last executing test programs: 1.373180921s ago: executing program 0 (id=53): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) memfd_create(&(0x7f0000000140)='ethtool\x00', 0x3) pipe(&(0x7f00000000c0)) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000006640)={0xffffffffffffffff}) socket$inet_udp(0x2, 0x2, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) io_uring_setup(0x364e, &(0x7f0000006780)={0x0, 0x800b5f, 0x2, 0x1, 0x29d, 0x0, r2}) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1200000001000000000800000200000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) socket$can_j1939(0x1d, 0x2, 0x7) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)) openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x200800, 0x0) syz_init_net_socket$ax25(0x3, 0x2, 0xcb) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x3, 0x5) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff08000900fcfc0000080011000000000008000e00800000000800", @ANYRES64=r5], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000740)=ANY=[@ANYBLOB="10000000", @ANYBLOB="da2a0c8cb669cb41dc4903581ef9d53e3e73e68d10d3ae1a258a320cc912bbf7f98976f8ac73ed522260316086dbfd80d7e004556ef6fa233b9b523934046d3bfb7e90c7dff8eda92fd04f29f83f1f704e5fb9b7d71aa73342f811e75f55f43a93dd9daf7e7dc0665822b2cec8976bc8ae5b79c9379ee0096d9f41dd3fae5e723cd64659ad0d6a6796b1eb82fa73024a0c6fc5b351e9d85a0eebfe0d05290e51b5ddfdd9752c6584c7e25f3c86f2b50ce1d9f4facc0d82c5e9e4b476", @ANYBLOB="010000000000000000000200000008000300", @ANYRESOCT=r1, @ANYBLOB="0c00990000000000000000000800a000ea15000008009f0005000000080026000816"], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) 1.188482942s ago: executing program 0 (id=56): r0 = socket(0x10, 0x803, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000380)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x1081}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000100)=[@enter_looper], 0x0, 0x0, 0x0}) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0) socket$packet(0x11, 0x3, 0x300) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4d, &(0x7f0000000240)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x17, 0x6, 0xff, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"2668a7"}}}}}}}, 0x0) 1.09843185s ago: executing program 0 (id=58): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) userfaultfd(0x80801) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6}]}) socket$nl_netfilter(0x10, 0x3, 0xc) close_range(r0, 0xffffffffffffffff, 0x0) 766.267283ms ago: executing program 1 (id=68): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0) ioctl$IOMMU_VFIO_IOAS$GET(r0, 0x3b88, &(0x7f0000000340)={0xc}) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6(0xa, 0x3, 0x1) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) syz_emit_ethernet(0x4a, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa6586dd60000000000711"], 0x0) 739.666761ms ago: executing program 3 (id=72): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0) preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x5, 0x0, 0x0, 0x1f) (fail_nth: 2) 679.020513ms ago: executing program 1 (id=73): pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) unshare(0x0) io_uring_enter(r1, 0x5807, 0xf44b, 0x50, &(0x7f0000000040)={[0xffffffffffff3a14]}, 0x8) vmsplice(r1, &(0x7f0000000040), 0x0, 0x8) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) splice(r0, 0x0, r2, 0x0, 0x11, 0xd) 646.419944ms ago: executing program 1 (id=74): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x1c, r1, 0xb01, 0x0, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1808"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313f, 0xffffffffffffffff, 0x0, 0x0, &(0x7f00000003c0), 0x10, 0x746, @void, @value}, 0x94) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x3, 0x4, &(0x7f0000001300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fffffff}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0xc}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000840)={0x4000000000000150, &(0x7f0000000500)}) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r5, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r3, 0x4010744d, &(0x7f0000000180)) 476.66285ms ago: executing program 3 (id=75): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = fanotify_init(0x200, 0x0) r2 = dup(r1) r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$SNDCTL_DSP_RESET(r4, 0x5000, 0x0) fanotify_mark(r1, 0x1, 0x8001053, r2, 0x0) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000200)) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000000)={'gretap0\x00', &(0x7f0000000040)=@ethtool_test={0x1a, 0x6, 0xbd}}) mkdir(&(0x7f0000000600)='./file0\x00', 0xe8) socket$inet(0x2, 0x4000000000000001, 0x0) pipe(&(0x7f0000000040)) r6 = syz_io_uring_setup(0x417a, &(0x7f0000000780)={0x0, 0x0, 0x10100, 0x0, 0xffffffff}, &(0x7f0000000540)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4004, @fd_index=0x4, 0x0, &(0x7f0000000400)=[{&(0x7f0000000800)=""/4096, 0x1000}], 0x1}) io_uring_enter(r6, 0x567, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='hpfs\x00', 0x11, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'macvlan1\x00'}) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r10 = socket(0x11, 0xa, 0x0) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7) sendmsg$can_bcm(r10, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000080)={0x0}, 0x8}, 0x2000009c) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000c2280246000000000000000000000000200000000008000a0000000080"], 0x20}, 0x1, 0x0, 0x0, 0x2000008c}, 0x80) 476.287578ms ago: executing program 2 (id=76): r0 = socket(0x10, 0x803, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000380)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x1081}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000100)=[@enter_looper], 0x0, 0x0, 0x0}) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0) socket$packet(0x11, 0x3, 0x300) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4d, &(0x7f0000000240)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x17, 0x6, 0xff, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"2668a7"}}}}}}}, 0x0) 475.969921ms ago: executing program 2 (id=77): sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88bd9edace00000000000000002100000002ff02000000000000000000000000000104004e20004d03"], 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x45}, 0x10123) setsockopt(r0, 0x401, 0xa4ef, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) connect$rds(r1, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10) syz_init_net_socket$llc(0x1a, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6", 0x3) 475.160385ms ago: executing program 3 (id=78): socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$key(0xf, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) socket$inet(0xa, 0x801, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000002c0)={0x0, 0x20000, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r1, @ANYBLOB="01000000000000000000010000000c000500ff000000000000000c0002000000020000000000040007800c000800000000000000000008000a00000000004400078008000100", @ANYRES32, @ANYBLOB="38000100", @ANYRES32=r2, @ANYBLOB="64800400", @ANYRES32, @ANYBLOB="080001"], 0x90}}, 0x0) 418.133355ms ago: executing program 2 (id=79): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x9, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020fe080000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$inet(0x2, 0x2, 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r6, 0x8946, 0x0) unshare(0x10000300) listen(0xffffffffffffffff, 0x3841b273) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x4b, &(0x7f0000000040)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x44}}, 0x8000) 417.658679ms ago: executing program 1 (id=80): pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x100000) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x200002, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000002, 0x20010, r3, 0xf0624000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='ata_bmdma_status\x00', r1, 0x0, 0xfffffffffffff39f}, 0x18) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000140)=0x3) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r5, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x6c, r2, 0x800, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_SEQ={0x12, 0xa, "26a608411a25b3fada64b3d2d480"}, @NL80211_ATTR_KEY_SEQ={0xd, 0xa, "52af366b55dca6fd26"}, @NL80211_ATTR_KEY_SEQ={0x9, 0xa, "a3f9c18561"}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0xc, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x4}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f00000002c0)='wg2\x00') ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000340)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x64, r2, 0x10, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x42}, @val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}, @NL80211_ATTR_IFNAME={0x14}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x64}, 0x1, 0x0, 0x0, 0x4048040}, 0x4000080) ioctl$SNDCTL_DSP_GETOSPACE(r0, 0x8010500c, &(0x7f0000000480)) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000580)={&(0x7f00000004c0), 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x14, 0x0, 0x8, 0x0, 0x0, 0x0, {0x5, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x8) ioctl$PIO_FONTRESET(r1, 0x4b6d, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r3, 0x80585414, &(0x7f00000005c0)) r7 = syz_genetlink_get_family_id$smc(&(0x7f0000000680), r5) sendmsg$SMC_PNETID_ADD(r0, &(0x7f0000000780)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x7c, r7, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'virt_wifi0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'team_slave_0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bridge0\x00'}]}, 0x7c}, 0x1, 0x0, 0x0, 0x2000081c}, 0x4000000) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000800)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r8, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x78, r2, 0x20, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_TX_RATES={0x20, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x1c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x10, 0x1, [0x60, 0x48, 0x4, 0x36, 0xb, 0x24, 0x1b, 0x36, 0x6, 0x60, 0x6c, 0x0]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}]}, @NL80211_ATTR_TX_RATES={0x3c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x38, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x21, 0x1, [0x36, 0x16, 0x48, 0x24, 0x4, 0x6, 0x18, 0xc, 0x3, 0xc, 0x6c, 0x24, 0x5, 0x4, 0x5, 0x1, 0x48, 0xc, 0xb, 0x24, 0x11, 0xb, 0xb, 0x6c, 0x48, 0x2, 0x6, 0x36, 0x20]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) sendmsg$AUDIT_USER(r3, &(0x7f0000000a40)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000a00)={&(0x7f0000000980)={0x4c, 0x3ed, 0x1, 0x70bd25, 0x25dfdbff, "46b15fba8ff6f292375e7c4bed1b24dd6aa7ce7f817fbc116803bef69d16233b3df5975c7792ec2a4a227f72fd8a5f4736b8b7d617fc19fd40b3", ["", "", "", "", "", "", "", "", "", ""]}, 0x4c}, 0x1, 0x0, 0x0, 0x11}, 0x4044824) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000a80)=0x2, 0x4) syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000b00)=[@text16={0x10, &(0x7f0000000ac0)="66b8b0e800000f23d80f21f86635000000500f23f8670f0f178e822b06f7bb0400f2307f080f01c5f20f320f01d60f01cb90", 0x32}], 0x1, 0x44, &(0x7f0000000b40)=[@dstype3={0x7, 0xd}, @dstype3={0x7, 0xd}], 0x2) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r1, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x58, 0x1, 0x8, 0x0, 0x0, 0x0, {0x3, 0x0, 0x7}, [@CTA_TIMEOUT_DATA={0x24, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_TIMEWAIT={0x8, 0x7, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_DCCP_RESPOND={0x8, 0x2, 0x1, 0x0, 0xa}, @CTA_TIMEOUT_DCCP_REQUEST={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x7ff}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) getsockopt$IP_VS_SO_GET_DAEMON(r8, 0x0, 0x487, &(0x7f0000000cc0), &(0x7f0000000d00)=0x30) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000d40)={0x1, 'syzkaller0\x00', {}, 0xce9c}) getdents64(r3, &(0x7f0000000d80)=""/57, 0x39) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000dc0), 0x4a0841, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000ec0)={&(0x7f0000000e00)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000e80)={&(0x7f0000000e40)={0x2c, r2, 0x8, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x2f}, @val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0xc040) 417.49676ms ago: executing program 3 (id=81): socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$key(0xf, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) socket$inet(0xa, 0x801, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r1, @ANYBLOB="01000000000000000000010000000c000500ff000000000000000c0002000000020000000000040007800c000800000000000000000008000a00000000004400078008000100", @ANYRES32, @ANYBLOB="38000100", @ANYRES32=r2, @ANYBLOB="64800400", @ANYRES32, @ANYBLOB="080001"], 0x90}}, 0x0) (fail_nth: 7) 338.582274ms ago: executing program 1 (id=82): r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r2 = socket$kcm(0x2, 0x200000000000001, 0x106) close_range(r2, 0xffffffffffffffff, 0x0) bind$ax25(r0, &(0x7f0000000080)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) close(r0) socket$inet6(0xa, 0x80803, 0x87) r3 = syz_usbip_server_init(0x1) write$usbip_server(r3, &(0x7f0000009980)=ANY=[@ANYBLOB="00000001"], 0x32) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB="0600000004080500000000000000000005000006050003003a0000000600024000f80000"], 0x24}, 0x1, 0x0, 0x0, 0x4004005}, 0x40004) r5 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8003}, &(0x7f0000000240)=0x0, &(0x7f0000000200)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) io_uring_enter(r5, 0x6e2, 0x3900, 0x1, 0x0, 0x0) io_uring_enter(r5, 0x68be, 0x5002, 0x4, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) syz_emit_ethernet(0x5e, &(0x7f0000000040)=ANY=[@ANYRESHEX=r4, @ANYRESOCT], 0x0) 239.012104ms ago: executing program 3 (id=83): socket(0x10, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000280)={'batadv0\x00', 0x0}) socket$nl_audit(0x10, 0x3, 0x9) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xc4}}, 0x20050800) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = socket$inet6(0xa, 0x3, 0x8) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f00000006c0)={0x6, 0x41, '\x00', [@padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @generic={0x3f, 0xf7, "562fd0acd0c414872c95c0a5b5f485e09465e2ae8185c272da94b029343bb9d9230fdcfc8e3c57a3902a7d744f05c5905bfcc22ae49d29a6d4e0994ad9e2a3dc4b2c7032efe99faa9e9bb4ea7ea83fa4200362760cc382a17d29cdeda63ed313ca3e3311a665c1b8133fc1c965da80bc3246c6d6dec91c6d2f280ed7713e9518888dacacf98d7afa25379f96e99b07059c813775331553110788612275a69091820e0291040213332905227406f56775769954743a43ce306af176f35057cadc38e5070e5c5d95b14df5b0f7e4b6a6f124503c6341be41336cb5223a43dda72e8a4b6be51bdac30f88389206f24e66c378a309ca1b2993"}, @pad1, @enc_lim={0x4, 0x1, 0x4}, @generic={0xa1, 0xda, "a18fae327b131f704b83972335f52706d5da62f00910caa33167de2fff858e704131cd0a1768ef12d7d4e02fbad150af6fd9cc22c416bc48d428d948d33d5f7beee757983deb17f0997ab33ec8798d9ff2aa01e501f48cf5fa4830270afa26e3fabaad146822da3a875c0ec317a50fad6949b2c05db09d50c85280202f2406a51a0e93d22957b54d88c6c92a53f639874dbf13d719b58a41d094f6fe05d20a03f8f092d2c6f81970d9edfce2daf721286d67db3a50647268c537683dd1a4f4d671f25d9eb5fd2cbfee12d817205ee55ce8a26eeab53b83839ee8"}, @hao={0xc9, 0x10, @private0}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @ra={0x5, 0x2, 0xef5c}]}, 0x218) r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f1"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000680)={'ip6_vti0\x00', &(0x7f0000000580)={'syztnl1\x00', 0x0, 0x4, 0x2, 0x4, 0xcc, 0x6, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7848, 0x700, 0x10, 0x2}}) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r5, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x700, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x1000}, 0x0) 238.71267ms ago: executing program 0 (id=84): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) sendmsg$rds(r0, &(0x7f0000001300)={&(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000600)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0, 0xc}}], 0x30}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000000300)={0xd741, 0xfa61, 0x3, 0x5, 0x258, 0x81}) r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0xc8902, 0x0) write$binfmt_misc(r1, 0x0, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x4000) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000040), 0x4, r5}) ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000380)={0x201, 0x1, &(0x7f0000000440)=[r5], &(0x7f0000000400)=[0x9], &(0x7f00000000c0)=[r6], &(0x7f0000000340)}) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r7, @ANYBLOB="01000000000000000000010000000c000500ff000000000000000c0002000000020000000000040007"], 0x90}}, 0x0) 158.689271ms ago: executing program 2 (id=85): ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7ff, 0x3}}, './file0\x00'}) setsockopt$X25_QBITINCL(r0, 0x106, 0x1, &(0x7f0000000040), 