last executing test programs: 49.699994086s ago: executing program 1 (id=2): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000009c0000000b"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={0x0, &(0x7f0000000200)=""/68, 0x0, 0x44, 0x0, 0x9, 0x0, @void, @value}, 0x28) 49.366088669s ago: executing program 1 (id=14): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='sched_switch\x00', r1, 0x0, 0x100000}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000048000000030a01010000000000000000010000000900030073797a3100000000080007006e6174000900010073797a310000000014000480080002407c40280f080001"], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 46.170567871s ago: executing program 1 (id=21): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000}) socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) read(r4, &(0x7f00000001c0)=""/64, 0x40) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="480000000206030000000000000500000000000005000100060000000d000300686173683a6e6574000000000900020073797a310000000005000500020000000500040000000000"], 0x48}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050) sendmsg$IPSET_CMD_SAVE(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x1c, 0x8, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x10) r6 = socket$inet(0xa, 0x801, 0x84) listen(r6, 0x8) accept4(r6, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_ASSOCIATE(r3, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, 0x0, 0x2, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x5) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000001811000000005b26159e30aeade544a367ee63361474085e92bcf52f8d657d600bcd7560ecd0d9df35431b9a54f681", @ANYRES32, @ANYBLOB="0000000000000000b702000003000000850000"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r7}, 0x10) r8 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r8, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r0, 0x80089419, &(0x7f0000000000)) syz_open_dev$vbi(&(0x7f0000000800), 0x2, 0x2) r9 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r9, 0x7cb, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 31.071393489s ago: executing program 32 (id=21): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000}) socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) read(r4, &(0x7f00000001c0)=""/64, 0x40) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="480000000206030000000000000500000000000005000100060000000d000300686173683a6e6574000000000900020073797a310000000005000500020000000500040000000000"], 0x48}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050) sendmsg$IPSET_CMD_SAVE(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x1c, 0x8, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x10) r6 = socket$inet(0xa, 0x801, 0x84) listen(r6, 0x8) accept4(r6, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_ASSOCIATE(r3, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, 0x0, 0x2, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x5) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000001811000000005b26159e30aeade544a367ee63361474085e92bcf52f8d657d600bcd7560ecd0d9df35431b9a54f681", @ANYRES32, @ANYBLOB="0000000000000000b702000003000000850000"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r7}, 0x10) r8 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r8, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r0, 0x80089419, &(0x7f0000000000)) syz_open_dev$vbi(&(0x7f0000000800), 0x2, 0x2) r9 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r9, 0x7cb, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 28.900458104s ago: executing program 4 (id=80): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfffffffffffffffe}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000c00)=ANY=[@ANYBLOB="18080000feffff3f000000000000001c85100000060000008510000004000000660800000000000018000000000000000000000000000000950000000000000095000000000000009500"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'veth1\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x80, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00'}, 0x10) 27.315134481s ago: executing program 4 (id=85): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x4000000000000, &(0x7f00000006c0), 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000640)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000b40), 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000900), 0x13f}}, 0x20) r1 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340), 0x106}}, 0x20) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0xfffffffffffffffe, &(0x7f0000000b40), 0x106}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000900), 0x111}}, 0x20) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000940)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000780), 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000a80)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000a40), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000280), 0x106}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000b00)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000007c0), 0x106}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000540)={0x0, 0x18, 0xfa00, {0xfffffffffffffffc, &(0x7f0000000500), 0x2}}, 0x20) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="06010000246837f73199aee6fdb9291b3091ec1a2d41d2271b00d8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3) 26.804587367s ago: executing program 4 (id=87): creat(&(0x7f0000000580)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x0) fanotify_mark(r1, 0x1, 0x10001011, r0, 0x0) socket$inet6(0xa, 0x1, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x7fa962bfffff, 0x13012, r2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x80080, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x14) 25.032735267s ago: executing program 4 (id=93): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{}, &(0x7f0000000400), 0x0}, 0x20) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r3 = dup(r2) write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) creat(&(0x7f0000000380)='./file0\x00', 0x80) 24.436949122s ago: executing program 4 (id=96): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18) socket$igmp(0x2, 0x3, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TYPE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xc2808000}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x8010) unshare(0x68040200) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000017be0095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r3 = io_uring_setup(0x6b3, &(0x7f0000000000)={0x0, 0xf324, 0x800, 0x2, 0xb9}) io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000140)={&(0x7f0000001000)={[{0x0}]}, 0x1}, 0x1) io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000300)={&(0x7f0000002000)={[{0x0, 0x0, 0x2}, {0x0}, {0x0, 0x0, 0x3}, {0x0}]}, 0x4, 0x1}, 0x1) io_uring_register$IORING_UNREGISTER_PBUF_RING(r3, 0x17, &(0x7f00000075c0)={0x0, 0x0, 0x1}, 0x1) timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) mq_open(&(0x7f0000000040)='eth0\x00\xdd\xad4=2k\xf1\x05\x9bG\xeb\x85\xe6u*\x03\xb6J\x91y\xe1;F\xa2\x8df\xe6\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xa1\v\x00\x00\x00\x00\x00\x00\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0@\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15\x05\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8OF\xa7^\x8c\xaf\fu\xb7w\x9eF', 0x1, 0x0, 0x0) 13.692498599s ago: executing program 4 (id=125): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x48}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050) 7.426006602s ago: executing program 0 (id=143): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @cgroup_sock_addr=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@cgroup=r6, 0x8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r4, 0x942e, 0x0) 6.031500451s ago: executing program 0 (id=144): socket(0x10, 0x803, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x20082, 0x0) r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0xcc, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0xa0, 0x2, [@TCA_U32_SEL={0x94, 0x5, {0x7, 0xef, 0x8, 0x6, 0x5, 0x9, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0x8, 0x7, 0x1009, 0xf1}, {0xfffffff9, 0x43, 0x7ffd, 0x5}, {0x7fde, 0x40, 0x51, 0x3ff}, {0x5, 0xb, 0x1, 0x42}, {0x6, 0x4, 0x8, 0x8}, {0x8001, 0x0, 0x0, 0x8001}, {0x1, 0x1800000, 0xa525}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0xfff3, 0xf}}]}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x80}, 0x40) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x1fa7}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 5.428334284s ago: executing program 0 (id=148): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x600) 4.896316382s ago: executing program 5 (id=151): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000efffffff850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='netlink_extack\x00', r0}, 0x18) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) 4.766343446s ago: executing program 3 (id=152): r0 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x1, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x2) mkdir(&(0x7f0000000000)='./control\x00', 0x0) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0) 3.95262081s ago: executing program 2 (id=153): openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) socket(0x2, 0x80805, 0x0) r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x7fffffffffffffff]}, 0x8, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x3092}], 0x1, 0x0, 0x0, 0x0) 3.683782256s ago: executing program 5 (id=154): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in=@local, 0x0, 0xfffc, 0x0, 0xfffd, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x9, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x400000}, {0x563}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, 0x2, @in, 0x0, 0x1}}, 0xe8) sendmmsg$inet6(r0, &(0x7f0000000a80)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}], 0x1, 0x0) 3.616415079s ago: executing program 3 (id=155): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x1f87, &(0x7f0000000100)={0x0, 0x0, 0x2, 0x0, 0x400000}, &(0x7f0000000180), &(0x7f00000001c0)) unshare(0x20000400) io_uring_enter(r1, 0x0, 0x3, 0x7, 0x0, 0x0) 3.476398667s ago: executing program 2 (id=156): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$inet(0xffffffffffffffff, 0x0, 0x4040004) shutdown(0xffffffffffffffff, 0x1) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x49, 0x0, 0xfe53) fanotify_init(0x4, 0x8000) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) 3.227693992s ago: executing program 5 (id=157): r0 = add_key$user(&(0x7f0000000b00), &(0x7f00000002c0)={'syz', 0x3}, &(0x7f0000000900)="9aa7099ef8", 0x5, 0xfffffffffffffffe) keyctl$read(0xb, r0, &(0x7f0000000300)=""/1, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x2c}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$inet6_mreq(r2, 0x29, 0x14, &(0x7f0000000000)={@dev}, 0x14) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0) ioctl$TCSETSW2(r3, 0x5425, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffa) r6 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000140)={'fscrypt:', @desc2}, 0x0, 0x0, 0xffffffffffffffff) r7 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, r6) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, &(0x7f00000000c0)={@desc={0x1, 0x0, @desc3}, 0x0, r7}) close_range(r5, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000000780)='.\x00') 3.112991977s ago: executing program 3 (id=158): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, 0x0) 2.136804849s ago: executing program 2 (id=159): r0 = socket(0x10, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000140)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000000), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f00000002c0)=@gcm_128={{0x303}, "0400", "0d00e8ffff1a8600", "cf0d00", "0400000000000100"}, 0x28) write$binfmt_script(r1, &(0x7f0000000780)={'#! ', './file0'}, 0xb) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000340)=@gcm_256={{0x303}, '\x00', "372a31a11e03279cec094e071cc80f218d360356a936a7e3971a8c35c47e5804", "400100", "fffffffffffffffd"}, 0x38) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f00000001c0)=0x1, 0x4) writev(r2, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) close_range(r0, r1, 0x0) 1.968087259s ago: executing program 2 (id=160): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x8c, r2, 0x5, 0x0, 0x3, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x48, 0xe, {{{}, {}, @broadcast}, 0x0, @random=0x1a8, 0x1, @void, @void, @void, @val={0x4, 0x6, {0xb1, 0x7, 0x7f, 0xfc}}, @void, @void, @val={0x25, 0x3, {0x0, 0x24, 0x4}}, @val={0x2a, 0x1, {0x1}}, @void, @void, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x9, 0x2, 0xff7f, 0xe9}}}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x7, 0x1, [0xb, 0x2, 0x6]}]}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4c8c0}, 0x0) 1.821590095s ago: executing program 3 (id=161): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000001a0000000c00018008000100", @ANYRES32=r1], 0x20}}, 0x0) 1.820848399s ago: executing program 0 (id=162): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000680)=@filter={'filter\x00', 0xe, 0x4, 0x320, 0xffffffff, 0x0, 0x1a8, 0x1a8, 0xffffffff, 0xffffffff, 0x288, 0x288, 0x288, 0xffffffff, 0x4, &(0x7f0000000040), {[{{@ip={@private=0xa010101, @broadcast, 0x0, 0x0, 'veth1_to_hsr\x00', 'ipvlan0\x00', {0xff}, {}, 0x33, 0x0, 0x10}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@inet=@set4={{0x50}, {{0x0, 0x6, 0x1}, {{0x4}, 0x5}, {{0xfffffffffffffff8}, 0xb}, 0x4}}]}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x9, 0x6e, 0x2}}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@ttl={{0x28}, {0x2, 0xa5}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@uncond, 0x0, 0x70, 0xe0}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x4, 0x0, 0x3, 0x0, 0x0, "ea0bf511a38b624d6ccd657aa896b1c4a130e2aba024743528bc07f86587823cc6748ecdf9b278a4bdfdeb9cde8ba6692fe43ee12e02bbcca82c84717c626a59"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x380) unshare(0x64000600) 1.661116214s ago: executing program 5 (id=163): r0 = syz_io_uring_setup(0x10d, &(0x7f00000006c0)={0x0, 0x5885, 0x0, 0x2}, 0x0, &(0x7f0000000280)=0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SHUTDOWN={0x22, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x598a4d38f4448fd7}) io_uring_enter(r0, 0x13516, 0xc2de, 