last executing test programs: 8m6.440280563s ago: executing program 1 (id=418): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r2}, 0x10) semop(0x0, 0x0, 0x0) nanosleep(&(0x7f00000000c0)={0x0, 0x989680}, 0x0) 8m4.627944556s ago: executing program 1 (id=420): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000fcffffff18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x10) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x46141, 0x0) fcntl$setlease(r2, 0x400, 0x0) 8m3.028138126s ago: executing program 1 (id=421): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'wg2\x00'}) sendto$packet(r2, &(0x7f0000000180)="0b031407e0ff640f0200475400f6a13bb1000e00080008004803", 0x1a, 0x0, 0x0, 0x0) 8m0.641949774s ago: executing program 1 (id=423): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1817c1, 0x0) mount(0x0, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000800)='9p\x00', 0x0, &(0x7f0000000900)='trans=tcp,') 7m57.788605276s ago: executing program 1 (id=425): r0 = syz_open_procfs(0x0, &(0x7f0000000140)='cgroup\x00') preadv(r0, &(0x7f00000000c0), 0x0, 0x131, 0x0) 7m55.197082215s ago: executing program 1 (id=427): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) socket$inet6(0xa, 0x800000000000002, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff000000", @ANYRES32=0x0, @ANYRES32], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000002, 0x13, r1, 0x0) 7m8.370267068s ago: executing program 32 (id=427): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) socket$inet6(0xa, 0x800000000000002, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff000000", @ANYRES32=0x0, @ANYRES32], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000002, 0x13, r1, 0x0) 53.841640349s ago: executing program 2 (id=533): execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x800) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x3, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000000)=@generic={0x1, 0xe, 0x6}) 37.52283724s ago: executing program 2 (id=539): socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r0, &(0x7f00000002c0)='devices.deny\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5}, &(0x7f0000000240), &(0x7f00000003c0)=r1}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000380)={r6, r3, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x1c) syz_emit_ethernet(0x4a, &(0x7f0000000040)=ANY=[], 0x0) 33.012511974s ago: executing program 2 (id=542): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) getpid() r1 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000200)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) 27.604236918s ago: executing program 0 (id=545): unshare(0x24060400) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) 25.875215454s ago: executing program 0 (id=546): socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r0, &(0x7f00000002c0)='devices.deny\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5}, &(0x7f0000000240), &(0x7f00000003c0)=r1}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000380)={r6, r3, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x1c) syz_emit_ethernet(0x4a, &(0x7f0000000040)=ANY=[], 0x0) 22.630475235s ago: executing program 0 (id=547): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) timer_create(0x0, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x4, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x8, 0x1, 0x2b}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 15.477453149s ago: executing program 2 (id=548): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000500)=ANY=[@ANYBLOB="b7020000e4000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000000000006a0a00ff00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2f01806fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c7c77f0979b34e1ad837ff0d10b97163c1d6d0e196bf02f46c7953ab1abda45cbe8d0d26b5069f8a98f7dc8f76b74635fc9f9de9ca3c0ec0cb9bf4e418d076df4c7df0a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346b1004006000000e1ffff8816326d7d25c32aac1c7d5b5be399f6609876b5887437a172fbc02a74135b29194e533583412dff048f0000000000000000b2728a0481e9f0da43bb6cfb851cd364ff19ffcafe3e64be033c9d2f002cc93c1c13caec04a347383420336bec88c24a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad3e328a100000000b515a1000000000000000eb2e9c15b6c8f6198282df27badac8500bc7d202e0990"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0xffff0000, 0xf0, 0xe200, &(0x7f0000001a40)="2b206d074843b397737ea49da2aa", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x48) 7.732444411s ago: executing program 0 (id=549): ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(0xffffffffffffffff, 0x4008af23, 0x0) eventfd2(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_type(r0, &(0x7f0000000300), 0x2, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000200)=0x1, 0x12) write$cgroup_int(r3, &(0x7f00000000c0), 0x12) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r4) 7.179087222s ago: executing program 2 (id=550): r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000300000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50) pwritev(r0, &(0x7f0000000140)=[{&(0x7f0000000040)="55fbcfd952994b93f6350c20c2203addf45fd0ebf8da4ef51a3d741f2821a281f699318fde417a2b67838cda123c0cbc40d2b49bc0283a69af65d322e416d1af347bbe2127a697bb40b4b7854f7a5b2e5aaa7b516f21b711df720a0d10ac4134c8511c7fc50a99d1d351bab5a60621e25309c7b7b84c66cf74105a17ddb7524ac01fcd1f30cdd2ed6046471bb18de8a7e19da7b5ea3de7a6cf3df060730adc36f1837a5205172d3d1000e9f98329e7c8b5100257d9963e745b4c", 0xba}, {&(0x7f0000000100)}], 0x2, 0x962, 0x3) 4.752502078s ago: executing program 0 (id=551): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x1) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 2.241986671s ago: executing program 2 (id=552): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000a80)=ANY=[], 0x0) 0s ago: executing program 0 (id=553): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000013c0)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000feffffff0000000000006bcd850000004100000085000000a000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0x11, 0x0, &(0x7f00000000c0)="1fce66fbd35b01d78e557fcfff3d2b4017", 0x0, 0x101008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x1}, 0x50) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:57844' (ED25519) to the list of known hosts. syzkaller login: [ 320.463782][ T3170] cgroup: Unknown subsys name 'net' [ 320.855097][ T3170] cgroup: Unknown subsys name 'cpuset' [ 320.922966][ T3170] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 380.406533][ T3170] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 437.872038][ T3176] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 437.967016][ T3176] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 441.733554][ T3178] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 441.795557][ T3178] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 448.849037][ T3176] hsr_slave_0: entered promiscuous mode [ 448.875817][ T3176] hsr_slave_1: entered promiscuous mode [ 454.093539][ T3178] hsr_slave_0: entered promiscuous mode [ 454.112610][ T3178] hsr_slave_1: entered promiscuous mode [ 454.126877][ T3178] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 454.129907][ T3178] Cannot create hsr debugfs directory [ 456.806289][ T3176] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 457.078250][ T3176] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 457.169737][ T3176] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 457.494147][ T3176] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 460.035981][ T3178] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 460.138636][ T3178] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 460.228892][ T3178] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 460.340242][ T3178] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 465.526006][ T3176] 8021q: adding VLAN 0 to HW filter on device bond0 [ 469.979488][ T3178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 493.796225][ T3176] veth0_vlan: entered promiscuous mode [ 494.049011][ T3176] veth1_vlan: entered promiscuous mode [ 494.996419][ T3176] veth0_macvtap: entered promiscuous mode [ 495.346294][ T3176] veth1_macvtap: entered promiscuous mode [ 497.287713][ T3176] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.322902][ T3176] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.325434][ T3176] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.327520][ T3176] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 504.883505][ T3176] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 510.376581][ T3866] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 514.788880][ T3178] veth0_vlan: entered promiscuous mode [ 515.216813][ T3178] veth1_vlan: entered promiscuous mode [ 515.878605][ T3873] ip6tnl1: entered promiscuous mode [ 515.896422][ T3873] ip6tnl1: entered allmulticast mode [ 517.645314][ T3178] veth0_macvtap: entered promiscuous mode [ 518.082812][ T3178] veth1_macvtap: entered promiscuous mode [ 519.684938][ T3178] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.687293][ T3178] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.689537][ T3178] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.703928][ T3178] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.694414][ T3901] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 545.616683][ T34] audit: type=1326 audit(544.750:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3924 comm="syz.1.17" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 545.624536][ T34] audit: type=1326 audit(544.770:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3924 comm="syz.1.17" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 545.806642][ T34] audit: type=1326 audit(544.930:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3924 comm="syz.1.17" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 545.827842][ T34] audit: type=1326 audit(544.960:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3924 comm="syz.1.17" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 545.878704][ T34] audit: type=1326 audit(545.020:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3924 comm="syz.1.17" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 545.933725][ T34] audit: type=1326 audit(545.070:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3924 comm="syz.1.17" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 545.957564][ T34] audit: type=1326 audit(545.090:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3924 comm="syz.1.17" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 545.972710][ T34] audit: type=1326 audit(545.100:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3924 comm="syz.1.17" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 546.012457][ T34] audit: type=1326 audit(545.140:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3924 comm="syz.1.17" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 546.055453][ T34] audit: type=1326 audit(545.150:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3924 comm="syz.1.17" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 547.176907][ T3927] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.717036][ T3927] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 548.516846][ T3927] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.056108][ T3927] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.888530][ T3927] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.157662][ T3927] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.354642][ T3927] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.515010][ T3927] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.707546][ T3951] netlink: 8 bytes leftover after parsing attributes in process `syz.0.20'. [ 556.125851][ T3956] xt_socket: unknown flags 0xd0 [ 557.835065][ T3959] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 580.282673][ T3996] syz.0.39 uses obsolete (PF_INET,SOCK_PACKET) [ 594.326090][ T4021] syz.0.49: attempt to access beyond end of device [ 594.326090][ T4021] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 594.344539][ T4022] netlink: 'syz.1.50': attribute type 4 has an invalid length. [ 610.136025][ T4041] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 635.438409][ T4089] Illegal XDP return value 3219807488 on prog (id 7) dev syz_tun, expect packet loss! [ 635.819763][ T4088] syzkaller1: entered promiscuous mode [ 635.822957][ T4088] syzkaller1: entered allmulticast mode [ 638.235852][ T4095] netlink: 'syz.0.74': attribute type 30 has an invalid length. [ 647.227683][ T4115] binfmt_misc: register: failed to install interpreter file ./file2 [ 657.200101][ T4129] process 'syz.0.86' launched './file1' with NULL argv: empty string added [ 662.165228][ T34] kauditd_printk_skb: 5 callbacks suppressed [ 662.165694][ T34] audit: type=1326 audit(661.300:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4141 comm="syz.1.89" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 662.172968][ T34] audit: type=1326 audit(661.310:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4141 comm="syz.1.89" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 662.208863][ T34] audit: type=1326 audit(661.350:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4141 comm="syz.1.89" exe="/syz-executor" sig=0 arch=c00000f3 syscall=149 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 662.245548][ T34] audit: type=1326 audit(661.350:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4141 comm="syz.1.89" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 662.275247][ T34] audit: type=1326 audit(661.390:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4141 comm="syz.1.89" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 675.629689][ T4167] netlink: 'syz.1.99': attribute type 39 has an invalid length. [ 681.312914][ T4177] netlink: 'syz.1.104': attribute type 13 has an invalid length. [ 682.414479][ T4177] gretap0: refused to change device tx_queue_len [ 682.416611][ T4177] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 702.807329][ T4215] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 702.937967][ T4220] netlink: 8 bytes leftover after parsing attributes in process `syz.1.111'. [ 702.939348][ T4220] netlink: 24 bytes leftover after parsing attributes in process `syz.1.111'. [ 707.949522][ T4229] xt_CT: No such helper "snmp_trap" [ 716.599104][ T4243] netlink: 'syz.0.116': attribute type 29 has an invalid length. [ 716.744105][ T4243] netlink: 'syz.0.116': attribute type 29 has an invalid length. [ 725.505940][ T34] audit: type=1326 audit(724.640:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4257 comm="syz.0.122" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 725.508650][ T34] audit: type=1326 audit(724.650:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4257 comm="syz.0.122" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 725.778063][ T34] audit: type=1326 audit(724.910:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4257 comm="syz.0.122" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 725.852312][ T34] audit: type=1326 audit(724.950:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4257 comm="syz.0.122" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 725.869790][ T34] audit: type=1326 audit(725.000:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4257 comm="syz.0.122" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 725.932110][ T34] audit: type=1326 audit(725.070:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4257 comm="syz.0.122" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 725.979276][ T34] audit: type=1326 audit(725.120:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4257 comm="syz.0.122" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 725.998399][ T34] audit: type=1326 audit(725.130:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4257 comm="syz.0.122" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 726.150430][ T34] audit: type=1326 audit(725.290:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4257 comm="syz.0.122" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 726.160240][ T34] audit: type=1326 audit(725.300:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4257 comm="syz.0.122" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 731.238328][ T34] kauditd_printk_skb: 4 callbacks suppressed [ 731.238786][ T34] audit: type=1326 audit(730.380:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4261 comm="syz.0.124" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 731.276086][ T34] audit: type=1326 audit(730.400:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4261 comm="syz.0.124" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 731.280045][ T34] audit: type=1326 audit(730.420:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4261 comm="syz.0.124" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 731.314278][ T34] audit: type=1326 audit(730.420:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4261 comm="syz.0.124" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 731.325039][ T34] audit: type=1326 audit(730.420:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4261 comm="syz.0.124" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 731.553738][ T34] audit: type=1326 audit(730.680:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4261 comm="syz.0.124" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 731.564396][ T34] audit: type=1326 audit(730.710:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4261 comm="syz.0.124" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 731.600236][ T34] audit: type=1326 audit(730.740:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4261 comm="syz.0.124" exe="/syz-executor" sig=0 arch=c00000f3 syscall=436 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 731.615446][ T34] audit: type=1326 audit(730.740:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4261 comm="syz.0.124" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 731.618785][ T34] audit: type=1326 audit(730.760:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4261 comm="syz.0.124" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 731.825254][ T4262] futex_wake_op: syz.0.124 tries to shift op by -1; fix this program [ 737.821531][ T34] kauditd_printk_skb: 17 callbacks suppressed [ 737.822018][ T34] audit: type=1326 audit(736.960:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 737.854868][ T34] audit: type=1326 audit(737.000:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 737.856770][ T34] audit: type=1326 audit(737.000:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 737.858521][ T34] audit: type=1326 audit(737.000:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 737.874836][ T34] audit: type=1326 audit(737.020:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 737.901512][ T34] audit: type=1326 audit(737.030:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 737.903943][ T34] audit: type=1326 audit(737.030:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 737.952735][ T34] audit: type=1326 audit(737.090:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 737.955077][ T34] audit: type=1326 audit(737.100:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=208 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 737.959172][ T34] audit: type=1326 audit(737.100:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 742.833748][ T34] kauditd_printk_skb: 366 callbacks suppressed [ 742.834040][ T34] audit: type=1326 audit(741.980:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=139 compat=0 ip=0x7fffb33fd5b8 code=0x7ffc0000 [ 742.891373][ T34] audit: type=1326 audit(741.980:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=172 compat=0 ip=0xd5364 code=0x7ffc0000 [ 742.893629][ T34] audit: type=1326 audit(742.030:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=139 compat=0 ip=0x7fffb33fd5b8 code=0x7ffc0000 [ 742.902068][ T34] audit: type=1326 audit(742.030:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=172 compat=0 ip=0xd5364 code=0x7ffc0000 [ 742.909356][ T34] audit: type=1326 audit(742.040:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=139 compat=0 ip=0x7fffb33fd5b8 code=0x7ffc0000 [ 742.953915][ T34] audit: type=1326 audit(742.050:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=172 compat=0 ip=0xd5364 code=0x7ffc0000 [ 742.962018][ T34] audit: type=1326 audit(742.100:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=139 compat=0 ip=0x7fffb33fd5b8 code=0x7ffc0000 [ 742.976141][ T34] audit: type=1326 audit(742.100:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=172 compat=0 ip=0xd5364 code=0x7ffc0000 [ 742.984429][ T34] audit: type=1326 audit(742.130:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=139 compat=0 ip=0x7fffb33fd5b8 code=0x7ffc0000 [ 743.051987][ T34] audit: type=1326 audit(742.150:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4269 comm="syz.0.127" exe="/syz-executor" sig=0 arch=c00000f3 syscall=172 compat=0 ip=0xd5364 code=0x7ffc0000 [ 746.237928][ T4279] ======================================================= [ 746.237928][ T4279] WARNING: The mand mount option has been deprecated and [ 746.237928][ T4279] and is ignored by this kernel. Remove the mand [ 746.237928][ T4279] option from the mount to silence this warning. [ 746.237928][ T4279] ======================================================= [ 756.047366][ T4293] rdma_op ffffaf8019b2c1f0 conn xmit_rdma 0000000000000000 [ 759.779123][ T4299] netlink: 100 bytes leftover after parsing attributes in process `syz.1.139'. [ 779.871569][ T34] audit: type=1326 audit(779.010:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4340 comm="syz.0.156" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 779.911175][ T34] audit: type=1326 audit(779.050:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4340 comm="syz.0.156" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 779.913687][ T34] audit: type=1326 audit(779.050:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4340 comm="syz.0.156" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 779.920188][ T34] audit: type=1326 audit(779.060:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4340 comm="syz.0.156" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 779.932741][ T34] audit: type=1326 audit(779.070:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4340 comm="syz.0.156" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 779.939704][ T34] audit: type=1326 audit(779.080:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4340 comm="syz.0.156" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 779.947947][ T34] audit: type=1326 audit(779.090:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4340 comm="syz.0.156" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 779.950192][ T34] audit: type=1326 audit(779.090:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4340 comm="syz.0.156" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 779.959689][ T34] audit: type=1326 audit(779.100:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4340 comm="syz.0.156" exe="/syz-executor" sig=0 arch=c00000f3 syscall=222 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 779.984200][ T34] audit: type=1326 audit(779.130:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4340 comm="syz.0.156" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 780.020133][ T4341] mmap: syz.0.156 (4341) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 784.210184][ T4347] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 784.228111][ T4347] bond_slave_1: entered promiscuous mode [ 784.324409][ T4347] netlink: 4 bytes leftover after parsing attributes in process `syz.0.158'. [ 784.884226][ T4347] bond0: (slave bond_slave_1): Releasing backup interface [ 785.182337][ T4347] bond_slave_1 (unregistering): left promiscuous mode [ 787.722351][ T4355] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 800.433343][ T4378] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 810.783327][ T4392] netlink: 8 bytes leftover after parsing attributes in process `syz.0.178'. [ 810.785172][ T4392] netlink: 'syz.0.178': attribute type 30 has an invalid length. [ 812.956419][ T34] kauditd_printk_skb: 7 callbacks suppressed [ 812.956921][ T34] audit: type=1326 audit(812.100:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.1.179" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 813.017524][ T34] audit: type=1326 audit(812.160:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.1.179" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 813.053487][ T34] audit: type=1326 audit(812.190:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.1.179" exe="/syz-executor" sig=0 arch=c00000f3 syscall=56 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 813.102905][ T34] audit: type=1326 audit(812.190:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.1.179" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 813.128780][ T34] audit: type=1326 audit(812.240:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.1.179" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 813.173461][ T34] audit: type=1326 audit(812.310:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.1.179" exe="/syz-executor" sig=0 