last executing test programs: 325.627429ms ago: executing program 2 (id=3): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x4, 0x0, &(0x7f0000000000)="5ae02efc", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) r2 = socket(0x2, 0x2, 0x1) bind$unix(r2, &(0x7f0000000000)=@abs, 0x6e) r3 = socket(0x2, 0x2, 0x1) bind$unix(r3, &(0x7f0000000000)=@abs, 0x6e) (async) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00') preadv(r4, &(0x7f0000000780)=[{&(0x7f0000000880)=""/192, 0xc0}], 0x1, 0xc0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00005d4000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000040)="0f01c40fc7ba57000fc79fbc153ea0fe900f350f22a2baf80c66b89c10a18d66efbafc0ced0f323e660fd530f30f1efb", 0x30}], 0x1, 0x0, 0x0, 0x0) preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 156.466365ms ago: executing program 2 (id=5): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$bt_BT_SECURITY(r0, 0x29, 0x33, 0x0, 0x20000011) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xa, 0x810, r0, 0xe9c86000) syz_emit_ethernet(0x3b6, &(0x7f00000003c0)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x380, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000050000000026000400"}, {0x18, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x18, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "ffffffffffff00000000000200000000000000000000000000008879e66485201a0015ca837400"/55}, {0x0, 0x14, "5e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c"}, {0x3, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0) 156.071634ms ago: executing program 2 (id=6): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000002c0), 0x2200800, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = open(&(0x7f0000000000)='./bus\x00', 0x105c42, 0x5) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) mount$9p_fd(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x200d2, 0x0) write$binfmt_script(r0, 0x0, 0xffffff3c) 106.274019ms ago: executing program 1 (id=2): r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000080)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r1, 0xc01c64a3, &(0x7f0000000280)={0x1, r3, 0x0, 0x8, 0x7ff, 0xa, 0x1}) bind$alg(r0, &(0x7f0000001580)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef91", 0x12) syz_emit_ethernet(0x5f, &(0x7f0000000040)=ANY=[@ANYBLOB="bb3bbbbbbbbbffffffffffff00114242032e"], 0x0) r4 = accept4(r0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r7, r8, 0x5, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r7}, &(0x7f00000006c0), &(0x7f0000000700)=r6}, 0x20) sendmsg$inet(r5, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000280)="47c142fedf05c5d0", 0x8}], 0x1}, 0x3) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0b080d04"], 0xd) recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/128, 0x80}, {&(0x7f0000000180)=""/171, 0xab}, {&(0x7f00000002c0)=""/118, 0x76}], 0x3}, 0x7}, {{&(0x7f00000003c0)=@l2tp6={0xa, 0x0, 0x0, @initdev}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000440)=""/174, 0xae}, {&(0x7f0000000500)=""/174, 0xae}], 0x2, &(0x7f00000005c0)=""/10, 0xa}, 0x9}, {{&(0x7f0000000600)=@l2tp6={0xa, 0x0, 0x0, @empty}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000680)=""/1, 0x1}, {&(0x7f00000006c0)=""/245, 0xf5}, {&(0x7f00000007c0)=""/125, 0x7d}, {&(0x7f0000000840)=""/32, 0x20}], 0x4, &(0x7f0000002600)=""/4096, 0x1000}, 0x1}, {{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f00000008c0)=""/186, 0xba}, {&(0x7f0000000980)=""/190, 0xbe}], 0x2, &(0x7f0000000a80)=""/4, 0x4}, 0xfffffffd}, {{&(0x7f0000000ac0)=@ieee802154, 0x80, &(0x7f0000000bc0)=[{&(0x7f0000000b40)=""/2, 0x2}, {&(0x7f0000000b80)=""/7, 0x7}], 0x2, &(0x7f0000000c00)=""/213, 0xd5}, 0x2}, {{0x0, 0x0, &(0x7f0000001040)=[{&(0x7f0000000d00)=""/70, 0x46}, {&(0x7f0000000d80)=""/35, 0x23}, {&(0x7f0000000dc0)=""/78, 0x4e}, {&(0x7f0000000e40)=""/207, 0xcf}, {&(0x7f0000000f40)=""/4, 0x4}, {&(0x7f0000000f80)=""/130, 0x82}], 0x6, &(0x7f0000003600)=""/4096, 0x1000}, 0x3}, {{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f00000010c0)=""/173, 0xad}, {&(0x7f0000001180)=""/191, 0xbf}, {&(0x7f0000001240)=""/49, 0x31}, {&(0x7f0000001280)=""/242, 0xf2}], 0x4, &(0x7f00000013c0)=""/211, 0xd3}, 0x1000}, {{0x0, 0x0, &(0x7f00000049c0)=[{&(0x7f00000014c0)=""/159, 0x9f}, {&(0x7f0000004600)=""/118, 0x76}, {&(0x7f0000004680)=""/69, 0x45}, {&(0x7f0000004700)=""/37, 0x25}, {&(0x7f0000004740)=""/96, 0x60}, {&(0x7f00000047c0)=""/117, 0x75}, {&(0x7f0000004840)=""/147, 0x93}, {&(0x7f0000004900)=""/104, 0x68}, {&(0x7f0000004980)=""/62, 0x3e}], 0x9}, 0x3}, {{&(0x7f0000004a80)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x80, &(0x7f0000004e80)=[{&(0x7f0000004b00)=""/112, 0x70}, {&(0x7f0000004b80)=""/99, 0x63}, {&(0x7f0000004c00)=""/244, 0xf4}, {&(0x7f0000004d00)=""/96, 0x60}, {&(0x7f0000004d80)=""/230, 0xe6}], 0x5}, 0x800}, {{&(0x7f0000004f00)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000005040)=[{&(0x7f0000004f80)=""/148, 0x94}, {&(0x7f0000005b40)=""/4096, 0x1000}], 0x2, &(0x7f0000005080)=""/145, 0x91}, 0x9}], 0xa, 0x200, &(0x7f00000053c0)={0x77359400}) socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) recvmmsg(r4, &(0x7f0000005b00)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) 4.79672ms ago: executing program 2 (id=7): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SDTEFACILITIES(r0, 0x541b, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/vmallocinfo\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r7, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x4}], 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r7, 0x84, 0x15, &(0x7f0000000080)={0xa}, 0x1) sendto$inet6(r7, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x404000c) sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x2c, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_USE_RRM={0x4}]}, 0x2c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000340)={'wlan0\x00', 0x0}) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_SET_XSAVE(r11, 0x5000aea5, 0x0) sendmsg$NL80211_CMD_LEAVE_MESH(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000400)={0x28, r5, 0x200, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x3, 0x49}}}}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4011) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) mknod$loop(&(0x7f0000000280)='./file0\x00', 0x2000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$BLKRRPART(r2, 0x125f, 0x0) 2.394467ms ago: executing program 1 (id=8): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r2 = syz_open_dev$radio(&(0x7f0000000980), 0x0, 0x2) ioctl$VIDIOC_G_FREQUENCY(r2, 0xc02c5638, &(0x7f00000009c0)) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmsg$unix(r4, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r6 = userfaultfd(0x801) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x7cfb331d4715e819}) (async) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x7cfb331d4715e819}) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) socket$igmp6(0xa, 0x3, 0x2) (async) r7 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) (async) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa2c"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000440)=ANY=[@ANYBLOB="b702000001040000bfa30000000000000703000000feffff7a0af0fff8bffffd79a4f0ff00000000b7060000ffffffff2d640500000000006502040001001f000404000001007d60b7030000000000006a0a00fefdff00008500000026000000b7000000000000009500000000000000c743a0c8e3ebbadc20e5a7efcc9ac1467fb2ea80dbcf8df265e1b40e4c8afd5c0c000000008da68076774bbcdb2c769937000090af27db5b56024db96bcbbbd2cb2000ce03000000000000007e357754508535766c80114604a86fe569b05614eab9297eb290a248a120c9c6e39f403ff065fd3052aae80675eeba68562eaeaea5fecf298ca20f274233106eab63ecf772de7b265040b6c50b7420b48a93fe94c756108afcd0b2eb78040000005f02a5a6474ae549070004000000001294fba0ed5020e6474ac921fee1f6d8ad6a80d0947cd6d4a561ced21a0b4a902be6af7ec2d1ba002e57f301000000000000000000000000100000aaf25343063e6581f9e6de14ad72e5ad84309f47f96a576cd20cef7ed951a73ea73d7c7f14e306f1f1d1377e57bbb19700f0077e9d0000b93eb0f2c6f8141e350dc68147e5958128d22d58625cf9dba211bfff9c3709c9b134625d3d2369f516a49eeeb1a662c8dfb875bdf5c6ba73cccdfacb202994c40d322717faff03323dce8a34ee0ca2cf61efb4b30000642735d6d482ba98d252f36c54333a8b1aa736369392b9067665339820f5f1557b0bf7cc06a5a13c714e0b1a1f000000ff3283076cda3d0b1a2905cfc3d04f1db264b530abcbe44bc405f600807970727fb819afa1907228fa9e83433eedb4ac88d0285594ffb0d14c09d5c77f33702822b02488ea570204c8441ced81cacf945dcb2486d65ceec8bcaffbe800a041a378b40dc9e3600e916ae6307bd8325a442095bc9a8b0c95905979f34adddbb26f0d24425c8ab9d937d84b521914f92eed3d3e9de82942a952e86b567aff5bc2e3c1fcc00f618363df5d0d181ee8f4b8fd356c9eb365adc037e443820c05c5db16ff07a9cf471e2ebf91ab00a05f88c1cd55f8c81f5eb1f8d615ca27efb2193bb61665a1ce37f30c2efc9c3b5a4a5d95479fac471ba60fbd0e50225563cd37343d09da72472efc2b2877fbab12a891513e5f0763ae06c0610a2869747c143d7500760600f3ffb2310e19ac58bf29d7f178d09a9f634a3ae492f54649589e3692768a0f3a08ff275df45508ad85950d8e08465fa1067ea8f383b3e7a7ddf5977d46f4bc38f914b4a496426d8468f9ba618b6b2218b50c8fc9efbce3ba799cf70de7e13be871aa7eb402e2b11f440361e18d4e334bfc6ae54e62e67a03b4c756c544189e4519a029674e2a2bbbc7f6600000000000800000e5e30b70b1eb176d3a62660600000030a0af132e680510811d3ab71af5d98e2d3d928a749e8b9402d14655612bd58fb40b4625cb69bf6cea97b447f2d970d99100000000086000001b881afb2cc500003a73562af4878f75b4f9540057b8a3fff2bc02c5941626d2015f414546e87835ba18e9101734a9e9c6955fc6b9a25fe2a3dd8bab7f21beccba5493a164c663eceed401737c12c65804712236a9a29a43b1e27e9b6816f2328ea8423121f12b7b35aa721fef26934ccafde573bee5c33ef15309f43cbd5d61aa679a9c402d337ebf57a5eacb569401c1df7b9c45b09743c61d1db37f0000000000020000000061d7d6818db785d8ba13dc577fe61a68eb365de5661f43d4c789bb117a3d208ae44a381b718b3157e218959156ff8e92b7e92bc275d2c9114547351a0d0f2a70d13be0194b6cb68b03000000000000004f153bbc7f52861e4e5df0d19e4e40ac44cfda6f87807e5b5ed7072c04da88afd3d4b79f060e004a0e2f00b9e726ac75d2ac0691314c627e9a8a07bdd607919fd48f01ad6d2f7621d9a75b134f1bc25ed7c33d411a5baa4daa3add16afc502b2b7629541d722e91d631e5ffb9d4beb5aa5a2c4e490a5bd5cf4538ba310b8cbc221af38ea842d4cb908bcd574f794459fd54b58c6a791e6df620047bade4ba41ee0141843958479544619f749ff70088b0fd115077f7eff7c5a3315ca604d110df1c54407f191a78d8362e4dc6e1138391c2af2b96779bb76c9f1daea4f085f38810edef6dd047937c231cba791a4e7713c5b3b0a0b6ba37db5016e02d114d714459d065a79609fea4efebad04edac11aac0e53dd094827453144fa419ee81823d00a90a9058ba740d2f41253a8d01a8c1a7265a084e30ad10d412aee8170a7111d62473e7bd8f3d64fb7ebdd32aada331900000000000000000000000084ef49dd02000000bf48ea48e0e1f463d9dcb285038ec38d5f4969ed0e98a71ac7bf8159a234833a5241722b2d24aa2fa4965d4eb7966fb27d118b6ef3308627e67d42f1041d5e92da28e0a7724ce715854775cbe06c5166f1dac0745f1373156a536cb6394c2c4473e2050cacf693fdf8e305080000001a901ecd90a5f53b8327a485557bc2a147b036477915e600000000034258ebbb6099b597d17ee2fc97ca850b8580b1337016a40566814594c13052b9d2b0741326825f19a24460e545c71e1940c998f39ac04a0c29691a7c8f7a78c1a7590a293c561f304533c638ae635f5ce026f7fa034d8cfe0e11831d4829692beab26891ef583cfcb713a4d3a2d8b958c0875d7e4bdcf98802db086ebcbb9d82fa569a18f06facc2ffe1ea9ae4231e1e503faa2de7f898c97788c4b9c61c70ff92abdf7476cc351156d11c0ada7614f315f4c6cca119d16827d4e864f5a7a9b690272a510c451dc07f391309d02e31e53b2bf0b5f86e776b1bcfe6c85ccd7ddf8a9559d596b5603895f265685fdd11263c946f8ef3ccec1b0d45a47a89b8237cbbdab14e4ca6dc76b2c41e071b93a065c0f5aa718e1cfab29beea78a6bd9a3114f0fb92be9a5862627b4bd99db2c08e4636e43f05f33535d5d1f9bb40e1fd8e5125a3d29b31dd94a6744bbc21722222b976089f073a4d3fcafc6d06518cf0c4fc6c3e3da0000000000000000000000007d3b60775243f2143d9f54804b11102cf0e4c641db1ba8bf75e46ab3a8fdece6562e7ebb3e407f3c7504dfa3da3aecbd49af3d1edeea11cc970416fadeedc8423bfdc85041ac4d8243a1130e6f4cb5bbfed9d095e18c98c7d690e4c491a7ddcd5635bc61dbed719ca28e8ca3f1fbbe588913ed057f1d6e34a79f4dc10df54d1993a5bc5f9ef6dbd339ee4b0b5764169f305e284ef82cc23e9366d4bc7eb45c7230b13433e5240657cb8eba33260147be8620b6d98cc48b000000000000000000000000c1ce872b18984f080100000000000000bd3fded92547d41809b398f36749083a147eb09ff1ed601bd36b873d3947fb223da647052528e0466cb917db7800f7c7000b593fca1903991cca1343882e3a1f60044f11c081dae4fc5bcf20efacdd2c577f4bcda2eea6f75a31dc90eebb6135b6fb824052181b0ad8a49ebf03ccf61d7e39bf6b0762d24d19796016301d1415b5110ba9df7f204aedb2a2e4e621c0553d312b309db67192f98ef7800000d629c04e216afc8fc66616bbf304e452373aa927c2ad6f5417f1b9bc322b802c1a1c42112a92a331cdc113b9ace3ff52ede7a853f9a89002ba070bac2f635a03db3375e5564f1a798bf9c0f8c72725d2eca9b0ec7e453d78ea20eca61530fe574299b393ca144adcb06108dfbb934065a87972739150a8752ac111c4d9062ccb95c54034fbdee131d94dfbaab1854d55665746fb7b47d25e54070b0d14c0a29c57bc4930075e1761913b036d43852c6df9f10e15105b2a1866b598a3577943514db0dce953dcec62139ff3f16066efec5d8cbc0600000000007289be5883aab951ea67cf2ff691d05c1ea91dd569ed9897fe8d88a0a6977dc8955be17e8026aff11c61fa5cc76196c1423cd597345253baa1537eb6962a3ce1fe5d5ab46938e8fb23fa7047bc59c4345e912585a8adb5fe2ff51b64a326321b594e3f2d339f4090bdae6b30b62064bacbc155d3c930576f506b093ca7c60957bdfdd6536baaa871cf6a603c736b78761e6463b8ac503e219cc3d98f649602ad24d5667368290ee926fba76ee482a201a03efece3b236f4ee2ffcd5d90d92a2f0c5cea48c87f27c2f1e92988a6508c12f6b7755cc48eb10edafca92cb0260c72295a27a24846d3a2334bd60e94c0fd07e5db0a4964a7fc4e89e11a300510776934e87bb3c21394f46954a012b2a3b0760f5bad1dbd6b466ed7153bd18ee2c0b2353c38df9e0782eb000000000000000000000000001b58cadcc5aaf65e05663985a177aa1d1ea2ad1b8151c7d58f5b92827f550269b3585d98e1394e816a477e52ce2f6de2bd7192f46cf965e774968d151d2bda084b10ec4c8d2c6ab582b1e5e3ed874235ff128c661298ed75879d8a4025ad1c3d9ef6355dc7284c6e648a61da026a777fcc7ae2c60ce64a2f2b0000000000000000000000000000003022110d1230e998429a6fd8f35939a8ae5acc89123839d84b98df6f8ee2ad0b238759bf400ac14c591aefe9660076a494f73b0ea8f3cb4a9c2e4f745a2afb593fabb9481600b2f44e6415153c1f8cf974a226d2700608bb2838ef07d75aed8b082716be3c37f60f48b9995f6325fdaa1c164b1e2bcbde00"/3344], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfe37, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000440)=ANY=[@ANYBLOB="b702000001040000bfa30000000000000703000000feffff7a0af0fff8bffffd79a4f0ff00000000b7060000ffffffff2d640500000000006502040001001f000404000001007d60b7030000000000006a0a00fefdff00008500000026000000b7000000000000009500000000000000c743a0c8e3ebbadc20e5a7efcc9ac1467fb2ea80dbcf8df265e1b40e4c8afd5c0c000000008da68076774bbcdb2c769937000090af27db5b56024db96bcbbbd2cb2000ce03000000000000007e357754508535766c80114604a86fe569b05614eab9297eb290a248a120c9c6e39f403ff065fd3052aae80675eeba68562eaeaea5fecf298ca20f274233106eab63ecf772de7b265040b6c50b7420b48a93fe94c756108afcd0b2eb78040000005f02a5a6474ae549070004000000001294fba0ed5020e6474ac921fee1f6d8ad6a80d0947cd6d4a561ced21a0b4a902be6af7ec2d1ba002e57f301000000000000000000000000100000aaf25343063e6581f9e6de14ad72e5ad84309f47f96a576cd20cef7ed951a73ea73d7c7f14e306f1f1d1377e57bbb19700f0077e9d0000b93eb0f2c6f8141e350dc68147e5958128d22d58625cf9dba211bfff9c3709c9b134625d3d2369f516a49eeeb1a662c8dfb875bdf5c6ba73cccdfacb202994c40d322717faff03323dce8a34ee0ca2cf61efb4b30000642735d6d482ba98d252f36c54333a8b1aa736369392b9067665339820f5f1557b0bf7cc06a5a13c714e0b1a1f000000ff3283076cda3d0b1a2905cfc3d04f1db264b530abcbe44bc405f600807970727fb819afa1907228fa9e83433eedb4ac88d0285594ffb0d14c09d5c77f33702822b02488ea570204c8441ced81cacf945dcb2486d65ceec8bcaffbe800a041a378b40dc9e3600e916ae6307bd8325a442095bc9a8b0c95905979f34adddbb26f0d24425c8ab9d937d84b521914f92eed3d3e9de82942a952e86b567aff5bc2e3c1fcc00f618363df5d0d181ee8f4b8fd356c9eb365adc037e443820c05c5db16ff07a9cf471e2ebf91ab00a05f88c1cd55f8c81f5eb1f8d615ca27efb2193bb61665a1ce37f30c2efc9c3b5a4a5d95479fac471ba60fbd0e50225563cd37343d09da72472efc2b2877fbab12a891513e5f0763ae06c0610a2869747c143d7500760600f3ffb2310e19ac58bf29d7f178d09a9f634a3ae492f54649589e3692768a0f3a08ff275df45508ad85950d8e08465fa1067ea8f383b3e7a7ddf5977d46f4bc38f914b4a496426d8468f9ba618b6b2218b50c8fc9efbce3ba799cf70de7e13be871aa7eb402e2b11f440361e18d4e334bfc6ae54e62e67a03b4c756c544189e4519a029674e2a2bbbc7f6600000000000800000e5e30b70b1eb176d3a62660600000030a0af132e680510811d3ab71af5d98e2d3d928a749e8b9402d14655612bd58fb40b4625cb69bf6cea97b447f2d970d99100000000086000001b881afb2cc500003a73562af4878f75b4f9540057b8a3fff2bc02c5941626d2015f414546e87835ba18e9101734a9e9c6955fc6b9a25fe2a3dd8bab7f21beccba5493a164c663eceed401737c12c65804712236a9a29a43b1e27e9b6816f2328ea8423121f12b7b35aa721fef26934ccafde573bee5c33ef15309f43cbd5d61aa679a9c402d337ebf57a5eacb569401c1df7b9c45b09743c61d1db37f0000000000020000000061d7d6818db785d8ba13dc577fe61a68eb365de5661f43d4c789bb117a3d208ae44a381b718b3157e218959156ff8e92b7e92bc275d2c9114547351a0d0f2a70d13be0194b6cb68b03000000000000004f153bbc7f52861e4e5df0d19e4e40ac44cfda6f87807e5b5ed7072c04da88afd3d4b79f060e004a0e2f00b9e726ac75d2ac0691314c627e9a8a07bdd607919fd48f01ad6d2f7621d9a75b134f1bc25ed7c33d411a5baa4daa3add16afc502b2b7629541d722e91d631e5ffb9d4beb5aa5a2c4e490a5bd5cf4538ba310b8cbc221af38ea842d4cb908bcd574f794459fd54b58c6a791e6df620047bade4ba41ee0141843958479544619f749ff70088b0fd115077f7eff7c5a3315ca604d110df1c54407f191a78d8362e4dc6e1138391c2af2b96779bb76c9f1daea4f085f38810edef6dd047937c231cba791a4e7713c5b3b0a0b6ba37db5016e02d114d714459d065a79609fea4efebad04edac11aac0e53dd094827453144fa419ee81823d00a90a9058ba740d2f41253a8d01a8c1a7265a084e30ad10d412aee8170a7111d62473e7bd8f3d64fb7ebdd32aada331900000000000000000000000084ef49dd02000000bf48ea48e0e1f463d9dcb285038ec38d5f4969ed0e98a71ac7bf8159a234833a5241722b2d24aa2fa4965d4eb7966fb27d118b6ef3308627e67d42f1041d5e92da28e0a7724ce715854775cbe06c5166f1dac0745f1373156a536cb6394c2c4473e2050cacf693fdf8e305080000001a901ecd90a5f53b8327a485557bc2a147b036477915e600000000034258ebbb6099b597d17ee2fc97ca850b8580b1337016a40566814594c13052b9d2b0741326825f19a24460e545c71e1940c998f39ac04a0c29691a7c8f7a78c1a7590a293c561f304533c638ae635f5ce026f7fa034d8cfe0e11831d4829692beab26891ef583cfcb713a4d3a2d8b958c0875d7e4bdcf98802db086ebcbb9d82fa569a18f06facc2ffe1ea9ae4231e1e503faa2de7f898c97788c4b9c61c70ff92abdf7476cc351156d11c0ada7614f315f4c6cca119d16827d4e864f5a7a9b690272a510c451dc07f391309d02e31e53b2bf0b5f86e776b1bcfe6c85ccd7ddf8a9559d596b5603895f265685fdd11263c946f8ef3ccec1b0d45a47a89b8237cbbdab14e4ca6dc76b2c41e071b93a065c0f5aa718e1cfab29beea78a6bd9a3114f0fb92be9a5862627b4bd99db2c08e4636e43f05f33535d5d1f9bb40e1fd8e5125a3d29b31dd94a6744bbc21722222b976089f073a4d3fcafc6d06518cf0c4fc6c3e3da0000000000000000000000007d3b60775243f2143d9f54804b11102cf0e4c641db1ba8bf75e46ab3a8fdece6562e7ebb3e407f3c7504dfa3da3aecbd49af3d1edeea11cc970416fadeedc8423bfdc85041ac4d8243a1130e6f4cb5bbfed9d095e18c98c7d690e4c491a7ddcd5635bc61dbed719ca28e8ca3f1fbbe588913ed057f1d6e34a79f4dc10df54d1993a5bc5f9ef6dbd339ee4b0b5764169f305e284ef82cc23e9366d4bc7eb45c7230b13433e5240657cb8eba33260147be8620b6d98cc48b000000000000000000000000c1ce872b18984f080100000000000000bd3fded92547d41809b398f36749083a147eb09ff1ed601bd36b873d3947fb223da647052528e0466cb917db7800f7c7000b593fca1903991cca1343882e3a1f60044f11c081dae4fc5bcf20efacdd2c577f4bcda2eea6f75a31dc90eebb6135b6fb824052181b0ad8a49ebf03ccf61d7e39bf6b0762d24d19796016301d1415b5110ba9df7f204aedb2a2e4e621c0553d312b309db67192f98ef7800000d629c04e216afc8fc66616bbf304e452373aa927c2ad6f5417f1b9bc322b802c1a1c42112a92a331cdc113b9ace3ff52ede7a853f9a89002ba070bac2f635a03db3375e5564f1a798bf9c0f8c72725d2eca9b0ec7e453d78ea20eca61530fe574299b393ca144adcb06108dfbb934065a87972739150a8752ac111c4d9062ccb95c54034fbdee131d94dfbaab1854d55665746fb7b47d25e54070b0d14c0a29c57bc4930075e1761913b036d43852c6df9f10e15105b2a1866b598a3577943514db0dce953dcec62139ff3f16066efec5d8cbc0600000000007289be5883aab951ea67cf2ff691d05c1ea91dd569ed9897fe8d88a0a6977dc8955be17e8026aff11c61fa5cc76196c1423cd597345253baa1537eb6962a3ce1fe5d5ab46938e8fb23fa7047bc59c4345e912585a8adb5fe2ff51b64a326321b594e3f2d339f4090bdae6b30b62064bacbc155d3c930576f506b093ca7c60957bdfdd6536baaa871cf6a603c736b78761e6463b8ac503e219cc3d98f649602ad24d5667368290ee926fba76ee482a201a03efece3b236f4ee2ffcd5d90d92a2f0c5cea48c87f27c2f1e92988a6508c12f6b7755cc48eb10edafca92cb0260c72295a27a24846d3a2334bd60e94c0fd07e5db0a4964a7fc4e89e11a300510776934e87bb3c21394f46954a012b2a3b0760f5bad1dbd6b466ed7153bd18ee2c0b2353c38df9e0782eb000000000000000000000000001b58cadcc5aaf65e05663985a177aa1d1ea2ad1b8151c7d58f5b92827f550269b3585d98e1394e816a477e52ce2f6de2bd7192f46cf965e774968d151d2bda084b10ec4c8d2c6ab582b1e5e3ed874235ff128c661298ed75879d8a4025ad1c3d9ef6355dc7284c6e648a61da026a777fcc7ae2c60ce64a2f2b0000000000000000000000000000003022110d1230e998429a6fd8f35939a8ae5acc89123839d84b98df6f8ee2ad0b238759bf400ac14c591aefe9660076a494f73b0ea8f3cb4a9c2e4f745a2afb593fabb9481600b2f44e6415153c1f8cf974a226d2700608bb2838ef07d75aed8b082716be3c37f60f48b9995f6325fdaa1c164b1e2bcbde00"/3344], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfe37, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r9, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000080)="b907ef23f66a54f05c13e5f0888e", 0x0, 0x2000000, 0x18000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000200)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000200)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000300)={0x0, 0x0, r11, r10, 0x3, 0x8, 0x0, 0x800, {0x4, 0x1, 0x3, 0x69, 0x200, 0x0, 0x2, 0xc, 0x4cab, 0xa7, 0x1000, 0x0, 0x2, 0xf8, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}}) 1.552152ms ago: executing program 3 (id=4): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x290, 0x160, 0xa, 0x148, 0x0, 0x60, 0x1f8, 0x2a8, 0x2a8, 0x1f8, 0x2a8, 0x3, 0x0, {[{{@ip={@dev={0xac, 0x14, 0x14, 0x39}, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'nr0\x00', {}, {}, 0x33}, 0x0, 0xf0, 0x160, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x2, 0x0, 0x2, 0x9, 0x9c89e3a, 0xbeaf, 0x7d0, 0x0, 0x18}}}, @common=@unspec=@cgroup0={{0x28}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x4, 0x0, "f20000000013fa9bf7e30000000000ca4ea6e7bf904adc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb053a5089830cc46172cf81d3e86d5af300"}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x2f0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x55) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000240)={0x4, &(0x7f0000000040)=[{0x0, 0x5, 0x5, 0x5}, {0x400, 0x5, 0x5, 0x2}, {0x101, 0x60, 0x5, 0x2d000}, {0x5, 0x1, 0x61, 0x807}]}) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) r6 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r6, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0xffff, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) fsopen(&(0x7f0000000000)='fuse\x00', 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x8000, 0x80) write$binfmt_elf64(r8, &(0x7f0000000400)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00000000000000000000000000400000000000000000000000000000000000000000003800010000d19800000003000000000000000000000000000040000000000000000000000000000000000008"], 0x78) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x0, 0x0, 0x100) socket$inet(0x2, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r9 = socket$kcm(0x2, 0xa, 0x2) syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$sock_SIOCETHTOOL(r9, 0x8923, &(0x7f0000000540)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures}) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) 0s ago: executing program 0 (id=1): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x3, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (async) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f00000004c0)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="20015d000000fac5f047651415c5ef08fa5b894dbb1c7a54a1450fd27547215c78242dbe60834a2536e8ed89fe7b62091c80de4e4fb7f9d119e8abb87805e3e75a1aed345820ff1c73fab339241cbd1f612727851c1788b6fb8ef05e401b14c671f6b6"], 0x0}) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = add_key$keyring(&(0x7f0000000240), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000440)='asymmetric\x00', 0x0, &(0x7f0000000000)="30800202", 0x1001, r4) (async, rerun: 64) ioctl$VHOST_VDPA_GET_VQS_COUNT(r0, 0x8004af80, &(0x7f0000000100)) (async, rerun: 64) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x0, 0x0, @mcast2}, r6}}, 0x48) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r7, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000580)=0x1, r8, 0x0, 0x2, 0x4}}, 0x20) (async) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0x0, @remote}, r8}}, 0x48) close(r7) r9 = epoll_create1(0x0) (async) r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/slabinfo\x00', 0x0, 0x0) epoll_pwait2(r9, &(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0) (async) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r10, &(0x7f0000000000)) (async, rerun: 64) epoll_ctl$EPOLL_CTL_MOD(r9, 0x3, r10, &(0x7f0000000080)={0x20000011}) (async, rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x7, 0x6, &(0x7f0000000700)=ANY=[@ANYBLOB="b601000000000000bd110000000000008510000002000000850000007600000095000000000000009500a5050000000077d8f3b4000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d75357f21699cdc6751dfb265a0e3ccae669e173a649c1cfd6587d472d64e7cc955d77578f4c35235138d5421f9453559c35da860e8ef14142b2a3e314422b854421eed734ceb1efeecb9c66854c3b3ffe1b4ce25d7c983c005c03bf3a48dfe3e26e7a23129d6606fd28a697a9d552af6d9a9df2c3af333e2008e11bbec0727cb3f647535deb6277f5696833a71011a7d06602e2fd5234712596b696418f163d1a13ed38a682f87925bfa753f631cd027edd68149ee99eebc6f7d6dd4ae59af7588c8e1f4efab57644ccb1973d7879b70a70001040000000000000000d7900a820b63278f4e9a217b98ef7042ad2a923132f208fd8289eaf8cd00000000000009d27d753a300800000000000000a5686f2fccc33e3e34c3969c5ad781302d40e97a8ad10ce0cbe17366d5ac6af2fca2360a15b80400d52040ef7b28d300747877e176fe4c4b8e40dbf260f5a9f7eee30293c1b163b795d0aef4deb851a30000f569dc8f39943f889008e1ec914faa9e6cd0b3b4b3b5db666ebeb49d6a62019d76459e70b459543c4ac42e53b4ad4c77cff373ebd95848f01864e456969cd28000170996016aceb583df5ee4dd722e8c350af489f9a900000000a0dcc36b3d7c734a9cce0439f832a20d7cbdcda5dff3ba92dd66afb9d74aa222038994dcd3e7784dbea1e51a15b0f1a040cc63177f8fafa3192fc8e5552da1a982ab8dfe31ad1a0968faa47c2069d6bf09c3aa4f0fc128cb578d99b08a150b4cc4b22f6a464c6398c952519818a44a1b223ff502df87865c276588ea478e328e8277e811b99ce1acfecaf8e2c55ccc4b8eae0a61635514e99ffd438784060f23ba74c0b30b1180d935832deb686d789ba1d436d116394534e88492a42b8bf050c719661a2dc50b3a1dcfbc871e5c27e3d7260f6fa589e40000b89db451ff994845f6b49c12e89291398bcb3c06ef1289f74e0b0e2cab592d35f82a69e7284223a171c616b1f0fee6c4711d7aecb69746064d2c096554975d605ebe646302bf3d5cf32a9a09915ae3f3d4eb96615d7b237da56cd5e9904a19e145f25b6d98eb2c019967f553b61d0e80d6913cee9f8d18469a654a239a84a85debbc02846ac5791278f18c6759e3b513a68284d2efc30587e433431b2896a3bd48020af67e9ac071b2dd6dc3b9efae4ff03558fa619aea909c7f2416e7e7da1c51ccc7e6ac27412f728dc6d80da8adf317ca863ed683897321f8c8bb5a5d953d6783b7a06353ee496bbdff418de3e53234df87756eb99e330253cf5da4aa1a9648a38f07e2d302b4165983db4f7b8972923fffa8c03c288512a3a38fbd7c816a44634f7a03fab30811b7b93257bea4369ba46024dee5e9b0b2c3d3324e9b7c1f99ab9bb3f498b1485373b79ec84a67dad4e37575dab87ce55a9a69ed856a4c4410d1242ac1bd1539094a641cc086c2c53e363beafc74ab4e9ff320373705cbf5644586ffe60d293944fa2d9dc18b55f1af5c42f27747bef1ffd0c1766f062d47d61bf9f64e6ee288fa7fc12d48da526527b9f5c318c93ec447cb8b5eee7aa8a1e85696af3dfef96657c0545c8ebd96528d9c28828e5befd80d684b03b6d153da3e3cbd3bfbf4a9375b8ad04a1d241bcb5d5505cb6cc7a44e2e24bd0b1ca4879caaff59d0ce39dc7f3fea447f4e46967855208e63ec988bd2692afefbed2b001205e4b30ee8fe417defa566a73ace8f01f7181de0ef25f1744896a3c38859e6148c42454949cd64b1a888e7fe9c2d86bb01023b6ddeb67f5eb038af3e460c771518a4126c338b0390d459361e03adf6e6b558b3651a0e33d101b5febfff82794203da18db6fcf89715c2d338f78d8b9220171b41f528f857a7cb79ca990de1208777e13faaa9b9cb9e67797b07d9eb9e909410b50c5d981d9a72aa36498b630519d1530ef0000000000000000000037fcffffffffffffff8db8379bd2044c652dff399a9f8bfa4e9c507f049d18837464276830461ee203ba51f6102d262fc9a26bc3638ecce24e65c55da6efaa462f03d0e119c963a8c7a522b59f5a7b44d018cb2648383073d9e032492cae44350bc0a85697f431392eb22cae093e85954af97d6d7b2e6e8f43353062275ad1578a431594243452a2bfb89f91d8eaac038e9e17136e7c698f73faaabb3d00000000000080014573789425c4c32da528d89356aa6d2ae6da082e756c80cf39053431080ea6cbf9997a5a0ddad0b9d12bc3f880476ab32f0feaac5f16e61f7b72b8c9082eec423c6b3eaecfdcc9ec72795e7696421c83b76c2d6bac19bc875d009679778d8ef97d7e05329649d97b0dc54bea9b650873de2d3d702690176e0b23ee5cb5e469a8d1612d611722e6200e3a297d92f8e1de98326c5ef2b89d4e2d47767cd755783e5d865e373338e96ceb8399f296c59b2d70ca27735ecaff62982616d3ac1ab041733bce119d8002a6c8a2b08b32551b2313b1a2ff41b3f04af61c69c85cb2da48215727271bac2ffdeb62d9f5dc4845f1c3f63dc806e615ee8d28d6d7f181e30807afa27f41d0364c746a65a47464db68f3c433d88dd625db35fded2c86d75af88efaf20c8b37c644b6c4e773a9589200faa553bc92f916b75ddbfa18ab73979f46947b35914286d2499a0b8c970000000000000000f4fe74e0c26ab52329bd600627b256ca44dd121ffc8dbb6e5f70cbe03efccac70375b30cc927574d254d1b46c607e8b1ca7d1511568c3ef4b6b885f4582bdcef74e5e010627fc8e4fe00000000000000000000869d9640f06b11df2971909b90133983308ea4f033de613763f32d913bcbe9dd082a6fff197a20730269e6cfd31275395833f1c2b8a50a94c30cceae2a11fe9b9b835d0da73891c0b3ce22dea6bf31e7f51808cf72f44b4455b77a778440795e152dc1b7bb0a5636aa4742ce4d331a47de5836539cdf289176527277b70c8162aaf6f9475418b478329f3565450acfaf07000000eab8cabfa97e35081967bb92a264b07e8003d2f15537e72a1e4ca5ec1e2aaaf8236ecdefbaf512c75e636b6b6f518ad20521f909b12e9bc97e408e0dc82f950d12705f35708bc862196abb27e8d7991b5273987f38c4706289ff4f6130cee76465d487a07a74452f87da2029bd3debd9870335d58d3fe1ac80574fa3ea312997ab81bc6f569ffdb10ba3f20a86d95128d13e0c778998d3b3114bfb07bd61e4bff8a5e2ce4aa572c63e09b44ca4a181bcfe4eec3ce843c65c4948169fe639a186acc2b4a96c6b8d4d2e6d53ab97bea01eab953e6e89e3af34d4ada217bc6fda0fb2095c49195d0d6f365ca80a955b9ec81240a84ef672afa369fc8e3d444ba35d0f51a0065a3b982d09dfc6874fc0d8079b185447cb8a695e132d4d613a529d9c77e2a8f7320ecf698e8a2b170fd601dc1a9767a38b10788e92d1356f6a6c1bcfb2d31b46e735db13f1be80bac1b6be04fd98610000000000000000000000000000139af5493f74751c5e2501a4936bc4a0fa516117f4ccadc692003adee0a080eba2f1059660c0ee0e9aec72d4d0fe095632e4f641b0e34c611c5b3e0ba05fa36542d40837dda323910672a9097d68398fd3539686e4288db0d6bf7cb8a1835f46dfe11865a66ef47e736dada06677a5bca133d6cbc8fe5c4557e51b006bdccd7c5f32ff1d9e8b130f77df09236870fb3de5b87b4f8acc13df534eba329b86670000000000000000b27a2616c03cdf6c009447a652bca9b325e73c0737d5b717945e4fe7a169c5e2c54fc71a4104aa7cf0f5d30e2fcd9503650edbd8a5971a9a1fde5e5df37469ae204a6e899eacc1e63034cbabc5604739881cb82604bed3e53696a0606b26b879ef232a1a038291389593d1575cb79aa8284cf01a7e1a456acab9d8d608ad69d4c4b56492af7004e7ed9d47c5db3d76a00bea7c804f3a3638408bc1636f1009b7f185f51606918eaa0ab6bef11ae3d300"], &(0x7f0000000080)='GPL\x00', 0x809, 0xc3, &(0x7f0000001280)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6cb6, @void, @value}, 0x94) (async) r11 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) ioctl$RTC_SET_TIME(r11, 0x4024700a, &(0x7f0000000140)={0x9, 0x201e, 0x11, 0xc, 0x3, 0x1, 0x6, 0x48}) kernel console output (not intermixed with test programs): [ 38.185260][ T39] audit: type=1400 audit(1730230676.387:81): avc: denied { rlimitinh } for pid=5924 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 38.192088][ T39] audit: type=1400 audit(1730230676.387:82): avc: denied { siginh } for pid=5924 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 39.101403][ T39] audit: type=1400 audit(1730230677.317:83): avc: denied { read } for pid=5338 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 39.107946][ T39] audit: type=1400 audit(1730230677.317:84): avc: denied { append } for pid=5338 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 39.113973][ T39] audit: type=1400 audit(1730230677.317:85): avc: denied { open } for pid=5338 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 39.120215][ T39] audit: type=1400 audit(1730230677.317:86): avc: denied { getattr } for pid=5338 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Warning: Permanently added '[localhost]:3742' (ED25519) to the list of known hosts. [ 39.886855][ T39] audit: type=1400 audit(1730230678.107:87): avc: denied { name_bind } for pid=5930 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 41.697121][ T5932] cgroup: Unknown subsys name 'net' [ 41.866366][ T5932] cgroup: Unknown subsys name 'cpuset' [ 41.869985][ T5932] cgroup: Unknown subsys name 'rlimit' [ 42.068769][ T5935] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 42.756356][ T5932] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.160709][ T39] kauditd_printk_skb: 17 callbacks suppressed [ 45.160721][ T39] audit: type=1400 audit(1730230683.377:105): avc: denied { execmem } for pid=5941 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 45.345279][ T39] audit: type=1400 audit(1730230683.567:106): avc: denied { create } for pid=5945 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.353560][ T39] audit: type=1400 audit(1730230683.567:107): avc: denied { read write } for pid=5945 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.359748][ T39] audit: type=1400 audit(1730230683.567:108): avc: denied { open } for pid=5945 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.365924][ T39] audit: type=1400 audit(1730230683.567:109): avc: denied { ioctl } for pid=5945 comm="syz-executor" path="socket:[1867]" dev="sockfs" ino=1867 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.383919][ T5956] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.386844][ T5956] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.388764][ T5960] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.389232][ T5956] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.390036][ T5961] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.390723][ T5961] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.390923][ T5961] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.391675][ T5961] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.392874][ T5960] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.393066][ T5960] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.393708][ T5960] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.393827][ T5956] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.394047][ T5956] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 45.394152][ T5956] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.395824][ T5956] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 45.397236][ T5963] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.397368][ T5960] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 45.397522][ T5960] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.399983][ T5956] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.401735][ T39] audit: type=1400 audit(1730230683.617:110): avc: denied { read } for pid=5945 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.403195][ T5956] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.405799][ T39] audit: type=1400 audit(1730230683.617:111): avc: denied { open } for pid=5945 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.407764][ T5956] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.410095][ T39] audit: type=1400 audit(1730230683.617:112): avc: denied { mounton } for pid=5945 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 45.415005][ T5956] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.447789][ T5956] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 45.450518][ T5956] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.554712][ T39] audit: type=1400 audit(1730230683.777:113): avc: denied { module_request } for pid=5945 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 45.590991][ T5945] chnl_net:caif_netlink_parms(): no params data found [ 45.618302][ T5946] chnl_net:caif_netlink_parms(): no params data found [ 45.628190][ T5947] chnl_net:caif_netlink_parms(): no params data found [ 45.714299][ T5945] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.716632][ T5945] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.718712][ T5945] bridge_slave_0: entered allmulticast mode [ 45.720803][ T5945] bridge_slave_0: entered promiscuous mode [ 45.725096][ T5945] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.726982][ T5945] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.728900][ T5945] bridge_slave_1: entered allmulticast mode [ 45.731102][ T5945] bridge_slave_1: entered promiscuous mode [ 45.826638][ T5945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.829248][ T5946] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.831531][ T5946] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.833998][ T5946] bridge_slave_0: entered allmulticast mode [ 45.836048][ T5946] bridge_slave_0: entered promiscuous mode [ 45.868331][ T5945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.870904][ T5946] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.873118][ T5946] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.875132][ T5946] bridge_slave_1: entered allmulticast mode [ 45.877382][ T5946] bridge_slave_1: entered promiscuous mode [ 45.963804][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.966135][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.968041][ T5947] bridge_slave_0: entered allmulticast mode [ 45.970121][ T5947] bridge_slave_0: entered promiscuous mode [ 45.975380][ T5945] team0: Port device team_slave_0 added [ 45.979035][ T5955] chnl_net:caif_netlink_parms(): no params data found [ 45.983566][ T5946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.986667][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.988759][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.990699][ T5947] bridge_slave_1: entered allmulticast mode [ 45.993825][ T5947] bridge_slave_1: entered promiscuous mode [ 46.006156][ T5945] team0: Port device team_slave_1 added [ 46.023177][ T5946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.046469][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.059984][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.062406][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.071251][ T5945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.103045][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.106820][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.109133][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.118147][ T5945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.145930][ T5946] team0: Port device team_slave_0 added [ 46.182794][ T5946] team0: Port device team_slave_1 added [ 46.225621][ T5955] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.227956][ T5955] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.231184][ T5955] bridge_slave_0: entered allmulticast mode [ 46.234546][ T5955] bridge_slave_0: entered promiscuous mode [ 46.249038][ T5947] team0: Port device team_slave_0 added [ 46.253483][ T5945] hsr_slave_0: entered promiscuous mode [ 46.255504][ T5945] hsr_slave_1: entered promiscuous mode [ 46.259028][ T5955] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.261237][ T5955] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.263537][ T5955] bridge_slave_1: entered allmulticast mode [ 46.266004][ T5955] bridge_slave_1: entered promiscuous mode [ 46.288122][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.290172][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.298227][ T5946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.304460][ T5947] team0: Port device team_slave_1 added [ 46.326916][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.329055][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.337608][ T5946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.362933][ T5955] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.366836][ T5955] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.379674][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.382355][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.390260][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.423088][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.425237][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.433929][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.457182][ T5946] hsr_slave_0: entered promiscuous mode [ 46.459464][ T5946] hsr_slave_1: entered promiscuous mode [ 46.463189][ T5946] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.465564][ T5946] Cannot create hsr debugfs directory [ 46.468576][ T5955] team0: Port device team_slave_0 added [ 46.477605][ T5955] team0: Port device team_slave_1 added [ 46.516921][ T5955] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.519073][ T5955] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.526239][ T5955] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.554884][ T5955] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.556826][ T5955] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.563975][ T5955] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.578063][ T5947] hsr_slave_0: entered promiscuous mode [ 46.580304][ T5947] hsr_slave_1: entered promiscuous mode [ 46.583754][ T5947] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.586154][ T5947] Cannot create hsr debugfs directory [ 46.634120][ T5955] hsr_slave_0: entered promiscuous mode [ 46.636227][ T5955] hsr_slave_1: entered promiscuous mode [ 46.638540][ T5955] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.640732][ T5955] Cannot create hsr debugfs directory [ 46.767251][ T5945] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 46.774743][ T5945] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 46.780043][ T5945] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 46.786158][ T5945] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 46.831465][ T5946] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 46.836844][ T5946] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 46.854515][ T5946] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 46.863725][ T5946] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 46.882501][ T5947] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 46.887316][ T5947] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 46.895071][ T5947] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 46.907274][ T5947] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 46.952193][ T5955] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.955664][ T5955] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.959733][ T5955] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.963755][ T5955] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.987374][ T5945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.012613][ T5945] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.020202][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.022846][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.054490][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.057219][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.063912][ T5946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.093337][ T5946] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.109848][ T5955] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.116280][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.120348][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.122534][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.133060][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.135652][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.155829][ T5955] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.165180][ T5947] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.171153][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.173093][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.184356][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.186334][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.191813][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.193698][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.206728][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.209297][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.224570][ T39] audit: type=1400 audit(1730230685.447:114): avc: denied { sys_module } for pid=5945 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 47.266598][ T5955] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.285368][ T5945] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.311145][ T5945] veth0_vlan: entered promiscuous mode [ 47.323733][ T5945] veth1_vlan: entered promiscuous mode [ 47.336707][ T5946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.346784][ T5945] veth0_macvtap: entered promiscuous mode [ 47.352847][ T5945] veth1_macvtap: entered promiscuous mode [ 47.370110][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.381090][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.385889][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.394057][ T5945] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.396661][ T5945] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.399037][ T5945] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.403050][ T5945] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.404249][ T5959] Bluetooth: hci1: command tx timeout [ 47.408081][ T5955] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.411476][ T5959] Bluetooth: hci0: command tx timeout [ 47.418802][ T5946] veth0_vlan: entered promiscuous mode [ 47.439479][ T5946] veth1_vlan: entered promiscuous mode [ 47.482120][ T5947] veth0_vlan: entered promiscuous mode [ 47.492351][ T5959] Bluetooth: hci3: command tx timeout [ 47.492373][ T5956] Bluetooth: hci2: command tx timeout [ 47.501719][ T5955] veth0_vlan: entered promiscuous mode [ 47.513944][ T5946] veth0_macvtap: entered promiscuous mode [ 47.518019][ T5947] veth1_vlan: entered promiscuous mode [ 47.519108][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.521998][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.522517][ T5946] veth1_macvtap: entered promiscuous mode [ 47.535875][ T5955] veth1_vlan: entered promiscuous mode [ 47.548708][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.555147][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.560654][ T5946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.563946][ T5946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.567105][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.578164][ T5947] veth0_macvtap: entered promiscuous mode [ 47.583046][ T5946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.586575][ T5946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.591193][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.597850][ T5946] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.601156][ T5946] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.604533][ T5946] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.607401][ T5946] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.612857][ T5955] veth0_macvtap: entered promiscuous mode [ 47.615576][ T5947] veth1_macvtap: entered promiscuous mode [ 47.617749][ T5945] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 47.624458][ T5955] veth1_macvtap: entered promiscuous mode [ 47.640935][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.645723][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.648655][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.652316][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.656883][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.660724][ T5955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.664961][ T5955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.668370][ T5955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.673124][ T5955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.676560][ T5955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.680327][ T5955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.686430][ T5955] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.706952][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.707062][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.709720][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.715571][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.716285][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.718381][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.719076][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.726137][ T5955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.729581][ T5955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.732531][ T5955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.735673][ T5955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.738243][ T5955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.740936][ T5955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.744533][ T5955] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.748351][ T5955] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.752011][ T5955] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.755486][ T5955] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.758198][ T5955] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.771946][ T5947] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.774524][ T5947] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.777369][ T5947] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.779251][ T6016] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 47.779747][ T5947] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.799120][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.802831][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.848314][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.853702][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.871083][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.874518][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.878644][ T6018] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 47.883869][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.888413][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.894346][ T6018] netfs: Couldn't get user pages (rc=-14) [ 47.905090][ T218] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.907414][ T218] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.950821][ T6027] xt_hashlimit: max too large, truncated to 1048576 [ 47.969229][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8bd [ 47.971033][ T6030] BUG: Bad page state in process syz.1.8 pfn:34c89 [ 47.971311][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8bd [ 47.975643][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x34c89 [ 47.977943][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 47.980233][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 47.980250][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 47.980259][ T6030] raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000 [ 47.980265][ T6030] page dumped because: page_pool leak [ 47.980271][ T6030] page_owner tracks the page as allocated [ 47.982285][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 47.982298][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 47.984349][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968439806, free_ts 47938350535 [ 47.987248][ T6023] page dumped because: page_pool leak [ 47.987265][ T6023] page_owner tracks the page as allocated [ 47.987296][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959514733, free_ts 0 [ 47.989927][ T6030] post_alloc_hook+0x2d1/0x350 [ 47.991855][ T6023] post_alloc_hook+0x2d1/0x350 [ 47.993612][ T6030] get_page_from_freelist+0x101e/0x3070 [ 47.996725][ T6023] get_page_from_freelist+0x101e/0x3070 [ 47.998986][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 48.003329][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 48.004745][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 48.006212][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 48.011357][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 48.012639][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 48.014430][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 48.015926][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 48.017737][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 48.019226][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 48.020882][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 48.022484][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 48.024103][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 48.025767][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 48.027352][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.028720][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.030340][ T6030] __sys_bpf+0xfc6/0x49a0 [ 48.031743][ T6023] __sys_bpf+0xfc6/0x49a0 [ 48.033135][ T6030] __x64_sys_bpf+0x78/0xc0 [ 48.034756][ T6023] __x64_sys_bpf+0x78/0xc0 [ 48.036657][ T6030] do_syscall_64+0xcd/0x250 [ 48.038273][ T6023] do_syscall_64+0xcd/0x250 [ 48.038295][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.038312][ T6023] page_owner free stack trace missing [ 48.038319][ T6023] Modules linked in: [ 48.039807][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.041261][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 48.041279][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.041286][ T6023] Call Trace: [ 48.041292][ T6023] [ 48.041298][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 48.042882][ T6030] page last free pid 6026 tgid 6026 stack trace: [ 48.044015][ T6023] bad_page+0xb3/0x1f0 [ 48.045232][ T6030] free_unref_page+0x5f4/0xdc0 [ 48.046381][ T6023] ? __pfx_bad_page+0x10/0x10 [ 48.047562][ T6030] __put_partials+0x14c/0x170 [ 48.048878][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 48.050573][ T6030] qlist_free_all+0x4e/0x120 [ 48.052153][ T6023] free_unref_page+0x657/0xdc0 [ 48.052176][ T6023] ? rcu_is_watching+0x12/0xc0 [ 48.052189][ T6023] ? __phys_addr+0xc6/0x150 [ 48.052204][ T6023] skb_free_head+0xa0/0x1d0 [ 48.053987][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 48.055011][ T6023] skb_release_data+0x560/0x730 [ 48.056959][ T6030] __kasan_slab_alloc+0x69/0x90 [ 48.057695][ T6027] syz.3.4 uses obsolete (PF_INET,SOCK_PACKET) [ 48.060021][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 48.062808][ T6030] kmem_cache_alloc_noprof+0x121/0x2f0 [ 48.063614][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 48.064379][ T6030] prepare_creds+0x2e/0x750 [ 48.065573][ T6023] ? kernel_text_address+0x8d/0x100 [ 48.067295][ T6030] prepare_exec_creds+0x10/0x240 [ 48.068498][ T6023] ? hlock_class+0x4e/0x130 [ 48.069752][ T6030] bprm_execve+0xc2/0x1960 [ 48.070911][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 48.070928][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 48.070949][ T6023] ? hlock_class+0x4e/0x130 [ 48.070962][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 48.070977][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 48.070990][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 48.071010][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 48.072781][ T6030] kernel_execve+0x2ef/0x3b0 [ 48.073939][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 48.075471][ T6030] call_usermodehelper_exec_async+0x255/0x4c0 [ 48.076735][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.078164][ T6030] ret_from_fork+0x45/0x80 [ 48.079300][ T6023] ? lock_acquire+0x2f/0xb0 [ 48.080452][ T6030] ret_from_fork_asm+0x1a/0x30 [ 48.081778][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.081801][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 48.081820][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 48.081837][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 48.082940][ T6030] Modules linked in: [ 48.084119][ T6023] ? __build_skb_around+0x278/0x3b0 [ 48.085605][ T6030] [ 48.110668][ T6036] @: renamed from bond0 (while UP) [ 48.111074][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 48.129149][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 48.129179][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 48.129312][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 48.129346][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 48.129364][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 48.129379][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 48.129393][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 48.129463][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 48.129489][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 48.129504][ T6023] ? 