last executing test programs: 1.669699315s ago: executing program 3 (id=4026): socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) pipe(&(0x7f00000003c0)) bpf$MAP_CREATE(0x0, 0x0, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0x40, 0xfa02, {{0x6000000, 0x200, 0x0, @rand_addr=' \x01\x00', 0x5}, {0xa, 0x0, 0x0, @mcast2, 0xffffffff}, 0xffffffffffffffff, 0xf5ffffff}}, 0x48) 1.668990303s ago: executing program 3 (id=4028): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000001080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) ioprio_set$uid(0x3, 0x0, 0x0) 1.598819155s ago: executing program 3 (id=4030): connect$inet(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x86, &(0x7f0000000500)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "9d42a08597d3b2f44ac89b1b52cc6728d6697d4cebc8f2f062c6f91f224aaacc", "99bd3410936eefeb3ea898dafab974aa", {"96deedc95f5d10a12027128db2e9bdf6", "f838a300b01b0e19ecdf00b20600"}}}}}}}, 0x0) syz_clone3(0x0, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000300)={@random="e90c630faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x10, 0x0, @opaque="cbe66f1099d3a415"}}}}}, 0x0) 1.528583908s ago: executing program 3 (id=4033): mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) chmod(&(0x7f0000000000)='./file0\x00', 0x100) read$FUSE(r0, &(0x7f0000008380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x1110040}}, 0x50) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_ATTR(r0, &(0x7f0000000240)={0x78, 0x0, r2, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x7, 0x3ff, 0xa000}}}, 0x78) creat(&(0x7f0000000000)='./file0\x00', 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0) 658.798835ms ago: executing program 3 (id=4042): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$PTP_SYS_OFFSET_PRECISE(r0, 0xc0403d08, 0x0) 658.515011ms ago: executing program 3 (id=4043): socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000000000000046, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, 0x0, &(0x7f00000002c0)}, 0x20) r3 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @dev}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private0}}) 449.271987ms ago: executing program 1 (id=4045): r0 = openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x68041}, 0x18) fsetxattr$security_ima(r0, &(0x7f0000000080), &(0x7f00000000c0), 0x1, 0x0) ftruncate(r0, 0x0) 375.924243ms ago: executing program 1 (id=4047): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000200)='s', 0x1, 0x0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000003400)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="06987728e729ecb494924da9913d596cb581d832ab19937b137f164cc9d8f2eb0c2fade94b8aefad67a53c4c9156a4832a4e0e90e3e1e9dc0f2acc20598fd58f57a34db4b44479e52edbd8c946a0f25d9fa32717aafdad752136eba890ac1830cc7c6e57ceb18a738f3dcc19c2559e6c2a19dbdc2ba64e56c3fa5bf2bba41f496fc4c9995966aee50ac5379065c40773628b174417c5b56c8cc39a928cd97ce7f042b8255136c4d641514343743aae1e3a8df492e31d00"/197, 0xc5}, {&(0x7f0000000980)="27ff76aa439bc330a3f8e05741476e5335cbf3ce9a9d774d3cb3fa55f587379aa533de6aa2730db9f771a8658c3a1eb1e4348114b56bca1c269a66b53c2ff2108ca7bc254ed65fc6137e6ef065eb945aac271c84d230e424e9dc3407f46f9b002206cdb0808b1fb840321126fbd3bbaeba507ac6a034bc63f22bdf9a4dad7ac32ecc876c24273ab793157894622878e971dd8fe3a45aa240eb919fe7c837b8b36e4e592f2d911cc47d19ff74d6e1770c8fa0c3e38533880052833276231837a2bea0d774fccc93d84b14e6875429bb8a4fa31106ad9cdd09eff787050b82d2c92ab21cc811fbb8420a1c66adbf1e1ba26523ee364f0243ce073d62d7bb90885a1b4d33b65982f39cd550452717956bb32a54514c068de7cedccdea2c932bffed344deddc18c0", 0x126}], 0x2}}], 0x1, 0x0) shutdown(r0, 0x1) 329.328479ms ago: executing program 0 (id=4049): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) 239.048481ms ago: executing program 0 (id=4051): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) connect$netlink(r1, &(0x7f0000000040)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) sendmsg$nl_route(r1, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000020000f0000f901000000000002"], 0x1c}}, 0x0) 238.840137ms ago: executing program 1 (id=4052): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a7c000000060a0b04000000000000000002000000500004804c0001800a000100696e6e65720000003c00028008000240000000840800034000000007080004400000000f080001400a000000180005800e000100696d6d656469617465000000040002800900010073797a30000000000900020073797a3200"], 0xa4}}, 0x0) 238.690045ms ago: executing program 1 (id=4053): r0 = socket$kcm(0x15, 0x5, 0x0) setsockopt$sock_attach_bpf(r0, 0x114, 0x3, 0x0, 0xe2a0a06278963d97) 169.468249ms ago: executing program 0 (id=4055): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000400000002000000000000080000000000006100"], 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000000000000000000009500a500000000003e62782f6b62fe583a205a2a93679f78609d6ca7f05ba88e8460d0693a8e47c2857ff1c02f24ca929b6aec07a02b58cbd88131bb0d547c9bab43442e4535f88409162afd1ed8ff5a113677be48432632a733fb0c58fcdba24799f692860f292f268d00eac7dd739212a24e74fef584daca158d64b64536a0c21a0ab5a3e038038aaef7bd2ea0621eb7be6fc89005be16748d73f3a1887006e10ed1fb7d9eb609d12ae5bcfd530400e18f6ad05fe15db26a4951f34aa257313b453b"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, r0, 0x8, 0x0, 0x0, 0x14, 0x0, 0xff3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 168.964915ms ago: executing program 2 (id=4056): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21bef5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f94306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a835701bea8240399c56ce8f58df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b262341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000040000000200"], 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) 168.871188ms ago: executing program 1 (id=4057): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000000)='ext4_mark_inode_dirty\x00'}, 0x10) r0 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r0, 0x84, 0xb, &(0x7f0000000000), 0xe) 168.711663ms ago: executing program 0 (id=4058): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r0, 0x0, 0x1010) 119.682427ms ago: executing program 2 (id=4059): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) ioctl$TUNSETOFFLOAD(r2, 0x40049409, 0x19) 119.478032ms ago: executing program 2 (id=4060): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x14, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000018500000086000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2}, 0xc) 119.308255ms ago: executing program 1 (id=4061): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000200)='s', 0x1, 0x0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000003400)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="06987728e729ecb494924da9913d596cb581d832ab19937b137f164cc9d8f2eb0c2fade94b8aefad67a53c4c9156a4832a4e0e90e3e1e9dc0f2acc20598fd58f57a34db4b44479e52edbd8c946a0f25d9fa32717aafdad752136eba890ac1830cc7c6e57ceb18a738f3dcc19c2559e6c2a19dbdc2ba64e56c3fa5bf2bba41f496fc4c9995966aee50ac5379065c40773628b174417c5b56c8cc39a928cd97ce7f042b8255136c4d641514343743aae1e3a8df492e31d00"/197, 0xc5}, {&(0x7f0000000980)="27ff76aa439bc330a3f8e05741476e5335cbf3ce9a9d774d3cb3fa55f587379aa533de6aa2730db9f771a8658c3a1eb1e4348114b56bca1c269a66b53c2ff2108ca7bc254ed65fc6137e6ef065eb945aac271c84d230e424e9dc3407f46f9b002206cdb0808b1fb840321126fbd3bbaeba507ac6a034bc63f22bdf9a4dad7ac32ecc876c24273ab793157894622878e971dd8fe3a45aa240eb919fe7c837b8b36e4e592f2d911cc47d19ff74d6e1770c8fa0c3e38533880052833276231837a2bea0d774fccc93d84b14e6875429bb8a4fa31106ad9cdd09eff787050b82d2c92ab21cc811fbb8420a1c66adbf1e1ba26523ee364f0243ce073d62d7bb90885a1b4d33b65982f39cd550452717956bb32a54514c068de7cedccdea2c932bffed344deddc18c0", 0x126}], 0x2}}], 0x1, 0x0) shutdown(r0, 0x1) 48.578518ms ago: executing program 2 (id=4062): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a7c000000060a0b04000000000000000002000000500004804c0001800a000100696e6e65720000003c00028008000240000000840800034000000007080004400000000f080001400a000000180005800e000100696d6d656469617465000000040002800900010073797a30000000000900020073797a3200"], 0xa4}}, 0x0) 48.325415ms ago: executing program 2 (id=4063): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0x80000001}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 308.804µs ago: executing program 0 (id=4064): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=ANY=[], 0x158}, 0x40) 102.096µs ago: executing program 2 (id=4065): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000011c0), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x8001) socket$kcm(0x10, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="d5c61c9849a2d88b9d75d7f3d6c2de07ffdae41cabc1e0f5b5b952e807c83fa32e2b5d12f0e6b2a100b64322969d6d07db66905bd694bebe9ffef3e1988c78b8ff", @ANYRES16, @ANYRES32, @ANYBLOB], 0xfe33) socket$kcm(0x2a, 0x0, 0x0) r2 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x8, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa2c"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000280)=@nameseq={0x1e, 0x1, 0x0, {0x20000401}}, 0x10, 0x0}, 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 0s ago: executing program 0 (id=4066): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001480)={0x40, r2, 0xb7a006d1969b963b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x24, 0x33, @probe_request={{{}, {}, @device_a, @device_b}, @void, @void, @void, @void, @val={0x72, 0x6}}}]}, 0x40}}, 0x80) kernel console output (not intermixed with test programs): 45.328729][T16142] unable to read squashfs_super_block [ 745.890623][T16151] syz.2.2962: attempt to access beyond end of device [ 745.890623][T16151] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 745.895395][T16151] SQUASHFS error: Failed to read block 0x0: -5 [ 745.897658][T16151] unable to read squashfs_super_block [ 747.125712][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.127429][ T1380] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.367959][T16161] syz.3.2965: attempt to access beyond end of device [ 747.367959][T16161] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 747.381653][T16161] SQUASHFS error: Failed to read block 0x0: -5 [ 747.443212][T16161] unable to read squashfs_super_block [ 747.591857][T16167] syz.2.2967: attempt to access beyond end of device [ 747.591857][T16167] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 747.600901][T16167] SQUASHFS error: Failed to read block 0x0: -5 [ 747.602647][T16167] unable to read squashfs_super_block [ 749.798166][T16194] syz.3.2973: attempt to access beyond end of device [ 749.798166][T16194] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 749.802844][T16194] SQUASHFS error: Failed to read block 0x0: -5 [ 749.833438][T16194] unable to read squashfs_super_block [ 751.796164][T16213] syz.3.2977: attempt to access beyond end of device [ 751.796164][T16213] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 751.800626][T16213] SQUASHFS error: Failed to read block 0x0: -5 [ 751.802805][T16213] unable to read squashfs_super_block [ 752.162958][T16218] syz.1.2979: attempt to access beyond end of device [ 752.162958][T16218] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 752.173325][T16218] SQUASHFS error: Failed to read block 0x0: -5 [ 752.175719][T16218] unable to read squashfs_super_block [ 752.964022][T16229] syz.1.2982: attempt to access beyond end of device [ 752.964022][T16229] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 752.968541][T16229] SQUASHFS error: Failed to read block 0x0: -5 [ 752.971060][T16229] unable to read squashfs_super_block [ 753.909819][T16248] syz.1.2985: attempt to access beyond end of device [ 753.909819][T16248] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 753.916824][T16248] SQUASHFS error: Failed to read block 0x0: -5 [ 753.928467][T16248] unable to read squashfs_super_block [ 754.023906][T16237] syz.2.2984: attempt to access beyond end of device [ 754.023906][T16237] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 754.023965][T16237] SQUASHFS error: Failed to read block 0x0: -5 [ 754.023995][T16237] unable to read squashfs_super_block [ 755.991615][T16269] syz.3.2991: attempt to access beyond end of device [ 755.991615][T16269] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 756.000976][T16269] SQUASHFS error: Failed to read block 0x0: -5 [ 756.003288][T16269] unable to read squashfs_super_block [ 756.043889][T16268] syz.1.2990: attempt to access beyond end of device [ 756.043889][T16268] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 756.048581][T16268] SQUASHFS error: Failed to read block 0x0: -5 [ 756.050671][T16268] unable to read squashfs_super_block [ 756.544182][T16275] syz.2.2992: attempt to access beyond end of device [ 756.544182][T16275] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 756.548995][T16275] SQUASHFS error: Failed to read block 0x0: -5 [ 756.551455][T16275] unable to read squashfs_super_block [ 756.800357][T16278] syz.0.2993: attempt to access beyond end of device [ 756.800357][T16278] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 756.804245][T16278] SQUASHFS error: Failed to read block 0x0: -5 [ 756.805893][T16278] unable to read squashfs_super_block [ 757.031545][T16284] syz.3.2994: attempt to access beyond end of device [ 757.031545][T16284] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 757.039868][T16284] SQUASHFS error: Failed to read block 0x0: -5 [ 757.041746][T16284] unable to read squashfs_super_block [ 758.162792][T16293] syz.2.2997: attempt to access beyond end of device [ 758.162792][T16293] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 758.171257][T16293] SQUASHFS error: Failed to read block 0x0: -5 [ 758.174768][T16293] unable to read squashfs_super_block [ 758.782052][T16305] syz.1.3000: attempt to access beyond end of device [ 758.782052][T16305] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 758.973878][T16306] syz.2.3001: attempt to access beyond end of device [ 758.973878][T16306] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 758.978706][T16306] SQUASHFS error: Failed to read block 0x0: -5 [ 758.980728][T16306] unable to read squashfs_super_block [ 759.073138][T16305] SQUASHFS error: Failed to read block 0x0: -5 [ 759.076000][T16305] unable to read squashfs_super_block [ 762.166880][ T5350] Bluetooth: hci6: command 0x0419 tx timeout [ 762.350220][T16331] syz.0.3006: attempt to access beyond end of device [ 762.350220][T16331] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 762.353734][T16331] SQUASHFS error: Failed to read block 0x0: -5 [ 762.355398][T16331] unable to read squashfs_super_block [ 762.443589][T16332] syz.1.3007: attempt to access beyond end of device [ 762.443589][T16332] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 762.443638][T16332] SQUASHFS error: Failed to read block 0x0: -5 [ 762.443667][T16332] unable to read squashfs_super_block [ 764.179852][T16348] syz.0.3011: attempt to access beyond end of device [ 764.179852][T16348] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 764.183546][T16348] SQUASHFS error: Failed to read block 0x0: -5 [ 764.185174][T16348] unable to read squashfs_super_block [ 764.470364][T16349] syz.2.3010: attempt to access beyond end of device [ 764.470364][T16349] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 764.483390][T16349] SQUASHFS error: Failed to read block 0x0: -5 [ 764.485750][T16349] unable to read squashfs_super_block [ 764.832767][T16359] syz.0.3014: attempt to access beyond end of device [ 764.832767][T16359] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 764.850814][T16359] SQUASHFS error: Failed to read block 0x0: -5 [ 764.852790][T16359] unable to read squashfs_super_block [ 765.504812][T16364] syz.2.3015: attempt to access beyond end of device [ 765.504812][T16364] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 765.508218][T16364] SQUASHFS error: Failed to read block 0x0: -5 [ 765.509852][T16364] unable to read squashfs_super_block [ 766.268820][T16375] syz.2.3018: attempt to access beyond end of device [ 766.268820][T16375] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 766.272400][T16375] SQUASHFS error: Failed to read block 0x0: -5 [ 766.275390][T16375] unable to read squashfs_super_block [ 766.526647][T16379] syz.3.3019: attempt to access beyond end of device [ 766.526647][T16379] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 766.533419][T16379] SQUASHFS error: Failed to read block 0x0: -5 [ 766.535826][T16379] unable to read squashfs_super_block [ 767.037152][T16385] syz.0.3020: attempt to access beyond end of device [ 767.037152][T16385] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 767.041878][T16385] SQUASHFS error: Failed to read block 0x0: -5 [ 767.052031][T16385] unable to read squashfs_super_block [ 767.219639][T16386] syz.2.3021: attempt to access beyond end of device [ 767.219639][T16386] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 767.219701][T16386] SQUASHFS error: Failed to read block 0x0: -5 [ 767.219751][T16386] unable to read squashfs_super_block [ 768.923528][T16405] syz.1.3026: attempt to access beyond end of device [ 768.923528][T16405] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 768.933271][T16405] SQUASHFS error: Failed to read block 0x0: -5 [ 768.935629][T16405] unable to read squashfs_super_block [ 769.254304][T16409] syz.3.3027: attempt to access beyond end of device [ 769.254304][T16409] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 769.257757][T16409] SQUASHFS error: Failed to read block 0x0: -5 [ 769.267068][T16409] unable to read squashfs_super_block [ 769.468847][T16412] syz.2.3028: attempt to access beyond end of device [ 769.468847][T16412] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 769.472727][T16412] SQUASHFS error: Failed to read block 0x0: -5 [ 769.475312][T16412] unable to read squashfs_super_block [ 769.864030][T16419] syz.0.3030: attempt to access beyond end of device [ 769.864030][T16419] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 769.879364][T16419] SQUASHFS error: Failed to read block 0x0: -5 [ 769.887326][T16419] unable to read squashfs_super_block [ 770.026245][T16424] syz.3.3031: attempt to access beyond end of device [ 770.026245][T16424] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 770.030095][T16424] SQUASHFS error: Failed to read block 0x0: -5 [ 770.032433][T16424] unable to read squashfs_super_block [ 770.855829][T16430] syz.2.3032: attempt to access beyond end of device [ 770.855829][T16430] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 770.860800][T16430] SQUASHFS error: Failed to read block 0x0: -5 [ 770.870871][T16430] unable to read squashfs_super_block [ 772.114720][T16449] syz.2.3038: attempt to access beyond end of device [ 772.114720][T16449] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 772.118824][T16449] SQUASHFS error: Failed to read block 0x0: -5 [ 772.120509][T16449] unable to read squashfs_super_block [ 772.474744][T16458] syz.1.3039: attempt to access beyond end of device [ 772.474744][T16458] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 772.482865][T16458] SQUASHFS error: Failed to read block 0x0: -5 [ 772.487358][T16458] unable to read squashfs_super_block [ 774.149510][T16482] syz.3.3045: attempt to access beyond end of device [ 774.149510][T16482] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 774.156298][T16482] SQUASHFS error: Failed to read block 0x0: -5 [ 774.157936][T16482] unable to read squashfs_super_block [ 774.426359][T16479] syz.2.3044: attempt to access beyond end of device [ 774.426359][T16479] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 774.431033][T16479] SQUASHFS error: Failed to read block 0x0: -5 [ 774.441653][T16479] unable to read squashfs_super_block [ 775.904768][T16510] syz.3.3052: attempt to access beyond end of device [ 775.904768][T16510] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 775.909499][T16510] SQUASHFS error: Failed to read block 0x0: -5 [ 775.911769][T16510] unable to read squashfs_super_block [ 776.403560][T16515] syz.2.3054: attempt to access beyond end of device [ 776.403560][T16515] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 776.407017][T16515] SQUASHFS error: Failed to read block 0x0: -5 [ 776.408647][T16515] unable to read squashfs_super_block [ 776.715901][T16522] syz.3.3055: attempt to access beyond end of device [ 776.715901][T16522] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 776.720773][T16522] SQUASHFS error: Failed to read block 0x0: -5 [ 776.723072][T16522] unable to read squashfs_super_block [ 777.135429][T16526] syz.2.3056: attempt to access beyond end of device [ 777.135429][T16526] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 777.147659][T16526] SQUASHFS error: Failed to read block 0x0: -5 [ 777.149435][T16526] unable to read squashfs_super_block [ 777.387906][T16534] syz.0.3057: attempt to access beyond end of device [ 777.387906][T16534] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 777.392767][T16534] SQUASHFS error: Failed to read block 0x0: -5 [ 777.399171][T16534] unable to read squashfs_super_block [ 777.773640][T16536] syz.1.3058: attempt to access beyond end of device [ 777.773640][T16536] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 777.791062][T16536] SQUASHFS error: Failed to read block 0x0: -5 [ 777.792997][T16536] unable to read squashfs_super_block [ 779.755485][T16567] syz.1.3067: attempt to access beyond end of device [ 779.755485][T16567] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 779.759380][T16567] SQUASHFS error: Failed to read block 0x0: -5 [ 779.761293][T16567] unable to read squashfs_super_block [ 779.988494][T16574] syz.0.3068: attempt to access beyond end of device [ 779.988494][T16574] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 779.995633][T16577] syz.3.3070: attempt to access beyond end of device [ 779.995633][T16577] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 779.999302][T16577] SQUASHFS error: Failed to read block 0x0: -5 [ 780.007461][T16574] SQUASHFS error: Failed to read block 0x0: -5 [ 780.010939][T16574] unable to read squashfs_super_block [ 780.012249][T16577] unable to read squashfs_super_block [ 780.725688][T16589] syz.3.3073: attempt to access beyond end of device [ 780.725688][T16589] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 780.739653][T16589] SQUASHFS error: Failed to read block 0x0: -5 [ 780.742046][T16589] unable to read squashfs_super_block [ 780.968452][T16593] syz.2.3074: attempt to access beyond end of device [ 780.968452][T16593] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 780.991041][T16593] SQUASHFS error: Failed to read block 0x0: -5 [ 781.000174][T16593] unable to read squashfs_super_block [ 782.278856][T16610] syz.2.3077: attempt to access beyond end of device [ 782.278856][T16610] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 782.282255][T16610] SQUASHFS error: Failed to read block 0x0: -5 [ 782.288114][T16610] unable to read squashfs_super_block [ 782.546998][T16616] syz.0.3079: attempt to access beyond end of device [ 782.546998][T16616] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 782.550354][T16616] SQUASHFS error: Failed to read block 0x0: -5 [ 782.572894][T16616] unable to read squashfs_super_block [ 782.844286][T16622] syz.2.3080: attempt to access beyond end of device [ 782.844286][T16622] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 782.848833][T16622] SQUASHFS error: Failed to read block 0x0: -5 [ 782.851113][T16622] unable to read squashfs_super_block [ 783.015927][T16623] syz.3.3081: attempt to access beyond end of device [ 783.015927][T16623] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 783.019856][T16623] SQUASHFS error: Failed to read block 0x0: -5 [ 783.021557][T16623] unable to read squashfs_super_block [ 783.065208][T16628] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3082'. [ 783.363724][T16629] syz.0.3083: attempt to access beyond end of device [ 783.363724][T16629] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 783.371258][T16629] SQUASHFS error: Failed to read block 0x0: -5 [ 783.374217][T16629] unable to read squashfs_super_block [ 783.690625][T16635] SQUASHFS error: Failed to read block 0x0: -5 [ 783.692332][T16635] unable to read squashfs_super_block [ 783.727545][T16638] SQUASHFS error: Failed to read block 0x0: -5 [ 783.729880][T16638] unable to read squashfs_super_block [ 783.973706][T16644] SQUASHFS error: Failed to read block 0x0: -5 [ 783.975417][T16644] unable to read squashfs_super_block [ 784.072477][T16646] SQUASHFS error: Failed to read block 0x0: -5 [ 784.075062][T16646] unable to read squashfs_super_block [ 785.115446][T16661] bio_check_eod: 4 callbacks suppressed [ 785.115475][T16661] syz.3.3091: attempt to access beyond end of device [ 785.115475][T16661] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 785.125937][T16661] SQUASHFS error: Failed to read block 0x0: -5 [ 785.131809][T16661] unable to read squashfs_super_block [ 785.792013][T16672] syz.2.3093: attempt to access beyond end of device [ 785.792013][T16672] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 785.804602][T16672] SQUASHFS error: Failed to read block 0x0: -5 [ 785.815305][T16672] unable to read squashfs_super_block [ 787.155444][T16692] syz.3.3099: attempt to access beyond end of device [ 787.155444][T16692] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 787.158887][T16692] SQUASHFS error: Failed to read block 0x0: -5 [ 787.160683][T16692] unable to read squashfs_super_block [ 787.563746][T16700] syz.1.3101: attempt to access beyond end of device [ 787.563746][T16700] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 787.568668][T16700] SQUASHFS error: Failed to read block 0x0: -5 [ 787.571163][T16700] unable to read squashfs_super_block [ 787.888228][T16707] syz.1.3104: attempt to access beyond end of device [ 787.888228][T16707] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 787.891729][T16707] SQUASHFS error: Failed to read block 0x0: -5 [ 787.897174][T16707] unable to read squashfs_super_block [ 787.981553][T16708] syz.2.3103: attempt to access beyond end of device [ 787.981553][T16708] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 787.987535][T16708] SQUASHFS error: Failed to read block 0x0: -5 [ 787.989332][T16708] unable to read squashfs_super_block [ 788.272460][T16713] syz.1.3106: attempt to access beyond end of device [ 788.272460][T16713] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 788.282081][T16713] SQUASHFS error: Failed to read block 0x0: -5 [ 788.286331][T16713] unable to read squashfs_super_block [ 788.679844][T16721] syz.0.3108: attempt to access beyond end of device [ 788.679844][T16721] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 788.684993][T16721] SQUASHFS error: Failed to read block 0x0: -5 [ 788.687365][T16721] unable to read squashfs_super_block [ 788.794137][T16725] syz.2.3109: attempt to access beyond end of device [ 788.794137][T16725] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 788.794255][T16725] SQUASHFS error: Failed to read block 0x0: -5 [ 788.794317][T16725] unable to read squashfs_super_block [ 789.868590][T16737] syz.0.3112: attempt to access beyond end of device [ 789.868590][T16737] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 789.873288][T16737] SQUASHFS error: Failed to read block 0x0: -5 [ 789.875531][T16737] unable to read squashfs_super_block [ 790.067855][T16735] SQUASHFS error: Failed to read block 0x0: -5 [ 790.084978][T16735] unable to read squashfs_super_block [ 790.324046][T16745] bio_check_eod: 1 callbacks suppressed [ 790.324057][T16745] syz.3.3114: attempt to access beyond end of device [ 790.324057][T16745] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 790.335622][T16745] SQUASHFS error: Failed to read block 0x0: -5 [ 790.337425][T16745] unable to read squashfs_super_block [ 790.475586][T16744] syz.2.3113: attempt to access beyond end of device [ 790.475586][T16744] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 790.475632][T16744] SQUASHFS error: Failed to read block 0x0: -5 [ 790.475662][T16744] unable to read squashfs_super_block [ 790.738692][T16757] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3118'. [ 791.615793][T16769] syz.1.3121: attempt to access beyond end of device [ 791.615793][T16769] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 791.620159][T16769] SQUASHFS error: Failed to read block 0x0: -5 [ 791.622381][T16769] unable to read squashfs_super_block [ 792.687867][T16780] syz.2.3124: attempt to access beyond end of device [ 792.687867][T16780] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 792.691885][T16780] SQUASHFS error: Failed to read block 0x0: -5 [ 792.693895][T16780] unable to read squashfs_super_block [ 792.873453][T16783] syz.3.3125: attempt to access beyond end of device [ 792.873453][T16783] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 792.873517][T16783] SQUASHFS error: Failed to read block 0x0: -5 [ 792.873582][T16783] unable to read squashfs_super_block [ 793.113996][T16784] syz.0.3123: attempt to access beyond end of device [ 793.113996][T16784] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 793.128855][T16784] SQUASHFS error: Failed to read block 0x0: -5 [ 793.137324][T16784] unable to read squashfs_super_block [ 793.579824][T16797] syz.2.3129: attempt to access beyond end of device [ 793.579824][T16797] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 793.592574][T16797] SQUASHFS error: Failed to read block 0x0: -5 [ 793.594987][T16797] unable to read squashfs_super_block [ 794.206612][T16811] syz.3.3132: attempt to access beyond end of device [ 794.206612][T16811] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 794.216209][T16811] SQUASHFS error: Failed to read block 0x0: -5 [ 794.217999][T16811] unable to read squashfs_super_block [ 794.261504][T16808] syz.1.3131: attempt to access beyond end of device [ 794.261504][T16808] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 794.278273][T16808] SQUASHFS error: Failed to read block 0x0: -5 [ 794.278323][T16808] unable to read squashfs_super_block [ 794.458631][T16812] syz.2.3133: attempt to access beyond end of device [ 794.458631][T16812] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 794.458682][T16812] SQUASHFS error: Failed to read block 0x0: -5 [ 794.458723][T16812] unable to read squashfs_super_block [ 794.985813][T16822] SQUASHFS error: Failed to read block 0x0: -5 [ 794.987930][T16822] unable to read squashfs_super_block [ 795.227624][T16828] SQUASHFS error: Failed to read block 0x0: -5 [ 795.229309][T16828] unable to read squashfs_super_block [ 796.616071][T16837] bio_check_eod: 2 callbacks suppressed [ 796.616107][T16837] syz.3.3139: attempt to access beyond end of device [ 796.616107][T16837] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 796.624495][T16837] SQUASHFS error: Failed to read block 0x0: -5 [ 796.626942][T16837] unable to read squashfs_super_block [ 797.273775][T16856] syz.1.3142: attempt to access beyond end of device [ 797.273775][T16856] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 797.285925][T16856] SQUASHFS error: Failed to read block 0x0: -5 [ 797.287618][T16856] unable to read squashfs_super_block [ 797.505402][T16855] syz.0.3143: attempt to access beyond end of device [ 797.505402][T16855] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 797.508857][T16855] SQUASHFS error: Failed to read block 0x0: -5 [ 797.511175][T16855] unable to read squashfs_super_block [ 797.894087][T16867] syz.3.3146: attempt to access beyond end of device [ 797.894087][T16867] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 797.900570][T16867] SQUASHFS error: Failed to read block 0x0: -5 [ 797.904645][T16867] unable to read squashfs_super_block [ 800.345864][T16889] syz.2.3150: attempt to access beyond end of device [ 800.345864][T16889] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 800.351328][T16889] SQUASHFS error: Failed to read block 0x0: -5 [ 800.354427][T16889] unable to read squashfs_super_block [ 800.986919][T16902] syz.3.3154: attempt to access beyond end of device [ 800.986919][T16902] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 800.991529][T16902] SQUASHFS error: Failed to read block 0x0: -5 [ 800.995535][T16902] unable to read squashfs_super_block [ 801.032017][T16901] syz.0.3153: attempt to access beyond end of device [ 801.032017][T16901] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 801.038690][T16901] SQUASHFS error: Failed to read block 0x0: -5 [ 801.042526][T16901] unable to read squashfs_super_block [ 801.566152][T16903] syz.1.3155: attempt to access beyond end of device [ 801.566152][T16903] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 801.570362][T16903] SQUASHFS error: Failed to read block 0x0: -5 [ 801.572961][T16903] unable to read squashfs_super_block [ 802.120080][T16914] syz.3.3157: attempt to access beyond end of device [ 802.120080][T16914] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 802.123678][T16914] SQUASHFS error: Failed to read block 0x0: -5 [ 802.125379][T16914] unable to read squashfs_super_block [ 805.116220][T16930] syz.1.3160: attempt to access beyond end of device [ 805.116220][T16930] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 805.120116][T16930] SQUASHFS error: Failed to read block 0x0: -5 [ 805.122501][T16930] unable to read squashfs_super_block [ 805.337970][T16951] syz.2.3166: attempt to access beyond end of device [ 805.337970][T16951] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 805.342598][T16951] SQUASHFS error: Failed to read block 0x0: -5 [ 805.348749][T16951] unable to read squashfs_super_block [ 805.376355][T16950] syz.3.3165: attempt to access beyond end of device [ 805.376355][T16950] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 805.380857][T16950] SQUASHFS error: Failed to read block 0x0: -5 [ 805.383061][T16950] unable to read squashfs_super_block [ 805.906610][T16964] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3169'. [ 806.856522][T16975] syz.3.3172: attempt to access beyond end of device [ 806.856522][T16975] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 806.860745][T16975] SQUASHFS error: Failed to read block 0x0: -5 [ 806.862704][T16975] unable to read squashfs_super_block [ 807.286793][T16966] syz.0.3170: attempt to access beyond end of device [ 807.286793][T16966] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 807.291114][T16966] SQUASHFS error: Failed to read block 0x0: -5 [ 807.301172][T16966] unable to read squashfs_super_block [ 808.536848][T16988] syz.1.3176: attempt to access beyond end of device [ 808.536848][T16988] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 808.541513][T16988] SQUASHFS error: Failed to read block 0x0: -5 [ 808.557462][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.559768][ T1380] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.634493][T16988] unable to read squashfs_super_block [ 809.184900][T17003] syz.0.3181: attempt to access beyond end of device [ 809.184900][T17003] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 809.192384][T17003] SQUASHFS error: Failed to read block 0x0: -5 [ 809.198319][T17003] unable to read squashfs_super_block [ 809.442196][T17007] syz.3.3182: attempt to access beyond end of device [ 809.442196][T17007] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 809.467635][T17007] SQUASHFS error: Failed to read block 0x0: -5 [ 809.469376][T17007] unable to read squashfs_super_block [ 813.623011][T17053] syz.3.3194: attempt to access beyond end of device [ 813.623011][T17053] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 813.631039][T17053] SQUASHFS error: Failed to read block 0x0: -5 [ 813.632848][T17053] unable to read squashfs_super_block [ 813.950339][T17061] syz.0.3195: attempt to access beyond end of device [ 813.950339][T17061] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 813.954621][T17061] SQUASHFS error: Failed to read block 0x0: -5 [ 813.958052][T17061] unable to read squashfs_super_block [ 814.225116][T17062] syz.1.3196: attempt to access beyond end of device [ 814.225116][T17062] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 814.233539][T17062] SQUASHFS error: Failed to read block 0x0: -5 [ 814.237899][T17062] unable to read squashfs_super_block [ 814.263795][T17068] syz.0.3198: attempt to access beyond end of device [ 814.263795][T17068] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 814.268874][T17068] SQUASHFS error: Failed to read block 0x0: -5 [ 814.268908][T17068] unable to read squashfs_super_block [ 816.713331][ T5350] Bluetooth: hci6: command 0x0419 tx timeout [ 817.816308][T17105] syz.2.3208: attempt to access beyond end of device [ 817.816308][T17105] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 817.824530][T17105] SQUASHFS error: Failed to read block 0x0: -5 [ 817.830428][T17105] unable to read squashfs_super_block [ 818.079843][T17109] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3210'. [ 820.531467][T17139] syz.2.3216: attempt to access beyond end of device [ 820.531467][T17139] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 820.551682][T17139] SQUASHFS error: Failed to read block 0x0: -5 [ 820.554056][T17139] unable to read squashfs_super_block [ 823.274294][T17158] syz.2.3222: attempt to access beyond end of device [ 823.274294][T17158] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 823.278778][T17158] SQUASHFS error: Failed to read block 0x0: -5 [ 823.281112][T17158] unable to read squashfs_super_block [ 823.790881][T17170] syz.2.3224: attempt to access beyond end of device [ 823.790881][T17170] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 823.803210][T17170] SQUASHFS error: Failed to read block 0x0: -5 [ 823.805457][T17170] unable to read squashfs_super_block [ 824.326054][T17173] syz.2.3225: attempt to access beyond end of device [ 824.326054][T17173] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 824.330709][T17173] SQUASHFS error: Failed to read block 0x0: -5 [ 824.332973][T17173] unable to read squashfs_super_block [ 825.724332][T17193] syz.2.3232: attempt to access beyond end of device [ 825.724332][T17193] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 825.728577][T17193] SQUASHFS error: Failed to read block 0x0: -5 [ 825.730685][T17193] unable to read squashfs_super_block [ 825.937416][ T5350] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 825.942242][ T5350] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 825.945405][ T5350] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 825.949464][ T5350] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 825.952011][ T5350] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 825.970616][ T5350] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 827.549977][T17207] syz.3.3234: attempt to access beyond end of device [ 827.549977][T17207] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 827.565699][T17207] SQUASHFS error: Failed to read block 0x0: -5 [ 827.567849][T17207] unable to read squashfs_super_block [ 827.993275][ T5350] Bluetooth: hci3: command tx timeout [ 828.030198][T17204] syz.2.3233: attempt to access beyond end of device [ 828.030198][T17204] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 828.033715][T17204] SQUASHFS error: Failed to read block 0x0: -5 [ 828.035341][T17204] unable to read squashfs_super_block [ 828.285447][T17199] chnl_net:caif_netlink_parms(): no params data found [ 828.335344][T17216] syz.0.3236: attempt to access beyond end of device [ 828.335344][T17216] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 828.340018][T17216] SQUASHFS error: Failed to read block 0x0: -5 [ 828.342256][T17216] unable to read squashfs_super_block [ 828.584348][T17199] bridge0: port 1(bridge_slave_0) entered blocking state [ 828.586273][T17199] bridge0: port 1(bridge_slave_0) entered disabled state [ 828.588192][T17199] bridge_slave_0: entered allmulticast mode [ 828.590521][T17199] bridge_slave_0: entered promiscuous mode [ 828.598080][T17199] bridge0: port 2(bridge_slave_1) entered blocking state [ 828.599963][T17199] bridge0: port 2(bridge_slave_1) entered disabled state [ 828.601874][T17199] bridge_slave_1: entered allmulticast mode [ 828.605519][T17199] bridge_slave_1: entered promiscuous mode [ 828.735070][T17199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 828.739421][T17199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 828.930863][T17199] team0: Port device team_slave_0 added [ 828.944015][T17199] team0: Port device team_slave_1 added [ 829.473183][T17199] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 829.475271][T17199] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 829.490505][T17199] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 829.516323][T17199] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 829.521525][T17199] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 829.555720][T17199] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 829.897431][T17199] hsr_slave_0: entered promiscuous mode [ 829.934289][T17199] hsr_slave_1: entered promiscuous mode [ 829.947192][T17199] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 829.949582][T17199] Cannot create hsr debugfs directory [ 830.093182][ T5350] Bluetooth: hci3: command tx timeout [ 830.377694][T17199] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 830.459264][T17199] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 830.529291][T17245] syz.3.3242: attempt to access beyond end of device [ 830.529291][T17245] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 830.532900][T17245] SQUASHFS error: Failed to read block 0x0: -5 [ 830.539346][T17245] unable to read squashfs_super_block [ 830.590733][T17199] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 830.718299][T17199] netdevsim netdevsim1  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.068030][T17199] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 831.091440][T17199] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 831.096305][T17199] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 831.101102][T17199] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 831.168593][T17199] 8021q: adding VLAN 0 to HW filter on device bond0 [ 831.186643][T17199] 8021q: adding VLAN 0 to HW filter on device team0 [ 831.193012][T14992] bridge0: port 1(bridge_slave_0) entered blocking state [ 831.195032][T14992] bridge0: port 1(bridge_slave_0) entered forwarding state [ 831.209300][ T84] bridge0: port 2(bridge_slave_1) entered blocking state [ 831.211470][ T84] bridge0: port 2(bridge_slave_1) entered forwarding state [ 831.379326][T17199] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 831.425923][T17199] veth0_vlan: entered promiscuous mode [ 831.438121][T17199] veth1_vlan: entered promiscuous mode [ 831.465229][T17199] veth0_macvtap: entered promiscuous mode [ 831.471306][T17199] veth1_macvtap: entered promiscuous mode [ 831.485726][T17199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.489351][T17199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.492639][T17199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.496236][T17199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.499587][T17199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.503968][T17199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.507264][T17199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.523521][T17199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.526807][T17199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.530264][T17199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.543176][T17199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.546786][T17199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.551398][T17199] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 831.556465][T17199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 831.559285][T17199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.561811][T17199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 831.565735][T17199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.569215][T17199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 831.572709][T17199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.576570][T17199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 831.580018][T17199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.583712][T17199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 831.587162][T17199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.590306][T17199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 831.598676][T17199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.604190][T17199] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 831.613707][T17199] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.616718][T17199] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.619741][T17199] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.622639][T17199] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.679043][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 831.681211][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 831.706449][T14992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 831.708521][T14992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 832.164216][ T4769] Bluetooth: hci3: command tx timeout [ 832.998325][ T66] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 833.009744][ T66] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 833.013613][ T66] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 833.018649][ T66] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 833.033496][ T66] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 833.036540][ T66] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 833.469188][T14992] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 833.532266][T17270] chnl_net:caif_netlink_parms(): no params data found [ 833.560184][T14992] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 833.747346][T14992] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 833.753725][T17270] bridge0: port 1(bridge_slave_0) entered blocking state [ 833.755898][T17270] bridge0: port 1(bridge_slave_0) entered disabled state [ 833.758062][T17270] bridge_slave_0: entered allmulticast mode [ 833.760534][T17270] bridge_slave_0: entered promiscuous mode [ 833.769019][T17270] bridge0: port 2(bridge_slave_1) entered blocking state [ 833.772282][T17270] bridge0: port 2(bridge_slave_1) entered disabled state [ 833.774747][T17270] bridge_slave_1: entered allmulticast mode [ 833.777380][T17270] bridge_slave_1: entered promiscuous mode [ 833.818282][T14992] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 833.842724][T17282] syz.1.3248: attempt to access beyond end of device [ 833.842724][T17282] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 833.852560][T17282] SQUASHFS error: Failed to read block 0x0: -5 [ 833.855988][T17282] unable to read squashfs_super_block [ 833.861658][T17270] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 833.870934][T17270] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 833.967605][T17270] team0: Port device team_slave_0 added [ 833.986940][T17270] team0: Port device team_slave_1 added [ 834.084177][T17270] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 834.088896][T17270] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 834.104330][T17270] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 834.109127][T17270] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 834.110966][T17270] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 834.123127][T17270] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 834.226336][T14992] bridge_slave_0: left allmulticast mode [ 834.227835][T14992] bridge_slave_0: left promiscuous mode [ 834.229393][T14992] bridge0: port 1(bridge_slave_0) entered disabled state [ 834.234523][ T4769] Bluetooth: hci3: command 0x0419 tx timeout [ 834.564546][T14992] dvmrp1 (unregistering): left allmulticast mode [ 835.123440][ T5350] Bluetooth: hci4: command tx timeout [ 836.130655][T14992] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 836.161342][T14992] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 836.323192][ T5350] Bluetooth: hci3: command 0x0419 tx timeout [ 836.327129][T14992] bond0 (unregistering): Released all slaves [ 836.453305][T14992] tipc: Disabling bearer [ 836.455939][T14992] tipc: Left network mode [ 836.498627][T17270] hsr_slave_0: entered promiscuous mode [ 836.504067][T17270] hsr_slave_1: entered promiscuous mode [ 836.506848][T17270] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 836.509473][T17270] Cannot create hsr debugfs directory [ 836.548491][T14992] IPVS: stopping master sync thread 5469 ... [ 836.551635][T14992] IPVS: stopping backup sync thread 7934 ... [ 836.849787][T14992] hsr_slave_0: left promiscuous mode [ 836.853682][T14992] hsr_slave_1: left promiscuous mode [ 836.856876][T14992] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 836.859118][T14992] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 836.862159][T14992] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 836.865929][T14992] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 836.958110][T14992] veth1_macvtap: left promiscuous mode [ 836.963432][T14992] veth0_macvtap: left promiscuous mode [ 836.965009][T14992] veth1_vlan: left promiscuous mode [ 836.966877][T14992] veth0_vlan: left promiscuous mode [ 837.193546][ T4769] Bluetooth: hci4: command tx timeout [ 839.273283][ T4769] Bluetooth: hci4: command 0x040f tx timeout [ 839.710560][T14992] team0 (unregistering): Port device team_slave_1 removed [ 840.108576][T14992] team0 (unregistering): Port device team_slave_0 removed [ 841.353230][ T5350] Bluetooth: hci4: command 0x040f tx timeout [ 841.753347][T17327] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3258'. [ 842.765995][T17270] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 842.772910][T17270] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 842.786372][T17270] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 842.792328][T17270] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 842.877563][T17270] 8021q: adding VLAN 0 to HW filter on device bond0 [ 842.896353][T17270] 8021q: adding VLAN 0 to HW filter on device team0 [ 842.904859][T16262] bridge0: port 1(bridge_slave_0) entered blocking state [ 842.906845][T16262] bridge0: port 1(bridge_slave_0) entered forwarding state [ 842.917947][T16262] bridge0: port 2(bridge_slave_1) entered blocking state [ 842.919894][T16262] bridge0: port 2(bridge_slave_1) entered forwarding state [ 842.955305][T17270] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 842.958030][T17270] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 843.125142][T17270] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 843.216665][T17270] veth0_vlan: entered promiscuous mode [ 843.263471][T17270] veth1_vlan: entered promiscuous mode [ 843.324022][T17270] veth0_macvtap: entered promiscuous mode [ 843.328923][T17270] veth1_macvtap: entered promiscuous mode [ 843.346181][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 843.348913][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.351400][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 843.356751][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.359311][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 843.361966][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.373156][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 843.375867][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.378390][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 843.381072][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.388119][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 843.394873][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.399330][T17270] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 843.415525][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 843.418393][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.433941][ T5350] Bluetooth: hci4: command 0x040f tx timeout [ 843.442207][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 843.449359][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.450483][T17397] syz.0.3268: attempt to access beyond end of device [ 843.450483][T17397] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 843.456192][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 843.463004][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.466126][T17397] SQUASHFS error: Failed to read block 0x0: -5 [ 843.467270][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 843.472069][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.474972][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 843.477930][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.477983][T17397] unable to read squashfs_super_block [ 843.494575][T17402] syz.1.3269: attempt to access beyond end of device [ 843.494575][T17402] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 843.499958][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 843.503567][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.510466][T17270] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 843.518355][T17402] SQUASHFS error: Failed to read block 0x0: -5 [ 843.528999][T17270] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.531290][T17270] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.536704][T17270] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.541263][T17270] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.545459][T17402] unable to read squashfs_super_block [ 843.696030][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 843.696045][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 843.728948][T16262] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 843.729065][T16262] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 843.870573][T17407] syz.3.3246: attempt to access beyond end of device [ 843.870573][T17407] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 843.870636][T17407] SQUASHFS error: Failed to read block 0x0: -5 [ 843.870686][T17407] unable to read squashfs_super_block [ 844.333860][ T4769] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 844.338713][ T4769] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 844.344535][ T4769] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 844.350721][ T4769] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 844.357519][ T4769] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 844.361471][ T4769] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 845.482532][T17419] chnl_net:caif_netlink_parms(): no params data found [ 845.582836][T14992] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 845.711774][T14992] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 845.718367][T17419] bridge0: port 1(bridge_slave_0) entered blocking state [ 845.720338][T17419] bridge0: port 1(bridge_slave_0) entered disabled state [ 845.722308][T17419] bridge_slave_0: entered allmulticast mode [ 845.724964][T17419] bridge_slave_0: entered promiscuous mode [ 845.728192][T17419] bridge0: port 2(bridge_slave_1) entered blocking state [ 845.730562][T17419] bridge0: port 2(bridge_slave_1) entered disabled state [ 845.733194][T17419] bridge_slave_1: entered allmulticast mode [ 845.735548][T17419] bridge_slave_1: entered promiscuous mode [ 845.782531][T17419] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 845.806083][T14992] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 845.812690][T17419] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 845.901717][T14992] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 845.935694][T17419] team0: Port device team_slave_0 added [ 845.941687][T17419] team0: Port device team_slave_1 added [ 846.007299][T17419] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 846.009454][T17419] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 846.020746][T17419] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 846.029748][T17419] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 846.031613][T17419] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 846.048282][T17419] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 846.117548][T17419] hsr_slave_0: entered promiscuous mode [ 846.125748][T17419] hsr_slave_1: entered promiscuous mode [ 846.133836][T17419] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 846.136441][T17419] Cannot create hsr debugfs directory [ 846.391916][T14992] bridge_slave_0: left allmulticast mode [ 846.394195][T14992] bridge_slave_0: left promiscuous mode [ 846.396432][T14992] bridge0: port 1(bridge_slave_0) entered disabled state [ 846.474042][ T4769] Bluetooth: hci1: command tx timeout [ 846.782494][T14992] dvmrp1 (unregistering): left allmulticast mode [ 847.093824][T14992] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 847.104322][T14992] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 847.112496][T14992] bond0 (unregistering): Released all slaves [ 847.483637][T17449] syz.3.3277: attempt to access beyond end of device [ 847.483637][T17449] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 847.488415][T17449] SQUASHFS error: Failed to read block 0x0: -5 [ 847.490774][T17449] unable to read squashfs_super_block [ 847.756669][T14992] hsr_slave_0: left promiscuous mode [ 847.760136][T14992] hsr_slave_1: left promiscuous mode [ 847.764725][T14992] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 847.767259][T14992] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 847.780304][T14992] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 847.782843][T14992] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 847.841845][T14992] veth1_macvtap: left promiscuous mode [ 847.845949][T14992] veth0_macvtap: left promiscuous mode [ 847.848734][T14992] veth1_vlan: left promiscuous mode [ 847.850971][T14992] veth0_vlan: left promiscuous mode [ 848.553538][ T4769] Bluetooth: hci1: command tx timeout [ 850.647129][ T4769] Bluetooth: hci1: command tx timeout [ 850.705758][T14992] team0 (unregistering): Port device team_slave_1 removed [ 850.866976][T14992] team0 (unregistering): Port device team_slave_0 removed [ 851.913364][ T2791] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 852.109016][T17419] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 852.121416][ T2791] usb 7-1: Using ep0 maxpacket: 8 [ 852.128229][ T2791] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 852.131681][ T2791] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 852.138352][T17419] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 852.141091][ T2791] usb 7-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 852.149864][ T2791] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 852.157665][ T2791] usb 7-1: config 0 descriptor?? [ 852.159288][T17419] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 852.178640][T17419] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 852.231563][ T39] audit: type=1400 audit(1726269262.390:542): avc: denied { create } for pid=17503 comm="syz.3.3288" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 852.245072][ T39] audit: type=1400 audit(1726269262.400:543): avc: denied { write } for pid=17503 comm="syz.3.3288" name="file0" dev="tmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 852.251294][ T39] audit: type=1400 audit(1726269262.400:544): avc: denied { open } for pid=17503 comm="syz.3.3288" path="/6/file0" dev="tmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 852.261441][T17489] xt_CT: You must specify a L4 protocol and not use inversions on it [ 852.275049][ T39] audit: type=1400 audit(1726269262.440:545): avc: denied { ioctl } for pid=17503 comm="syz.3.3288" path="/6/file0" dev="tmpfs" ino=50 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 852.327843][T17419] 8021q: adding VLAN 0 to HW filter on device bond0 [ 852.342993][T17419] 8021q: adding VLAN 0 to HW filter on device team0 [ 852.354302][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 852.356150][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 852.359166][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 852.361103][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 852.380115][ T2791] usb 7-1: USB disconnect, device number 11 [ 852.641638][T17419] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 852.643459][ T39] audit: type=1400 audit(1726269262.800:546): avc: denied { lock } for pid=17519 comm="syz.1.3290" path="socket:[47015]" dev="sockfs" ino=47015 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 852.723366][ T5350] Bluetooth: hci1: command tx timeout [ 852.724565][T17419] veth0_vlan: entered promiscuous mode [ 852.743968][T17419] veth1_vlan: entered promiscuous mode [ 852.806011][T17419] veth0_macvtap: entered promiscuous mode [ 852.827564][T17419] veth1_macvtap: entered promiscuous mode [ 852.860694][T17419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 852.866820][T17419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 852.870383][T17419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 852.874240][T17419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 852.877828][T17419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 852.882088][T17419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 852.885724][T17419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 852.889521][T17419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 852.892969][T17419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 852.897619][T17419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 852.901260][T17419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 852.905013][T17419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 852.910451][T17419] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 852.932931][T17419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 852.947482][T17419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 852.951032][T17419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 852.963226][T17419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 852.966758][T17419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 852.970514][T17419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 852.985743][T17419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 852.988591][T17419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 853.003224][T17419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 853.005941][T17419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 853.008450][T17419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 853.011172][T17419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 853.025891][T17419] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 853.037283][T17419] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 853.040161][T17419] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 853.042495][T17419] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 853.053551][T17419] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 853.158061][T14992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 853.160104][T14992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 853.210149][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 853.212186][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 853.265714][T17534] netlink: 'syz.2.3297': attribute type 6 has an invalid length. [ 853.650286][ T39] audit: type=1326 audit(1726269263.810:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17556 comm="syz.2.3305" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8265f7def9 code=0x7ffc0000 [ 853.663162][ T39] audit: type=1326 audit(1726269263.810:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17556 comm="syz.2.3305" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8265f7def9 code=0x7ffc0000 [ 853.669350][ T39] audit: type=1326 audit(1726269263.810:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17556 comm="syz.2.3305" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8265f7def9 code=0x7ffc0000 [ 853.683752][ T39] audit: type=1326 audit(1726269263.810:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17556 comm="syz.2.3305" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8265f7def9 code=0x7ffc0000 [ 853.693189][ T39] audit: type=1326 audit(1726269263.820:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17556 comm="syz.2.3305" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8265f7def9 code=0x7ffc0000 [ 853.764804][T17555] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3304'. [ 853.768535][T17560] netlink: 'syz.0.3304': attribute type 10 has an invalid length. [ 853.788938][T17560] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 853.791386][T17559] netlink: 'syz.1.3300': attribute type 10 has an invalid length. [ 853.824882][T17559] 8021q: adding VLAN 0 to HW filter on device team0 [ 853.828188][T17559] bond0: (slave team0): Enslaving as an active interface with an up link [ 853.849231][T17564] netlink: 'syz.1.3300': attribute type 10 has an invalid length. [ 853.856225][T17564] bond0: (slave team0): Releasing backup interface [ 853.867034][T17564] bridge0: port 3(team0) entered blocking state [ 853.868906][T17564] bridge0: port 3(team0) entered disabled state [ 853.877121][T17564] team0: entered allmulticast mode [ 853.878525][T17564] team_slave_0: entered allmulticast mode [ 853.880023][T17564] team_slave_1: entered allmulticast mode [ 853.890356][T17564] team0: entered promiscuous mode [ 853.891672][T17564] team_slave_0: entered promiscuous mode [ 853.897703][T17564] team_slave_1: entered promiscuous mode [ 853.912804][T17573] Cannot find set identified by id 0 to match [ 854.307842][T17597] netlink: 'syz.1.3322': attribute type 10 has an invalid length. [ 854.575678][T17597] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 854.586115][T17597] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 854.728470][T17614] SELinux: failed to load policy [ 854.804512][ T5350] Bluetooth: hci1: command 0x0405 tx timeout [ 855.044611][T17636] ptrace attach of "/syz-executor exec"[9600] was attempted by "/syz-executor exec"[17636] [ 855.474616][T17642] syz.3.3338[17642] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 855.474725][T17642] syz.3.3338[17642] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 855.894971][T17653] ptrace attach of "/syz-executor exec"[17419] was attempted by "/syz-executor exec"[17653] [ 857.521905][ T39] kauditd_printk_skb: 166 callbacks suppressed [ 857.521922][ T39] audit: type=1400 audit(1726269267.680:718): avc: denied { mac_admin } for pid=17696 comm="syz.1.3361" capability=33 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 857.522031][T17697] SELinux: Context system_u:object_r:hald_var_run_t:s0 is not valid (left unmapped). [ 857.535800][ T39] audit: type=1400 audit(1726269267.700:719): avc: denied { relabelto } for pid=17696 comm="syz.1.3361" name="file0" dev="tmpfs" ino=224 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:hald_var_run_t:s0" [ 857.545372][ T39] audit: type=1400 audit(1726269267.700:720): avc: denied { associate } for pid=17696 comm="syz.1.3361" name="file0" dev="tmpfs" ino=224 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:hald_var_run_t:s0" [ 857.563324][ T39] audit: type=1400 audit(1726269267.720:721): avc: denied { unlink } for pid=17199 comm="syz-executor" name="file0" dev="tmpfs" ino=224 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:hald_var_run_t:s0" [ 858.208148][ T39] audit: type=1400 audit(1726269268.370:722): avc: denied { shutdown } for pid=17715 comm="syz.2.3366" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 858.245045][ T39] audit: type=1400 audit(1726269268.410:723): avc: denied { mounton } for pid=17713 comm="syz.3.3365" path="/28" dev="tmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 858.261933][ T39] audit: type=1400 audit(1726269268.420:724): avc: denied { create } for pid=17718 comm="syz.2.3367" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 858.271313][ T39] audit: type=1400 audit(1726269268.440:725): avc: denied { bind } for pid=17718 comm="syz.2.3367" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 858.280759][ T39] audit: type=1400 audit(1726269268.440:726): avc: denied { name_bind } for pid=17718 comm="syz.2.3367" src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 858.288761][ T39] audit: type=1400 audit(1726269268.440:727): avc: denied { node_bind } for pid=17718 comm="syz.2.3367" saddr=0:0:800:: src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 858.524988][T17731] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3373'. [ 858.527469][T17731] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 858.565031][T17736] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3375'. [ 858.572850][T17736] syz.3.3375[17736] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 858.572929][T17736] syz.3.3375[17736] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 858.577248][T17736] netlink: 'syz.3.3375': attribute type 10 has an invalid length. [ 858.589352][T17736] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 