arch=c00000f3 syscall=61 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 813.196416][ T34] audit: type=1326 audit(812.330:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.1.179" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 813.232955][ T34] audit: type=1326 audit(812.360:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4395 comm="syz.1.179" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 814.717926][ T4399] netlink: 132 bytes leftover after parsing attributes in process `syz.0.180'. [ 816.366147][ T4403] gtp: attempt to access beyond end of device [ 816.366147][ T4403] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 816.447245][ T4402] netlink: 28 bytes leftover after parsing attributes in process `syz.0.182'. [ 816.448801][ T4402] netlink: 28 bytes leftover after parsing attributes in process `syz.0.182'. [ 834.505824][ T4426] netlink: 12 bytes leftover after parsing attributes in process `syz.1.191'. [ 843.346916][ T4443] netem: change failed [ 855.554715][ T4464] lo: entered promiscuous mode [ 855.557339][ T4464] lo: entered allmulticast mode [ 864.632326][ T34] audit: type=1326 audit(863.730:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4480 comm="syz.1.215" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 864.635900][ T34] audit: type=1326 audit(863.770:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4480 comm="syz.1.215" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 864.785551][ T34] audit: type=1326 audit(863.920:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4480 comm="syz.1.215" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 864.804769][ T34] audit: type=1326 audit(863.940:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4480 comm="syz.1.215" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 864.873489][ T34] audit: type=1326 audit(864.000:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4480 comm="syz.1.215" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 864.925857][ T34] audit: type=1326 audit(864.060:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4480 comm="syz.1.215" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 864.929395][ T34] audit: type=1326 audit(864.070:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4480 comm="syz.1.215" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 865.003065][ T34] audit: type=1326 audit(864.130:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4480 comm="syz.1.215" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 865.135678][ T34] audit: type=1326 audit(864.220:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4480 comm="syz.1.215" exe="/syz-executor" sig=0 arch=c00000f3 syscall=211 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 865.139085][ T34] audit: type=1326 audit(864.280:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4480 comm="syz.1.215" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 891.166276][ T4529] netlink: 'syz.0.231': attribute type 30 has an invalid length. [ 902.079291][ T34] kauditd_printk_skb: 14 callbacks suppressed [ 902.079587][ T34] audit: type=1326 audit(901.220:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4549 comm="syz.1.237" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 902.091713][ T34] audit: type=1326 audit(901.230:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4549 comm="syz.1.237" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 902.114422][ T34] audit: type=1326 audit(901.250:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4549 comm="syz.1.237" exe="/syz-executor" sig=0 arch=c00000f3 syscall=149 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 902.134543][ T34] audit: type=1326 audit(901.280:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4549 comm="syz.1.237" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 902.149907][ T34] audit: type=1326 audit(901.290:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4549 comm="syz.1.237" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 907.009555][ T4560] syz.0.240: attempt to access beyond end of device [ 907.009555][ T4560] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 928.583546][ T4599] netlink: 68 bytes leftover after parsing attributes in process `syz.0.258'. [ 928.584974][ T4599] netlink: 68 bytes leftover after parsing attributes in process `syz.0.258'. [ 944.903356][ T4627] netlink: 8 bytes leftover after parsing attributes in process `syz.0.269'. [ 944.904956][ T4627] netlink: 'syz.0.269': attribute type 30 has an invalid length. [ 950.552975][ T4639] netlink: 'syz.0.274': attribute type 10 has an invalid length. [ 950.943346][ T4639] netlink: 'syz.0.274': attribute type 10 has an invalid length. [ 950.945489][ T4639] netlink: 2 bytes leftover after parsing attributes in process `syz.0.274'. [ 950.949485][ T4639] nlmon0: entered promiscuous mode [ 963.731962][ T4666] netlink: 16 bytes leftover after parsing attributes in process `syz.1.284'. [ 974.536367][ T4691] netlink: 16 bytes leftover after parsing attributes in process `syz.0.292'. [ 993.958964][ T34] audit: type=1326 audit(993.100:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4723 comm="syz.0.301" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x0 [ 995.412239][ T4726] ALSA: seq fatal error: cannot create timer (-22) [ 1001.924466][ T4740] netlink: 4 bytes leftover after parsing attributes in process `syz.0.307'. [ 1001.926126][ T4740] netlink: 8 bytes leftover after parsing attributes in process `syz.0.307'. [ 1002.119311][ T4740] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1002.123716][ T4740] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1002.126393][ T4740] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1002.128373][ T4740] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1002.524777][ T4740] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1002.527302][ T4740] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1002.529289][ T4740] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1002.532672][ T4740] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1003.244170][ T4740] Zero length message leads to an empty skb [ 1013.394016][ T4763] netlink: 8 bytes leftover after parsing attributes in process `syz.1.313'. [ 1013.398983][ T4763] netlink: 'syz.1.313': attribute type 30 has an invalid length. [ 1021.632469][ T4777] netlink: 8 bytes leftover after parsing attributes in process `syz.0.319'. [ 1021.634030][ T4777] netlink: 'syz.0.319': attribute type 30 has an invalid length. [ 1029.604421][ T4801] netlink: 8 bytes leftover after parsing attributes in process `syz.1.326'. [ 1029.606969][ T4801] netlink: 'syz.1.326': attribute type 30 has an invalid length. [ 1038.883241][ T4814] syz.1.330: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 1038.890489][ T4814] CPU: 0 UID: 0 PID: 4814 Comm: syz.1.330 Not tainted 6.14.0-rc1-syzkaller-g245aece3750d #0 [ 1038.891099][ T4814] Hardware name: riscv-virtio,qemu (DT) [ 1038.891707][ T4814] Call Trace: [ 1038.892085][ T4814] [] dump_backtrace+0x2e/0x3c [ 1038.892836][ T4814] [] show_stack+0x30/0x3c [ 1038.893256][ T4814] [] dump_stack_lvl+0x12e/0x1a6 [ 1038.893874][ T4814] [] dump_stack+0x1c/0x24 [ 1038.894428][ T4814] [] warn_alloc+0x170/0x292 [ 1038.894873][ T4814] [] __vmalloc_node_range_noprof+0xfb2/0x120a [ 1038.895412][ T4814] [] vmalloc_user_noprof+0xf8/0x126 [ 1038.895741][ T4814] [] xskq_create+0xf2/0x1ae [ 1038.896021][ T4814] [] xsk_setsockopt+0x338/0x8f0 [ 1038.896285][ T4814] [] do_sock_setsockopt+0x20a/0x402 [ 1038.896542][ T4814] [] __sys_setsockopt+0x140/0x1cc [ 1038.896817][ T4814] [] __riscv_sys_setsockopt+0xa6/0x114 [ 1038.897103][ T4814] [] syscall_handler+0x94/0x118 [ 1038.897405][ T4814] [] do_trap_ecall_u+0x1aa/0x216 [ 1038.897754][ T4814] [] handle_exception+0x146/0x152 [ 1038.922279][ T4814] Mem-Info: [ 1038.923886][ T4814] active_anon:1819 inactive_anon:0 isolated_anon:0 [ 1038.923886][ T4814] active_file:684 inactive_file:34399 isolated_file:0 [ 1038.923886][ T4814] unevictable:768 dirty:57 writeback:0 [ 1038.923886][ T4814] slab_reclaimable:2301 slab_unreclaimable:25505 [ 1038.923886][ T4814] mapped:12535 shmem:810 pagetables:597 [ 1038.923886][ T4814] sec_pagetables:0 bounce:0 [ 1038.923886][ T4814] kernel_misc_reclaimable:0 [ 1038.923886][ T4814] free:231468 free_pcp:3323 free_cma:52608 [ 1038.927030][ T4814] Node 0 active_anon:7276kB inactive_anon:0kB active_file:2736kB inactive_file:137596kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:50140kB dirty:228kB writeback:0kB shmem:3240kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5768kB pagetables:2388kB sec_pagetables:0kB all_unreclaimable? no [ 1038.952847][ T4814] Node 0 DMA32 free:925872kB boost:0kB min:22528kB low:28160kB high:33792kB reserved_highatomic:0KB active_anon:7280kB inactive_anon:0kB active_file:2736kB inactive_file:137604kB unevictable:3072kB writepending:236kB present:2097152kB managed:1431724kB mlocked:0kB bounce:0kB free_pcp:13296kB local_pcp:784kB free_cma:210432kB [ 1038.956042][ T4814] lowmem_reserve[]: 0 0 0 [ 1038.958242][ T4814] Node 0 DMA32: 2*4kB (ME) 95*8kB (UE) 33*16kB (UME) 55*32kB (UME) 71*64kB (UE) 54*128kB (UE) 10*256kB (UME) 5*512kB (MC) 5*1024kB (UEC) 4*2048kB (UME) 218*4096kB (UMC) = 925872kB [ 1038.970186][ T4814] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1038.985770][ T4814] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 1038.989762][ T4814] 35895 total pagecache pages [ 1038.991665][ T4814] 0 pages in swap cache [ 1038.992677][ T4814] Free swap = 124908kB [ 1038.993826][ T4814] Total swap = 124996kB [ 1038.994932][ T4814] 524288 pages RAM [ 1038.995903][ T4814] 0 pages HighMem/MovableOnly [ 1038.996895][ T4814] 166357 pages reserved [ 1038.997859][ T4814] 52736 pages cma reserved [ 1041.129750][ T34] audit: type=1326 audit(1040.270:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4816 comm="syz.1.332" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1041.141843][ T34] audit: type=1326 audit(1040.270:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4816 comm="syz.1.332" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1041.147069][ T34] audit: type=1326 audit(1040.280:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4816 comm="syz.1.332" exe="/syz-executor" sig=0 arch=c00000f3 syscall=112 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1041.221485][ T34] audit: type=1326 audit(2000000000.070:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4816 comm="syz.1.332" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1046.920044][ T4828] netlink: 40 bytes leftover after parsing attributes in process `syz.0.337'. [ 1056.110282][ T34] audit: type=1326 audit(2000000014.950:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4846 comm="syz.0.341" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1056.158584][ T34] audit: type=1326 audit(2000000014.950:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4846 comm="syz.0.341" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1056.217037][ T34] audit: type=1326 audit(2000000015.010:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4846 comm="syz.0.341" exe="/syz-executor" sig=0 arch=c00000f3 syscall=196 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1056.271241][ T34] audit: type=1326 audit(2000000015.120:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4846 comm="syz.0.341" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1056.311172][ T34] audit: type=1326 audit(2000000015.160:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4846 comm="syz.0.341" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1056.331474][ T34] audit: type=1326 audit(2000000015.180:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4846 comm="syz.0.341" exe="/syz-executor" sig=0 arch=c00000f3 syscall=434 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1056.407798][ T34] audit: type=1326 audit(2000000015.260:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4846 comm="syz.0.341" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1056.429140][ T34] audit: type=1326 audit(2000000015.260:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4846 comm="syz.0.341" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1056.448639][ T34] audit: type=1326 audit(2000000015.280:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4846 comm="syz.0.341" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1056.489940][ T34] audit: type=1326 audit(2000000015.340:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4846 comm="syz.0.341" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1087.455679][ T4904] capability: warning: `syz.0.362' uses 32-bit capabilities (legacy support