last executing test programs: 4m0.46747385s ago: executing program 4 (id=302): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setitimer(0x2, &(0x7f00000001c0)={{0x0, 0xea60}, {0x0, 0x2710}}, 0x0) 3m57.720631129s ago: executing program 4 (id=307): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac"], 0xfdef) sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="01002cbd7000fddbdf252100000009"], 0x28}, 0x1, 0x0, 0x0, 0x4000840}, 0x40) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd63"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 3m54.23217486s ago: executing program 4 (id=311): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'macsec0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000080)="a99c383d33c9c607", 0x8, 0x0, &(0x7f0000000000)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x9, 0x3, 0x2b0, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x1e0, 0xffffffff, 0xffffffff, 0x1e0, 0xffffffff, 0x3, &(0x7f0000000140), {[{{@ipv6={@mcast1, @local, [0xffffffff, 0xffffff00], [0xff, 0xff000000, 0xff, 0xffffff00], 'rose0\x00', 'veth0_to_bridge\x00', {}, {}, 0x0, 0x49, 0x1, 0x44}, 0x0, 0xa8, 0xd0}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x12, 0x5}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x1f}, @private1={0xfc, 0x1, '\x00', 0x1}, [0xffffffff, 0xff000000, 0xff000000, 0xffffff], [0x0, 0xffffff00, 0x0, 0xffffffff], 'virt_wifi0\x00', '\x00', {0xff}, {}, 0x3a, 0x7f, 0x4, 0x53}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x11, 0x9, 0x3, 0x6, 'snmp\x00', 'syz0\x00', {0xfffffffffffffffa}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310) recvmmsg(r0, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x10022, 0x0) 3m52.671762029s ago: executing program 4 (id=313): mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1000, 0x103) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x80800, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x5]}, 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={0x0, 0x0, 0x42}, 0x28) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000580)=ANY=[], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1}, 0x0, &(0x7f0000000700)}, 0x20) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000001, 0x15052, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) gettimeofday(&(0x7f0000000000), 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x5) mount$9p_fd(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000240), 0x10, &(0x7f00000004c0)=ANY=[]) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x836d9fb164f927b3) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000140)=0x1) socket$netlink(0x10, 0x3, 0x0) 3m52.661098135s ago: executing program 2 (id=316): r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_QUERY(r0, 0xc01864cb, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x101343) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom0\x00', 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x5, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff0001, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0xae}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x43b800d88a0ac5b1, 0x40, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000003c0)=@nat={'nat\x00', 0x1b, 0x5, 0x6a8, 0x1a4, 0x2d0, 0xffffffff, 0x1a4, 0x1a4, 0x604, 0x604, 0xffffffff, 0x604, 0x604, 0x5, &(0x7f0000000300), {[{{@ipv6={@rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @local}, [0x0, 0xff000000, 0xffffff00, 0xff], [0x0, 0x0, 0x0, 0xffffffff], 'sit0\x00', 'nicvf0\x00', {}, {}, 0x87, 0x1, 0x1, 0x11}, 0x0, 0x15c, 0x1a4, 0x0, {}, [@common=@unspec=@conntrack1={{0xb8}, {{@ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xff000000, 0x0, 0xff000000], @ipv6=@empty, [0xffffff00, 0x0, 0x0, 0xffffff00], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, [0xff, 0xffffff00, 0xff000000, 0xffffff00], @ipv4=@local, [0xffffffff, 0xff000000, 0xff, 0xff000000], 0x80000001, 0xe50, 0x87, 0x4e23, 0x4e24, 0x4e21, 0x4e23, 0x214, 0x400}, 0x81, 0x50}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x4, @ipv6=@local, @ipv6=@loopback, @gre_key=0x96, @gre_key=0x5}}}, {{@ipv6={@mcast1, @private1, [0x0, 0xffffffff, 0xff, 0xff], [0x0, 0xffffff00, 0x0, 0xffffff00], 'ipvlan1\x00', 'veth1_virt_wifi\x00', {0xff}, {}, 0x2f, 0x20, 0x7, 0x30}, 0x0, 0xec, 0x12c, 0x0, {}, [@common=@icmp6={{0x24}, {0x8, "a793", 0x1}}, @common=@mh={{0x24}, {"54ab", 0x1}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x7, 0xc, "f977ebf78c2003e16785b5c883d75b3ffd498fa54133d774d6809d7d62cd"}}}, {{@uncond, 0x0, 0xa4, 0xec}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x1, @ipv6=@private1, @ipv6=@remote, @gre_key=0x4, @gre_key=0x3}}}, {{@ipv6={@private2={0xfc, 0x2, '\x00', 0x1}, @private1, [0xffffffff, 0xffffff00, 0x0, 0xff000000], [0x0, 0xffffff00, 0xffffffff, 0xff000000], 'vlan1\x00', 'ip6gretap0\x00', {0xff}, {}, 0x2e, 0xc0, 0x2, 0x60}, 0x0, 0x1dc, 0x224, 0x0, {}, [@common=@rt={{0x138}, {0x4, [0x2c726d58, 0x6], 0x6d46c40c, 0x8, 0x1, [@empty, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x26}}, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x44}}, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3e}}, @empty, @dev={0xfe, 0x80, '\x00', 0x2b}, @dev={0xfe, 0x80, '\x00', 0x19}, @private2={0xfc, 0x2, '\x00', 0x1}, @loopback, @private1, @empty, @private1={0xfc, 0x1, '\x00', 0x1}, @empty, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x23}}, @private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}], 0x6}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private2, 'veth1_macvtap\x00', {0x3}}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x704) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x80, 0x5, 0x7fff0003}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000100)) r5 = semget(0x2, 0x4, 0x140) semctl$IPC_INFO(r5, 0x3, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000000)={0x28, 0x0, 0x2711, @local}, 0x10) setsockopt$sock_int(r6, 0x1, 0x12, &(0x7f0000000040), 0x4) r7 = socket(0x10, 0x3, 0x0) fsetxattr$security_evm(0xffffffffffffffff, &(0x7f0000000180), &(0x7f0000000d40)=@ng={0x4, 0x11, "1689e5948eeefd70"}, 0xa, 0x2) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00', @ANYRESDEC], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0) recvmmsg$unix(r7, &(0x7f0000001800)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000004740)=""/199, 0xc7}, {&(0x7f0000000300)=""/262, 0x106}, {&(0x7f0000004b00)=""/191, 0xbf}, {&(0x7f0000001840)=""/4072, 0xfe8}, {0x0}, {&(0x7f0000005d00)=""/215, 0xd7}], 0x6}}], 0x1, 0x0, 0x0) 3m46.595572581s ago: executing program 2 (id=322): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003200)=ANY=[], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 3m46.551638808s ago: executing program 4 (id=323): openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(r0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000140)={0xa, 0x4e24, 0x3, @remote, 0x3}, 0x1c) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e1c, 0x4, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3e}}, 0x3fff8000}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000001980)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x64}, 0x10}, 0x1c, 0x0}}], 0x40000000000024e, 0x20002040) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@loopback, @in6=@mcast2}}, {{@in=@local}, 0x0, @in=@remote}}, &(0x7f0000000080)=0xe8) rename(&(0x7f0000000b40)='./file3\x00', 0x0) 3m46.349126518s ago: executing program 2 (id=324): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setitimer(0x2, &(0x7f00000001c0)={{0x0, 0xea60}, {0x0, 0x2710}}, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000000)={0x0, 0xffffffffffffffff}, 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) fcntl$setpipe(r3, 0x407, 0x0) write$FUSE_INIT(r3, &(0x7f0000000340)={0x50, 0xa523074a1b9ae8b9, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8}}, 0x50) vmsplice(r3, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0) fanotify_init(0x0, 0x0) pselect6(0x2000, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x300}, 0x0, &(0x7f0000000100)={0x8}, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x2000000) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, 0x0) socket$inet(0x2, 0x3, 0x2f) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 3m44.570316465s ago: executing program 4 (id=325): writev(0xffffffffffffffff, 0x0, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r0, &(0x7f0000000c80)={&(0x7f0000000b40)={0x2, 0xfffc, @loopback}, 0x10, &(0x7f0000001140)=[{&(0x7f0000000100)='_', 0x1}], 0x1}, 0x20040010) setsockopt$sock_attach_bpf(r0, 0x84, 0x1e, &(0x7f0000000240), 0x4) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000006c0)=[{}], 0x1}, 0x20000004) 3m43.240297229s ago: executing program 2 (id=326): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), r0) sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="010328bd700006dcdf2500000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x40000) 3m41.424284006s ago: executing program 2 (id=328): syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040f04"], 0x7) io_setup(0x7, &(0x7f0000000280)) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x1b7b, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) recvmsg(r4, &(0x7f0000001a40)={0x0, 0x0, 0x0}, 0x2) 3m38.070945917s ago: executing program 2 (id=330): syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040f04"], 0x7) io_setup(0x7, &(0x7f0000000280)=0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x1b7b, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) recvmsg(r5, &(0x7f0000001a40)={0x0, 0x0, 0x0}, 0x2) connect$packet(r5, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x82, 0x6, @random="a55378321800"}, 0x14) shutdown(r5, 0x1) r6 = openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/power/wakeup_count', 0x42, 0x80) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x2, 0x4, 0x4, 0x9, 0x100}, 0x50) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x9, 0x4, 0x1, 0x0, r7}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r8}, 0x0, &(0x7f0000000880)=r7, 0x1000000}, 0x20) io_submit(r0, 0x1, &(0x7f0000000500)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, r6, &(0x7f0000000000), 0xfffffc98}]) 3m28.597279196s ago: executing program 32 (id=325): writev(0xffffffffffffffff, 0x0, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r0, &(0x7f0000000c80)={&(0x7f0000000b40)={0x2, 0xfffc, @loopback}, 0x10, &(0x7f0000001140)=[{&(0x7f0000000100)='_', 0x1}], 0x1}, 0x20040010) setsockopt$sock_attach_bpf(r0, 0x84, 0x1e, &(0x7f0000000240), 0x4) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000006c0)=[{}], 0x1}, 0x20000004) 3m22.040980767s ago: executing program 33 (id=330): syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040f04"], 0x7) io_setup(0x7, &(0x7f0000000280)=0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x1b7b, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) recvmsg(r5, &(0x7f0000001a40)={0x0, 0x0, 0x0}, 0x2) connect$packet(r5, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x82, 0x6, @random="a55378321800"}, 0x14) shutdown(r5, 0x1) r6 = openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/power/wakeup_count', 0x42, 0x80) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x2, 0x4, 0x4, 0x9, 0x100}, 0x50) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x9, 0x4, 0x1, 0x0, r7}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r8}, 0x0, &(0x7f0000000880)=r7, 0x1000000}, 0x20) io_submit(r0, 0x1, &(0x7f0000000500)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, r6, &(0x7f0000000000), 0xfffffc98}]) 13.477384381s ago: executing program 0 (id=664): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x46d, 0xc713, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x90, 0x64, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0xfffe, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000c00)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00\"\f'], 0x0}, 0x0) 11.705812575s ago: executing program 0 (id=670): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0) inotify_init() ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0xc00, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r2, 0x4004743a, &(0x7f0000000080)=0x200020) 4.634706307s ago: executing program 3 (id=686): r0 = memfd_create(&(0x7f0000000080)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb90a\xa9\xb2\x04\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) dup(r0) fanotify_init(0x52, 0x101001) r1 = memfd_create(&(0x7f0000000080)='-B\xd5\x9appp\xf0\x00\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}\x00\x10\x00\x00\x00\x00\x00\x00\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb90a\xa9\xb2\x04\x1d\xa1\xce\x8b\x11\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00', 0x1) r2 = dup(r1) ftruncate(r2, 0xffff) 4.576591218s ago: executing program 3 (id=687): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"}) r1 = syz_open_pts(r0, 0x80) r2 = dup3(r1, r0, 0x80000) read(r2, &(0x7f00000000c0)=""/226, 0xe2) read$watch_queue(r2, &(0x7f0000001d40)=""/4095, 0xfff) 3.457953532s ago: executing program 0 (id=689): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000340)={0x7ff, 0x7, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, 0x0) mmap(&(0x7f0000fec000/0x3000)=nil, 0x3000, 0x8, 0x11, r0, 0x1000f0000) 3.397312429s ago: executing program 1 (id=690): socket$inet6(0xa, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$panthor(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x42800) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 3.326467074s ago: executing program 3 (id=691): syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), 0xffffffffffffffff) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x11c0, 0x0) execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket(0x11, 0x4, 0x4) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000000)="82", 0x1, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) socket$kcm(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'team_slave_0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="011600000000000000000100000008000100", @ANYRES32, @ANYBLOB="400002803c00010024000100656e61626c65640000000000000000000000000000000000000000000000000009000300060000000400040008000600", @ANYRES32=r2], 0x5c}, 0x1, 0xf000}, 0x0) 3.300148692s ago: executing program 0 (id=692): r0 = io_uring_setup(0x46ea, &(0x7f00000000c0)={0x0, 0xc0a6, 0x80, 0x800, 0x303}) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x208, 0x1ffe0000000}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00') getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='security.selinux\x00', 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.274086724s ago: executing program 1 (id=693): openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x401, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ptrace$ARCH_SHSTK_UNLOCK(0x1e, r0, 0x1, 0x5004) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(0xffffffffffffffff, 0xc0245720, 0x0) socket$netlink(0x10, 0x3, 0x14) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000180)=0x1, 0x4) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81900) r3 = landlock_create_ruleset(0x0, 0x0, 0x0) landlock_restrict_self(r3, 0x0) landlock_restrict_self(r3, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x1100) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001c000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000500000000002604fdffff02000015010000033800001d13fcff000000007a0af0ff0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48) 2.974689403s ago: executing program 3 (id=694): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) 1.994300021s ago: executing program 0 (id=695): r0 = memfd_create(&(0x7f0000000080)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb90a\xa9\xb2\x04\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r1 = dup(r0) fanotify_mark(0xffffffffffffffff, 0x1, 0x800001b, r1, 0x0) r2 = memfd_create(&(0x7f0000000080)='-B\xd5\x9appp\xf0\x00\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}\x00\x10\x00\x00\x00\x00\x00\x00\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb90a\xa9\xb2\x04\x1d\xa1\xce\x8b\x11\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00', 0x1) r3 = dup(r2) ftruncate(r3, 0xffff) 1.987561357s ago: executing program 1 (id=696): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)={0x1}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3}, {}, {0xeda7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x20000000, 0x3, 0xfffffffffffffffc, 0x0, 0x0, 0x2004cb, 0x3, 0x0, 0xfffffffffffffff8, 0x9, 0xfffffffffffff2a7, 0x2000000000003ff, 0x2], 0x0, 0x200306}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.867322464s ago: executing program 0 (id=697): getrandom(&(0x7f0000000580)=""/265, 0xffffff3f, 0x3) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) syz_clone(0x640c7400, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) 1.828671241s ago: executing program 3 (id=698): r0 = io_uring_setup(0x46ea, &(0x7f00000000c0)={0x0, 0xc0a6, 0x80, 0x800, 0x303}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x40106e80, 0xfffffffffffffffe) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x208, 0x1ffe0000000}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) openat$misdntimer(0xffffffffffffff9c, 0x0, 0x200, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6) syz_init_net_socket$rose(0xb, 0x5, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 669.235864ms ago: executing program 3 (id=699): bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="001404"], 0x48}, 0x1, 0x0, 0x0, 0x80500f1}, 0x40000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000019c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x408c5}, 0x40084) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"}) r1 = syz_open_pts(r0, 0x80) r2 = dup3(r1, r0, 0x80000) read$watch_queue(r2, &(0x7f0000001d40)=""/4095, 0xfff) 425.727138ms ago: executing program 1 (id=700): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000340)={0x7ff, 0x7, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, 0x0) mmap(&(0x7f0000fec000/0x3000)=nil, 0x3000, 0x8, 0x11, r0, 0x1000f0000) 261.594423ms ago: executing program 1 (id=701): socket$inet6(0xa, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$panthor(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x42800) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @private=0xa010100}, {0x2, 0x0, @local}, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x8}) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 0s ago: executing program 1 (id=702): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2, 0x25, 0x4, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000400)=ANY=[], 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.54' (ED25519) to the list of known hosts. [ 73.089458][ T5779] cgroup: Unknown subsys name 'net' [ 73.329320][ T5779] cgroup: Unknown subsys name 'cpuset' [ 73.385217][ T5779] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.078176][ T5779] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 77.249882][ T5806] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.253107][ T5806] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.265373][ T5806] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.268245][ T5806] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 77.270037][ T5806] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.270526][ T5806] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 77.271105][ T5806] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.276067][ T5806] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 77.297920][ T5810] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.301261][ T5810] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.301839][ T5810] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.304050][ T5810] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.305511][ T5810] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.306781][ T5810] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.307151][ T5810] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.313360][ T5810] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.315195][ T5811] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.315498][ T5810] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 77.317195][ T5811] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.317483][ T5810] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.318426][ T5810] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.318717][ T5811] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.324932][ T5810] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.355440][ T5807] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.359572][ T5110] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.141410][ T5797] chnl_net:caif_netlink_parms(): no params data found [ 78.188252][ T5793] chnl_net:caif_netlink_parms(): no params data found [ 78.193586][ T5795] chnl_net:caif_netlink_parms(): no params data found [ 78.285183][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 78.373186][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 78.518813][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.519571][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.519882][ T5797] bridge_slave_0: entered allmulticast mode [ 78.521370][ T5797] bridge_slave_0: entered promiscuous mode [ 78.578134][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.578259][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.578411][ T5797] bridge_slave_1: entered allmulticast mode [ 78.580179][ T5797] bridge_slave_1: entered promiscuous mode [ 78.582617][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.582700][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.582977][ T5793] bridge_slave_0: entered allmulticast mode [ 78.584323][ T5793] bridge_slave_0: entered promiscuous mode [ 78.656475][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.656562][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.656666][ T5795] bridge_slave_0: entered allmulticast mode [ 78.658042][ T5795] bridge_slave_0: entered promiscuous mode [ 78.674450][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.674575][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.675138][ T5793] bridge_slave_1: entered allmulticast mode [ 78.677784][ T5793] bridge_slave_1: entered promiscuous mode [ 78.737334][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.737443][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.737559][ T5795] bridge_slave_1: entered allmulticast mode [ 78.738954][ T5795] bridge_slave_1: entered promiscuous mode [ 78.774195][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.774307][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.774453][ T5794] bridge_slave_0: entered allmulticast mode [ 78.777954][ T5794] bridge_slave_0: entered promiscuous mode [ 78.813037][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.829077][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.829195][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.829344][ T5794] bridge_slave_1: entered allmulticast mode [ 78.831144][ T5794] bridge_slave_1: entered promiscuous mode [ 78.868400][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.870818][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.889510][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.889624][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.889764][ T5796] bridge_slave_0: entered allmulticast mode [ 78.892121][ T5796] bridge_slave_0: entered promiscuous mode [ 78.899113][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.922741][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.940951][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.941128][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.941290][ T5796] bridge_slave_1: entered allmulticast mode [ 78.942872][ T5796] bridge_slave_1: entered promiscuous mode [ 78.947063][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.987205][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.018708][ T5797] team0: Port device team_slave_0 added [ 79.034488][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.330492][ T5797] team0: Port device team_slave_1 added [ 79.332718][ T5793] team0: Port device team_slave_0 added [ 79.361185][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.382626][ T5795] team0: Port device team_slave_0 added [ 79.384454][ T5793] team0: Port device team_slave_1 added [ 79.402582][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.406292][ T5814] Bluetooth: hci4: command tx timeout [ 79.406299][ T5806] Bluetooth: hci2: command tx timeout [ 79.414859][ T5806] Bluetooth: hci3: command tx timeout [ 79.422754][ T5795] team0: Port device team_slave_1 added [ 79.442822][ T5794] team0: Port device team_slave_0 added [ 79.458845][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.458856][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.458869][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.484810][ T5806] Bluetooth: hci0: command tx timeout [ 79.485010][ T5806] Bluetooth: hci1: command tx timeout [ 79.499221][ T5794] team0: Port device team_slave_1 added [ 79.519493][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.519508][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.519531][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.541338][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.541354][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.541377][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.564980][ T5796] team0: Port device team_slave_0 added [ 79.580368][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.580383][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.580414][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.581572][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.581583][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.581605][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.607006][ T5796] team0: Port device team_slave_1 added [ 79.622573][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.622589][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.622612][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.623958][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.623970][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.623992][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.660799][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.660814][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.660837][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.755340][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.755357][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.755380][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.770845][ T5797] hsr_slave_0: entered promiscuous mode [ 79.772406][ T5797] hsr_slave_1: entered promiscuous mode [ 79.813657][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.813674][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.813696][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.826708][ T5793] hsr_slave_0: entered promiscuous mode [ 79.827884][ T5793] hsr_slave_1: entered promiscuous mode [ 79.828836][ T5793] debugfs: 'hsr0' already exists in 'hsr' [ 79.828941][ T5793] Cannot create hsr debugfs directory [ 79.915166][ T5795] hsr_slave_0: entered promiscuous mode [ 79.916338][ T5795] hsr_slave_1: entered promiscuous mode [ 79.917197][ T5795] debugfs: 'hsr0' already exists in 'hsr' [ 79.917219][ T5795] Cannot create hsr debugfs directory [ 79.947892][ T5794] hsr_slave_0: entered promiscuous mode [ 79.949066][ T5794] hsr_slave_1: entered promiscuous mode [ 79.949913][ T5794] debugfs: 'hsr0' already exists in 'hsr' [ 79.949935][ T5794] Cannot create hsr debugfs directory [ 80.076616][ T5796] hsr_slave_0: entered promiscuous mode [ 80.077398][ T5796] hsr_slave_1: entered promiscuous mode [ 80.077888][ T5796] debugfs: 'hsr0' already exists in 'hsr' [ 80.077905][ T5796] Cannot create hsr debugfs directory [ 81.051848][ T5797] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 81.082749][ T5797] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 81.119723][ T5797] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 81.169721][ T5797] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 81.272952][ T5793] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 81.303053][ T5793] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 81.340952][ T5793] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 81.391127][ T5793] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 81.487905][ T5814] Bluetooth: hci3: command tx timeout [ 81.487938][ T5814] Bluetooth: hci2: command tx timeout [ 81.487954][ T5814] Bluetooth: hci4: command tx timeout [ 81.521278][ T5795] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 81.562742][ T5795] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 81.565195][ T5806] Bluetooth: hci1: command tx timeout [ 81.565220][ T5814] Bluetooth: hci0: command tx timeout [ 81.601034][ T5795] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 81.660517][ T9] cfg80211: failed to load regulatory.db [ 81.677242][ T5795] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.867314][ T5794] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 81.906152][ T5794] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 81.956957][ T5794] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 82.003478][ T5794] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 82.085577][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.124111][ T5796] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 82.170104][ T5796] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 82.212057][ T5796] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 82.254255][ T5796] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 82.302204][ T5797] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.341361][ T1170] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.342064][ T1170] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.373132][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.401001][ T1127] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.401092][ T1127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.469394][ T5793] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.502771][ T1127] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.502892][ T1127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.532046][ T1127] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.532214][ T1127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.534560][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.615737][ T5795] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.637838][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.669307][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.669511][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.709642][ T1127] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.709730][ T1127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.779900][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.800474][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.822230][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.822431][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.886538][ T1127] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.886670][ T1127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.952848][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.000403][ T1127] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.001134][ T1127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.049446][ T1170] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.049585][ T1170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.127183][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.421635][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.477088][ T5797] veth0_vlan: entered promiscuous mode [ 83.528077][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.558213][ T5797] veth1_vlan: entered promiscuous mode [ 83.564964][ T5814] Bluetooth: hci4: command tx timeout [ 83.564990][ T5814] Bluetooth: hci2: command tx timeout [ 83.565005][ T5814] Bluetooth: hci3: command tx timeout [ 83.646169][ T5814] Bluetooth: hci1: command tx timeout [ 83.646252][ T5806] Bluetooth: hci0: command tx timeout [ 83.688850][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.696583][ T5793] veth0_vlan: entered promiscuous mode [ 83.730836][ T5797] veth0_macvtap: entered promiscuous mode [ 83.760765][ T5793] veth1_vlan: entered promiscuous mode [ 83.763679][ T5797] veth1_macvtap: entered promiscuous mode [ 83.798550][ T5795] veth0_vlan: entered promiscuous mode [ 83.837030][ T5795] veth1_vlan: entered promiscuous mode [ 83.851687][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.873279][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.891349][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.943318][ T1127] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.949691][ T5794] veth0_vlan: entered promiscuous mode [ 83.960652][ T1127] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.971461][ T1127] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.973559][ T5793] veth0_macvtap: entered promiscuous mode [ 83.981616][ T1127] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.995716][ T5793] veth1_macvtap: entered promiscuous mode [ 83.999228][ T5794] veth1_vlan: entered promiscuous mode [ 84.131720][ T5795] veth0_macvtap: entered promiscuous mode [ 84.200051][ T5795] veth1_macvtap: entered promiscuous mode [ 84.229261][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.287401][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.320292][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.320317][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.348343][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.348424][ T65] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.351521][ T5794] veth0_macvtap: entered promiscuous mode [ 84.380657][ T65] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.388551][ T65] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.411561][ T65] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.413606][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.414070][ T5794] veth1_macvtap: entered promiscuous mode [ 84.477137][ T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.477151][ T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.480507][ T1127] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.484002][ T1127] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.520971][ T1127] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.572732][ T1127] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.699248][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.728921][ T5796] veth0_vlan: entered promiscuous mode [ 84.787129][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.974178][ T5796] veth1_vlan: entered promiscuous mode [ 84.981502][ T65] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.994134][ T1019] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.994152][ T1019] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.018527][ T65] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.042013][ T65] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.091832][ T65] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.714806][ T5806] Bluetooth: hci3: command tx timeout [ 85.714844][ T5806] Bluetooth: hci2: command tx timeout [ 85.714866][ T5806] Bluetooth: hci4: command tx timeout [ 85.751141][ T5806] Bluetooth: hci0: command tx timeout [ 85.751173][ T5806] Bluetooth: hci1: command tx timeout [ 85.894169][ T761] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.894183][ T761] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.059850][ T5923] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 86.117770][ T761] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.117783][ T761] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.219378][ T5796] veth0_macvtap: entered promiscuous mode [ 86.232110][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.232122][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.328723][ T5796] veth1_macvtap: entered promiscuous mode [ 86.460301][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.460321][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.485721][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.537580][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.631862][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.644036][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.644110][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.644123][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.677339][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.679347][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.987469][ T5930] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 89.434667][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 89.734747][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 89.739339][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 89.756038][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 89.761009][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 89.764684][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 89.774674][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 89.777397][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 89.804675][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 89.814682][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 93.324822][ T5948] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.324838][ T5948] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.512376][ T1127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.512396][ T1127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.803877][ T5969] hub 8-0:1.0: USB hub found [ 93.818284][ T5969] hub 8-0:1.0: 1 port detected [ 94.816651][ T5976] syz.3.20 uses obsolete (PF_INET,SOCK_PACKET) [ 94.844043][ T5976] netlink: 16 bytes leftover after parsing attributes in process `syz.3.20'. [ 94.844067][ T5976] netlink: 4 bytes leftover after parsing attributes in process `syz.3.20'. [ 94.868084][ T5976] Zero length message leads to an empty skb [ 96.764182][ T5993] 9p: Bad value for 'rfdno' [ 105.541413][ T6037] 9p: Could not find request transport: fd00000000000000000006 [ 110.186653][ T6066] netlink: 'syz.4.40': attribute type 36 has an invalid length. [ 110.193340][ T6066] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 110.193354][ T6066] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 111.765070][ T6026] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 112.267630][ T6026] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 112.267662][ T6026] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.267682][ T6026] usb 1-1: Product: syz [ 112.267696][ T6026] usb 1-1: Manufacturer: syz [ 112.267709][ T6026] usb 1-1: SerialNumber: syz [ 114.050978][ T6026] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 114.051058][ T6026] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 114.052080][ T6026] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE [ 114.052141][ T6026] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 114.053367][ T6026] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 114.170895][ T6026] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -32 [ 114.239285][ T6087] netlink: 6 bytes leftover after parsing attributes in process `syz.4.52'. [ 114.241176][ T6087] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 114.599279][ T6095] netlink: 'syz.2.44': attribute type 36 has an invalid length. [ 114.748050][ T6095] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 114.748097][ T6095] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 115.635228][ T807] usb 1-1: USB disconnect, device number 2 [ 117.931175][ C1] llc_process_tmr_ev: timer called on closed connection [ 118.649309][ T6118] netlink: 'syz.0.56': attribute type 36 has an invalid length. [ 118.757644][ T6118] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 118.757673][ T6118] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 122.400326][ T6143] capability: warning: `syz.2.63' uses 32-bit capabilities (legacy support in use) [ 124.398819][ T5889] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 127.238783][ T5889] usb 4-1: device descriptor read/all, error -71 [ 127.829730][ T6164] netlink: 64 bytes leftover after parsing attributes in process `syz.0.69'. [ 132.187231][ T6200] netlink: 64 bytes leftover after parsing attributes in process `syz.1.79'. [ 132.887199][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.887290][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 140.940925][ T6257] netlink: 64 bytes leftover after parsing attributes in process `syz.0.93'. [ 142.881190][ T6277] netlink: 6 bytes leftover after parsing attributes in process `syz.2.101'. [ 142.910633][ T6277] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 145.035737][ T6297] netlink: 64 bytes leftover after parsing attributes in process `syz.0.106'. [ 145.894726][ T5781] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 146.044816][ T5781] usb 2-1: Using ep0 maxpacket: 16 [ 146.047074][ T5781] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.047119][ T5781] usb 2-1: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice= 0.00 [ 146.047142][ T5781] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.313848][ T5781] usb 2-1: config 0 descriptor?? [ 147.325559][ T5814] Bluetooth: hci4: connection err: -111 [ 148.537279][ T5781] usbhid 2-1:0.0: can't add hid device: -71 [ 148.537355][ T5781] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 148.590032][ T5781] usb 2-1: USB disconnect, device number 2 [ 150.302496][ T6347] netlink: 6 bytes leftover after parsing attributes in process `syz.0.122'. [ 150.346560][ T6347] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 151.304787][ T36] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 151.775267][ T36] usb 5-1: Using ep0 maxpacket: 16 [ 151.906120][ T36] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.906329][ T36] usb 5-1: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice= 0.00 [ 151.906375][ T36] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.235470][ T36] usb 5-1: config 0 descriptor?? [ 153.475537][ T5814] Bluetooth: hci3: connection err: -111 [ 154.708629][ T36] usbhid 5-1:0.0: can't add hid device: -71 [ 154.708705][ T36] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 154.747481][ T36] usb 5-1: USB disconnect, device number 2 [ 156.755416][ T6395] netlink: 6 bytes leftover after parsing attributes in process `syz.0.137'. [ 156.777955][ T6395] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 159.801998][ T6412] overlayfs: failed to resolve './file1/file0': -2 [ 169.936600][ T6457] overlayfs: overlapping lowerdir path [ 172.714778][ T5781] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 172.884835][ T5781] usb 4-1: Using ep0 maxpacket: 16 [ 172.887908][ T5781] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 172.887954][ T5781] usb 4-1: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice= 0.00 [ 172.887977][ T5781] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.946039][ T5781] usb 4-1: config 0 descriptor?? [ 174.697430][ T6488] overlayfs: overlapping lowerdir path [ 175.853763][ T5814] Bluetooth: hci1: connection err: -111 [ 176.585464][ T5781] usbhid 4-1:0.0: can't add hid device: -71 [ 176.585575][ T5781] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 176.858718][ T5781] usb 4-1: USB disconnect, device number 4 [ 184.163570][ T6534] hub 8-0:1.0: USB hub found [ 184.164072][ T6534] hub 8-0:1.0: 1 port detected [ 186.875003][ T6550] netlink: 72 bytes leftover after parsing attributes in process `syz.0.185'. [ 191.506578][ T36] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 192.834593][ T36] usb 1-1: Using ep0 maxpacket: 16 [ 192.837408][ T36] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 192.837456][ T36] usb 1-1: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice= 0.00 [ 192.837478][ T36] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.847509][ T36] usb 1-1: config 0 descriptor?? [ 194.243280][ T5814] Bluetooth: hci2: connection err: -111 [ 194.318619][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.318677][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.666664][ T36] hid (null): usage index exceeded [ 194.692706][ T36] logitech-djreceiver 0003:046D:C52B.0001: ignoring exceeding usage max [ 194.694055][ T36] logitech-djreceiver 0003:046D:C52B.0001: ignoring exceeding usage max [ 194.694074][ T36] logitech-djreceiver 0003:046D:C52B.0001: usage index exceeded [ 194.694088][ T36] logitech-djreceiver 0003:046D:C52B.0001: item 0 0 2 2 parsing failed [ 194.708495][ T36] logitech-djreceiver 0003:046D:C52B.0001: logi_dj_probe: parse failed [ 194.708591][ T36] logitech-djreceiver 0003:046D:C52B.0001: probe with driver logitech-djreceiver failed with error -22 [ 196.401390][ T5781] usb 1-1: USB disconnect, device number 3 [ 196.619541][ T6597] netlink: 12 bytes leftover after parsing attributes in process `syz.0.200'. [ 201.966778][ T5804] Bluetooth: hci0: command 0x0406 tx timeout [ 201.967492][ T5804] Bluetooth: hci4: command 0x0406 tx timeout [ 201.967504][ T5807] Bluetooth: hci3: command 0x0406 tx timeout [ 201.967531][ T5807] Bluetooth: hci1: command 0x0406 tx timeout [ 201.967578][ T5804] Bluetooth: hci2: command 0x0406 tx timeout [ 205.046750][ T6649] hub 8-0:1.0: USB hub found [ 205.047890][ T6649] hub 8-0:1.0: 1 port detected [ 209.500749][ T6664] netlink: 12 bytes leftover after parsing attributes in process `syz.1.220'. [ 213.171707][ T5801] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 213.177761][ T5801] Bluetooth: hci0: Injecting HCI hardware error event [ 213.181695][ T61] Bluetooth: hci0: hardware error 0x00 [ 214.064649][ T6686] hub 8-0:1.0: USB hub found [ 214.069548][ T6686] hub 8-0:1.0: 1 port detected [ 216.075780][ T61] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 222.418911][ T5867] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 222.716705][ T5867] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 222.716749][ T5867] usb 5-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 222.716773][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.788712][ T5867] usb 5-1: config 0 descriptor?? [ 228.386884][ T5867] usbhid 5-1:0.0: can't add hid device: -71 [ 228.387001][ T5867] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 228.559225][ T5867] usb 5-1: USB disconnect, device number 3 [ 237.098266][ T5801] Bluetooth: hci4: command 0x0406 tx timeout [ 237.174871][ T807] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 237.339004][ T807] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 237.339049][ T807] usb 3-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 237.339071][ T807] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.402541][ T807] usb 3-1: config 0 descriptor?? [ 239.316278][ T807] usbhid 3-1:0.0: can't add hid device: -71 [ 239.316408][ T807] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 239.341550][ T807] usb 3-1: USB disconnect, device number 2 [ 242.300775][ T61] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 242.301033][ T61] Bluetooth: hci4: Injecting HCI hardware error event [ 242.303487][ T61] Bluetooth: hci4: hardware error 0x00 [ 243.119006][ T808] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 243.572678][ T808] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 243.572724][ T808] usb 5-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 243.572747][ T808] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.608281][ T808] usb 5-1: config 0 descriptor?? [ 244.933066][ T5801] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 244.941120][ T5801] Bluetooth: hci1: Injecting HCI hardware error event [ 244.955143][ T5801] Bluetooth: hci1: hardware error 0x00 [ 245.724816][ T61] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 246.899729][ T808] usbhid 5-1:0.0: can't add hid device: -71 [ 246.899842][ T808] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 246.926744][ T808] usb 5-1: USB disconnect, device number 4 [ 248.464992][ T5801] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 251.204831][ T5801] Bluetooth: hci3: command 0x0406 tx timeout [ 251.204916][ T5814] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 251.207803][ T5814] Bluetooth: hci2: Injecting HCI hardware error event [ 251.209976][ T5814] Bluetooth: hci2: hardware error 0x00 [ 253.430638][ T5814] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 256.875436][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.875502][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 283.621017][ T808] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 283.778683][ T808] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 283.778729][ T808] usb 1-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 283.778752][ T808] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.816883][ T808] usb 1-1: config 0 descriptor?? [ 285.592953][ T808] usbhid 1-1:0.0: can't add hid device: -71 [ 285.593078][ T808] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 285.638463][ T808] usb 1-1: USB disconnect, device number 4 [ 294.224582][ T7073] netlink: 'syz.3.331': attribute type 36 has an invalid length. [ 294.332026][ T7073] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 294.332072][ T7073] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 297.305963][ T5814] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 297.310144][ T5814] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 297.311251][ T5814] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 297.312337][ T5814] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 297.313249][ T5814] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 299.519155][ T61] Bluetooth: hci5: command tx timeout [ 299.751297][ T7079] chnl_net:caif_netlink_parms(): no params data found [ 301.614136][ T5814] Bluetooth: hci5: command tx timeout [ 303.644772][ T5814] Bluetooth: hci5: command 0x040f tx timeout [ 305.180753][ T5782] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 305.294270][ T5814] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 305.307553][ T5814] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 305.308600][ T5814] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 305.309658][ T5814] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 305.310574][ T5814] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 305.336020][ T5782] usb 1-1: Using ep0 maxpacket: 16 [ 305.341607][ T5782] usb 1-1: config 0 has an invalid interface number: 33 but max is 0 [ 305.341633][ T5782] usb 1-1: config 0 has no interface number 0 [ 305.345098][ T5782] usb 1-1: New USB device found, idVendor=10c4, idProduct=81a9, bcdDevice=88.e6 [ 305.345125][ T5782] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.345142][ T5782] usb 1-1: Product: syz [ 305.345164][ T5782] usb 1-1: Manufacturer: syz [ 305.345177][ T5782] usb 1-1: SerialNumber: syz [ 305.363321][ T5782] usb 1-1: config 0 descriptor?? [ 305.384293][ T5782] cp210x 1-1:0.33: cp210x converter detected [ 305.724751][ T5814] Bluetooth: hci5: command 0x040f tx timeout [ 306.109545][ T7124] hub 8-0:1.0: USB hub found [ 306.114011][ T7124] hub 8-0:1.0: 1 port detected [ 306.362976][ T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.732161][ T5782] cp210x 1-1:0.33: failed to get vendor val 0x370b size 1: -71 [ 306.732200][ T5782] cp210x 1-1:0.33: querying part number failed [ 306.748349][ T5782] usb 1-1: cp210x converter now attached to ttyUSB0 [ 306.786846][ T5782] usb 1-1: USB disconnect, device number 5 [ 306.833415][ T5782] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 306.834238][ T5782] cp210x 1-1:0.33: device disconnected [ 307.010655][ T7079] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.010864][ T7079] bridge0: port 1(bridge_slave_0) entered disabled state [ 307.011094][ T7079] bridge_slave_0: entered allmulticast mode [ 307.039382][ T7079] bridge_slave_0: entered promiscuous mode [ 307.148066][ T7079] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.148216][ T7079] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.148442][ T7079] bridge_slave_1: entered allmulticast mode [ 307.151131][ T7079] bridge_slave_1: entered promiscuous mode [ 307.413537][ T5814] Bluetooth: hci3: command tx timeout [ 307.805205][ T5814] Bluetooth: hci5: command 0x040f tx timeout [ 308.838106][ T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.091507][ T7079] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 309.268967][ T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.302522][ T7079] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 309.365794][ T7079] team0: Port device team_slave_0 added [ 309.380578][ T808] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 309.424893][ T5880] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 309.479106][ T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.484845][ T5814] Bluetooth: hci3: command tx timeout [ 309.522935][ T7079] team0: Port device team_slave_1 added [ 309.550582][ T808] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 309.550630][ T808] usb 2-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 309.550651][ T808] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.599261][ T808] usb 2-1: config 0 descriptor?? [ 309.610970][ T5880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 309.611013][ T5880] usb 4-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 309.611034][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.672229][ T5880] usb 4-1: config 0 descriptor?? [ 309.722346][ T7079] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 309.722363][ T7079] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 309.722388][ T7079] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 309.724353][ T7079] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 309.724367][ T7079] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 309.724387][ T7079] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 312.720569][ T5814] Bluetooth: hci3: command tx timeout [ 312.733812][ T808] usbhid 2-1:0.0: can't add hid device: -71 [ 312.733983][ T808] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 312.822204][ T808] usb 2-1: USB disconnect, device number 3 [ 312.849517][ T7164] hub 8-0:1.0: USB hub found [ 312.849844][ T7164] hub 8-0:1.0: 1 port detected [ 312.921327][ T5880] usbhid 4-1:0.0: can't add hid device: -71 [ 312.921443][ T5880] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 312.941294][ T5880] usb 4-1: USB disconnect, device number 5 [ 312.981330][ T7079] hsr_slave_0: entered promiscuous mode [ 312.984475][ T7079] hsr_slave_1: entered promiscuous mode [ 312.997343][ T7079] debugfs: 'hsr0' already exists in 'hsr' [ 312.997372][ T7079] Cannot create hsr debugfs directory [ 313.519718][ T7117] chnl_net:caif_netlink_parms(): no params data found [ 313.682734][ T13] bridge_slave_1: left allmulticast mode [ 313.706426][ T13] bridge_slave_1: left promiscuous mode [ 313.708730][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.301487][ T13] bridge_slave_0: left allmulticast mode [ 314.301517][ T13] bridge_slave_0: left promiscuous mode [ 314.301978][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.545927][ T7181] process 'syz.0.362' launched './file0' with NULL argv: empty string added [ 316.184697][ T61] Bluetooth: hci3: command tx timeout [ 317.172965][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.173048][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.253772][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 319.264769][ T7184] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 319.349935][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 319.428757][ T13] bond0 (unregistering): Released all slaves [ 322.544856][ T7117] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.544978][ T7117] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.545213][ T7117] bridge_slave_0: entered allmulticast mode [ 322.566029][ T7117] bridge_slave_0: entered promiscuous mode [ 323.619156][ T7117] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.619459][ T7117] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.619714][ T7117] bridge_slave_1: entered allmulticast mode [ 323.622461][ T7117] bridge_slave_1: entered promiscuous mode [ 325.885222][ T7117] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 325.929089][ T7117] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 326.097506][ T36] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 326.270302][ T36] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 326.270355][ T36] usb 4-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 326.270377][ T36] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.302900][ T36] usb 4-1: config 0 descriptor?? [ 327.896173][ T36] usbhid 4-1:0.0: can't add hid device: -71 [ 327.896251][ T36] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 327.929045][ T36] usb 4-1: USB disconnect, device number 6 [ 328.136690][ T7117] team0: Port device team_slave_0 added [ 328.163810][ T7117] team0: Port device team_slave_1 added [ 328.555019][ T13] hsr_slave_0: left promiscuous mode [ 328.584761][ T13] hsr_slave_1: left promiscuous mode [ 328.586124][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 328.586202][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 328.638116][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 328.638142][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 328.808556][ T13] veth1_macvtap: left promiscuous mode [ 328.809508][ T13] veth0_macvtap: left promiscuous mode [ 328.810576][ T13] veth1_vlan: left promiscuous mode [ 328.810776][ T13] veth0_vlan: left promiscuous mode [ 329.027869][ T7237] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 339.525145][ T7286] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 344.033443][ T7334] netlink: 'syz.0.396': attribute type 36 has an invalid length. [ 345.981595][ T13] team0 (unregistering): Port device team_slave_1 removed [ 346.215372][ T13] team0 (unregistering): Port device team_slave_0 removed [ 347.424900][ T6026] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 347.579134][ T6026] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 347.579167][ T6026] usb 4-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 347.579180][ T6026] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.582173][ T6026] usb 4-1: config 0 descriptor?? [ 349.270028][ T6026] usbhid 4-1:0.0: can't add hid device: -71 [ 349.270165][ T6026] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 349.314303][ T6026] usb 4-1: USB disconnect, device number 7 [ 349.461510][ T7334] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 349.461526][ T7334] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 349.482591][ T7079] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 349.528129][ T7346] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 349.587360][ T7117] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 349.587370][ T7117] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 349.587384][ T7117] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 349.589627][ T7079] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 349.749363][ T7117] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 349.749381][ T7117] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 349.749405][ T7117] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 349.870802][ T7079] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 351.897504][ T7079] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 