last executing test programs: 3.642356698s ago: executing program 1 (id=2): r0 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x3d, &(0x7f0000000000)={0x0, 0x0}, 0x10) 3.632743194s ago: executing program 3 (id=4): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) syz_emit_vhci(&(0x7f0000000f00)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x406}}}, 0x7) 3.617998058s ago: executing program 0 (id=1): socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, 0x0) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r2, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x20080011) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[], 0x10) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@delchain={0x24, 0x26, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xfff1}}}, 0x24}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xb, 0x2, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 3.58018093s ago: executing program 3 (id=7): sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) socket$inet(0x2, 0x3, 0x5) r4 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x1) fchdir(r5) r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r6, 0x0, 0x58) r7 = socket(0x10, 0x803, 0x0) sendto(r7, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) 3.389642385s ago: executing program 1 (id=8): socket$inet_udp(0x2, 0x2, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x160) openat$dir(0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00', 0x418402, 0x1) rmdir(&(0x7f00000001c0)='./file0\x00') 2.649070646s ago: executing program 2 (id=9): syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f00000003c0)) 2.605680986s ago: executing program 3 (id=10): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0xc, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007b000000850000005100000095"], &(0x7f0000001640)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @cgroup_sock_addr=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 2.594613581s ago: executing program 1 (id=11): fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) lseek(r3, 0x7ff, 0x1) 2.582215077s ago: executing program 2 (id=12): bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) unshare(0x64000600) r2 = open(&(0x7f0000000080)='./file1\x00', 0x64042, 0x0) pwritev2(r2, 0x0, 0x0, 0x7800, 0x0, 0x11) 2.387908682s ago: executing program 3 (id=13): r0 = socket$alg(0x26, 0x5, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f000000b6c0)=[{{0x0, 0x0, &(0x7f000000af80)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x40000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r3 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) mkdir(0x0, 0x0) close(r3) shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg$inet6(r4, &(0x7f0000003b80)=[{{0x0, 0xd, &(0x7f00000003c0)=[{&(0x7f00000000c0)="e6", 0x1}], 0x1, 0x0, 0x0, 0x7000000}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000440)='&', 0x23fff}], 0x1}, 0xff03}], 0x4000070, 0x8000) 2.080370727s ago: executing program 2 (id=14): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 1.798141034s ago: executing program 2 (id=15): bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1d00000010518c76cb09e0000c70a27ffd81e83e4e7fbb00c36aa7c4fa2a8000000800", @ANYRES32, @ANYBLOB="ffffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="001000"/28], 0x50) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) creat(&(0x7f0000000000)='./file0\x00', 0x22) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00') fchdir(r1) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @window, @sack_perm, @sack_perm, @timestamp, @timestamp, @timestamp, @timestamp], 0x20000149) 1.703619978s ago: executing program 2 (id=16): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) recvmmsg(r3, &(0x7f0000000280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10003, 0x0) r4 = accept4$bt_l2cap(0xffffffffffffffff, 0x0, 0x0, 0x80000) getsockname(r4, &(0x7f00000000c0)=@nfc_llcp, &(0x7f0000000040)=0xfffffffffffffdb9) setsockopt$inet6_int(r3, 0x29, 0x3a, &(0x7f0000000000)=0x5, 0x4) ptrace$pokeuser(0x6, r2, 0x358, 0x0) io_uring_setup(0x53d4, &(0x7f0000000440)={0x0, 0xb4cd, 0x12, 0x4003, 0x311}) 1.538494027s ago: executing program 3 (id=17): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe2$9p(0x0, 0x0) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x6) r2 = getpid() process_vm_writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000780)=""/189, 0xbd}], 0x1, &(0x7f0000000180)=[{0x0}, {&(0x7f0000000000)=""/237, 0xed}], 0x2, 0x0) 959.706859ms ago: executing program 0 (id=18): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(0xffffffffffffffff, &(0x7f0000000480)={0x2020}, 0x2020) pipe2(&(0x7f0000000200), 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddc1517600000000000000000000eaff00"}) clock_adjtime(0x0, &(0x7f0000000000)={0xffff, 0x2, 0x2, 0x0, 0xcd6, 0x0, 0x0, 0x9, 0x0, 0x8000000000000000, 0x3b9ac9fb, 0x0, 0x0, 0x7fff, 0x0, 0x2, 0x7, 0xfffffffffffff000, 0x400000, 0x0, 0xe6, 0x7, 0x0, 0x0, 0xffffffffffffffff, 0x8000007ffffd}) unshare(0x2c020400) pipe2$9p(0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x8, 0x80000000) 0s ago: executing program 2 (id=19): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000a80)=ANY=[], 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:49222' (ED25519) to the list of known hosts. [ 41.984126][ T5936] cgroup: Unknown subsys name 'net' [ 42.113347][ T5936] cgroup: Unknown subsys name 'cpuset' [ 42.116744][ T5936] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 42.894463][ T5936] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.948321][ T65] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.953010][ T65] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.955651][ T65] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.958190][ T65] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.961097][ T65] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 45.963484][ T65] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.967149][ T5958] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.968784][ T5955] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.971360][ T5958] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.973955][ T5955] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.974714][ T5958] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.978450][ T65] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.979120][ T5958] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.982029][ T5303] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.982156][ T65] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.982360][ T65] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 45.982462][ T65] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.984113][ T5958] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.992012][ T5951] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 45.995463][ T5958] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 46.000869][ T5951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 46.001526][ T5958] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 46.009250][ T5958] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 46.012130][ T5958] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 46.116878][ T5947] chnl_net:caif_netlink_parms(): no params data found [ 46.173511][ T5950] chnl_net:caif_netlink_parms(): no params data found [ 46.206141][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.209446][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.212662][ T5947] bridge_slave_0: entered allmulticast mode [ 46.214845][ T5947] bridge_slave_0: entered promiscuous mode [ 46.243055][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.245683][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.248154][ T5947] bridge_slave_1: entered allmulticast mode [ 46.250435][ T5947] bridge_slave_1: entered promiscuous mode [ 46.308443][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.314084][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.319409][ T5954] chnl_net:caif_netlink_parms(): no params data found [ 46.341371][ T5959] chnl_net:caif_netlink_parms(): no params data found [ 46.362093][ T5950] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.364162][ T5950] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.366155][ T5950] bridge_slave_0: entered allmulticast mode [ 46.368243][ T5950] bridge_slave_0: entered promiscuous mode [ 46.376766][ T5950] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.379330][ T5950] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.382640][ T5950] bridge_slave_1: entered allmulticast mode [ 46.384944][ T5950] bridge_slave_1: entered promiscuous mode [ 46.391296][ T5947] team0: Port device team_slave_0 added [ 46.449091][ T5947] team0: Port device team_slave_1 added [ 46.504701][ T5950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.518213][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.520258][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.528971][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.560089][ T5950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.564076][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.566073][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.573253][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.584845][ T5954] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.587003][ T5954] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.589833][ T5954] bridge_slave_0: entered allmulticast mode [ 46.592049][ T5954] bridge_slave_0: entered promiscuous mode [ 46.604492][ T5959] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.606405][ T5959] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.608292][ T5959] bridge_slave_0: entered allmulticast mode [ 46.610705][ T5959] bridge_slave_0: entered promiscuous mode [ 46.613408][ T5959] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.615402][ T5959] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.617643][ T5959] bridge_slave_1: entered allmulticast mode [ 46.620087][ T5959] bridge_slave_1: entered promiscuous mode [ 46.645151][ T5954] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.647146][ T5954] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.649117][ T5954] bridge_slave_1: entered allmulticast mode [ 46.652777][ T5954] bridge_slave_1: entered promiscuous mode [ 46.665033][ T5950] team0: Port device team_slave_0 added [ 46.667936][ T5959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.682964][ T5959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.686810][ T5950] team0: Port device team_slave_1 added [ 46.750345][ T5954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.761346][ T5959] team0: Port device team_slave_0 added [ 46.778944][ T5954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.783340][ T5947] hsr_slave_0: entered promiscuous mode [ 46.785821][ T5947] hsr_slave_1: entered promiscuous mode [ 46.790052][ T5959] team0: Port device team_slave_1 added [ 46.804221][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.806889][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.817829][ T5950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.848406][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.850367][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.859531][ T5959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.865544][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.868191][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.877237][ T5950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.887813][ T5954] team0: Port device team_slave_0 added [ 46.890515][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.893313][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.903239][ T5959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.936423][ T5954] team0: Port device team_slave_1 added [ 46.960750][ T5954] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.963315][ T5954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.972206][ T5954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.977548][ T5954] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.979951][ T5954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.988736][ T5954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.018862][ T5950] hsr_slave_0: entered promiscuous mode [ 47.021619][ T5950] hsr_slave_1: entered promiscuous mode [ 47.023922][ T5950] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.026747][ T5950] Cannot create hsr debugfs directory [ 47.073545][ T5959] hsr_slave_0: entered promiscuous mode [ 47.076036][ T5959] hsr_slave_1: entered promiscuous mode [ 47.078397][ T5959] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.081277][ T5959] Cannot create hsr debugfs directory [ 47.174189][ T5954] hsr_slave_0: entered promiscuous mode [ 47.177491][ T5954] hsr_slave_1: entered promiscuous mode [ 47.179897][ T5954] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.182837][ T5954] Cannot create hsr debugfs directory [ 47.321494][ T5947] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 47.325304][ T5947] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 47.332956][ T5947] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 47.338732][ T5947] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 47.357613][ T5950] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.362772][ T5950] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.367650][ T5950] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.371830][ T5950] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.387757][ T5959] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 47.394478][ T5959] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 47.400255][ T5959] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 47.405081][ T5959] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 47.429108][ T5954] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 47.435088][ T5954] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 47.439390][ T5954] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 47.443502][ T5954] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 47.464574][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.487338][ T5947] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.504787][ T1229] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.508075][ T1229] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.519680][ T1229] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.521741][ T1229] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.544266][ T5950] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.556208][ T5959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.566017][ T5950] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.571369][ T5954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.579069][ T5959] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.584732][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.587099][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.597917][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.599875][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.603578][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.605591][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.609028][ T5954] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.618716][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.620711][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.623692][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.625683][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.628658][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.630663][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.655279][ T5959] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 47.658255][ T5959] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.682448][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.704374][ T5947] veth0_vlan: entered promiscuous mode [ 47.708565][ T5947] veth1_vlan: entered promiscuous mode [ 47.725829][ T5947] veth0_macvtap: entered promiscuous mode [ 47.729509][ T5947] veth1_macvtap: entered promiscuous mode [ 47.739864][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.747301][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.753020][ T5954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.756119][ T5947] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.758991][ T5947] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.761915][ T5947] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.764332][ T5947] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.774091][ T5959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.793461][ T5950] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.823024][ T5954] veth0_vlan: entered promiscuous mode [ 47.827812][ T5954] veth1_vlan: entered promiscuous mode [ 47.833719][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.835978][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.838816][ T5959] veth0_vlan: entered promiscuous mode [ 47.854120][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.854829][ T5959] veth1_vlan: entered promiscuous mode [ 47.856265][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.870276][ T5950] veth0_vlan: entered promiscuous mode [ 47.874240][ T5954] veth0_macvtap: entered promiscuous mode [ 47.878370][ T5950] veth1_vlan: entered promiscuous mode [ 47.881612][ T5954] veth1_macvtap: entered promiscuous mode [ 47.891703][ T5959] veth0_macvtap: entered promiscuous mode [ 47.896634][ T5959] veth1_macvtap: entered promiscuous mode [ 47.899229][ T5954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.901746][ T5947] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 47.904210][ T5954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.909878][ T5954] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.917340][ T5954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.920187][ T5954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.924083][ T5954] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.932314][ T5954] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.934784][ T5954] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.937092][ T5954] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.939409][ T5954] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.944001][ T5950] veth0_macvtap: entered promiscuous mode [ 47.947415][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.951653][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.955057][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.958733][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.963148][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.968975][ T5950] veth1_macvtap: entered promiscuous mode [ 47.972520][ T5955] Bluetooth: hci0: command tx timeout [ 47.975336][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.978660][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.982163][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.985526][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.989624][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.996266][ T5959] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.998690][ T5959] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.001259][ T5959] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.003640][ T5959] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.017593][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.020467][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.023768][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.026668][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.029201][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.032399][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.035789][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.045448][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.048358][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.051968][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.052770][ T5955] Bluetooth: hci1: command tx timeout [ 48.052807][ T5958] Bluetooth: hci3: command tx timeout [ 48.052993][ T5958] Bluetooth: hci2: command tx timeout [ 48.054815][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.054823][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.067301][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.071562][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.086807][ T5950] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.089984][ T5950] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.092924][ T5950] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.095401][ T5950] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.099802][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.102674][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.121026][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.123270][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.134938][ T1229] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.137631][ T1229] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.145566][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.147760][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.157966][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.160397][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.174982][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.177537][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.411048][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.540465][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 49.773937][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.777915][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.781457][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.788071][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.791006][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.792037][ T6036] syz.0.1 (6036) used greatest stack depth: 19680 bytes left [ 49.793440][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.797866][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.800285][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.062413][ T5953] Bluetooth: hci0: command tx timeout [ 50.140891][ T5953] Bluetooth: hci1: command tx timeout [ 50.300862][ T5953] Bluetooth: hci3: command tx timeout [ 52.150857][ T5953] Bluetooth: hci0: command tx timeout [ 52.260953][ T5953] Bluetooth: hci1: command tx timeout [ 52.288612][ T6073] BUG: Bad page state in process syz.2.19 pfn:229c2 [ 52.290604][ T6073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x229c2 [ 52.294863][ T6073] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 52.296879][ T6073] raw: 00fff00000000000 dead000000000040 ffff88801f2d7000 0000000000000000 [ 52.299265][ T6073] raw: 0000000000000000 3fffffffffffffff 00000000ffffffff 0000000000000000 [ 52.301749][ T6073] page dumped because: page_pool leak [ 52.303253][ T6073] page_owner tracks the page as allocated [ 52.305014][ T6073] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6073, tgid 6072 (syz.2.19), ts 52288562878, free_ts 19324336141 [ 52.309537][ T6073] post_alloc_hook+0x181/0x1b0 [ 52.310954][ T6073] get_page_from_freelist+0xfce/0x2f80 [ 52.312483][ T6073] __alloc_frozen_pages_noprof+0x221/0x2470 [ 52.314164][ T6073] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 52.315714][ T6073] __page_pool_alloc_pages_slow+0x18c/0x770 [ 52.317379][ T6073] page_pool_alloc_netmems+0xc4/0x160 [ 52.318883][ T6073] page_pool_alloc_frag_netmem+0x220/0x760 [ 52.320522][ T6073] skb_pp_cow_data+0x571/0xf10 [ 52.321958][ T6073] skb_cow_data_for_xdp+0x88/0xb0 [ 52.323372][ T6073] do_xdp_generic+0x3f1/0xe70 [ 52.324719][ T6073] tun_get_user+0x1e04/0x3e50 [ 52.326074][ T6073] tun_chr_write_iter+0xdc/0x210 [ 52.327472][ T6073] vfs_write+0x5ae/0x1150 [ 52.328702][ T6073] ksys_write+0x12b/0x250 [ 52.329955][ T6073] __do_fast_syscall_32+0x73/0x120 [ 52.331471][ T6073] do_fast_syscall_32+0x32/0x80 [ 52.332843][ T6073] page last free pid 5367 tgid 5367 stack trace: [ 52.334639][ T6073] free_frozen_pages+0x6db/0xfb0 [ 52.336048][ T6073] free_pipe_info+0x2b3/0x3f0 [ 52.337389][ T6073] pipe_release+0x2bf/0x320 [ 52.338692][ T6073] __fput+0x3ff/0xb70 [ 52.339822][ T6073] fput_close_sync+0x15f/0x1e0 [ 52.341223][ T6073] __x64_sys_close+0x8b/0x120 [ 52.342555][ T6073] do_syscall_64+0xcd/0x250 [ 52.343865][ T6073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.345541][ T6073] Modules linked in: [ 52.346680][ T6073] CPU: 3 UID: 0 PID: 6073 Comm: syz.2.19 Not tainted 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 52.346693][ T6073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.346700][ T6073] Call Trace: [ 52.346704][ T6073] [ 52.346708][ T6073] dump_stack_lvl+0x16c/0x1f0 [ 52.346724][ T6073] bad_page+0xb3/0x1f0 [ 52.346735][ T6073] ? __pfx_bad_page+0x10/0x10 [ 52.346746][ T6073] ? page_bad_reason+0x9d/0x1e0 [ 52.346756][ T6073] free_frozen_pages+0x701/0xfb0 [ 52.346773][ T6073] page_frag_free+0x255/0x2a0 [ 52.346783][ T6073] __xdp_return+0x363/0xac0 [ 52.346798][ T6073] ? kmem_cache_free+0x2e2/0x4d0 [ 52.346812][ T6073] bpf_xdp_adjust_tail+0x9de/0xf70 [ 52.346833][ T6073] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 52.346842][ T6073] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 52.346859][ T6073] do_xdp_generic+0x70a/0xe70 [ 52.346872][ T6073] ? __pfx_do_xdp_generic+0x10/0x10 [ 52.346890][ T6073] ? tun_get_user+0x1d55/0x3e50 [ 52.346907][ T6073] tun_get_user+0x1e04/0x3e50 [ 52.346924][ T6073] ? __pfx___futex_wait+0x10/0x10 [ 52.346945][ T6073] ? __pfx_tun_get_user+0x10/0x10 [ 52.346958][ T6073] ? find_held_lock+0x2d/0x110 [ 52.346973][ T6073] ? __pfx_lock_release+0x10/0x10 [ 52.346994][ T6073] tun_chr_write_iter+0xdc/0x210 [ 52.347009][ T6073] vfs_write+0x5ae/0x1150 [ 52.347024][ T6073] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 52.347040][ T6073] ? __pfx_lock_release+0x10/0x10 [ 52.347054][ T6073] ? __pfx_vfs_write+0x10/0x10 [ 52.347068][ T6073] ? lock_acquire+0x2f/0xb0 [ 52.347080][ T6073] ? __fget_files+0x40/0x3b0 [ 52.347099][ T6073] ksys_write+0x12b/0x250 [ 52.347112][ T6073] ? __pfx_ksys_write+0x10/0x10 [ 52.347129][ T6073] __do_fast_syscall_32+0x73/0x120 [ 52.347143][ T6073] do_fast_syscall_32+0x32/0x80 [ 52.347156][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 52.347172][ T6073] RIP: 0023:0xf7fb4579 [ 52.347180][ T6073] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 52.347189][ T6073] RSP: 002b:00000000f50d6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 52.347198][ T6073] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 52.347204][ T6073] RDX: 000000000000fdef RSI: 00000000f743cff4 RDI: 0000000000000000 [ 52.347210][ T6073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 52.347215][ T6073] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 52.347220][ T6073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 52.347231][ T6073] [ 52.347235][ T6073] Disabling lock debugging due to kernel taint [ 52.370926][ T5953] Bluetooth: hci3: command tx timeout [ 52.371203][ T6073] BUG: Bad page state in process syz.2.19 pfn:2572e [ 52.425961][ T6073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2572e [ 52.428445][ T6073] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 52.430507][ T6073] raw: 00fff00000000000 dead000000000040 ffff88801f2d7000 0000000000000000 [ 52.432930][ T6073] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 52.435548][ T6073] page dumped because: page_pool leak [ 52.437572][ T6073] page_owner tracks the page as allocated [ 52.439706][ T6073] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6073, tgid 6072 (syz.2.19), ts 52288558625, free_ts 19361521118 [ 52.444750][ T6073] post_alloc_hook+0x181/0x1b0 [ 52.446114][ T6073] get_page_from_freelist+0xfce/0x2f80 [ 52.447807][ T6073] __alloc_frozen_pages_noprof+0x221/0x2470 [ 52.449498][ T6073] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 52.451100][ T6073] __page_pool_alloc_pages_slow+0x18c/0x770 [ 52.452748][ T6073] page_pool_alloc_netmems+0xc4/0x160 [ 52.454387][ T6073] skb_pp_cow_data+0x776/0xf10 [ 52.455823][ T6073] skb_cow_data_for_xdp+0x88/0xb0 [ 52.457339][ T6073] do_xdp_generic+0x3f1/0xe70 [ 52.458825][ T6073] tun_get_user+0x1e04/0x3e50 [ 52.460498][ T6073] tun_chr_write_iter+0xdc/0x210 [ 52.462220][ T6073] vfs_write+0x5ae/0x1150 [ 52.463688][ T6073] ksys_write+0x12b/0x250 [ 52.465104][ T6073] __do_fast_syscall_32+0x73/0x120 [ 52.466711][ T6073] do_fast_syscall_32+0x32/0x80 [ 52.468072][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 52.469858][ T6073] page last free pid 30 tgid 30 stack trace: [ 52.471575][ T6073] free_frozen_pages+0x6db/0xfb0 [ 52.473011][ T6073] tlb_remove_table_rcu+0x116/0x1a0 [ 52.474613][ T6073] rcu_core+0x79d/0x14d0 [ 52.475899][ T6073] handle_softirqs+0x213/0x8f0 [ 52.477502][ T6073] run_ksoftirqd+0x3a/0x60 [ 52.479126][ T6073] smpboot_thread_fn+0x661/0xa30 [ 52.481040][ T6073] kthread+0x3af/0x750 [ 52.482507][ T6073] ret_from_fork+0x45/0x80 [ 52.484113][ T6073] ret_from_fork_asm+0x1a/0x30 [ 52.485480][ T6073] Modules linked in: [ 52.486588][ T6073] CPU: 3 UID: 0 PID: 6073 Comm: syz.2.19 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 52.486603][ T6073] Tainted: [B]=BAD_PAGE [ 52.486607][ T6073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.486613][ T6073] Call Trace: [ 52.486618][ T6073] [ 52.486622][ T6073] dump_stack_lvl+0x16c/0x1f0 [ 52.486638][ T6073] bad_page+0xb3/0x1f0 [ 52.486649][ T6073] ? __pfx_bad_page+0x10/0x10 [ 52.486659][ T6073] ? page_bad_reason+0x9d/0x1e0 [ 52.486670][ T6073] free_frozen_pages+0x701/0xfb0 [ 52.486685][ T6073] page_frag_free+0x255/0x2a0 [ 52.486696][ T6073] __xdp_return+0x363/0xac0 [ 52.486712][ T6073] ? kmem_cache_free+0x2e2/0x4d0 [ 52.486728][ T6073] bpf_xdp_adjust_tail+0x9de/0xf70 [ 52.486745][ T6073] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 52.486753][ T6073] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 52.486767][ T6073] do_xdp_generic+0x70a/0xe70 [ 52.486779][ T6073] ? __pfx_do_xdp_generic+0x10/0x10 [ 52.486792][ T6073] ? tun_get_user+0x1d55/0x3e50 [ 52.486807][ T6073] tun_get_user+0x1e04/0x3e50 [ 52.486822][ T6073] ? __pfx___futex_wait+0x10/0x10 [ 52.486836][ T6073] ? __pfx_tun_get_user+0x10/0x10 [ 52.486849][ T6073] ? find_held_lock+0x2d/0x110 [ 52.486860][ T6073] ? __pfx_lock_release+0x10/0x10 [ 52.486875][ T6073] tun_chr_write_iter+0xdc/0x210 [ 52.486889][ T6073] vfs_write+0x5ae/0x1150 [ 52.486902][ T6073] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 