0xffffffffa0004340 [ 48.129516][ T6023] ? 0xffffffffa0004340 [ 48.129525][ T6023] ? 0xffffffffa0004340 [ 48.129533][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 48.129549][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.129571][ T6023] ? lock_acquire+0x2f/0xb0 [ 48.129582][ T6023] ? __fget_files+0x40/0x3f0 [ 48.129600][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.129619][ T6023] ? fput+0x30/0x390 [ 48.129634][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 48.129651][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.129666][ T6023] __sys_bpf+0xfc6/0x49a0 [ 48.129678][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 48.129697][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 48.129711][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 48.129723][ T6023] ? __schedule+0xe5d/0x5730 [ 48.129740][ T6023] ? __fget_files+0x23a/0x3f0 [ 48.129757][ T6023] ? do_futex+0x123/0x350 [ 48.129771][ T6023] ? __pfx_do_futex+0x10/0x10 [ 48.129791][ T6023] ? xfd_validate_state+0x5d/0x180 [ 48.129804][ T6023] ? rcu_is_watching+0x12/0xc0 [ 48.129821][ T6023] __x64_sys_bpf+0x78/0xc0 [ 48.129837][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 48.129853][ T6023] do_syscall_64+0xcd/0x250 [ 48.129871][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.129889][ T6023] RIP: 0033:0x7f5f67b7e719 [ 48.129901][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 48.129912][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 48.129925][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 48.129933][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 48.129939][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 48.129947][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.129953][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 48.129966][ T6023] [ 48.129977][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 48.129998][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.130005][ T6030] Call Trace: [ 48.130010][ T6030] [ 48.130017][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 48.130039][ T6030] bad_page+0xb3/0x1f0 [ 48.130057][ T6030] ? __pfx_bad_page+0x10/0x10 [ 48.130072][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 48.130082][ T6023] Disabling lock debugging due to kernel taint [ 48.130086][ T6030] free_unref_page+0x657/0xdc0 [ 48.130098][ T6030] ? hlock_class+0x4e/0x130 [ 48.130112][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8bc [ 48.130112][ T6030] ? __phys_addr+0xc6/0x150 [ 48.130119][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8bc [ 48.130130][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 48.130126][ T6030] skb_free_head+0xa0/0x1d0 [ 48.130146][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 48.130145][ T6030] skb_release_data+0x560/0x730 [ 48.130156][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 48.130161][ T6023] page dumped because: page_pool leak [ 48.130158][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 48.130167][ T6023] page_owner tracks the page as allocated [ 48.130171][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959508446, free_ts 0 [ 48.130171][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 48.130188][ T6023] post_alloc_hook+0x2d1/0x350 [ 48.130190][ T6030] ? kernel_text_address+0x8d/0x100 [ 48.130200][ T6023] get_page_from_freelist+0x101e/0x3070 [ 48.130202][ T6030] ? hlock_class+0x4e/0x130 [ 48.130212][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 48.130214][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 48.130224][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 48.130223][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 48.130236][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 48.130241][ T6030] ? hlock_class+0x4e/0x130 [ 48.130248][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 48.130253][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 48.130258][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 48.130264][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 48.130268][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 48.130274][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 48.130281][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 48.130290][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 48.130293][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.130306][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 48.130318][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.130334][ T6030] ? lock_acquire+0x2f/0xb0 [ 48.130343][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.130351][ T6023] __sys_bpf+0xfc6/0x49a0 [ 48.130359][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 48.130370][ T6023] __x64_sys_bpf+0x78/0xc0 [ 48.130375][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 48.130381][ T6023] do_syscall_64+0xcd/0x250 [ 48.130392][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 48.130398][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.130413][ T6023] page_owner free stack trace missing [ 48.130409][ T6030] ? __build_skb_around+0x278/0x3b0 [ 48.130417][ T6023] Modules linked in: [ 48.130428][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 48.130443][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 48.130460][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 48.130477][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 48.130490][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 48.130504][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 48.130518][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 48.130529][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 48.130541][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 48.130559][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 48.130570][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.130585][ T6030] ? lock_acquire+0x2f/0xb0 [ 48.130593][ T6030] ? __fget_files+0x40/0x3f0 [ 48.130607][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.130622][ T6030] ? fput+0x30/0x390 [ 48.130633][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 48.130648][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.130661][ T6030] __sys_bpf+0xfc6/0x49a0 [ 48.130710][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 48.130728][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 48.130740][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 48.130807][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 48.130820][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 48.130837][ T6030] ? find_held_lock+0x59/0x110 [ 48.130852][ T6030] ? lock_acquire+0x2f/0xb0 [ 48.130863][ T6030] __x64_sys_bpf+0x78/0xc0 [ 48.130874][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 48.130889][ T6030] do_syscall_64+0xcd/0x250 [ 48.130904][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.130918][ T6030] RIP: 0033:0x7f5f67b7e719 [ 48.130928][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 48.130938][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 48.130948][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 48.130955][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 48.130962][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 48.130970][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.130976][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 48.130986][ T6030] [ 48.130993][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 48.131005][ T6030] BUG: Bad page state in process syz.1.8 pfn:34c88 [ 48.131008][ T6023] Tainted: [B]=BAD_PAGE [ 48.131012][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.131012][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888034c8e000 pfn:0x34c88 [ 48.131018][ T6023] Call Trace: [ 48.131022][ T6023] [ 48.131022][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 48.131026][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 48.131036][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 48.131044][ T6030] raw: ffff888034c8e000 0000000000000001 00000000ffffffff 0000000000000000 [ 48.131044][ T6023] bad_page+0xb3/0x1f0 [ 48.131050][ T6030] page dumped because: page_pool leak [ 48.131054][ T6030] page_owner tracks the page as allocated [ 48.131057][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968435535, free_ts 47938350535 [ 48.131060][ T6023] ? __pfx_bad_page+0x10/0x10 [ 48.131073][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 48.131080][ T6030] post_alloc_hook+0x2d1/0x350 [ 48.131087][ T6023] free_unref_page+0x657/0xdc0 [ 48.131097][ T6030] get_page_from_freelist+0x101e/0x3070 [ 48.131098][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 48.131115][ T6023] ? __phys_addr+0xc6/0x150 [ 48.131114][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 48.131127][ T6023] skb_free_head+0xa0/0x1d0 [ 48.131131][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 48.131145][ T6023] skb_release_data+0x560/0x730 [ 48.131150][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 48.131157][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 48.131168][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 48.131169][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 48.131184][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 48.131187][ T6023] ? kernel_text_address+0x8d/0x100 [ 48.131197][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 48.131198][ T6023] ? hlock_class+0x4e/0x130 [ 48.131210][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 48.131214][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 48.131222][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.131224][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 48.131236][ T6030] __sys_bpf+0xfc6/0x49a0 [ 48.131241][ T6023] ? hlock_class+0x4e/0x130 [ 48.131245][ T6030] __x64_sys_bpf+0x78/0xc0 [ 48.131258][ T6030] do_syscall_64+0xcd/0x250 [ 48.131278][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 48.131291][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 48.131302][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 48.131318][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 48.131329][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.131332][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 48.131346][ T6030] page last free pid 6026 tgid 6026 stack trace: [ 48.131345][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.131351][ T6030] free_unref_page+0x5f4/0xdc0 [ 48.131361][ T6023] ? lock_acquire+0x2f/0xb0 [ 48.131362][ T6030] __put_partials+0x14c/0x170 [ 48.131371][ T6030] qlist_free_all+0x4e/0x120 [ 48.131370][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.131381][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 48.131385][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 48.131391][ T6030] __kasan_slab_alloc+0x69/0x90 [ 48.131401][ T6030] kmem_cache_alloc_noprof+0x121/0x2f0 [ 48.131401][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 48.131412][ T6030] prepare_creds+0x2e/0x750 [ 48.131417][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 48.131427][ T6030] prepare_exec_creds+0x10/0x240 [ 48.131433][ T6023] ? __build_skb_around+0x278/0x3b0 [ 48.131441][ T6030] bprm_execve+0xc2/0x1960 [ 48.131449][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 48.131455][ T6030] kernel_execve+0x2ef/0x3b0 [ 48.131466][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 48.131469][ T6030] call_usermodehelper_exec_async+0x255/0x4c0 [ 48.131480][ T6030] ret_from_fork+0x45/0x80 [ 48.131483][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 48.131490][ T6030] ret_from_fork_asm+0x1a/0x30 [ 48.131504][ T6030] Modules linked in: [ 48.131500][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 48.131508][ T6030] [ 48.131513][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 48.131530][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 48.131547][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 48.131558][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 48.131568][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 48.131584][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 48.131594][ T6023] ? 0xffffffffa0004340 [ 48.131602][ T6023] ? 0xffffffffa0004340 [ 48.131609][ T6023] ? 0xffffffffa0004340 [ 48.131615][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 48.131627][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.131642][ T6023] ? lock_acquire+0x2f/0xb0 [ 48.131650][ T6023] ? __fget_files+0x40/0x3f0 [ 48.131665][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.131680][ T6023] ? fput+0x30/0x390 [ 48.131691][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 48.131705][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.131719][ T6023] __sys_bpf+0xfc6/0x49a0 [ 48.131728][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 48.131743][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 48.131754][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 48.131767][ T6023] ? __schedule+0xe5d/0x5730 [ 48.131783][ T6023] ? __fget_files+0x23a/0x3f0 [ 48.131800][ T6023] ? do_futex+0x123/0x350 [ 48.131814][ T6023] ? __pfx_do_futex+0x10/0x10 [ 48.131829][ T6023] ? xfd_validate_state+0x5d/0x180 [ 48.131842][ T6023] ? rcu_is_watching+0x12/0xc0 [ 48.131858][ T6023] __x64_sys_bpf+0x78/0xc0 [ 48.131869][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 48.131885][ T6023] do_syscall_64+0xcd/0x250 [ 48.131900][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.131913][ T6023] RIP: 0033:0x7f5f67b7e719 [ 48.131924][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 48.131936][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 48.131946][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 48.131955][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 48.131961][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 48.131967][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.131973][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 48.131982][ T6023] [ 48.131988][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 48.132004][ T6030] Tainted: [B]=BAD_PAGE [ 48.132008][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.132014][ T6030] Call Trace: [ 48.132017][ T6030] [ 48.132021][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 48.132032][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8bb [ 48.132042][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8bb [ 48.132042][ T6030] bad_page+0xb3/0x1f0 [ 48.132054][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 48.132058][ T6030] ? __pfx_bad_page+0x10/0x10 [ 48.132068][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 48.132077][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 48.132074][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 48.132085][ T6023] page dumped because: page_pool leak [ 48.132089][ T6023] page_owner tracks the page as allocated [ 48.132091][ T6030] free_unref_page+0x657/0xdc0 [ 48.132093][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959502152, free_ts 0 [ 48.132104][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 48.132110][ T6023] post_alloc_hook+0x2d1/0x350 [ 48.132122][ T6030] ? __phys_addr+0xc6/0x150 [ 48.132123][ T6023] get_page_from_freelist+0x101e/0x3070 [ 48.132137][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 48.132137][ T6030] skb_free_head+0xa0/0x1d0 [ 48.132148][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 48.132155][ T6030] skb_release_data+0x560/0x730 [ 48.132162][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 48.132167][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 48.132175][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 48.132181][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 48.132185][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 48.132201][ T6030] ? kernel_text_address+0x8d/0x100 [ 48.132197][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 48.132211][ T6030] ? hlock_class+0x4e/0x130 [ 48.132216][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 48.132223][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 48.132229][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.132232][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 48.132242][ T6023] __sys_bpf+0xfc6/0x49a0 [ 48.132251][ T6023] __x64_sys_bpf+0x78/0xc0 [ 48.132249][ T6030] ? hlock_class+0x4e/0x130 [ 48.132263][ T6023] do_syscall_64+0xcd/0x250 [ 48.132268][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 48.132279][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 48.132277][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.132293][ T6023] page_owner free stack trace missing [ 48.132298][ T6023] Modules linked in: [ 48.132292][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 48.132301][ T6023] [ 48.132313][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 48.132328][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 48.132341][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.132356][ T6030] ? lock_acquire+0x2f/0xb0 [ 48.132364][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.132380][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 48.132398][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 48.132416][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 48.132430][ T6030] ? __build_skb_around+0x278/0x3b0 [ 48.132446][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 48.132460][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 48.132479][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 48.132496][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 48.132511][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 48.132525][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 48.132539][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 48.132550][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 48.132562][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 48.132580][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 48.132591][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.132605][ T6030] ? lock_acquire+0x2f/0xb0 [ 48.132614][ T6030] ? __fget_files+0x40/0x3f0 [ 48.132628][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.132643][ T6030] ? fput+0x30/0x390 [ 48.132654][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 48.132668][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.132681][ T6030] __sys_bpf+0xfc6/0x49a0 [ 48.132691][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 48.132701][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 48.132711][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 48.132726][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 48.132735][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 48.132751][ T6030] ? find_held_lock+0x59/0x110 [ 48.132766][ T6030] ? lock_acquire+0x2f/0xb0 [ 48.132777][ T6030] __x64_sys_bpf+0x78/0xc0 [ 48.132787][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 48.132801][ T6030] do_syscall_64+0xcd/0x250 [ 48.132816][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.132830][ T6030] RIP: 0033:0x7f5f67b7e719 [ 48.132837][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 48.132846][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 48.132856][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 48.132863][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 48.132869][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 48.132875][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.132881][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 48.132890][ T6030] [ 48.132896][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 48.132901][ T6030] BUG: Bad page state in process syz.1.8 pfn:30eb7 [ 48.132907][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30eb7 [ 48.132910][ T6023] Tainted: [B]=BAD_PAGE [ 48.132913][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.132916][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 48.132919][ T6023] Call Trace: [ 48.132922][ T6023] [ 48.132928][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 48.132926][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 48.132937][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 48.132942][ T6030] page dumped because: page_pool leak [ 48.132941][ T6023] bad_page+0xb3/0x1f0 [ 48.132947][ T6030] page_owner tracks the page as allocated [ 48.132950][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968431346, free_ts 47938358624 [ 48.132955][ T6023] ? __pfx_bad_page+0x10/0x10 [ 48.132964][ T6030] post_alloc_hook+0x2d1/0x350 [ 48.132969][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 48.132975][ T6030] get_page_from_freelist+0x101e/0x3070 [ 48.132983][ T6023] free_unref_page+0x657/0xdc0 [ 48.132986][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 48.132994][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 48.132997][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 48.133009][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 48.133009][ T6023] ? __phys_addr+0xc6/0x150 [ 48.133019][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 48.133021][ T6023] skb_free_head+0xa0/0x1d0 [ 48.133029][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 48.133036][ T6023] skb_release_data+0x560/0x730 [ 48.133039][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 48.133048][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 48.133052][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 48.133061][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 48.133064][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.133077][ T6030] __sys_bpf+0xfc6/0x49a0 [ 48.133077][ T6023] ? kernel_text_address+0x8d/0x100 [ 48.133086][ T6030] __x64_sys_bpf+0x78/0xc0 [ 48.133087][ T6023] ? hlock_class+0x4e/0x130 [ 48.133096][ T6030] do_syscall_64+0xcd/0x250 [ 48.133099][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 48.133108][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 48.133110][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.133122][ T6030] page last free pid 6026 tgid 6026 stack trace: [ 48.133125][ T6023] ? hlock_class+0x4e/0x130 [ 48.133128][ T6030] free_unref_page+0x5f4/0xdc0 [ 48.133138][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 48.133138][ T6030] __put_partials+0x14c/0x170 [ 48.133148][ T6030] qlist_free_all+0x4e/0x120 [ 48.133150][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 48.133156][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 48.133160][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 48.133166][ T6030] __kasan_slab_alloc+0x69/0x90 [ 48.133190][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 48.133193][ T6030] kmem_cache_alloc_noprof+0x121/0x2f0 [ 48.133203][ T6030] prepare_creds+0x2e/0x750 [ 48.133208][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 48.133217][ T6030] prepare_exec_creds+0x10/0x240 [ 48.133221][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.133230][ T6030] bprm_execve+0xc2/0x1960 [ 48.133236][ T6023] ? lock_acquire+0x2f/0xb0 [ 48.133243][ T6030] kernel_execve+0x2ef/0x3b0 [ 48.133245][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.133260][ T6030] call_usermodehelper_exec_async+0x255/0x4c0 [ 48.133260][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 48.133271][ T6030] ret_from_fork+0x45/0x80 [ 48.133277][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 48.133279][ T6030] ret_from_fork_asm+0x1a/0x30 [ 48.133292][ T6030] Modules linked in: [ 48.133292][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 48.133307][ T6023] ? __build_skb_around+0x278/0x3b0 [ 48.133322][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 48.133337][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 48.133353][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 48.133370][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 48.133384][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 48.133397][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 48.133434][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 48.133444][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 48.133454][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 48.133470][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 48.133480][ T6023] ? 0xffffffffa0004340 [ 48.133487][ T6023] ? 0xffffffffa0004340 [ 48.133494][ T6023] ? 0xffffffffa0004340 [ 48.133500][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 48.133512][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.133527][ T6023] ? lock_acquire+0x2f/0xb0 [ 48.133536][ T6023] ? __fget_files+0x40/0x3f0 [ 48.133551][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.133567][ T6023] ? fput+0x30/0x390 [ 48.133578][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 48.133592][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.133606][ T6023] __sys_bpf+0xfc6/0x49a0 [ 48.133616][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 48.133629][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 48.133640][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 48.133650][ T6023] ? __schedule+0xe5d/0x5730 [ 48.133663][ T6023] ? __fget_files+0x23a/0x3f0 [ 48.133677][ T6023] ? do_futex+0x123/0x350 [ 48.133689][ T6023] ? __pfx_do_futex+0x10/0x10 [ 48.133704][ T6023] ? xfd_validate_state+0x5d/0x180 [ 48.133713][ T6023] ? rcu_is_watching+0x12/0xc0 [ 48.133726][ T6023] __x64_sys_bpf+0x78/0xc0 [ 48.133736][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 48.133750][ T6023] do_syscall_64+0xcd/0x250 [ 48.133764][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.133778][ T6023] RIP: 0033:0x7f5f67b7e719 [ 48.133786][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 48.133795][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 48.133805][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 48.133811][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 48.133817][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 48.133823][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.133829][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 48.133838][ T6023] [ 48.133847][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8ba [ 48.133844][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 48.133853][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8ba [ 48.133860][ T6030] Tainted: [B]=BAD_PAGE [ 48.133862][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 48.133863][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.133869][ T6030] Call Trace: [ 48.133873][ T6030] [ 48.133874][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 48.133876][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 48.133883][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 48.133888][ T6023] page dumped because: page_pool leak [ 48.133892][ T6023] page_owner tracks the page as allocated [ 48.133893][ T6030] bad_page+0xb3/0x1f0 [ 48.133895][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959495406, free_ts 0 [ 48.133907][ T6030] ? __pfx_bad_page+0x10/0x10 [ 48.133910][ T6023] post_alloc_hook+0x2d1/0x350 [ 48.133921][ T6023] get_page_from_freelist+0x101e/0x3070 [ 48.133921][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 48.133933][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 48.133935][ T6030] free_unref_page+0x657/0xdc0 [ 48.133944][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 48.133946][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 48.133956][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 48.133962][ T6030] ? __phys_addr+0xc6/0x150 [ 48.133967][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 48.133974][ T6030] skb_free_head+0xa0/0x1d0 [ 48.133977][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 48.133987][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 48.133990][ T6030] skb_release_data+0x560/0x730 [ 48.134000][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 48.134002][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 48.134012][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.134014][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 48.134025][ T6023] __sys_bpf+0xfc6/0x49a0 [ 48.134031][ T6030] ? kernel_text_address+0x8d/0x100 [ 48.134034][ T6023] __x64_sys_bpf+0x78/0xc0 [ 48.134041][ T6030] ? hlock_class+0x4e/0x130 [ 48.134044][ T6023] do_syscall_64+0xcd/0x250 [ 48.134054][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 48.134059][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.134063][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 48.134072][ T6023] page_owner free stack trace missing [ 48.134075][ T6023] Modules linked in: [ 48.134081][ T6030] ? hlock_class+0x4e/0x130 [ 48.134096][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 48.134109][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 48.134120][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 48.134136][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 48.134151][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 48.134163][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.134178][ T6030] ? lock_acquire+0x2f/0xb0 [ 48.134187][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.134202][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 48.134218][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 48.134233][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 48.134248][ T6030] ? __build_skb_around+0x278/0x3b0 [ 48.134268][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 48.134282][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 48.134298][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 48.134315][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 48.134328][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 48.134342][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 48.134356][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 48.134367][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 48.134379][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 48.134396][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 48.134408][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.134423][ T6030] ? lock_acquire+0x2f/0xb0 [ 48.134431][ T6030] ? __fget_files+0x40/0x3f0 [ 48.134445][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.134460][ T6030] ? fput+0x30/0x390 [ 48.134471][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 48.134485][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.134499][ T6030] __sys_bpf+0xfc6/0x49a0 [ 48.134509][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 48.134519][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 48.134530][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 48.134544][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 48.134553][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 48.134569][ T6030] ? find_held_lock+0x59/0x110 [ 48.134584][ T6030] ? lock_acquire+0x2f/0xb0 [ 48.134594][ T6030] __x64_sys_bpf+0x78/0xc0 [ 48.134605][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 48.134619][ T6030] do_syscall_64+0xcd/0x250 [ 48.134633][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.134648][ T6030] RIP: 0033:0x7f5f67b7e719 [ 48.134655][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 48.134664][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 48.134674][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 48.134680][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 48.134687][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 48.134693][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.134698][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 48.134707][ T6030] [ 48.134717][ T6030] BUG: Bad page state in process syz.1.8 pfn:30eb6 [ 48.134714][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 48.134723][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30eb6 [ 48.134728][ T6023] Tainted: [B]=BAD_PAGE [ 48.134732][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.134732][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 48.134738][ T6023] Call Trace: [ 48.134741][ T6023] [ 48.134744][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 48.134745][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 48.134752][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 48.134758][ T6030] page dumped because: page_pool leak [ 48.134762][ T6030] page_owner tracks the page as allocated [ 48.134762][ T6023] bad_page+0xb3/0x1f0 [ 48.134765][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968427191, free_ts 47938358624 [ 48.134776][ T6023] ? __pfx_bad_page+0x10/0x10 [ 48.134780][ T6030] post_alloc_hook+0x2d1/0x350 [ 48.134791][ T6030] get_page_from_freelist+0x101e/0x3070 [ 48.134790][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 48.134802][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 48.134804][ T6023] free_unref_page+0x657/0xdc0 [ 48.134813][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 48.134814][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 48.134825][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 48.134830][ T6023] ? __phys_addr+0xc6/0x150 [ 48.134842][ T6023] skb_free_head+0xa0/0x1d0 [ 48.134857][ T6023] skb_release_data+0x560/0x730 [ 48.134869][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 48.134881][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 48.134898][ T6023] ? kernel_text_address+0x8d/0x100 [ 48.134908][ T6023] ? hlock_class+0x4e/0x130 [ 48.134920][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 48.134929][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 48.134946][ T6023] ? hlock_class+0x4e/0x130 [ 48.134958][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 48.134969][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 48.134980][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 48.134996][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 48.135011][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 48.135023][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.135038][ T6023] ? lock_acquire+0x2f/0xb0 [ 48.135047][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.135063][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 48.135078][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 48.135094][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 48.135109][ T6023] ? __build_skb_around+0x278/0x3b0 [ 48.135124][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 48.135139][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 48.135155][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 48.135172][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 48.135185][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 48.135199][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 48.135306][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 48.135317][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 48.135327][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 48.135346][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 48.135357][ T6023] ? 0xffffffffa0004340 [ 48.135365][ T6023] ? 0xffffffffa0004340 [ 48.135371][ T6023] ? 0xffffffffa0004340 [ 48.135378][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 48.135459][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.135477][ T6023] ? lock_acquire+0x2f/0xb0 [ 48.135486][ T6023] ? __fget_files+0x40/0x3f0 [ 48.135500][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.135515][ T6023] ? fput+0x30/0x390 [ 48.135527][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 48.135541][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.135554][ T6023] __sys_bpf+0xfc6/0x49a0 [ 48.135564][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 48.135578][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 48.135589][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 48.135600][ T6023] ? __schedule+0xe5d/0x5730 [ 48.135612][ T6023] ? __fget_files+0x23a/0x3f0 [ 48.135626][ T6023] ? do_futex+0x123/0x350 [ 48.135638][ T6023] ? __pfx_do_futex+0x10/0x10 [ 48.135653][ T6023] ? xfd_validate_state+0x5d/0x180 [ 48.135663][ T6023] ? rcu_is_watching+0x12/0xc0 [ 48.135678][ T6023] __x64_sys_bpf+0x78/0xc0 [ 48.135691][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 48.135707][ T6023] do_syscall_64+0xcd/0x250 [ 48.135727][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.135744][ T6023] RIP: 0033:0x7f5f67b7e719 [ 48.135754][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 48.135768][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 48.135778][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 48.135785][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 48.135794][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 48.135800][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.135806][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 48.135817][ T6023] [ 48.135834][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8b9 [ 48.135842][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8b9 [ 48.135852][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 48.135867][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 48.135875][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 48.135881][ T6023] page dumped because: page_pool leak [ 48.135885][ T6023] page_owner tracks the page as allocated [ 48.135888][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959489004, free_ts 0 [ 48.135905][ T6023] post_alloc_hook+0x2d1/0x350 [ 48.135916][ T6023] get_page_from_freelist+0x101e/0x3070 [ 48.135931][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 48.135943][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 48.135954][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 48.135969][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 48.135980][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 48.135992][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 48.136007][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 48.136019][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.136034][ T6023] __sys_bpf+0xfc6/0x49a0 [ 48.136043][ T6023] __x64_sys_bpf+0x78/0xc0 [ 48.136057][ T6023] do_syscall_64+0xcd/0x250 [ 48.136072][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.136085][ T6023] page_owner free stack trace missing [ 48.136089][ T6023] Modules linked in: [ 48.136095][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 48.136109][ T6023] Tainted: [B]=BAD_PAGE [ 48.136113][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.136118][ T6023] Call Trace: [ 48.136121][ T6023] [ 48.136125][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 48.136140][ T6023] bad_page+0xb3/0x1f0 [ 48.136154][ T6023] ? __pfx_bad_page+0x10/0x10 [ 48.136172][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 48.136186][ T6023] free_unref_page+0x657/0xdc0 [ 48.136196][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 48.136218][ T6023] ? __phys_addr+0xc6/0x150 [ 48.136233][ T6023] skb_free_head+0xa0/0x1d0 [ 48.136248][ T6023] skb_release_data+0x560/0x730 [ 48.136259][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 48.136271][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 48.136288][ T6023] ? kernel_text_address+0x8d/0x100 [ 48.136297][ T6023] ? hlock_class+0x4e/0x130 [ 48.136310][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 48.136319][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 48.136336][ T6023] ? hlock_class+0x4e/0x130 [ 48.136347][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 48.136359][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 48.136369][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 48.136385][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 48.136407][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 48.136422][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.136437][ T6023] ? lock_acquire+0x2f/0xb0 [ 48.136446][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 48.136466][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 48.136482][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 48.136497][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 48.136512][ T6023] ? __build_skb_around+0x278/0x3b0 [ 48.136527][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 48.136542][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 48.136558][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 48.136574][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 48.136588][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 48.136602][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 48.138396][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 48.139836][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 48.141210][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 48.142728][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 48.142746][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 48.142763][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 48.142774][ T6023] ? 0xffffffffa0004340 [ 48.144075][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 48.145424][ T6023] ? 0xffffffffa0004340 [ 48.146999][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 48.148547][ T6023] ? 0xffffffffa0004340 [ 48.150051][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.151142][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 48.152508][ T6030] __sys_bpf+0xfc6/0x49a0 [ 48.153970][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.154032][ T6023] ? lock_acquire+0x2f/0xb0 [ 48.154044][ T6023] ? __fget_files+0x40/0x3f0 [ 48.154059][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.154075][ T6023] ? fput+0x30/0x390 [ 48.155547][ T6030] __x64_sys_bpf+0x78/0xc0 [ 48.156731][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 48.157976][ T6030] do_syscall_64+0xcd/0x250 [ 48.159508][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 48.160508][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.161821][ T6023] __sys_bpf+0xfc6/0x49a0 [ 48.161840][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 48.161855][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 48.161867][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 48.161878][ T6023] ? __schedule+0xe5d/0x5730 [ 48.163384][ T6030] page last free pid 6026 tgid 6026 stack trace: [ 48.164537][ T6023] ? __fget_files+0x23a/0x3f0 [ 48.165826][ T6030] free_unref_page+0x5f4/0xdc0 [ 48.167313][ T6023] ? do_futex+0x123/0x350 [ 48.168671][ T6030] __put_partials+0x14c/0x170 [ 48.169832][ T6023] ? __pfx_do_futex+0x10/0x10 [ 48.171074][ T6030] qlist_free_all+0x4e/0x120 [ 48.172169][ T6023] ? xfd_validate_state+0x5d/0x180 [ 48.172188][ T6023] ? rcu_is_watching+0x12/0xc0 [ 48.172202][ T6023] __x64_sys_bpf+0x78/0xc0 [ 48.172215][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 48.173389][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 48.174662][ T6023] do_syscall_64+0xcd/0x250 [ 48.175893][ T6030] __kasan_slab_alloc+0x69/0x90 [ 48.177039][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.178301][ T6030] kmem_cache_alloc_noprof+0x121/0x2f0 [ 48.179472][ T6023] RIP: 0033:0x7f5f67b7e719 [ 48.180971][ T6030] prepare_creds+0x2e/0x750 [ 48.182147][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 48.182164][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 48.182175][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 48.182181][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 48.182188][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 48.182194][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.187167][ T6030] prepare_exec_creds+0x10/0x240 [ 48.189190][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 48.191222][ T6030] bprm_execve+0xc2/0x1960 [ 48.193289][ T6023] [ 48.193358][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8b8 [ 48.195361][ T6030] kernel_execve+0x2ef/0x3b0 [ 48.197357][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8b8 [ 48.199290][ T6030] call_usermodehelper_exec_async+0x255/0x4c0 [ 48.200087][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 48.202763][ T6030] ret_from_fork+0x45/0x80 [ 48.205470][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 48.205484][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 48.205490][ T6023] page dumped because: page_pool leak [ 48.206315][ T6030] ret_from_fork_asm+0x1a/0x30 [ 48.207064][ T6023] page_owner tracks the page as allocated [ 48.208279][ T6030] Modules linked in: [ 48.209348][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959482276, free_ts 0 [ 48.210673][ T6030] [ 48.210684][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 48.212020][ T6023] post_alloc_hook+0x2d1/0x350 [ 48.213703][ T6030] Tainted: [B]=BAD_PAGE [ 48.214975][ T6023] get_page_from_freelist+0x101e/0x3070 [ 48.216219][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.217957][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 48.219244][ T6030] Call Trace: [ 48.219254][ T6030] [ 48.221483][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 48.223183][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 48.224357][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 48.226581][ T6030] bad_page+0xb3/0x1f0 [ 48.227879][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 48.230282][ T6030] ? __pfx_bad_page+0x10/0x10 [ 48.231772][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 48.233155][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 48.234926][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 48.239226][ T6030] free_unref_page+0x657/0xdc0 [ 48.240925][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 48.242109][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 48.242134][ T6030] ? __phys_addr+0xc6/0x150 [ 48.242147][ T6030] skb_free_head+0xa0/0x1d0 [ 48.242164][ T6030] skb_release_data+0x560/0x730 [ 48.243405][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 48.244858][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 48.246041][ T6023] __sys_bpf+0xfc6/0x49a0 [ 48.247451][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 48.248784][ T6023] __x64_sys_bpf+0x78/0xc0 [ 48.250566][ T6030] ? kernel_text_address+0x8d/0x100 [ 48.252458][ T6023] do_syscall_64+0xcd/0x250 [ 48.253926][ T6030] ? hlock_class+0x4e/0x130 [ 48.255069][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.256386][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 48.257647][ T6023] page_owner free stack trace missing [ 48.257654][ T6023] Modules linked in: [ 48.258993][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 48.260305][ T6023] [ 49.389697][ T6030] ? hlock_class+0x4e/0x130 [ 49.389717][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 49.389729][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 49.389740][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 49.395242][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 49.396945][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 49.398324][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 49.399971][ T6030] ? lock_acquire+0x2f/0xb0 [ 49.401166][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 49.402818][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 49.404354][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 49.406036][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 49.407338][ T6030] ? __build_skb_around+0x278/0x3b0 [ 49.408641][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 49.409990][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 49.411682][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 49.413527][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 49.414940][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 49.416340][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 49.417912][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 49.419488][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 49.420999][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 49.422251][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 49.423765][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 49.425180][ T6030] ? lock_acquire+0x2f/0xb0 [ 49.426383][ T6030] ? __fget_files+0x40/0x3f0 [ 49.427603][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 49.429164][ T6030] ? fput+0x30/0x390 [ 49.430209][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 49.431470][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 49.432985][ T6030] __sys_bpf+0xfc6/0x49a0 [ 49.434143][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 49.435499][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 49.436753][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 49.438160][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 49.439564][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 49.441089][ T6030] ? find_held_lock+0x59/0x110 [ 49.442398][ T6030] ? lock_acquire+0x2f/0xb0 [ 49.443609][ T6030] __x64_sys_bpf+0x78/0xc0 [ 49.444789][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 49.446171][ T6030] do_syscall_64+0xcd/0x250 [ 49.447371][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 49.448911][ T6030] RIP: 0033:0x7f5f67b7e719 [ 49.450082][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 49.455057][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 49.457214][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 49.459259][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 49.461223][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 49.463203][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 49.465153][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 49.467137][ T6030] [ 49.467925][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 49.467993][ C0] vkms_vblank_simulate: vblank timer overrun [ 49.470980][ T6023] Tainted: [B]=BAD_PAGE [ 49.470989][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 49.472586][ T6030] BUG: Bad page state in process syz.1.8 pfn:30eb5 [ 49.473649][ T6023] Call Trace: [ 49.476295][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30eb5 [ 49.477941][ T6023] [ 49.478822][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 49.481070][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 49.481906][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 49.483709][ T6023] bad_page+0xb3/0x1f0 [ 49.484941][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 49.487183][ T6023] ? __pfx_bad_page+0x10/0x10 [ 49.488291][ T6030] page dumped because: page_pool leak [ 49.490515][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 49.491813][ T6030] page_owner tracks the page as allocated [ 49.493184][ T6023] free_unref_page+0x657/0xdc0 [ 49.494463][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968423081, free_ts 47938358624 [ 49.495940][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 49.497182][ T6030] post_alloc_hook+0x2d1/0x350 [ 49.501381][ T6023] ? __phys_addr+0xc6/0x150 [ 49.501424][ T6023] skb_free_head+0xa0/0x1d0 [ 49.502978][ T6030] get_page_from_freelist+0x101e/0x3070 [ 49.504231][ T6023] skb_release_data+0x560/0x730 [ 49.504249][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 49.505445][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 49.506637][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 49.508081][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 49.509374][ T6023] ? kernel_text_address+0x8d/0x100 [ 49.510719][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 49.512086][ T6023] ? hlock_class+0x4e/0x130 [ 49.512108][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 49.512118][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 49.513854][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 49.515289][ T6023] ? hlock_class+0x4e/0x130 [ 49.516636][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 49.518173][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 49.519358][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 49.520668][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 49.520687][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 49.522562][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 49.523915][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 49.525089][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 49.526428][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 49.527713][ T6030] __sys_bpf+0xfc6/0x49a0 [ 49.529315][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 49.530673][ T6030] __x64_sys_bpf+0x78/0xc0 [ 49.532245][ T6023] ? lock_acquire+0x2f/0xb0 [ 49.532268][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 49.532284][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 49.533687][ T6030] do_syscall_64+0xcd/0x250 [ 49.535379][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 49.536772][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 49.538131][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 49.538154][ T6023] ? __build_skb_around+0x278/0x3b0 [ 49.539271][ T6030] page last free pid 6026 tgid 6026 stack trace: [ 49.540905][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 49.542107][ T6030] free_unref_page+0x5f4/0xdc0 [ 49.543261][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 49.544888][ T6030] __put_partials+0x14c/0x170 [ 49.546491][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 49.547679][ T6030] qlist_free_all+0x4e/0x120 [ 49.549410][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 49.550950][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 49.551316][ T5956] Bluetooth: hci0: command tx timeout [ 49.552298][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 49.552316][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 49.552329][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 49.552340][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 49.553749][ T6030] __kasan_slab_alloc+0x69/0x90 [ 49.555382][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 49.556747][ T6030] kmem_cache_alloc_noprof+0x121/0x2f0 [ 49.558006][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 49.559633][ T6030] prepare_creds+0x2e/0x750 [ 49.560863][ T6023] ? 