0x4) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'erspan0\x00'}) (async) sendto$inet6(r0, &(0x7f00000000c0)="e6170cf315c7c18e1d0902904e82ae2e5b7e0150dac2c705a71a4a79a89a00e92b3372d19be32b94fdd184e4274dc699660db9425bceb6d2641007fe3b12e96d5fd9c4732c0626e4ba3b553228c972b136559833f1b7f65c7c11d4b2967b8650433ddd519825ec9791179467da08a25ab161c14d9c13a7143803b7d7a524ffdd1ebd44c3001beb782ea854f3763389eaf6df4cdf6e584ca3cf2f040e367cb05f2a857d665e6de2678c5c45914dfc0beb11c1baa014ebefc7d29def1f3bd1ea43", 0xc0, 0x10, &(0x7f0000000180)={0xa, 0x4e22, 0x7, @local, 0xb5b}, 0x1c) (async) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000002c0)={r0, &(0x7f00000001c0)="c05c9e8fd9712680ff20b5ec52eaad6959dab90678b7df78a985bfcff1753d0f1eedb1be22ca32d0e45527db68ac3cbd80847e5b13786be63eb54d0123cabaffa94948cc7f4f4ca86b496eb2a15f77764da438a9f915425864e7a8613404b4ef0eb33cb944cf613f5367c53a7650ac6167cef411f6d656fce70b55c5f4a7e24e77e0b426db385c29fcdc4b48264378d16bffd7670e316d81cfd53d8da0c4d15ac8f90e4bb41bc208427ecfb53207c9", &(0x7f0000000280)=""/40, 0x4}, 0x20) (async) r1 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000300)={0x0, 0x5}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000380)={r2, 0x5}, &(0x7f00000003c0)=0x8) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000400)={r3, 0x40, 0x9}, 0x8) (async) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000440)=0xf, 0x4) (async) ioctl$SNDCTL_DSP_SETDUPLEX(0xffffffffffffffff, 0x5016, 0x0) (async) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000480)='bcache_alloc\x00', r0, 0x0, 0x80}, 0x18) (async) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000500)={r3, 0x4}, &(0x7f0000000540)=0x8) (async) ioctl$sock_SIOCGSKNS(r0, 0x894c, &(0x7f0000000580)=0x1) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000005c0)=0x101, 0x4) (async) r6 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000600), 0x1, 0x0) fsetxattr$security_evm(r6, &(0x7f0000000640), &(0x7f0000000680)=@sha1={0x1, "0e43b869337400777926d766e27467b997f56925"}, 0x15, 0x3) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000006c0)=[@in={0x2, 0x4e22, @local}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x22}}, @in={0x2, 0x4e20, @private=0xa010102}, @in6={0xa, 0x4e23, 0xffffff56, @local, 0x1ff}, @in6={0xa, 0x4e23, 0xffff0001, @local, 0x6}, @in={0x2, 0x4e24, @broadcast}, @in6={0xa, 0x4e23, 0x7, @loopback, 0x2}, @in={0x2, 0x4e20, @empty}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1c}}], 0xb4) (async) r7 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000780)=[@in6={0xa, 0x4e20, 0x2, @mcast2, 0x7}], 0x1c) (async) setsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f00000007c0)=@int=0x9, 0x4) newfstatat(0xffffffffffffff9c, &(0x7f0000000880)='./file0\x00', &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x4000) mount$9p_fd(0x0, &(0x7f0000000800)='./file0\x00', &(0x7f0000000840), 0x100008, &(0x7f0000000940)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_mmap}, {@noxattr}, {@dfltuid={'dfltuid', 0x3d, r8}}, {@uname={'uname', 0x3d, 'erspan0\x00'}}], [{@fowner_lt={'fowner<', 0xee01}}, {@fscontext={'fscontext', 0x3d, 'user_u'}}, {@smackfsdef={'smackfsdef', 0x3d, '\'['}}, {@appraise}, {@flag='posixacl'}]}}) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000a40)={r3, 0xc651, 0x7fffffff, 0x8, 0xffff, 0x4, 0x0, 0x2, {r5, @in6={{0xa, 0x4e22, 0x5, @empty, 0x6}}, 0x7, 0x8, 0x9, 0x8, 0x1}}, &(0x7f0000000b00)=0xb0) ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f0000000b40)=0x40000) (async) ioctl$SIOCX25SCAUSEDIAG(r0, 0x89ec, &(0x7f0000000b80)={0x1, 0x6}) (async) sendto$inet6(r1, &(0x7f0000000bc0)="026d06e7ac95c4efcb6dd3ce880ca435959ab06a5589719607d89e128343e8ec8cf9415046740f814080575f0c2416c7b9a5c5538bee289f15da2f8a1ac297093399b3323da9f1bcb12993bed65cc2c56b506dd05d931405c47fad68c7690e89368e3260969c15ff401e856aa5f55ab495f73fa93fd1a7f82c943ae87924394955da77b2f92cfec4dc7da60fab15801fec27943edd22efd11f6d8f05a078af93c08e0d862406de7e2b8801d39ecad53b7671b05c1a93457d04e3ac8ba76887c78b176e44dd1468587afb54bbf4", 0xcd, 0x4044000, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000cc0)={0x3, 'veth1_to_batadv\x00', {0x3ac}, 0x4}) r9 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000d00), 0x608c01, 0x0) ioctl$PTP_CLOCK_GETCAPS(r9, 0x80503d01, &(0x7f0000000d40)) 158.512944ms ago: executing program 0 (id=86): r0 = socket(0x10, 0x803, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000380)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x1081}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000100)=[@enter_looper], 0x0, 0x0, 0x0}) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0) socket$packet(0x11, 0x3, 0x300) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4d, &(0x7f0000000240)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x17, 0x6, 0xff, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"2668a7"}}}}}}}, 0x0) 158.391358ms ago: executing program 1 (id=87): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000014f000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0x14, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)={{0x0, 0x0, 0x80}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e27c3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d749cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55bdd46e5bcb3330c7edefd31c33f61275e516"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 108.981965ms ago: executing program 2 (id=88): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) recvmsg$can_raw(r3, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r4, 0x0, {0x0, 0x0, 0x4}, 0xfd}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) connect$can_j1939(r1, &(0x7f0000000180)={0x1d, r4, 0x0, {0x1, 0xff}, 0xff}, 0x18) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x9) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r6, 0x29, 0x10, &(0x7f0000000080)=0x5, 0x4) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) close(r5) 108.741508ms ago: executing program 0 (id=89): socket$packet(0x11, 0xa, 0x300) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="883e86dd000411000400000000006eec00be00442f0100000000000000000000ffff7f000001ff020000000000000000000000000001"], 0x7a) 108.489333ms ago: executing program 2 (id=90): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, 0x0, 0x80) r1 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f00000000c0)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00'], 0x8) r2 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) syz_emit_ethernet(0x83, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88bd9edace00000000000000002100000002ff02000000000000000000000000000104004e20004d03"], 0x0) recvmsg(r2, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x10123) setsockopt(r2, 0x401, 0xa4ef, 0x0, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) openat$cdrom(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) mount$overlay(0x0, 0x0, 0x0, 0x80000, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_int(r5, &(0x7f0000000540)=0x3, 0xffffffffffffffc9) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f000000c300)=ANY=[@ANYBLOB="140000001000050000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a300000000008000440000000000900010073797a30000000000800034000000004"], 0x64}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newtaction={0x64, 0x30, 0x1, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ZONE={0x6, 0x4, 0x2e4}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xfffffffffffffd73}}, 0x0) connect$rds(r3, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10) syz_init_net_socket$llc(0x1a, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r7, 0x40045010, &(0x7f0000000000)) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 0s ago: executing program 3 (id=91): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xe, 0x0, &(0x7f0000000080)="25f61913bee5cb1ee21b59056fc5", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) mmap$xdp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) r4 = userfaultfd(0x80801) ioctl$UFFDIO_API(r4, 0xc018aa3f, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r6, r7, 0x25, 0x2, @val=@perf_event={0xff}}, 0x18) syz_emit_ethernet(0x11dc0, &(0x7f0000000440)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x2a, 0x28, 0x66, 0x0, 0x8, 0x6, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0x36}}, {{0x4e23, 0x4e21, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x20, 0x1, 0x0, 0x4d}}}}}}, 0x0) kernel console output (not intermixed with test programs): [ 38.132339][ T39] audit: type=1400 audit(1740589333.999:81): avc: denied { rlimitinh } for pid=5915 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 38.137907][ T39] audit: type=1400 audit(1740589333.999:82): avc: denied { siginh } for pid=5915 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 39.642363][ T39] audit: type=1400 audit(1740589335.529:83): avc: denied { read } for pid=5337 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 39.650048][ T39] audit: type=1400 audit(1740589335.529:84): avc: denied { append } for pid=5337 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 39.656372][ T39] audit: type=1400 audit(1740589335.529:85): avc: denied { open } for pid=5337 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 39.663725][ T39] audit: type=1400 audit(1740589335.529:86): avc: denied { getattr } for pid=5337 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Warning: Permanently added '[localhost]:34708' (ED25519) to the list of known hosts. [ 39.945993][ T39] audit: type=1400 audit(1740589335.829:87): avc: denied { name_bind } for pid=5923 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 41.809286][ T5926] cgroup: Unknown subsys name 'net' [ 41.954666][ T5926] cgroup: Unknown subsys name 'cpuset' [ 41.959341][ T5926] cgroup: Unknown subsys name 'rlimit' [ 42.119481][ T5932] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 42.765213][ T5926] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.135715][ T39] kauditd_printk_skb: 17 callbacks suppressed [ 45.135729][ T39] audit: type=1400 audit(1740589341.019:105): avc: denied { execmem } for pid=5934 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 45.306735][ T39] audit: type=1400 audit(1740589341.189:106): avc: denied { create } for pid=5938 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.312534][ T39] audit: type=1400 audit(1740589341.189:107): avc: denied { read write } for pid=5938 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.319194][ T39] audit: type=1400 audit(1740589341.189:108): avc: denied { open } for pid=5938 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.326023][ T39] audit: type=1400 audit(1740589341.189:109): avc: denied { open } for pid=5939 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.332825][ T39] audit: type=1400 audit(1740589341.199:110): avc: denied { ioctl } for pid=5938 comm="syz-executor" path="socket:[2694]" dev="sockfs" ino=2694 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.361422][ T5945] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.365100][ T5945] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.368594][ T5945] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.371500][ T5945] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.381561][ T5945] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.383894][ T5945] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 45.385237][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.386755][ T5945] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.389843][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.390801][ T5952] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.393719][ T5945] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.393939][ T5954] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.395551][ T5954] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.397888][ T5953] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.400108][ T5945] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.401511][ T39] audit: type=1400 audit(1740589341.279:111): avc: denied { read } for pid=5938 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.401542][ T39] audit: type=1400 audit(1740589341.279:112): avc: denied { open } for pid=5938 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.401568][ T39] audit: type=1400 audit(1740589341.279:113): avc: denied { mounton } for pid=5938 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 45.403654][ T5294] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.406324][ T5945] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.408234][ T5953] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.409164][ T5294] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 45.409544][ T5945] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 45.409653][ T5945] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.418000][ T5953] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 45.425545][ T5941] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.433055][ T5953] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.535036][ T39] audit: type=1400 audit(1740589341.419:114): avc: denied { module_request } for pid=5938 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 45.594305][ T5938] chnl_net:caif_netlink_parms(): no params data found [ 45.657937][ T5939] chnl_net:caif_netlink_parms(): no params data found [ 45.663400][ T5946] chnl_net:caif_netlink_parms(): no params data found [ 45.692299][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.694829][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.696946][ T5938] bridge_slave_0: entered allmulticast mode [ 45.699039][ T5938] bridge_slave_0: entered promiscuous mode [ 45.704810][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.706861][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.708928][ T5938] bridge_slave_1: entered allmulticast mode [ 45.711156][ T5938] bridge_slave_1: entered promiscuous mode [ 45.800366][ T5938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.808492][ T5938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.863656][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.865839][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.868119][ T5939] bridge_slave_0: entered allmulticast mode [ 45.870680][ T5939] bridge_slave_0: entered promiscuous mode [ 45.888097][ T5946] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.893103][ T5946] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.895892][ T5946] bridge_slave_0: entered allmulticast mode [ 45.898879][ T5946] bridge_slave_0: entered promiscuous mode [ 45.904848][ T5938] team0: Port device team_slave_0 added [ 45.907267][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.909359][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.911562][ T5939] bridge_slave_1: entered allmulticast mode [ 45.913729][ T5939] bridge_slave_1: entered promiscuous mode [ 45.915762][ T5947] chnl_net:caif_netlink_parms(): no params data found [ 45.926852][ T5946] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.929516][ T5946] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.932286][ T5946] bridge_slave_1: entered allmulticast mode [ 45.935260][ T5946] bridge_slave_1: entered promiscuous mode [ 45.939627][ T5938] team0: Port device team_slave_1 added [ 45.963313][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.991001][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.993057][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.000381][ T5938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.015138][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.019590][ T5946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.024729][ T5946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.027663][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.030349][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.039851][ T5938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.105984][ T5939] team0: Port device team_slave_0 added [ 46.127777][ T5946] team0: Port device team_slave_0 added [ 46.131815][ T5946] team0: Port device team_slave_1 added [ 46.135232][ T5939] team0: Port device team_slave_1 added [ 46.151184][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.153933][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.156725][ T5947] bridge_slave_0: entered allmulticast mode [ 46.159730][ T5947] bridge_slave_0: entered promiscuous mode [ 46.207674][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.209692][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.211808][ T5947] bridge_slave_1: entered allmulticast mode [ 46.213996][ T5947] bridge_slave_1: entered promiscuous mode [ 46.233719][ T5938] hsr_slave_0: entered promiscuous mode [ 46.235772][ T5938] hsr_slave_1: entered promiscuous mode [ 46.238089][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.240122][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.248188][ T5946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.253525][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.256172][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.265855][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.280307][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.284253][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.287107][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.289102][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.296565][ T5946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.300241][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.302241][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.309453][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.381837][ T5939] hsr_slave_0: entered promiscuous mode [ 46.384621][ T5939] hsr_slave_1: entered promiscuous mode [ 46.387159][ T5939] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.390748][ T5939] Cannot create hsr debugfs directory [ 46.395067][ T5947] team0: Port device team_slave_0 added [ 46.419677][ T5947] team0: Port device team_slave_1 added [ 46.447023][ T5946] hsr_slave_0: entered promiscuous mode [ 46.448979][ T5946] hsr_slave_1: entered promiscuous mode [ 46.451009][ T5946] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.453286][ T5946] Cannot create hsr debugfs directory [ 46.463727][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.465778][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.473389][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.479909][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.482657][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.492269][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.640316][ T5947] hsr_slave_0: entered promiscuous mode [ 46.642681][ T5947] hsr_slave_1: entered promiscuous mode [ 46.644629][ T5947] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.646826][ T5947] Cannot create hsr debugfs directory [ 46.763310][ T5938] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 46.768751][ T5938] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 46.773504][ T5938] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 46.778243][ T5938] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 46.814562][ T5939] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.818150][ T5939] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.821997][ T5939] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.826058][ T5939] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.846754][ T5946] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 46.849942][ T5946] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 46.854475][ T5946] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 46.857784][ T5946] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 46.895925][ T5947] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 46.904971][ T5947] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 46.914594][ T5947] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 46.920039][ T5947] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 46.946410][ T5938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.954563][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.968675][ T5938] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.979704][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.984587][ T1240] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.986738][ T1240] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.991944][ T1240] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.994008][ T1240] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.002987][ T1240] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.005127][ T1240] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.009824][ T5946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.019744][ T5946] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.025268][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.027455][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.039219][ T82] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.041320][ T82] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.052923][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.055017][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.088642][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.098554][ T5947] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.102271][ T5946] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.108939][ T101] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.111678][ T101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.123570][ T1177] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.126339][ T1177] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.161599][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.169576][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.201880][ T5939] veth0_vlan: entered promiscuous mode [ 47.204948][ T5938] veth0_vlan: entered promiscuous mode [ 47.208487][ T5946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.215654][ T5938] veth1_vlan: entered promiscuous mode [ 47.218838][ T5939] veth1_vlan: entered promiscuous mode [ 47.246787][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.255936][ T5946] veth0_vlan: entered promiscuous mode [ 47.262223][ T5938] veth0_macvtap: entered promiscuous mode [ 47.265172][ T5939] veth0_macvtap: entered promiscuous mode [ 47.270422][ T5938] veth1_macvtap: entered promiscuous mode [ 47.275226][ T5939] veth1_macvtap: entered promiscuous mode [ 47.282033][ T5946] veth1_vlan: entered promiscuous mode [ 47.290840][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.296724][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.300007][ T5939] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.303762][ T5939] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.306443][ T5939] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.308955][ T5939] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.332019][ T5938] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.335135][ T5938] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.338449][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.341673][ T5947] veth0_vlan: entered promiscuous mode [ 47.353612][ T5938] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.358460][ T5938] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.364211][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.369384][ T5938] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.373428][ T5938] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.376800][ T5938] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.380100][ T5938] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.390503][ T5947] veth1_vlan: entered promiscuous mode [ 47.423786][ T5946] veth0_macvtap: entered promiscuous mode [ 47.427813][ T101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.431795][ T101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.440835][ T5946] veth1_macvtap: entered promiscuous mode [ 47.452570][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.455453][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.472965][ T5953] Bluetooth: hci1: command tx timeout [ 47.473774][ T5951] Bluetooth: hci2: command tx timeout [ 47.479283][ T5947] veth0_macvtap: entered promiscuous mode [ 47.480475][ T5951] Bluetooth: hci0: command tx timeout [ 47.481531][ T5953] Bluetooth: hci3: command tx timeout [ 47.485969][ T5946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.489594][ T5946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.492720][ T5946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.495636][ T5946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.498897][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.501926][ T1177] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.504916][ T1177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.505698][ T101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.511037][ T101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.511820][ T5947] veth1_macvtap: entered promiscuous mode [ 47.521931][ T5946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.525915][ T5946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.529613][ T5946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.533666][ T5946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.538029][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.542923][ T5946] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.546433][ T5946] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.549614][ T5946] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.553568][ T5946] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.567706][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.570964][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.573806][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.576833][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.579635][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.583000][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.587191][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.595536][ T5938] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 47.597480][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.603243][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.606060][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.609073][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.612073][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.615113][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.618995][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.636817][ T5947] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.641336][ T5947] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.645767][ T5947] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.648517][ T5947] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.673155][ T6007] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1'. [ 47.679513][ T6007] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 47.684596][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.686992][ T6005] netlink: 'syz.1.2': attribute type 10 has an invalid length. [ 47.687570][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.693005][ T6005] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.696527][ T6005] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 47.706722][ T6005] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2'. [ 47.727577][ T6005] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 47.728529][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.730596][ T6005] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 47.733380][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.738456][ T6005] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 47.740785][ T6005] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 47.752421][ T6005] bond0: (slave batadv0): Releasing backup interface [ 47.773000][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.773123][ T6011] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 47.776053][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.779476][ T6011] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 47.797525][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.800054][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.882374][ T6024] bridge_slave_0: left allmulticast mode [ 47.884113][ T6024] bridge_slave_0: left promiscuous mode [ 47.886563][ T6024] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.893752][ T6024] bridge_slave_1: left allmulticast mode [ 47.896041][ T6024] bridge_slave_1: left promiscuous mode [ 47.897337][ T5953] Bluetooth: hci0: Malformed Event: 0x02 [ 47.898333][ T6024] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.910081][ T6024] bond0: (slave bond_slave_0): Releasing backup interface [ 47.917524][ T6024] bond0: (slave bond_slave_1): Releasing backup interface [ 47.941189][ T6024] team0: Port device team_slave_0 removed [ 47.945892][ T6024] team0: Port device team_slave_1 removed [ 47.946097][ T6029] FAULT_INJECTION: forcing a failure. [ 47.946097][ T6029] name failslab, interval 1, probability 0, space 0, times 1 [ 47.947901][ T6024] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 47.953021][ T6029] CPU: 2 UID: 0 PID: 6029 Comm: syz.0.9 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 47.953044][ T6029] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 47.953054][ T6029] Call Trace: [ 47.953059][ T6029] [ 47.953066][ T6029] dump_stack_lvl+0x16c/0x1f0 [ 47.953092][ T6029] should_fail_ex+0x50a/0x650 [ 47.953117][ T6029] ? fs_reclaim_acquire+0xae/0x150 [ 47.953145][ T6029] should_failslab+0xc2/0x120 [ 47.953164][ T6029] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 47.953183][ T6029] ? skb_clone+0x190/0x3f0 [ 47.953207][ T6029] skb_clone+0x190/0x3f0 [ 47.953229][ T6029] netlink_broadcast_filtered+0xb11/0xef0 [ 47.953286][ T6029] ? sprintf+0xcd/0x110 [ 47.953304][ T6029] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 47.953337][ T6029] netlink_broadcast+0x39/0x50 [ 47.953360][ T6029] kobject_uevent_env+0xc69/0x1870 [ 47.953390][ T6029] ? bus_to_subsys+0x12d/0x160 [ 47.953418][ T6029] device_del+0x623/0x9f0 [ 47.953438][ T6029] ? __pfx_device_del+0x10/0x10 [ 47.953464][ T6029] device_unregister+0x1d/0xc0 [ 47.953482][ T6029] device_destroy+0x9a/0xe0 [ 47.953499][ T6029] ? __pfx_device_destroy+0x10/0x10 [ 47.953518][ T6029] ? kfree+0x2c4/0x4d0 [ 47.953544][ T6029] tty_unregister_device+0x82/0x1c0 [ 47.953564][ T6029] rfcomm_dev_destruct+0x15f/0x390 [ 47.953581][ T6029] ? __pfx_rfcomm_dev_destruct+0x10/0x10 [ 47.953599][ T6029] tty_port_put+0x159/0x1b0 [ 47.953620][ T6029] rfcomm_dev_ioctl+0x295/0x1ca0 [ 47.953642][ T6029] ? __pfx_rfcomm_dev_ioctl+0x10/0x10 [ 47.953664][ T6029] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 47.953695][ T6029] rfcomm_sock_ioctl+0xaa/0xd0 [ 47.953719][ T6029] sock_do_ioctl+0x116/0x280 [ 47.953737][ T6029] ? __pfx_sock_do_ioctl+0x10/0x10 [ 47.953758][ T6029] ? ioctl_has_perm.constprop.0.isra.0+0x2f2/0x450 [ 47.953786][ T6029] ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450 [ 47.953814][ T6029] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 47.953845][ T6029] sock_ioctl+0x228/0x6c0 [ 47.953863][ T6029] ? __pfx_sock_ioctl+0x10/0x10 [ 47.953888][ T6029] ? selinux_file_ioctl+0x180/0x270 [ 47.953913][ T6029] ? selinux_file_ioctl+0xb4/0x270 [ 47.953939][ T6029] ? __pfx_sock_ioctl+0x10/0x10 [ 47.953958][ T6029] __x64_sys_ioctl+0x190/0x200 [ 47.953984][ T6029] do_syscall_64+0xcd/0x250 [ 47.954007][ T6029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.954030][ T6029] RIP: 0033:0x7f94d898d169 [ 47.954044][ T6029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 47.954060][ T6029] RSP: 002b:00007f94d97e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 47.954076][ T6029] RAX: ffffffffffffffda RBX: 00007f94d8ba5fa0 RCX: 00007f94d898d169 [ 47.954087][ T6029] RDX: 0000400000000100 RSI: 00000000400452c9 RDI: 0000000000000004 [ 47.954097][ T6029] RBP: 00007f94d97e3090 R08: 0000000000000000 R09: 0000000000000000 [ 47.954107][ T6029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 47.954117][ T6029] R13: 0000000000000000 R14: 00007f94d8ba5fa0 R15: 00007ffeedc40cb8 [ 47.954140][ T6029] [ 48.046282][ T6024] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 48.049976][ T6024] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 48.052388][ T6024] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 48.065753][ T6032] vlan0: entered promiscuous mode [ 48.073444][ T6032] team0: Port device vlan0 added [ 48.075300][ T6033] tipc: Started in network mode [ 48.077382][ T6033] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 48.087374][ T6033] tipc: Enabled bearer , priority 0 [ 48.144718][ T6036] netlink: 32 bytes leftover after parsing attributes in process `syz.3.11'. [ 48.152309][ T6036] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11'. [ 48.193183][ T6038] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 48.246756][ T6040] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 48.287529][ T6044] syz.2.15 uses obsolete (PF_INET,SOCK_PACKET) [ 48.378613][ T5953] Bluetooth: hci3: Malformed Event: 0x02 [ 48.398761][ T6054] netlink: 12 bytes leftover after parsing attributes in process `syz.2.18'. [ 48.403826][ T6054] netlink: 12 bytes leftover after parsing attributes in process `syz.2.18'. [ 48.407596][ T6054] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6054 comm=syz.2.18 [ 48.496826][ T6058] bridge_slave_0: left allmulticast mode [ 48.498538][ T6058] bridge_slave_0: left promiscuous mode [ 48.500555][ T6058] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.504948][ T6058] bridge_slave_1: left allmulticast mode [ 48.507383][ T6058] bridge_slave_1: left promiscuous mode [ 48.509830][ T6058] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.518301][ T6058] bond0: (slave bond_slave_0): Releasing backup interface [ 48.525923][ T6058] bond0: (slave bond_slave_1): Releasing backup interface [ 48.537617][ T6058] team0: Port device team_slave_0 removed [ 48.544228][ T6058] team0: Port device team_slave_1 removed [ 48.547066][ T6058] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 48.550103][ T6058] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 48.555354][ T6058] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 48.558369][ T6058] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 48.582996][ T6061] vlan0: entered promiscuous mode [ 48.589958][ T6061] team0: Port device vlan0 added [ 48.623677][ T6058] tipc: Started in network mode [ 48.625520][ T6058] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 48.627861][ T6058] tipc: Enabled bearer , priority 0 [ 48.696019][ T6065] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 48.767987][ T6073] netlink: 'syz.2.25': attribute type 1 has an invalid length. [ 49.086446][ T6085] netlink: 8 bytes leftover after parsing attributes in process `syz.2.28'. [ 49.088956][ T5953] Bluetooth: hci0: Malformed Event: 0x02 [ 49.101224][ T30] tipc: Node number set to 11578026 [ 49.149993][ T6087] netlink: 57 bytes leftover after parsing attributes in process `syz.0.29'. [ 49.437663][ T6092] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.550625][ T5953] Bluetooth: hci0: command tx timeout [ 49.551472][ T5951] Bluetooth: hci2: command tx timeout [ 49.560253][ T5951] Bluetooth: hci3: command tx timeout [ 49.560344][ T5953] Bluetooth: hci1: command tx timeout [ 49.647877][ T30] tipc: Node number set to 11578026 [ 49.723420][ T6099] xt_hashlimit: size too large, truncated to 1048576 [ 50.020264][ T6112] netlink: 'syz.0.37': attribute type 1 has an invalid length. [ 50.107712][ T5953] Bluetooth: hci1: Malformed Event: 0x02 [ 50.108686][ T6122] netlink: 'syz.2.39': attribute type 10 has an invalid length. [ 50.119391][ T6122] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.125322][ T6122] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 50.144493][ T6122] netlink: 4 bytes leftover after parsing attributes in process `syz.2.39'. [ 50.146409][ T39] kauditd_printk_skb: 77 callbacks suppressed [ 50.146417][ T39] audit: type=1400 audit(1740589346.029:192): avc: denied { bind } for pid=6123 comm="syz.1.