last executing test programs: 3.260979749s ago: executing program 3 (id=2941): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x72, 0x101301) ioctl$USBDEVFS_GETDRIVER(r0, 0x41045508, &(0x7f0000001180)={0x8f4, "c32a11720926b12643d586871e3e0132f60f84830b1bdaeb6948e74ba0963ec3dd293aa589263043bc8bdb342bfb2e7f233cc9d450616a87562d214364cfa50a6796d223f4ef647e722761ade3ab5c92b3cbf11109e36a73185640fa81a7591d4700f9f8155cd197849a9e2489f29511b7f45f6d268aa31bed4bb4237e434ab44fdf585ebbc29ce17ca9c3d5999617bc0b34d2963e4a0255f63d631b9f9ed5c68db1b3e22d88c3f07a177652eff455e770e0f0b26a07fc822190e3bd43821e41196697dbf7bf07b1713a0b8b730b8eaa103c3ccb30ee519c914b4e21c1e31df71984a2619c356d928b4065d187781f40197f37256648f5bda11531d703ae2f2f"}) 3.201597498s ago: executing program 3 (id=2943): r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001180)={0x18, 0x18, 0x1, 0x0, 0xfffffffe, {0x2}, [@nested={0x4, 0x1e}]}, 0x18}}, 0x0) 3.201434051s ago: executing program 3 (id=2944): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f00000009c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='signal_generate\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 3.151550268s ago: executing program 3 (id=2946): fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x2084200, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r2 = dup(0xffffffffffffffff) dup3(0xffffffffffffffff, r2, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f0000000400), 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0x40045542, &(0x7f0000000140)=0x5) pwritev(r3, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0) 1.433241223s ago: executing program 3 (id=2981): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e14500090583"], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000003e40)={0x2c, &(0x7f0000003bc0)={0x738c400109325c1a, 0xf, 0x60, "e9f2cacd896985c90ef3eed74540c8070b5403b68d0724e571ee78b1e78ae66213527b962d72eecf76017e1e3057b328867342990457635772ebac764f8f759b88e2d60c933289008f028986fbdb9e98d8360acfb8f9df75076a0fe70f2263a4"}, 0x0, 0x0, 0x0, 0x0}) 1.381435091s ago: executing program 2 (id=2983): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) gettid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(&(0x7f0000000300)='sysfs\x00', 0x1) 491.63494ms ago: executing program 2 (id=2989): r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000340)={{0x0, 0x5, 0x0, 0x81, 'syz0\x00', 0x200001}, 0x1, 0x30, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) 491.494437ms ago: executing program 2 (id=2990): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x11, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x1b, 0x5, 0xd}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008202"]) 390.536667ms ago: executing program 0 (id=2991): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000780)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}}) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) 390.27619ms ago: executing program 0 (id=2992): mkdirat(0xffffffffffffffff, 0x0, 0xe2) bpf$MAP_CREATE(0x0, 0x0, 0x48) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000300), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000c40), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000140)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f0000000380), 0x12) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_int(r5, &(0x7f0000000700)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r6, &(0x7f00000003c0)=0x1ff, 0x12) 390.178498ms ago: executing program 2 (id=2993): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r0, &(0x7f00000000c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000006c0)=""/83, 0x53}}, 0x120) writev(r0, &(0x7f0000000780)=[{0x0}], 0x1) 331.622353ms ago: executing program 0 (id=2995): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1f, 0x5, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000007d00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) close(r3) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 331.353213ms ago: executing program 0 (id=2997): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x2, 0x2, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xd, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 281.515764ms ago: executing program 1 (id=2998): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000800)=@bpf_lsm={0xc, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x85}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, 0x0, 0x4004010) ptrace(0x10, r1) ptrace$setregs(0xd, r1, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4205, r1, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78}) ptrace$getregset(0x4204, r1, 0x2, &(0x7f0000000740)={0x0}) 281.328897ms ago: executing program 0 (id=2999): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006, 0x0, 0x0, 0xfffffffa}]}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000340)={@local, @multicast, @void, {@ipv6={0x86dd, @udp={0xe, 0x6, "e3fcb4", 0xc, 0x11, 0x1fe, @private2={0xfc, 0x2, '\x00', 0x1}, @loopback, {[], {0x4e22, 0x6e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x5, 0x100, @void}}}}}}}}, 0x0) 281.274425ms ago: executing program 1 (id=3000): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000007c0)) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000) r1 = dup2(r0, r0) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x5) read$FUSE(r1, &(0x7f0000000800)={0x2020}, 0x2020) read$FUSE(r1, &(0x7f0000004d80)={0x2020}, 0x2020) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000040)=0x1) 191.515442ms ago: executing program 1 (id=3001): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x14, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 191.386357ms ago: executing program 0 (id=3002): prlimit64(0x0, 0xe, &(0x7f0000000080)={0x7, 0x80000100008b}, 0x0) mprotect(&(0x7f0000208000/0x2000)=nil, 0x2000, 0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0) mprotect(&(0x7f00004a4000/0x800000)=nil, 0x800000, 0x2) 191.284691ms ago: executing program 1 (id=3003): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffff, 0x0, @mcast1, 0x8}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(0xffffffffffffffff, 0x942e, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x1) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000c40)=ANY=[@ANYBLOB="580000001000010009000000000000", @ANYRES32=0x0], 0x58}}, 0x0) 121.599517ms ago: executing program 2 (id=3004): sendmsg$key(0xffffffffffffffff, 0x0, 0x40044) syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000080000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000100000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x18) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(0xffffffffffffffff, 0xc1004111, 0x0) request_key(0x0, 0x0, 0x0, 0x0) 121.349276ms ago: executing program 2 (id=3005): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0}) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) dup(0xffffffffffffffff) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r1, 0x0, 0x28, &(0x7f0000000180)={@local, @multicast1, @loopback}, 0xc) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) 60.960161ms ago: executing program 3 (id=3006): syz_usb_connect$cdc_ncm(0x5, 0x74, 0x0, 0x0) r0 = socket$key(0xf, 0x3, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={0x0, 0x10}}, 0x0) mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = openat$procfs(0xffffff9c, &(0x7f0000000c40)='/proc/crypto\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x3) 1.216597ms ago: executing program 1 (id=3007): r0 = socket(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000100)="c10e000018001f06b9409b0dffff110d0207be040205060506100a044300040018000e49fac8388827a685a168d9a44604094565360c648dcaaf6c26c291214549932fde4a460c89b6ec0cff3959547f509058ba86c902fc3a10004a320c0400160012000a00000000000000000000080756ede4ccbe5880", 0xec1, 0x0, 0x0, 0x9e5e111c47e3504f) 0s ago: executing program 1 (id=3008): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000140)="8457", 0x2}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@rthdrdstopts={{0x18, 0x29, 0x37, {0x62}}}, @flowinfo={{0x14, 0x29, 0xb, 0x5}}], 0x30}}], 0x2, 0x4400c800) 0s ago: executing program 2 (id=3009): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000a80)=ANY=[], 0x0) kernel console output (not intermixed with test programs): usb 7-1: config 0 descriptor?? [ 212.409751][ T1322] usb 5-1: Manufacturer: syz [ 212.411881][ T836] hub 7-1:0.0: bad descriptor, ignoring hub [ 212.411988][ T1322] usb 5-1: SerialNumber: syz [ 212.413552][ T836] hub 7-1:0.0: probe with driver hub failed with error -5 [ 212.414634][ T836] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input32 [ 212.421805][ T1322] usb 5-1: config 0 descriptor?? [ 212.426020][ T1322] hub 5-1:0.0: bad descriptor, ignoring hub [ 212.427828][ T1322] hub 5-1:0.0: probe with driver hub failed with error -5 [ 212.432893][ T1322] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input33 [ 212.912567][ T1322] usb 5-1: USB disconnect, device number 17 [ 214.173886][T11220] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 214.173886][T11220] program syz.0.1862 not setting count and/or reply_len properly [ 214.412052][T11224] 9pnet_fd: Insufficient options for proto=fd [ 215.785975][T11242] fuse: Bad value for 'fd' [ 215.968787][ T5348] usb 7-1: reset high-speed USB device number 13 using dummy_hcd [ 216.528986][ T26] usb 7-1: USB disconnect, device number 13 [ 217.101196][T11254] netlink: 1608 bytes leftover after parsing attributes in process `syz.3.1876'. [ 217.105599][T11254] netlink: zone id is out of range [ 217.107653][T11254] netlink: zone id is out of range [ 217.109587][T11254] netlink: zone id is out of range [ 217.113286][T11254] netlink: del zone limit has 4 unknown bytes [ 217.179012][T11256] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1876'. [ 217.442484][T11264] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 217.442484][T11264] program syz.2.1875 not setting count and/or reply_len properly [ 217.683234][T11268] 9pnet_fd: Insufficient options for proto=fd [ 218.516386][ T40] kauditd_printk_skb: 15 callbacks suppressed [ 218.516404][ T40] audit: type=1326 audit(1742884986.235:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.2.1879" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff0579 code=0x7ffc0000 [ 218.527098][ T40] audit: type=1326 audit(1742884986.235:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.2.1879" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff0579 code=0x7ffc0000 [ 218.534100][ T40] audit: type=1326 audit(1742884986.235:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.2.1879" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff0579 code=0x7ffc0000 [ 218.542264][ T40] audit: type=1326 audit(1742884986.235:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.2.1879" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff0579 code=0x7ffc0000 [ 218.549058][ T40] audit: type=1326 audit(1742884986.235:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.2.1879" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff0579 code=0x7ffc0000 [ 218.556218][ T40] audit: type=1326 audit(1742884986.235:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.2.1879" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7ff0579 code=0x7ffc0000 [ 218.564486][ T40] audit: type=1326 audit(1742884986.235:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.2.1879" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff0579 code=0x7ffc0000 [ 218.570494][ T40] audit: type=1326 audit(1742884986.235:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.2.1879" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff0579 code=0x7ffc0000 [ 218.576707][ T40] audit: type=1326 audit(1742884986.235:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.2.1879" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7ff0579 code=0x7ffc0000 [ 218.582697][ T40] audit: type=1326 audit(1742884986.235:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11271 comm="syz.2.1879" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff0579 code=0x7ffc0000 [ 218.804277][T11288] netlink: 1608 bytes leftover after parsing attributes in process `syz.2.1884'. [ 218.808189][T11288] netlink: zone id is out of range [ 218.810154][T11288] netlink: zone id is out of range [ 218.812079][T11288] netlink: zone id is out of range [ 218.814493][T11288] netlink: del zone limit has 4 unknown bytes [ 218.875299][T11288] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1884'. [ 218.973006][T11294] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 218.973006][T11294] program syz.0.1880 not setting count and/or reply_len properly [ 219.197708][T11300] 9pnet_fd: Insufficient options for proto=fd [ 220.578666][ T5957] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 220.738699][ T5957] usb 6-1: Using ep0 maxpacket: 8 [ 220.741375][ T5957] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 220.744106][ T5957] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 220.747372][ T5957] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 220.751471][ T5957] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 220.756161][ T5957] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 220.764270][ T5957] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.809136][T11322] netlink: 1608 bytes leftover after parsing attributes in process `syz.2.1894'. [ 220.812682][T11322] netlink: zone id is out of range [ 220.814474][T11322] netlink: zone id is out of range [ 220.910070][T11322] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1894'. [ 220.949272][T11324] fuse: Unknown parameter '0x0000000000000003' [ 220.971461][ T5957] usb 6-1: GET_CAPABILITIES returned 0 [ 220.973620][ T5957] usbtmc 6-1:16.0: can't read capabilities [ 221.181079][ T1322] usb 6-1: USB disconnect, device number 20 [ 222.273597][T11352] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1903'. [ 222.351789][T11354] fuse: Unknown parameter '0x0000000000000003' [ 223.900894][T11383] netlink: 1608 bytes leftover after parsing attributes in process `syz.2.1913'. [ 223.904896][T11383] net_ratelimit: 2 callbacks suppressed [ 223.904905][T11383] netlink: zone id is out of range [ 223.907945][T11383] netlink: zone id is out of range [ 223.914129][T11383] netlink: zone id is out of range [ 223.916383][T11385] fuse: Unknown parameter '0x0000000000000003' [ 223.916791][T11383] netlink: del zone limit has 4 unknown bytes [ 223.989804][T11383] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1913'. [ 224.102106][ T40] kauditd_printk_skb: 72 callbacks suppressed [ 224.102123][ T40] audit: type=1326 audit(1742884991.845:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11376 comm="syz.3.1911" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 224.115355][ T40] audit: type=1326 audit(1742884991.855:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11376 comm="syz.3.1911" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 224.132278][ T40] audit: type=1326 audit(1742884991.855:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11376 comm="syz.3.1911" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 224.141882][ T40] audit: type=1326 audit(1742884991.855:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11376 comm="syz.3.1911" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 224.152113][ T40] audit: type=1326 audit(1742884991.855:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11376 comm="syz.3.1911" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 224.163593][ T40] audit: type=1326 audit(1742884991.855:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11376 comm="syz.3.1911" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 224.173462][ T40] audit: type=1326 audit(1742884991.855:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11376 comm="syz.3.1911" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 224.183774][ T40] audit: type=1326 audit(1742884991.855:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11376 comm="syz.3.1911" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 224.193368][ T40] audit: type=1326 audit(1742884991.855:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11376 comm="syz.3.1911" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 224.203449][ T40] audit: type=1326 audit(1742884991.855:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11376 comm="syz.3.1911" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 224.218667][ T5957] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 224.381224][ T5957] usb 5-1: Using ep0 maxpacket: 16 [ 224.384613][ T5957] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 224.391405][ T5957] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 224.394218][ T5957] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.396993][ T5957] usb 5-1: Product: syz [ 224.399042][ T5957] usb 5-1: Manufacturer: syz [ 224.401567][ T5957] usb 5-1: SerialNumber: syz [ 224.410085][ T5957] usb 5-1: config 0 descriptor?? [ 224.415594][ T5957] hub 5-1:0.0: bad descriptor, ignoring hub [ 224.417952][ T5957] hub 5-1:0.0: probe with driver hub failed with error -5 [ 224.427105][ T5957] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input34 [ 224.746931][T11393] 9pnet_fd: Insufficient options for proto=fd [ 227.241071][T11453] netlink: 1608 bytes leftover after parsing attributes in process `syz.3.1938'. [ 227.244543][T11453] netlink: zone id is out of range [ 227.246157][T11453] netlink: zone id is out of range [ 227.247663][T11453] netlink: zone id is out of range [ 227.249955][T11453] netlink: del zone limit has 4 unknown bytes [ 227.319443][T11454] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1938'. [ 227.453258][T11456] netlink: 1608 bytes leftover after parsing attributes in process `syz.3.1939'. [ 227.457084][T11456] netlink: zone id is out of range [ 227.459395][T11456] netlink: zone id is out of range [ 227.464532][T11456] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1939'. [ 227.468409][T11458] fuse: Unknown parameter 'fd0x0000000000000003' [ 227.966098][T11479] netlink: 1608 bytes leftover after parsing attributes in process `syz.2.1950'. [ 228.034439][T11479] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1950'. [ 228.151137][ T5998] usb 5-1: USB disconnect, device number 18 [ 228.321509][T11492] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 228.321509][T11492] program syz.1.1945 not setting count and/or reply_len properly [ 228.563195][T11492] 9pnet_fd: Insufficient options for proto=fd [ 229.528665][ T64] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 229.775557][ T64] usb 5-1: Using ep0 maxpacket: 16 [ 229.778141][ T64] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 229.782765][ T64] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 229.786210][ T64] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.788323][ T64] usb 5-1: Product: syz [ 229.789857][ T64] usb 5-1: Manufacturer: syz [ 229.791164][ T64] usb 5-1: SerialNumber: syz [ 229.829279][ T64] usb 5-1: config 0 descriptor?? [ 229.831668][ T64] hub 5-1:0.0: bad descriptor, ignoring hub [ 229.833637][ T64] hub 5-1:0.0: probe with driver hub failed with error -5 [ 229.836919][ T64] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input35 [ 230.230635][ T836] usb 5-1: USB disconnect, device number 19 [ 231.129790][T11546] netlink: 1608 bytes leftover after parsing attributes in process `syz.1.1974'. [ 231.132911][T11546] net_ratelimit: 6 callbacks suppressed [ 231.132919][T11546] netlink: zone id is out of range [ 231.136123][T11546] netlink: zone id is out of range [ 231.137575][T11546] netlink: zone id is out of range [ 231.139961][T11546] netlink: del zone limit has 4 unknown bytes [ 231.244557][T11546] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1974'. [ 233.792035][T11604] netlink: 1608 bytes leftover after parsing attributes in process `syz.2.1994'. [ 233.795257][T11604] netlink: zone id is out of range [ 233.796713][T11604] netlink: zone id is out of range [ 233.798204][T11604] netlink: zone id is out of range [ 233.801629][T11604] netlink: del zone limit has 4 unknown bytes [ 233.866663][T11604] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1994'. [ 234.878641][ T836] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 235.028592][ T836] usb 5-1: Using ep0 maxpacket: 8 [ 235.038122][ T836] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 235.051043][ T836] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 235.053697][ T836] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 235.056347][ T836] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 235.063148][ T836] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 235.065664][ T836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.282679][ T836] usb 5-1: GET_CAPABILITIES returned 0 [ 235.284179][ T836] usbtmc 5-1:16.0: can't read capabilities [ 235.488067][ T5957] usb 5-1: USB disconnect, device number 20 [ 235.656916][T11632] 9pnet_fd: Insufficient options for proto=fd [ 237.538871][ T40] kauditd_printk_skb: 11 callbacks suppressed [ 237.538882][ T40] audit: type=1326 audit(1742885005.285:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11663 comm="syz.3.2014" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 237.552779][ T40] audit: type=1326 audit(1742885005.285:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11663 comm="syz.3.2014" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 237.562529][ T40] audit: type=1326 audit(1742885005.285:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11663 comm="syz.3.2014" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 237.579379][ T40] audit: type=1326 audit(1742885005.285:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11663 comm="syz.3.2014" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 237.588622][ T40] audit: type=1326 audit(1742885005.285:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11663 comm="syz.3.2014" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 237.595491][ T40] audit: type=1326 audit(1742885005.285:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11663 comm="syz.3.2014" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 237.608890][ T40] audit: type=1326 audit(1742885005.285:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11663 comm="syz.3.2014" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 237.614939][ T40] audit: type=1326 audit(1742885005.285:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11663 comm="syz.3.2014" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 237.621196][ T40] audit: type=1326 audit(1742885005.285:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11663 comm="syz.3.2014" exe="/syz-executor" sig=0 arch=40000003 syscall=434 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 237.627034][ T40] audit: type=1326 audit(1742885005.285:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11663 