4d0
[  103.543246][ T9380]  bpf_xdp_adjust_tail+0xa11/0xfd0
[  103.543261][ T9380]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  103.543270][ T9380]  bpf_prog_run_generic_xdp+0x626/0x1530
[  103.543287][ T9380]  do_xdp_generic+0x8e6/0x1320
[  103.543301][ T9380]  ? __pfx_do_xdp_generic+0x10/0x10
[  103.543321][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  103.543337][ T9380]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  103.543350][ T9380]  ? __skb_flow_dissect+0x11b2/0x7d90
[  103.543363][ T9380]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  103.543379][ T9380]  ? __pfx___skb_flow_dissect+0x10/0x10
[  103.543391][ T9380]  ? do_user_addr_fault+0x829/0x1370
[  103.543407][ T9380]  ? __lock_acquire+0xb8a/0x1c90
[  103.543424][ T9380]  ? __lock_acquire+0x622/0x1c90
[  103.543440][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  103.543455][ T9380]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  103.543469][ T9380]  ? lock_acquire+0x179/0x350
[  103.543487][ T9380]  __netif_receive_skb+0x1d/0x160
[  103.543501][ T9380]  netif_receive_skb+0x137/0x7b0
[  103.543514][ T9380]  ? __pfx_netif_receive_skb+0x10/0x10
[  103.543528][ T9380]  ? __pfx__copy_from_iter+0x10/0x10
[  103.543544][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  103.543560][ T9380]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  103.543576][ T9380]  ? tun_get_user+0x1c0d/0x3b80
[  103.543590][ T9380]  ? rcu_is_watching+0x12/0xc0
[  103.543605][ T9380]  tun_get_user+0x28a2/0x3b80
[  103.543623][ T9380]  ? __pfx_tun_get_user+0x10/0x10
[  103.543638][ T9380]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  103.543661][ T9380]  ? find_held_lock+0x2b/0x80
[  103.543674][ T9380]  ? tun_get+0x191/0x370
[  103.543689][ T9380]  tun_chr_write_iter+0xdc/0x210
[  103.543705][ T9380]  vfs_write+0x6c4/0x1150
[  103.543718][ T9380]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  103.543734][ T9380]  ? __pfx_vfs_write+0x10/0x10
[  103.543746][ T9380]  ? find_held_lock+0x2b/0x80
[  103.543762][ T9380]  ksys_write+0x12a/0x250
[  103.543775][ T9380]  ? __pfx_ksys_write+0x10/0x10
[  103.543790][ T9380]  do_syscall_64+0xcd/0x4c0
[  103.543806][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.543817][ T9380] RIP: 0033:0x7f6d9bf8d3df
[  103.543825][ T9380] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  103.543836][ T9380] RSP: 002b:00007f6d9ce5c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  103.543845][ T9380] RAX: ffffffffffffffda RBX: 00007f6d9c1b6160 RCX: 00007f6d9bf8d3df
[  103.543852][ T9380] RDX: 000000000000fdef RSI: 00002000000001c0 RDI: 00000000000000c8
[  103.543858][ T9380] RBP: 00007f6d9c010b39 R08: 0000000000000000 R09: 0000000000000000
[  103.543865][ T9380] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  103.543871][ T9380] R13: 0000000000000000 R14: 00007f6d9c1b6160 R15: 00007ffd8a60aa88
[  103.543882][ T9380]  </TASK>
[  103.543888][ T9380] BUG: Bad page state in process syz.1.1053  pfn:259b4
[  103.656129][ T9380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2000008b3 pfn:0x259b4
[  103.659115][ T9380] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  103.661343][ T9380] raw: 00fff00000000000 dead000000000040 ffff888022275000 0000000000000000
[  103.664069][ T9380] raw: 00000002000008b3 0000000000000001 00000000ffffffff 0000000000000000
[  103.666790][ T9380] page dumped because: page_pool leak
[  103.668464][ T9380] page_owner tracks the page as allocated
[  103.670238][ T9380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 9380, tgid 9377 (syz.1.1053), ts 103227834948, free_ts 101034755603
[  103.675460][ T9380]  post_alloc_hook+0x1c0/0x230
[  103.677015][ T9380]  get_page_from_freelist+0x1321/0x3890
[  103.678791][ T9380]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  103.680632][ T9380]  alloc_pages_bulk_noprof+0x71c/0x1410
[  103.682370][ T9380]  __page_pool_alloc_pages_slow+0x193/0xc30
[  103.684233][ T9380]  page_pool_alloc_netmems+0xc4/0x190
[  103.685932][ T9380]  skb_pp_cow_data+0x7c0/0xff0
[  103.687492][ T9380]  skb_cow_data_for_xdp+0x88/0xb0
[  103.689076][ T9380]  do_xdp_generic+0x530/0x1320
[  103.690599][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  103.692682][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  103.694497][ T9380]  __netif_receive_skb+0x1d/0x160
[  103.696218][ T9380]  netif_receive_skb+0x137/0x7b0
[  103.697832][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  103.699468][ T9380]  tun_get_user+0x28a2/0x3b80
[  103.700957][ T9380]  tun_chr_write_iter+0xdc/0x210
[  103.702612][ T9380] page last free pid 9154 tgid 9152 stack trace:
[  103.704630][ T9380]  __free_frozen_pages+0x7fe/0x1180
[  103.706246][ T9380]  vfree+0x1fd/0xb50
[  103.707535][ T9380]  snd_dma_free_pages+0x51/0x70
[  103.709025][ T9380]  snd_pcm_lib_free_pages+0x172/0x390
[  103.710699][ T9380]  snd_pcm_release_substream.part.0+0x2a8/0x340
[  103.712857][ T9380]  snd_pcm_release_substream+0x5b/0x70
[  103.714594][ T9380]  snd_pcm_oss_release+0x16f/0x310
[  103.716276][ T9380]  __fput+0x3ff/0xb70
[  103.717622][ T9380]  task_work_run+0x150/0x240
[  103.719042][ T9380]  do_exit+0x864/0x2bd0
[  103.720357][ T9380]  do_group_exit+0xd3/0x2a0
[  103.721806][ T9380]  get_signal+0x2673/0x26d0
[  103.723258][ T9380]  arch_do_signal_or_restart+0x8f/0x7d0
[  103.725110][ T9380]  exit_to_user_mode_loop+0x84/0x110
[  103.726963][ T9380]  do_syscall_64+0x3f6/0x4c0
[  103.728505][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.730367][ T9380] Modules linked in:
[  103.731616][ T9380] CPU: 2 UID: 0 PID: 9380 Comm: syz.1.1053 Tainted: G    B               6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  103.731633][ T9380] Tainted: [B]=BAD_PAGE
[  103.731636][ T9380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  103.731643][ T9380] Call Trace:
[  103.731648][ T9380]  <TASK>
[  103.731657][ T9380]  dump_stack_lvl+0x16c/0x1f0
[  103.731674][ T9380]  bad_page+0xcf/0x220
[  103.731689][ T9380]  ? __pfx_bad_page+0x10/0x10
[  103.731704][ T9380]  ? page_bad_reason+0x9d/0x1f0
[  103.731720][ T9380]  __free_frozen_pages+0x824/0x1180
[  103.731732][ T9380]  ? mark_held_locks+0x49/0x80
[  103.731749][ T9380]  page_frag_free+0x27f/0x2e0
[  103.731763][ T9380]  __xdp_return+0x38e/0xa90
[  103.731774][ T9380]  ? kmem_cache_free+0x2d1/0x4d0
[  103.731788][ T9380]  bpf_xdp_adjust_tail+0xa11/0xfd0
[  103.731803][ T9380]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  103.731811][ T9380]  bpf_prog_run_generic_xdp+0x626/0x1530
[  103.731829][ T9380]  do_xdp_generic+0x8e6/0x1320
[  103.731843][ T9380]  ? __pfx_do_xdp_generic+0x10/0x10
[  103.731863][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  103.731879][ T9380]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  103.731892][ T9380]  ? __skb_flow_dissect+0x11b2/0x7d90
[  103.731905][ T9380]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  103.731922][ T9380]  ? __pfx___skb_flow_dissect+0x10/0x10
[  103.731934][ T9380]  ? do_user_addr_fault+0x829/0x1370
[  103.731950][ T9380]  ? __lock_acquire+0xb8a/0x1c90
[  103.731967][ T9380]  ? __lock_acquire+0x622/0x1c90
[  103.731984][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  103.731999][ T9380]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  103.732013][ T9380]  ? lock_acquire+0x179/0x350
[  103.732031][ T9380]  __netif_receive_skb+0x1d/0x160
[  103.732044][ T9380]  netif_receive_skb+0x137/0x7b0
[  103.732058][ T9380]  ? __pfx_netif_receive_skb+0x10/0x10
[  103.732071][ T9380]  ? __pfx__copy_from_iter+0x10/0x10
[  103.732089][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  103.732105][ T9380]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  103.732121][ T9380]  ? tun_get_user+0x1c0d/0x3b80
[  103.732136][ T9380]  ? rcu_is_watching+0x12/0xc0
[  103.732150][ T9380]  tun_get_user+0x28a2/0x3b80
[  103.732168][ T9380]  ? __pfx_tun_get_user+0x10/0x10
[  103.732183][ T9380]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  103.732200][ T9380]  ? find_held_lock+0x2b/0x80
[  103.732212][ T9380]  ? tun_get+0x191/0x370
[  103.732227][ T9380]  tun_chr_write_iter+0xdc/0x210
[  103.732244][ T9380]  vfs_write+0x6c4/0x1150
[  103.732257][ T9380]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  103.732273][ T9380]  ? __pfx_vfs_write+0x10/0x10
[  103.732285][ T9380]  ? find_held_lock+0x2b/0x80
[  103.732301][ T9380]  ksys_write+0x12a/0x250
[  103.732314][ T9380]  ? __pfx_ksys_write+0x10/0x10
[  103.732332][ T9380]  do_syscall_64+0xcd/0x4c0
[  103.732348][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.732359][ T9380] RIP: 0033:0x7f6d9bf8d3df
[  103.732367][ T9380] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  103.732378][ T9380] RSP: 002b:00007f6d9ce5c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  103.732388][ T9380] RAX: ffffffffffffffda RBX: 00007f6d9c1b6160 RCX: 00007f6d9bf8d3df
[  103.732395][ T9380] RDX: 000000000000fdef RSI: 00002000000001c0 RDI: 00000000000000c8
[  103.732401][ T9380] RBP: 00007f6d9c010b39 R08: 0000000000000000 R09: 0000000000000000