0x8, 0x0, 0x0) select(0x0, 0x0, 0x0, 0x0, 0x0) 1.636224531s ago: executing program 2 (id=164): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000efffffff850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='netlink_extack\x00', r0}, 0x18) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) 1.438584893s ago: executing program 0 (id=165): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x400000001fc, 0x301) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x40, 0x0, 0x0, 0x7, 0x1fc, 0x0, 0x0, 0x20000, 0x0}) 1.278613223s ago: executing program 3 (id=166): creat(&(0x7f0000000200)='./file0\x00', 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r1 = dup(r0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000dc0), 0x6df8}}, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000002480)=0x3) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x200400, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) write$UHID_INPUT(r1, 0x0, 0x0) 1.115829256s ago: executing program 0 (id=167): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(0xffffffffffffffff, &(0x7f0000000480)={0x2020}, 0x2020) pipe2(&(0x7f0000000200), 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddc1517600000000000000000000eaff00"}) clock_adjtime(0x0, &(0x7f0000000000)={0xffff, 0x2, 0x2, 0x0, 0xcd6, 0x0, 0x0, 0x9, 0x0, 0x8000000000000000, 0x3b9ac9fb, 0x0, 0x0, 0x7fff, 0x0, 0x2, 0x7, 0xfffffffffffff000, 0x400000, 0x0, 0xe6, 0x7, 0x0, 0x0, 0xffffffffffffffff, 0x8000007ffffd}) unshare(0x2c020400) pipe2$9p(0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x8, 0x80000000) 1.115117173s ago: executing program 2 (id=168): r0 = socket(0x11, 0x3, 0x0) syz_open_procfs(0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3583], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = epoll_create1(0x0) r3 = epoll_create1(0x0) sendmsg$NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20044050}, 0x48040) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000080)={0x20000000}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000000)={0xe000202b}) epoll_pwait(r3, &(0x7f00008c9fc4)=[{}], 0x1, 0xfffffffffffffff7, 0x0, 0x0) r4 = dup3(r0, r3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x1c, 0x10, 0x1a001000000}, [@ldst={0x5, 0x0, 0x5, 0x0, 0x0, 0x0, 0xe6d61e00}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000300)={0x200f}) 233.294736ms ago: executing program 5 (id=169): r0 = syz_open_procfs(0x0, &(0x7f0000000380)='attr/exec\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000880)=ANY=[]) r1 = syz_io_uring_setup(0x2e3b, &(0x7f0000000440)={0x0, 0x482b, 0x10100, 0x1}, &(0x7f0000000400)=0x0, &(0x7f0000000300)=0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f0000000340)=[{&(0x7f00000002c0)=""/9, 0x9}], 0x1}) io_uring_enter(r1, 0x567, 0xa1ff, 0x0, 0x0, 0x0) 8.883288ms ago: executing program 3 (id=170): r0 = socket(0x10, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000140)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000000), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f00000002c0)=@gcm_128={{0x303}, "0400", "0d00e8ffff1a8600", "cf0d00", "0400000000000100"}, 0x28) write$binfmt_script(r1, &(0x7f0000000780)={'#! ', './file0'}, 0xb) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000340)=@gcm_256={{0x303}, '\x00', "372a31a11e03279cec094e071cc80f218d360356a936a7e3971a8c35c47e5804", "400100", "fffffffffffffffd"}, 0x38) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f00000001c0)=0x1, 0x4) writev(r2, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) close_range(r0, r1, 0x0) 0s ago: executing program 5 (id=171): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000a80)=ANY=[], 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.185' (ED25519) to the list of known hosts. [ 74.178085][ T5814] cgroup: Unknown subsys name 'net' [ 74.330762][ T5814] cgroup: Unknown subsys name 'cpuset' [ 74.339154][ T5814] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.858209][ T5814] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 78.296446][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.296574][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.313069][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.320352][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.336027][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.344104][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.345052][ T5835] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.352587][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.366286][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.366286][ T5834] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 78.373728][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.381424][ T5835] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 78.396392][ T5136] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.404248][ T5136] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.411628][ T5834] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.420043][ T5136] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.427853][ T5834] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 78.435888][ T5834] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.464420][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.480579][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.496325][ T5136] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 78.498403][ T5830] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.512025][ T5136] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 78.520300][ T5830] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 78.528572][ T5830] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 78.537199][ T5136] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 78.537569][ T5830] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 78.551811][ T5136] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 78.559276][ T5830] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 78.566687][ T5830] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 79.000592][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 79.056456][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 79.108192][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 79.156423][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 79.225752][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 79.310847][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.318325][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.325794][ T5840] bridge_slave_0: entered allmulticast mode [ 79.333801][ T5840] bridge_slave_0: entered promiscuous mode [ 79.356515][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.363832][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.371451][ T5826] bridge_slave_0: entered allmulticast mode [ 79.382186][ T5826] bridge_slave_0: entered promiscuous mode [ 79.429077][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.436194][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.443978][ T5840] bridge_slave_1: entered allmulticast mode [ 79.451013][ T5840] bridge_slave_1: entered promiscuous mode [ 79.459407][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.466533][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.473849][ T5826] bridge_slave_1: entered allmulticast mode [ 79.480836][ T5826] bridge_slave_1: entered promiscuous mode [ 79.552473][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.559944][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.567447][ T5824] bridge_slave_0: entered allmulticast mode [ 79.574179][ T5824] bridge_slave_0: entered promiscuous mode [ 79.581942][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.589626][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.596973][ T5825] bridge_slave_0: entered allmulticast mode [ 79.604205][ T5825] bridge_slave_0: entered promiscuous mode [ 79.617425][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.628987][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.638631][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.645824][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.653722][ T5824] bridge_slave_1: entered allmulticast mode [ 79.660803][ T5824] bridge_slave_1: entered promiscuous mode [ 79.677810][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.684928][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.692366][ T5825] bridge_slave_1: entered allmulticast mode [ 79.699387][ T5825] bridge_slave_1: entered promiscuous mode [ 79.716260][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.738129][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.803746][ T5840] team0: Port device team_slave_0 added [ 79.821667][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.833535][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.845691][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.859592][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.869044][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.876295][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.884062][ T5839] bridge_slave_0: entered allmulticast mode [ 79.892035][ T5839] bridge_slave_0: entered promiscuous mode [ 79.901322][ T5840] team0: Port device team_slave_1 added [ 79.910034][ T5826] team0: Port device team_slave_0 added [ 79.944233][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.951808][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.959779][ T5839] bridge_slave_1: entered allmulticast mode [ 79.966591][ T5839] bridge_slave_1: entered promiscuous mode [ 79.994144][ T5826] team0: Port device team_slave_1 added [ 80.020997][ T5824] team0: Port device team_slave_0 added [ 80.045673][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.053240][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.079585][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.103121][ T5824] team0: Port device team_slave_1 added [ 80.121168][ T5825] team0: Port device team_slave_0 added [ 80.138847][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.148762][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.155748][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.181826][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.198753][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.205756][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.233449][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.255805][ T5825] team0: Port device team_slave_1 added [ 80.263655][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.275621][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.282883][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.308921][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.325830][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.333119][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.359359][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.414110][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.421229][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.438782][ T5830] Bluetooth: hci1: command tx timeout [ 80.447432][ T5834] Bluetooth: hci0: command tx timeout [ 80.459500][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.471796][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.479801][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.506162][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.517488][ T5834] Bluetooth: hci2: command tx timeout [ 80.536043][ T5839] team0: Port device team_slave_0 added [ 80.544942][ T5839] team0: Port device team_slave_1 added [ 80.567617][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.574607][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.600932][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.601032][ T5834] Bluetooth: hci4: command tx timeout [ 80.611816][ T5830] Bluetooth: hci3: command tx timeout [ 80.656324][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.663794][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.690190][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.710720][ T5840] hsr_slave_0: entered promiscuous mode [ 80.721101][ T5840] hsr_slave_1: entered promiscuous mode [ 80.741603][ T5826] hsr_slave_0: entered promiscuous mode [ 80.748804][ T5826] hsr_slave_1: entered promiscuous mode [ 80.755009][ T5826] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.763519][ T5826] Cannot create hsr debugfs directory [ 80.770094][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.777313][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.803357][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.859475][ T5825] hsr_slave_0: entered promiscuous mode [ 80.866964][ T5825] hsr_slave_1: entered promiscuous mode [ 80.873296][ T5825] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.881431][ T5825] Cannot create hsr debugfs directory [ 80.891002][ T5824] hsr_slave_0: entered promiscuous mode [ 80.897449][ T5824] hsr_slave_1: entered promiscuous mode [ 80.903408][ T5824] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.911721][ T5824] Cannot create hsr debugfs directory [ 81.080670][ T5839] hsr_slave_0: entered promiscuous mode [ 81.087143][ T5839] hsr_slave_1: entered promiscuous mode [ 81.093176][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.101328][ T5839] Cannot create hsr debugfs directory [ 81.398064][ T5840] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 81.420315][ T5840] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 81.438073][ T5840] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 81.448917][ T5840] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 81.480628][ T5824] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 81.494117][ T5824] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 81.504837][ T5824] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 81.515247][ T5824] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 81.581294][ T5825] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 81.596215][ T5825] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 81.613065][ T5825] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 81.623648][ T5825] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.725865][ T5826] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 81.736483][ T5826] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 81.762909][ T5826] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 81.800470][ T5826] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 81.861110][ T5839] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 