comm="syz.3.2014" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000 [ 237.928661][ T1322] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 238.128939][ T1322] usb 6-1: Using ep0 maxpacket: 16 [ 238.134672][ T1322] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 238.170803][ T1322] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 238.174599][ T1322] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.177245][ T1322] usb 6-1: Product: syz [ 238.178743][ T1322] usb 6-1: Manufacturer: syz [ 238.180042][ T1322] usb 6-1: SerialNumber: syz [ 238.190331][ T1322] usb 6-1: config 0 descriptor?? [ 238.193264][ T1322] hub 6-1:0.0: bad descriptor, ignoring hub [ 238.195002][ T1322] hub 6-1:0.0: probe with driver hub failed with error -5 [ 238.200352][ T1322] input: syz syz as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input36 [ 238.759003][ T5998] usb 6-1: USB disconnect, device number 21 [ 241.193652][T11734] fuse: Bad value for 'fd' [ 241.645456][T11750] netlink: 1608 bytes leftover after parsing attributes in process `syz.3.2041'. [ 241.650906][T11750] netlink: zone id is out of range [ 241.652792][T11750] netlink: zone id is out of range [ 241.654694][T11750] netlink: zone id is out of range [ 241.658627][T11750] netlink: del zone limit has 4 unknown bytes [ 241.725358][T11752] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2041'. [ 242.434361][T11760] fuse: Unknown parameter '0x0000000000000003' [ 242.968115][T11775] 9pnet_fd: Insufficient options for proto=fd [ 243.455560][T11789] fuse: Unknown parameter '0x0000000000000003' [ 243.524848][ T40] kauditd_printk_skb: 29 callbacks suppressed [ 243.524858][ T40] audit: type=1326 audit(1742885011.265:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11782 comm="syz.0.2053" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000 [ 243.534364][ T40] audit: type=1326 audit(1742885011.265:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11782 comm="syz.0.2053" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf743e579 code=0x7ffc0000 [ 243.540214][ T40] audit: type=1326 audit(1742885011.265:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11782 comm="syz.0.2053" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000 [ 243.549545][ T40] audit: type=1326 audit(1742885011.265:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11782 comm="syz.0.2053" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000 [ 243.559581][ T40] audit: type=1326 audit(1742885011.275:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11782 comm="syz.0.2053" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf743e579 code=0x7ffc0000 [ 243.576545][ T40] audit: type=1326 audit(1742885011.275:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11782 comm="syz.0.2053" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000 [ 243.582248][ T40] audit: type=1326 audit(1742885011.275:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11782 comm="syz.0.2053" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000 [ 243.598195][ T40] audit: type=1326 audit(1742885011.275:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11782 comm="syz.0.2053" exe="/syz-executor" sig=0 arch=40000003 syscall=434 compat=1 ip=0xf743e579 code=0x7ffc0000 [ 243.604144][ T40] audit: type=1326 audit(1742885011.275:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11782 comm="syz.0.2053" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000 [ 243.609968][ T40] audit: type=1326 audit(1742885011.275:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11782 comm="syz.0.2053" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000 [ 243.760208][T11797] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 243.760208][T11797] program syz.1.2055 not setting count and/or reply_len properly [ 243.939060][T11799] 9pnet_fd: Insufficient options for proto=fd [ 244.778626][ T836] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 244.938614][ T836] usb 6-1: Using ep0 maxpacket: 8 [ 244.944875][ T836] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 244.948459][ T836] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 244.952723][ T836] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 244.956514][ T836] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 244.968574][ T836] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 244.971492][ T836] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.183063][ T836] usb 6-1: GET_CAPABILITIES returned 0 [ 245.185171][ T836] usbtmc 6-1:16.0: can't read capabilities [ 245.385654][ T5957] usb 6-1: USB disconnect, device number 22 [ 246.371162][T11862] tipc: Started in network mode [ 246.372687][T11862] tipc: Node identity ac14140f, cluster identity 4711 [ 246.375182][T11862] tipc: New replicast peer: 255.255.255.255 [ 246.377595][T11862] tipc: Enabled bearer , priority 10 [ 247.390108][ T5998] tipc: Node number set to 2886997007 [ 248.422024][T11900] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 248.422024][T11900] program syz.0.2093 not setting count and/or reply_len properly [ 248.677438][T11901] 9pnet_fd: Insufficient options for proto=fd [ 248.833658][T11903] 9pnet_fd: Insufficient options for proto=fd [ 251.643678][T11957] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2120'. [ 251.750984][T11957] team0 (unregistering): Port device team_slave_0 removed [ 251.755532][T11957] team0 (unregistering): Port device team_slave_1 removed [ 254.449461][T11998] 9pnet_fd: Insufficient options for proto=fd [ 254.717933][T12006] capability: warning: `syz.1.2129' uses deprecated v2 capabilities in a way that may be insecure [ 255.099125][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.314620][ T5966] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 256.317870][ T5966] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 256.326345][ T5966] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 256.330879][ T5966] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 256.333592][ T5966] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 256.335684][ T5966] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 256.456727][T10847] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.596077][T10847] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.705914][T10847] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.803087][T10847] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.838411][T12043] chnl_net:caif_netlink_parms(): no params data found [ 256.958714][T10847] bridge_slave_0: left allmulticast mode [ 256.961282][T10847] bridge_slave_0: left promiscuous mode [ 256.965894][T10847] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.340993][T10847] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 257.346681][T10847] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 257.361453][T10847] bond0 (unregistering): Released all slaves [ 257.378061][T12043] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.383866][T12043] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.386731][T12043] bridge_slave_0: entered allmulticast mode [ 257.390043][T12043] bridge_slave_0: entered promiscuous mode [ 257.393086][T12043] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.395573][T12043] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.400530][T12043] bridge_slave_1: entered allmulticast mode [ 257.403152][T12043] bridge_slave_1: entered promiscuous mode [ 257.461128][T12043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 257.464827][T12043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 257.538409][T12043] team0: Port device team_slave_0 added [ 257.553870][T12043] team0: Port device team_slave_1 added [ 257.603348][T12043] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 257.605364][T12043] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.622590][T12043] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 257.658480][T12043] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 257.661095][T12043] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.669812][T12043] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 257.737628][T12043] hsr_slave_0: entered promiscuous mode [ 257.746106][T12043] hsr_slave_1: entered promiscuous mode [ 257.748997][T12043] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 257.752882][T12043] Cannot create hsr debugfs directory [ 257.937269][T10847] hsr_slave_0: left promiscuous mode [ 257.939259][T10847] hsr_slave_1: left promiscuous mode [ 257.941675][T10847] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 257.943756][T10847] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 257.947089][T10847] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 257.958828][T10847] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 257.974633][T10847] veth1_macvtap: left allmulticast mode [ 257.976420][T10847] veth1_macvtap: left promiscuous mode [ 257.978306][T10847] veth0_macvtap: left promiscuous mode [ 257.980168][T10847] veth1_vlan: left promiscuous mode [ 257.981776][T10847] veth0_vlan: left promiscuous mode [ 258.360675][ T5955] Bluetooth: hci2: command tx timeout [ 259.830315][T12043] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 259.836484][T12043] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 259.844261][T12043] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 259.864484][T12043] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 259.972266][T12043] 8021q: adding VLAN 0 to HW filter on device bond0 [ 259.991565][T12043] 8021q: adding VLAN 0 to HW filter on device team0 [ 260.001429][T10819] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.003600][T10819] bridge0: port 1(bridge_slave_0) entered forwarding state [ 260.025918][T10819] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.028023][T10819] bridge0: port 2(bridge_slave_1) entered forwarding state [ 260.167806][T12043] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 260.188354][T12043] veth0_vlan: entered promiscuous mode [ 260.201814][T12043] veth1_vlan: entered promiscuous mode [ 260.213191][T12043] veth0_macvtap: entered promiscuous mode [ 260.218471][T12043] veth1_macvtap: entered promiscuous mode [ 260.225801][T12043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.230813][T12043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.233537][T12043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.237717][T12043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.243673][T12043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.246518][T12043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.250475][T12043] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 260.253830][T12043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.256728][T12043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.259493][T12043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.262367][T12043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.265036][T12043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.267869][T12043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.271125][T12043] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 260.274322][T12043] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.276729][T12043] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.279247][T12043] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.281650][T12043] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.325785][T10843] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.327969][T10843] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.337644][T10823] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.342265][T10823] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.448631][ T5966] Bluetooth: hci2: command tx timeout [ 261.317229][T12121] fuse: Unknown parameter 'grou00000000000000000000' [ 261.758916][T12139] netlink: 1608 bytes leftover after parsing attributes in process `syz.3.2161'. [ 261.763760][T12139] netlink: zone id is out of range [ 261.765214][T12139] netlink: zone id is out of range [ 261.766630][T12139] netlink: zone id is out of range [ 261.768988][T12139] netlink: del zone limit has 4 unknown bytes [ 261.841911][T12139] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2161'. [ 262.278741][ T5966] Bluetooth: hci3: command 0x0405 tx timeout [ 262.519255][ T5955] Bluetooth: hci2: command tx timeout [ 264.598791][ T5955] Bluetooth: hci2: command tx timeout [ 265.922780][T12216] fuse: Bad value for 'rootmode' [ 266.503880][T12242] netlink: 1608 bytes leftover after parsing attributes in process `syz.2.2193'. [ 266.507845][T12242] netlink: del zone limit has 4 unknown bytes [ 266.584561][T12246] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2193'. [ 267.842121][T12271] 9pnet_fd: Insufficient options for proto=fd [ 268.083089][T12281] fuse: Bad value for 'fd' [ 268.726613][T12307] fuse: Unknown parameter '0x0000000000000004' [ 268.971942][T12312] netlink: 1608 bytes leftover after parsing attributes in process `syz.3.2211'. [ 268.977167][T12312] netlink: del zone limit has 4 unknown bytes [ 269.049157][T12312] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2211'. [ 269.188924][T12316] fuse: Bad value for 'fd' [ 269.346475][T12330] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2219'. [ 269.352968][T12330] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2219'. [ 269.463777][T12330] team0 (unregistering): Port device team_slave_0 removed [ 269.472825][T12330] team0 (unregistering): Port device team_slave_1 removed [ 269.589700][T12334] fuse: Unknown parameter 'user_id00000000000000000000' [ 269.830391][T12338] fuse: Bad value for 'fd' [ 270.190820][T12343] 9pnet_fd: Insufficient options for proto=fd [ 270.228133][T12345] 9pnet_fd: Insufficient options for proto=fd [ 271.478869][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 271.478881][ T5966] Bluetooth: hci4: command 0x1003 tx timeout [ 271.788673][ T36] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 271.958613][ T36] usb 5-1: Using ep0 maxpacket: 8 [ 271.974424][ T36] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 271.980617][ T36] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 271.987710][ T36] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 271.998828][ T36] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 272.003149][ T36] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 272.006189][ T36] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.218729][ T36] usb 5-1: GET_CAPABILITIES returned 0 [ 272.220450][ T36] usbtmc 5-1:16.0: can't read capabilities [ 272.523334][T12389] fuse: Unknown parameter '0x0000000000000004' [ 272.536734][T12385] 9pnet_fd: Insufficient options for proto=fd [ 272.779514][T12390] 9pnet_fd: Insufficient options for proto=fd [ 272.937337][ T5957] usb 5-1: USB disconnect, device number 21 [ 274.180952][T12420] netlink: 1608 bytes leftover after parsing attributes in process `syz.3.2245'. [ 274.185231][T12420] netlink: zone id is out of range [ 274.186873][T12420] netlink: zone id is out of range [ 274.188477][T12420] netlink: zone id is out of range [ 274.192441][T12420] netlink: del zone limit has 4 unknown bytes [ 274.275312][T12420] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2245'. [ 274.789721][T12427] netlink: 1608 bytes leftover after parsing attributes in process `syz.2.2247'. [ 274.794210][T12427] netlink: zone id is out of range [ 274.796237][T12427] netlink: zone id is out of range [ 274.798251][T12427] netlink: zone id is out of range [ 274.802349][T12427] netlink: del zone limit has 4 unknown bytes [ 274.862042][T12429] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2247'. [ 274.918383][T12426] 9pnet_fd: Insufficient options for proto=fd [ 275.754220][T12452] fuse: Bad value for 'fd' [ 276.790863][T12464] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 276.790863][T12464] program syz.2.2255 not setting count and/or reply_len properly [ 277.162104][T12467] 9pnet_fd: Insufficient options for proto=fd [ 278.192369][T12484] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2264'. [ 278.455436][T12489] fuse: Bad value for 'fd' [ 279.215927][T12506] 9pnet_fd: Insufficient options for proto=fd [ 280.629385][T12524] 9pnet_fd: Insufficient options for proto=fd [ 283.054233][T12578] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2293'. [ 283.225346][T12582] netlink: zone id is out of range [ 283.226780][T12582] netlink: zone id is out of range [ 283.228187][T12582] netlink: zone id is out of range [ 283.230299][T12582] netlink: del zone limit has 4 unknown bytes [ 283.293750][T12582] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2295'. [ 283.486707][T12594] netlink: 1608 bytes leftover after parsing attributes in process `syz.1.2300'. [ 283.490999][T12594] netlink: zone id is out of range [ 283.492662][T12594] netlink: zone id is out of range [ 283.494270][T12594] netlink: zone id is out of range [ 283.496552][T12594] netlink: del zone limit has 4 unknown bytes [ 283.563316][T12594] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2300'. [ 285.356239][T12630] netlink: zone id is out of range [ 285.357861][T12630] netlink: zone id is out of range [ 285.423547][T12630] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2312'. [ 285.473942][T12635] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2314'. [ 286.373792][T12646] 9pnet_fd: Insufficient options for proto=fd [ 286.848624][ T5957] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 287.018633][ T5957] usb 7-1: Using ep0 maxpacket: 8 [ 287.025046][ T5957] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 287.028711][ T5957] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 287.032087][ T5957] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 287.035656][ T5957] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 287.040264][ T5957] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 287.043474][ T5957] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.328085][ T5957] usb 7-1: GET_CAPABILITIES returned 0 [ 287.330474][ T5957] usbtmc 7-1:16.0: can't read capabilities [ 287.716165][ T5957] usb 7-1: USB disconnect, device number 14 [ 288.968394][T12694] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2329'. [ 289.502935][T12702] net_ratelimit: 2 callbacks suppressed [ 289.502951][T12702] netlink: zone id is out of range [ 289.507308][T12702] netlink: zone id is out of range [ 289.509890][T12702] netlink: zone id is out of range [ 289.513580][T12702] netlink: del zone limit has 4 unknown bytes [ 289.632900][T12702] netlink: 292 bytes leftover after parsing attributes in process `syz.3.2331'. [ 289.925279][T12715] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2335'. [ 290.761045][T12727] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 290.761045][T12727] program syz.2.2337 not setting count and/or reply_len properly [ 290.983099][T12730] 9pnet_fd: Insufficient options for proto=fd [ 291.509588][T12734] 9pnet_fd: Insufficient options for proto=fd [ 292.907010][ T5966] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 292.910573][ T5314] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 292.913402][ T5314] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 292.916358][ T5314] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 292.920205][ T5314] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 292.925073][ T5314] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 293.346252][T12766] chnl_net:caif_netlink_parms(): no params data found [ 293.463334][T12766] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.466267][T12766] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.468415][T12766] bridge_slave_0: entered allmulticast mode [ 293.470809][T12766] bridge_slave_0: entered promiscuous mode [ 293.474306][T12766] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.476631][T12766] bridge0: port 2(bridge_slave_1) entered disabled state [ 293.479058][T12766] bridge_slave_1: entered allmulticast mode [ 293.481350][T12766] bridge_slave_1: entered promiscuous mode [ 293.510918][T12766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 293.514799][T12766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 293.536455][T12766] team0: Port device team_slave_0 added [ 293.540364][T12766] team0: Port device team_slave_1 added [ 293.567767][T12766] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 293.570606][T12766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 293.582599][T12766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 293.590443][T12766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 293.592686][T12766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 293.599891][T12766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 293.618238][T10823] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.645963][T12766] hsr_slave_0: entered promiscuous mode [ 293.648014][T12766] hsr_slave_1: entered promiscuous mode [ 293.650140][T12766] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 293.652249][T12766] Cannot create hsr debugfs directory [ 293.687449][T10823] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.764574][T10823] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.818580][T10823] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.943744][T10823] bridge_slave_0: left allmulticast mode [ 293.945457][T10823] bridge_slave_0: left promiscuous mode [ 293.947045][T10823] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.932984][T10823] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 294.937298][T10823] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 294.941829][T10823] bond0 (unregistering): Released all slaves [ 295.003451][ T5955] Bluetooth: hci1: command tx timeout [ 295.014989][T10823] tipc: Left network mode [ 295.226587][T10823] hsr_slave_0: left promiscuous mode [ 295.229155][T10823] hsr_slave_1: left promiscuous mode [ 295.230843][T10823] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 295.232885][T10823] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 295.235242][T10823] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 295.237351][T10823] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 295.253020][T10823] veth1_macvtap: left allmulticast mode [ 295.254659][T10823] veth1_macvtap: left promiscuous mode [ 295.256193][T10823] veth0_macvtap: left promiscuous mode [ 295.257837][T10823] veth1_vlan: left promiscuous mode [ 295.259370][T10823] veth0_vlan: left promiscuous mode [ 297.059114][T12766] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 297.068236][T12766] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 297.072981][T12766] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 297.077431][T12766] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 297.081966][ T5955] Bluetooth: hci1: command tx timeout [ 297.211200][T12766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 297.328118][T12766] 