0xffffffffa0004340 [ 49.561381][ T5956] Bluetooth: hci2: command tx timeout [ 49.561416][ T5956] Bluetooth: hci3: command tx timeout [ 49.562621][ T6030] prepare_exec_creds+0x10/0x240 [ 49.563803][ T6023] ? 0xffffffffa0004340 [ 49.565290][ T6030] bprm_execve+0xc2/0x1960 [ 49.566740][ T6023] ? 0xffffffffa0004340 [ 49.568145][ T6030] kernel_execve+0x2ef/0x3b0 [ 49.569539][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 49.571087][ T6030] call_usermodehelper_exec_async+0x255/0x4c0 [ 49.572362][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 49.572389][ T6023] ? lock_acquire+0x2f/0xb0 [ 49.572399][ T6023] ? __fget_files+0x40/0x3f0 [ 49.573742][ T6030] ret_from_fork+0x45/0x80 [ 49.575002][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 49.576523][ T6030] ret_from_fork_asm+0x1a/0x30 [ 49.577937][ T6023] ? fput+0x30/0x390 [ 49.579367][ T6030] Modules linked in: [ 49.580551][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 49.604671][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 49.606205][ T6023] __sys_bpf+0xfc6/0x49a0 [ 49.607328][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 49.608593][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 49.610111][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 49.611357][ T6023] ? __schedule+0xe5d/0x5730 [ 49.612566][ T6023] ? __fget_files+0x23a/0x3f0 [ 49.613811][ T6023] ? do_futex+0x123/0x350 [ 49.614939][ T6023] ? __pfx_do_futex+0x10/0x10 [ 49.616158][ T6023] ? xfd_validate_state+0x5d/0x180 [ 49.617409][ T6023] ? rcu_is_watching+0x12/0xc0 [ 49.618621][ T6023] __x64_sys_bpf+0x78/0xc0 [ 49.619738][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 49.621073][ T6023] do_syscall_64+0xcd/0x250 [ 49.622328][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 49.623866][ T6023] RIP: 0033:0x7f5f67b7e719 [ 49.625041][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 49.630013][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 49.632176][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 49.634253][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 49.636302][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 49.638357][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 49.640385][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 49.642442][ T6023] [ 49.643258][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 49.643325][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8b7 [ 49.646358][ T6030] Tainted: [B]=BAD_PAGE [ 49.646367][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 49.648070][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8b7 [ 49.649159][ T6030] Call Trace: [ 49.652006][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 49.654257][ T6030] [ 49.655183][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 49.656989][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 49.657799][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 49.659999][ T6030] bad_page+0xb3/0x1f0 [ 49.661246][ T6023] page dumped because: page_pool leak [ 49.663467][ T6030] ? __pfx_bad_page+0x10/0x10 [ 49.664583][ T6023] page_owner tracks the page as allocated [ 49.666079][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 49.667301][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959476008, free_ts 0 [ 49.668787][ T6030] free_unref_page+0x657/0xdc0 [ 49.670073][ T6023] post_alloc_hook+0x2d1/0x350 [ 49.674114][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 49.674142][ T6030] ? __phys_addr+0xc6/0x150 [ 49.675507][ T6023] get_page_from_freelist+0x101e/0x3070 [ 49.676765][ T6030] skb_free_head+0xa0/0x1d0 [ 49.678360][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 49.679686][ T6030] skb_release_data+0x560/0x730 [ 49.681185][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 49.682386][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 49.682406][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 49.682423][ T6030] ? kernel_text_address+0x8d/0x100 [ 49.683824][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 49.685095][ T6030] ? hlock_class+0x4e/0x130 [ 49.686527][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 49.687848][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 49.689577][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 49.690938][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 49.692524][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 49.693729][ T6030] ? hlock_class+0x4e/0x130 [ 49.695104][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 49.696427][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 49.697779][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 49.699623][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 49.701230][ T6023] __sys_bpf+0xfc6/0x49a0 [ 49.702432][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 49.702462][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 49.702477][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 49.703851][ T6023] __x64_sys_bpf+0x78/0xc0 [ 49.705148][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 49.706552][ T6023] do_syscall_64+0xcd/0x250 [ 49.707914][ T6030] ? lock_acquire+0x2f/0xb0 [ 49.709055][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 49.710637][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 49.712369][ T6023] page_owner free stack trace missing [ 49.713723][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 49.714891][ T6023] Modules linked in: [ 49.716545][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 49.717689][ T6023] [ 49.728433][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 49.729815][ T6030] ? __build_skb_around+0x278/0x3b0 [ 49.731174][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 49.732574][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 49.734251][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 49.735967][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 49.737437][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 49.738814][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 49.740333][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 49.741878][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 49.743410][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 49.744692][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 49.746238][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 49.747636][ T6030] ? lock_acquire+0x2f/0xb0 [ 49.748825][ T6030] ? __fget_files+0x40/0x3f0 [ 49.750045][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 49.751593][ T6030] ? fput+0x30/0x390 [ 49.752620][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 49.753900][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 49.755416][ T6030] __sys_bpf+0xfc6/0x49a0 [ 49.756515][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 49.757857][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 49.759116][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 49.760466][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 49.761839][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 49.763221][ T6030] ? find_held_lock+0x59/0x110 [ 49.764481][ T6030] ? lock_acquire+0x2f/0xb0 [ 49.765675][ T6030] __x64_sys_bpf+0x78/0xc0 [ 49.766852][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 49.768219][ T6030] do_syscall_64+0xcd/0x250 [ 49.769380][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 49.770913][ T6030] RIP: 0033:0x7f5f67b7e719 [ 49.772077][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 49.776977][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 49.779075][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 49.781116][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 49.783166][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 49.785207][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 49.787247][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 49.789291][ T6030] [ 49.790515][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 49.790578][ C0] vkms_vblank_simulate: vblank timer overrun [ 49.793656][ T6023] Tainted: [B]=BAD_PAGE [ 49.795273][ T6030] BUG: Bad page state in process syz.1.8 pfn:30eb4 [ 49.796302][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 49.797996][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30eb4 [ 49.800809][ T6023] Call Trace: [ 49.803239][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 49.804074][ T6023] [ 49.804081][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 49.805925][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 49.806701][ T6023] bad_page+0xb3/0x1f0 [ 49.807917][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 49.810156][ T6023] ? __pfx_bad_page+0x10/0x10 [ 49.811226][ T6030] page dumped because: page_pool leak [ 49.813442][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 49.813469][ T6023] free_unref_page+0x657/0xdc0 [ 49.813480][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 49.814648][ T6030] page_owner tracks the page as allocated [ 49.816030][ T6023] ? __phys_addr+0xc6/0x150 [ 49.817281][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968418869, free_ts 47938358624 [ 49.818535][ T6023] skb_free_head+0xa0/0x1d0 [ 49.820012][ T6030] post_alloc_hook+0x2d1/0x350 [ 49.821489][ T6023] skb_release_data+0x560/0x730 [ 49.821505][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 49.821518][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 49.821535][ T6023] ? kernel_text_address+0x8d/0x100 [ 49.822692][ T6030] get_page_from_freelist+0x101e/0x3070 [ 49.826966][ T6023] ? hlock_class+0x4e/0x130 [ 49.828127][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 49.829375][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 49.830635][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 49.831941][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 49.831965][ T6023] ? hlock_class+0x4e/0x130 [ 49.831978][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 49.833702][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 49.835053][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 49.836467][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 49.837620][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 49.837646][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 49.838950][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 49.840219][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 49.841659][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 49.843465][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 49.844631][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 49.845933][ T6023] ? lock_acquire+0x2f/0xb0 [ 49.847476][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 49.848837][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 49.850221][ T6030] __sys_bpf+0xfc6/0x49a0 [ 49.851797][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 49.851829][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 49.853535][ T6030] __x64_sys_bpf+0x78/0xc0 [ 49.854923][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 49.856177][ T6030] do_syscall_64+0xcd/0x250 [ 49.857793][ T6023] ? __build_skb_around+0x278/0x3b0 [ 49.859431][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 49.860892][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 49.862105][ T6030] page last free pid 6026 tgid 6026 stack trace: [ 49.863515][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 49.865165][ T6030] free_unref_page+0x5f4/0xdc0 [ 49.866307][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 49.867896][ T6030] __put_partials+0x14c/0x170 [ 49.869845][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 49.871019][ T6030] qlist_free_all+0x4e/0x120 [ 49.872322][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 49.872344][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 49.872357][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 49.873680][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 49.873698][ T6030] __kasan_slab_alloc+0x69/0x90 [ 49.873710][ T6030] kmem_cache_alloc_noprof+0x121/0x2f0 [ 49.873721][ T6030] prepare_creds+0x2e/0x750 [ 49.873735][ T6030] prepare_exec_creds+0x10/0x240 [ 49.873749][ T6030] bprm_execve+0xc2/0x1960 [ 49.873762][ T6030] kernel_execve+0x2ef/0x3b0 [ 49.873776][ T6030] call_usermodehelper_exec_async+0x255/0x4c0 [ 49.873787][ T6030] ret_from_fork+0x45/0x80 [ 49.873796][ T6030] ret_from_fork_asm+0x1a/0x30 [ 49.873810][ T6030] Modules linked in: [ 49.907659][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 49.908956][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 49.910792][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 49.912166][ T6023] ? 0xffffffffa0004340 [ 49.913554][ T6023] ? 0xffffffffa0004340 [ 49.914708][ T6023] ? 0xffffffffa0004340 [ 49.915792][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 49.917244][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 49.918591][ T6023] ? lock_acquire+0x2f/0xb0 [ 49.919714][ T6023] ? __fget_files+0x40/0x3f0 [ 49.920855][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 49.922385][ T6023] ? fput+0x30/0x390 [ 49.923434][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 49.924699][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 49.926143][ T6023] __sys_bpf+0xfc6/0x49a0 [ 49.927185][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 49.928569][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 49.930934][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 49.932175][ T6023] ? __schedule+0xe5d/0x5730 [ 49.933381][ T6023] ? __fget_files+0x23a/0x3f0 [ 49.934595][ T6023] ? do_futex+0x123/0x350 [ 49.935935][ T6023] ? __pfx_do_futex+0x10/0x10 [ 49.937233][ T6023] ? xfd_validate_state+0x5d/0x180 [ 49.938678][ T6023] ? rcu_is_watching+0x12/0xc0 [ 49.940041][ T6023] __x64_sys_bpf+0x78/0xc0 [ 49.941234][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 49.942605][ T6023] do_syscall_64+0xcd/0x250 [ 49.943906][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 49.945509][ T6023] RIP: 0033:0x7f5f67b7e719 [ 49.946693][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 49.951715][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 49.953926][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 49.955998][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 49.958216][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 49.960300][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 49.961384][ T5959] Bluetooth: hci1: command tx timeout [ 49.962362][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 49.962377][ T6023] [ 49.962385][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 49.962455][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8b6 [ 49.962464][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8b6 [ 49.962474][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 49.962487][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 49.962496][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 49.962502][ T6023] page dumped because: page_pool leak [ 49.962507][ T6023] page_owner tracks the page as allocated [ 49.962510][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959469313, free_ts 0 [ 49.962526][ T6023] post_alloc_hook+0x2d1/0x350 [ 49.962540][ T6023] get_page_from_freelist+0x101e/0x3070 [ 49.962552][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 49.962563][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 49.962574][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 49.962586][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 49.962596][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 49.962605][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 49.962619][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 49.962631][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 49.962644][ T6023] __sys_bpf+0xfc6/0x49a0 [ 49.962654][ T6023] __x64_sys_bpf+0x78/0xc0 [ 49.962664][ T6023] do_syscall_64+0xcd/0x250 [ 49.962679][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 49.962692][ T6023] page_owner free stack trace missing [ 49.962696][ T6023] Modules linked in: [ 50.009565][ T6030] Tainted: [B]=BAD_PAGE [ 50.011101][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 50.013974][ T6030] Call Trace: [ 50.015332][ T6030] [ 50.016198][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 50.017510][ T6030] bad_page+0xb3/0x1f0 [ 50.018632][ T6030] ? __pfx_bad_page+0x10/0x10 [ 50.019880][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 50.021167][ T6030] free_unref_page+0x657/0xdc0 [ 50.022446][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 50.024033][ T6030] ? __phys_addr+0xc6/0x150 [ 50.025242][ T6030] skb_free_head+0xa0/0x1d0 [ 50.026465][ T6030] skb_release_data+0x560/0x730 [ 50.027755][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 50.029117][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 50.030924][ T6030] ? kernel_text_address+0x8d/0x100 [ 50.032307][ T6030] ? hlock_class+0x4e/0x130 [ 50.033551][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 50.034926][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 50.036849][ T6030] ? hlock_class+0x4e/0x130 [ 50.038192][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 50.039622][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 50.041075][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 50.042772][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 50.044547][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 50.045955][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 50.047629][ T6030] ? lock_acquire+0x2f/0xb0 [ 50.048821][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 50.050469][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 50.052172][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 50.053926][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 50.055455][ T6030] ? __build_skb_around+0x278/0x3b0 [ 50.057083][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 50.058542][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 50.060182][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 50.061924][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 50.063408][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 50.064807][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 50.066460][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 50.068111][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 50.069759][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 50.071059][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 50.072707][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 50.074236][ T6030] ? lock_acquire+0x2f/0xb0 [ 50.075505][ T6030] ? __fget_files+0x40/0x3f0 [ 50.076764][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 50.078367][ T6030] ? fput+0x30/0x390 [ 50.079438][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 50.080747][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 50.082283][ T6030] __sys_bpf+0xfc6/0x49a0 [ 50.083421][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 50.084776][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 50.086033][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 50.087537][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 50.089046][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 50.090488][ T6030] ? find_held_lock+0x59/0x110 [ 50.091760][ T6030] ? lock_acquire+0x2f/0xb0 [ 50.092955][ T6030] __x64_sys_bpf+0x78/0xc0 [ 50.094135][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 50.095509][ T6030] do_syscall_64+0xcd/0x250 [ 50.096707][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.098259][ T6030] RIP: 0033:0x7f5f67b7e719 [ 50.099518][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.104628][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 50.106816][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 50.108902][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 50.111132][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 50.113579][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.115880][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 50.118147][ T6030] [ 50.119051][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 50.119078][ C0] vkms_vblank_simulate: vblank timer overrun [ 50.122269][ T6023] Tainted: [B]=BAD_PAGE [ 50.123916][ T6030] BUG: Bad page state in process syz.1.8 pfn:30eb3 [ 50.124910][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 50.126611][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30eb3 [ 50.129596][ T6023] Call Trace: [ 50.129605][ T6023] [ 50.131913][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 50.132735][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 50.133533][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 50.133545][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 50.133551][ T6030] page dumped because: page_pool leak [ 50.133556][ T6030] page_owner tracks the page as allocated [ 50.133559][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968414578, free_ts 47938358624 [ 50.133576][ T6030] post_alloc_hook+0x2d1/0x350 [ 50.133590][ T6030] get_page_from_freelist+0x101e/0x3070 [ 50.133601][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 50.133613][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 50.133625][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 50.133637][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 50.133647][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 50.133657][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 50.135627][ T6023] bad_page+0xb3/0x1f0 [ 50.137022][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 50.139256][ T6023] ? __pfx_bad_page+0x10/0x10 [ 50.141593][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 50.143066][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 50.144676][ T6030] __sys_bpf+0xfc6/0x49a0 [ 50.149344][ T6023] free_unref_page+0x657/0xdc0 [ 50.150579][ T6030] __x64_sys_bpf+0x78/0xc0 [ 50.152106][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 50.152140][ T6023] ? __phys_addr+0xc6/0x150 [ 50.152153][ T6023] skb_free_head+0xa0/0x1d0 [ 50.153563][ T6030] do_syscall_64+0xcd/0x250 [ 50.154971][ T6023] skb_release_data+0x560/0x730 [ 50.156584][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.157969][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 50.159384][ T6030] page last free pid 6026 tgid 6026 stack trace: [ 50.161087][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 50.162288][ T6030] free_unref_page+0x5f4/0xdc0 [ 50.163707][ T6023] ? kernel_text_address+0x8d/0x100 [ 50.164924][ T6030] __put_partials+0x14c/0x170 [ 50.166264][ T6023] ? hlock_class+0x4e/0x130 [ 50.167506][ T6030] qlist_free_all+0x4e/0x120 [ 50.168603][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 50.169855][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 50.171060][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 50.171089][ T6023] ? hlock_class+0x4e/0x130 [ 50.172861][ T6030] __kasan_slab_alloc+0x69/0x90 [ 50.174234][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 50.175540][ T6030] kmem_cache_alloc_noprof+0x121/0x2f0 [ 50.176813][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 50.178154][ T6030] prepare_creds+0x2e/0x750 [ 50.179710][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 50.181075][ T6030] prepare_exec_creds+0x10/0x240 [ 50.182726][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 50.182747][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 50.182761][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 50.182776][ T6023] ? lock_acquire+0x2f/0xb0 [ 50.184481][ T6030] bprm_execve+0xc2/0x1960 [ 50.185697][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 50.187029][ T6030] kernel_execve+0x2ef/0x3b0 [ 50.188232][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 50.189374][ T6030] call_usermodehelper_exec_async+0x255/0x4c0 [ 50.190550][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 50.191868][ T6030] ret_from_fork+0x45/0x80 [ 50.193197][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 50.195678][ T6030] ret_from_fork_asm+0x1a/0x30 [ 50.195704][ T6030] Modules linked in: [ 50.227696][ T6023] ? __build_skb_around+0x278/0x3b0 [ 50.229165][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 50.230566][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 50.232179][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 50.233846][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 50.235279][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 50.236670][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 50.238205][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 50.239492][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 50.240850][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 50.242413][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 50.243889][ T6023] ? 0xffffffffa0004340 [ 50.244991][ T6023] ? 0xffffffffa0004340 [ 50.246106][ T6023] ? 0xffffffffa0004340 [ 50.247206][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 50.248733][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 50.250063][ T6023] ? lock_acquire+0x2f/0xb0 [ 50.251205][ T6023] ? __fget_files+0x40/0x3f0 [ 50.252396][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 50.253930][ T6023] ? fput+0x30/0x390 [ 50.255047][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 50.256405][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 50.257954][ T6023] __sys_bpf+0xfc6/0x49a0 [ 50.259045][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 50.260302][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 50.261781][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 50.262991][ T6023] ? __schedule+0xe5d/0x5730 [ 50.264180][ T6023] ? __fget_files+0x23a/0x3f0 [ 50.265375][ T6023] ? do_futex+0x123/0x350 [ 50.266519][ T6023] ? __pfx_do_futex+0x10/0x10 [ 50.267757][ T6023] ? xfd_validate_state+0x5d/0x180 [ 50.269083][ T6023] ? rcu_is_watching+0x12/0xc0 [ 50.270338][ T6023] __x64_sys_bpf+0x78/0xc0 [ 50.271502][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 50.272955][ T6023] do_syscall_64+0xcd/0x250 [ 50.274323][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.276172][ T6023] RIP: 0033:0x7f5f67b7e719 [ 50.277373][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.282662][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 50.284912][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 50.287003][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 50.289054][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 50.291115][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.293151][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 50.295244][ T6023] [ 50.296063][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 50.296154][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8b5 [ 50.299177][ T6030] Tainted: [B]=BAD_PAGE [ 50.300861][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8b5 [ 50.301958][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 50.301970][ T6030] Call Trace: [ 50.301974][ T6030] [ 50.301979][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 50.302000][ T6030] bad_page+0xb3/0x1f0 [ 50.304237][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 50.307140][ T6030] ? __pfx_bad_page+0x10/0x10 [ 50.308053][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 50.308849][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 50.310122][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 50.311196][ T6030] free_unref_page+0x657/0xdc0 [ 50.313053][ T6023] page dumped because: page_pool leak [ 50.314459][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 50.316996][ T6023] page_owner tracks the page as allocated [ 50.318389][ T6030] ? __phys_addr+0xc6/0x150 [ 50.320614][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959462773, free_ts 0 [ 50.321895][ T6030] skb_free_head+0xa0/0x1d0 [ 50.321919][ T6030] skb_release_data+0x560/0x730 [ 50.321931][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 50.321943][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 50.323353][ T6023] post_alloc_hook+0x2d1/0x350 [ 50.324922][ T6030] ? kernel_text_address+0x8d/0x100 [ 50.326443][ T6023] get_page_from_freelist+0x101e/0x3070 [ 50.327628][ T6030] ? hlock_class+0x4e/0x130 [ 50.331696][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 50.332851][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 50.334136][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 50.335439][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 50.337165][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 50.338425][ T6030] ? hlock_class+0x4e/0x130 [ 50.339769][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 50.341197][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 50.342491][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 50.343825][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 50.345118][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 50.346549][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 50.348360][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 50.349891][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 50.351065][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 50.352429][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 50.352452][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 50.352468][ T6030] ? lock_acquire+0x2f/0xb0 [ 50.353766][ T6023] __sys_bpf+0xfc6/0x49a0 [ 50.355126][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 50.356467][ T6023] __x64_sys_bpf+0x78/0xc0 [ 50.358072][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 50.359617][ T6023] do_syscall_64+0xcd/0x250 [ 50.361148][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 50.362855][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.364226][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 50.365584][ T6023] page_owner free stack trace missing [ 50.367209][ T6030] ? __build_skb_around+0x278/0x3b0 [ 50.368380][ T6023] Modules linked in: [ 50.369510][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 50.384996][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 50.386652][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 50.388376][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 50.389834][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 50.391212][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 50.392738][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 50.394285][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 50.395820][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 50.397106][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 50.398646][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 50.400050][ T6030] ? lock_acquire+0x2f/0xb0 [ 50.401230][ T6030] ? __fget_files+0x40/0x3f0 [ 50.402454][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 50.403967][ T6030] ? fput+0x30/0x390 [ 50.404989][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 50.406247][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 50.407766][ T6030] __sys_bpf+0xfc6/0x49a0 [ 50.408892][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 50.410249][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 50.411494][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 50.412902][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 50.414313][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 50.415695][ T6030] ? find_held_lock+0x59/0x110 [ 50.416945][ T6030] ? lock_acquire+0x2f/0xb0 [ 50.418142][ T6030] __x64_sys_bpf+0x78/0xc0 [ 50.419309][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 50.420649][ T6030] do_syscall_64+0xcd/0x250 [ 50.421843][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.423370][ T6030] RIP: 0033:0x7f5f67b7e719 [ 50.424531][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.429487][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 50.431628][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 50.433669][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 50.435710][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 50.437750][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.439776][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 50.441831][ T6030] [ 50.442645][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 50.442712][ C0] vkms_vblank_simulate: vblank timer overrun [ 50.445739][ T6023] Tainted: [B]=BAD_PAGE [ 50.447310][ T6030] BUG: Bad page state in process syz.1.8 pfn:30eb2 [ 50.448363][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 50.450116][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30eb2 [ 50.453024][ T6023] Call Trace: [ 50.453035][ T6023] [ 50.453040][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 50.453063][ T6023] bad_page+0xb3/0x1f0 [ 50.453078][ T6023] ? __pfx_bad_page+0x10/0x10 [ 50.456206][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 50.457139][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 50.457939][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 50.459156][ T6023] free_unref_page+0x657/0xdc0 [ 50.460222][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 50.461468][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 50.461491][ T6023] ? __phys_addr+0xc6/0x150 [ 50.461504][ T6023] skb_free_head+0xa0/0x1d0 [ 50.461522][ T6023] skb_release_data+0x560/0x730 [ 50.463324][ T6030] page dumped because: page_pool leak [ 50.464593][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 50.466775][ T6030] page_owner tracks the page as allocated [ 50.466786][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968410375, free_ts 47938358624 [ 50.468049][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 50.470303][ T6030] post_alloc_hook+0x2d1/0x350 [ 50.471851][ T6023] ? kernel_text_address+0x8d/0x100 [ 50.471871][ T6023] ? hlock_class+0x4e/0x130 [ 50.473067][ T6030] get_page_from_freelist+0x101e/0x3070 [ 50.474275][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 50.475539][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 50.476931][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 50.478244][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 50.479718][ T6023] ? hlock_class+0x4e/0x130 [ 50.484088][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 50.485784][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 50.487058][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 50.488381][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 50.489563][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 50.490995][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 50.492345][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 50.493701][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 50.495529][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 50.496971][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 50.498155][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 50.499697][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 50.500994][ T6030] __sys_bpf+0xfc6/0x49a0 [ 50.502355][ T6023] ? lock_acquire+0x2f/0xb0 [ 50.502373][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 50.502389][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 50.503766][ T6030] __x64_sys_bpf+0x78/0xc0 [ 50.505077][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 50.506630][ T6030] do_syscall_64+0xcd/0x250 [ 50.508231][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 50.509911][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.511276][ T6023] ? __build_skb_around+0x278/0x3b0 [ 50.511303][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 50.512672][ T6030] page last free pid 6026 tgid 6026 stack trace: [ 50.514096][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 50.515723][ T6030] free_unref_page+0x5f4/0xdc0 [ 50.516854][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 50.518038][ T6030] __put_partials+0x14c/0x170 [ 50.519821][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 50.521468][ T6030] qlist_free_all+0x4e/0x120 [ 50.522606][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 50.524285][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 50.525488][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 50.526839][ T6030] __kasan_slab_alloc+0x69/0x90 [ 50.528960][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 50.530310][ T6030] kmem_cache_alloc_noprof+0x121/0x2f0 [ 50.531681][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 50.531696][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 50.531713][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 50.533437][ T6030] prepare_creds+0x2e/0x750 [ 50.535086][ T6023] ? 0xffffffffa0004340 [ 50.536337][ T6030] prepare_exec_creds+0x10/0x240 [ 50.538058][ T6023] ? 0xffffffffa0004340 [ 50.538069][ T6023] ? 0xffffffffa0004340 [ 50.538075][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 50.539313][ T6030] bprm_execve+0xc2/0x1960 [ 50.540793][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 50.542049][ T6030] kernel_execve+0x2ef/0x3b0 [ 50.543402][ T6023] ? lock_acquire+0x2f/0xb0 [ 50.544737][ T6030] call_usermodehelper_exec_async+0x255/0x4c0 [ 50.546221][ T6023] ? __fget_files+0x40/0x3f0 [ 50.547425][ T6030] ret_from_fork+0x45/0x80 [ 50.548671][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 50.550086][ T6030] ret_from_fork_asm+0x1a/0x30 [ 50.551460][ T6023] ? fput+0x30/0x390 [ 50.551483][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 50.551499][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 50.553019][ T6030] Modules linked in: [ 50.554352][ T6023] __sys_bpf+0xfc6/0x49a0 [ 50.554372][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 50.555547][ T6030] [ 50.556636][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 50.583094][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 50.584350][ T6023] ? __schedule+0xe5d/0x5730 [ 50.585570][ T6023] ? __fget_files+0x23a/0x3f0 [ 50.586805][ T6023] ? do_futex+0x123/0x350 [ 50.587941][ T6023] ? __pfx_do_futex+0x10/0x10 [ 50.589182][ T6023] ? xfd_validate_state+0x5d/0x180 [ 50.590533][ T6023] ? rcu_is_watching+0x12/0xc0 [ 50.591793][ T6023] __x64_sys_bpf+0x78/0xc0 [ 50.592968][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 50.594366][ T6023] do_syscall_64+0xcd/0x250 [ 50.595578][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.597122][ T6023] RIP: 0033:0x7f5f67b7e719 [ 50.598307][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.603288][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 50.605473][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 50.607690][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 50.610038][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 50.612048][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.614347][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 50.616687][ T6023] [ 50.617521][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 50.617610][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8b4 [ 50.620832][ T6030] Tainted: [B]=BAD_PAGE [ 50.622564][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8b4 [ 50.623630][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 50.625888][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 50.628650][ T6030] Call Trace: [ 50.630487][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 50.631354][ T6030] [ 50.631366][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 50.631387][ T6030] bad_page+0xb3/0x1f0 [ 50.633612][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 50.634378][ T6030] ? __pfx_bad_page+0x10/0x10 [ 50.635590][ T6023] page dumped because: page_pool leak [ 50.636640][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 50.638831][ T6023] page_owner tracks the page as allocated [ 50.640045][ T6030] free_unref_page+0x657/0xdc0 [ 50.641479][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959456383, free_ts 0 [ 50.642724][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 50.644291][ T6023] post_alloc_hook+0x2d1/0x350 [ 50.645526][ T6030] ? __phys_addr+0xc6/0x150 [ 50.649566][ T6023] get_page_from_freelist+0x101e/0x3070 [ 50.651109][ T6030] skb_free_head+0xa0/0x1d0 [ 50.652389][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 50.653539][ T6030] skb_release_data+0x560/0x730 [ 50.654971][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 50.656144][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 50.657526][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 50.658795][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 50.660241][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 50.661571][ T6030] ? kernel_text_address+0x8d/0x100 [ 50.661597][ T6030] ? hlock_class+0x4e/0x130 [ 50.663136][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 50.664855][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 50.666248][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 50.667651][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 50.668903][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 50.670229][ T6030] ? hlock_class+0x4e/0x130 [ 50.671645][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 50.673131][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 50.673147][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 50.673169][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 50.673186][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 50.673201][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 50.673214][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 50.673229][ T6030] ? lock_acquire+0x2f/0xb0 [ 50.673238][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 50.673253][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 50.675117][ T6023] __sys_bpf+0xfc6/0x49a0 [ 50.676482][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 50.677674][ T6023] __x64_sys_bpf+0x78/0xc0 [ 50.679062][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 50.680351][ T6023] do_syscall_64+0xcd/0x250 [ 50.681702][ T6030] ? __build_skb_around+0x278/0x3b0 [ 50.681726][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 50.681741][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 50.683280][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.684947][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 50.686299][ T6023] page_owner free stack trace missing [ 50.687928][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 50.689098][ T6023] Modules linked in: [ 50.690722][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 50.692363][ T6023] [ 50.693498][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 50.713923][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 50.715472][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 50.717017][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 50.718311][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 50.719857][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 50.721266][ T6030] ? lock_acquire+0x2f/0xb0 [ 50.722460][ T6030] ? __fget_files+0x40/0x3f0 [ 50.723674][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 50.725189][ T6030] ? fput+0x30/0x390 [ 50.726225][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 50.727483][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 50.728998][ T6030] __sys_bpf+0xfc6/0x49a0 [ 50.730111][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 50.732187][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 50.733545][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 50.734937][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 50.736352][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 50.737745][ T6030] ? find_held_lock+0x59/0x110 [ 50.739021][ T6030] ? lock_acquire+0x2f/0xb0 [ 50.740213][ T6030] __x64_sys_bpf+0x78/0xc0 [ 50.741402][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 50.742776][ T6030] do_syscall_64+0xcd/0x250 [ 50.743981][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.745548][ T6030] RIP: 0033:0x7f5f67b7e719 [ 50.746730][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.751850][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 50.754062][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 50.756106][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 50.758273][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 50.760359][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.762437][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 50.764509][ T6030] [ 50.765339][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 50.765364][ C0] vkms_vblank_simulate: vblank timer overrun [ 50.768460][ T6023] Tainted: [B]=BAD_PAGE [ 50.770117][ T6030] BUG: Bad page state in process syz.1.8 pfn:30eb1 [ 50.771143][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 50.771152][ T6023] Call Trace: [ 50.771156][ T6023] [ 50.771160][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 50.772891][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x30eb1 [ 50.775965][ T6023] bad_page+0xb3/0x1f0 [ 50.776859][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 50.777651][ T6023] ? __pfx_bad_page+0x10/0x10 [ 50.778869][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 50.781122][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 50.782237][ T6030] raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000 [ 50.784010][ T6023] free_unref_page+0x657/0xdc0 [ 50.785233][ T6030] page dumped because: page_pool leak [ 50.787600][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 50.788882][ T6030] page_owner tracks the page as allocated [ 50.791160][ T6023] ? __phys_addr+0xc6/0x150 [ 50.792446][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968406189, free_ts 47938358624 [ 50.793840][ T6023] skb_free_head+0xa0/0x1d0 [ 50.795388][ T6030] post_alloc_hook+0x2d1/0x350 [ 50.796872][ T6023] skb_release_data+0x560/0x730 [ 50.798063][ T6030] get_page_from_freelist+0x101e/0x3070 [ 50.802346][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 50.802369][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 50.802388][ T6023] ? kernel_text_address+0x8d/0x100 [ 50.803603][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 50.804851][ T6023] ? hlock_class+0x4e/0x130 [ 50.806112][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 50.807544][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 50.808789][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 50.810494][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 50.811885][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 50.813247][ T6023] ? hlock_class+0x4e/0x130 [ 50.814425][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 50.815870][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 50.817181][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 50.818734][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 50.820597][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 50.821956][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 50.821987][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 50.823139][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 50.824490][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 50.825781][ T6030] __sys_bpf+0xfc6/0x49a0 [ 50.827378][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 50.828726][ T6030] __x64_sys_bpf+0x78/0xc0 [ 50.830130][ T6023] ? lock_acquire+0x2f/0xb0 [ 50.832018][ T6030] do_syscall_64+0xcd/0x250 [ 50.833681][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 50.835170][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.836711][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 50.837878][ T6030] page last free pid 6026 tgid 6026 stack trace: [ 50.839519][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 50.840681][ T6030] free_unref_page+0x5f4/0xdc0 [ 50.841908][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 50.841928][ T6023] ? __build_skb_around+0x278/0x3b0 [ 50.841945][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 50.841961][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 50.843143][ T6030] __put_partials+0x14c/0x170 [ 50.844792][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 50.846327][ T6030] qlist_free_all+0x4e/0x120 [ 50.847938][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 50.849694][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 50.851446][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 50.851468][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 50.851485][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 50.852723][ T6030] __kasan_slab_alloc+0x69/0x90 [ 50.854091][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 50.854107][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 50.855471][ T6030] kmem_cache_alloc_noprof+0x121/0x2f0 [ 50.856855][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 50.858474][ T6030] prepare_creds+0x2e/0x750 [ 50.859709][ T6023] ? 