858.638059][T17743] IPVS: Error joining to the multicast group [ 858.697675][T17746] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 858.701840][T17746] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 858.705673][T17746] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 859.659769][T17791] syz.1.3400[17791] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 859.659913][T17791] syz.1.3400[17791] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 859.693905][T17793] SELinux: policydb version -1682183729 does not match my version range 15-33 [ 859.699044][T17793] SELinux: failed to load policy [ 859.815394][T17802] netlink: 'syz.3.3404': attribute type 1 has an invalid length. [ 859.819111][T17802] netlink: 'syz.3.3404': attribute type 4 has an invalid length. [ 859.821171][T17802] netlink: 15334 bytes leftover after parsing attributes in process `syz.3.3404'. [ 859.959583][T17808] ptrace attach of "/syz-executor exec"[17270] was attempted by "/syz-executor exec"[17808] [ 861.479781][T17842] tipc: Started in network mode [ 861.482187][T17842] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 861.487106][T17842] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 861.491216][T17842] tipc: Enabled bearer , priority 10 [ 862.245905][T17884] tmpfs: Bad value for 'mpol' [ 862.458892][T17899] tipc: Started in network mode [ 862.460345][T17899] tipc: Node identity 7f000001, cluster identity 4711 [ 862.462568][T17899] tipc: Enabled bearer , priority 10 [ 862.483354][T17442] tipc: Node number set to 1 [ 862.613904][ T39] kauditd_printk_skb: 380 callbacks suppressed [ 862.613919][ T39] audit: type=1326 audit(1726269272.780:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17906 comm="syz.0.3450" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f116dd7def9 code=0x7ffc0000 [ 862.620050][T17907] netlink: 140 bytes leftover after parsing attributes in process `syz.0.3450'. [ 862.628020][T17907] caif0 speed is unknown, defaulting to 1000 [ 862.631896][T17907] caif0 speed is unknown, defaulting to 1000 [ 862.634118][ T39] audit: type=1326 audit(1726269272.780:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17906 comm="syz.0.3450" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f116dd7def9 code=0x7ffc0000 [ 862.636426][T17907] caif0 speed is unknown, defaulting to 1000 [ 862.641934][ T39] audit: type=1326 audit(1726269272.780:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17906 comm="syz.0.3450" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f116dd7def9 code=0x7ffc0000 [ 862.651227][ T39] audit: type=1326 audit(1726269272.780:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17906 comm="syz.0.3450" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f116dd7def9 code=0x7ffc0000 [ 862.657431][ T39] audit: type=1326 audit(1726269272.780:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17906 comm="syz.0.3450" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f116dd7def9 code=0x7ffc0000 [ 862.663681][ T39] audit: type=1326 audit(1726269272.780:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17906 comm="syz.0.3450" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f116dd7def9 code=0x7ffc0000 [ 862.669617][ T39] audit: type=1326 audit(1726269272.780:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17906 comm="syz.0.3450" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f116dd7def9 code=0x7ffc0000 [ 862.675908][ T39] audit: type=1326 audit(1726269272.780:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17906 comm="syz.0.3450" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f116dd7def9 code=0x7ffc0000 [ 862.681879][ T39] audit: type=1326 audit(1726269272.780:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17906 comm="syz.0.3450" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f116dd7def9 code=0x7ffc0000 [ 862.689574][ T39] audit: type=1326 audit(1726269272.780:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17906 comm="syz.0.3450" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f116dd7def9 code=0x7ffc0000 [ 862.731636][ T5582] caif0 speed is unknown, defaulting to 1000 [ 862.733642][T17907] infiniband syz1: set down [ 862.735061][T17907] infiniband syz1: added caif0 [ 862.766723][T17907] RDS/IB: syz1: added [ 862.768503][T17907] smc: adding ib device syz1 with port count 1 [ 862.770226][T17907] smc: ib device syz1 port 1 has pnetid [ 862.774546][ T5582] caif0 speed is unknown, defaulting to 1000 [ 862.779249][T17907] caif0 speed is unknown, defaulting to 1000 [ 862.872877][T17907] caif0 speed is unknown, defaulting to 1000 [ 862.985729][T17907] caif0 speed is unknown, defaulting to 1000 [ 863.083409][T17907] caif0 speed is unknown, defaulting to 1000 [ 863.206211][T17920] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 863.215045][T17907] caif0 speed is unknown, defaulting to 1000 [ 863.325361][T17907] caif0 speed is unknown, defaulting to 1000 [ 863.431993][T17907] caif0 speed is unknown, defaulting to 1000 [ 863.463303][ T62] tipc: Node number set to 2130706433 [ 864.567409][T17962] netlink: 164 bytes leftover after parsing attributes in process `syz.3.3473'. [ 864.859625][T17986] netlink: 'syz.2.3485': attribute type 1 has an invalid length. [ 864.862966][T17986] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.3485'. [ 864.970633][T17994] netlink: 'syz.2.3489': attribute type 3 has an invalid length. [ 864.993414][T17994] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.3489'. [ 865.192933][T18004] netlink: 'syz.3.3494': attribute type 29 has an invalid length. [ 865.197266][T18004] netlink: 'syz.3.3494': attribute type 29 has an invalid length. [ 865.373880][T18012] netlink: 'syz.3.3498': attribute type 10 has an invalid length. [ 865.384696][T18012] team0: Port device netdevsim0 added [ 865.400672][T18012] netlink: 'syz.3.3498': attribute type 10 has an invalid length. [ 865.412174][T18012] team0: Port device netdevsim0 removed [ 865.420626][T18012] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 865.796490][T18021] caif0 speed is unknown, defaulting to 1000 [ 867.130401][T18062] 9pnet_fd: Insufficient options for proto=fd [ 867.243174][ T5419] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 867.403490][ T5419] usb 7-1: device descriptor read/64, error -71 [ 867.673335][ T5419] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 867.833232][ T5419] usb 7-1: device descriptor read/64, error -71 [ 867.973721][ T5419] usb usb7-port1: attempt power cycle [ 868.400475][ T39] kauditd_printk_skb: 64 callbacks suppressed [ 868.400595][ T39] audit: type=1400 audit(1726269278.560:1182): avc: denied { read append } for pid=18098 comm="syz.0.3532" name="ppp" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 868.419212][ T39] audit: type=1400 audit(1726269278.580:1183): avc: denied { open } for pid=18098 comm="syz.0.3532" path="/dev/ppp" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 868.445365][ T5419] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 868.447349][ T39] audit: type=1400 audit(1726269278.610:1184): avc: denied { shutdown } for pid=18098 comm="syz.0.3532" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 868.473800][ T5419] usb 7-1: device descriptor read/8, error -71 [ 868.763224][ T5419] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 868.806134][ T5419] usb 7-1: device descriptor read/8, error -71 [ 868.935185][ T5419] usb usb7-port1: unable to enumerate USB device [ 869.910350][ T39] audit: type=1400 audit(1726269280.080:1185): avc: denied { execute } for pid=18128 comm="syz-executor" name="syz-executor" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 869.924578][ T39] audit: type=1400 audit(1726269280.080:1186): avc: denied { execute_no_trans } for pid=18128 comm="syz-executor" path="/syz-executor" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 869.931468][ T64] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 870.007127][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.081449][ T64] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 870.236657][ T64] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 870.305329][ T39] audit: type=1400 audit(1726269280.470:1187): avc: denied { mounton } for pid=18136 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 870.321823][ T39] audit: type=1400 audit(1726269280.470:1188): avc: denied { read write } for pid=18136 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 870.340132][ T64] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 870.340480][ T39] audit: type=1400 audit(1726269280.470:1189): avc: denied { open } for pid=18136 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 870.349586][ T66] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 870.353459][ T39] audit: type=1400 audit(1726269280.500:1190): avc: denied { ioctl } for pid=18136 comm="syz-executor" path="socket:[54497]" dev="sockfs" ino=54497 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 870.354859][ T66] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 870.364117][T17272] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 870.370946][ T66] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 870.371539][T17272] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 870.374450][ T66] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 870.379407][ T66] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 870.384152][T17272] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 870.385481][ T66] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 870.386544][T17272] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 870.388817][ T66] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 870.390663][T17272] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 870.406275][ T39] audit: type=1400 audit(1726269280.560:1191): avc: denied { mounton } for pid=18136 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 870.417171][ T5350] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 870.424712][ T5350] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 870.430286][ T5350] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 870.444608][ T5350] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 870.448116][ T5350] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 870.450146][ T5350] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 870.479678][T18136] caif0 speed is unknown, defaulting to 1000 [ 870.610060][ T64] bridge_slave_1: left allmulticast mode [ 870.612137][ T64] bridge_slave_1: left promiscuous mode [ 870.617152][ T64] bridge0: port 2(bridge_slave_1) entered disabled state [ 870.621750][ T64] bridge_slave_0: left allmulticast mode [ 870.627666][ T64] bridge_slave_0: left promiscuous mode [ 870.629688][ T64] bridge0: port 1(bridge_slave_0) entered disabled state [ 871.065048][ T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 871.069876][ T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 871.079597][ T64] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 871.085597][ T64] bond0 (unregistering): Released all slaves [ 871.099713][T18137] caif0 speed is unknown, defaulting to 1000 [ 871.172258][ T64] tipc: Disabling bearer [ 871.181947][ T64] tipc: Left network mode [ 871.382961][T18141] caif0 speed is unknown, defaulting to 1000 [ 871.387664][T18136] chnl_net:caif_netlink_parms(): no params data found [ 871.933457][ T64] hsr_slave_0: left promiscuous mode [ 871.935649][ T64] hsr_slave_1: left promiscuous mode [ 871.937854][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 871.940590][ T64] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 871.949981][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 871.952094][ T64] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 871.988584][ T64] veth1_macvtap: left promiscuous mode [ 871.990709][ T64] veth0_macvtap: left promiscuous mode [ 871.992925][ T64] veth1_vlan: left promiscuous mode [ 871.995169][ T64] veth0_vlan: left promiscuous mode [ 872.479300][ T5350] Bluetooth: hci4: command tx timeout [ 872.480134][ T66] Bluetooth: hci1: command tx timeout [ 872.482744][ T5350] Bluetooth: hci5: command tx timeout [ 873.154429][T18182] 9pnet_fd: Insufficient options for proto=fd [ 873.269826][ T64] team0 (unregistering): Port device team_slave_1 removed [ 873.391320][ T64] team0 (unregistering): Port device team_slave_0 removed [ 874.006351][T14992] smc: removing ib device syz1 [ 874.206710][T18136] bridge0: port 1(bridge_slave_0) entered blocking state [ 874.208667][T18136] bridge0: port 1(bridge_slave_0) entered disabled state [ 874.210601][T18136] bridge_slave_0: entered allmulticast mode [ 874.215522][T18136] bridge_slave_0: entered promiscuous mode [ 874.219735][T18136] bridge0: port 2(bridge_slave_1) entered blocking state [ 874.221718][T18136] bridge0: port 2(bridge_slave_1) entered disabled state [ 874.226956][T18136] bridge_slave_1: entered allmulticast mode [ 874.256193][T18136] bridge_slave_1: entered promiscuous mode [ 874.553229][T17272] Bluetooth: hci5: command tx timeout [ 874.553283][ T5350] Bluetooth: hci1: command tx timeout [ 874.553726][ T66] Bluetooth: hci4: command tx timeout [ 874.577281][T18136] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 874.651387][T18136] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 875.039108][T18136] team0: Port device team_slave_0 added [ 875.041200][T18137] chnl_net:caif_netlink_parms(): no params data found [ 875.091723][T18136] team0: Port device team_slave_1 added [ 875.578808][T18136] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 875.581036][T18136] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 875.595958][T18136] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 875.629627][T18136] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 875.631928][T18136] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 875.644016][T18136] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 875.775002][T18137] bridge0: port 1(bridge_slave_0) entered blocking state [ 875.777094][T18137] bridge0: port 1(bridge_slave_0) entered disabled state [ 875.779049][T18137] bridge_slave_0: entered allmulticast mode [ 875.794051][T18137] bridge_slave_0: entered promiscuous mode [ 875.820990][T18136] hsr_slave_0: entered promiscuous mode [ 875.827804][T18136] hsr_slave_1: entered promiscuous mode [ 875.829910][T18136] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 875.831896][T18136] Cannot create hsr debugfs directory [ 875.836948][T18141] chnl_net:caif_netlink_parms(): no params data found [ 875.841329][T18137] bridge0: port 2(bridge_slave_1) entered blocking state [ 875.843954][T18137] bridge0: port 2(bridge_slave_1) entered disabled state [ 875.845849][T18137] bridge_slave_1: entered allmulticast mode [ 875.848228][T18137] bridge_slave_1: entered promiscuous mode [ 876.028411][T18137] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 876.101274][T18137] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 876.186983][T18137] team0: Port device team_slave_0 added [ 876.196276][T18137] team0: Port device team_slave_1 added [ 876.241329][ T64] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 876.250182][T18141] bridge0: port 1(bridge_slave_0) entered blocking state [ 876.252154][T18141] bridge0: port 1(bridge_slave_0) entered disabled state [ 876.254576][T18141] bridge_slave_0: entered allmulticast mode [ 876.256906][T18141] bridge_slave_0: entered promiscuous mode [ 876.260063][T18141] bridge0: port 2(bridge_slave_1) entered blocking state [ 876.261936][T18141] bridge0: port 2(bridge_slave_1) entered disabled state [ 876.264613][T18141] bridge_slave_1: entered allmulticast mode [ 876.267007][T18141] bridge_slave_1: entered promiscuous mode [ 876.344304][T18137] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 876.346159][T18137] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 876.354234][T18137] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 876.358321][T18137] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 876.360137][T18137] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 876.367044][T18137] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 876.389872][ T64] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 876.404967][T18141] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 876.452408][T18141] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 876.512368][ T64] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 876.538481][T18141] team0: Port device team_slave_0 added [ 876.627038][T18141] team0: Port device team_slave_1 added [ 876.635027][ T5350] Bluetooth: hci4: command tx timeout [ 876.636700][ T5350] Bluetooth: hci5: command tx timeout [ 876.648130][T17272] Bluetooth: hci1: command tx timeout [ 876.701787][ T64] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 876.712491][T18137] hsr_slave_0: entered promiscuous mode [ 876.715231][T18137] hsr_slave_1: entered promiscuous mode [ 876.717280][T18137] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 876.719499][T18137] Cannot create hsr debugfs directory [ 876.891928][T18141] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 876.903155][T18141] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 876.923145][T18141] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 876.930349][T18141] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 876.932618][T18141] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 876.953170][T18141] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 877.122766][T18141] hsr_slave_0: entered promiscuous mode [ 877.126494][T18141] hsr_slave_1: entered promiscuous mode [ 877.129399][T18141] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 877.132126][T18141] Cannot create hsr debugfs directory [ 877.196255][T18230] overlayfs: missing 'lowerdir' [ 877.431412][ T64] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 877.482799][T18136] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 877.486967][T18136] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 877.493436][T18136] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 877.497656][T18136] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 877.525049][ T64] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 877.604904][ T64] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 877.633569][T18136] 8021q: adding VLAN 0 to HW filter on device bond0 [ 877.656353][T18136] 8021q: adding VLAN 0 to HW filter on device team0 [ 877.667785][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 877.669687][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 877.678184][T14992] bridge0: port 2(bridge_slave_1) entered blocking state [ 877.680750][T14992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 877.795540][ T64] bond0: (slave netdevsim0): Releasing backup interface [ 877.801462][ T64] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 877.870703][ T39] kauditd_printk_skb: 6 callbacks suppressed [ 877.870713][ T39] audit: type=1400 audit(1726269288.030:1198): avc: denied { sys_module } for pid=18136 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 877.945928][T18248] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 877.949331][T18248] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 877.999169][ T39] audit: type=1400 audit(1726269288.160:1199): avc: denied { append } for pid=18240 comm="syz.1.3565" name="001" dev="devtmpfs" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 878.085385][ T64] bridge_slave_1: left allmulticast mode [ 878.087430][ T64] bridge_slave_1: left promiscuous mode [ 878.089586][ T64] bridge0: port 2(bridge_slave_1) entered disabled state [ 878.125136][ T64] bridge_slave_0: left allmulticast mode [ 878.127603][ T64] bridge_slave_0: left promiscuous mode [ 878.129955][ T64] bridge0: port 1(bridge_slave_0) entered disabled state [ 878.142212][ T64] bridge_slave_1: left allmulticast mode [ 878.148912][ T64] bridge_slave_1: left promiscuous mode [ 878.153323][ T64] bridge0: port 2(bridge_slave_1) entered disabled state [ 878.169964][ T64] bridge_slave_0: left allmulticast mode [ 878.177142][ T64] bridge_slave_0: left promiscuous mode [ 878.181663][ T64] bridge0: port 1(bridge_slave_0) entered disabled state [ 878.723489][T17272] Bluetooth: hci1: command tx timeout [ 878.724956][T17272] Bluetooth: hci5: command tx timeout [ 878.726389][T17272] Bluetooth: hci4: command tx timeout [ 878.788314][ T64] dvmrp1 (unregistering): left allmulticast mode [ 879.121075][ T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 879.126719][ T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 879.131819][ T64] bond0 (unregistering): Released all slaves [ 879.239946][ T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 879.249780][ T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 879.260745][ T64] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 879.265763][ T64] bond0 (unregistering): Released all slaves [ 879.442611][ T64] tipc: Disabling bearer [ 879.444325][ T64] tipc: Left network mode [ 879.455160][T18136] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 879.545884][T18136] veth0_vlan: entered promiscuous mode [ 879.565004][T18136] veth1_vlan: entered promiscuous mode [ 879.587673][T18136] veth0_macvtap: entered promiscuous mode [ 879.591657][T18136] veth1_macvtap: entered promiscuous mode [ 879.600998][T18136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 879.604124][T18136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 879.607463][T18136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 879.610162][T18136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 879.612688][T18136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 879.617617][T18136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 879.620259][T18136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 879.631272][T18136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 879.633981][T18136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 879.637936][T18136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 879.641194][T18136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 879.648227][T18136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 879.651954][T18136] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 879.749280][T18290] 9pnet_fd: Insufficient options for proto=fd [ 879.767451][T18136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 879.770199][T18136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 879.772689][T18136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 879.783115][T18136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 879.785626][T18136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 879.788325][T18136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 879.790838][T18136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 879.793602][T18136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 879.796101][T18136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 879.798767][T18136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 879.801267][T18136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 879.804015][T18136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 879.807899][T18136] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 879.836932][T18136] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 879.839297][T18136] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 879.841561][T18136] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 879.844500][T18136] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 879.932933][T18137] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 879.938011][T18137] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 879.951306][T18137] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 880.039719][T18137] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 880.174736][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 880.180362][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 880.277775][ T64] hsr_slave_0: left promiscuous mode [ 880.279898][ T64] hsr_slave_1: left promiscuous mode [ 880.282074][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 880.284066][ T64] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 880.293252][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 880.295216][ T64] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 880.326842][ T64] hsr_slave_0: left promiscuous mode [ 880.329201][ T64] hsr_slave_1: left promiscuous mode [ 880.331251][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 880.333473][ T64] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 880.335901][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 880.337879][ T64] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 880.396836][ T64] veth1_macvtap: left promiscuous mode [ 880.398411][ T64] veth0_macvtap: left promiscuous mode [ 880.399987][ T64] veth1_vlan: left promiscuous mode [ 880.401455][ T64] veth0_vlan: left promiscuous mode [ 880.407839][ T64] veth1_macvtap: left promiscuous mode [ 880.409309][ T64] veth0_macvtap: left promiscuous mode [ 880.410830][ T64] veth1_vlan: left promiscuous mode [ 880.412247][ T64] veth0_vlan: left promiscuous mode [ 881.935243][ T64] team0 (unregistering): Port device team_slave_1 removed [ 881.984543][T18309] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3571'. [ 882.045070][ T64] team0 (unregistering): Port device team_slave_0 removed [ 882.076637][T18313] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 882.079810][T18313] TCP: tcp_parse_options: Illegal window scaling value 255 > 14 received [ 883.319229][ T39] audit: type=1400 audit(1726269293.470:1200): avc: denied { read } for pid=18361 comm="syz.1.3575" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 883.333276][ T39] audit: type=1400 audit(1726269293.470:1201): avc: denied { open } for pid=18361 comm="syz.1.3575" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 883.340760][ T39] audit: type=1400 audit(1726269293.470:1202): avc: denied { ioctl } for pid=18361 comm="syz.1.3575" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 884.602226][ T64] team0 (unregistering): Port device team_slave_1 removed [ 884.766081][ T64] team0 (unregistering): Port device team_slave_0 removed [ 886.238315][T18381] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 886.239561][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 886.240771][T18381] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 886.266092][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 886.298100][ T39] audit: type=1400 audit(1726269296.460:1203): avc: denied { mounton } for pid=18136 comm="syz-executor" path="/syzkaller.pg77Zx/syz-tmp" dev="sda1" ino=1949 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 886.325069][ T39] audit: type=1400 audit(1726269296.490:1204): avc: denied { unmount } for pid=18136 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 886.344179][ T39] audit: type=1400 audit(1726269296.510:1205): avc: denied { mounton } for pid=18136 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=2389 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 886.368919][T18137] 8021q: adding VLAN 0 to HW filter on device bond0 [ 886.429535][T18137] 8021q: adding VLAN 0 to HW filter on device team0 [ 886.465923][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 886.468641][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 886.506812][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 886.509499][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 886.516918][T18141] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 886.522767][T18141] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 886.550023][T18141] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 886.560134][T18141] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 886.582673][ T39] audit: type=1400 audit(1726269296.730:1206): avc: denied { read } for pid=18399 comm="syz.0.3583" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 886.589215][ T39] audit: type=1400 audit(1726269296.730:1207): avc: denied { open } for pid=18399 comm="syz.0.3583" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 886.904534][T18141] 8021q: adding VLAN 0 to HW filter on device bond0 [ 886.956059][T18141] 8021q: adding VLAN 0 to HW filter on device team0 [ 886.980127][T18289] bridge0: port 1(bridge_slave_0) entered blocking state [ 886.982104][T18289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 887.008298][T18347] bridge0: port 2(bridge_slave_1) entered blocking state [ 887.010286][T18347] bridge0: port 2(bridge_slave_1) entered forwarding state [ 887.164497][T18137] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 887.435764][T18416] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3585'. [ 887.445904][T18137] veth0_vlan: entered promiscuous mode [ 887.497802][T18137] veth1_vlan: entered promiscuous mode [ 887.570617][T18141] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 887.579662][T18137] veth0_macvtap: entered promiscuous mode [ 887.585631][T18137] veth1_macvtap: entered promiscuous mode [ 887.604401][T18137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.608421][T18137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.608432][T18137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.608441][T18137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.608449][T18137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.620315][T18137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.622898][T18137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.626583][T18137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.629767][T18137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.634783][T18137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.639246][T18137] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 887.654842][T18137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.658434][T18137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.661655][T18137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.665730][T18137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.669157][T18137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.672566][T18137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.676185][T18137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.679612][T18137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.682854][T18137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.687129][T18137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.691476][T18137] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 887.699815][T18137] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 887.702711][T18137] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 887.705886][T18137] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 887.708752][T18137] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 887.731653][T18141] veth0_vlan: entered promiscuous mode [ 887.746524][T18141] veth1_vlan: entered promiscuous mode [ 887.782929][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 887.789830][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 887.801680][ T84] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 887.804195][ T84] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 887.820295][T18141] veth0_macvtap: entered promiscuous mode [ 887.828035][T18141] veth1_macvtap: entered promiscuous mode [ 887.845045][T18141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.847792][T18141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.850455][T18141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.854261][T18141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.860106][T18141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.862916][T18141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.866843][T18141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.869576][T18141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.872234][T18141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.884354][T18141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.892397][T18141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.896230][T18141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.902606][T18141] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 887.908180][ T39] audit: type=1400 audit(1726269298.070:1208): avc: denied { getopt } for pid=18427 comm="syz.1.3588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 887.913668][T18141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.918446][T18141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.921931][T18141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.927200][T18141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.929908][T18141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.934248][T18141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.944222][T18141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.948620][T18141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.952010][T18141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.957617][T18141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.960873][T18141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.966301][T18141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.971318][T18141] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 887.984892][T18141] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 887.987331][T18141] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 887.989711][T18141] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 887.992092][T18141] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 888.147821][ T84] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 888.152499][ T84] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 888.187372][ T84] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 888.189501][ T84] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 889.039558][ T39] audit: type=1400 audit(1726269299.200:1209): avc: denied { watch_reads } for pid=18453 comm="syz.1.3592" path="/109" dev="tmpfs" ino=573 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 889.368289][ T39] audit: type=1400 audit(1726269299.480:1210): avc: denied { ioctl } for pid=18462 comm="syz.3.3595" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=56315 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 891.210890][ T39] audit: type=1400 audit(1726269301.340:1211): avc: denied { read } for pid=18486 comm="syz.0.3604" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 891.462874][ T39] audit: type=1400 audit(1726269301.340:1212): avc: denied { open } for pid=18486 comm="syz.0.3604" path="/6/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 