in use) [ 1087.692993][ T34] kauditd_printk_skb: 17 callbacks suppressed [ 1087.693539][ T34] audit: type=1326 audit(2000000046.540:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4902 comm="syz.1.363" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1087.729930][ T34] audit: type=1326 audit(2000000046.570:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4902 comm="syz.1.363" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1087.745404][ T34] audit: type=1326 audit(2000000046.590:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4902 comm="syz.1.363" exe="/syz-executor" sig=0 arch=c00000f3 syscall=134 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1087.747447][ T34] audit: type=1326 audit(2000000046.590:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4902 comm="syz.1.363" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1087.756922][ T34] audit: type=1326 audit(2000000046.610:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4902 comm="syz.1.363" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1117.101945][ T34] audit: type=1326 audit(2000000075.950:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4951 comm="syz.1.380" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1117.116796][ T34] audit: type=1326 audit(2000000075.970:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4951 comm="syz.1.380" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1117.191864][ T34] audit: type=1326 audit(2000000076.020:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4951 comm="syz.1.380" exe="/syz-executor" sig=0 arch=c00000f3 syscall=232 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1117.195661][ T34] audit: type=1326 audit(2000000076.020:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4951 comm="syz.1.380" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1117.204457][ T34] audit: type=1326 audit(2000000076.060:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4951 comm="syz.1.380" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1184.135187][ T5053] x_tables: duplicate underflow at hook 1 [ 1184.216633][ T34] audit: type=1326 audit(2000000143.070:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5051 comm="syz.1.410" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1184.248203][ T34] audit: type=1326 audit(2000000143.100:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5051 comm="syz.1.410" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1184.405767][ T34] audit: type=1326 audit(2000000143.250:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5051 comm="syz.1.410" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1184.428959][ T34] audit: type=1326 audit(2000000143.280:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5051 comm="syz.1.410" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1184.448428][ T34] audit: type=1326 audit(2000000143.300:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5051 comm="syz.1.410" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1184.466438][ T34] audit: type=1326 audit(2000000143.300:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5051 comm="syz.1.410" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1184.515465][ T34] audit: type=1326 audit(2000000143.370:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5051 comm="syz.1.410" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1184.527242][ T34] audit: type=1326 audit(2000000143.370:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5051 comm="syz.1.410" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1184.539018][ T34] audit: type=1326 audit(2000000143.390:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5051 comm="syz.1.410" exe="/syz-executor" sig=0 arch=c00000f3 syscall=14 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1184.546093][ T34] audit: type=1326 audit(2000000143.400:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5051 comm="syz.1.410" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1185.824020][ T5058] atomic_op ffffaf802f04a998 conn xmit_atomic 0000000000000000 [ 1200.005919][ T5086] netlink: 8 bytes leftover after parsing attributes in process `syz.0.426'. [ 1205.879278][ T5095] netlink: 'syz.0.430': attribute type 8 has an invalid length. [ 1222.610082][ T5113] netlink: 28 bytes leftover after parsing attributes in process `syz.0.438'. [ 1227.016180][ T5118] netlink: 4 bytes leftover after parsing attributes in process `syz.0.439'. [ 1232.133292][ T5121] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1270.945068][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1271.565472][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1272.190078][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1273.149848][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1280.238236][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1280.349984][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1280.412632][ T11] bond0 (unregistering): Released all slaves [ 1281.773927][ T11] hsr_slave_0: left promiscuous mode [ 1281.811607][ T11] hsr_slave_1: left promiscuous mode [ 1281.946036][ T11] veth1_macvtap: left promiscuous mode [ 1281.949005][ T11] veth0_macvtap: left promiscuous mode [ 1281.963183][ T11] veth1_vlan: left promiscuous mode [ 1281.966644][ T11] veth0_vlan: left promiscuous mode [ 1299.283171][ T34] kauditd_printk_skb: 1 callbacks suppressed [ 1299.283782][ T34] audit: type=1326 audit(2000000258.130:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5281 comm="syz.0.455" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1299.324234][ T34] audit: type=1326 audit(2000000258.170:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5281 comm="syz.0.455" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1299.395168][ T34] audit: type=1326 audit(2000000258.240:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5281 comm="syz.0.455" exe="/syz-executor" sig=0 arch=c00000f3 syscall=116 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1300.851938][ T34] audit: type=1326 audit(2000000259.650:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5281 comm="syz.0.455" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1300.855502][ T34] audit: type=1326 audit(2000000259.690:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5281 comm="syz.0.455" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1307.728969][ T5155] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1307.868840][ T5155] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1322.718017][ T5155] hsr_slave_0: entered promiscuous mode [ 1322.749632][ T5155] hsr_slave_1: entered promiscuous mode [ 1331.797892][ T5155] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1331.904681][ T5155] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1332.047873][ T5155] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1332.524399][ T5155] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1350.052336][ T5155] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1393.669248][ T5583] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1394.819967][ T5583] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1395.820189][ T5583] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1396.448369][ T5583] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1400.066922][ T5583] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1400.817952][ T5583] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1401.518026][ T5583] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1402.050123][ T5583] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1405.414332][ T34] audit: type=1326 audit(2000000364.260:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5614 comm="syz.0.465" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1405.448452][ T34] audit: type=1326 audit(2000000364.300:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5614 comm="syz.0.465" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1405.845868][ T34] audit: type=1326 audit(2000000364.700:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5614 comm="syz.0.465" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1405.849482][ T34] audit: type=1326 audit(2000000364.700:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5614 comm="syz.0.465" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1405.897555][ T34] audit: type=1326 audit(2000000364.700:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5614 comm="syz.0.465" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1405.923699][ T34] audit: type=1326 audit(2000000364.770:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5614 comm="syz.0.465" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1405.977058][ T34] audit: type=1326 audit(2000000364.810:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5614 comm="syz.0.465" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1405.998529][ T34] audit: type=1326 audit(2000000364.820:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5614 comm="syz.0.465" exe="/syz-executor" sig=0 arch=c00000f3 syscall=82 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1406.038179][ T34] audit: type=1326 audit(2000000364.850:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5614 comm="syz.0.465" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1411.849112][ T5627] A link change request failed with some changes committed already. Interface xfrm0 may have been left with an inconsistent configuration, please check. [ 1412.407686][ T5155] veth0_vlan: entered promiscuous mode [ 1413.149741][ T5155] veth1_vlan: entered promiscuous mode [ 1416.103585][ T5155] veth0_macvtap: entered promiscuous mode [ 1416.312955][ T5155] veth1_macvtap: entered promiscuous mode [ 1419.742981][ T5155] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1419.745482][ T5155] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1419.747476][ T5155] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1419.749498][ T5155] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1438.519796][ T5651] vlan2: entered allmulticast mode [ 1438.532179][ T5651] bridge_slave_0: entered allmulticast mode [ 1438.657420][ T5651] bridge_slave_0: left allmulticast mode [ 1439.846318][ T5657] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1439.940234][ T5657] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1460.049328][ T34] audit: type=1326 audit(2000000418.900:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5681 comm="syz.0.480" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x0 [ 1487.878499][ T5709] netlink: 12 bytes leftover after parsing attributes in process `syz.0.491'. [ 1507.874720][ T5729] lo: entered promiscuous mode [ 1507.965913][ T5729] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1511.642002][ T5732] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1586.796595][ T5787] netlink: 8 bytes leftover after parsing attributes in process `syz.0.521'. [ 1586.797956][ T5787] netlink: 24 bytes leftover after parsing attributes in process `syz.0.521'. [ 1594.443751][ T5795] fuse: Bad value for 'fd' [ 1597.629647][ T5797] netlink: 8 bytes leftover after parsing attributes in process `syz.0.526'. [ 1597.634856][ T5797] netlink: 24 bytes leftover after parsing attributes in process `syz.0.526'. [ 1615.858063][ T5810] netlink: 8 bytes leftover after parsing attributes in process `syz.2.531'. [ 1615.875166][ T5810] netlink: 24 bytes leftover after parsing attributes in process `syz.2.531'. [ 1634.307707][ T34] audit: type=1326 audit(2000000593.130:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5819 comm="syz.0.536" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1634.314559][ T34] audit: type=1326 audit(2000000593.170:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5819 comm="syz.0.536" exe="/syz-executor" sig=0 arch=c00000f3 syscall=196 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1634.321323][ T34] audit: type=1326 audit(2000000593.170:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5819 comm="syz.0.536" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1634.357038][ T34] audit: type=1326 audit(2000000593.200:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5819 comm="syz.0.536" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1634.379977][ T34] audit: type=1326 audit(2000000593.220:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5819 comm="syz.0.536" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1634.391498][ T34] audit: type=1326 audit(2000000593.240:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5819 comm="syz.0.536" exe="/syz-executor" sig=0 arch=c00000f3 syscall=268 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1634.395243][ T34] audit: type=1326 audit(2000000593.240:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5819 comm="syz.0.536" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1634.443756][ T34] audit: type=1326 audit(2000000593.280:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5819 comm="syz.0.536" exe="/syz-executor" sig=0 arch=c00000f3 syscall=428 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1634.481932][ T34] audit: type=1326 audit(2000000593.330:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5819 comm="syz.0.536" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1634.518918][ T34] audit: type=1326 audit(2000000593.370:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5819 comm="syz.0.536" exe="/syz-executor" sig=0 arch=c00000f3 syscall=39 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1641.460312][ T5828] trusted_key: syz.0.540 sent an empty control message without MSG_MORE. [ 1643.783014][ T34] kauditd_printk_skb: 5 callbacks suppressed [ 1643.783315][ T34] audit: type=1326 audit(2000000602.630:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5829 comm="syz.0.541" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1643.792016][ T34] audit: type=1326 audit(2000000602.640:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5829 comm="syz.0.541" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1643.832221][ T34] audit: type=1326 audit(2000000602.650:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5829 comm="syz.0.541" exe="/syz-executor" sig=0 arch=c00000f3 syscall=434 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1643.834980][ T34] audit: type=1326 audit(2000000602.680:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5829 comm="syz.0.541" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1643.854117][ T34] audit: type=1326 audit(2000000602.710:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5829 comm="syz.0.541" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1643.868209][ T34] audit: type=1326 audit(2000000602.720:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5829 comm="syz.0.541" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1643.884634][ T34] audit: type=1326 audit(2000000602.740:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5829 comm="syz.0.541" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1643.896193][ T34] audit: type=1326 audit(2000000602.750:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5829 comm="syz.0.541" exe="/syz-executor" sig=0 arch=c00000f3 syscall=268 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1643.912024][ T34] audit: type=1326 audit(2000000602.760:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5829 comm="syz.0.541" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1643.925621][ T34] audit: type=1326 audit(2000000602.780:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5829 comm="syz.0.541" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb8fa code=0x7ffc0000 [ 1676.372230][ T5852] BUG: Bad page state in process syz.2.552 pfn:9bc3c [ 1676.374899][ T5852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffaf8000000000 pfn:0x9bc3c [ 1676.379245][ T5852] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 1676.383721][ T5852] raw: 0ffe000000000000 dead000000000040 ffffaf8011f15000 0000000000000000 [ 1676.385667][ T5852] raw: ffffaf8000000000 3fffffffffffffff 00000000ffffffff 0000000000000000 [ 1676.387559][ T5852] page dumped because: page_pool leak [ 1676.389479][ T5852] page_owner tracks the page as allocated [ 1676.392519][ T5852] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 4089, tgid 4087 (syz.0.72), ts 635432186300, free_ts 627994175100 [ 1676.395394][ T5852] __set_page_owner+0xa2/0x710 [ 1676.397260][ T5852] post_alloc_hook+0xea/0x1e2 [ 1676.398933][ T5852] get_page_from_freelist+0xf78/0x2bd6 [ 1676.401553][ T5852] __alloc_frozen_pages_noprof+0x1e8/0x20fc [ 1676.403350][ T5852] alloc_pages_bulk_noprof+0x580/0x10a8 [ 1676.405046][ T5852] __page_pool_alloc_pages_slow+0x18c/0xc4e [ 1676.406960][ T5852] page_pool_alloc_netmems+0xc0/0x158 [ 1676.408771][ T5852] skb_pp_cow_data+0x8be/0xfe2 [ 1676.411307][ T5852] skb_cow_data_for_xdp+0x8a/0xbc [ 1676.413024][ T5852] do_xdp_generic+0x500/0xf14 [ 1676.414589][ T5852] tun_get_user+0x1e26/0x41f4 [ 1676.416323][ T5852] tun_chr_write_iter+0xc4/0x1e2 [ 1676.418060][ T5852] vfs_write+0x56c/0xa9a [ 1676.419652][ T5852] ksys_write+0x126/0x226 [ 1676.422361][ T5852] __riscv_sys_write+0x6e/0x94 [ 1676.423916][ T5852] syscall_handler+0x94/0x118 [ 1676.425740][ T5852] page last free pid 3856 tgid 3856 stack trace: [ 1676.427318][ T5852] __reset_page_owner+0x8c/0x400 [ 1676.429028][ T5852] free_frozen_pages+0x96a/0x155c [ 1676.431559][ T5852] __free_pages+0x13a/0x1ba [ 1676.433185][ T5852] tlb_remove_table_rcu+0xde/0x160 [ 1676.434979][ T5852] rcu_core+0xa24/0x1ea0 [ 1676.436730][ T5852] rcu_core_si+0xc/0x14 [ 1676.438516][ T5852] handle_softirqs+0x4b2/0x132e [ 1676.440137][ T5852] __irq_exit_rcu+0x18c/0x550 [ 1676.442563][ T5852] irq_exit_rcu+0x10/0xf8 [ 1676.444126][ T5852] handle_riscv_irq+0x40/0x4c [ 1676.445887][ T5852] call_on_irq_stack+0x32/0x40 [ 1676.447945][ T5852] Modules linked in: [ 1676.450028][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz.2.552 Not tainted 6.14.0-rc1-syzkaller-g245aece3750d #0 [ 1676.450607][ T5852] Hardware name: riscv-virtio,qemu (DT) [ 1676.450802][ T5852] Call Trace: [ 1676.450962][ T5852] [] dump_backtrace+0x2e/0x3c [ 1676.451486][ T5852] [] show_stack+0x30/0x3c [ 1676.451883][ T5852] [] dump_stack_lvl+0x12e/0x1a6 [ 1676.452469][ T5852] [] dump_stack+0x1c/0x24 [ 1676.453009][ T5852] [] bad_page+0x266/0x2d8 [ 1676.453633][ T5852] [] free_frozen_pages+0xb82/0x155c [ 1676.454065][ T5852] [] page_frag_free+0x336/0x382 [ 1676.454534][ T5852] [] __xdp_return+0x336/0xa02 [ 1676.455105][ T5852] [] bpf_xdp_adjust_tail+0x9c8/0xf50 [ 1676.455692][ T5852] [] bpf_prog_f476d5219b92964a+0x28/0x36 [ 1676.456360][ T5852] [] bpf_dispatcher_xdp_func+0x22/0x32 [ 1676.456905][ T5852] [] bpf_prog_run_generic_xdp+0x6ba/0x166a [ 1676.457385][ T5852] [] do_xdp_generic+0x7e2/0xf14 [ 1676.457801][ T5852] [] tun_get_user+0x1e26/0x41f4 [ 1676.458333][ T5852] [] tun_chr_write_iter+0xc4/0x1e2 [ 1676.458875][ T5852] [] vfs_write+0x56c/0xa9a [ 1676.459313][ T5852] [] ksys_write+0x126/0x226 [ 1676.459739][ T5852] [] __riscv_sys_write+0x6e/0x94 [ 1676.460180][ T5852] [] syscall_handler+0x94/0x118 [ 1676.460733][ T5852] [] do_trap_ecall_u+0x1aa/0x216 [ 1676.461357][ T5852] [] handle_exception+0x146/0x152 [ 1676.483367][ T5852] Disabling lock debugging due to kernel taint [ 1676.485133][ T5852] BUG: Bad page state in process syz.2.552 pfn:94307 [ 1676.486573][ T5852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffaf8014307500 pfn:0x94307 [ 1676.488265][ T5852] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 1676.489974][ T5852] raw: 0ffe000000000000 dead000000000040 ffffaf8011f15000 0000000000000000 [ 1676.492286][ T5852] raw: ffffaf8014307500 0000000000000001 00000000ffffffff 0000000000000000 [ 1676.493727][ T5852] page dumped because: page_pool leak [ 1676.495401][ T5852] page_owner tracks the page as allocated [ 1676.496640][ T5852] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 4089, tgid 4087 (syz.0.72), ts 635432338300, free_ts 627993796300 [ 1676.498955][ T5852] __set_page_owner+0xa2/0x710 [ 1676.501225][ T5852] post_alloc_hook+0xea/0x1e2 [ 1676.502678][ T5852] get_page_from_freelist+0xf78/0x2bd6 [ 1676.504149][ T5852] __alloc_frozen_pages_noprof+0x1e8/0x20fc [ 1676.505721][ T5852] alloc_pages_bulk_noprof+0x580/0x10a8 [ 1676.507233][ T5852] __page_pool_alloc_pages_slow+0x18c/0xc4e [ 1676.508957][ T5852] page_pool_alloc_netmems+0xc0/0x158 [ 1676.511631][ T5852] skb_pp_cow_data+0x8be/0xfe2 [ 1676.513159][ T5852] skb_cow_data_for_xdp+0x8a/0xbc [ 1676.514713][ T5852] do_xdp_generic+0x500/0xf14 [ 1676.516167][ T5852] tun_get_user+0x1e26/0x41f4 [ 1676.517775][ T5852] tun_chr_write_iter+0xc4/0x1e2 [ 1676.519366][ T5852] vfs_write+0x56c/0xa9a [ 1676.521663][ T5852] ksys_write+0x126/0x226 [ 1676.523120][ T5852] __riscv_sys_write+0x6e/0x94 [ 1676.524626][ T5852] syscall_handler+0x94/0x118 [ 1676.526176][ T5852] page last free pid 3856 tgid 3856 stack trace: [ 1676.527584][ T5852] __reset_page_owner+0x8c/0x400 [ 1676.529125][ T5852] free_frozen_pages+0x96a/0x155c [ 1676.531441][ T5852] __free_pages+0x13a/0x1ba [ 1676.532958][ T5852] tlb_remove_table_rcu+0xde/0x160 [ 1676.534635][ T5852] rcu_core+0xa24/0x1ea0 [ 1676.536310][ T5852] rcu_core_si+0xc/0x14 [ 1676.537946][ T5852] handle_softirqs+0x4b2/0x132e [ 1676.539428][ T5852] __irq_exit_rcu+0x18c/0x550 [ 1676.541763][ T5852] irq_exit_rcu+0x10/0xf8 [ 1676.543255][ T5852] handle_riscv_irq+0x40/0x4c [ 1676.544850][ T5852] call_on_irq_stack+0x32/0x40 [ 1676.546545][ T5852] Modules linked in: [ 1676.548969][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz.2.552 Tainted: G B 6.14.0-rc1-syzkaller-g245aece3750d #0 [ 1676.549708][ T5852] Tainted: [B]=BAD_PAGE [ 1676.549878][ T5852] Hardware name: riscv-virtio,qemu (DT) [ 1676.550070][ T5852] Call Trace: [ 1676.550248][ T5852] [] dump_backtrace+0x2e/0x3c [ 1676.550843][ T5852] [] show_stack+0x30/0x3c [ 1676.551270][ T5852] [] dump_stack_lvl+0x12e/0x1a6 [ 1676.551867][ T5852] [] dump_stack+0x1c/0x24 [ 1676.552469][ T5852] [] bad_page+0x266/0x2d8 [ 1676.553070][ T5852] [] free_frozen_pages+0xb82/0x155c [ 1676.553586][ T5852] [] page_frag_free+0x336/0x382 [ 1676.554073][ T5852] [] __xdp_return+0x336/0xa02 [ 1676.554684][ T5852] [] bpf_xdp_adjust_tail+0x9c8/0xf50 [ 1676.555233][ T5852] [] bpf_prog_f476d5219b92964a+0x28/0x36 [ 1676.555636][ T5852] [] bpf_dispatcher_xdp_func+0x22/0x32 [ 1676.556170][ T5852] [] bpf_prog_run_generic_xdp+0x6ba/0x166a [ 1676.556639][ T5852] [] do_xdp_generic+0x7e2/0xf14 [ 1676.557058][ T5852] [] tun_get_user+0x1e26/0x41f4 [ 1676.557647][ T5852] [] tun_chr_write_iter+0xc4/0x1e2 [ 1676.558226][ T5852] [] vfs_write+0x56c/0xa9a [ 1676.558654][ T5852] [] ksys_write+0x126/0x226 [ 1676.559094][ T5852] [] __riscv_sys_write+0x6e/0x94 [ 1676.559573][ T5852] [] syscall_handler+0x94/0x118 [ 1676.560044][ T5852] [] do_trap_ecall_u+0x1aa/0x216 [ 1676.560653][ T5852] [] handle_exception+0x146/0x152 [ 1676.579669][ T5852] BUG: Bad page state in process syz.2.552 pfn:9d46c [ 1676.581725][ T5852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffaf801d46c280 pfn:0x9d46c [ 1676.583482][ T5852] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 1676.585121][ T5852] raw: 0ffe000000000000 dead000000000040 ffffaf8011f15000 0000000000000000 [ 1676.586787][ T5852] raw: ffffaf801d46c280 0000000000000001 00000000ffffffff 0000000000000000 [ 1676.588280][ T5852] page dumped because: page_pool leak [ 1676.589580][ T5852] page_owner tracks the page as allocated [ 1676.591386][ T5852] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 4089, tgid 4087 (syz.0.72), ts 635432477100, free_ts 627993335600 [ 1676.593603][ T5852] __set_page_owner+0xa2/0x710 [ 1676.595142][ T5852] post_alloc_hook+0xea/0x1e2 [ 1676.596566][ T5852] get_page_from_freelist+0xf78/0x2bd6 [ 1676.598023][ T5852] __alloc_frozen_pages_noprof+0x1e8/0x20fc [ 1676.599504][ T5852] alloc_pages_bulk_noprof+0x580/0x10a8 [ 1676.602683][ T5852] __page_pool_alloc_pages_slow+0x18c/0xc4e [ 1676.604388][ T5852] page_pool_alloc_netmems+0xc0/0x158 [ 1676.605934][ T5852] skb_pp_cow_data+0x8be/0xfe2 [ 1676.607350][ T5852] skb_cow_data_for_xdp+0x8a/0xbc [ 1676.608774][ T5852] do_xdp_generic+0x500/0xf14 [ 1676.610133][ T5852] tun_get_user+0x1e26/0x41f4 [ 1676.612227][ T5852] tun_chr_write_iter+0xc4/0x1e2 [ 1676.613751][ T5852] vfs_write+0x56c/0xa9a [ 1676.615047][ T5852] ksys_write+0x126/0x226 [ 1676.616408][ T5852] __riscv_sys_write+0x6e/0x94 [ 1676.617825][ T5852] syscall_handler+0x94/0x118 [ 1676.619313][ T5852] page last free pid 3856 tgid 3856 stack trace: [ 1676.621419][ T5852] __reset_page_owner+0x8c/0x400 [ 1676.622970][ T5852] free_frozen_pages+0x96a/0x155c [ 1676.624370][ T5852] __free_pages+0x13a/0x1ba [ 1676.625746][ T5852] tlb_remove_table_rcu+0xde/0x160 [ 1676.627447][ T5852] rcu_core+0xa24/0x1ea0 [ 1676.628943][ T5852] rcu_core_si+0xc/0x14 [ 1676.631069][ T5852] handle_softirqs+0x4b2/0x132e [ 1676.632527][ T5852] __irq_exit_rcu+0x18c/0x550 [ 1676.633948][ T5852] irq_exit_rcu+0x10/0xf8 [ 1676.635321][ T5852] handle_riscv_irq+0x40/0x4c [ 1676.636836][ T5852] call_on_irq_stack+0x32/0x40 [ 1676.638401][ T5852] Modules linked in: [ 1676.639944][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz.2.552 Tainted: G B 6.14.0-rc1-syzkaller-g245aece3750d #0 [ 1676.640556][ T5852] Tainted: [B]=BAD_PAGE [ 1676.640706][ T5852] Hardware name: riscv-virtio,qemu (DT) [ 1676.640877][ T5852] Call