0xffffffffa0004340 [ 50.861461][ T6030] prepare_exec_creds+0x10/0x240 [ 50.862636][ T6023] ? 0xffffffffa0004340 [ 50.864063][ T6030] bprm_execve+0xc2/0x1960 [ 50.865534][ T6023] ? 0xffffffffa0004340 [ 50.866933][ T6030] kernel_execve+0x2ef/0x3b0 [ 50.868449][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 50.869729][ T6030] call_usermodehelper_exec_async+0x255/0x4c0 [ 50.870993][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 50.871019][ T6023] ? lock_acquire+0x2f/0xb0 [ 50.872418][ T6030] ret_from_fork+0x45/0x80 [ 50.873947][ T6023] ? __fget_files+0x40/0x3f0 [ 50.875375][ T6030] ret_from_fork_asm+0x1a/0x30 [ 50.876751][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 50.877941][ T6030] Modules linked in: [ 50.879045][ T6023] ? fput+0x30/0x390 [ 50.897950][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 50.899228][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 50.900755][ T6023] __sys_bpf+0xfc6/0x49a0 [ 50.901897][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 50.903165][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 50.904683][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 50.905939][ T6023] ? __schedule+0xe5d/0x5730 [ 50.907149][ T6023] ? __fget_files+0x23a/0x3f0 [ 50.908375][ T6023] ? do_futex+0x123/0x350 [ 50.909473][ T6023] ? __pfx_do_futex+0x10/0x10 [ 50.910677][ T6023] ? xfd_validate_state+0x5d/0x180 [ 50.911982][ T6023] ? rcu_is_watching+0x12/0xc0 [ 50.913196][ T6023] __x64_sys_bpf+0x78/0xc0 [ 50.914331][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 50.915692][ T6023] do_syscall_64+0xcd/0x250 [ 50.916889][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.918372][ T6023] RIP: 0033:0x7f5f67b7e719 [ 50.919478][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.924373][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 50.926458][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 50.928503][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 50.930565][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 50.932587][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.934666][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 50.936710][ T6023] [ 50.937534][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 50.937607][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8b3 [ 50.940673][ T6030] Tainted: [B]=BAD_PAGE [ 50.942330][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8b3 [ 50.943346][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 50.945612][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 50.948253][ T6030] Call Trace: [ 50.950243][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 50.951073][ T6030] [ 50.953286][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 50.953976][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 50.956123][ T6023] page dumped because: page_pool leak [ 50.957343][ T6030] bad_page+0xb3/0x1f0 [ 50.958750][ T6023] page_owner tracks the page as allocated [ 50.959824][ T6030] ? __pfx_bad_page+0x10/0x10 [ 50.961469][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959449969, free_ts 0 [ 50.962649][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 50.966665][ T6023] post_alloc_hook+0x2d1/0x350 [ 50.967946][ T6030] free_unref_page+0x657/0xdc0 [ 50.969205][ T6023] get_page_from_freelist+0x101e/0x3070 [ 50.970479][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 50.971943][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 50.973939][ T6030] ? __phys_addr+0xc6/0x150 [ 50.975340][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 50.976751][ T6030] skb_free_head+0xa0/0x1d0 [ 50.978211][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 50.979409][ T6030] skb_release_data+0x560/0x730 [ 50.981038][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 50.982478][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 50.982500][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 50.982519][ T6030] ? kernel_text_address+0x8d/0x100 [ 50.982531][ T6030] ? hlock_class+0x4e/0x130 [ 50.983896][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 50.985200][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 50.986923][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 50.988293][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 50.989446][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 50.990759][ T6030] ? hlock_class+0x4e/0x130 [ 50.992118][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 50.993748][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 50.995756][ T6023] __sys_bpf+0xfc6/0x49a0 [ 50.997188][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 50.998405][ T6023] __x64_sys_bpf+0x78/0xc0 [ 50.999858][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 51.001215][ T6023] do_syscall_64+0xcd/0x250 [ 51.002400][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 51.002430][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 51.002443][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 51.003802][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.004978][ T6030] ? lock_acquire+0x2f/0xb0 [ 51.006557][ T6023] page_owner free stack trace missing [ 51.006568][ T6023] Modules linked in: [ 51.007759][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 51.009478][ T6023] [ 51.021184][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 51.023126][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 51.025243][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 51.027011][ T6030] ? __build_skb_around+0x278/0x3b0 [ 51.028782][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 51.030381][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 51.032002][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 51.033718][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 51.035143][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 51.036452][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 51.037937][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 51.039458][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 51.040956][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 51.042226][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 51.043801][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 51.045173][ T6030] ? lock_acquire+0x2f/0xb0 [ 51.046334][ T6030] ? __fget_files+0x40/0x3f0 [ 51.047499][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 51.048994][ T6030] ? fput+0x30/0x390 [ 51.049977][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 51.051190][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 51.052672][ T6030] __sys_bpf+0xfc6/0x49a0 [ 51.053810][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 51.055115][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 51.056326][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 51.057656][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 51.059002][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 51.060371][ T6030] ? find_held_lock+0x59/0x110 [ 51.061639][ T6030] ? lock_acquire+0x2f/0xb0 [ 51.062791][ T6030] __x64_sys_bpf+0x78/0xc0 [ 51.063952][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 51.065304][ T6030] do_syscall_64+0xcd/0x250 [ 51.066620][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.068112][ T6030] RIP: 0033:0x7f5f67b7e719 [ 51.069242][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 51.074188][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 51.076357][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 51.078704][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 51.080821][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 51.082917][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 51.085219][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 51.087289][ T6030] [ 51.088130][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 51.088188][ C0] vkms_vblank_simulate: vblank timer overrun [ 51.091508][ T6023] Tainted: [B]=BAD_PAGE [ 51.093230][ T6030] BUG: Bad page state in process syz.1.8 pfn:30eb0 [ 51.094595][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 51.096265][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888030eb6000 pfn:0x30eb0 [ 51.099170][ T6023] Call Trace: [ 51.099180][ T6023] [ 51.102258][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 51.103095][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 51.103929][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 51.105694][ T6023] bad_page+0xb3/0x1f0 [ 51.107147][ T6030] raw: ffff888030eb6000 0000000000000001 00000000ffffffff 0000000000000000 [ 51.109356][ T6023] ? __pfx_bad_page+0x10/0x10 [ 51.110592][ T6030] page dumped because: page_pool leak [ 51.112949][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 51.112972][ T6023] free_unref_page+0x657/0xdc0 [ 51.112984][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 51.113002][ T6023] ? __phys_addr+0xc6/0x150 [ 51.114356][ T6030] page_owner tracks the page as allocated [ 51.114362][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968401599, free_ts 47938358624 [ 51.115768][ T6023] skb_free_head+0xa0/0x1d0 [ 51.117053][ T6030] post_alloc_hook+0x2d1/0x350 [ 51.118317][ T6023] skb_release_data+0x560/0x730 [ 51.120044][ T6030] get_page_from_freelist+0x101e/0x3070 [ 51.121235][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 51.121259][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 51.121276][ T6023] ? kernel_text_address+0x8d/0x100 [ 51.121286][ T6023] ? hlock_class+0x4e/0x130 [ 51.121299][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 51.121309][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 51.122841][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 51.127101][ T6023] ? hlock_class+0x4e/0x130 [ 51.128272][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 51.129673][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 51.131125][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 51.132563][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 51.132582][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 51.132600][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 51.133934][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 51.135665][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 51.137254][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 51.138454][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 51.138479][ T6023] ? lock_acquire+0x2f/0xb0 [ 51.138488][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 51.138505][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 51.138522][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 51.138538][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 51.139893][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 51.141724][ T6023] ? __build_skb_around+0x278/0x3b0 [ 51.141748][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 51.141763][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 51.141780][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 51.144082][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 51.145305][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 51.146893][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 51.148311][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 51.150023][ T6030] __sys_bpf+0xfc6/0x49a0 [ 51.151520][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 51.151542][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 51.151553][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 51.151563][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 51.153144][ T6030] __x64_sys_bpf+0x78/0xc0 [ 51.154775][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 51.154797][ T6023] ? 0xffffffffa0004340 [ 51.154805][ T6023] ? 0xffffffffa0004340 [ 51.156214][ T6030] do_syscall_64+0xcd/0x250 [ 51.157576][ T6023] ? 0xffffffffa0004340 [ 51.159025][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.160631][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 51.161903][ T6030] page last free pid 6026 tgid 6026 stack trace: [ 51.163448][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 51.165035][ T6030] free_unref_page+0x5f4/0xdc0 [ 51.166701][ T6023] ? lock_acquire+0x2f/0xb0 [ 51.167989][ T6030] __put_partials+0x14c/0x170 [ 51.169528][ T6023] ? __fget_files+0x40/0x3f0 [ 51.170910][ T6030] qlist_free_all+0x4e/0x120 [ 51.172176][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 51.172203][ T6023] ? fput+0x30/0x390 [ 51.172215][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 51.173830][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 51.175503][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 51.177217][ T6030] __kasan_slab_alloc+0x69/0x90 [ 51.178649][ T6023] __sys_bpf+0xfc6/0x49a0 [ 51.180137][ T6030] kmem_cache_alloc_noprof+0x121/0x2f0 [ 51.181475][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 51.181497][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 51.181509][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 51.181520][ T6023] ? __schedule+0xe5d/0x5730 [ 51.181535][ T6023] ? __fget_files+0x23a/0x3f0 [ 51.181550][ T6023] ? do_futex+0x123/0x350 [ 51.181562][ T6023] ? __pfx_do_futex+0x10/0x10 [ 51.182735][ T6030] prepare_creds+0x2e/0x750 [ 51.184351][ T6023] ? xfd_validate_state+0x5d/0x180 [ 51.185724][ T6030] prepare_exec_creds+0x10/0x240 [ 51.187071][ T6023] ? rcu_is_watching+0x12/0xc0 [ 51.187092][ T6023] __x64_sys_bpf+0x78/0xc0 [ 51.187104][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 51.188833][ T6030] bprm_execve+0xc2/0x1960 [ 51.190054][ T6023] do_syscall_64+0xcd/0x250 [ 51.191616][ T6030] kernel_execve+0x2ef/0x3b0 [ 51.192656][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.193782][ T6030] call_usermodehelper_exec_async+0x255/0x4c0 [ 51.194968][ T6023] RIP: 0033:0x7f5f67b7e719 [ 51.196018][ T6030] ret_from_fork+0x45/0x80 [ 51.197487][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 51.198984][ T6030] ret_from_fork_asm+0x1a/0x30 [ 51.200621][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 [ 51.202079][ T6030] Modules linked in: [ 51.203293][ T6023] ORIG_RAX: 0000000000000141 [ 51.204577][ T6030] [ 51.205962][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 51.258804][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 51.260886][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 51.262942][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 51.264973][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 51.267072][ T6023] [ 51.267907][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 51.267984][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8b2 [ 51.271232][ T6030] Tainted: [B]=BAD_PAGE [ 51.272961][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8b2 [ 51.274044][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 51.276310][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 51.279078][ T6030] Call Trace: [ 51.280922][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 51.281814][ T6030] [ 51.281828][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 51.281849][ T6030] bad_page+0xb3/0x1f0 [ 51.284185][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 51.284996][ T6030] ? __pfx_bad_page+0x10/0x10 [ 51.286196][ T6023] page dumped because: page_pool leak [ 51.286205][ T6023] page_owner tracks the page as allocated [ 51.287330][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 51.289645][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959442082, free_ts 0 [ 51.290874][ T6030] free_unref_page+0x657/0xdc0 [ 51.292406][ T6023] post_alloc_hook+0x2d1/0x350 [ 51.293880][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 51.295170][ T6023] get_page_from_freelist+0x101e/0x3070 [ 51.299168][ T6030] ? __phys_addr+0xc6/0x150 [ 51.300412][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 51.301663][ T6030] skb_free_head+0xa0/0x1d0 [ 51.301687][ T6030] skb_release_data+0x560/0x730 [ 51.301700][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 51.301713][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 51.303267][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 51.304700][ T6030] ? kernel_text_address+0x8d/0x100 [ 51.305882][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 51.307245][ T6030] ? hlock_class+0x4e/0x130 [ 51.308753][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 51.310025][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 51.311680][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 51.313363][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 51.314799][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 51.316144][ T6030] ? hlock_class+0x4e/0x130 [ 51.317668][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 51.318842][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 51.320200][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 51.321537][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 51.321555][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 51.321571][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 51.322895][ T6023] __sys_bpf+0xfc6/0x49a0 [ 51.324713][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 51.326327][ T6023] __x64_sys_bpf+0x78/0xc0 [ 51.327508][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 51.329101][ T6023] do_syscall_64+0xcd/0x250 [ 51.330460][ T6030] ? lock_acquire+0x2f/0xb0 [ 51.331955][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.333272][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 51.334813][ T6023] page_owner free stack trace missing [ 51.336483][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 51.337610][ T6023] Modules linked in: [ 51.338954][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 51.353625][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 51.354993][ T6030] ? __build_skb_around+0x278/0x3b0 [ 51.356353][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 51.357739][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 51.359371][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 51.361094][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 51.362571][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 51.364065][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 51.365741][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 51.367267][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 51.368814][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 51.370256][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 51.371899][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 51.373343][ T6030] ? lock_acquire+0x2f/0xb0 [ 51.374512][ T6030] ? __fget_files+0x40/0x3f0 [ 51.375731][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 51.377239][ T6030] ? fput+0x30/0x390 [ 51.378381][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 51.379633][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 51.381181][ T6030] __sys_bpf+0xfc6/0x49a0 [ 51.382594][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 51.384014][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 51.385275][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 51.386667][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 51.388073][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 51.389482][ T6030] ? find_held_lock+0x59/0x110 [ 51.390739][ T6030] ? lock_acquire+0x2f/0xb0 [ 51.391928][ T6030] __x64_sys_bpf+0x78/0xc0 [ 51.393099][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 51.394444][ T6030] do_syscall_64+0xcd/0x250 [ 51.395605][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.397146][ T6030] RIP: 0033:0x7f5f67b7e719 [ 51.398330][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 51.403345][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 51.405520][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 51.407568][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 51.409629][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 51.411678][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 51.413764][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 51.415820][ T6030] [ 51.416666][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 51.416674][ C0] vkms_vblank_simulate: vblank timer overrun [ 51.416686][ T6023] Tainted: [B]=BAD_PAGE [ 51.419933][ T6030] BUG: Bad page state in process syz.1.8 pfn:4b197 [ 51.421481][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 51.421492][ T6023] Call Trace: [ 51.421496][ T6023] [ 51.421500][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 51.422594][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4b197 [ 51.424319][ T6023] bad_page+0xb3/0x1f0 [ 51.427118][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 51.428025][ T6023] ? __pfx_bad_page+0x10/0x10 [ 51.428831][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 51.430058][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 51.432370][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 51.433406][ T6023] free_unref_page+0x657/0xdc0 [ 51.435232][ T6030] page dumped because: page_pool leak [ 51.436462][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 51.438699][ T6030] page_owner tracks the page as allocated [ 51.439946][ T6023] ? __phys_addr+0xc6/0x150 [ 51.442213][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968396907, free_ts 47940892010 [ 51.443461][ T6023] skb_free_head+0xa0/0x1d0 [ 51.444871][ T6030] post_alloc_hook+0x2d1/0x350 [ 51.446428][ T6023] skb_release_data+0x560/0x730 [ 51.447922][ T6030] get_page_from_freelist+0x101e/0x3070 [ 51.449105][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 51.453386][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 51.454540][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 51.454565][ T6023] ? kernel_text_address+0x8d/0x100 [ 51.455801][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 51.457035][ T6023] ? hlock_class+0x4e/0x130 [ 51.458490][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 51.459808][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 51.461177][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 51.462923][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 51.462954][ T6023] ? hlock_class+0x4e/0x130 [ 51.462966][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 51.464570][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 51.466004][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 51.467187][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 51.468730][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 51.470065][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 51.471443][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 51.471468][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 51.471481][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 51.473321][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 51.474520][ T6023] ? lock_acquire+0x2f/0xb0 [ 51.475808][ T6030] __sys_bpf+0xfc6/0x49a0 [ 51.477133][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 51.478570][ T6030] __x64_sys_bpf+0x78/0xc0 [ 51.480159][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 51.481818][ T6030] do_syscall_64+0xcd/0x250 [ 51.483136][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 51.484836][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.486191][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 51.487893][ T6030] page last free pid 5356 tgid 5356 stack trace: [ 51.489276][ T6023] ? __build_skb_around+0x278/0x3b0 [ 51.490486][ T6030] free_unref_page+0x5f4/0xdc0 [ 51.491614][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 51.491637][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 51.491654][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 51.493306][ T6030] __put_partials+0x14c/0x170 [ 51.494642][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 51.496231][ T6030] qlist_free_all+0x4e/0x120 [ 51.497440][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 51.499168][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 51.500731][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 51.502149][ T6030] __kasan_slab_alloc+0x69/0x90 [ 51.503776][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 51.503795][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 51.505148][ T6030] __kmalloc_node_noprof+0x1c3/0x430 [ 51.506419][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 51.507807][ T6030] __kvmalloc_node_noprof+0xad/0x1a0 [ 51.509470][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 51.511213][ T6030] seq_read_iter+0x82a/0x12b0 [ 51.512467][ T6023] ? 0xffffffffa0004340 [ 51.512481][ T6023] ? 0xffffffffa0004340 [ 51.512488][ T6023] ? 0xffffffffa0004340 [ 51.512495][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 51.513980][ T6030] kernfs_fop_read_iter+0x414/0x580 [ 51.515207][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 51.516582][ T6030] vfs_read+0x87f/0xbe0 [ 51.518011][ T6023] ? lock_acquire+0x2f/0xb0 [ 51.519543][ T6030] ksys_read+0x12f/0x260 [ 51.520826][ T6023] ? __fget_files+0x40/0x3f0 [ 51.520849][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 51.522216][ T6030] do_syscall_64+0xcd/0x250 [ 51.523539][ T6023] ? fput+0x30/0x390 [ 51.524910][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.526463][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 51.527847][ T6030] Modules linked in: [ 51.529240][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 51.552370][ T6023] __sys_bpf+0xfc6/0x49a0 [ 51.553533][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 51.554811][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 51.556361][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 51.557604][ T6023] ? __schedule+0xe5d/0x5730 [ 51.558811][ T6023] ? __fget_files+0x23a/0x3f0 [ 51.560047][ T6023] ? do_futex+0x123/0x350 [ 51.561174][ T6023] ? __pfx_do_futex+0x10/0x10 [ 51.561603][ T5959] Bluetooth: hci0: command tx timeout [ 51.562422][ T6023] ? xfd_validate_state+0x5d/0x180 [ 51.562436][ T6023] ? rcu_is_watching+0x12/0xc0 [ 51.562450][ T6023] __x64_sys_bpf+0x78/0xc0 [ 51.567738][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 51.569108][ T6023] do_syscall_64+0xcd/0x250 [ 51.570330][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.571872][ T6023] RIP: 0033:0x7f5f67b7e719 [ 51.573041][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 51.577965][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 51.580125][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 51.582187][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 51.584184][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 51.586120][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 51.588082][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 51.590038][ T6023] [ 51.590865][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 51.590927][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8b1 [ 51.593900][ T6030] Tainted: [B]=BAD_PAGE [ 51.593908][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 51.593914][ T6030] Call Trace: [ 51.593918][ T6030] [ 51.593923][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 51.595553][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8b1 [ 51.596626][ T6030] bad_page+0xb3/0x1f0 [ 51.599370][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 51.600299][ T6030] ? __pfx_bad_page+0x10/0x10 [ 51.601069][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 51.602309][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 51.602329][ T6030] free_unref_page+0x657/0xdc0 [ 51.602340][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 51.604552][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 51.605627][ T6030] ? __phys_addr+0xc6/0x150 [ 51.607443][ T6023] page dumped because: page_pool leak [ 51.608670][ T6030] skb_free_head+0xa0/0x1d0 [ 51.610787][ T6023] page_owner tracks the page as allocated [ 51.612087][ T6030] skb_release_data+0x560/0x730 [ 51.612109][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 51.613369][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959434303, free_ts 0 [ 51.614939][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 51.617194][ T6023] post_alloc_hook+0x2d1/0x350 [ 51.618474][ T6030] ? kernel_text_address+0x8d/0x100 [ 51.619834][ T6023] get_page_from_freelist+0x101e/0x3070 [ 51.621013][ T6030] ? hlock_class+0x4e/0x130 [ 51.622491][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 51.623665][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 51.624964][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 51.628984][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 51.630772][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 51.632023][ T6030] ? hlock_class+0x4e/0x130 [ 51.632045][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 51.632063][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 51.632078][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 51.633449][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 51.634842][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 51.636026][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 51.637411][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 51.638741][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 51.640128][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 51.641530][ T5959] Bluetooth: hci3: command tx timeout [ 51.641576][ T5959] Bluetooth: hci2: command tx timeout [ 51.642013][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 51.643489][ T6030] ? lock_acquire+0x2f/0xb0 [ 51.644642][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 51.645920][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 51.647258][ T6023] __sys_bpf+0xfc6/0x49a0 [ 51.648806][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 51.650182][ T6023] __x64_sys_bpf+0x78/0xc0 [ 51.651868][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 51.651892][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 51.653243][ T6023] do_syscall_64+0xcd/0x250 [ 51.654594][ T6030] ? __build_skb_around+0x278/0x3b0 [ 51.656196][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.657828][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 51.659212][ T6023] page_owner free stack trace missing [ 51.660593][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 51.662010][ T6023] Modules linked in: [ 51.663583][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 51.664945][ T6023] [ 51.685815][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 51.687299][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 51.688693][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 51.690237][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 51.691761][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 51.693277][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 51.694534][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 51.696028][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 51.697417][ T6030] ? lock_acquire+0x2f/0xb0 [ 51.698616][ T6030] ? __fget_files+0x40/0x3f0 [ 51.699836][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 51.701381][ T6030] ? fput+0x30/0x390 [ 51.702424][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 51.703686][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 51.705216][ T6030] __sys_bpf+0xfc6/0x49a0 [ 51.706375][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 51.707747][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 51.709015][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 51.710417][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 51.711825][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 51.713239][ T6030] ? find_held_lock+0x59/0x110 [ 51.714515][ T6030] ? lock_acquire+0x2f/0xb0 [ 51.715715][ T6030] __x64_sys_bpf+0x78/0xc0 [ 51.716903][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 51.718287][ T6030] do_syscall_64+0xcd/0x250 [ 51.719481][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.721023][ T6030] RIP: 0033:0x7f5f67b7e719 [ 51.722197][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 51.727196][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 51.729347][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 51.731356][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 51.733404][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 51.735362][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 51.737307][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 51.739241][ T6030] [ 51.740041][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 51.740087][ C0] vkms_vblank_simulate: vblank timer overrun [ 51.742974][ T6023] Tainted: [B]=BAD_PAGE [ 51.744520][ T6030] BUG: Bad page state in process syz.1.8 pfn:4b196 [ 51.745506][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 51.747200][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4b196 [ 51.749866][ T6023] Call Trace: [ 51.752101][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 51.752930][ T6023] [ 51.754828][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 51.755631][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 51.757816][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 51.759007][ T6023] bad_page+0xb3/0x1f0 [ 51.761148][ T6030] page dumped because: page_pool leak [ 51.762260][ T6023] ? __pfx_bad_page+0x10/0x10 [ 51.762279][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 51.762293][ T6023] free_unref_page+0x657/0xdc0 [ 51.763679][ T6030] page_owner tracks the page as allocated [ 51.764881][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 51.766098][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968392469, free_ts 47940892010 [ 51.767361][ T6023] ? __phys_addr+0xc6/0x150 [ 51.768827][ T6030] post_alloc_hook+0x2d1/0x350 [ 51.770387][ T6023] skb_free_head+0xa0/0x1d0 [ 51.770407][ T6023] skb_release_data+0x560/0x730 [ 51.774712][ T6030] get_page_from_freelist+0x101e/0x3070 [ 51.775864][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 51.777253][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 51.778434][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 51.779843][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 51.781271][ T6023] ? kernel_text_address+0x8d/0x100 [ 51.781286][ T6023] ? hlock_class+0x4e/0x130 [ 51.781299][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 51.781308][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 51.782634][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 51.783998][ T6023] ? hlock_class+0x4e/0x130 [ 51.785722][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 51.787177][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 51.787202][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 51.788591][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 51.790496][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 51.791852][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 51.793915][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 51.795447][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 51.796764][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 51.798129][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 51.799609][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 51.800951][ T6030] __sys_bpf+0xfc6/0x49a0 [ 51.802810][ T6023] ? lock_acquire+0x2f/0xb0 [ 51.802832][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 51.804411][ T6030] __x64_sys_bpf+0x78/0xc0 [ 51.805953][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 51.807620][ T6030] do_syscall_64+0xcd/0x250 [ 51.808940][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 51.810383][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.812019][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 51.812040][ T6023] ? __build_skb_around+0x278/0x3b0 [ 51.812057][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 51.813668][ T6030] page last free pid 5356 tgid 5356 stack trace: [ 51.814728][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 51.815855][ T6030] free_unref_page+0x5f4/0xdc0 [ 51.817469][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 51.818669][ T6030] __put_partials+0x14c/0x170 [ 51.820332][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 51.820354][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 51.821607][ T6030] qlist_free_all+0x4e/0x120 [ 51.823707][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 51.825223][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 51.826786][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 51.828123][ T6030] __kasan_slab_alloc+0x69/0x90 [ 51.829493][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 51.831123][ T6030] __kmalloc_node_noprof+0x1c3/0x430 [ 51.834095][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 51.834133][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 51.835364][ T6030] __kvmalloc_node_noprof+0xad/0x1a0 [ 51.837079][ T6023] ? 0xffffffffa0004340 [ 51.837091][ T6023] ? 0xffffffffa0004340 [ 51.837098][ T6023] ? 0xffffffffa0004340 [ 51.838314][ T6030] seq_read_iter+0x82a/0x12b0 [ 51.839972][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 51.841546][ T6030] kernfs_fop_read_iter+0x414/0x580 [ 51.842775][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 51.844627][ T6030] vfs_read+0x87f/0xbe0 [ 51.846111][ T6023] ? lock_acquire+0x2f/0xb0 [ 51.847422][ T6030] ksys_read+0x12f/0x260 [ 51.848704][ T6023] ? __fget_files+0x40/0x3f0 [ 51.850090][ T6030] do_syscall_64+0xcd/0x250 [ 51.851629][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 51.851654][ T6023] ? fput+0x30/0x390 [ 51.851667][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 51.853224][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.854602][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 51.854623][ T6023] __sys_bpf+0xfc6/0x49a0 [ 51.854634][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 51.856014][ T6030] Modules linked in: [ 51.857098][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 51.858326][ T6030] [ 51.884835][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 51.886140][ T6023] ? __schedule+0xe5d/0x5730 [ 51.887386][ T6023] ? __fget_files+0x23a/0x3f0 [ 51.888643][ T6023] ? do_futex+0x123/0x350 [ 51.889809][ T6023] ? __pfx_do_futex+0x10/0x10 [ 51.891068][ T6023] ? xfd_validate_state+0x5d/0x180 [ 51.892438][ T6023] ? rcu_is_watching+0x12/0xc0 [ 51.893731][ T6023] __x64_sys_bpf+0x78/0xc0 [ 51.894919][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 51.896305][ T6023] do_syscall_64+0xcd/0x250 [ 51.897524][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.899128][ T6023] RIP: 0033:0x7f5f67b7e719 [ 51.900320][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 51.905587][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 51.907802][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 51.909875][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 51.912116][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 51.914197][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 51.916272][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 51.918465][ T6023] [ 51.919312][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 51.919482][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8b0 [ 51.923137][ T6030] Tainted: [B]=BAD_PAGE [ 51.923145][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 51.923151][ T6030] Call Trace: [ 51.923157][ T6030] [ 51.923163][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 51.923184][ T6030] bad_page+0xb3/0x1f0 [ 51.925192][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8b0 [ 51.926349][ T6030] ? __pfx_bad_page+0x10/0x10 [ 51.929152][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 51.930033][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 51.930823][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 51.932016][ T6030] free_unref_page+0x657/0xdc0 [ 51.932039][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 51.932056][ T6030] ? __phys_addr+0xc6/0x150 [ 51.932068][ T6030] skb_free_head+0xa0/0x1d0 [ 51.933161][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 51.935411][ T6030] skb_release_data+0x560/0x730 [ 51.936691][ T6023] page dumped because: page_pool leak [ 51.938509][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 51.939989][ T6023] page_owner tracks the page as allocated [ 51.939997][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959426510, free_ts 0 [ 51.942336][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 51.942365][ T6030] ? kernel_text_address+0x8d/0x100 [ 51.942377][ T6030] ? hlock_class+0x4e/0x130 [ 51.942390][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 51.942400][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 51.943680][ T6023] post_alloc_hook+0x2d1/0x350 [ 51.945280][ T6030] ? hlock_class+0x4e/0x130 [ 51.946599][ T6023] get_page_from_freelist+0x101e/0x3070 [ 51.947779][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 51.950026][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 51.951294][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 51.951311][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 51.951330][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 51.951346][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 51.952743][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 51.954080][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 51.955584][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 51.959577][ T6030] ? lock_acquire+0x2f/0xb0 [ 51.961440][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 51.962773][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 51.964004][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 51.965316][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 51.967434][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 51.968740][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 51.969935][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 51.971373][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 51.971397][ T6030] ? __build_skb_around+0x278/0x3b0 [ 51.971414][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 51.972716][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 51.974183][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 51.975534][ T6023] __sys_bpf+0xfc6/0x49a0 [ 51.977162][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 51.979432][ T6023] __x64_sys_bpf+0x78/0xc0 [ 51.979453][ T6023] do_syscall_64+0xcd/0x250 [ 51.979475][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.980942][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 51.982723][ T6023] page_owner free stack trace missing [ 51.984665][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 51.986236][ T6023] Modules linked in: [ 52.017050][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 52.018698][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 52.020247][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 52.021820][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 52.023116][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 52.024674][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 52.026087][ T6030] ? lock_acquire+0x2f/0xb0 [ 52.027284][ T6030] ? __fget_files+0x40/0x3f0 [ 52.028488][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 52.030030][ T6030] ? fput+0x30/0x390 [ 52.031063][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 52.032328][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 52.033869][ T6030] __sys_bpf+0xfc6/0x49a0 [ 52.034999][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 52.036348][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 52.037603][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 52.039078][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 52.040519][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 52.041404][ T5956] Bluetooth: hci1: command tx timeout [ 52.041942][ T6030] ? find_held_lock+0x59/0x110 [ 52.044917][ T6030] ? lock_acquire+0x2f/0xb0 [ 52.046145][ T6030] __x64_sys_bpf+0x78/0xc0 [ 52.047329][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 52.048736][ T6030] do_syscall_64+0xcd/0x250 [ 52.049956][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.051519][ T6030] RIP: 0033:0x7f5f67b7e719 [ 52.052694][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 52.057701][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 52.059858][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 52.061925][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 52.063974][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 52.066036][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 52.068077][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 52.070135][ T6030] [ 52.070954][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 52.070963][ C0] vkms_vblank_simulate: vblank timer overrun [ 52.070975][ T6023] Tainted: [B]=BAD_PAGE [ 52.074106][ T6030] BUG: Bad page state in process syz.1.8 pfn:4b195 [ 52.075700][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.076776][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4b195 [ 52.078500][ T6023] Call Trace: [ 52.081302][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 52.083549][ T6023] [ 52.084421][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 52.086253][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 52.087055][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 52.089257][ T6023] bad_page+0xb3/0x1f0 [ 52.089281][ T6023] ? __pfx_bad_page+0x10/0x10 [ 52.090515][ T6030] page dumped because: page_pool leak [ 52.090527][ T6030] page_owner tracks the page as allocated [ 52.092738][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 52.092764][ T6023] free_unref_page+0x657/0xdc0 [ 52.092775][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 52.093854][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968388379, free_ts 47940892010 [ 52.095079][ T6023] ? __phys_addr+0xc6/0x150 [ 52.096452][ T6030] post_alloc_hook+0x2d1/0x350 [ 52.097937][ T6023] skb_free_head+0xa0/0x1d0 [ 52.099204][ T6030] get_page_from_freelist+0x101e/0x3070 [ 52.100449][ T6023] skb_release_data+0x560/0x730 [ 52.102057][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 52.106296][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 52.107497][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 52.108751][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 52.109935][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 52.111379][ T6023] ? kernel_text_address+0x8d/0x100 [ 52.111401][ T6023] ? hlock_class+0x4e/0x130 [ 52.111414][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 52.112667][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 52.114060][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 52.115351][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 52.116794][ T6023] ? hlock_class+0x4e/0x130 [ 52.118509][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 52.120054][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 52.120075][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 52.121487][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 52.122647][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 52.123944][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 52.125321][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 52.127142][ T6030] __sys_bpf+0xfc6/0x49a0 [ 52.128495][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 52.129685][ T6030] __x64_sys_bpf+0x78/0xc0 [ 52.131290][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 52.131318][ T6023] ? lock_acquire+0x2f/0xb0 [ 52.131328][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 52.131344][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 52.132629][ T6030] do_syscall_64+0xcd/0x250 [ 52.134004][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 52.135368][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.136939][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 52.138366][ T6030] page last free pid 5356 tgid 5356 stack trace: [ 52.140193][ T6023] ? __build_skb_around+0x278/0x3b0 [ 52.141378][ T6030] free_unref_page+0x5f4/0xdc0 [ 52.142716][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 52.143883][ T6030] __put_partials+0x14c/0x170 [ 52.145547][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 52.146736][ T6030] qlist_free_all+0x4e/0x120 [ 52.148380][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 52.149992][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 52.151197][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 52.152889][ T6030] __kasan_slab_alloc+0x69/0x90 [ 52.154383][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 52.154405][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 52.155733][ T6030] __kmalloc_node_noprof+0x1c3/0x430 [ 52.157357][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 52.158721][ T6030] __kvmalloc_node_noprof+0xad/0x1a0 [ 52.159982][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 52.161380][ T6030] seq_read_iter+0x82a/0x12b0 [ 52.162590][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 52.164196][ T6030] kernfs_fop_read_iter+0x414/0x580 [ 52.165409][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 52.167088][ T6030] vfs_read+0x87f/0xbe0 [ 52.168505][ T6023] ? 0xffffffffa0004340 [ 52.169951][ T6030] ksys_read+0x12f/0x260 [ 52.171222][ T6023] ? 0xffffffffa0004340 [ 52.171236][ T6023] ? 