891.603052][ T39] audit: type=1400 audit(1726269301.340:1213): avc: denied { ioctl } for pid=18486 comm="syz.0.3604" path="/6/file0/file0" dev="fuse" ino=0 ioctlcmd=0x70c9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 892.430397][T18521] 9pnet_fd: Insufficient options for proto=fd [ 892.759979][ T39] audit: type=1400 audit(1726269302.920:1214): avc: denied { read write } for pid=18524 comm="syz.2.3618" name="nvram" dev="devtmpfs" ino=633 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 892.787295][ T39] audit: type=1400 audit(1726269302.920:1215): avc: denied { open } for pid=18524 comm="syz.2.3618" path="/dev/nvram" dev="devtmpfs" ino=633 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 892.896051][ T39] audit: type=1400 audit(1726269303.060:1216): avc: denied { write } for pid=18530 comm="syz.1.3621" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 893.215492][T18539] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3624'. [ 893.425651][T18549] 9pnet_fd: Insufficient options for proto=fd [ 893.591323][ T39] audit: type=1400 audit(1726269303.710:1217): avc: denied { read write } for pid=18543 comm="syz.0.3627" name="binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 893.602727][ T39] audit: type=1400 audit(1726269303.710:1218): avc: denied { open } for pid=18543 comm="syz.0.3627" path="/dev/binderfs/binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 894.851115][T18572] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 895.348538][T18580] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3636'. [ 895.600063][T18587] Bluetooth: MGMT ver 1.23 [ 895.884783][T18593] 9pnet_fd: Insufficient options for proto=fd [ 897.202706][ T39] kauditd_printk_skb: 3 callbacks suppressed [ 897.202717][ T39] audit: type=1400 audit(1726269307.360:1222): avc: denied { mount } for pid=18624 comm="syz.2.3658" name="/" dev="configfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 897.233975][ T39] audit: type=1400 audit(1726269307.360:1223): avc: denied { setattr } for pid=18624 comm="syz.2.3658" name="/" dev="configfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 898.288100][ T39] audit: type=1400 audit(1726269308.450:1224): avc: denied { unmount } for pid=18141 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 898.318355][ T39] audit: type=1400 audit(1726269308.460:1225): avc: denied { ioctl } for pid=18647 comm="syz.0.3666" path="socket:[56508]" dev="sockfs" ino=56508 ioctlcmd=0x9414 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 898.357675][ T39] audit: type=1400 audit(1726269308.520:1226): avc: denied { create } for pid=18647 comm="syz.0.3666" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 898.412305][T18668] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3673'. [ 898.519099][T18661] fuse: root generation should be zero [ 898.582796][ T39] audit: type=1400 audit(1726269308.740:1227): avc: denied { read } for pid=18676 comm="syz.0.3677" name="event0" dev="devtmpfs" ino=864 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 898.596886][ T39] audit: type=1400 audit(1726269308.740:1228): avc: denied { open } for pid=18676 comm="syz.0.3677" path="/dev/input/event0" dev="devtmpfs" ino=864 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 898.700108][T18687] xt_hashlimit: size too large, truncated to 1048576 [ 899.345952][T18698] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 901.436237][ T39] audit: type=1400 audit(1726269311.590:1229): avc: denied { name_bind } for pid=18724 comm="syz.2.3697" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 902.541253][ T39] audit: type=1400 audit(1726269312.700:1230): avc: denied { setopt } for pid=18757 comm="syz.0.3707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 902.684377][ T1288] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 904.177872][T18790] 9pnet_fd: Insufficient options for proto=fd [ 904.603440][T18796] No such timeout policy "syz1" [ 905.343683][ T1288] usb 7-1: unable to get BOS descriptor or descriptor too short [ 905.348104][ T1288] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 905.350495][ T1288] usb 7-1: can't read configurations, error -71 [ 905.623687][T18829] 9pnet_fd: Insufficient options for proto=fd [ 909.937721][ T39] audit: type=1326 audit(1726269320.100:1231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18896 comm="syz.3.3756" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdeea17def9 code=0x0 [ 910.076809][ T39] audit: type=1400 audit(1726269320.240:1232): avc: denied { map } for pid=18901 comm="syz.0.3757" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 910.090910][ T39] audit: type=1400 audit(1726269320.240:1233): avc: denied { execute } for pid=18901 comm="syz.0.3757" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 911.031797][ T39] audit: type=1400 audit(1726269321.190:1234): avc: denied { write } for pid=18917 comm="syz.1.3761" name="uinput" dev="devtmpfs" ino=866 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 911.271789][T18931] pim6reg1: entered promiscuous mode [ 911.273677][T18931] pim6reg1: entered allmulticast mode [ 911.930174][ T39] audit: type=1400 audit(1726269322.090:1235): avc: denied { ioctl } for pid=18946 comm="syz.1.3773" path="/dev/uinput" dev="devtmpfs" ino=866 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 911.930758][T18949] input: syz0 as /devices/virtual/input/input24 [ 911.956041][ T39] audit: type=1400 audit(1726269322.120:1236): avc: denied { read } for pid=4815 comm="acpid" name="event4" dev="devtmpfs" ino=2639 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 911.976860][ T39] audit: type=1400 audit(1726269322.120:1237): avc: denied { open } for pid=4815 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2639 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 912.006693][ T39] audit: type=1400 audit(1726269322.120:1238): avc: denied { ioctl } for pid=4815 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2639 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 914.301672][ T39] audit: type=1400 audit(1726269324.460:1239): avc: denied { name_bind } for pid=18967 comm="syz.0.3780" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 914.933169][ T39] audit: type=1400 audit(1726269325.060:1240): avc: denied { accept } for pid=18979 comm="syz.3.3784" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 915.438978][ T39] audit: type=1400 audit(1726269325.600:1241): avc: denied { bind } for pid=18986 comm="syz.2.3785" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 916.227440][T19004] 9pnet: Could not find request transport: fd01777777777777777777777 [ 917.479972][ T39] audit: type=1400 audit(1726269327.640:1242): avc: denied { unmount } for pid=18141 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 917.772963][T19038] kvm: emulating exchange as write [ 917.843524][ T39] audit: type=1400 audit(1726269328.010:1243): avc: denied { bind } for pid=19039 comm="syz.2.3804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 917.858430][ T39] audit: type=1400 audit(1726269328.010:1244): avc: denied { listen } for pid=19039 comm="syz.2.3804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 917.876444][ T39] audit: type=1400 audit(1726269328.010:1245): avc: denied { connect } for pid=19039 comm="syz.2.3804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 917.887125][ T39] audit: type=1400 audit(1726269328.030:1246): avc: denied { write } for pid=19039 comm="syz.2.3804" path="socket:[57085]" dev="sockfs" ino=57085 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 917.902939][ T39] audit: type=1400 audit(1726269328.030:1247): avc: denied { accept } for pid=19039 comm="syz.2.3804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 917.913620][ T39] audit: type=1400 audit(1726269328.030:1248): avc: denied { read } for pid=19039 comm="syz.2.3804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 918.347940][T19052] ptrace attach of "/syz-executor exec"[18137] was attempted by "/syz-executor exec"[19052] [ 918.457321][ T39] audit: type=1400 audit(1726269328.620:1249): avc: denied { create } for pid=19049 comm="syz.1.3808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 920.545714][T19095] syzkaller0: entered promiscuous mode [ 920.547843][T19095] syzkaller0: entered allmulticast mode [ 921.033165][T18434] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 921.244440][T18434] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 921.247376][T18434] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 921.249924][T18434] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice= 0.00 [ 921.257316][T18434] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 921.263924][T18434] usb 7-1: config 0 descriptor?? [ 921.750790][T18434] appleir 0003:05AC:8243.000C: report_id 0 is invalid [ 921.760295][T18434] appleir 0003:05AC:8243.000C: item 0 0 1 8 parsing failed [ 921.762908][T18434] appleir 0003:05AC:8243.000C: parse failed [ 921.764700][T18434] appleir 0003:05AC:8243.000C: probe with driver appleir failed with error -22 [ 921.955032][ T10] usb 7-1: USB disconnect, device number 18 [ 922.206280][ T39] audit: type=1326 audit(1726269332.370:1250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19109 comm="syz.3.3830" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdeea17def9 code=0x7ffc0000 [ 922.223053][ T39] audit: type=1326 audit(1726269332.370:1251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19109 comm="syz.3.3830" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdeea17def9 code=0x7ffc0000 [ 922.231727][ T39] audit: type=1326 audit(1726269332.370:1252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19109 comm="syz.3.3830" exe="/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7fdeea17def9 code=0x7ffc0000 [ 922.240344][ T39] audit: type=1326 audit(1726269332.370:1253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19109 comm="syz.3.3830" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdeea17def9 code=0x7ffc0000 [ 922.363882][T19107] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 922.367270][T19107] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 922.475957][ T39] audit: type=1400 audit(1726269332.640:1254): avc: denied { create } for pid=19115 comm="syz.1.3833" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 922.590227][ T39] audit: type=1400 audit(1726269332.750:1255): avc: denied { name_connect } for pid=19123 comm="syz.1.3836" dest=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 922.605607][ T39] audit: type=1400 audit(1726269332.760:1256): avc: denied { create } for pid=19124 comm="syz.2.3837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 922.622777][ T39] audit: type=1400 audit(1726269332.770:1257): avc: denied { ioctl } for pid=19124 comm="syz.2.3837" path="socket:[57139]" dev="sockfs" ino=57139 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 924.323876][ T39] audit: type=1400 audit(1726269334.490:1258): avc: denied { create } for pid=19190 comm="syz.3.3867" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 924.381073][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 924.512725][ T39] audit: type=1400 audit(1726269334.670:1259): avc: denied { bind } for pid=19212 comm="syz.2.3877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 924.815024][T19237] netlink: 'syz.0.3885': attribute type 1 has an invalid length. [ 925.577213][T19271] netlink: 'syz.3.3901': attribute type 1 has an invalid length. [ 925.583273][T19271] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3901'. [ 927.197148][T19318] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3919'. [ 927.201434][T19318] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3919'. [ 927.208272][T19318] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3919'. [ 927.216989][ T39] kauditd_printk_skb: 15 callbacks suppressed [ 927.217002][ T39] audit: type=1400 audit(1726269337.380:1275): avc: denied { bind } for pid=19319 comm="syz.2.3920" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 927.467483][ T39] audit: type=1400 audit(1726269337.630:1276): avc: denied { create } for pid=19329 comm="syz.2.3925" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 927.830184][T19355] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3937'. [ 928.208006][ T39] audit: type=1326 audit(1726269338.370:1277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19372 comm="syz.2.3946" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f679d57def9 code=0x7fc00000 [ 928.492398][ T39] audit: type=1326 audit(1726269338.650:1278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19393 comm="syz.0.3954" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84aa37def9 code=0x7ffc0000 [ 928.500303][ T39] audit: type=1326 audit(1726269338.650:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19393 comm="syz.0.3954" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84aa37def9 code=0x7ffc0000 [ 928.508038][ T39] audit: type=1326 audit(1726269338.660:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19393 comm="syz.0.3954" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f84aa37def9 code=0x7ffc0000 [ 928.515955][ T39] audit: type=1326 audit(1726269338.660:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19393 comm="syz.0.3954" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84aa37def9 code=0x7ffc0000 [ 928.523937][ T39] audit: type=1326 audit(1726269338.660:1282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19393 comm="syz.0.3954" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84aa37def9 code=0x7ffc0000 [ 928.538413][ T39] audit: type=1326 audit(1726269338.670:1283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19393 comm="syz.0.3954" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f84aa37def9 code=0x7ffc0000 [ 928.546543][ T39] audit: type=1326 audit(1726269338.680:1284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19393 comm="syz.0.3954" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84aa37def9 code=0x7ffc0000 [ 928.699448][T19404] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3957'. [ 928.704146][T19404] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 930.539480][T19484] overlayfs: failed to resolve './file0': -2 [ 930.796730][T19501] syzkaller0: entered promiscuous mode [ 930.798289][T19501] syzkaller0: entered allmulticast mode [ 931.446301][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.345237][ T39] kauditd_printk_skb: 15 callbacks suppressed [ 932.345247][ T39] audit: type=1400 audit(1726269342.510:1300): avc: denied { unmount } for pid=17199 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 934.893156][ T39] audit: type=1400 audit(1726269345.050:1301): avc: denied { setattr } for pid=19597 comm="syz.1.4041" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 936.175606][T19654] BUG: Bad page state in process syz.2.4065 pfn:5b463 [ 936.177643][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x5b463 [ 936.182895][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 936.185267][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 936.188138][T19654] raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 936.191000][T19654] page dumped because: page_pool leak [ 936.192865][T19654] page_owner tracks the page as allocated [ 936.194871][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167287867, free_ts 934605796021 [ 936.201188][T19654] post_alloc_hook+0x2d1/0x350 [ 936.202841][T19654] get_page_from_freelist+0x1351/0x2e50 [ 936.204911][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 936.206297][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 936.207737][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 936.209310][T19654] page_pool_alloc_pages+0xb5/0x110 [ 936.210669][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 936.212268][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 936.213726][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 936.215131][T19654] __sys_bpf+0x10d2/0x4a00 [ 936.216297][T19654] __x64_sys_bpf+0x78/0xc0 [ 936.217485][T19654] do_syscall_64+0xcd/0x250 [ 936.218705][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.220240][T19654] page last free pid 18289 tgid 18289 stack trace: [ 936.222003][T19654] free_unref_page+0x64a/0xe40 [ 936.223709][T19654] ringbuf_map_free+0xd7/0x130 [ 936.225351][T19654] bpf_map_free_deferred+0x1ce/0x420 [ 936.227137][T19654] process_one_work+0x9c5/0x1b40 [ 936.228829][T19654] worker_thread+0x6c8/0xf00 [ 936.230411][T19654] kthread+0x2c1/0x3a0 [ 936.231802][T19654] ret_from_fork+0x45/0x80 [ 936.233562][T19654] ret_from_fork_asm+0x1a/0x30 [ 936.235323][T19654] Modules linked in: [ 936.236476][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Not tainted 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 936.239208][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 936.242968][T19654] Call Trace: [ 936.244058][T19654] [ 936.244981][T19654] dump_stack_lvl+0x16c/0x1f0 [ 936.246641][T19654] bad_page+0xb3/0x220 [ 936.248087][T19654] ? __pfx_bad_page+0x10/0x10 [ 936.249745][T19654] ? page_bad_reason+0x9d/0x1e0 [ 936.251502][T19654] free_unref_page+0x69e/0xe40 [ 936.253103][T19654] ? __phys_addr+0xc6/0x150 [ 936.254358][T19654] skb_free_head+0xa0/0x1d0 [ 936.255539][T19654] skb_release_data+0x75c/0x980 [ 936.256837][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 936.259138][T19654] ? rcu_is_watching+0x12/0xc0 [ 936.260788][T19654] sk_skb_reason_drop+0x133/0x200 [ 936.262501][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 936.264758][T19654] ? kernel_text_address+0x8d/0x100 [ 936.266633][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 936.268374][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 936.270765][T19654] ? hlock_class+0x4e/0x130 [ 936.272311][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 936.273944][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 936.275303][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 936.276914][T19654] ? lock_acquire+0x1b1/0x560 [ 936.278527][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 936.280746][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 936.282706][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 936.284865][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 936.287153][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 936.288847][T19654] ? __build_skb_around+0x278/0x3b0 [ 936.290623][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 936.292412][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 936.294213][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 936.295915][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 936.297751][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 936.299555][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 936.301569][T19654] ? find_held_lock+0x2d/0x110 [ 936.303178][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 936.305202][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 936.307212][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 936.309202][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 936.310993][T19654] ? 0xffffffffa0004340 [ 936.312432][T19654] ? 0xffffffffa0004340 [ 936.313772][T19654] ? 0xffffffffa0004340 [ 936.314843][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 936.316242][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 936.318130][T19654] ? fput+0x32/0x390 [ 936.319471][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 936.321164][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 936.323111][T19654] __sys_bpf+0x10d2/0x4a00 [ 936.324639][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 936.326310][T19654] ? __fget_files+0x256/0x400 [ 936.327939][T19654] ? do_futex+0x123/0x350 [ 936.329468][T19654] ? __pfx_do_futex+0x10/0x10 [ 936.331113][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 936.332946][T19654] __x64_sys_bpf+0x78/0xc0 [ 936.334459][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 936.336214][T19654] do_syscall_64+0xcd/0x250 [ 936.337730][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.339729][T19654] RIP: 0033:0x7f679d57def9 [ 936.341270][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 936.347749][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 936.350638][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 936.353378][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 936.356034][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 936.358716][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 936.361378][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 936.364033][T19654] [ 936.365217][T19654] Disabling lock debugging due to kernel taint [ 936.367347][T19654] BUG: Bad page state in process syz.2.4065 pfn:5b462 [ 936.369574][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805b463e00 pfn:0x5b462 [ 936.372981][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 936.375409][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 936.378282][T19654] raw: ffff88805b463e00 0000000000000001 00000000ffffffff 0000000000000000 [ 936.381153][T19654] page dumped because: page_pool leak [ 936.382906][T19654] page_owner tracks the page as allocated [ 936.384886][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167279996, free_ts 934605788808 [ 936.390977][T19654] post_alloc_hook+0x2d1/0x350 [ 936.392607][T19654] get_page_from_freelist+0x1351/0x2e50 [ 936.394460][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 936.395898][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 936.397339][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 936.399227][T19654] page_pool_alloc_pages+0xb5/0x110 [ 936.400840][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 936.402501][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 936.404178][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 936.405955][T19654] __sys_bpf+0x10d2/0x4a00 [ 936.407414][T19654] __x64_sys_bpf+0x78/0xc0 [ 936.408947][T19654] do_syscall_64+0xcd/0x250 [ 936.410491][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.412249][T19654] page last free pid 18289 tgid 18289 stack trace: [ 936.414372][T19654] free_unref_page+0x64a/0xe40 [ 936.416000][T19654] ringbuf_map_free+0xd7/0x130 [ 936.417637][T19654] bpf_map_free_deferred+0x1ce/0x420 [ 936.419409][T19654] process_one_work+0x9c5/0x1b40 [ 936.421071][T19654] worker_thread+0x6c8/0xf00 [ 936.422616][T19654] kthread+0x2c1/0x3a0 [ 936.424039][T19654] ret_from_fork+0x45/0x80 [ 936.425485][T19654] ret_from_fork_asm+0x1a/0x30 [ 936.427120][T19654] Modules linked in: [ 936.428478][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 936.432458][T19654] Tainted: [B]=BAD_PAGE [ 936.433732][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 936.437010][T19654] Call Trace: [ 936.438200][T19654] [ 936.439269][T19654] dump_stack_lvl+0x16c/0x1f0 [ 936.440969][T19654] bad_page+0xb3/0x220 [ 936.442439][T19654] ? __pfx_bad_page+0x10/0x10 [ 936.444139][T19654] ? page_bad_reason+0x9d/0x1e0 [ 936.445912][T19654] free_unref_page+0x69e/0xe40 [ 936.447660][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 936.449828][T19654] ? __phys_addr+0xc6/0x150 [ 936.451476][T19654] skb_free_head+0xa0/0x1d0 [ 936.453149][T19654] skb_release_data+0x75c/0x980 [ 936.454911][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 936.457374][T19654] ? rcu_is_watching+0x12/0xc0 [ 936.459118][T19654] sk_skb_reason_drop+0x133/0x200 [ 936.460942][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 936.463345][T19654] ? kernel_text_address+0x8d/0x100 [ 936.465243][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 936.467076][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 936.469613][T19654] ? hlock_class+0x4e/0x130 [ 936.471259][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 936.473057][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 936.474938][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 936.477107][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 936.479432][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 936.481483][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 936.483763][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 936.486163][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 936.488129][T19654] ? __build_skb_around+0x278/0x3b0 [ 936.490039][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 936.491955][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 936.494234][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 936.496620][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 936.498672][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 936.500591][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 936.502710][T19654] ? find_held_lock+0x2d/0x110 [ 936.504529][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 936.506691][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 936.508856][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 936.510981][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 936.512913][T19654] ? 0xffffffffa0004340 [ 936.514422][T19654] ? 0xffffffffa0004340 [ 936.515924][T19654] ? 0xffffffffa0004340 [ 936.517439][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 936.519385][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 936.521500][T19654] ? fput+0x32/0x390 [ 936.522931][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 936.524673][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 936.526794][T19654] __sys_bpf+0x10d2/0x4a00 [ 936.528416][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 936.530160][T19654] ? __fget_files+0x256/0x400 [ 936.531867][T19654] ? do_futex+0x123/0x350 [ 936.533465][T19654] ? __pfx_do_futex+0x10/0x10 [ 936.535176][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 936.537107][T19654] __x64_sys_bpf+0x78/0xc0 [ 936.538733][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 936.540579][T19654] do_syscall_64+0xcd/0x250 [ 936.542265][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.544392][T19654] RIP: 0033:0x7f679d57def9 [ 936.546018][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 936.552895][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 936.555893][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 936.558730][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 936.561566][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 936.564382][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 936.567220][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 936.570055][T19654] [ 936.571286][T19654] BUG: Bad page state in process syz.2.4065 pfn:43819 [ 936.573839][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888100000002 pfn:0x43819 [ 936.577310][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 936.579796][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 936.582605][T19654] raw: ffff888100000002 0000000000000001 00000000ffffffff 0000000000000000 [ 936.585046][T19654] page dumped because: page_pool leak [ 936.586912][T19654] page_owner tracks the page as allocated [ 936.588936][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167272144, free_ts 934605810926 [ 936.595508][T19654] post_alloc_hook+0x2d1/0x350 [ 936.597256][T19654] get_page_from_freelist+0x1351/0x2e50 [ 936.599228][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 936.601039][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 936.602987][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 936.605208][T19654] page_pool_alloc_pages+0xb5/0x110 [ 936.607049][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 936.609018][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 936.610388][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 936.611845][T19654] __sys_bpf+0x10d2/0x4a00 [ 936.613387][T19654] __x64_sys_bpf+0x78/0xc0 [ 936.615007][T19654] do_syscall_64+0xcd/0x250 [ 936.616674][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.618814][T19654] page last free pid 18289 tgid 18289 stack trace: [ 936.621096][T19654] free_unref_page+0x64a/0xe40 [ 936.622780][T19654] ringbuf_map_free+0xd7/0x130 [ 936.624599][T19654] bpf_map_free_deferred+0x1ce/0x420 [ 936.626197][T19654] process_one_work+0x9c5/0x1b40 [ 936.627492][T19654] worker_thread+0x6c8/0xf00 [ 936.628721][T19654] kthread+0x2c1/0x3a0 [ 936.629807][T19654] ret_from_fork+0x45/0x80 [ 936.630973][T19654] ret_from_fork_asm+0x1a/0x30 [ 936.632315][T19654] Modules linked in: [ 936.633437][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 936.636864][T19654] Tainted: [B]=BAD_PAGE [ 936.638342][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 936.642113][T19654] Call Trace: [ 936.643294][T19654] [ 936.644367][T19654] dump_stack_lvl+0x16c/0x1f0 [ 936.646119][T19654] bad_page+0xb3/0x220 [ 936.647634][T19654] ? __pfx_bad_page+0x10/0x10 [ 936.649359][T19654] ? page_bad_reason+0x9d/0x1e0 [ 936.651132][T19654] free_unref_page+0x69e/0xe40 [ 936.652859][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 936.655034][T19654] ? __phys_addr+0xc6/0x150 [ 936.656599][T19654] skb_free_head+0xa0/0x1d0 [ 936.658169][T19654] skb_release_data+0x75c/0x980 [ 936.659512][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 936.661631][T19654] ? rcu_is_watching+0x12/0xc0 [ 936.663386][T19654] sk_skb_reason_drop+0x133/0x200 [ 936.665217][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 936.667607][T19654] ? kernel_text_address+0x8d/0x100 [ 936.669506][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 936.671336][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 936.673826][T19654] ? hlock_class+0x4e/0x130 [ 936.675440][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 936.677256][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 936.679142][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 936.681321][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 936.683649][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 936.685726][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 936.687954][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 936.690361][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 936.692240][T19654] ? __build_skb_around+0x278/0x3b0 [ 936.694148][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 936.696038][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 936.698272][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 936.700634][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 936.702662][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 936.704591][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 936.706699][T19654] ? find_held_lock+0x2d/0x110 [ 936.708449][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 936.710600][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 936.712732][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 936.714862][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 936.716822][T19654] ? 0xffffffffa0004340 [ 936.718339][T19654] ? 0xffffffffa0004340 [ 936.719850][T19654] ? 0xffffffffa0004340 [ 936.721372][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 936.723246][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 936.725353][T19654] ? fput+0x32/0x390 [ 936.726897][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 936.728633][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 936.730756][T19654] __sys_bpf+0x10d2/0x4a00 [ 936.732378][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 936.734129][T19654] ? __fget_files+0x256/0x400 [ 936.735828][T19654] ? do_futex+0x123/0x350 [ 936.737409][T19654] ? __pfx_do_futex+0x10/0x10 [ 936.739254][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 936.741190][T19654] __x64_sys_bpf+0x78/0xc0 [ 936.742785][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 936.744675][T19654] do_syscall_64+0xcd/0x250 [ 936.746352][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.748441][T19654] RIP: 0033:0x7f679d57def9 [ 936.750009][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 936.756500][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 936.759584][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 936.762445][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 936.765201][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 936.767996][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 936.770783][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 936.773614][T19654] [ 936.774871][T19654] BUG: Bad page state in process syz.2.4065 pfn:43818 [ 936.777340][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888043819e00 pfn:0x43818 [ 936.780939][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 936.783480][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 936.786488][T19654] raw: ffff888043819e00 0000000000000001 00000000ffffffff 0000000000000000 [ 936.789487][T19654] page dumped because: page_pool leak [ 936.791374][T19654] page_owner tracks the page as allocated [ 936.793448][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167264322, free_ts 934605803635 [ 936.799921][T19654] post_alloc_hook+0x2d1/0x350 [ 936.801642][T19654] get_page_from_freelist+0x1351/0x2e50 [ 936.803684][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 936.805584][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 936.807573][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 936.809712][T19654] page_pool_alloc_pages+0xb5/0x110 [ 936.811579][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 936.813873][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 936.815767][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 936.817709][T19654] __sys_bpf+0x10d2/0x4a00 [ 936.819333][T19654] __x64_sys_bpf+0x78/0xc0 [ 936.820943][T19654] do_syscall_64+0xcd/0x250 [ 936.822611][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.824780][T19654] page last free pid 18289 tgid 18289 stack trace: [ 936.827146][T19654] free_unref_page+0x64a/0xe40 [ 936.828885][T19654] ringbuf_map_free+0xd7/0x130 [ 936.830609][T19654] bpf_map_free_deferred+0x1ce/0x420 [ 936.832508][T19654] process_one_work+0x9c5/0x1b40 [ 936.834390][T19654] worker_thread+0x6c8/0xf00 [ 936.836081][T19654] kthread+0x2c1/0x3a0 [ 936.837565][T19654] ret_from_fork+0x45/0x80 [ 936.839189][T19654] ret_from_fork_asm+0x1a/0x30 [ 936.840871][T19654] Modules linked in: [ 936.841960][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 936.845279][T19654] Tainted: [B]=BAD_PAGE [ 936.846520][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 936.849382][T19654] Call Trace: [ 936.850247][T19654] [ 936.851083][T19654] dump_stack_lvl+0x16c/0x1f0 [ 936.852343][T19654] bad_page+0xb3/0x220 [ 936.853469][T19654] ? __pfx_bad_page+0x10/0x10 [ 936.854720][T19654] ? page_bad_reason+0x9d/0x1e0 [ 936.856047][T19654] free_unref_page+0x69e/0xe40 [ 936.857325][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 936.858877][T19654] ? __phys_addr+0xc6/0x150 [ 936.860087][T19654] skb_free_head+0xa0/0x1d0 [ 936.861310][T19654] skb_release_data+0x75c/0x980 [ 936.862668][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 936.864524][T19654] ? rcu_is_watching+0x12/0xc0 [ 936.865813][T19654] sk_skb_reason_drop+0x133/0x200 [ 936.867276][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 936.869089][T19654] ? kernel_text_address+0x8d/0x100 [ 936.870765][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 936.872140][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 936.873992][T19654] ? hlock_class+0x4e/0x130 [ 936.875229][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 936.876544][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 936.877980][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 936.879676][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 936.881394][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 936.882948][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 936.884592][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 936.886395][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 936.887776][T19654] ? __build_skb_around+0x278/0x3b0 [ 936.889175][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 936.890588][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 936.892302][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 936.894082][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 936.895547][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 936.897401][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 936.899482][T19654] ? find_held_lock+0x2d/0x110 [ 936.901205][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 936.903305][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 936.905398][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 936.907490][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 936.909303][T19654] ? 