352.252316][ T7117] hsr_slave_0: entered promiscuous mode [ 352.253761][ T7117] hsr_slave_1: entered promiscuous mode [ 352.280119][ T7117] debugfs: 'hsr0' already exists in 'hsr' [ 352.280142][ T7117] Cannot create hsr debugfs directory [ 358.382608][ T5801] Bluetooth: hci3: command 0x0405 tx timeout [ 358.707612][ T5801] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 358.718864][ T5801] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 358.736397][ T5801] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 358.737648][ T5801] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 358.738308][ T5801] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 359.060592][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.601569][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.764794][ T5801] Bluetooth: hci0: command tx timeout [ 361.442329][ T7417] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 361.784498][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.883927][ T5801] Bluetooth: hci0: command tx timeout [ 363.443871][ T7117] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 364.925201][ T5801] Bluetooth: hci0: command tx timeout [ 364.998332][ T7117] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 365.170830][ T61] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 365.172961][ T61] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 365.174107][ T61] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 365.211817][ T61] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 365.212651][ T61] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 365.400949][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.575445][ T6026] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 365.738251][ T6026] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 365.738310][ T6026] usb 2-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 365.738335][ T6026] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.773857][ T6026] usb 2-1: config 0 descriptor?? [ 367.368727][ T61] Bluetooth: hci0: command tx timeout [ 367.368789][ T61] Bluetooth: hci5: command tx timeout [ 367.388401][ T6026] usbhid 2-1:0.0: can't add hid device: -71 [ 367.388518][ T6026] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 367.444594][ T6026] usb 2-1: USB disconnect, device number 4 [ 369.405334][ T5801] Bluetooth: hci5: command tx timeout [ 369.804954][ T807] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 369.960322][ T807] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 369.960374][ T807] usb 2-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 369.960397][ T807] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.007352][ T807] usb 2-1: config 0 descriptor?? [ 371.548460][ T5801] Bluetooth: hci5: command tx timeout [ 371.570271][ T807] usbhid 2-1:0.0: can't add hid device: -71 [ 371.570394][ T807] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 371.643722][ T807] usb 2-1: USB disconnect, device number 5 [ 373.481867][ T13] bridge_slave_1: left allmulticast mode [ 373.481897][ T13] bridge_slave_1: left promiscuous mode [ 373.482147][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.568313][ T61] Bluetooth: hci5: command tx timeout [ 373.586337][ T13] bridge_slave_0: left allmulticast mode [ 373.586369][ T13] bridge_slave_0: left promiscuous mode [ 373.586641][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 378.008786][ T7506] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 378.245748][ T7530] Bluetooth: MGMT ver 1.23 [ 378.803446][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.803517][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.685077][ T5889] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 380.837170][ T5889] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 380.837225][ T5889] usb 2-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 380.837258][ T5889] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.846929][ T5889] usb 2-1: config 0 descriptor?? [ 382.944311][ T5801] Bluetooth: hci5: command 0x0405 tx timeout [ 382.965129][ T5889] usbhid 2-1:0.0: can't add hid device: -71 [ 382.965248][ T5889] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 383.004957][ T5889] usb 2-1: USB disconnect, device number 6 [ 384.985869][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 385.350136][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 387.283385][ T13] bond0 (unregistering): Released all slaves [ 387.693659][ T7422] chnl_net:caif_netlink_parms(): no params data found [ 389.609523][ T7463] chnl_net:caif_netlink_parms(): no params data found [ 389.694303][ T7422] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.694818][ T7422] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.695421][ T7422] bridge_slave_0: entered allmulticast mode [ 389.701182][ T7422] bridge_slave_0: entered promiscuous mode [ 389.821010][ T7422] bridge0: port 2(bridge_slave_1) entered blocking state [ 389.821108][ T7422] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.821334][ T7422] bridge_slave_1: entered allmulticast mode [ 389.831626][ T7422] bridge_slave_1: entered promiscuous mode [ 389.871006][ T7564] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 393.526764][ T13] hsr_slave_0: left promiscuous mode [ 393.574781][ T13] hsr_slave_1: left promiscuous mode [ 393.575404][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 393.575419][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 394.978533][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 394.978560][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 395.174602][ T13] veth1_macvtap: left promiscuous mode [ 395.214970][ T13] veth0_macvtap: left promiscuous mode [ 395.215271][ T13] veth1_vlan: left promiscuous mode [ 395.215453][ T13] veth0_vlan: left promiscuous mode [ 399.728347][ T7632] netlink: 72 bytes leftover after parsing attributes in process `syz.1.450'. [ 408.375652][ T7653] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 408.750761][ T6026] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 408.921002][ T6026] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 408.921049][ T6026] usb 4-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 408.921071][ T6026] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.330261][ T6026] usb 4-1: config 0 descriptor?? [ 411.931479][ T6026] usbhid 4-1:0.0: can't add hid device: -71 [ 411.931602][ T6026] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 411.959007][ T6026] usb 4-1: USB disconnect, device number 8 [ 414.055615][ T13] team0 (unregistering): Port device team_slave_1 removed [ 414.469774][ T13] team0 (unregistering): Port device team_slave_0 removed [ 421.682790][ T61] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 421.706542][ T61] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 421.719861][ T61] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 422.452617][ T61] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 422.475066][ T61] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 422.766721][ T7731] vxcan1: tx drop: invalid sa for name 0x0000000000000002 [ 424.613212][ T61] Bluetooth: hci3: command tx timeout [ 426.733131][ T5814] Bluetooth: hci3: command tx timeout [ 426.735758][ T5801] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 426.739050][ T5801] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 426.742143][ T5801] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 426.744309][ T5801] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 426.801286][ T5801] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 426.893432][ T37] audit: type=1326 audit(1771447420.211:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7784 comm="syz.3.481" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29fc15c629 code=0x0 [ 427.005568][ T7789] input: syz0 as /devices/virtual/input/input5 [ 427.082800][ T7792] warning: `syz.1.484' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 427.669326][ T7801] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 428.769457][ T5801] Bluetooth: hci3: command tx timeout [ 428.957588][ T5801] Bluetooth: hci0: command tx timeout [ 429.587392][ T7815] faux_driver vgem: [drm] Unknown color mode 32767; guessing buffer size. [ 430.914778][ T5801] Bluetooth: hci3: command tx timeout [ 431.007098][ T5801] Bluetooth: hci0: command tx timeout [ 431.046870][ T7830] tipc: Started in network mode [ 431.046901][ T7830] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 431.047686][ T7830] tipc: Enabled bearer , priority 15 [ 432.241106][ T7862] netlink: 'syz.3.503': attribute type 3 has an invalid length. [ 432.292994][ T7863] netlink: 'syz.3.503': attribute type 10 has an invalid length. [ 432.352255][ T5781] tipc: Node number set to 8432298 [ 432.374754][ T7862] netlink: 'syz.3.503': attribute type 3 has an invalid length. [ 432.410205][ T7863] 8021q: adding VLAN 0 to HW filter on device team0 [ 432.423794][ T7863] bond0: (slave team0): Enslaving as an active interface with an up link [ 433.084905][ T5801] Bluetooth: hci0: command tx timeout [ 433.837699][ T7886] syz_tun: entered allmulticast mode [ 433.959114][ T7719] chnl_net:caif_netlink_parms(): no params data found [ 434.019491][ T7886] syz_tun: left allmulticast mode [ 436.360770][ T7895] veth0_vlan: left promiscuous mode [ 436.360843][ T7895] vlan0: entered promiscuous mode [ 436.360856][ T7895] veth0_vlan: entered promiscuous mode [ 436.579215][ T7900] ======================================================= [ 436.579215][ T7900] WARNING: The mand mount option has been deprecated and [ 436.579215][ T7900] and is ignored by this kernel. Remove the mand [ 436.579215][ T7900] option from the mount to silence this warning. [ 436.579215][ T7900] ======================================================= [ 436.964680][ T5801] Bluetooth: hci0: command tx timeout [ 438.392947][ T7719] bridge0: port 1(bridge_slave_0) entered blocking state [ 438.393134][ T7719] bridge0: port 1(bridge_slave_0) entered disabled state [ 438.409764][ T7719] bridge_slave_0: entered allmulticast mode [ 438.426202][ T7719] bridge_slave_0: entered promiscuous mode [ 439.489500][ T7778] chnl_net:caif_netlink_parms(): no params data found [ 439.790884][ T7719] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.793886][ T7719] bridge0: port 2(bridge_slave_1) entered disabled state [ 439.794137][ T7719] bridge_slave_1: entered allmulticast mode [ 440.767101][ T7719] bridge_slave_1: entered promiscuous mode [ 441.714461][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 441.714530][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.536216][ T7719] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 443.386685][ T7719] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 444.511792][ T7719] team0: Port device team_slave_0 added [ 444.588740][ T7719] team0: Port device team_slave_1 added [ 444.594259][ T7778] bridge0: port 1(bridge_slave_0) entered blocking state [ 444.594450][ T7778] bridge0: port 1(bridge_slave_0) entered disabled state [ 444.615429][ T7778] bridge_slave_0: entered allmulticast mode [ 444.631530][ T7778] bridge_slave_0: entered promiscuous mode [ 444.710361][ T7778] bridge0: port 2(bridge_slave_1) entered blocking state [ 444.710500][ T7778] bridge0: port 2(bridge_slave_1) entered disabled state [ 444.710726][ T7778] bridge_slave_1: entered allmulticast mode [ 444.741157][ T7778] bridge_slave_1: entered promiscuous mode [ 445.686688][ T7719] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 445.686712][ T7719] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 445.686730][ T7719] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 445.763754][ T7719] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 445.763770][ T7719] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 445.763792][ T7719] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 445.790771][ T7778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 445.846936][ T7995] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 446.075497][ T7778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 446.370211][ T7778] team0: Port device team_slave_0 added [ 446.396364][ T7778] team0: Port device team_slave_1 added [ 446.410672][ T7719] hsr_slave_0: entered promiscuous mode [ 446.411984][ T7719] hsr_slave_1: entered promiscuous mode [ 446.412853][ T7719] debugfs: 'hsr0' already exists in 'hsr' [ 446.412875][ T7719] Cannot create hsr debugfs directory [ 446.480552][ T8014] capability: warning: `syz.0.542' uses deprecated v2 capabilities in a way that may be insecure [ 447.083724][ T7778] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 447.083741][ T7778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 447.083765][ T7778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 448.490311][ T7778] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 448.490328][ T7778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 448.490354][ T7778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 449.862113][ T8040] ptrace attach of "./syz-executor exec"[5797] was attempted by " [ 452.311993][ T7778] hsr_slave_0: entered promiscuous mode [ 452.313303][ T7778] hsr_slave_1: entered promiscuous mode [ 452.314199][ T7778] debugfs: 'hsr0' already exists in 'hsr' [ 452.314221][ T7778] Cannot create hsr debugfs directory [ 454.892349][ T13] bridge_slave_1: left allmulticast mode [ 454.892378][ T13] bridge_slave_1: left promiscuous mode [ 454.892618][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.915679][ T8103] Invalid ELF header magic: != ELF [ 454.956544][ T13] bridge_slave_0: left allmulticast mode [ 454.956563][ T13] bridge_slave_0: left promiscuous mode [ 454.958134][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 455.048938][ T13] bridge_slave_1: left allmulticast mode [ 455.048969][ T13] bridge_slave_1: left promiscuous mode [ 455.049219][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 455.142992][ T13] bridge_slave_0: left allmulticast mode [ 455.143022][ T13] bridge_slave_0: left promiscuous mode [ 455.143698][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 455.341459][ T13] bridge_slave_1: left allmulticast mode [ 455.341489][ T13] bridge_slave_1: left promiscuous mode [ 455.341730][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 455.457992][ T13] bridge_slave_0: left allmulticast mode [ 455.458020][ T13] bridge_slave_0: left promiscuous mode [ 455.458250][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.053859][ T13] bond0 (unregistering): Released all slaves [ 456.239173][ T13] bond0 (unregistering): Released all slaves [ 458.495361][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 459.351321][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 459.412702][ T8131] Bluetooth: MGMT ver 1.23 [ 459.413029][ T8131] Bluetooth: hci0: service_discovery: too big uuid_count value 65353 [ 459.446587][ T13] bond0 (unregistering): Released all slaves [ 459.543292][ T37] audit: type=1326 audit(1771447452.861:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8134 comm="syz.0.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a966dc629 code=0x7ffc0000 [ 459.543425][ T37] audit: type=1326 audit(1771447452.861:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8134 comm="syz.0.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a966dc629 code=0x7ffc0000 [ 459.543756][ T37] audit: type=1326 audit(1771447452.861:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8134 comm="syz.0.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7a966dc629 code=0x7ffc0000 [ 459.543972][ T37] audit: type=1326 audit(1771447452.861:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8134 comm="syz.0.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a966dc629 code=0x7ffc0000 [ 459.544128][ T37] audit: type=1326 audit(1771447452.861:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8134 comm="syz.0.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a966dc629 code=0x7ffc0000 [ 459.544545][ T37] audit: type=1326 audit(1771447452.861:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8134 comm="syz.0.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7a966dc629 code=0x7ffc0000 [ 459.557103][ T37] audit: type=1326 audit(1771447452.881:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8134 comm="syz.0.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a966dc629 code=0x7ffc0000 [ 459.557148][ T37] audit: type=1326 audit(1771447452.881:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8134 comm="syz.0.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a966dc629 code=0x7ffc0000 [ 459.557184][ T37] audit: type=1326 audit(1771447452.881:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8134 comm="syz.0.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7a966dc629 code=0x7ffc0000 [ 459.557219][ T37] audit: type=1326 audit(1771447452.881:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8134 comm="syz.0.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a966dc629 code=0x7ffc0000 [ 459.568344][ T8135] netlink: 12 bytes leftover after parsing attributes in process `syz.0.576'. [ 460.265638][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 460.355612][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 460.416747][ T13] bond0 (unregistering): Released all slaves [ 460.469686][ T8111] vxcan1: entered promiscuous mode [ 460.482328][ T8135] vlan1: entered promiscuous mode [ 460.482350][ T8135] bond0: entered promiscuous mode [ 460.482363][ T8135] bond_slave_0: entered promiscuous mode [ 460.482580][ T8135] bond_slave_1: entered promiscuous mode [ 461.734535][ T8143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 461.745257][ T8143] bond0: (slave rose0): Enslaving as an active interface with an up link [ 463.545916][ T8169] netlink: 8 bytes leftover after parsing attributes in process `syz.0.585'. [ 466.140005][ T13] hsr_slave_0: left promiscuous mode [ 467.015132][ T13] hsr_slave_1: left promiscuous mode [ 467.016226][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 467.791423][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 468.004819][ T13] hsr_slave_0: left promiscuous mode [ 468.925165][ T13] hsr_slave_1: left promiscuous mode [ 469.014857][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 469.067779][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 470.065345][ T13] team0 (unregistering): Port device team_slave_1 removed [ 470.205497][ T13] team0 (unregistering): Port device team_slave_0 removed [ 471.225409][ T13] team0 (unregistering): Port device team_slave_1 removed [ 471.356853][ T13] team0 (unregistering): Port device team_slave_0 removed [ 473.294776][ T5782] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 473.445168][ T5782] usb 2-1: Using ep0 maxpacket: 16 [ 473.447973][ T5782] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 473.448005][ T5782] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 473.448042][ T5782] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 473.448064][ T5782] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.453444][ T5782] usb 2-1: config 0 descriptor?? [ 474.718114][ T5781] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 474.728172][ T5782] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0 [ 474.728213][ T5782] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0 [ 474.728240][ T5782] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0 [ 474.728266][ T5782] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0 [ 474.728290][ T5782] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0 [ 474.730114][ T5782] mcp2221 0003:04D8:00DD.0002: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 474.899345][ T5781] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 474.899374][ T5781] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 474.899399][ T5781] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 474.899423][ T5781] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 13155, setting to 64 [ 