8021q: adding VLAN 0 to HW filter on device team0 [ 297.341374][T10804] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.343318][T10804] bridge0: port 1(bridge_slave_0) entered forwarding state [ 297.345883][T10804] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.347866][T10804] bridge0: port 2(bridge_slave_1) entered forwarding state [ 297.552142][T12766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 297.568009][T12766] veth0_vlan: entered promiscuous mode [ 297.572503][T12766] veth1_vlan: entered promiscuous mode [ 297.616033][T12766] veth0_macvtap: entered promiscuous mode [ 297.620728][T12766] veth1_macvtap: entered promiscuous mode [ 297.626924][T12766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.629930][T12766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.632655][T12766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.635518][T12766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.638256][T12766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.646062][T12766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.650504][T12766] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 297.655911][T12766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.662328][T12766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.665804][T12766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.669629][T12766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.673400][T12766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.677096][T12766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.686559][T12766] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 297.691526][T12766] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.694672][T12766] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.697768][T12766] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.700983][T12766] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.765019][T10835] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 297.767225][T10835] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 297.882014][ T169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 297.884194][ T169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.274134][T12850] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 298.274134][T12850] program syz.2.2362 not setting count and/or reply_len properly [ 298.531480][T12851] 9pnet_fd: Insufficient options for proto=fd [ 299.168692][ T5955] Bluetooth: hci1: command tx timeout [ 300.425645][T12880] 9pnet_fd: Insufficient options for proto=fd [ 301.183700][T12891] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2375'. [ 301.238701][ T5955] Bluetooth: hci1: command tx timeout [ 302.048330][T12910] netlink: 1608 bytes leftover after parsing attributes in process `syz.3.2379'. [ 304.976255][T12964] 9pnet_fd: Insufficient options for proto=fd [ 305.181066][T12971] netlink: 1608 bytes leftover after parsing attributes in process `syz.3.2393'. [ 305.237636][T12972] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2393'. [ 306.320433][T12992] netlink: 1608 bytes leftover after parsing attributes in process `syz.1.2400'. [ 306.443404][T12996] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2400'. [ 308.286236][T13028] fuse: Bad value for 'fd' [ 308.368800][ T26] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 308.494521][T13031] fuse: Bad value for 'fd' [ 308.578819][ T26] usb 7-1: Using ep0 maxpacket: 16 [ 309.076570][ T26] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 309.362793][ T26] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 309.365965][ T26] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.368879][ T26] usb 7-1: Product: syz [ 309.370368][ T26] usb 7-1: Manufacturer: syz [ 309.372037][ T26] usb 7-1: SerialNumber: syz [ 309.374562][ T26] usb 7-1: config 0 descriptor?? [ 309.377645][ T26] hub 7-1:0.0: bad descriptor, ignoring hub [ 309.379831][ T26] hub 7-1:0.0: probe with driver hub failed with error -5 [ 309.383265][ T26] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input37 [ 310.294687][ T1322] usb 7-1: USB disconnect, device number 15 [ 310.915166][T13054] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 310.915166][T13054] program syz.1.2415 not setting count and/or reply_len properly [ 311.067028][T13054] 9pnet_fd: Insufficient options for proto=fd [ 313.649503][T13109] fuse: Unknown parameter '' [ 315.243477][T13138] gtp0: entered promiscuous mode [ 315.245308][T13138] gtp0: entered allmulticast mode [ 315.508677][ T836] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 315.658657][ T836] usb 5-1: Using ep0 maxpacket: 8 [ 315.664980][ T836] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 315.668660][ T836] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 315.672085][ T836] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 315.675631][ T836] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 315.680753][ T836] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 315.683943][ T836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.892807][ T836] usb 5-1: GET_CAPABILITIES returned 0 [ 315.894855][ T836] usbtmc 5-1:16.0: can't read capabilities [ 316.159370][ T836] usb 5-1: USB disconnect, device number 22 [ 316.462357][T13152] fuse: Bad value for 'fd' [ 316.539375][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.064737][T13163] fuse: Unknown parameter '' [ 317.213920][T13166] netlink: 1608 bytes leftover after parsing attributes in process `syz.0.2449'. [ 317.218027][T13166] netlink: zone id is out of range [ 317.221273][T13166] netlink: zone id is out of range [ 317.222682][T13166] netlink: zone id is out of range [ 317.225088][T13166] netlink: del zone limit has 4 unknown bytes [ 317.325140][T13166] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2449'. [ 318.264835][T13180] fuse: Bad value for 'fd' [ 318.528655][ T36] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 318.688604][ T36] usb 5-1: Using ep0 maxpacket: 8 [ 318.691214][ T36] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 318.693898][ T36] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 318.704559][ T36] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 318.707320][ T36] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 318.715690][ T36] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 318.719621][ T36] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.928027][ T36] usb 5-1: GET_CAPABILITIES returned 0 [ 318.930129][ T36] usbtmc 5-1:16.0: can't read capabilities [ 319.132317][ T64] usb 5-1: USB disconnect, device number 23 [ 319.249218][ T36] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 319.448627][ T36] usb 7-1: Using ep0 maxpacket: 16 [ 319.756547][T13205] fuse: Bad value for 'group_id' [ 319.758097][T13205] fuse: Bad value for 'group_id' [ 319.931126][ T36] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 320.138342][ T36] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 320.141765][ T36] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.144605][ T36] usb 7-1: Product: syz [ 320.146094][ T36] usb 7-1: Manufacturer: syz [ 320.147769][ T36] usb 7-1: SerialNumber: syz [ 320.150340][ T36] usb 7-1: config 0 descriptor?? [ 320.152965][ T36] hub 7-1:0.0: bad descriptor, ignoring hub [ 320.155103][ T36] hub 7-1:0.0: probe with driver hub failed with error -5 [ 320.158627][ T36] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input38 [ 320.888843][ T836] usb 7-1: USB disconnect, device number 16 [ 321.056663][ T5314] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 321.062558][ T5314] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 321.064180][T13213] fuse: Unknown parameter '' [ 321.065934][ T5314] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 321.069978][ T5314] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 321.072969][ T5314] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 321.076466][ T5314] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 321.242020][T13211] chnl_net:caif_netlink_parms(): no params data found [ 321.302293][T13211] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.304915][T13211] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.307476][T13211] bridge_slave_0: entered allmulticast mode [ 321.312214][T13211] bridge_slave_0: entered promiscuous mode [ 321.326376][T13211] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.329183][T13211] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.331764][T13211] bridge_slave_1: entered allmulticast mode [ 321.334342][T13211] bridge_slave_1: entered promiscuous mode [ 321.395613][T10835] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.434102][T13211] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 321.439269][T13211] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 321.441196][T13223] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 321.441196][T13223] program syz.1.2463 not setting count and/or reply_len properly [ 321.484870][T13211] team0: Port device team_slave_0 added [ 321.498621][T10835] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.507339][T13211] team0: Port device team_slave_1 added [ 321.534176][T13211] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 321.536190][T13211] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 321.544487][T13211] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 321.550441][T13211] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 321.552535][T13211] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 321.560192][T13211] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 321.592925][T10835] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.631336][T13211] hsr_slave_0: entered promiscuous mode [ 321.634510][T13211] hsr_slave_1: entered promiscuous mode [ 321.636950][T13211] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 321.639350][T13211] Cannot create hsr debugfs directory [ 321.727511][T10835] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.840381][T13226] 9pnet_fd: Insufficient options for proto=fd [ 321.881241][T10835] bridge_slave_0: left allmulticast mode [ 321.883444][T10835] bridge_slave_0: left promiscuous mode [ 321.885727][T10835] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.517555][T10835] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 322.522980][T10835] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 322.527399][T10835] bond0 (unregistering): Released all slaves [ 322.611289][T10835] tipc: Disabling bearer [ 322.619498][T10835] tipc: Left network mode [ 322.693581][T13241] gtp0: entered promiscuous mode [ 322.695062][T13241] gtp0: entered allmulticast mode [ 323.007882][T13211] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 323.020659][T13211] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 323.035475][T13211] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 323.044591][T13211] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 323.060917][T10835] hsr_slave_0: left promiscuous mode [ 323.065229][T10835] hsr_slave_1: left promiscuous mode [ 323.073254][T10835] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 323.078257][T10835] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 323.101672][T10835] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 323.106209][T10835] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 323.169038][ T5314] Bluetooth: hci4: command tx timeout [ 323.183886][T10835] veth1_macvtap: left allmulticast mode [ 323.186178][T10835] veth1_macvtap: left promiscuous mode [ 323.188380][T10835] veth0_macvtap: left promiscuous mode [ 323.190596][T10835] veth1_vlan: left promiscuous mode [ 323.192659][T10835] veth0_vlan: left promiscuous mode [ 324.166300][T10835] team0 (unregistering): Port device team_slave_1 removed [ 324.237527][T10835] team0 (unregistering): Port device team_slave_0 removed [ 324.811243][T13261] gtp1: entered promiscuous mode [ 324.812703][T13261] gtp1: entered allmulticast mode [ 324.861230][T13211] 8021q: adding VLAN 0 to HW filter on device bond0 [ 324.875749][T13211] 8021q: adding VLAN 0 to HW filter on device team0 [ 324.884108][T10809] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.886090][T10809] bridge0: port 1(bridge_slave_0) entered forwarding state [ 324.897396][T10808] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.900033][T10808] bridge0: port 2(bridge_slave_1) entered forwarding state [ 325.084621][T13211] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 325.125835][T13211] veth0_vlan: entered promiscuous mode [ 325.131527][T13211] veth1_vlan: entered promiscuous mode [ 325.146490][T13211] veth0_macvtap: entered promiscuous mode [ 325.153051][T13211] veth1_macvtap: entered promiscuous mode [ 325.160515][T13211] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 325.163814][T13211] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 325.167745][T13211] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 325.173658][T13211] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 325.176444][T13211] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 325.180452][T13211] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 325.184945][T13211] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 325.248753][ T5314] Bluetooth: hci4: command tx timeout [ 325.253680][T13211] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 325.256615][T13211] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 325.268591][T13211] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 325.271513][T13211] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 325.274214][T13211] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 325.277123][T13211] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 325.282445][T13211] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 325.287224][T13211] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 325.298721][T13211] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 325.301504][T13211] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 325.304737][T13211] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 325.377097][T10849] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 325.379614][T10849] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 325.406869][T10808] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 325.409173][T10808] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 325.473151][T13276] fuse: Bad value for 'fd' [ 325.486316][T13277] gtp6: entered promiscuous mode [ 325.487969][T13277] gtp6: entered allmulticast mode [ 325.543001][T13279] netlink: 1608 bytes leftover after parsing attributes in process `syz.3.2478'. [ 325.548211][T13279] netlink: zone id is out of range [ 325.551005][T13279] netlink: zone id is out of range [ 325.553108][T13279] netlink: zone id is out of range [ 325.556475][T13279] netlink: del zone limit has 4 unknown bytes [ 325.563524][T13279] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2478'. [ 325.621890][T13280] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2478'. [ 326.212047][T13289] netlink: 1608 bytes leftover after parsing attributes in process `syz.1.2482'. [ 326.215353][T13289] netlink: zone id is out of range [ 326.216853][T13289] netlink: zone id is out of range [ 326.218346][T13289] netlink: zone id is out of range [ 326.220907][T13289] netlink: del zone limit has 4 unknown bytes [ 326.224502][T13289] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2482'. [ 326.289424][T13294] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2482'. [ 326.322389][T13290] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 326.322389][T13290] program syz.2.2479 not setting count and/or reply_len properly [ 326.414624][T13296] gtp0: entered promiscuous mode [ 326.416160][T13296] gtp0: entered allmulticast mode [ 326.535011][T13301] fuse: Unknown parameter 'grou00000000000000000000' [ 326.631805][T13295] 9pnet_fd: Insufficient options for proto=fd [ 327.339679][ T5314] Bluetooth: hci4: command tx timeout [ 328.064516][T13324] gtp7: entered promiscuous mode [ 328.065963][T13324] gtp7: entered allmulticast mode [ 328.583136][T13331] netlink: 1608 bytes leftover after parsing attributes in process `syz.0.2492'. [ 328.597150][T13331] netlink: zone id is out of range [ 328.599473][T13331] netlink: zone id is out of range [ 328.609026][T13331] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2492'. [ 328.698857][T13331] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2492'. [ 328.816713][T13337] fuse: Unknown parameter 'grou00000000000000000000' [ 329.159051][T13336] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 329.159051][T13336] program syz.0.2494 not setting count and/or reply_len properly [ 329.408659][ T5314] Bluetooth: hci4: command tx timeout [ 329.550276][T13336] 9pnet_fd: Insufficient options for proto=fd [ 329.793734][T13352] fuse: Unknown parameter 'group_i00000000000000000000' [ 329.818739][T13353] gtp1: entered promiscuous mode [ 329.820277][T13353] gtp1: entered allmulticast mode [ 329.889806][ T5997] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 330.158663][ T5997] usb 8-1: Using ep0 maxpacket: 8 [ 330.169592][ T5997] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 330.172816][ T5997] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 330.176489][ T5997] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 330.179593][ T5997] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 330.187333][ T5997] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 330.190787][ T5997] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.434419][ T5997] usb 8-1: GET_CAPABILITIES returned 0 [ 330.439849][ T5997] usbtmc 8-1:16.0: can't read capabilities [ 330.880727][ T5997] usb 8-1: USB disconnect, device number 14 [ 331.099571][T13363] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 331.099571][T13363] program syz.2.2501 not setting count and/or reply_len properly [ 331.255622][T13364] 9pnet_fd: Insufficient options for proto=fd [ 331.531968][T13373] fuse: Unknown parameter 'group_id00000000000000000000' [ 331.807227][T13379] gtp2: entered promiscuous mode [ 331.808854][T13379] gtp2: entered allmulticast mode [ 333.002997][T13392] gtp2: entered promiscuous mode [ 333.004444][T13392] gtp2: entered allmulticast mode [ 333.221221][T13393] gtp8: entered promiscuous mode [ 333.222670][T13393] gtp8: entered allmulticast mode [ 334.199797][T13417] macsec0: entered promiscuous mode [ 334.201428][T13417] macsec0: entered allmulticast mode [ 334.202890][T13417] veth1_macvtap: entered allmulticast mode [ 334.392401][T13422] netlink: 1608 bytes leftover after parsing attributes in process `syz.1.2516'. [ 334.400872][T13422] net_ratelimit: 2 callbacks suppressed [ 334.400889][T13422] netlink: zone id is out of range [ 334.409085][T13422] netlink: zone id is out of range [ 334.411921][T13422] netlink: zone id is out of range [ 334.415080][T13422] netlink: del zone limit has 4 unknown bytes [ 334.572946][T13423] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2516'. [ 334.684377][T13426] gtp9: entered promiscuous mode [ 334.686125][T13426] gtp9: entered allmulticast mode [ 334.765753][T13427] fuse: Bad value for 'user_id' [ 334.767326][T13427] fuse: Bad value for 'user_id' [ 335.976380][T13445] fuse: Bad value for 'user_id' [ 335.977807][T13445] fuse: Bad value for 'user_id' [ 336.289983][T13451] fuse: Unknown parameter 'group_id00000000000000000000' [ 337.036816][T13455] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2526'. [ 337.060779][T13457] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2525'. [ 337.629695][ T5966] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 337.633413][ T5966] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 337.636401][ T5966] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 337.645004][ T5966] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 337.647620][ T5966] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 337.651136][ T5966] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 337.818271][ T70] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.887043][ T70] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.982530][ T70] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.043983][ T70] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.439537][ T5966] Bluetooth: hci4: command 0x0405 tx timeout [ 338.582003][ T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 338.586806][ T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 338.590993][ T70] bond0 (unregistering): Released all slaves [ 338.598450][T13475] chnl_net:caif_netlink_parms(): no params data found [ 338.689366][T13475] bridge0: port 1(bridge_slave_0) entered blocking state [ 338.691419][T13475] bridge0: port 1(bridge_slave_0) entered disabled state [ 338.693467][T13475] bridge_slave_0: entered allmulticast mode [ 338.696350][T13475] bridge_slave_0: entered promiscuous mode [ 338.701327][T13475] bridge0: port 2(bridge_slave_1) entered blocking state [ 338.703794][T13475] bridge0: port 2(bridge_slave_1) entered disabled state [ 338.711567][T13475] bridge_slave_1: entered allmulticast mode [ 338.714874][T13475] bridge_slave_1: entered promiscuous mode [ 338.818290][T13475] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 338.824805][T13475] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 338.878231][T13475] team0: Port device team_slave_0 added [ 338.882008][T13475] team0: Port device team_slave_1 added [ 338.906422][T13475] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 338.908347][T13475] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 338.915962][T13475] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 338.920777][T13475] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 338.922905][T13475] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 338.931328][T13475] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 339.015865][T13503] gtp1: entered promiscuous mode [ 339.017406][T13503] gtp1: entered allmulticast mode [ 339.043490][T13475] hsr_slave_0: entered promiscuous mode [ 339.045691][T13475] hsr_slave_1: entered promiscuous mode [ 339.118354][ T70] hsr_slave_0: left promiscuous mode [ 339.124517][ T70] hsr_slave_1: left promiscuous mode [ 339.126213][ T70] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 339.128298][ T70] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 339.130813][ T70] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 339.132877][ T70] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 339.169065][ T70] veth1_macvtap: left allmulticast mode [ 339.178856][ T70] veth1_macvtap: left promiscuous mode [ 339.180471][ T70] veth0_macvtap: left promiscuous mode [ 339.182243][ T70] veth1_vlan: left promiscuous mode [ 339.183757][ T70] veth0_vlan: left promiscuous mode [ 339.408145][T13506] netlink: 1608 bytes leftover after parsing attributes in process `syz.1.2536'. [ 339.416508][T13506] netlink: zone id is out of range [ 339.418689][T13506] netlink: zone id is out of range [ 339.420705][T13506] netlink: zone id is out of range [ 339.423369][T13506] netlink: del zone limit has 4 unknown bytes [ 339.427263][T13506] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2536'. [ 339.727277][T13511] 9pnet_fd: Insufficient options for proto=fd [ 339.730480][ T5314] Bluetooth: hci0: command tx timeout [ 339.979255][ T70] team0 (unregistering): Port device team_slave_1 removed [ 340.116869][ T70] team0 (unregistering): Port device team_slave_0 removed [ 340.146047][T10852] smc: removing ib device syz! [ 341.011206][T13527] netlink: 1608 bytes leftover after parsing attributes in process `syz.2.2542'. [ 341.015782][T13527] netlink: zone id is out of range [ 341.017090][T13527] netlink: zone id is out of range [ 341.018412][T13527] netlink: zone id is out of range [ 341.022954][T13527] netlink: del zone limit has 4 unknown bytes [ 341.092442][T13529] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2542'. [ 341.224707][T13475] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 341.233064][T13475] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 341.246739][T13475] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 341.262732][T13475] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 341.297376][T13475] 8021q: adding VLAN 0 to HW filter on device bond0 [ 341.304818][T13475] 8021q: adding VLAN 0 to HW filter on device team0 [ 341.308359][T10862] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.311020][T10862] bridge0: port 1(bridge_slave_0) entered forwarding state [ 341.317800][T10849] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.320438][T10849] bridge0: port 2(bridge_slave_1) entered forwarding state [ 341.415465][T13475] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 341.433240][T13475] veth0_vlan: entered promiscuous mode [ 341.440482][T13475] veth1_vlan: entered promiscuous mode [ 341.454545][T13475] veth0_macvtap: entered promiscuous mode [ 341.457661][T13475] veth1_macvtap: entered promiscuous mode [ 341.463496][T13475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 341.466400][T13475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.469204][T13475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 341.473072][T13475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.475768][T13475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 341.484370][T13475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.487729][T13475] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 341.507909][T13475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 341.516577][T13475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.527289][T13475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 341.538649][T13475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.542152][T13475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 341.545303][T13475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.548974][T13475] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 341.582625][T13475] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.585243][T13475] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.587760][T13475] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.590418][T13475] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.642060][T10813] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 341.644333][T10813] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 341.679284][ T70] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 341.681770][ T70] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 341.689056][T13541] netlink: 1608 bytes leftover after parsing attributes in process `syz.3.2544'. [ 341.693873][T13541] netlink: zone id is out of range [ 341.695325][T13541] netlink: zone id is out of range [ 341.760816][T13542] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2544'. [ 341.798727][ T5314] Bluetooth: hci0: command tx timeout [ 343.759744][T13584] 9pnet_fd: Insufficient options for proto=fd [ 343.878719][ T5314] Bluetooth: hci0: command tx timeout [ 344.107713][T13595] xt_CONNSECMARK: invalid mode: 0 [ 344.225604][T13600] fuse: Bad value for 'rootmode' [ 344.298741][ T26] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 344.469909][ T26] usb 6-1: Using ep0 maxpacket: 16 [ 344.494074][ T26] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 344.557860][ T26] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 344.568012][ T26] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 344.574415][ T26] usb 6-1: Product: syz [ 344.575819][ T26] usb 6-1: Manufacturer: syz [ 344.577211][ T26] usb 6-1: SerialNumber: syz [ 344.583383][ T26] usb 6-1: config 0 descriptor?? [ 344.587119][ T26] hub 6-1:0.0: bad descriptor, ignoring hub [ 344.590672][ T26] hub 6-1:0.0: probe with driver hub failed with error -5 [ 344.597357][ T26] input: syz syz as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input39 [ 344.616610][T13605] netlink: 1608 bytes leftover after parsing attributes in process `syz.0.2561'. [ 344.646683][T13605] net_ratelimit: 2 callbacks suppressed [ 344.646701][T13605] netlink: zone id is out of range [ 344.651537][T13605] netlink: zone id is out of range [ 344.652930][T13605] netlink: zone id is out of range [ 344.655004][T13605] netlink: del zone limit has 4 unknown bytes [ 345.092237][T13615] fuse: Invalid rootmode [ 345.238911][ T2293] usb 6-1: USB disconnect, device number 23 [ 345.968679][ T5314] Bluetooth: hci0: command tx timeout [ 346.279260][T13634] fuse: Invalid rootmode [ 347.571429][T13641] fuse: Bad value for 'rootmode' [ 348.019931][T13640] 9pnet_fd: Insufficient options for proto=fd [ 348.408360][T13652] gtp3: entered promiscuous mode [ 348.410105][T13652] gtp3: entered allmulticast mode [ 348.418775][ T2293] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 348.579845][ T2293] usb 5-1: Using ep0 maxpacket: 8 [ 348.589910][ T2293] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 348.592538][ T2293] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 348.595176][ T2293] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 348.598031][ T2293] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 348.602665][ T2293] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 348.605141][ T2293] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.630861][T13656] gtp2: entered promiscuous mode [ 348.632336][T13656] gtp2: entered allmulticast mode [ 348.734107][T13657] gtp3: entered promiscuous mode [ 348.735622][T13657] gtp3: entered allmulticast mode [ 348.811712][ T2293] usb 5-1: GET_CAPABILITIES returned 0 [ 348.813290][ T2293] usbtmc 5-1:16.0: can't read capabilities [ 349.020444][ T26] usb 5-1: USB disconnect, device number 24 [ 349.305705][T13663] fuse: Bad value for 'rootmode' [ 350.428617][T13679] fuse: Unknown parameter 'user_i00000000000000000000' [ 350.431112][T13678] netlink: 1608 bytes leftover after parsing attributes in process `syz.3.2581'. [ 350.434763][T13678] netlink: zone id is out of range [ 350.436147][T13678] netlink: zone id is out of range [ 350.437587][T13678] netlink: zone id is out of range [ 350.440674][T13678] netlink: del zone limit has 4 unknown bytes [ 351.208762][T13690] fuse: Unknown parameter 'use00000000000000000000' [ 351.812396][T13699] gtp3: entered promiscuous mode [ 351.813906][T13699] gtp3: entered allmulticast mode [ 351.868744][ T6027] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 351.968208][T13701] gtp0: entered promiscuous mode [ 351.969756][T13701] gtp0: entered allmulticast mode [ 352.208594][ T6027] usb 7-1: Using ep0 maxpacket: 8 [ 352.216575][ T6027] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 352.219798][ T6027] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 352.222550][ T6027] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 352.225289][ T6027] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 352.229092][ T6027] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 352.231649][ T6027] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.452178][ T6027] usb 7-1: GET_CAPABILITIES returned 0 [ 352.453612][ T6027] usbtmc 7-1:16.0: can't read capabilities [ 352.656402][ T64] usb 7-1: USB disconnect, device number 17 [ 352.934505][T13710] gtp4: entered promiscuous mode [ 352.935978][T13710] gtp4: entered allmulticast mode [ 353.569331][T13717] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 353.569331][T13717] program syz.2.2592 not setting count and/or reply_len properly [ 353.940306][T13725] 9pnet_fd: Insufficient options for proto=fd [ 354.225933][T13724] gtp5: entered promiscuous mode [ 354.227844][T13724] gtp5: entered allmulticast mode [ 355.090738][T13741] xt_CONNSECMARK: invalid mode: 0 [ 355.637249][T13746] netlink: 1608 bytes leftover after parsing attributes in process `syz.0.2599'. [ 355.645456][T13746] netlink: zone id is out of range [ 355.646930][T13746] netlink: zone id is out of range [ 355.648428][T13746] netlink: zone id is out of range [ 355.650732][T13746] netlink: del zone limit has 4 unknown bytes [ 357.370125][T13798] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 357.370125][T13798] program syz.2.2609 not setting count and/or reply_len properly [ 357.570147][T13800] 9pnet_fd: Insufficient options for proto=fd [ 357.929750][T13806] fuse: Bad value for 'fd' [ 358.242189][T13815] fuse: Bad value for 'fd' [ 359.310165][T13831] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 359.310165][T13831] program syz.3.2617 not setting count and/or reply_len properly [ 359.619798][T13831] 9pnet_fd: Insufficient options for proto=fd [ 359.864347][T13841] fuse: Unknown parameter '0x0000000000000009' [ 360.615289][T13849] fuse: Unknown parameter '0x0000000000000009' [ 361.649080][T13861] xt_CONNSECMARK: invalid mode: 0 [ 361.778057][T13870] fuse: Unknown parameter '0x0000000000000009' [ 363.795509][T13902] gtp4: entered promiscuous mode [ 363.797053][T13902] gtp4: entered allmulticast mode [ 364.537122][T13920] fuse: Unknown parameter 'fd0x0000000000000009' [ 364.661438][T13922] xt_CONNSECMARK: invalid mode: 0 [ 364.678650][ T31] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 365.408583][ T31] usb 8-1: Using ep0 maxpacket: 8 [ 365.431663][ T31] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 365.435555][ T31] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 365.442671][ T31] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 365.447683][ T31] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 365.462677][ T31] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 365.465492][ T31] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.678812][ T31] usb 8-1: GET_CAPABILITIES returned 0 [ 365.682701][ T31] usbtmc 8-1:16.0: can't read capabilities [ 365.919667][ T10] usb 8-1: USB disconnect, device number 15 [ 366.234786][T13942] fuse: Unknown parameter 'fd0x0000000000000009' [ 367.558039][T13958] fuse: Unknown parameter '0x0000000000000009' [ 368.366516][T13970] gtp6: entered promiscuous mode [ 368.368805][T13970] gtp6: entered allmulticast mode [ 370.811703][T13987] gtp7: entered promiscuous mode [ 370.813138][T13987] gtp7: entered allmulticast mode [ 374.190713][T14024] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in; [ 374.190713][T14024] program syz.3.2663 not setting count and/or reply_len properly [ 374.447838][T14028] 9pnet_fd: Insufficient options for proto=fd [ 377.515234][T14072] xt_CONNSECMARK: invalid mode: 0 [ 377.972145][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.048712][ T5966] Bluetooth: hci2: command 0x0406 tx timeout [ 380.733091][ T6027] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 380.888668][ T6027] usb 7-1: Using ep0 maxpacket: 8 [ 380.892214][ T6027] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 380.895662][ T6027] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 380.899821][ T6027] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 380.903548][ T6027] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 380.908092][ T6027] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 380.915562][ T6027] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 381.338599][ T6027] usb 7-1: usb_control_msg returned -71 [ 381.340301][ T6027] usbtmc 7-1:16.0: can't read capabilities [ 381.428960][ T6027] usb 7-1: USB disconnect, device number 18 [ 382.070469][T14114] gtp5: entered promiscuous mode [ 382.072101][T14114] gtp5: entered allmulticast mode [ 382.700068][T14125] xt_CONNSECMARK: invalid mode: 0 [ 383.077551][T14143] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2701'. [ 383.278666][ T6027] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 383.449778][ T6027] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 383.452643][ T6027] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 383.455713][ T6027] usb 5-1: config 220 contains an unexpected descriptor of type 0x1, skipping [ 383.458997][ T6027] usb 5-1: config 220 has an invalid descriptor of length 1, skipping remainder of the config [ 383.462115][ T6027] usb 5-1: config 220 has no interface number 2 [ 383.463880][ T6027] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 383.467679][ T6027] usb 5-1: config 220 interface 0 has no altsetting 0 [ 383.469979][ T6027] usb 5-1: config 220 interface 76 has no altsetting 0 [ 383.472279][ T6027] usb 5-1: config 220 interface 1 has no altsetting 0 [ 383.476453][ T6027] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 383.479481][ T6027] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.481898][ T6027] usb 5-1: Product: syz [ 383.483152][ T6027] usb 5-1: Manufacturer: syz [ 383.484659][ T6027] usb 5-1: SerialNumber: syz [ 383.618669][ T31] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 383.695904][ T6027] uvcvideo 5-1:220.1: Unknown video format 00000000-0000-0000-0000-000000000000 [ 383.700801][ T6027] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 383.702734][ T6027] usb 5-1: No valid video chain found. [ 383.704349][ T6027] usb 5-1: selecting invalid altsetting 0 [ 383.717932][ T6027] usb 5-1: selecting invalid altsetting 0 [ 383.719763][ T6027] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 383.723439][ T6027] usb 5-1: USB disconnect, device number 25 [ 383.768673][ T31] usb 8-1: Using ep0 maxpacket: 8 [ 383.771678][ T31] usb 8-1: config 0 has an invalid interface number: 52 but max is 0 [ 383.773994][ T31] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 383.776709][ T31] usb 8-1: config 0 has no interface number 0 [ 383.778436][ T31] usb 8-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 383.781341][ T31] usb 8-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 383.784946][ T31] usb 8-1: config 0 interface 52 has no altsetting 0 [ 383.788044][ T31] usb 8-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 383.790478][ T31] usb 8-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 383.793139][ T31] usb 8-1: Product: syz [ 383.794321][ T31] usb 8-1: SerialNumber: syz [ 383.797228][ T31] usb 8-1: config 0 descriptor?? [ 384.066234][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.068442][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.073650][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.076198][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.078445][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.080714][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.082921][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.085143][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.087386][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.089606][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.091842][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.093993][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.096349][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.108950][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.113522][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.116946][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.121473][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.124898][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.128628][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.132882][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.136514][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.140369][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.144125][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.146628][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.155118][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.157168][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.159331][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.161407][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.163902][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.166458][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.168640][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.170781][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.172865][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.174967][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.177066][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.198607][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.201947][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.204600][ T5997] usb 8-1: USB disconnect, device number 16 [ 384.204664][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.215208][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.218621][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.220736][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.222808][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.224953][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.227060][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.238645][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.240767][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.242854][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.244991][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.247745][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.258714][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.268681][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.277886][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.280747][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.283477][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.288612][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.301362][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.304657][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.307465][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.318628][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.321398][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.324730][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.328034][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.331347][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.334785][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.348620][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.351338][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.354066][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.356815][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.368632][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.371396][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.374239][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.376988][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.388615][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.391638][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.400114][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.402875][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.406018][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.410704][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.413566][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.415997][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.428575][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.430663][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.436748][ T6027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 384.479101][ T6027] hid-generic 0000:0000:0000.0002: hidraw1: HID v0.00 Device [syz0] on syz0 [ 386.107708][T14235] input: syz1 as /devices/virtual/input/input40 [ 386.561046][T14240] mmap: syz.2.2738 (14240) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 389.612052][ T40] kauditd_printk_skb: 9 callbacks suppressed [ 389.612063][ T40] audit: type=1326 audit(1742885157.355:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14283 comm="syz.1.2753" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf73de598 code=0x7ffc0000 [ 389.626082][ T40] audit: type=1326 audit(1742885157.355:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14283 comm="syz.1.2753" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf73de598 code=0x7ffc0000 [ 389.632052][ T40] audit: type=1326 audit(1742885157.355:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14283 comm="syz.1.2753" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000 [ 389.640363][ T40] audit: type=1326 audit(1742885157.355:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14283 comm="syz.1.2753" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf73de598 code=0x7ffc0000 [ 389.648086][ T40] audit: type=1326 audit(1742885157.355:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14283 comm="syz.1.2753" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000 [ 389.654185][ T40] audit: type=1326 audit(1742885157.355:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14283 comm="syz.1.2753" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf73de598 code=0x7ffc0000 [ 389.668583][ T40] audit: type=1326 audit(1742885157.355:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14283 comm="syz.1.2753" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000 [ 389.674462][ T40] audit: type=1326 audit(1742885157.365:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14283 comm="syz.1.2753" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf73de598 code=0x7ffc0000 [ 389.688605][ T40] audit: type=1326 audit(1742885157.365:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14283 comm="syz.1.2753" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf73de598 code=0x7ffc0000 [ 389.694374][ T40] audit: type=1326 audit(1742885157.365:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14283 comm="syz.1.2753" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf73de598 code=0x7ffc0000 [ 390.925460][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 390.931979][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 390.936883][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 390.941042][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 390.948647][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 