52.486916][ T6073] ? __pfx_lock_release+0x10/0x10 [ 52.486929][ T6073] ? __pfx_vfs_write+0x10/0x10 [ 52.486941][ T6073] ? lock_acquire+0x2f/0xb0 [ 52.486954][ T6073] ? __fget_files+0x40/0x3b0 [ 52.486969][ T6073] ksys_write+0x12b/0x250 [ 52.486981][ T6073] ? __pfx_ksys_write+0x10/0x10 [ 52.486995][ T6073] __do_fast_syscall_32+0x73/0x120 [ 52.487009][ T6073] do_fast_syscall_32+0x32/0x80 [ 52.487022][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 52.487038][ T6073] RIP: 0023:0xf7fb4579 [ 52.487046][ T6073] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 52.487055][ T6073] RSP: 002b:00000000f50d6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 52.487065][ T6073] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 52.487071][ T6073] RDX: 000000000000fdef RSI: 00000000f743cff4 RDI: 0000000000000000 [ 52.487077][ T6073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 52.487082][ T6073] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 52.487087][ T6073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 52.487095][ T6073] [ 52.487102][ T6073] BUG: Bad page state in process syz.2.19 pfn:23856 [ 52.569768][ T6073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23856 [ 52.572442][ T6073] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 52.574969][ T6073] raw: 00fff00000000000 dead000000000040 ffff88801f2d7000 0000000000000000 [ 52.578312][ T6073] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 52.581339][ T6073] page dumped because: page_pool leak [ 52.583057][ T6073] page_owner tracks the page as allocated [ 52.584735][ T6073] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6073, tgid 6072 (syz.2.19), ts 52288554626, free_ts 19361531568 [ 52.589816][ T6073] post_alloc_hook+0x181/0x1b0 [ 52.591660][ T6073] get_page_from_freelist+0xfce/0x2f80 [ 52.593899][ T6073] __alloc_frozen_pages_noprof+0x221/0x2470 [ 52.595802][ T6073] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 52.597381][ T6073] __page_pool_alloc_pages_slow+0x18c/0x770 [ 52.599159][ T6073] page_pool_alloc_netmems+0xc4/0x160 [ 52.601101][ T6073] skb_pp_cow_data+0x776/0xf10 [ 52.602498][ T6073] skb_cow_data_for_xdp+0x88/0xb0 [ 52.603967][ T6073] do_xdp_generic+0x3f1/0xe70 [ 52.605328][ T6073] tun_get_user+0x1e04/0x3e50 [ 52.606750][ T6073] tun_chr_write_iter+0xdc/0x210 [ 52.608290][ T6073] vfs_write+0x5ae/0x1150 [ 52.609611][ T6073] ksys_write+0x12b/0x250 [ 52.610984][ T6073] __do_fast_syscall_32+0x73/0x120 [ 52.612666][ T6073] do_fast_syscall_32+0x32/0x80 [ 52.614376][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 52.616513][ T6073] page last free pid 30 tgid 30 stack trace: [ 52.618451][ T6073] free_frozen_pages+0x6db/0xfb0 [ 52.619996][ T6073] tlb_remove_table_rcu+0x116/0x1a0 [ 52.621505][ T6073] rcu_core+0x79d/0x14d0 [ 52.622705][ T6073] handle_softirqs+0x213/0x8f0 [ 52.624076][ T6073] run_ksoftirqd+0x3a/0x60 [ 52.625339][ T6073] smpboot_thread_fn+0x661/0xa30 [ 52.626635][ T6073] kthread+0x3af/0x750 [ 52.627780][ T6073] ret_from_fork+0x45/0x80 [ 52.629096][ T6073] ret_from_fork_asm+0x1a/0x30 [ 52.630637][ T6073] Modules linked in: [ 52.631793][ T6073] CPU: 3 UID: 0 PID: 6073 Comm: syz.2.19 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 52.631808][ T6073] Tainted: [B]=BAD_PAGE [ 52.631811][ T6073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.631817][ T6073] Call Trace: [ 52.631822][ T6073] [ 52.631826][ T6073] dump_stack_lvl+0x16c/0x1f0 [ 52.631841][ T6073] bad_page+0xb3/0x1f0 [ 52.631852][ T6073] ? __pfx_bad_page+0x10/0x10 [ 52.631861][ T6073] ? page_bad_reason+0x9d/0x1e0 [ 52.631871][ T6073] free_frozen_pages+0x701/0xfb0 [ 52.631889][ T6073] page_frag_free+0x255/0x2a0 [ 52.631898][ T6073] __xdp_return+0x363/0xac0 [ 52.631913][ T6073] ? kmem_cache_free+0x2e2/0x4d0 [ 52.631926][ T6073] bpf_xdp_adjust_tail+0x9de/0xf70 [ 52.631943][ T6073] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 52.631951][ T6073] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 52.631965][ T6073] do_xdp_generic+0x70a/0xe70 [ 52.631976][ T6073] ? __pfx_do_xdp_generic+0x10/0x10 [ 52.631990][ T6073] ? tun_get_user+0x1d55/0x3e50 [ 52.632006][ T6073] tun_get_user+0x1e04/0x3e50 [ 52.632020][ T6073] ? __pfx___futex_wait+0x10/0x10 [ 52.632034][ T6073] ? __pfx_tun_get_user+0x10/0x10 [ 52.632047][ T6073] ? find_held_lock+0x2d/0x110 [ 52.632059][ T6073] ? __pfx_lock_release+0x10/0x10 [ 52.632074][ T6073] tun_chr_write_iter+0xdc/0x210 [ 52.632088][ T6073] vfs_write+0x5ae/0x1150 [ 52.632101][ T6073] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 52.632115][ T6073] ? __pfx_lock_release+0x10/0x10 [ 52.632127][ T6073] ? __pfx_vfs_write+0x10/0x10 [ 52.632140][ T6073] ? lock_acquire+0x2f/0xb0 [ 52.632152][ T6073] ? __fget_files+0x40/0x3b0 [ 52.632168][ T6073] ksys_write+0x12b/0x250 [ 52.632180][ T6073] ? __pfx_ksys_write+0x10/0x10 [ 52.632194][ T6073] __do_fast_syscall_32+0x73/0x120 [ 52.632208][ T6073] do_fast_syscall_32+0x32/0x80 [ 52.632221][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 52.632237][ T6073] RIP: 0023:0xf7fb4579 [ 52.632245][ T6073] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 52.632254][ T6073] RSP: 002b:00000000f50d6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 52.632263][ T6073] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 52.632269][ T6073] RDX: 000000000000fdef RSI: 00000000f743cff4 RDI: 0000000000000000 [ 52.632274][ T6073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 52.632279][ T6073] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 52.632285][ T6073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 52.632293][ T6073] [ 52.632299][ T6073] BUG: Bad page state in process syz.2.19 pfn:22278 [ 52.707494][ T6073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888022278000 pfn:0x22278 [ 52.710273][ T6073] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 52.712263][ T6073] raw: 00fff00000000000 dead000000000040 ffff88801f2d7000 0000000000000000 [ 52.714590][ T6073] raw: ffff888022278000 0000000000000001 00000000ffffffff 0000000000000000 [ 52.716958][ T6073] page dumped because: page_pool leak [ 52.718457][ T6073] page_owner tracks the page as allocated [ 52.720041][ T6073] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6073, tgid 6072 (syz.2.19), ts 52288550443, free_ts 19361534755 [ 52.724637][ T6073] post_alloc_hook+0x181/0x1b0 [ 52.726002][ T6073] get_page_from_freelist+0xfce/0x2f80 [ 52.727536][ T6073] __alloc_frozen_pages_noprof+0x221/0x2470 [ 52.729202][ T6073] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 52.730839][ T6073] __page_pool_alloc_pages_slow+0x18c/0x770 [ 52.732571][ T6073] page_pool_alloc_netmems+0xc4/0x160 [ 52.734145][ T6073] skb_pp_cow_data+0x776/0xf10 [ 52.735521][ T6073] skb_cow_data_for_xdp+0x88/0xb0 [ 52.736980][ T6073] do_xdp_generic+0x3f1/0xe70 [ 52.738506][ T6073] tun_get_user+0x1e04/0x3e50 [ 52.739921][ T6073] tun_chr_write_iter+0xdc/0x210 [ 52.741857][ T6073] vfs_write+0x5ae/0x1150 [ 52.743178][ T6073] ksys_write+0x12b/0x250 [ 52.744611][ T6073] __do_fast_syscall_32+0x73/0x120 [ 52.746510][ T6073] do_fast_syscall_32+0x32/0x80 [ 52.748149][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 52.750011][ T6073] page last free pid 30 tgid 30 stack trace: [ 52.751719][ T6073] free_frozen_pages+0x6db/0xfb0 [ 52.753118][ T6073] tlb_remove_table_rcu+0x116/0x1a0 [ 52.754616][ T6073] rcu_core+0x79d/0x14d0 [ 52.755817][ T6073] handle_softirqs+0x213/0x8f0 [ 52.757162][ T6073] run_ksoftirqd+0x3a/0x60 [ 52.758414][ T6073] smpboot_thread_fn+0x661/0xa30 [ 52.759799][ T6073] kthread+0x3af/0x750 [ 52.761043][ T6073] ret_from_fork+0x45/0x80 [ 52.762337][ T6073] ret_from_fork_asm+0x1a/0x30 [ 52.763709][ T6073] Modules linked in: [ 52.764967][ T6073] CPU: 3 UID: 0 PID: 6073 Comm: syz.2.19 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 52.764983][ T6073] Tainted: [B]=BAD_PAGE [ 52.764988][ T6073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.764995][ T6073] Call Trace: [ 52.764999][ T6073] [ 52.765005][ T6073] dump_stack_lvl+0x16c/0x1f0 [ 52.765029][ T6073] bad_page+0xb3/0x1f0 [ 52.765040][ T6073] ? __pfx_bad_page+0x10/0x10 [ 52.765050][ T6073] ? page_bad_reason+0x9d/0x1e0 [ 52.765061][ T6073] free_frozen_pages+0x701/0xfb0 [ 52.765076][ T6073] page_frag_free+0x255/0x2a0 [ 52.765086][ T6073] __xdp_return+0x363/0xac0 [ 52.765101][ T6073] ? kmem_cache_free+0x2e2/0x4d0 [ 52.765115][ T6073] bpf_xdp_adjust_tail+0x9de/0xf70 [ 52.765160][ T6073] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 52.765177][ T6073] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 52.765196][ T6073] do_xdp_generic+0x70a/0xe70 [ 52.765208][ T6073] ? __pfx_do_xdp_generic+0x10/0x10 [ 52.765222][ T6073] ? tun_get_user+0x1d55/0x3e50 [ 52.765244][ T6073] tun_get_user+0x1e04/0x3e50 [ 52.765259][ T6073] ? __pfx___futex_wait+0x10/0x10 [ 52.765275][ T6073] ? __pfx_tun_get_user+0x10/0x10 [ 52.765296][ T6073] ? find_held_lock+0x2d/0x110 [ 52.765313][ T6073] ? __pfx_lock_release+0x10/0x10 [ 52.765337][ T6073] tun_chr_write_iter+0xdc/0x210 [ 52.765361][ T6073] vfs_write+0x5ae/0x1150 [ 52.765377][ T6073] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 52.765391][ T6073] ? __pfx_lock_release+0x10/0x10 [ 52.765404][ T6073] ? __pfx_vfs_write+0x10/0x10 [ 52.765418][ T6073] ? lock_acquire+0x2f/0xb0 [ 52.765430][ T6073] ? __fget_files+0x40/0x3b0 [ 52.765447][ T6073] ksys_write+0x12b/0x250 [ 52.765460][ T6073] ? __pfx_ksys_write+0x10/0x10 [ 52.765475][ T6073] __do_fast_syscall_32+0x73/0x120 [ 52.765490][ T6073] do_fast_syscall_32+0x32/0x80 [ 52.765503][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 52.765520][ T6073] RIP: 0023:0xf7fb4579 [ 52.765528][ T6073] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 52.765537][ T6073] RSP: 002b:00000000f50d6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 52.765548][ T6073] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 52.765555][ T6073] RDX: 000000000000fdef RSI: 00000000f743cff4 RDI: 0000000000000000 [ 52.765561][ T6073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 52.765566][ T6073] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 52.765572][ T6073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 52.765584][ T6073] [ 52.765590][ T6073] BUG: Bad page state in process