0xffffffffa0004340 [ 52.171242][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 52.172646][ T6030] do_syscall_64+0xcd/0x250 [ 52.174154][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 52.175522][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.176820][ T6023] ? lock_acquire+0x2f/0xb0 [ 52.178204][ T6030] Modules linked in: [ 52.179560][ T6023] ? __fget_files+0x40/0x3f0 [ 52.200381][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 52.201920][ T6023] ? fput+0x30/0x390 [ 52.202954][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 52.204215][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 52.205739][ T6023] __sys_bpf+0xfc6/0x49a0 [ 52.206876][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 52.208160][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 52.209681][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 52.210932][ T6023] ? __schedule+0xe5d/0x5730 [ 52.212381][ T6023] ? __fget_files+0x23a/0x3f0 [ 52.213747][ T6023] ? do_futex+0x123/0x350 [ 52.214925][ T6023] ? __pfx_do_futex+0x10/0x10 [ 52.216206][ T6023] ? xfd_validate_state+0x5d/0x180 [ 52.217576][ T6023] ? rcu_is_watching+0x12/0xc0 [ 52.218860][ T6023] __x64_sys_bpf+0x78/0xc0 [ 52.220063][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 52.221468][ T6023] do_syscall_64+0xcd/0x250 [ 52.222690][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.224356][ T6023] RIP: 0033:0x7f5f67b7e719 [ 52.225608][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 52.230661][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 52.232843][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 52.234841][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 52.236993][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 52.239058][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 52.241096][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 52.243172][ T6023] [ 52.243978][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 52.244053][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8af [ 52.247505][ T6030] Tainted: [B]=BAD_PAGE [ 52.249239][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8af [ 52.249254][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 52.249268][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 52.249277][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 52.250419][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.252772][ T6023] page dumped because: page_pool leak [ 52.254735][ T6030] Call Trace: [ 52.256966][ T6023] page_owner tracks the page as allocated [ 52.259258][ T6030] [ 52.262172][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959419289, free_ts 0 [ 52.263587][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 52.264460][ T6023] post_alloc_hook+0x2d1/0x350 [ 52.266041][ T6030] bad_page+0xb3/0x1f0 [ 52.266786][ T6023] get_page_from_freelist+0x101e/0x3070 [ 52.270667][ T6030] ? __pfx_bad_page+0x10/0x10 [ 52.272070][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 52.273254][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 52.274352][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 52.275786][ T6030] free_unref_page+0x657/0xdc0 [ 52.277032][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 52.278414][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 52.279620][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 52.280967][ T6030] ? __phys_addr+0xc6/0x150 [ 52.282288][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 52.283727][ T6030] skb_free_head+0xa0/0x1d0 [ 52.285269][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 52.286652][ T6030] skb_release_data+0x560/0x730 [ 52.287829][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 52.289132][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 52.290439][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 52.292064][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 52.292089][ T6030] ? kernel_text_address+0x8d/0x100 [ 52.292100][ T6030] ? hlock_class+0x4e/0x130 [ 52.293550][ T6023] __sys_bpf+0xfc6/0x49a0 [ 52.294838][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 52.296135][ T6023] __x64_sys_bpf+0x78/0xc0 [ 52.297520][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 52.299247][ T6023] do_syscall_64+0xcd/0x250 [ 52.300554][ T6030] ? hlock_class+0x4e/0x130 [ 52.301777][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.302845][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 52.304151][ T6023] page_owner free stack trace missing [ 52.305308][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 52.307140][ T6023] Modules linked in: [ 52.308324][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 52.317824][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 52.319499][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 52.320842][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 52.322509][ T6030] ? lock_acquire+0x2f/0xb0 [ 52.323697][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 52.325338][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 52.326925][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 52.328597][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 52.329900][ T6030] ? __build_skb_around+0x278/0x3b0 [ 52.331206][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 52.332561][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 52.334172][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 52.335815][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 52.337252][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 52.338580][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 52.340031][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 52.341509][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 52.343001][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 52.344290][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 52.345841][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 52.347248][ T6030] ? lock_acquire+0x2f/0xb0 [ 52.348433][ T6030] ? __fget_files+0x40/0x3f0 [ 52.349653][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 52.351179][ T6030] ? fput+0x30/0x390 [ 52.352208][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 52.353482][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 52.355006][ T6030] __sys_bpf+0xfc6/0x49a0 [ 52.356139][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 52.357501][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 52.358745][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 52.360141][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 52.361553][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 52.362928][ T6030] ? find_held_lock+0x59/0x110 [ 52.364185][ T6030] ? lock_acquire+0x2f/0xb0 [ 52.365389][ T6030] __x64_sys_bpf+0x78/0xc0 [ 52.366568][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 52.367929][ T6030] do_syscall_64+0xcd/0x250 [ 52.369123][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.370671][ T6030] RIP: 0033:0x7f5f67b7e719 [ 52.371844][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 52.376681][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 52.378839][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 52.380893][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 52.382962][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 52.385007][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 52.387067][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 52.389407][ T6030] [ 52.390255][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 52.390298][ C0] vkms_vblank_simulate: vblank timer overrun [ 52.390337][ T6030] BUG: Bad page state in process syz.1.8 pfn:4b194 [ 52.393806][ T6023] Tainted: [B]=BAD_PAGE [ 52.393813][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.393820][ T6023] Call Trace: [ 52.393825][ T6023] [ 52.393830][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 52.395403][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4b194 [ 52.397252][ T6023] bad_page+0xb3/0x1f0 [ 52.398393][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 52.401197][ T6023] ? __pfx_bad_page+0x10/0x10 [ 52.402154][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 52.402893][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 52.404167][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 52.406444][ T6023] free_unref_page+0x657/0xdc0 [ 52.407583][ T6030] page dumped because: page_pool leak [ 52.409440][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 52.410887][ T6030] page_owner tracks the page as allocated [ 52.413524][ T6023] ? __phys_addr+0xc6/0x150 [ 52.413552][ T6023] skb_free_head+0xa0/0x1d0 [ 52.413572][ T6023] skb_release_data+0x560/0x730 [ 52.413585][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 52.414847][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968384212, free_ts 47940892010 [ 52.417219][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 52.418458][ T6030] post_alloc_hook+0x2d1/0x350 [ 52.419875][ T6023] ? kernel_text_address+0x8d/0x100 [ 52.421474][ T6030] get_page_from_freelist+0x101e/0x3070 [ 52.422974][ T6023] ? hlock_class+0x4e/0x130 [ 52.424247][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 52.425490][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 52.426772][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 52.428129][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 52.432434][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 52.434236][ T6023] ? hlock_class+0x4e/0x130 [ 52.435512][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 52.436912][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 52.436937][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 52.438487][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 52.439813][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 52.441410][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 52.442806][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 52.444328][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 52.446332][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 52.447921][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 52.449122][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 52.450497][ T6030] __sys_bpf+0xfc6/0x49a0 [ 52.451803][ T6023] ? lock_acquire+0x2f/0xb0 [ 52.451823][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 52.451839][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 52.453213][ T6030] __x64_sys_bpf+0x78/0xc0 [ 52.454572][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 52.454597][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 52.454613][ T6023] ? __build_skb_around+0x278/0x3b0 [ 52.456451][ T6030] do_syscall_64+0xcd/0x250 [ 52.458058][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 52.459754][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.461125][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 52.462525][ T6030] page last free pid 5356 tgid 5356 stack trace: [ 52.463898][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 52.465530][ T6030] free_unref_page+0x5f4/0xdc0 [ 52.466672][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 52.467871][ T6030] __put_partials+0x14c/0x170 [ 52.469555][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 52.471193][ T6030] qlist_free_all+0x4e/0x120 [ 52.472449][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 52.472472][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 52.472484][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 52.474222][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 52.475498][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 52.476852][ T6030] __kasan_slab_alloc+0x69/0x90 [ 52.478133][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 52.479590][ T6030] __kmalloc_node_noprof+0x1c3/0x430 [ 52.481230][ T6023] ? 0xffffffffa0004340 [ 52.483128][ T6030] __kvmalloc_node_noprof+0xad/0x1a0 [ 52.485022][ T6023] ? 0xffffffffa0004340 [ 52.487059][ T6030] seq_read_iter+0x82a/0x12b0 [ 52.488311][ T6023] ? 0xffffffffa0004340 [ 52.489717][ T6030] kernfs_fop_read_iter+0x414/0x580 [ 52.490941][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 52.492358][ T6030] vfs_read+0x87f/0xbe0 [ 52.493555][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 52.495053][ T6030] ksys_read+0x12f/0x260 [ 52.496341][ T6023] ? lock_acquire+0x2f/0xb0 [ 52.497690][ T6030] do_syscall_64+0xcd/0x250 [ 52.499102][ T6023] ? __fget_files+0x40/0x3f0 [ 52.500634][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.501917][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 52.501943][ T6023] ? fput+0x30/0x390 [ 52.501954][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 52.503321][ T6030] Modules linked in: [ 52.504686][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 52.504707][ T6023] __sys_bpf+0xfc6/0x49a0 [ 52.505799][ T6030] [ 52.533221][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 52.534504][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 52.536036][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 52.537295][ T6023] ? __schedule+0xe5d/0x5730 [ 52.538524][ T6023] ? __fget_files+0x23a/0x3f0 [ 52.539768][ T6023] ? do_futex+0x123/0x350 [ 52.540903][ T6023] ? __pfx_do_futex+0x10/0x10 [ 52.542139][ T6023] ? xfd_validate_state+0x5d/0x180 [ 52.543525][ T6023] ? rcu_is_watching+0x12/0xc0 [ 52.544780][ T6023] __x64_sys_bpf+0x78/0xc0 [ 52.545940][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 52.547279][ T6023] do_syscall_64+0xcd/0x250 [ 52.548480][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.550038][ T6023] RIP: 0033:0x7f5f67b7e719 [ 52.551203][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 52.556255][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 52.558611][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 52.560647][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 52.562706][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 52.564773][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 52.566833][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 52.568890][ T6023] [ 52.569718][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 52.569784][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8ae [ 52.573256][ T6030] Tainted: [B]=BAD_PAGE [ 52.573263][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.573270][ T6030] Call Trace: [ 52.573275][ T6030] [ 52.573281][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 52.574944][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8ae [ 52.576004][ T6030] bad_page+0xb3/0x1f0 [ 52.578663][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 52.579508][ T6030] ? __pfx_bad_page+0x10/0x10 [ 52.580266][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 52.581482][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 52.581507][ T6030] free_unref_page+0x657/0xdc0 [ 52.581519][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 52.583733][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 52.584789][ T6030] ? __phys_addr+0xc6/0x150 [ 52.586631][ T6023] page dumped because: page_pool leak [ 52.587848][ T6030] skb_free_head+0xa0/0x1d0 [ 52.590075][ T6023] page_owner tracks the page as allocated [ 52.591555][ T6030] skb_release_data+0x560/0x730 [ 52.591578][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 52.591592][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 52.592839][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959411511, free_ts 0 [ 52.594439][ T6030] ? kernel_text_address+0x8d/0x100 [ 52.596662][ T6023] post_alloc_hook+0x2d1/0x350 [ 52.597873][ T6030] ? hlock_class+0x4e/0x130 [ 52.599283][ T6023] get_page_from_freelist+0x101e/0x3070 [ 52.600482][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 52.602014][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 52.603293][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 52.604582][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 52.606308][ T6030] ? hlock_class+0x4e/0x130 [ 52.610312][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 52.611783][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 52.611804][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 52.611816][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 52.613386][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 52.614823][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 52.616287][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 52.616304][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 52.616318][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 52.617945][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 52.619341][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 52.621166][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 52.622703][ T6023] __sys_bpf+0xfc6/0x49a0 [ 52.623841][ T6030] ? lock_acquire+0x2f/0xb0 [ 52.625422][ T6023] __x64_sys_bpf+0x78/0xc0 [ 52.626983][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 52.628429][ T6023] do_syscall_64+0xcd/0x250 [ 52.630019][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 52.631466][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.633096][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 52.634458][ T6023] page_owner free stack trace missing [ 52.636180][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 52.637561][ T6023] Modules linked in: [ 52.638916][ T6030] ? __build_skb_around+0x278/0x3b0 [ 52.658446][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 52.659822][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 52.661384][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 52.663073][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 52.664530][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 52.665905][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 52.667430][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 52.668938][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 52.670435][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 52.671718][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 52.673245][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 52.674659][ T6030] ? lock_acquire+0x2f/0xb0 [ 52.675788][ T6030] ? __fget_files+0x40/0x3f0 [ 52.676968][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 52.678496][ T6030] ? fput+0x30/0x390 [ 52.679479][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 52.680692][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 52.682163][ T6030] __sys_bpf+0xfc6/0x49a0 [ 52.683237][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 52.684534][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 52.685697][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 52.687035][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 52.688425][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 52.689746][ T6030] ? find_held_lock+0x59/0x110 [ 52.690962][ T6030] ? lock_acquire+0x2f/0xb0 [ 52.692268][ T6030] __x64_sys_bpf+0x78/0xc0 [ 52.693481][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 52.694828][ T6030] do_syscall_64+0xcd/0x250 [ 52.695981][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.697484][ T6030] RIP: 0033:0x7f5f67b7e719 [ 52.698608][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 52.703520][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 52.705780][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 52.707795][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 52.709796][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 52.711805][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 52.713839][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 52.715866][ T6030] [ 52.716697][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 52.716705][ C0] vkms_vblank_simulate: vblank timer overrun [ 52.716717][ T6023] Tainted: [B]=BAD_PAGE [ 52.719823][ T6030] BUG: Bad page state in process syz.1.8 pfn:4b193 [ 52.721383][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.721396][ T6023] Call Trace: [ 52.721400][ T6023] [ 52.721405][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 52.722536][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4b193 [ 52.724257][ T6023] bad_page+0xb3/0x1f0 [ 52.727030][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 52.727916][ T6023] ? __pfx_bad_page+0x10/0x10 [ 52.728702][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 52.729938][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 52.732265][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 52.733316][ T6023] free_unref_page+0x657/0xdc0 [ 52.735143][ T6030] page dumped because: page_pool leak [ 52.736315][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 52.738447][ T6030] page_owner tracks the page as allocated [ 52.739772][ T6023] ? __phys_addr+0xc6/0x150 [ 52.741955][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968380108, free_ts 47940892010 [ 52.743130][ T6023] skb_free_head+0xa0/0x1d0 [ 52.744602][ T6030] post_alloc_hook+0x2d1/0x350 [ 52.746327][ T6023] skb_release_data+0x560/0x730 [ 52.747789][ T6030] get_page_from_freelist+0x101e/0x3070 [ 52.748975][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 52.753570][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 52.754706][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 52.755963][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 52.757234][ T6023] ? kernel_text_address+0x8d/0x100 [ 52.758807][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 52.760089][ T6023] ? hlock_class+0x4e/0x130 [ 52.761783][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 52.763503][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 52.764952][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 52.766340][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 52.767880][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 52.769057][ T6023] ? hlock_class+0x4e/0x130 [ 52.770462][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 52.771752][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 52.771769][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 52.771780][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 52.773103][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 52.774943][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 52.776527][ T6030] __sys_bpf+0xfc6/0x49a0 [ 52.777721][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 52.779088][ T6030] __x64_sys_bpf+0x78/0xc0 [ 52.780388][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 52.781796][ T6030] do_syscall_64+0xcd/0x250 [ 52.783323][ T6023] ? lock_acquire+0x2f/0xb0 [ 52.784719][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.786412][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 52.787568][ T6030] page last free pid 5356 tgid 5356 stack trace: [ 52.788899][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 52.790066][ T6030] free_unref_page+0x5f4/0xdc0 [ 52.791728][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 52.791758][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 52.792942][ T6030] __put_partials+0x14c/0x170 [ 52.794139][ T6023] ? __build_skb_around+0x278/0x3b0 [ 52.795666][ T6030] qlist_free_all+0x4e/0x120 [ 52.797312][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 52.798939][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 52.800527][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 52.801778][ T6030] __kasan_slab_alloc+0x69/0x90 [ 52.803414][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 52.803438][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 52.804767][ T6030] __kmalloc_node_noprof+0x1c3/0x430 [ 52.805988][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 52.807317][ T6030] __kvmalloc_node_noprof+0xad/0x1a0 [ 52.808510][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 52.809866][ T6030] seq_read_iter+0x82a/0x12b0 [ 52.811266][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 52.811284][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 52.811294][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 52.812885][ T6030] kernfs_fop_read_iter+0x414/0x580 [ 52.814113][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 52.815736][ T6030] vfs_read+0x87f/0xbe0 [ 52.817132][ T6023] ? 0xffffffffa0004340 [ 52.818444][ T6030] ksys_read+0x12f/0x260 [ 52.819758][ T6023] ? 0xffffffffa0004340 [ 52.821083][ T6030] do_syscall_64+0xcd/0x250 [ 52.822526][ T6023] ? 0xffffffffa0004340 [ 52.822541][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 52.822555][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 52.823779][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.825062][ T6023] ? lock_acquire+0x2f/0xb0 [ 52.826403][ T6030] Modules linked in: [ 52.827924][ T6023] ? __fget_files+0x40/0x3f0 [ 52.845284][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 52.846768][ T6023] ? fput+0x30/0x390 [ 52.847799][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 52.849064][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 52.850541][ T6023] __sys_bpf+0xfc6/0x49a0 [ 52.851637][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 52.852928][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 52.854461][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 52.855678][ T6023] ? __schedule+0xe5d/0x5730 [ 52.856900][ T6023] ? __fget_files+0x23a/0x3f0 [ 52.858106][ T6023] ? do_futex+0x123/0x350 [ 52.859199][ T6023] ? __pfx_do_futex+0x10/0x10 [ 52.860385][ T6023] ? xfd_validate_state+0x5d/0x180 [ 52.861683][ T6023] ? rcu_is_watching+0x12/0xc0 [ 52.862919][ T6023] __x64_sys_bpf+0x78/0xc0 [ 52.864041][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 52.865377][ T6023] do_syscall_64+0xcd/0x250 [ 52.866541][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.868076][ T6023] RIP: 0033:0x7f5f67b7e719 [ 52.869243][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 52.874166][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 52.876316][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 52.878311][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 52.880374][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 52.882443][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 52.884404][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 52.886470][ T6023] [ 52.887287][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 52.887353][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8ad [ 52.890200][ T6030] Tainted: [B]=BAD_PAGE [ 52.891877][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8ad [ 52.892917][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.895120][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 52.897836][ T6030] Call Trace: [ 52.899595][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 52.900445][ T6030] [ 52.902650][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 52.903369][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 52.905543][ T6023] page dumped because: page_pool leak [ 52.906743][ T6030] bad_page+0xb3/0x1f0 [ 52.908116][ T6023] page_owner tracks the page as allocated [ 52.909156][ T6030] ? __pfx_bad_page+0x10/0x10 [ 52.910608][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959404083, free_ts 0 [ 52.911824][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 52.911847][ T6030] free_unref_page+0x657/0xdc0 [ 52.911858][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 52.915759][ T6023] post_alloc_hook+0x2d1/0x350 [ 52.916995][ T6030] ? __phys_addr+0xc6/0x150 [ 52.918229][ T6023] get_page_from_freelist+0x101e/0x3070 [ 52.919749][ T6030] skb_free_head+0xa0/0x1d0 [ 52.921221][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 52.922366][ T6030] skb_release_data+0x560/0x730 [ 52.922386][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 52.922399][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 52.922417][ T6030] ? kernel_text_address+0x8d/0x100 [ 52.923825][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 52.924990][ T6030] ? hlock_class+0x4e/0x130 [ 52.926404][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 52.927670][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 52.928979][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 52.930631][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 52.931984][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 52.933383][ T6030] ? hlock_class+0x4e/0x130 [ 52.934536][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 52.936106][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 52.937412][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 52.938747][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 52.940522][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 52.941959][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 52.941986][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 52.942001][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 52.943193][ T6023] __sys_bpf+0xfc6/0x49a0 [ 52.944754][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 52.946016][ T6023] __x64_sys_bpf+0x78/0xc0 [ 52.947387][ T6030] ? lock_acquire+0x2f/0xb0 [ 52.948742][ T6023] do_syscall_64+0xcd/0x250 [ 52.950145][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 52.951764][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.953441][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 52.954796][ T6023] page_owner free stack trace missing [ 52.954805][ T6023] Modules linked in: [ 52.955990][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 52.957636][ T6023] [ 52.958886][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 52.972333][ T6030] ? __build_skb_around+0x278/0x3b0 [ 52.973722][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 52.975048][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 52.976623][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 52.978272][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 52.979673][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 52.981000][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 52.982411][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 52.983916][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 52.985386][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 52.986628][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 52.988194][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 52.989589][ T6030] ? lock_acquire+0x2f/0xb0 [ 52.990780][ T6030] ? __fget_files+0x40/0x3f0 [ 52.991952][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 52.993467][ T6030] ? fput+0x30/0x390 [ 52.994493][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 52.995755][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 52.997236][ T6030] __sys_bpf+0xfc6/0x49a0 [ 52.998348][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 52.999625][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 53.000826][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 53.002170][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 53.003508][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 53.004837][ T6030] ? find_held_lock+0x59/0x110 [ 53.006049][ T6030] ? lock_acquire+0x2f/0xb0 [ 53.007182][ T6030] __x64_sys_bpf+0x78/0xc0 [ 53.008313][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 53.009610][ T6030] do_syscall_64+0xcd/0x250 [ 53.010764][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.012272][ T6030] RIP: 0033:0x7f5f67b7e719 [ 53.013436][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.018400][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 53.020444][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 53.022392][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 53.024390][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 53.026328][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.028302][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 53.030272][ T6030] [ 53.031046][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 53.031089][ C0] vkms_vblank_simulate: vblank timer overrun [ 53.034073][ T6023] Tainted: [B]=BAD_PAGE [ 53.035609][ T6030] BUG: Bad page state in process syz.1.8 pfn:4b192 [ 53.036621][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.038242][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4b192 [ 53.041010][ T6023] Call Trace: [ 53.041020][ T6023] [ 53.043195][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.043999][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 53.044795][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 53.046527][ T6023] bad_page+0xb3/0x1f0 [ 53.047735][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 53.050513][ T6023] ? __pfx_bad_page+0x10/0x10 [ 53.051559][ T6030] page dumped because: page_pool leak [ 53.053766][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 53.053787][ T6023] free_unref_page+0x657/0xdc0 [ 53.054951][ T6030] page_owner tracks the page as allocated [ 53.056322][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 53.057564][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968375843, free_ts 47940892010 [ 53.058826][ T6023] ? __phys_addr+0xc6/0x150 [ 53.060285][ T6030] post_alloc_hook+0x2d1/0x350 [ 53.061852][ T6023] skb_free_head+0xa0/0x1d0 [ 53.061882][ T6023] skb_release_data+0x560/0x730 [ 53.061895][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 53.065942][ T6030] get_page_from_freelist+0x101e/0x3070 [ 53.067170][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 53.068397][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 53.069590][ T6023] ? kernel_text_address+0x8d/0x100 [ 53.070875][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 53.072150][ T6023] ? hlock_class+0x4e/0x130 [ 53.072173][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 53.072183][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 53.072200][ T6023] ? hlock_class+0x4e/0x130 [ 53.072212][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 53.072224][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 53.073708][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 53.075434][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 53.076919][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 53.078404][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 53.079918][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 53.081102][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 53.082668][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 53.084395][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 53.085756][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 53.087119][ T6023] ? lock_acquire+0x2f/0xb0 [ 53.087133][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 53.087150][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 53.088507][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 53.090117][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 53.091768][ T6030] __sys_bpf+0xfc6/0x49a0 [ 53.093078][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 53.094766][ T6030] __x64_sys_bpf+0x78/0xc0 [ 53.096199][ T6023] ? __build_skb_around+0x278/0x3b0 [ 53.097621][ T6030] do_syscall_64+0xcd/0x250 [ 53.099224][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 53.100872][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.102246][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 53.102270][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 53.102287][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 53.102301][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 53.103491][ T6030] page last free pid 5356 tgid 5356 stack trace: [ 53.105072][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 53.106681][ T6030] free_unref_page+0x5f4/0xdc0 [ 53.108062][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 53.109757][ T6030] __put_partials+0x14c/0x170 [ 53.110901][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 53.112384][ T6030] qlist_free_all+0x4e/0x120 [ 53.113522][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 53.114884][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 53.116028][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 53.116043][ T6023] ? 0xffffffffa0004340 [ 53.116051][ T6023] ? 0xffffffffa0004340 [ 53.116058][ T6023] ? 0xffffffffa0004340 [ 53.116065][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 53.116081][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 53.117477][ T6030] __kasan_slab_alloc+0x69/0x90 [ 53.118972][ T6023] ? lock_acquire+0x2f/0xb0 [ 53.120596][ T6030] __kmalloc_node_noprof+0x1c3/0x430 [ 53.122228][ T6023] ? __fget_files+0x40/0x3f0 [ 53.122253][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 53.122269][ T6023] ? fput+0x30/0x390 [ 53.122280][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 53.123710][ T6030] __kvmalloc_node_noprof+0xad/0x1a0 [ 53.125088][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 53.126795][ T6030] seq_read_iter+0x82a/0x12b0 [ 53.128309][ T6023] __sys_bpf+0xfc6/0x49a0 [ 53.129604][ T6030] kernfs_fop_read_iter+0x414/0x580 [ 53.130946][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 53.132256][ T6030] vfs_read+0x87f/0xbe0 [ 53.133645][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 53.134859][ T6030] ksys_read+0x12f/0x260 [ 53.136392][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 53.137767][ T6030] do_syscall_64+0xcd/0x250 [ 53.139041][ T6023] ? __schedule+0xe5d/0x5730 [ 53.140050][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.141038][ T6023] ? __fget_files+0x23a/0x3f0 [ 53.142113][ T6030] Modules linked in: [ 53.143582][ T6023] ? do_futex+0x123/0x350 [ 53.144958][ T6030] [ 53.146234][ T6023] ? __pfx_do_futex+0x10/0x10 [ 53.176041][ T6023] ? xfd_validate_state+0x5d/0x180 [ 53.177397][ T6023] ? rcu_is_watching+0x12/0xc0 [ 53.178654][ T6023] __x64_sys_bpf+0x78/0xc0 [ 53.179836][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 53.181193][ T6023] do_syscall_64+0xcd/0x250 [ 53.182349][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.183889][ T6023] RIP: 0033:0x7f5f67b7e719 [ 53.184979][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.189767][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 53.191905][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 53.193977][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 53.196030][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 53.198079][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.200115][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 53.202180][ T6023] [ 53.203001][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 53.203060][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8ac [ 53.206106][ T6030] Tainted: [B]=BAD_PAGE [ 53.207820][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8ac [ 53.208934][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.211182][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.213982][ T6030] Call Trace: [ 53.213996][ T6030] [ 53.214002][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 53.214023][ T6030] bad_page+0xb3/0x1f0 [ 53.215880][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 53.216758][ T6030] ? __pfx_bad_page+0x10/0x10 [ 53.217546][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 53.218784][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 53.219848][ T6023] page dumped because: page_pool leak [ 53.222263][ T6030] free_unref_page+0x657/0xdc0 [ 53.222289][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 53.223517][ T6023] page_owner tracks the page as allocated [ 53.225752][ T6030] ? __phys_addr+0xc6/0x150 [ 53.227008][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959396391, free_ts 0 [ 53.228390][ T6030] skb_free_head+0xa0/0x1d0 [ 53.229683][ T6023] post_alloc_hook+0x2d1/0x350 [ 53.231227][ T6030] skb_release_data+0x560/0x730 [ 53.232738][ T6023] get_page_from_freelist+0x101e/0x3070 [ 53.233886][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 53.237848][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 53.238971][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 53.240210][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 53.241475][ T6030] ? kernel_text_address+0x8d/0x100 [ 53.241498][ T6030] ? hlock_class+0x4e/0x130 [ 53.242897][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 53.244118][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 53.245477][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 53.247079][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 53.248452][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 53.249779][ T6030] ? hlock_class+0x4e/0x130 [ 53.250975][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 53.252473][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 53.252491][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 53.252502][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 53.252520][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 53.253838][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 53.255135][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 53.256897][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 53.258166][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 53.259332][ T6023] __sys_bpf+0xfc6/0x49a0 [ 53.260884][ T6030] ? lock_acquire+0x2f/0xb0 [ 53.262327][ T6023] __x64_sys_bpf+0x78/0xc0 [ 53.263573][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 53.265058][ T6023] do_syscall_64+0xcd/0x250 [ 53.266656][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 53.267981][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.269253][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 53.270612][ T6023] page_owner free stack trace missing [ 53.270621][ T6023] Modules linked in: [ 53.272194][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 53.272223][ T6030] ? __build_skb_around+0x278/0x3b0 [ 53.272240][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 53.273328][ T6023] [ 53.274452][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 53.291397][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 53.293107][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 53.294511][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 53.295810][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 53.297278][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 53.298751][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 53.300248][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 53.301501][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 53.302988][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 53.304334][ T6030] ? lock_acquire+0x2f/0xb0 [ 53.305471][ T6030] ? __fget_files+0x40/0x3f0 [ 53.306650][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 53.308130][ T6030] ? fput+0x30/0x390 [ 53.309135][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 53.310371][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 53.311849][ T6030] __sys_bpf+0xfc6/0x49a0 [ 53.312945][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 53.314305][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 53.315533][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 53.316888][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 53.318273][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 53.319628][ T6030] ? find_held_lock+0x59/0x110 [ 53.320861][ T6030] ? lock_acquire+0x2f/0xb0 [ 53.322032][ T6030] __x64_sys_bpf+0x78/0xc0 [ 53.323176][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 53.324517][ T6030] do_syscall_64+0xcd/0x250 [ 53.325713][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.327251][ T6030] RIP: 0033:0x7f5f67b7e719 [ 53.328411][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.333398][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 53.335550][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 53.337592][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 53.339645][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 53.341700][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.343729][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 53.345769][ T6030] [ 53.346586][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 53.346594][ C0] vkms_vblank_simulate: vblank timer overrun [ 53.346606][ T6023] Tainted: [B]=BAD_PAGE [ 53.346610][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.349657][ T6030] BUG: Bad page state in process syz.1.8 pfn:4b191 [ 53.351183][ T6023] Call Trace: [ 53.352279][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x4b191 [ 53.355029][ T6023] [ 53.355038][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 53.356724][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.357610][ T6023] bad_page+0xb3/0x1f0 [ 53.359843][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 53.360610][ T6023] ? __pfx_bad_page+0x10/0x10 [ 53.361884][ T6030] raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000 [ 53.363667][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 53.364726][ T6030] page dumped because: page_pool leak [ 53.366848][ T6023] free_unref_page+0x657/0xdc0 [ 53.367999][ T6030] page_owner tracks the page as allocated [ 53.370115][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 53.370140][ T6023] ? __phys_addr+0xc6/0x150 [ 53.371412][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968371135, free_ts 47940892010 [ 53.372763][ T6023] skb_free_head+0xa0/0x1d0 [ 53.374038][ T6030] post_alloc_hook+0x2d1/0x350 [ 53.375505][ T6023] skb_release_data+0x560/0x730 [ 53.377034][ T6030] get_page_from_freelist+0x101e/0x3070 [ 53.378215][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 53.382350][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 53.383518][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 53.384750][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 53.386006][ T6023] ? kernel_text_address+0x8d/0x100 [ 53.387453][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 53.388726][ T6023] ? hlock_class+0x4e/0x130 [ 53.390079][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 53.392021][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 53.392041][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 53.392060][ T6023] ? hlock_class+0x4e/0x130 [ 53.393812][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 53.395129][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 53.396628][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 53.397769][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 53.399158][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 53.400461][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 53.402329][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 53.403476][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 53.403496][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 53.404803][ T6030] __sys_bpf+0xfc6/0x49a0 [ 53.406093][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 53.407673][ T6030] __x64_sys_bpf+0x78/0xc0 [ 53.409027][ T6023] ? lock_acquire+0x2f/0xb0 [ 53.410404][ T6030] do_syscall_64+0xcd/0x250 [ 53.411949][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 53.411979][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 53.411996][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 53.413393][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.415083][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 53.416419][ T6030] page last free pid 5356 tgid 5356 stack trace: [ 53.417543][ T6023] ? __build_skb_around+0x278/0x3b0 [ 53.419123][ T6030] free_unref_page+0x5f4/0xdc0 [ 53.420351][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 53.420375][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 53.421580][ T6030] __put_partials+0x14c/0x170 [ 53.422743][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 53.424266][ T6030] qlist_free_all+0x4e/0x120 [ 53.425865][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 53.427560][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 53.429091][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 53.430435][ T6030] __kasan_slab_alloc+0x69/0x90 [ 53.432083][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 53.432110][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 53.432121][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 53.433468][ T6030] __kmalloc_node_noprof+0x1c3/0x430 [ 53.434723][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 53.436072][ T6030] __kvmalloc_node_noprof+0xad/0x1a0 [ 53.437706][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 53.437732][ T6023] ? 0xffffffffa0004340 [ 53.438925][ T6030] seq_read_iter+0x82a/0x12b0 [ 53.440640][ T6023] ? 0xffffffffa0004340 [ 53.441882][ T6030] kernfs_fop_read_iter+0x414/0x580 [ 53.443307][ T6023] ? 