0xffffffffa0004340 [ 936.910651][T19654] ? 0xffffffffa0004340 [ 936.912120][T19654] ? 0xffffffffa0004340 [ 936.913606][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 936.915481][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 936.917526][T19654] ? fput+0x32/0x390 [ 936.918921][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 936.920603][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 936.922645][T19654] __sys_bpf+0x10d2/0x4a00 [ 936.924224][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 936.925924][T19654] ? __fget_files+0x256/0x400 [ 936.927584][T19654] ? do_futex+0x123/0x350 [ 936.929131][T19654] ? __pfx_do_futex+0x10/0x10 [ 936.930815][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 936.932690][T19654] __x64_sys_bpf+0x78/0xc0 [ 936.934268][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 936.936105][T19654] do_syscall_64+0xcd/0x250 [ 936.937730][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.939804][T19654] RIP: 0033:0x7f679d57def9 [ 936.941393][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 936.948101][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 936.951042][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 936.953787][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 936.956582][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 936.959367][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 936.962142][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 936.964919][T19654] [ 936.966119][T19654] BUG: Bad page state in process syz.2.4065 pfn:31a47 [ 936.968534][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x31a47 [ 936.971995][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 936.974470][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 936.977083][T19654] raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 936.979653][T19654] page dumped because: page_pool leak [ 936.981307][T19654] page_owner tracks the page as allocated [ 936.983021][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167256329, free_ts 932570213849 [ 936.988631][T19654] post_alloc_hook+0x2d1/0x350 [ 936.990328][T19654] get_page_from_freelist+0x1351/0x2e50 [ 936.992277][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 936.994275][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 936.996264][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 936.998379][T19654] page_pool_alloc_pages+0xb5/0x110 [ 937.000287][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 937.002487][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 937.004420][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 937.006348][T19654] __sys_bpf+0x10d2/0x4a00 [ 937.007957][T19654] __x64_sys_bpf+0x78/0xc0 [ 937.009545][T19654] do_syscall_64+0xcd/0x250 [ 937.011163][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.013345][T19654] page last free pid 19527 tgid 19527 stack trace: [ 937.015600][T19654] free_unref_page+0x64a/0xe40 [ 937.017316][T19654] __put_partials+0x14c/0x170 [ 937.018985][T19654] qlist_free_all+0x4e/0x140 [ 937.020591][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 937.022317][T19654] __kasan_slab_alloc+0x69/0x90 [ 937.024096][T19654] kmem_cache_alloc_noprof+0x121/0x2f0 [ 937.026045][T19654] ptlock_alloc+0x1f/0x70 [ 937.027589][T19654] pte_alloc_one+0x74/0x370 [ 937.029224][T19654] __do_fault+0x320/0x490 [ 937.030776][T19654] __handle_mm_fault+0x388f/0x5660 [ 937.032595][T19654] handle_mm_fault+0x498/0xa60 [ 937.034362][T19654] do_user_addr_fault+0x60d/0x13f0 [ 937.036183][T19654] exc_page_fault+0x5c/0xc0 [ 937.037836][T19654] asm_exc_page_fault+0x26/0x30 [ 937.039566][T19654] Modules linked in: [ 937.040981][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 937.045245][T19654] Tainted: [B]=BAD_PAGE [ 937.046576][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 937.050445][T19654] Call Trace: [ 937.051616][T19654] [ 937.052688][T19654] dump_stack_lvl+0x16c/0x1f0 [ 937.054391][T19654] bad_page+0xb3/0x220 [ 937.055867][T19654] ? __pfx_bad_page+0x10/0x10 [ 937.057561][T19654] ? page_bad_reason+0x9d/0x1e0 [ 937.059280][T19654] free_unref_page+0x69e/0xe40 [ 937.060999][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 937.063106][T19654] ? __phys_addr+0xc6/0x150 [ 937.064687][T19654] skb_free_head+0xa0/0x1d0 [ 937.066327][T19654] skb_release_data+0x75c/0x980 [ 937.068061][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 937.070454][T19654] ? rcu_is_watching+0x12/0xc0 [ 937.072145][T19654] sk_skb_reason_drop+0x133/0x200 [ 937.073987][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 937.076322][T19654] ? kernel_text_address+0x8d/0x100 [ 937.078170][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 937.079946][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 937.082423][T19654] ? hlock_class+0x4e/0x130 [ 937.084045][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 937.085825][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 937.087681][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 937.089816][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 937.092107][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 937.094151][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 937.096306][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 937.098628][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 937.100457][T19654] ? __build_skb_around+0x278/0x3b0 [ 937.102318][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 937.104188][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 937.106391][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 937.108701][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 937.110699][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 937.112578][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 937.114653][T19654] ? find_held_lock+0x2d/0x110 [ 937.116366][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 937.118485][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 937.120589][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 937.122670][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 937.124576][T19654] ? 0xffffffffa0004340 [ 937.126073][T19654] ? 0xffffffffa0004340 [ 937.127556][T19654] ? 0xffffffffa0004340 [ 937.129008][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 937.130917][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 937.132984][T19654] ? fput+0x32/0x390 [ 937.134384][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 937.136091][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 937.138137][T19654] __sys_bpf+0x10d2/0x4a00 [ 937.139718][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 937.141418][T19654] ? __fget_files+0x256/0x400 [ 937.143096][T19654] ? do_futex+0x123/0x350 [ 937.144640][T19654] ? __pfx_do_futex+0x10/0x10 [ 937.146197][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 937.147568][T19654] __x64_sys_bpf+0x78/0xc0 [ 937.148725][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 937.150098][T19654] do_syscall_64+0xcd/0x250 [ 937.151314][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.152906][T19654] RIP: 0033:0x7f679d57def9 [ 937.154071][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 937.159055][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 937.161235][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 937.163252][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 937.165286][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 937.167293][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 937.169316][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 937.171348][T19654] [ 937.172395][T19654] BUG: Bad page state in process syz.2.4065 pfn:31a46 [ 937.174248][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888031a47e00 pfn:0x31a46 [ 937.176835][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 937.178678][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 937.180880][T19654] raw: ffff888031a47e00 0000000000000001 00000000ffffffff 0000000000000000 [ 937.183424][T19654] page dumped because: page_pool leak [ 937.184816][T19654] page_owner tracks the page as allocated [ 937.186285][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167248735, free_ts 934613140457 [ 937.191012][T19654] post_alloc_hook+0x2d1/0x350 [ 937.192298][T19654] get_page_from_freelist+0x1351/0x2e50 [ 937.193810][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 937.195178][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 937.196592][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 937.198130][T19654] page_pool_alloc_pages+0xb5/0x110 [ 937.199480][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 937.201087][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 937.202486][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 937.203910][T19654] __sys_bpf+0x10d2/0x4a00 [ 937.205295][T19654] __x64_sys_bpf+0x78/0xc0 [ 937.206454][T19654] do_syscall_64+0xcd/0x250 [ 937.207644][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.209187][T19654] page last free pid 19578 tgid 19576 stack trace: [ 937.210859][T19654] free_unref_page+0x64a/0xe40 [ 937.212152][T19654] __folio_put+0x31c/0x3e0 [ 937.213375][T19654] free_page_and_swap_cache+0x249/0x2c0 [ 937.214814][T19654] tlb_remove_table_rcu+0x89/0xe0 [ 937.216130][T19654] rcu_core+0x828/0x16b0 [ 937.217245][T19654] handle_softirqs+0x216/0x8f0 [ 937.218482][T19654] irq_exit_rcu+0xbb/0x120 [ 937.219646][T19654] sysvec_apic_timer_interrupt+0x95/0xb0 [ 937.221100][T19654] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 937.222679][T19654] Modules linked in: [ 937.223722][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 937.226813][T19654] Tainted: [B]=BAD_PAGE [ 937.227883][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 937.230633][T19654] Call Trace: [ 937.231504][T19654] [ 937.232218][T19654] dump_stack_lvl+0x16c/0x1f0 [ 937.233436][T19654] bad_page+0xb3/0x220 [ 937.234510][T19654] ? __pfx_bad_page+0x10/0x10 [ 937.235751][T19654] ? page_bad_reason+0x9d/0x1e0 [ 937.237042][T19654] free_unref_page+0x69e/0xe40 [ 937.238256][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 937.239831][T19654] ? __phys_addr+0xc6/0x150 [ 937.241039][T19654] skb_free_head+0xa0/0x1d0 [ 937.242267][T19654] skb_release_data+0x75c/0x980 [ 937.243541][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 937.245344][T19654] ? rcu_is_watching+0x12/0xc0 [ 937.246951][T19654] sk_skb_reason_drop+0x133/0x200 [ 937.248635][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 937.251017][T19654] ? kernel_text_address+0x8d/0x100 [ 937.252826][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 937.254511][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 937.256912][T19654] ? hlock_class+0x4e/0x130 [ 937.258474][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 937.260155][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 937.261907][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 937.263921][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 937.266225][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 937.268159][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 937.270249][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 937.272479][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 937.274344][T19654] ? __build_skb_around+0x278/0x3b0 [ 937.276096][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 937.277971][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 937.280082][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 937.282294][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 937.284183][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 937.285979][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 937.287940][T19654] ? find_held_lock+0x2d/0x110 [ 937.289576][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 937.291573][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 937.293580][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 937.295552][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 937.297330][T19654] ? 0xffffffffa0004340 [ 937.298714][T19654] ? 0xffffffffa0004340 [ 937.300101][T19654] ? 0xffffffffa0004340 [ 937.301509][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 937.303312][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 937.305268][T19654] ? fput+0x32/0x390 [ 937.306582][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 937.308581][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 937.310659][T19654] __sys_bpf+0x10d2/0x4a00 [ 937.312165][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 937.313789][T19654] ? __fget_files+0x256/0x400 [ 937.315364][T19654] ? do_futex+0x123/0x350 [ 937.316847][T19654] ? __pfx_do_futex+0x10/0x10 [ 937.318443][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 937.320207][T19654] __x64_sys_bpf+0x78/0xc0 [ 937.321715][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 937.323459][T19654] do_syscall_64+0xcd/0x250 [ 937.325007][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.326943][T19654] RIP: 0033:0x7f679d57def9 [ 937.328438][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 937.334870][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 937.337592][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 937.340204][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 937.342798][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 937.345435][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 937.348062][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 937.350713][T19654] [ 937.351871][T19654] BUG: Bad page state in process syz.2.4065 pfn:63fef [ 937.354190][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x63fef [ 937.357513][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 937.359854][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 937.362593][T19654] raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 937.365496][T19654] page dumped because: page_pool leak [ 937.367273][T19654] page_owner tracks the page as allocated [ 937.369172][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167241004, free_ts 934613182072 [ 937.375207][T19654] post_alloc_hook+0x2d1/0x350 [ 937.376775][T19654] get_page_from_freelist+0x1351/0x2e50 [ 937.378619][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 937.380392][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 937.382242][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 937.384273][T19654] page_pool_alloc_pages+0xb5/0x110 [ 937.386023][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 937.388080][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 937.389989][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 937.391807][T19654] __sys_bpf+0x10d2/0x4a00 [ 937.393394][T19654] __x64_sys_bpf+0x78/0xc0 [ 937.394912][T19654] do_syscall_64+0xcd/0x250 [ 937.396446][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.398446][T19654] page last free pid 19578 tgid 19576 stack trace: [ 937.400635][T19654] free_unref_page+0x64a/0xe40 [ 937.402278][T19654] __folio_put+0x31c/0x3e0 [ 937.403863][T19654] free_page_and_swap_cache+0x249/0x2c0 [ 937.405747][T19654] tlb_remove_table_rcu+0x89/0xe0 [ 937.407440][T19654] rcu_core+0x828/0x16b0 [ 937.408893][T19654] handle_softirqs+0x216/0x8f0 [ 937.410637][T19654] irq_exit_rcu+0xbb/0x120 [ 937.412158][T19654] sysvec_apic_timer_interrupt+0x95/0xb0 [ 937.414140][T19654] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 937.416134][T19654] Modules linked in: [ 937.417455][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 937.421488][T19654] Tainted: [B]=BAD_PAGE [ 937.422873][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 937.426446][T19654] Call Trace: [ 937.427508][T19654] [ 937.428497][T19654] dump_stack_lvl+0x16c/0x1f0 [ 937.430092][T19654] bad_page+0xb3/0x220 [ 937.431462][T19654] ? __pfx_bad_page+0x10/0x10 [ 937.433043][T19654] ? page_bad_reason+0x9d/0x1e0 [ 937.434681][T19654] free_unref_page+0x69e/0xe40 [ 937.436299][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 937.438318][T19654] ? __phys_addr+0xc6/0x150 [ 937.439845][T19654] skb_free_head+0xa0/0x1d0 [ 937.441383][T19654] skb_release_data+0x75c/0x980 [ 937.443025][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 937.445304][T19654] ? rcu_is_watching+0x12/0xc0 [ 937.446924][T19654] sk_skb_reason_drop+0x133/0x200 [ 937.448618][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 937.450863][T19654] ? kernel_text_address+0x8d/0x100 [ 937.452603][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 937.454307][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 937.456814][T19654] ? hlock_class+0x4e/0x130 [ 937.458350][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 937.460045][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 937.461805][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 937.463826][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 937.466008][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 937.467930][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 937.470009][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 937.472219][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 937.473982][T19654] ? __build_skb_around+0x278/0x3b0 [ 937.475737][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 937.477513][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 937.479569][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 937.481772][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 937.483600][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 937.485376][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 937.487313][T19654] ? find_held_lock+0x2d/0x110 [ 937.488939][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 937.491082][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 937.493095][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 937.495074][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 937.496873][T19654] ? 0xffffffffa0004340 [ 937.498280][T19654] ? 0xffffffffa0004340 [ 937.499691][T19654] ? 0xffffffffa0004340 [ 937.501110][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 937.502933][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 937.504921][T19654] ? fput+0x32/0x390 [ 937.506248][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 937.507863][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 937.509828][T19654] __sys_bpf+0x10d2/0x4a00 [ 937.511332][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 937.512941][T19654] ? __fget_files+0x256/0x400 [ 937.514544][T19654] ? do_futex+0x123/0x350 [ 937.516148][T19654] ? __pfx_do_futex+0x10/0x10 [ 937.517787][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 937.519583][T19654] __x64_sys_bpf+0x78/0xc0 [ 937.521105][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 937.522854][T19654] do_syscall_64+0xcd/0x250 [ 937.524390][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.526378][T19654] RIP: 0033:0x7f679d57def9 [ 937.527883][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 937.534343][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 937.537123][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 937.539753][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 937.542374][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 937.544987][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 937.547601][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 937.550262][T19654] [ 937.551407][T19654] BUG: Bad page state in process syz.2.4065 pfn:63fee [ 937.553758][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888063fefe00 pfn:0x63fee [ 937.557058][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 937.559299][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 937.562151][T19654] raw: ffff888063fefe00 0000000000000001 00000000ffffffff 0000000000000000 [ 937.564925][T19654] page dumped because: page_pool leak [ 937.566609][T19654] page_owner tracks the page as allocated [ 937.568466][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167232852, free_ts 934673024835 [ 937.573659][T19654] post_alloc_hook+0x2d1/0x350 [ 937.575023][T19654] get_page_from_freelist+0x1351/0x2e50 [ 937.576686][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 937.578227][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 937.579982][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 937.581693][T19654] page_pool_alloc_pages+0xb5/0x110 [ 937.583005][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 937.584913][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 937.586232][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 937.587604][T19654] __sys_bpf+0x10d2/0x4a00 [ 937.588745][T19654] __x64_sys_bpf+0x78/0xc0 [ 937.589901][T19654] do_syscall_64+0xcd/0x250 [ 937.591036][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.592529][T19654] page last free pid 17199 tgid 17199 stack trace: [ 937.594341][T19654] free_unref_page+0x64a/0xe40 [ 937.595679][T19654] vfree+0x181/0x7a0 [ 937.596831][T19654] do_ipt_get_ctl+0x8b0/0xaa0 [ 937.598091][T19654] nf_getsockopt+0x79/0xe0 [ 937.599286][T19654] ip_getsockopt+0x18e/0x1e0 [ 937.600515][T19654] tcp_getsockopt+0x9e/0x100 [ 937.601802][T19654] do_sock_getsockopt+0x3fe/0x800 [ 937.603184][T19654] __sys_getsockopt+0x1a1/0x270 [ 937.604673][T19654] __x64_sys_getsockopt+0xbd/0x160 [ 937.606032][T19654] do_syscall_64+0xcd/0x250 [ 937.607274][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.608886][T19654] Modules linked in: [ 937.609940][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 937.613136][T19654] Tainted: [B]=BAD_PAGE [ 937.614237][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 937.617091][T19654] Call Trace: [ 937.617996][T19654] [ 937.618806][T19654] dump_stack_lvl+0x16c/0x1f0 [ 937.620109][T19654] bad_page+0xb3/0x220 [ 937.621225][T19654] ? __pfx_bad_page+0x10/0x10 [ 937.622546][T19654] ? page_bad_reason+0x9d/0x1e0 [ 937.623844][T19654] free_unref_page+0x69e/0xe40 [ 937.625125][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 937.626759][T19654] ? __phys_addr+0xc6/0x150 [ 937.627955][T19654] skb_free_head+0xa0/0x1d0 [ 937.629179][T19654] skb_release_data+0x75c/0x980 [ 937.630484][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 937.632560][T19654] ? rcu_is_watching+0x12/0xc0 [ 937.633869][T19654] sk_skb_reason_drop+0x133/0x200 [ 937.635201][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 937.637002][T19654] ? kernel_text_address+0x8d/0x100 [ 937.638325][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 937.639676][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 937.641585][T19654] ? hlock_class+0x4e/0x130 [ 937.642792][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 937.644047][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 937.645472][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 937.647091][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 937.648794][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 937.650375][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 937.652046][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 937.653849][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 937.655227][T19654] ? __build_skb_around+0x278/0x3b0 [ 937.656533][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 937.657914][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 937.659587][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 937.661373][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 937.662865][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 937.664260][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 937.665826][T19654] ? find_held_lock+0x2d/0x110 [ 937.667125][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 937.668682][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 937.670339][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 937.671874][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 937.673312][T19654] ? 0xffffffffa0004340 [ 937.674421][T19654] ? 0xffffffffa0004340 [ 937.675536][T19654] ? 0xffffffffa0004340 [ 937.676704][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 937.678129][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 937.679820][T19654] ? fput+0x32/0x390 [ 937.680883][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 937.682152][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 937.683826][T19654] __sys_bpf+0x10d2/0x4a00 [ 937.685066][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 937.686347][T19654] ? __fget_files+0x256/0x400 [ 937.687572][T19654] ? do_futex+0x123/0x350 [ 937.688707][T19654] ? __pfx_do_futex+0x10/0x10 [ 937.690152][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 937.691930][T19654] __x64_sys_bpf+0x78/0xc0 [ 937.693443][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 937.695187][T19654] do_syscall_64+0xcd/0x250 [ 937.696723][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.698811][T19654] RIP: 0033:0x7f679d57def9 [ 937.700305][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 937.706712][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 937.709513][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 937.712056][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 937.714620][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 937.717220][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 937.719848][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 937.722195][T19654] [ 937.723122][T19654] BUG: Bad page state in process syz.2.4065 pfn:41893 [ 937.724904][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888100000002 pfn:0x41893 [ 937.727484][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 937.729798][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 937.732652][T19654] raw: ffff888100000002 0000000000000001 00000000ffffffff 0000000000000000 [ 937.735527][T19654] page dumped because: page_pool leak [ 937.737292][T19654] page_owner tracks the page as allocated [ 937.739170][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167224944, free_ts 934673514462 [ 937.745255][T19654] post_alloc_hook+0x2d1/0x350 [ 937.746868][T19654] get_page_from_freelist+0x1351/0x2e50 [ 937.748694][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 937.750460][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 937.752272][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 937.754292][T19654] page_pool_alloc_pages+0xb5/0x110 [ 937.756037][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 937.758064][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 937.759733][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 937.761514][T19654] __sys_bpf+0x10d2/0x4a00 [ 937.763004][T19654] __x64_sys_bpf+0x78/0xc0 [ 937.764545][T19654] do_syscall_64+0xcd/0x250 [ 937.766081][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.768042][T19654] page last free pid 17199 tgid 17199 stack trace: [ 937.770201][T19654] free_unref_page+0x64a/0xe40 [ 937.771800][T19654] __folio_put+0x31c/0x3e0 [ 937.773363][T19654] free_page_and_swap_cache+0x249/0x2c0 [ 937.775181][T19654] tlb_remove_table_rcu+0x89/0xe0 [ 937.776884][T19654] rcu_core+0x828/0x16b0 [ 937.778304][T19654] handle_softirqs+0x216/0x8f0 [ 937.779904][T19654] irq_exit_rcu+0xbb/0x120 [ 937.781400][T19654] sysvec_apic_timer_interrupt+0x95/0xb0 [ 937.783321][T19654] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 937.785321][T19654] Modules linked in: [ 937.786621][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 937.790541][T19654] Tainted: [B]=BAD_PAGE [ 937.791915][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 937.795055][T19654] Call Trace: [ 937.796181][T19654] [ 937.797188][T19654] dump_stack_lvl+0x16c/0x1f0 [ 937.798759][T19654] bad_page+0xb3/0x220 [ 937.800130][T19654] ? __pfx_bad_page+0x10/0x10 [ 937.801717][T19654] ? page_bad_reason+0x9d/0x1e0 [ 937.803283][T19654] free_unref_page+0x69e/0xe40 [ 937.804917][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 937.806921][T19654] ? __phys_addr+0xc6/0x150 [ 937.808486][T19654] skb_free_head+0xa0/0x1d0 [ 937.810036][T19654] skb_release_data+0x75c/0x980 [ 937.811682][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 937.813986][T19654] ? rcu_is_watching+0x12/0xc0 [ 937.815611][T19654] sk_skb_reason_drop+0x133/0x200 [ 937.817339][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 937.819554][T19654] ? kernel_text_address+0x8d/0x100 [ 937.821296][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 937.823023][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 937.825393][T19654] ? hlock_class+0x4e/0x130 [ 937.826901][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 937.828550][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 937.830301][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 937.832282][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 937.834450][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 937.836356][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 937.838432][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 937.840282][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 937.841647][T19654] ? __build_skb_around+0x278/0x3b0 [ 937.843007][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 937.844381][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 937.846013][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 937.847712][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 937.849181][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 937.850559][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 937.852076][T19654] ? find_held_lock+0x2d/0x110 [ 937.853345][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 937.854885][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 937.856430][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 937.857957][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 937.859332][T19654] ? 0xffffffffa0004340 [ 937.860403][T19654] ? 0xffffffffa0004340 [ 937.861493][T19654] ? 