[  103.732408][ T9380] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  103.732414][ T9380] R13: 0000000000000000 R14: 00007f6d9c1b6160 R15: 00007ffd8a60aa88
[  103.732425][ T9380]  </TASK>
[  103.732431][ T9380] BUG: Bad page state in process syz.1.1053  pfn:33153
[  103.845354][ T9380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2000008b2 pfn:0x33153
[  103.848188][ T9380] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  103.850359][ T9380] raw: 00fff00000000000 dead000000000040 ffff888022275000 0000000000000000
[  103.852992][ T9380] raw: 00000002000008b2 0000000000000001 00000000ffffffff 0000000000000000
[  103.855684][ T9380] page dumped because: page_pool leak
[  103.857414][ T9380] page_owner tracks the page as allocated
[  103.859201][ T9380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 9380, tgid 9377 (syz.1.1053), ts 103227828221, free_ts 101034761485
[  103.864413][ T9380]  post_alloc_hook+0x1c0/0x230
[  103.865932][ T9380]  get_page_from_freelist+0x1321/0x3890
[  103.867707][ T9380]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  103.869553][ T9380]  alloc_pages_bulk_noprof+0x71c/0x1410
[  103.871271][ T9380]  __page_pool_alloc_pages_slow+0x193/0xc30
[  103.873110][ T9380]  page_pool_alloc_netmems+0xc4/0x190
[  103.874818][ T9380]  skb_pp_cow_data+0x7c0/0xff0
[  103.876324][ T9380]  skb_cow_data_for_xdp+0x88/0xb0
[  103.877988][ T9380]  do_xdp_generic+0x530/0x1320
[  103.879495][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  103.881611][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  103.883459][ T9380]  __netif_receive_skb+0x1d/0x160
[  103.885040][ T9380]  netif_receive_skb+0x137/0x7b0
[  103.886607][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  103.888316][ T9380]  tun_get_user+0x28a2/0x3b80
[  103.889809][ T9380]  tun_chr_write_iter+0xdc/0x210
[  103.891377][ T9380] page last free pid 9154 tgid 9152 stack trace:
[  103.893381][ T9380]  __free_frozen_pages+0x7fe/0x1180
[  103.895071][ T9380]  vfree+0x1fd/0xb50
[  103.896341][ T9380]  snd_dma_free_pages+0x51/0x70
[  103.897973][ T9380]  snd_pcm_lib_free_pages+0x172/0x390
[  103.899669][ T9380]  snd_pcm_release_substream.part.0+0x2a8/0x340
[  103.901610][ T9380]  snd_pcm_release_substream+0x5b/0x70
[  103.903341][ T9380]  snd_pcm_oss_release+0x16f/0x310
[  103.904944][ T9380]  __fput+0x3ff/0xb70
[  103.906232][ T9380]  task_work_run+0x150/0x240
[  103.907778][ T9380]  do_exit+0x864/0x2bd0
[  103.909100][ T9380]  do_group_exit+0xd3/0x2a0
[  103.910572][ T9380]  get_signal+0x2673/0x26d0
[  103.912050][ T9380]  arch_do_signal_or_restart+0x8f/0x7d0
[  103.913797][ T9380]  exit_to_user_mode_loop+0x84/0x110
[  103.915499][ T9380]  do_syscall_64+0x3f6/0x4c0
[  103.917047][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.918925][ T9380] Modules linked in:
[  103.920170][ T9380] CPU: 2 UID: 0 PID: 9380 Comm: syz.1.1053 Tainted: G    B               6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  103.920187][ T9380] Tainted: [B]=BAD_PAGE
[  103.920191][ T9380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  103.920197][ T9380] Call Trace:
[  103.920201][ T9380]  <TASK>
[  103.920206][ T9380]  dump_stack_lvl+0x16c/0x1f0
[  103.920222][ T9380]  bad_page+0xcf/0x220
[  103.920239][ T9380]  ? __pfx_bad_page+0x10/0x10
[  103.920254][ T9380]  ? page_bad_reason+0x9d/0x1f0
[  103.920269][ T9380]  __free_frozen_pages+0x824/0x1180
[  103.920282][ T9380]  ? mark_held_locks+0x49/0x80
[  103.920298][ T9380]  page_frag_free+0x27f/0x2e0
[  103.920313][ T9380]  __xdp_return+0x38e/0xa90
[  103.920324][ T9380]  ? kmem_cache_free+0x2d1/0x4d0
[  103.920337][ T9380]  bpf_xdp_adjust_tail+0xa11/0xfd0
[  103.920352][ T9380]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  103.920361][ T9380]  bpf_prog_run_generic_xdp+0x626/0x1530
[  103.920379][ T9380]  do_xdp_generic+0x8e6/0x1320
[  103.920393][ T9380]  ? __pfx_do_xdp_generic+0x10/0x10
[  103.920412][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  103.920429][ T9380]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  103.920441][ T9380]  ? __skb_flow_dissect+0x11b2/0x7d90
[  103.920454][ T9380]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  103.920471][ T9380]  ? __pfx___skb_flow_dissect+0x10/0x10
[  103.920482][ T9380]  ? do_user_addr_fault+0x829/0x1370
[  103.920498][ T9380]  ? __lock_acquire+0xb8a/0x1c90
[  103.920515][ T9380]  ? __lock_acquire+0x622/0x1c90
[  103.920532][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  103.920546][ T9380]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  103.920561][ T9380]  ? lock_acquire+0x179/0x350
[  103.920579][ T9380]  __netif_receive_skb+0x1d/0x160
[  103.920592][ T9380]  netif_receive_skb+0x137/0x7b0
[  103.920605][ T9380]  ? __pfx_netif_receive_skb+0x10/0x10
[  103.920619][ T9380]  ? __pfx__copy_from_iter+0x10/0x10
[  103.920636][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  103.920657][ T9380]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  103.920673][ T9380]  ? tun_get_user+0x1c0d/0x3b80
[  103.920688][ T9380]  ? rcu_is_watching+0x12/0xc0
[  103.920702][ T9380]  tun_get_user+0x28a2/0x3b80
[  103.920720][ T9380]  ? __pfx_tun_get_user+0x10/0x10
[  103.920735][ T9380]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  103.920752][ T9380]  ? find_held_lock+0x2b/0x80
[  103.920764][ T9380]  ? tun_get+0x191/0x370
[  103.920780][ T9380]  tun_chr_write_iter+0xdc/0x210
[  103.920796][ T9380]  vfs_write+0x6c4/0x1150
[  103.920809][ T9380]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  103.920826][ T9380]  ? __pfx_vfs_write+0x10/0x10
[  103.920838][ T9380]  ? find_held_lock+0x2b/0x80
[  103.920854][ T9380]  ksys_write+0x12a/0x250
[  103.920867][ T9380]  ? __pfx_ksys_write+0x10/0x10
[  103.920881][ T9380]  do_syscall_64+0xcd/0x4c0
[  103.920897][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.920908][ T9380] RIP: 0033:0x7f6d9bf8d3df
[  103.920916][ T9380] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  103.920928][ T9380] RSP: 002b:00007f6d9ce5c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  103.920938][ T9380] RAX: ffffffffffffffda RBX: 00007f6d9c1b6160 RCX: 00007f6d9bf8d3df
[  103.920945][ T9380] RDX: 000000000000fdef RSI: 00002000000001c0 RDI: 00000000000000c8
[  103.920951][ T9380] RBP: 00007f6d9c010b39 R08: 0000000000000000 R09: 0000000000000000
[  103.920957][ T9380] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  103.920963][ T9380] R13: 0000000000000000 R14: 00007f6d9c1b6160 R15: 00007ffd8a60aa88
[  103.920975][ T9380]  </TASK>
[  103.920981][ T9380] BUG: Bad page state in process syz.1.1053  pfn:218d1
[  104.031821][ T9380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2000008b1 pfn:0x218d1
[  104.034775][ T9380] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  104.037018][ T9380] raw: 00fff00000000000 dead000000000040 ffff888022275000 0000000000000000
[  104.039725][ T9380] raw: 00000002000008b1 0000000000000001 00000000ffffffff 0000000000000000
[  104.042393][ T9380] page dumped because: page_pool leak
[  104.044107][ T9380] page_owner tracks the page as allocated
[  104.046054][ T9380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 9380, tgid 9377 (syz.1.1053), ts 103227821705, free_ts 101034767242
[  104.051338][ T9380]  post_alloc_hook+0x1c0/0x230
[  104.052880][ T9380]  get_page_from_freelist+0x1321/0x3890
[  104.054643][ T9380]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  104.056495][ T9380]  alloc_pages_bulk_noprof+0x71c/0x1410
[  104.058378][ T9380]  __page_pool_alloc_pages_slow+0x193/0xc30
[  104.060267][ T9380]  page_pool_alloc_netmems+0xc4/0x190
[  104.062009][ T9380]  skb_pp_cow_data+0x7c0/0xff0
[  104.063544][ T9380]  skb_cow_data_for_xdp+0x88/0xb0
[  104.065124][ T9380]  do_xdp_generic+0x530/0x1320
[  104.066719][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  104.068828][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  104.070641][ T9380]  __netif_receive_skb+0x1d/0x160
[  104.072223][ T9380]  netif_receive_skb+0x137/0x7b0
[  104.073806][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  104.075467][ T9380]  tun_get_user+0x28a2/0x3b80
[  104.077020][ T9380]  tun_chr_write_iter+0xdc/0x210
[  104.078629][ T9380] page last free pid 9154 tgid 9152 stack trace:
[  104.080596][ T9380]  __free_frozen_pages+0x7fe/0x1180
[  104.082244][ T9380]  vfree+0x1fd/0xb50
[  104.083475][ T9380]  snd_dma_free_pages+0x51/0x70
[  104.085017][ T9380]  snd_pcm_lib_free_pages+0x172/0x390
[  104.086752][ T9380]  snd_pcm_release_substream.part.0+0x2a8/0x340
[  104.088691][ T9380]  snd_pcm_release_substream+0x5b/0x70
[  104.090402][ T9380]  snd_pcm_oss_release+0x16f/0x310
[  104.092008][ T9380]  __fput+0x3ff/0xb70
[  104.093298][ T9380]  task_work_run+0x150/0x240
[  104.094826][ T9380]  do_exit+0x864/0x2bd0
[  104.096158][ T9380]  do_group_exit+0xd3/0x2a0
[  104.097708][ T9380]  get_signal+0x2673/0x26d0
[  104.099164][ T9380]  arch_do_signal_or_restart+0x8f/0x7d0
[  104.100904][ T9380]  exit_to_user_mode_loop+0x84/0x110
[  104.102603][ T9380]  do_syscall_64+0x3f6/0x4c0
[  104.104106][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.105988][ T9380] Modules linked in:
[  104.107302][ T9380] CPU: 2 UID: 0 PID: 9380 Comm: syz.1.1053 Tainted: G    B               6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  104.107319][ T9380] Tainted: [B]=BAD_PAGE
[  104.107323][ T9380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  104.107330][ T9380] Call Trace:
[  104.107334][ T9380]  <TASK>
[  104.107338][ T9380]  dump_stack_lvl+0x16c/0x1f0
[  104.107355][ T9380]  bad_page+0xcf/0x220
[  104.107371][ T9380]  ? __pfx_bad_page+0x10/0x10
[  104.107386][ T9380]  ? page_bad_reason+0x9d/0x1f0
[  104.107402][ T9380]  __free_frozen_pages+0x824/0x1180
[  104.107414][ T9380]  ? mark_held_locks+0x49/0x80
[  104.107431][ T9380]  page_frag_free+0x27f/0x2e0
[  104.107446][ T9380]  __xdp_return+0x38e/0xa90
[  104.107457][ T9380]  ? kmem_cache_free+0x2d1/0x4d0
[  104.107470][ T9380]  bpf_xdp_adjust_tail+0xa11/0xfd0
[  104.107486][ T9380]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  104.107494][ T9380]  bpf_prog_run_generic_xdp+0x626/0x1530
[  104.107512][ T9380]  do_xdp_generic+0x8e6/0x1320
[  104.107526][ T9380]  ? __pfx_do_xdp_generic+0x10/0x10
[  104.107545][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  104.107561][ T9380]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  104.107574][ T9380]  ? __skb_flow_dissect+0x11b2/0x7d90
[  104.107587][ T9380]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  104.107604][ T9380]  ? __pfx___skb_flow_dissect+0x10/0x10
[  104.107615][ T9380]  ? do_user_addr_fault+0x829/0x1370
[  104.107633][ T9380]  ? __lock_acquire+0xb8a/0x1c90
[  104.107656][ T9380]  ? __lock_acquire+0x622/0x1c90
[  104.107674][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  104.107688][ T9380]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  104.107703][ T9380]  ? lock_acquire+0x179/0x350
[  104.107721][ T9380]  __netif_receive_skb+0x1d/0x160
[  104.107735][ T9380]  netif_receive_skb+0x137/0x7b0
[  104.107748][ T9380]  ? __pfx_netif_receive_skb+0x10/0x10
[  104.107762][ T9380]  ? __pfx__copy_from_iter+0x10/0x10
[  104.107779][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  104.107795][ T9380]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  104.107812][ T9380]  ? tun_get_user+0x1c0d/0x3b80
[  104.107826][ T9380]  ? rcu_is_watching+0x12/0xc0
[  104.107840][ T9380]  tun_get_user+0x28a2/0x3b80
[  104.107858][ T9380]  ? __pfx_tun_get_user+0x10/0x10
[  104.107873][ T9380]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  104.107890][ T9380]  ? find_held_lock+0x2b/0x80
[  104.107902][ T9380]  ? tun_get+0x191/0x370
[  104.107918][ T9380]  tun_chr_write_iter+0xdc/0x210
[  104.107934][ T9380]  vfs_write+0x6c4/0x1150
[  104.107947][ T9380]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  104.107964][ T9380]  ? __pfx_vfs_write+0x10/0x10
[  104.107975][ T9380]  ? find_held_lock+0x2b/0x80
[  104.107992][ T9380]  ksys_write+0x12a/0x250
[  104.108004][ T9380]  ? __pfx_ksys_write+0x10/0x10
[  104.108019][ T9380]  do_syscall_64+0xcd/0x4c0
[  104.108035][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.108046][ T9380] RIP: 0033:0x7f6d9bf8d3df
[  104.108054][ T9380] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  104.108065][ T9380] RSP: 002b:00007f6d9ce5c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  104.108074][ T9380] RAX: ffffffffffffffda RBX: 00007f6d9c1b6160 RCX: 00007f6d9bf8d3df
[  104.108081][ T9380] RDX: 000000000000fdef RSI: 00002000000001c0 RDI: 00000000000000c8
[  104.108088][ T9380] RBP: 00007f6d9c010b39 R08: 0000000000000000 R09: 0000000000000000
[  104.108094][ T9380] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  104.108100][ T9380] R13: 0000000000000000 R14: 00007f6d9c1b6160 R15: 00007ffd8a60aa88
[  104.108111][ T9380]  </TASK>
[  104.108117][ T9380] BUG: Bad page state in process syz.1.1053  pfn:3395c
[  104.220379][ T9380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2000008b0 pfn:0x3395c
[  104.223299][ T9380] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  104.225492][ T9380] raw: 00fff00000000000 dead000000000040 ffff888022275000 0000000000000000
[  104.228190][ T9380] raw: 00000002000008b0 0000000000000001 00000000ffffffff 0000000000000000
[  104.230862][ T9380] page dumped because: page_pool leak
[  104.232534][ T9380] page_owner tracks the page as allocated
[  104.234308][ T9380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 9380, tgid 9377 (syz.1.1053), ts 103227815332, free_ts 101034776005
[  104.239549][ T9380]  post_alloc_hook+0x1c0/0x230
[  104.241016][ T9380]  get_page_from_freelist+0x1321/0x3890
[  104.242738][ T9380]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  104.244554][ T9380]  alloc_pages_bulk_noprof+0x71c/0x1410
[  104.246296][ T9380]  __page_pool_alloc_pages_slow+0x193/0xc30
[  104.248199][ T9380]  page_pool_alloc_netmems+0xc4/0x190
[  104.249892][ T9380]  skb_pp_cow_data+0x7c0/0xff0
[  104.251389][ T9380]  skb_cow_data_for_xdp+0x88/0xb0
[  104.252972][ T9380]  do_xdp_generic+0x530/0x1320
[  104.254483][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  104.256599][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  104.258478][ T9380]  __netif_receive_skb+0x1d/0x160
[  104.260058][ T9380]  netif_receive_skb+0x137/0x7b0
[  104.261659][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  104.263313][ T9380]  tun_get_user+0x28a2/0x3b80
[  104.264796][ T9380]  tun_chr_write_iter+0xdc/0x210
[  104.266341][ T9380] page last free pid 9154 tgid 9152 stack trace:
[  104.268422][ T9380]  __free_frozen_pages+0x7fe/0x1180
[  104.270061][ T9380]  vfree+0x1fd/0xb50
[  104.271296][ T9380]  snd_dma_free_pages+0x51/0x70
[  104.272827][ T9380]  snd_pcm_lib_free_pages+0x172/0x390
[  104.274508][ T9380]  snd_pcm_release_substream.part.0+0x2a8/0x340
[  104.276477][ T9380]  snd_pcm_release_substream+0x5b/0x70
[  104.278245][ T9380]  snd_pcm_oss_release+0x16f/0x310
[  104.279844][ T9380]  __fput+0x3ff/0xb70
[  104.281110][ T9380]  task_work_run+0x150/0x240
[  104.282567][ T9380]  do_exit+0x864/0x2bd0
[  104.283893][ T9380]  do_group_exit+0xd3/0x2a0
[  104.285348][ T9380]  get_signal+0x2673/0x26d0
[  104.286836][ T9380]  arch_do_signal_or_restart+0x8f/0x7d0
[  104.288524][ T9380]  exit_to_user_mode_loop+0x84/0x110
[  104.290190][ T9380]  do_syscall_64+0x3f6/0x4c0
[  104.291651][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.293516][ T9380] Modules linked in:
[  104.294795][ T9380] CPU: 2 UID: 0 PID: 9380 Comm: syz.1.1053 Tainted: G    B               6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  104.294812][ T9380] Tainted: [B]=BAD_PAGE
[  104.294816][ T9380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  104.294823][ T9380] Call Trace:
[  104.294827][ T9380]  <TASK>
[  104.294831][ T9380]  dump_stack_lvl+0x16c/0x1f0
[  104.294848][ T9380]  bad_page+0xcf/0x220
[  104.294863][ T9380]  ? __pfx_bad_page+0x10/0x10
[  104.294878][ T9380]  ? page_bad_reason+0x9d/0x1f0
[  104.294893][ T9380]  __free_frozen_pages+0x824/0x1180
[  104.294906][ T9380]  ? mark_held_locks+0x49/0x80
[  104.294922][ T9380]  page_frag_free+0x27f/0x2e0
[  104.294938][ T9380]  __xdp_return+0x38e/0xa90
[  104.294949][ T9380]  ? kmem_cache_free+0x2d1/0x4d0
[  104.294962][ T9380]  bpf_xdp_adjust_tail+0xa11/0xfd0
[  104.294977][ T9380]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  104.294986][ T9380]  bpf_prog_run_generic_xdp+0x626/0x1530
[  104.295004][ T9380]  do_xdp_generic+0x8e6/0x1320
[  104.295018][ T9380]  ? __pfx_do_xdp_generic+0x10/0x10
[  104.295038][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  104.295054][ T9380]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  104.295067][ T9380]  ? __skb_flow_dissect+0x11b2/0x7d90
[  104.295080][ T9380]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  104.295096][ T9380]  ? __pfx___skb_flow_dissect+0x10/0x10
[  104.295108][ T9380]  ? do_user_addr_fault+0x829/0x1370
[  104.295124][ T9380]  ? __lock_acquire+0xb8a/0x1c90
[  104.295141][ T9380]  ? __lock_acquire+0x622/0x1c90
[  104.295158][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  104.295172][ T9380]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  104.295187][ T9380]  ? lock_acquire+0x179/0x350
[  104.295205][ T9380]  __netif_receive_skb+0x1d/0x160
[  104.295219][ T9380]  netif_receive_skb+0x137/0x7b0
[  104.295232][ T9380]  ? __pfx_netif_receive_skb+0x10/0x10
[  104.295246][ T9380]  ? __pfx__copy_from_iter+0x10/0x10
[  104.295264][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  104.295280][ T9380]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  104.295296][ T9380]  ? tun_get_user+0x1c0d/0x3b80
[  104.295311][ T9380]  ? rcu_is_watching+0x12/0xc0
[  104.295325][ T9380]  tun_get_user+0x28a2/0x3b80
[  104.295343][ T9380]  ? __pfx_tun_get_user+0x10/0x10
[  104.295358][ T9380]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  104.295375][ T9380]  ? find_held_lock+0x2b/0x80
[  104.295387][ T9380]  ? tun_get+0x191/0x370
[  104.295402][ T9380]  tun_chr_write_iter+0xdc/0x210
[  104.295418][ T9380]  vfs_write+0x6c4/0x1150
[  104.295432][ T9380]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  104.295448][ T9380]  ? __pfx_vfs_write+0x10/0x10