0xffffffffa0004340 [ 53.444695][ T6030] vfs_read+0x87f/0xbe0 [ 53.446082][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 53.447321][ T6030] ksys_read+0x12f/0x260 [ 53.448838][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 53.450121][ T6030] do_syscall_64+0xcd/0x250 [ 53.451440][ T6023] ? lock_acquire+0x2f/0xb0 [ 53.451461][ T6023] ? __fget_files+0x40/0x3f0 [ 53.451476][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 53.452767][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.454309][ T6023] ? fput+0x30/0x390 [ 53.454328][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 53.455676][ T6030] Modules linked in: [ 53.457046][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 53.458120][ T6030] [ 53.481089][ T6023] __sys_bpf+0xfc6/0x49a0 [ 53.482255][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 53.483536][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 53.485066][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 53.486327][ T6023] ? __schedule+0xe5d/0x5730 [ 53.487566][ T6023] ? __fget_files+0x23a/0x3f0 [ 53.488814][ T6023] ? do_futex+0x123/0x350 [ 53.489956][ T6023] ? __pfx_do_futex+0x10/0x10 [ 53.491199][ T6023] ? xfd_validate_state+0x5d/0x180 [ 53.492880][ T6023] ? rcu_is_watching+0x12/0xc0 [ 53.494377][ T6023] __x64_sys_bpf+0x78/0xc0 [ 53.495571][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 53.497151][ T6023] do_syscall_64+0xcd/0x250 [ 53.498519][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.500069][ T6023] RIP: 0033:0x7f5f67b7e719 [ 53.501284][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.506234][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 53.508393][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 53.510474][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 53.512538][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 53.514643][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.516723][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 53.518802][ T6023] [ 53.519610][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 53.519685][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8ab [ 53.522714][ T6030] Tainted: [B]=BAD_PAGE [ 53.522723][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.522730][ T6030] Call Trace: [ 53.522734][ T6030] [ 53.522739][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 53.524401][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8ab [ 53.525535][ T6030] bad_page+0xb3/0x1f0 [ 53.528289][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.529153][ T6030] ? __pfx_bad_page+0x10/0x10 [ 53.529940][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 53.531153][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 53.533477][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 53.534498][ T6030] free_unref_page+0x657/0xdc0 [ 53.536314][ T6023] page dumped because: page_pool leak [ 53.537549][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 53.539774][ T6023] page_owner tracks the page as allocated [ 53.541034][ T6030] ? __phys_addr+0xc6/0x150 [ 53.543263][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959388732, free_ts 0 [ 53.544467][ T6030] skb_free_head+0xa0/0x1d0 [ 53.545856][ T6023] post_alloc_hook+0x2d1/0x350 [ 53.547398][ T6030] skb_release_data+0x560/0x730 [ 53.548870][ T6023] get_page_from_freelist+0x101e/0x3070 [ 53.550054][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 53.554103][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 53.555260][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 53.556496][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 53.557704][ T6030] ? kernel_text_address+0x8d/0x100 [ 53.559066][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 53.560321][ T6030] ? hlock_class+0x4e/0x130 [ 53.561678][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 53.563261][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 53.564626][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 53.565920][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 53.567395][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 53.568518][ T6030] ? hlock_class+0x4e/0x130 [ 53.569851][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 53.571146][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 53.572510][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 53.574253][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 53.575839][ T6023] __sys_bpf+0xfc6/0x49a0 [ 53.577009][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 53.578384][ T6023] __x64_sys_bpf+0x78/0xc0 [ 53.579668][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 53.581018][ T6023] do_syscall_64+0xcd/0x250 [ 53.582292][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 53.582318][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 53.582334][ T6030] ? lock_acquire+0x2f/0xb0 [ 53.583400][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.584874][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 53.586039][ T6023] page_owner free stack trace missing [ 53.587649][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 53.588807][ T6023] Modules linked in: [ 53.590107][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 53.591770][ T6023] [ 53.592872][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 53.603764][ T6030] ? __build_skb_around+0x278/0x3b0 [ 53.605136][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 53.606529][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 53.608151][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 53.609872][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 53.611340][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 53.612719][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 53.614267][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 53.615795][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 53.617340][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 53.618628][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 53.620161][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 53.621570][ T6030] ? lock_acquire+0x2f/0xb0 [ 53.622757][ T6030] ? __fget_files+0x40/0x3f0 [ 53.623963][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 53.625492][ T6030] ? fput+0x30/0x390 [ 53.626518][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 53.627768][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 53.629281][ T6030] __sys_bpf+0xfc6/0x49a0 [ 53.630419][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 53.631762][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 53.633008][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 53.634398][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 53.635794][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 53.637128][ T6030] ? find_held_lock+0x59/0x110 [ 53.638328][ T6030] ? lock_acquire+0x2f/0xb0 [ 53.639446][ T6030] __x64_sys_bpf+0x78/0xc0 [ 53.640595][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 53.641474][ T5956] Bluetooth: hci0: command tx timeout [ 53.641946][ T6030] do_syscall_64+0xcd/0x250 [ 53.644932][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.646493][ T6030] RIP: 0033:0x7f5f67b7e719 [ 53.647654][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.652645][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 53.654826][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 53.656863][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 53.658917][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 53.660961][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.663009][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 53.665045][ T6030] [ 53.665865][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 53.665874][ C0] vkms_vblank_simulate: vblank timer overrun [ 53.665885][ T6023] Tainted: [B]=BAD_PAGE [ 53.668917][ T6030] BUG: Bad page state in process syz.1.8 pfn:4b190 [ 53.670428][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.670439][ T6023] Call Trace: [ 53.670443][ T6023] [ 53.670447][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 53.671561][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804b196000 pfn:0x4b190 [ 53.673263][ T6023] bad_page+0xb3/0x1f0 [ 53.676040][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.676931][ T6023] ? __pfx_bad_page+0x10/0x10 [ 53.677721][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 53.678954][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 53.681582][ T6030] raw: ffff88804b196000 0000000000000001 00000000ffffffff 0000000000000000 [ 53.682622][ T6023] free_unref_page+0x657/0xdc0 [ 53.684427][ T6030] page dumped because: page_pool leak [ 53.685678][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 53.687904][ T6030] page_owner tracks the page as allocated [ 53.689160][ T6023] ? __phys_addr+0xc6/0x150 [ 53.691543][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968366865, free_ts 47940892010 [ 53.692734][ T6023] skb_free_head+0xa0/0x1d0 [ 53.694262][ T6030] post_alloc_hook+0x2d1/0x350 [ 53.695821][ T6023] skb_release_data+0x560/0x730 [ 53.697299][ T6030] get_page_from_freelist+0x101e/0x3070 [ 53.698489][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 53.702801][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 53.703949][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 53.703974][ T6023] ? kernel_text_address+0x8d/0x100 [ 53.703985][ T6023] ? hlock_class+0x4e/0x130 [ 53.703997][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 53.705273][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 53.706545][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 53.707974][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 53.709591][ T6023] ? hlock_class+0x4e/0x130 [ 53.710979][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 53.710997][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 53.711007][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 53.711021][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 53.712910][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 53.712930][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 53.712941][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 53.712960][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 53.714315][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 53.715501][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 53.716797][ T6030] __sys_bpf+0xfc6/0x49a0 [ 53.718319][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 53.720064][ T6030] __x64_sys_bpf+0x78/0xc0 [ 53.721434][ T5956] Bluetooth: hci3: command tx timeout [ 53.721543][ T6023] ? lock_acquire+0x2f/0xb0 [ 53.721560][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 53.721577][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 53.722710][ T6030] do_syscall_64+0xcd/0x250 [ 53.724042][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 53.725310][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.726852][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 53.728153][ T6030] page last free pid 5356 tgid 5356 stack trace: [ 53.729384][ T6023] ? __build_skb_around+0x278/0x3b0 [ 53.730665][ T6030] free_unref_page+0x5f4/0xdc0 [ 53.731416][ T5956] Bluetooth: hci2: command tx timeout [ 53.732175][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 53.732196][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 53.732213][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 53.733824][ T6030] __put_partials+0x14c/0x170 [ 53.735219][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 53.736525][ T6030] qlist_free_all+0x4e/0x120 [ 53.737626][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 53.737647][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 53.739216][ T6030] kasan_quarantine_reduce+0x192/0x1e0 [ 53.740360][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 53.741757][ T6030] __kasan_slab_alloc+0x69/0x90 [ 53.742897][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 53.744487][ T6030] __kmalloc_node_noprof+0x1c3/0x430 [ 53.746069][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 53.747226][ T6030] __kvmalloc_node_noprof+0xad/0x1a0 [ 53.749193][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 53.750689][ T6030] seq_read_iter+0x82a/0x12b0 [ 53.752038][ T6023] ? 0xffffffffa0004340 [ 53.752053][ T6023] ? 0xffffffffa0004340 [ 53.752060][ T6023] ? 0xffffffffa0004340 [ 53.752066][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 53.752080][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 53.753708][ T6030] kernfs_fop_read_iter+0x414/0x580 [ 53.755027][ T6023] ? lock_acquire+0x2f/0xb0 [ 53.756254][ T6030] vfs_read+0x87f/0xbe0 [ 53.757717][ T6023] ? __fget_files+0x40/0x3f0 [ 53.759047][ T6030] ksys_read+0x12f/0x260 [ 53.760633][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 53.762349][ T6030] do_syscall_64+0xcd/0x250 [ 53.763666][ T6023] ? fput+0x30/0x390 [ 53.765078][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.766271][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 53.767822][ T6030] Modules linked in: [ 53.769293][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 53.803351][ T6023] __sys_bpf+0xfc6/0x49a0 [ 53.804482][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 53.805748][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 53.807299][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 53.808540][ T6023] ? __schedule+0xe5d/0x5730 [ 53.809745][ T6023] ? __fget_files+0x23a/0x3f0 [ 53.810993][ T6023] ? do_futex+0x123/0x350 [ 53.812143][ T6023] ? __pfx_do_futex+0x10/0x10 [ 53.813427][ T6023] ? xfd_validate_state+0x5d/0x180 [ 53.814773][ T6023] ? rcu_is_watching+0x12/0xc0 [ 53.816041][ T6023] __x64_sys_bpf+0x78/0xc0 [ 53.817270][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 53.818815][ T6023] do_syscall_64+0xcd/0x250 [ 53.820001][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.821514][ T6023] RIP: 0033:0x7f5f67b7e719 [ 53.822650][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.827357][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 53.829417][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 53.831422][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 53.833473][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 53.835475][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.837388][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 53.839266][ T6023] [ 53.840024][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 53.840095][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8aa [ 53.842990][ T6030] Tainted: [B]=BAD_PAGE [ 53.842999][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.843006][ T6030] Call Trace: [ 53.843010][ T6030] [ 53.843015][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 53.844665][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8aa [ 53.845770][ T6030] bad_page+0xb3/0x1f0 [ 53.848633][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.849609][ T6030] ? __pfx_bad_page+0x10/0x10 [ 53.850649][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 53.851881][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 53.851903][ T6030] free_unref_page+0x657/0xdc0 [ 53.851915][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 53.851932][ T6030] ? __phys_addr+0xc6/0x150 [ 53.851945][ T6030] skb_free_head+0xa0/0x1d0 [ 53.854375][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 53.854386][ T6023] page dumped because: page_pool leak [ 53.854392][ T6023] page_owner tracks the page as allocated [ 53.854397][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959381334, free_ts 0 [ 53.855837][ T6030] skb_release_data+0x560/0x730 [ 53.857828][ T6023] post_alloc_hook+0x2d1/0x350 [ 53.859016][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 53.861169][ T6023] get_page_from_freelist+0x101e/0x3070 [ 53.862381][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 53.862409][ T6030] ? kernel_text_address+0x8d/0x100 [ 53.862421][ T6030] ? hlock_class+0x4e/0x130 [ 53.862434][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 53.863637][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 53.865134][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 53.866324][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 53.867463][ T6030] ? hlock_class+0x4e/0x130 [ 53.869601][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 53.870965][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 53.872421][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 53.876437][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 53.877739][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 53.879060][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 53.880388][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 53.882332][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 53.882359][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 53.882375][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 53.882392][ T6030] ? lock_acquire+0x2f/0xb0 [ 53.882402][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 53.882419][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 53.882436][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 53.882454][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 53.882477][ T6030] ? __build_skb_around+0x278/0x3b0 [ 53.882495][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 53.882512][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 53.884226][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 53.885563][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 53.886697][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 53.887980][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 53.889271][ T6023] __sys_bpf+0xfc6/0x49a0 [ 53.891057][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 53.892491][ T6023] __x64_sys_bpf+0x78/0xc0 [ 53.893781][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 53.895478][ T6023] do_syscall_64+0xcd/0x250 [ 53.896786][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 53.898258][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.899566][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 53.900866][ T6023] page_owner free stack trace missing [ 53.902374][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 53.902403][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 53.902415][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 53.902432][ T6030] ? lock_acquire+0x2f/0xb0 [ 53.903967][ T6023] Modules linked in: [ 53.905577][ T6030] ? __fget_files+0x40/0x3f0 [ 53.949007][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 53.950484][ T6030] ? fput+0x30/0x390 [ 53.951474][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 53.952685][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 53.954251][ T6030] __sys_bpf+0xfc6/0x49a0 [ 53.955331][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 53.956649][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 53.957882][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 53.959434][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 53.960788][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 53.962128][ T6030] ? find_held_lock+0x59/0x110 [ 53.963349][ T6030] ? lock_acquire+0x2f/0xb0 [ 53.964497][ T6030] __x64_sys_bpf+0x78/0xc0 [ 53.965624][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 53.966936][ T6030] do_syscall_64+0xcd/0x250 [ 53.968053][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.969559][ T6030] RIP: 0033:0x7f5f67b7e719 [ 53.970685][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.975544][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 53.977587][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 53.979634][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 53.981680][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 53.983622][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.985656][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 53.987714][ T6030] [ 53.988530][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 53.988576][ C0] vkms_vblank_simulate: vblank timer overrun [ 53.992109][ T6023] Tainted: [B]=BAD_PAGE [ 53.993756][ T6030] BUG: Bad page state in process syz.1.8 pfn:4d5c7 [ 53.994820][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.996546][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d5c7 [ 53.999482][ T6023] Call Trace: [ 54.001827][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 54.002717][ T6023] [ 54.004725][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 54.005570][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 54.007775][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 54.009027][ T6023] bad_page+0xb3/0x1f0 [ 54.011133][ T6030] page dumped because: page_pool leak [ 54.012155][ T6023] ? __pfx_bad_page+0x10/0x10 [ 54.012180][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 54.012194][ T6023] free_unref_page+0x657/0xdc0 [ 54.013588][ T6030] page_owner tracks the page as allocated [ 54.014773][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 54.015953][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968362685, free_ts 0 [ 54.017169][ T6023] ? __phys_addr+0xc6/0x150 [ 54.018608][ T6030] post_alloc_hook+0x2d1/0x350 [ 54.020104][ T6023] skb_free_head+0xa0/0x1d0 [ 54.020135][ T6023] skb_release_data+0x560/0x730 [ 54.023960][ T6030] get_page_from_freelist+0x101e/0x3070 [ 54.025069][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 54.026307][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 54.027470][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 54.028654][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 54.030049][ T6023] ? kernel_text_address+0x8d/0x100 [ 54.031334][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 54.032676][ T6023] ? hlock_class+0x4e/0x130 [ 54.034500][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 54.036784][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 54.036804][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 54.036824][ T6023] ? hlock_class+0x4e/0x130 [ 54.038505][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 54.040215][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 54.041411][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 54.042617][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 54.043808][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 54.045558][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 54.046727][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 54.048054][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 54.049389][ T6030] __sys_bpf+0xfc6/0x49a0 [ 54.050928][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 54.052307][ T6030] __x64_sys_bpf+0x78/0xc0 [ 54.053956][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 54.053981][ T6023] ? lock_acquire+0x2f/0xb0 [ 54.055526][ T6030] do_syscall_64+0xcd/0x250 [ 54.056940][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 54.058739][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.059850][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 54.061128][ T6030] page_owner free stack trace missing [ 54.062306][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 54.062329][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 54.062344][ T6023] ? __build_skb_around+0x278/0x3b0 [ 54.062360][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 54.063888][ T6030] Modules linked in: [ 54.065017][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 54.066173][ T6030] [ 54.067799][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 54.083247][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 54.084740][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 54.086138][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 54.087675][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 54.088973][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 54.090345][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 54.091900][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 54.093289][ T6023] ? 0xffffffffa0004340 [ 54.094392][ T6023] ? 0xffffffffa0004340 [ 54.095486][ T6023] ? 0xffffffffa0004340 [ 54.096581][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 54.098192][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 54.099692][ T6023] ? lock_acquire+0x2f/0xb0 [ 54.101090][ T6023] ? __fget_files+0x40/0x3f0 [ 54.102606][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 54.104214][ T6023] ? fput+0x30/0x390 [ 54.105242][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 54.106499][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 54.107965][ T6023] __sys_bpf+0xfc6/0x49a0 [ 54.109037][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 54.110275][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 54.111684][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 54.112843][ T6023] ? __schedule+0xe5d/0x5730 [ 54.114684][ T6023] ? __fget_files+0x23a/0x3f0 [ 54.116008][ T6023] ? do_futex+0x123/0x350 [ 54.117274][ T6023] ? __pfx_do_futex+0x10/0x10 [ 54.118530][ T6023] ? xfd_validate_state+0x5d/0x180 [ 54.119789][ T6023] ? rcu_is_watching+0x12/0xc0 [ 54.120990][ T6023] __x64_sys_bpf+0x78/0xc0 [ 54.122128][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 54.123454][ T6023] do_syscall_64+0xcd/0x250 [ 54.124600][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.126117][ T6023] RIP: 0033:0x7f5f67b7e719 [ 54.127251][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.132250][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 54.134634][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 54.136988][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 54.139037][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 54.141095][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.143205][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 54.145257][ T6023] [ 54.146067][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 54.146141][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8a9 [ 54.149063][ T6030] Tainted: [B]=BAD_PAGE [ 54.150739][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8a9 [ 54.151777][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 54.151788][ T6030] Call Trace: [ 54.151792][ T6030] [ 54.151796][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 54.154068][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 54.156930][ T6030] bad_page+0xb3/0x1f0 [ 54.157834][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 54.158606][ T6030] ? __pfx_bad_page+0x10/0x10 [ 54.159831][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 54.161672][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 54.161694][ T6030] free_unref_page+0x657/0xdc0 [ 54.161707][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 54.162772][ T6023] page dumped because: page_pool leak [ 54.164975][ T6030] ? __phys_addr+0xc6/0x150 [ 54.166200][ T6023] page_owner tracks the page as allocated [ 54.168361][ T6030] skb_free_head+0xa0/0x1d0 [ 54.169558][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959374064, free_ts 0 [ 54.170743][ T6030] skb_release_data+0x560/0x730 [ 54.172278][ T6023] post_alloc_hook+0x2d1/0x350 [ 54.173609][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 54.174758][ T6023] get_page_from_freelist+0x101e/0x3070 [ 54.176172][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 54.177441][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 54.181192][ T6030] ? kernel_text_address+0x8d/0x100 [ 54.182541][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 54.183722][ T6030] ? hlock_class+0x4e/0x130 [ 54.184999][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 54.186379][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 54.188074][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 54.189400][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 54.190720][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 54.192106][ T6030] ? hlock_class+0x4e/0x130 [ 54.192130][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 54.192141][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 54.193327][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 54.194792][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 54.196034][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 54.197324][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 54.199035][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 54.200271][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 54.201508][ T6023] __sys_bpf+0xfc6/0x49a0 [ 54.202736][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 54.204002][ T6023] __x64_sys_bpf+0x78/0xc0 [ 54.205518][ T6030] ? lock_acquire+0x2f/0xb0 [ 54.206963][ T6023] do_syscall_64+0xcd/0x250 [ 54.208232][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 54.209903][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.211200][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 54.212497][ T6023] page_owner free stack trace missing [ 54.213546][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 54.215091][ T6023] Modules linked in: [ 54.216206][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 54.217435][ T6023] [ 54.218533][ T6030] ? __build_skb_around+0x278/0x3b0 [ 54.230383][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 54.231645][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 54.233541][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 54.235192][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 54.236594][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 54.237954][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 54.239392][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 54.240898][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 54.242415][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 54.243718][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 54.245194][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 54.246533][ T6030] ? lock_acquire+0x2f/0xb0 [ 54.247860][ T6030] ? __fget_files+0x40/0x3f0 [ 54.249016][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 54.250473][ T6030] ? fput+0x30/0x390 [ 54.251447][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 54.252659][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 54.254137][ T6030] __sys_bpf+0xfc6/0x49a0 [ 54.255232][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 54.256539][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 54.257745][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 54.259109][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 54.260450][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 54.261738][ T6030] ? find_held_lock+0x59/0x110 [ 54.262927][ T6030] ? lock_acquire+0x2f/0xb0 [ 54.264070][ T6030] __x64_sys_bpf+0x78/0xc0 [ 54.265247][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 54.266560][ T6030] do_syscall_64+0xcd/0x250 [ 54.267749][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.269231][ T6030] RIP: 0033:0x7f5f67b7e719 [ 54.270423][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.275253][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 54.277329][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 54.279327][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 54.281281][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 54.283286][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.285228][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 54.287184][ T6030] [ 54.287980][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 54.288023][ C0] vkms_vblank_simulate: vblank timer overrun [ 54.290963][ T6023] Tainted: [B]=BAD_PAGE [ 54.292489][ T6030] BUG: Bad page state in process syz.1.8 pfn:4d5c6 [ 54.293472][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 54.295079][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d5c6 [ 54.297715][ T6023] Call Trace: [ 54.299846][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 54.300699][ T6023] [ 54.302547][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 54.303250][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 54.303274][ T6023] bad_page+0xb3/0x1f0 [ 54.305344][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 54.306521][ T6023] ? __pfx_bad_page+0x10/0x10 [ 54.307537][ T6030] page dumped because: page_pool leak [ 54.309668][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 54.310863][ T6030] page_owner tracks the page as allocated [ 54.312386][ T6023] free_unref_page+0x657/0xdc0 [ 54.312411][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 54.312429][ T6023] ? __phys_addr+0xc6/0x150 [ 54.312442][ T6023] skb_free_head+0xa0/0x1d0 [ 54.312460][ T6023] skb_release_data+0x560/0x730 [ 54.312472][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 54.312485][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 54.312503][ T6023] ? kernel_text_address+0x8d/0x100 [ 54.312514][ T6023] ? hlock_class+0x4e/0x130 [ 54.312527][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 54.313908][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968358550, free_ts 0 [ 54.315330][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 54.315355][ T6023] ? hlock_class+0x4e/0x130 [ 54.315368][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 54.316761][ T6030] post_alloc_hook+0x2d1/0x350 [ 54.318305][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 54.319422][ T6030] get_page_from_freelist+0x101e/0x3070 [ 54.320519][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 54.320543][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 54.321803][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 54.322992][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 54.324620][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 54.325909][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 54.327049][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 54.328258][ T6023] ? lock_acquire+0x2f/0xb0 [ 54.332007][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 54.333690][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 54.334783][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 54.336011][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 54.337223][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 54.338514][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 54.339873][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 54.341374][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 54.341400][ T6023] ? __build_skb_around+0x278/0x3b0 [ 54.343033][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 54.344348][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 54.345625][ T6030] __sys_bpf+0xfc6/0x49a0 [ 54.346952][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 54.348525][ T6030] __x64_sys_bpf+0x78/0xc0 [ 54.349953][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 54.351072][ T6030] do_syscall_64+0xcd/0x250 [ 54.352361][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 54.352381][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 54.352394][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 54.352408][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 54.353967][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.355186][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 54.356651][ T6030] page_owner free stack trace missing [ 54.358129][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 54.359733][ T6030] Modules linked in: [ 54.361025][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 54.385929][ T6023] ? 0xffffffffa0004340 [ 54.386983][ T6023] ? 0xffffffffa0004340 [ 54.387991][ T6023] ? 0xffffffffa0004340 [ 54.389034][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 54.390504][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 54.391862][ T6023] ? lock_acquire+0x2f/0xb0 [ 54.393014][ T6023] ? __fget_files+0x40/0x3f0 [ 54.394189][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 54.395669][ T6023] ? fput+0x30/0x390 [ 54.396668][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 54.397883][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 54.399357][ T6023] __sys_bpf+0xfc6/0x49a0 [ 54.400463][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 54.401666][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 54.403117][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 54.404356][ T6023] ? __schedule+0xe5d/0x5730 [ 54.405566][ T6023] ? __fget_files+0x23a/0x3f0 [ 54.406791][ T6023] ? do_futex+0x123/0x350 [ 54.407896][ T6023] ? __pfx_do_futex+0x10/0x10 [ 54.409064][ T6023] ? xfd_validate_state+0x5d/0x180 [ 54.410586][ T6023] ? rcu_is_watching+0x12/0xc0 [ 54.411879][ T6023] __x64_sys_bpf+0x78/0xc0 [ 54.413021][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 54.414415][ T6023] do_syscall_64+0xcd/0x250 [ 54.415585][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.417097][ T6023] RIP: 0033:0x7f5f67b7e719 [ 54.418239][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.423038][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 54.425156][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 54.427177][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 54.429185][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 54.431501][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.433632][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 54.435856][ T6023] [ 54.436839][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 54.436925][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d8a8 [ 54.439764][ T6030] Tainted: [B]=BAD_PAGE [ 54.441413][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d8a8 [ 54.442410][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 54.444554][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 54.447224][ T6030] Call Trace: [ 54.447231][ T6030] [ 54.449011][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 54.449844][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 54.450596][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 54.452608][ T6030] bad_page+0xb3/0x1f0 [ 54.452632][ T6030] ? __pfx_bad_page+0x10/0x10 [ 54.452646][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 54.453877][ T6023] page dumped because: page_pool leak [ 54.455948][ T6030] free_unref_page+0x657/0xdc0 [ 54.456960][ T6023] page_owner tracks the page as allocated [ 54.458118][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 54.459294][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959367235, free_ts 0 [ 54.460604][ T6030] ? __phys_addr+0xc6/0x150 [ 54.461904][ T6023] post_alloc_hook+0x2d1/0x350 [ 54.463285][ T6030] skb_free_head+0xa0/0x1d0 [ 54.464750][ T6023] get_page_from_freelist+0x101e/0x3070 [ 54.468458][ T6030] skb_release_data+0x560/0x730 [ 54.469572][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 54.470766][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 54.471941][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 54.473278][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 54.474513][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 54.475820][ T6030] ? kernel_text_address+0x8d/0x100 [ 54.477090][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 54.478612][ T6030] ? hlock_class+0x4e/0x130 [ 54.480253][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 54.481785][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 54.481806][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 54.481825][ T6030] ? hlock_class+0x4e/0x130 [ 54.483085][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 54.484410][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 54.485541][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 54.486807][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 54.488059][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 54.489789][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 54.490902][ T6023] __sys_bpf+0xfc6/0x49a0 [ 54.492412][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 54.492436][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 54.492449][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 54.493716][ T6023] __x64_sys_bpf+0x78/0xc0 [ 54.495008][ T6030] ? lock_acquire+0x2f/0xb0 [ 54.496293][ T6023] do_syscall_64+0xcd/0x250 [ 54.497608][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 54.499084][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.500167][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 54.501815][ T6023] page_owner free stack trace missing [ 54.503081][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 54.504648][ T6023] Modules linked in: [ 54.505782][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 54.506930][ T6023] [ 54.518698][ T6030] ? __build_skb_around+0x278/0x3b0 [ 54.520163][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 54.521522][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 54.523140][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 54.524819][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 54.526247][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 54.527563][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 54.528995][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 54.530711][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 54.532294][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 54.533894][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 54.535375][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 54.536743][ T6030] ? lock_acquire+0x2f/0xb0 [ 54.537929][ T6030] ? __fget_files+0x40/0x3f0 [ 54.539114][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 54.540602][ T6030] ? fput+0x30/0x390 [ 54.541611][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 54.542826][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 54.544268][ T6030] __sys_bpf+0xfc6/0x49a0 [ 54.545369][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 54.546695][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 54.547872][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 54.549200][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 54.550826][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 54.552223][ T6030] ? find_held_lock+0x59/0x110 [ 54.553572][ T6030] ? lock_acquire+0x2f/0xb0 [ 54.554784][ T6030] __x64_sys_bpf+0x78/0xc0 [ 54.555885][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 54.557214][ T6030] do_syscall_64+0xcd/0x250 [ 54.558478][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.559964][ T6030] RIP: 0033:0x7f5f67b7e719 [ 54.561084][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.565930][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 54.568003][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 54.569930][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 54.571801][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 54.573733][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.575660][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 54.577648][ T6030] [ 54.578428][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 54.578472][ C0] vkms_vblank_simulate: vblank timer overrun [ 54.581490][ T6023] Tainted: [B]=BAD_PAGE [ 54.583043][ T6030] BUG: Bad page state in process syz.1.8 pfn:4d5c5 [ 54.584005][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 54.585747][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d5c5 [ 54.588503][ T6023] Call Trace: [ 54.588515][ T6023] [ 54.588520][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 54.590766][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 54.591637][ T6023] bad_page+0xb3/0x1f0 [ 54.591657][ T6023] ? __pfx_bad_page+0x10/0x10 [ 54.591673][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 54.591687][ T6023] free_unref_page+0x657/0xdc0 [ 54.592438][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 54.593640][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 54.595393][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 54.596414][ T6023] ? __phys_addr+0xc6/0x150 [ 54.597617][ T6030] page dumped because: page_pool leak [ 54.598842][ T6023] skb_free_head+0xa0/0x1d0 [ 54.600013][ T6030] page_owner tracks the page as allocated [ 54.602127][ T6023] skb_release_data+0x560/0x730 [ 54.602148][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 54.602164][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 54.603643][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968354665, free_ts 0 [ 54.605752][ T6023] ? kernel_text_address+0x8d/0x100 [ 54.606856][ T6030] post_alloc_hook+0x2d1/0x350 [ 54.608194][ T6023] ? hlock_class+0x4e/0x130 [ 54.609326][ T6030] get_page_from_freelist+0x101e/0x3070 [ 54.610957][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 54.610976][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 54.612352][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 54.613616][ T6023] ? hlock_class+0x4e/0x130 [ 54.615234][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 54.619120][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 54.620458][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 54.621603][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 54.621616][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 54.621634][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 54.621649][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 54.622752][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 54.624097][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 54.625297][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 54.627016][ T6023] ? lock_acquire+0x2f/0xb0 [ 54.628316][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 54.629459][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 54.630904][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 54.632128][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 54.632152][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 54.632170][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 54.633690][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 54.634982][ T6023] ? __build_skb_around+0x278/0x3b0 [ 54.636464][ T6030] __sys_bpf+0xfc6/0x49a0 [ 54.638067][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 54.638092][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 54.639377][ T6030] __x64_sys_bpf+0x78/0xc0 [ 54.640633][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 54.642194][ T6030] do_syscall_64+0xcd/0x250 [ 54.643429][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 54.644554][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.646073][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 54.647760][ T6030] page_owner free stack trace missing [ 54.647768][ T6030] Modules linked in: [ 54.649147][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 54.650685][ T6030] [ 54.673082][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 54.674345][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 54.675656][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 54.677140][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 54.678536][ T6023] ? 0xffffffffa0004340 [ 54.679595][ T6023] ? 0xffffffffa0004340 [ 54.680646][ T6023] ? 0xffffffffa0004340 [ 54.681669][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 54.683172][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 54.684481][ T6023] ? lock_acquire+0x2f/0xb0 [ 54.685606][ T6023] ? __fget_files+0x40/0x3f0 [ 54.686779][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 54.688206][ T6023] ? fput+0x30/0x390 [ 54.689151][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 54.690369][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 54.691836][ T6023] __sys_bpf+0xfc6/0x49a0 [ 54.692934][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 54.694162][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 54.695632][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 54.696838][ T6023] ? __schedule+0xe5d/0x5730 [ 54.698018][ T6023] ? __fget_files+0x23a/0x3f0 [ 54.699213][ T6023] ? do_futex+0x123/0x350 [ 54.700313][ T6023] ? __pfx_do_futex+0x10/0x10 [ 54.701512][ T6023] ? xfd_validate_state+0x5d/0x180 [ 54.702778][ T6023] ? rcu_is_watching+0x12/0xc0 [ 54.704001][ T6023] __x64_sys_bpf+0x78/0xc0 [ 54.705147][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 54.706486][ T6023] do_syscall_64+0xcd/0x250 [ 54.707605][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.709036][ T6023] RIP: 0033:0x7f5f67b7e719 [ 54.710166][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.714923][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 54.716985][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 54.718944][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 54.720851][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 54.722839][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.724824][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 54.726812][ T6023] [ 54.727614][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 54.727683][ T6023] BUG: Bad page state in process syz.1.8 pfn:27a7f [ 54.730670][ T6030] Tainted: [B]=BAD_PAGE [ 54.732318][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27a7f [ 54.733521][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 54.735648][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 54.738463][ T6030] Call Trace: [ 54.740211][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 54.741045][ T6030] [ 54.743186][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 54.743891][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 54.745980][ T6023] page dumped because: page_pool leak [ 54.747155][ T6030] bad_page+0xb3/0x1f0 [ 54.748501][ T6023] page_owner tracks the page as allocated [ 54.749638][ T6030] ? __pfx_bad_page+0x10/0x10 [ 54.751020][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959360040, free_ts 47948403753 [ 54.752461][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 54.752491][ T6030] free_unref_page+0x657/0xdc0 [ 54.756885][ T6023] post_alloc_hook+0x2d1/0x350 [ 54.758233][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 54.759470][ T6023] get_page_from_freelist+0x101e/0x3070 [ 54.760651][ T6030] ? __phys_addr+0xc6/0x150 [ 54.762230][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 54.763586][ T6030] skb_free_head+0xa0/0x1d0 [ 54.764735][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 54.766051][ T6030] skb_release_data+0x560/0x730 [ 54.767304][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 54.768925][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 54.770160][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 54.771730][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 54.771758][ T6030] ? kernel_text_address+0x8d/0x100 [ 54.771770][ T6030] ? hlock_class+0x4e/0x130 [ 54.773007][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 54.774349][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 54.776027][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 54.777294][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 54.778430][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 54.779778][ T6030] ? hlock_class+0x4e/0x130 [ 54.781034][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 54.782576][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 54.782595][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 54.782606][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 54.782624][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 54.784353][ T6023] __sys_bpf+0xfc6/0x49a0 [ 54.785643][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 54.786769][ T6023] __x64_sys_bpf+0x78/0xc0 [ 54.788083][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 54.789313][ T6023] do_syscall_64+0xcd/0x250 [ 54.790599][ T6030] ? lock_acquire+0x2f/0xb0 [ 54.792109][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.793699][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 54.794778][ T6023] page last free pid 6028 tgid 6028 stack trace: [ 54.796063][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 54.797193][ T6023] free_unref_page+0x5f4/0xdc0 [ 54.798753][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 54.799887][ T6023] __put_partials+0x14c/0x170 [ 54.801004][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 54.802507][ T6023] qlist_free_all+0x4e/0x120 [ 54.804057][ T6030] ? __build_skb_around+0x278/0x3b0 [ 54.805666][ T6023] kasan_quarantine_reduce+0x192/0x1e0 [ 54.807182][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 54.808372][ T6023] __kasan_slab_alloc+0x69/0x90 [ 54.810014][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 54.811180][ T6023] kmem_cache_alloc_noprof+0x121/0x2f0 [ 54.812449][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 54.812479][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 54.812493][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 54.813684][ T6023] __anon_vma_prepare+0xae/0x5e0 [ 54.814973][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 54.816314][ T6023] __vmf_anon_prepare+0x11c/0x240 [ 54.817646][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 54.818856][ T6023] do_pte_missing+0x100b/0x3e50 [ 54.820391][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 54.821804][ T6023] __handle_mm_fault+0x100a/0x2a10 [ 54.823427][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 54.824820][ T6023] handle_mm_fault+0x3fa/0xaa0 [ 54.826132][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 54.827342][ T6023] do_user_addr_fault+0x60d/0x13f0 [ 54.828748][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 54.828777][ T6030] ? lock_acquire+0x2f/0xb0 [ 54.828786][ T6030] ? __fget_files+0x40/0x3f0 [ 54.828801][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 54.828816][ T6030] ? fput+0x30/0x390 [ 54.830273][ T6023] exc_page_fault+0x5c/0xc0 [ 54.831692][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 54.831713][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 54.831727][ T6030] __sys_bpf+0xfc6/0x49a0 [ 54.831738][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 54.831747][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 54.833099][ T6023] asm_exc_page_fault+0x26/0x30 [ 54.834520][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 54.835766][ T6023] Modules linked in: [ 54.836959][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 54.838151][ T6023] [ 54.862758][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 54.864590][ T6030] ? find_held_lock+0x59/0x110 [ 54.866343][ T6030] ? lock_acquire+0x2f/0xb0 [ 54.867470][ T6030] __x64_sys_bpf+0x78/0xc0 [ 54.869008][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 54.870371][ T6030] do_syscall_64+0xcd/0x250 [ 54.871557][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.873246][ T6030] RIP: 0033:0x7f5f67b7e719 [ 54.874363][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.879502][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 54.882138][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 54.884208][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 54.886204][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 54.888300][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.890555][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 54.892498][ T6030] [ 54.893448][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 54.893499][ C0] vkms_vblank_simulate: vblank timer overrun [ 54.896678][ T6023] Tainted: [B]=BAD_PAGE [ 54.898430][ T6030] BUG: Bad page state in process syz.1.8 pfn:4d5c4 [ 54.899593][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 54.901228][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d5c4 [ 54.903915][ T6023] Call Trace: [ 54.903925][ T6023] [ 54.903931][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 54.903952][ T6023] bad_page+0xb3/0x1f0 [ 54.903967][ T6023] ? __pfx_bad_page+0x10/0x10 [ 54.906136][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 54.906975][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 54.907714][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 54.908879][ T6023] free_unref_page+0x657/0xdc0 [ 54.909890][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 54.911076][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 54.912899][ T6030] page dumped because: page_pool leak [ 54.914147][ T6023] ? __phys_addr+0xc6/0x150 [ 54.916258][ T6030] page_owner tracks the page as allocated [ 54.917492][ T6023] skb_free_head+0xa0/0x1d0 [ 54.919642][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968350582, free_ts 0 [ 54.921213][ T6023] skb_release_data+0x560/0x730 [ 54.921240][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 54.922612][ T6030] post_alloc_hook+0x2d1/0x350 [ 54.923732][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 54.925083][ T6030] get_page_from_freelist+0x101e/0x3070 [ 54.926207][ T6023] ? kernel_text_address+0x8d/0x100 [ 54.929978][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 54.931183][ T6023] ? hlock_class+0x4e/0x130 [ 54.932444][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 54.933675][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 54.935311][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 54.936738][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 54.936765][ T6023] ? hlock_class+0x4e/0x130 [ 54.936778][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 54.938279][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 54.939609][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 54.940759][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 54.942130][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 54.942160][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 54.942176][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 54.942189][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 54.943635][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 54.945129][ T6023] ? lock_acquire+0x2f/0xb0 [ 54.946919][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 54.948168][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 54.949408][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 54.949429][ T6030] __sys_bpf+0xfc6/0x49a0 [ 54.949440][ T6030] __x64_sys_bpf+0x78/0xc0 [ 54.949450][ T6030] do_syscall_64+0xcd/0x250 [ 54.949465][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.950965][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 54.952803][ T6030] page_owner free stack trace missing [ 54.954188][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 54.954216][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 54.955956][ T6030] Modules linked in: [ 54.957926][ T6023] ? __build_skb_around+0x278/0x3b0 [ 54.982278][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 54.983649][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 54.985272][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 54.986971][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 54.988378][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 54.989724][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 54.991187][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 54.992449][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 54.994156][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 54.995897][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 54.997359][ T6023] ? 