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 50.162735][ T6122] bond0: (slave batadv0): Releasing backup interface [ 50.196442][ T39] audit: type=1400 audit(1740589346.079:193): avc: denied { setopt } for pid=6123 comm="syz.1.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 50.205154][ T39] audit: type=1400 audit(1740589346.079:194): avc: denied { accept } for pid=6123 comm="syz.1.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 50.212595][ T39] audit: type=1400 audit(1740589346.079:195): avc: denied { read } for pid=6123 comm="syz.1.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 50.252798][ T39] audit: type=1400 audit(1740589346.139:196): avc: denied { write } for pid=6123 comm="syz.1.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 50.262982][ T39] audit: type=1400 audit(1740589346.149:197): avc: denied { create } for pid=6130 comm="syz.0.42" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 50.274824][ T39] audit: type=1400 audit(1740589346.159:198): avc: denied { create } for pid=6130 comm="syz.0.42" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 50.282658][ T39] audit: type=1400 audit(1740589346.169:199): avc: denied { ioctl } for pid=6130 comm="syz.0.42" path="socket:[8894]" dev="sockfs" ino=8894 ioctlcmd=0x3ba0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 50.312386][ T6137] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 50.316312][ T6137] x_tables: duplicate underflow at hook 3 [ 50.362679][ T39] audit: type=1400 audit(1740589346.239:200): avc: denied { create } for pid=6139 comm="syz.1.45" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 50.381077][ T6140] Zero length message leads to an empty skb [ 50.413159][ T6142] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 50.417156][ T39] audit: type=1400 audit(1740589346.299:201): avc: denied { ioctl } for pid=6141 comm="syz.1.46" path="/dev/iommu" dev="devtmpfs" ino=632 ioctlcmd=0x3b88 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 50.763942][ T6148] netlink: 'syz.0.49': attribute type 1 has an invalid length. [ 51.640322][ T5953] Bluetooth: hci3: command tx timeout [ 51.642576][ T5951] Bluetooth: hci2: command tx timeout [ 51.642605][ T5953] Bluetooth: hci1: command tx timeout [ 51.642621][ T65] Bluetooth: hci0: command tx timeout [ 51.671959][ T6173] ip6gretap1: entered allmulticast mode [ 51.755836][ T6184] bridge_slave_0: default FDB implementation only supports local addresses [ 51.860236][ T5953] Bluetooth: hci2: Malformed Event: 0x02 [ 51.881423][ T6201] netlink: 'syz.3.64': attribute type 1 has an invalid length. [ 52.006832][ T6208] vim2m vim2m.0: Fourcc format (0x31384142) invalid. [ 52.011972][ T6208] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x2 [ 52.041032][ T6210] xt_hashlimit: size too large, truncated to 1048576 [ 52.103037][ T6218] FAULT_INJECTION: forcing a failure. [ 52.103037][ T6218] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 52.108027][ T6218] CPU: 2 UID: 0 PID: 6218 Comm: syz.3.72 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 52.108040][ T6218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.108046][ T6218] Call Trace: [ 52.108050][ T6218] [ 52.108054][ T6218] dump_stack_lvl+0x16c/0x1f0 [ 52.108071][ T6218] should_fail_ex+0x50a/0x650 [ 52.108087][ T6218] ? __pfx___might_resched+0x10/0x10 [ 52.108105][ T6218] should_fail_alloc_page+0xe7/0x130 [ 52.108118][ T6218] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 52.108137][ T6218] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 52.108149][ T6218] ? hlock_class+0x4e/0x130 [ 52.108160][ T6218] ? mark_lock+0xb5/0xc60 [ 52.108179][ T6218] ? __pfx_mark_lock+0x10/0x10 [ 52.108194][ T6218] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 52.108207][ T6218] ? mark_lock+0xb5/0xc60 [ 52.108220][ T6218] ? hlock_class+0x4e/0x130 [ 52.108234][ T6218] ? hlock_class+0x4e/0x130 [ 52.108244][ T6218] ? __lock_acquire+0xcc5/0x3c40 [ 52.108258][ T6218] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 52.108275][ T6218] ? policy_nodemask+0xea/0x4e0 [ 52.108288][ T6218] alloc_pages_mpol+0x1fc/0x540 [ 52.108300][ T6218] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 52.108312][ T6218] ? __lock_acquire+0x15a9/0x3c40 [ 52.108328][ T6218] folio_alloc_mpol_noprof+0x36/0x2f0 [ 52.108343][ T6218] vma_alloc_folio_noprof+0xee/0x1b0 [ 52.108356][ T6218] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 52.108370][ T6218] ? find_held_lock+0x2d/0x110 [ 52.108383][ T6218] do_pte_missing+0x202f/0x3e10 [ 52.108398][ T6218] __handle_mm_fault+0x1166/0x2c60 [ 52.108411][ T6218] ? __pfx___handle_mm_fault+0x10/0x10 [ 52.108421][ T6218] ? follow_page_pte+0x3ac/0x1490 [ 52.108437][ T6218] ? __pfx_lock_release+0x10/0x10 [ 52.108461][ T6218] handle_mm_fault+0x3fa/0xaa0 [ 52.108473][ T6218] __get_user_pages+0x773/0x36f0 [ 52.108487][ T6218] ? __pfx___get_user_pages+0x10/0x10 [ 52.108496][ T6218] ? down_read_killable+0xcc/0x380 [ 52.108510][ T6218] ? __pfx_down_read_killable+0x10/0x10 [ 52.108525][ T6218] ? __pfx___lock_acquire+0x10/0x10 [ 52.108541][ T6218] __gup_longterm_locked+0x212/0x1870 [ 52.108555][ T6218] ? __pfx___gup_longterm_locked+0x10/0x10 [ 52.108564][ T6218] ? gup_fast_fallback+0x84c/0x2690 [ 52.108574][ T6218] ? __pfx_lock_release+0x10/0x10 [ 52.108588][ T6218] ? lock_acquire+0x2f/0xb0 [ 52.108601][ T6218] ? ___pte_offset_map+0x42/0x540 [ 52.108615][ T6218] ? sanity_check_pinned_pages+0x23/0x11e0 [ 52.108634][ T6218] gup_fast_fallback+0x1802/0x2690 [ 52.108651][ T6218] ? __pfx_gup_fast_fallback+0x10/0x10 [ 52.108661][ T6218] ? is_bpf_text_address+0x94/0x1a0 [ 52.108678][ T6218] ? __pfx_mark_lock+0x10/0x10 [ 52.108690][ T6218] ? __kernel_text_address+0xd/0x40 [ 52.108705][ T6218] ? unwind_get_return_address+0x59/0xa0 [ 52.108724][ T6218] pin_user_pages_fast+0xa8/0x100 [ 52.108734][ T6218] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 52.108744][ T6218] ? __pfx_mark_lock+0x10/0x10 [ 52.108758][ T6218] ? __blkdev_direct_IO_simple+0x662/0x820 [ 52.108773][ T6218] iov_iter_extract_pages+0x3a5/0x2010 [ 52.108787][ T6218] ? orangefs_fileattr_set+0x38d/0x410 [ 52.108803][ T6218] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 52.108817][ T6218] ? find_held_lock+0x2d/0x110 [ 52.108831][ T6218] bio_iov_iter_get_pages+0x37c/0x1100 [ 52.108853][ T6218] ? __pfx_bio_iov_iter_get_pages+0x10/0x10 [ 52.108875][ T6218] __blkdev_direct_IO_simple+0x361/0x820 [ 52.108890][ T6218] ? __pfx___blkdev_direct_IO_simple+0x10/0x10 [ 52.108903][ T6218] ? hlock_class+0x4e/0x130 [ 52.108913][ T6218] ? mark_lock+0xb5/0xc60 [ 52.108928][ T6218] ? __pfx_mark_lock+0x10/0x10 [ 52.108940][ T6218] ? find_held_lock+0x2d/0x110 [ 52.108956][ T6218] ? hlock_class+0x4e/0x130 [ 52.108966][ T6218] ? mark_lock+0xb5/0xc60 [ 52.108978][ T6218] ? is_bpf_text_address+0x30/0x1a0 [ 52.108995][ T6218] ? iov_iter_is_aligned+0xf2/0x5a0 [ 52.109010][ T6218] ? iov_iter_npages+0xf0/0x5a0 [ 52.109026][ T6218] blkdev_direct_IO+0xabb/0x1c50 [ 52.109042][ T6218] ? __pfx___lock_acquire+0x10/0x10 [ 52.109055][ T6218] ? register_lock_class+0xb1/0x1240 [ 52.109072][ T6218] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 52.109083][ T6218] ? hlock_class+0x4e/0x130 [ 52.109094][ T6218] ? mark_lock+0xb5/0xc60 [ 52.109112][ T6218] blkdev_read_iter+0x258/0x4b0 [ 52.109126][ T6218] do_iter_readv_writev+0x737/0x950 [ 52.109143][ T6218] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 52.109157][ T6218] ? avc_policy_seqno+0x9/0x20 [ 52.109170][ T6218] ? selinux_file_permission+0x11f/0x580 [ 52.109188][ T6218] ? bpf_lsm_file_permission+0x9/0x10 [ 52.109199][ T6218] ? security_file_permission+0x71/0x210 [ 52.109215][ T6218] ? rw_verify_area+0xcf/0x680 [ 52.109230][ T6218] vfs_readv+0x4d2/0x8a0 [ 52.109248][ T6218] ? __pfx_vfs_readv+0x10/0x10 [ 52.109262][ T6218] ? find_held_lock+0x2d/0x110 [ 52.109275][ T6218] ? __pfx_lock_release+0x10/0x10 [ 52.109289][ T6218] ? trace_lock_acquire+0x14e/0x1f0 [ 52.109304][ T6218] ? __fget_files+0x206/0x3a0 [ 52.109317][ T6218] ? do_preadv+0x1b1/0x270 [ 52.109331][ T6218] do_preadv+0x1b1/0x270 [ 52.109346][ T6218] ? __pfx_do_preadv+0x10/0x10 [ 52.109361][ T6218] ? ksys_write+0x1ba/0x250 [ 52.109376][ T6218] ? __pfx_ksys_write+0x10/0x10 [ 52.109393][ T6218] __x64_sys_preadv2+0xef/0x160 [ 52.109405][ T6218] do_syscall_64+0xcd/0x250 [ 52.109418][ T6218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.109433][ T6218] RIP: 0033:0x7f1fb4b8d169 [ 52.109441][ T6218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 52.109451][ T6218] RSP: 002b:00007f1fb5930038 EFLAGS: 00000246 ORIG_RAX: 0000000000000147 [ 52.109461][ T6218] RAX: ffffffffffffffda RBX: 00007f1fb4da5fa0 RCX: 00007f1fb4b8d169 [ 52.109467][ T6218] RDX: 0000000000000005 RSI: 0000400000000080 RDI: 0000000000000003 [ 52.109472][ T6218] RBP: 00007f1fb5930090 R08: 0000000000000000 R09: 000000000000001f [ 52.109478][ T6218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 52.109484][ T6218] R13: 0000000000000000 R14: 00007f1fb4da5fa0 R15: 00007ffc95e3dd38 [ 52.109496][ T6218] [ 52.345758][ T6230] hpfs: Bad magic ... probably not HPFS [ 52.393488][ T6237] netlink: 'syz.2.79': attribute type 1 has an invalid length. [ 52.430128][ T6241] FAULT_INJECTION: forcing a failure. [ 52.430128][ T6241] name failslab, interval 1, probability 0, space 0, times 0 [ 52.434967][ T6241] CPU: 2 UID: 0 PID: 6241 Comm: syz.3.81 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 52.434988][ T6241] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.434998][ T6241] Call Trace: [ 52.435003][ T6241] [ 52.435010][ T6241] dump_stack_lvl+0x16c/0x1f0 [ 52.435035][ T6241] should_fail_ex+0x50a/0x650 [ 52.435060][ T6241] ? fs_reclaim_acquire+0xae/0x150 [ 52.435087][ T6241] ? kobject_uevent_env+0x265/0x1870 [ 52.435109][ T6241] should_failslab+0xc2/0x120 [ 52.435128][ T6241] __kmalloc_cache_noprof+0x68/0x410 [ 52.435153][ T6241] ? find_held_lock+0x2d/0x110 [ 52.435185][ T6241] kobject_uevent_env+0x265/0x1870 [ 52.435208][ T6241] ? __pfx_dev_uevent_name+0x10/0x10 [ 52.435246][ T6241] nbd_config_put+0x4fc/0x750 [ 52.435269][ T6241] nbd_genl_connect+0x12d5/0x1c00 [ 52.435293][ T6241] ? __pfx_nbd_genl_connect+0x10/0x10 [ 52.435319][ T6241] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 52.435345][ T6241] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 52.435376][ T6241] genl_family_rcv_msg_doit+0x202/0x2f0 [ 52.435403][ T6241] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 52.435426][ T6241] ? genl_get_cmd+0x195/0x580 [ 52.435458][ T6241] ? __radix_tree_lookup+0x21f/0x2c0 [ 52.435481][ T6241] genl_rcv_msg+0x565/0x800 [ 52.435509][ T6241] ? __pfx_genl_rcv_msg+0x10/0x10 [ 52.435533][ T6241] ? __pfx_nbd_genl_connect+0x10/0x10 [ 52.435555][ T6241] ? __pfx___lock_acquire+0x10/0x10 [ 52.435584][ T6241] netlink_rcv_skb+0x16b/0x440 [ 52.435605][ T6241] ? __pfx_genl_rcv_msg+0x10/0x10 [ 52.435630][ T6241] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 52.435664][ T6241] ? down_read+0xc9/0x330 [ 52.435685][ T6241] ? __pfx_down_read+0x10/0x10 [ 52.435708][ T6241] ? netlink_deliver_tap+0x1ae/0xd30 [ 52.435733][ T6241] genl_rcv+0x28/0x40 [ 52.435753][ T6241] netlink_unicast+0x53c/0x7f0 [ 52.435777][ T6241] ? __pfx_netlink_unicast+0x10/0x10 [ 52.435806][ T6241] netlink_sendmsg+0x8b8/0xd70 [ 52.435831][ T6241] ? __pfx_netlink_sendmsg+0x10/0x10 [ 52.435863][ T6241] ____sys_sendmsg+0xaaf/0xc90 [ 52.435881][ T6241] ? copy_msghdr_from_user+0x10b/0x160 [ 52.435904][ T6241] ? __pfx_____sys_sendmsg+0x10/0x10 [ 52.435933][ T6241] ___sys_sendmsg+0x135/0x1e0 [ 52.435957][ T6241] ? __pfx____sys_sendmsg+0x10/0x10 [ 52.435991][ T6241] ? __pfx_lock_release+0x10/0x10 [ 52.436013][ T6241] ? trace_lock_acquire+0x14e/0x1f0 [ 52.436041][ T6241] ? __fget_files+0x206/0x3a0 [ 52.436065][ T6241] __sys_sendmsg+0x16e/0x220 [ 52.436088][ T6241] ? __pfx___sys_sendmsg+0x10/0x10 [ 52.436128][ T6241] do_syscall_64+0xcd/0x250 [ 52.436150][ T6241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.436177][ T6241] RIP: 0033:0x7f1fb4b8d169 [ 52.436191][ T6241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 52.436206][ T6241] RSP: 002b:00007f1fb5930038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 52.436222][ T6241] RAX: ffffffffffffffda RBX: 00007f1fb4da5fa0 RCX: 00007f1fb4b8d169 [ 52.436232][ T6241] RDX: 0000000000000000 RSI: 00004000000002c0 RDI: 000000000000000a [ 52.436242][ T6241] RBP: 00007f1fb5930090 R08: 0000000000000000 R09: 0000000000000000 [ 52.436252][ T6241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 52.436261][ T6241] R13: 0000000000000000 R14: 00007f1fb4da5fa0 R15: 00007ffc95e3dd38 [ 52.436284][ T6241] [ 52.580206][ T6247] netlink: 'syz.3.83': attribute type 10 has an invalid length. [ 52.586146][ T6247] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.589443][ T6244] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 52.589770][ T6247] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 52.591512][ T6244] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 52.592469][ T6244] vhci_hcd vhci_hcd.0: Device attached [ 52.601096][ T6245] vhci_hcd: unknown pdu 1 [ 52.605678][ T82] vhci_hcd: stop threads [ 52.606971][ T82] vhci_hcd: release socket [ 52.608298][ T82] vhci_hcd: disconnect device [ 52.628510][ T6247] bond0: (slave batadv0): Releasing backup interface [ 52.891990][ T6272] BUG: Bad page state in process syz.3.91 pfn:51b68 [ 52.894902][ T6272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x51b68 [ 52.898951][ T6272] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 52.901260][ T6272] raw: 00fff00000000000 dead000000000040 ffff888020063000 0000000000000000 [ 52.903943][ T6272] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 52.906460][ T6272] page dumped because: page_pool leak [ 52.908051][ T6272] page_owner tracks the page as allocated [ 52.909771][ T6272] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6272, tgid 6271 (syz.3.91), ts 52891927037, free_ts 52690610444 [ 52.915941][ T6272] post_alloc_hook+0x181/0x1b0 [ 52.917365][ T6272] get_page_from_freelist+0xfce/0x2f80 [ 52.918996][ T6272] __alloc_frozen_pages_noprof+0x221/0x2470 [ 52.920949][ T6272] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 52.922580][ T6272] __page_pool_alloc_pages_slow+0x18c/0x770 [ 52.924335][ T6272] page_pool_alloc_netmems+0xc4/0x160 [ 52.925904][ T6272] skb_pp_cow_data+0x776/0xf10 [ 52.927331][ T6272] skb_cow_data_for_xdp+0x88/0xb0 [ 52.928816][ T6272] do_xdp_generic+0x3f1/0xe70 [ 52.930392][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 52.933151][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 52.935298][ T6272] __netif_receive_skb+0x1d/0x160 [ 52.936754][ T6272] netif_receive_skb+0x13f/0x7b0 [ 52.938217][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 52.939781][ T6272] tun_get_user+0x2a22/0x3e50 [ 52.941291][ T6272] tun_chr_write_iter+0xdc/0x210 [ 52.942809][ T6272] page last free pid 6258 tgid 6258 stack trace: [ 52.944644][ T6272] free_frozen_pages+0x6db/0xfb0 [ 52.946101][ T6272] tlb_remove_table_rcu+0x116/0x1a0 [ 52.947629][ T6272] rcu_core+0x79d/0x14d0 [ 52.949105][ T6272] handle_softirqs+0x213/0x8f0 [ 52.950604][ T6272] __irq_exit_rcu+0x109/0x170 [ 52.952015][ T6272] irq_exit_rcu+0x9/0x30 [ 52.953274][ T6272] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 52.954999][ T6272] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 52.956756][ T6272] Modules linked in: [ 52.957918][ T6272] CPU: 0 UID: 0 PID: 6272 Comm: syz.3.91 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 52.957931][ T6272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.957937][ T6272] Call Trace: [ 52.957941][ T6272] [ 52.957945][ T6272] dump_stack_lvl+0x16c/0x1f0 [ 52.957961][ T6272] bad_page+0xb3/0x1f0 [ 52.957974][ T6272] ? __pfx_bad_page+0x10/0x10 [ 52.957987][ T6272] ? page_bad_reason+0x9d/0x1e0 [ 52.958001][ T6272] free_frozen_pages+0x701/0xfb0 [ 52.958015][ T6272] page_frag_free+0x255/0x2a0 [ 52.958028][ T6272] __xdp_return+0x319/0xa70 [ 52.958044][ T6272] ? kmem_cache_free+0x2e2/0x4d0 [ 52.958056][ T6272] bpf_xdp_adjust_tail+0x9de/0xf70 [ 52.958079][ T6272] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 52.958088][ T6272] bpf_prog_run_generic_xdp+0x623/0x1500 [ 52.958107][ T6272] do_xdp_generic+0x70a/0xe70 [ 52.958121][ T6272] ? __pfx_do_xdp_generic+0x10/0x10 [ 52.958136][ T6272] ? hlock_class+0x4e/0x130 [ 52.958148][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 