[  104.295460][ T9380]  ? find_held_lock+0x2b/0x80
[  104.295476][ T9380]  ksys_write+0x12a/0x250
[  104.295489][ T9380]  ? __pfx_ksys_write+0x10/0x10
[  104.295504][ T9380]  do_syscall_64+0xcd/0x4c0
[  104.295520][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.295531][ T9380] RIP: 0033:0x7f6d9bf8d3df
[  104.295539][ T9380] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  104.295550][ T9380] RSP: 002b:00007f6d9ce5c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  104.295560][ T9380] RAX: ffffffffffffffda RBX: 00007f6d9c1b6160 RCX: 00007f6d9bf8d3df
[  104.295567][ T9380] RDX: 000000000000fdef RSI: 00002000000001c0 RDI: 00000000000000c8
[  104.295573][ T9380] RBP: 00007f6d9c010b39 R08: 0000000000000000 R09: 0000000000000000
[  104.295579][ T9380] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  104.295585][ T9380] R13: 0000000000000000 R14: 00007f6d9c1b6160 R15: 00007ffd8a60aa88
[  104.295596][ T9380]  </TASK>
[  104.295603][ T9380] BUG: Bad page state in process syz.1.1053  pfn:3330b
[  104.397353][ T5944] Bluetooth: hci0: command tx timeout
[  104.399126][ T9380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2000008af pfn:0x3330b
[  104.412474][ T9380] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  104.414717][ T9380] raw: 00fff00000000000 dead000000000040 ffff888022275000 0000000000000000
[  104.417407][ T9380] raw: 00000002000008af 0000000000000001 00000000ffffffff 0000000000000000
[  104.420069][ T9380] page dumped because: page_pool leak
[  104.421722][ T9380] page_owner tracks the page as allocated
[  104.423504][ T9380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 9380, tgid 9377 (syz.1.1053), ts 103227809003, free_ts 101034782267
[  104.428727][ T9380]  post_alloc_hook+0x1c0/0x230
[  104.430245][ T9380]  get_page_from_freelist+0x1321/0x3890
[  104.431971][ T9380]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  104.433831][ T9380]  alloc_pages_bulk_noprof+0x71c/0x1410
[  104.435565][ T9380]  __page_pool_alloc_pages_slow+0x193/0xc30
[  104.437483][ T9380]  page_pool_alloc_netmems+0xc4/0x190
[  104.439158][ T9380]  skb_pp_cow_data+0x7c0/0xff0
[  104.440662][ T9380]  skb_cow_data_for_xdp+0x88/0xb0
[  104.442187][ T9380]  do_xdp_generic+0x530/0x1320
[  104.443711][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  104.445846][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  104.447756][ T9380]  __netif_receive_skb+0x1d/0x160
[  104.449357][ T9380]  netif_receive_skb+0x137/0x7b0
[  104.450935][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  104.452613][ T9380]  tun_get_user+0x28a2/0x3b80
[  104.454089][ T9380]  tun_chr_write_iter+0xdc/0x210
[  104.455673][ T9380] page last free pid 9154 tgid 9152 stack trace:
[  104.457704][ T9380]  __free_frozen_pages+0x7fe/0x1180
[  104.459333][ T9380]  vfree+0x1fd/0xb50
[  104.460572][ T9380]  snd_dma_free_pages+0x51/0x70
[  104.462152][ T9380]  snd_pcm_lib_free_pages+0x172/0x390
[  104.463863][ T9380]  snd_pcm_release_substream.part.0+0x2a8/0x340
[  104.465822][ T9380]  snd_pcm_release_substream+0x5b/0x70
[  104.467584][ T9380]  snd_pcm_oss_release+0x16f/0x310
[  104.469176][ T9380]  __fput+0x3ff/0xb70
[  104.470450][ T9380]  task_work_run+0x150/0x240
[  104.471918][ T9380]  do_exit+0x864/0x2bd0
[  104.473247][ T9380]  do_group_exit+0xd3/0x2a0
[  104.474705][ T9380]  get_signal+0x2673/0x26d0
[  104.476142][ T9380]  arch_do_signal_or_restart+0x8f/0x7d0
[  104.477984][ T9380]  exit_to_user_mode_loop+0x84/0x110
[  104.479678][ T9380]  do_syscall_64+0x3f6/0x4c0
[  104.481142][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.482998][ T9380] Modules linked in:
[  104.484259][ T9380] CPU: 2 UID: 0 PID: 9380 Comm: syz.1.1053 Tainted: G    B               6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  104.484276][ T9380] Tainted: [B]=BAD_PAGE
[  104.484280][ T9380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  104.484287][ T9380] Call Trace:
[  104.484291][ T9380]  <TASK>
[  104.484295][ T9380]  dump_stack_lvl+0x16c/0x1f0
[  104.484312][ T9380]  bad_page+0xcf/0x220
[  104.484328][ T9380]  ? __pfx_bad_page+0x10/0x10
[  104.484343][ T9380]  ? page_bad_reason+0x9d/0x1f0
[  104.484358][ T9380]  __free_frozen_pages+0x824/0x1180
[  104.484370][ T9380]  ? mark_held_locks+0x49/0x80
[  104.484387][ T9380]  page_frag_free+0x27f/0x2e0
[  104.484402][ T9380]  __xdp_return+0x38e/0xa90
[  104.484413][ T9380]  ? kmem_cache_free+0x2d1/0x4d0
[  104.484426][ T9380]  bpf_xdp_adjust_tail+0xa11/0xfd0
[  104.484442][ T9380]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  104.484450][ T9380]  bpf_prog_run_generic_xdp+0x626/0x1530
[  104.484468][ T9380]  do_xdp_generic+0x8e6/0x1320
[  104.484482][ T9380]  ? __pfx_do_xdp_generic+0x10/0x10
[  104.484502][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  104.484518][ T9380]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  104.484531][ T9380]  ? __skb_flow_dissect+0x11b2/0x7d90
[  104.484544][ T9380]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  104.484561][ T9380]  ? __pfx___skb_flow_dissect+0x10/0x10
[  104.484572][ T9380]  ? do_user_addr_fault+0x829/0x1370
[  104.484588][ T9380]  ? __lock_acquire+0xb8a/0x1c90
[  104.484605][ T9380]  ? __lock_acquire+0x622/0x1c90
[  104.484622][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  104.484636][ T9380]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  104.484655][ T9380]  ? lock_acquire+0x179/0x350
[  104.484673][ T9380]  __netif_receive_skb+0x1d/0x160
[  104.484687][ T9380]  netif_receive_skb+0x137/0x7b0
[  104.484700][ T9380]  ? __pfx_netif_receive_skb+0x10/0x10
[  104.484714][ T9380]  ? __pfx__copy_from_iter+0x10/0x10
[  104.484731][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  104.484747][ T9380]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  104.484763][ T9380]  ? tun_get_user+0x1c0d/0x3b80
[  104.484778][ T9380]  ? rcu_is_watching+0x12/0xc0
[  104.484792][ T9380]  tun_get_user+0x28a2/0x3b80
[  104.484811][ T9380]  ? __pfx_tun_get_user+0x10/0x10
[  104.484826][ T9380]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  104.484843][ T9380]  ? find_held_lock+0x2b/0x80
[  104.484855][ T9380]  ? tun_get+0x191/0x370
[  104.484870][ T9380]  tun_chr_write_iter+0xdc/0x210
[  104.484886][ T9380]  vfs_write+0x6c4/0x1150
[  104.484899][ T9380]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  104.484916][ T9380]  ? __pfx_vfs_write+0x10/0x10
[  104.484928][ T9380]  ? find_held_lock+0x2b/0x80
[  104.484944][ T9380]  ksys_write+0x12a/0x250
[  104.484956][ T9380]  ? __pfx_ksys_write+0x10/0x10
[  104.484971][ T9380]  do_syscall_64+0xcd/0x4c0
[  104.484988][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.484998][ T9380] RIP: 0033:0x7f6d9bf8d3df
[  104.485007][ T9380] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  104.485018][ T9380] RSP: 002b:00007f6d9ce5c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  104.485027][ T9380] RAX: ffffffffffffffda RBX: 00007f6d9c1b6160 RCX: 00007f6d9bf8d3df
[  104.485034][ T9380] RDX: 000000000000fdef RSI: 00002000000001c0 RDI: 00000000000000c8
[  104.485040][ T9380] RBP: 00007f6d9c010b39 R08: 0000000000000000 R09: 0000000000000000
[  104.485047][ T9380] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  104.485053][ T9380] R13: 0000000000000000 R14: 00007f6d9c1b6160 R15: 00007ffd8a60aa88
[  104.485064][ T9380]  </TASK>
[  104.485071][ T9380] BUG: Bad page state in process syz.1.1053  pfn:5849a
[  104.595803][ T9380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2000008ae pfn:0x5849a
[  104.598755][ T9380] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  104.600942][ T9380] raw: 00fff00000000000 dead000000000040 ffff888022275000 0000000000000000
[  104.603610][ T9380] raw: 00000002000008ae 0000000000000001 00000000ffffffff 0000000000000000
[  104.606266][ T9380] page dumped because: page_pool leak
[  104.607997][ T9380] page_owner tracks the page as allocated
[  104.609779][ T9380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 9380, tgid 9377 (syz.1.1053), ts 103227802607, free_ts 101034788147
[  104.615013][ T9380]  post_alloc_hook+0x1c0/0x230
[  104.616523][ T9380]  get_page_from_freelist+0x1321/0x3890
[  104.618355][ T9380]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  104.620205][ T9380]  alloc_pages_bulk_noprof+0x71c/0x1410
[  104.621948][ T9380]  __page_pool_alloc_pages_slow+0x193/0xc30
[  104.623801][ T9380]  page_pool_alloc_netmems+0xc4/0x190
[  104.625484][ T9380]  skb_pp_cow_data+0x7c0/0xff0
[  104.627056][ T9380]  skb_cow_data_for_xdp+0x88/0xb0
[  104.628673][ T9380]  do_xdp_generic+0x530/0x1320
[  104.630188][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  104.632286][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  104.634138][ T9380]  __netif_receive_skb+0x1d/0x160
[  104.635731][ T9380]  netif_receive_skb+0x137/0x7b0
[  104.637343][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  104.639001][ T9380]  tun_get_user+0x28a2/0x3b80
[  104.640478][ T9380]  tun_chr_write_iter+0xdc/0x210
[  104.642044][ T9380] page last free pid 9154 tgid 9152 stack trace:
[  104.644032][ T9380]  __free_frozen_pages+0x7fe/0x1180