0xffffffffa0004340 [ 54.998602][ T6023] ? 0xffffffffa0004340 [ 54.999664][ T6023] ? 0xffffffffa0004340 [ 55.000721][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 55.002221][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 55.003565][ T6023] ? lock_acquire+0x2f/0xb0 [ 55.004767][ T6023] ? __fget_files+0x40/0x3f0 [ 55.006017][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 55.007589][ T6023] ? fput+0x30/0x390 [ 55.008661][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 55.009993][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 55.011594][ T6023] __sys_bpf+0xfc6/0x49a0 [ 55.012733][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 55.014015][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 55.015534][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 55.016738][ T6023] ? __schedule+0xe5d/0x5730 [ 55.017922][ T6023] ? __fget_files+0x23a/0x3f0 [ 55.019118][ T6023] ? do_futex+0x123/0x350 [ 55.020210][ T6023] ? __pfx_do_futex+0x10/0x10 [ 55.021417][ T6023] ? xfd_validate_state+0x5d/0x180 [ 55.022681][ T6023] ? rcu_is_watching+0x12/0xc0 [ 55.023876][ T6023] __x64_sys_bpf+0x78/0xc0 [ 55.025012][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.026361][ T6023] do_syscall_64+0xcd/0x250 [ 55.027604][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.029177][ T6023] RIP: 0033:0x7f5f67b7e719 [ 55.030402][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.035138][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 55.037291][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 55.039252][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 55.041175][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 55.043160][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.045122][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 55.047121][ T6023] [ 55.047935][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 55.047999][ T6023] BUG: Bad page state in process syz.1.8 pfn:27a7e [ 55.050925][ T6030] Tainted: [B]=BAD_PAGE [ 55.052625][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27a7e [ 55.053669][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.055862][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 55.058534][ T6030] Call Trace: [ 55.058548][ T6030] [ 55.060302][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 55.061141][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 55.061933][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 55.064040][ T6030] bad_page+0xb3/0x1f0 [ 55.065238][ T6023] page dumped because: page_pool leak [ 55.067362][ T6030] ? __pfx_bad_page+0x10/0x10 [ 55.068390][ T6023] page_owner tracks the page as allocated [ 55.069766][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 55.070910][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959352263, free_ts 47948403753 [ 55.072652][ T6030] free_unref_page+0x657/0xdc0 [ 55.072672][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 55.072689][ T6030] ? __phys_addr+0xc6/0x150 [ 55.072702][ T6030] skb_free_head+0xa0/0x1d0 [ 55.074226][ T6023] post_alloc_hook+0x2d1/0x350 [ 55.078599][ T6030] skb_release_data+0x560/0x730 [ 55.079909][ T6023] get_page_from_freelist+0x101e/0x3070 [ 55.081411][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 55.081433][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 55.081451][ T6030] ? kernel_text_address+0x8d/0x100 [ 55.081462][ T6030] ? hlock_class+0x4e/0x130 [ 55.082623][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 55.083749][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 55.084940][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 55.086176][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 55.086208][ T6030] ? hlock_class+0x4e/0x130 [ 55.086221][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 55.086233][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 55.087662][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 55.088904][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 55.090842][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 55.092264][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 55.092286][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 55.092300][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 55.093781][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 55.095145][ T6030] ? lock_acquire+0x2f/0xb0 [ 55.095161][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 55.096562][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 55.097991][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 55.099750][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 55.100904][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 55.102265][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 55.103525][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 55.105011][ T6023] __sys_bpf+0xfc6/0x49a0 [ 55.106500][ T6030] ? __build_skb_around+0x278/0x3b0 [ 55.107865][ T6023] __x64_sys_bpf+0x78/0xc0 [ 55.109469][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 55.110742][ T6023] do_syscall_64+0xcd/0x250 [ 55.112312][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 55.112344][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 55.112361][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 55.114703][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.115836][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 55.117592][ T6023] page last free pid 6028 tgid 6028 stack trace: [ 55.119107][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 55.120642][ T6023] free_unref_page+0x5f4/0xdc0 [ 55.121942][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 55.121963][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 55.121977][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 55.121995][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 55.123595][ T6023] __put_partials+0x14c/0x170 [ 55.124839][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 55.126170][ T6023] qlist_free_all+0x4e/0x120 [ 55.127257][ T6030] ? lock_acquire+0x2f/0xb0 [ 55.128575][ T6023] kasan_quarantine_reduce+0x192/0x1e0 [ 55.129710][ T6030] ? __fget_files+0x40/0x3f0 [ 55.131041][ T6023] __kasan_slab_alloc+0x69/0x90 [ 55.132181][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 55.132211][ T6030] ? fput+0x30/0x390 [ 55.132222][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 55.133843][ T6023] kmem_cache_alloc_noprof+0x121/0x2f0 [ 55.135502][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 55.136909][ T6023] __anon_vma_prepare+0xae/0x5e0 [ 55.138395][ T6030] __sys_bpf+0xfc6/0x49a0 [ 55.139764][ T6023] __vmf_anon_prepare+0x11c/0x240 [ 55.141316][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 55.141336][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 55.141361][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 55.142808][ T6023] do_pte_missing+0x100b/0x3e50 [ 55.143993][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 55.145505][ T6023] __handle_mm_fault+0x100a/0x2a10 [ 55.146983][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 55.148204][ T6023] handle_mm_fault+0x3fa/0xaa0 [ 55.148225][ T6023] do_user_addr_fault+0x60d/0x13f0 [ 55.148239][ T6023] exc_page_fault+0x5c/0xc0 [ 55.149875][ T6030] ? find_held_lock+0x59/0x110 [ 55.151102][ T6023] asm_exc_page_fault+0x26/0x30 [ 55.152443][ T6030] ? lock_acquire+0x2f/0xb0 [ 55.152460][ T6030] __x64_sys_bpf+0x78/0xc0 [ 55.152473][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.152488][ T6030] do_syscall_64+0xcd/0x250 [ 55.153700][ T6023] Modules linked in: [ 55.154846][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.156206][ T6023] [ 55.157473][ T6030] RIP: 0033:0x7f5f67b7e719 [ 55.194202][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.199336][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 55.201395][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 55.203446][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 55.205368][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 55.207282][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.209239][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 55.211192][ T6030] [ 55.211956][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 55.211998][ C0] vkms_vblank_simulate: vblank timer overrun [ 55.215287][ T6023] Tainted: [B]=BAD_PAGE [ 55.216864][ T6030] BUG: Bad page state in process syz.1.8 pfn:4d5c3 [ 55.217878][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.219507][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d5c3 [ 55.222223][ T6023] Call Trace: [ 55.222232][ T6023] [ 55.222237][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 55.222257][ T6023] bad_page+0xb3/0x1f0 [ 55.222273][ T6023] ? __pfx_bad_page+0x10/0x10 [ 55.224406][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 55.225246][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 55.225995][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 55.227171][ T6023] free_unref_page+0x657/0xdc0 [ 55.228217][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 55.229439][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 55.231176][ T6030] page dumped because: page_pool leak [ 55.232398][ T6023] ? __phys_addr+0xc6/0x150 [ 55.232418][ T6023] skb_free_head+0xa0/0x1d0 [ 55.232436][ T6023] skb_release_data+0x560/0x730 [ 55.234601][ T6030] page_owner tracks the page as allocated [ 55.235768][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 55.237911][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968346698, free_ts 0 [ 55.239351][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 55.240644][ T6030] post_alloc_hook+0x2d1/0x350 [ 55.241791][ T6023] ? kernel_text_address+0x8d/0x100 [ 55.241811][ T6023] ? hlock_class+0x4e/0x130 [ 55.241824][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 55.242962][ T6030] get_page_from_freelist+0x101e/0x3070 [ 55.244249][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 55.245649][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 55.247046][ T6023] ? hlock_class+0x4e/0x130 [ 55.251225][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 55.252914][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 55.252935][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 55.252946][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 55.252964][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 55.254223][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 55.255480][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 55.256575][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 55.257801][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 55.259243][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 55.261030][ T6023] ? lock_acquire+0x2f/0xb0 [ 55.262490][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 55.263572][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 55.264978][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 55.266244][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 55.267493][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 55.269506][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 55.271167][ T6030] __sys_bpf+0xfc6/0x49a0 [ 55.272801][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 55.272829][ T6023] ? __build_skb_around+0x278/0x3b0 [ 55.272847][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 55.274191][ T6030] __x64_sys_bpf+0x78/0xc0 [ 55.275618][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 55.277374][ T6030] do_syscall_64+0xcd/0x250 [ 55.278670][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 55.279842][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.281421][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 55.281445][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 55.281459][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 55.281472][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 55.283016][ T6030] page_owner free stack trace missing [ 55.284300][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 55.285829][ T6030] Modules linked in: [ 55.287173][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 55.287199][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 55.314398][ T6023] ? 0xffffffffa0004340 [ 55.315458][ T6023] ? 0xffffffffa0004340 [ 55.316619][ T6023] ? 0xffffffffa0004340 [ 55.317714][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 55.319268][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 55.320635][ T6023] ? lock_acquire+0x2f/0xb0 [ 55.321819][ T6023] ? __fget_files+0x40/0x3f0 [ 55.323015][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 55.324513][ T6023] ? fput+0x30/0x390 [ 55.325497][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 55.326794][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 55.328274][ T6023] __sys_bpf+0xfc6/0x49a0 [ 55.329416][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 55.330624][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 55.332094][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 55.333297][ T6023] ? __schedule+0xe5d/0x5730 [ 55.334488][ T6023] ? __fget_files+0x23a/0x3f0 [ 55.335846][ T6023] ? do_futex+0x123/0x350 [ 55.336985][ T6023] ? __pfx_do_futex+0x10/0x10 [ 55.338261][ T6023] ? xfd_validate_state+0x5d/0x180 [ 55.339658][ T6023] ? rcu_is_watching+0x12/0xc0 [ 55.340918][ T6023] __x64_sys_bpf+0x78/0xc0 [ 55.342079][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.343449][ T6023] do_syscall_64+0xcd/0x250 [ 55.344649][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.346204][ T6023] RIP: 0033:0x7f5f67b7e719 [ 55.347374][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.352634][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 55.354784][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 55.356815][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 55.358872][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 55.360896][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.362949][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 55.364988][ T6023] [ 55.365802][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 55.365880][ T6023] BUG: Bad page state in process syz.1.8 pfn:128e5 [ 55.368806][ T6030] Tainted: [B]=BAD_PAGE [ 55.370476][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x128e5 [ 55.371524][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.371534][ T6030] Call Trace: [ 55.371538][ T6030] [ 55.371543][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 55.373669][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 55.376264][ T6030] bad_page+0xb3/0x1f0 [ 55.377102][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 55.377853][ T6030] ? __pfx_bad_page+0x10/0x10 [ 55.379021][ T6023] raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000 [ 55.380787][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 55.381880][ T6023] page dumped because: page_pool leak [ 55.383923][ T6030] free_unref_page+0x657/0xdc0 [ 55.385109][ T6023] page_owner tracks the page as allocated [ 55.387277][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 55.388606][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959313518, free_ts 47877193502 [ 55.389923][ T6030] ? __phys_addr+0xc6/0x150 [ 55.391443][ T6023] post_alloc_hook+0x2d1/0x350 [ 55.392794][ T6030] skb_free_head+0xa0/0x1d0 [ 55.394379][ T6023] get_page_from_freelist+0x101e/0x3070 [ 55.398382][ T6030] skb_release_data+0x560/0x730 [ 55.399522][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 55.400737][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 55.401963][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 55.403283][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 55.404521][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 55.405860][ T6030] ? kernel_text_address+0x8d/0x100 [ 55.407130][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 55.408503][ T6030] ? hlock_class+0x4e/0x130 [ 55.410184][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 55.411649][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 55.411669][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 55.411687][ T6030] ? hlock_class+0x4e/0x130 [ 55.412980][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 55.414729][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 55.416177][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 55.417587][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 55.418868][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 55.420688][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 55.421897][ T6023] __sys_bpf+0xfc6/0x49a0 [ 55.423402][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 55.424654][ T6023] __x64_sys_bpf+0x78/0xc0 [ 55.426070][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 55.427398][ T6023] do_syscall_64+0xcd/0x250 [ 55.428700][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 55.430448][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.431815][ T6030] ? lock_acquire+0x2f/0xb0 [ 55.431835][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 55.431852][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 55.431870][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 55.433590][ T6023] page last free pid 5947 tgid 5947 stack trace: [ 55.434697][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 55.435999][ T6023] free_unref_page+0x5f4/0xdc0 [ 55.437136][ T6030] ? __build_skb_around+0x278/0x3b0 [ 55.438716][ T6023] __put_partials+0x14c/0x170 [ 55.440303][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 55.441488][ T6023] qlist_free_all+0x4e/0x120 [ 55.442965][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 55.444458][ T6023] kasan_quarantine_reduce+0x192/0x1e0 [ 55.446027][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 55.447572][ T6023] __kasan_slab_alloc+0x69/0x90 [ 55.448851][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 55.450062][ T6023] __kmalloc_node_noprof+0x1c3/0x430 [ 55.451644][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 55.451669][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 55.451684][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 55.452863][ T6023] qdisc_alloc+0xbb/0xc50 [ 55.454246][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 55.455392][ T6023] qdisc_create_dflt+0x73/0x440 [ 55.457208][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 55.458597][ T6023] dev_activate+0x63a/0x12b0 [ 55.460223][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 55.461592][ T6023] __dev_open+0x396/0x4e0 [ 55.462947][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 55.464286][ T6023] __dev_change_flags+0x561/0x720 [ 55.465583][ T6030] ? lock_acquire+0x2f/0xb0 [ 55.467014][ T6023] dev_change_flags+0x8f/0x160 [ 55.468419][ T6030] ? __fget_files+0x40/0x3f0 [ 55.469502][ T6023] devinet_ioctl+0x113d/0x1e20 [ 55.470983][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 55.472298][ T6023] inet_ioctl+0x3aa/0x3f0 [ 55.473486][ T6030] ? fput+0x30/0x390 [ 55.474669][ T6023] sock_do_ioctl+0x116/0x280 [ 55.476088][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 55.477173][ T6023] sock_ioctl+0x228/0x6c0 [ 55.478486][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 55.479749][ T6023] Modules linked in: [ 55.480943][ T6030] __sys_bpf+0xfc6/0x49a0 [ 55.495192][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 55.496507][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 55.497725][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 55.499112][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 55.500475][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 55.501808][ T6030] ? find_held_lock+0x59/0x110 [ 55.503039][ T6030] ? lock_acquire+0x2f/0xb0 [ 55.504214][ T6030] __x64_sys_bpf+0x78/0xc0 [ 55.505349][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.506695][ T6030] do_syscall_64+0xcd/0x250 [ 55.507860][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.509390][ T6030] RIP: 0033:0x7f5f67b7e719 [ 55.510677][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.515520][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 55.517622][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 55.519593][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 55.521553][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 55.523472][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.525479][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 55.527414][ T6030] [ 55.528200][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 55.528211][ C0] vkms_vblank_simulate: vblank timer overrun [ 55.528221][ T6023] Tainted: [B]=BAD_PAGE [ 55.531328][ T6030] BUG: Bad page state in process syz.1.8 pfn:4d5c2 [ 55.532794][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.533913][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d5c2 [ 55.535570][ T6023] Call Trace: [ 55.535576][ T6023] [ 55.538221][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 55.540288][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 55.541112][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 55.541855][ T6023] bad_page+0xb3/0x1f0 [ 55.541875][ T6023] ? __pfx_bad_page+0x10/0x10 [ 55.541889][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 55.541903][ T6023] free_unref_page+0x657/0xdc0 [ 55.543681][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 55.544843][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 55.546940][ T6030] page dumped because: page_pool leak [ 55.547983][ T6023] ? __phys_addr+0xc6/0x150 [ 55.549145][ T6030] page_owner tracks the page as allocated [ 55.550550][ T6023] skb_free_head+0xa0/0x1d0 [ 55.551981][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968342660, free_ts 0 [ 55.554020][ T6023] skb_release_data+0x560/0x730 [ 55.554037][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 55.554049][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 55.555562][ T6030] post_alloc_hook+0x2d1/0x350 [ 55.556873][ T6023] ? kernel_text_address+0x8d/0x100 [ 55.557975][ T6030] get_page_from_freelist+0x101e/0x3070 [ 55.559389][ T6023] ? hlock_class+0x4e/0x130 [ 55.560515][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 55.564314][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 55.564332][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 55.564351][ T6023] ? hlock_class+0x4e/0x130 [ 55.564363][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 55.564375][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 55.565583][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 55.566821][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 55.568417][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 55.569602][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 55.570862][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 55.572234][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 55.572255][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 55.572271][ T6023] ? lock_acquire+0x2f/0xb0 [ 55.573391][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 55.574663][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 55.575872][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 55.577601][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 55.578711][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 55.579940][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 55.581185][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 55.582528][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 55.582553][ T6023] ? __build_skb_around+0x278/0x3b0 [ 55.582570][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 55.584044][ T6030] __sys_bpf+0xfc6/0x49a0 [ 55.585506][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 55.587077][ T6030] __x64_sys_bpf+0x78/0xc0 [ 55.588444][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 55.589710][ T6030] do_syscall_64+0xcd/0x250 [ 55.591246][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 55.592386][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.593614][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 55.595140][ T6030] page_owner free stack trace missing [ 55.595148][ T6030] Modules linked in: [ 55.596873][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 55.621265][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 55.622510][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 55.623775][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 55.625249][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 55.626650][ T6023] ? 0xffffffffa0004340 [ 55.627692][ T6023] ? 0xffffffffa0004340 [ 55.628758][ T6023] ? 0xffffffffa0004340 [ 55.630102][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 55.631605][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 55.632952][ T6023] ? lock_acquire+0x2f/0xb0 [ 55.634409][ T6023] ? __fget_files+0x40/0x3f0 [ 55.635592][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 55.637065][ T6023] ? fput+0x30/0x390 [ 55.638118][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 55.639368][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 55.640834][ T6023] __sys_bpf+0xfc6/0x49a0 [ 55.642038][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 55.643262][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 55.644732][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 55.645921][ T6023] ? __schedule+0xe5d/0x5730 [ 55.647061][ T6023] ? __fget_files+0x23a/0x3f0 [ 55.648232][ T6023] ? do_futex+0x123/0x350 [ 55.649355][ T6023] ? __pfx_do_futex+0x10/0x10 [ 55.650550][ T6023] ? xfd_validate_state+0x5d/0x180 [ 55.652033][ T6023] ? rcu_is_watching+0x12/0xc0 [ 55.653312][ T6023] __x64_sys_bpf+0x78/0xc0 [ 55.654444][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.655742][ T6023] do_syscall_64+0xcd/0x250 [ 55.656890][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.658378][ T6023] RIP: 0033:0x7f5f67b7e719 [ 55.659471][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.664077][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 55.666126][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 55.668022][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 55.669899][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 55.671855][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.673788][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 55.675833][ T6023] [ 55.676643][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 55.676714][ T6023] BUG: Bad page state in process syz.1.8 pfn:128e4 [ 55.679513][ T6030] Tainted: [B]=BAD_PAGE [ 55.681209][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880128e7c00 pfn:0x128e4 [ 55.682294][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.682302][ T6030] Call Trace: [ 55.682307][ T6030] [ 55.682311][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 55.682331][ T6030] bad_page+0xb3/0x1f0 [ 55.682346][ T6030] ? __pfx_bad_page+0x10/0x10 [ 55.684838][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 55.687434][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 55.688264][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 55.689023][ T6030] free_unref_page+0x657/0xdc0 [ 55.690185][ T6023] raw: ffff8880128e7c00 0000000000000001 00000000ffffffff 0000000000000000 [ 55.691154][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 55.692374][ T6023] page dumped because: page_pool leak [ 55.694074][ T6030] ? __phys_addr+0xc6/0x150 [ 55.695265][ T6023] page_owner tracks the page as allocated [ 55.697787][ T6030] skb_free_head+0xa0/0x1d0 [ 55.699035][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959307383, free_ts 47877193502 [ 55.701100][ T6030] skb_release_data+0x560/0x730 [ 55.702768][ T6023] post_alloc_hook+0x2d1/0x350 [ 55.704022][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 55.705142][ T6023] get_page_from_freelist+0x101e/0x3070 [ 55.706548][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 55.707695][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 55.711805][ T6030] ? kernel_text_address+0x8d/0x100 [ 55.711834][ T6030] ? hlock_class+0x4e/0x130 [ 55.713048][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 55.714504][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 55.715879][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 55.717293][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 55.719020][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 55.720307][ T6030] ? hlock_class+0x4e/0x130 [ 55.721693][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 55.722709][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 55.724091][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 55.725330][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 55.726844][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 55.728540][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 55.729876][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 55.731011][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 55.732365][ T6023] __sys_bpf+0xfc6/0x49a0 [ 55.733993][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 55.736447][ T6023] __x64_sys_bpf+0x78/0xc0 [ 55.737811][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 55.739173][ T6023] do_syscall_64+0xcd/0x250 [ 55.740649][ T6030] ? lock_acquire+0x2f/0xb0 [ 55.742031][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.743575][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 55.744648][ T6023] page last free pid 5947 tgid 5947 stack trace: [ 55.745920][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 55.747087][ T6023] free_unref_page+0x5f4/0xdc0 [ 55.748615][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 55.749888][ T6023] __put_partials+0x14c/0x170 [ 55.751067][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 55.752608][ T6023] qlist_free_all+0x4e/0x120 [ 55.754144][ T6030] ? __build_skb_around+0x278/0x3b0 [ 55.755699][ T6023] kasan_quarantine_reduce+0x192/0x1e0 [ 55.757292][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 55.758510][ T6023] __kasan_slab_alloc+0x69/0x90 [ 55.760120][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 55.761405][ T6023] __kmalloc_node_noprof+0x1c3/0x430 [ 55.762649][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 55.763794][ T6023] qdisc_alloc+0xbb/0xc50 [ 55.765199][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 55.766592][ T6023] qdisc_create_dflt+0x73/0x440 [ 55.767899][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 55.769135][ T6023] dev_activate+0x63a/0x12b0 [ 55.770687][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 55.772216][ T6023] __dev_open+0x396/0x4e0 [ 55.773852][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 55.774933][ T6023] __dev_change_flags+0x561/0x720 [ 55.776308][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 55.777499][ T6023] dev_change_flags+0x8f/0x160 [ 55.778820][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 55.779989][ T6023] devinet_ioctl+0x113d/0x1e20 [ 55.781457][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 55.781484][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 55.781501][ T6030] ? lock_acquire+0x2f/0xb0 [ 55.782556][ T6023] inet_ioctl+0x3aa/0x3f0 [ 55.783991][ T6030] ? __fget_files+0x40/0x3f0 [ 55.785412][ T6023] sock_do_ioctl+0x116/0x280 [ 55.786901][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 55.788270][ T6023] sock_ioctl+0x228/0x6c0 [ 55.789461][ T6030] ? fput+0x30/0x390 [ 55.789477][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 55.789492][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 55.790884][ T6023] Modules linked in: [ 55.792331][ T6030] __sys_bpf+0xfc6/0x49a0 [ 55.792348][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 55.792358][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 55.792369][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 55.792384][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 55.793807][ T6023] [ 55.794958][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 55.813852][ T6030] ? find_held_lock+0x59/0x110 [ 55.815064][ T6030] ? lock_acquire+0x2f/0xb0 [ 55.816210][ T6030] __x64_sys_bpf+0x78/0xc0 [ 55.817345][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.818649][ T6030] do_syscall_64+0xcd/0x250 [ 55.819806][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.821293][ T6030] RIP: 0033:0x7f5f67b7e719 [ 55.822419][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.827141][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 55.829195][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 55.831165][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 55.833536][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 55.835463][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.837513][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 55.839519][ T6030] [ 55.840303][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 55.840349][ C0] vkms_vblank_simulate: vblank timer overrun [ 55.843294][ T6023] Tainted: [B]=BAD_PAGE [ 55.844773][ T6030] BUG: Bad page state in process syz.1.8 pfn:4d5c1 [ 55.845761][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.847354][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d5c1 [ 55.850089][ T6023] Call Trace: [ 55.850098][ T6023] [ 55.852299][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 55.853147][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 55.853954][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 55.855744][ T6023] bad_page+0xb3/0x1f0 [ 55.856925][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 55.859063][ T6023] ? __pfx_bad_page+0x10/0x10 [ 55.860034][ T6030] page dumped because: page_pool leak [ 55.862245][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 55.862269][ T6023] free_unref_page+0x657/0xdc0 [ 55.862281][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 55.863483][ T6030] page_owner tracks the page as allocated [ 55.864773][ T6023] ? __phys_addr+0xc6/0x150 [ 55.865949][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968338702, free_ts 0 [ 55.867144][ T6023] skb_free_head+0xa0/0x1d0 [ 55.868717][ T6030] post_alloc_hook+0x2d1/0x350 [ 55.870277][ T6023] skb_release_data+0x560/0x730 [ 55.870299][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 55.871636][ T6030] get_page_from_freelist+0x101e/0x3070 [ 55.876098][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 55.877266][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 55.878559][ T6023] ? kernel_text_address+0x8d/0x100 [ 55.879750][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 55.881058][ T6023] ? hlock_class+0x4e/0x130 [ 55.882462][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 55.884065][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 55.885495][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 55.886805][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 55.886829][ T6023] ? hlock_class+0x4e/0x130 [ 55.888210][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 55.890140][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 55.891722][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 55.893171][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 55.894488][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 55.896267][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 55.897367][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 55.898716][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 55.899986][ T6030] __sys_bpf+0xfc6/0x49a0 [ 55.901567][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 55.901589][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 55.901605][ T6023] ? lock_acquire+0x2f/0xb0 [ 55.902905][ T6030] __x64_sys_bpf+0x78/0xc0 [ 55.904220][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 55.904244][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 55.905744][ T6030] do_syscall_64+0xcd/0x250 [ 55.907138][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 55.908711][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.910114][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 55.911776][ T6030] page_owner free stack trace missing [ 55.913661][ T6023] ? __build_skb_around+0x278/0x3b0 [ 55.914802][ T6030] Modules linked in: [ 55.915916][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 55.930182][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 55.931867][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 55.933626][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 55.935056][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 55.936411][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 55.938065][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 55.939248][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 55.940490][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 55.942057][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 55.943426][ T6023] ? 0xffffffffa0004340 [ 55.944479][ T6023] ? 0xffffffffa0004340 [ 55.945619][ T6023] ? 0xffffffffa0004340 [ 55.946921][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 55.948746][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 55.950229][ T6023] ? lock_acquire+0x2f/0xb0 [ 55.951514][ T6023] ? __fget_files+0x40/0x3f0 [ 55.952748][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 55.954305][ T6023] ? fput+0x30/0x390 [ 55.955336][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 55.956907][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 55.958452][ T6023] __sys_bpf+0xfc6/0x49a0 [ 55.959521][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 55.960775][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 55.962224][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 55.963470][ T6023] ? __schedule+0xe5d/0x5730 [ 55.964677][ T6023] ? __fget_files+0x23a/0x3f0 [ 55.965890][ T6023] ? do_futex+0x123/0x350 [ 55.967094][ T6023] ? __pfx_do_futex+0x10/0x10 [ 55.968328][ T6023] ? xfd_validate_state+0x5d/0x180 [ 55.969725][ T6023] ? rcu_is_watching+0x12/0xc0 [ 55.971017][ T6023] __x64_sys_bpf+0x78/0xc0 [ 55.972195][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.973691][ T6023] do_syscall_64+0xcd/0x250 [ 55.975096][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.976967][ T6023] RIP: 0033:0x7f5f67b7e719 [ 55.978410][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.983366][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 55.985488][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 55.987468][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 55.989474][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 55.991434][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.993465][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 55.995442][ T6023] [ 55.996229][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 55.996305][ T6023] BUG: Bad page state in process syz.1.8 pfn:296fb [ 55.999313][ T6030] Tainted: [B]=BAD_PAGE [ 56.001025][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x296fb [ 56.002105][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 56.002116][ T6030] Call Trace: [ 56.002123][ T6030] [ 56.002128][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 56.002149][ T6030] bad_page+0xb3/0x1f0 [ 56.004292][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 56.006955][ T6030] ? __pfx_bad_page+0x10/0x10 [ 56.007906][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 56.008669][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 56.009894][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 56.010907][ T6030] free_unref_page+0x657/0xdc0 [ 56.012789][ T6023] page dumped because: page_pool leak [ 56.013929][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 56.016062][ T6023] page_owner tracks the page as allocated [ 56.017307][ T6030] ? __phys_addr+0xc6/0x150 [ 56.019507][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959300507, free_ts 47876757765 [ 56.020695][ T6030] skb_free_head+0xa0/0x1d0 [ 56.022125][ T6023] post_alloc_hook+0x2d1/0x350 [ 56.023610][ T6030] skb_release_data+0x560/0x730 [ 56.025116][ T6023] get_page_from_freelist+0x101e/0x3070 [ 56.026311][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 56.030940][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 56.032229][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 56.032266][ T6030] ? kernel_text_address+0x8d/0x100 [ 56.032279][ T6030] ? hlock_class+0x4e/0x130 [ 56.032293][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 56.032305][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 56.032325][ T6030] ? hlock_class+0x4e/0x130 [ 56.032340][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 56.033841][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 56.035149][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 56.036871][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 56.038138][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 56.039499][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 56.041169][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 56.042568][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 56.043655][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 56.044903][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 56.046689][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 56.047845][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 56.049086][ T6030] ? lock_acquire+0x2f/0xb0 [ 56.050447][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 56.051755][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 56.051786][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 56.051804][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 56.053288][ T6023] __sys_bpf+0xfc6/0x49a0 [ 56.054773][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 56.056114][ T6023] __x64_sys_bpf+0x78/0xc0 [ 56.057869][ T6030] ? __build_skb_around+0x278/0x3b0 [ 56.059178][ T6023] do_syscall_64+0xcd/0x250 [ 56.060547][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 56.062305][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.064048][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 56.065528][ T6023] page last free pid 5947 tgid 5947 stack trace: [ 56.066735][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 56.068040][ T6023] free_unref_page+0x5f4/0xdc0 [ 56.069643][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 56.071334][ T6023] __put_partials+0x14c/0x170 [ 56.072967][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 56.074152][ T6023] qlist_free_all+0x4e/0x120 [ 56.075446][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 56.076571][ T6023] kasan_quarantine_reduce+0x192/0x1e0 [ 56.077886][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 56.079061][ T6023] __kasan_slab_alloc+0x69/0x90 [ 56.080389][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 56.082094][ T6023] __kmalloc_node_noprof+0x1c3/0x430 [ 56.083612][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 56.085229][ T6023] qdisc_alloc+0xbb/0xc50 [ 56.087120][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 56.088469][ T6023] qdisc_create_dflt+0x73/0x440 [ 56.090070][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 56.091608][ T6023] dev_activate+0x63a/0x12b0 [ 56.093237][ T6030] ? lock_acquire+0x2f/0xb0 [ 56.094743][ T6023] __dev_open+0x396/0x4e0 [ 56.096237][ T6030] ? __fget_files+0x40/0x3f0 [ 56.097719][ T6023] __dev_change_flags+0x561/0x720 [ 56.099189][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 56.100448][ T6023] dev_change_flags+0x8f/0x160 [ 56.101945][ T6030] ? fput+0x30/0x390 [ 56.101973][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 56.101988][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 56.102002][ T6030] __sys_bpf+0xfc6/0x49a0 [ 56.102013][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 56.103405][ T6023] devinet_ioctl+0x113d/0x1e20 [ 56.104659][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 56.105747][ T6023] inet_ioctl+0x3aa/0x3f0 [ 56.107241][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 56.108670][ T6023] sock_do_ioctl+0x116/0x280 [ 56.110072][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 56.111460][ T6023] sock_ioctl+0x228/0x6c0 [ 56.112536][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 56.113661][ T6023] Modules linked in: [ 56.114809][ T6030] ? find_held_lock+0x59/0x110 [ 56.116061][ T6023] [ 56.117570][ T6030] ? lock_acquire+0x2f/0xb0 [ 56.141657][ T6030] __x64_sys_bpf+0x78/0xc0 [ 56.142784][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 56.144090][ T6030] do_syscall_64+0xcd/0x250 [ 56.145219][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.146714][ T6030] RIP: 0033:0x7f5f67b7e719 [ 56.148102][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.152967][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 56.155201][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 56.157573][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 56.159744][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 56.161902][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.163854][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 56.165824][ T6030] [ 56.166619][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 56.166672][ C0] vkms_vblank_simulate: vblank timer overrun [ 56.169852][ T6023] Tainted: [B]=BAD_PAGE [ 56.171467][ T6030] BUG: Bad page state in process syz.1.8 pfn:4d5c0 [ 56.172634][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 56.174306][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d5c0 [ 56.177423][ T6023] Call Trace: [ 56.177434][ T6023] [ 56.179843][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 56.180719][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 56.181641][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 56.183650][ T6023] bad_page+0xb3/0x1f0 [ 56.184948][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 56.187209][ T6023] ? __pfx_bad_page+0x10/0x10 [ 56.187239][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 56.188411][ T6030] page dumped because: page_pool leak [ 56.190582][ T6023] free_unref_page+0x657/0xdc0 [ 56.191828][ T6030] page_owner tracks the page as allocated [ 56.192997][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 56.194575][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968334721, free_ts 0 [ 56.195790][ T6023] ? __phys_addr+0xc6/0x150 [ 56.197357][ T6030] post_alloc_hook+0x2d1/0x350 [ 56.198859][ T6023] skb_free_head+0xa0/0x1d0 [ 56.203200][ T6030] get_page_from_freelist+0x101e/0x3070 [ 56.204403][ T6023] skb_release_data+0x560/0x730 [ 56.205801][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 56.207023][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 56.208658][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 56.210025][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 56.211565][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 56.212944][ T6023] ? kernel_text_address+0x8d/0x100 [ 56.214401][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 56.216124][ T6023] ? hlock_class+0x4e/0x130 [ 56.217592][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 56.218915][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 56.220297][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 56.221543][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 56.221577][ T6023] ? hlock_class+0x4e/0x130 [ 56.221589][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 56.222958][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 56.224281][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 56.225912][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 56.227674][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 56.228795][ T6030] __sys_bpf+0xfc6/0x49a0 [ 56.230070][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 56.231781][ T6030] __x64_sys_bpf+0x78/0xc0 [ 56.233037][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 56.234670][ T6030] do_syscall_64+0xcd/0x250 [ 56.236387][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 56.237671][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.239520][ T6023] ? lock_acquire+0x2f/0xb0 [ 56.240999][ T6030] page_owner free stack trace missing [ 56.242751][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 56.242780][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 56.242802][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 56.242823][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 56.244260][ T6030] Modules linked in: [ 56.245834][ T6023] ? __build_skb_around+0x278/0x3b0 [ 56.247284][ T6030] [ 56.248386][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 56.260616][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 56.262363][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 56.264078][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 56.265558][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 56.266910][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 56.268339][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 56.269639][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 56.270960][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 56.272447][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 56.273828][ T6023] ? 0xffffffffa0004340 [ 56.274883][ T6023] ? 0xffffffffa0004340 [ 56.275950][ T6023] ? 