syz.2.19 pfn:26012 [ 52.845063][ T6073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26012 [ 52.847460][ T6073] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 52.849438][ T6073] raw: 00fff00000000000 dead000000000040 ffff88801f2d7000 0000000000000000 [ 52.851873][ T6073] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 52.854245][ T6073] page dumped because: page_pool leak [ 52.855736][ T6073] page_owner tracks the page as allocated [ 52.857331][ T6073] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6073, tgid 6072 (syz.2.19), ts 52288539225, free_ts 19361539894 [ 52.862208][ T6073] post_alloc_hook+0x181/0x1b0 [ 52.863555][ T6073] get_page_from_freelist+0xfce/0x2f80 [ 52.865050][ T6073] __alloc_frozen_pages_noprof+0x221/0x2470 [ 52.866689][ T6073] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 52.868209][ T6073] __page_pool_alloc_pages_slow+0x18c/0x770 [ 52.869860][ T6073] page_pool_alloc_netmems+0xc4/0x160 [ 52.871392][ T6073] skb_pp_cow_data+0x776/0xf10 [ 52.872715][ T6073] skb_cow_data_for_xdp+0x88/0xb0 [ 52.874130][ T6073] do_xdp_generic+0x3f1/0xe70 [ 52.875440][ T6073] tun_get_user+0x1e04/0x3e50 [ 52.876746][ T6073] tun_chr_write_iter+0xdc/0x210 [ 52.878135][ T6073] vfs_write+0x5ae/0x1150 [ 52.879329][ T6073] ksys_write+0x12b/0x250 [ 52.880528][ T6073] __do_fast_syscall_32+0x73/0x120 [ 52.881988][ T6073] do_fast_syscall_32+0x32/0x80 [ 52.883337][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 52.885051][ T6073] page last free pid 30 tgid 30 stack trace: [ 52.886694][ T6073] free_frozen_pages+0x6db/0xfb0 [ 52.888056][ T6073] tlb_remove_table_rcu+0x116/0x1a0 [ 52.889491][ T6073] rcu_core+0x79d/0x14d0 [ 52.890687][ T6073] handle_softirqs+0x213/0x8f0 [ 52.892047][ T6073] run_ksoftirqd+0x3a/0x60 [ 52.893287][ T6073] smpboot_thread_fn+0x661/0xa30 [ 52.894654][ T6073] kthread+0x3af/0x750 [ 52.895784][ T6073] ret_from_fork+0x45/0x80 [ 52.897017][ T6073] ret_from_fork_asm+0x1a/0x30 [ 52.898343][ T6073] Modules linked in: [ 52.899417][ T6073] CPU: 3 UID: 0 PID: 6073 Comm: syz.2.19 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 52.899432][ T6073] Tainted: [B]=BAD_PAGE [ 52.899435][ T6073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.899441][ T6073] Call Trace: [ 52.899445][ T6073] [ 52.899449][ T6073] dump_stack_lvl+0x16c/0x1f0 [ 52.899464][ T6073] bad_page+0xb3/0x1f0 [ 52.899473][ T6073] ? __pfx_bad_page+0x10/0x10 [ 52.899483][ T6073] ? page_bad_reason+0x9d/0x1e0 [ 52.899492][ T6073] free_frozen_pages+0x701/0xfb0 [ 52.899506][ T6073] page_frag_free+0x255/0x2a0 [ 52.899515][ T6073] __xdp_return+0x363/0xac0 [ 52.899529][ T6073] ? kmem_cache_free+0x2e2/0x4d0 [ 52.899543][ T6073] bpf_xdp_adjust_tail+0x9de/0xf70 [ 52.899560][ T6073] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 52.899567][ T6073] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 52.899581][ T6073] do_xdp_generic+0x70a/0xe70 [ 52.899592][ T6073] ? __pfx_do_xdp_generic+0x10/0x10 [ 52.899605][ T6073] ? tun_get_user+0x1d55/0x3e50 [ 52.899620][ T6073] tun_get_user+0x1e04/0x3e50 [ 52.899635][ T6073] ? __pfx___futex_wait+0x10/0x10 [ 52.899649][ T6073] ? __pfx_tun_get_user+0x10/0x10 [ 52.899661][ T6073] ? find_held_lock+0x2d/0x110 [ 52.899673][ T6073] ? __pfx_lock_release+0x10/0x10 [ 52.899688][ T6073] tun_chr_write_iter+0xdc/0x210 [ 52.899702][ T6073] vfs_write+0x5ae/0x1150 [ 52.899715][ T6073] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 52.899728][ T6073] ? __pfx_lock_release+0x10/0x10 [ 52.899741][ T6073] ? __pfx_vfs_write+0x10/0x10 [ 52.899753][ T6073] ? lock_acquire+0x2f/0xb0 [ 52.899765][ T6073] ? __fget_files+0x40/0x3b0 [ 52.899781][ T6073] ksys_write+0x12b/0x250 [ 52.899793][ T6073] ? __pfx_ksys_write+0x10/0x10 [ 52.899807][ T6073] __do_fast_syscall_32+0x73/0x120 [ 52.899821][ T6073] do_fast_syscall_32+0x32/0x80 [ 52.899834][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 52.899849][ T6073] RIP: 0023:0xf7fb4579 [ 52.899856][ T6073] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 52.899866][ T6073] RSP: 002b:00000000f50d6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 52.899875][ T6073] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 52.899881][ T6073] RDX: 000000000000fdef RSI: 00000000f743cff4 RDI: 0000000000000000 [ 52.899886][ T6073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 52.899892][ T6073] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 52.899897][ T6073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 52.899905][ T6073] [ 52.899911][ T6073] BUG: Bad page state in process syz.2.19 pfn:229d8 [ 52.972832][ T6073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x229d8 [ 52.975223][ T6073] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 52.977164][ T6073] raw: 00fff00000000000 dead000000000040 ffff88801f2d7000 0000000000000000 [ 52.979490][ T6073] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 52.981867][ T6073] page dumped because: page_pool leak [ 52.983341][ T6073] page_owner tracks the page as allocated [ 52.984915][ T6073] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6073, tgid 6072 (syz.2.19), ts 52288534984, free_ts 28311035755 [ 52.989378][ T6073] post_alloc_hook+0x181/0x1b0 [ 52.990732][ T6073] get_page_from_freelist+0xfce/0x2f80 [ 52.992289][ T6073] __alloc_frozen_pages_noprof+0x221/0x2470 [ 52.993968][ T6073] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 52.995497][ T6073] __page_pool_alloc_pages_slow+0x18c/0x770 [ 52.997152][ T6073] page_pool_alloc_netmems+0xc4/0x160 [ 52.998643][ T6073] skb_pp_cow_data+0x776/0xf10 [ 52.999982][ T6073] skb_cow_data_for_xdp+0x88/0xb0 [ 53.001436][ T6073] do_xdp_generic+0x3f1/0xe70 [ 53.002765][ T6073] tun_get_user+0x1e04/0x3e50 [ 53.004107][ T6073] tun_chr_write_iter+0xdc/0x210 [ 53.005490][ T6073] vfs_write+0x5ae/0x1150 [ 53.006707][ T6073] ksys_write+0x12b/0x250 [ 53.007915][ T6073] __do_fast_syscall_32+0x73/0x120 [ 53.009346][ T6073] do_fast_syscall_32+0x32/0x80 [ 53.010720][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.012514][ T6073] page last free pid 0 tgid 0 stack trace: [ 53.014176][ T6073] free_frozen_pages+0x6db/0xfb0 [ 53.015548][ T6073] tlb_remove_table_rcu+0x116/0x1a0 [ 53.016984][ T6073] rcu_core+0x79d/0x14d0 [ 53.018188][ T6073] handle_softirqs+0x213/0x8f0 [ 53.019524][ T6073] __irq_exit_rcu+0x109/0x170 [ 53.020882][ T6073] irq_exit_rcu+0x9/0x30 [ 53.022078][ T6073] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 53.023644][ T6073] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 53.025309][ T6073] Modules linked in: [ 53.026400][ T6073] CPU: 3 UID: 0 PID: 6073 Comm: syz.2.19 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 53.026414][ T6073] Tainted: [B]=BAD_PAGE [ 53.026417][ T6073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.026423][ T6073] Call Trace: [ 53.026426][ T6073] [ 53.026430][ T6073] dump_stack_lvl+0x16c/0x1f0 [ 53.026444][ T6073] bad_page+0xb3/0x1f0 [ 53.026454][ T6073] ? __pfx_bad_page+0x10/0x10 [ 53.026463][ T6073] ? page_bad_reason+0x9d/0x1e0 [ 53.026473][ T6073] free_frozen_pages+0x701/0xfb0 [ 53.026487][ T6073] page_frag_free+0x255/0x2a0 [ 53.026496][ T6073] __xdp_return+0x363/0xac0 [ 53.026509][ T6073] ? kmem_cache_free+0x2e2/0x4d0 [ 53.026523][ T6073] bpf_xdp_adjust_tail+0x9de/0xf70 [ 53.026540][ T6073] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 53.026548][ T6073] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 53.026562][ T6073] do_xdp_generic+0x70a/0xe70 [ 53.026573][ T6073] ? __pfx_do_xdp_generic+0x10/0x10 [ 53.026586][ T6073] ? tun_get_user+0x1d55/0x3e50 [ 53.026601][ T6073] tun_get_user+0x1e04/0x3e50 [ 53.026616][ T6073] ? __pfx___futex_wait+0x10/0x10 [ 53.026630][ T6073] ? __pfx_tun_get_user+0x10/0x10 [ 53.026643][ T6073] ? find_held_lock+0x2d/0x110 [ 53.026654][ T6073] ? __pfx_lock_release+0x10/0x10 [ 53.026669][ T6073] tun_chr_write_iter+0xdc/0x210 [ 53.026683][ T6073] vfs_write+0x5ae/0x1150 [ 53.026696][ T6073] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 53.026710][ T6073] ? __pfx_lock_release+0x10/0x10 [ 53.026722][ T6073] ? __pfx_vfs_write+0x10/0x10 [ 53.026735][ T6073] ? lock_acquire+0x2f/0xb0 [ 53.026747][ T6073] ? __fget_files+0x40/0x3b0 [ 53.026762][ T6073] ksys_write+0x12b/0x250 [ 53.026774][ T6073] ? __pfx_ksys_write+0x10/0x10 [ 53.026789][ T6073] __do_fast_syscall_32+0x73/0x120 [ 53.026802][ T6073] do_fast_syscall_32+0x32/0x80 [ 53.026815][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.026830][ T6073] RIP: 0023:0xf7fb4579 [ 53.026837][ T6073] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 53.026846][ T6073] RSP: 002b:00000000f50d6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 53.026855][ T6073] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 53.026861][ T6073] RDX: 000000000000fdef RSI: 00000000f743cff4 RDI: 0000000000000000 [ 53.026866][ T6073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 53.026871][ T6073] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 53.026877][ T6073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 53.026885][ T6073] [ 53.026890][ T6073] BUG: Bad page state in process syz.2.19 pfn:26277 [ 53.100159][ T6073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888026277700 pfn:0x26277 [ 53.102975][ T6073] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.104944][ T6073] raw: 00fff00000000000 dead000000000040 ffff88801f2d7000 0000000000000000 [ 53.107324][ T6073] raw: ffff888026277700 0000000000000001 00000000ffffffff 0000000000000000 [ 53.109701][ T6073] page dumped because: page_pool leak [ 53.111227][ T6073] page_owner tracks the page as allocated [ 53.112763][ T6073] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6073, tgid 6072 (syz.2.19), ts 52288530914, free_ts 28311039746 [ 53.117230][ T6073] post_alloc_hook+0x181/0x1b0 [ 53.118561][ T6073] get_page_from_freelist+0xfce/0x2f80 [ 53.120066][ T6073] __alloc_frozen_pages_noprof+0x221/0x2470 [ 53.121750][ T6073] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 53.123281][ T6073] __page_pool_alloc_pages_slow+0x18c/0x770 [ 53.124979][ T6073] page_pool_alloc_netmems+0xc4/0x160 [ 53.126475][ T6073] skb_pp_cow_data+0x776/0xf10 [ 53.127808][ T6073] skb_cow_data_for_xdp+0x88/0xb0 [ 53.129233][ T6073] do_xdp_generic+0x3f1/0xe70 [ 53.130565][ T6073] tun_get_user+0x1e04/0x3e50 [ 53.131959][ T6073] tun_chr_write_iter+0xdc/0x210 [ 53.133336][ T6073] vfs_write+0x5ae/0x1150 [ 53.134557][ T6073] ksys_write+0x12b/0x250 [ 53.135748][ T6073] __do_fast_syscall_32+0x73/0x120 [ 53.137173][ T6073] do_fast_syscall_32+0x32/0x80 [ 53.138524][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.140282][ T6073] page last free pid 0 tgid 0 stack trace: [ 53.141978][ T6073] free_frozen_pages+0x6db/0xfb0 [ 53.143400][ T6073] rcu_core+0x79d/0x14d0 [ 53.144601][ T6073] handle_softirqs+0x213/0x8f0 [ 53.145943][ T6073] __irq_exit_rcu+0x109/0x170 [ 53.147254][ T6073] irq_exit_rcu+0x9/0x30 [ 53.148438][ T6073] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 53.149996][ T6073] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 53.151710][ T6073] Modules linked in: [ 53.152804][ T6073] CPU: 3 UID: 0 PID: 6073 Comm: syz.2.19 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 53.152818][ T6073] Tainted: [B]=BAD_PAGE [ 53.152821][ T6073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.152827][ T6073] Call Trace: [ 53.152830][ T6073] [ 53.152834][ T6073] dump_stack_lvl+0x16c/0x1f0 [ 53.152848][ T6073] bad_page+0xb3/0x1f0 [ 53.152857][ T6073] ? __pfx_bad_page+0x10/0x10 [ 53.152866][ T6073] ? page_bad_reason+0x9d/0x1e0 [ 53.152876][ T6073] free_frozen_pages+0x701/0xfb0 [ 53.152889][ T6073] page_frag_free+0x255/0x2a0 [ 53.152898][ T6073] __xdp_return+0x363/0xac0 [ 53.152912][ T6073] ? kmem_cache_free+0x2e2/0x4d0 [ 53.152926][ T6073] bpf_xdp_adjust_tail+0x9de/0xf70 [ 53.152943][ T6073] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 53.152950][ T6073] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 53.152964][ T6073] do_xdp_generic+0x70a/0xe70 [ 53.152975][ T6073] ? __pfx_do_xdp_generic+0x10/0x10 [ 53.152989][ T6073] ? tun_get_user+0x1d55/0x3e50 [ 53.153003][ T6073] tun_get_user+0x1e04/0x3e50 [ 53.153018][ T6073] ? __pfx___futex_wait+0x10/0x10 [ 53.153032][ T6073] ? __pfx_tun_get_user+0x10/0x10 [ 53.153045][ T6073] ? find_held_lock+0x2d/0x110 [ 53.153056][ T6073] ? __pfx_lock_release+0x10/0x10 [ 53.153072][ T6073] tun_chr_write_iter+0xdc/0x210 [ 53.153086][ T6073] vfs_write+0x5ae/0x1150 [ 53.153098][ T6073] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 53.153112][ T6073] ? __pfx_lock_release+0x10/0x10 [ 53.153125][ T6073] ? __pfx_vfs_write+0x10/0x10 [ 53.153152][ T6073] ? lock_acquire+0x2f/0xb0 [ 53.153164][ T6073] ? __fget_files+0x40/0x3b0 [ 53.153180][ T6073] ksys_write+0x12b/0x250 [ 53.153192][ T6073] ? __pfx_ksys_write+0x10/0x10 [ 53.153206][ T6073] __do_fast_syscall_32+0x73/0x120 [ 53.153219][ T6073] do_fast_syscall_32+0x32/0x80 [ 53.153232][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.153247][ T6073] RIP: 0023:0xf7fb4579 [ 53.153254][ T6073] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 53.153263][ T6073] RSP: 002b:00000000f50d6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 53.153272][ T6073] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 53.153278][ T6073] RDX: 000000000000fdef RSI: 00000000f743cff4 RDI: 0000000000000000 [ 53.153283][ T6073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 53.153289][ T6073] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 53.153294][ T6073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 53.153302][ T6073] [ 53.153307][ T6073] BUG: Bad page state in process syz.2.19 pfn:23d45 [ 53.227144][ T6073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23d45 [ 53.229545][ T6073] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.231537][ T6073] raw: 00fff00000000000 dead000000000040 ffff88801f2d7000 0000000000000000 [ 53.233881][ T6073] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 53.236213][ T6073] page dumped because: page_pool leak [ 53.237702][ T6073] page_owner tracks the page as allocated [ 53.239381][ T6073] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6073, tgid 6072 (syz.2.19), ts 52288526466, free_ts 28311051846 [ 53.243975][ T6073] post_alloc_hook+0x181/0x1b0 [ 53.245323][ T6073] get_page_from_freelist+0xfce/0x2f80 [ 53.246836][ T6073] __alloc_frozen_pages_noprof+0x221/0x2470 [ 53.248480][ T6073] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 53.250041][ T6073] __page_pool_alloc_pages_slow+0x18c/0x770 [ 53.251737][ T6073] page_pool_alloc_netmems+0xc4/0x160 [ 53.253234][ T6073] skb_pp_cow_data+0x776/0xf10 [ 53.254567][ T6073] skb_cow_data_for_xdp+0x88/0xb0 [ 53.255967][ T6073] do_xdp_generic+0x3f1/0xe70 [ 53.257290][ T6073] tun_get_user+0x1e04/0x3e50 [ 53.258602][ T6073] tun_chr_write_iter+0xdc/0x210 [ 53.259980][ T6073] vfs_write+0x5ae/0x1150 [ 53.261250][ T6073] ksys_write+0x12b/0x250 [ 53.262465][ T6073] __do_fast_syscall_32+0x73/0x120 [ 53.263913][ T6073] do_fast_syscall_32+0x32/0x80 [ 53.265280][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.267030][ T6073] page last free pid 0 tgid 0 stack trace: [ 53.268628][ T6073] free_frozen_pages+0x6db/0xfb0 [ 53.270055][ T6073] tlb_remove_table_rcu+0x116/0x1a0 [ 53.271599][ T6073] rcu_core+0x79d/0x14d0 [ 53.272789][ T6073] handle_softirqs+0x213/0x8f0 [ 53.274160][ T6073] __irq_exit_rcu+0x109/0x170 [ 53.275479][ T6073] irq_exit_rcu+0x9/0x30 [ 53.276672][ T6073] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 53.278245][ T6073] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 53.279902][ T6073] Modules linked in: [ 53.281058][ T6073] CPU: 3 UID: 0 PID: 6073 Comm: syz.2.19 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 53.281073][ T6073] Tainted: [B]=BAD_PAGE [ 53.281076][ T6073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.281081][ T6073] Call Trace: [ 53.281085][ T6073] [ 53.281089][ T6073] dump_stack_lvl+0x16c/0x1f0 [ 53.281104][ T6073] bad_page+0xb3/0x1f0 [ 53.281114][ T6073] ? __pfx_bad_page+0x10/0x10 [ 53.281123][ T6073] ? page_bad_reason+0x9d/0x1e0 [ 53.281148][ T6073] free_frozen_pages+0x701/0xfb0 [ 53.281163][ T6073] page_frag_free+0x255/0x2a0 [ 53.281172][ T6073] __xdp_return+0x363/0xac0 [ 53.281186][ T6073] ? kmem_cache_free+0x2e2/0x4d0 [ 53.281201][ T6073] bpf_xdp_adjust_tail+0x9de/0xf70 [ 53.281217][ T6073] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 53.281225][ T6073] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 53.281239][ T6073] do_xdp_generic+0x70a/0xe70 [ 53.281250][ T6073] ? __pfx_do_xdp_generic+0x10/0x10 [ 53.281263][ T6073] ? tun_get_user+0x1d55/0x3e50 [ 53.281279][ T6073] tun_get_user+0x1e04/0x3e50 [ 53.281293][ T6073] ? __pfx___futex_wait+0x10/0x10 [ 53.281307][ T6073] ? __pfx_tun_get_user+0x10/0x10 [ 53.281320][ T6073] ? find_held_lock+0x2d/0x110 [ 53.281332][ T6073] ? __pfx_lock_release+0x10/0x10 [ 53.281347][ T6073] tun_chr_write_iter+0xdc/0x210 [ 53.281361][ T6073] vfs_write+0x5ae/0x1150 [ 53.281374][ T6073] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 53.281388][ T6073] ? __pfx_lock_release+0x10/0x10 [ 53.281400][ T6073] ? __pfx_vfs_write+0x10/0x10 [ 53.281413][ T6073] ? lock_acquire+0x2f/0xb0 [ 53.281425][ T6073] ? __fget_files+0x40/0x3b0 [ 53.281440][ T6073] ksys_write+0x12b/0x250 [ 53.281453][ T6073] ? __pfx_ksys_write+0x10/0x10 [ 53.281467][ T6073] __do_fast_syscall_32+0x73/0x120 [ 53.281480][ T6073] do_fast_syscall_32+0x32/0x80 [ 53.281493][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.281508][ T6073] RIP: 0023:0xf7fb4579 [ 53.281515][ T6073] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 53.281524][ T6073] RSP: 002b:00000000f50d6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 53.281534][ T6073] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 53.281539][ T6073] RDX: 000000000000fdef RSI: 00000000f743cff4 RDI: 0000000000000000 [ 53.281545][ T6073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 53.281550][ T6073] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 53.281555][ T6073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 53.281563][ T6073] [ 53.281570][ T6073] BUG: Bad page state in process syz.2.19 pfn:258b6 [ 53.355571][ T6073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x258b6 [ 53.357981][ T6073] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.359933][ T6073] raw: 00fff00000000000 dead000000000040 ffff88801f2d7000 0000000000000000 [ 53.362331][ T6073] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 53.364675][ T6073] page dumped because: page_pool leak [ 53.366167][ T6073] page_owner tracks the page as allocated [ 53.367748][ T6073] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6073, tgid 6072 (syz.2.19), ts 52288522520, free_ts 28311057698 [ 53.372299][ T6073] post_alloc_hook+0x181/0x1b0 [ 53.373658][ T6073] get_page_from_freelist+0xfce/0x2f80 [ 53.375180][ T6073] __alloc_frozen_pages_noprof+0x221/0x2470 [ 53.376833][ T6073] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 53.378387][ T6073] __page_pool_alloc_pages_slow+0x18c/0x770 [ 53.380057][ T6073] page_pool_alloc_netmems+0xc4/0x160 [ 53.381596][ T6073] skb_pp_cow_data+0x776/0xf10 [ 53.382943][ T6073] skb_cow_data_for_xdp+0x88/0xb0 [ 53.384344][ T6073] do_xdp_generic+0x3f1/0xe70 [ 53.385665][ T6073] tun_get_user+0x1e04/0x3e50 [ 53.386988][ T6073] tun_chr_write_iter+0xdc/0x210 [ 53.388370][ T6073] vfs_write+0x5ae/0x1150 [ 53.389591][ T6073] ksys_write+0x12b/0x250 [ 53.390865][ T6073] __do_fast_syscall_32+0x73/0x120 [ 53.392296][ T6073] do_fast_syscall_32+0x32/0x80 [ 53.393737][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.395508][ T6073] page last free pid 0 tgid 0 stack trace: [ 53.397122][ T6073] free_frozen_pages+0x6db/0xfb0 [ 53.398515][ T6073] tlb_remove_table_rcu+0x116/0x1a0 [ 53.400039][ T6073] rcu_core+0x79d/0x14d0 [ 53.401339][ T6073] handle_softirqs+0x213/0x8f0 [ 53.402684][ T6073] __irq_exit_rcu+0x109/0x170 [ 53.404038][ T6073] irq_exit_rcu+0x9/0x30 [ 53.405247][ T6073] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 53.406805][ T6073] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 53.408478][ T6073] Modules linked in: [ 53.409585][ T6073] CPU: 3 UID: 0 PID: 6073 Comm: syz.2.19 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 53.409600][ T6073] Tainted: [B]=BAD_PAGE [ 53.409603][ T6073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.409609][ T6073] Call Trace: [ 53.409614][ T6073] [ 53.409619][ T6073] dump_stack_lvl+0x16c/0x1f0 [ 53.409634][ T6073] bad_page+0xb3/0x1f0 [ 53.409645][ T6073] ? __pfx_bad_page+0x10/0x10 [ 53.409654][ T6073] ? page_bad_reason+0x9d/0x1e0 [ 53.409664][ T6073] free_frozen_pages+0x701/0xfb0 [ 53.409678][ T6073] page_frag_free+0x255/0x2a0 [ 53.409687][ T6073] __xdp_return+0x363/0xac0 [ 53.409701][ T6073] ? kmem_cache_free+0x2e2/0x4d0 [ 53.409715][ T6073] bpf_xdp_adjust_tail+0x9de/0xf70 [ 53.409745][ T6073] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 53.409753][ T6073] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 53.409767][ T6073] do_xdp_generic+0x70a/0xe70 [ 53.409778][ T6073] ? __pfx_do_xdp_generic+0x10/0x10 [ 53.409791][ T6073] ? tun_get_user+0x1d55/0x3e50 [ 53.409808][ T6073] tun_get_user+0x1e04/0x3e50 [ 53.409822][ T6073] ? __pfx___futex_wait+0x10/0x10 [ 53.409837][ T6073] ? __pfx_tun_get_user+0x10/0x10 [ 53.409850][ T6073] ? find_held_lock+0x2d/0x110 [ 53.409861][ T6073] ? __pfx_lock_release+0x10/0x10 [ 53.409883][ T6073] tun_chr_write_iter+0xdc/0x210 [ 53.409898][ T6073] vfs_write+0x5ae/0x1150 [ 53.409911][ T6073] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 53.409925][ T6073] ? __pfx_lock_release+0x10/0x10 [ 53.409940][ T6073] ? __pfx_vfs_write+0x10/0x10 [ 53.409952][ T6073] ? lock_acquire+0x2f/0xb0 [ 53.409964][ T6073] ? __fget_files+0x40/0x3b0 [ 53.409980][ T6073] ksys_write+0x12b/0x250 [ 53.409992][ T6073] ? __pfx_ksys_write+0x10/0x10 [ 53.410006][ T6073] __do_fast_syscall_32+0x73/0x120 [ 53.410020][ T6073] do_fast_syscall_32+0x32/0x80 [ 53.410033][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.410048][ T6073] RIP: 0023:0xf7fb4579 [ 53.410055][ T6073] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 53.410064][ T6073] RSP: 002b:00000000f50d6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 53.410074][ T6073] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 53.410080][ T6073] RDX: 000000000000fdef RSI: 00000000f743cff4 RDI: 0000000000000000 [ 53.410086][ T6073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 53.410091][ T6073] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 53.410096][ T6073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 53.410104][ T6073] [ 53.410111][ T6073] BUG: Bad page state in process syz.2.19 pfn:20194 [ 53.483858][ T6073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888020194c30 pfn:0x20194 [ 53.486594][ T6073] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.488538][ T6073] raw: 00fff00000000000 dead000000000040 ffff88801f2d7000 0000000000000000 [ 53.490949][ T6073] raw: ffff888020194c30 0000000000000001 00000000ffffffff 0000000000000000 [ 53.493287][ T6073] page dumped because: page_pool leak [ 53.494789][ T6073] page_owner tracks the page as allocated [ 53.496362][ T6073] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6073, tgid 6072 (syz.2.19), ts 52288517977, free_ts 28311061275 [ 53.500901][ T6073] post_alloc_hook+0x181/0x1b0 [ 53.502258][ T6073] get_page_from_freelist+0xfce/0x2f80 [ 53.504560][ T6073] __alloc_frozen_pages_noprof+0x221/0x2470 [ 53.506724][ T6073] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 53.508714][ T6073] __page_pool_alloc_pages_slow+0x18c/0x770 [ 53.510942][ T6073] page_pool_alloc_netmems+0xc4/0x160 [ 53.512864][ T6073] skb_pp_cow_data+0x776/0xf10 [ 53.514597][ T6073] skb_cow_data_for_xdp+0x88/0xb0 [ 53.516407][ T6073] do_xdp_generic+0x3f1/0xe70 [ 53.518102][ T6073] tun_get_user+0x1e04/0x3e50 [ 53.519744][ T6073] tun_chr_write_iter+0xdc/0x210 [ 53.521254][ T6073] vfs_write+0x5ae/0x1150 [ 53.522464][ T6073] ksys_write+0x12b/0x250 [ 53.523677][ T6073] __do_fast_syscall_32+0x73/0x120 [ 53.525093][ T6073] do_fast_syscall_32+0x32/0x80 [ 53.526554][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.528334][ T6073] page last free pid 0 tgid 0 stack trace: [ 53.529961][ T6073] free_frozen_pages+0x6db/0xfb0 [ 53.531402][ T6073] rcu_core+0x79d/0x14d0 [ 53.532586][ T6073] handle_softirqs+0x213/0x8f0 [ 53.533956][ T6073] __irq_exit_rcu+0x109/0x170 [ 53.535274][ T6073] irq_exit_rcu+0x9/0x30 [ 53.536479][ T6073] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 53.538051][ T6073] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 53.539726][ T6073] Modules linked in: [ 53.540883][ T6073] CPU: 3 UID: 0 PID: 6073 Comm: syz.2.19 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 53.540898][ T6073] Tainted: [B]=BAD_PAGE [ 53.540901][ T6073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.540907][ T6073] Call Trace: [ 53.540911][ T6073] [ 53.540915][ T6073] dump_stack_lvl+0x16c/0x1f0 [ 53.540930][ T6073] bad_page+0xb3/0x1f0 [ 53.540940][ T6073] ? __pfx_bad_page+0x10/0x10 [ 53.540949][ T6073] ? page_bad_reason+0x9d/0x1e0 [ 53.540959][ T6073] free_frozen_pages+0x701/0xfb0 [ 53.540973][ T6073] page_frag_free+0x255/0x2a0 [ 53.540982][ T6073] __xdp_return+0x363/0xac0 [ 53.540996][ T6073] ? kmem_cache_free+0x2e2/0x4d0 [ 53.541011][ T6073] bpf_xdp_adjust_tail+0x9de/0xf70 [ 53.541037][ T6073] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 53.541045][ T6073] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 53.541059][ T6073] do_xdp_generic+0x70a/0xe70 [ 53.541070][ T6073] ? __pfx_do_xdp_generic+0x10/0x10 [ 53.541083][ T6073] ? tun_get_user+0x1d55/0x3e50 [ 53.541098][ T6073] tun_get_user+0x1e04/0x3e50 [ 53.541113][ T6073] ? __pfx___futex_wait+0x10/0x10 [ 53.541145][ T6073] ? __pfx_tun_get_user+0x10/0x10 [ 53.541166][ T6073] ? find_held_lock+0x2d/0x110 [ 53.541178][ T6073] ? __pfx_lock_release+0x10/0x10 [ 53.541193][ T6073] tun_chr_write_iter+0xdc/0x210 [ 53.541207][ T6073] vfs_write+0x5ae/0x1150 [ 53.541220][ T6073] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 53.541234][ T6073] ? __pfx_lock_release+0x10/0x10 [ 53.541246][ T6073] ? __pfx_vfs_write+0x10/0x10 [ 53.541259][ T6073] ? lock_acquire+0x2f/0xb0 [ 53.541271][ T6073] ? __fget_files+0x40/0x3b0 [ 53.541286][ T6073] ksys_write+0x12b/0x250 [ 53.541299][ T6073] ? __pfx_ksys_write+0x10/0x10 [ 53.541313][ T6073] __do_fast_syscall_32+0x73/0x120 [ 53.541326][ T6073] do_fast_syscall_32+0x32/0x80 [ 53.541340][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.541355][ T6073] RIP: 0023:0xf7fb4579 [ 53.541362][ T6073] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 53.541371][ T6073] RSP: 002b:00000000f50d6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 53.541381][ T6073] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 53.541387][ T6073] RDX: 000000000000fdef RSI: 00000000f743cff4 RDI: 0000000000000000 [ 53.541392][ T6073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 53.541397][ T6073] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 53.541403][ T6073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 53.541411][ T6073] [ 53.541416][ T6073] BUG: Bad page state in process syz.2.19 pfn:2590e [ 53.615568][ T6073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2590e [ 53.618003][ T6073] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.619958][ T6073] raw: 00fff00000000000 dead000000000040 ffff88801f2d7000 0000000000000000 [ 53.622395][ T6073] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 53.624771][ T6073] page dumped because: page_pool leak [ 53.626290][ T6073] page_owner tracks the page as allocated [ 53.627854][ T6073] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6073, tgid 6072 (syz.2.19), ts 52288513972, free_ts 28311648838 [ 53.632412][ T6073] post_alloc_hook+0x181/0x1b0 [ 53.633801][ T6073] get_page_from_freelist+0xfce/0x2f80 [ 53.635335][ T6073] __alloc_frozen_pages_noprof+0x221/0x2470 [ 53.636982][ T6073] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 53.638542][ T6073] __page_pool_alloc_pages_slow+0x18c/0x770 [ 53.640199][ T6073] page_pool_alloc_netmems+0xc4/0x160 [ 53.641759][ T6073] skb_pp_cow_data+0x776/0xf10 [ 53.643111][ T6073] skb_cow_data_for_xdp+0x88/0xb0 [ 53.644545][ T6073] do_xdp_generic+0x3f1/0xe70 [ 53.645906][ T6073] tun_get_user+0x1e04/0x3e50 [ 53.647296][ T6073] tun_chr_write_iter+0xdc/0x210 [ 53.648750][ T6073] vfs_write+0x5ae/0x1150 [ 53.649991][ T6073] ksys_write+0x12b/0x250 [ 53.651253][ T6073] __do_fast_syscall_32+0x73/0x120 [ 53.652670][ T6073] do_fast_syscall_32+0x32/0x80 [ 53.654065][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.655827][ T6073] page last free pid 0 tgid 0 stack trace: [ 53.657439][ T6073] free_frozen_pages+0x6db/0xfb0 [ 53.658819][ T6073] tlb_remove_table_rcu+0x116/0x1a0 [ 53.660269][ T6073] rcu_core+0x79d/0x14d0 [ 53.661520][ T6073] handle_softirqs+0x213/0x8f0 [ 53.662854][ T6073] __irq_exit_rcu+0x109/0x170 [ 53.664203][ T6073] irq_exit_rcu+0x9/0x30 [ 53.665399][ T6073] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 53.666948][ T6073] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 53.668623][ T6073] Modules linked in: [ 53.669742][ T6073] CPU: 3 UID: 0 PID: 6073 Comm: syz.2.19 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 53.669757][ T6073] Tainted: [B]=BAD_PAGE [ 53.669760][ T6073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.669766][ T6073] Call Trace: [ 53.669771][ T6073] [ 53.669775][ T6073] dump_stack_lvl+0x16c/0x1f0 [ 53.669790][ T6073] bad_page+0xb3/0x1f0 [ 53.669800][ T6073] ? __pfx_bad_page+0x10/0x10 [ 53.669809][ T6073] ? page_bad_reason+0x9d/0x1e0 [ 53.669819][ T6073] free_frozen_pages+0x701/0xfb0 [ 53.669832][ T6073] page_frag_free+0x255/0x2a0 [ 53.669841][ T6073] __xdp_return+0x363/0xac0 [ 53.669856][ T6073] ? kmem_cache_free+0x2e2/0x4d0 [ 53.669869][ T6073] bpf_xdp_adjust_tail+0x9de/0xf70 [ 53.669886][ T6073] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 53.669894][ T6073] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 53.669908][ T6073] do_xdp_generic+0x70a/0xe70 [ 53.669919][ T6073] ? __pfx_do_xdp_generic+0x10/0x10 [ 53.669935][ T6073] ? tun_get_user+0x1d55/0x3e50 [ 53.669950][ T6073] tun_get_user+0x1e04/0x3e50 [ 53.669968][ T6073] ? __pfx___futex_wait+0x10/0x10 [ 53.669982][ T6073] ? __pfx_tun_get_user+0x10/0x10 [ 53.669995][ T6073] ? find_held_lock+0x2d/0x110 [ 53.670007][ T6073] ? __pfx_lock_release+0x10/0x10 [ 53.670023][ T6073] tun_chr_write_iter+0xdc/0x210 [ 53.670037][ T6073] vfs_write+0x5ae/0x1150 [ 53.670050][ T6073] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 53.670064][ T6073] ? __pfx_lock_release+0x10/0x10 [ 53.670076][ T6073] ? __pfx_vfs_write+0x10/0x10 [ 53.670089][ T6073] ? lock_acquire+0x2f/0xb0 [ 53.670101][ T6073] ? __fget_files+0x40/0x3b0 [ 53.670116][ T6073] ksys_write+0x12b/0x250 [ 53.670129][ T6073] ? __pfx_ksys_write+0x10/0x10 [ 53.670142][ T6073] __do_fast_syscall_32+0x73/0x120 [ 53.670156][ T6073] do_fast_syscall_32+0x32/0x80 [ 53.670169][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.670184][ T6073] RIP: 0023:0xf7fb4579 [ 53.670191][ T6073] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 53.670201][ T6073] RSP: 002b:00000000f50d6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 53.670210][ T6073] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 53.670216][ T6073] RDX: 000000000000fdef RSI: 00000000f743cff4 RDI: 0000000000000000 [ 53.670221][ T6073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 53.670227][ T6073] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 53.670232][ T6073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 53.670240][ T6073] [ 53.670246][ T6073] BUG: Bad page state in process syz.2.19 pfn:25391 [ 53.744097][ T6073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25391 [ 53.746485][ T6073] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.748427][ T6073] raw: 00fff00000000000 dead000000000040 ffff88801f2d7000 0000000000000000 [ 53.750733][ T6073] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 53.752944][ T6073] page dumped because: page_pool leak [ 53.754460][ T6073] page_owner tracks the page as allocated [ 53.756029][ T6073] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6073, tgid 6072 (syz.2.19), ts 52288509798, free_ts 28311654886 [ 53.760496][ T6073] post_alloc_hook+0x181/0x1b0 [ 53.761891][ T6073] get_page_from_freelist+0xfce/0x2f80 [ 53.763400][ T6073] __alloc_frozen_pages_noprof+0x221/0x2470 [ 53.765183][ T6073] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 53.766750][ T6073] __page_pool_alloc_pages_slow+0x18c/0x770 [ 53.768428][ T6073] page_pool_alloc_netmems+0xc4/0x160 [ 53.769969][ T6073] skb_pp_cow_data+0x776/0xf10 [ 53.771366][ T6073] skb_cow_data_for_xdp+0x88/0xb0 [ 53.772770][ T6073] do_xdp_generic+0x3f1/0xe70 [ 53.774104][ T6073] tun_get_user+0x1e04/0x3e50 [ 53.775423][ T6073] tun_chr_write_iter+0xdc/0x210 [ 53.776806][ T6073] vfs_write+0x5ae/0x1150 [ 53.778030][ T6073] ksys_write+0x12b/0x250 [ 53.779241][ T6073] __do_fast_syscall_32+0x73/0x120 [ 53.780675][ T6073] do_fast_syscall_32+0x32/0x80 [ 53.782090][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.783886][ T6073] page last free pid 0 tgid 0 stack trace: [ 53.785508][ T6073] free_frozen_pages+0x6db/0xfb0 [ 53.786893][ T6073] tlb_remove_table_rcu+0x116/0x1a0 [ 53.788340][ T6073] rcu_core+0x79d/0x14d0 [ 53.789558][ T6073] handle_softirqs+0x213/0x8f0 [ 53.790964][ T6073] __irq_exit_rcu+0x109/0x170 [ 53.792288][ T6073] irq_exit_rcu+0x9/0x30 [ 53.793491][ T6073] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 53.795072][ T6073] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 53.796738][ T6073] Modules linked in: [ 53.797845][ T6073] CPU: 3 UID: 0 PID: 6073 Comm: syz.2.19 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 53.797859][ T6073] Tainted: [B]=BAD_PAGE [ 53.797862][ T6073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.797871][ T6073] Call Trace: [ 53.797876][ T6073] [ 53.797880][ T6073] dump_stack_lvl+0x16c/0x1f0 [ 53.797894][ T6073] bad_page+0xb3/0x1f0 [ 53.797904][ T6073] ? __pfx_bad_page+0x10/0x10 [ 53.797914][ T6073] ? page_bad_reason+0x9d/0x1e0 [ 53.797923][ T6073] free_frozen_pages+0x701/0xfb0 [ 53.797937][ T6073] page_frag_free+0x255/0x2a0 [ 53.797946][ T6073] __xdp_return+0x363/0xac0 [ 53.797960][ T6073] ? kmem_cache_free+0x2e2/0x4d0 [ 53.797973][ T6073] bpf_xdp_adjust_tail+0x9de/0xf70 [ 53.797990][ T6073] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 53.797998][ T6073] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 53.798012][ T6073] do_xdp_generic+0x70a/0xe70 [ 53.798023][ T6073] ? __pfx_do_xdp_generic+0x10/0x10 [ 53.798036][ T6073] ? tun_get_user+0x1d55/0x3e50 [ 53.798051][ T6073] tun_get_user+0x1e04/0x3e50 [ 53.798066][ T6073] ? __pfx___futex_wait+0x10/0x10 [ 53.798080][ T6073] ? __pfx_tun_get_user+0x10/0x10 [ 53.798093][ T6073] ? find_held_lock+0x2d/0x110 [ 53.798105][ T6073] ? __pfx_lock_release+0x10/0x10 [ 53.798121][ T6073] tun_chr_write_iter+0xdc/0x210 [ 53.798135][ T6073] vfs_write+0x5ae/0x1150 [ 53.798148][ T6073] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 53.798162][ T6073] ? __pfx_lock_release+0x10/0x10 [ 53.798174][ T6073] ? __pfx_vfs_write+0x10/0x10 [ 53.798187][ T6073] ? lock_acquire+0x2f/0xb0 [ 53.798199][ T6073] ? __fget_files+0x40/0x3b0 [ 53.798214][ T6073] ksys_write+0x12b/0x250 [ 53.798226][ T6073] ? __pfx_ksys_write+0x10/0x10 [ 53.798240][ T6073] __do_fast_syscall_32+0x73/0x120 [ 53.798254][ T6073] do_fast_syscall_32+0x32/0x80 [ 53.798266][ T6073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.798282][ T6073] RIP: 0023:0xf7fb4579 [ 53.798289][ T6073] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 53.798298][ T6073] RSP: 002b:00000000f50d6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 53.798307][ T6073] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 53.798313][ T6073] RDX: 000000000000fdef RSI: 00000000f743cff4 RDI: 0000000000000000 [ 53.798319][ T6073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 53.798324][ T6073] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 53.798329][ T6073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 53.798337][ T6073] [ 54.184739][ T1229] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.220980][ T5953] Bluetooth: hci0: command tx timeout [ 54.290944][ T5953] Bluetooth: hci1: command tx timeout [ 54.474376][ T1229] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.533889][ T1229] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.574284][ T1229] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.656344][ T1229] bridge_slave_1: left allmulticast mode [ 54.658433][ T1229] bridge_slave_1: left promiscuous mode [ 54.661625][ T1229] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.665292][ T1229] bridge_slave_0: left allmulticast mode [ 54.666896][ T1229] bridge_slave_0: left promiscuous mode [ 54.668503][ T1229] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.785396][ T1229] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 54.789581][ T1229] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 54.793016][ T1229] bond0 (unregistering): Released all slaves [ 55.086902][ T1229] hsr_slave_0: left promiscuous mode [ 55.088642][ T1229] hsr_slave_1: left promiscuous mode [ 55.090335][ T1229] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 55.094006][ T1229] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 55.096299][ T1229] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 55.098342][ T1229] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 55.101609][ T1229] veth1_macvtap: left promiscuous mode [ 55.103332][ T1229] veth0_macvtap: left promiscuous mode [ 55.105042][ T1229] veth1_vlan: left promiscuous mode [ 55.106523][ T1229] veth0_vlan: left promiscuous mode [ 55.279455][ T1229] team0 (unregistering): Port device team_slave_1 removed [ 55.303773][ T1229] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 06:48:19 Registers: info registers vcpu 0 CPU#0 RAX=00000002000008fb RBX=0000000000000001 RCX=0000000000000830 RDX=0000000000000002 RSI=00000000000000fb RDI=0000000000000002 RBP=0000000000000001 RSP=ffffc90000007e20 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=ffffffff818bc62e R12=0000000000000001 R13=0000000000000000 R14=ffff88802b53ed40 R15=ffff888022e70401 RIP=ffffffff8167f058 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000000000 CR3=000000002308a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000001 Opmask01=0000000010000000 Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe8a593150 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 71726974666f7320 6c61636f6c203a72 6f72726520706f74 732d6b6369742000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7172637466657320 6661636566203072 6572726520706574 7327616363742000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5d3435392054205b 5d3031323420392e 20342020205b3e34 3c002e6d74616220 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5734243320542051 2030312734203324 2020202020513420 3600242020612020 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 78652461696b7c61 4a676727727f6463 662a657e2a6f796b 696f797f2a787f65 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 573e3f333f5e2a51 573a3b383e3a3324 3d3e2a2a2a51343e 360024737e63666b ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffff88802b52cfe0 RCX=0000000000000001 RDX=ffff88801bb38000 RSI=ffffffff81ab7360 RDI=ffffffff81ab7365 RBP=0000000000000200 RSP=ffffc9000048fde0 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000200 R11=0000000000000000 R12=0000000000000001 R13=ffff88801bb38000 R14=ffffffff90627510 R15=0000000000000000 RIP=ffffffff8b55b40a RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f7fa7434 CR3=000000006a98a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000055745 RBX=0000000000000002 RCX=ffffffff8b55c5f9 RDX=0000000000000000 RSI=ffffffff8b6cfd40 RDI=ffffffff8bd346a0 RBP=ffffed1003767488 RSP=ffffc9000049fe08 R8 =0000000000000001 R9 =ffffed10056c6f85 R10=ffff88802b637c2b R11=0000000000000000 R12=0000000000000002 R13=ffff88801bb3a440 R14=ffffffff90627510 R15=0000000000000000 RIP=ffffffff8b55d9df RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000000c248cb5 CR3=000000004b5f8000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f743cff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=fffff52000677e08 RCX=ffffc900033bf080 RDX=1ffff110049a015c RSI=ffffffff8b6d0040 RDI=ffffffff8bd346a0 RBP=237ebb04bbfd9cad RSP=ffffc900033bf030 R8 =0000000000000000 R9 =fffffbfff20c4ea2 R10=ffffffff90627517 R11=0000000000000004 R12=0000000000000004 R13=0000000000000005 R14=ffff888024d00ae8 R15=ffff888024d00000 RIP=ffffffff8196c07d RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000080010000 CR3=0000000021c24000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000017000000000 0000000400000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000