[  104.645733][ T9380]  vfree+0x1fd/0xb50
[  104.647028][ T9380]  snd_dma_free_pages+0x51/0x70
[  104.648563][ T9380]  snd_pcm_lib_free_pages+0x172/0x390
[  104.650257][ T9380]  snd_pcm_release_substream.part.0+0x2a8/0x340
[  104.652212][ T9380]  snd_pcm_release_substream+0x5b/0x70
[  104.653956][ T9380]  snd_pcm_oss_release+0x16f/0x310
[  104.655570][ T9380]  __fput+0x3ff/0xb70
[  104.656909][ T9380]  task_work_run+0x150/0x240
[  104.658376][ T9380]  do_exit+0x864/0x2bd0
[  104.659669][ T9380]  do_group_exit+0xd3/0x2a0
[  104.661103][ T9380]  get_signal+0x2673/0x26d0
[  104.662629][ T9380]  arch_do_signal_or_restart+0x8f/0x7d0
[  104.664366][ T9380]  exit_to_user_mode_loop+0x84/0x110
[  104.666026][ T9380]  do_syscall_64+0x3f6/0x4c0
[  104.667544][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.669393][ T9380] Modules linked in:
[  104.670649][ T9380] CPU: 2 UID: 0 PID: 9380 Comm: syz.1.1053 Tainted: G    B               6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  104.670666][ T9380] Tainted: [B]=BAD_PAGE
[  104.670670][ T9380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  104.670677][ T9380] Call Trace:
[  104.670680][ T9380]  <TASK>
[  104.670685][ T9380]  dump_stack_lvl+0x16c/0x1f0
[  104.670701][ T9380]  bad_page+0xcf/0x220
[  104.670717][ T9380]  ? __pfx_bad_page+0x10/0x10
[  104.670732][ T9380]  ? page_bad_reason+0x9d/0x1f0
[  104.670747][ T9380]  __free_frozen_pages+0x824/0x1180
[  104.670760][ T9380]  ? mark_held_locks+0x49/0x80
[  104.670776][ T9380]  page_frag_free+0x27f/0x2e0
[  104.670791][ T9380]  __xdp_return+0x38e/0xa90
[  104.670803][ T9380]  ? kmem_cache_free+0x2d1/0x4d0
[  104.670816][ T9380]  bpf_xdp_adjust_tail+0xa11/0xfd0
[  104.670831][ T9380]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  104.670840][ T9380]  bpf_prog_run_generic_xdp+0x626/0x1530
[  104.670858][ T9380]  do_xdp_generic+0x8e6/0x1320
[  104.670872][ T9380]  ? __pfx_do_xdp_generic+0x10/0x10
[  104.670891][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  104.670908][ T9380]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  104.670920][ T9380]  ? __skb_flow_dissect+0x11b2/0x7d90
[  104.670933][ T9380]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  104.670950][ T9380]  ? __pfx___skb_flow_dissect+0x10/0x10
[  104.670961][ T9380]  ? do_user_addr_fault+0x829/0x1370
[  104.670978][ T9380]  ? __lock_acquire+0xb8a/0x1c90
[  104.670994][ T9380]  ? __lock_acquire+0x622/0x1c90
[  104.671012][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  104.671025][ T9380]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  104.671040][ T9380]  ? lock_acquire+0x179/0x350
[  104.671058][ T9380]  __netif_receive_skb+0x1d/0x160
[  104.671071][ T9380]  netif_receive_skb+0x137/0x7b0
[  104.671085][ T9380]  ? __pfx_netif_receive_skb+0x10/0x10
[  104.671098][ T9380]  ? __pfx__copy_from_iter+0x10/0x10
[  104.671115][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  104.671131][ T9380]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  104.671147][ T9380]  ? tun_get_user+0x1c0d/0x3b80
[  104.671162][ T9380]  ? rcu_is_watching+0x12/0xc0
[  104.671176][ T9380]  tun_get_user+0x28a2/0x3b80
[  104.671194][ T9380]  ? __pfx_tun_get_user+0x10/0x10
[  104.671209][ T9380]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  104.671226][ T9380]  ? find_held_lock+0x2b/0x80
[  104.671239][ T9380]  ? tun_get+0x191/0x370
[  104.671255][ T9380]  tun_chr_write_iter+0xdc/0x210
[  104.671270][ T9380]  vfs_write+0x6c4/0x1150
[  104.671284][ T9380]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  104.671300][ T9380]  ? __pfx_vfs_write+0x10/0x10
[  104.671312][ T9380]  ? find_held_lock+0x2b/0x80
[  104.671328][ T9380]  ksys_write+0x12a/0x250
[  104.671341][ T9380]  ? __pfx_ksys_write+0x10/0x10
[  104.671356][ T9380]  do_syscall_64+0xcd/0x4c0
[  104.671372][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.671383][ T9380] RIP: 0033:0x7f6d9bf8d3df
[  104.671391][ T9380] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  104.671402][ T9380] RSP: 002b:00007f6d9ce5c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  104.671412][ T9380] RAX: ffffffffffffffda RBX: 00007f6d9c1b6160 RCX: 00007f6d9bf8d3df
[  104.671418][ T9380] RDX: 000000000000fdef RSI: 00002000000001c0 RDI: 00000000000000c8
[  104.671424][ T9380] RBP: 00007f6d9c010b39 R08: 0000000000000000 R09: 0000000000000000
[  104.671431][ T9380] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  104.671437][ T9380] R13: 0000000000000000 R14: 00007f6d9c1b6160 R15: 00007ffd8a60aa88
[  104.671448][ T9380]  </TASK>
[  104.671454][ T9380] BUG: Bad page state in process syz.1.1053  pfn:605f2
[  104.783252][ T9380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2000008ad pfn:0x605f2
[  104.786143][ T9380] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  104.788424][ T9380] raw: 00fff00000000000 dead000000000040 ffff888022275000 0000000000000000
[  104.791106][ T9380] raw: 00000002000008ad 0000000000000001 00000000ffffffff 0000000000000000
[  104.793768][ T9380] page dumped because: page_pool leak
[  104.795465][ T9380] page_owner tracks the page as allocated
[  104.797317][ T9380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 9380, tgid 9377 (syz.1.1053), ts 103227796309, free_ts 101034793789
[  104.802523][ T9380]  post_alloc_hook+0x1c0/0x230
[  104.804092][ T9380]  get_page_from_freelist+0x1321/0x3890
[  104.805834][ T9380]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  104.807751][ T9380]  alloc_pages_bulk_noprof+0x71c/0x1410
[  104.809448][ T9380]  __page_pool_alloc_pages_slow+0x193/0xc30
[  104.811310][ T9380]  page_pool_alloc_netmems+0xc4/0x190
[  104.813016][ T9380]  skb_pp_cow_data+0x7c0/0xff0
[  104.814533][ T9380]  skb_cow_data_for_xdp+0x88/0xb0
[  104.816115][ T9380]  do_xdp_generic+0x530/0x1320
[  104.817677][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  104.819793][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  104.821652][ T9380]  __netif_receive_skb+0x1d/0x160
[  104.823233][ T9380]  netif_receive_skb+0x137/0x7b0
[  104.824787][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  104.826440][ T9380]  tun_get_user+0x28a2/0x3b80
[  104.827978][ T9380]  tun_chr_write_iter+0xdc/0x210
[  104.829571][ T9380] page last free pid 9154 tgid 9152 stack trace:
[  104.831527][ T9380]  __free_frozen_pages+0x7fe/0x1180
[  104.833146][ T9380]  vfree+0x1fd/0xb50
[  104.834379][ T9380]  snd_dma_free_pages+0x51/0x70
[  104.835923][ T9380]  snd_pcm_lib_free_pages+0x172/0x390
[  104.837668][ T9380]  snd_pcm_release_substream.part.0+0x2a8/0x340
[  104.839607][ T9380]  snd_pcm_release_substream+0x5b/0x70
[  104.841308][ T9380]  snd_pcm_oss_release+0x16f/0x310
[  104.842912][ T9380]  __fput+0x3ff/0xb70
[  104.844178][ T9380]  task_work_run+0x150/0x240
[  104.845665][ T9380]  do_exit+0x864/0x2bd0
[  104.847033][ T9380]  do_group_exit+0xd3/0x2a0
[  104.848465][ T9380]  get_signal+0x2673/0x26d0
[  104.849912][ T9380]  arch_do_signal_or_restart+0x8f/0x7d0
[  104.851633][ T9380]  exit_to_user_mode_loop+0x84/0x110
[  104.853305][ T9380]  do_syscall_64+0x3f6/0x4c0
[  104.854781][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.856705][ T9380] Modules linked in:
[  104.857949][ T9380] CPU: 2 UID: 0 PID: 9380 Comm: syz.1.1053 Tainted: G    B               6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  104.857966][ T9380] Tainted: [B]=BAD_PAGE
[  104.857969][ T9380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  104.857976][ T9380] Call Trace:
[  104.857980][ T9380]  <TASK>
[  104.857984][ T9380]  dump_stack_lvl+0x16c/0x1f0
[  104.858001][ T9380]  bad_page+0xcf/0x220
[  104.858016][ T9380]  ? __pfx_bad_page+0x10/0x10
[  104.858032][ T9380]  ? page_bad_reason+0x9d/0x1f0
[  104.858047][ T9380]  __free_frozen_pages+0x824/0x1180
[  104.858060][ T9380]  ? mark_held_locks+0x49/0x80
[  104.858077][ T9380]  page_frag_free+0x27f/0x2e0
[  104.858093][ T9380]  __xdp_return+0x38e/0xa90
[  104.858103][ T9380]  ? kmem_cache_free+0x2d1/0x4d0
[  104.858117][ T9380]  bpf_xdp_adjust_tail+0xa11/0xfd0
[  104.858132][ T9380]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  104.858141][ T9380]  bpf_prog_run_generic_xdp+0x626/0x1530
[  104.858158][ T9380]  do_xdp_generic+0x8e6/0x1320
[  104.858173][ T9380]  ? __pfx_do_xdp_generic+0x10/0x10
[  104.858192][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  104.858208][ T9380]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  104.858221][ T9380]  ? __skb_flow_dissect+0x11b2/0x7d90
[  104.858234][ T9380]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  104.858251][ T9380]  ? __pfx___skb_flow_dissect+0x10/0x10
[  104.858262][ T9380]  ? do_user_addr_fault+0x829/0x1370
[  104.858278][ T9380]  ? __lock_acquire+0xb8a/0x1c90
[  104.858295][ T9380]  ? __lock_acquire+0x622/0x1c90
[  104.858312][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  104.858326][ T9380]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  104.858341][ T9380]  ? lock_acquire+0x179/0x350
[  104.858358][ T9380]  __netif_receive_skb+0x1d/0x160
[  104.858372][ T9380]  netif_receive_skb+0x137/0x7b0