Trace: [ 1676.641038][ T5852] [] dump_backtrace+0x2e/0x3c [ 1676.641603][ T5852] [] show_stack+0x30/0x3c [ 1676.642012][ T5852] [] dump_stack_lvl+0x12e/0x1a6 [ 1676.642584][ T5852] [] dump_stack+0x1c/0x24 [ 1676.643127][ T5852] [] bad_page+0x266/0x2d8 [ 1676.643716][ T5852] [] free_frozen_pages+0xb82/0x155c [ 1676.644145][ T5852] [] page_frag_free+0x336/0x382 [ 1676.644619][ T5852] [] __xdp_return+0x336/0xa02 [ 1676.645181][ T5852] [] bpf_xdp_adjust_tail+0x9c8/0xf50 [ 1676.645724][ T5852] [] bpf_prog_f476d5219b92964a+0x28/0x36 [ 1676.646100][ T5852] [] bpf_dispatcher_xdp_func+0x22/0x32 [ 1676.646629][ T5852] [] bpf_prog_run_generic_xdp+0x6ba/0x166a [ 1676.647057][ T5852] [] do_xdp_generic+0x7e2/0xf14 [ 1676.647447][ T5852] [] tun_get_user+0x1e26/0x41f4 [ 1676.647967][ T5852] [] tun_chr_write_iter+0xc4/0x1e2 [ 1676.648495][ T5852] [] vfs_write+0x56c/0xa9a [ 1676.648911][ T5852] [] ksys_write+0x126/0x226 [ 1676.649346][ T5852] [] __riscv_sys_write+0x6e/0x94 [ 1676.649808][ T5852] [] syscall_handler+0x94/0x118 [ 1676.650263][ T5852] [] do_trap_ecall_u+0x1aa/0x216 [ 1676.650816][ T5852] [] handle_exception+0x146/0x152 [ 1676.668660][ T5852] BUG: Bad page state in process syz.2.552 pfn:99007 [ 1676.670156][ T5852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffaf8000000000 pfn:0x99007 [ 1676.672320][ T5852] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 1676.674027][ T5852] raw: 0ffe000000000000 dead000000000040 ffffaf8011f15000 0000000000000000 [ 1676.675639][ T5852] raw: ffffaf8000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 1676.677020][ T5852] page dumped because: page_pool leak [ 1676.678218][ T5852] page_owner tracks the page as allocated [ 1676.679351][ T5852] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 4089, tgid 4087 (syz.0.72), ts 635432611300, free_ts 627992857700 [ 1676.682112][ T5852] __set_page_owner+0xa2/0x710 [ 1676.683616][ T5852] post_alloc_hook+0xea/0x1e2 [ 1676.684903][ T5852] get_page_from_freelist+0xf78/0x2bd6 [ 1676.686311][ T5852] __alloc_frozen_pages_noprof+0x1e8/0x20fc [ 1676.687716][ T5852] alloc_pages_bulk_noprof+0x580/0x10a8 [ 1676.689080][ T5852] __page_pool_alloc_pages_slow+0x18c/0xc4e [ 1676.691313][ T5852] page_pool_alloc_netmems+0xc0/0x158 [ 1676.692906][ T5852] skb_pp_cow_data+0x8be/0xfe2 [ 1676.694392][ T5852] skb_cow_data_for_xdp+0x8a/0xbc [ 1676.695893][ T5852] do_xdp_generic+0x500/0xf14 [ 1676.697229][ T5852] tun_get_user+0x1e26/0x41f4 [ 1676.698709][ T5852] tun_chr_write_iter+0xc4/0x1e2 [ 1676.700198][ T5852] vfs_write+0x56c/0xa9a [ 1676.702223][ T5852] ksys_write+0x126/0x226 [ 1676.703585][ T5852] __riscv_sys_write+0x6e/0x94 [ 1676.704962][ T5852] syscall_handler+0x94/0x118 [ 1676.706394][ T5852] page last free pid 3856 tgid 3856 stack trace: [ 1676.707690][ T5852] __reset_page_owner+0x8c/0x400 [ 1676.709157][ T5852] free_frozen_pages+0x96a/0x155c [ 1676.711254][ T5852] __free_pages+0x13a/0x1ba [ 1676.712623][ T5852] tlb_remove_table_rcu+0xde/0x160 [ 1676.714144][ T5852] rcu_core+0xa24/0x1ea0 [ 1676.715637][ T5852] rcu_core_si+0xc/0x14 [ 1676.717097][ T5852] handle_softirqs+0x4b2/0x132e [ 1676.718534][ T5852] __irq_exit_rcu+0x18c/0x550 [ 1676.719876][ T5852] irq_exit_rcu+0x10/0xf8 [ 1676.721976][ T5852] handle_riscv_irq+0x40/0x4c [ 1676.723548][ T5852] call_on_irq_stack+0x32/0x40 [ 1676.725169][ T5852] Modules linked in: [ 1676.726748][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz.2.552 Tainted: G B 6.14.0-rc1-syzkaller-g245aece3750d #0 [ 1676.727299][ T5852] Tainted: [B]=BAD_PAGE [ 1676.727441][ T5852] Hardware name: riscv-virtio,qemu (DT) [ 1676.727607][ T5852] Call Trace: [ 1676.727753][ T5852] [] dump_backtrace+0x2e/0x3c [ 1676.728240][ T5852] [] show_stack+0x30/0x3c [ 1676.728633][ T5852] [] dump_stack_lvl+0x12e/0x1a6 [ 1676.729213][ T5852] [] dump_stack+0x1c/0x24 [ 1676.729788][ T5852] [] bad_page+0x266/0x2d8 [ 1676.730417][ T5852] [] free_frozen_pages+0xb82/0x155c [ 1676.730842][ T5852] [] page_frag_free+0x336/0x382 [ 1676.731297][ T5852] [] __xdp_return+0x336/0xa02 [ 1676.731847][ T5852] [] bpf_xdp_adjust_tail+0x9c8/0xf50 [ 1676.732333][ T5852] [] bpf_prog_f476d5219b92964a+0x28/0x36 [ 1676.732697][ T5852] [] bpf_dispatcher_xdp_func+0x22/0x32 [ 1676.733221][ T5852] [] bpf_prog_run_generic_xdp+0x6ba/0x166a [ 1676.733676][ T5852] [] do_xdp_generic+0x7e2/0xf14 [ 1676.734079][ T5852] [] tun_get_user+0x1e26/0x41f4 [ 1676.734608][ T5852] [] tun_chr_write_iter+0xc4/0x1e2 [ 1676.735165][ T5852] [] vfs_write+0x56c/0xa9a [ 1676.735595][ T5852] [] ksys_write+0x126/0x226 [ 1676.736002][ T5852] [] __riscv_sys_write+0x6e/0x94 [ 1676.736442][ T5852] [] syscall_handler+0x94/0x118 [ 1676.736879][ T5852] [] do_trap_ecall_u+0x1aa/0x216 [ 1676.737485][ T5852] [] handle_exception+0x146/0x152 [ 1676.755639][ T5852] BUG: Bad page state in process syz.2.552 pfn:a0e2e [ 1676.757073][ T5852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa0e2e [ 1676.758677][ T5852] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 1676.760304][ T5852] raw: 0ffe000000000000 dead000000000040 ffffaf8011f15000 0000000000000000 [ 1676.762465][ T5852] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 1676.763898][ T5852] page dumped because: page_pool leak [ 1676.765117][ T5852] page_owner tracks the page as allocated [ 1676.766343][ T5852] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 4089, tgid 4087 (syz.0.72), ts 635432746300, free_ts 627992234500 [ 1676.768398][ T5852] __set_page_owner+0xa2/0x710 [ 1676.769899][ T5852] post_alloc_hook+0xea/0x1e2 [ 1676.771852][ T5852] get_page_from_freelist+0xf78/0x2bd6 [ 1676.773356][ T5852] __alloc_frozen_pages_noprof+0x1e8/0x20fc [ 1676.774880][ T5852] alloc_pages_bulk_noprof+0x580/0x10a8 [ 1676.776370][ T5852] __page_pool_alloc_pages_slow+0x18c/0xc4e [ 1676.778033][ T5852] page_pool_alloc_netmems+0xc0/0x158 [ 1676.779619][ T5852] skb_pp_cow_data+0x8be/0xfe2 [ 1676.781748][ T5852] skb_cow_data_for_xdp+0x8a/0xbc [ 1676.783266][ T5852] do_xdp_generic+0x500/0xf14 [ 1676.784606][ T5852] tun_get_user+0x1e26/0x41f4 [ 1676.786075][ T5852] tun_chr_write_iter+0xc4/0x1e2 [ 1676.787606][ T5852] vfs_write+0x56c/0xa9a [ 1676.789016][ T5852] ksys_write+0x126/0x226 [ 1676.791039][ T5852] __riscv_sys_write+0x6e/0x94 [ 1676.792439][ T5852] syscall_handler+0x94/0x118 [ 1676.793830][ T5852] page last free pid 3856 tgid 3856 stack trace: [ 1676.795086][ T5852] __reset_page_owner+0x8c/0x400 [ 1676.796523][ T5852] free_frozen_pages+0x96a/0x155c [ 1676.797857][ T5852] __free_pages+0x13a/0x1ba [ 1676.799156][ T5852] tlb_remove_table_rcu+0xde/0x160 [ 1676.801428][ T5852] rcu_core+0xa24/0x1ea0 [ 1676.802930][ T5852] rcu_core_si+0xc/0x14 [ 1676.804384][ T5852] handle_softirqs+0x4b2/0x132e [ 1676.805738][ T5852] __irq_exit_rcu+0x18c/0x550 [ 1676.807047][ T5852] irq_exit_rcu+0x10/0xf8 [ 1676.808341][ T5852] handle_riscv_irq+0x40/0x4c [ 1676.809847][ T5852] call_on_irq_stack+0x32/0x40 [ 1676.812069][ T5852] Modules linked in: [ 1676.813702][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz.2.552 Tainted: G B 6.14.0-rc1-syzkaller-g245aece3750d #0 [ 1676.814267][ T5852] Tainted: [B]=BAD_PAGE [ 1676.814422][ T5852] Hardware name: riscv-virtio,qemu (DT) [ 1676.814593][ T5852] Call Trace: [ 1676.814748][ T5852] [] dump_backtrace+0x2e/0x3c [ 1676.815294][ T5852] [] show_stack+0x30/0x3c [ 1676.815697][ T5852] [] dump_stack_lvl+0x12e/0x1a6 [ 1676.816274][ T5852] [] dump_stack+0x1c/0x24 [ 1676.816824][ T5852] [] bad_page+0x266/0x2d8 [ 1676.817451][ T5852] [] free_frozen_pages+0xb82/0x155c [ 1676.817882][ T5852] [] page_frag_free+0x336/0x382 [ 1676.818350][ T5852] [] __xdp_return+0x336/0xa02 [ 1676.818905][ T5852] [] bpf_xdp_adjust_tail+0x9c8/0xf50 [ 1676.819398][ T5852] [] bpf_prog_f476d5219b92964a+0x28/0x36 [ 1676.819773][ T5852] [] bpf_dispatcher_xdp_func+0x22/0x32 [ 1676.820302][ T5852] [] bpf_prog_run_generic_xdp+0x6ba/0x166a [ 1676.820781][ T5852] [] do_xdp_generic+0x7e2/0xf14 [ 1676.821209][ T5852] [] tun_get_user+0x1e26/0x41f4 [ 1676.821774][ T5852] [] tun_chr_write_iter+0xc4/0x1e2 [ 1676.822308][ T5852] [] vfs_write+0x56c/0xa9a [ 1676.822731][ T5852] [] ksys_write+0x126/0x226 [ 1676.823158][ T5852] [] __riscv_sys_write+0x6e/0x94 [ 1676.823590][ T5852] [] syscall_handler+0x94/0x118 [ 1676.824034][ T5852] [] do_trap_ecall_u+0x1aa/0x216 [ 1676.824616][ T5852] [] handle_exception+0x146/0x152 [ 1676.843846][ T5852] BUG: Bad page state in process syz.2.552 pfn:98ab4 [ 1676.845389][ T5852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffaf8000000000 pfn:0x98ab4 [ 1676.847101][ T5852] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 1676.848782][ T5852] raw: 0ffe000000000000 dead000000000040 ffffaf8011f15000 0000000000000000 [ 1676.851146][ T5852] raw: ffffaf8000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 1676.852769][ T5852] page dumped because: page_pool leak [ 1676.854101][ T5852] page_owner tracks the page as allocated [ 1676.855359][ T5852] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 4089, tgid 4087 (syz.0.72), ts 635432879200, free_ts 627944564200 [ 1676.857646][ T5852] __set_page_owner+0xa2/0x710 [ 1676.859174][ T5852] post_alloc_hook+0xea/0x1e2 [ 1676.861206][ T5852] get_page_from_freelist+0xf78/0x2bd6 [ 1676.862788][ T5852] __alloc_frozen_pages_noprof+0x1e8/0x20fc [ 1676.864300][ T5852] alloc_pages_bulk_noprof+0x580/0x10a8 [ 1676.865828][ T5852] __page_pool_alloc_pages_slow+0x18c/0xc4e [ 1676.867504][ T5852] page_pool_alloc_netmems+0xc0/0x158 [ 1676.869122][ T5852] skb_pp_cow_data+0x8be/0xfe2 [ 1676.871286][ T5852] skb_cow_data_for_xdp+0x8a/0xbc [ 1676.872882][ T5852] do_xdp_generic+0x500/0xf14 [ 1676.874365][ T5852] tun_get_user+0x1e26/0x41f4 [ 1676.875900][ T5852] tun_chr_write_iter+0xc4/0x1e2 [ 1676.877457][ T5852] vfs_write+0x56c/0xa9a [ 1676.878849][ T5852] ksys_write+0x126/0x226 [ 1676.880245][ T5852] __riscv_sys_write+0x6e/0x94 [ 1676.882180][ T5852] syscall_handler+0x94/0x118 [ 1676.883652][ T5852] page last free pid 4071 tgid 4070 stack trace: [ 1676.885018][ T5852] __reset_page_owner+0x8c/0x400 [ 1676.886565][ T5852] free_frozen_pages+0x96a/0x155c [ 1676.887947][ T5852] __free_pages+0x13a/0x1ba [ 1676.889323][ T5852] free_pages.part.0+0x268/0x4c6 [ 1676.891443][ T5852] free_pages+0xe/0x18 [ 1676.892831][ T5852] tlb_finish_mmu+0x20c/0x7e4 [ 1676.894413][ T5852] exit_mmap+0x394/0xcf4 [ 1676.896268][ T5852] __mmput+0xfe/0x3ac [ 1676.897718][ T5852] mmput+0x74/0x88 [ 1676.899063][ T5852] do_exit+0x8fc/0x2966 [ 1676.901310][ T5852] do_group_exit+0xd4/0x26c [ 1676.902929][ T5852] get_signal+0x1f4e/0x22e0 [ 1676.904303][ T5852] arch_do_signal_or_restart+0x77c/0x207a [ 1676.905848][ T5852] syscall_exit_to_user_mode+0x222/0x2a4 [ 1676.907502][ T5852] do_trap_ecall_u+0x86/0x216 [ 1676.909013][ T5852] handle_exception+0x146/0x152 [ 1676.911329][ T5852] Modules linked in: [ 1676.912972][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz.2.552 Tainted: G B 6.14.0-rc1-syzkaller-g245aece3750d #0 [ 1676.913593][ T5852] Tainted: [B]=BAD_PAGE [ 1676.913741][ T5852] Hardware name: riscv-virtio,qemu (DT) [ 1676.913908][ T5852] Call Trace: [ 1676.914059][ T5852] [] dump_backtrace+0x2e/0x3c [ 1676.914582][ T5852] [] show_stack+0x30/0x3c [ 1676.914987][ T5852] [] dump_stack_lvl+0x12e/0x1a6 [ 1676.915616][ T5852] [] dump_stack+0x1c/0x24 [ 1676.916175][ T5852] [] bad_page+0x266/0x2d8 [ 1676.916776][ T5852] [] free_frozen_pages+0xb82/0x155c [ 1676.917230][ T5852] [] page_frag_free+0x336/0x382 [ 1676.917740][ T5852] [] __xdp_return+0x336/0xa02 [ 1676.918317][ T5852] [] bpf_xdp_adjust_tail+0x9c8/0xf50 [ 1676.918794][ T5852] [] bpf_prog_f476d5219b92964a+0x28/0x36 [ 1676.919186][ T5852] [] bpf_dispatcher_xdp_func+0x22/0x32 [ 1676.919715][ T5852] [] bpf_prog_run_generic_xdp+0x6ba/0x166a [ 1676.920137][ T5852] [] do_xdp_generic+0x7e2/0xf14 [ 1676.920610][ T5852] [] tun_get_user+0x1e26/0x41f4 [ 1676.921129][ T5852] [] tun_chr_write_iter+0xc4/0x1e2 [ 1676.921705][ T5852] [] vfs_write+0x56c/0xa9a [ 1676.922117][ T5852] [] ksys_write+0x126/0x226 [ 1676.922542][ T5852] [] __riscv_sys_write+0x6e/0x94 [ 1676.922974][ T5852] [] syscall_handler+0x94/0x118 [ 1676.923441][ T5852] [] do_trap_ecall_u+0x1aa/0x216 [ 1676.924024][ T5852] [] handle_exception+0x146/0x152 [ 1676.942835][ T5852] BUG: Bad page state in process syz.2.552 pfn:98da4 [ 1676.944363][ T5852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffaf8018da4dc0 pfn:0x98da4 [ 1676.945982][ T5852] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 1676.947566][ T5852] raw: 0ffe000000000000 dead000000000040 ffffaf8011f15000 0000000000000000 [ 1676.949135][ T5852] raw: ffffaf8018da4dc0 0000000000000001 00000000ffffffff 0000000000000000 [ 1676.951281][ T5852] page dumped because: page_pool leak [ 