81.875859][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.892134][ T5839] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 81.915619][ T5839] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 81.937928][ T5839] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 81.954409][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.975151][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.009244][ T82] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.016549][ T82] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.026357][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.033598][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.086695][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.103076][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.110274][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.140060][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.149768][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.156965][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.224606][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.283531][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.290772][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.305741][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.312959][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.407360][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.455893][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.474551][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.502204][ T75] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.509375][ T75] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.517870][ T5834] Bluetooth: hci1: command tx timeout [ 82.517883][ T5830] Bluetooth: hci0: command tx timeout [ 82.554893][ T75] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.562294][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.597761][ T5834] Bluetooth: hci2: command tx timeout [ 82.664137][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.677132][ T5834] Bluetooth: hci4: command tx timeout [ 82.687627][ T5834] Bluetooth: hci3: command tx timeout [ 82.696263][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.740288][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.747489][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.817300][ T5826] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 82.855551][ T5826] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 82.894446][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.901664][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.940403][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.023484][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.167098][ T5824] veth0_vlan: entered promiscuous mode [ 83.189440][ T5825] veth0_vlan: entered promiscuous mode [ 83.219929][ T5824] veth1_vlan: entered promiscuous mode [ 83.245287][ T5840] veth0_vlan: entered promiscuous mode [ 83.266667][ T5825] veth1_vlan: entered promiscuous mode [ 83.294978][ T5840] veth1_vlan: entered promiscuous mode [ 83.368081][ T5824] veth0_macvtap: entered promiscuous mode [ 83.388067][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.398485][ T5825] veth0_macvtap: entered promiscuous mode [ 83.420555][ T5824] veth1_macvtap: entered promiscuous mode [ 83.432837][ T5825] veth1_macvtap: entered promiscuous mode [ 83.452784][ T5840] veth0_macvtap: entered promiscuous mode [ 83.467041][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.503003][ T5840] veth1_macvtap: entered promiscuous mode [ 83.529982][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.543723][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.556259][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.568550][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.589713][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.602031][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.613806][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.623861][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.636376][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.650792][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.663024][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.674177][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.685806][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.702613][ T5825] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.712141][ T5825] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.724235][ T5825] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.733073][ T5825] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.745347][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.756078][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.766157][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.777978][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.788987][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.827252][ T5840] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.836022][ T5840] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.845410][ T5840] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.855005][ T5840] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.866041][ T5824] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.874925][ T5824] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.884568][ T5824] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.893488][ T5824] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.914297][ T5826] veth0_vlan: entered promiscuous mode [ 83.968695][ T5839] veth0_vlan: entered promiscuous mode [ 83.978846][ T5826] veth1_vlan: entered promiscuous mode [ 84.030149][ T5839] veth1_vlan: entered promiscuous mode [ 84.075850][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.085228][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.151928][ T3571] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.161371][ T3571] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.177972][ T5839] veth0_macvtap: entered promiscuous mode [ 84.186618][ T5826] veth0_macvtap: entered promiscuous mode [ 84.209377][ T5839] veth1_macvtap: entered promiscuous mode [ 84.225787][ T5826] veth1_macvtap: entered promiscuous mode [ 84.243797][ T3571] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.260862][ T3571] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.329164][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.338656][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.346300][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.355603][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.380063][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.401177][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.411246][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.422874][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.440716][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.451930][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.463628][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.483177][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.502852][ T5825] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 84.504405][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.533577][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.544459][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.554473][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.565132][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.575033][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.585518][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.597019][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.597212][ T5834] Bluetooth: hci1: command tx timeout [ 84.607247][ T5830] Bluetooth: hci0: command tx timeout [ 84.627396][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.641622][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.651615][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.662202][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.672124][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.682815][ T5834] Bluetooth: hci2: command tx timeout [ 84.684707][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.700230][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.716779][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.734662][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.746008][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.757099][ T5834] Bluetooth: hci3: command tx timeout [ 84.760816][ T5830] Bluetooth: hci4: command tx timeout [ 84.775185][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.791408][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.803913][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.823060][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.835335][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.848292][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.857520][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.865443][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.874733][ T5826] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.884530][ T5826] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.893765][ T5826] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.904062][ T5826] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.928148][ T5839] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.956979][ T5839] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.965742][ T5839] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.004153][ T5839] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.072310][ T5911] netlink: 76 bytes leftover after parsing attributes in process `syz.0.6'. [ 85.360157][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.383230][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.494230][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.535715][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.604853][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.622354][ T5928] netlink: 'syz.0.8': attribute type 3 has an invalid length. [ 85.655737][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.676128][ T3571] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.699349][ T3571] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.803122][ T5931] capability: warning: `syz.4.9' uses 32-bit capabilities (legacy support in use) [ 85.887268][ T30] audit: type=1326 audit(1742890309.229:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5935 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 85.936434][ T30] audit: type=1326 audit(1742890309.239:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5935 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 85.969516][ T30] audit: type=1326 audit(1742890309.259:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5935 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 86.024864][ T30] audit: type=1326 audit(1742890309.259:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5935 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 86.054710][ T30] audit: type=1326 audit(1742890309.259:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5935 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 86.175374][ T30] audit: type=1326 audit(1742890309.259:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5935 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 86.210120][ T30] audit: type=1326 audit(1742890309.259:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5935 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 86.305009][ T30] audit: type=1326 audit(1742890309.259:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5935 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 86.391856][ T30] audit: type=1326 audit(1742890309.259:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5935 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 86.403037][ T5832] udevd[5832]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 86.679888][ T5830] Bluetooth: hci0: command tx timeout [ 86.692681][ T5834] Bluetooth: hci1: command tx timeout [ 86.708329][ T30] audit: type=1326 audit(1742890309.259:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5935 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 86.825204][ T5830] Bluetooth: hci2: command tx timeout [ 86.849396][ T5834] Bluetooth: hci3: command tx timeout [ 86.855367][ T5830] Bluetooth: hci4: command tx timeout [ 88.724146][ T5961] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 90.287578][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.677247][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 91.289971][ T5983] xt_limit: Overflow, try lower: 687865856/40 [ 91.607226][ T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 91.976924][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 92.000070][ T24] usb 1-1: unable to get BOS descriptor or descriptor too short [ 92.011573][ T24] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 92.019576][ T24] usb 1-1: can't read configurations, error -71 [ 92.687727][ T979] cfg80211: failed to load regulatory.db [ 94.357130][ T6025] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 94.787349][ T6025] netlink: 4 bytes leftover after parsing attributes in process `syz.0.35'. [ 94.937385][ T6030] xt_cgroup: invalid path, errno=-2 [ 95.689217][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 95.689255][ T30] audit: type=1800 audit(1742890319.029:48): pid=6046 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.43" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 96.917382][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 97.016774][ T6057] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 97.087042][ T30] audit: type=1326 audit(1742890320.359:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 97.108735][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.117277][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 97.147149][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.155497][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.166630][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.175201][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.184575][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.624901][ T30] audit: type=1326 audit(1742890320.359:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 97.737685][ T30] audit: type=1326 audit(1742890320.359:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 