[  104.858386][ T9380]  ? __pfx_netif_receive_skb+0x10/0x10
[  104.858399][ T9380]  ? __pfx__copy_from_iter+0x10/0x10
[  104.858417][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  104.858432][ T9380]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  104.858448][ T9380]  ? tun_get_user+0x1c0d/0x3b80
[  104.858463][ T9380]  ? rcu_is_watching+0x12/0xc0
[  104.858477][ T9380]  tun_get_user+0x28a2/0x3b80
[  104.858495][ T9380]  ? __pfx_tun_get_user+0x10/0x10
[  104.858510][ T9380]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  104.858527][ T9380]  ? find_held_lock+0x2b/0x80
[  104.858539][ T9380]  ? tun_get+0x191/0x370
[  104.858554][ T9380]  tun_chr_write_iter+0xdc/0x210
[  104.858570][ T9380]  vfs_write+0x6c4/0x1150
[  104.858584][ T9380]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  104.858600][ T9380]  ? __pfx_vfs_write+0x10/0x10
[  104.858612][ T9380]  ? find_held_lock+0x2b/0x80
[  104.858628][ T9380]  ksys_write+0x12a/0x250
[  104.858645][ T9380]  ? __pfx_ksys_write+0x10/0x10
[  104.858660][ T9380]  do_syscall_64+0xcd/0x4c0
[  104.858676][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.858687][ T9380] RIP: 0033:0x7f6d9bf8d3df
[  104.858696][ T9380] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  104.858706][ T9380] RSP: 002b:00007f6d9ce5c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  104.858716][ T9380] RAX: ffffffffffffffda RBX: 00007f6d9c1b6160 RCX: 00007f6d9bf8d3df
[  104.858723][ T9380] RDX: 000000000000fdef RSI: 00002000000001c0 RDI: 00000000000000c8
[  104.858729][ T9380] RBP: 00007f6d9c010b39 R08: 0000000000000000 R09: 0000000000000000
[  104.858735][ T9380] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  104.858741][ T9380] R13: 0000000000000000 R14: 00007f6d9c1b6160 R15: 00007ffd8a60aa88
[  104.858752][ T9380]  </TASK>
[  104.858758][ T9380] BUG: Bad page state in process syz.1.1053  pfn:58f2a
[  104.970281][ T9380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2000008ac pfn:0x58f2a
[  104.973138][ T9380] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  104.975324][ T9380] raw: 00fff00000000000 dead000000000040 ffff888022275000 0000000000000000
[  104.978056][ T9380] raw: 00000002000008ac 0000000000000001 00000000ffffffff 0000000000000000
[  104.980690][ T9380] page dumped because: page_pool leak
[  104.982365][ T9380] page_owner tracks the page as allocated
[  104.984133][ T9380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 9380, tgid 9377 (syz.1.1053), ts 103227789675, free_ts 101034799663
[  104.989324][ T9380]  post_alloc_hook+0x1c0/0x230
[  104.990835][ T9380]  get_page_from_freelist+0x1321/0x3890
[  104.992556][ T9380]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  104.994428][ T9380]  alloc_pages_bulk_noprof+0x71c/0x1410
[  104.996194][ T9380]  __page_pool_alloc_pages_slow+0x193/0xc30
[  104.998094][ T9380]  page_pool_alloc_netmems+0xc4/0x190
[  104.999763][ T9380]  skb_pp_cow_data+0x7c0/0xff0
[  105.001251][ T9380]  skb_cow_data_for_xdp+0x88/0xb0
[  105.002829][ T9380]  do_xdp_generic+0x530/0x1320
[  105.004346][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  105.006451][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  105.008321][ T9380]  __netif_receive_skb+0x1d/0x160
[  105.009912][ T9380]  netif_receive_skb+0x137/0x7b0
[  105.011496][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  105.013150][ T9380]  tun_get_user+0x28a2/0x3b80
[  105.014649][ T9380]  tun_chr_write_iter+0xdc/0x210
[  105.016204][ T9380] page last free pid 9154 tgid 9152 stack trace:
[  105.018227][ T9380]  __free_frozen_pages+0x7fe/0x1180
[  105.019845][ T9380]  vfree+0x1fd/0xb50
[  105.021081][ T9380]  snd_dma_free_pages+0x51/0x70
[  105.022613][ T9380]  snd_pcm_lib_free_pages+0x172/0x390
[  105.024287][ T9380]  snd_pcm_release_substream.part.0+0x2a8/0x340
[  105.026232][ T9380]  snd_pcm_release_substream+0x5b/0x70
[  105.027979][ T9380]  snd_pcm_oss_release+0x16f/0x310
[  105.029617][ T9380]  __fput+0x3ff/0xb70
[  105.030882][ T9380]  task_work_run+0x150/0x240
[  105.032333][ T9380]  do_exit+0x864/0x2bd0
[  105.033649][ T9380]  do_group_exit+0xd3/0x2a0
[  105.035083][ T9380]  get_signal+0x2673/0x26d0
[  105.036502][ T9380]  arch_do_signal_or_restart+0x8f/0x7d0
[  105.038298][ T9380]  exit_to_user_mode_loop+0x84/0x110
[  105.039953][ T9380]  do_syscall_64+0x3f6/0x4c0
[  105.041428][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.043459][ T9380] Modules linked in:
[  105.045311][ T9380] CPU: 2 UID: 0 PID: 9380 Comm: syz.1.1053 Tainted: G    B               6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  105.045337][ T9380] Tainted: [B]=BAD_PAGE
[  105.045343][ T9380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  105.045353][ T9380] Call Trace:
[  105.045359][ T9380]  <TASK>
[  105.045365][ T9380]  dump_stack_lvl+0x16c/0x1f0
[  105.045401][ T9380]  bad_page+0xcf/0x220
[  105.045423][ T9380]  ? __pfx_bad_page+0x10/0x10
[  105.045446][ T9380]  ? page_bad_reason+0x9d/0x1f0
[  105.045494][ T9380]  __free_frozen_pages+0x824/0x1180
[  105.045514][ T9380]  ? mark_held_locks+0x49/0x80
[  105.045539][ T9380]  page_frag_free+0x27f/0x2e0
[  105.045561][ T9380]  __xdp_return+0x38e/0xa90
[  105.045577][ T9380]  ? kmem_cache_free+0x2d1/0x4d0
[  105.045596][ T9380]  bpf_xdp_adjust_tail+0xa11/0xfd0
[  105.045620][ T9380]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  105.045632][ T9380]  bpf_prog_run_generic_xdp+0x626/0x1530
[  105.045663][ T9380]  do_xdp_generic+0x8e6/0x1320
[  105.045685][ T9380]  ? __pfx_do_xdp_generic+0x10/0x10
[  105.045714][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  105.045738][ T9380]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  105.045757][ T9380]  ? __skb_flow_dissect+0x11b2/0x7d90
[  105.045776][ T9380]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  105.045801][ T9380]  ? __pfx___skb_flow_dissect+0x10/0x10
[  105.045818][ T9380]  ? do_user_addr_fault+0x829/0x1370
[  105.045843][ T9380]  ? __lock_acquire+0xb8a/0x1c90
[  105.045867][ T9380]  ? __lock_acquire+0x622/0x1c90
[  105.045893][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  105.045913][ T9380]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  105.045934][ T9380]  ? lock_acquire+0x179/0x350
[  105.045961][ T9380]  __netif_receive_skb+0x1d/0x160
[  105.045981][ T9380]  netif_receive_skb+0x137/0x7b0
[  105.046000][ T9380]  ? __pfx_netif_receive_skb+0x10/0x10
[  105.046019][ T9380]  ? __pfx__copy_from_iter+0x10/0x10
[  105.046043][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  105.046067][ T9380]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  105.046090][ T9380]  ? tun_get_user+0x1c0d/0x3b80
[  105.046110][ T9380]  ? rcu_is_watching+0x12/0xc0
[  105.046131][ T9380]  tun_get_user+0x28a2/0x3b80
[  105.046156][ T9380]  ? __pfx_tun_get_user+0x10/0x10
[  105.046178][ T9380]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  105.046201][ T9380]  ? find_held_lock+0x2b/0x80
[  105.046219][ T9380]  ? tun_get+0x191/0x370
[  105.046240][ T9380]  tun_chr_write_iter+0xdc/0x210
[  105.046263][ T9380]  vfs_write+0x6c4/0x1150
[  105.046282][ T9380]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  105.046300][ T9380]  ? __pfx_vfs_write+0x10/0x10
[  105.046312][ T9380]  ? find_held_lock+0x2b/0x80
[  105.046328][ T9380]  ksys_write+0x12a/0x250
[  105.046341][ T9380]  ? __pfx_ksys_write+0x10/0x10
[  105.046356][ T9380]  do_syscall_64+0xcd/0x4c0
[  105.046373][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.046384][ T9380] RIP: 0033:0x7f6d9bf8d3df
[  105.046394][ T9380] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  105.046405][ T9380] RSP: 002b:00007f6d9ce5c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  105.046415][ T9380] RAX: ffffffffffffffda RBX: 00007f6d9c1b6160 RCX: 00007f6d9bf8d3df
[  105.046422][ T9380] RDX: 000000000000fdef RSI: 00002000000001c0 RDI: 00000000000000c8
[  105.046428][ T9380] RBP: 00007f6d9c010b39 R08: 0000000000000000 R09: 0000000000000000
[  105.046435][ T9380] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  105.046441][ T9380] R13: 0000000000000000 R14: 00007f6d9c1b6160 R15: 00007ffd8a60aa88
[  105.046452][ T9380]  </TASK>
[  105.046459][ T9380] BUG: Bad page state in process syz.1.1053  pfn:5860a
[  105.159672][ T9380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2000008ab pfn:0x5860a
[  105.162615][ T9380] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  105.164840][ T9380] raw: 00fff00000000000 dead000000000040 ffff888022275000 0000000000000000
[  105.167570][ T9380] raw: 00000002000008ab 0000000000000001 00000000ffffffff 0000000000000000
[  105.170235][ T9380] page dumped because: page_pool leak
[  105.171911][ T9380] page_owner tracks the page as allocated
[  105.173717][ T9380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 9380, tgid 9377 (syz.1.1053), ts 103227783087, free_ts 101034805423
[  105.178962][ T9380]  post_alloc_hook+0x1c0/0x230
[  105.180475][ T9380]  get_page_from_freelist+0x1321/0x3890
[  105.182212][ T9380]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  105.184088][ T9380]  alloc_pages_bulk_noprof+0x71c/0x1410