0xffffffffa0004340 [ 56.276998][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 56.278494][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 56.279898][ T6023] ? lock_acquire+0x2f/0xb0 [ 56.281036][ T6023] ? __fget_files+0x40/0x3f0 [ 56.282211][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 56.283721][ T6023] ? fput+0x30/0x390 [ 56.284742][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 56.285985][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 56.287556][ T6023] __sys_bpf+0xfc6/0x49a0 [ 56.288731][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 56.290063][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 56.291660][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 56.293003][ T6023] ? __schedule+0xe5d/0x5730 [ 56.294293][ T6023] ? __fget_files+0x23a/0x3f0 [ 56.295543][ T6023] ? do_futex+0x123/0x350 [ 56.296627][ T6023] ? __pfx_do_futex+0x10/0x10 [ 56.297864][ T6023] ? xfd_validate_state+0x5d/0x180 [ 56.299160][ T6023] ? rcu_is_watching+0x12/0xc0 [ 56.300348][ T6023] __x64_sys_bpf+0x78/0xc0 [ 56.301472][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 56.302808][ T6023] do_syscall_64+0xcd/0x250 [ 56.304005][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.305575][ T6023] RIP: 0033:0x7f5f67b7e719 [ 56.306896][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.311978][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 56.314148][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 56.316102][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 56.318085][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 56.320027][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.322000][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 56.323990][ T6023] [ 56.324789][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 56.324854][ T6023] BUG: Bad page state in process syz.1.8 pfn:296fa [ 56.327791][ T6030] Tainted: [B]=BAD_PAGE [ 56.329417][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x296fa [ 56.330425][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 56.332613][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 56.335272][ T6030] Call Trace: [ 56.337094][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 56.337981][ T6030] [ 56.340058][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 56.340790][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 56.342997][ T6023] page dumped because: page_pool leak [ 56.344193][ T6030] bad_page+0xb3/0x1f0 [ 56.345526][ T6023] page_owner tracks the page as allocated [ 56.346553][ T6030] ? __pfx_bad_page+0x10/0x10 [ 56.347976][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959293891, free_ts 47876757765 [ 56.349192][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 56.353267][ T6023] post_alloc_hook+0x2d1/0x350 [ 56.354596][ T6030] free_unref_page+0x657/0xdc0 [ 56.355769][ T6023] get_page_from_freelist+0x101e/0x3070 [ 56.356972][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 56.358279][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 56.359833][ T6030] ? __phys_addr+0xc6/0x150 [ 56.361107][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 56.362200][ T6030] skb_free_head+0xa0/0x1d0 [ 56.362226][ T6030] skb_release_data+0x560/0x730 [ 56.362238][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 56.363591][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 56.364745][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 56.366014][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 56.367332][ T6030] ? kernel_text_address+0x8d/0x100 [ 56.368807][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 56.370846][ T6030] ? hlock_class+0x4e/0x130 [ 56.372605][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 56.373881][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 56.375210][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 56.376397][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 56.377979][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 56.379295][ T6030] ? hlock_class+0x4e/0x130 [ 56.380664][ T6023] __sys_bpf+0xfc6/0x49a0 [ 56.382456][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 56.382485][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 56.382496][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 56.382514][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 56.383849][ T6023] __x64_sys_bpf+0x78/0xc0 [ 56.385024][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 56.386171][ T6023] do_syscall_64+0xcd/0x250 [ 56.387607][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 56.388952][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.390652][ T6030] ? lock_acquire+0x2f/0xb0 [ 56.392519][ T6023] page last free pid 5947 tgid 5947 stack trace: [ 56.393601][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 56.394889][ T6023] free_unref_page+0x5f4/0xdc0 [ 56.396047][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 56.397619][ T6023] __put_partials+0x14c/0x170 [ 56.399060][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 56.400239][ T6023] qlist_free_all+0x4e/0x120 [ 56.401763][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 56.401784][ T6030] ? __build_skb_around+0x278/0x3b0 [ 56.401801][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 56.401817][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 56.403350][ T6023] kasan_quarantine_reduce+0x192/0x1e0 [ 56.404546][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 56.406069][ T6023] __kasan_slab_alloc+0x69/0x90 [ 56.407250][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 56.408867][ T6023] __kmalloc_node_noprof+0x1c3/0x430 [ 56.409989][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 56.411251][ T6023] qdisc_alloc+0xbb/0xc50 [ 56.412511][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 56.413854][ T6023] qdisc_create_dflt+0x73/0x440 [ 56.415425][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 56.416732][ T6023] dev_activate+0x63a/0x12b0 [ 56.418327][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 56.419518][ T6023] __dev_open+0x396/0x4e0 [ 56.420828][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 56.422124][ T6023] __dev_change_flags+0x561/0x720 [ 56.423384][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 56.424435][ T6023] dev_change_flags+0x8f/0x160 [ 56.425862][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 56.427089][ T6023] devinet_ioctl+0x113d/0x1e20 [ 56.428591][ T6030] ? lock_acquire+0x2f/0xb0 [ 56.429716][ T6023] inet_ioctl+0x3aa/0x3f0 [ 56.431933][ T6030] ? __fget_files+0x40/0x3f0 [ 56.431968][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 56.431989][ T6030] ? fput+0x30/0x390 [ 56.432002][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 56.432019][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 56.433382][ T6023] sock_do_ioctl+0x116/0x280 [ 56.434682][ T6030] __sys_bpf+0xfc6/0x49a0 [ 56.435904][ T6023] sock_ioctl+0x228/0x6c0 [ 56.437337][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 56.438515][ T6023] Modules linked in: [ 56.439827][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 56.441006][ T6023] [ 56.442092][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 56.442115][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 56.442125][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 56.442147][ T6030] ? find_held_lock+0x59/0x110 [ 56.461912][ T6030] ? lock_acquire+0x2f/0xb0 [ 56.463067][ T6030] __x64_sys_bpf+0x78/0xc0 [ 56.464500][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 56.465899][ T6030] do_syscall_64+0xcd/0x250 [ 56.467086][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.468837][ T6030] RIP: 0033:0x7f5f67b7e719 [ 56.470101][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.475471][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 56.477669][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 56.479877][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 56.481927][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 56.483954][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.485962][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 56.488200][ T6030] [ 56.489366][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 56.489418][ C0] vkms_vblank_simulate: vblank timer overrun [ 56.492392][ T6023] Tainted: [B]=BAD_PAGE [ 56.494051][ T6030] BUG: Bad page state in process syz.1.8 pfn:4d44f [ 56.495024][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 56.496792][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d44f [ 56.500000][ T6023] Call Trace: [ 56.500010][ T6023] [ 56.502482][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 56.503326][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 56.503350][ T6023] bad_page+0xb3/0x1f0 [ 56.504124][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 56.505997][ T6023] ? __pfx_bad_page+0x10/0x10 [ 56.507332][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 56.508594][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 56.510682][ T6030] page dumped because: page_pool leak [ 56.511888][ T6023] free_unref_page+0x657/0xdc0 [ 56.511907][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 56.511925][ T6023] ? __phys_addr+0xc6/0x150 [ 56.511938][ T6023] skb_free_head+0xa0/0x1d0 [ 56.514058][ T6030] page_owner tracks the page as allocated [ 56.514065][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968330671, free_ts 0 [ 56.515298][ T6023] skb_release_data+0x560/0x730 [ 56.516740][ T6030] post_alloc_hook+0x2d1/0x350 [ 56.518047][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 56.519575][ T6030] get_page_from_freelist+0x101e/0x3070 [ 56.520739][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 56.520763][ T6023] ? kernel_text_address+0x8d/0x100 [ 56.522008][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 56.523538][ T6023] ? hlock_class+0x4e/0x130 [ 56.527389][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 56.528617][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 56.530106][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 56.531352][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 56.531376][ T6023] ? hlock_class+0x4e/0x130 [ 56.531392][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 56.531404][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 56.531415][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 56.531433][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 56.533073][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 56.534682][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 56.535994][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 56.537307][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 56.537351][ T6023] ? lock_acquire+0x2f/0xb0 [ 56.538516][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 56.539902][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 56.541362][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 56.542878][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 56.544871][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 56.546230][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 56.547682][ T6030] __sys_bpf+0xfc6/0x49a0 [ 56.549039][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 56.550644][ T6030] __x64_sys_bpf+0x78/0xc0 [ 56.552300][ T6023] ? __build_skb_around+0x278/0x3b0 [ 56.552328][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 56.552344][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 56.552363][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 56.553787][ T6030] do_syscall_64+0xcd/0x250 [ 56.555048][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 56.556307][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.557848][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 56.558951][ T6030] page_owner free stack trace missing [ 56.560457][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 56.562104][ T6030] Modules linked in: [ 56.563335][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 56.564834][ T6030] [ 56.566146][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 56.589712][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 56.591156][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 56.592437][ T6023] ? 0xffffffffa0004340 [ 56.593632][ T6023] ? 0xffffffffa0004340 [ 56.594718][ T6023] ? 0xffffffffa0004340 [ 56.595857][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 56.597377][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 56.598779][ T6023] ? lock_acquire+0x2f/0xb0 [ 56.599913][ T6023] ? __fget_files+0x40/0x3f0 [ 56.601088][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 56.602600][ T6023] ? fput+0x30/0x390 [ 56.603598][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 56.604808][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 56.606309][ T6023] __sys_bpf+0xfc6/0x49a0 [ 56.607431][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 56.608693][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 56.610201][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 56.611449][ T6023] ? __schedule+0xe5d/0x5730 [ 56.612657][ T6023] ? __fget_files+0x23a/0x3f0 [ 56.614062][ T6023] ? do_futex+0x123/0x350 [ 56.615236][ T6023] ? __pfx_do_futex+0x10/0x10 [ 56.616470][ T6023] ? xfd_validate_state+0x5d/0x180 [ 56.617829][ T6023] ? rcu_is_watching+0x12/0xc0 [ 56.619178][ T6023] __x64_sys_bpf+0x78/0xc0 [ 56.620365][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 56.621737][ T6023] do_syscall_64+0xcd/0x250 [ 56.622942][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.624498][ T6023] RIP: 0033:0x7f5f67b7e719 [ 56.625695][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.630711][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 56.632811][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 56.634821][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 56.636788][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 56.638807][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.640842][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 56.642902][ T6023] [ 56.643719][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 56.643788][ T6023] BUG: Bad page state in process syz.1.8 pfn:296f9 [ 56.646945][ T6030] Tainted: [B]=BAD_PAGE [ 56.648623][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x296f9 [ 56.649692][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 56.651943][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 56.654633][ T6030] Call Trace: [ 56.656457][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 56.657339][ T6030] [ 56.657352][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 56.657374][ T6030] bad_page+0xb3/0x1f0 [ 56.657390][ T6030] ? __pfx_bad_page+0x10/0x10 [ 56.659565][ T6023] raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000 [ 56.660313][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 56.661592][ T6023] page dumped because: page_pool leak [ 56.662592][ T6030] free_unref_page+0x657/0xdc0 [ 56.663779][ T6023] page_owner tracks the page as allocated [ 56.665909][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 56.667145][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959287518, free_ts 47876757765 [ 56.668567][ T6030] ? __phys_addr+0xc6/0x150 [ 56.669826][ T6023] post_alloc_hook+0x2d1/0x350 [ 56.671308][ T6030] skb_free_head+0xa0/0x1d0 [ 56.671337][ T6030] skb_release_data+0x560/0x730 [ 56.671350][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 56.671363][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 56.671380][ T6030] ? kernel_text_address+0x8d/0x100 [ 56.671392][ T6030] ? hlock_class+0x4e/0x130 [ 56.671492][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 56.671509][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 56.671528][ T6030] ? hlock_class+0x4e/0x130 [ 56.671541][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 56.671556][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 56.671568][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 56.671586][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 56.671602][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 56.671616][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 56.671633][ T6030] ? lock_acquire+0x2f/0xb0 [ 56.671643][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 56.671660][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 56.671677][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 56.671693][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 56.671711][ T6030] ? __build_skb_around+0x278/0x3b0 [ 56.671727][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 56.671742][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 56.671760][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 56.671778][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 56.671795][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 56.671809][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 56.671824][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 56.671836][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 56.671849][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 56.671868][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 56.671882][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 56.671898][ T6030] ? lock_acquire+0x2f/0xb0 [ 56.671907][ T6030] ? __fget_files+0x40/0x3f0 [ 56.671922][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 56.671938][ T6030] ? fput+0x30/0x390 [ 56.671950][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 56.671965][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 56.671980][ T6030] __sys_bpf+0xfc6/0x49a0 [ 56.671991][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 56.673642][ T6023] get_page_from_freelist+0x101e/0x3070 [ 56.677774][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 56.678884][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 56.680021][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 56.681133][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 56.682330][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 56.682351][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 56.682367][ T6030] ? find_held_lock+0x59/0x110 [ 56.683622][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 56.685268][ T6030] ? lock_acquire+0x2f/0xb0 [ 56.687020][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 56.688217][ T6030] __x64_sys_bpf+0x78/0xc0 [ 56.689631][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 56.691344][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 56.691366][ T6030] do_syscall_64+0xcd/0x250 [ 56.691382][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.691398][ T6030] RIP: 0033:0x7f5f67b7e719 [ 56.691408][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.691477][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 56.691497][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 56.691505][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 56.691512][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 56.691519][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.691526][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 56.691536][ T6030] [ 56.691594][ C0] vkms_vblank_simulate: vblank timer overrun [ 56.691637][ T6030] BUG: Bad page state in process syz.1.8 pfn:4d44e [ 56.692907][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 56.694268][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d44e [ 56.695709][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 56.697245][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 56.698852][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 56.700128][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 56.701802][ T6023] __sys_bpf+0xfc6/0x49a0 [ 56.702928][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 56.704591][ T6023] __x64_sys_bpf+0x78/0xc0 [ 56.704609][ T6023] do_syscall_64+0xcd/0x250 [ 56.706218][ T6030] page dumped because: page_pool leak [ 56.707900][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.709241][ T6030] page_owner tracks the page as allocated [ 56.710583][ T6023] page last free pid 5947 tgid 5947 stack trace: [ 56.711983][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968326512, free_ts 0 [ 56.713812][ T6023] free_unref_page+0x5f4/0xdc0 [ 56.715453][ T6030] post_alloc_hook+0x2d1/0x350 [ 56.717014][ T6023] __put_partials+0x14c/0x170 [ 56.718303][ T6030] get_page_from_freelist+0x101e/0x3070 [ 56.719782][ T6023] qlist_free_all+0x4e/0x120 [ 56.719801][ T6023] kasan_quarantine_reduce+0x192/0x1e0 [ 56.721247][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 56.721304][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 56.722809][ T6023] __kasan_slab_alloc+0x69/0x90 [ 56.724163][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 56.725633][ T6023] __kmalloc_node_noprof+0x1c3/0x430 [ 56.726957][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 56.728106][ T6023] qdisc_alloc+0xbb/0xc50 [ 56.729244][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 56.730698][ T6023] qdisc_create_dflt+0x73/0x440 [ 56.731783][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 56.732968][ T6023] dev_activate+0x63a/0x12b0 [ 56.734682][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 56.735761][ T6023] __dev_open+0x396/0x4e0 [ 56.737072][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 56.738463][ T6023] __dev_change_flags+0x561/0x720 [ 56.739668][ T6030] __sys_bpf+0xfc6/0x49a0 [ 56.740987][ T6023] dev_change_flags+0x8f/0x160 [ 56.742431][ T6030] __x64_sys_bpf+0x78/0xc0 [ 56.743782][ T6023] devinet_ioctl+0x113d/0x1e20 [ 56.745128][ T6030] do_syscall_64+0xcd/0x250 [ 56.746511][ T6023] inet_ioctl+0x3aa/0x3f0 [ 56.747754][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.749213][ T6023] sock_do_ioctl+0x116/0x280 [ 56.750321][ T6030] page_owner free stack trace missing [ 56.751695][ T6023] sock_ioctl+0x228/0x6c0 [ 56.752797][ T6030] Modules linked in: [ 56.754046][ T6023] Modules linked in: [ 56.754061][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 56.851969][ T6023] Tainted: [B]=BAD_PAGE [ 56.853074][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 56.855791][ T6023] Call Trace: [ 56.856647][ T6023] [ 56.857427][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 56.858681][ T6023] bad_page+0xb3/0x1f0 [ 56.859878][ T6023] ? __pfx_bad_page+0x10/0x10 [ 56.861143][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 56.862430][ T6023] free_unref_page+0x657/0xdc0 [ 56.863665][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 56.865221][ T6023] ? __phys_addr+0xc6/0x150 [ 56.866396][ T6023] skb_free_head+0xa0/0x1d0 [ 56.867550][ T6023] skb_release_data+0x560/0x730 [ 56.868944][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 56.870246][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 56.871925][ T6023] ? kernel_text_address+0x8d/0x100 [ 56.873398][ T6023] ? hlock_class+0x4e/0x130 [ 56.874571][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 56.875846][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 56.877640][ T6023] ? hlock_class+0x4e/0x130 [ 56.878827][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 56.880193][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 56.881511][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 56.883008][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 56.884624][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 56.885929][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 56.887824][ T6023] ? lock_acquire+0x2f/0xb0 [ 56.889021][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 56.890794][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 56.892346][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 56.894110][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 56.895448][ T6023] ? __build_skb_around+0x278/0x3b0 [ 56.896785][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 56.898216][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 56.899831][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 56.901559][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 56.903014][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 56.904393][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 56.905917][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 56.907199][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 56.908545][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 56.910101][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 56.911470][ T6023] ? 0xffffffffa0004340 [ 56.912544][ T6023] ? 0xffffffffa0004340 [ 56.913656][ T6023] ? 0xffffffffa0004340 [ 56.914753][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 56.916268][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 56.917778][ T6023] ? lock_acquire+0x2f/0xb0 [ 56.918963][ T6023] ? __fget_files+0x40/0x3f0 [ 56.920199][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 56.921747][ T6023] ? fput+0x30/0x390 [ 56.922762][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 56.924011][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 56.925532][ T6023] __sys_bpf+0xfc6/0x49a0 [ 56.926653][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 56.927867][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 56.929392][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 56.930638][ T6023] ? __schedule+0xe5d/0x5730 [ 56.931849][ T6023] ? __fget_files+0x23a/0x3f0 [ 56.933118][ T6023] ? do_futex+0x123/0x350 [ 56.934367][ T6023] ? __pfx_do_futex+0x10/0x10 [ 56.935615][ T6023] ? xfd_validate_state+0x5d/0x180 [ 56.936942][ T6023] ? rcu_is_watching+0x12/0xc0 [ 56.938192][ T6023] __x64_sys_bpf+0x78/0xc0 [ 56.939344][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 56.940689][ T6023] do_syscall_64+0xcd/0x250 [ 56.941910][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.943581][ T6023] RIP: 0033:0x7f5f67b7e719 [ 56.944735][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.949496][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 56.951540][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 56.953670][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 56.955672][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 56.957634][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.959556][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 56.961601][ T6023] [ 56.962397][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 56.962461][ T6023] BUG: Bad page state in process syz.1.8 pfn:296f8 [ 56.965341][ T6030] Tainted: [B]=BAD_PAGE [ 56.966973][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880296fe000 pfn:0x296f8 [ 56.968012][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 56.970552][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 56.973225][ T6030] Call Trace: [ 56.973237][ T6030] [ 56.973243][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 56.973264][ T6030] bad_page+0xb3/0x1f0 [ 56.975134][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 56.975989][ T6030] ? __pfx_bad_page+0x10/0x10 [ 56.976777][ T6023] raw: ffff8880296fe000 0000000000000001 00000000ffffffff 0000000000000000 [ 56.978015][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 56.979105][ T6023] page dumped because: page_pool leak [ 56.979117][ T6023] page_owner tracks the page as allocated [ 56.979121][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959281388, free_ts 47876757765 [ 56.979144][ T6023] post_alloc_hook+0x2d1/0x350 [ 56.979158][ T6023] get_page_from_freelist+0x101e/0x3070 [ 56.981439][ T6030] free_unref_page+0x657/0xdc0 [ 56.981462][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 56.981479][ T6030] ? __phys_addr+0xc6/0x150 [ 56.981493][ T6030] skb_free_head+0xa0/0x1d0 [ 56.982787][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 56.984898][ T6030] skb_release_data+0x560/0x730 [ 56.986138][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 56.987504][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 56.988927][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 56.993650][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 56.993678][ T6030] ? kernel_text_address+0x8d/0x100 [ 56.993690][ T6030] ? hlock_class+0x4e/0x130 [ 56.993704][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 56.994927][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 56.996623][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 56.997899][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 56.999465][ T6030] ? hlock_class+0x4e/0x130 [ 57.000561][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 57.001686][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 57.001706][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 57.001716][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 57.001735][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 57.003050][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 57.004243][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 57.005650][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 57.006879][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 57.008350][ T6023] __sys_bpf+0xfc6/0x49a0 [ 57.010035][ T6030] ? lock_acquire+0x2f/0xb0 [ 57.011734][ T6023] __x64_sys_bpf+0x78/0xc0 [ 57.012873][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 57.014139][ T6023] do_syscall_64+0xcd/0x250 [ 57.015457][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 57.017289][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.018658][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 57.019836][ T6023] page last free pid 5947 tgid 5947 stack trace: [ 57.021335][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 57.021360][ T6030] ? __build_skb_around+0x278/0x3b0 [ 57.021378][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 57.022630][ T6023] free_unref_page+0x5f4/0xdc0 [ 57.023920][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 57.025414][ T6023] __put_partials+0x14c/0x170 [ 57.027049][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 57.028356][ T6023] qlist_free_all+0x4e/0x120 [ 57.029653][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 57.030966][ T6023] kasan_quarantine_reduce+0x192/0x1e0 [ 57.032773][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 57.032797][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 57.032812][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 57.033892][ T6023] __kasan_slab_alloc+0x69/0x90 [ 57.035028][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 57.036416][ T6023] __kmalloc_node_noprof+0x1c3/0x430 [ 57.038037][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 57.039262][ T6023] qdisc_alloc+0xbb/0xc50 [ 57.040950][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 57.042498][ T6023] qdisc_create_dflt+0x73/0x440 [ 57.044140][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 57.045745][ T6023] dev_activate+0x63a/0x12b0 [ 57.047185][ T6030] ? lock_acquire+0x2f/0xb0 [ 57.048540][ T6023] __dev_open+0x396/0x4e0 [ 57.050033][ T6030] ? __fget_files+0x40/0x3f0 [ 57.051235][ T6023] __dev_change_flags+0x561/0x720 [ 57.052847][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 57.052870][ T6030] ? fput+0x30/0x390 [ 57.052882][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 57.052897][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 57.054134][ T6023] dev_change_flags+0x8f/0x160 [ 57.055751][ T6030] __sys_bpf+0xfc6/0x49a0 [ 57.056922][ T6023] devinet_ioctl+0x113d/0x1e20 [ 57.058342][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 57.059667][ T6023] inet_ioctl+0x3aa/0x3f0 [ 57.060965][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 57.062482][ T6023] sock_do_ioctl+0x116/0x280 [ 57.063914][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 57.065125][ T6023] sock_ioctl+0x228/0x6c0 [ 57.066599][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 57.067913][ T6023] Modules linked in: [ 57.069155][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 57.070199][ T6023] [ 57.100158][ T6030] ? find_held_lock+0x59/0x110 [ 57.101356][ T6030] ? lock_acquire+0x2f/0xb0 [ 57.102502][ T6030] __x64_sys_bpf+0x78/0xc0 [ 57.103691][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 57.105000][ T6030] do_syscall_64+0xcd/0x250 [ 57.106190][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.107662][ T6030] RIP: 0033:0x7f5f67b7e719 [ 57.108799][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.113889][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 57.115978][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 57.118053][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 57.120072][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 57.122111][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.124121][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 57.126173][ T6030] [ 57.126960][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 57.126969][ C0] vkms_vblank_simulate: vblank timer overrun [ 57.126981][ T6023] Tainted: [B]=BAD_PAGE [ 57.129889][ T6030] BUG: Bad page state in process syz.1.8 pfn:4d44d [ 57.131387][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 57.131399][ T6023] Call Trace: [ 57.131403][ T6023] [ 57.131408][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 57.132493][ T6030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d44d [ 57.134174][ T6023] bad_page+0xb3/0x1f0 [ 57.136900][ T6030] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 57.137725][ T6023] ? __pfx_bad_page+0x10/0x10 [ 57.138469][ T6030] raw: 00fff00000000000 dead000000000040 ffff88804b296000 0000000000000000 [ 57.139623][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 57.141769][ T6030] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 57.142727][ T6023] free_unref_page+0x657/0xdc0 [ 57.144454][ T6030] page dumped because: page_pool leak [ 57.145669][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 57.147764][ T6030] page_owner tracks the page as allocated [ 57.148981][ T6023] ? __phys_addr+0xc6/0x150 [ 57.151107][ T6030] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6030, tgid 6021 (syz.1.8), ts 47968322457, free_ts 0 [ 57.152309][ T6023] skb_free_head+0xa0/0x1d0 [ 57.152334][ T6023] skb_release_data+0x560/0x730 [ 57.152346][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 57.153726][ T6030] post_alloc_hook+0x2d1/0x350 [ 57.155186][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 57.156567][ T6030] get_page_from_freelist+0x101e/0x3070 [ 57.157707][ T6023] ? kernel_text_address+0x8d/0x100 [ 57.161612][ T6030] __alloc_pages_noprof+0x223/0x25a0 [ 57.162879][ T6023] ? hlock_class+0x4e/0x130 [ 57.164319][ T6030] alloc_pages_bulk_noprof+0x77c/0x1110 [ 57.165624][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 57.166848][ T6030] __page_pool_alloc_pages_slow+0x18f/0x770 [ 57.168489][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 57.169959][ T6030] page_pool_alloc_netmem+0xc4/0x160 [ 57.171290][ T6023] ? hlock_class+0x4e/0x130 [ 57.171314][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 57.171325][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 57.172684][ T6030] page_pool_alloc_pages+0x1a/0x60 [ 57.173836][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 57.175203][ T6030] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 57.176467][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 57.177917][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 57.179662][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 57.180983][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 57.182118][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 57.182144][ T6023] ? lock_acquire+0x2f/0xb0 [ 57.183379][ T6030] __sys_bpf+0xfc6/0x49a0 [ 57.184662][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 57.185924][ T6030] __x64_sys_bpf+0x78/0xc0 [ 57.187426][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 57.187455][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 57.188975][ T6030] do_syscall_64+0xcd/0x250 [ 57.190604][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 57.191965][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.193255][ T6023] ? __build_skb_around+0x278/0x3b0 [ 57.194562][ T6030] page_owner free stack trace missing [ 57.196144][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 57.197272][ T6030] Modules linked in: [ 57.198417][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 57.215031][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 57.216688][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 57.218107][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 57.219479][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 57.221009][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 57.222319][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 57.223673][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 57.225165][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 57.226491][ T6023] ? 0xffffffffa0004340 [ 57.227548][ T6023] ? 0xffffffffa0004340 [ 57.228612][ T6023] ? 0xffffffffa0004340 [ 57.229807][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 57.231309][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 57.232686][ T6023] ? lock_acquire+0x2f/0xb0 [ 57.233868][ T6023] ? __fget_files+0x40/0x3f0 [ 57.235052][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 57.236574][ T6023] ? fput+0x30/0x390 [ 57.237603][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 57.238828][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 57.240323][ T6023] __sys_bpf+0xfc6/0x49a0 [ 57.241431][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 57.242673][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 57.244155][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 57.245407][ T6023] ? __schedule+0xe5d/0x5730 [ 57.246580][ T6023] ? __fget_files+0x23a/0x3f0 [ 57.247759][ T6023] ? do_futex+0x123/0x350 [ 57.248866][ T6023] ? __pfx_do_futex+0x10/0x10 [ 57.250074][ T6023] ? xfd_validate_state+0x5d/0x180 [ 57.251368][ T6023] ? rcu_is_watching+0x12/0xc0 [ 57.252579][ T6023] __x64_sys_bpf+0x78/0xc0 [ 57.253733][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 57.255070][ T6023] do_syscall_64+0xcd/0x250 [ 57.256241][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.257751][ T6023] RIP: 0033:0x7f5f67b7e719 [ 57.258888][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.263708][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 57.265818][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 57.267797][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 57.269922][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 57.272029][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.274079][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 57.276178][ T6023] [ 57.277049][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 57.277126][ T6023] BUG: Bad page state in process syz.1.8 pfn:4d607 [ 57.280213][ T6030] Tainted: [B]=BAD_PAGE [ 57.281926][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d607 [ 57.282993][ T6030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 57.285206][ T6023] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 57.287935][ T6030] Call Trace: [ 57.287945][ T6030] [ 57.289737][ T6023] raw: 00fff00000000000 dead000000000040 ffff888028078000 0000000000000000 [ 57.290598][ T6030] dump_stack_lvl+0x16c/0x1f0 [ 57.291399][ T6023] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 57.293608][ T6030] bad_page+0xb3/0x1f0 [ 57.294822][ T6023] page dumped because: page_pool leak [ 57.296993][ T6030] ? __pfx_bad_page+0x10/0x10 [ 57.298054][ T6023] page_owner tracks the page as allocated [ 57.299429][ T6030] ? page_bad_reason+0x9d/0x1e0 [ 57.300636][ T6023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6023, tgid 6021 (syz.1.8), ts 47959274482, free_ts 0 [ 57.302094][ T6030] free_unref_page+0x657/0xdc0 [ 57.302119][ T6030] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 57.302137][ T6030] ? __phys_addr+0xc6/0x150 [ 57.303392][ T6023] post_alloc_hook+0x2d1/0x350 [ 57.307336][ T6030] skb_free_head+0xa0/0x1d0 [ 57.308720][ T6023] get_page_from_freelist+0x101e/0x3070 [ 57.310686][ T6030] skb_release_data+0x560/0x730 [ 57.311964][ T6023] __alloc_pages_noprof+0x223/0x25a0 [ 57.313338][ T6030] sk_skb_reason_drop+0x129/0x1a0 [ 57.314502][ T6023] alloc_pages_bulk_noprof+0x77c/0x1110 [ 57.315953][ T6030] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 57.317228][ T6023] __page_pool_alloc_pages_slow+0x18f/0x770 [ 57.318591][ T6030] ? kernel_text_address+0x8d/0x100 [ 57.319887][ T6023] page_pool_alloc_netmem+0xc4/0x160 [ 57.321317][ T6030] ? hlock_class+0x4e/0x130 [ 57.321356][ T6030] ? __lock_acquire+0x163e/0x3ce0 [ 57.321367][ T6030] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 57.323131][ T6023] page_pool_alloc_pages+0x1a/0x60 [ 57.324662][ T6030] ? hlock_class+0x4e/0x130 [ 57.326016][ T6023] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 57.327383][ T6030] ? __lock_acquire+0xbdd/0x3ce0 [ 57.328562][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 57.329858][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 57.331704][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 57.333065][ T6030] __netif_receive_skb_list_core+0x357/0x950 [ 57.334584][ T6023] __sys_bpf+0xfc6/0x49a0 [ 57.336159][ T6030] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 57.337439][ T6023] __x64_sys_bpf+0x78/0xc0 [ 57.338782][ T6030] ? trace_lock_acquire+0x14a/0x1d0 [ 57.340107][ T6023] do_syscall_64+0xcd/0x250 [ 57.341475][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 57.341503][ T6030] ? lock_acquire+0x2f/0xb0 [ 57.341513][ T6030] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 57.341529][ T6030] netif_receive_skb_list_internal+0x753/0xdb0 [ 57.343060][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.344148][ T6030] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 57.345804][ T6023] page_owner free stack trace missing [ 57.346971][ T6030] ? __pfx_eth_type_trans+0x10/0x10 [ 57.348315][ T6023] Modules linked in: [ 57.349421][ T6030] ? __build_skb_around+0x278/0x3b0 [ 57.363517][ T6030] netif_receive_skb_list+0x4f/0x4a0 [ 57.364850][ T6030] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 57.366424][ T6030] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 57.368014][ T6030] ? bpf_test_timer_continue+0x150/0x3d0 [ 57.369444][ T6030] bpf_test_run_xdp_live+0x365/0x500 [ 57.370761][ T6030] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 57.372217][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 57.373678][ T6030] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 57.375148][ T6030] ? _raw_spin_unlock+0x28/0x50 [ 57.376359][ T6030] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 57.377827][ T6030] bpf_prog_test_run_xdp+0x827/0x1580 [ 57.379142][ T6030] ? lock_acquire+0x2f/0xb0 [ 57.380257][ T6030] ? __fget_files+0x40/0x3f0 [ 57.381414][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 57.382865][ T6030] ? fput+0x30/0x390 [ 57.383851][ T6030] ? __bpf_prog_get+0xa0/0x290 [ 57.385148][ T6030] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 57.386625][ T6030] __sys_bpf+0xfc6/0x49a0 [ 57.387731][ T6030] ? __pfx___lock_acquire+0x10/0x10 [ 57.389010][ T6030] ? __pfx___sys_bpf+0x10/0x10 [ 57.390242][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 57.391668][ T6030] ? reacquire_held_locks+0x20b/0x4c0 [ 57.393238][ T6030] ? do_user_addr_fault+0xdc7/0x13f0 [ 57.394584][ T6030] ? find_held_lock+0x59/0x110 [ 57.395789][ T6030] ? lock_acquire+0x2f/0xb0 [ 57.396949][ T6030] __x64_sys_bpf+0x78/0xc0 [ 57.398063][ T6030] ? lockdep_hardirqs_on+0x7c/0x110 [ 57.399504][ T6030] do_syscall_64+0xcd/0x250 [ 57.400687][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.402220][ T6030] RIP: 0033:0x7f5f67b7e719 [ 57.403381][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.408280][ T6030] RSP: 002b:00007f5f689b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 57.410424][ T6030] RAX: ffffffffffffffda RBX: 00007f5f67d36130 RCX: 00007f5f67b7e719 [ 57.412426][ T6030] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 57.414444][ T6030] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 57.416493][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.418524][ T6030] R13: 0000000000000001 R14: 00007f5f67d36130 R15: 00007ffe204d5cb8 [ 57.420527][ T6030] [ 57.421342][ T6023] CPU: 2 UID: 0 PID: 6023 Comm: syz.1.8 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 57.421384][ C0] vkms_vblank_simulate: vblank timer overrun [ 57.424391][ T6023] Tainted: [B]=BAD_PAGE [ 57.427176][ T6023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 57.429927][ T6023] Call Trace: [ 57.430806][ T6023] [ 57.431553][ T6023] dump_stack_lvl+0x16c/0x1f0 [ 57.432768][ T6023] bad_page+0xb3/0x1f0 [ 57.433861][ T6023] ? __pfx_bad_page+0x10/0x10 [ 57.435095][ T6023] ? page_bad_reason+0x9d/0x1e0 [ 57.436361][ T6023] free_unref_page+0x657/0xdc0 [ 57.437608][ T6023] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 57.439130][ T6023] ? __phys_addr+0xc6/0x150 [ 57.440293][ T6023] skb_free_head+0xa0/0x1d0 [ 57.441497][ T6023] skb_release_data+0x560/0x730 [ 57.442765][ T6023] sk_skb_reason_drop+0x129/0x1a0 [ 57.444015][ T6023] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 57.445749][ T6023] ? kernel_text_address+0x8d/0x100 [ 57.447098][ T6023] ? hlock_class+0x4e/0x130 [ 57.448239][ T6023] ? __lock_acquire+0x163e/0x3ce0 [ 57.449493][ T6023] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 57.451314][ T6023] ? hlock_class+0x4e/0x130 [ 57.452500][ T6023] ? __lock_acquire+0xbdd/0x3ce0 [ 57.453817][ T6023] ? __pfx___lock_acquire+0x10/0x10 [ 57.455176][ T6023] __netif_receive_skb_list_core+0x357/0x950 [ 57.456741][ T6023] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 57.458437][ T6023] ? trace_lock_acquire+0x14a/0x1d0 [ 57.459779][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 57.461404][ T6023] ? lock_acquire+0x2f/0xb0 [ 57.462571][ T6023] ? netif_receive_skb_list_internal+0x359/0xdb0 [ 57.464120][ T6023] netif_receive_skb_list_internal+0x753/0xdb0 [ 57.465701][ T6023] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 57.467413][ T6023] ? __pfx_eth_type_trans+0x10/0x10 [ 57.468782][ T6023] ? __build_skb_around+0x278/0x3b0 [ 57.470156][ T6023] netif_receive_skb_list+0x4f/0x4a0 [ 57.471620][ T6023] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 57.473487][ T6023] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 57.475189][ T6023] ? bpf_test_timer_continue+0x150/0x3d0 [ 57.476616][ T6023] bpf_test_run_xdp_live+0x365/0x500 [ 57.478026][ T6023] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 57.479584][ T6023] ? try_to_wake_up+0x154/0x14f0 [ 57.480882][ T6023] ? __pfx_try_to_wake_up+0x10/0x10 [ 57.482308][ T6023] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 57.483792][ T6023] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 57.485149][ T6023] ? 0xffffffffa0004340 [ 57.486240][ T6023] ? 0xffffffffa0004340 [ 57.487318][ T6023] ? 0xffffffffa0004340 [ 57.488384][ T6023] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 57.489927][ T6023] bpf_prog_test_run_xdp+0x827/0x1580 [ 57.491327][ T6023] ? lock_acquire+0x2f/0xb0 [ 57.492519][ T6023] ? __fget_files+0x40/0x3f0 [ 57.493788][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 57.495334][ T6023] ? fput+0x30/0x390 [ 57.496305][ T6023] ? __bpf_prog_get+0xa0/0x290 [ 57.497528][ T6023] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 57.498982][ T6023] __sys_bpf+0xfc6/0x49a0 [ 57.500055][ T6023] ? __pfx_futex_wake+0x10/0x10 [ 57.501311][ T6023] ? finish_task_switch.isra.0+0x2e8/0xcc0 [ 57.502844][ T6023] ? __pfx___sys_bpf+0x10/0x10 [ 57.504069][ T6023] ? __schedule+0xe5d/0x5730 [ 57.505255][ T6023] ? __fget_files+0x23a/0x3f0 [ 57.506446][ T6023] ? do_futex+0x123/0x350 [ 57.507548][ T6023] ? __pfx_do_futex+0x10/0x10 [ 57.508770][ T6023] ? xfd_validate_state+0x5d/0x180 [ 57.510084][ T6023] ? rcu_is_watching+0x12/0xc0 [ 57.511341][ T6023] __x64_sys_bpf+0x78/0xc0 [ 57.512473][ T6023] ? lockdep_hardirqs_on+0x7c/0x110 [ 57.513877][ T6023] do_syscall_64+0xcd/0x250 [ 57.515064][ T6023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.516588][ T6023] RIP: 0033:0x7f5f67b7e719 [ 57.517753][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.522612][ T6023] RSP: 002b:00007f5f689d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 57.524748][ T6023] RAX: ffffffffffffffda RBX: 00007f5f67d36058 RCX: 00007f5f67b7e719 [ 57.526790][ T6023] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 57.528792][ T6023] RBP: 00007f5f67bf132e R08: 0000000000000000 R09: 0000000000000000 [ 57.530838][ T6023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.532831][ T6023] R13: 0000000000000000 R14: 00007f5f67d36058 R15: 00007ffe204d5cb8 [ 57.534892][ T6023] [ 57.584514][ T39] kauditd_printk_skb: 118 callbacks suppressed [ 57.584526][ T39] audit: type=1400 audit(1730230695.807:233): avc: denied { read } for pid=6040 comm="syz.2.7" dev="nsfs" ino=4026532919 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 57.591586][ T39] audit: type=1400 audit(1730230695.807:234): avc: denied { open } for pid=6040 comm="syz.2.7" path="net:[4026532919]" dev="nsfs" ino=4026532919 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 57.597657][ T39] audit: type=1400 audit(1730230695.807:235): avc: denied { create } for pid=6040 comm="syz.2.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 57.602610][ T39] audit: type=1400 audit(1730230695.807:236): avc: denied { read write } for pid=6040 comm="syz.2.7" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 57.608515][ T39] audit: type=1400 audit(1730230695.807:237): avc: denied { open } for pid=6040 comm="syz.2.7" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 57.614263][ T39] audit: type=1400 audit(1730230695.807:238): avc: denied { map } for pid=6040 comm="syz.2.7" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 57.619770][ T39] audit: type=1400 audit(1730230695.807:239): avc: denied { execute } for pid=6040 comm="syz.2.7" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 57.625491][ T39] audit: type=1400 audit(1730230695.807:240): avc: denied { ioctl } for pid=6040 comm="syz.2.7" path="socket:[9607]" dev="sockfs" ino=9607 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 57.632166][ T39] audit: type=1400 audit(1730230695.807:241): avc: denied { create } for pid=6040 comm="syz.2.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 57.636927][ T39] audit: type=1400 audit(1730230695.807:242): avc: denied { setopt } for pid=6040 comm="syz.2.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 VM DIAGNOSIS: 19:38:06 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000074 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff850b46e5 RDI=ffffffff9aae7bc0 RBP=ffffffff9aae7b80 RSP=ffffc900041a6bd0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000074 R14=ffffffff850b4680 R15=0000000000000000 RIP=ffffffff850b470f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f5f689b06c0 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000000000 CR3=0000000047a18000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d5f21cb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d5f21d8 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d5f21d2 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d5f21e6 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d5f226c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d5f234a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d70c488 00007fbb5d70c480 00007fbb5d70c478 00007fbb5d70c450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5e26d100 00007fbb5d70c440 00007fbb5d70c458 00007fbb5d70c4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d70c498 00007fbb5d70c490 00007fbb5d70c488 00007fbb5d70c480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=dffffc0000000000 RBX=ffffffff8b169d2c RCX=1ffffffff3504b04 RDX=0000000000000000 RSI=ffffffff8bd1acc0 RDI=ffff888020873908 RBP=ffff888020872440 RSP=ffffc90000a97b28 R8 =0000000000000000 R9 =fffff91ffffae8e8 R10=ffffe8ffffd74747 R11=0000000000000000 R12=0000000000000001 R13=00000000000032c9 R14=ffffc900043728b8 R15=0000000000000001 RIP=ffffffff815c6fa3 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fbb5e415f98 CR3=00000000493ac000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d5f21cb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d5f21d8 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d5f21d2 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d5f21e6 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d5f226c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d5f234a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d70c488 00007fbb5d70c480 00007fbb5d70c478 00007fbb5d70c450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5e26d100 00007fbb5d70c440 00007fbb5d70c458 00007fbb5d70c4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbb5d70c498 00007fbb5d70c490 00007fbb5d70c488 00007fbb5d70c480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=000000000000004a RCX=ffffffff816da43a RDX=ffff888029070000 RSI=ffffffff816da426 RDI=0000000000000001 RBP=1ffff9200083ed97 RSP=ffffc900041f6ca8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=0000000000000001 R13=0000000000000200 R14=ffff888023250000 R15=ffffc900041f6d90 RIP=ffffffff816da428 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f5f689d16c0 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5f689b0d58 CR3=0000000047a18000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000010100 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe204d6050 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5f67bf21cb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5f67bf21d8 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5f67bf21d2 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5f67bf21e6 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5f67bf226c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5f67bf234a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000048 0000000000000001 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000001 RBX=0000000000000003 RCX=ffffffff819529d6 RDX=fffffbfff20bea12 RSI=0000000000000008 RDI=ffffffff905f5088 RBP=ffffffff895fe41f RSP=ffffc900036f7698 R8 =0000000000000000 R9 =fffffbfff20bea11 R10=ffffffff905f508f R11=0000000000000000 R12=000000000003dbcc R13=1ffff920006deee3 R14=0000000000000001 R15=ffffc90003f74000 RIP=ffffffff819529d6 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f5f689f26c0 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fc22c2c9440 CR3=0000000047a18000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001830061 Opmask01=0000000000000000 Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc2e36d670 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6c5f5f0045544156 4952505f4342494c ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000042494c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6362696c5f5f0045 5441564952505f43 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7664617461622000 00315f6576610000 21736d656c626f72 70000030202d2000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7664617461622000 0031556576610000 2173676566626572 7000003020272000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3036350000315f20 55544d205f686420 6761622000002e20 2e656361616d696f ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3036350000315520 55204d2020206420 2061622000002420 2063206161202e6b ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 696b7c614a676727 727f6463662a657e 2a6f796b696f797f 2a787f65732a7e78 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6c786f0a0a3b556f 7c6b6679557c6e6b 7e6b682a0a002473 7e63666b6465637e ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000