97.775994][ T30] audit: type=1326 audit(1742890320.359:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 97.832748][ T6054] wireguard0: entered promiscuous mode [ 97.883546][ T6054] wireguard0: entered allmulticast mode [ 97.898791][ T30] audit: type=1326 audit(1742890320.359:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 98.146714][ T30] audit: type=1326 audit(1742890320.359:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 98.508903][ T30] audit: type=1326 audit(1742890320.359:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 98.628268][ T30] audit: type=1326 audit(1742890320.359:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 98.735100][ T30] audit: type=1326 audit(1742890320.429:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4b79d8d169 code=0x7ffc0000 [ 101.878685][ T6093] pimreg: entered allmulticast mode [ 102.405028][ T6093] pimreg: left allmulticast mode [ 105.846002][ T6133] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 105.949183][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 105.961555][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 105.970380][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 106.006091][ T5834] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 106.018453][ T5834] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 106.025891][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 106.880018][ T6135] chnl_net:caif_netlink_parms(): no params data found [ 106.882859][ T5976] Set syz1 is full, maxelem 65536 reached [ 107.331087][ T6159] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 108.117116][ T5834] Bluetooth: hci3: command tx timeout [ 108.302357][ T53] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.317172][ T5825] block device autoloading is deprecated and will be removed. [ 108.804704][ T53] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.970532][ T53] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.015625][ T6135] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.050041][ T6135] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.092637][ T6135] bridge_slave_0: entered allmulticast mode [ 109.121371][ T6135] bridge_slave_0: entered promiscuous mode [ 109.234621][ T53] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.302132][ T6135] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.433574][ T6135] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.447192][ T6135] bridge_slave_1: entered allmulticast mode [ 109.497068][ T6135] bridge_slave_1: entered promiscuous mode [ 110.198047][ T5834] Bluetooth: hci3: command tx timeout [ 110.747055][ T6197] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 110.851062][ T6135] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.935191][ T6135] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.126764][ T6205] netlink: 12 bytes leftover after parsing attributes in process `syz.2.95'. [ 112.135822][ T6205] Zero length message leads to an empty skb [ 112.209257][ T6135] team0: Port device team_slave_0 added [ 112.250003][ T6135] team0: Port device team_slave_1 added [ 112.283166][ T5834] Bluetooth: hci3: command tx timeout [ 114.360380][ T5834] Bluetooth: hci3: command tx timeout [ 114.453998][ T53] bridge_slave_1: left allmulticast mode [ 114.487003][ T53] bridge_slave_1: left promiscuous mode [ 114.494053][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.785635][ T53] bridge_slave_0: left allmulticast mode [ 114.825881][ T53] bridge_slave_0: left promiscuous mode [ 114.926100][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.263186][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 117.296162][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 117.309442][ T53] bond0 (unregistering): Released all slaves [ 117.328395][ T6135] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 117.360976][ T6135] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.399985][ T6135] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 117.415041][ T6135] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 117.431411][ T6135] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.478867][ T6135] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.559048][ T6256] netlink: 12 bytes leftover after parsing attributes in process `syz.0.108'. [ 118.770552][ T6135] hsr_slave_0: entered promiscuous mode [ 118.796205][ T6135] hsr_slave_1: entered promiscuous mode [ 118.818248][ T6135] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 118.840840][ T6135] Cannot create hsr debugfs directory [ 119.102632][ T53] hsr_slave_0: left promiscuous mode [ 119.115787][ T53] hsr_slave_1: left promiscuous mode [ 119.123518][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 119.131795][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 119.142964][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 119.151244][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 119.174712][ T53] veth1_macvtap: left promiscuous mode [ 119.180892][ T53] veth0_macvtap: left promiscuous mode [ 119.186539][ T53] veth1_vlan: left promiscuous mode [ 119.193840][ T53] veth0_vlan: left promiscuous mode [ 119.992170][ T53] team0 (unregistering): Port device team_slave_1 removed [ 120.064989][ T53] team0 (unregistering): Port device team_slave_0 removed [ 122.108928][ T6135] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 122.194278][ T6135] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 122.271357][ T6135] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 122.334656][ T6135] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 123.634856][ T6135] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.700671][ T6135] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.810647][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.817833][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.906123][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.913328][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 124.076241][ T6135] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 124.092228][ T6135] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 125.345625][ T6135] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.584118][ T6135] veth0_vlan: entered promiscuous mode [ 126.623598][ T6135] veth1_vlan: entered promiscuous mode [ 126.726530][ T6135] veth0_macvtap: entered promiscuous mode [ 126.776353][ T6135] veth1_macvtap: entered promiscuous mode [ 126.849911][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.906658][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.139546][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 127.151641][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.163108][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 127.173634][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.183768][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 127.194367][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.298256][ T6135] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 127.575931][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 127.699921][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.866906][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 127.897092][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.935421][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 127.991910][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.025405][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.036037][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.049810][ T6135] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 128.066599][ T6135] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.075580][ T6135] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.084568][ T6135] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.096901][ T6135] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.376084][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.419207][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.137482][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.300745][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 130.148749][ T6433] input: syz0 as /devices/virtual/input/input5 [ 132.306298][ T6481] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 133.162580][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.194653][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.176248][ T6506] x_tables: duplicate underflow at hook 2 [ 136.030842][ T6550] BUG: Bad page state in process syz.5.171 pfn:5d78d [ 136.038065][ T6550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d78d [ 136.046961][ T6550] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 136.054145][ T6550] raw: 00fff00000000000 dead000000000040 ffff888022aab000 0000000000000000 [ 136.062827][ T6550] raw: 0000000000000000 3fffffffffffffff 00000000ffffffff 0000000000000000 [ 136.071492][ T6550] page dumped because: page_pool leak [ 136.076955][ T6550] page_owner tracks the page as allocated [ 136.083020][ T6550] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6550, tgid 6546 (syz.5.171), ts 136030706269, free_ts 122057432902 [ 136.100073][ T6550] post_alloc_hook+0x1f4/0x240 [ 136.104912][ T6550] get_page_from_freelist+0x3651/0x37a0 [ 136.110549][ T6550] __alloc_frozen_pages_noprof+0x292/0x710 [ 136.116412][ T6550] alloc_pages_bulk_noprof+0x847/0xae0 [ 136.121975][ T6550] __page_pool_alloc_pages_slow+0x11f/0x690 [ 136.127982][ T6550] page_pool_alloc_frag_netmem+0x59c/0x940 [ 136.133854][ T6550] skb_pp_cow_data+0xcea/0x1720 [ 136.138805][ T6550] do_xdp_generic+0x505/0xd30 [ 136.143528][ T6550] tun_get_user+0x2a4b/0x4860 [ 136.148303][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 136.153384][ T6550] vfs_write+0xacf/0xd10 [ 136.157724][ T6550] ksys_write+0x18f/0x2b0 [ 136.162105][ T6550] do_syscall_64+0xf3/0x230 [ 136.166654][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.172646][ T6550] page last free pid 53 tgid 53 stack trace: [ 136.178704][ T6550] __free_pages_ok+0xbbc/0xe40 [ 136.183512][ T6550] __folio_put+0x2b3/0x360 [ 136.188012][ T6550] free_large_kmalloc+0x13e/0x1e0 [ 136.193086][ T6550] kfree+0x212/0x430 [ 136.197071][ T6550] wg_destruct+0x254/0x2e0 [ 136.201537][ T6550] netdev_run_todo+0xd46/0xf30 [ 136.206386][ T6550] default_device_exit_batch+0x804/0x880 [ 136.212148][ T6550] cleanup_net+0x8ad/0xd60 [ 136.216611][ T6550] process_scheduled_works+0xabe/0x18e0 [ 136.222248][ T6550] worker_thread+0x870/0xd30 [ 136.226941][ T6550] kthread+0x7a9/0x920 [ 136.231061][ T6550] ret_from_fork+0x4b/0x80 [ 136.235699][ T6550] ret_from_fork_asm+0x1a/0x30 [ 136.240553][ T6550] Modules linked in: [ 136.244516][ T6550] CPU: 1 UID: 0 PID: 6550 Comm: syz.5.171 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 136.244544][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 136.244566][ T6550] Call Trace: [ 136.244574][ T6550] [ 136.244584][ T6550] dump_stack_lvl+0x241/0x360 [ 136.244627][ T6550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 136.244663][ T6550] ? __pfx_print_modules+0x10/0x10 [ 136.244707][ T6550] bad_page+0x176/0x1d0 [ 136.244740][ T6550] free_frozen_pages+0x1079/0x10e0 [ 136.244775][ T6550] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 136.244825][ T6550] bpf_xdp_adjust_tail+0x1c6/0x210 [ 136.244859][ T6550] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 136.244884][ T6550] bpf_prog_run_generic_xdp+0x12af/0x1510 [ 136.244951][ T6550] do_xdp_generic+0x757/0xd30 [ 136.244983][ T6550] ? __pfx_do_xdp_generic+0x10/0x10 [ 136.245022][ T6550] ? __local_bh_disable_ip+0x179/0x220 [ 136.245051][ T6550] ? __pfx_eth_type_trans+0x10/0x10 [ 136.245098][ T6550] ? tun_get_user+0x2914/0x4860 [ 136.245132][ T6550] tun_get_user+0x2a4b/0x4860 [ 136.245179][ T6550] ? __lock_acquire+0x1397/0x2100 [ 136.245216][ T6550] ? __pfx_tun_get_user+0x10/0x10 [ 136.245268][ T6550] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 136.245297][ T6550] ? tun_get+0x1e/0x2f0 [ 136.245329][ T6550] ? __pfx_lock_release+0x10/0x10 [ 136.245374][ T6550] ? tun_get+0x1e/0x2f0 [ 136.245404][ T6550] ? tun_get+0x27d/0x2f0 [ 136.245438][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 136.245474][ T6550] vfs_write+0xacf/0xd10 [ 136.245505][ T6550] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 136.245539][ T6550] ? __pfx_vfs_write+0x10/0x10 [ 136.245569][ T6550] ? __fget_files+0x2a/0x420 [ 136.245595][ T6550] ? __fget_files+0x2a/0x420 [ 136.245626][ T6550] ksys_write+0x18f/0x2b0 [ 136.245655][ T6550] ? __pfx_ksys_write+0x10/0x10 [ 136.245681][ T6550] ? exc_page_fault+0x590/0x8b0 [ 136.245710][ T6550] ? do_syscall_64+0xb6/0x230 [ 136.245741][ T6550] do_syscall_64+0xf3/0x230 [ 136.245771][ T6550] ? clear_bhb_loop+0x35/0x90 [ 136.245804][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.245834][ T6550] RIP: 0033:0x7fcffb98bc1f [ 136.245853][ T6550] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 136.245889][ T6550] RSP: 002b:00007fcffc80c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 136.245912][ T6550] RAX: ffffffffffffffda RBX: 00007fcffbba6080 RCX: 00007fcffb98bc1f [ 136.245928][ T6550] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 136.245942][ T6550] RBP: 00007fcffba0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 136.245955][ T6550] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 136.245968][ T6550] R13: 0000000000000001 R14: 00007fcffbba6080 R15: 00007ffe779aeeb8 [ 136.245999][ T6550] [ 136.246015][ T6550] Disabling lock debugging due to kernel taint [ 136.527176][ T6550] BUG: Bad page state in process syz.5.171 pfn:5d78c [ 136.533976][ T6550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d78c [ 136.542838][ T6550] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 136.550050][ T6550] raw: 00fff00000000000 dead000000000040 ffff888022aab000 0000000000000000 [ 136.558715][ T6550] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 136.567395][ T6550] page dumped because: page_pool leak [ 136.572808][ T6550] page_owner tracks the page as allocated [ 136.578595][ T6550] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6550, tgid 6546 (syz.5.171), ts 136030687549, free_ts 122057432902 [ 136.595600][ T6550] post_alloc_hook+0x1f4/0x240 [ 136.600470][ T6550] get_page_from_freelist+0x3651/0x37a0 [ 136.606051][ T6550] __alloc_frozen_pages_noprof+0x292/0x710 [ 136.611925][ T6550] alloc_pages_bulk_noprof+0x847/0xae0 [ 136.617474][ T6550] __page_pool_alloc_pages_slow+0x11f/0x690 [ 136.623424][ T6550] skb_pp_cow_data+0xcc8/0x1720 [ 