[  105.185827][ T9380]  __page_pool_alloc_pages_slow+0x193/0xc30
[  105.187690][ T9380]  page_pool_alloc_netmems+0xc4/0x190
[  105.189334][ T9380]  skb_pp_cow_data+0x7c0/0xff0
[  105.190847][ T9380]  skb_cow_data_for_xdp+0x88/0xb0
[  105.192433][ T9380]  do_xdp_generic+0x530/0x1320
[  105.193985][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  105.196176][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  105.198056][ T9380]  __netif_receive_skb+0x1d/0x160
[  105.199633][ T9380]  netif_receive_skb+0x137/0x7b0
[  105.201189][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  105.202983][ T9380]  tun_get_user+0x28a2/0x3b80
[  105.204512][ T9380]  tun_chr_write_iter+0xdc/0x210
[  105.206068][ T9380] page last free pid 9154 tgid 9152 stack trace:
[  105.208104][ T9380]  __free_frozen_pages+0x7fe/0x1180
[  105.209740][ T9380]  vfree+0x1fd/0xb50
[  105.210975][ T9380]  snd_dma_free_pages+0x51/0x70
[  105.212535][ T9380]  snd_pcm_lib_free_pages+0x172/0x390
[  105.214239][ T9380]  snd_pcm_release_substream.part.0+0x2a8/0x340
[  105.216217][ T9380]  snd_pcm_release_substream+0x5b/0x70
[  105.217994][ T9380]  snd_pcm_oss_release+0x16f/0x310
[  105.219570][ T9380]  __fput+0x3ff/0xb70
[  105.220840][ T9380]  task_work_run+0x150/0x240
[  105.222305][ T9380]  do_exit+0x864/0x2bd0
[  105.223655][ T9380]  do_group_exit+0xd3/0x2a0
[  105.225105][ T9380]  get_signal+0x2673/0x26d0
[  105.226568][ T9380]  arch_do_signal_or_restart+0x8f/0x7d0
[  105.228357][ T9380]  exit_to_user_mode_loop+0x84/0x110
[  105.230018][ T9380]  do_syscall_64+0x3f6/0x4c0
[  105.231477][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.233362][ T9380] Modules linked in:
[  105.234629][ T9380] CPU: 2 UID: 0 PID: 9380 Comm: syz.1.1053 Tainted: G    B               6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  105.234650][ T9380] Tainted: [B]=BAD_PAGE
[  105.234654][ T9380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  105.234661][ T9380] Call Trace:
[  105.234666][ T9380]  <TASK>
[  105.234671][ T9380]  dump_stack_lvl+0x16c/0x1f0
[  105.234688][ T9380]  bad_page+0xcf/0x220
[  105.234704][ T9380]  ? __pfx_bad_page+0x10/0x10
[  105.234719][ T9380]  ? page_bad_reason+0x9d/0x1f0
[  105.234734][ T9380]  __free_frozen_pages+0x824/0x1180
[  105.234747][ T9380]  ? mark_held_locks+0x49/0x80
[  105.234764][ T9380]  page_frag_free+0x27f/0x2e0
[  105.234779][ T9380]  __xdp_return+0x38e/0xa90
[  105.234791][ T9380]  ? kmem_cache_free+0x2d1/0x4d0
[  105.234804][ T9380]  bpf_xdp_adjust_tail+0xa11/0xfd0
[  105.234819][ T9380]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  105.234828][ T9380]  bpf_prog_run_generic_xdp+0x626/0x1530
[  105.234845][ T9380]  do_xdp_generic+0x8e6/0x1320
[  105.234860][ T9380]  ? __pfx_do_xdp_generic+0x10/0x10
[  105.234880][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  105.234896][ T9380]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  105.234909][ T9380]  ? __skb_flow_dissect+0x11b2/0x7d90
[  105.234922][ T9380]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  105.234939][ T9380]  ? __pfx___skb_flow_dissect+0x10/0x10
[  105.234951][ T9380]  ? do_user_addr_fault+0x829/0x1370
[  105.234967][ T9380]  ? __lock_acquire+0xb8a/0x1c90
[  105.234984][ T9380]  ? __lock_acquire+0x622/0x1c90
[  105.235001][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  105.235015][ T9380]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  105.235030][ T9380]  ? lock_acquire+0x179/0x350
[  105.235048][ T9380]  __netif_receive_skb+0x1d/0x160
[  105.235062][ T9380]  netif_receive_skb+0x137/0x7b0
[  105.235075][ T9380]  ? __pfx_netif_receive_skb+0x10/0x10
[  105.235089][ T9380]  ? __pfx__copy_from_iter+0x10/0x10
[  105.235107][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  105.235124][ T9380]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  105.235140][ T9380]  ? tun_get_user+0x1c0d/0x3b80
[  105.235155][ T9380]  ? rcu_is_watching+0x12/0xc0
[  105.235169][ T9380]  tun_get_user+0x28a2/0x3b80
[  105.235187][ T9380]  ? __pfx_tun_get_user+0x10/0x10
[  105.235202][ T9380]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  105.235219][ T9380]  ? find_held_lock+0x2b/0x80
[  105.235231][ T9380]  ? tun_get+0x191/0x370
[  105.235247][ T9380]  tun_chr_write_iter+0xdc/0x210
[  105.235263][ T9380]  vfs_write+0x6c4/0x1150
[  105.235276][ T9380]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  105.235292][ T9380]  ? __pfx_vfs_write+0x10/0x10
[  105.235305][ T9380]  ? find_held_lock+0x2b/0x80
[  105.235321][ T9380]  ksys_write+0x12a/0x250
[  105.235334][ T9380]  ? __pfx_ksys_write+0x10/0x10
[  105.235349][ T9380]  do_syscall_64+0xcd/0x4c0
[  105.235365][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.235376][ T9380] RIP: 0033:0x7f6d9bf8d3df
[  105.235385][ T9380] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  105.235395][ T9380] RSP: 002b:00007f6d9ce5c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  105.235405][ T9380] RAX: ffffffffffffffda RBX: 00007f6d9c1b6160 RCX: 00007f6d9bf8d3df
[  105.235412][ T9380] RDX: 000000000000fdef RSI: 00002000000001c0 RDI: 00000000000000c8
[  105.235418][ T9380] RBP: 00007f6d9c010b39 R08: 0000000000000000 R09: 0000000000000000
[  105.235424][ T9380] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  105.235431][ T9380] R13: 0000000000000000 R14: 00007f6d9c1b6160 R15: 00007ffd8a60aa88
[  105.235441][ T9380]  </TASK>
[  105.235448][ T9380] BUG: Bad page state in process syz.1.1053  pfn:5975f
[  105.347001][ T9380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2000008aa pfn:0x5975f
[  105.349904][ T9380] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  105.352077][ T9380] raw: 00fff00000000000 dead000000000040 ffff888022275000 0000000000000000
[  105.354761][ T9380] raw: 00000002000008aa 0000000000000001 00000000ffffffff 0000000000000000
[  105.357444][ T9380] page dumped because: page_pool leak
[  105.359126][ T9380] page_owner tracks the page as allocated
[  105.360895][ T9380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 9380, tgid 9377 (syz.1.1053), ts 103227776467, free_ts 101034811058
[  105.366116][ T9380]  post_alloc_hook+0x1c0/0x230
[  105.367688][ T9380]  get_page_from_freelist+0x1321/0x3890
[  105.369422][ T9380]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  105.371284][ T9380]  alloc_pages_bulk_noprof+0x71c/0x1410
[  105.373015][ T9380]  __page_pool_alloc_pages_slow+0x193/0xc30
[  105.374913][ T9380]  page_pool_alloc_netmems+0xc4/0x190
[  105.376599][ T9380]  skb_pp_cow_data+0x7c0/0xff0
[  105.378164][ T9380]  skb_cow_data_for_xdp+0x88/0xb0
[  105.379742][ T9380]  do_xdp_generic+0x530/0x1320
[  105.381257][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  105.383379][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  105.385209][ T9380]  __netif_receive_skb+0x1d/0x160
[  105.386861][ T9380]  netif_receive_skb+0x137/0x7b0
[  105.388403][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  105.390058][ T9380]  tun_get_user+0x28a2/0x3b80
[  105.391487][ T9380]  tun_chr_write_iter+0xdc/0x210
[  105.393012][ T9380] page last free pid 9154 tgid 9152 stack trace:
[  105.395050][ T9380]  __free_frozen_pages+0x7fe/0x1180
[  105.396721][ T9380]  vfree+0x1fd/0xb50
[  105.397959][ T9380]  snd_dma_free_pages+0x51/0x70
[  105.399486][ T9380]  snd_pcm_lib_free_pages+0x172/0x390
[  105.401162][ T9380]  snd_pcm_release_substream.part.0+0x2a8/0x340
[  105.403116][ T9380]  snd_pcm_release_substream+0x5b/0x70
[  105.404843][ T9380]  snd_pcm_oss_release+0x16f/0x310
[  105.406459][ T9380]  __fput+0x3ff/0xb70
[  105.407784][ T9380]  task_work_run+0x150/0x240
[  105.409227][ T9380]  do_exit+0x864/0x2bd0
[  105.410544][ T9380]  do_group_exit+0xd3/0x2a0
[  105.412021][ T9380]  get_signal+0x2673/0x26d0
[  105.413478][ T9380]  arch_do_signal_or_restart+0x8f/0x7d0
[  105.415204][ T9380]  exit_to_user_mode_loop+0x84/0x110
[  105.416922][ T9380]  do_syscall_64+0x3f6/0x4c0
[  105.418402][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.420248][ T9380] Modules linked in:
[  105.421537][ T9380] CPU: 2 UID: 0 PID: 9380 Comm: syz.1.1053 Tainted: G    B               6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  105.421554][ T9380] Tainted: [B]=BAD_PAGE
[  105.421558][ T9380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  105.421565][ T9380] Call Trace:
[  105.421569][ T9380]  <TASK>
[  105.421574][ T9380]  dump_stack_lvl+0x16c/0x1f0
[  105.421590][ T9380]  bad_page+0xcf/0x220
[  105.421606][ T9380]  ? __pfx_bad_page+0x10/0x10
[  105.421621][ T9380]  ? page_bad_reason+0x9d/0x1f0
[  105.421641][ T9380]  __free_frozen_pages+0x824/0x1180
[  105.421653][ T9380]  ? mark_held_locks+0x49/0x80
[  105.421670][ T9380]  page_frag_free+0x27f/0x2e0
[  105.421685][ T9380]  __xdp_return+0x38e/0xa90
[  105.421695][ T9380]  ? kmem_cache_free+0x2d1/0x4d0
[  105.421709][ T9380]  bpf_xdp_adjust_tail+0xa11/0xfd0
[  105.421724][ T9380]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  105.421733][ T9380]  bpf_prog_run_generic_xdp+0x626/0x1530
[  105.421751][ T9380]  do_xdp_generic+0x8e6/0x1320
[  105.421765][ T9380]  ? __pfx_do_xdp_generic+0x10/0x10