474.899448][ T5781] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 474.910797][ T5781] usb 4-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 474.910827][ T5781] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 474.910847][ T5781] usb 4-1: Product: syz [ 474.910861][ T5781] usb 4-1: Manufacturer: syz [ 474.910874][ T5781] usb 4-1: SerialNumber: syz [ 475.013193][ T5781] usb 4-1: config 0 descriptor?? [ 475.014073][ T8254] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 475.065192][ T5782] usb 2-1: USB disconnect, device number 7 [ 475.082792][ T5781] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input6 [ 475.276360][ C1] kbtab 4-1:0.0: kbtab_irq - usb_submit_urb failed with result -1 [ 475.348280][ T36] usb 4-1: USB disconnect, device number 9 [ 475.348364][ C1] kbtab 4-1:0.0: kbtab_irq - usb_submit_urb failed with result -19 [ 475.553414][ T8261] netlink: 'syz.1.605': attribute type 10 has an invalid length. [ 475.657094][ T8261] 8021q: adding VLAN 0 to HW filter on device team0 [ 475.660050][ T8261] bond0: (slave team0): Enslaving as an active interface with an up link [ 475.961807][ T7719] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 476.125588][ T7719] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 476.219300][ T7719] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 477.252508][ T7719] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 477.574024][ T7778] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 477.619384][ T7778] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 477.761151][ T7778] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 477.818385][ T7778] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 478.363529][ T8320] netlink: 'syz.3.615': attribute type 10 has an invalid length. [ 478.730824][ T7719] 8021q: adding VLAN 0 to HW filter on device bond0 [ 478.846789][ T7778] 8021q: adding VLAN 0 to HW filter on device bond0 [ 478.941908][ T7719] 8021q: adding VLAN 0 to HW filter on device team0 [ 479.008217][ T1127] bridge0: port 1(bridge_slave_0) entered blocking state [ 479.008412][ T1127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 479.041822][ T7778] 8021q: adding VLAN 0 to HW filter on device team0 [ 479.091515][ T1019] bridge0: port 2(bridge_slave_1) entered blocking state [ 479.091601][ T1019] bridge0: port 2(bridge_slave_1) entered forwarding state [ 480.008022][ T1019] bridge0: port 1(bridge_slave_0) entered blocking state [ 480.008117][ T1019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 480.214022][ T6588] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.227488][ T6588] bridge0: port 2(bridge_slave_1) entered forwarding state [ 480.989189][ T61] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 481.016412][ T61] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 481.032024][ T61] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 481.050889][ T61] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 481.052431][ T61] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 481.601484][ T8355] syz.3.624 (8355) used greatest stack depth: 17904 bytes left [ 481.840699][ T8368] netlink: 'syz.0.625': attribute type 10 has an invalid length. [ 482.876217][ T8368] 8021q: adding VLAN 0 to HW filter on device team0 [ 482.878953][ T8368] team0: entered promiscuous mode [ 482.878967][ T8368] team_slave_0: entered promiscuous mode [ 482.879083][ T8368] team_slave_1: entered promiscuous mode [ 482.880856][ T8368] bond0: (slave team0): Enslaving as an active interface with an up link [ 483.164961][ T5801] Bluetooth: hci5: command tx timeout [ 483.975699][ T5781] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 484.451569][ T5781] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 484.451628][ T5781] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 484.451652][ T5781] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.548131][ T5781] usb 2-1: config 0 descriptor?? [ 484.588695][ T5781] pwc: Askey VC010 type 2 USB webcam detected. [ 484.592964][ T8418] netlink: 'syz.3.641': attribute type 10 has an invalid length. [ 484.976835][ T7778] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 484.993107][ T5781] pwc: recv_control_msg error -32 req 02 val 2b00 [ 485.014877][ T5781] pwc: recv_control_msg error -32 req 02 val 2700 [ 485.016820][ T5781] pwc: recv_control_msg error -32 req 02 val 2c00 [ 485.222332][ T5781] pwc: recv_control_msg error -32 req 04 val 1300 [ 485.241474][ T5781] pwc: recv_control_msg error -32 req 04 val 1400 [ 485.242294][ T5781] pwc: recv_control_msg error -32 req 02 val 2000 [ 485.243101][ T5781] pwc: recv_control_msg error -32 req 02 val 2100 [ 485.249776][ T5801] Bluetooth: hci5: command tx timeout [ 485.273958][ T5781] pwc: recv_control_msg error -32 req 04 val 1500 [ 485.275391][ T5781] pwc: recv_control_msg error -32 req 02 val 2500 [ 485.276406][ T5781] pwc: recv_control_msg error -32 req 02 val 2400 [ 485.289395][ T5781] pwc: recv_control_msg error -32 req 02 val 2600 [ 485.305810][ T5781] pwc: recv_control_msg error -32 req 02 val 2900 [ 485.307273][ T5781] pwc: recv_control_msg error -32 req 02 val 2800 [ 485.309530][ T5781] pwc: recv_control_msg error -32 req 04 val 1100 [ 485.371498][ T5781] pwc: Registered as video103. [ 485.395455][ T5781] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input7 [ 485.533684][ T5781] usb 2-1: USB disconnect, device number 8 [ 486.358884][ T8359] chnl_net:caif_netlink_parms(): no params data found [ 487.137069][ T61] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 487.157882][ T61] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 487.159291][ T61] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 487.191040][ T61] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 487.193626][ T61] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 487.324876][ T61] Bluetooth: hci5: command tx timeout [ 487.509232][ T8472] netlink: 'syz.1.651': attribute type 10 has an invalid length. [ 487.667848][ T8359] bridge0: port 1(bridge_slave_0) entered blocking state [ 487.668709][ T8359] bridge0: port 1(bridge_slave_0) entered disabled state [ 487.668955][ T8359] bridge_slave_0: entered allmulticast mode [ 487.671469][ T8359] bridge_slave_0: entered promiscuous mode [ 487.711967][ T8359] bridge0: port 2(bridge_slave_1) entered blocking state [ 487.712041][ T8359] bridge0: port 2(bridge_slave_1) entered disabled state [ 487.712212][ T8359] bridge_slave_1: entered allmulticast mode [ 487.715019][ T808] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 487.753482][ T8359] bridge_slave_1: entered promiscuous mode [ 487.851659][ T8359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 487.917883][ T808] usb 4-1: Using ep0 maxpacket: 8 [ 487.923018][ T8359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 487.924405][ T808] usb 4-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11 [ 487.924434][ T808] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 487.924453][ T808] usb 4-1: Product: syz [ 487.924466][ T808] usb 4-1: Manufacturer: syz [ 487.924480][ T808] usb 4-1: SerialNumber: syz [ 487.947019][ T808] usb 4-1: config 0 descriptor?? [ 487.967840][ T808] gspca_main: vc032x-2.14.0 probing 046d:0896 [ 488.465117][ T6026] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 488.638064][ T6026] usb 2-1: config 0 has an invalid interface number: 176 but max is 0 [ 488.638103][ T6026] usb 2-1: config 0 has no interface number 0 [ 488.638142][ T6026] usb 2-1: config 0 interface 176 altsetting 0 endpoint 0x4 has invalid maxpacket 59391, setting to 64 [ 488.644243][ T6026] usb 2-1: New USB device found, idVendor=0499, idProduct=1039, bcdDevice= c.76 [ 488.644273][ T6026] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.644291][ T6026] usb 2-1: Product: syz [ 488.644304][ T6026] usb 2-1: Manufacturer: syz [ 488.644318][ T6026] usb 2-1: SerialNumber: syz [ 488.726323][ T6026] usb 2-1: config 0 descriptor?? [ 488.733293][ T8492] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 488.735385][ T8492] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 488.769323][ T8359] team0: Port device team_slave_0 added [ 488.902485][ T8503] netlink: 'syz.0.657': attribute type 4 has an invalid length. [ 488.987657][ T8359] team0: Port device team_slave_1 added [ 488.988194][ T6026] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 489.324753][ T61] Bluetooth: hci3: command tx timeout [ 489.362581][ T6026] usb 2-1: USB disconnect, device number 9 [ 489.390323][ T808] gspca_vc032x: reg_w err -71 [ 489.390430][ T808] vc032x 4-1:0.0: probe with driver vc032x failed with error -71 [ 489.410245][ T61] Bluetooth: hci5: command tx timeout [ 489.440513][ T808] usb 4-1: USB disconnect, device number 10 [ 489.699184][ T8359] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 489.699201][ T8359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 489.699225][ T8359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 490.480516][ T8359] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 490.480532][ T8359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 490.480556][ T8359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 490.619579][ T5949] bridge_slave_1: left allmulticast mode [ 490.619611][ T5949] bridge_slave_1: left promiscuous mode [ 490.619834][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 490.748900][ T5949] bridge_slave_0: left allmulticast mode [ 490.748928][ T5949] bridge_slave_0: left promiscuous mode [ 490.749800][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 490.808183][ T8237] udevd[8237]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.176/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 490.863624][ T8524] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 491.030120][ T8524] kvm: pic: non byte read [ 491.033426][ T8524] kvm: pic: level sensitive irq not supported [ 491.044435][ T8524] kvm: pic: non byte read [ 491.055148][ T8524] kvm: pic: non byte read [ 491.055440][ T8524] kvm: pic: non byte read [ 491.055642][ T8524] kvm: pic: level sensitive irq not supported [ 491.055751][ T8524] kvm: pic: non byte read [ 491.055955][ T8524] kvm: pic: non byte read [ 491.056157][ T8524] kvm: pic: non byte read [ 491.056355][ T8524] kvm: pic: non byte read [ 491.056651][ T8524] kvm: pic: non byte read [ 491.057808][ T8524] kvm: pic: non byte read [ 491.104793][ T6026] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 491.135242][ T8524] kvm: pic: level sensitive irq not supported [ 491.268016][ T6026] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 491.268050][ T6026] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 491.268089][ T6026] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 491.268115][ T6026] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 491.270623][ T6026] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 491.270657][ T6026] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 491.270675][ T6026] usb 2-1: Product: syz [ 491.270689][ T6026] usb 2-1: Manufacturer: syz [ 491.270702][ T6026] usb 2-1: SerialNumber: syz [ 491.358231][ T8521] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 491.373463][ T6026] cdc_mbim 2-1:1.0: skipping garbage [ 491.406177][ T61] Bluetooth: hci3: command tx timeout [ 491.575613][ T8521] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 491.575726][ T8521] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 492.195341][ T8521] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 492.195839][ T8521] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 492.196628][ T6026] cdc_mbim 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 492.196647][ T6026] cdc_mbim 2-1:1.0: setting rx_max = 2048 [ 492.214829][ T5781] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 492.384787][ T5781] usb 1-1: Using ep0 maxpacket: 32 [ 492.390390][ T5781] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 492.390425][ T5781] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 492.390514][ T5781] usb 1-1: New USB device found, idVendor=046d, idProduct=c713, bcdDevice= 0.00 [ 492.390536][ T5781] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.451860][ T6026] cdc_mbim 2-1:1.0: setting tx_max = 184 [ 492.468814][ T5781] usb 1-1: config 0 descriptor?? [ 492.534360][ T6026] cdc_mbim 2-1:1.0: cdc-wdm0: USB WDM device [ 492.617978][ T6026] wwan wwan0: port wwan0mbim0 attached [ 492.880406][ T5781] logitech-djreceiver 0003:046D:C713.0003: unknown main item tag 0x0 [ 492.880431][ T5781] logitech-djreceiver 0003:046D:C713.0003: unknown main item tag 0x0 [ 492.880447][ T5781] logitech-djreceiver 0003:046D:C713.0003: unknown main item tag 0x0 [ 492.880462][ T5781] logitech-djreceiver 0003:046D:C713.0003: unknown main item tag 0x0 [ 492.880477][ T5781] logitech-djreceiver 0003:046D:C713.0003: unknown main item tag 0x0 [ 492.880493][ T5781] logitech-djreceiver 0003:046D:C713.0003: unknown main item tag 0x0 [ 492.880513][ T5781] logitech-djreceiver 0003:046D:C713.0003: unknown main item tag 0x0 [ 493.084895][ T36] usb 1-1: USB disconnect, device number 6 [ 493.112112][ T5949] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 493.208138][ T5949] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 493.262059][ T5949] bond0 (unregistering): Released all slaves [ 493.359958][ T6026] cdc_mbim 2-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, b2:b7:b6:56:09:85 [ 493.407579][ T6026] usb 2-1: USB disconnect, device number 10 [ 493.410209][ T6026] cdc_mbim 2-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM [ 493.484741][ T61] Bluetooth: hci3: command tx timeout [ 494.679992][ T8359] hsr_slave_0: entered promiscuous mode [ 494.681644][ T8359] hsr_slave_1: entered promiscuous mode [ 494.682549][ T8359] debugfs: 'hsr0' already exists in 'hsr' [ 494.682574][ T8359] Cannot create hsr debugfs directory [ 494.737784][ T6026] wwan wwan0: port wwan0mbim0 disconnected [ 494.879535][ T5949] hsr_slave_0: left promiscuous mode [ 494.928878][ T5949] hsr_slave_1: left promiscuous mode [ 494.929542][ T5949] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 494.949325][ T5949] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 495.574853][ T61] Bluetooth: hci3: command tx timeout [ 495.579789][ T36] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 496.569577][ T36] usb 4-1: Using ep0 maxpacket: 32 [ 496.589777][ T36] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 496.589811][ T36] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 496.589849][ T36] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 496.589871][ T36] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.605911][ T36] usb 4-1: config 0 descriptor?? [ 496.609553][ T36] hub 4-1:0.0: USB hub found [ 496.813677][ T36] hub 4-1:0.0: 1 port detected [ 496.865795][ T5949] team0 (unregistering): Port device team_slave_1 removed [ 497.045570][ T5949] team0 (unregistering): Port device team_slave_0 removed [ 498.053095][ T36] hub 4-1:0.0: hub_hub_status failed (err = -32) [ 498.053123][ T36] hub 4-1:0.0: config failed, can't get hub status (err -32) [ 498.060311][ T36] usbhid 4-1:0.0: can't add hid device: -32 [ 498.060434][ T36] usbhid 4-1:0.0: probe with driver usbhid failed with error -32 [ 498.117128][ T36] usb 4-1: USB disconnect, device number 11 [ 500.306979][ T8601] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 502.223852][ T8462] chnl_net:caif_netlink_parms(): no params data found [ 502.353721][ T8625] netlink: 'syz.3.691': attribute type 3 has an invalid length. [ 503.648249][ T8637] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 504.867172][ T8462] bridge0: port 1(bridge_slave_0) entered blocking state [ 504.867360][ T8462] bridge0: port 1(bridge_slave_0) entered disabled state [ 504.867568][ T8462] bridge_slave_0: entered allmulticast mode [ 504.874324][ T8462] bridge_slave_0: entered promiscuous mode [ 504.887837][ T8462] bridge0: port 2(bridge_slave_1) entered blocking state [ 504.888016][ T8462] bridge0: port 2(bridge_slave_1) entered disabled state [ 504.888219][ T8462] bridge_slave_1: entered allmulticast mode [ 504.893332][ T8462] bridge_slave_1: entered promiscuous mode [ 505.296063][ T8462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 505.306193][ T8462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 505.531510][ T8462] team0: Port device team_slave_0 added [ 505.557810][ T8670] BUG: Bad page state in process syz.1.702 pfn:3502e [ 505.557831][ T8670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3502e SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 505.557845][ T8670] flags: 0x80000000000000(node=0|zone=1) [ 505.557863][ T8670] raw: 0080000000000000 dead000000000040 ffff88801a3da000 0000000000000000 [ 505.557872][ T8670] raw: 0000000000000000 3fffffffffffffff 00000000ffffffff 0000000000000000 [ 505.557878][ T8670] page dumped because: page_pool leak [ 505.557887][ T8670] page_owner tracks the page as allocated [ 505.557891][ T8670] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 8670, tgid 8668 (syz.1.702), ts 505557638685, free_ts 505432178569 [ 505.557913][ T8670] post_alloc_hook+0x228/0x280 [ 505.557928][ T8670] get_page_from_freelist+0x28bb/0x2950 [ 505.557940][ T8670] __alloc_frozen_pages_noprof+0x18d/0x380 [ 505.557952][ T8670] alloc_pages_bulk_noprof+0x5f1/0x7d0 [ 505.557962][ T8670] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 505.557973][ T8670] page_pool_alloc_frag_netmem+0x421/0x9b0 [ 505.557983][ T8670] skb_pp_cow_data+0xc43/0x1680 [ 505.557996][ T8670] do_xdp_generic+0x5b5/0xea0 [ 505.558007][ T8670] tun_get_user+0x247d/0x3de0 [ 505.558017][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.558026][ T8670] vfs_write+0x629/0xba0 [ 505.558034][ T8670] ksys_write+0x156/0x270 [ 505.558042][ T8670] do_syscall_64+0x14d/0xf80 [ 505.558062][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.558072][ T8670] page last free pid 20 tgid 20 stack trace: [ 505.558078][ T8670] __free_frozen_pages+0xfd0/0x1160 [ 505.558088][ T8670] tlb_remove_table_rcu+0x85/0x100 [ 505.558100][ T8670] rcu_cpu_kthread+0x99e/0x1470 [ 505.558113][ T8670] smpboot_thread_fn+0x541/0xa50 [ 505.558125][ T8670] kthread+0x388/0x470 [ 505.558138][ T8670] ret_from_fork+0x51e/0xb90 [ 505.558148][ T8670] ret_from_fork_asm+0x1a/0x30 [ 505.558165][ T8670] Modules linked in: [ 505.558190][ T8670] CPU: 0 UID: 0 PID: 8670 Comm: syz.1.702 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 505.558202][ T8670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 505.558214][ T8670] Call Trace: [ 505.558220][ T8670] [ 505.558226][ T8670] dump_stack_lvl+0xe8/0x150 [ 505.558242][ T8670] bad_page+0x17f/0x1c0 [ 505.558258][ T8670] __free_frozen_pages+0x1119/0x1160 [ 505.558274][ T8670] ? lockdep_unlock+0x5d/0xd0 [ 505.558287][ T8670] ? __pfx___free_frozen_pages+0x10/0x10 [ 505.558305][ T8670] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 505.558324][ T8670] ? do_raw_spin_lock+0x12b/0x2f0 [ 505.558339][ T8670] bpf_xdp_adjust_tail+0x1d6/0x220 [ 505.558357][ T8670] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 505.558371][ T8670] bpf_prog_run_generic_xdp+0x623/0x13f0 [ 505.558398][ T8670] do_xdp_generic+0x862/0xea0 [ 505.558409][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.558427][ T8670] ? __pfx_do_xdp_generic+0x10/0x10 [ 505.558445][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.558466][ T8670] ? rcu_is_watching+0x15/0xb0 [ 505.558481][ T8670] ? __local_bh_disable_ip+0x3c/0x420 [ 505.558496][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.558507][ T8670] tun_get_user+0x247d/0x3de0 [ 505.558520][ T8670] ? __se_sys_ioctl+0x47/0x170 [ 505.558540][ T8670] ? __pfx_tun_get_user+0x10/0x10 [ 505.558553][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.558571][ T8670] ? try_to_take_rt_mutex+0x840/0xb00 [ 505.558585][ T8670] ? ref_tracker_alloc+0x339/0x4b0 [ 505.558600][ T8670] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 505.558613][ T8670] ? tun_get+0x1c/0x2f0 [ 505.558627][ T8670] ? tun_get+0x1c/0x2f0 [ 505.558648][ T8670] ? tun_get+0x1c/0x2f0 [ 505.558666][ T8670] ? tun_get+0x1c/0x2f0 [ 505.558688][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.558711][ T8670] vfs_write+0x629/0xba0 [ 505.558738][ T8670] ? __pfx_vfs_write+0x10/0x10 [ 505.558764][ T8670] ? __fget_files+0x2a/0x420 [ 505.558784][ T8670] ksys_write+0x156/0x270 [ 505.558796][ T8670] ? __pfx_ksys_write+0x10/0x10 [ 505.558805][ T8670] ? __pfx_kcov_ioctl+0x10/0x10 [ 505.558820][ T8670] do_syscall_64+0x14d/0xf80 [ 505.558834][ T8670] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.558844][ T8670] ? trace_irq_disable+0x37/0x100 [ 505.558853][ T8670] ? clear_bhb_loop+0x40/0x90 [ 505.558865][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.558875][ T8670] RIP: 0033:0x7fb2bc8acece [ 505.558886][ T8670] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 505.558895][ T8670] RSP: 002b:00007fb2bab1cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 505.558906][ T8670] RAX: ffffffffffffffda RBX: 00007fb2bab1d6c0 RCX: 00007fb2bc8acece [ 505.558914][ T8670] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 505.558921][ T8670] RBP: 00007fb2bc982b39 R08: 0000000000000000 R09: 0000000000000000 [ 505.558928][ T8670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 505.558934][ T8670] R13: 00007fb2bcb66128 R14: 00007fb2bcb66090 R15: 00007ffc7f92dd38 [ 505.558951][ T8670] [ 505.558956][ T8670] Disabling lock debugging due to kernel taint [ 505.558962][ T8670] BUG: Bad page state in process syz.1.702 pfn:5c7f3 [ 505.558970][ T8670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805c7f3000 pfn:0x5c7f3 [ 505.558980][ T8670] flags: 0x80000000000000(node=0|zone=1) [ 505.558992][ T8670] raw: 0080000000000000 dead000000000040 ffff88801a3da000 0000000000000000 [ 505.559001][ T8670] raw: ffff88805c7f3000 0000000000000001 00000000ffffffff 0000000000000000 [ 505.559007][ T8670] page dumped because: page_pool leak [ 505.559012][ T8670] page_owner tracks the page as allocated [ 505.559016][ T8670] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 8670, tgid 8668 (syz.1.702), ts 505557626402, free_ts 505432205567 [ 505.559032][ T8670] post_alloc_hook+0x228/0x280 [ 505.559042][ T8670] get_page_from_freelist+0x28bb/0x2950 [ 505.559053][ T8670] __alloc_frozen_pages_noprof+0x18d/0x380 [ 505.559064][ T8670] alloc_pages_bulk_noprof+0x5f1/0x7d0 [ 505.559075][ T8670] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 505.559085][ T8670] skb_pp_cow_data+0xc21/0x1680 [ 505.559098][ T8670] do_xdp_generic+0x5b5/0xea0 [ 505.559108][ T8670] tun_get_user+0x247d/0x3de0 [ 505.559117][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.559125][ T8670] vfs_write+0x629/0xba0 [ 505.559133][ T8670] ksys_write+0x156/0x270 [ 505.559140][ T8670] do_syscall_64+0x14d/0xf80 [ 505.559151][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.559159][ T8670] page last free pid 20 tgid 20 stack trace: [ 505.559165][ T8670] __free_frozen_pages+0xfd0/0x1160 [ 505.559174][ T8670] tlb_remove_table_rcu+0x85/0x100 [ 505.559186][ T8670] rcu_cpu_kthread+0x99e/0x1470 [ 505.559198][ T8670] smpboot_thread_fn+0x541/0xa50 [ 505.559209][ T8670] kthread+0x388/0x470 [ 505.559222][ T8670] ret_from_fork+0x51e/0xb90 [ 505.559232][ T8670] ret_from_fork_asm+0x1a/0x30 [ 505.559245][ T8670] Modules linked in: [ 505.559256][ T8670] CPU: 0 UID: 0 PID: 8670 Comm: syz.1.702 Tainted: G B syzkaller #0 PREEMPT_{RT,(full)} [ 505.559269][ T8670] Tainted: [B]=BAD_PAGE [ 505.559273][ T8670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 505.559278][ T8670] Call Trace: [ 505.559282][ T8670] [ 505.559286][ T8670] dump_stack_lvl+0xe8/0x150 [ 505.559300][ T8670] bad_page+0x17f/0x1c0 [ 505.559313][ T8670] __free_frozen_pages+0x1119/0x1160 [ 505.559325][ T8670] ? lockdep_unlock+0x5d/0xd0 [ 505.559338][ T8670] ? __pfx___free_frozen_pages+0x10/0x10 [ 505.559351][ T8670] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 505.559366][ T8670] ? do_raw_spin_lock+0x12b/0x2f0 [ 505.559378][ T8670] bpf_xdp_adjust_tail+0x1d6/0x220 [ 505.559393][ T8670] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 505.559402][ T8670] bpf_prog_run_generic_xdp+0x623/0x13f0 [ 505.559419][ T8670] do_xdp_generic+0x862/0xea0 [ 505.559429][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.559443][ T8670] ? __pfx_do_xdp_generic+0x10/0x10 [ 505.559456][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.559477][ T8670] ? rcu_is_watching+0x15/0xb0 [ 505.559491][ T8670] ? __local_bh_disable_ip+0x3c/0x420 [ 505.559504][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.559515][ T8670] tun_get_user+0x247d/0x3de0 [ 505.559526][ T8670] ? __se_sys_ioctl+0x47/0x170 [ 505.559539][ T8670] ? __pfx_tun_get_user+0x10/0x10 [ 505.559550][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.559564][ T8670] ? try_to_take_rt_mutex+0x840/0xb00 [ 505.559576][ T8670] ? ref_tracker_alloc+0x339/0x4b0 [ 505.559588][ T8670] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 505.559600][ T8670] ? tun_get+0x1c/0x2f0 [ 505.559609][ T8670] ? tun_get+0x1c/0x2f0 [ 505.559620][ T8670] ? tun_get+0x1c/0x2f0 [ 505.559629][ T8670] ? tun_get+0x1c/0x2f0 [ 505.559639][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.559650][ T8670] vfs_write+0x629/0xba0 [ 505.559660][ T8670] ? __pfx_vfs_write+0x10/0x10 [ 505.559671][ T8670] ? __fget_files+0x2a/0x420 [ 505.559685][ T8670] ksys_write+0x156/0x270 [ 505.559694][ T8670] ? __pfx_ksys_write+0x10/0x10 [ 505.559703][ T8670] ? __pfx_kcov_ioctl+0x10/0x10 [ 505.559716][ T8670] do_syscall_64+0x14d/0xf80 [ 505.559728][ T8670] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.559737][ T8670] ? trace_irq_disable+0x37/0x100 [ 505.559745][ T8670] ? clear_bhb_loop+0x40/0x90 [ 505.559756][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.559765][ T8670] RIP: 0033:0x7fb2bc8acece [ 505.559773][ T8670] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 505.559784][ T8670] RSP: 002b:00007fb2bab1cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 505.559799][ T8670] RAX: ffffffffffffffda RBX: 00007fb2bab1d6c0 RCX: 00007fb2bc8acece [ 505.559813][ T8670] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 505.559824][ T8670] RBP: 00007fb2bc982b39 R08: 0000000000000000 R09: 0000000000000000 [ 505.559836][ T8670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 505.559847][ T8670] R13: 00007fb2bcb66128 R14: 00007fb2bcb66090 R15: 00007ffc7f92dd38 [ 505.559866][ T8670] [ 505.559874][ T8670] BUG: Bad page state in process syz.1.702 pfn:57b55 [ 505.559884][ T8670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888057b55200 pfn:0x57b55 [ 505.559895][ T8670] flags: 0x80000000000000(node=0|zone=1) [ 505.559906][ T8670] raw: 0080000000000000 dead000000000040 ffff88801a3da000 0000000000000000 [ 505.559915][ T8670] raw: ffff888057b55200 0000000000000001 00000000ffffffff 0000000000000000 [ 505.559921][ T8670] page dumped because: page_pool leak [ 505.559925][ T8670] page_owner tracks the page as allocated [ 505.559929][ T8670] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 8670, tgid 8668 (syz.1.702), ts 505557614681, free_ts 505482192878 [ 505.559946][ T8670] post_alloc_hook+0x228/0x280 [ 505.559956][ T8670] get_page_from_freelist+0x28bb/0x2950 [ 505.559967][ T8670] __alloc_frozen_pages_noprof+0x18d/0x380 [ 505.559980][ T8670] alloc_pages_bulk_noprof+0x5f1/0x7d0 [ 505.559990][ T8670] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 505.560000][ T8670] skb_pp_cow_data+0xc21/0x1680 [ 505.560013][ T8670] do_xdp_generic+0x5b5/0xea0 [ 505.560022][ T8670] tun_get_user+0x247d/0x3de0 [ 505.560031][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.560040][ T8670] vfs_write+0x629/0xba0 [ 505.560047][ T8670] ksys_write+0x156/0x270 [ 505.560055][ T8670] do_syscall_64+0x14d/0xf80 [ 505.560065][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.560074][ T8670] page last free pid 8667 tgid 8667 stack trace: [ 505.560079][ T8670] __free_frozen_pages+0xfd0/0x1160 [ 505.560089][ T8670] __slab_free+0x24f/0x2a0 [ 505.560098][ T8670] qlist_free_all+0x97/0x100 [ 505.560111][ T8670] kasan_quarantine_reduce+0x148/0x160 [ 505.560124][ T8670] __kasan_slab_alloc+0x22/0x80 [ 505.560133][ T8670] __kmalloc_noprof+0x399/0x7b0 [ 505.560141][ T8670] tomoyo_realpath_from_path+0xe3/0x5d0 [ 505.560152][ T8670] tomoyo_check_open_permission+0x229/0x470 [ 505.560165][ T8670] security_file_open+0xa9/0x240 [ 505.560173][ T8670] do_dentry_open+0x4c0/0x13e0 [ 505.560184][ T8670] vfs_open+0x3b/0x350 [ 505.560194][ T8670] path_openat+0x2e3d/0x38a0 [ 505.560202][ T8670] do_file_open+0x23e/0x4a0 [ 505.560210][ T8670] do_sys_openat2+0x113/0x200 [ 505.560221][ T8670] __x64_sys_openat+0x138/0x170 [ 505.560232][ T8670] do_syscall_64+0x14d/0xf80 [ 505.560243][ T8670] Modules linked in: [ 505.560252][ T8670] CPU: 0 UID: 0 PID: 8670 Comm: syz.1.702 Tainted: G B syzkaller #0 PREEMPT_{RT,(full)} [ 505.560266][ T8670] Tainted: [B]=BAD_PAGE [ 505.560269][ T8670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 505.560275][ T8670] Call Trace: [ 505.560279][ T8670] [ 505.560283][ T8670] dump_stack_lvl+0xe8/0x150 [ 505.560296][ T8670] bad_page+0x17f/0x1c0 [ 505.560309][ T8670] __free_frozen_pages+0x1119/0x1160 [ 505.560321][ T8670] ? lockdep_unlock+0x5d/0xd0 [ 505.560333][ T8670] ? __pfx___free_frozen_pages+0x10/0x10 [ 505.560346][ T8670] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 505.560360][ T8670] ? do_raw_spin_lock+0x12b/0x2f0 [ 505.560371][ T8670] bpf_xdp_adjust_tail+0x1d6/0x220 [ 505.560386][ T8670] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 505.560395][ T8670] bpf_prog_run_generic_xdp+0x623/0x13f0 [ 505.560411][ T8670] do_xdp_generic+0x862/0xea0 [ 505.560422][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.560436][ T8670] ? __pfx_do_xdp_generic+0x10/0x10 [ 505.560449][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.560471][ T8670] ? rcu_is_watching+0x15/0xb0 [ 505.560485][ T8670] ? __local_bh_disable_ip+0x3c/0x420 [ 505.560498][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.560509][ T8670] tun_get_user+0x247d/0x3de0 [ 505.560521][ T8670] ? __se_sys_ioctl+0x47/0x170 [ 505.560533][ T8670] ? __pfx_tun_get_user+0x10/0x10 [ 505.560544][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.560558][ T8670] ? try_to_take_rt_mutex+0x840/0xb00 [ 505.560569][ T8670] ? ref_tracker_alloc+0x339/0x4b0 [ 505.560581][ T8670] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 505.560593][ T8670] ? tun_get+0x1c/0x2f0 [ 505.560602][ T8670] ? tun_get+0x1c/0x2f0 [ 505.560613][ T8670] ? tun_get+0x1c/0x2f0 [ 505.560622][ T8670] ? tun_get+0x1c/0x2f0 [ 505.560632][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.560643][ T8670] vfs_write+0x629/0xba0 [ 505.560653][ T8670] ? __pfx_vfs_write+0x10/0x10 [ 505.560664][ T8670] ? __fget_files+0x2a/0x420 [ 505.560678][ T8670] ksys_write+0x156/0x270 [ 505.560687][ T8670] ? __pfx_ksys_write+0x10/0x10 [ 505.560696][ T8670] ? __pfx_kcov_ioctl+0x10/0x10 [ 505.560707][ T8670] do_syscall_64+0x14d/0xf80 [ 505.560721][ T8670] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.560730][ T8670] ? trace_irq_disable+0x37/0x100 [ 505.560738][ T8670] ? clear_bhb_loop+0x40/0x90 [ 505.560749][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.560758][ T8670] RIP: 0033:0x7fb2bc8acece [ 505.560766][ T8670] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 505.560774][ T8670] RSP: 002b:00007fb2bab1cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 505.560784][ T8670] RAX: ffffffffffffffda RBX: 00007fb2bab1d6c0 RCX: 00007fb2bc8acece [ 505.560791][ T8670] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 505.560797][ T8670] RBP: 00007fb2bc982b39 R08: 0000000000000000 R09: 0000000000000000 [ 505.560803][ T8670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 505.560809][ T8670] R13: 00007fb2bcb66128 R14: 00007fb2bcb66090 R15: 00007ffc7f92dd38 [ 505.560820][ T8670] [ 505.560824][ T8670] BUG: Bad page state in process syz.1.702 pfn:345fe [ 505.560831][ T8670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880345fed00 pfn:0x345fe [ 505.560840][ T8670] flags: 0x80000000000000(node=0|zone=1) [ 505.560851][ T8670] raw: 0080000000000000 dead000000000040 ffff88801a3da000 0000000000000000 [ 505.560860][ T8670] raw: ffff8880345fed00 0000000000000001 00000000ffffffff 0000000000000000 [ 505.560865][ T8670] page dumped because: page_pool leak [ 505.560871][ T8670] page_owner tracks the page as allocated [ 505.560877][ T8670] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 8670, tgid 8668 (syz.1.702), ts 505557602490, free_ts 505482595993 [ 505.560904][ T8670] post_alloc_hook+0x228/0x280 [ 505.560921][ T8670] get_page_from_freelist+0x28bb/0x2950 [ 505.560940][ T8670] __alloc_frozen_pages_noprof+0x18d/0x380 [ 505.560958][ T8670] alloc_pages_bulk_noprof+0x5f1/0x7d0 [ 505.560976][ T8670] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 505.560994][ T8670] skb_pp_cow_data+0xc21/0x1680 [ 505.561013][ T8670] do_xdp_generic+0x5b5/0xea0 [ 505.561023][ T8670] tun_get_user+0x247d/0x3de0 [ 505.561032][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.561041][ T8670] vfs_write+0x629/0xba0 [ 505.561048][ T8670] ksys_write+0x156/0x270 [ 505.561056][ T8670] do_syscall_64+0x14d/0xf80 [ 505.561067][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.561076][ T8670] page last free pid 8667 tgid 8667 stack trace: [ 505.561081][ T8670] __free_frozen_pages+0xfd0/0x1160 [ 505.561090][ T8670] __slab_free+0x24f/0x2a0 [ 505.561100][ T8670] qlist_free_all+0x97/0x100 [ 505.561113][ T8670] kasan_quarantine_reduce+0x148/0x160 [ 505.561126][ T8670] __kasan_slab_alloc+0x22/0x80 [ 505.561135][ T8670] __kmalloc_noprof+0x399/0x7b0 [ 505.561144][ T8670] tomoyo_realpath_from_path+0xe3/0x5d0 [ 505.561155][ T8670] tomoyo_check_open_permission+0x229/0x470 [ 505.561169][ T8670] security_file_open+0xa9/0x240 [ 505.561176][ T8670] do_dentry_open+0x4c0/0x13e0 [ 505.561187][ T8670] vfs_open+0x3b/0x350 [ 505.561197][ T8670] path_openat+0x2e3d/0x38a0 [ 505.561205][ T8670] do_file_open+0x23e/0x4a0 [ 505.561213][ T8670] do_sys_openat2+0x113/0x200 [ 505.561224][ T8670] __x64_sys_openat+0x138/0x170 [ 505.561235][ T8670] do_syscall_64+0x14d/0xf80 [ 505.561246][ T8670] Modules linked in: [ 505.561255][ T8670] CPU: 0 UID: 0 PID: 8670 Comm: syz.1.702 Tainted: G B syzkaller #0 PREEMPT_{RT,(full)} [ 505.561269][ T8670] Tainted: [B]=BAD_PAGE [ 505.561272][ T8670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 505.561278][ T8670] Call Trace: [ 505.561282][ T8670] [ 505.561286][ T8670] dump_stack_lvl+0xe8/0x150 [ 505.561299][ T8670] bad_page+0x17f/0x1c0 [ 505.561313][ T8670] __free_frozen_pages+0x1119/0x1160 [ 505.561325][ T8670] ? lockdep_unlock+0x5d/0xd0 [ 505.561337][ T8670] ? __pfx___free_frozen_pages+0x10/0x10 [ 505.561350][ T8670] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 505.561363][ T8670] ? do_raw_spin_lock+0x12b/0x2f0 [ 505.561375][ T8670] bpf_xdp_adjust_tail+0x1d6/0x220 [ 505.561389][ T8670] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 505.561398][ T8670] bpf_prog_run_generic_xdp+0x623/0x13f0 [ 505.561415][ T8670] do_xdp_generic+0x862/0xea0 [ 505.561425][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.561439][ T8670] ? __pfx_do_xdp_generic+0x10/0x10 [ 505.561452][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.561471][ T8670] ? rcu_is_watching+0x15/0xb0 [ 505.561485][ T8670] ? __local_bh_disable_ip+0x3c/0x420 [ 505.561498][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.561508][ T8670] tun_get_user+0x247d/0x3de0 [ 505.561519][ T8670] ? __se_sys_ioctl+0x47/0x170 [ 505.561532][ T8670] ? __pfx_tun_get_user+0x10/0x10 [ 505.561542][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.561556][ T8670] ? try_to_take_rt_mutex+0x840/0xb00 [ 505.561567][ T8670] ? ref_tracker_alloc+0x339/0x4b0 [ 505.561579][ T8670] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 505.561591][ T8670] ? tun_get+0x1c/0x2f0 [ 505.561601][ T8670] ? tun_get+0x1c/0x2f0 [ 505.561611][ T8670] ? tun_get+0x1c/0x2f0 [ 505.561620][ T8670] ? tun_get+0x1c/0x2f0 [ 505.561630][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.561641][ T8670] vfs_write+0x629/0xba0 [ 505.561651][ T8670] ? __pfx_vfs_write+0x10/0x10 [ 505.561662][ T8670] ? __fget_files+0x2a/0x420 [ 505.561676][ T8670] ksys_write+0x156/0x270 [ 505.561686][ T8670] ? __pfx_ksys_write+0x10/0x10 [ 505.561694][ T8670] ? __pfx_kcov_ioctl+0x10/0x10 [ 505.561705][ T8670] do_syscall_64+0x14d/0xf80 [ 505.561719][ T8670] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.561729][ T8670] ? trace_irq_disable+0x37/0x100 [ 505.561737][ T8670] ? clear_bhb_loop+0x40/0x90 [ 505.561747][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.561757][ T8670] RIP: 0033:0x7fb2bc8acece [ 505.561765][ T8670] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 505.561773][ T8670] RSP: 002b:00007fb2bab1cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 505.561783][ T8670] RAX: ffffffffffffffda RBX: 00007fb2bab1d6c0 RCX: 00007fb2bc8acece [ 505.561791][ T8670] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 505.561797][ T8670] RBP: 00007fb2bc982b39 R08: 0000000000000000 R09: 0000000000000000 [ 505.561803][ T8670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 505.561809][ T8670] R13: 00007fb2bcb66128 R14: 00007fb2bcb66090 R15: 00007ffc7f92dd38 [ 505.561836][ T8670] [ 505.561842][ T8670] BUG: Bad page state in process syz.1.702 pfn:5fa32 [ 505.561848][ T8670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805fa32000 pfn:0x5fa32 [ 505.561858][ T8670] flags: 0x80000000000000(node=0|zone=1) [ 505.561869][ T8670] raw: 0080000000000000 dead000000000040 ffff88801a3da000 0000000000000000 [ 505.561878][ T8670] raw: ffff88805fa32000 0000000000000001 00000000ffffffff 0000000000000000 [ 505.561883][ T8670] page dumped because: page_pool leak [ 505.561888][ T8670] page_owner tracks the page as allocated [ 505.561891][ T8670] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 8670, tgid 8668 (syz.1.702), ts 505557583875, free_ts 505482645421 [ 505.561908][ T8670] post_alloc_hook+0x228/0x280 [ 505.561917][ T8670] get_page_from_freelist+0x28bb/0x2950 [ 505.561929][ T8670] __alloc_frozen_pages_noprof+0x18d/0x380 [ 505.561941][ T8670] alloc_pages_bulk_noprof+0x5f1/0x7d0 [ 505.561951][ T8670] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 505.561961][ T8670] skb_pp_cow_data+0xc21/0x1680 [ 505.561974][ T8670] do_xdp_generic+0x5b5/0xea0 [ 505.561983][ T8670] tun_get_user+0x247d/0x3de0 [ 505.561992][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.562001][ T8670] vfs_write+0x629/0xba0 [ 505.562008][ T8670] ksys_write+0x156/0x270 [ 505.562016][ T8670] do_syscall_64+0x14d/0xf80 [ 505.562026][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.562038][ T8670] page last free pid 8667 tgid 8667 stack trace: [ 505.562047][ T8670] __free_frozen_pages+0xfd0/0x1160 [ 505.562063][ T8670] __slab_free+0x24f/0x2a0 [ 505.562078][ T8670] qlist_free_all+0x97/0x100 [ 505.562099][ T8670] kasan_quarantine_reduce+0x148/0x160 [ 505.562122][ T8670] __kasan_slab_alloc+0x22/0x80 [ 505.562134][ T8670] __kmalloc_noprof+0x399/0x7b0 [ 505.562143][ T8670] tomoyo_realpath_from_path+0xe3/0x5d0 [ 505.562153][ T8670] tomoyo_check_open_permission+0x229/0x470 [ 505.562166][ T8670] security_file_open+0xa9/0x240 [ 505.562174][ T8670] do_dentry_open+0x4c0/0x13e0 [ 505.562185][ T8670] vfs_open+0x3b/0x350 [ 505.562195][ T8670] path_openat+0x2e3d/0x38a0 [ 505.562203][ T8670] do_file_open+0x23e/0x4a0 [ 505.562211][ T8670] do_sys_openat2+0x113/0x200 [ 505.562221][ T8670] __x64_sys_openat+0x138/0x170 [ 505.562233][ T8670] do_syscall_64+0x14d/0xf80 [ 505.562244][ T8670] Modules linked in: [ 505.562253][ T8670] CPU: 0 UID: 0 PID: 8670 Comm: syz.1.702 Tainted: G B syzkaller #0 PREEMPT_{RT,(full)} [ 505.562266][ T8670] Tainted: [B]=BAD_PAGE [ 505.562270][ T8670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 505.562275][ T8670] Call Trace: [ 505.562279][ T8670] [ 505.562283][ T8670] dump_stack_lvl+0xe8/0x150 [ 505.562297][ T8670] bad_page+0x17f/0x1c0 [ 505.562311][ T8670] __free_frozen_pages+0x1119/0x1160 [ 505.562323][ T8670] ? lockdep_unlock+0x5d/0xd0 [ 505.562335][ T8670] ? __pfx___free_frozen_pages+0x10/0x10 [ 505.562348][ T8670] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 505.562361][ T8670] ? do_raw_spin_lock+0x12b/0x2f0 [ 505.562373][ T8670] bpf_xdp_adjust_tail+0x1d6/0x220 [ 505.562388][ T8670] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 505.562396][ T8670] bpf_prog_run_generic_xdp+0x623/0x13f0 [ 505.562413][ T8670] do_xdp_generic+0x862/0xea0 [ 505.562423][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.562438][ T8670] ? __pfx_do_xdp_generic+0x10/0x10 [ 505.562451][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.562469][ T8670] ? rcu_is_watching+0x15/0xb0 [ 505.562483][ T8670] ? __local_bh_disable_ip+0x3c/0x420 [ 505.562496][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.562506][ T8670] tun_get_user+0x247d/0x3de0 [ 505.562517][ T8670] ? __se_sys_ioctl+0x47/0x170 [ 505.562530][ T8670] ? __pfx_tun_get_user+0x10/0x10 [ 505.562541][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.562555][ T8670] ? try_to_take_rt_mutex+0x840/0xb00 [ 505.562567][ T8670] ? ref_tracker_alloc+0x339/0x4b0 [ 505.562579][ T8670] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 505.562591][ T8670] ? tun_get+0x1c/0x2f0 [ 505.562600][ T8670] ? tun_get+0x1c/0x2f0 [ 505.562611][ T8670] ? tun_get+0x1c/0x2f0 [ 505.562620][ T8670] ? tun_get+0x1c/0x2f0 [ 505.562630][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.562641][ T8670] vfs_write+0x629/0xba0 [ 505.562651][ T8670] ? __pfx_vfs_write+0x10/0x10 [ 505.562662][ T8670] ? __fget_files+0x2a/0x420 [ 505.562676][ T8670] ksys_write+0x156/0x270 [ 505.562685][ T8670] ? __pfx_ksys_write+0x10/0x10 [ 505.562694][ T8670] ? __pfx_kcov_ioctl+0x10/0x10 [ 505.562704][ T8670] do_syscall_64+0x14d/0xf80 [ 505.562719][ T8670] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.562728][ T8670] ? trace_irq_disable+0x37/0x100 [ 505.562737][ T8670] ? clear_bhb_loop+0x40/0x90 [ 505.562747][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.562757][ T8670] RIP: 0033:0x7fb2bc8acece [ 505.562765][ T8670] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 505.562774][ T8670] RSP: 002b:00007fb2bab1cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 505.562783][ T8670] RAX: ffffffffffffffda RBX: 00007fb2bab1d6c0 RCX: 00007fb2bc8acece [ 505.562791][ T8670] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 505.562797][ T8670] RBP: 00007fb2bc982b39 R08: 0000000000000000 R09: 0000000000000000 [ 505.562803][ T8670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 505.562809][ T8670] R13: 00007fb2bcb66128 R14: 00007fb2bcb66090 R15: 00007ffc7f92dd38 [ 505.562820][ T8670] [ 505.562824][ T8670] BUG: Bad page state in process syz.1.702 pfn:35037 [ 505.562831][ T8670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888035037000 pfn:0x35037 [ 505.562841][ T8670] flags: 0x80000000000000(node=0|zone=1) [ 505.562852][ T8670] raw: 0080000000000000 dead000000000040 ffff88801a3da000 0000000000000000 [ 505.562861][ T8670] raw: ffff888035037000 0000000000000001 00000000ffffffff 0000000000000000 [ 505.562866][ T8670] page dumped because: page_pool leak [ 505.562871][ T8670] page_owner tracks the page as allocated [ 505.562874][ T8670] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 8670, tgid 8668 (syz.1.702), ts 505557564591, free_ts 505482704881 [ 505.562889][ T8670] post_alloc_hook+0x228/0x280 [ 505.562899][ T8670] get_page_from_freelist+0x28bb/0x2950 [ 505.562910][ T8670] __alloc_frozen_pages_noprof+0x18d/0x380 [ 505.562921][ T8670] alloc_pages_bulk_noprof+0x5f1/0x7d0 [ 505.562932][ T8670] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 505.562941][ T8670] skb_pp_cow_data+0xc21/0x1680 [ 505.562954][ T8670] do_xdp_generic+0x5b5/0xea0 [ 505.562963][ T8670] tun_get_user+0x247d/0x3de0 [ 505.562972][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.562981][ T8670] vfs_write+0x629/0xba0 [ 505.562989][ T8670] ksys_write+0x156/0x270 [ 505.562996][ T8670] do_syscall_64+0x14d/0xf80 [ 505.563007][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.563016][ T8670] page last free pid 8667 tgid 8667 stack trace: [ 505.563021][ T8670] __free_frozen_pages+0xfd0/0x1160 [ 505.563030][ T8670] __slab_free+0x24f/0x2a0 [ 505.563039][ T8670] qlist_free_all+0x97/0x100 [ 505.563052][ T8670] kasan_quarantine_reduce+0x148/0x160 [ 505.563066][ T8670] __kasan_slab_alloc+0x22/0x80 [ 505.563074][ T8670] __kmalloc_noprof+0x399/0x7b0 [ 505.563083][ T8670] tomoyo_realpath_from_path+0xe3/0x5d0 [ 505.563093][ T8670] tomoyo_check_open_permission+0x229/0x470 [ 505.563105][ T8670] security_file_open+0xa9/0x240 [ 505.563113][ T8670] do_dentry_open+0x4c0/0x13e0 [ 505.563124][ T8670] vfs_open+0x3b/0x350 [ 505.563134][ T8670] path_openat+0x2e3d/0x38a0 [ 505.563141][ T8670] do_file_open+0x23e/0x4a0 [ 505.563149][ T8670] do_sys_openat2+0x113/0x200 [ 505.563164][ T8670] __x64_sys_openat+0x138/0x170 [ 505.563183][ T8670] do_syscall_64+0x14d/0xf80 [ 505.563201][ T8670] Modules linked in: [ 505.563216][ T8670] CPU: 0 UID: 0 PID: 8670 Comm: syz.1.702 Tainted: G B syzkaller #0 PREEMPT_{RT,(full)} [ 505.563241][ T8670] Tainted: [B]=BAD_PAGE [ 505.563247][ T8670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 505.563254][ T8670] Call Trace: [ 505.563258][ T8670] [ 505.563262][ T8670] dump_stack_lvl+0xe8/0x150 [ 505.563276][ T8670] bad_page+0x17f/0x1c0 [ 505.563290][ T8670] __free_frozen_pages+0x1119/0x1160 [ 505.563302][ T8670] ? lockdep_unlock+0x5d/0xd0 [ 505.563314][ T8670] ? __pfx___free_frozen_pages+0x10/0x10 [ 505.563327][ T8670] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 505.563340][ T8670] ? do_raw_spin_lock+0x12b/0x2f0 [ 505.563352][ T8670] bpf_xdp_adjust_tail+0x1d6/0x220 [ 505.563366][ T8670] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 505.563375][ T8670] bpf_prog_run_generic_xdp+0x623/0x13f0 [ 505.563392][ T8670] do_xdp_generic+0x862/0xea0 [ 505.563402][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.563416][ T8670] ? __pfx_do_xdp_generic+0x10/0x10 [ 505.563429][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.563441][ T8670] ? rcu_is_watching+0x15/0xb0 [ 505.563454][ T8670] ? __local_bh_disable_ip+0x3c/0x420 [ 505.563473][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.563483][ T8670] tun_get_user+0x247d/0x3de0 [ 505.563495][ T8670] ? __se_sys_ioctl+0x47/0x170 [ 505.563508][ T8670] ? __pfx_tun_get_user+0x10/0x10 [ 505.563519][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.563533][ T8670] ? try_to_take_rt_mutex+0x840/0xb00 [ 505.563545][ T8670] ? ref_tracker_alloc+0x339/0x4b0 [ 505.563556][ T8670] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 505.563568][ T8670] ? tun_get+0x1c/0x2f0 [ 505.563577][ T8670] ? tun_get+0x1c/0x2f0 [ 505.563588][ T8670] ? tun_get+0x1c/0x2f0 [ 505.563597][ T8670] ? tun_get+0x1c/0x2f0 [ 505.563607][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.563618][ T8670] vfs_write+0x629/0xba0 [ 505.563628][ T8670] ? __pfx_vfs_write+0x10/0x10 [ 505.563639][ T8670] ? __fget_files+0x2a/0x420 [ 505.563653][ T8670] ksys_write+0x156/0x270 [ 505.563662][ T8670] ? __pfx_ksys_write+0x10/0x10 [ 505.563670][ T8670] ? __pfx_kcov_ioctl+0x10/0x10 [ 505.563681][ T8670] do_syscall_64+0x14d/0xf80 [ 505.563692][ T8670] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.563702][ T8670] ? trace_irq_disable+0x37/0x100 [ 505.563712][ T8670] ? clear_bhb_loop+0x40/0x90 [ 505.563723][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.563733][ T8670] RIP: 0033:0x7fb2bc8acece [ 505.563741][ T8670] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 505.563750][ T8670] RSP: 002b:00007fb2bab1cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 505.563760][ T8670] RAX: ffffffffffffffda RBX: 00007fb2bab1d6c0 RCX: 00007fb2bc8acece [ 505.563767][ T8670] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 505.563773][ T8670] RBP: 00007fb2bc982b39 R08: 0000000000000000 R09: 0000000000000000 [ 505.563779][ T8670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 505.563785][ T8670] R13: 00007fb2bcb66128 R14: 00007fb2bcb66090 R15: 00007ffc7f92dd38 [ 505.563796][ T8670] [ 505.563801][ T8670] BUG: Bad page state in process syz.1.702 pfn:7fc98 [ 505.563807][ T8670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x7fc98 [ 505.563817][ T8670] flags: 0x80000000000000(node=0|zone=1) [ 505.563828][ T8670] raw: 0080000000000000 dead000000000040 ffff88801a3da000 0000000000000000 [ 505.563837][ T8670] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 505.563842][ T8670] page dumped because: page_pool leak [ 505.563847][ T8670] page_owner tracks the page as allocated [ 505.563850][ T8670] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 8670, tgid 8668 (syz.1.702), ts 505557546576, free_ts 505495839938 [ 505.563867][ T8670] post_alloc_hook+0x228/0x280 [ 505.563876][ T8670] get_page_from_freelist+0x28bb/0x2950 [ 505.563887][ T8670] __alloc_frozen_pages_noprof+0x18d/0x380 [ 505.563898][ T8670] alloc_pages_bulk_noprof+0x5f1/0x7d0 [ 505.563908][ T8670] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 505.563918][ T8670] skb_pp_cow_data+0xc21/0x1680 [ 505.563931][ T8670] do_xdp_generic+0x5b5/0xea0 [ 505.563941][ T8670] tun_get_user+0x247d/0x3de0 [ 505.563950][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.563959][ T8670] vfs_write+0x629/0xba0 [ 505.563966][ T8670] ksys_write+0x156/0x270 [ 505.563973][ T8670] do_syscall_64+0x14d/0xf80 [ 505.563984][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.563993][ T8670] page last free pid 20 tgid 20 stack trace: [ 505.563998][ T8670] __free_frozen_pages+0xfd0/0x1160 [ 505.564008][ T8670] tlb_remove_table_rcu+0x85/0x100 [ 505.564020][ T8670] rcu_cpu_kthread+0x99e/0x1470 [ 505.564034][ T8670] smpboot_thread_fn+0x541/0xa50 [ 505.564047][ T8670] kthread+0x388/0x470 [ 505.564060][ T8670] ret_from_fork+0x51e/0xb90 [ 505.564072][ T8670] ret_from_fork_asm+0x1a/0x30 [ 505.564086][ T8670] Modules linked in: [ 505.564095][ T8670] CPU: 0 UID: 0 PID: 8670 Comm: syz.1.702 Tainted: G B syzkaller #0 PREEMPT_{RT,(full)} [ 505.564110][ T8670] Tainted: [B]=BAD_PAGE [ 505.564113][ T8670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 505.564119][ T8670] Call Trace: [ 505.564122][ T8670] [ 505.564126][ T8670] dump_stack_lvl+0xe8/0x150 [ 505.564139][ T8670] bad_page+0x17f/0x1c0 [ 505.564154][ T8670] __free_frozen_pages+0x1119/0x1160 [ 505.564166][ T8670] ? lockdep_unlock+0x5d/0xd0 [ 505.564178][ T8670] ? __pfx___free_frozen_pages+0x10/0x10 [ 505.564191][ T8670] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 505.564204][ T8670] ? do_raw_spin_lock+0x12b/0x2f0 [ 505.564217][ T8670] bpf_xdp_adjust_tail+0x1d6/0x220 [ 505.564232][ T8670] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 505.564241][ T8670] bpf_prog_run_generic_xdp+0x623/0x13f0 [ 505.564258][ T8670] do_xdp_generic+0x862/0xea0 [ 505.564269][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.564288][ T8670] ? __pfx_do_xdp_generic+0x10/0x10 [ 505.564311][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.564332][ T8670] ? rcu_is_watching+0x15/0xb0 [ 505.564354][ T8670] ? __local_bh_disable_ip+0x3c/0x420 [ 505.564373][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.564383][ T8670] tun_get_user+0x247d/0x3de0 [ 505.564394][ T8670] ? __se_sys_ioctl+0x47/0x170 [ 505.564407][ T8670] ? __pfx_tun_get_user+0x10/0x10 [ 505.564419][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.564434][ T8670] ? try_to_take_rt_mutex+0x840/0xb00 [ 505.564446][ T8670] ? ref_tracker_alloc+0x339/0x4b0 [ 505.564465][ T8670] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 505.564477][ T8670] ? tun_get+0x1c/0x2f0 [ 505.564487][ T8670] ? tun_get+0x1c/0x2f0 [ 505.564498][ T8670] ? tun_get+0x1c/0x2f0 [ 505.564508][ T8670] ? tun_get+0x1c/0x2f0 [ 505.564519][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.564532][ T8670] vfs_write+0x629/0xba0 [ 505.564543][ T8670] ? __pfx_vfs_write+0x10/0x10 [ 505.564554][ T8670] ? __fget_files+0x2a/0x420 [ 505.564569][ T8670] ksys_write+0x156/0x270 [ 505.564579][ T8670] ? __pfx_ksys_write+0x10/0x10 [ 505.564588][ T8670] ? __pfx_kcov_ioctl+0x10/0x10 [ 505.564598][ T8670] do_syscall_64+0x14d/0xf80 [ 505.564615][ T8670] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.564633][ T8670] ? trace_irq_disable+0x37/0x100 [ 505.564646][ T8670] ? clear_bhb_loop+0x40/0x90 [ 505.564664][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.564680][ T8670] RIP: 0033:0x7fb2bc8acece [ 505.564695][ T8670] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 505.564710][ T8670] RSP: 002b:00007fb2bab1cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 505.564728][ T8670] RAX: ffffffffffffffda RBX: 00007fb2bab1d6c0 RCX: 00007fb2bc8acece [ 505.564741][ T8670] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 505.564753][ T8670] RBP: 00007fb2bc982b39 R08: 0000000000000000 R09: 0000000000000000 [ 505.564765][ T8670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 505.564777][ T8670] R13: 00007fb2bcb66128 R14: 00007fb2bcb66090 R15: 00007ffc7f92dd38 [ 505.564797][ T8670] [ 505.655808][ T8670] BUG: Bad page state in process syz.1.702 pfn:734f1 [ 505.655830][ T8670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880734f18c0 pfn:0x734f1 [ 505.655851][ T8670] flags: 0x80000000000000(node=0|zone=1) [ 505.655875][ T8670] raw: 0080000000000000 dead000000000040 ffff88801a3da000 0000000000000000 [ 505.655893][ T8670] raw: ffff8880734f18c0 0000000000000001 00000000ffffffff 0000000000000000 [ 505.655903][ T8670] page dumped because: page_pool leak [ 505.655912][ T8670] page_owner tracks the page as allocated [ 505.655919][ T8670] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 8670, tgid 8668 (syz.1.702), ts 505557527013, free_ts 505495865916 [ 505.655951][ T8670] post_alloc_hook+0x228/0x280 [ 505.655975][ T8670] get_page_from_freelist+0x28bb/0x2950 [ 505.655997][ T8670] __alloc_frozen_pages_noprof+0x18d/0x380 [ 505.656018][ T8670] alloc_pages_bulk_noprof+0x5f1/0x7d0 [ 505.656038][ T8670] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 505.656059][ T8670] skb_pp_cow_data+0xc21/0x1680 [ 505.656084][ T8670] do_xdp_generic+0x5b5/0xea0 [ 505.656102][ T8670] tun_get_user+0x247d/0x3de0 [ 505.656121][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.656138][ T8670] vfs_write+0x629/0xba0 [ 505.656153][ T8670] ksys_write+0x156/0x270 [ 505.656168][ T8670] do_syscall_64+0x14d/0xf80 [ 505.656190][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.656207][ T8670] page last free pid 20 tgid 20 stack trace: [ 505.656218][ T8670] __free_frozen_pages+0xfd0/0x1160 [ 505.656267][ T8670] tlb_remove_table_rcu+0x85/0x100 [ 505.656289][ T8670] rcu_cpu_kthread+0x99e/0x1470 [ 505.656312][ T8670] smpboot_thread_fn+0x541/0xa50 [ 505.656334][ T8670] kthread+0x388/0x470 [ 505.656356][ T8670] ret_from_fork+0x51e/0xb90 [ 505.656376][ T8670] ret_from_fork_asm+0x1a/0x30 [ 505.656407][ T8670] Modules linked in: [ 505.656428][ T8670] CPU: 0 UID: 0 PID: 8670 Comm: syz.1.702 Tainted: G B syzkaller #0 PREEMPT_{RT,(full)} [ 505.656453][ T8670] Tainted: [B]=BAD_PAGE [ 505.656459][ T8670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 505.656469][ T8670] Call Trace: [ 505.656476][ T8670] [ 505.656484][ T8670] dump_stack_lvl+0xe8/0x150 [ 505.656508][ T8670] bad_page+0x17f/0x1c0 [ 505.656533][ T8670] __free_frozen_pages+0x1119/0x1160 [ 505.656557][ T8670] ? lockdep_unlock+0x5d/0xd0 [ 505.656579][ T8670] ? __pfx___free_frozen_pages+0x10/0x10 [ 505.656602][ T8670] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 505.656629][ T8670] ? do_raw_spin_lock+0x12b/0x2f0 [ 505.656652][ T8670] bpf_xdp_adjust_tail+0x1d6/0x220 [ 505.656680][ T8670] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 505.656698][ T8670] bpf_prog_run_generic_xdp+0x623/0x13f0 [ 505.656731][ T8670] do_xdp_generic+0x862/0xea0 [ 505.656751][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.656778][ T8670] ? __pfx_do_xdp_generic+0x10/0x10 [ 505.656804][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.656826][ T8670] ? rcu_is_watching+0x15/0xb0 [ 505.656852][ T8670] ? __local_bh_disable_ip+0x3c/0x420 [ 505.656877][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.656896][ T8670] tun_get_user+0x247d/0x3de0 [ 505.656917][ T8670] ? __se_sys_ioctl+0x47/0x170 [ 505.656943][ T8670] ? __pfx_tun_get_user+0x10/0x10 [ 505.656963][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.656989][ T8670] ? try_to_take_rt_mutex+0x840/0xb00 [ 505.657011][ T8670] ? ref_tracker_alloc+0x339/0x4b0 [ 505.657035][ T8670] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 505.657058][ T8670] ? tun_get+0x1c/0x2f0 [ 505.657076][ T8670] ? tun_get+0x1c/0x2f0 [ 505.657097][ T8670] ? tun_get+0x1c/0x2f0 [ 505.657115][ T8670] ? tun_get+0x1c/0x2f0 [ 505.657135][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.657155][ T8670] vfs_write+0x629/0xba0 [ 505.657176][ T8670] ? __pfx_vfs_write+0x10/0x10 [ 505.657198][ T8670] ? __fget_files+0x2a/0x420 [ 505.657225][ T8670] ksys_write+0x156/0x270 [ 505.657243][ T8670] ? __pfx_ksys_write+0x10/0x10 [ 505.657260][ T8670] ? __pfx_kcov_ioctl+0x10/0x10 [ 505.657281][ T8670] do_syscall_64+0x14d/0xf80 [ 505.657304][ T8670] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.657323][ T8670] ? trace_irq_disable+0x37/0x100 [ 505.657340][ T8670] ? clear_bhb_loop+0x40/0x90 [ 505.657360][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.657379][ T8670] RIP: 0033:0x7fb2bc8acece [ 505.657396][ T8670] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 505.657419][ T8670] RSP: 002b:00007fb2bab1cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 505.657439][ T8670] RAX: ffffffffffffffda RBX: 00007fb2bab1d6c0 RCX: 00007fb2bc8acece [ 505.657454][ T8670] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 505.657468][ T8670] RBP: 00007fb2bc982b39 R08: 0000000000000000 R09: 0000000000000000 [ 505.657480][ T8670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 505.657493][ T8670] R13: 00007fb2bcb66128 R14: 00007fb2bcb66090 R15: 00007ffc7f92dd38 [ 505.657515][ T8670] [ 505.657525][ T8670] BUG: Bad page state in process syz.1.702 pfn:36b89 [ 505.657537][ T8670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x36b89 [ 505.657557][ T8670] flags: 0x80000000000000(node=0|zone=1) [ 505.657578][ T8670] raw: 0080000000000000 dead000000000040 ffff88801a3da000 0000000000000000 [ 505.657595][ T8670] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 505.657606][ T8670] page dumped because: page_pool leak [ 505.657614][ T8670] page_owner tracks the page as allocated [ 505.657621][ T8670] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 8670, tgid 8668 (syz.1.702), ts 505557508534, free_ts 505495883060 [ 505.657652][ T8670] post_alloc_hook+0x228/0x280 [ 505.657670][ T8670] get_page_from_freelist+0x28bb/0x2950 [ 505.657692][ T8670] __alloc_frozen_pages_noprof+0x18d/0x380 [ 505.657713][ T8670] alloc_pages_bulk_noprof+0x5f1/0x7d0 [ 505.657732][ T8670] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 505.657751][ T8670] skb_pp_cow_data+0xc21/0x1680 [ 505.657775][ T8670] do_xdp_generic+0x5b5/0xea0 [ 505.657793][ T8670] tun_get_user+0x247d/0x3de0 [ 505.657811][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.657828][ T8670] vfs_write+0x629/0xba0 [ 505.657842][ T8670] ksys_write+0x156/0x270 [ 505.657858][ T8670] do_syscall_64+0x14d/0xf80 [ 505.657878][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.657895][ T8670] page last free pid 20 tgid 20 stack trace: [ 505.657905][ T8670] __free_frozen_pages+0xfd0/0x1160 [ 505.657923][ T8670] tlb_remove_table_rcu+0x85/0x100 [ 505.657945][ T8670] rcu_cpu_kthread+0x99e/0x1470 [ 505.657966][ T8670] smpboot_thread_fn+0x541/0xa50 [ 505.657988][ T8670] kthread+0x388/0x470 [ 505.658009][ T8670] ret_from_fork+0x51e/0xb90 [ 505.658029][ T8670] ret_from_fork_asm+0x1a/0x30 [ 505.658053][ T8670] Modules linked in: [ 505.658069][ T8670] CPU: 0 UID: 0 PID: 8670 Comm: syz.1.702 Tainted: G B syzkaller #0 PREEMPT_{RT,(full)} [ 505.658096][ T8670] Tainted: [B]=BAD_PAGE [ 505.658102][ T8670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 505.658113][ T8670] Call Trace: [ 505.658119][ T8670] [ 505.658125][ T8670] dump_stack_lvl+0xe8/0x150 [ 505.658150][ T8670] bad_page+0x17f/0x1c0 [ 505.658174][ T8670] __free_frozen_pages+0x1119/0x1160 [ 505.658197][ T8670] ? lockdep_unlock+0x5d/0xd0 [ 505.658218][ T8670] ? __pfx___free_frozen_pages+0x10/0x10 [ 505.658243][ T8670] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 505.658267][ T8670] ? do_raw_spin_lock+0x12b/0x2f0 [ 505.658289][ T8670] bpf_xdp_adjust_tail+0x1d6/0x220 [ 505.658317][ T8670] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 505.658333][ T8670] bpf_prog_run_generic_xdp+0x623/0x13f0 [ 505.658365][ T8670] do_xdp_generic+0x862/0xea0 [ 505.658384][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.658417][ T8670] ? __pfx_do_xdp_generic+0x10/0x10 [ 505.658442][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.658464][ T8670] ? rcu_is_watching+0x15/0xb0 [ 505.658488][ T8670] ? __local_bh_disable_ip+0x3c/0x420 [ 505.658511][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.658530][ T8670] tun_get_user+0x247d/0x3de0 [ 505.658551][ T8670] ? __se_sys_ioctl+0x47/0x170 [ 505.658575][ T8670] ? __pfx_tun_get_user+0x10/0x10 [ 505.658595][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.658621][ T8670] ? try_to_take_rt_mutex+0x840/0xb00 [ 505.658642][ T8670] ? ref_tracker_alloc+0x339/0x4b0 [ 505.658664][ T8670] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 505.658687][ T8670] ? tun_get+0x1c/0x2f0 [ 505.658706][ T8670] ? tun_get+0x1c/0x2f0 [ 505.658727][ T8670] ? tun_get+0x1c/0x2f0 [ 505.658744][ T8670] ? tun_get+0x1c/0x2f0 [ 505.658764][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.658785][ T8670] vfs_write+0x629/0xba0 [ 505.658806][ T8670] ? __pfx_vfs_write+0x10/0x10 [ 505.658827][ T8670] ? __fget_files+0x2a/0x420 [ 505.658853][ T8670] ksys_write+0x156/0x270 [ 505.658872][ T8670] ? __pfx_ksys_write+0x10/0x10 [ 505.658889][ T8670] ? __pfx_kcov_ioctl+0x10/0x10 [ 505.658909][ T8670] do_syscall_64+0x14d/0xf80 [ 505.658932][ T8670] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.658950][ T8670] ? trace_irq_disable+0x37/0x100 [ 505.658966][ T8670] ? clear_bhb_loop+0x40/0x90 [ 505.658986][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.659004][ T8670] RIP: 0033:0x7fb2bc8acece [ 505.659019][ T8670] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 505.659036][ T8670] RSP: 002b:00007fb2bab1cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 505.659054][ T8670] RAX: ffffffffffffffda RBX: 00007fb2bab1d6c0 RCX: 00007fb2bc8acece [ 505.659069][ T8670] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 505.659082][ T8670] RBP: 00007fb2bc982b39 R08: 0000000000000000 R09: 0000000000000000 [ 505.659095][ T8670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 505.659106][ T8670] R13: 00007fb2bcb66128 R14: 00007fb2bcb66090 R15: 00007ffc7f92dd38 [ 505.659128][ T8670] [ 505.659136][ T8670] BUG: Bad page state in process syz.1.702 pfn:6aa18 [ 505.659147][ T8670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x6aa18 [ 505.659166][ T8670] flags: 0x80000000000000(node=0|zone=1) [ 505.659187][ T8670] raw: 0080000000000000 dead000000000040 ffff88801a3da000 0000000000000000 [ 505.659204][ T8670] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 505.659214][ T8670] page dumped because: page_pool leak [ 505.659223][ T8670] page_owner tracks the page as allocated [ 505.659230][ T8670] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 8670, tgid 8668 (syz.1.702), ts 505557490343, free_ts 505495894933 [ 505.659260][ T8670] post_alloc_hook+0x228/0x280 [ 505.659278][ T8670] get_page_from_freelist+0x28bb/0x2950 [ 505.659299][ T8670] __alloc_frozen_pages_noprof+0x18d/0x380 [ 505.659320][ T8670] alloc_pages_bulk_noprof+0x5f1/0x7d0 [ 505.659340][ T8670] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 505.659358][ T8670] skb_pp_cow_data+0xc21/0x1680 [ 505.659382][ T8670] do_xdp_generic+0x5b5/0xea0 [ 505.659399][ T8670] tun_get_user+0x247d/0x3de0 [ 505.659423][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.659440][ T8670] vfs_write+0x629/0xba0 [ 505.659454][ T8670] ksys_write+0x156/0x270 [ 505.659469][ T8670] do_syscall_64+0x14d/0xf80 [ 505.659579][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.659601][ T8670] page last free pid 20 tgid 20 stack trace: [ 505.659615][ T8670] __free_frozen_pages+0xfd0/0x1160 [ 505.659636][ T8670] tlb_remove_table_rcu+0x85/0x100 [ 505.659659][ T8670] rcu_cpu_kthread+0x99e/0x1470 [ 505.659682][ T8670] smpboot_thread_fn+0x541/0xa50 [ 505.659705][ T8670] kthread+0x388/0x470 [ 505.659727][ T8670] ret_from_fork+0x51e/0xb90 [ 505.659748][ T8670] ret_from_fork_asm+0x1a/0x30 [ 505.659775][ T8670] Modules linked in: [ 505.659798][ T8670] CPU: 0 UID: 0 PID: 8670 Comm: syz.1.702 Tainted: G B syzkaller #0 PREEMPT_{RT,(full)} [ 505.659826][ T8670] Tainted: [B]=BAD_PAGE [ 505.659834][ T8670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 505.659846][ T8670] Call Trace: [ 505.659857][ T8670] [ 505.659867][ T8670] dump_stack_lvl+0xe8/0x150 [ 505.659893][ T8670] bad_page+0x17f/0x1c0 [ 505.659918][ T8670] __free_frozen_pages+0x1119/0x1160 [ 505.659942][ T8670] ? lockdep_unlock+0x5d/0xd0 [ 505.659966][ T8670] ? __pfx___free_frozen_pages+0x10/0x10 [ 505.659990][ T8670] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 505.660018][ T8670] ? do_raw_spin_lock+0x12b/0x2f0 [ 505.660042][ T8670] bpf_xdp_adjust_tail+0x1d6/0x220 [ 505.660071][ T8670] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 505.660089][ T8670] bpf_prog_run_generic_xdp+0x623/0x13f0 [ 505.660125][ T8670] do_xdp_generic+0x862/0xea0 [ 505.660146][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.660173][ T8670] ? __pfx_do_xdp_generic+0x10/0x10 [ 505.660199][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.660223][ T8670] ? rcu_is_watching+0x15/0xb0 [ 505.660248][ T8670] ? __local_bh_disable_ip+0x3c/0x420 [ 505.660311][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.660330][ T8670] tun_get_user+0x247d/0x3de0 [ 505.660353][ T8670] ? __se_sys_ioctl+0x47/0x170 [ 505.660385][ T8670] ? __pfx_tun_get_user+0x10/0x10 [ 505.660406][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.660432][ T8670] ? try_to_take_rt_mutex+0x840/0xb00 [ 505.660456][ T8670] ? ref_tracker_alloc+0x339/0x4b0 [ 505.660481][ T8670] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 505.660503][ T8670] ? tun_get+0x1c/0x2f0 [ 505.660521][ T8670] ? tun_get+0x1c/0x2f0 [ 505.660542][ T8670] ? tun_get+0x1c/0x2f0 [ 505.660560][ T8670] ? tun_get+0x1c/0x2f0 [ 505.660580][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.660600][ T8670] vfs_write+0x629/0xba0 [ 505.660622][ T8670] ? __pfx_vfs_write+0x10/0x10 [ 505.660644][ T8670] ? __fget_files+0x2a/0x420 [ 505.660675][ T8670] ksys_write+0x156/0x270 [ 505.660694][ T8670] ? __pfx_ksys_write+0x10/0x10 [ 505.660710][ T8670] ? __pfx_kcov_ioctl+0x10/0x10 [ 505.660732][ T8670] do_syscall_64+0x14d/0xf80 [ 505.660756][ T8670] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.660774][ T8670] ? trace_irq_disable+0x37/0x100 [ 505.660791][ T8670] ? clear_bhb_loop+0x40/0x90 [ 505.660813][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.660832][ T8670] RIP: 0033:0x7fb2bc8acece [ 505.660851][ T8670] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 505.660869][ T8670] RSP: 002b:00007fb2bab1cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 505.660889][ T8670] RAX: ffffffffffffffda RBX: 00007fb2bab1d6c0 RCX: 00007fb2bc8acece [ 505.660905][ T8670] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 505.660919][ T8670] RBP: 00007fb2bc982b39 R08: 0000000000000000 R09: 0000000000000000 [ 505.660932][ T8670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 505.660944][ T8670] R13: 00007fb2bcb66128 R14: 00007fb2bcb66090 R15: 00007ffc7f92dd38 [ 505.660966][ T8670] [ 505.660978][ T8670] BUG: Bad page state in process syz.1.702 pfn:6f0a8 [ 505.660992][ T8670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806f0a8280 pfn:0x6f0a8 [ 505.661013][ T8670] flags: 0x80000000000000(node=0|zone=1) [ 505.661038][ T8670] raw: 0080000000000000 dead000000000040 ffff88801a3da000 0000000000000000 [ 505.661055][ T8670] raw: ffff88806f0a8280 0000000000000001 00000000ffffffff 0000000000000000 [ 505.661065][ T8670] page dumped because: page_pool leak [ 505.661075][ T8670] page_owner tracks the page as allocated [ 505.661082][ T8670] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 8670, tgid 8668 (syz.1.702), ts 505557473033, free_ts 505495911617 [ 505.661114][ T8670] post_alloc_hook+0x228/0x280 [ 505.661132][ T8670] get_page_from_freelist+0x28bb/0x2950 [ 505.661153][ T8670] __alloc_frozen_pages_noprof+0x18d/0x380 [ 505.661175][ T8670] alloc_pages_bulk_noprof+0x5f1/0x7d0 [ 505.661195][ T8670] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 505.661215][ T8670] skb_pp_cow_data+0xc21/0x1680 [ 505.661240][ T8670] do_xdp_generic+0x5b5/0xea0 [ 505.661265][ T8670] tun_get_user+0x247d/0x3de0 [ 505.661283][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.661301][ T8670] vfs_write+0x629/0xba0 [ 505.661315][ T8670] ksys_write+0x156/0x270 [ 505.661330][ T8670] do_syscall_64+0x14d/0xf80 [ 505.661352][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.661368][ T8670] page last free pid 20 tgid 20 stack trace: [ 505.661378][ T8670] __free_frozen_pages+0xfd0/0x1160 [ 505.661397][ T8670] tlb_remove_table_rcu+0x85/0x100 [ 505.661418][ T8670] rcu_cpu_kthread+0x99e/0x1470 [ 505.661440][ T8670] smpboot_thread_fn+0x541/0xa50 [ 505.661462][ T8670] kthread+0x388/0x470 [ 505.661484][ T8670] ret_from_fork+0x51e/0xb90 [ 505.661502][ T8670] ret_from_fork_asm+0x1a/0x30 [ 505.661526][ T8670] Modules linked in: [ 505.661542][ T8670] CPU: 0 UID: 0 PID: 8670 Comm: syz.1.702 Tainted: G B syzkaller #0 PREEMPT_{RT,(full)} [ 505.661569][ T8670] Tainted: [B]=BAD_PAGE [ 505.661575][ T8670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 505.661587][ T8670] Call Trace: [ 505.661594][ T8670] [ 505.661600][ T8670] dump_stack_lvl+0xe8/0x150 [ 505.661624][ T8670] bad_page+0x17f/0x1c0 [ 505.661649][ T8670] __free_frozen_pages+0x1119/0x1160 [ 505.661672][ T8670] ? lockdep_unlock+0x5d/0xd0 [ 505.661694][ T8670] ? __pfx___free_frozen_pages+0x10/0x10 [ 505.661718][ T8670] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 505.661744][ T8670] ? do_raw_spin_lock+0x12b/0x2f0 [ 505.661767][ T8670] bpf_xdp_adjust_tail+0x1d6/0x220 [ 505.661794][ T8670] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 505.661810][ T8670] bpf_prog_run_generic_xdp+0x623/0x13f0 [ 505.661842][ T8670] do_xdp_generic+0x862/0xea0 [ 505.661862][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.661889][ T8670] ? __pfx_do_xdp_generic+0x10/0x10 [ 505.661914][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.661936][ T8670] ? rcu_is_watching+0x15/0xb0 [ 505.661960][ T8670] ? __local_bh_disable_ip+0x3c/0x420 [ 505.661984][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.662007][ T8670] tun_get_user+0x247d/0x3de0 [ 505.662028][ T8670] ? __se_sys_ioctl+0x47/0x170 [ 505.662052][ T8670] ? __pfx_tun_get_user+0x10/0x10 [ 505.662072][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.662097][ T8670] ? try_to_take_rt_mutex+0x840/0xb00 [ 505.662119][ T8670] ? ref_tracker_alloc+0x339/0x4b0 [ 505.662141][ T8670] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 505.662163][ T8670] ? tun_get+0x1c/0x2f0 [ 505.662181][ T8670] ? tun_get+0x1c/0x2f0 [ 505.662201][ T8670] ? tun_get+0x1c/0x2f0 [ 505.662220][ T8670] ? tun_get+0x1c/0x2f0 [ 505.662240][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.662290][ T8670] vfs_write+0x629/0xba0 [ 505.662310][ T8670] ? __pfx_vfs_write+0x10/0x10 [ 505.662332][ T8670] ? __fget_files+0x2a/0x420 [ 505.662359][ T8670] ksys_write+0x156/0x270 [ 505.662377][ T8670] ? __pfx_ksys_write+0x10/0x10 [ 505.662394][ T8670] ? __pfx_kcov_ioctl+0x10/0x10 [ 505.662415][ T8670] do_syscall_64+0x14d/0xf80 [ 505.662437][ T8670] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.662455][ T8670] ? trace_irq_disable+0x37/0x100 [ 505.662471][ T8670] ? clear_bhb_loop+0x40/0x90 [ 505.662491][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.662509][ T8670] RIP: 0033:0x7fb2bc8acece [ 505.662521][ T8670] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 505.662535][ T8670] RSP: 002b:00007fb2bab1cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 505.662553][ T8670] RAX: ffffffffffffffda RBX: 00007fb2bab1d6c0 RCX: 00007fb2bc8acece [ 505.662568][ T8670] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 505.662581][ T8670] RBP: 00007fb2bc982b39 R08: 0000000000000000 R09: 0000000000000000 [ 505.662594][ T8670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 505.662607][ T8670] R13: 00007fb2bcb66128 R14: 00007fb2bcb66090 R15: 00007ffc7f92dd38 [ 505.662628][ T8670] [ 505.662637][ T8670] BUG: Bad page state in process syz.1.702 pfn:36ae6 [ 505.662649][ T8670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36ae6 [ 505.662666][ T8670] flags: 0x80000000000000(node=0|zone=1) [ 505.662687][ T8670] raw: 0080000000000000 dead000000000040 ffff88801a3da000 0000000000000000 [ 505.662704][ T8670] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 505.662714][ T8670] page dumped because: page_pool leak [ 505.662723][ T8670] page_owner tracks the page as allocated [ 505.662730][ T8670] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 8670, tgid 8668 (syz.1.702), ts 505557450477, free_ts 505495929226 [ 505.662761][ T8670] post_alloc_hook+0x228/0x280 [ 505.662780][ T8670] get_page_from_freelist+0x28bb/0x2950 [ 505.662800][ T8670] __alloc_frozen_pages_noprof+0x18d/0x380 [ 505.662821][ T8670] alloc_pages_bulk_noprof+0x5f1/0x7d0 [ 505.662840][ T8670] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 505.662860][ T8670] skb_pp_cow_data+0xc21/0x1680 [ 505.662884][ T8670] do_xdp_generic+0x5b5/0xea0 [ 505.662902][ T8670] tun_get_user+0x247d/0x3de0 [ 505.662919][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.662937][ T8670] vfs_write+0x629/0xba0 [ 505.662951][ T8670] ksys_write+0x156/0x270 [ 505.662966][ T8670] do_syscall_64+0x14d/0xf80 [ 505.662987][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.663004][ T8670] page last free pid 20 tgid 20 stack trace: [ 505.663019][ T8670] __free_frozen_pages+0xfd0/0x1160 [ 505.663038][ T8670] tlb_remove_table_rcu+0x85/0x100 [ 505.663059][ T8670] rcu_cpu_kthread+0x99e/0x1470 [ 505.663080][ T8670] smpboot_thread_fn+0x541/0xa50 [ 505.663102][ T8670] kthread+0x388/0x470 [ 505.663123][ T8670] ret_from_fork+0x51e/0xb90 [ 505.663143][ T8670] ret_from_fork_asm+0x1a/0x30 [ 505.663166][ T8670] Modules linked in: [ 505.663182][ T8670] CPU: 0 UID: 0 PID: 8670 Comm: syz.1.702 Tainted: G B syzkaller #0 PREEMPT_{RT,(full)} [ 505.663209][ T8670] Tainted: [B]=BAD_PAGE [ 505.663215][ T8670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 505.663225][ T8670] Call Trace: [ 505.663232][ T8670] [ 505.663239][ T8670] dump_stack_lvl+0xe8/0x150 [ 505.663268][ T8670] bad_page+0x17f/0x1c0 [ 505.663293][ T8670] __free_frozen_pages+0x1119/0x1160 [ 505.663315][ T8670] ? lockdep_unlock+0x5d/0xd0 [ 505.663337][ T8670] ? __pfx___free_frozen_pages+0x10/0x10 [ 505.663361][ T8670] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 505.663386][ T8670] ? do_raw_spin_lock+0x12b/0x2f0 [ 505.663409][ T8670] bpf_xdp_adjust_tail+0x1d6/0x220 [ 505.663436][ T8670] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 505.663453][ T8670] bpf_prog_run_generic_xdp+0x623/0x13f0 [ 505.663484][ T8670] do_xdp_generic+0x862/0xea0 [ 505.663504][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.663531][ T8670] ? __pfx_do_xdp_generic+0x10/0x10 [ 505.663556][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.663578][ T8670] ? rcu_is_watching+0x15/0xb0 [ 505.663602][ T8670] ? __local_bh_disable_ip+0x3c/0x420 [ 505.663626][ T8670] ? tun_get_user+0x2354/0x3de0 [ 505.663646][ T8670] tun_get_user+0x247d/0x3de0 [ 505.663667][ T8670] ? __se_sys_ioctl+0x47/0x170 [ 505.663691][ T8670] ? __pfx_tun_get_user+0x10/0x10 [ 505.663711][ T8670] ? __lock_acquire+0x6b5/0x2cf0 [ 505.663737][ T8670] ? try_to_take_rt_mutex+0x840/0xb00 [ 505.663760][ T8670] ? ref_tracker_alloc+0x339/0x4b0 [ 505.663782][ T8670] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 505.663809][ T8670] ? tun_get+0x1c/0x2f0 [ 505.663828][ T8670] ? tun_get+0x1c/0x2f0 [ 505.663848][ T8670] ? tun_get+0x1c/0x2f0 [ 505.663866][ T8670] ? tun_get+0x1c/0x2f0 [ 505.663886][ T8670] tun_chr_write_iter+0x119/0x200 [ 505.663907][ T8670] vfs_write+0x629/0xba0 [ 505.663927][ T8670] ? __pfx_vfs_write+0x10/0x10 [ 505.663948][ T8670] ? __fget_files+0x2a/0x420 [ 505.663975][ T8670] ksys_write+0x156/0x270 [ 505.663993][ T8670] ? __pfx_ksys_write+0x10/0x10 [ 505.664010][ T8670] ? __pfx_kcov_ioctl+0x10/0x10 [ 505.664030][ T8670] do_syscall_64+0x14d/0xf80 [ 505.664059][ T8670] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.664078][ T8670] ? trace_irq_disable+0x37/0x100 [ 505.664094][ T8670] ? clear_bhb_loop+0x40/0x90 [ 505.664114][ T8670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.664132][ T8670] RIP: 0033:0x7fb2bc8acece [ 505.664147][ T8670] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 505.664165][ T8670] RSP: 002b:00007fb2bab1cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 505.664184][ T8670] RAX: ffffffffffffffda RBX: 00007fb2bab1d6c0 RCX: 00007fb2bc8acece [ 505.664199][ T8670] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 505.664213][ T8670] RBP: 00007fb2bc982b39 R08: 0000000000000000 R09: 0000000000000000 [ 505.664225][ T8670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 505.664237][ T8670] R13: 00007fb2bcb66128 R14: 00007fb2bcb66090 R15: 00007ffc7f92dd38 [ 505.664264][ T8670] [ 505.820100][ T8462] team0: Port device team_slave_1 added [ 506.607629][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.607677][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 509.635331][ T5949] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.276688][ T5949] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.497449][ T5949] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.721814][ T5949] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.204898][ T5949] bridge_slave_1: left allmulticast mode [ 512.204922][ T5949] bridge_slave_1: left promiscuous mode [ 512.205085][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.275204][ T5949] bridge_slave_0: left allmulticast mode [ 512.275224][ T5949] bridge_slave_0: left promiscuous mode [ 512.275346][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.356498][ T5949] bridge_slave_1: left allmulticast mode [ 512.356516][ T5949] bridge_slave_1: left promiscuous mode [ 512.356609][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.416304][ T5949] bridge_slave_0: left allmulticast mode [ 512.416322][ T5949] bridge_slave_0: left promiscuous mode [ 512.416417][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.476460][ T5949] bridge_slave_1: left allmulticast mode [ 512.476478][ T5949] bridge_slave_1: left promiscuous mode [ 512.476570][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.535220][ T5949] bridge_slave_0: left allmulticast mode [ 512.535238][ T5949] bridge_slave_0: left promiscuous mode [ 512.535347][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.895199][ T5949] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 512.975209][ T5949] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 513.055552][ T5949] bond0 (unregistering): Released all slaves [ 513.965605][ T5949] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 514.045706][ T5949] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 514.085682][ T5949] bond0 (unregistering): (slave team0): Releasing backup interface [ 514.126396][ T5949] bond0 (unregistering): Released all slaves [ 514.875202][ T5949] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 514.935211][ T5949] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 514.976233][ T5949] bond0 (unregistering): Released all slaves [ 515.254781][ T5949] tipc: Disabling bearer [ 515.334948][ T5949] tipc: Left network mode