136.628366][ T6550] do_xdp_generic+0x505/0xd30 [ 136.633082][ T6550] tun_get_user+0x2a4b/0x4860 [ 136.637858][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 136.642926][ T6550] vfs_write+0xacf/0xd10 [ 136.647258][ T6550] ksys_write+0x18f/0x2b0 [ 136.651649][ T6550] do_syscall_64+0xf3/0x230 [ 136.656195][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.662178][ T6550] page last free pid 53 tgid 53 stack trace: [ 136.668213][ T6550] __free_pages_ok+0xbbc/0xe40 [ 136.673101][ T6550] __folio_put+0x2b3/0x360 [ 136.677609][ T6550] free_large_kmalloc+0x13e/0x1e0 [ 136.682671][ T6550] kfree+0x212/0x430 [ 136.686612][ T6550] wg_destruct+0x254/0x2e0 [ 136.691199][ T6550] netdev_run_todo+0xd46/0xf30 [ 136.696018][ T6550] default_device_exit_batch+0x804/0x880 [ 136.701740][ T6550] cleanup_net+0x8ad/0xd60 [ 136.706206][ T6550] process_scheduled_works+0xabe/0x18e0 [ 136.711839][ T6550] worker_thread+0x870/0xd30 [ 136.716465][ T6550] kthread+0x7a9/0x920 [ 136.720624][ T6550] ret_from_fork+0x4b/0x80 [ 136.725080][ T6550] ret_from_fork_asm+0x1a/0x30 [ 136.729931][ T6550] Modules linked in: [ 136.733857][ T6550] CPU: 1 UID: 0 PID: 6550 Comm: syz.5.171 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 136.733886][ T6550] Tainted: [B]=BAD_PAGE [ 136.733893][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 136.733905][ T6550] Call Trace: [ 136.733913][ T6550] [ 136.733920][ T6550] dump_stack_lvl+0x241/0x360 [ 136.733957][ T6550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 136.733990][ T6550] ? __pfx_print_modules+0x10/0x10 [ 136.734022][ T6550] bad_page+0x176/0x1d0 [ 136.734051][ T6550] free_frozen_pages+0x1079/0x10e0 [ 136.734078][ T6550] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 136.734116][ T6550] bpf_xdp_adjust_tail+0x1c6/0x210 [ 136.734145][ T6550] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 136.734161][ T6550] bpf_prog_run_generic_xdp+0x12af/0x1510 [ 136.734207][ T6550] do_xdp_generic+0x757/0xd30 [ 136.734229][ T6550] ? __pfx_do_xdp_generic+0x10/0x10 [ 136.734252][ T6550] ? __local_bh_disable_ip+0x179/0x220 [ 136.734275][ T6550] ? __pfx_eth_type_trans+0x10/0x10 [ 136.734301][ T6550] ? tun_get_user+0x2914/0x4860 [ 136.734331][ T6550] tun_get_user+0x2a4b/0x4860 [ 136.734368][ T6550] ? __lock_acquire+0x1397/0x2100 [ 136.734399][ T6550] ? __pfx_tun_get_user+0x10/0x10 [ 136.734437][ T6550] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 136.734465][ T6550] ? tun_get+0x1e/0x2f0 [ 136.734493][ T6550] ? __pfx_lock_release+0x10/0x10 [ 136.734527][ T6550] ? tun_get+0x1e/0x2f0 [ 136.734555][ T6550] ? tun_get+0x27d/0x2f0 [ 136.734585][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 136.734616][ T6550] vfs_write+0xacf/0xd10 [ 136.734642][ T6550] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 136.734673][ T6550] ? __pfx_vfs_write+0x10/0x10 [ 136.734698][ T6550] ? __fget_files+0x2a/0x420 [ 136.734725][ T6550] ? __fget_files+0x2a/0x420 [ 136.734749][ T6550] ksys_write+0x18f/0x2b0 [ 136.734774][ T6550] ? __pfx_ksys_write+0x10/0x10 [ 136.734798][ T6550] ? exc_page_fault+0x590/0x8b0 [ 136.734824][ T6550] ? do_syscall_64+0xb6/0x230 [ 136.734850][ T6550] do_syscall_64+0xf3/0x230 [ 136.734876][ T6550] ? clear_bhb_loop+0x35/0x90 [ 136.734905][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.734933][ T6550] RIP: 0033:0x7fcffb98bc1f [ 136.734949][ T6550] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 136.734965][ T6550] RSP: 002b:00007fcffc80c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 136.734987][ T6550] RAX: ffffffffffffffda RBX: 00007fcffbba6080 RCX: 00007fcffb98bc1f [ 136.735001][ T6550] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 136.735014][ T6550] RBP: 00007fcffba0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 136.735026][ T6550] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 136.735037][ T6550] R13: 0000000000000001 R14: 00007fcffbba6080 R15: 00007ffe779aeeb8 [ 136.735058][ T6550] [ 136.735069][ T6550] BUG: Bad page state in process syz.5.171 pfn:5d78b [ 137.022516][ T6550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d78b [ 137.031343][ T6550] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 137.038596][ T6550] raw: 00fff00000000000 dead000000000040 ffff888022aab000 0000000000000000 [ 137.047245][ T6550] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 137.055847][ T6550] page dumped because: page_pool leak [ 137.061317][ T6550] page_owner tracks the page as allocated [ 137.067096][ T6550] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6550, tgid 6546 (syz.5.171), ts 136030674210, free_ts 122057432902 [ 137.084101][ T6550] post_alloc_hook+0x1f4/0x240 [ 137.088957][ T6550] get_page_from_freelist+0x3651/0x37a0 [ 137.094517][ T6550] __alloc_frozen_pages_noprof+0x292/0x710 [ 137.100377][ T6550] alloc_pages_bulk_noprof+0x847/0xae0 [ 137.106218][ T6550] __page_pool_alloc_pages_slow+0x11f/0x690 [ 137.112191][ T6550] skb_pp_cow_data+0xcc8/0x1720 [ 137.117114][ T6550] do_xdp_generic+0x505/0xd30 [ 137.121810][ T6550] tun_get_user+0x2a4b/0x4860 [ 137.126530][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 137.131638][ T6550] vfs_write+0xacf/0xd10 [ 137.135927][ T6550] ksys_write+0x18f/0x2b0 [ 137.140312][ T6550] do_syscall_64+0xf3/0x230 [ 137.144852][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.150804][ T6550] page last free pid 53 tgid 53 stack trace: [ 137.156848][ T6550] __free_pages_ok+0xbbc/0xe40 [ 137.161660][ T6550] __folio_put+0x2b3/0x360 [ 137.166114][ T6550] free_large_kmalloc+0x13e/0x1e0 [ 137.171189][ T6550] kfree+0x212/0x430 [ 137.175118][ T6550] wg_destruct+0x254/0x2e0 [ 137.179596][ T6550] netdev_run_todo+0xd46/0xf30 [ 137.184399][ T6550] default_device_exit_batch+0x804/0x880 [ 137.190081][ T6550] cleanup_net+0x8ad/0xd60 [ 137.194528][ T6550] process_scheduled_works+0xabe/0x18e0 [ 137.200124][ T6550] worker_thread+0x870/0xd30 [ 137.204740][ T6550] kthread+0x7a9/0x920 [ 137.208854][ T6550] ret_from_fork+0x4b/0x80 [ 137.213299][ T6550] ret_from_fork_asm+0x1a/0x30 [ 137.218110][ T6550] Modules linked in: [ 137.222025][ T6550] CPU: 1 UID: 0 PID: 6550 Comm: syz.5.171 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 137.222046][ T6550] Tainted: [B]=BAD_PAGE [ 137.222052][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 137.222061][ T6550] Call Trace: [ 137.222066][ T6550] [ 137.222072][ T6550] dump_stack_lvl+0x241/0x360 [ 137.222101][ T6550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 137.222126][ T6550] ? __pfx_print_modules+0x10/0x10 [ 137.222151][ T6550] bad_page+0x176/0x1d0 [ 137.222174][ T6550] free_frozen_pages+0x1079/0x10e0 [ 137.222195][ T6550] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 137.222224][ T6550] bpf_xdp_adjust_tail+0x1c6/0x210 [ 137.222244][ T6550] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 137.222256][ T6550] bpf_prog_run_generic_xdp+0x12af/0x1510 [ 137.222292][ T6550] do_xdp_generic+0x757/0xd30 [ 137.222310][ T6550] ? __pfx_do_xdp_generic+0x10/0x10 [ 137.222327][ T6550] ? __local_bh_disable_ip+0x179/0x220 [ 137.222346][ T6550] ? __pfx_eth_type_trans+0x10/0x10 [ 137.222367][ T6550] ? tun_get_user+0x2914/0x4860 [ 137.222391][ T6550] tun_get_user+0x2a4b/0x4860 [ 137.222421][ T6550] ? __lock_acquire+0x1397/0x2100 [ 137.222445][ T6550] ? __pfx_tun_get_user+0x10/0x10 [ 137.222476][ T6550] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 137.222498][ T6550] ? tun_get+0x1e/0x2f0 [ 137.222521][ T6550] ? __pfx_lock_release+0x10/0x10 [ 137.222548][ T6550] ? tun_get+0x1e/0x2f0 [ 137.222570][ T6550] ? tun_get+0x27d/0x2f0 [ 137.222593][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 137.222618][ T6550] vfs_write+0xacf/0xd10 [ 137.222639][ T6550] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 137.222664][ T6550] ? __pfx_vfs_write+0x10/0x10 [ 137.222689][ T6550] ? __fget_files+0x2a/0x420 [ 137.222705][ T6550] ? __fget_files+0x2a/0x420 [ 137.222724][ T6550] ksys_write+0x18f/0x2b0 [ 137.222744][ T6550] ? __pfx_ksys_write+0x10/0x10 [ 137.222763][ T6550] ? exc_page_fault+0x590/0x8b0 [ 137.222783][ T6550] ? do_syscall_64+0xb6/0x230 [ 137.222804][ T6550] do_syscall_64+0xf3/0x230 [ 137.222824][ T6550] ? clear_bhb_loop+0x35/0x90 [ 137.222848][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.222869][ T6550] RIP: 0033:0x7fcffb98bc1f [ 137.222882][ T6550] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 137.222895][ T6550] RSP: 002b:00007fcffc80c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 137.222910][ T6550] RAX: ffffffffffffffda RBX: 00007fcffbba6080 RCX: 00007fcffb98bc1f [ 137.222922][ T6550] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 137.222932][ T6550] RBP: 00007fcffba0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 137.222941][ T6550] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 137.222950][ T6550] R13: 0000000000000001 R14: 00007fcffbba6080 R15: 00007ffe779aeeb8 [ 137.222967][ T6550] [ 137.222976][ T6550] BUG: Bad page state in process syz.5.171 pfn:5d78a [ 137.509329][ T6550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d78a [ 137.518143][ T6550] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 137.525279][ T6550] raw: 00fff00000000000 dead000000000040 ffff888022aab000 0000000000000000 [ 137.533941][ T6550] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 137.542584][ T6550] page dumped because: page_pool leak [ 137.547999][ T6550] page_owner tracks the page as allocated [ 137.553724][ T6550] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6550, tgid 6546 (syz.5.171), ts 136030661123, free_ts 122057432902 [ 137.570749][ T6550] post_alloc_hook+0x1f4/0x240 [ 137.575572][ T6550] get_page_from_freelist+0x3651/0x37a0 [ 137.581216][ T6550] __alloc_frozen_pages_noprof+0x292/0x710 [ 137.587098][ T6550] alloc_pages_bulk_noprof+0x847/0xae0 [ 137.592599][ T6550] __page_pool_alloc_pages_slow+0x11f/0x690 [ 137.598625][ T6550] skb_pp_cow_data+0xcc8/0x1720 [ 137.603521][ T6550] do_xdp_generic+0x505/0xd30 [ 137.608263][ T6550] tun_get_user+0x2a4b/0x4860 [ 137.612988][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 137.618088][ T6550] vfs_write+0xacf/0xd10 [ 137.622366][ T6550] ksys_write+0x18f/0x2b0 [ 137.626728][ T6550] do_syscall_64+0xf3/0x230 [ 137.631325][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.637303][ T6550] page last free pid 53 tgid 53 stack trace: [ 137.643307][ T6550] __free_pages_ok+0xbbc/0xe40 [ 137.648136][ T6550] __folio_put+0x2b3/0x360 [ 137.652595][ T6550] free_large_kmalloc+0x13e/0x1e0 [ 137.657697][ T6550] kfree+0x212/0x430 [ 137.661644][ T6550] wg_destruct+0x254/0x2e0 [ 137.666094][ T6550] netdev_run_todo+0xd46/0xf30 [ 137.670927][ T6550] default_device_exit_batch+0x804/0x880 [ 137.676613][ T6550] cleanup_net+0x8ad/0xd60 [ 137.681125][ T6550] process_scheduled_works+0xabe/0x18e0 [ 137.686709][ T6550] worker_thread+0x870/0xd30 [ 137.691372][ T6550] kthread+0x7a9/0x920 [ 137.695478][ T6550] ret_from_fork+0x4b/0x80 [ 137.699955][ T6550] ret_from_fork_asm+0x1a/0x30 [ 137.704757][ T6550] Modules linked in: [ 137.708707][ T6550] CPU: 1 UID: 0 PID: 6550 Comm: syz.5.171 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 137.708738][ T6550] Tainted: [B]=BAD_PAGE [ 137.708746][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 137.708758][ T6550] Call Trace: [ 137.708766][ T6550] [ 137.708774][ T6550] dump_stack_lvl+0x241/0x360 [ 137.708811][ T6550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 137.708845][ T6550] ? __pfx_print_modules+0x10/0x10 [ 137.708879][ T6550] bad_page+0x176/0x1d0 [ 137.708910][ T6550] free_frozen_pages+0x1079/0x10e0 [ 137.708939][ T6550] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 137.708978][ T6550] bpf_xdp_adjust_tail+0x1c6/0x210 [ 137.709005][ T6550] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 137.709023][ T6550] bpf_prog_run_generic_xdp+0x12af/0x1510 [ 137.709072][ T6550] do_xdp_generic+0x757/0xd30 [ 137.709095][ T6550] ? __pfx_do_xdp_generic+0x10/0x10 [ 137.709120][ T6550] ? __local_bh_disable_ip+0x179/0x220 [ 137.709145][ T6550] ? __pfx_eth_type_trans+0x10/0x10 [ 137.709173][ T6550] ? tun_get_user+0x2914/0x4860 [ 137.709206][ T6550] tun_get_user+0x2a4b/0x4860 [ 137.709245][ T6550] ? __lock_acquire+0x1397/0x2100 [ 137.709279][ T6550] ? __pfx_tun_get_user+0x10/0x10 [ 137.709319][ T6550] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 137.709347][ T6550] ? tun_get+0x1e/0x2f0 [ 137.709375][ T6550] ? __pfx_lock_release+0x10/0x10 [ 137.709409][ T6550] ? tun_get+0x1e/0x2f0 [ 137.709438][ T6550] ? tun_get+0x27d/0x2f0 [ 137.709468][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 137.709501][ T6550] vfs_write+0xacf/0xd10 [ 137.709530][ T6550] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 137.709562][ T6550] ? __pfx_vfs_write+0x10/0x10 [ 137.709590][ T6550] ? __fget_files+0x2a/0x420 [ 137.709621][ T6550] ? __fget_files+0x2a/0x420 [ 137.709646][ T6550] ksys_write+0x18f/0x2b0 [ 137.709672][ T6550] ? __pfx_ksys_write+0x10/0x10 [ 137.709699][ T6550] ? exc_page_fault+0x590/0x8b0 [ 137.709726][ T6550] ? do_syscall_64+0xb6/0x230 [ 137.709755][ T6550] do_syscall_64+0xf3/0x230 [ 137.709782][ T6550] ? clear_bhb_loop+0x35/0x90 [ 137.709814][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.709842][ T6550] RIP: 0033:0x7fcffb98bc1f [ 137.709860][ T6550] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 137.709878][ T6550] RSP: 002b:00007fcffc80c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 137.709899][ T6550] RAX: ffffffffffffffda RBX: 00007fcffbba6080 RCX: 00007fcffb98bc1f [ 137.709914][ T6550] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 137.709926][ T6550] RBP: 00007fcffba0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 137.709938][ T6550] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 137.709950][ T6550] R13: 0000000000000001 R14: 00007fcffbba6080 R15: 00007ffe779aeeb8 [ 137.709971][ T6550] [ 137.709982][ T6550] BUG: Bad page state in process syz.5.171 pfn:5d789 [ 137.837212][ T5830] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 137.838681][ T6550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d789 [ 137.844082][ T5830] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 137.847873][ T6550] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 137.847905][ T6550] raw: 00fff00000000000 dead000000000040 ffff888022aab000 0000000000000000 [ 137.852628][ T5830] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 137.857179][ T6550] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 137.857195][ T6550] page dumped because: page_pool leak [ 137.857206][ T6550] page_owner tracks the page as