0xffffffffa0004340 [ 937.862581][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 937.863984][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 937.865513][T19654] ? fput+0x32/0x390 [ 937.866540][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 937.867777][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 937.869290][T19654] __sys_bpf+0x10d2/0x4a00 [ 937.870451][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 937.871679][T19654] ? __fget_files+0x256/0x400 [ 937.872926][T19654] ? do_futex+0x123/0x350 [ 937.874051][T19654] ? __pfx_do_futex+0x10/0x10 [ 937.875280][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 937.876654][T19654] __x64_sys_bpf+0x78/0xc0 [ 937.877835][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 937.879163][T19654] do_syscall_64+0xcd/0x250 [ 937.880353][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.881913][T19654] RIP: 0033:0x7f679d57def9 [ 937.883066][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 937.887983][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 937.890125][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 937.892187][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 937.894251][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 937.896297][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 937.898553][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 937.900598][T19654] [ 937.901509][T19654] BUG: Bad page state in process syz.2.4065 pfn:41892 [ 937.903308][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888041893cc0 pfn:0x41892 [ 937.905905][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 937.907730][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 937.909947][T19654] raw: ffff888041893cc0 0000000000000001 00000000ffffffff 0000000000000000 [ 937.912216][T19654] page dumped because: page_pool leak [ 937.913660][T19654] page_owner tracks the page as allocated [ 937.915124][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167217160, free_ts 934673536093 [ 937.919840][T19654] post_alloc_hook+0x2d1/0x350 [ 937.921099][T19654] get_page_from_freelist+0x1351/0x2e50 [ 937.922526][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 937.923938][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 937.924592][ T39] audit: type=1400 audit(1726269348.090:1302): avc: denied { write } for pid=4812 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 937.925360][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 937.931020][ T39] audit: type=1400 audit(1726269348.090:1303): avc: denied { remove_name } for pid=4812 comm="syslogd" name="messages" dev="tmpfs" ino=9 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 937.932515][T19654] page_pool_alloc_pages+0xb5/0x110 [ 937.938482][ T39] audit: type=1400 audit(1726269348.090:1304): avc: denied { rename } for pid=4812 comm="syslogd" name="messages" dev="tmpfs" ino=9 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 937.939741][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 937.945445][ T39] audit: type=1400 audit(1726269348.090:1305): avc: denied { add_name } for pid=4812 comm="syslogd" name="messages.0" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 937.946948][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 937.952649][ T39] audit: type=1400 audit(1726269348.090:1306): avc: denied { unlink } for pid=4812 comm="syslogd" name="messages.0" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 937.954038][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 937.954052][T19654] __sys_bpf+0x10d2/0x4a00 [ 937.960766][ T39] audit: type=1400 audit(1726269348.090:1307): avc: denied { create } for pid=4812 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 937.961452][T19654] __x64_sys_bpf+0x78/0xc0 [ 937.969104][T19654] do_syscall_64+0xcd/0x250 [ 937.970309][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.971846][T19654] page last free pid 17199 tgid 17199 stack trace: [ 937.973583][T19654] free_unref_page+0x64a/0xe40 [ 937.974842][T19654] __folio_put+0x31c/0x3e0 [ 937.976003][T19654] free_page_and_swap_cache+0x249/0x2c0 [ 937.977509][T19654] tlb_remove_table_rcu+0x89/0xe0 [ 937.978816][T19654] rcu_core+0x828/0x16b0 [ 937.979922][T19654] handle_softirqs+0x216/0x8f0 [ 937.981174][T19654] irq_exit_rcu+0xbb/0x120 [ 937.982333][T19654] sysvec_apic_timer_interrupt+0x95/0xb0 [ 937.983837][T19654] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 937.985399][T19654] Modules linked in: [ 937.986419][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 937.989528][T19654] Tainted: [B]=BAD_PAGE [ 937.990600][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 937.993372][T19654] Call Trace: [ 937.994209][T19654] [ 937.994959][T19654] dump_stack_lvl+0x16c/0x1f0 [ 937.996166][T19654] bad_page+0xb3/0x220 [ 937.997213][T19654] ? __pfx_bad_page+0x10/0x10 [ 937.998420][T19654] ? page_bad_reason+0x9d/0x1e0 [ 937.999633][T19654] free_unref_page+0x69e/0xe40 [ 938.000856][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 938.002402][T19654] ? __phys_addr+0xc6/0x150 [ 938.003583][T19654] skb_free_head+0xa0/0x1d0 [ 938.004764][T19654] skb_release_data+0x75c/0x980 [ 938.006048][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 938.007802][T19654] ? rcu_is_watching+0x12/0xc0 [ 938.009056][T19654] sk_skb_reason_drop+0x133/0x200 [ 938.010356][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 938.012067][T19654] ? kernel_text_address+0x8d/0x100 [ 938.013466][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 938.014757][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 938.016564][T19654] ? hlock_class+0x4e/0x130 [ 938.017747][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 938.019023][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 938.020363][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 938.021917][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 938.023574][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 938.025041][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 938.026620][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 938.028321][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 938.029663][T19654] ? __build_skb_around+0x278/0x3b0 [ 938.031002][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 938.032358][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 938.033970][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 938.035650][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 938.037122][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 938.038486][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 938.039999][T19654] ? find_held_lock+0x2d/0x110 [ 938.041245][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 938.042776][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 938.044236][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 938.045746][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 938.047063][T19654] ? 0xffffffffa0004340 [ 938.048143][T19654] ? 0xffffffffa0004340 [ 938.049230][T19654] ? 0xffffffffa0004340 [ 938.050312][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 938.051721][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 938.053248][T19654] ? fput+0x32/0x390 [ 938.054273][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 938.055527][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 938.057050][T19654] __sys_bpf+0x10d2/0x4a00 [ 938.058218][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 938.059460][T19654] ? __fget_files+0x256/0x400 [ 938.060682][T19654] ? do_futex+0x123/0x350 [ 938.061810][T19654] ? __pfx_do_futex+0x10/0x10 [ 938.063034][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 938.064395][T19654] __x64_sys_bpf+0x78/0xc0 [ 938.065560][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 938.066911][T19654] do_syscall_64+0xcd/0x250 [ 938.068065][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.069592][T19654] RIP: 0033:0x7f679d57def9 [ 938.070755][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 938.075684][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 938.077731][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 938.079753][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 938.081792][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 938.083813][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 938.085846][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 938.087873][T19654] [ 938.088757][T19654] BUG: Bad page state in process syz.2.4065 pfn:477e5 [ 938.090519][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x477e5 [ 938.093148][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 938.094980][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 938.097183][T19654] raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 938.099370][T19654] page dumped because: page_pool leak [ 938.100748][T19654] page_owner tracks the page as allocated [ 938.102207][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167209404, free_ts 934673634219 [ 938.106958][T19654] post_alloc_hook+0x2d1/0x350 [ 938.108204][T19654] get_page_from_freelist+0x1351/0x2e50 [ 938.109649][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 938.111011][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 938.112436][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 938.114030][T19654] page_pool_alloc_pages+0xb5/0x110 [ 938.115389][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 938.117002][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 938.118388][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 938.119784][T19654] __sys_bpf+0x10d2/0x4a00 [ 938.120937][T19654] __x64_sys_bpf+0x78/0xc0 [ 938.122086][T19654] do_syscall_64+0xcd/0x250 [ 938.123295][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.124833][T19654] page last free pid 17199 tgid 17199 stack trace: [ 938.126499][T19654] free_unref_page+0x64a/0xe40 [ 938.127742][T19654] __folio_put+0x31c/0x3e0 [ 938.128906][T19654] free_page_and_swap_cache+0x249/0x2c0 [ 938.130338][T19654] tlb_remove_table_rcu+0x89/0xe0 [ 938.131641][T19654] rcu_core+0x828/0x16b0 [ 938.132766][T19654] handle_softirqs+0x216/0x8f0 [ 938.134066][T19654] irq_exit_rcu+0xbb/0x120 [ 938.135224][T19654] sysvec_apic_timer_interrupt+0x95/0xb0 [ 938.136677][T19654] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 938.138185][T19654] Modules linked in: [ 938.139207][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 938.142333][T19654] Tainted: [B]=BAD_PAGE [ 938.143417][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 938.146170][T19654] Call Trace: [ 938.147049][T19654] [ 938.147848][T19654] dump_stack_lvl+0x16c/0x1f0 [ 938.149051][T19654] bad_page+0xb3/0x220 [ 938.150114][T19654] ? __pfx_bad_page+0x10/0x10 [ 938.151333][T19654] ? page_bad_reason+0x9d/0x1e0 [ 938.152612][T19654] free_unref_page+0x69e/0xe40 [ 938.153867][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 938.155418][T19654] ? __phys_addr+0xc6/0x150 [ 938.156591][T19654] skb_free_head+0xa0/0x1d0 [ 938.157785][T19654] skb_release_data+0x75c/0x980 [ 938.159053][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 938.160819][T19654] ? rcu_is_watching+0x12/0xc0 [ 938.162064][T19654] sk_skb_reason_drop+0x133/0x200 [ 938.163366][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 938.165094][T19654] ? kernel_text_address+0x8d/0x100 [ 938.166448][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 938.167766][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 938.169601][T19654] ? hlock_class+0x4e/0x130 [ 938.170794][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 938.172098][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 938.173473][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 938.175043][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 938.176723][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 938.178213][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 938.179809][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 938.181540][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 938.182897][T19654] ? __build_skb_around+0x278/0x3b0 [ 938.184248][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 938.185629][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 938.187241][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 938.188962][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 938.190414][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 938.191793][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 938.193298][T19654] ? find_held_lock+0x2d/0x110 [ 938.194379][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 938.195916][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 938.197455][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 938.198916][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 938.200280][T19654] ? 0xffffffffa0004340 [ 938.201301][T19654] ? 0xffffffffa0004340 [ 938.202422][T19654] ? 0xffffffffa0004340 [ 938.203485][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 938.204692][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 938.206015][T19654] ? fput+0x32/0x390 [ 938.206909][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 938.207996][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 938.209309][T19654] __sys_bpf+0x10d2/0x4a00 [ 938.210320][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 938.211397][T19654] ? __fget_files+0x256/0x400 [ 938.212456][T19654] ? do_futex+0x123/0x350 [ 938.213452][T19654] ? __pfx_do_futex+0x10/0x10 [ 938.214522][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 938.215705][T19654] __x64_sys_bpf+0x78/0xc0 [ 938.216714][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 938.218079][T19654] do_syscall_64+0xcd/0x250 [ 938.219264][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.220808][T19654] RIP: 0033:0x7f679d57def9 [ 938.221968][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 938.226909][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 938.229068][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 938.231095][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 938.233140][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 938.235169][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 938.237214][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 938.239259][T19654] [ 938.240151][T19654] BUG: Bad page state in process syz.2.4065 pfn:477e4 [ 938.241923][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880477e5e00 pfn:0x477e4 [ 938.244546][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 938.246399][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 938.248636][T19654] raw: ffff8880477e5e00 0000000000000001 00000000ffffffff 0000000000000000 [ 938.250832][T19654] page dumped because: page_pool leak [ 938.252209][T19654] page_owner tracks the page as allocated [ 938.253714][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167201201, free_ts 934673555549 [ 938.258426][T19654] post_alloc_hook+0x2d1/0x350 [ 938.259664][T19654] get_page_from_freelist+0x1351/0x2e50 [ 938.261088][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 938.262453][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 938.263920][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 938.265457][T19654] page_pool_alloc_pages+0xb5/0x110 [ 938.266799][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 938.268403][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 938.269795][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 938.271189][T19654] __sys_bpf+0x10d2/0x4a00 [ 938.272356][T19654] __x64_sys_bpf+0x78/0xc0 [ 938.273587][T19654] do_syscall_64+0xcd/0x250 [ 938.274781][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.276306][T19654] page last free pid 17199 tgid 17199 stack trace: [ 938.278235][T19654] free_unref_page+0x64a/0xe40 [ 938.279492][T19654] __folio_put+0x31c/0x3e0 [ 938.280655][T19654] free_page_and_swap_cache+0x249/0x2c0 [ 938.282104][T19654] tlb_remove_table_rcu+0x89/0xe0 [ 938.283472][T19654] rcu_core+0x828/0x16b0 [ 938.284585][T19654] handle_softirqs+0x216/0x8f0 [ 938.285850][T19654] irq_exit_rcu+0xbb/0x120 [ 938.287009][T19654] sysvec_apic_timer_interrupt+0x95/0xb0 [ 938.288464][T19654] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 938.290038][T19654] Modules linked in: [ 938.291058][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 938.294202][T19654] Tainted: [B]=BAD_PAGE [ 938.295289][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 938.298073][T19654] Call Trace: [ 938.298941][T19654] [ 938.299709][T19654] dump_stack_lvl+0x16c/0x1f0 [ 938.300957][T19654] bad_page+0xb3/0x220 [ 938.302018][T19654] ? __pfx_bad_page+0x10/0x10 [ 938.303245][T19654] ? page_bad_reason+0x9d/0x1e0 [ 938.304468][T19654] free_unref_page+0x69e/0xe40 [ 938.305684][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 938.307211][T19654] ? __phys_addr+0xc6/0x150 [ 938.308388][T19654] skb_free_head+0xa0/0x1d0 [ 938.309576][T19654] skb_release_data+0x75c/0x980 [ 938.310846][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 938.312611][T19654] ? rcu_is_watching+0x12/0xc0 [ 938.313870][T19654] sk_skb_reason_drop+0x133/0x200 [ 938.315184][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 938.316907][T19654] ? kernel_text_address+0x8d/0x100 [ 938.318274][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 938.319558][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 938.321367][T19654] ? hlock_class+0x4e/0x130 [ 938.322523][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 938.323750][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 938.325071][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 938.326629][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 938.328295][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 938.329776][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 938.331373][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 938.333126][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 938.334479][T19654] ? __build_skb_around+0x278/0x3b0 [ 938.335844][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 938.337232][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 938.338851][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 938.340545][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 938.342008][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 938.343370][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 938.344885][T19654] ? find_held_lock+0x2d/0x110 [ 938.346135][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 938.347678][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 938.349224][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 938.350751][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 938.352125][T19654] ? 0xffffffffa0004340 [ 938.353231][T19654] ? 0xffffffffa0004340 [ 938.354313][T19654] ? 0xffffffffa0004340 [ 938.355399][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 938.356808][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 938.358326][T19654] ? fput+0x32/0x390 [ 938.359355][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 938.360601][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 938.362116][T19654] __sys_bpf+0x10d2/0x4a00 [ 938.363262][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 938.364508][T19654] ? __fget_files+0x256/0x400 [ 938.365723][T19654] ? do_futex+0x123/0x350 [ 938.366837][T19654] ? __pfx_do_futex+0x10/0x10 [ 938.368064][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 938.369445][T19654] __x64_sys_bpf+0x78/0xc0 [ 938.370613][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 938.371943][T19654] do_syscall_64+0xcd/0x250 [ 938.373144][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.374668][T19654] RIP: 0033:0x7f679d57def9 [ 938.375822][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 938.380515][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 938.382360][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 938.384103][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 938.385855][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 938.387597][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 938.389371][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 938.391911][T19654] [ 938.393059][T19654] BUG: Bad page state in process syz.2.4065 pfn:11c91 [ 938.395373][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x11c91 [ 938.398714][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 938.400801][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 938.403225][T19654] raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 938.405475][T19654] page dumped because: page_pool leak [ 938.406888][T19654] page_owner tracks the page as allocated [ 938.408350][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167193101, free_ts 934693270048 [ 938.413177][T19654] post_alloc_hook+0x2d1/0x350 [ 938.414425][T19654] get_page_from_freelist+0x1351/0x2e50 [ 938.415859][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 938.417213][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 938.418640][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 938.420163][T19654] page_pool_alloc_pages+0xb5/0x110 [ 938.421521][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 938.423139][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 938.424498][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 938.425895][T19654] __sys_bpf+0x10d2/0x4a00 [ 938.427061][T19654] __x64_sys_bpf+0x78/0xc0 [ 938.428221][T19654] do_syscall_64+0xcd/0x250 [ 938.429424][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.430958][T19654] page last free pid 17199 tgid 17199 stack trace: [ 938.432640][T19654] free_unref_page+0x64a/0xe40 [ 938.433973][T19654] __folio_put+0x31c/0x3e0 [ 938.435128][T19654] free_page_and_swap_cache+0x249/0x2c0 [ 938.436552][T19654] tlb_remove_table_rcu+0x89/0xe0 [ 938.437891][T19654] rcu_core+0x828/0x16b0 [ 938.439001][T19654] handle_softirqs+0x216/0x8f0 [ 938.440243][T19654] irq_exit_rcu+0xbb/0x120 [ 938.441412][T19654] sysvec_apic_timer_interrupt+0x95/0xb0 [ 938.442867][T19654] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 938.444454][T19654] Modules linked in: [ 938.445477][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 938.448572][T19654] Tainted: [B]=BAD_PAGE [ 938.449652][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 938.452388][T19654] Call Trace: [ 938.453292][T19654] [ 938.454062][T19654] dump_stack_lvl+0x16c/0x1f0 [ 938.455273][T19654] bad_page+0xb3/0x220 [ 938.456342][T19654] ? __pfx_bad_page+0x10/0x10 [ 938.457576][T19654] ? page_bad_reason+0x9d/0x1e0 [ 938.458840][T19654] free_unref_page+0x69e/0xe40 [ 938.460086][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 938.461642][T19654] ? __phys_addr+0xc6/0x150 [ 938.462825][T19654] skb_free_head+0xa0/0x1d0 [ 938.464020][T19654] skb_release_data+0x75c/0x980 [ 938.465295][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 938.467051][T19654] ? rcu_is_watching+0x12/0xc0 [ 938.468295][T19654] sk_skb_reason_drop+0x133/0x200 [ 938.469602][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 938.471311][T19654] ? kernel_text_address+0x8d/0x100 [ 938.472633][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 938.473909][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 938.475727][T19654] ? hlock_class+0x4e/0x130 [ 938.476921][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 938.478222][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 938.479589][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 938.481103][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 938.482721][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 938.484131][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 938.485690][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 938.487359][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 938.488692][T19654] ? __build_skb_around+0x278/0x3b0 [ 938.490013][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 938.491324][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 938.492910][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 938.494558][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 938.495980][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 938.497324][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 938.498782][T19654] ? find_held_lock+0x2d/0x110 [ 938.500004][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 938.501497][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 938.502975][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 938.504434][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 938.505747][T19654] ? 0xffffffffa0004340 [ 938.506803][T19654] ? 0xffffffffa0004340 [ 938.507853][T19654] ? 0xffffffffa0004340 [ 938.508898][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 938.510255][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 938.511727][T19654] ? fput+0x32/0x390 [ 938.512724][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 938.513957][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 938.515413][T19654] __sys_bpf+0x10d2/0x4a00 [ 938.516535][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 938.517754][T19654] ? __fget_files+0x256/0x400 [ 938.518929][T19654] ? do_futex+0x123/0x350 [ 938.520060][T19654] ? __pfx_do_futex+0x10/0x10 [ 938.521199][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 938.522443][T19654] __x64_sys_bpf+0x78/0xc0 [ 938.523490][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 938.524734][T19654] do_syscall_64+0xcd/0x250 [ 938.525854][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.527241][T19654] RIP: 0033:0x7f679d57def9 [ 938.528296][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 938.533016][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 938.535115][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 938.537115][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 938.539268][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 938.541565][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 938.543655][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 938.545738][T19654] [ 938.546633][T19654] BUG: Bad page state in process syz.2.4065 pfn:11c90 [ 938.548366][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888011c91cc0 pfn:0x11c90 [ 938.550919][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 938.552805][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 938.555061][T19654] raw: ffff888011c91cc0 0000000000000001 00000000ffffffff 0000000000000000 [ 938.557302][T19654] page dumped because: page_pool leak [ 938.558665][T19654] page_owner tracks the page as allocated [ 938.560109][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167184804, free_ts 934693288645 [ 938.565501][T19654] post_alloc_hook+0x2d1/0x350 [ 938.566820][T19654] get_page_from_freelist+0x1351/0x2e50 [ 938.568211][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 938.569587][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 938.571024][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 938.572655][T19654] page_pool_alloc_pages+0xb5/0x110 [ 938.574058][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 938.575713][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 938.577110][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 938.578459][T19654] __sys_bpf+0x10d2/0x4a00 [ 938.579601][T19654] __x64_sys_bpf+0x78/0xc0 [ 938.580759][T19654] do_syscall_64+0xcd/0x250 [ 938.582086][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.583806][T19654] page last free pid 17199 tgid 17199 stack trace: [ 938.585484][T19654] free_unref_page+0x64a/0xe40 [ 938.586775][T19654] __folio_put+0x31c/0x3e0 [ 938.587906][T19654] free_page_and_swap_cache+0x249/0x2c0 [ 938.589425][T19654] tlb_remove_table_rcu+0x89/0xe0 [ 938.590718][T19654] rcu_core+0x828/0x16b0 [ 938.591958][T19654] handle_softirqs+0x216/0x8f0 [ 938.593748][T19654] irq_exit_rcu+0xbb/0x120 [ 938.595337][T19654] sysvec_apic_timer_interrupt+0x95/0xb0 [ 938.597140][T19654] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 938.598652][T19654] Modules linked in: [ 938.599675][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 938.602748][T19654] Tainted: [B]=BAD_PAGE [ 938.603807][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 938.606466][T19654] Call Trace: [ 938.607318][T19654] [ 938.608071][T19654] dump_stack_lvl+0x16c/0x1f0 [ 938.609271][T19654] bad_page+0xb3/0x220 [ 938.610305][T19654] ? __pfx_bad_page+0x10/0x10 [ 938.611499][T19654] ? page_bad_reason+0x9d/0x1e0 [ 938.613282][T19654] free_unref_page+0x69e/0xe40 [ 938.614852][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 938.616400][T19654] ? __phys_addr+0xc6/0x150 [ 938.617602][T19654] skb_free_head+0xa0/0x1d0 [ 938.618819][T19654] skb_release_data+0x75c/0x980 [ 938.620126][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 938.621917][T19654] ? rcu_is_watching+0x12/0xc0 [ 938.623170][T19654] sk_skb_reason_drop+0x133/0x200 [ 938.624510][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 938.626237][T19654] ? kernel_text_address+0x8d/0x100 [ 938.627615][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 938.629192][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 938.630993][T19654] ? hlock_class+0x4e/0x130 [ 938.632253][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 938.633535][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 938.634953][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 938.636574][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 938.638796][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 938.640763][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 938.642899][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 938.645237][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 938.647053][T19654] ? __build_skb_around+0x278/0x3b0 [ 938.648914][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 938.650918][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 938.652714][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 938.654450][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 938.655970][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 938.657808][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 938.659838][T19654] ? find_held_lock+0x2d/0x110 [ 938.661513][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 938.663586][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 938.665670][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 938.667758][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 938.669546][T19654] ? 0xffffffffa0004340 [ 938.670655][T19654] ? 0xffffffffa0004340 [ 938.671835][T19654] ? 0xffffffffa0004340 [ 938.673122][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 938.674560][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 938.676126][T19654] ? fput+0x32/0x390 [ 938.677217][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 938.678489][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 938.680078][T19654] __sys_bpf+0x10d2/0x4a00 [ 938.681294][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 938.682971][T19654] ? __fget_files+0x256/0x400 [ 938.684689][T19654] ? do_futex+0x123/0x350 [ 938.686039][T19654] ? __pfx_do_futex+0x10/0x10 [ 938.687285][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 938.688941][T19654] __x64_sys_bpf+0x78/0xc0 [ 938.690462][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 938.691967][T19654] do_syscall_64+0xcd/0x250 [ 938.693202][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.694972][T19654] RIP: 0033:0x7f679d57def9 [ 938.696277][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 938.701380][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 938.703598][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 938.705945][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 938.708714][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 938.711513][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 938.714340][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 938.717175][T19654] [ 938.718372][T19654] BUG: Bad page state in process syz.2.4065 pfn:53019 [ 938.720797][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888100000002 pfn:0x53019 [ 938.724529][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 938.727022][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 938.730093][T19654] raw: ffff888100000002 0000000000000001 00000000ffffffff 0000000000000000 [ 938.733212][T19654] page dumped because: page_pool leak [ 938.735114][T19654] page_owner tracks the page as allocated [ 938.737131][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167177151, free_ts 934693307329 [ 938.742953][T19654] post_alloc_hook+0x2d1/0x350 [ 938.744249][T19654] get_page_from_freelist+0x1351/0x2e50 [ 938.745684][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 938.747050][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 938.748411][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 938.749928][T19654] page_pool_alloc_pages+0xb5/0x110 [ 938.751288][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 938.753516][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 938.755355][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 938.757144][T19654] __sys_bpf+0x10d2/0x4a00 [ 938.758648][T19654] __x64_sys_bpf+0x78/0xc0 [ 938.760133][T19654] do_syscall_64+0xcd/0x250 [ 938.761632][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.763737][T19654] page last free pid 17199 tgid 17199 stack trace: [ 938.765993][T19654] free_unref_page+0x64a/0xe40 [ 938.767696][T19654] __folio_put+0x31c/0x3e0 [ 938.769284][T19654] free_page_and_swap_cache+0x249/0x2c0 [ 938.771208][T19654] tlb_remove_table_rcu+0x89/0xe0 [ 938.773016][T19654] rcu_core+0x828/0x16b0 [ 938.774571][T19654] handle_softirqs+0x216/0x8f0 [ 938.776272][T19654] irq_exit_rcu+0xbb/0x120 [ 938.777847][T19654] sysvec_apic_timer_interrupt+0x95/0xb0 [ 938.779829][T19654] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 938.781888][T19654] Modules linked in: [ 938.783341][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 938.787451][T19654] Tainted: [B]=BAD_PAGE [ 938.788884][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 938.792556][T19654] Call Trace: [ 938.793690][T19654] [ 938.794729][T19654] dump_stack_lvl+0x16c/0x1f0 [ 938.796396][T19654] bad_page+0xb3/0x220 [ 938.797787][T19654] ? __pfx_bad_page+0x10/0x10 [ 938.799072][T19654] ? page_bad_reason+0x9d/0x1e0 [ 938.800726][T19654] free_unref_page+0x69e/0xe40 [ 938.802384][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 938.804555][T19654] ? __phys_addr+0xc6/0x150 [ 938.806169][T19654] skb_free_head+0xa0/0x1d0 [ 938.807582][T19654] skb_release_data+0x75c/0x980 [ 938.808886][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 938.810667][T19654] ? rcu_is_watching+0x12/0xc0 [ 938.811937][T19654] sk_skb_reason_drop+0x133/0x200 [ 938.813295][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 938.815015][T19654] ? kernel_text_address+0x8d/0x100 [ 938.816384][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 938.817716][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 938.819551][T19654] ? hlock_class+0x4e/0x130 [ 938.820749][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 938.822070][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 938.823434][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 938.824997][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 938.826696][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 938.828181][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 938.829799][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 938.831520][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 938.832895][T19654] ? __build_skb_around+0x278/0x3b0 [ 938.834254][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 938.835630][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 938.837260][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 938.838962][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 938.840544][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 938.842314][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 938.844285][T19654] ? find_held_lock+0x2d/0x110 [ 938.845904][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 938.847925][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 938.849919][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 938.852046][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 938.853844][T19654] ? 0xffffffffa0004340 [ 938.855260][T19654] ? 0xffffffffa0004340 [ 938.856652][T19654] ? 