1676.952491][ T5852] page_owner tracks the page as allocated [ 1676.953670][ T5852] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 4089, tgid 4087 (syz.0.72), ts 635433014000, free_ts 627944445400 [ 1676.955897][ T5852] __set_page_owner+0xa2/0x710 [ 1676.957467][ T5852] post_alloc_hook+0xea/0x1e2 [ 1676.958820][ T5852] get_page_from_freelist+0xf78/0x2bd6 [ 1676.960936][ T5852] __alloc_frozen_pages_noprof+0x1e8/0x20fc [ 1676.962563][ T5852] alloc_pages_bulk_noprof+0x580/0x10a8 [ 1676.964035][ T5852] __page_pool_alloc_pages_slow+0x18c/0xc4e [ 1676.965699][ T5852] page_pool_alloc_netmems+0xc0/0x158 [ 1676.967264][ T5852] skb_pp_cow_data+0x8be/0xfe2 [ 1676.968673][ T5852] skb_cow_data_for_xdp+0x8a/0xbc [ 1676.970131][ T5852] do_xdp_generic+0x500/0xf14 [ 1676.972109][ T5852] tun_get_user+0x1e26/0x41f4 [ 1676.973658][ T5852] tun_chr_write_iter+0xc4/0x1e2 [ 1676.975106][ T5852] vfs_write+0x56c/0xa9a [ 1676.976427][ T5852] ksys_write+0x126/0x226 [ 1676.977741][ T5852] __riscv_sys_write+0x6e/0x94 [ 1676.979056][ T5852] syscall_handler+0x94/0x118 [ 1676.980993][ T5852] page last free pid 4071 tgid 4070 stack trace: [ 1676.982338][ T5852] __reset_page_owner+0x8c/0x400 [ 1676.983773][ T5852] free_frozen_pages+0x96a/0x155c [ 1676.985125][ T5852] __free_pages+0x13a/0x1ba [ 1676.986458][ T5852] free_pages.part.0+0x268/0x4c6 [ 1676.987768][ T5852] free_pages+0xe/0x18 [ 1676.989036][ T5852] tlb_finish_mmu+0x20c/0x7e4 [ 1676.991171][ T5852] exit_mmap+0x394/0xcf4 [ 1676.992622][ T5852] __mmput+0xfe/0x3ac [ 1676.994050][ T5852] mmput+0x74/0x88 [ 1676.995399][ T5852] do_exit+0x8fc/0x2966 [ 1676.996864][ T5852] do_group_exit+0xd4/0x26c [ 1676.998443][ T5852] get_signal+0x1f4e/0x22e0 [ 1676.999769][ T5852] arch_do_signal_or_restart+0x77c/0x207a [ 1677.001963][ T5852] syscall_exit_to_user_mode+0x222/0x2a4 [ 1677.003593][ T5852] do_trap_ecall_u+0x86/0x216 [ 1677.005149][ T5852] handle_exception+0x146/0x152 [ 1677.006734][ T5852] Modules linked in: [ 1677.008298][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz.2.552 Tainted: G B 6.14.0-rc1-syzkaller-g245aece3750d #0 [ 1677.008858][ T5852] Tainted: [B]=BAD_PAGE [ 1677.009010][ T5852] Hardware name: riscv-virtio,qemu (DT) [ 1677.009182][ T5852] Call Trace: [ 1677.009353][ T5852] [] dump_backtrace+0x2e/0x3c [ 1677.009881][ T5852] [] show_stack+0x30/0x3c [ 1677.010282][ T5852] [] dump_stack_lvl+0x12e/0x1a6 [ 1677.010881][ T5852] [] dump_stack+0x1c/0x24 [ 1677.011429][ T5852] [] bad_page+0x266/0x2d8 [ 1677.011991][ T5852] [] free_frozen_pages+0xb82/0x155c [ 1677.012414][ T5852] [] page_frag_free+0x336/0x382 [ 1677.012858][ T5852] [] __xdp_return+0x336/0xa02 [ 1677.013462][ T5852] [] bpf_xdp_adjust_tail+0x9c8/0xf50 [ 1677.013933][ T5852] [] bpf_prog_f476d5219b92964a+0x28/0x36 [ 1677.014311][ T5852] [] bpf_dispatcher_xdp_func+0x22/0x32 [ 1677.014818][ T5852] [] bpf_prog_run_generic_xdp+0x6ba/0x166a [ 1677.015272][ T5852] [] do_xdp_generic+0x7e2/0xf14 [ 1677.015661][ T5852] [] tun_get_user+0x1e26/0x41f4 [ 1677.016170][ T5852] [] tun_chr_write_iter+0xc4/0x1e2 [ 1677.016698][ T5852] [] vfs_write+0x56c/0xa9a [ 1677.017109][ T5852] [] ksys_write+0x126/0x226 [ 1677.017576][ T5852] [] __riscv_sys_write+0x6e/0x94 [ 1677.018017][ T5852] [] syscall_handler+0x94/0x118 [ 1677.018479][ T5852] [] do_trap_ecall_u+0x1aa/0x216 [ 1677.019052][ T5852] [] handle_exception+0x146/0x152 [ 1677.038335][ T5852] BUG: Bad page state in process syz.2.552 pfn:9b278 [ 1677.039792][ T5852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffaf8000000000 pfn:0x9b278 [ 1677.041949][ T5852] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 1677.043592][ T5852] raw: 0ffe000000000000 dead000000000040 ffffaf8011f15000 0000000000000000 [ 1677.045177][ T5852] raw: ffffaf8000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 1677.046620][ T5852] page dumped because: page_pool leak [ 1677.047776][ T5852] page_owner tracks the page as allocated [ 1677.049000][ T5852] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 4089, tgid 4087 (syz.0.72), ts 635433184900, free_ts 627944325800 [ 1677.051831][ T5852] __set_page_owner+0xa2/0x710 [ 1677.053347][ T5852] post_alloc_hook+0xea/0x1e2 [ 1677.054781][ T5852] get_page_from_freelist+0xf78/0x2bd6 [ 1677.056269][ T5852] __alloc_frozen_pages_noprof+0x1e8/0x20fc [ 1677.057774][ T5852] alloc_pages_bulk_noprof+0x580/0x10a8 [ 1677.059265][ T5852] __page_pool_alloc_pages_slow+0x18c/0xc4e [ 1677.061574][ T5852] page_pool_alloc_netmems+0xc0/0x158 [ 1677.063152][ T5852] skb_pp_cow_data+0x8be/0xfe2 [ 1677.064595][ T5852] skb_cow_data_for_xdp+0x8a/0xbc [ 1677.066068][ T5852] do_xdp_generic+0x500/0xf14 [ 1677.067395][ T5852] tun_get_user+0x1e26/0x41f4 [ 1677.068837][ T5852] tun_chr_write_iter+0xc4/0x1e2 [ 1677.070933][ T5852] vfs_write+0x56c/0xa9a [ 1677.072318][ T5852] ksys_write+0x126/0x226 [ 1677.073712][ T5852] __riscv_sys_write+0x6e/0x94 [ 1677.075086][ T5852] syscall_handler+0x94/0x118 [ 1677.076510][ T5852] page last free pid 4071 tgid 4070 stack trace: [ 1677.077885][ T5852] __reset_page_owner+0x8c/0x400 [ 1677.079369][ T5852] free_frozen_pages+0x96a/0x155c [ 1677.081468][ T5852] __free_pages+0x13a/0x1ba [ 1677.082847][ T5852] free_pages.part.0+0x268/0x4c6 [ 1677.084232][ T5852] free_pages+0xe/0x18 [ 1677.085592][ T5852] tlb_finish_mmu+0x20c/0x7e4 [ 1677.087105][ T5852] exit_mmap+0x394/0xcf4 [ 1677.088541][ T5852] __mmput+0xfe/0x3ac [ 1677.089922][ T5852] mmput+0x74/0x88 [ 1677.091871][ T5852] do_exit+0x8fc/0x2966 [ 1677.093343][ T5852] do_group_exit+0xd4/0x26c [ 1677.094857][ T5852] get_signal+0x1f4e/0x22e0 [ 1677.096175][ T5852] arch_do_signal_or_restart+0x77c/0x207a [ 1677.097641][ T5852] syscall_exit_to_user_mode+0x222/0x2a4 [ 1677.099224][ T5852] do_trap_ecall_u+0x86/0x216 [ 1677.101338][ T5852] handle_exception+0x146/0x152 [ 1677.102936][ T5852] Modules linked in: [ 1677.104515][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz.2.552 Tainted: G B 6.14.0-rc1-syzkaller-g245aece3750d #0 [ 1677.105064][ T5852] Tainted: [B]=BAD_PAGE [ 1677.105227][ T5852] Hardware name: riscv-virtio,qemu (DT) [ 1677.105439][ T5852] Call Trace: [ 1677.105595][ T5852] [] dump_backtrace+0x2e/0x3c [ 1677.106060][ T5852] [] show_stack+0x30/0x3c [ 1677.106470][ T5852] [] dump_stack_lvl+0x12e/0x1a6 [ 1677.107038][ T5852] [] dump_stack+0x1c/0x24 [ 1677.107596][ T5852] [] bad_page+0x266/0x2d8 [ 1677.108167][ T5852] [] free_frozen_pages+0xb82/0x155c [ 1677.108604][ T5852] [] page_frag_free+0x336/0x382 [ 1677.109046][ T5852] [] __xdp_return+0x336/0xa02 [ 1677.109633][ T5852] [] bpf_xdp_adjust_tail+0x9c8/0xf50 [ 1677.110122][ T5852] [] bpf_prog_f476d5219b92964a+0x28/0x36 [ 1677.110573][ T5852] [] bpf_dispatcher_xdp_func+0x22/0x32 [ 1677.111096][ T5852] [] bpf_prog_run_generic_xdp+0x6ba/0x166a [ 1677.111534][ T5852] [] do_xdp_generic+0x7e2/0xf14 [ 1677.111930][ T5852] [] tun_get_user+0x1e26/0x41f4 [ 1677.112457][ T5852] [] tun_chr_write_iter+0xc4/0x1e2 [ 1677.112988][ T5852] [] vfs_write+0x56c/0xa9a [ 1677.113459][ T5852] [] ksys_write+0x126/0x226 [ 1677.113878][ T5852] [] __riscv_sys_write+0x6e/0x94 [ 1677.114323][ T5852] [] syscall_handler+0x94/0x118 [ 1677.114776][ T5852] [] do_trap_ecall_u+0x1aa/0x216 [ 1677.115384][ T5852] [] handle_exception+0x146/0x152 [ 1677.133788][ T5852] BUG: Bad page state in process syz.2.552 pfn:a0619 [ 1677.135325][ T5852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffaf8000000000 pfn:0xa0619 [ 1677.136961][ T5852] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 1677.138617][ T5852] raw: 0ffe000000000000 dead000000000040 ffffaf8011f15000 0000000000000000 [ 1677.140137][ T5852] raw: ffffaf8000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 1677.142185][ T5852] page dumped because: page_pool leak [ 1677.143398][ T5852] page_owner tracks the page as allocated [ 1677.144530][ T5852] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 4089, tgid 4087 (syz.0.72), ts 635433459400, free_ts 627944075800 [ 1677.146665][ T5852] __set_page_owner+0xa2/0x710 [ 1677.148141][ T5852] post_alloc_hook+0xea/0x1e2 [ 1677.149516][ T5852] get_page_from_freelist+0xf78/0x2bd6 [ 1677.151570][ T5852] __alloc_frozen_pages_noprof+0x1e8/0x20fc [ 1677.153114][ T5852] alloc_pages_bulk_noprof+0x580/0x10a8 [ 1677.154626][ T5852] __page_pool_alloc_pages_slow+0x18c/0xc4e [ 1677.156299][ T5852] page_pool_alloc_netmems+0xc0/0x158 [ 1677.157927][ T5852] skb_pp_cow_data+0x8be/0xfe2 [ 1677.159378][ T5852] skb_cow_data_for_xdp+0x8a/0xbc [ 1677.161559][ T5852] do_xdp_generic+0x500/0xf14 [ 1677.162950][ T5852] tun_get_user+0x1e26/0x41f4 [ 1677.164488][ T5852] tun_chr_write_iter+0xc4/0x1e2 [ 1677.166044][ T5852] vfs_write+0x56c/0xa9a [ 1677.167452][ T5852] ksys_write+0x126/0x226 [ 1677.168805][ T5852] __riscv_sys_write+0x6e/0x94 [ 1677.170244][ T5852] syscall_handler+0x94/0x118 [ 1677.172114][ T5852] page last free pid 4071 tgid 4070 stack trace: [ 1677.173508][ T5852] __reset_page_owner+0x8c/0x400 [ 1677.175024][ T5852] free_frozen_pages+0x96a/0x155c [ 1677.176457][ T5852] __free_pages+0x13a/0x1ba [ 1677.177878][ T5852] free_pages.part.0+0x268/0x4c6 [ 1677.179369][ T5852] free_pages+0xe/0x18 [ 1677.181539][ T5852] tlb_finish_mmu+0x20c/0x7e4 [ 1677.183180][ T5852] exit_mmap+0x394/0xcf4 [ 1677.184763][ T5852] __mmput+0xfe/0x3ac [ 1677.186241][ T5852] mmput+0x74/0x88 [ 1677.187670][ T5852] do_exit+0x8fc/0x2966 [ 1677.189212][ T5852] do_group_exit+0xd4/0x26c [ 1677.191606][ T5852] get_signal+0x1f4e/0x22e0 [ 1677.192990][ T5852] arch_do_signal_or_restart+0x77c/0x207a [ 1677.194517][ T5852] syscall_exit_to_user_mode+0x222/0x2a4 [ 1677.196184][ T5852] do_trap_ecall_u+0x86/0x216 [ 1677.197758][ T5852] handle_exception+0x146/0x152 [ 1677.199297][ T5852] Modules linked in: [ 1677.201820][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz.2.552 Tainted: G B 6.14.0-rc1-syzkaller-g245aece3750d #0 [ 1677.202418][ T5852] Tainted: [B]=BAD_PAGE [ 1677.202585][ T5852] Hardware name: riscv-virtio,qemu (DT) [ 1677.202765][ T5852] Call Trace: [ 1677.202935][ T5852] [] dump_backtrace+0x2e/0x3c [ 1677.203450][ T5852] [] show_stack+0x30/0x3c [ 1677.203830][ T5852] [] dump_stack_lvl+0x12e/0x1a6 [ 1677.204374][ T5852] [] dump_stack+0x1c/0x24 [ 1677.204912][ T5852] [] bad_page+0x266/0x2d8 [ 1677.205496][ T5852] [] free_frozen_pages+0xb82/0x155c [ 1677.205916][ T5852] [] page_frag_free+0x336/0x382 [ 1677.206348][ T5852] [] __xdp_return+0x336/0xa02 [ 1677.206936][ T5852] [] bpf_xdp_adjust_tail+0x9c8/0xf50 [ 1677.207407][ T5852] [] bpf_prog_f476d5219b92964a+0x28/0x36 [ 1677.207782][ T5852] [] bpf_dispatcher_xdp_func+0x22/0x32 [ 1677.208267][ T5852] [] bpf_prog_run_generic_xdp+0x6ba/0x166a [ 1677.208701][ T5852] [] do_xdp_generic+0x7e2/0xf14 [ 1677.209128][ T5852] [] tun_get_user+0x1e26/0x41f4 [ 1677.209672][ T5852] [] tun_chr_write_iter+0xc4/0x1e2 [ 1677.210165][ T5852] [] vfs_write+0x56c/0xa9a [ 1677.210638][ T5852] [] ksys_write+0x126/0x226 [ 1677.211046][ T5852] [] __riscv_sys_write+0x6e/0x94 [ 1677.211485][ T5852] [] syscall_handler+0x94/0x118 [ 1677.211901][ T5852] [] do_trap_ecall_u+0x1aa/0x216 [ 1677.212446][ T5852] [] handle_exception+0x146/0x152 [ 1677.233544][ T5852] BUG: Bad page state in process syz.2.552 pfn:9c75f [ 1677.235158][ T5852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffaf8000000000 pfn:0x9c75f [ 1677.236817][ T5852] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 1677.238607][ T5852] raw: 0ffe000000000000 dead000000000040 ffffaf8011f15000 0000000000000000 [ 1677.240329][ T5852] raw: ffffaf8000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 1677.243331][ T5852] page dumped because: page_pool leak [ 1677.244589][ T5852] page_owner tracks the page as allocated [ 1677.245838][ T5852] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 4089, tgid 4087 (syz.0.72), ts 635433612600, free_ts 627943950700 [ 1677.248138][ T5852] __set_page_owner+0xa2/0x710 [ 1677.249724][ T5852] post_alloc_hook+0xea/0x1e2 [ 1677.251705][ T5852] get_page_from_freelist+0xf78/0x2bd6 [ 1677.253257][ T5852] __alloc_frozen_pages_noprof+0x1e8/0x20fc [ 1677.254878][ T5852] alloc_pages_bulk_noprof+0x580/0x10a8 [ 1677.256313][ T5852] __page_pool_alloc_pages_slow+0x18c/0xc4e [ 1677.258178][ T5852] page_pool_alloc_netmems+0xc0/0x158 [ 1677.259803][ T5852] skb_pp_cow_data+0x8be/0xfe2 [ 1677.261920][ T5852] skb_cow_data_for_xdp+0x8a/0xbc [ 1677.263517][ T5852] do_xdp_generic+0x500/0xf14 [ 1677.264895][ T5852] tun_get_user+0x1e26/0x41f4 [ 1677.266367][ T5852] tun_chr_write_iter+0xc4/0x1e2 [ 1677.267860][ T5852] vfs_write+0x56c/0xa9a [ 1677.269239][ T5852] ksys_write+0x126/0x226 [ 1677.271176][ T5852] __riscv_sys_write+0x6e/0x94 [ 1677.272631][ T5852] syscall_handler+0x94/0x118 [ 1677.274117][ T5852] page last free pid 4071 tgid 4070 