allocated [ 137.857215][ T6550] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6550, tgid 6546 (syz.5.171), ts 136030642699, free_ts 122057432902 [ 137.862927][ T5830] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 137.867019][ T6550] post_alloc_hook+0x1f4/0x240 [ 137.867051][ T6550] get_page_from_freelist+0x3651/0x37a0 [ 137.867078][ T6550] __alloc_frozen_pages_noprof+0x292/0x710 [ 137.872558][ T5830] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 137.876407][ T6550] alloc_pages_bulk_noprof+0x847/0xae0 [ 137.876448][ T6550] __page_pool_alloc_pages_slow+0x11f/0x690 [ 137.876476][ T6550] skb_pp_cow_data+0xcc8/0x1720 [ 137.876503][ T6550] do_xdp_generic+0x505/0xd30 [ 137.876521][ T6550] tun_get_user+0x2a4b/0x4860 [ 137.876552][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 137.882051][ T5830] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 137.885505][ T6550] vfs_write+0xacf/0xd10 [ 137.885535][ T6550] ksys_write+0x18f/0x2b0 [ 138.155580][ T6550] do_syscall_64+0xf3/0x230 [ 138.160142][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.166113][ T6550] page last free pid 53 tgid 53 stack trace: [ 138.172137][ T6550] __free_pages_ok+0xbbc/0xe40 [ 138.176962][ T6550] __folio_put+0x2b3/0x360 [ 138.181408][ T6550] free_large_kmalloc+0x13e/0x1e0 [ 138.186437][ T6550] kfree+0x212/0x430 [ 138.190400][ T6550] wg_destruct+0x254/0x2e0 [ 138.194848][ T6550] netdev_run_todo+0xd46/0xf30 [ 138.199682][ T6550] default_device_exit_batch+0x804/0x880 [ 138.205349][ T6550] cleanup_net+0x8ad/0xd60 [ 138.209828][ T6550] process_scheduled_works+0xabe/0x18e0 [ 138.215418][ T6550] worker_thread+0x870/0xd30 [ 138.220065][ T6550] kthread+0x7a9/0x920 [ 138.224164][ T6550] ret_from_fork+0x4b/0x80 [ 138.228634][ T6550] ret_from_fork_asm+0x1a/0x30 [ 138.233427][ T6550] Modules linked in: [ 138.237379][ T6550] CPU: 1 UID: 0 PID: 6550 Comm: syz.5.171 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 138.237409][ T6550] Tainted: [B]=BAD_PAGE [ 138.237417][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 138.237431][ T6550] Call Trace: [ 138.237439][ T6550] [ 138.237447][ T6550] dump_stack_lvl+0x241/0x360 [ 138.237487][ T6550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 138.237522][ T6550] ? __pfx_print_modules+0x10/0x10 [ 138.237565][ T6550] bad_page+0x176/0x1d0 [ 138.237597][ T6550] free_frozen_pages+0x1079/0x10e0 [ 138.237627][ T6550] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 138.237667][ T6550] bpf_xdp_adjust_tail+0x1c6/0x210 [ 138.237695][ T6550] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 138.237713][ T6550] bpf_prog_run_generic_xdp+0x12af/0x1510 [ 138.237763][ T6550] do_xdp_generic+0x757/0xd30 [ 138.237788][ T6550] ? __pfx_do_xdp_generic+0x10/0x10 [ 138.237814][ T6550] ? __local_bh_disable_ip+0x179/0x220 [ 138.237840][ T6550] ? __pfx_eth_type_trans+0x10/0x10 [ 138.237869][ T6550] ? tun_get_user+0x2914/0x4860 [ 138.237903][ T6550] tun_get_user+0x2a4b/0x4860 [ 138.237945][ T6550] ? __lock_acquire+0x1397/0x2100 [ 138.237987][ T6550] ? __pfx_tun_get_user+0x10/0x10 [ 138.238030][ T6550] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 138.238061][ T6550] ? tun_get+0x1e/0x2f0 [ 138.238093][ T6550] ? __pfx_lock_release+0x10/0x10 [ 138.238131][ T6550] ? tun_get+0x1e/0x2f0 [ 138.238162][ T6550] ? tun_get+0x27d/0x2f0 [ 138.238195][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 138.238230][ T6550] vfs_write+0xacf/0xd10 [ 138.238260][ T6550] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 138.238293][ T6550] ? __pfx_vfs_write+0x10/0x10 [ 138.238322][ T6550] ? __fget_files+0x2a/0x420 [ 138.238345][ T6550] ? __fget_files+0x2a/0x420 [ 138.238372][ T6550] ksys_write+0x18f/0x2b0 [ 138.238400][ T6550] ? __pfx_ksys_write+0x10/0x10 [ 138.238427][ T6550] ? exc_page_fault+0x590/0x8b0 [ 138.238454][ T6550] ? do_syscall_64+0xb6/0x230 [ 138.238484][ T6550] do_syscall_64+0xf3/0x230 [ 138.238524][ T6550] ? clear_bhb_loop+0x35/0x90 [ 138.238581][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.238611][ T6550] RIP: 0033:0x7fcffb98bc1f [ 138.238630][ T6550] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 138.238648][ T6550] RSP: 002b:00007fcffc80c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 138.238669][ T6550] RAX: ffffffffffffffda RBX: 00007fcffbba6080 RCX: 00007fcffb98bc1f [ 138.238684][ T6550] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 138.238697][ T6550] RBP: 00007fcffba0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 138.238709][ T6550] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 138.238720][ T6550] R13: 0000000000000001 R14: 00007fcffbba6080 R15: 00007ffe779aeeb8 [ 138.238742][ T6550] [ 138.238755][ T6550] BUG: Bad page state in process syz.5.171 pfn:5d788 [ 138.525035][ T6550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d788 [ 138.533838][ T6550] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 138.540999][ T6550] raw: 00fff00000000000 dead000000000040 ffff888022aab000 0000000000000000 [ 138.549629][ T6550] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 138.558269][ T6550] page dumped because: page_pool leak [ 138.563651][ T6550] page_owner tracks the page as allocated [ 138.569407][ T6550] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6550, tgid 6546 (syz.5.171), ts 136030629460, free_ts 122057432902 [ 138.586381][ T6550] post_alloc_hook+0x1f4/0x240 [ 138.591221][ T6550] get_page_from_freelist+0x3651/0x37a0 [ 138.596847][ T6550] __alloc_frozen_pages_noprof+0x292/0x710 [ 138.602689][ T6550] alloc_pages_bulk_noprof+0x847/0xae0 [ 138.608233][ T6550] __page_pool_alloc_pages_slow+0x11f/0x690 [ 138.614167][ T6550] skb_pp_cow_data+0xcc8/0x1720 [ 138.619086][ T6550] do_xdp_generic+0x505/0xd30 [ 138.623782][ T6550] tun_get_user+0x2a4b/0x4860 [ 138.628541][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 138.633593][ T6550] vfs_write+0xacf/0xd10 [ 138.637901][ T6550] ksys_write+0x18f/0x2b0 [ 138.642258][ T6550] do_syscall_64+0xf3/0x230 [ 138.646840][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.652766][ T6550] page last free pid 53 tgid 53 stack trace: [ 138.658815][ T6550] __free_pages_ok+0xbbc/0xe40 [ 138.663596][ T6550] __folio_put+0x2b3/0x360 [ 138.668062][ T6550] free_large_kmalloc+0x13e/0x1e0 [ 138.673109][ T6550] kfree+0x212/0x430 [ 138.677062][ T6550] wg_destruct+0x254/0x2e0 [ 138.681510][ T6550] netdev_run_todo+0xd46/0xf30 [ 138.686285][ T6550] default_device_exit_batch+0x804/0x880 [ 138.691967][ T6550] cleanup_net+0x8ad/0xd60 [ 138.696412][ T6550] process_scheduled_works+0xabe/0x18e0 [ 138.702019][ T6550] worker_thread+0x870/0xd30 [ 138.706632][ T6550] kthread+0x7a9/0x920 [ 138.710746][ T6550] ret_from_fork+0x4b/0x80 [ 138.715182][ T6550] ret_from_fork_asm+0x1a/0x30 [ 138.719992][ T6550] Modules linked in: [ 138.723907][ T6550] CPU: 1 UID: 0 PID: 6550 Comm: syz.5.171 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 138.723927][ T6550] Tainted: [B]=BAD_PAGE [ 138.723932][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 138.723941][ T6550] Call Trace: [ 138.723947][ T6550] [ 138.723953][ T6550] dump_stack_lvl+0x241/0x360 [ 138.723981][ T6550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 138.724005][ T6550] ? __pfx_print_modules+0x10/0x10 [ 138.724029][ T6550] bad_page+0x176/0x1d0 [ 138.724051][ T6550] free_frozen_pages+0x1079/0x10e0 [ 138.724072][ T6550] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 138.724099][ T6550] bpf_xdp_adjust_tail+0x1c6/0x210 [ 138.724119][ T6550] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 138.724131][ T6550] bpf_prog_run_generic_xdp+0x12af/0x1510 [ 138.724167][ T6550] do_xdp_generic+0x757/0xd30 [ 138.724183][ T6550] ? __pfx_do_xdp_generic+0x10/0x10 [ 138.724200][ T6550] ? __local_bh_disable_ip+0x179/0x220 [ 138.724218][ T6550] ? __pfx_eth_type_trans+0x10/0x10 [ 138.724239][ T6550] ? tun_get_user+0x2914/0x4860 [ 138.724262][ T6550] tun_get_user+0x2a4b/0x4860 [ 138.724291][ T6550] ? __lock_acquire+0x1397/0x2100 [ 138.724314][ T6550] ? __pfx_tun_get_user+0x10/0x10 [ 138.724344][ T6550] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 138.724365][ T6550] ? tun_get+0x1e/0x2f0 [ 138.724386][ T6550] ? __pfx_lock_release+0x10/0x10 [ 138.724412][ T6550] ? tun_get+0x1e/0x2f0 [ 138.724434][ T6550] ? tun_get+0x27d/0x2f0 [ 138.724456][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 138.724481][ T6550] vfs_write+0xacf/0xd10 [ 138.724502][ T6550] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 138.724529][ T6550] ? __pfx_vfs_write+0x10/0x10 [ 138.724549][ T6550] ? __fget_files+0x2a/0x420 [ 138.724565][ T6550] ? __fget_files+0x2a/0x420 [ 138.724582][ T6550] ksys_write+0x18f/0x2b0 [ 138.724602][ T6550] ? __pfx_ksys_write+0x10/0x10 [ 138.724621][ T6550] ? exc_page_fault+0x590/0x8b0 [ 138.724640][ T6550] ? do_syscall_64+0xb6/0x230 [ 138.724660][ T6550] do_syscall_64+0xf3/0x230 [ 138.724680][ T6550] ? clear_bhb_loop+0x35/0x90 [ 138.724703][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.724723][ T6550] RIP: 0033:0x7fcffb98bc1f [ 138.724736][ T6550] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 138.724748][ T6550] RSP: 002b:00007fcffc80c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 138.724763][ T6550] RAX: ffffffffffffffda RBX: 00007fcffbba6080 RCX: 00007fcffb98bc1f [ 138.724774][ T6550] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 138.724784][ T6550] RBP: 00007fcffba0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 138.724793][ T6550] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 138.724801][ T6550] R13: 0000000000000001 R14: 00007fcffbba6080 R15: 00007ffe779aeeb8 [ 138.724817][ T6550] [ 138.724825][ T6550] BUG: Bad page state in process syz.5.171 pfn:5d787 [ 139.011401][ T6550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d787 [ 139.020215][ T6550] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 139.027376][ T6550] raw: 00fff00000000000 dead000000000040 ffff888022aab000 0000000000000000 [ 139.035965][ T6550] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 139.044611][ T6550] page dumped because: page_pool leak [ 139.050015][ T6550] page_owner tracks the page as allocated [ 139.055771][ T6550] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6550, tgid 6546 (syz.5.171), ts 136030598347, free_ts 122057432902 [ 139.072802][ T6550] post_alloc_hook+0x1f4/0x240 [ 139.077626][ T6550] get_page_from_freelist+0x3651/0x37a0 [ 139.083187][ T6550] __alloc_frozen_pages_noprof+0x292/0x710 [ 139.089052][ T6550] alloc_pages_bulk_noprof+0x847/0xae0 [ 139.094543][ T6550] __page_pool_alloc_pages_slow+0x11f/0x690 [ 139.100494][ T6550] skb_pp_cow_data+0xcc8/0x1720 [ 139.105396][ T6550] do_xdp_generic+0x505/0xd30 [ 139.110137][ T6550] tun_get_user+0x2a4b/0x4860 [ 139.114856][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 139.119959][ T6550] vfs_write+0xacf/0xd10 [ 139.124229][ T6550] ksys_write+0x18f/0x2b0 [ 139.128617][ T6550] do_syscall_64+0xf3/0x230 [ 139.133174][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.139131][ T6550] page last free pid 53 tgid 53 stack trace: [ 139.145127][ T6550] __free_pages_ok+0xbbc/0xe40 [ 139.149937][ T6550] __folio_put+0x2b3/0x360 [ 139.154399][ T6550] free_large_kmalloc+0x13e/0x1e0 [ 139.159476][ T6550] kfree+0x212/0x430 [ 139.163428][ T6550] wg_destruct+0x254/0x2e0 [ 139.167905][ T6550] netdev_run_todo+0xd46/0xf30 [ 139.172705][ T6550] default_device_exit_batch+0x804/0x880 [ 139.178478][ T6550] cleanup_net+0x8ad/0xd60 [ 139.182924][ T6550] process_scheduled_works+0xabe/0x18e0 [ 139.188533][ T6550] worker_thread+0x870/0xd30 [ 139.193154][ T6550] kthread+0x7a9/0x920 [ 139.197280][ T6550] ret_from_fork+0x4b/0x80 [ 139.201723][ T6550] ret_from_fork_asm+0x1a/0x30 [ 139.206500][ T6550] Modules linked in: [ 139.210451][ T6550] CPU: 1 UID: 0 PID: 6550 Comm: syz.5.171 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 139.210482][ T6550] Tainted: [B]=BAD_PAGE [ 139.210490][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 139.210502][ T6550] Call Trace: [ 139.210508][ T6550] [ 139.210516][ T6550] dump_stack_lvl+0x241/0x360 [ 139.210554][ T6550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 139.210588][ T6550] ? __pfx_print_modules+0x10/0x10 [ 139.210620][ T6550] bad_page+0x176/0x1d0 [ 139.210652][ T6550] free_frozen_pages+0x1079/0x10e0 [ 139.210683][ T6550] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 139.210723][ T6550] bpf_xdp_adjust_tail+0x1c6/0x210 [ 139.210760][ T6550] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 139.210779][ T6550] bpf_prog_run_generic_xdp+0x12af/0x1510 [ 139.210830][ T6550] do_xdp_generic+0x757/0xd30 [ 139.210856][ T6550] ? __pfx_do_xdp_generic+0x10/0x10 [ 139.210882][ T6550] ? __local_bh_disable_ip+0x179/0x220 [ 139.210909][ T6550] ? __pfx_eth_type_trans+0x10/0x10 [ 139.210936][ T6550] ? tun_get_user+0x2914/0x4860 [ 139.210969][ T6550] tun_get_user+0x2a4b/0x4860 [ 139.211010][ T6550] ? __lock_acquire+0x1397/0x2100 [ 139.211045][ T6550] ? __pfx_tun_get_user+0x10/0x10 [ 139.211088][ T6550] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 139.211120][ T6550] ? tun_get+0x1e/0x2f0 [ 139.211151][ T6550] ? __pfx_lock_release+0x10/0x10 [ 139.211190][ T6550] ? tun_get+0x1e/0x2f0 [ 139.211221][ T6550] ? tun_get+0x27d/0x2f0 [ 139.211255][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 139.211290][ T6550] vfs_write+0xacf/0xd10 [ 139.211320][ T6550] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 139.211355][ T6550] ? __pfx_vfs_write+0x10/0x10 [ 139.211383][ T6550] ? __fget_files+0x2a/0x420 [ 139.211407][ T6550] ? __fget_files+0x2a/0x420 [ 139.211432][ T6550] ksys_write+0x18f/0x2b0 [ 139.211461][ T6550] ? __pfx_ksys_write+0x10/0x10 [ 139.211488][ T6550] ? exc_page_fault+0x590/0x8b0 [ 139.211518][ T6550] ? do_syscall_64+0xb6/0x230 [ 139.211548][ T6550] do_syscall_64+0xf3/0x230 [ 139.211577][ T6550] ? clear_bhb_loop+0x35/0x90 [ 139.211610][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.211641][ T6550] RIP: 0033:0x7fcffb98bc1f [ 139.211660][ T6550] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 139.211678][ T6550] RSP: 002b:00007fcffc80c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 139.211702][ T6550] RAX: ffffffffffffffda RBX: 00007fcffbba6080 RCX: 00007fcffb98bc1f [ 139.211718][ T6550] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 139.211733][ T6550] RBP: 00007fcffba0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 139.211753][ T6550] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 139.211766][ T6550] R13: 0000000000000001 R14: 00007fcffbba6080 R15: 00007ffe779aeeb8 [ 139.211789][ T6550] [ 