0xffffffffa0004340 [ 938.858051][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 938.859762][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 938.861709][T19654] ? fput+0x32/0x390 [ 938.863021][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 938.864626][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 938.866582][T19654] __sys_bpf+0x10d2/0x4a00 [ 938.868085][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 938.869841][T19654] ? __fget_files+0x256/0x400 [ 938.871454][T19654] ? do_futex+0x123/0x350 [ 938.872932][T19654] ? __pfx_do_futex+0x10/0x10 [ 938.874526][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 938.876304][T19654] __x64_sys_bpf+0x78/0xc0 [ 938.877831][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 938.879586][T19654] do_syscall_64+0xcd/0x250 [ 938.881136][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.883066][T19654] RIP: 0033:0x7f679d57def9 [ 938.884575][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 938.891014][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 938.893836][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 938.896485][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 938.898850][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 938.900928][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 938.902987][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 938.905066][T19654] [ 938.906116][T19654] BUG: Bad page state in process syz.2.4065 pfn:53018 [ 938.907911][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888053018c60 pfn:0x53018 [ 938.910529][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 938.912338][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 938.914666][T19654] raw: ffff888053018c60 0000000000000001 00000000ffffffff 0000000000000000 [ 938.917198][T19654] page dumped because: page_pool leak [ 938.918589][T19654] page_owner tracks the page as allocated [ 938.920097][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167169432, free_ts 934693344836 [ 938.924955][T19654] post_alloc_hook+0x2d1/0x350 [ 938.926219][T19654] get_page_from_freelist+0x1351/0x2e50 [ 938.927663][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 938.929053][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 938.930496][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 938.932040][T19654] page_pool_alloc_pages+0xb5/0x110 [ 938.933462][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 938.935048][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 938.936400][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 938.937827][T19654] __sys_bpf+0x10d2/0x4a00 [ 938.938992][T19654] __x64_sys_bpf+0x78/0xc0 [ 938.940162][T19654] do_syscall_64+0xcd/0x250 [ 938.941362][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.942897][T19654] page last free pid 17199 tgid 17199 stack trace: [ 938.944616][T19654] free_unref_page+0x64a/0xe40 [ 938.945869][T19654] __folio_put+0x31c/0x3e0 [ 938.947032][T19654] free_page_and_swap_cache+0x249/0x2c0 [ 938.948466][T19654] tlb_remove_table_rcu+0x89/0xe0 [ 938.949792][T19654] rcu_core+0x828/0x16b0 [ 938.950903][T19654] handle_softirqs+0x216/0x8f0 [ 938.952145][T19654] irq_exit_rcu+0xbb/0x120 [ 938.953355][T19654] sysvec_apic_timer_interrupt+0x95/0xb0 [ 938.954814][T19654] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 938.956377][T19654] Modules linked in: [ 938.957409][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 938.960533][T19654] Tainted: [B]=BAD_PAGE [ 938.961618][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 938.964396][T19654] Call Trace: [ 938.965286][T19654] [ 938.966061][T19654] dump_stack_lvl+0x16c/0x1f0 [ 938.967296][T19654] bad_page+0xb3/0x220 [ 938.968365][T19654] ? __pfx_bad_page+0x10/0x10 [ 938.969598][T19654] ? page_bad_reason+0x9d/0x1e0 [ 938.970863][T19654] free_unref_page+0x69e/0xe40 [ 938.972109][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 938.973678][T19654] ? __phys_addr+0xc6/0x150 [ 938.974860][T19654] skb_free_head+0xa0/0x1d0 [ 938.976043][T19654] skb_release_data+0x75c/0x980 [ 938.977317][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 938.979104][T19654] ? rcu_is_watching+0x12/0xc0 [ 938.980365][T19654] sk_skb_reason_drop+0x133/0x200 [ 938.981690][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 938.983413][T19654] ? kernel_text_address+0x8d/0x100 [ 938.984783][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 938.986108][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 938.988028][T19654] ? hlock_class+0x4e/0x130 [ 938.989234][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 938.990528][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 938.991886][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 938.993490][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 938.995245][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 938.997120][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 938.998819][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 939.000534][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 939.001907][T19654] ? __build_skb_around+0x278/0x3b0 [ 939.003263][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 939.004638][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 939.006260][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 939.007958][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 939.009422][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 939.010787][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 939.012282][T19654] ? find_held_lock+0x2d/0x110 [ 939.013558][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 939.015085][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 939.016612][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 939.018133][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 939.019496][T19654] ? 0xffffffffa0004340 [ 939.020570][T19654] ? 0xffffffffa0004340 [ 939.021663][T19654] ? 0xffffffffa0004340 [ 939.022746][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 939.024146][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 939.025657][T19654] ? fput+0x32/0x390 [ 939.026683][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 939.027919][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 939.029405][T19654] __sys_bpf+0x10d2/0x4a00 [ 939.030553][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 939.031796][T19654] ? __fget_files+0x256/0x400 [ 939.033029][T19654] ? do_futex+0x123/0x350 [ 939.034312][T19654] ? __pfx_do_futex+0x10/0x10 [ 939.035525][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 939.036893][T19654] __x64_sys_bpf+0x78/0xc0 [ 939.038060][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 939.039500][T19654] do_syscall_64+0xcd/0x250 [ 939.041006][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.043022][T19654] RIP: 0033:0x7f679d57def9 [ 939.044481][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 939.050601][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 939.053198][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 939.055870][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 939.058512][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 939.061176][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 939.063805][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 939.066476][T19654] [ 939.067710][T19654] BUG: Bad page state in process syz.2.4065 pfn:4890b [ 939.069869][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x4890b [ 939.072745][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 939.075146][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 939.077988][T19654] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 939.080493][T19654] page dumped because: page_pool leak [ 939.082308][T19654] page_owner tracks the page as allocated [ 939.084350][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167161593, free_ts 934693251395 [ 939.090465][T19654] post_alloc_hook+0x2d1/0x350 [ 939.092011][T19654] get_page_from_freelist+0x1351/0x2e50 [ 939.093867][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 939.095518][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 939.097364][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 939.099332][T19654] page_pool_alloc_pages+0xb5/0x110 [ 939.101109][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 939.103222][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 939.104598][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 939.106365][T19654] __sys_bpf+0x10d2/0x4a00 [ 939.107889][T19654] __x64_sys_bpf+0x78/0xc0 [ 939.109446][T19654] do_syscall_64+0xcd/0x250 [ 939.111017][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.113071][T19654] page last free pid 17199 tgid 17199 stack trace: [ 939.115353][T19654] free_unref_page+0x64a/0xe40 [ 939.117030][T19654] __folio_put+0x31c/0x3e0 [ 939.118575][T19654] free_page_and_swap_cache+0x249/0x2c0 [ 939.120494][T19654] tlb_remove_table_rcu+0x89/0xe0 [ 939.122247][T19654] rcu_core+0x828/0x16b0 [ 939.123808][T19654] handle_softirqs+0x216/0x8f0 [ 939.125529][T19654] irq_exit_rcu+0xbb/0x120 [ 939.127075][T19654] sysvec_apic_timer_interrupt+0x95/0xb0 [ 939.129112][T19654] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 939.131292][T19654] Modules linked in: [ 939.132715][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 939.136956][T19654] Tainted: [B]=BAD_PAGE [ 939.138380][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 939.141951][T19654] Call Trace: [ 939.143050][T19654] [ 939.143956][T19654] dump_stack_lvl+0x16c/0x1f0 [ 939.145192][T19654] bad_page+0xb3/0x220 [ 939.146577][T19654] ? __pfx_bad_page+0x10/0x10 [ 939.148176][T19654] ? page_bad_reason+0x9d/0x1e0 [ 939.149848][T19654] free_unref_page+0x69e/0xe40 [ 939.151578][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 939.153680][T19654] ? __phys_addr+0xc6/0x150 [ 939.155137][T19654] skb_free_head+0xa0/0x1d0 [ 939.156318][T19654] skb_release_data+0x75c/0x980 [ 939.157603][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 939.159929][T19654] ? rcu_is_watching+0x12/0xc0 [ 939.161571][T19654] sk_skb_reason_drop+0x133/0x200 [ 939.163332][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 939.165468][T19654] ? kernel_text_address+0x8d/0x100 [ 939.167307][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 939.169058][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 939.171487][T19654] ? hlock_class+0x4e/0x130 [ 939.173046][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 939.174486][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 939.176282][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 939.178310][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 939.180486][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 939.182425][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 939.184519][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 939.186784][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 939.188556][T19654] ? __build_skb_around+0x278/0x3b0 [ 939.189915][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 939.191455][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 939.193601][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 939.195755][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 939.197571][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 939.199387][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 939.201424][T19654] ? find_held_lock+0x2d/0x110 [ 939.203122][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 939.205144][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 939.207181][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 939.209222][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 939.210965][T19654] ? 0xffffffffa0004340 [ 939.212417][T19654] ? 0xffffffffa0004340 [ 939.213677][T19654] ? 0xffffffffa0004340 [ 939.214784][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 939.216300][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 939.218329][T19654] ? fput+0x32/0x390 [ 939.219719][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 939.221377][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 939.223362][T19654] __sys_bpf+0x10d2/0x4a00 [ 939.224964][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 939.226605][T19654] ? __fget_files+0x256/0x400 [ 939.228270][T19654] ? do_futex+0x123/0x350 [ 939.229741][T19654] ? __pfx_do_futex+0x10/0x10 [ 939.231419][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 939.233205][T19654] __x64_sys_bpf+0x78/0xc0 [ 939.234362][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 939.235811][T19654] do_syscall_64+0xcd/0x250 [ 939.237411][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.239474][T19654] RIP: 0033:0x7f679d57def9 [ 939.241073][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 939.247669][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 939.250503][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 939.253277][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 939.256054][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 939.258762][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 939.261572][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 939.263952][T19654] [ 939.265110][T19654] BUG: Bad page state in process syz.2.4065 pfn:4890a [ 939.267493][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804890ba40 pfn:0x4890a [ 939.270603][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 939.273025][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 939.276071][T19654] raw: ffff88804890ba40 0000000000000001 00000000ffffffff 0000000000000000 [ 939.279073][T19654] page dumped because: page_pool leak [ 939.280881][T19654] page_owner tracks the page as allocated [ 939.282779][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167153758, free_ts 934693676543 [ 939.289150][T19654] post_alloc_hook+0x2d1/0x350 [ 939.290801][T19654] get_page_from_freelist+0x1351/0x2e50 [ 939.292797][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 939.294488][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 939.296439][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 939.298435][T19654] page_pool_alloc_pages+0xb5/0x110 [ 939.300264][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 939.302431][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 939.304283][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 939.305907][T19654] __sys_bpf+0x10d2/0x4a00 [ 939.307485][T19654] __x64_sys_bpf+0x78/0xc0 [ 939.309092][T19654] do_syscall_64+0xcd/0x250 [ 939.310528][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.312532][T19654] page last free pid 17199 tgid 17199 stack trace: [ 939.314787][T19654] free_unref_page+0x64a/0xe40 [ 939.316406][T19654] __folio_put+0x31c/0x3e0 [ 939.317939][T19654] free_page_and_swap_cache+0x249/0x2c0 [ 939.319825][T19654] tlb_remove_table_rcu+0x89/0xe0 [ 939.321557][T19654] rcu_core+0x828/0x16b0 [ 939.323016][T19654] handle_softirqs+0x216/0x8f0 [ 939.324738][T19654] irq_exit_rcu+0xbb/0x120 [ 939.326345][T19654] sysvec_apic_timer_interrupt+0x95/0xb0 [ 939.328331][T19654] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 939.330468][T19654] Modules linked in: [ 939.331641][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 939.335206][T19654] Tainted: [B]=BAD_PAGE [ 939.336269][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 939.339005][T19654] Call Trace: [ 939.339871][T19654] [ 939.340634][T19654] dump_stack_lvl+0x16c/0x1f0 [ 939.341883][T19654] bad_page+0xb3/0x220 [ 939.343030][T19654] ? __pfx_bad_page+0x10/0x10 [ 939.344736][T19654] ? page_bad_reason+0x9d/0x1e0 [ 939.346422][T19654] free_unref_page+0x69e/0xe40 [ 939.348084][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 939.350139][T19654] ? __phys_addr+0xc6/0x150 [ 939.351701][T19654] skb_free_head+0xa0/0x1d0 [ 939.353304][T19654] skb_release_data+0x75c/0x980 [ 939.354848][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 939.356848][T19654] ? rcu_is_watching+0x12/0xc0 [ 939.358587][T19654] sk_skb_reason_drop+0x133/0x200 [ 939.360426][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 939.362801][T19654] ? kernel_text_address+0x8d/0x100 [ 939.364671][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 939.366420][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 939.368832][T19654] ? hlock_class+0x4e/0x130 [ 939.370383][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 939.372084][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 939.373927][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 939.376061][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 939.378339][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 939.380388][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 939.382581][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 939.384963][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 939.386804][T19654] ? __build_skb_around+0x278/0x3b0 [ 939.388670][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 939.390483][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 939.392433][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 939.394506][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 939.396463][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 939.398330][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 939.400394][T19654] ? find_held_lock+0x2d/0x110 [ 939.402099][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 939.404182][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 939.406291][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 939.408277][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 939.410018][T19654] ? 0xffffffffa0004340 [ 939.411444][T19654] ? 0xffffffffa0004340 [ 939.412898][T19654] ? 0xffffffffa0004340 [ 939.414365][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 939.416126][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 939.418163][T19654] ? fput+0x32/0x390 [ 939.419319][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 939.420602][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 939.422445][T19654] __sys_bpf+0x10d2/0x4a00 [ 939.423986][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 939.425594][T19654] ? __fget_files+0x256/0x400 [ 939.426848][T19654] ? do_futex+0x123/0x350 [ 939.428012][T19654] ? __pfx_do_futex+0x10/0x10 [ 939.429264][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 939.430752][T19654] __x64_sys_bpf+0x78/0xc0 [ 939.432111][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 939.434013][T19654] do_syscall_64+0xcd/0x250 [ 939.435684][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.437772][T19654] RIP: 0033:0x7f679d57def9 [ 939.438918][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 939.443894][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 939.446036][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 939.448070][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 939.450103][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 939.452120][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 939.454408][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 939.457136][T19654] [ 939.458038][T19654] BUG: Bad page state in process syz.2.4065 pfn:300eb [ 939.459792][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888100000002 pfn:0x300eb [ 939.462392][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 939.464511][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 939.467624][T19654] raw: ffff888100000002 0000000000000001 00000000ffffffff 0000000000000000 [ 939.470715][T19654] page dumped because: page_pool leak [ 939.472651][T19654] page_owner tracks the page as allocated [ 939.474573][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167145959, free_ts 930645643811 [ 939.479328][T19654] post_alloc_hook+0x2d1/0x350 [ 939.480576][T19654] get_page_from_freelist+0x1351/0x2e50 [ 939.482071][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 939.484063][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 939.485992][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 939.488128][T19654] page_pool_alloc_pages+0xb5/0x110 [ 939.490023][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 939.492252][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 939.494103][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 939.495601][T19654] __sys_bpf+0x10d2/0x4a00 [ 939.496760][T19654] __x64_sys_bpf+0x78/0xc0 [ 939.497936][T19654] do_syscall_64+0xcd/0x250 [ 939.499116][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.500663][T19654] page last free pid 18137 tgid 18137 stack trace: [ 939.502341][T19654] free_unref_page+0x64a/0xe40 [ 939.503994][T19654] qlist_free_all+0x4e/0x140 [ 939.505675][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 939.507645][T19654] __kasan_slab_alloc+0x69/0x90 [ 939.509422][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 939.511335][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 939.513226][T19654] xt_replace_table+0x1c7/0x910 [ 939.514512][T19654] __do_replace+0x1d9/0x9b0 [ 939.515684][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 939.516911][T19654] nf_setsockopt+0x8a/0xf0 [ 939.518070][T19654] ip_setsockopt+0xcb/0xf0 [ 939.519207][T19654] tcp_setsockopt+0xa4/0x100 [ 939.520415][T19654] do_sock_setsockopt+0x222/0x480 [ 939.521726][T19654] __sys_setsockopt+0x1a4/0x270 [ 939.523139][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 939.524995][T19654] do_syscall_64+0xcd/0x250 [ 939.526646][T19654] Modules linked in: [ 939.528063][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 939.532353][T19654] Tainted: [B]=BAD_PAGE [ 939.533664][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 939.536361][T19654] Call Trace: [ 939.537243][T19654] [ 939.538002][T19654] dump_stack_lvl+0x16c/0x1f0 [ 939.539234][T19654] bad_page+0xb3/0x220 [ 939.540279][T19654] ? __pfx_bad_page+0x10/0x10 [ 939.541511][T19654] ? page_bad_reason+0x9d/0x1e0 [ 939.542768][T19654] free_unref_page+0x69e/0xe40 [ 939.544486][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 939.546532][T19654] ? __phys_addr+0xc6/0x150 [ 939.547710][T19654] skb_free_head+0xa0/0x1d0 [ 939.548907][T19654] skb_release_data+0x75c/0x980 [ 939.550082][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 939.551834][T19654] ? rcu_is_watching+0x12/0xc0 [ 939.553238][T19654] sk_skb_reason_drop+0x133/0x200 [ 939.554791][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 939.556507][T19654] ? kernel_text_address+0x8d/0x100 [ 939.557865][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 939.559171][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 939.561000][T19654] ? hlock_class+0x4e/0x130 [ 939.562181][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 939.563700][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 939.565592][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 939.567758][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 939.570085][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 939.572177][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 939.574334][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 939.576580][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 939.578327][T19654] ? __build_skb_around+0x278/0x3b0 [ 939.580027][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 939.581853][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 939.584024][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 939.586043][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 939.587488][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 939.588844][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 939.590670][T19654] ? find_held_lock+0x2d/0x110 [ 939.591915][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 939.593731][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 939.595862][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 939.597995][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 939.599938][T19654] ? 0xffffffffa0004340 [ 939.601429][T19654] ? 0xffffffffa0004340 [ 939.602925][T19654] ? 0xffffffffa0004340 [ 939.604126][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 939.605975][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 939.607957][T19654] ? fput+0x32/0x390 [ 939.609346][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 939.610930][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 939.612900][T19654] __sys_bpf+0x10d2/0x4a00 [ 939.614482][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 939.616195][T19654] ? __fget_files+0x256/0x400 [ 939.617904][T19654] ? do_futex+0x123/0x350 [ 939.619464][T19654] ? __pfx_do_futex+0x10/0x10 [ 939.621171][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 939.623016][T19654] __x64_sys_bpf+0x78/0xc0 [ 939.624168][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 939.625453][T19654] do_syscall_64+0xcd/0x250 [ 939.626637][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.628149][T19654] RIP: 0033:0x7f679d57def9 [ 939.629319][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 939.634795][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 939.637755][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 939.640553][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 939.643252][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 939.645278][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 939.647311][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 939.649541][T19654] [ 939.650716][T19654] BUG: Bad page state in process syz.2.4065 pfn:300ea [ 939.653073][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880300ebe00 pfn:0x300ea [ 939.656504][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 939.658997][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 939.662073][T19654] raw: ffff8880300ebe00 0000000000000001 00000000ffffffff 0000000000000000 [ 939.665090][T19654] page dumped because: page_pool leak [ 939.667018][T19654] page_owner tracks the page as allocated [ 939.669055][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167138095, free_ts 930645643811 [ 939.675475][T19654] post_alloc_hook+0x2d1/0x350 [ 939.677129][T19654] get_page_from_freelist+0x1351/0x2e50 [ 939.678954][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 939.680762][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 939.682728][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 939.685038][T19654] page_pool_alloc_pages+0xb5/0x110 [ 939.686929][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 939.689175][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 939.691040][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 939.692834][T19654] __sys_bpf+0x10d2/0x4a00 [ 939.694400][T19654] __x64_sys_bpf+0x78/0xc0 [ 939.695935][T19654] do_syscall_64+0xcd/0x250 [ 939.697517][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.699531][T19654] page last free pid 18137 tgid 18137 stack trace: [ 939.701748][T19654] free_unref_page+0x64a/0xe40 [ 939.703533][T19654] qlist_free_all+0x4e/0x140 [ 939.705214][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 939.707169][T19654] __kasan_slab_alloc+0x69/0x90 [ 939.708936][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 939.710812][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 939.712680][T19654] xt_replace_table+0x1c7/0x910 [ 939.714482][T19654] __do_replace+0x1d9/0x9b0 [ 939.716135][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 939.717831][T19654] nf_setsockopt+0x8a/0xf0 [ 939.719435][T19654] ip_setsockopt+0xcb/0xf0 [ 939.721055][T19654] tcp_setsockopt+0xa4/0x100 [ 939.722723][T19654] do_sock_setsockopt+0x222/0x480 [ 939.724509][T19654] __sys_setsockopt+0x1a4/0x270 [ 939.726186][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 939.727930][T19654] do_syscall_64+0xcd/0x250 [ 939.729552][T19654] Modules linked in: [ 939.730975][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 939.735265][T19654] Tainted: [B]=BAD_PAGE [ 939.736750][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 939.740556][T19654] Call Trace: [ 939.741766][T19654] [ 939.742828][T19654] dump_stack_lvl+0x16c/0x1f0 [ 939.744434][T19654] bad_page+0xb3/0x220 [ 939.745840][T19654] ? __pfx_bad_page+0x10/0x10 [ 939.747430][T19654] ? page_bad_reason+0x9d/0x1e0 [ 939.749150][T19654] free_unref_page+0x69e/0xe40 [ 939.750881][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 939.753032][T19654] ? __phys_addr+0xc6/0x150 [ 939.754573][T19654] skb_free_head+0xa0/0x1d0 [ 939.756145][T19654] skb_release_data+0x75c/0x980 [ 939.757922][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 939.760346][T19654] ? rcu_is_watching+0x12/0xc0 [ 939.762048][T19654] sk_skb_reason_drop+0x133/0x200 [ 939.763813][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 939.766100][T19654] ? kernel_text_address+0x8d/0x100 [ 939.767888][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 939.769615][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 939.772089][T19654] ? hlock_class+0x4e/0x130 [ 939.773694][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 939.775347][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 939.777203][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 939.779339][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 939.781632][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 939.783627][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 939.785707][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 939.787936][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 939.789702][T19654] ? __build_skb_around+0x278/0x3b0 [ 939.791447][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 939.793290][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 939.795496][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 939.797847][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 939.799852][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 939.801722][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 939.803744][T19654] ? find_held_lock+0x2d/0x110 [ 939.805382][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 939.807407][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 939.809428][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 939.811417][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 939.813034][T19654] ? 0xffffffffa0004340 [ 939.814486][T19654] ? 0xffffffffa0004340 [ 939.815967][T19654] ? 0xffffffffa0004340 [ 939.817481][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 939.819414][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 939.821502][T19654] ? fput+0x32/0x390 [ 939.822917][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 939.824566][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 939.826578][T19654] __sys_bpf+0x10d2/0x4a00 [ 939.828129][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 939.829770][T19654] ? __fget_files+0x256/0x400 [ 939.831404][T19654] ? do_futex+0x123/0x350 [ 939.832940][T19654] ? __pfx_do_futex+0x10/0x10 [ 939.834605][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 939.836510][T19654] __x64_sys_bpf+0x78/0xc0 [ 939.838125][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 939.839953][T19654] do_syscall_64+0xcd/0x250 [ 939.841583][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.843620][T19654] RIP: 0033:0x7f679d57def9 [ 939.845225][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 939.851763][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 939.854680][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 939.857472][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 939.860261][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 939.863030][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 939.865777][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 939.868593][T19654] [ 939.869852][T19654] BUG: Bad page state in process syz.2.4065 pfn:64df1 [ 939.872274][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x64df1 [ 939.875726][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 939.878134][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 939.881035][T19654] raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 939.883998][T19654] page dumped because: page_pool leak [ 939.885843][T19654] page_owner tracks the page as allocated [ 939.887760][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167130406, free_ts 930645737092 [ 939.894070][T19654] post_alloc_hook+0x2d1/0x350 [ 939.895805][T19654] get_page_from_freelist+0x1351/0x2e50 [ 939.897789][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 939.899680][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 939.901656][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 939.903774][T19654] page_pool_alloc_pages+0xb5/0x110 [ 939.905552][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 939.907624][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 939.909527][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 939.911450][T19654] __sys_bpf+0x10d2/0x4a00 [ 939.913121][T19654] __x64_sys_bpf+0x78/0xc0 [ 939.914636][T19654] do_syscall_64+0xcd/0x250 [ 939.916219][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.918254][T19654] page last free pid 18137 tgid 18137 stack trace: [ 939.920440][T19654] free_unref_page+0x64a/0xe40 [ 939.922157][T19654] qlist_free_all+0x4e/0x140 [ 939.923868][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 939.925750][T19654] __kasan_slab_alloc+0x69/0x90 [ 939.927408][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 939.929200][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 939.930979][T19654] xt_replace_table+0x1c7/0x910 [ 939.932732][T19654] __do_replace+0x1d9/0x9b0 [ 939.934418][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 939.936047][T19654] nf_setsockopt+0x8a/0xf0 [ 939.937674][T19654] ip_setsockopt+0xcb/0xf0 [ 939.939279][T19654] tcp_setsockopt+0xa4/0x100 [ 939.940956][T19654] do_sock_setsockopt+0x222/0x480 [ 939.942755][T19654] __sys_setsockopt+0x1a4/0x270 [ 939.944473][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 939.946227][T19654] do_syscall_64+0xcd/0x250 [ 939.947796][T19654] Modules linked in: [ 939.949149][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 939.953260][T19654] Tainted: [B]=BAD_PAGE [ 939.954738][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 939.958522][T19654] Call Trace: [ 939.959738][T19654] [ 939.960817][T19654] dump_stack_lvl+0x16c/0x1f0 [ 939.962519][T19654] bad_page+0xb3/0x220 [ 939.963963][T19654] ? __pfx_bad_page+0x10/0x10 [ 939.965576][T19654] ? page_bad_reason+0x9d/0x1e0 [ 939.967240][T19654] free_unref_page+0x69e/0xe40 [ 939.968899][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 939.970920][T19654] ? __phys_addr+0xc6/0x150 [ 939.972548][T19654] skb_free_head+0xa0/0x1d0 [ 939.973837][T19654] skb_release_data+0x75c/0x980 [ 939.975101][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 939.976862][T19654] ? rcu_is_watching+0x12/0xc0 [ 939.978087][T19654] sk_skb_reason_drop+0x133/0x200 [ 939.979360][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 939.981075][T19654] ? kernel_text_address+0x8d/0x100 [ 939.982420][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 939.984097][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 939.986633][T19654] ? hlock_class+0x4e/0x130 [ 939.988278][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 939.990075][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 939.991961][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 939.994117][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 939.996444][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 939.998520][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 940.000745][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 940.003124][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 940.004511][T19654] ? __build_skb_around+0x278/0x3b0 [ 940.005868][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 940.007252][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 940.008892][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 940.010606][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 940.012063][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 940.013628][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 940.015631][T19654] ? find_held_lock+0x2d/0x110 [ 940.017349][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 940.019304][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 940.021300][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 940.023333][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 940.025246][T19654] ? 