stack trace: [ 1677.275470][ T5852] __reset_page_owner+0x8c/0x400 [ 1677.276874][ T5852] free_frozen_pages+0x96a/0x155c [ 1677.278365][ T5852] __free_pages+0x13a/0x1ba [ 1677.279773][ T5852] free_pages.part.0+0x268/0x4c6 [ 1677.281790][ T5852] free_pages+0xe/0x18 [ 1677.283218][ T5852] tlb_finish_mmu+0x20c/0x7e4 [ 1677.284779][ T5852] exit_mmap+0x394/0xcf4 [ 1677.286257][ T5852] __mmput+0xfe/0x3ac [ 1677.287589][ T5852] mmput+0x74/0x88 [ 1677.288896][ T5852] do_exit+0x8fc/0x2966 [ 1677.290979][ T5852] do_group_exit+0xd4/0x26c [ 1677.292646][ T5852] get_signal+0x1f4e/0x22e0 [ 1677.294130][ T5852] arch_do_signal_or_restart+0x77c/0x207a [ 1677.295682][ T5852] syscall_exit_to_user_mode+0x222/0x2a4 [ 1677.297217][ T5852] do_trap_ecall_u+0x86/0x216 [ 1677.298856][ T5852] handle_exception+0x146/0x152 [ 1677.301016][ T5852] Modules linked in: [ 1677.302602][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz.2.552 Tainted: G B 6.14.0-rc1-syzkaller-g245aece3750d #0 [ 1677.303164][ T5852] Tainted: [B]=BAD_PAGE [ 1677.303317][ T5852] Hardware name: riscv-virtio,qemu (DT) [ 1677.303507][ T5852] Call Trace: [ 1677.303666][ T5852] [] dump_backtrace+0x2e/0x3c [ 1677.304163][ T5852] [] show_stack+0x30/0x3c [ 1677.304583][ T5852] [] dump_stack_lvl+0x12e/0x1a6 [ 1677.305601][ T5852] [] dump_stack+0x1c/0x24 [ 1677.306118][ T5852] [] bad_page+0x266/0x2d8 [ 1677.306667][ T5852] [] free_frozen_pages+0xb82/0x155c [ 1677.307081][ T5852] [] page_frag_free+0x336/0x382 [ 1677.307532][ T5852] [] __xdp_return+0x336/0xa02 [ 1677.308294][ T5852] [] bpf_xdp_adjust_tail+0x9c8/0xf50 [ 1677.308842][ T5852] [] bpf_prog_f476d5219b92964a+0x28/0x36 [ 1677.309229][ T5852] [] bpf_dispatcher_xdp_func+0x22/0x32 [ 1677.309815][ T5852] [] bpf_prog_run_generic_xdp+0x6ba/0x166a [ 1677.310257][ T5852] [] do_xdp_generic+0x7e2/0xf14 [ 1677.310709][ T5852] [] tun_get_user+0x1e26/0x41f4 [ 1677.311239][ T5852] [] tun_chr_write_iter+0xc4/0x1e2 [ 1677.311768][ T5852] [] vfs_write+0x56c/0xa9a [ 1677.312187][ T5852] [] ksys_write+0x126/0x226 [ 1677.312593][ T5852] [] __riscv_sys_write+0x6e/0x94 [ 1677.313016][ T5852] [] syscall_handler+0x94/0x118 [ 1677.313546][ T5852] [] do_trap_ecall_u+0x1aa/0x216 [ 1677.314144][ T5852] [] handle_exception+0x146/0x152 [ 1677.335535][ T5852] BUG: Bad page state in process syz.2.552 pfn:9bc90 [ 1677.336990][ T5852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffaf8000000000 pfn:0x9bc90 [ 1677.338760][ T5852] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 1677.341135][ T5852] raw: 0ffe000000000000 dead000000000040 ffffaf8011f15000 0000000000000000 [ 1677.342885][ T5852] raw: ffffaf8000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 1677.344565][ T5852] page dumped because: page_pool leak [ 1677.345858][ T5852] page_owner tracks the page as allocated [ 1677.347052][ T5852] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 4089, tgid 4087 (syz.0.72), ts 635433793200, free_ts 627943784700 [ 1677.349289][ T5852] __set_page_owner+0xa2/0x710 [ 1677.351820][ T5852] post_alloc_hook+0xea/0x1e2 [ 1677.353262][ T5852] get_page_from_freelist+0xf78/0x2bd6 [ 1677.355101][ T5852] __alloc_frozen_pages_noprof+0x1e8/0x20fc [ 1677.356612][ T5852] alloc_pages_bulk_noprof+0x580/0x10a8 [ 1677.358181][ T5852] __page_pool_alloc_pages_slow+0x18c/0xc4e [ 1677.359893][ T5852] page_pool_alloc_netmems+0xc0/0x158 [ 1677.362040][ T5852] skb_pp_cow_data+0x8be/0xfe2 [ 1677.363463][ T5852] skb_cow_data_for_xdp+0x8a/0xbc [ 1677.364962][ T5852] do_xdp_generic+0x500/0xf14 [ 1677.366729][ T5852] tun_get_user+0x1e26/0x41f4 [ 1677.368194][ T5852] tun_chr_write_iter+0xc4/0x1e2 [ 1677.369780][ T5852] vfs_write+0x56c/0xa9a [ 1677.371709][ T5852] ksys_write+0x126/0x226 [ 1677.373128][ T5852] __riscv_sys_write+0x6e/0x94 [ 1677.374629][ T5852] syscall_handler+0x94/0x118 [ 1677.376071][ T5852] page last free pid 4071 tgid 4070 stack trace: [ 1677.377439][ T5852] __reset_page_owner+0x8c/0x400 [ 1677.379007][ T5852] free_frozen_pages+0x96a/0x155c [ 1677.381012][ T5852] __free_pages+0x13a/0x1ba [ 1677.382521][ T5852] free_pages.part.0+0x268/0x4c6 [ 1677.383966][ T5852] free_pages+0xe/0x18 [ 1677.385348][ T5852] tlb_finish_mmu+0x20c/0x7e4 [ 1677.386853][ T5852] exit_mmap+0x394/0xcf4 [ 1677.388326][ T5852] __mmput+0xfe/0x3ac [ 1677.389741][ T5852] mmput+0x74/0x88 [ 1677.391684][ T5852] do_exit+0x8fc/0x2966 [ 1677.393652][ T5852] do_group_exit+0xd4/0x26c [ 1677.395256][ T5852] get_signal+0x1f4e/0x22e0 [ 1677.396562][ T5852] arch_do_signal_or_restart+0x77c/0x207a [ 1677.398057][ T5852] syscall_exit_to_user_mode+0x222/0x2a4 [ 1677.399722][ T5852] do_trap_ecall_u+0x86/0x216 [ 1677.401823][ T5852] handle_exception+0x146/0x152 [ 1677.403367][ T5852] Modules linked in: [ 1677.405018][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz.2.552 Tainted: G B 6.14.0-rc1-syzkaller-g245aece3750d #0 [ 1677.405642][ T5852] Tainted: [B]=BAD_PAGE [ 1677.405789][ T5852] Hardware name: riscv-virtio,qemu (DT) [ 1677.405961][ T5852] Call Trace: [ 1677.406108][ T5852] [] dump_backtrace+0x2e/0x3c [ 1677.406591][ T5852] [] show_stack+0x30/0x3c [ 1677.406975][ T5852] [] dump_stack_lvl+0x12e/0x1a6 [ 1677.407557][ T5852] [] dump_stack+0x1c/0x24 [ 1677.408118][ T5852] [] bad_page+0x266/0x2d8 [ 1677.408704][ T5852] [] free_frozen_pages+0xb82/0x155c [ 1677.409137][ T5852] [] page_frag_free+0x336/0x382 [ 1677.409668][ T5852] [] __xdp_return+0x336/0xa02 [ 1677.410242][ T5852] [] bpf_xdp_adjust_tail+0x9c8/0xf50 [ 1677.410831][ T5852] [] bpf_prog_f476d5219b92964a+0x28/0x36 [ 1677.411227][ T5852] [] bpf_dispatcher_xdp_func+0x22/0x32 [ 1677.411764][ T5852] [] bpf_prog_run_generic_xdp+0x6ba/0x166a [ 1677.412208][ T5852] [] do_xdp_generic+0x7e2/0xf14 [ 1677.412624][ T5852] [] tun_get_user+0x1e26/0x41f4 [ 1677.413158][ T5852] [] tun_chr_write_iter+0xc4/0x1e2 [ 1677.413747][ T5852] [] vfs_write+0x56c/0xa9a [ 1677.414156][ T5852] [] ksys_write+0x126/0x226 [ 1677.414594][ T5852] [] __riscv_sys_write+0x6e/0x94 [ 1677.415036][ T5852] [] syscall_handler+0x94/0x118 [ 1677.415526][ T5852] [] do_trap_ecall_u+0x1aa/0x216 [ 1677.416049][ T5852] [] handle_exception+0x146/0x152 [ 1677.435542][ T5852] BUG: Bad page state in process syz.2.552 pfn:9d9de [ 1677.436944][ T5852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffaf8000000000 pfn:0x9d9de [ 1677.438564][ T5852] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 1677.440248][ T5852] raw: 0ffe000000000000 dead000000000040 ffffaf8011f15000 0000000000000000 [ 1677.442368][ T5852] raw: ffffaf8000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 1677.443833][ T5852] page dumped because: page_pool leak [ 1677.445145][ T5852] page_owner tracks the page as allocated [ 1677.446302][ T5852] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 4089, tgid 4087 (syz.0.72), ts 635433936900, free_ts 627929977700 [ 1677.448399][ T5852] __set_page_owner+0xa2/0x710 [ 1677.449995][ T5852] post_alloc_hook+0xea/0x1e2 [ 1677.452034][ T5852] get_page_from_freelist+0xf78/0x2bd6 [ 1677.453829][ T5852] __alloc_frozen_pages_noprof+0x1e8/0x20fc [ 1677.455394][ T5852] alloc_pages_bulk_noprof+0x580/0x10a8 [ 1677.456777][ T5852] __page_pool_alloc_pages_slow+0x18c/0xc4e [ 1677.458461][ T5852] page_pool_alloc_netmems+0xc0/0x158 [ 1677.460006][ T5852] skb_pp_cow_data+0x8be/0xfe2 [ 1677.462034][ T5852] skb_cow_data_for_xdp+0x8a/0xbc [ 1677.463679][ T5852] do_xdp_generic+0x500/0xf14 [ 1677.465051][ T5852] tun_get_user+0x1e26/0x41f4 [ 1677.466604][ T5852] tun_chr_write_iter+0xc4/0x1e2 [ 1677.468231][ T5852] vfs_write+0x56c/0xa9a [ 1677.469677][ T5852] ksys_write+0x126/0x226 [ 1677.471662][ T5852] __riscv_sys_write+0x6e/0x94 [ 1677.473073][ T5852] syscall_handler+0x94/0x118 [ 1677.474551][ T5852] page last free pid 4071 tgid 4070 stack trace: [ 1677.475912][ T5852] __reset_page_owner+0x8c/0x400 [ 1677.477322][ T5852] free_frozen_pages+0x96a/0x155c [ 1677.479245][ T5852] __free_pages+0x13a/0x1ba [ 1677.481885][ T5852] free_pages.part.0+0x268/0x4c6 [ 1677.483387][ T5852] free_pages+0xe/0x18 [ 1677.484765][ T5852] tlb_finish_mmu+0x20c/0x7e4 [ 1677.486293][ T5852] exit_mmap+0x394/0xcf4 [ 1677.487827][ T5852] __mmput+0xfe/0x3ac [ 1677.489195][ T5852] mmput+0x74/0x88 [ 1677.491435][ T5852] do_exit+0x8fc/0x2966 [ 1677.493015][ T5852] do_group_exit+0xd4/0x26c [ 1677.494614][ T5852] get_signal+0x1f4e/0x22e0 [ 1677.495959][ T5852] arch_do_signal_or_restart+0x77c/0x207a [ 1677.497341][ T5852] syscall_exit_to_user_mode+0x222/0x2a4 [ 1677.499019][ T5852] do_trap_ecall_u+0x86/0x216 [ 1677.501302][ T5852] handle_exception+0x146/0x152 [ 1677.502927][ T5852] Modules linked in: [ 1677.504499][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz.2.552 Tainted: G B 6.14.0-rc1-syzkaller-g245aece3750d #0 [ 1677.505047][ T5852] Tainted: [B]=BAD_PAGE [ 1677.505213][ T5852] Hardware name: riscv-virtio,qemu (DT) [ 1677.505424][ T5852] Call Trace: [ 1677.505590][ T5852] [] dump_backtrace+0x2e/0x3c [ 1677.506053][ T5852] [] show_stack+0x30/0x3c [ 1677.506439][ T5852] [] dump_stack_lvl+0x12e/0x1a6 [ 1677.506991][ T5852] [] dump_stack+0x1c/0x24 [ 1677.507503][ T5852] [] bad_page+0x266/0x2d8 [ 1677.508066][ T5852] [] free_frozen_pages+0xb82/0x155c [ 1677.508515][ T5852] [] page_frag_free+0x336/0x382 [ 1677.508979][ T5852] [] __xdp_return+0x336/0xa02 [ 1677.509590][ T5852] [] bpf_xdp_adjust_tail+0x9c8/0xf50 [ 1677.510096][ T5852] [] bpf_prog_f476d5219b92964a+0x28/0x36 [ 1677.510543][ T5852] [] bpf_dispatcher_xdp_func+0x22/0x32 [ 1677.511063][ T5852] [] bpf_prog_run_generic_xdp+0x6ba/0x166a [ 1677.511517][ T5852] [] do_xdp_generic+0x7e2/0xf14 [ 1677.511931][ T5852] [] tun_get_user+0x1e26/0x41f4 [ 1677.512459][ T5852] [] tun_chr_write_iter+0xc4/0x1e2 [ 1677.513005][ T5852] [] vfs_write+0x56c/0xa9a [ 1677.513466][ T5852] [] ksys_write+0x126/0x226 [ 1677.513898][ T5852] [] __riscv_sys_write+0x6e/0x94 [ 1677.514346][ T5852] [] syscall_handler+0x94/0x118 [ 1677.514802][ T5852] [] do_trap_ecall_u+0x1aa/0x216 [ 1677.515413][ T5852] [] handle_exception+0x146/0x152 VM DIAGNOSIS: 12:49:09 Registers: info registers vcpu 0 CPU#0 V = 0 pc 000000008001c2de mhartid 0000000000000000 mstatus 0000000a00000920 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000000 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b109 mtvec 00000000800004f0 stvec ffffffff86268630 vstvec 0000000000000000 mepc ffffffff80088632 sepc ffffffff86266352 vsepc 0000000000000000 mcause 0000000000000009 scause 8000000000000009 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 000000008004a000 sscratch 0000000000000000 satp 9012b000000ae896 x0/zero 0000000000000000 x1/ra 000000008000135a x2/sp 0000000080049d18 x3/gp ffffffff89c1d3c0 x4/tp ffffaf801ac2cec0 x5/t0 0000000000000000 x6/t1 fffff5ef0ddb1f62 x7/t2 0000000000000005 x8/s0 0000000080049d28 x9/s1 0000000080049d68 x10/a0 0000000000000004 x11/a1 0000000080048150 x12/a2 0000000000000040 x13/a3 0000000100000000 x14/a4 0000000000000001 x15/a5 0000000002000004 x16/a6 0000000080040cd8 x17/a7 0000000000735049 x18/s2 0000000080043020 x19/s3 0000000080043028 x20/s4 000000008004a000 x21/s5 000000000000007f x22/s6 0000000080043268 x23/s7 0000000080043270 x24/s8 0000000000000001 x25/s9 0000000080048000 x26/s10 0000000000000150 x27/s11 0000000000000001 x28/t3 0000000000000000 x29/t4 fffff5ef0ddb1f62 x30/t5 fffff5ef0ddb1f63 x31/t6 000000000000000d fcsr 0000000000000000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 CPU#1 V = 0 pc ffffffff80544b12 mhartid 0000000000000001 mstatus 0000000a000000a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000002 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b109 mtvec 00000000800004f0 stvec ffffffff86268630 vstvec 0000000000000000 mepc ffffffff81db2abc sepc ffffffff802f7c2e vsepc 0000000000000000 mcause 8000000000000003 scause 8000000000000005 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080048000 sscratch 0000000000000000 satp 904ea000000caf64 x0/zero 0000000000000000 x1/ra ffffffff80544b0e x2/sp ffff8f8001a66a70 x3/gp ffffffff89c1d3c0 x4/tp ffffaf802f510000 x5/t0 77041f5acfd42ab8 x6/t1 fffffffef105c8e8 x7/t2 0000000000000247 x8/s0 ffff8f8001a66ac0 x9/s1 ffffffff802f9482 x10/a0 ffffffff802f97f4 x11/a1 0000000000000000 x12/a2 0000000000080000 x13/a3 ffffffff8006bf56 x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 0000000000000003 x17/a7 ffffffff882e4743 x18/s2 0000000200000020 x19/s3 ffffffff8666b0e0 x20/s4 ffffffff90fcb3a0 x21/s5 0000000000000001 x22/s6 ffff8f8001a66b80 x23/s7 ffffffff88a9ef18 x24/s8 1ffffffff1153de4 x25/s9 ffffffff88a9ef20 x26/s10 dfffffff00000000 x27/s11 ffff8f8001a66be0 x28/t3 ffffaf802f510b30 x29/t4 fffffffef105c8e8 x30/t5 fffffffef105c8e9 x31/t6 0000000000000007 fcsr 0000000000000000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000