390.961280][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 390.968639][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 390.971342][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 390.976471][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 390.980905][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 390.992871][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 390.995521][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 390.998199][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.028727][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.041150][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.044069][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.049037][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.052272][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.055326][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.058935][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.093325][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.098791][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.104253][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.106315][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.111111][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.114761][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.125883][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.129567][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.133550][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.136739][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.139215][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.143150][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.146142][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.150482][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.156306][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.158753][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.162313][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.164793][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.167392][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.175837][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.177965][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.182493][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.184602][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.186735][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.191542][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.193710][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.195816][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.197962][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.205002][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.207130][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.210935][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.218318][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.282383][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.285760][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.290291][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.293664][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.296565][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.300114][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.304527][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.307600][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.311245][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.314333][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.317255][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.322147][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.324834][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.327588][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.338918][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.341719][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.344574][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.347220][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.358749][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.361495][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.364246][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.367013][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.373566][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.376359][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.379457][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.382188][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.384843][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.387528][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.390746][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.393463][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.396186][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 391.418734][ T9] hid-generic 0000:0000:0000.0003: hidraw1: HID v0.00 Device [syz0] on syz0 [ 391.811140][T14348] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 392.494059][T14368] pimreg: entered allmulticast mode [ 392.882273][T14320] syz.0.2763 (14320) used greatest stack depth: 19752 bytes left [ 393.013649][T14369] pimreg: left allmulticast mode [ 393.238103][T14380] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2785'. [ 393.668628][ T836] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 393.818696][ T836] usb 8-1: Using ep0 maxpacket: 16 [ 393.821939][ T836] usb 8-1: config 0 interface 0 has no altsetting 0 [ 393.827582][ T836] usb 8-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82 [ 393.838635][ T836] usb 8-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10 [ 393.841770][ T836] usb 8-1: Product: syz [ 393.843395][ T836] usb 8-1: Manufacturer: syz [ 393.845197][ T836] usb 8-1: SerialNumber: syz [ 393.858505][ T836] usb 8-1: config 0 descriptor?? [ 394.102502][ T836] snd-usb-audio 8-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 394.109155][ T836] usb 8-1: USB disconnect, device number 17 [ 395.108598][ T6027] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 395.268622][ T6027] usb 5-1: Using ep0 maxpacket: 32 [ 395.272744][ T6027] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 395.275868][ T6027] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 395.278879][ T6027] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 395.282117][ T6027] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 395.288843][ T6027] usb 5-1: config 0 descriptor?? [ 395.641014][ T5314] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 395.644076][ T5314] Bluetooth: hci1: Injecting HCI hardware error event [ 395.648383][ T5314] Bluetooth: hci1: hardware error 0x00 [ 395.732849][ T6027] koneplus 0003:1E7D:2D51.0004: unknown main item tag 0x0 [ 395.735001][ T6027] koneplus 0003:1E7D:2D51.0004: unknown main item tag 0x0 [ 395.737137][ T6027] koneplus 0003:1E7D:2D51.0004: unknown main item tag 0x0 [ 395.740384][ T6027] koneplus 0003:1E7D:2D51.0004: unknown main item tag 0x0 [ 395.742582][ T6027] koneplus 0003:1E7D:2D51.0004: unknown main item tag 0x0 [ 395.750480][ T6027] koneplus 0003:1E7D:2D51.0004: hidraw1: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.0-1/input0 [ 396.014307][ T6027] koneplus 0003:1E7D:2D51.0004: couldn't init struct koneplus_device [ 396.017496][ T6027] koneplus 0003:1E7D:2D51.0004: couldn't install mouse [ 396.028897][ T6027] koneplus 0003:1E7D:2D51.0004: probe with driver koneplus failed with error -71 [ 396.046557][ T6027] usb 5-1: USB disconnect, device number 26 [ 396.578691][ T36] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 396.748650][ T36] usb 7-1: Using ep0 maxpacket: 16 [ 396.766200][ T36] usb 7-1: unable to get BOS descriptor or descriptor too short [ 396.770612][ T36] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 396.772744][ T36] usb 7-1: can't read configurations, error -71 [ 396.839014][T14450] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2811'. [ 397.758758][ T5314] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 398.113095][T14473] lo: entered promiscuous mode [ 398.114833][T14473] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 399.392220][T14469] syz.2.2817 (14469) used greatest stack depth: 19200 bytes left [ 403.746244][ T40] kauditd_printk_skb: 321 callbacks suppressed [ 403.746256][ T40] audit: type=1326 audit(1742885171.485:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14595 comm="syz.2.2870" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f5f598 code=0x7ffc0000 [ 403.754487][ T40] audit: type=1326 audit(1742885171.485:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14595 comm="syz.2.2870" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f5f598 code=0x7ffc0000 [ 403.763351][ T40] audit: type=1326 audit(1742885171.485:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14595 comm="syz.2.2870" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f5f598 code=0x7ffc0000 [ 403.772969][ T40] audit: type=1326 audit(1742885171.495:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14595 comm="syz.2.2870" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f5f598 code=0x7ffc0000 [ 403.778847][ T40] audit: type=1326 audit(1742885171.495:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14595 comm="syz.2.2870" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f5f579 code=0x7ffc0000 [ 403.785166][ T40] audit: type=1326 audit(1742885171.495:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14595 comm="syz.2.2870" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f5f579 code=0x7ffc0000 [ 403.791579][ T40] audit: type=1326 audit(1742885171.495:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14595 comm="syz.2.2870" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f5f579 code=0x7ffc0000 [ 403.797225][ T40] audit: type=1326 audit(1742885171.495:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14595 comm="syz.2.2870" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f5f598 code=0x7ffc0000 [ 403.804234][ T40] audit: type=1326 audit(1742885171.495:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14595 comm="syz.2.2870" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f5f579 code=0x7ffc0000 [ 403.810031][ T40] audit: type=1326 audit(1742885171.495:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14595 comm="syz.2.2870" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f5f579 code=0x7ffc0000 [ 403.945112][T14611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2876'. [ 404.055171][ T5998] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 404.058724][ T5998] hid-generic 0000:0000:0000.0005: hidraw1: HID v0.00 Device [syz1] on syz0 [ 404.178587][ T9] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 404.338613][ T9] usb 7-1: Using ep0 maxpacket: 16 [ 404.341676][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 404.344658][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 404.347362][ T9] usb 7-1: New USB device found, idVendor=056a, idProduct=00b2, bcdDevice= 0.00 [ 404.350427][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.355520][ T9] usb 7-1: config 0 descriptor?? [ 404.783284][ T9] wacom 0003:056A:00B2.0006: Unknown device_type for 'HID 056a:00b2'. Assuming pen. [ 404.787528][ T9] wacom 0003:056A:00B2.0006: hidraw1: USB HID v0.00 Device [HID 056a:00b2] on usb-dummy_hcd.2-1/input0 [ 404.795710][ T9] input: Wacom Intuos3 9x12 Pen as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:056A:00B2.0006/input/input41 [ 404.982490][ T836] usb 7-1: USB disconnect, device number 21 [ 405.463204][ T5314] Bluetooth: hci4: unexpected event 0x03 length: 17 > 11 [ 406.018250][T14684] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2905'. [ 407.682375][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.684837][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.687401][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.690219][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.692364][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.694747][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.697221][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.700230][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.702764][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.704949][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.707121][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.710787][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.712905][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.715304][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.717830][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.720329][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.722329][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.724347][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.726461][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.729196][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.731670][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.733837][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.736159][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.739365][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.741817][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.744243][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.746970][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.749613][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.752031][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.754733][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.756853][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.759725][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.762203][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.764685][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.767258][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.769933][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.772280][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.774679][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.776939][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.779736][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.782100][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.784504][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.786940][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.789980][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.792101][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.794504][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.796853][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.800881][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.803286][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.805586][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.808183][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.810333][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.812377][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.814426][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.816456][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.819221][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.821253][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.823331][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.825355][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.827560][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.830136][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.832213][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.834255][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.836304][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.839008][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.841472][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.843599][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.845961][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.848171][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.850875][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.853326][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.855758][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.858176][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.860751][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.863210][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.865584][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.867977][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.870497][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.872962][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.875426][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.877838][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.880453][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.882499][ T836] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 407.886112][ T836] hid-generic 0000:0000:0000.0007: hidraw1: HID v0.00 Device [syz0] on syz0 [ 408.471738][T14762] usb usb1: usbfs: process 14762 (syz.2.2937) did not claim interface 0 before use [ 409.492688][T14837] 9pnet_fd: Insufficient options for proto=fd [ 409.539047][ T6027] usb 5-1: new full-speed USB device number 27 using dummy_hcd [ 409.691919][ T6027] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 409.695980][ T6027] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 409.701881][ T6027] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 81, setting to 64 [ 409.706093][ T6027] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 409.715853][ T6027] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 409.719887][ T6027] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 409.722780][ T6027] usb 5-1: SerialNumber: syz [ 409.730204][T14827] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 409.732465][T14827] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 409.736813][ T6027] cdc_acm 5-1:1.0: skipping garbage [ 409.748667][ T6027] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 409.960598][ T6027] cdc_acm 5-1:1.0: ttyACM0: USB ACM device [ 409.964185][ T6027] usb 5-1: USB disconnect, device number 27 [ 410.608632][ T5998] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 410.758586][ T5998] usb 8-1: Using ep0 maxpacket: 16 [ 410.761339][ T5998] usb 8-1: config 0 has an invalid interface number: 214 but max is 0 [ 410.763578][ T5998] usb 8-1: config 0 has no interface number 0 [ 410.765233][ T5998] usb 8-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 410.769326][ T5998] usb 8-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 410.771826][ T5998] usb 8-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 410.773939][ T5998] usb 8-1: Manufacturer: syz [ 410.775216][ T5998] usb 8-1: SerialNumber: syz [ 410.777333][ T5998] usb 8-1: config 0 descriptor?? [ 411.184429][ T5998] usbtouchscreen 8-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 411.188045][ T5998] usb 8-1: USB disconnect, device number 18 [ 411.416649][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.419658][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.422370][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.429483][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.432157][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.434502][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.436919][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.440174][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.442175][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.444564][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.447072][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.450203][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.454288][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.456805][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.459479][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.462100][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.464748][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.467331][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.470262][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.472763][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.474971][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.477637][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.480127][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.482131][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.484517][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.487131][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.490630][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.493193][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.495777][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.498373][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.501316][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.503914][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.506500][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.509173][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.511537][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.514103][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.516176][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.518224][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.521380][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.523890][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.526385][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.529284][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.531760][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.534334][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.536932][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.539993][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.543017][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.547184][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.549794][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.552156][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.554186][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.556184][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.558152][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.560501][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.562490][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.564472][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.566428][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.568403][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.570808][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.572799][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.574824][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.576808][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.579161][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.581163][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.583127][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.585096][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.587100][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.589263][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.591234][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.593205][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.595189][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.597164][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.599353][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.601326][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.603276][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.605243][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.607260][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.609556][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.611714][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.613675][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.615654][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.617669][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.619802][ T36] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 411.622518][ T36] hid-generic 0000:0000:0000.0008: hidraw1: HID v0.00 Device [syz0] on syz0 [ 411.735658][T14915] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3003'. [ 411.773382][T14927] validate_nla: 3 callbacks suppressed [ 411.773397][T14927] netlink: 'syz.1.3007': attribute type 4 has an invalid length. [ 411.777788][T14927] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.3007'. [ 411.846565][T14930] BUG: Bad page state in process syz.2.3009 pfn:4bfab [ 411.848543][T14930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x4bfab [ 411.851182][T14930] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 411.854388][T14930] raw: 04fff00000000000 dead000000000040 ffff88801f1e5000 0000000000000000 [ 411.856645][T14930] raw: 0000000000000002 3ffffffffffffffe 00000000ffffffff 0000000000000000 [ 411.858963][T14930] page dumped because: page_pool leak [ 411.860399][T14930] page_owner tracks the page as allocated [ 411.862016][T14930] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6652, tgid 6651 (syz.2.215), ts 68691568429, free_ts 63049818437 [ 411.866466][T14930] post_alloc_hook+0x181/0x1b0 [ 411.867809][T14930] get_page_from_freelist+0xfce/0x2f80 [ 411.869355][T14930] __alloc_frozen_pages_noprof+0x221/0x2470 [ 411.870955][T14930] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 411.872430][T14930] __page_pool_alloc_pages_slow+0x18c/0x770 [ 411.874045][T14930] page_pool_alloc_netmems+0xc4/0x160 [ 411.875502][T14930] page_pool_alloc_frag_netmem+0x220/0x760 [ 411.877135][T14930] skb_pp_cow_data+0x238/0xf10 [ 411.878607][T14930] skb_cow_data_for_xdp+0x88/0xb0 [ 411.880399][T14930] do_xdp_generic+0x3f1/0xe70 [ 411.882072][T14930] __netif_receive_skb_core.constprop.0+0x12da/0x4330 [ 411.884187][T14930] __netif_receive_skb_one_core+0xb1/0x1e0 [ 411.886242][T14930] __netif_receive_skb+0x1d/0x160 [ 411.888038][T14930] netif_receive_skb+0x13f/0x7b0 [ 411.889878][T14930] tun_rx_batched.isra.0+0x3eb/0x730 [ 411.891769][T14930] tun_get_user+0x2a22/0x3e50 [ 411.893515][T14930] page last free pid 5960 tgid 5960 stack trace: [ 411.895803][T14930] free_frozen_pages+0x6db/0xfb0 [ 411.897621][T14930] __put_partials+0x14c/0x170 [ 411.899444][T14930] qlist_free_all+0x4e/0x120 [ 411.901135][T14930] kasan_quarantine_reduce+0x195/0x1e0 [ 411.903131][T14930] __kasan_slab_alloc+0x69/0x90 [ 411.904909][T14930] kmem_cache_alloc_noprof+0x226/0x3d0 [ 411.906933][T14930] getname_flags.part.0+0x48/0x540 [ 411.908855][T14930] __ia32_sys_unlink+0xaf/0x110 [ 411.910625][T14930] __do_fast_syscall_32+0x73/0x120 [ 411.912253][T14930] do_fast_syscall_32+0x32/0x80 [ 411.913534][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 411.915206][T14930] Modules linked in: [ 411.916232][T14930] CPU: 2 UID: 0 PID: 14930 Comm: syz.2.3009 Not tainted 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 411.916246][T14930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 411.916253][T14930] Call Trace: [ 411.916256][T14930] [ 411.916260][T14930] dump_stack_lvl+0x16c/0x1f0 [ 411.916276][T14930] bad_page+0xb3/0x1f0 [ 411.916286][T14930] ? __pfx_bad_page+0x10/0x10 [ 411.916297][T14930] ? page_bad_reason+0x9d/0x1e0 [ 411.916309][T14930] free_frozen_pages+0x701/0xfb0 [ 411.916325][T14930] page_frag_free+0x255/0x2a0 [ 411.916336][T14930] __xdp_return+0x363/0xac0 [ 411.916350][T14930] ? kmem_cache_free+0x2e2/0x4d0 [ 411.916364][T14930] bpf_xdp_adjust_tail+0x9de/0xf70 [ 411.916384][T14930] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 411.916393][T14930] bpf_prog_run_generic_xdp+0x623/0x1500 [ 411.916411][T14930] do_xdp_generic+0x70a/0xe70 [ 411.916423][T14930] ? __pfx_do_xdp_generic+0x10/0x10 [ 411.916441][T14930] ? tun_get_user+0x1d55/0x3e50 [ 411.916459][T14930] tun_get_user+0x1e04/0x3e50 [ 411.916476][T14930] ? __pfx___futex_wait+0x10/0x10 [ 411.916492][T14930] ? __pfx_tun_get_user+0x10/0x10 [ 411.916505][T14930] ? find_held_lock+0x2d/0x110 [ 411.916518][T14930] ? __pfx_lock_release+0x10/0x10 [ 411.916537][T14930] tun_chr_write_iter+0xdc/0x210 [ 411.916552][T14930] vfs_write+0x5ae/0x1150 [ 411.916566][T14930] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 411.916581][T14930] ? __pfx_lock_release+0x10/0x10 [ 411.916594][T14930] ? __pfx_vfs_write+0x10/0x10 [ 411.916609][T14930] ? lock_acquire+0x2f/0xb0 [ 411.916622][T14930] ? __fget_files+0x40/0x3b0 [ 411.916642][T14930] ksys_write+0x12b/0x250 [ 411.916655][T14930] ? __pfx_ksys_write+0x10/0x10 [ 411.916671][T14930] __do_fast_syscall_32+0x73/0x120 [ 411.916685][T14930] do_fast_syscall_32+0x32/0x80 [ 411.916699][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 411.916715][T14930] RIP: 0023:0xf7f5f579 [ 411.916722][T14930] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 411.916731][T14930] RSP: 002b:00000000f5086520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 411.916741][T14930] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 411.916747][T14930] RDX: 000000000000fdef RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 411.916752][T14930] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 411.916758][T14930] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 411.916763][T14930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 411.916774][T14930] [ 411.916778][T14930] Disabling lock debugging due to kernel taint [ 411.985894][T14930] BUG: Bad page state in process syz.2.3009 pfn:4abb1 [ 411.987688][T14930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804abb1f00 pfn:0x4abb1 [ 411.990468][T14930] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 411.992411][T14930] raw: 04fff00000000000 dead000000000040 ffff88801f1e5000 0000000000000000 [ 411.994673][T14930] raw: ffff88804abb1f00 0000000000000001 00000000ffffffff 0000000000000000 [ 411.996985][T14930] page dumped because: page_pool leak [ 411.998407][T14930] page_owner tracks the page as allocated [ 411.999976][T14930] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 14930, tgid 14929 (syz.2.3009), ts 411846519486, free_ts 411515743180 [ 412.004560][T14930] post_alloc_hook+0x181/0x1b0 [ 412.005857][T14930] get_page_from_freelist+0xfce/0x2f80 [ 412.007448][T14930] __alloc_frozen_pages_noprof+0x221/0x2470 [ 412.009122][T14930] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 412.010616][T14930] __page_pool_alloc_pages_slow+0x18c/0x770 [ 412.012197][T14930] page_pool_alloc_netmems+0xc4/0x160 [ 412.013646][T14930] skb_pp_cow_data+0x776/0xf10 [ 412.014957][T14930] skb_cow_data_for_xdp+0x88/0xb0 [ 412.016310][T14930] do_xdp_generic+0x3f1/0xe70 [ 412.017600][T14930] tun_get_user+0x1e04/0x3e50 [ 412.018927][T14930] tun_chr_write_iter+0xdc/0x210 [ 412.020274][T14930] vfs_write+0x5ae/0x1150 [ 412.021449][T14930] ksys_write+0x12b/0x250 [ 412.022621][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.024034][T14930] do_fast_syscall_32+0x32/0x80 [ 412.025375][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.027115][T14930] page last free pid 14903 tgid 14903 stack trace: [ 412.028963][T14930] free_frozen_pages+0x6db/0xfb0 [ 412.030290][T14930] tlb_finish_mmu+0x237/0x7b0 [ 412.031548][T14930] exit_mmap+0x40e/0xba0 [ 412.032697][T14930] __mmput+0x12a/0x410 [ 412.033843][T14930] mmput+0x62/0x70 [ 412.034883][T14930] do_exit+0x9ba/0x2dc0 [ 412.035993][T14930] do_group_exit+0xd3/0x2a0 [ 412.037259][T14930] __ia32_sys_exit_group+0x3e/0x50 [ 412.038668][T14930] ia32_sys_call+0xd56/0x1c40 [ 412.040001][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.041413][T14930] do_fast_syscall_32+0x32/0x80 [ 412.042689][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.044355][T14930] Modules linked in: [ 412.045400][T14930] CPU: 2 UID: 0 PID: 14930 Comm: syz.2.3009 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 412.045414][T14930] Tainted: [B]=BAD_PAGE [ 412.045418][T14930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 412.045424][T14930] Call Trace: [ 412.045428][T14930] [ 412.045432][T14930] dump_stack_lvl+0x16c/0x1f0 [ 412.045448][T14930] bad_page+0xb3/0x1f0 [ 412.045458][T14930] ? __pfx_bad_page+0x10/0x10 [ 412.045468][T14930] ? page_bad_reason+0x9d/0x1e0 [ 412.045477][T14930] free_frozen_pages+0x701/0xfb0 [ 412.045492][T14930] page_frag_free+0x255/0x2a0 [ 412.045502][T14930] __xdp_return+0x363/0xac0 [ 412.045517][T14930] ? kmem_cache_free+0x2e2/0x4d0 [ 412.045530][T14930] bpf_xdp_adjust_tail+0x9de/0xf70 [ 412.045546][T14930] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 412.045554][T14930] bpf_prog_run_generic_xdp+0x623/0x1500 [ 412.045569][T14930] do_xdp_generic+0x70a/0xe70 [ 412.045580][T14930] ? __pfx_do_xdp_generic+0x10/0x10 [ 412.045593][T14930] ? tun_get_user+0x1d55/0x3e50 [ 412.045608][T14930] tun_get_user+0x1e04/0x3e50 [ 412.045623][T14930] ? __pfx___futex_wait+0x10/0x10 [ 412.045638][T14930] ? __pfx_tun_get_user+0x10/0x10 [ 412.045651][T14930] ? find_held_lock+0x2d/0x110 [ 412.045663][T14930] ? __pfx_lock_release+0x10/0x10 [ 412.045679][T14930] tun_chr_write_iter+0xdc/0x210 [ 412.045693][T14930] vfs_write+0x5ae/0x1150 [ 412.045705][T14930] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 412.045720][T14930] ? __pfx_lock_release+0x10/0x10 [ 412.045732][T14930] ? __pfx_vfs_write+0x10/0x10 [ 412.045745][T14930] ? lock_acquire+0x2f/0xb0 [ 412.045757][T14930] ? __fget_files+0x40/0x3b0 [ 412.045774][T14930] ksys_write+0x12b/0x250 [ 412.045787][T14930] ? __pfx_ksys_write+0x10/0x10 [ 412.045801][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.045815][T14930] do_fast_syscall_32+0x32/0x80 [ 412.045833][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.045849][T14930] RIP: 0023:0xf7f5f579 [ 412.045857][T14930] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 412.045866][T14930] RSP: 002b:00000000f5086520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 412.045875][T14930] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 412.045882][T14930] RDX: 000000000000fdef RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 412.045887][T14930] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 412.045893][T14930] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 412.045899][T14930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 412.045907][T14930] [ 412.045912][T14930] BUG: Bad page state in process syz.2.3009 pfn:50a6c [ 412.121413][T14930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888050a6c2d0 pfn:0x50a6c [ 412.124276][T14930] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 412.126266][T14930] raw: 04fff00000000000 dead000000000040 ffff88801f1e5000 0000000000000000 [ 412.128755][T14930] raw: ffff888050a6c2d0 0000000000000001 00000000ffffffff 0000000000000000 [ 412.131105][T14930] page dumped because: page_pool leak [ 412.132597][T14930] page_owner tracks the page as allocated [ 412.134314][T14930] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 14930, tgid 14929 (syz.2.3009), ts 411846515439, free_ts 411515747123 [ 412.140793][T14930] post_alloc_hook+0x181/0x1b0 [ 412.142521][T14930] get_page_from_freelist+0xfce/0x2f80 [ 412.144609][T14930] __alloc_frozen_pages_noprof+0x221/0x2470 [ 412.146686][T14930] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 412.148264][T14930] __page_pool_alloc_pages_slow+0x18c/0x770 [ 412.149878][T14930] page_pool_alloc_netmems+0xc4/0x160 [ 412.151366][T14930] skb_pp_cow_data+0x776/0xf10 [ 412.152756][T14930] skb_cow_data_for_xdp+0x88/0xb0 [ 412.154307][T14930] do_xdp_generic+0x3f1/0xe70 [ 412.155871][T14930] tun_get_user+0x1e04/0x3e50 [ 412.157273][T14930] tun_chr_write_iter+0xdc/0x210 [ 412.158889][T14930] vfs_write+0x5ae/0x1150 [ 412.160145][T14930] ksys_write+0x12b/0x250 [ 412.161362][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.162897][T14930] do_fast_syscall_32+0x32/0x80 [ 412.164227][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.166036][T14930] page last free pid 14903 tgid 14903 stack trace: [ 412.167933][T14930] free_frozen_pages+0x6db/0xfb0 [ 412.169467][T14930] tlb_finish_mmu+0x237/0x7b0 [ 412.171021][T14930] exit_mmap+0x40e/0xba0 [ 412.172423][T14930] __mmput+0x12a/0x410 [ 412.173759][T14930] mmput+0x62/0x70 [ 412.174958][T14930] do_exit+0x9ba/0x2dc0 [ 412.176169][T14930] do_group_exit+0xd3/0x2a0 [ 412.177447][T14930] __ia32_sys_exit_group+0x3e/0x50 [ 412.178901][T14930] ia32_sys_call+0xd56/0x1c40 [ 412.180205][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.181703][T14930] do_fast_syscall_32+0x32/0x80 [ 412.183168][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.185027][T14930] Modules linked in: [ 412.186209][T14930] CPU: 2 UID: 0 PID: 14930 Comm: syz.2.3009 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 412.186226][T14930] Tainted: [B]=BAD_PAGE [ 412.186229][T14930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 412.186237][T14930] Call Trace: [ 412.186241][T14930] [ 412.186246][T14930] dump_stack_lvl+0x16c/0x1f0 [ 412.186263][T14930] bad_page+0xb3/0x1f0 [ 412.186275][T14930] ? __pfx_bad_page+0x10/0x10 [ 412.186285][T14930] ? page_bad_reason+0x9d/0x1e0 [ 412.186297][T14930] free_frozen_pages+0x701/0xfb0 [ 412.186312][T14930] page_frag_free+0x255/0x2a0 [ 412.186323][T14930] __xdp_return+0x363/0xac0 [ 412.186340][T14930] ? kmem_cache_free+0x2e2/0x4d0 [ 412.186355][T14930] bpf_xdp_adjust_tail+0x9de/0xf70 [ 412.186376][T14930] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 412.186385][T14930] bpf_prog_run_generic_xdp+0x623/0x1500 [ 412.186401][T14930] do_xdp_generic+0x70a/0xe70 [ 412.186414][T14930] ? __pfx_do_xdp_generic+0x10/0x10 [ 412.186430][T14930] ? tun_get_user+0x1d55/0x3e50 [ 412.186448][T14930] tun_get_user+0x1e04/0x3e50 [ 412.186465][T14930] ? __pfx___futex_wait+0x10/0x10 [ 412.186481][T14930] ? __pfx_tun_get_user+0x10/0x10 [ 412.186496][T14930] ? find_held_lock+0x2d/0x110 [ 412.186509][T14930] ? __pfx_lock_release+0x10/0x10 [ 412.186527][T14930] tun_chr_write_iter+0xdc/0x210 [ 412.186543][T14930] vfs_write+0x5ae/0x1150 [ 412.186559][T14930] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 412.186575][T14930] ? __pfx_lock_release+0x10/0x10 [ 412.186590][T14930] ? __pfx_vfs_write+0x10/0x10 [ 412.186604][T14930] ? lock_acquire+0x2f/0xb0 [ 412.186618][T14930] ? __fget_files+0x40/0x3b0 [ 412.186637][T14930] ksys_write+0x12b/0x250 [ 412.186651][T14930] ? __pfx_ksys_write+0x10/0x10 [ 412.186667][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.186683][T14930] do_fast_syscall_32+0x32/0x80 [ 412.186698][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.186715][T14930] RIP: 0023:0xf7f5f579 [ 412.186724][T14930] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 412.186735][T14930] RSP: 002b:00000000f5086520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 412.186745][T14930] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 412.186752][T14930] RDX: 000000000000fdef RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 412.186759][T14930] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 412.186765][T14930] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 412.186771][T14930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 412.186780][T14930] [ 412.186802][T14930] BUG: Bad page state in process syz.2.3009 pfn:482b7 [ 412.268767][T14930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x482b7 [ 412.271386][T14930] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 412.273255][T14930] raw: 04fff00000000000 dead000000000040 ffff88801f1e5000 0000000000000000 [ 412.275496][T14930] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 412.277703][T14930] page dumped because: page_pool leak [ 412.279180][T14930] page_owner tracks the page as allocated [ 412.280811][T14930] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 14930, tgid 14929 (syz.2.3009), ts 411846510652, free_ts 411518751684 [ 412.285951][T14930] post_alloc_hook+0x181/0x1b0 [ 412.287287][T14930] get_page_from_freelist+0xfce/0x2f80 [ 412.288799][T14930] __alloc_frozen_pages_noprof+0x221/0x2470 [ 412.290401][T14930] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 412.291938][T14930] __page_pool_alloc_pages_slow+0x18c/0x770 [ 412.293524][T14930] page_pool_alloc_netmems+0xc4/0x160 [ 412.295014][T14930] skb_pp_cow_data+0x776/0xf10 [ 412.296321][T14930] skb_cow_data_for_xdp+0x88/0xb0 [ 412.297767][T14930] do_xdp_generic+0x3f1/0xe70 [ 412.299110][T14930] tun_get_user+0x1e04/0x3e50 [ 412.300415][T14930] tun_chr_write_iter+0xdc/0x210 [ 412.301791][T14930] vfs_write+0x5ae/0x1150 [ 412.302983][T14930] ksys_write+0x12b/0x250 [ 412.304214][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.305549][T14930] do_fast_syscall_32+0x32/0x80 [ 412.306907][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.308648][T14930] page last free pid 5998 tgid 5998 stack trace: [ 412.310350][T14930] free_frozen_pages+0x6db/0xfb0 [ 412.311696][T14930] vfree+0x174/0x950 [ 412.312764][T14930] delayed_vfree_work+0x56/0x70 [ 412.314081][T14930] process_one_work+0x9c5/0x1ba0 [ 412.315437][T14930] worker_thread+0x6c8/0xf00 [ 412.316739][T14930] kthread+0x3af/0x750 [ 412.317863][T14930] ret_from_fork+0x45/0x80 [ 412.319151][T14930] ret_from_fork_asm+0x1a/0x30 [ 412.320472][T14930] Modules linked in: [ 412.321541][T14930] CPU: 2 UID: 0 PID: 14930 Comm: syz.2.3009 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 412.321555][T14930] Tainted: [B]=BAD_PAGE [ 412.321559][T14930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 412.321565][T14930] Call Trace: [ 412.321568][T14930] [ 412.321572][T14930] dump_stack_lvl+0x16c/0x1f0 [ 412.321587][T14930] bad_page+0xb3/0x1f0 [ 412.321596][T14930] ? __pfx_bad_page+0x10/0x10 [ 412.321606][T14930] ? page_bad_reason+0x9d/0x1e0 [ 412.321615][T14930] free_frozen_pages+0x701/0xfb0 [ 412.321629][T14930] page_frag_free+0x255/0x2a0 [ 412.321639][T14930] __xdp_return+0x363/0xac0 [ 412.321653][T14930] ? kmem_cache_free+0x2e2/0x4d0 [ 412.321667][T14930] bpf_xdp_adjust_tail+0x9de/0xf70 [ 412.321684][T14930] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 412.321692][T14930] bpf_prog_run_generic_xdp+0x623/0x1500 [ 412.321706][T14930] do_xdp_generic+0x70a/0xe70 [ 412.321717][T14930] ? __pfx_do_xdp_generic+0x10/0x10 [ 412.321731][T14930] ? tun_get_user+0x1d55/0x3e50 [ 412.321746][T14930] tun_get_user+0x1e04/0x3e50 [ 412.321761][T14930] ? __pfx___futex_wait+0x10/0x10 [ 412.321775][T14930] ? __pfx_tun_get_user+0x10/0x10 [ 412.321788][T14930] ? find_held_lock+0x2d/0x110 [ 412.321800][T14930] ? __pfx_lock_release+0x10/0x10 [ 412.321816][T14930] tun_chr_write_iter+0xdc/0x210 [ 412.321833][T14930] vfs_write+0x5ae/0x1150 [ 412.321847][T14930] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 412.321861][T14930] ? __pfx_lock_release+0x10/0x10 [ 412.321873][T14930] ? __pfx_vfs_write+0x10/0x10 [ 412.321886][T14930] ? lock_acquire+0x2f/0xb0 [ 412.321898][T14930] ? __fget_files+0x40/0x3b0 [ 412.321914][T14930] ksys_write+0x12b/0x250 [ 412.321926][T14930] ? __pfx_ksys_write+0x10/0x10 [ 412.321940][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.321954][T14930] do_fast_syscall_32+0x32/0x80 [ 412.321967][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.321983][T14930] RIP: 0023:0xf7f5f579 [ 412.321990][T14930] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 412.322000][T14930] RSP: 002b:00000000f5086520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 412.322009][T14930] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 412.322015][T14930] RDX: 000000000000fdef RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 412.322021][T14930] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 412.322027][T14930] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 412.322032][T14930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 412.322041][T14930] [ 412.322047][T14930] BUG: Bad page state in process syz.2.3009 pfn:6b386 [ 412.404326][T14930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x6b386 [ 412.408491][T14930] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 412.411189][T14930] raw: 04fff00000000000 dead000000000040 ffff88801f1e5000 0000000000000000 [ 412.414264][T14930] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 412.417332][T14930] page dumped because: page_pool leak [ 412.419345][T14930] page_owner tracks the page as allocated [ 412.421335][T14930] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 14930, tgid 14929 (syz.2.3009), ts 411846488434, free_ts 409012472087 [ 412.427318][T14930] post_alloc_hook+0x181/0x1b0 [ 412.429072][T14930] get_page_from_freelist+0xfce/0x2f80 [ 412.431054][T14930] __alloc_frozen_pages_noprof+0x221/0x2470 [ 412.433055][T14930] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 412.434949][T14930] __page_pool_alloc_pages_slow+0x18c/0x770 [ 412.436977][T14930] page_pool_alloc_netmems+0xc4/0x160 [ 412.438922][T14930] skb_pp_cow_data+0x776/0xf10 [ 412.440575][T14930] skb_cow_data_for_xdp+0x88/0xb0 [ 412.442334][T14930] do_xdp_generic+0x3f1/0xe70 [ 412.443968][T14930] tun_get_user+0x1e04/0x3e50 [ 412.445582][T14930] tun_chr_write_iter+0xdc/0x210 [ 412.447017][T14930] vfs_write+0x5ae/0x1150 [ 412.448214][T14930] ksys_write+0x12b/0x250 [ 412.449444][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.450848][T14930] do_fast_syscall_32+0x32/0x80 [ 412.452154][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.453894][T14930] page last free pid 14810 tgid 14809 stack trace: [ 412.455689][T14930] free_frozen_pages+0x6db/0xfb0 [ 412.457183][T14930] mon_bin_release+0x15a/0x240 [ 412.458599][T14930] __fput+0x3ff/0xb70 [ 412.459817][T14930] task_work_run+0x14e/0x250 [ 412.461061][T14930] do_exit+0xad8/0x2dc0 [ 412.462236][T14930] do_group_exit+0xd3/0x2a0 [ 412.463541][T14930] get_signal+0x24ed/0x26c0 [ 412.464770][T14930] arch_do_signal_or_restart+0x90/0x7e0 [ 412.466280][T14930] syscall_exit_to_user_mode+0x150/0x2a0 [ 412.467897][T14930] __do_fast_syscall_32+0x80/0x120 [ 412.469353][T14930] do_fast_syscall_32+0x32/0x80 [ 412.470707][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.472452][T14930] Modules linked in: [ 412.473540][T14930] CPU: 2 UID: 0 PID: 14930 Comm: syz.2.3009 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 412.473555][T14930] Tainted: [B]=BAD_PAGE [ 412.473558][T14930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 412.473565][T14930] Call Trace: [ 412.473568][T14930] [ 412.473572][T14930] dump_stack_lvl+0x16c/0x1f0 [ 412.473587][T14930] bad_page+0xb3/0x1f0 [ 412.473597][T14930] ? __pfx_bad_page+0x10/0x10 [ 412.473607][T14930] ? page_bad_reason+0x9d/0x1e0 [ 412.473617][T14930] free_frozen_pages+0x701/0xfb0 [ 412.473631][T14930] page_frag_free+0x255/0x2a0 [ 412.473640][T14930] __xdp_return+0x363/0xac0 [ 412.473655][T14930] ? kmem_cache_free+0x2e2/0x4d0 [ 412.473668][T14930] bpf_xdp_adjust_tail+0x9de/0xf70 [ 412.473686][T14930] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 412.473694][T14930] bpf_prog_run_generic_xdp+0x623/0x1500 [ 412.473708][T14930] do_xdp_generic+0x70a/0xe70 [ 412.473719][T14930] ? __pfx_do_xdp_generic+0x10/0x10 [ 412.473733][T14930] ? tun_get_user+0x1d55/0x3e50 [ 412.473748][T14930] tun_get_user+0x1e04/0x3e50 [ 412.473763][T14930] ? __pfx___futex_wait+0x10/0x10 [ 412.473777][T14930] ? __pfx_tun_get_user+0x10/0x10 [ 412.473791][T14930] ? find_held_lock+0x2d/0x110 [ 412.473802][T14930] ? __pfx_lock_release+0x10/0x10 [ 412.473818][T14930] tun_chr_write_iter+0xdc/0x210 [ 412.473832][T14930] vfs_write+0x5ae/0x1150 [ 412.473845][T14930] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 412.473859][T14930] ? __pfx_lock_release+0x10/0x10 [ 412.473872][T14930] ? __pfx_vfs_write+0x10/0x10 [ 412.473884][T14930] ? lock_acquire+0x2f/0xb0 [ 412.473897][T14930] ? __fget_files+0x40/0x3b0 [ 412.473913][T14930] ksys_write+0x12b/0x250 [ 412.473928][T14930] ? __pfx_ksys_write+0x10/0x10 [ 412.473943][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.473956][T14930] do_fast_syscall_32+0x32/0x80 [ 412.473969][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.473985][T14930] RIP: 0023:0xf7f5f579 [ 412.473992][T14930] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 412.474002][T14930] RSP: 002b:00000000f5086520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 412.474012][T14930] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 412.474018][T14930] RDX: 000000000000fdef RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 412.474024][T14930] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 412.474029][T14930] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 412.474035][T14930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 412.474043][T14930] [ 412.474050][T14930] BUG: Bad page state in process syz.2.3009 pfn:6bdc6 [ 412.557514][T14930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6bdc6 [ 412.559927][T14930] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 412.561858][T14930] raw: 04fff00000000000 dead000000000040 ffff88801f1e5000 0000000000000000 [ 412.564261][T14930] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 412.566557][T14930] page dumped because: page_pool leak [ 412.568065][T14930] page_owner tracks the page as allocated [ 412.569654][T14930] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 14930, tgid 14929 (syz.2.3009), ts 411846481496, free_ts 409012475768 [ 412.574229][T14930] post_alloc_hook+0x181/0x1b0 [ 412.575567][T14930] get_page_from_freelist+0xfce/0x2f80 [ 412.577103][T14930] __alloc_frozen_pages_noprof+0x221/0x2470 [ 412.578775][T14930] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 412.580307][T14930] __page_pool_alloc_pages_slow+0x18c/0x770 [ 412.581904][T14930] page_pool_alloc_netmems+0xc4/0x160 [ 412.583368][T14930] skb_pp_cow_data+0x776/0xf10 [ 412.584720][T14930] skb_cow_data_for_xdp+0x88/0xb0 [ 412.586156][T14930] do_xdp_generic+0x3f1/0xe70 [ 412.587505][T14930] tun_get_user+0x1e04/0x3e50 [ 412.588883][T14930] tun_chr_write_iter+0xdc/0x210 [ 412.590264][T14930] vfs_write+0x5ae/0x1150 [ 412.591568][T14930] ksys_write+0x12b/0x250 [ 412.592821][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.594264][T14930] do_fast_syscall_32+0x32/0x80 [ 412.595635][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.597374][T14930] page last free pid 14810 tgid 14809 stack trace: [ 412.599235][T14930] free_frozen_pages+0x6db/0xfb0 [ 412.600640][T14930] mon_bin_release+0x15a/0x240 [ 412.601964][T14930] __fput+0x3ff/0xb70 [ 412.603109][T14930] task_work_run+0x14e/0x250 [ 412.604371][T14930] do_exit+0xad8/0x2dc0 [ 412.605520][T14930] do_group_exit+0xd3/0x2a0 [ 412.606771][T14930] get_signal+0x24ed/0x26c0 [ 412.608072][T14930] arch_do_signal_or_restart+0x90/0x7e0 [ 412.609643][T14930] syscall_exit_to_user_mode+0x150/0x2a0 [ 412.611169][T14930] __do_fast_syscall_32+0x80/0x120 [ 412.612542][T14930] do_fast_syscall_32+0x32/0x80 [ 412.613894][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.615653][T14930] Modules linked in: [ 412.616770][T14930] CPU: 2 UID: 0 PID: 14930 Comm: syz.2.3009 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 412.616784][T14930] Tainted: [B]=BAD_PAGE [ 412.616788][T14930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 412.616794][T14930] Call Trace: [ 412.616798][T14930] [ 412.616803][T14930] dump_stack_lvl+0x16c/0x1f0 [ 412.616817][T14930] bad_page+0xb3/0x1f0 [ 412.616827][T14930] ? __pfx_bad_page+0x10/0x10 [ 412.616837][T14930] ? page_bad_reason+0x9d/0x1e0 [ 412.616846][T14930] free_frozen_pages+0x701/0xfb0 [ 412.616861][T14930] page_frag_free+0x255/0x2a0 [ 412.616870][T14930] __xdp_return+0x363/0xac0 [ 412.616885][T14930] ? kmem_cache_free+0x2e2/0x4d0 [ 412.616899][T14930] bpf_xdp_adjust_tail+0x9de/0xf70 [ 412.616916][T14930] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 412.616925][T14930] bpf_prog_run_generic_xdp+0x623/0x1500 [ 412.616939][T14930] do_xdp_generic+0x70a/0xe70 [ 412.616950][T14930] ? __pfx_do_xdp_generic+0x10/0x10 [ 412.616964][T14930] ? tun_get_user+0x1d55/0x3e50 [ 412.616980][T14930] tun_get_user+0x1e04/0x3e50 [ 412.616995][T14930] ? __pfx___futex_wait+0x10/0x10 [ 412.617010][T14930] ? __pfx_tun_get_user+0x10/0x10 [ 412.617023][T14930] ? find_held_lock+0x2d/0x110 [ 412.617034][T14930] ? __pfx_lock_release+0x10/0x10 [ 412.617050][T14930] tun_chr_write_iter+0xdc/0x210 [ 412.617064][T14930] vfs_write+0x5ae/0x1150 [ 412.617077][T14930] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 412.617092][T14930] ? __pfx_lock_release+0x10/0x10 [ 412.617104][T14930] ? __pfx_vfs_write+0x10/0x10 [ 412.617117][T14930] ? lock_acquire+0x2f/0xb0 [ 412.617129][T14930] ? __fget_files+0x40/0x3b0 [ 412.617145][T14930] ksys_write+0x12b/0x250 [ 412.617158][T14930] ? __pfx_ksys_write+0x10/0x10 [ 412.617172][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.617185][T14930] do_fast_syscall_32+0x32/0x80 [ 412.617199][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.617214][T14930] RIP: 0023:0xf7f5f579 [ 412.617222][T14930] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 412.617231][T14930] RSP: 002b:00000000f5086520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 412.617241][T14930] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 412.617247][T14930] RDX: 000000000000fdef RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 412.617253][T14930] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 412.617258][T14930] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 412.617264][T14930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 412.617272][T14930] [ 412.617279][T14930] BUG: Bad page state in process syz.2.3009 pfn:6c106 [ 412.690255][T14930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806c107cc0 pfn:0x6c106 [ 412.692913][T14930] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 412.694860][T14930] raw: 04fff00000000000 dead000000000040 ffff88801f1e5000 0000000000000000 [ 412.697181][T14930] raw: ffff88806c107cc0 0000000000000001 00000000ffffffff 0000000000000000 [ 412.699495][T14930] page dumped because: page_pool leak [ 412.700910][T14930] page_owner tracks the page as allocated [ 412.702425][T14930] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 14930, tgid 14929 (syz.2.3009), ts 411846476896, free_ts 409012479731 [ 412.706987][T14930] post_alloc_hook+0x181/0x1b0 [ 412.708301][T14930] get_page_from_freelist+0xfce/0x2f80 [ 412.709876][T14930] __alloc_frozen_pages_noprof+0x221/0x2470 [ 412.711607][T14930] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 412.713156][T14930] __page_pool_alloc_pages_slow+0x18c/0x770 [ 412.714794][T14930] page_pool_alloc_netmems+0xc4/0x160 [ 412.716254][T14930] skb_pp_cow_data+0x776/0xf10 [ 412.717571][T14930] skb_cow_data_for_xdp+0x88/0xb0 [ 412.719004][T14930] do_xdp_generic+0x3f1/0xe70 [ 412.720296][T14930] tun_get_user+0x1e04/0x3e50 [ 412.721576][T14930] tun_chr_write_iter+0xdc/0x210 [ 412.722929][T14930] vfs_write+0x5ae/0x1150 [ 412.724156][T14930] ksys_write+0x12b/0x250 [ 412.725321][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.726693][T14930] do_fast_syscall_32+0x32/0x80 [ 412.728014][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.729741][T14930] page last free pid 14810 tgid 14809 stack trace: [ 412.731477][T14930] free_frozen_pages+0x6db/0xfb0 [ 412.732801][T14930] mon_bin_release+0x15a/0x240 [ 412.734119][T14930] __fput+0x3ff/0xb70 [ 412.735216][T14930] task_work_run+0x14e/0x250 [ 412.736473][T14930] do_exit+0xad8/0x2dc0 [ 412.737728][T14930] do_group_exit+0xd3/0x2a0 [ 412.739092][T14930] get_signal+0x24ed/0x26c0 [ 412.740368][T14930] arch_do_signal_or_restart+0x90/0x7e0 [ 412.741945][T14930] syscall_exit_to_user_mode+0x150/0x2a0 [ 412.743509][T14930] __do_fast_syscall_32+0x80/0x120 [ 412.744903][T14930] do_fast_syscall_32+0x32/0x80 [ 412.746235][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.747991][T14930] Modules linked in: [ 412.749152][T14930] CPU: 2 UID: 0 PID: 14930 Comm: syz.2.3009 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 412.749167][T14930] Tainted: [B]=BAD_PAGE [ 412.749170][T14930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 412.749177][T14930] Call Trace: [ 412.749180][T14930] [ 412.749184][T14930] dump_stack_lvl+0x16c/0x1f0 [ 412.749200][T14930] bad_page+0xb3/0x1f0 [ 412.749210][T14930] ? __pfx_bad_page+0x10/0x10 [ 412.749219][T14930] ? page_bad_reason+0x9d/0x1e0 [ 412.749229][T14930] free_frozen_pages+0x701/0xfb0 [ 412.749243][T14930] page_frag_free+0x255/0x2a0 [ 412.749252][T14930] __xdp_return+0x363/0xac0 [ 412.749267][T14930] ? kmem_cache_free+0x2e2/0x4d0 [ 412.749281][T14930] bpf_xdp_adjust_tail+0x9de/0xf70 [ 412.749298][T14930] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 412.749306][T14930] bpf_prog_run_generic_xdp+0x623/0x1500 [ 412.749321][T14930] do_xdp_generic+0x70a/0xe70 [ 412.749332][T14930] ? __pfx_do_xdp_generic+0x10/0x10 [ 412.749346][T14930] ? tun_get_user+0x1d55/0x3e50 [ 412.749362][T14930] tun_get_user+0x1e04/0x3e50 [ 412.749376][T14930] ? __pfx___futex_wait+0x10/0x10 [ 412.749391][T14930] ? __pfx_tun_get_user+0x10/0x10 [ 412.749404][T14930] ? find_held_lock+0x2d/0x110 [ 412.749416][T14930] ? __pfx_lock_release+0x10/0x10 [ 412.749432][T14930] tun_chr_write_iter+0xdc/0x210 [ 412.749445][T14930] vfs_write+0x5ae/0x1150 [ 412.749459][T14930] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 412.749474][T14930] ? __pfx_lock_release+0x10/0x10 [ 412.749486][T14930] ? __pfx_vfs_write+0x10/0x10 [ 412.749499][T14930] ? lock_acquire+0x2f/0xb0 [ 412.749511][T14930] ? __fget_files+0x40/0x3b0 [ 412.749527][T14930] ksys_write+0x12b/0x250 [ 412.749539][T14930] ? __pfx_ksys_write+0x10/0x10 [ 412.749553][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.749567][T14930] do_fast_syscall_32+0x32/0x80 [ 412.749580][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.749595][T14930] RIP: 0023:0xf7f5f579 [ 412.749602][T14930] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 412.749612][T14930] RSP: 002b:00000000f5086520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 412.749622][T14930] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 412.749628][T14930] RDX: 000000000000fdef RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 412.749634][T14930] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 412.749639][T14930] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 412.749645][T14930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 412.749653][T14930] [ 412.749659][T14930] BUG: Bad page state in process syz.2.3009 pfn:6085c [ 412.822643][T14930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806085fa80 pfn:0x6085c [ 412.825378][T14930] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 412.827398][T14930] raw: 04fff00000000000 dead000000000040 ffff88801f1e5000 0000000000000000 [ 412.829762][T14930] raw: ffff88806085fa80 0000000000000001 00000000ffffffff 0000000000000000 [ 412.832071][T14930] page dumped because: page_pool leak [ 412.833565][T14930] page_owner tracks the page as allocated [ 412.835145][T14930] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 14930, tgid 14929 (syz.2.3009), ts 411846469420, free_ts 409012483562 [ 412.839831][T14930] post_alloc_hook+0x181/0x1b0 [ 412.841167][T14930] get_page_from_freelist+0xfce/0x2f80 [ 412.842671][T14930] __alloc_frozen_pages_noprof+0x221/0x2470 [ 412.844324][T14930] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 412.845853][T14930] __page_pool_alloc_pages_slow+0x18c/0x770 [ 412.847490][T14930] page_pool_alloc_netmems+0xc4/0x160 [ 412.849020][T14930] skb_pp_cow_data+0x776/0xf10 [ 412.850355][T14930] skb_cow_data_for_xdp+0x88/0xb0 [ 412.851767][T14930] do_xdp_generic+0x3f1/0xe70 [ 412.853054][T14930] tun_get_user+0x1e04/0x3e50 [ 412.854345][T14930] tun_chr_write_iter+0xdc/0x210 [ 412.855712][T14930] vfs_write+0x5ae/0x1150 [ 412.856908][T14930] ksys_write+0x12b/0x250 [ 412.858072][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.859526][T14930] do_fast_syscall_32+0x32/0x80 [ 412.860857][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.862548][T14930] page last free pid 14810 tgid 14809 stack trace: [ 412.864192][T14930] free_frozen_pages+0x6db/0xfb0 [ 412.865553][T14930] mon_bin_release+0x15a/0x240 [ 412.866885][T14930] __fput+0x3ff/0xb70 [ 412.867974][T14930] task_work_run+0x14e/0x250 [ 412.869438][T14930] do_exit+0xad8/0x2dc0 [ 412.870605][T14930] do_group_exit+0xd3/0x2a0 [ 412.871880][T14930] get_signal+0x24ed/0x26c0 [ 412.873171][T14930] arch_do_signal_or_restart+0x90/0x7e0 [ 412.874713][T14930] syscall_exit_to_user_mode+0x150/0x2a0 [ 412.876297][T14930] __do_fast_syscall_32+0x80/0x120 [ 412.877726][T14930] do_fast_syscall_32+0x32/0x80 [ 412.879142][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.880899][T14930] Modules linked in: [ 412.881977][T14930] CPU: 2 UID: 0 PID: 14930 Comm: syz.2.3009 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 412.881992][T14930] Tainted: [B]=BAD_PAGE [ 412.881995][T14930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 412.882001][T14930] Call Trace: [ 412.882004][T14930] [ 412.882008][T14930] dump_stack_lvl+0x16c/0x1f0 [ 412.882022][T14930] bad_page+0xb3/0x1f0 [ 412.882032][T14930] ? __pfx_bad_page+0x10/0x10 [ 412.882041][T14930] ? page_bad_reason+0x9d/0x1e0 [ 412.882051][T14930] free_frozen_pages+0x701/0xfb0 [ 412.882065][T14930] page_frag_free+0x255/0x2a0 [ 412.882074][T14930] __xdp_return+0x363/0xac0 [ 412.882088][T14930] ? kmem_cache_free+0x2e2/0x4d0 [ 412.882101][T14930] bpf_xdp_adjust_tail+0x9de/0xf70 [ 412.882120][T14930] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 412.882128][T14930] bpf_prog_run_generic_xdp+0x623/0x1500 [ 412.882142][T14930] do_xdp_generic+0x70a/0xe70 [ 412.882153][T14930] ? __pfx_do_xdp_generic+0x10/0x10 [ 412.882167][T14930] ? tun_get_user+0x1d55/0x3e50 [ 412.882182][T14930] tun_get_user+0x1e04/0x3e50 [ 412.882197][T14930] ? __pfx___futex_wait+0x10/0x10 [ 412.882211][T14930] ? __pfx_tun_get_user+0x10/0x10 [ 412.882224][T14930] ? find_held_lock+0x2d/0x110 [ 412.882236][T14930] ? __pfx_lock_release+0x10/0x10 [ 412.882252][T14930] tun_chr_write_iter+0xdc/0x210 [ 412.882265][T14930] vfs_write+0x5ae/0x1150 [ 412.882279][T14930] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 412.882293][T14930] ? __pfx_lock_release+0x10/0x10 [ 412.882305][T14930] ? __pfx_vfs_write+0x10/0x10 [ 412.882318][T14930] ? lock_acquire+0x2f/0xb0 [ 412.882330][T14930] ? __fget_files+0x40/0x3b0 [ 412.882346][T14930] ksys_write+0x12b/0x250 [ 412.882358][T14930] ? __pfx_ksys_write+0x10/0x10 [ 412.882372][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.882386][T14930] do_fast_syscall_32+0x32/0x80 [ 412.882399][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.882414][T14930] RIP: 0023:0xf7f5f579 [ 412.882421][T14930] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 412.882430][T14930] RSP: 002b:00000000f5086520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 412.882440][T14930] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 412.882446][T14930] RDX: 000000000000fdef RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 412.882452][T14930] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 412.882457][T14930] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 412.882463][T14930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 412.882471][T14930] [ 412.882476][T14930] BUG: Bad page state in process syz.2.3009 pfn:65f52 [ 412.956088][T14930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804fcb0000 pfn:0x65f52 [ 412.958910][T14930] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 412.960867][T14930] raw: 04fff00000000000 dead000000000040 ffff88801f1e5000 0000000000000000 [ 412.963214][T14930] raw: ffff88804fcb0000 0000000000000001 00000000ffffffff 0000000000000000 [ 412.965514][T14930] page dumped because: page_pool leak [ 412.966963][T14930] page_owner tracks the page as allocated [ 412.968544][T14930] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 14930, tgid 14929 (syz.2.3009), ts 411846464757, free_ts 409012487208 [ 412.973152][T14930] post_alloc_hook+0x181/0x1b0 [ 412.974486][T14930] get_page_from_freelist+0xfce/0x2f80 [ 412.976001][T14930] __alloc_frozen_pages_noprof+0x221/0x2470 [ 412.977657][T14930] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 412.979239][T14930] __page_pool_alloc_pages_slow+0x18c/0x770 [ 412.980872][T14930] page_pool_alloc_netmems+0xc4/0x160 [ 412.982309][T14930] skb_pp_cow_data+0x776/0xf10 [ 412.983617][T14930] skb_cow_data_for_xdp+0x88/0xb0 [ 412.984973][T14930] do_xdp_generic+0x3f1/0xe70 [ 412.986242][T14930] tun_get_user+0x1e04/0x3e50 [ 412.987542][T14930] tun_chr_write_iter+0xdc/0x210 [ 412.988899][T14930] vfs_write+0x5ae/0x1150 [ 412.990073][T14930] ksys_write+0x12b/0x250 [ 412.991246][T14930] __do_fast_syscall_32+0x73/0x120 [ 412.992664][T14930] do_fast_syscall_32+0x32/0x80 [ 412.993987][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 412.995737][T14930] page last free pid 14810 tgid 14809 stack trace: [ 412.997501][T14930] free_frozen_pages+0x6db/0xfb0 [ 412.998971][T14930] mon_bin_release+0x15a/0x240 [ 413.000337][T14930] __fput+0x3ff/0xb70 [ 413.001462][T14930] task_work_run+0x14e/0x250 [ 413.002734][T14930] do_exit+0xad8/0x2dc0 [ 413.004039][T14930] do_group_exit+0xd3/0x2a0 [ 413.005370][T14930] get_signal+0x24ed/0x26c0 [ 413.006730][T14930] arch_do_signal_or_restart+0x90/0x7e0 [ 413.008252][T14930] syscall_exit_to_user_mode+0x150/0x2a0 [ 413.009846][T14930] __do_fast_syscall_32+0x80/0x120 [ 413.011277][T14930] do_fast_syscall_32+0x32/0x80 [ 413.012624][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 413.014328][T14930] Modules linked in: [ 413.015389][T14930] CPU: 2 UID: 0 PID: 14930 Comm: syz.2.3009 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 413.015403][T14930] Tainted: [B]=BAD_PAGE [ 413.015407][T14930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 413.015412][T14930] Call Trace: [ 413.015416][T14930] [ 413.015419][T14930] dump_stack_lvl+0x16c/0x1f0 [ 413.015434][T14930] bad_page+0xb3/0x1f0 [ 413.015443][T14930] ? __pfx_bad_page+0x10/0x10 [ 413.015453][T14930] ? page_bad_reason+0x9d/0x1e0 [ 413.015463][T14930] free_frozen_pages+0x701/0xfb0 [ 413.015477][T14930] page_frag_free+0x255/0x2a0 [ 413.015486][T14930] __xdp_return+0x363/0xac0 [ 413.015501][T14930] ? kmem_cache_free+0x2e2/0x4d0 [ 413.015514][T14930] bpf_xdp_adjust_tail+0x9de/0xf70 [ 413.015532][T14930] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 413.015540][T14930] bpf_prog_run_generic_xdp+0x623/0x1500 [ 413.015555][T14930] do_xdp_generic+0x70a/0xe70 [ 413.015566][T14930] ? __pfx_do_xdp_generic+0x10/0x10 [ 413.015579][T14930] ? tun_get_user+0x1d55/0x3e50 [ 413.015595][T14930] tun_get_user+0x1e04/0x3e50 [ 413.015610][T14930] ? __pfx___futex_wait+0x10/0x10 [ 413.015624][T14930] ? __pfx_tun_get_user+0x10/0x10 [ 413.015637][T14930] ? find_held_lock+0x2d/0x110 [ 413.015649][T14930] ? __pfx_lock_release+0x10/0x10 [ 413.015665][T14930] tun_chr_write_iter+0xdc/0x210 [ 413.015678][T14930] vfs_write+0x5ae/0x1150 [ 413.015692][T14930] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 413.015706][T14930] ? __pfx_lock_release+0x10/0x10 [ 413.015719][T14930] ? __pfx_vfs_write+0x10/0x10 [ 413.015731][T14930] ? lock_acquire+0x2f/0xb0 [ 413.015744][T14930] ? __fget_files+0x40/0x3b0 [ 413.015760][T14930] ksys_write+0x12b/0x250 [ 413.015772][T14930] ? __pfx_ksys_write+0x10/0x10 [ 413.015786][T14930] __do_fast_syscall_32+0x73/0x120 [ 413.015799][T14930] do_fast_syscall_32+0x32/0x80 [ 413.015812][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 413.015831][T14930] RIP: 0023:0xf7f5f579 [ 413.015838][T14930] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 413.015848][T14930] RSP: 002b:00000000f5086520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 413.015857][T14930] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 413.015863][T14930] RDX: 000000000000fdef RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 413.015868][T14930] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 413.015874][T14930] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 413.015879][T14930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 413.015887][T14930] [ 413.015893][T14930] BUG: Bad page state in process syz.2.3009 pfn:69f09 [ 413.088351][T14930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x69f09 [ 413.090698][T14930] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 413.092638][T14930] raw: 04fff00000000000 dead000000000040 ffff88801f1e5000 0000000000000000 [ 413.094920][T14930] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 413.097215][T14930] page dumped because: page_pool leak [ 413.098709][T14930] page_owner tracks the page as allocated [ 413.100246][T14930] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 14930, tgid 14929 (syz.2.3009), ts 411846457272, free_ts 409012490841 [ 413.104939][T14930] post_alloc_hook+0x181/0x1b0 [ 413.106248][T14930] get_page_from_freelist+0xfce/0x2f80 [ 413.107759][T14930] __alloc_frozen_pages_noprof+0x221/0x2470 [ 413.109417][T14930] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 