139.211802][ T6550] BUG: Bad page state in process syz.5.171 pfn:5d786 [ 139.497980][ T6550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d786 [ 139.506834][ T6550] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 139.513977][ T6550] raw: 00fff00000000000 dead000000000040 ffff888022aab000 0000000000000000 [ 139.522625][ T6550] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 139.531298][ T6550] page dumped because: page_pool leak [ 139.536851][ T6550] page_owner tracks the page as allocated [ 139.542612][ T6550] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6550, tgid 6546 (syz.5.171), ts 136030585525, free_ts 122057432902 [ 139.559621][ T6550] post_alloc_hook+0x1f4/0x240 [ 139.564426][ T6550] get_page_from_freelist+0x3651/0x37a0 [ 139.570033][ T6550] __alloc_frozen_pages_noprof+0x292/0x710 [ 139.575871][ T6550] alloc_pages_bulk_noprof+0x847/0xae0 [ 139.581414][ T6550] __page_pool_alloc_pages_slow+0x11f/0x690 [ 139.587389][ T6550] skb_pp_cow_data+0xcc8/0x1720 [ 139.592281][ T6550] do_xdp_generic+0x505/0xd30 [ 139.596997][ T6550] tun_get_user+0x2a4b/0x4860 [ 139.601707][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 139.606742][ T6550] vfs_write+0xacf/0xd10 [ 139.611054][ T6550] ksys_write+0x18f/0x2b0 [ 139.615389][ T6550] do_syscall_64+0xf3/0x230 [ 139.619956][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.625917][ T6550] page last free pid 53 tgid 53 stack trace: [ 139.631945][ T6550] __free_pages_ok+0xbbc/0xe40 [ 139.636809][ T6550] __folio_put+0x2b3/0x360 [ 139.641282][ T6550] free_large_kmalloc+0x13e/0x1e0 [ 139.646312][ T6550] kfree+0x212/0x430 [ 139.650268][ T6550] wg_destruct+0x254/0x2e0 [ 139.654719][ T6550] netdev_run_todo+0xd46/0xf30 [ 139.659547][ T6550] default_device_exit_batch+0x804/0x880 [ 139.665241][ T6550] cleanup_net+0x8ad/0xd60 [ 139.669719][ T6550] process_scheduled_works+0xabe/0x18e0 [ 139.675309][ T6550] worker_thread+0x870/0xd30 [ 139.679957][ T6550] kthread+0x7a9/0x920 [ 139.684063][ T6550] ret_from_fork+0x4b/0x80 [ 139.688555][ T6550] ret_from_fork_asm+0x1a/0x30 [ 139.693392][ T6550] Modules linked in: [ 139.697345][ T6550] CPU: 1 UID: 0 PID: 6550 Comm: syz.5.171 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 139.697375][ T6550] Tainted: [B]=BAD_PAGE [ 139.697382][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 139.697393][ T6550] Call Trace: [ 139.697400][ T6550] [ 139.697408][ T6550] dump_stack_lvl+0x241/0x360 [ 139.697446][ T6550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 139.697479][ T6550] ? __pfx_print_modules+0x10/0x10 [ 139.697511][ T6550] bad_page+0x176/0x1d0 [ 139.697543][ T6550] free_frozen_pages+0x1079/0x10e0 [ 139.697572][ T6550] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 139.697612][ T6550] bpf_xdp_adjust_tail+0x1c6/0x210 [ 139.697641][ T6550] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 139.697661][ T6550] bpf_prog_run_generic_xdp+0x12af/0x1510 [ 139.697722][ T6550] do_xdp_generic+0x757/0xd30 [ 139.697747][ T6550] ? __pfx_do_xdp_generic+0x10/0x10 [ 139.697773][ T6550] ? __local_bh_disable_ip+0x179/0x220 [ 139.697797][ T6550] ? __pfx_eth_type_trans+0x10/0x10 [ 139.697824][ T6550] ? tun_get_user+0x2914/0x4860 [ 139.697856][ T6550] tun_get_user+0x2a4b/0x4860 [ 139.697896][ T6550] ? __lock_acquire+0x1397/0x2100 [ 139.697931][ T6550] ? __pfx_tun_get_user+0x10/0x10 [ 139.697973][ T6550] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 139.698003][ T6550] ? tun_get+0x1e/0x2f0 [ 139.698036][ T6550] ? __pfx_lock_release+0x10/0x10 [ 139.698073][ T6550] ? tun_get+0x1e/0x2f0 [ 139.698105][ T6550] ? tun_get+0x27d/0x2f0 [ 139.698138][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 139.698174][ T6550] vfs_write+0xacf/0xd10 [ 139.698203][ T6550] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 139.698237][ T6550] ? __pfx_vfs_write+0x10/0x10 [ 139.698266][ T6550] ? __fget_files+0x2a/0x420 [ 139.698289][ T6550] ? __fget_files+0x2a/0x420 [ 139.698316][ T6550] ksys_write+0x18f/0x2b0 [ 139.698344][ T6550] ? __pfx_ksys_write+0x10/0x10 [ 139.698371][ T6550] ? exc_page_fault+0x590/0x8b0 [ 139.698400][ T6550] ? do_syscall_64+0xb6/0x230 [ 139.698430][ T6550] do_syscall_64+0xf3/0x230 [ 139.698460][ T6550] ? clear_bhb_loop+0x35/0x90 [ 139.698494][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.698525][ T6550] RIP: 0033:0x7fcffb98bc1f [ 139.698544][ T6550] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 139.698563][ T6550] RSP: 002b:00007fcffc80c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 139.698586][ T6550] RAX: ffffffffffffffda RBX: 00007fcffbba6080 RCX: 00007fcffb98bc1f [ 139.698601][ T6550] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 139.698614][ T6550] RBP: 00007fcffba0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 139.698628][ T6550] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 139.698641][ T6550] R13: 0000000000000001 R14: 00007fcffbba6080 R15: 00007ffe779aeeb8 [ 139.698663][ T6550] [ 139.698675][ T6550] BUG: Bad page state in process syz.5.171 pfn:5d785 [ 139.957002][ T5834] Bluetooth: hci5: command tx timeout [ 139.959657][ T6550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d785 [ 139.999546][ T6550] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 140.006659][ T6550] raw: 00fff00000000000 dead000000000040 ffff888022aab000 0000000000000000 [ 140.015483][ T6550] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 140.024113][ T6550] page dumped because: page_pool leak [ 140.029528][ T6550] page_owner tracks the page as allocated [ 140.035259][ T6550] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6550, tgid 6546 (syz.5.171), ts 136030572970, free_ts 122057432902 [ 140.052238][ T6550] post_alloc_hook+0x1f4/0x240 [ 140.057051][ T6550] get_page_from_freelist+0x3651/0x37a0 [ 140.063152][ T6550] __alloc_frozen_pages_noprof+0x292/0x710 [ 140.069025][ T6550] alloc_pages_bulk_noprof+0x847/0xae0 [ 140.074510][ T6550] __page_pool_alloc_pages_slow+0x11f/0x690 [ 140.080455][ T6550] skb_pp_cow_data+0xcc8/0x1720 [ 140.085337][ T6550] do_xdp_generic+0x505/0xd30 [ 140.090062][ T6550] tun_get_user+0x2a4b/0x4860 [ 140.094772][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 140.099874][ T6550] vfs_write+0xacf/0xd10 [ 140.104141][ T6550] ksys_write+0x18f/0x2b0 [ 140.108535][ T6550] do_syscall_64+0xf3/0x230 [ 140.113063][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.119002][ T6550] page last free pid 53 tgid 53 stack trace: [ 140.124994][ T6550] __free_pages_ok+0xbbc/0xe40 [ 140.129814][ T6550] __folio_put+0x2b3/0x360 [ 140.134258][ T6550] free_large_kmalloc+0x13e/0x1e0 [ 140.139334][ T6550] kfree+0x212/0x430 [ 140.143267][ T6550] wg_destruct+0x254/0x2e0 [ 140.147734][ T6550] netdev_run_todo+0xd46/0xf30 [ 140.152534][ T6550] default_device_exit_batch+0x804/0x880 [ 140.158214][ T6550] cleanup_net+0x8ad/0xd60 [ 140.162655][ T6550] process_scheduled_works+0xabe/0x18e0 [ 140.168255][ T6550] worker_thread+0x870/0xd30 [ 140.172899][ T6550] kthread+0x7a9/0x920 [ 140.177010][ T6550] ret_from_fork+0x4b/0x80 [ 140.181449][ T6550] ret_from_fork_asm+0x1a/0x30 [ 140.186216][ T6550] Modules linked in: [ 140.190185][ T6550] CPU: 1 UID: 0 PID: 6550 Comm: syz.5.171 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 140.190215][ T6550] Tainted: [B]=BAD_PAGE [ 140.190222][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 140.190234][ T6550] Call Trace: [ 140.190240][ T6550] [ 140.190248][ T6550] dump_stack_lvl+0x241/0x360 [ 140.190284][ T6550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 140.190318][ T6550] ? __pfx_print_modules+0x10/0x10 [ 140.190365][ T6550] bad_page+0x176/0x1d0 [ 140.190398][ T6550] free_frozen_pages+0x1079/0x10e0 [ 140.190429][ T6550] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 140.190469][ T6550] bpf_xdp_adjust_tail+0x1c6/0x210 [ 140.190498][ T6550] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 140.190517][ T6550] bpf_prog_run_generic_xdp+0x12af/0x1510 [ 140.190569][ T6550] do_xdp_generic+0x757/0xd30 [ 140.190594][ T6550] ? __pfx_do_xdp_generic+0x10/0x10 [ 140.190621][ T6550] ? __local_bh_disable_ip+0x179/0x220 [ 140.190647][ T6550] ? __pfx_eth_type_trans+0x10/0x10 [ 140.190677][ T6550] ? tun_get_user+0x2914/0x4860 [ 140.190711][ T6550] tun_get_user+0x2a4b/0x4860 [ 140.190753][ T6550] ? __lock_acquire+0x1397/0x2100 [ 140.190787][ T6550] ? __pfx_tun_get_user+0x10/0x10 [ 140.190830][ T6550] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 140.190861][ T6550] ? tun_get+0x1e/0x2f0 [ 140.190893][ T6550] ? __pfx_lock_release+0x10/0x10 [ 140.190931][ T6550] ? tun_get+0x1e/0x2f0 [ 140.190963][ T6550] ? tun_get+0x27d/0x2f0 [ 140.190997][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 140.191032][ T6550] vfs_write+0xacf/0xd10 [ 140.191062][ T6550] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 140.191095][ T6550] ? __pfx_vfs_write+0x10/0x10 [ 140.191124][ T6550] ? __fget_files+0x2a/0x420 [ 140.191148][ T6550] ? __fget_files+0x2a/0x420 [ 140.191175][ T6550] ksys_write+0x18f/0x2b0 [ 140.191203][ T6550] ? __pfx_ksys_write+0x10/0x10 [ 140.191230][ T6550] ? exc_page_fault+0x590/0x8b0 [ 140.191256][ T6550] ? do_syscall_64+0xb6/0x230 [ 140.191285][ T6550] do_syscall_64+0xf3/0x230 [ 140.191313][ T6550] ? clear_bhb_loop+0x35/0x90 [ 140.191356][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.191386][ T6550] RIP: 0033:0x7fcffb98bc1f [ 140.191405][ T6550] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 140.191424][ T6550] RSP: 002b:00007fcffc80c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 140.191447][ T6550] RAX: ffffffffffffffda RBX: 00007fcffbba6080 RCX: 00007fcffb98bc1f [ 140.191464][ T6550] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 140.191478][ T6550] RBP: 00007fcffba0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 140.191492][ T6550] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 140.191505][ T6550] R13: 0000000000000001 R14: 00007fcffbba6080 R15: 00007ffe779aeeb8 [ 140.191529][ T6550] [ 140.191541][ T6550] BUG: Bad page state in process syz.5.171 pfn:5d784 [ 140.477946][ T6550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d784 [ 140.486741][ T6550] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 140.493919][ T6550] raw: 00fff00000000000 dead000000000040 ffff888022aab000 0000000000000000 [ 140.502594][ T6550] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 140.511220][ T6550] page dumped because: page_pool leak [ 140.516619][ T6550] page_owner tracks the page as allocated [ 140.522422][ T6550] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6550, tgid 6546 (syz.5.171), ts 136030559711, free_ts 122057432902 [ 140.539407][ T6550] post_alloc_hook+0x1f4/0x240 [ 140.544172][ T6550] get_page_from_freelist+0x3651/0x37a0 [ 140.549769][ T6550] __alloc_frozen_pages_noprof+0x292/0x710 [ 140.555603][ T6550] alloc_pages_bulk_noprof+0x847/0xae0 [ 140.561108][ T6550] __page_pool_alloc_pages_slow+0x11f/0x690 [ 140.567068][ T6550] skb_pp_cow_data+0xcc8/0x1720 [ 140.571950][ T6550] do_xdp_generic+0x505/0xd30 [ 140.576625][ T6550] tun_get_user+0x2a4b/0x4860 [ 140.581349][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 140.586402][ T6550] vfs_write+0xacf/0xd10 [ 140.590739][ T6550] ksys_write+0x18f/0x2b0 [ 140.595102][ T6550] do_syscall_64+0xf3/0x230 [ 140.599706][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.605634][ T6550] page last free pid 53 tgid 53 stack trace: [ 140.611666][ T6550] __free_pages_ok+0xbbc/0xe40 [ 140.616454][ T6550] __folio_put+0x2b3/0x360 [ 140.620920][ T6550] free_large_kmalloc+0x13e/0x1e0 [ 140.625964][ T6550] kfree+0x212/0x430 [ 140.629916][ T6550] wg_destruct+0x254/0x2e0 [ 140.634360][ T6550] netdev_run_todo+0xd46/0xf30 [ 140.639182][ T6550] default_device_exit_batch+0x804/0x880 [ 140.644844][ T6550] cleanup_net+0x8ad/0xd60 [ 140.649313][ T6550] process_scheduled_works+0xabe/0x18e0 [ 140.654882][ T6550] worker_thread+0x870/0xd30 [ 140.659516][ T6550] kthread+0x7a9/0x920 [ 140.663618][ T6550] ret_from_fork+0x4b/0x80 [ 140.668089][ T6550] ret_from_fork_asm+0x1a/0x30 [ 140.672873][ T6550] Modules linked in: [ 140.676767][ T6550] CPU: 1 UID: 0 PID: 6550 Comm: syz.5.171 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 140.676800][ T6550] Tainted: [B]=BAD_PAGE [ 140.676807][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 140.676818][ T6550] Call Trace: [ 140.676825][ T6550] [ 140.676833][ T6550] dump_stack_lvl+0x241/0x360 [ 140.676868][ T6550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 140.676901][ T6550] ? __pfx_print_modules+0x10/0x10 [ 140.676925][ T6550] bad_page+0x176/0x1d0 [ 140.676947][ T6550] free_frozen_pages+0x1079/0x10e0 [ 140.676968][ T6550] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 140.676995][ T6550] bpf_xdp_adjust_tail+0x1c6/0x210 [ 140.677014][ T6550] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 140.677027][ T6550] bpf_prog_run_generic_xdp+0x12af/0x1510 [ 140.677061][ T6550] do_xdp_generic+0x757/0xd30 [ 140.677078][ T6550] ? __pfx_do_xdp_generic+0x10/0x10 [ 140.677095][ T6550] ? __local_bh_disable_ip+0x179/0x220 [ 140.677113][ T6550] ? __pfx_eth_type_trans+0x10/0x10 [ 140.677132][ T6550] ? tun_get_user+0x2914/0x4860 [ 140.677156][ T6550] tun_get_user+0x2a4b/0x4860 [ 140.677185][ T6550] ? __lock_acquire+0x1397/0x2100 [ 140.677209][ T6550] ? __pfx_tun_get_user+0x10/0x10 [ 140.677240][ T6550] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 140.677261][ T6550] ? tun_get+0x1e/0x2f0 [ 140.677302][ T6550] ? __pfx_lock_release+0x10/0x10 [ 140.677329][ T6550] ? tun_get+0x1e/0x2f0 [ 140.677351][ T6550] ? tun_get+0x27d/0x2f0 [ 140.677374][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 140.677399][ T6550] vfs_write+0xacf/0xd10 [ 140.677420][ T6550] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 140.677444][ T6550] ? __pfx_vfs_write+0x10/0x10 [ 140.677464][ T6550] ? __fget_files+0x2a/0x420 [ 140.677481][ T6550] ? __fget_files+0x2a/0x420 [ 140.677499][ T6550] ksys_write+0x18f/0x2b0 [ 140.677518][ T6550] ? __pfx_ksys_write+0x10/0x10 [ 140.677543][ T6550] ? exc_page_fault+0x590/0x8b0 [ 140.677563][ T6550] ? do_syscall_64+0xb6/0x230 [ 140.677584][ T6550] do_syscall_64+0xf3/0x230 [ 140.677604][ T6550] ? clear_bhb_loop+0x35/0x90 [ 140.677628][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.677650][ T6550] RIP: 0033:0x7fcffb98bc1f [ 140.677663][ T6550] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 140.677676][ T6550] RSP: 002b:00007fcffc80c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 140.677691][ T6550] RAX: ffffffffffffffda RBX: 00007fcffbba6080 RCX: 00007fcffb98bc1f [ 140.677702][ T6550] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 140.677712][ T6550] RBP: 00007fcffba0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 140.677722][ T6550] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 140.677731][ T6550] R13: 0000000000000001 R14: 00007fcffbba6080 R15: 00007ffe779aeeb8 [ 140.677747][ T6550] [ 140.957069][ T6550] BUG: Bad page state in process syz.5.171 pfn:5d783 [ 140.963851][ T6550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d783 [ 140.972654][ T6550] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 140.979835][ T6550] raw: 00fff00000000000 dead000000000040 ffff888022aab000 0000000000000000 [ 140.988472][ T6550] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 140.997119][ T6550] page dumped because: page_pool leak [ 141.002480][ T6550] page_owner tracks the page as allocated [ 141.008240][ T6550] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6550, tgid 6546 (syz.5.171), ts 136030546785, free_ts 122057432902 [ 141.025238][ T6550] post_alloc_hook+0x1f4/0x240 [ 141.030086][ T6550] get_page_from_freelist+0x3651/0x37a0 [ 141.035673][ T6550] __alloc_frozen_pages_noprof+0x292/0x710 [ 141.041546][ T6550] alloc_pages_bulk_noprof+0x847/0xae0 [ 141.047065][ T6550] __page_pool_alloc_pages_slow+0x11f/0x690 [ 141.052997][ T6550] skb_pp_cow_data+0xcc8/0x1720 [ 141.057924][ T6550] do_xdp_generic+0x505/0xd30 [ 141.062628][ T6550] tun_get_user+0x2a4b/0x4860 [ 141.067408][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 141.072477][ T6550] vfs_write+0xacf/0xd10 [ 141.076755][ T6550] ksys_write+0x18f/0x2b0 [ 141.081160][ T6550] do_syscall_64+0xf3/0x230 [ 141.085671][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.091632][ T6550] page last free pid 53 tgid 53 stack trace: [ 141.097675][ T6550] __free_pages_ok+0xbbc/0xe40 [ 141.102465][ T6550] __folio_put+0x2b3/0x360 [ 141.106950][ T6550] free_large_kmalloc+0x13e/0x1e0 [ 141.112014][ T6550] kfree+0x212/0x430 [ 141.115921][ T6550] wg_destruct+0x254/0x2e0 [ 141.120402][ T6550] netdev_run_todo+0xd46/0xf30 [ 141.125217][ T6550] default_device_exit_batch+0x804/0x880 [ 141.130908][ T6550] cleanup_net+0x8ad/0xd60 [ 141.135353][ T6550] process_scheduled_works+0xabe/0x18e0 [ 141.140990][ T6550] worker_thread+0x870/0xd30 [ 141.145613][ T6550] kthread+0x7a9/0x920 [ 141.149733][ T6550] ret_from_fork+0x4b/0x80 [ 141.154186][ T6550] ret_from_fork_asm+0x1a/0x30 [ 141.159038][ T6550] Modules linked in: [ 141.162993][ T6550] CPU: 1 UID: 0 PID: 6550 Comm: syz.5.171 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 141.163014][ T6550] Tainted: [B]=BAD_PAGE [ 141.163020][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 141.163029][ T6550] Call Trace: [ 141.163035][ T6550] [ 141.163041][ T6550] dump_stack_lvl+0x241/0x360 [ 141.163072][ T6550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.163097][ T6550] ? __pfx_print_modules+0x10/0x10 [ 141.163122][ T6550] bad_page+0x176/0x1d0 [ 141.163145][ T6550] free_frozen_pages+0x1079/0x10e0 [ 141.163166][ T6550] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 141.163196][ T6550] bpf_xdp_adjust_tail+0x1c6/0x210 [ 141.163215][ T6550] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 141.163228][ T6550] bpf_prog_run_generic_xdp+0x12af/0x1510 [ 141.163273][ T6550] do_xdp_generic+0x757/0xd30 [ 141.163291][ T6550] ? __pfx_do_xdp_generic+0x10/0x10 [ 141.163309][ T6550] ? __local_bh_disable_ip+0x179/0x220 [ 141.163327][ T6550] ? __pfx_eth_type_trans+0x10/0x10 [ 141.163347][ T6550] ? tun_get_user+0x2914/0x4860 [ 141.163372][ T6550] tun_get_user+0x2a4b/0x4860 [ 141.163402][ T6550] ? __lock_acquire+0x1397/0x2100 [ 141.163427][ T6550] ? __pfx_tun_get_user+0x10/0x10 [ 141.163457][ T6550] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 141.163479][ T6550] ? tun_get+0x1e/0x2f0 [ 141.163502][ T6550] ? __pfx_lock_release+0x10/0x10 [ 141.163528][ T6550] ? tun_get+0x1e/0x2f0 [ 141.163550][ T6550] ? tun_get+0x27d/0x2f0 [ 141.163574][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 141.163599][ T6550] vfs_write+0xacf/0xd10 [ 141.163620][ T6550] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 141.163644][ T6550] ? __pfx_vfs_write+0x10/0x10 [ 141.163664][ T6550] ? __fget_files+0x2a/0x420 [ 141.163681][ T6550] ? __fget_files+0x2a/0x420 [ 141.163699][ T6550] ksys_write+0x18f/0x2b0 [ 141.163719][ T6550] ? __pfx_ksys_write+0x10/0x10 [ 141.163739][ T6550] ? exc_page_fault+0x590/0x8b0 [ 141.163759][ T6550] ? do_syscall_64+0xb6/0x230 [ 141.163780][ T6550] do_syscall_64+0xf3/0x230 [ 141.163801][ T6550] ? clear_bhb_loop+0x35/0x90 [ 141.163824][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.163846][ T6550] RIP: 0033:0x7fcffb98bc1f [ 141.163860][ T6550] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 141.163873][ T6550] RSP: 002b:00007fcffc80c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 141.163889][ T6550] RAX: ffffffffffffffda RBX: 00007fcffbba6080 RCX: 00007fcffb98bc1f [ 141.163900][ T6550] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 141.163910][ T6550] RBP: 00007fcffba0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 141.163919][ T6550] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 141.163928][ T6550] R13: 0000000000000001 R14: 00007fcffbba6080 R15: 00007ffe779aeeb8 [ 141.163944][ T6550] [ 141.163954][ T6550] BUG: Bad page state in process syz.5.171 pfn:5d782 [ 141.449936][ T6550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d782 [ 141.458759][ T6550] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 141.465894][ T6550] raw: 00fff00000000000 dead000000000040 ffff888022aab000 0000000000000000 [ 141.474557][ T6550] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 141.483210][ T6550] page dumped because: page_pool leak [ 141.488631][ T6550] page_owner tracks the page as allocated [ 141.494361][ T6550] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6550, tgid 6546 (syz.5.171), ts 136030533986, free_ts 122057432902 [ 141.511361][ T6550] post_alloc_hook+0x1f4/0x240 [ 141.516154][ T6550] get_page_from_freelist+0x3651/0x37a0 [ 141.521770][ T6550] __alloc_frozen_pages_noprof+0x292/0x710 [ 141.527647][ T6550] alloc_pages_bulk_noprof+0x847/0xae0 [ 141.533112][ T6550] __page_pool_alloc_pages_slow+0x11f/0x690 [ 141.539071][ T6550] skb_pp_cow_data+0xcc8/0x1720 [ 141.543983][ T6550] do_xdp_generic+0x505/0xd30 [ 141.548715][ T6550] tun_get_user+0x2a4b/0x4860 [ 141.553425][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 141.558523][ T6550] vfs_write+0xacf/0xd10 [ 141.562799][ T6550] ksys_write+0x18f/0x2b0 [ 141.567181][ T6550] do_syscall_64+0xf3/0x230 [ 141.571698][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.577659][ T6550] page last free pid 53 tgid 53 stack trace: [ 141.583652][ T6550] __free_pages_ok+0xbbc/0xe40 [ 141.588466][ T6550] __folio_put+0x2b3/0x360 [ 141.592919][ T6550] free_large_kmalloc+0x13e/0x1e0 [ 141.597996][ T6550] kfree+0x212/0x430 [ 141.601925][ T6550] wg_destruct+0x254/0x2e0 [ 141.606360][ T6550] netdev_run_todo+0xd46/0xf30 [ 141.611221][ T6550] default_device_exit_batch+0x804/0x880 [ 141.616943][ T6550] cleanup_net+0x8ad/0xd60 [ 141.621389][ T6550] process_scheduled_works+0xabe/0x18e0 [ 141.627033][ T6550] worker_thread+0x870/0xd30 [ 141.631725][ T6550] kthread+0x7a9/0x920 [ 141.635816][ T6550] ret_from_fork+0x4b/0x80 [ 141.640324][ T6550] ret_from_fork_asm+0x1a/0x30 [ 141.645123][ T6550] Modules linked in: [ 141.649066][ T6550] CPU: 1 UID: 0 PID: 6550 Comm: syz.5.171 Tainted: G B 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 141.649095][ T6550] Tainted: [B]=BAD_PAGE [ 141.649102][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 141.649113][ T6550] Call Trace: [ 141.649119][ T6550] [ 141.649126][ T6550] dump_stack_lvl+0x241/0x360 [ 141.649161][ T6550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.649192][ T6550] ? __pfx_print_modules+0x10/0x10 [ 141.649250][ T6550] bad_page+0x176/0x1d0 [ 141.649279][ T6550] free_frozen_pages+0x1079/0x10e0 [ 141.649308][ T6550] bpf_xdp_frags_shrink_tail+0x3b3/0x780 [ 141.649345][ T6550] bpf_xdp_adjust_tail+0x1c6/0x210 [ 141.649371][ T6550] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 141.649389][ T6550] bpf_prog_run_generic_xdp+0x12af/0x1510 [ 141.649437][ T6550] do_xdp_generic+0x757/0xd30 [ 141.649462][ T6550] ? __pfx_do_xdp_generic+0x10/0x10 [ 141.649488][ T6550] ? __local_bh_disable_ip+0x179/0x220 [ 141.649512][ T6550] ? __pfx_eth_type_trans+0x10/0x10 [ 141.649540][ T6550] ? tun_get_user+0x2914/0x4860 [ 141.649574][ T6550] tun_get_user+0x2a4b/0x4860 [ 141.649616][ T6550] ? __lock_acquire+0x1397/0x2100 [ 141.649651][ T6550] ? __pfx_tun_get_user+0x10/0x10 [ 141.649695][ T6550] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 141.649725][ T6550] ? tun_get+0x1e/0x2f0 [ 141.649756][ T6550] ? __pfx_lock_release+0x10/0x10 [ 141.649794][ T6550] ? tun_get+0x1e/0x2f0 [ 141.649825][ T6550] ? tun_get+0x27d/0x2f0 [ 141.649859][ T6550] tun_chr_write_iter+0x10d/0x1f0 [ 141.649895][ T6550] vfs_write+0xacf/0xd10 [ 141.649924][ T6550] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 141.649957][ T6550] ? __pfx_vfs_write+0x10/0x10 [ 141.649986][ T6550] ? __fget_files+0x2a/0x420 [ 141.650009][ T6550] ? __fget_files+0x2a/0x420 [ 141.650033][ T6550] ksys_write+0x18f/0x2b0 [ 141.650061][ T6550] ? __pfx_ksys_write+0x10/0x10 [ 141.650089][ T6550] ? exc_page_fault+0x590/0x8b0 [ 141.650118][ T6550] ? do_syscall_64+0xb6/0x230 [ 141.650148][ T6550] do_syscall_64+0xf3/0x230 [ 141.650177][ T6550] ? clear_bhb_loop+0x35/0x90 [ 141.650221][ T6550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.650252][ T6550] RIP: 0033:0x7fcffb98bc1f [ 141.650271][ T6550] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 141.650287][ T6550] RSP: 002b:00007fcffc80c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 141.650309][ T6550] RAX: ffffffffffffffda RBX: 00007fcffbba6080 RCX: 00007fcffb98bc1f [ 141.650326][ T6550] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8 [ 141.650340][ T6550] RBP: 00007fcffba0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 141.650354][ T6550] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 141.650367][ T6550] R13: 0000000000000001 R14: 00007fcffbba6080 R15: 00007ffe779aeeb8 [ 141.650390][ T6550] [ 142.077711][ T5834] Bluetooth: hci5: command tx timeout SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 142.306721][ T6323] Set syz1 is full, maxelem 65536 reached [ 143.067967][ T83] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.210835][ T83] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.318103][ T83] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.422072][ T83] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.561685][ T83] bridge_slave_1: left allmulticast mode [ 143.569454][ T83] bridge_slave_1: left promiscuous mode [ 143.575189][ T83] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.583948][ T83] bridge_slave_0: left allmulticast mode [ 143.597146][ T83] bridge_slave_0: left promiscuous mode [ 143.602902][ T83] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.764355][ T83] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 143.775976][ T83] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 143.785605][ T83] bond0 (unregistering): Released all slaves [ 143.975338][ T83] hsr_slave_0: left promiscuous mode [ 143.981207][ T83] hsr_slave_1: left promiscuous mode [ 143.988031][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 143.995470][ T83] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 144.003242][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 144.010737][ T83] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 144.023229][ T83] veth1_macvtap: left promiscuous mode [ 144.029012][ T83] veth0_macvtap: left promiscuous mode [ 144.034607][ T83] veth1_vlan: left promiscuous mode [ 144.041599][ T83] veth0_vlan: left promiscuous mode [ 144.183084][ T83] team0 (unregistering): Port device team_slave_1 removed [ 144.204183][ T83] team0 (unregistering): Port device team_slave_0 removed [ 144.545239][ T83] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.612099][ T83] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.673025][ T83] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.705287][ T83] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.835857][ T83] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.901338][ T83] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.952451][ T83] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.004457][ T83] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.110369][ T83] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.179725][ T83] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.214049][ T83] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.263699][ T83] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.370162][ T83] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.414261][ T83] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.462843][ T83] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.513820][ T83] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.612355][ T83] bridge_slave_1: left allmulticast mode [ 145.618209][ T83] bridge_slave_1: left promiscuous mode [ 145.623951][ T83] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.633919][ T83] bridge_slave_0: left allmulticast mode [ 145.641604][ T83] bridge_slave_0: left promiscuous mode [ 145.648023][ T83] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.658066][ T83] bridge_slave_1: left allmulticast mode [ 145.664027][ T83] bridge_slave_1: left promiscuous mode [ 145.670223][ T83] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.679085][ T83] bridge_slave_0: left allmulticast mode [ 145.684781][ T83] bridge_slave_0: left promiscuous mode [ 145.691570][ T83] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.701100][ T83] bridge_slave_1: left allmulticast mode [ 145.707380][ T83] bridge_slave_1: left promiscuous mode [ 145.713110][ T83] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.726124][ T83] bridge_slave_0: left allmulticast mode [ 145.732149][ T83] bridge_slave_0: left promiscuous mode [ 145.738303][ T83] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.748184][ T83] bridge_slave_1: left allmulticast mode [ 145.753874][ T83] bridge_slave_1: left promiscuous mode [ 145.762593][ T83] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.771259][ T83] bridge_slave_0: left allmulticast mode [ 145.777776][ T83] bridge_slave_0: left promiscuous mode [ 145.783447][ T83] bridge0: port 1(bridge_slave_0) entered disabled state