52.958166][ T6272] ? mark_lock+0xb5/0xc60 [ 52.958183][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 52.958198][ T6272] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 52.958215][ T6272] ? __skb_flow_dissect+0x11df/0x7e40 [ 52.958228][ T6272] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 52.958242][ T6272] ? hlock_class+0x4e/0x130 [ 52.958252][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 52.958270][ T6272] ? handle_mm_fault+0x497/0xaa0 [ 52.958281][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 52.958296][ T6272] ? __pfx_mark_lock+0x10/0x10 [ 52.958314][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 52.958327][ T6272] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 52.958340][ T6272] ? rcu_is_watching+0x12/0xc0 [ 52.958352][ T6272] ? netif_receive_skb+0x109/0x7b0 [ 52.958366][ T6272] __netif_receive_skb+0x1d/0x160 [ 52.958378][ T6272] netif_receive_skb+0x13f/0x7b0 [ 52.958390][ T6272] ? __pfx_netif_receive_skb+0x10/0x10 [ 52.958402][ T6272] ? _copy_from_iter+0x15e/0x1560 [ 52.958413][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 52.958443][ T6272] ? __pfx__copy_from_iter+0x10/0x10 [ 52.958458][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 52.958476][ T6272] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 52.958498][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 52.958514][ T6272] ? lock_acquire+0x2f/0xb0 [ 52.958527][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 52.958545][ T6272] tun_get_user+0x2a22/0x3e50 [ 52.958562][ T6272] ? in_gate_area_no_mm+0x70/0x70 [ 52.958580][ T6272] ? __pfx_tun_get_user+0x10/0x10 [ 52.958596][ T6272] ? find_held_lock+0x2d/0x110 [ 52.958610][ T6272] ? __pfx_lock_release+0x10/0x10 [ 52.958632][ T6272] tun_chr_write_iter+0xdc/0x210 [ 52.958649][ T6272] vfs_write+0x5ae/0x1150 [ 52.958666][ T6272] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 52.958684][ T6272] ? __pfx_vfs_write+0x10/0x10 [ 52.958699][ T6272] ? do_futex+0x123/0x350 [ 52.958712][ T6272] ? __fget_files+0x40/0x3a0 [ 52.958728][ T6272] ksys_write+0x12b/0x250 [ 52.958744][ T6272] ? __pfx_ksys_write+0x10/0x10 [ 52.958764][ T6272] do_syscall_64+0xcd/0x250 [ 52.958778][ T6272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.958793][ T6272] RIP: 0033:0x7f1fb4b8bc1f [ 52.958801][ T6272] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 52.958811][ T6272] RSP: 002b:00007f1fb5930000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 52.958822][ T6272] RAX: ffffffffffffffda RBX: 00007f1fb4da5fa0 RCX: 00007f1fb4b8bc1f [ 52.958828][ T6272] RDX: 0000000000011dc0 RSI: 0000400000000440 RDI: 00000000000000c8 [ 52.958834][ T6272] RBP: 00007f1fb4c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 52.958840][ T6272] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 52.958846][ T6272] R13: 0000000000000000 R14: 00007f1fb4da5fa0 R15: 00007ffc95e3dd38 [ 52.958858][ T6272] [ 52.958862][ T6272] Disabling lock debugging due to kernel taint [ 53.079749][ T6272] BUG: Bad page state in process syz.3.91 pfn:31d93 [ 53.081864][ T6272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x31d93 [ 53.085704][ T6272] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.088066][ T6272] raw: 00fff00000000000 dead000000000040 ffff888020063000 0000000000000000 [ 53.090530][ T6272] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 53.093052][ T6272] page dumped because: page_pool leak [ 53.094602][ T6272] page_owner tracks the page as allocated [ 53.096327][ T6272] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6272, tgid 6271 (syz.3.91), ts 52891919189, free_ts 52690628433 [ 53.101851][ T6272] post_alloc_hook+0x181/0x1b0 [ 53.103821][ T6272] get_page_from_freelist+0xfce/0x2f80 [ 53.105769][ T6272] __alloc_frozen_pages_noprof+0x221/0x2470 [ 53.107727][ T6272] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 53.109462][ T6272] __page_pool_alloc_pages_slow+0x18c/0x770 [ 53.111616][ T6272] page_pool_alloc_netmems+0xc4/0x160 [ 53.113273][ T6272] skb_pp_cow_data+0x776/0xf10 [ 53.114813][ T6272] skb_cow_data_for_xdp+0x88/0xb0 [ 53.116381][ T6272] do_xdp_generic+0x3f1/0xe70 [ 53.118048][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 53.120327][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 53.122094][ T6272] __netif_receive_skb+0x1d/0x160 [ 53.123588][ T6272] netif_receive_skb+0x13f/0x7b0 [ 53.125169][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 53.126700][ T6272] tun_get_user+0x2a22/0x3e50 [ 53.128083][ T6272] tun_chr_write_iter+0xdc/0x210 [ 53.129799][ T6272] page last free pid 6258 tgid 6258 stack trace: [ 53.131683][ T6272] free_frozen_pages+0x6db/0xfb0 [ 53.133083][ T6272] tlb_remove_table_rcu+0x116/0x1a0 [ 53.134603][ T6272] rcu_core+0x79d/0x14d0 [ 53.135800][ T6272] handle_softirqs+0x213/0x8f0 [ 53.137156][ T6272] __irq_exit_rcu+0x109/0x170 [ 53.138720][ T6272] irq_exit_rcu+0x9/0x30 [ 53.140675][ T6272] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 53.142628][ T6272] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 53.144386][ T6272] Modules linked in: [ 53.145552][ T6272] CPU: 0 UID: 0 PID: 6272 Comm: syz.3.91 Tainted: G B 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 53.145568][ T6272] Tainted: [B]=BAD_PAGE [ 53.145571][ T6272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.145577][ T6272] Call Trace: [ 53.145581][ T6272] [ 53.145585][ T6272] dump_stack_lvl+0x16c/0x1f0 [ 53.145601][ T6272] bad_page+0xb3/0x1f0 [ 53.145614][ T6272] ? __pfx_bad_page+0x10/0x10 [ 53.145627][ T6272] ? page_bad_reason+0x9d/0x1e0 [ 53.145642][ T6272] free_frozen_pages+0x701/0xfb0 [ 53.145653][ T6272] page_frag_free+0x255/0x2a0 [ 53.145667][ T6272] __xdp_return+0x319/0xa70 [ 53.145683][ T6272] ? kmem_cache_free+0x2e2/0x4d0 [ 53.145694][ T6272] bpf_xdp_adjust_tail+0x9de/0xf70 [ 53.145713][ T6272] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 53.145722][ T6272] bpf_prog_run_generic_xdp+0x623/0x1500 [ 53.145737][ T6272] do_xdp_generic+0x70a/0xe70 [ 53.145750][ T6272] ? __pfx_do_xdp_generic+0x10/0x10 [ 53.145762][ T6272] ? hlock_class+0x4e/0x130 [ 53.145773][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 53.145789][ T6272] ? mark_lock+0xb5/0xc60 [ 53.145804][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 53.145819][ T6272] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 53.145836][ T6272] ? __skb_flow_dissect+0x11df/0x7e40 [ 53.145848][ T6272] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 53.145861][ T6272] ? hlock_class+0x4e/0x130 [ 53.145871][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 53.145888][ T6272] ? handle_mm_fault+0x497/0xaa0 [ 53.145898][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 53.145913][ T6272] ? __pfx_mark_lock+0x10/0x10 [ 53.145928][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 53.145941][ T6272] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 53.145954][ T6272] ? rcu_is_watching+0x12/0xc0 [ 53.145965][ T6272] ? netif_receive_skb+0x109/0x7b0 [ 53.145978][ T6272] __netif_receive_skb+0x1d/0x160 [ 53.145990][ T6272] netif_receive_skb+0x13f/0x7b0 [ 53.146002][ T6272] ? __pfx_netif_receive_skb+0x10/0x10 [ 53.146014][ T6272] ? _copy_from_iter+0x15e/0x1560 [ 53.146025][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 53.146039][ T6272] ? __pfx__copy_from_iter+0x10/0x10 [ 53.146050][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 53.146067][ T6272] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 53.146083][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 53.146099][ T6272] ? lock_acquire+0x2f/0xb0 [ 53.146113][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 53.146129][ T6272] tun_get_user+0x2a22/0x3e50 [ 53.146146][ T6272] ? in_gate_area_no_mm+0x70/0x70 [ 53.146161][ T6272] ? __pfx_tun_get_user+0x10/0x10 [ 53.146177][ T6272] ? find_held_lock+0x2d/0x110 [ 53.146188][ T6272] ? __pfx_lock_release+0x10/0x10 [ 53.146205][ T6272] tun_chr_write_iter+0xdc/0x210 [ 53.146222][ T6272] vfs_write+0x5ae/0x1150 [ 53.146239][ T6272] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 53.146257][ T6272] ? __pfx_vfs_write+0x10/0x10 [ 53.146272][ T6272] ? do_futex+0x123/0x350 [ 53.146285][ T6272] ? __fget_files+0x40/0x3a0 [ 53.146298][ T6272] ksys_write+0x12b/0x250 [ 53.146314][ T6272] ? __pfx_ksys_write+0x10/0x10 [ 53.146331][ T6272] do_syscall_64+0xcd/0x250 [ 53.146345][ T6272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.146360][ T6272] RIP: 0033:0x7f1fb4b8bc1f [ 53.146368][ T6272] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 53.146378][ T6272] RSP: 002b:00007f1fb5930000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 53.146388][ T6272] RAX: ffffffffffffffda RBX: 00007f1fb4da5fa0 RCX: 00007f1fb4b8bc1f [ 53.146395][ T6272] RDX: 0000000000011dc0 RSI: 0000400000000440 RDI: 00000000000000c8 [ 53.146401][ T6272] RBP: 00007f1fb4c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 53.146407][ T6272] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 53.146413][ T6272] R13: 0000000000000000 R14: 00007f1fb4da5fa0 R15: 00007ffc95e3dd38 [ 53.146440][ T6272] [ 53.146453][ T6272] BUG: Bad page state in process syz.3.91 pfn:321e6 [ 53.265721][ T6272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880321e7e00 pfn:0x321e6 [ 53.268885][ T6272] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.271790][ T6272] raw: 00fff00000000000 dead000000000040 ffff888020063000 0000000000000000 [ 53.274162][ T6272] raw: ffff8880321e7e00 0000000000000001 00000000ffffffff 0000000000000000 [ 53.276768][ T6272] page dumped because: page_pool leak [ 53.278316][ T6272] page_owner tracks the page as allocated [ 53.280196][ T6272] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6272, tgid 6271 (syz.3.91), ts 52891911206, free_ts 52690645200 [ 53.285031][ T6272] post_alloc_hook+0x181/0x1b0 [ 53.286445][ T6272] get_page_from_freelist+0xfce/0x2f80 [ 53.288032][ T6272] __alloc_frozen_pages_noprof+0x221/0x2470 [ 53.290462][ T6272] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 53.292444][ T6272] __page_pool_alloc_pages_slow+0x18c/0x770 [ 53.294155][ T6272] page_pool_alloc_netmems+0xc4/0x160 [ 53.295749][ T6272] skb_pp_cow_data+0x776/0xf10 [ 53.297149][ T6272] skb_cow_data_for_xdp+0x88/0xb0 [ 53.298668][ T6272] do_xdp_generic+0x3f1/0xe70 [ 53.300054][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 53.302053][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 53.303750][ T6272] __netif_receive_skb+0x1d/0x160 [ 53.305245][ T6272] netif_receive_skb+0x13f/0x7b0 [ 53.306698][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 53.308213][ T6272] tun_get_user+0x2a22/0x3e50 [ 53.310074][ T6272] tun_chr_write_iter+0xdc/0x210 [ 53.312007][ T6272] page last free pid 6258 tgid 6258 stack trace: [ 53.313815][ T6272] free_frozen_pages+0x6db/0xfb0 [ 53.315347][ T6272] tlb_remove_table_rcu+0x116/0x1a0 [ 53.316865][ T6272] rcu_core+0x79d/0x14d0 [ 53.318112][ T6272] handle_softirqs+0x213/0x8f0 [ 53.319580][ T6272] __irq_exit_rcu+0x109/0x170 [ 53.321013][ T6272] irq_exit_rcu+0x9/0x30 [ 53.322253][ T6272] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 53.324385][ T6272] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 53.326444][ T6272] Modules linked in: [ 53.327793][ T6272] CPU: 0 UID: 0 PID: 6272 Comm: syz.3.91 Tainted: G B 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 53.327810][ T6272] Tainted: [B]=BAD_PAGE [ 53.327813][ T6272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.327819][ T6272] Call Trace: [ 53.327823][ T6272] [ 53.327828][ T6272] dump_stack_lvl+0x16c/0x1f0 [ 53.327843][ T6272] bad_page+0xb3/0x1f0 [ 53.327857][ T6272] ? __pfx_bad_page+0x10/0x10 [ 53.327870][ T6272] ? page_bad_reason+0x9d/0x1e0 [ 53.327883][ T6272] free_frozen_pages+0x701/0xfb0 [ 53.327894][ T6272] page_frag_free+0x255/0x2a0 [ 53.327906][ T6272] __xdp_return+0x319/0xa70 [ 53.327922][ T6272] ? kmem_cache_free+0x2e2/0x4d0 [ 53.327944][ T6272] bpf_xdp_adjust_tail+0x9de/0xf70 [ 53.327964][ T6272] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 53.327973][ T6272] bpf_prog_run_generic_xdp+0x623/0x1500 [ 53.327988][ T6272] do_xdp_generic+0x70a/0xe70 [ 53.328001][ T6272] ? __pfx_do_xdp_generic+0x10/0x10 [ 53.328013][ T6272] ? hlock_class+0x4e/0x130 [ 53.328024][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 53.328041][ T6272] ? mark_lock+0xb5/0xc60 [ 53.328056][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 53.328070][ T6272] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 53.328087][ T6272] ? __skb_flow_dissect+0x11df/0x7e40 [ 53.328100][ T6272] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 53.328113][ T6272] ? hlock_class+0x4e/0x130 [ 53.328124][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 53.328140][ T6272] ? handle_mm_fault+0x497/0xaa0 [ 53.328150][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 53.328165][ T6272] ? __pfx_mark_lock+0x10/0x10 [ 53.328180][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 53.328193][ T6272] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 53.328206][ T6272] ? rcu_is_watching+0x12/0xc0 [ 53.328222][ T6272] ? netif_receive_skb+0x109/0x7b0 [ 53.328235][ T6272] __netif_receive_skb+0x1d/0x160 [ 53.328247][ T6272] netif_receive_skb+0x13f/0x7b0 [ 53.328259][ T6272] ? __pfx_netif_receive_skb+0x10/0x10 [ 53.328271][ T6272] ? _copy_from_iter+0x15e/0x1560 [ 53.328282][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 53.328296][ T6272] ? __pfx__copy_from_iter+0x10/0x10 [ 53.328307][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 53.328323][ T6272] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 53.328339][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 53.328355][ T6272] ? lock_acquire+0x2f/0xb0 [ 53.328369][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 53.328385][ T6272] tun_get_user+0x2a22/0x3e50 [ 53.328401][ T6272] ? in_gate_area_no_mm+0x70/0x70 [ 53.328417][ T6272] ? __pfx_tun_get_user+0x10/0x10 [ 53.328432][ T6272] ? find_held_lock+0x2d/0x110 [ 53.328444][ T6272] ? __pfx_lock_release+0x10/0x10 [ 53.328461][ T6272] tun_chr_write_iter+0xdc/0x210 [ 53.328480][ T6272] vfs_write+0x5ae/0x1150 [ 53.328497][ T6272] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 53.328514][ T6272] ? __pfx_vfs_write+0x10/0x10 [ 53.328529][ T6272] ? do_futex+0x123/0x350 [ 53.328542][ T6272] ? __fget_files+0x40/0x3a0 [ 53.328555][ T6272] ksys_write+0x12b/0x250 [ 53.328571][ T6272] ? __pfx_ksys_write+0x10/0x10 [ 53.328589][ T6272] do_syscall_64+0xcd/0x250 [ 53.328602][ T6272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.328617][ T6272] RIP: 0033:0x7f1fb4b8bc1f [ 53.328625][ T6272] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 53.328635][ T6272] RSP: 002b:00007f1fb5930000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 53.328645][ T6272] RAX: ffffffffffffffda RBX: 00007f1fb4da5fa0 RCX: 00007f1fb4b8bc1f [ 53.328652][ T6272] RDX: 0000000000011dc0 RSI: 0000400000000440 RDI: 00000000000000c8 [ 53.328658][ T6272] RBP: 00007f1fb4c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 53.328664][ T6272] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 53.328670][ T6272] R13: 0000000000000000 R14: 00007f1fb4da5fa0 R15: 00007ffc95e3dd38 [ 53.328678][ T6272] [ 53.328694][ T6272] BUG: Bad page state in process syz.3.91 pfn:51f46 [ 53.443854][ T6272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51f46 [ 53.446374][ T6272] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.448307][ T6272] raw: 00fff00000000000 dead000000000040 ffff888020063000 0000000000000000 [ 53.451010][ T6272] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 53.453247][ T6272] page dumped because: page_pool leak [ 53.454679][ T6272] page_owner tracks the page as allocated [ 53.456176][ T6272] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6272, tgid 6271 (syz.3.91), ts 52891903490, free_ts 52690661586 [ 53.460546][ T6272] post_alloc_hook+0x181/0x1b0 [ 53.461830][ T6272] get_page_from_freelist+0xfce/0x2f80 [ 53.463244][ T6272] __alloc_frozen_pages_noprof+0x221/0x2470 [ 53.464803][ T6272] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 53.466239][ T6272] __page_pool_alloc_pages_slow+0x18c/0x770 [ 53.467800][ T6272] page_pool_alloc_netmems+0xc4/0x160 [ 53.469214][ T6272] skb_pp_cow_data+0x776/0xf10 [ 53.470594][ T6272] skb_cow_data_for_xdp+0x88/0xb0 [ 53.471932][ T6272] do_xdp_generic+0x3f1/0xe70 [ 53.473130][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 53.474823][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 53.476339][ T6272] __netif_receive_skb+0x1d/0x160 [ 53.477674][ T6272] netif_receive_skb+0x13f/0x7b0 [ 53.479002][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 53.480451][ T6272] tun_get_user+0x2a22/0x3e50 [ 53.481695][ T6272] tun_chr_write_iter+0xdc/0x210 [ 53.483019][ T6272] page last free pid 6258 tgid 6258 stack trace: [ 53.484682][ T6272] free_frozen_pages+0x6db/0xfb0 [ 53.486003][ T6272] tlb_remove_table_rcu+0x116/0x1a0 [ 53.487379][ T6272] rcu_core+0x79d/0x14d0 [ 53.488506][ T6272] handle_softirqs+0x213/0x8f0 [ 53.489777][ T6272] __irq_exit_rcu+0x109/0x170 [ 53.491083][ T6272] irq_exit_rcu+0x9/0x30 [ 53.492388][ T6272] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 53.493865][ T6272] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 53.495440][ T6272] Modules linked in: [ 53.496414][ T6272] CPU: 0 UID: 0 PID: 6272 Comm: syz.3.91 Tainted: G B 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 53.496429][ T6272] Tainted: [B]=BAD_PAGE [ 53.496432][ T6272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.496438][ T6272] Call Trace: [ 53.496443][ T6272] [ 53.496447][ T6272] dump_stack_lvl+0x16c/0x1f0 [ 53.496462][ T6272] bad_page+0xb3/0x1f0 [ 53.496475][ T6272] ? __pfx_bad_page+0x10/0x10 [ 53.496488][ T6272] ? page_bad_reason+0x9d/0x1e0 [ 53.496501][ T6272] free_frozen_pages+0x701/0xfb0 [ 53.496512][ T6272] page_frag_free+0x255/0x2a0 [ 53.496524][ T6272] __xdp_return+0x319/0xa70 [ 53.496540][ T6272] ? kmem_cache_free+0x2e2/0x4d0 [ 53.496550][ T6272] bpf_xdp_adjust_tail+0x9de/0xf70 [ 53.496570][ T6272] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 53.496578][ T6272] bpf_prog_run_generic_xdp+0x623/0x1500 [ 53.496593][ T6272] do_xdp_generic+0x70a/0xe70 [ 53.496606][ T6272] ? __pfx_do_xdp_generic+0x10/0x10 [ 53.496618][ T6272] ? hlock_class+0x4e/0x130 [ 53.496630][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 53.496646][ T6272] ? mark_lock+0xb5/0xc60 [ 53.496661][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 53.496675][ T6272] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 53.496692][ T6272] ? __skb_flow_dissect+0x11df/0x7e40 [ 53.496704][ T6272] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 53.496717][ T6272] ? hlock_class+0x4e/0x130 [ 53.496727][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 53.496743][ T6272] ? handle_mm_fault+0x497/0xaa0 [ 53.496753][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 53.496768][ T6272] ? __pfx_mark_lock+0x10/0x10 [ 53.496784][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 53.496796][ T6272] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 53.496809][ T6272] ? rcu_is_watching+0x12/0xc0 [ 53.496820][ T6272] ? netif_receive_skb+0x109/0x7b0 [ 53.496833][ T6272] __netif_receive_skb+0x1d/0x160 [ 53.496845][ T6272] netif_receive_skb+0x13f/0x7b0 [ 53.496857][ T6272] ? __pfx_netif_receive_skb+0x10/0x10 [ 53.496869][ T6272] ? _copy_from_iter+0x15e/0x1560 [ 53.496880][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 53.496895][ T6272] ? __pfx__copy_from_iter+0x10/0x10 [ 53.496905][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 53.496921][ T6272] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 53.496937][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 53.496953][ T6272] ? lock_acquire+0x2f/0xb0 [ 53.496967][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 53.496983][ T6272] tun_get_user+0x2a22/0x3e50 [ 53.496999][ T6272] ? in_gate_area_no_mm+0x70/0x70 [ 53.497014][ T6272] ? __pfx_tun_get_user+0x10/0x10 [ 53.497030][ T6272] ? find_held_lock+0x2d/0x110 [ 53.497041][ T6272] ? __pfx_lock_release+0x10/0x10 [ 53.497062][ T6272] tun_chr_write_iter+0xdc/0x210 [ 53.497079][ T6272] vfs_write+0x5ae/0x1150 [ 53.497096][ T6272] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 53.497113][ T6272] ? __pfx_vfs_write+0x10/0x10 [ 53.497129][ T6272] ? do_futex+0x123/0x350 [ 53.497141][ T6272] ? __fget_files+0x40/0x3a0 [ 53.497154][ T6272] ksys_write+0x12b/0x250 [ 53.497170][ T6272] ? __pfx_ksys_write+0x10/0x10 [ 53.497188][ T6272] do_syscall_64+0xcd/0x250 [ 53.497200][ T6272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.497220][ T6272] RIP: 0033:0x7f1fb4b8bc1f [ 53.497228][ T6272] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 53.497238][ T6272] RSP: 002b:00007f1fb5930000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 53.497248][ T6272] RAX: ffffffffffffffda RBX: 00007f1fb4da5fa0 RCX: 00007f1fb4b8bc1f [ 53.497254][ T6272] RDX: 0000000000011dc0 RSI: 0000400000000440 RDI: 00000000000000c8 [ 53.497260][ T6272] RBP: 00007f1fb4c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 53.497266][ T6272] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 53.497272][ T6272] R13: 0000000000000000 R14: 00007f1fb4da5fa0 R15: 00007ffc95e3dd38 [ 53.497281][ T6272] [ 53.497287][ T6272] BUG: Bad page state in process syz.3.91 pfn:3429c [ 53.599480][ T6272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x3429c [ 53.602102][ T6272] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.603937][ T6272] raw: 00fff00000000000 dead000000000040 ffff888020063000 0000000000000000 [ 53.606159][ T6272] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 53.608440][ T6272] page dumped because: page_pool leak [ 53.609843][ T6272] page_owner tracks the page as allocated [ 53.611410][ T6272] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6272, tgid 6271 (syz.3.91), ts 52891895811, free_ts 52690677998 [ 53.615669][ T6272] post_alloc_hook+0x181/0x1b0 [ 53.616887][ T6272] get_page_from_freelist+0xfce/0x2f80 [ 53.618321][ T6272] __alloc_frozen_pages_noprof+0x221/0x2470 [ 53.620221][ T6272] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 53.621830][ T6272] __page_pool_alloc_pages_slow+0x18c/0x770 [ 53.623854][ T6272] page_pool_alloc_netmems+0xc4/0x160 [ 53.625509][ T6272] skb_pp_cow_data+0x776/0xf10 [ 53.627036][ T6272] skb_cow_data_for_xdp+0x88/0xb0 [ 53.628586][ T6272] do_xdp_generic+0x3f1/0xe70 [ 53.630053][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 53.631936][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 53.633669][ T6272] __netif_receive_skb+0x1d/0x160 [ 53.635338][ T6272] netif_receive_skb+0x13f/0x7b0 [ 53.636894][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 53.638595][ T6272] tun_get_user+0x2a22/0x3e50 [ 53.640088][ T6272] tun_chr_write_iter+0xdc/0x210 [ 53.641691][ T6272] page last free pid 6258 tgid 6258 stack trace: [ 53.643354][ T6272] free_frozen_pages+0x6db/0xfb0 [ 53.644780][ T6272] tlb_remove_table_rcu+0x116/0x1a0 [ 53.646203][ T6272] rcu_core+0x79d/0x14d0 [ 53.647461][ T6272] handle_softirqs+0x213/0x8f0 [ 53.648760][ T6272] __irq_exit_rcu+0x109/0x170 [ 53.650028][ T6272] irq_exit_rcu+0x9/0x30 [ 53.651263][ T6272] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 53.652828][ T6272] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 53.654403][ T6272] Modules linked in: [ 53.655460][ T6272] CPU: 0 UID: 0 PID: 6272 Comm: syz.3.91 Tainted: G B 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 53.655475][ T6272] Tainted: [B]=BAD_PAGE [ 53.655479][ T6272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.655485][ T6272] Call Trace: [ 53.655490][ T6272] [ 53.655495][ T6272] dump_stack_lvl+0x16c/0x1f0 [ 53.655509][ T6272] bad_page+0xb3/0x1f0 [ 53.655523][ T6272] ? __pfx_bad_page+0x10/0x10 [ 53.655535][ T6272] ? page_bad_reason+0x9d/0x1e0 [ 53.655549][ T6272] free_frozen_pages+0x701/0xfb0 [ 53.655560][ T6272] page_frag_free+0x255/0x2a0 [ 53.655572][ T6272] __xdp_return+0x319/0xa70 [ 53.655588][ T6272] ? kmem_cache_free+0x2e2/0x4d0 [ 53.655598][ T6272] bpf_xdp_adjust_tail+0x9de/0xf70 [ 53.655618][ T6272] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 53.655626][ T6272] bpf_prog_run_generic_xdp+0x623/0x1500 [ 53.655642][ T6272] do_xdp_generic+0x70a/0xe70 [ 53.655654][ T6272] ? __pfx_do_xdp_generic+0x10/0x10 [ 53.655667][ T6272] ? hlock_class+0x4e/0x130 [ 53.655678][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 53.655694][ T6272] ? mark_lock+0xb5/0xc60 [ 53.655709][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 53.655723][ T6272] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 53.655741][ T6272] ? __skb_flow_dissect+0x11df/0x7e40 [ 53.655753][ T6272] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 53.655766][ T6272] ? hlock_class+0x4e/0x130 [ 53.655777][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 53.655793][ T6272] ? handle_mm_fault+0x497/0xaa0 [ 53.655803][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 53.655818][ T6272] ? __pfx_mark_lock+0x10/0x10 [ 53.655833][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 53.655846][ T6272] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 53.655859][ T6272] ? rcu_is_watching+0x12/0xc0 [ 53.655872][ T6272] ? netif_receive_skb+0x109/0x7b0 [ 53.655884][ T6272] __netif_receive_skb+0x1d/0x160 [ 53.655896][ T6272] netif_receive_skb+0x13f/0x7b0 [ 53.655908][ T6272] ? __pfx_netif_receive_skb+0x10/0x10 [ 53.655921][ T6272] ? _copy_from_iter+0x15e/0x1560 [ 53.655931][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 53.655945][ T6272] ? __pfx__copy_from_iter+0x10/0x10 [ 53.655956][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 53.655973][ T6272] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 53.655989][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 53.656005][ T6272] ? lock_acquire+0x2f/0xb0 [ 53.656018][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 53.656035][ T6272] tun_get_user+0x2a22/0x3e50 [ 53.656051][ T6272] ? in_gate_area_no_mm+0x70/0x70 [ 53.656067][ T6272] ? __pfx_tun_get_user+0x10/0x10 [ 53.656082][ T6272] ? find_held_lock+0x2d/0x110 [ 53.656094][ T6272] ? __pfx_lock_release+0x10/0x10 [ 53.656111][ T6272] tun_chr_write_iter+0xdc/0x210 [ 53.656127][ T6272] vfs_write+0x5ae/0x1150 [ 53.656144][ T6272] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 53.656161][ T6272] ? __pfx_vfs_write+0x10/0x10 [ 53.656177][ T6272] ? do_futex+0x123/0x350 [ 53.656190][ T6272] ? __fget_files+0x40/0x3a0 [ 53.656202][ T6272] ksys_write+0x12b/0x250 [ 53.656218][ T6272] ? __pfx_ksys_write+0x10/0x10 [ 53.656236][ T6272] do_syscall_64+0xcd/0x250 [ 53.656266][ T6272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.656281][ T6272] RIP: 0033:0x7f1fb4b8bc1f [ 53.656288][ T6272] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 53.656299][ T6272] RSP: 002b:00007f1fb5930000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 53.656309][ T6272] RAX: ffffffffffffffda RBX: 00007f1fb4da5fa0 RCX: 00007f1fb4b8bc1f [ 53.656315][ T6272] RDX: 0000000000011dc0 RSI: 0000400000000440 RDI: 00000000000000c8 [ 53.656321][ T6272] RBP: 00007f1fb4c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 53.656327][ T6272] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 53.656333][ T6272] R13: 0000000000000000 R14: 00007f1fb4da5fa0 R15: 00007ffc95e3dd38 [ 53.656342][ T6272] [ 53.656357][ T6272] BUG: Bad page state in process syz.3.91 pfn:249ff [ 53.720244][ T5953] Bluetooth: hci1: command tx timeout [ 53.720415][ T6272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x249ff [ 53.722242][ T5953] Bluetooth: hci0: command tx timeout [ 53.723538][ T6272] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.725417][ T5953] Bluetooth: hci3: command tx timeout [ 53.726623][ T6272] raw: 00fff00000000000 dead000000000040 ffff888020063000 0000000000000000 [ 53.773157][ T6272] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 53.775397][ T6272] page dumped because: page_pool leak [ 53.776795][ T6272] page_owner tracks the page as allocated [ 53.778278][ T6272] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6272, tgid 6271 (syz.3.91), ts 52891887391, free_ts 52690688311 [ 53.782587][ T6272] post_alloc_hook+0x181/0x1b0 [ 53.783867][ T6272] get_page_from_freelist+0xfce/0x2f80 [ 53.785292][ T6272] __alloc_frozen_pages_noprof+0x221/0x2470 [ 53.786848][ T6272] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 53.788290][ T6272] __page_pool_alloc_pages_slow+0x18c/0x770 [ 53.789846][ T6272] page_pool_alloc_netmems+0xc4/0x160 [ 53.791333][ T6272] skb_pp_cow_data+0x776/0xf10 [ 53.792593][ T6272] skb_cow_data_for_xdp+0x88/0xb0 [ 53.793903][ T6272] do_xdp_generic+0x3f1/0xe70 [ 53.795148][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 53.796885][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 53.798333][ T6272] __netif_receive_skb+0x1d/0x160 [ 53.799693][ T6272] netif_receive_skb+0x13f/0x7b0 [ 53.801034][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 53.802444][ T6272] tun_get_user+0x2a22/0x3e50 [ 53.803679][ T6272] tun_chr_write_iter+0xdc/0x210 [ 53.805005][ T6272] page last free pid 6258 tgid 6258 stack trace: [ 53.806825][ T6272] free_frozen_pages+0x6db/0xfb0 [ 53.808124][ T6272] tlb_remove_table_rcu+0x116/0x1a0 [ 53.809483][ T6272] rcu_core+0x79d/0x14d0 [ 53.810658][ T6272] handle_softirqs+0x213/0x8f0 [ 53.811934][ T6272] __irq_exit_rcu+0x109/0x170 [ 53.813166][ T6272] irq_exit_rcu+0x9/0x30 [ 53.814298][ T6272] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 53.815775][ T6272] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 53.817331][ T6272] Modules linked in: [ 53.818360][ T6272] CPU: 0 UID: 0 PID: 6272 Comm: syz.3.91 Tainted: G B 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 53.818376][ T6272] Tainted: [B]=BAD_PAGE [ 53.818379][ T6272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.818386][ T6272] Call Trace: [ 53.818390][ T6272] [ 53.818394][ T6272] dump_stack_lvl+0x16c/0x1f0 [ 53.818408][ T6272] bad_page+0xb3/0x1f0 [ 53.818435][ T6272] ? __pfx_bad_page+0x10/0x10 [ 53.818449][ T6272] ? page_bad_reason+0x9d/0x1e0 [ 53.818462][ T6272] free_frozen_pages+0x701/0xfb0 [ 53.818473][ T6272] page_frag_free+0x255/0x2a0 [ 53.818485][ T6272] __xdp_return+0x319/0xa70 [ 53.818501][ T6272] ? kmem_cache_free+0x2e2/0x4d0 [ 53.818511][ T6272] bpf_xdp_adjust_tail+0x9de/0xf70 [ 53.818531][ T6272] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 53.818539][ T6272] bpf_prog_run_generic_xdp+0x623/0x1500 [ 53.818554][ T6272] do_xdp_generic+0x70a/0xe70 [ 53.818566][ T6272] ? __pfx_do_xdp_generic+0x10/0x10 [ 53.818579][ T6272] ? hlock_class+0x4e/0x130 [ 53.818590][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 53.818606][ T6272] ? mark_lock+0xb5/0xc60 [ 53.818621][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 53.818635][ T6272] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 53.818653][ T6272] ? __skb_flow_dissect+0x11df/0x7e40 [ 53.818665][ T6272] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 53.818678][ T6272] ? hlock_class+0x4e/0x130 [ 53.818688][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 53.818704][ T6272] ? handle_mm_fault+0x497/0xaa0 [ 53.818715][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 53.818730][ T6272] ? __pfx_mark_lock+0x10/0x10 [ 53.818745][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 53.818758][ T6272] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 53.818771][ T6272] ? rcu_is_watching+0x12/0xc0 [ 53.818782][ T6272] ? netif_receive_skb+0x109/0x7b0 [ 53.818795][ T6272] __netif_receive_skb+0x1d/0x160 [ 53.818807][ T6272] netif_receive_skb+0x13f/0x7b0 [ 53.818820][ T6272] ? __pfx_netif_receive_skb+0x10/0x10 [ 53.818832][ T6272] ? _copy_from_iter+0x15e/0x1560 [ 53.818842][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 53.818857][ T6272] ? __pfx__copy_from_iter+0x10/0x10 [ 53.818867][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 53.818883][ T6272] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 53.818899][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 53.818915][ T6272] ? lock_acquire+0x2f/0xb0 [ 53.818928][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 53.818945][ T6272] tun_get_user+0x2a22/0x3e50 [ 53.818961][ T6272] ? in_gate_area_no_mm+0x70/0x70 [ 53.818976][ T6272] ? __pfx_tun_get_user+0x10/0x10 [ 53.818992][ T6272] ? find_held_lock+0x2d/0x110 [ 53.819003][ T6272] ? __pfx_lock_release+0x10/0x10 [ 53.819020][ T6272] tun_chr_write_iter+0xdc/0x210 [ 53.819037][ T6272] vfs_write+0x5ae/0x1150 [ 53.819054][ T6272] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 53.819071][ T6272] ? __pfx_vfs_write+0x10/0x10 [ 53.819086][ T6272] ? do_futex+0x123/0x350 [ 53.819100][ T6272] ? __fget_files+0x40/0x3a0 [ 53.819112][ T6272] ksys_write+0x12b/0x250 [ 53.819128][ T6272] ? __pfx_ksys_write+0x10/0x10 [ 53.819146][ T6272] do_syscall_64+0xcd/0x250 [ 53.819159][ T6272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.819174][ T6272] RIP: 0033:0x7f1fb4b8bc1f [ 53.819182][ T6272] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 53.819192][ T6272] RSP: 002b:00007f1fb5930000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 53.819202][ T6272] RAX: ffffffffffffffda RBX: 00007f1fb4da5fa0 RCX: 00007f1fb4b8bc1f [ 53.819209][ T6272] RDX: 0000000000011dc0 RSI: 0000400000000440 RDI: 00000000000000c8 [ 53.819215][ T6272] RBP: 00007f1fb4c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 53.819221][ T6272] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 53.819227][ T6272] R13: 0000000000000000 R14: 00007f1fb4da5fa0 R15: 00007ffc95e3dd38 [ 53.819236][ T6272] [ 53.819246][ T6272] BUG: Bad page state in process syz.3.91 pfn:51b63 [ 53.922362][ T6272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51b63 [ 53.924674][ T6272] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.926543][ T6272] raw: 00fff00000000000 dead000000000040 ffff888020063000 0000000000000000 [ 53.928751][ T6272] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 53.930986][ T6272] page dumped because: page_pool leak [ 53.932337][ T6272] page_owner tracks the page as allocated [ 53.933790][ T6272] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6272, tgid 6271 (syz.3.91), ts 52891879557, free_ts 52690704344 [ 53.938094][ T6272] post_alloc_hook+0x181/0x1b0 [ 53.939322][ T6272] get_page_from_freelist+0xfce/0x2f80 [ 53.940781][ T6272] __alloc_frozen_pages_noprof+0x221/0x2470 [ 53.942321][ T6272] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 53.943765][ T6272] __page_pool_alloc_pages_slow+0x18c/0x770 [ 53.945323][ T6272] page_pool_alloc_netmems+0xc4/0x160 [ 53.946733][ T6272] skb_pp_cow_data+0x776/0xf10 [ 53.947990][ T6272] skb_cow_data_for_xdp+0x88/0xb0 [ 53.949322][ T6272] do_xdp_generic+0x3f1/0xe70 [ 53.950630][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 53.952393][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 53.953922][ T6272] __netif_receive_skb+0x1d/0x160 [ 53.955268][ T6272] netif_receive_skb+0x13f/0x7b0 [ 53.956568][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 53.957989][ T6272] tun_get_user+0x2a22/0x3e50 [ 53.959281][ T6272] tun_chr_write_iter+0xdc/0x210 [ 53.960655][ T6272] page last free pid 6258 tgid 6258 stack trace: [ 53.962230][ T6272] free_frozen_pages+0x6db/0xfb0 [ 53.963533][ T6272] tlb_remove_table_rcu+0x116/0x1a0 [ 53.964904][ T6272] rcu_core+0x79d/0x14d0 [ 53.966019][ T6272] handle_softirqs+0x213/0x8f0 [ 53.967292][ T6272] __irq_exit_rcu+0x109/0x170 [ 53.968533][ T6272] irq_exit_rcu+0x9/0x30 [ 53.969649][ T6272] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 53.971207][ T6272] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 53.972759][ T6272] Modules linked in: [ 53.973797][ T6272] CPU: 0 UID: 0 PID: 6272 Comm: syz.3.91 Tainted: G B 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 53.973815][ T6272] Tainted: [B]=BAD_PAGE [ 53.973819][ T6272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.973825][ T6272] Call Trace: [ 53.973829][ T6272] [ 53.973832][ T6272] dump_stack_lvl+0x16c/0x1f0 [ 53.973846][ T6272] bad_page+0xb3/0x1f0 [ 53.973859][ T6272] ? __pfx_bad_page+0x10/0x10 [ 53.973872][ T6272] ? page_bad_reason+0x9d/0x1e0 [ 53.973885][ T6272] free_frozen_pages+0x701/0xfb0 [ 53.973896][ T6272] page_frag_free+0x255/0x2a0 [ 53.973908][ T6272] __xdp_return+0x319/0xa70 [ 53.973923][ T6272] ? kmem_cache_free+0x2e2/0x4d0 [ 53.973934][ T6272] bpf_xdp_adjust_tail+0x9de/0xf70 [ 53.973953][ T6272] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 53.973961][ T6272] bpf_prog_run_generic_xdp+0x623/0x1500 [ 53.973976][ T6272] do_xdp_generic+0x70a/0xe70 [ 53.973988][ T6272] ? __pfx_do_xdp_generic+0x10/0x10 [ 53.974001][ T6272] ? hlock_class+0x4e/0x130 [ 53.974012][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 53.974028][ T6272] ? mark_lock+0xb5/0xc60 [ 53.974043][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 53.974057][ T6272] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 53.974074][ T6272] ? __skb_flow_dissect+0x11df/0x7e40 [ 53.974086][ T6272] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 53.974099][ T6272] ? hlock_class+0x4e/0x130 [ 53.974110][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 53.974125][ T6272] ? handle_mm_fault+0x497/0xaa0 [ 53.974136][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 53.974151][ T6272] ? __pfx_mark_lock+0x10/0x10 [ 53.974166][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 53.974179][ T6272] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 53.974192][ T6272] ? rcu_is_watching+0x12/0xc0 [ 53.974204][ T6272] ? netif_receive_skb+0x109/0x7b0 [ 53.974217][ T6272] __netif_receive_skb+0x1d/0x160 [ 53.974229][ T6272] netif_receive_skb+0x13f/0x7b0 [ 53.974244][ T6272] ? __pfx_netif_receive_skb+0x10/0x10 [ 53.974256][ T6272] ? _copy_from_iter+0x15e/0x1560 [ 53.974267][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 53.974281][ T6272] ? __pfx__copy_from_iter+0x10/0x10 [ 53.974292][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 53.974318][ T6272] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 53.974334][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 53.974350][ T6272] ? lock_acquire+0x2f/0xb0 [ 53.974364][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 53.974380][ T6272] tun_get_user+0x2a22/0x3e50 [ 53.974397][ T6272] ? in_gate_area_no_mm+0x70/0x70 [ 53.974412][ T6272] ? __pfx_tun_get_user+0x10/0x10 [ 53.974442][ T6272] ? find_held_lock+0x2d/0x110 [ 53.974454][ T6272] ? __pfx_lock_release+0x10/0x10 [ 53.974471][ T6272] tun_chr_write_iter+0xdc/0x210 [ 53.974488][ T6272] vfs_write+0x5ae/0x1150 [ 53.974504][ T6272] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 53.974522][ T6272] ? __pfx_vfs_write+0x10/0x10 [ 53.974537][ T6272] ? do_futex+0x123/0x350 [ 53.974550][ T6272] ? __fget_files+0x40/0x3a0 [ 53.974563][ T6272] ksys_write+0x12b/0x250 [ 53.974579][ T6272] ? __pfx_ksys_write+0x10/0x10 [ 53.974597][ T6272] do_syscall_64+0xcd/0x250 [ 53.974610][ T6272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.974625][ T6272] RIP: 0033:0x7f1fb4b8bc1f [ 53.974633][ T6272] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 53.974643][ T6272] RSP: 002b:00007f1fb5930000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 53.974653][ T6272] RAX: ffffffffffffffda RBX: 00007f1fb4da5fa0 RCX: 00007f1fb4b8bc1f [ 53.974659][ T6272] RDX: 0000000000011dc0 RSI: 0000400000000440 RDI: 00000000000000c8 [ 53.974665][ T6272] RBP: 00007f1fb4c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 53.974671][ T6272] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 53.974677][ T6272] R13: 0000000000000000 R14: 00007f1fb4da5fa0 R15: 00007ffc95e3dd38 [ 53.974686][ T6272] [ 53.974700][ T6272] BUG: Bad page state in process syz.3.91 pfn:22ff0 [ 54.076953][ T6272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x22ff0 [ 54.079542][ T6272] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 54.081431][ T6272] raw: 00fff00000000000 dead000000000040 ffff888020063000 0000000000000000 [ 54.083562][ T6272] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 54.085701][ T6272] page dumped because: page_pool leak [ 54.087112][ T6272] page_owner tracks the page as allocated [ 54.088580][ T6272] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6272, tgid 6271 (syz.3.91), ts 52891871670, free_ts 52690721543 [ 54.092840][ T6272] post_alloc_hook+0x181/0x1b0 [ 54.094104][ T6272] get_page_from_freelist+0xfce/0x2f80 [ 54.095550][ T6272] __alloc_frozen_pages_noprof+0x221/0x2470 [ 54.097096][ T6272] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 54.098554][ T6272] __page_pool_alloc_pages_slow+0x18c/0x770 [ 54.100422][ T6272] page_pool_alloc_netmems+0xc4/0x160 [ 54.101830][ T6272] skb_pp_cow_data+0x776/0xf10 [ 54.103096][ T6272] skb_cow_data_for_xdp+0x88/0xb0 [ 54.104422][ T6272] do_xdp_generic+0x3f1/0xe70 [ 54.105653][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 54.107398][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 54.108918][ T6272] __netif_receive_skb+0x1d/0x160 [ 54.110321][ T6272] netif_receive_skb+0x13f/0x7b0 [ 54.111647][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 54.113022][ T6272] tun_get_user+0x2a22/0x3e50 [ 54.114258][ T6272] tun_chr_write_iter+0xdc/0x210 [ 54.115583][ T6272] page last free pid 6258 tgid 6258 stack trace: [ 54.117223][ T6272] free_frozen_pages+0x6db/0xfb0 [ 54.118526][ T6272] tlb_remove_table_rcu+0x116/0x1a0 [ 54.119856][ T6272] rcu_core+0x79d/0x14d0 [ 54.121033][ T6272] handle_softirqs+0x213/0x8f0 [ 54.122362][ T6272] __irq_exit_rcu+0x109/0x170 [ 54.123631][ T6272] irq_exit_rcu+0x9/0x30 [ 54.124766][ T6272] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 54.126238][ T6272] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 54.127816][ T6272] Modules linked in: [ 54.128855][ T6272] CPU: 0 UID: 0 PID: 6272 Comm: syz.3.91 Tainted: G B 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 54.128870][ T6272] Tainted: [B]=BAD_PAGE [ 54.128873][ T6272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 54.128880][ T6272] Call Trace: [ 54.128883][ T6272] [ 54.128887][ T6272] dump_stack_lvl+0x16c/0x1f0 [ 54.128901][ T6272] bad_page+0xb3/0x1f0 [ 54.128914][ T6272] ? __pfx_bad_page+0x10/0x10 [ 54.128927][ T6272] ? page_bad_reason+0x9d/0x1e0 [ 54.128940][ T6272] free_frozen_pages+0x701/0xfb0 [ 54.128951][ T6272] page_frag_free+0x255/0x2a0 [ 54.128963][ T6272] __xdp_return+0x319/0xa70 [ 54.128979][ T6272] ? kmem_cache_free+0x2e2/0x4d0 [ 54.128989][ T6272] bpf_xdp_adjust_tail+0x9de/0xf70 [ 54.129008][ T6272] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 54.129016][ T6272] bpf_prog_run_generic_xdp+0x623/0x1500 [ 54.129032][ T6272] do_xdp_generic+0x70a/0xe70 [ 54.129044][ T6272] ? __pfx_do_xdp_generic+0x10/0x10 [ 54.129057][ T6272] ? hlock_class+0x4e/0x130 [ 54.129068][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 54.129084][ T6272] ? mark_lock+0xb5/0xc60 [ 54.129099][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 54.129113][ T6272] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 54.129130][ T6272] ? __skb_flow_dissect+0x11df/0x7e40 [ 54.129142][ T6272] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 54.129156][ T6272] ? hlock_class+0x4e/0x130 [ 54.129166][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 54.129182][ T6272] ? handle_mm_fault+0x497/0xaa0 [ 54.129192][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 54.129207][ T6272] ? __pfx_mark_lock+0x10/0x10 [ 54.129222][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 54.129238][ T6272] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 54.129251][ T6272] ? rcu_is_watching+0x12/0xc0 [ 54.129264][ T6272] ? netif_receive_skb+0x109/0x7b0 [ 54.129276][ T6272] __netif_receive_skb+0x1d/0x160 [ 54.129288][ T6272] netif_receive_skb+0x13f/0x7b0 [ 54.129300][ T6272] ? __pfx_netif_receive_skb+0x10/0x10 [ 54.129312][ T6272] ? _copy_from_iter+0x15e/0x1560 [ 54.129322][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 54.129337][ T6272] ? __pfx__copy_from_iter+0x10/0x10 [ 54.129347][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 54.129363][ T6272] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 54.129379][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 54.129395][ T6272] ? lock_acquire+0x2f/0xb0 [ 54.129409][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 54.129425][ T6272] tun_get_user+0x2a22/0x3e50 [ 54.129441][ T6272] ? in_gate_area_no_mm+0x70/0x70 [ 54.129456][ T6272] ? __pfx_tun_get_user+0x10/0x10 [ 54.129472][ T6272] ? find_held_lock+0x2d/0x110 [ 54.129484][ T6272] ? __pfx_lock_release+0x10/0x10 [ 54.129501][ T6272] tun_chr_write_iter+0xdc/0x210 [ 54.129517][ T6272] vfs_write+0x5ae/0x1150 [ 54.129535][ T6272] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 54.129551][ T6272] ? __pfx_vfs_write+0x10/0x10 [ 54.129567][ T6272] ? do_futex+0x123/0x350 [ 54.129580][ T6272] ? __fget_files+0x40/0x3a0 [ 54.129592][ T6272] ksys_write+0x12b/0x250 [ 54.129609][ T6272] ? __pfx_ksys_write+0x10/0x10 [ 54.129627][ T6272] do_syscall_64+0xcd/0x250 [ 54.129640][ T6272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.129655][ T6272] RIP: 0033:0x7f1fb4b8bc1f [ 54.129663][ T6272] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 54.129673][ T6272] RSP: 002b:00007f1fb5930000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 54.129682][ T6272] RAX: ffffffffffffffda RBX: 00007f1fb4da5fa0 RCX: 00007f1fb4b8bc1f [ 54.129689][ T6272] RDX: 0000000000011dc0 RSI: 0000400000000440 RDI: 00000000000000c8 [ 54.129695][ T6272] RBP: 00007f1fb4c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 54.129701][ T6272] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 54.129707][ T6272] R13: 0000000000000000 R14: 00007f1fb4da5fa0 R15: 00007ffc95e3dd38 [ 54.129716][ T6272] [ 54.129721][ T6272] BUG: Bad page state in process syz.3.91 pfn:2713a [ 54.231703][ T6272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2713a [ 54.233962][ T6272] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 54.235820][ T6272] raw: 00fff00000000000 dead000000000040 ffff888020063000 0000000000000000 [ 54.238018][ T6272] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 54.240178][ T6272] page dumped because: page_pool leak [ 54.241512][ T6272] page_owner tracks the page as allocated [ 54.243180][ T6272] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6272, tgid 6271 (syz.3.91), ts 52891863584, free_ts 52690731660 [ 54.247326][ T6272] post_alloc_hook+0x181/0x1b0 [ 54.248591][ T6272] get_page_from_freelist+0xfce/0x2f80 [ 54.250013][ T6272] __alloc_frozen_pages_noprof+0x221/0x2470 [ 54.251618][ T6272] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 54.252948][ T6272] __page_pool_alloc_pages_slow+0x18c/0x770 [ 54.254506][ T6272] page_pool_alloc_netmems+0xc4/0x160 [ 54.255924][ T6272] skb_pp_cow_data+0x776/0xf10 [ 54.257188][ T6272] skb_cow_data_for_xdp+0x88/0xb0 [ 54.258523][ T6272] do_xdp_generic+0x3f1/0xe70 [ 54.259776][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 54.261489][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 54.263008][ T6272] __netif_receive_skb+0x1d/0x160 [ 54.264362][ T6272] netif_receive_skb+0x13f/0x7b0 [ 54.265642][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 54.266991][ T6272] tun_get_user+0x2a22/0x3e50 [ 54.268176][ T6272] tun_chr_write_iter+0xdc/0x210 [ 54.269455][ T6272] page last free pid 6258 tgid 6258 stack trace: [ 54.271135][ T6272] free_frozen_pages+0x6db/0xfb0 [ 54.272374][ T6272] tlb_remove_table_rcu+0x116/0x1a0 [ 54.273673][ T6272] rcu_core+0x79d/0x14d0 [ 54.274749][ T6272] handle_softirqs+0x213/0x8f0 [ 54.275980][ T6272] __irq_exit_rcu+0x109/0x170 [ 54.277238][ T6272] irq_exit_rcu+0x9/0x30 [ 54.278389][ T6272] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 54.279872][ T6272] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 54.281507][ T6272] Modules linked in: [ 54.282521][ T6272] CPU: 0 UID: 0 PID: 6272 Comm: syz.3.91 Tainted: G B 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 54.282536][ T6272] Tainted: [B]=BAD_PAGE [ 54.282539][ T6272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 54.282546][ T6272] Call Trace: [ 54.282549][ T6272] [ 54.282553][ T6272] dump_stack_lvl+0x16c/0x1f0 [ 54.282567][ T6272] bad_page+0xb3/0x1f0 [ 54.282581][ T6272] ? __pfx_bad_page+0x10/0x10 [ 54.282594][ T6272] ? page_bad_reason+0x9d/0x1e0 [ 54.282607][ T6272] free_frozen_pages+0x701/0xfb0 [ 54.282617][ T6272] page_frag_free+0x255/0x2a0 [ 54.282630][ T6272] __xdp_return+0x319/0xa70 [ 54.282645][ T6272] ? kmem_cache_free+0x2e2/0x4d0 [ 54.282656][ T6272] bpf_xdp_adjust_tail+0x9de/0xf70 [ 54.282675][ T6272] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 54.282683][ T6272] bpf_prog_run_generic_xdp+0x623/0x1500 [ 54.282699][ T6272] do_xdp_generic+0x70a/0xe70 [ 54.282711][ T6272] ? __pfx_do_xdp_generic+0x10/0x10 [ 54.282724][ T6272] ? hlock_class+0x4e/0x130 [ 54.282735][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 54.282751][ T6272] ? mark_lock+0xb5/0xc60 [ 54.282766][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 54.282781][ T6272] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 54.282799][ T6272] ? __skb_flow_dissect+0x11df/0x7e40 [ 54.282810][ T6272] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 54.282824][ T6272] ? hlock_class+0x4e/0x130 [ 54.282834][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 54.282850][ T6272] ? handle_mm_fault+0x497/0xaa0 [ 54.282861][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 54.282876][ T6272] ? __pfx_mark_lock+0x10/0x10 [ 54.282892][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 54.282905][ T6272] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 54.282918][ T6272] ? rcu_is_watching+0x12/0xc0 [ 54.282930][ T6272] ? netif_receive_skb+0x109/0x7b0 [ 54.282943][ T6272] __netif_receive_skb+0x1d/0x160 [ 54.282955][ T6272] netif_receive_skb+0x13f/0x7b0 [ 54.282967][ T6272] ? __pfx_netif_receive_skb+0x10/0x10 [ 54.282979][ T6272] ? _copy_from_iter+0x15e/0x1560 [ 54.282990][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 54.283004][ T6272] ? __pfx__copy_from_iter+0x10/0x10 [ 54.283015][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 54.283031][ T6272] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 54.283047][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 54.283062][ T6272] ? lock_acquire+0x2f/0xb0 [ 54.283076][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 54.283093][ T6272] tun_get_user+0x2a22/0x3e50 [ 54.283109][ T6272] ? in_gate_area_no_mm+0x70/0x70 [ 54.283125][ T6272] ? __pfx_tun_get_user+0x10/0x10 [ 54.283141][ T6272] ? find_held_lock+0x2d/0x110 [ 54.283152][ T6272] ? __pfx_lock_release+0x10/0x10 [ 54.283176][ T6272] tun_chr_write_iter+0xdc/0x210 [ 54.283198][ T6272] vfs_write+0x5ae/0x1150 [ 54.283240][ T6272] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 54.283264][ T6272] ? __pfx_vfs_write+0x10/0x10 [ 54.283290][ T6272] ? do_futex+0x123/0x350 [ 54.283313][ T6272] ? __fget_files+0x40/0x3a0 [ 54.283330][ T6272] ksys_write+0x12b/0x250 [ 54.283352][ T6272] ? __pfx_ksys_write+0x10/0x10 [ 54.283376][ T6272] do_syscall_64+0xcd/0x250 [ 54.283394][ T6272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.283410][ T6272] RIP: 0033:0x7f1fb4b8bc1f [ 54.283418][ T6272] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 54.283429][ T6272] RSP: 002b:00007f1fb5930000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 54.283439][ T6272] RAX: ffffffffffffffda RBX: 00007f1fb4da5fa0 RCX: 00007f1fb4b8bc1f [ 54.283448][ T6272] RDX: 0000000000011dc0 RSI: 0000400000000440 RDI: 00000000000000c8 [ 54.283457][ T6272] RBP: 00007f1fb4c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 54.283466][ T6272] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 54.283474][ T6272] R13: 0000000000000000 R14: 00007f1fb4da5fa0 R15: 00007ffc95e3dd38 [ 54.283489][ T6272] [ 54.283514][ T6272] BUG: Bad page state in process syz.3.91 pfn:30b40 [ 54.387788][ T6272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888030b40f00 pfn:0x30b40 [ 54.390541][ T6272] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 54.392463][ T6272] raw: 00fff00000000000 dead000000000040 ffff888020063000 0000000000000000 [ 54.394749][ T6272] raw: ffff888030b40f00 0000000000000001 00000000ffffffff 0000000000000000 [ 54.397040][ T6272] page dumped because: page_pool leak [ 54.398560][ T6272] page_owner tracks the page as allocated [ 54.400109][ T6272] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6272, tgid 6271 (syz.3.91), ts 52891855399, free_ts 52690748232 [ 54.404728][ T6272] post_alloc_hook+0x181/0x1b0 [ 54.405976][ T6272] get_page_from_freelist+0xfce/0x2f80 [ 54.407347][ T6272] __alloc_frozen_pages_noprof+0x221/0x2470 [ 54.409019][ T6272] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 54.410649][ T6272] __page_pool_alloc_pages_slow+0x18c/0x770 [ 54.412377][ T6272] page_pool_alloc_netmems+0xc4/0x160 [ 54.413801][ T6272] skb_pp_cow_data+0x776/0xf10 [ 54.415104][ T6272] skb_cow_data_for_xdp+0x88/0xb0 [ 54.416448][ T6272] do_xdp_generic+0x3f1/0xe70 [ 54.417719][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 54.419495][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 54.421122][ T6272] __netif_receive_skb+0x1d/0x160 [ 54.422659][ T6272] netif_receive_skb+0x13f/0x7b0 [ 54.423992][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 54.425396][ T6272] tun_get_user+0x2a22/0x3e50 [ 54.426691][ T6272] tun_chr_write_iter+0xdc/0x210 [ 54.428028][ T6272] page last free pid 6258 tgid 6258 stack trace: [ 54.429688][ T6272] free_frozen_pages+0x6db/0xfb0 [ 54.431521][ T6272] tlb_remove_table_rcu+0x116/0x1a0 [ 54.433177][ T6272] rcu_core+0x79d/0x14d0 [ 54.434559][ T6272] handle_softirqs+0x213/0x8f0 [ 54.436044][ T6272] __irq_exit_rcu+0x109/0x170 [ 54.437305][ T6272] irq_exit_rcu+0x9/0x30 [ 54.438482][ T6272] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 54.439975][ T6272] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 54.441654][ T6272] Modules linked in: [ 54.442829][ T6272] CPU: 0 UID: 0 PID: 6272 Comm: syz.3.91 Tainted: G B 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 54.442846][ T6272] Tainted: [B]=BAD_PAGE [ 54.442849][ T6272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 54.442856][ T6272] Call Trace: [ 54.442860][ T6272] [ 54.442864][ T6272] dump_stack_lvl+0x16c/0x1f0 [ 54.442879][ T6272] bad_page+0xb3/0x1f0 [ 54.442892][ T6272] ? __pfx_bad_page+0x10/0x10 [ 54.442905][ T6272] ? page_bad_reason+0x9d/0x1e0 [ 54.442918][ T6272] free_frozen_pages+0x701/0xfb0 [ 54.442929][ T6272] page_frag_free+0x255/0x2a0 [ 54.442941][ T6272] __xdp_return+0x319/0xa70 [ 54.442958][ T6272] ? kmem_cache_free+0x2e2/0x4d0 [ 54.442968][ T6272] bpf_xdp_adjust_tail+0x9de/0xf70 [ 54.442988][ T6272] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 54.442996][ T6272] bpf_prog_run_generic_xdp+0x623/0x1500 [ 54.443012][ T6272] do_xdp_generic+0x70a/0xe70 [ 54.443024][ T6272] ? __pfx_do_xdp_generic+0x10/0x10 [ 54.443037][ T6272] ? hlock_class+0x4e/0x130 [ 54.443048][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 54.443064][ T6272] ? mark_lock+0xb5/0xc60 [ 54.443080][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 54.443094][ T6272] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 54.443111][ T6272] ? __skb_flow_dissect+0x11df/0x7e40 [ 54.443123][ T6272] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 54.443137][ T6272] ? hlock_class+0x4e/0x130 [ 54.443153][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 54.443169][ T6272] ? handle_mm_fault+0x497/0xaa0 [ 54.443180][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 54.443194][ T6272] ? __pfx_mark_lock+0x10/0x10 [ 54.443210][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 54.443223][ T6272] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 54.443236][ T6272] ? rcu_is_watching+0x12/0xc0 [ 54.443248][ T6272] ? netif_receive_skb+0x109/0x7b0 [ 54.443260][ T6272] __netif_receive_skb+0x1d/0x160 [ 54.443273][ T6272] netif_receive_skb+0x13f/0x7b0 [ 54.443284][ T6272] ? __pfx_netif_receive_skb+0x10/0x10 [ 54.443297][ T6272] ? _copy_from_iter+0x15e/0x1560 [ 54.443308][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 54.443322][ T6272] ? __pfx__copy_from_iter+0x10/0x10 [ 54.443333][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 54.443349][ T6272] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 54.443365][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 54.443381][ T6272] ? lock_acquire+0x2f/0xb0 [ 54.443395][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 54.443412][ T6272] tun_get_user+0x2a22/0x3e50 [ 54.443429][ T6272] ? in_gate_area_no_mm+0x70/0x70 [ 54.443445][ T6272] ? __pfx_tun_get_user+0x10/0x10 [ 54.443461][ T6272] ? find_held_lock+0x2d/0x110 [ 54.443473][ T6272] ? __pfx_lock_release+0x10/0x10 [ 54.443490][ T6272] tun_chr_write_iter+0xdc/0x210 [ 54.443506][ T6272] vfs_write+0x5ae/0x1150 [ 54.443530][ T6272] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 54.443555][ T6272] ? __pfx_vfs_write+0x10/0x10 [ 54.443579][ T6272] ? do_futex+0x123/0x350 [ 54.443598][ T6272] ? __fget_files+0x40/0x3a0 [ 54.443615][ T6272] ksys_write+0x12b/0x250 [ 54.443632][ T6272] ? __pfx_ksys_write+0x10/0x10 [ 54.443650][ T6272] do_syscall_64+0xcd/0x250 [ 54.443664][ T6272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.443679][ T6272] RIP: 0033:0x7f1fb4b8bc1f [ 54.443688][ T6272] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 54.443699][ T6272] RSP: 002b:00007f1fb5930000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 54.443709][ T6272] RAX: ffffffffffffffda RBX: 00007f1fb4da5fa0 RCX: 00007f1fb4b8bc1f [ 54.443716][ T6272] RDX: 0000000000011dc0 RSI: 0000400000000440 RDI: 00000000000000c8 [ 54.443722][ T6272] RBP: 00007f1fb4c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 54.443728][ T6272] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 54.443735][ T6272] R13: 0000000000000000 R14: 00007f1fb4da5fa0 R15: 00007ffc95e3dd38 [ 54.443744][ T6272] [ 54.443750][ T6272] BUG: Bad page state in process syz.3.91 pfn:23cd2 [ 54.551281][ T6272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x23cd2 [ 54.554371][ T6272] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 54.556590][ T6272] raw: 00fff00000000000 dead000000000040 ffff888020063000 0000000000000000 [ 54.558867][ T6272] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 54.561348][ T6272] page dumped because: page_pool leak [ 54.563018][ T6272] page_owner tracks the page as allocated [ 54.564523][ T6272] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6272, tgid 6271 (syz.3.91), ts 52891847477, free_ts 52690764959 [ 54.568837][ T6272] post_alloc_hook+0x181/0x1b0 [ 54.570221][ T6272] get_page_from_freelist+0xfce/0x2f80 [ 54.571843][ T6272] __alloc_frozen_pages_noprof+0x221/0x2470 [ 54.573417][ T6272] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 54.574890][ T6272] __page_pool_alloc_pages_slow+0x18c/0x770 [ 54.576459][ T6272] page_pool_alloc_netmems+0xc4/0x160 [ 54.577964][ T6272] skb_pp_cow_data+0x776/0xf10 [ 54.579276][ T6272] skb_cow_data_for_xdp+0x88/0xb0 [ 54.580702][ T6272] do_xdp_generic+0x3f1/0xe70 [ 54.582064][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 54.583867][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 54.585407][ T6272] __netif_receive_skb+0x1d/0x160 [ 54.586790][ T6272] netif_receive_skb+0x13f/0x7b0 [ 54.588090][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 54.589440][ T6272] tun_get_user+0x2a22/0x3e50 [ 54.590875][ T6272] tun_chr_write_iter+0xdc/0x210 [ 54.592278][ T6272] page last free pid 6258 tgid 6258 stack trace: [ 54.593944][ T6272] free_frozen_pages+0x6db/0xfb0 [ 54.595292][ T6272] tlb_remove_table_rcu+0x116/0x1a0 [ 54.596612][ T6272] rcu_core+0x79d/0x14d0 [ 54.597784][ T6272] handle_softirqs+0x213/0x8f0 [ 54.599067][ T6272] __irq_exit_rcu+0x109/0x170 [ 54.600423][ T6272] irq_exit_rcu+0x9/0x30 [ 54.601945][ T6272] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 54.603914][ T6272] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 54.605993][ T6272] Modules linked in: [ 54.607404][ T6272] CPU: 0 UID: 0 PID: 6272 Comm: syz.3.91 Tainted: G B 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 54.607428][ T6272] Tainted: [B]=BAD_PAGE [ 54.607434][ T6272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 54.607444][ T6272] Call Trace: [ 54.607450][ T6272] [ 54.607456][ T6272] dump_stack_lvl+0x16c/0x1f0 [ 54.607477][ T6272] bad_page+0xb3/0x1f0 [ 54.607498][ T6272] ? __pfx_bad_page+0x10/0x10 [ 54.607519][ T6272] ? page_bad_reason+0x9d/0x1e0 [ 54.607540][ T6272] free_frozen_pages+0x701/0xfb0 [ 54.607559][ T6272] page_frag_free+0x255/0x2a0 [ 54.607578][ T6272] __xdp_return+0x319/0xa70 [ 54.607602][ T6272] ? kmem_cache_free+0x2e2/0x4d0 [ 54.607619][ T6272] bpf_xdp_adjust_tail+0x9de/0xf70 [ 54.607651][ T6272] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 54.607664][ T6272] bpf_prog_run_generic_xdp+0x623/0x1500 [ 54.607689][ T6272] do_xdp_generic+0x70a/0xe70 [ 54.607710][ T6272] ? __pfx_do_xdp_generic+0x10/0x10 [ 54.607731][ T6272] ? hlock_class+0x4e/0x130 [ 54.607748][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 54.607774][ T6272] ? mark_lock+0xb5/0xc60 [ 54.607798][ T6272] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 54.607821][ T6272] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 54.607848][ T6272] ? __skb_flow_dissect+0x11df/0x7e40 [ 54.607867][ T6272] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 54.607888][ T6272] ? hlock_class+0x4e/0x130 [ 54.607905][ T6272] ? __lock_acquire+0xcc5/0x3c40 [ 54.607931][ T6272] ? handle_mm_fault+0x497/0xaa0 [ 54.607947][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 54.607968][ T6272] ? __pfx_mark_lock+0x10/0x10 [ 54.607994][ T6272] __netif_receive_skb_one_core+0xb1/0x1e0 [ 54.608014][ T6272] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 54.608034][ T6272] ? rcu_is_watching+0x12/0xc0 [ 54.608052][ T6272] ? netif_receive_skb+0x109/0x7b0 [ 54.608073][ T6272] __netif_receive_skb+0x1d/0x160 [ 54.608092][ T6272] netif_receive_skb+0x13f/0x7b0 [ 54.608111][ T6272] ? __pfx_netif_receive_skb+0x10/0x10 [ 54.608130][ T6272] ? _copy_from_iter+0x15e/0x1560 [ 54.608151][ T6272] ? __pfx___lock_acquire+0x10/0x10 [ 54.608174][ T6272] ? __pfx__copy_from_iter+0x10/0x10 [ 54.608192][ T6272] tun_rx_batched.isra.0+0x3eb/0x730 [ 54.608220][ T6272] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 54.608247][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 54.608272][ T6272] ? lock_acquire+0x2f/0xb0 [ 54.608295][ T6272] ? tun_get_user+0x13e6/0x3e50 [ 54.608321][ T6272] tun_get_user+0x2a22/0x3e50 [ 54.608347][ T6272] ? in_gate_area_no_mm+0x70/0x70 [ 54.608373][ T6272] ? __pfx_tun_get_user+0x10/0x10 [ 54.608397][ T6272] ? find_held_lock+0x2d/0x110 [ 54.608415][ T6272] ? __pfx_lock_release+0x10/0x10 [ 54.608443][ T6272] tun_chr_write_iter+0xdc/0x210 [ 54.608469][ T6272] vfs_write+0x5ae/0x1150 [ 54.608495][ T6272] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 54.608522][ T6272] ? __pfx_vfs_write+0x10/0x10 [ 54.608546][ T6272] ? do_futex+0x123/0x350 [ 54.608567][ T6272] ? __fget_files+0x40/0x3a0 [ 54.608588][ T6272] ksys_write+0x12b/0x250 [ 54.608613][ T6272] ? __pfx_ksys_write+0x10/0x10 [ 54.608642][ T6272] do_syscall_64+0xcd/0x250 [ 54.608664][ T6272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.608688][ T6272] RIP: 0033:0x7f1fb4b8bc1f [ 54.608701][ T6272] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 54.608717][ T6272] RSP: 002b:00007f1fb5930000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 54.608734][ T6272] RAX: ffffffffffffffda RBX: 00007f1fb4da5fa0 RCX: 00007f1fb4b8bc1f [ 54.608745][ T6272] RDX: 0000000000011dc0 RSI: 0000400000000440 RDI: 00000000000000c8 [ 54.608756][ T6272] RBP: 00007f1fb4c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 54.608766][ T6272] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000 [ 54.608776][ T6272] R13: 0000000000000000 R14: 00007f1fb4da5fa0 R15: 00007ffc95e3dd38 [ 54.608792][ T6272] [ 54.736385][ T5951] Bluetooth: hci2: command tx timeout [ 55.019949][ T6273] __nla_validate_parse: 11 callbacks suppressed [ 55.019960][ T6273] netlink: 4 bytes leftover after parsing attributes in process `syz.2.90'. VM DIAGNOSIS: 17:02:28 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85407635 RDI=ffffffff9ab80780 RBP=ffffffff9ab80740 RSP=ffffc90004676ad0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000006 R12=0000000000000000 R13=0000000000000030 R14=ffffffff9ab80740 R15=0000000000000000 RIP=ffffffff8540765f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f1fb59306c0 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000400000012000 CR3=000000002f6b6000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000001000003 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1fb4c0f282 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1fb4c0f28f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1fb4c0f289 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1fb4c0f29d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1fb4c0f323 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1fb4c0f401 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1fb4d7c488 00007f1fb4d7c480 00007f1fb4d7c478 00007f1fb4d7c450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1fb58dd100 00007f1fb4d7c440 00007f1fb4d7c458 00007f1fb4d7c4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1fb4d7c498 00007f1fb4d7c490 00007f1fb4d7c488 00007f1fb4d7c480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 0000000000000000 0000000000000000 0000000000000210 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff81c900eb RDX=ffff88803092c880 RSI=ffffffff81c9012e RDI=ffff88804f38e428 RBP=0000000000000000 RSP=ffffc90003b47238 R8 =0000000000000006 R9 =00007f94d89839d3 R10=ffffffffa0000954 R11=0000000000000003 R12=00007f94d89839d3 R13=dffffc0000000000 R14=0000000000000000 R15=ffffffffa0000954 RIP=ffffffff81b9e031 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000055556543e500 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f94d96d56c0 CR3=0000000049902000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c0fffc00 Opmask01=00000000000000ff Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055557f63acf0 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055557f6385e7 000055557f637e90 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055557f62c4a0 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055557f631167 000055557f630fe0 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055557f63c5c4 000055557f63c5c0 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000002100000118 4208018003018004 0a90030a08000a88 033008000a80030c ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2008000c90031fff ffffffffff040c80 031fffffffffffff 040bf0030008000b ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 e8030008000be003 0008000bd8030008 000bd0031fffffff ffffff040bc00320 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 08000bb803000800 0bb0031fffffffff ffff040ba0031008 000b98030108000b ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 90030008000b8803 0008000b80030000 0000000000000000 00000000000001ff ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 030380040aa00395 00000023000000a5 0000007500000085 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0ac0030008000ab8 030008000ab00300 4c504701ffffffff fffffffff7080380 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffdf 080ae0030008000a d8030008000ad003 1fffffffffffff04 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0100100001080001 0000000806060103 ac18080006100020 100006016da80186 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000080000002 RBX=0000000001188390 RCX=ffffffff82287dc4 RDX=ffff888025050000 RSI=ffffffff82287de0 RDI=0000000000000007 RBP=0000000000000000 RSP=ffffc900032f7628 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000007 R12=ffff88801d008390 R13=0000000000000000 R14=0000000000000008 R15=0000000000000001 RIP=ffffffff81b9e02b RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00005555659c6500 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f1db24d56c0 CR3=0000000029446000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe1115a000 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1db180f282 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1db180f28f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1db180f289 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1db180f29d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1db180f323 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1db180f401 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000f0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0000000000000000 0000000000000000 00000000000000f0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000080000 RBX=0000000000000040 RCX=ffffc9000d363000 RDX=0000000000080000 RSI=ffffffff84c313c6 RDI=0000000000000001 RBP=0000000000000000 RSP=ffffc900030a7bc8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=00000000456b49a3 R12=ffffc900030a7e80 R13=ffffc900030a7d98 R14=ffffc900030a7e80 R15=000000007fad2b00 RIP=ffffffff81b9e04a RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fde4481f6c0 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000040000052c000 CR3=000000003201c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fde43a0f282 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fde43a0f28f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fde43a0f289 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fde43a0f29d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fde43a0f323 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fde43a0f401 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fde43b7c488 00007fde43b7c480 00007fde43b7c478 00007fde43b7c450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fde446dd100 00007fde43b7c440 00007fde43b7c458 00007fde43b7c4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fde43b7c498 00007fde43b7c490 00007fde43b7c488 00007fde43b7c480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000