413.110923][T14930] __page_pool_alloc_pages_slow+0x18c/0x770 [ 413.112550][T14930] page_pool_alloc_netmems+0xc4/0x160 [ 413.114073][T14930] skb_pp_cow_data+0x776/0xf10 [ 413.115429][T14930] skb_cow_data_for_xdp+0x88/0xb0 [ 413.116911][T14930] do_xdp_generic+0x3f1/0xe70 [ 413.118204][T14930] tun_get_user+0x1e04/0x3e50 [ 413.118661][ T6027] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 413.119575][T14930] tun_chr_write_iter+0xdc/0x210 [ 413.123498][T14930] vfs_write+0x5ae/0x1150 [ 413.124704][T14930] ksys_write+0x12b/0x250 [ 413.125915][T14930] __do_fast_syscall_32+0x73/0x120 [ 413.127320][T14930] do_fast_syscall_32+0x32/0x80 [ 413.128755][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 413.130481][T14930] page last free pid 14810 tgid 14809 stack trace: [ 413.132247][T14930] free_frozen_pages+0x6db/0xfb0 [ 413.133634][T14930] mon_bin_release+0x15a/0x240 [ 413.135007][T14930] __fput+0x3ff/0xb70 [ 413.136129][T14930] task_work_run+0x14e/0x250 [ 413.137437][T14930] do_exit+0xad8/0x2dc0 [ 413.138745][T14930] do_group_exit+0xd3/0x2a0 [ 413.140033][T14930] get_signal+0x24ed/0x26c0 [ 413.141286][T14930] arch_do_signal_or_restart+0x90/0x7e0 [ 413.142800][T14930] syscall_exit_to_user_mode+0x150/0x2a0 [ 413.144356][T14930] __do_fast_syscall_32+0x80/0x120 [ 413.145756][T14930] do_fast_syscall_32+0x32/0x80 [ 413.147125][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 413.148858][T14930] Modules linked in: [ 413.149969][T14930] CPU: 2 UID: 0 PID: 14930 Comm: syz.2.3009 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 413.149984][T14930] Tainted: [B]=BAD_PAGE [ 413.149987][T14930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 413.149993][T14930] Call Trace: [ 413.149996][T14930] [ 413.150000][T14930] dump_stack_lvl+0x16c/0x1f0 [ 413.150013][T14930] bad_page+0xb3/0x1f0 [ 413.150023][T14930] ? __pfx_bad_page+0x10/0x10 [ 413.150032][T14930] ? page_bad_reason+0x9d/0x1e0 [ 413.150042][T14930] free_frozen_pages+0x701/0xfb0 [ 413.150056][T14930] page_frag_free+0x255/0x2a0 [ 413.150065][T14930] __xdp_return+0x363/0xac0 [ 413.150079][T14930] ? kmem_cache_free+0x2e2/0x4d0 [ 413.150093][T14930] bpf_xdp_adjust_tail+0x9de/0xf70 [ 413.150110][T14930] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 413.150118][T14930] bpf_prog_run_generic_xdp+0x623/0x1500 [ 413.150132][T14930] do_xdp_generic+0x70a/0xe70 [ 413.150143][T14930] ? __pfx_do_xdp_generic+0x10/0x10 [ 413.150157][T14930] ? tun_get_user+0x1d55/0x3e50 [ 413.150172][T14930] tun_get_user+0x1e04/0x3e50 [ 413.150186][T14930] ? __pfx___futex_wait+0x10/0x10 [ 413.150201][T14930] ? __pfx_tun_get_user+0x10/0x10 [ 413.150214][T14930] ? find_held_lock+0x2d/0x110 [ 413.150226][T14930] ? __pfx_lock_release+0x10/0x10 [ 413.150241][T14930] tun_chr_write_iter+0xdc/0x210 [ 413.150255][T14930] vfs_write+0x5ae/0x1150 [ 413.150269][T14930] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 413.150282][T14930] ? __pfx_lock_release+0x10/0x10 [ 413.150295][T14930] ? __pfx_vfs_write+0x10/0x10 [ 413.150307][T14930] ? lock_acquire+0x2f/0xb0 [ 413.150319][T14930] ? __fget_files+0x40/0x3b0 [ 413.150335][T14930] ksys_write+0x12b/0x250 [ 413.150347][T14930] ? __pfx_ksys_write+0x10/0x10 [ 413.150361][T14930] __do_fast_syscall_32+0x73/0x120 [ 413.150374][T14930] do_fast_syscall_32+0x32/0x80 [ 413.150387][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 413.150402][T14930] RIP: 0023:0xf7f5f579 [ 413.150409][T14930] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 413.150419][T14930] RSP: 002b:00000000f5086520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 413.150429][T14930] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 413.150435][T14930] RDX: 000000000000fdef RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 413.150441][T14930] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 413.150446][T14930] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 413.150452][T14930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 413.150460][T14930] [ 413.150466][T14930] BUG: Bad page state in process syz.2.3009 pfn:6d7d2 [ 413.224042][T14930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6d7d2 [ 413.226409][T14930] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 413.228398][T14930] raw: 04fff00000000000 dead000000000040 ffff88801f1e5000 0000000000000000 [ 413.230701][T14930] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 413.233077][T14930] page dumped because: page_pool leak [ 413.234554][T14930] page_owner tracks the page as allocated [ 413.236135][T14930] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 14930, tgid 14929 (syz.2.3009), ts 411846422595, free_ts 409012495034 [ 413.240794][T14930] post_alloc_hook+0x181/0x1b0 [ 413.242155][T14930] get_page_from_freelist+0xfce/0x2f80 [ 413.243659][T14930] __alloc_frozen_pages_noprof+0x221/0x2470 [ 413.245285][T14930] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 413.246834][T14930] __page_pool_alloc_pages_slow+0x18c/0x770 [ 413.248451][T14930] page_pool_alloc_netmems+0xc4/0x160 [ 413.249959][T14930] skb_pp_cow_data+0x776/0xf10 [ 413.251297][T14930] skb_cow_data_for_xdp+0x88/0xb0 [ 413.252665][T14930] do_xdp_generic+0x3f1/0xe70 [ 413.253941][T14930] tun_get_user+0x1e04/0x3e50 [ 413.255237][T14930] tun_chr_write_iter+0xdc/0x210 [ 413.256583][T14930] vfs_write+0x5ae/0x1150 [ 413.257804][T14930] ksys_write+0x12b/0x250 [ 413.259052][T14930] __do_fast_syscall_32+0x73/0x120 [ 413.260493][T14930] do_fast_syscall_32+0x32/0x80 [ 413.261851][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 413.263592][T14930] page last free pid 14810 tgid 14809 stack trace: [ 413.265363][T14930] free_frozen_pages+0x6db/0xfb0 [ 413.266745][T14930] mon_bin_release+0x15a/0x240 [ 413.268077][T14930] __fput+0x3ff/0xb70 [ 413.268619][ T6027] usb 5-1: Using ep0 maxpacket: 16 [ 413.269172][T14930] task_work_run+0x14e/0x250 [ 413.272298][T14930] do_exit+0xad8/0x2dc0 [ 413.272382][ T6027] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 413.273445][T14930] do_group_exit+0xd3/0x2a0 [ 413.276427][ T6027] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 413.277708][T14930] get_signal+0x24ed/0x26c0 [ 413.281391][ T6027] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 413.282004][T14930] arch_do_signal_or_restart+0x90/0x7e0 [ 413.285890][T14930] syscall_exit_to_user_mode+0x150/0x2a0 [ 413.285899][ T6027] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 413.287435][T14930] __do_fast_syscall_32+0x80/0x120 [ 413.290004][ T6027] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.291252][T14930] do_fast_syscall_32+0x32/0x80 [ 413.293375][ T6027] usb 5-1: Product: syz [ 413.294667][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 413.295801][ T6027] usb 5-1: Manufacturer: syz [ 413.297516][T14930] Modules linked in: [ 413.298990][ T6027] usb 5-1: SerialNumber: syz [ 413.299930][T14930] CPU: 2 UID: 0 PID: 14930 Comm: syz.2.3009 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 413.299954][T14930] Tainted: [B]=BAD_PAGE [ 413.299959][T14930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 413.299965][T14930] Call Trace: [ 413.299969][T14930] [ 413.299972][T14930] dump_stack_lvl+0x16c/0x1f0 [ 413.299987][T14930] bad_page+0xb3/0x1f0 [ 413.299997][T14930] ? __pfx_bad_page+0x10/0x10 [ 413.300007][T14930] ? page_bad_reason+0x9d/0x1e0 [ 413.300016][T14930] free_frozen_pages+0x701/0xfb0 [ 413.300031][T14930] page_frag_free+0x255/0x2a0 [ 413.300040][T14930] __xdp_return+0x363/0xac0 [ 413.300055][T14930] ? kmem_cache_free+0x2e2/0x4d0 [ 413.300069][T14930] bpf_xdp_adjust_tail+0x9de/0xf70 [ 413.300087][T14930] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 413.300094][T14930] bpf_prog_run_generic_xdp+0x623/0x1500 [ 413.300108][T14930] do_xdp_generic+0x70a/0xe70 [ 413.300119][T14930] ? __pfx_do_xdp_generic+0x10/0x10 [ 413.300133][T14930] ? tun_get_user+0x1d55/0x3e50 [ 413.300148][T14930] tun_get_user+0x1e04/0x3e50 [ 413.300163][T14930] ? __pfx___futex_wait+0x10/0x10 [ 413.300178][T14930] ? __pfx_tun_get_user+0x10/0x10 [ 413.300191][T14930] ? find_held_lock+0x2d/0x110 [ 413.300203][T14930] ? __pfx_lock_release+0x10/0x10 [ 413.300219][T14930] tun_chr_write_iter+0xdc/0x210 [ 413.300234][T14930] vfs_write+0x5ae/0x1150 [ 413.300247][T14930] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 413.300261][T14930] ? __pfx_lock_release+0x10/0x10 [ 413.300273][T14930] ? __pfx_vfs_write+0x10/0x10 [ 413.300286][T14930] ? lock_acquire+0x2f/0xb0 [ 413.300298][T14930] ? __fget_files+0x40/0x3b0 [ 413.300314][T14930] ksys_write+0x12b/0x250 [ 413.300326][T14930] ? __pfx_ksys_write+0x10/0x10 [ 413.300340][T14930] __do_fast_syscall_32+0x73/0x120 [ 413.300354][T14930] do_fast_syscall_32+0x32/0x80 [ 413.300367][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 413.300383][T14930] RIP: 0023:0xf7f5f579 [ 413.300390][T14930] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 413.300400][T14930] RSP: 002b:00000000f5086520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 413.300409][T14930] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 413.300415][T14930] RDX: 000000000000fdef RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 413.300421][T14930] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 413.300426][T14930] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 413.300432][T14930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 413.300440][T14930] [ 413.300454][T14930] BUG: Bad page state in process syz.2.3009 pfn:6c46c [ 413.373928][T14930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806c46c080 pfn:0x6c46c [ 413.376583][T14930] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 413.378554][T14930] raw: 04fff00000000000 dead000000000040 ffff88801f1e5000 0000000000000000 [ 413.380825][T14930] raw: ffff88806c46c080 0000000000000001 00000000ffffffff 0000000000000000 [ 413.383145][T14930] page dumped because: page_pool leak [ 413.384573][T14930] page_owner tracks the page as allocated [ 413.386128][T14930] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 14930, tgid 14929 (syz.2.3009), ts 411846418189, free_ts 409012499043 [ 413.390728][T14930] post_alloc_hook+0x181/0x1b0 [ 413.392044][T14930] get_page_from_freelist+0xfce/0x2f80 [ 413.393564][T14930] __alloc_frozen_pages_noprof+0x221/0x2470 [ 413.395197][T14930] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 413.396795][T14930] __page_pool_alloc_pages_slow+0x18c/0x770 [ 413.398453][T14930] page_pool_alloc_netmems+0xc4/0x160 [ 413.399974][T14930] skb_pp_cow_data+0x776/0xf10 [ 413.401263][T14930] skb_cow_data_for_xdp+0x88/0xb0 [ 413.402633][T14930] do_xdp_generic+0x3f1/0xe70 [ 413.403931][T14930] tun_get_user+0x1e04/0x3e50 [ 413.405193][T14930] tun_chr_write_iter+0xdc/0x210 [ 413.406557][T14930] vfs_write+0x5ae/0x1150 [ 413.407768][T14930] ksys_write+0x12b/0x250 [ 413.409019][T14930] __do_fast_syscall_32+0x73/0x120 [ 413.410409][T14930] do_fast_syscall_32+0x32/0x80 [ 413.411729][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 413.413435][T14930] page last free pid 14810 tgid 14809 stack trace: [ 413.415173][T14930] free_frozen_pages+0x6db/0xfb0 [ 413.416529][T14930] mon_bin_release+0x15a/0x240 [ 413.417858][T14930] __fput+0x3ff/0xb70 [ 413.419018][T14930] task_work_run+0x14e/0x250 [ 413.420317][T14930] do_exit+0xad8/0x2dc0 [ 413.421480][T14930] do_group_exit+0xd3/0x2a0 [ 413.422716][T14930] get_signal+0x24ed/0x26c0 [ 413.423974][T14930] arch_do_signal_or_restart+0x90/0x7e0 [ 413.425487][T14930] syscall_exit_to_user_mode+0x150/0x2a0 [ 413.427036][T14930] __do_fast_syscall_32+0x80/0x120 [ 413.428457][T14930] do_fast_syscall_32+0x32/0x80 [ 413.429855][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 413.431553][T14930] Modules linked in: [ 413.432657][T14930] CPU: 2 UID: 0 PID: 14930 Comm: syz.2.3009 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 413.432671][T14930] Tainted: [B]=BAD_PAGE [ 413.432674][T14930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 413.432681][T14930] Call Trace: [ 413.432684][T14930] [ 413.432688][T14930] dump_stack_lvl+0x16c/0x1f0 [ 413.432702][T14930] bad_page+0xb3/0x1f0 [ 413.432712][T14930] ? __pfx_bad_page+0x10/0x10 [ 413.432721][T14930] ? page_bad_reason+0x9d/0x1e0 [ 413.432731][T14930] free_frozen_pages+0x701/0xfb0 [ 413.432745][T14930] page_frag_free+0x255/0x2a0 [ 413.432754][T14930] __xdp_return+0x363/0xac0 [ 413.432768][T14930] ? kmem_cache_free+0x2e2/0x4d0 [ 413.432782][T14930] bpf_xdp_adjust_tail+0x9de/0xf70 [ 413.432799][T14930] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 413.432807][T14930] bpf_prog_run_generic_xdp+0x623/0x1500 [ 413.432825][T14930] do_xdp_generic+0x70a/0xe70 [ 413.432837][T14930] ? __pfx_do_xdp_generic+0x10/0x10 [ 413.432851][T14930] ? tun_get_user+0x1d55/0x3e50 [ 413.432866][T14930] tun_get_user+0x1e04/0x3e50 [ 413.432881][T14930] ? __pfx___futex_wait+0x10/0x10 [ 413.432895][T14930] ? __pfx_tun_get_user+0x10/0x10 [ 413.432908][T14930] ? find_held_lock+0x2d/0x110 [ 413.432926][T14930] ? __pfx_lock_release+0x10/0x10 [ 413.432949][T14930] tun_chr_write_iter+0xdc/0x210 [ 413.432965][T14930] vfs_write+0x5ae/0x1150 [ 413.432978][T14930] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 413.432992][T14930] ? __pfx_lock_release+0x10/0x10 [ 413.433005][T14930] ? __pfx_vfs_write+0x10/0x10 [ 413.433018][T14930] ? lock_acquire+0x2f/0xb0 [ 413.433030][T14930] ? __fget_files+0x40/0x3b0 [ 413.433046][T14930] ksys_write+0x12b/0x250 [ 413.433058][T14930] ? __pfx_ksys_write+0x10/0x10 [ 413.433072][T14930] __do_fast_syscall_32+0x73/0x120 [ 413.433085][T14930] do_fast_syscall_32+0x32/0x80 [ 413.433098][T14930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 413.433114][T14930] RIP: 0023:0xf7f5f579 [ 413.433122][T14930] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 413.433131][T14930] RSP: 002b:00000000f5086520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 413.433141][T14930] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 413.433147][T14930] RDX: 000000000000fdef RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 413.433152][T14930] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 413.433158][T14930] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 413.433163][T14930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 413.433171][T14930] [ 413.571458][ T6027] usb 5-1: 0:2 : does not exist [ 413.580641][ T6027] usb 5-1: USB disconnect, device number 28 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 413.821635][ T103] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.972882][ T103] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.060925][ T103] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.112429][ T103] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.171835][ T103] bridge_slave_1: left allmulticast mode [ 414.173770][ T103] bridge_slave_1: left promiscuous mode [ 414.175733][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.179226][ T103] bridge_slave_0: left allmulticast mode [ 414.181133][ T103] bridge_slave_0: left promiscuous mode [ 414.183048][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.287042][ T103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 414.290994][ T103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 414.294758][ T103] bond0 (unregistering): Released all slaves [ 414.551763][ T103] hsr_slave_0: left promiscuous mode [ 414.553441][ T103] hsr_slave_1: left promiscuous mode [ 414.555024][ T103] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.557014][ T103] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.559280][ T103] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 414.561220][ T103] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.564171][ T103] veth1_macvtap: left promiscuous mode [ 414.565624][ T103] veth0_macvtap: left promiscuous mode [ 414.567126][ T103] veth1_vlan: left promiscuous mode [ 414.568581][ T103] veth0_vlan: left promiscuous mode [ 414.708580][ T103] team0 (unregistering): Port device team_slave_1 removed [ 414.749846][ T103] team0 (unregistering): Port device team_slave_0 removed [ 415.314096][ T103] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.391480][ T103] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.432143][ T103] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.471234][ T103] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.528188][ T103] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.591142][ T103] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.630927][ T103] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.720711][ T103] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.778674][ T103] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.861261][ T103] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.920943][ T103] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.961005][ T103] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.007847][ T103] bridge_slave_1: left allmulticast mode [ 416.009439][ T103] bridge_slave_1: left promiscuous mode [ 416.010982][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.013539][ T103] bridge_slave_0: left allmulticast mode [ 416.015008][ T103] bridge_slave_0: left promiscuous mode [ 416.016587][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.019627][ T103] bridge_slave_1: left allmulticast mode [ 416.021137][ T103] bridge_slave_1: left promiscuous mode [ 416.022604][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.025160][ T103] bridge_slave_0: left allmulticast mode [ 416.026626][ T103] bridge_slave_0: left promiscuous mode [ 416.028178][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.031357][ T103] bridge_slave_1: left allmulticast mode [ 416.032863][ T103] bridge_slave_1: left promiscuous mode [ 416.034385][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.036872][ T103] bridge_slave_0: left allmulticast mode [ 416.038336][ T103] bridge_slave_0: left promiscuous mode [ 416.040371][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.502280][ T103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 416.507343][ T103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 416.510959][ T103] bond0 (unregistering): Released all slaves [ 416.515775][ T103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 416.518903][ T103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 416.521652][ T103] bond0 (unregistering): Released all slaves [ 416.526571][ T103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 416.529732][ T103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 416.532418][ T103] bond0 (unregistering): Released all slaves [ 417.032516][ T103] hsr_slave_0: left promiscuous mode [ 417.034321][ T103] hsr_slave_1: left promiscuous mode [ 417.036024][ T103] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 417.038003][ T103] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 417.040680][ T103] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 417.043464][ T103] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 417.047486][ T103] hsr_slave_0: left promiscuous mode [ 417.049278][ T103] hsr_slave_1: left promiscuous mode [ 417.051488][ T103] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 417.053700][ T103] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 417.056086][ T103] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 417.058204][ T103] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 417.063745][ T103] hsr_slave_0: left promiscuous mode [ 417.066192][ T103] hsr_slave_1: left promiscuous mode [ 417.068470][ T103] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 417.071015][ T103] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 417.073366][ T103] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 417.075415][ T103] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 417.080384][ T103] veth1_macvtap: left promiscuous mode [ 417.081920][ T103] veth0_macvtap: left promiscuous mode [ 417.083367][ T103] veth1_vlan: left promiscuous mode [ 417.084771][ T103] veth0_vlan: left promiscuous mode [ 417.086679][ T103] veth1_macvtap: left allmulticast mode [ 417.088178][ T103] veth1_macvtap: left promiscuous mode [ 417.089674][ T103] veth0_macvtap: left promiscuous mode [ 417.091118][ T103] veth1_vlan: left promiscuous mode [ 417.092490][ T103] veth0_vlan: left promiscuous mode [ 417.094340][ T103] veth1_macvtap: left promiscuous mode [ 417.096249][ T103] veth0_macvtap: left promiscuous mode [ 417.097752][ T103] veth1_vlan: left promiscuous mode [ 417.099239][ T103] veth0_vlan: left promiscuous mode [ 417.298400][ T103] team0 (unregistering): Port device team_slave_1 removed [ 417.346730][ T103] team0 (unregistering): Port device team_slave_0 removed [ 417.638305][ T103] team0 (unregistering): Port device team_slave_1 removed [ 417.681296][ T103] team0 (unregistering): Port device team_slave_0 removed [ 417.902591][ T103] team0 (unregistering): Port device team_slave_1 removed [ 417.944192][ T103] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 06:46:19 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000046 RBX=1ffff92000d34ef3 RCX=00000000dd5321ae RDX=0000000000000001 RSI=ffffffff8b6d0040 RDI=ffffffff8bd346a0 RBP=0000000000000200 RSP=ffffc900069a7790 R8 =0000000000000000 R9 =fffffbfff2dd8198 R10=ffffffff96ec0cc7 R11=0000000000000003 R12=0000000000000000 R13=ffffffff8e1bd0c0 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8196cd45 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b400000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000576dc404 CR3=0000000049f16000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=ffff88802b43ed40 RBX=ffffffff9062a814 RCX=ffffffff8b568bb8 RDX=1ffff110056a7f6b RSI=ffffffff8bd34620 RDI=ffff88802b43ed58 RBP=ffffc90003f7f6d8 RSP=ffffc90003f7f540 R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff90627517 R11=0000000000000005 R12=ffff888025942440 R13=ffff88802b53f850 R14=0000000000000000 R15=ffff88802b53ed40 RIP=ffffffff8b568cb5 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f355c0 CR3=000000004fb6c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000067 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff853e6e95 RDI=ffffffff9ab70da0 RBP=ffffffff9ab70d60 RSP=ffffc90007f4efb0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000005 R12=0000000000000000 R13=0000000000000067 R14=ffffffff9ab70d60 R15=0000000000000000 RIP=ffffffff853e6ebf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080010000 CR3=00000000685e0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000080000001 RBX=800000007775f025 RCX=ffffffff8202f73b RDX=ffff888065ffc880 RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000000 RSP=ffffc90007eaf078 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000003 R12=1ffff92000fd5e10 R13=ffff888049e22ba0 R14=000000000d189000 R15=0000000000000000 RIP=ffffffff81b9f0cc RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000566824c0 CR3=0000000059466000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000