[  105.421784][ T9380]  __netif_receive_skb_core.constprop.0+0x161c/0x4a00
[  105.421801][ T9380]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  105.421813][ T9380]  ? __skb_flow_dissect+0x11b2/0x7d90
[  105.421826][ T9380]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  105.421843][ T9380]  ? __pfx___skb_flow_dissect+0x10/0x10
[  105.421854][ T9380]  ? do_user_addr_fault+0x829/0x1370
[  105.421870][ T9380]  ? __lock_acquire+0xb8a/0x1c90
[  105.421887][ T9380]  ? __lock_acquire+0x622/0x1c90
[  105.421904][ T9380]  __netif_receive_skb_one_core+0xb0/0x1e0
[  105.421919][ T9380]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  105.421933][ T9380]  ? lock_acquire+0x179/0x350
[  105.421951][ T9380]  __netif_receive_skb+0x1d/0x160
[  105.421964][ T9380]  netif_receive_skb+0x137/0x7b0
[  105.421978][ T9380]  ? __pfx_netif_receive_skb+0x10/0x10
[  105.421992][ T9380]  ? __pfx__copy_from_iter+0x10/0x10
[  105.422008][ T9380]  tun_rx_batched.isra.0+0x3ee/0x740
[  105.422024][ T9380]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  105.422040][ T9380]  ? tun_get_user+0x1c0d/0x3b80
[  105.422055][ T9380]  ? rcu_is_watching+0x12/0xc0
[  105.422070][ T9380]  tun_get_user+0x28a2/0x3b80
[  105.422087][ T9380]  ? __pfx_tun_get_user+0x10/0x10
[  105.422102][ T9380]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  105.422119][ T9380]  ? find_held_lock+0x2b/0x80
[  105.422131][ T9380]  ? tun_get+0x191/0x370
[  105.422146][ T9380]  tun_chr_write_iter+0xdc/0x210
[  105.422163][ T9380]  vfs_write+0x6c4/0x1150
[  105.422176][ T9380]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  105.422192][ T9380]  ? __pfx_vfs_write+0x10/0x10
[  105.422204][ T9380]  ? find_held_lock+0x2b/0x80
[  105.422220][ T9380]  ksys_write+0x12a/0x250
[  105.422233][ T9380]  ? __pfx_ksys_write+0x10/0x10
[  105.422248][ T9380]  do_syscall_64+0xcd/0x4c0
[  105.422264][ T9380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.422274][ T9380] RIP: 0033:0x7f6d9bf8d3df
[  105.422282][ T9380] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  105.422293][ T9380] RSP: 002b:00007f6d9ce5c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  105.422303][ T9380] RAX: ffffffffffffffda RBX: 00007f6d9c1b6160 RCX: 00007f6d9bf8d3df
[  105.422310][ T9380] RDX: 000000000000fdef RSI: 00002000000001c0 RDI: 00000000000000c8
[  105.422319][ T9380] RBP: 00007f6d9c010b39 R08: 0000000000000000 R09: 0000000000000000
[  105.422325][ T9380] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  105.422331][ T9380] R13: 0000000000000000 R14: 00007f6d9c1b6160 R15: 00007ffd8a60aa88
[  105.422343][ T9380]  </TASK>
[  105.531026][    C2] vkms_vblank_simulate: vblank timer overrun
[  105.600147][ T8325] syz_tun (unregistering): left allmulticast mode
[  105.925713][ T9011] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.049215][ T9011] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.190415][ T9011] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.251536][ T9011] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.673257][ T9011] bond0 (unregistering): Released all slaves
[  106.755410][ T9011] tipc: Disabling bearer <udp:s>
[  106.758012][ T9011] tipc: Disabling bearer <udp:syz2>
[  106.760412][ T9011] tipc: Left network mode
[  106.974590][ T9011] hsr_slave_0: left promiscuous mode
[  106.976482][ T9011] hsr_slave_1: left promiscuous mode
[  106.980317][ T9011] veth1_macvtap: left promiscuous mode
[  106.982102][ T9011] veth0_macvtap: left promiscuous mode
[  106.984299][ T9011] veth1_vlan: left promiscuous mode
[  106.986077][ T9011] veth0_vlan: left promiscuous mode
[  107.009297][ T9011] pimreg (unregistering): left allmulticast mode
[  107.387415][ T5997] lo speed is unknown, defaulting to 1000
[  107.389304][ T5997] syz0: Port: 1 Link DOWN

VM DIAGNOSIS:
19:34:29  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffffffff9034cd40 RCX=1ffffffff1c84ea5 RDX=fffffbfff20699a9
RSI=0000000000000008 RDI=0000000000000001 RBP=ffff888029814880 RSP=ffffc90003d2f628
R8 =0000000000000000 R9 =fffffbfff20699a8 R10=ffffffff9034cd47 R11=0000000000000001
R12=ffffed10043ed000 R13=ffff888021f68000 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff819784ae RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555574b9b500 ffffffff 00c00000
GS =0000 ffff8880d6753000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000001b2e15ffff CR3=000000004efe2000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=000000000000004a DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000080400100 Opmask01=0000000000000fff Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffeb39fa520 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1921e11ae7
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1921e11adf
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1921e11b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1921e11b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1921e11b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1921e11b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1921e11bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1921e11c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a3a303063660064 656c696166206e6f 74705f74656e6920 306576656e656700
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1f1f151546430041 40494c4443054b4a 51555f51404b4c05 154053404b404200
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000020000 RBX=0000000000000003 RCX=0000000000020000 RDX=0000000000020007
RSI=0000000000000000 RDI=0000000000000007 RBP=ffff88802ed80000 RSP=ffffc900041af988
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000078 R11=0000000000000001
R12=ffff88802ed80af0 R13=ffff88802ed80b68 R14=0000000000000000 R15=ffffffff8e5c4880
RIP=ffffffff8198594c RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6853000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f6d9ce7cf98 CR3=0000000050e17000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=000000000000004a DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c011b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c011b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c011b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c011b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c011bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c011c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c184488 00007f6d9c184480 00007f6d9c184478 00007f6d9c184450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9cced100 00007f6d9c184440 00007f6d9c184458 00007f6d9c1844a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c184498 00007f6d9c184490 00007f6d9c184488 00007f6d9c184480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff855b8b95 RDI=ffffffff9b087320 RBP=ffffffff9b0872e0 RSP=ffffc90003edea80
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=0000000000000038 R14=ffffffff9b0872e0 R15=ffffffff855b8b30
RIP=ffffffff855b8bbf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f6d9ce5c6c0 ffffffff 00c00000
GS =0000 ffff8880d6953000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000020000000f000 CR3=0000000050e17000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c011b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c011b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c011b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c011b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c011bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c011c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c184488 00007f6d9c184480 00007f6d9c184478 00007f6d9c184450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9cced100 00007f6d9c184440 00007f6d9c184458 00007f6d9c1844a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6d9c184498 00007f6d9c184490 00007f6d9c184488 00007f6d9c184480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=00000000000b11cf RBX=0000000000000003 RCX=ffffffff8b801c19 RDX=0000000000000000
RSI=ffffffff8de19fc0 RDI=ffffffff8c157960 RBP=ffffed1003c56000 RSP=ffffc90000197df8
R8 =0000000000000001 R9 =ffffed100d4e6645 R10=ffff88806a73322b R11=0000000000000001
R12=0000000000000003 R13=ffff88801e2b0000 R14=ffffffff90a81550 R15=0000000000000000
RIP=ffffffff8b80077f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6a53000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00005591fb393f30 CR3=000000004bf89000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f92e1e11b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f92e1e11b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f92e1e11b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f92e1e11b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f92e1e11bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f92e1e11c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 008b00080000306d 697376656474656e 0002000f0000006d 697376656474656e
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f92e2aed100 00007f92e1f84440 00007f92e1f80004 0000000b000c000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f92e1f84498 00007f92e1f84490 00007f92e1f84488 00007f92e1f84480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000