0xffffffffa0004340 [ 940.026744][T19654] ? 0xffffffffa0004340 [ 940.028246][T19654] ? 0xffffffffa0004340 [ 940.029765][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 940.031701][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 940.033805][T19654] ? fput+0x32/0x390 [ 940.034889][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 940.036137][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 940.037647][T19654] __sys_bpf+0x10d2/0x4a00 [ 940.038797][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 940.040030][T19654] ? __fget_files+0x256/0x400 [ 940.041621][T19654] ? do_futex+0x123/0x350 [ 940.043088][T19654] ? __pfx_do_futex+0x10/0x10 [ 940.044694][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 940.046515][T19654] __x64_sys_bpf+0x78/0xc0 [ 940.048038][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 940.049827][T19654] do_syscall_64+0xcd/0x250 [ 940.051378][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.053449][T19654] RIP: 0033:0x7f679d57def9 [ 940.054985][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 940.061471][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 940.064272][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 940.066957][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 940.069660][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 940.072299][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 940.074991][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 940.077605][T19654] [ 940.078804][T19654] BUG: Bad page state in process syz.2.4065 pfn:64df0 [ 940.081153][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888064df1cc0 pfn:0x64df0 [ 940.084614][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 940.087054][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 940.089962][T19654] raw: ffff888064df1cc0 0000000000000001 00000000ffffffff 0000000000000000 [ 940.092874][T19654] page dumped because: page_pool leak [ 940.094735][T19654] page_owner tracks the page as allocated [ 940.096443][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167122609, free_ts 930645737092 [ 940.101355][T19654] post_alloc_hook+0x2d1/0x350 [ 940.102631][T19654] get_page_from_freelist+0x1351/0x2e50 [ 940.104170][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 940.105608][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 940.107067][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 940.108633][T19654] page_pool_alloc_pages+0xb5/0x110 [ 940.110052][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 940.111700][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 940.113235][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 940.115036][T19654] __sys_bpf+0x10d2/0x4a00 [ 940.116566][T19654] __x64_sys_bpf+0x78/0xc0 [ 940.118111][T19654] do_syscall_64+0xcd/0x250 [ 940.119685][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.121706][T19654] page last free pid 18137 tgid 18137 stack trace: [ 940.123718][T19654] free_unref_page+0x64a/0xe40 [ 940.125428][T19654] qlist_free_all+0x4e/0x140 [ 940.126846][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 940.128582][T19654] __kasan_slab_alloc+0x69/0x90 [ 940.130033][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 940.131503][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 940.132942][T19654] xt_replace_table+0x1c7/0x910 [ 940.134311][T19654] __do_replace+0x1d9/0x9b0 [ 940.135810][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 940.137456][T19654] nf_setsockopt+0x8a/0xf0 [ 940.139026][T19654] ip_setsockopt+0xcb/0xf0 [ 940.140589][T19654] tcp_setsockopt+0xa4/0x100 [ 940.142219][T19654] do_sock_setsockopt+0x222/0x480 [ 940.144076][T19654] __sys_setsockopt+0x1a4/0x270 [ 940.145847][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 940.147286][T19654] do_syscall_64+0xcd/0x250 [ 940.148819][T19654] Modules linked in: [ 940.150011][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 940.153306][T19654] Tainted: [B]=BAD_PAGE [ 940.154362][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 940.157413][T19654] Call Trace: [ 940.158299][T19654] [ 940.159171][T19654] dump_stack_lvl+0x16c/0x1f0 [ 940.160683][T19654] bad_page+0xb3/0x220 [ 940.161767][T19654] ? __pfx_bad_page+0x10/0x10 [ 940.163077][T19654] ? page_bad_reason+0x9d/0x1e0 [ 940.164774][T19654] free_unref_page+0x69e/0xe40 [ 940.166436][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 940.168510][T19654] ? __phys_addr+0xc6/0x150 [ 940.170104][T19654] skb_free_head+0xa0/0x1d0 [ 940.171689][T19654] skb_release_data+0x75c/0x980 [ 940.173269][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 940.175026][T19654] ? rcu_is_watching+0x12/0xc0 [ 940.176266][T19654] sk_skb_reason_drop+0x133/0x200 [ 940.177579][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 940.179299][T19654] ? kernel_text_address+0x8d/0x100 [ 940.180913][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 940.182652][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 940.185027][T19654] ? hlock_class+0x4e/0x130 [ 940.186599][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 940.188262][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 940.189915][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 940.192067][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 940.193902][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 940.195317][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 940.197287][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 940.199319][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 940.201157][T19654] ? __build_skb_around+0x278/0x3b0 [ 940.203034][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 940.204733][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 940.206350][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 940.208036][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 940.209654][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 940.211527][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 940.213602][T19654] ? find_held_lock+0x2d/0x110 [ 940.215272][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 940.217392][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 940.219517][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 940.221630][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 940.223503][T19654] ? 0xffffffffa0004340 [ 940.225001][T19654] ? 0xffffffffa0004340 [ 940.226465][T19654] ? 0xffffffffa0004340 [ 940.227930][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 940.229772][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 940.231755][T19654] ? fput+0x32/0x390 [ 940.233182][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 940.234852][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 940.236913][T19654] __sys_bpf+0x10d2/0x4a00 [ 940.238487][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 940.240121][T19654] ? __fget_files+0x256/0x400 [ 940.241762][T19654] ? do_futex+0x123/0x350 [ 940.243259][T19654] ? __pfx_do_futex+0x10/0x10 [ 940.244952][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 940.246792][T19654] __x64_sys_bpf+0x78/0xc0 [ 940.248328][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 940.250120][T19654] do_syscall_64+0xcd/0x250 [ 940.251776][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.253904][T19654] RIP: 0033:0x7f679d57def9 [ 940.255498][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 940.262297][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 940.265174][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 940.267870][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 940.270531][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 940.273285][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 940.276033][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 940.278816][T19654] [ 940.280032][T19654] BUG: Bad page state in process syz.2.4065 pfn:456d5 [ 940.282469][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x456d5 [ 940.286054][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 940.288538][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 940.291530][T19654] raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 940.294610][T19654] page dumped because: page_pool leak [ 940.296518][T19654] page_owner tracks the page as allocated [ 940.298529][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167114465, free_ts 930645760241 [ 940.304882][T19654] post_alloc_hook+0x2d1/0x350 [ 940.306613][T19654] get_page_from_freelist+0x1351/0x2e50 [ 940.308571][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 940.310449][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 940.312398][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 940.314601][T19654] page_pool_alloc_pages+0xb5/0x110 [ 940.316470][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 940.318660][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 940.320529][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 940.322403][T19654] __sys_bpf+0x10d2/0x4a00 [ 940.324035][T19654] __x64_sys_bpf+0x78/0xc0 [ 940.325626][T19654] do_syscall_64+0xcd/0x250 [ 940.327219][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.329289][T19654] page last free pid 18137 tgid 18137 stack trace: [ 940.331520][T19654] free_unref_page+0x64a/0xe40 [ 940.333289][T19654] qlist_free_all+0x4e/0x140 [ 940.334915][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 940.336809][T19654] __kasan_slab_alloc+0x69/0x90 [ 940.338521][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 940.340351][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 940.342202][T19654] xt_replace_table+0x1c7/0x910 [ 940.343961][T19654] __do_replace+0x1d9/0x9b0 [ 940.345571][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 940.347206][T19654] nf_setsockopt+0x8a/0xf0 [ 940.348781][T19654] ip_setsockopt+0xcb/0xf0 [ 940.350328][T19654] tcp_setsockopt+0xa4/0x100 [ 940.351958][T19654] do_sock_setsockopt+0x222/0x480 [ 940.353784][T19654] __sys_setsockopt+0x1a4/0x270 [ 940.355515][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 940.357287][T19654] do_syscall_64+0xcd/0x250 [ 940.358916][T19654] Modules linked in: [ 940.360279][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 940.364460][T19654] Tainted: [B]=BAD_PAGE [ 940.365896][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 940.369554][T19654] Call Trace: [ 940.370707][T19654] [ 940.371729][T19654] dump_stack_lvl+0x16c/0x1f0 [ 940.373401][T19654] bad_page+0xb3/0x220 [ 940.374823][T19654] ? __pfx_bad_page+0x10/0x10 [ 940.376453][T19654] ? page_bad_reason+0x9d/0x1e0 [ 940.378163][T19654] free_unref_page+0x69e/0xe40 [ 940.379829][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 940.381934][T19654] ? __phys_addr+0xc6/0x150 [ 940.383515][T19654] skb_free_head+0xa0/0x1d0 [ 940.385108][T19654] skb_release_data+0x75c/0x980 [ 940.386811][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 940.389124][T19654] ? rcu_is_watching+0x12/0xc0 [ 940.390843][T19654] sk_skb_reason_drop+0x133/0x200 [ 940.392613][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 940.394971][T19654] ? kernel_text_address+0x8d/0x100 [ 940.396801][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 940.398539][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 940.401012][T19654] ? hlock_class+0x4e/0x130 [ 940.402638][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 940.404367][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 940.406218][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 940.408328][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 940.410612][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 940.412604][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 940.414785][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 940.417113][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 940.418938][T19654] ? __build_skb_around+0x278/0x3b0 [ 940.420788][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 940.422651][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 940.424899][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 940.427218][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 940.429219][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 940.431045][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 940.433078][T19654] ? find_held_lock+0x2d/0x110 [ 940.434695][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 940.436738][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 940.438844][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 940.440919][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 940.442748][T19654] ? 0xffffffffa0004340 [ 940.444224][T19654] ? 0xffffffffa0004340 [ 940.445671][T19654] ? 0xffffffffa0004340 [ 940.447128][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 940.449038][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 940.451023][T19654] ? fput+0x32/0x390 [ 940.452385][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 940.454131][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 940.456137][T19654] __sys_bpf+0x10d2/0x4a00 [ 940.457698][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 940.459344][T19654] ? __fget_files+0x256/0x400 [ 940.460972][T19654] ? do_futex+0x123/0x350 [ 940.462480][T19654] ? __pfx_do_futex+0x10/0x10 [ 940.464167][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 940.466026][T19654] __x64_sys_bpf+0x78/0xc0 [ 940.467596][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 940.469420][T19654] do_syscall_64+0xcd/0x250 [ 940.471003][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.473072][T19654] RIP: 0033:0x7f679d57def9 [ 940.474619][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 940.481132][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 940.483684][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 940.485978][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 940.488671][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 940.491439][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 940.494181][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 940.496898][T19654] [ 940.498088][T19654] BUG: Bad page state in process syz.2.4065 pfn:456d4 [ 940.500425][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880456d5e00 pfn:0x456d4 [ 940.503948][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 940.506367][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 940.509311][T19654] raw: ffff8880456d5e00 0000000000000001 00000000ffffffff 0000000000000000 [ 940.512226][T19654] page dumped because: page_pool leak [ 940.514155][T19654] page_owner tracks the page as allocated [ 940.516237][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167106648, free_ts 930645760241 [ 940.522549][T19654] post_alloc_hook+0x2d1/0x350 [ 940.524290][T19654] get_page_from_freelist+0x1351/0x2e50 [ 940.526222][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 940.528043][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 940.529957][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 940.532002][T19654] page_pool_alloc_pages+0xb5/0x110 [ 940.533891][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 940.536016][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 940.537846][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 940.539735][T19654] __sys_bpf+0x10d2/0x4a00 [ 940.541313][T19654] __x64_sys_bpf+0x78/0xc0 [ 940.542894][T19654] do_syscall_64+0xcd/0x250 [ 940.544563][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.546633][T19654] page last free pid 18137 tgid 18137 stack trace: [ 940.548868][T19654] free_unref_page+0x64a/0xe40 [ 940.550537][T19654] qlist_free_all+0x4e/0x140 [ 940.552141][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 940.554086][T19654] __kasan_slab_alloc+0x69/0x90 [ 940.555783][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 940.557627][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 940.559463][T19654] xt_replace_table+0x1c7/0x910 [ 940.561190][T19654] __do_replace+0x1d9/0x9b0 [ 940.562791][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 940.564471][T19654] nf_setsockopt+0x8a/0xf0 [ 940.566033][T19654] ip_setsockopt+0xcb/0xf0 [ 940.567574][T19654] tcp_setsockopt+0xa4/0x100 [ 940.569188][T19654] do_sock_setsockopt+0x222/0x480 [ 940.570942][T19654] __sys_setsockopt+0x1a4/0x270 [ 940.572650][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 940.574507][T19654] do_syscall_64+0xcd/0x250 [ 940.576091][T19654] Modules linked in: [ 940.577534][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 940.581734][T19654] Tainted: [B]=BAD_PAGE [ 940.583207][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 940.586874][T19654] Call Trace: [ 940.588031][T19654] [ 940.589071][T19654] dump_stack_lvl+0x16c/0x1f0 [ 940.590719][T19654] bad_page+0xb3/0x220 [ 940.592155][T19654] ? __pfx_bad_page+0x10/0x10 [ 940.593819][T19654] ? page_bad_reason+0x9d/0x1e0 [ 940.595519][T19654] free_unref_page+0x69e/0xe40 [ 940.597195][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 940.599280][T19654] ? __phys_addr+0xc6/0x150 [ 940.600875][T19654] skb_free_head+0xa0/0x1d0 [ 940.602441][T19654] skb_release_data+0x75c/0x980 [ 940.604079][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 940.606425][T19654] ? rcu_is_watching+0x12/0xc0 [ 940.608053][T19654] sk_skb_reason_drop+0x133/0x200 [ 940.609712][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 940.612020][T19654] ? kernel_text_address+0x8d/0x100 [ 940.613869][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 940.615691][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 940.618090][T19654] ? hlock_class+0x4e/0x130 [ 940.619698][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 940.621446][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 940.623243][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 940.625357][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 940.627584][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 940.629567][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 940.631719][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 940.634063][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 940.635879][T19654] ? __build_skb_around+0x278/0x3b0 [ 940.637699][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 940.639477][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 940.641653][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 940.644025][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 940.645978][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 940.647802][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 940.649851][T19654] ? find_held_lock+0x2d/0x110 [ 940.651520][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 940.653610][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 940.655654][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 940.657682][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 940.659537][T19654] ? 0xffffffffa0004340 [ 940.661007][T19654] ? 0xffffffffa0004340 [ 940.662449][T19654] ? 0xffffffffa0004340 [ 940.663890][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 940.665766][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 940.667767][T19654] ? fput+0x32/0x390 [ 940.669155][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 940.670824][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 940.672842][T19654] __sys_bpf+0x10d2/0x4a00 [ 940.674391][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 940.676065][T19654] ? __fget_files+0x256/0x400 [ 940.677681][T19654] ? do_futex+0x123/0x350 [ 940.679183][T19654] ? __pfx_do_futex+0x10/0x10 [ 940.680835][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 940.682677][T19654] __x64_sys_bpf+0x78/0xc0 [ 940.684232][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 940.686025][T19654] do_syscall_64+0xcd/0x250 [ 940.687608][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.689680][T19654] RIP: 0033:0x7f679d57def9 [ 940.691213][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 940.697824][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 940.700675][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 940.703385][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 940.706367][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 940.709107][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 940.711891][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 940.714661][T19654] [ 940.715857][T19654] BUG: Bad page state in process syz.2.4065 pfn:4e3ed [ 940.718229][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x4e3ed [ 940.721760][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 940.724307][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 940.727253][T19654] raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 940.730215][T19654] page dumped because: page_pool leak [ 940.732061][T19654] page_owner tracks the page as allocated [ 940.734134][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167098721, free_ts 930645782043 [ 940.740455][T19654] post_alloc_hook+0x2d1/0x350 [ 940.742155][T19654] get_page_from_freelist+0x1351/0x2e50 [ 940.744154][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 940.746023][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 940.747956][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 940.750073][T19654] page_pool_alloc_pages+0xb5/0x110 [ 940.751931][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 940.753644][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 940.755023][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 940.756412][T19654] __sys_bpf+0x10d2/0x4a00 [ 940.757585][T19654] __x64_sys_bpf+0x78/0xc0 [ 940.758758][T19654] do_syscall_64+0xcd/0x250 [ 940.759973][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.761508][T19654] page last free pid 18137 tgid 18137 stack trace: [ 940.763216][T19654] free_unref_page+0x64a/0xe40 [ 940.764475][T19654] __put_partials+0x14c/0x170 [ 940.765714][T19654] qlist_free_all+0x4e/0x140 [ 940.766958][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 940.768922][T19654] __kasan_slab_alloc+0x69/0x90 [ 940.770358][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 940.771725][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 940.773167][T19654] xt_replace_table+0x1c7/0x910 [ 940.774434][T19654] __do_replace+0x1d9/0x9b0 [ 940.775624][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 940.776896][T19654] nf_setsockopt+0x8a/0xf0 [ 940.778062][T19654] ip_setsockopt+0xcb/0xf0 [ 940.779278][T19654] tcp_setsockopt+0xa4/0x100 [ 940.780556][T19654] do_sock_setsockopt+0x222/0x480 [ 940.781869][T19654] __sys_setsockopt+0x1a4/0x270 [ 940.783526][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 940.785263][T19654] Modules linked in: [ 940.786580][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 940.790334][T19654] Tainted: [B]=BAD_PAGE [ 940.791412][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 940.794215][T19654] Call Trace: [ 940.795225][T19654] [ 940.796278][T19654] dump_stack_lvl+0x16c/0x1f0 [ 940.797963][T19654] bad_page+0xb3/0x220 [ 940.799335][T19654] ? __pfx_bad_page+0x10/0x10 [ 940.800563][T19654] ? page_bad_reason+0x9d/0x1e0 [ 940.801849][T19654] free_unref_page+0x69e/0xe40 [ 940.803103][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 940.805070][T19654] ? __phys_addr+0xc6/0x150 [ 940.806697][T19654] skb_free_head+0xa0/0x1d0 [ 940.808299][T19654] skb_release_data+0x75c/0x980 [ 940.809617][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 940.811384][T19654] ? rcu_is_watching+0x12/0xc0 [ 940.812638][T19654] sk_skb_reason_drop+0x133/0x200 [ 940.813872][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 940.815590][T19654] ? kernel_text_address+0x8d/0x100 [ 940.816952][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 940.818448][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 940.820995][T19654] ? hlock_class+0x4e/0x130 [ 940.822531][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 940.824203][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 940.825719][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 940.827481][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 940.829244][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 940.830702][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 940.832723][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 940.834906][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 940.836285][T19654] ? __build_skb_around+0x278/0x3b0 [ 940.837667][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 940.839054][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 940.841296][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 940.843668][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 940.845743][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 940.847684][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 940.849708][T19654] ? find_held_lock+0x2d/0x110 [ 940.851306][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 940.853255][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 940.855162][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 940.857033][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 940.858834][T19654] ? 0xffffffffa0004340 [ 940.860196][T19654] ? 0xffffffffa0004340 [ 940.861563][T19654] ? 0xffffffffa0004340 [ 940.863051][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 940.865026][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 940.867162][T19654] ? fput+0x32/0x390 [ 940.868619][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 940.870366][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 940.872435][T19654] __sys_bpf+0x10d2/0x4a00 [ 940.874044][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 940.875693][T19654] ? __fget_files+0x256/0x400 [ 940.877352][T19654] ? do_futex+0x123/0x350 [ 940.878950][T19654] ? __pfx_do_futex+0x10/0x10 [ 940.880691][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 940.882659][T19654] __x64_sys_bpf+0x78/0xc0 [ 940.884302][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 940.886203][T19654] do_syscall_64+0xcd/0x250 [ 940.887870][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.889802][T19654] RIP: 0033:0x7f679d57def9 [ 940.891123][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 940.897400][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 940.900385][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 940.903266][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 940.906151][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 940.909037][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 940.911891][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 940.914799][T19654] [ 940.916066][T19654] BUG: Bad page state in process syz.2.4065 pfn:4e3ec [ 940.918562][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804e3ede00 pfn:0x4e3ec [ 940.921395][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 940.923282][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 940.925499][T19654] raw: ffff88804e3ede00 0000000000000001 00000000ffffffff 0000000000000000 [ 940.927692][T19654] page dumped because: page_pool leak [ 940.929091][T19654] page_owner tracks the page as allocated [ 940.931141][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167091119, free_ts 930645782043 [ 940.937263][T19654] post_alloc_hook+0x2d1/0x350 [ 940.938848][T19654] get_page_from_freelist+0x1351/0x2e50 [ 940.940702][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 940.942480][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 940.944354][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 940.946339][T19654] page_pool_alloc_pages+0xb5/0x110 [ 940.948076][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 940.950126][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 940.951870][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 940.953743][T19654] __sys_bpf+0x10d2/0x4a00 [ 940.955174][T19654] __x64_sys_bpf+0x78/0xc0 [ 940.956664][T19654] do_syscall_64+0xcd/0x250 [ 940.958216][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.960185][T19654] page last free pid 18137 tgid 18137 stack trace: [ 940.962343][T19654] free_unref_page+0x64a/0xe40 [ 940.964010][T19654] __put_partials+0x14c/0x170 [ 940.965475][T19654] qlist_free_all+0x4e/0x140 [ 940.967036][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 940.968874][T19654] __kasan_slab_alloc+0x69/0x90 [ 940.970515][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 940.972272][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 940.974126][T19654] xt_replace_table+0x1c7/0x910 [ 940.975783][T19654] __do_replace+0x1d9/0x9b0 [ 940.977328][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 940.978852][T19654] nf_setsockopt+0x8a/0xf0 [ 940.980024][T19654] ip_setsockopt+0xcb/0xf0 [ 940.981218][T19654] tcp_setsockopt+0xa4/0x100 [ 940.982449][T19654] do_sock_setsockopt+0x222/0x480 [ 940.983823][T19654] __sys_setsockopt+0x1a4/0x270 [ 940.985130][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 940.986824][T19654] Modules linked in: [ 940.988136][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 940.992138][T19654] Tainted: [B]=BAD_PAGE [ 940.993569][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 940.997133][T19654] Call Trace: [ 940.998244][T19654] [ 940.999270][T19654] dump_stack_lvl+0x16c/0x1f0 [ 941.000875][T19654] bad_page+0xb3/0x220 [ 941.002225][T19654] ? __pfx_bad_page+0x10/0x10 [ 941.003815][T19654] ? page_bad_reason+0x9d/0x1e0 [ 941.005433][T19654] free_unref_page+0x69e/0xe40 [ 941.007043][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 941.009060][T19654] ? __phys_addr+0xc6/0x150 [ 941.010583][T19654] skb_free_head+0xa0/0x1d0 [ 941.012117][T19654] skb_release_data+0x75c/0x980 [ 941.013780][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 941.016016][T19654] ? rcu_is_watching+0x12/0xc0 [ 941.017642][T19654] sk_skb_reason_drop+0x133/0x200 [ 941.019327][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 941.021558][T19654] ? kernel_text_address+0x8d/0x100 [ 941.023292][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 941.024995][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 941.027345][T19654] ? hlock_class+0x4e/0x130 [ 941.028882][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 941.030544][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 941.032293][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 941.034313][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 941.036465][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 941.038386][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 941.040453][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 941.042694][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 941.044440][T19654] ? __build_skb_around+0x278/0x3b0 [ 941.046190][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 941.047956][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 941.050047][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 941.052237][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 941.054126][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 941.055879][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 941.057821][T19654] ? find_held_lock+0x2d/0x110 [ 941.059458][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 941.061458][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 941.063440][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 941.065402][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 941.067169][T19654] ? 0xffffffffa0004340 [ 941.068553][T19654] ? 0xffffffffa0004340 [ 941.069953][T19654] ? 0xffffffffa0004340 [ 941.071341][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 941.073157][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 941.075101][T19654] ? fput+0x32/0x390 [ 941.076411][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 941.078015][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 941.080105][T19654] __sys_bpf+0x10d2/0x4a00 [ 941.081644][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 941.083273][T19654] ? __fget_files+0x256/0x400 [ 941.084892][T19654] ? do_futex+0x123/0x350 [ 941.086353][T19654] ? __pfx_do_futex+0x10/0x10 [ 941.087966][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 941.089771][T19654] __x64_sys_bpf+0x78/0xc0 [ 941.091294][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 941.093081][T19654] do_syscall_64+0xcd/0x250 [ 941.094625][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 941.096590][T19654] RIP: 0033:0x7f679d57def9 [ 941.098099][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 941.104528][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 941.107332][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 941.109990][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 941.112592][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 941.115040][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 941.117575][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 941.120217][T19654] [ 941.121383][T19654] BUG: Bad page state in process syz.2.4065 pfn:283eb [ 941.123731][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x283eb [ 941.126673][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 941.129055][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 941.131922][T19654] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 941.134852][T19654] page dumped because: page_pool leak [ 941.136650][T19654] page_owner tracks the page as allocated [ 941.138571][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167083270, free_ts 930645798872 [ 941.144770][T19654] post_alloc_hook+0x2d1/0x350 [ 941.146375][T19654] get_page_from_freelist+0x1351/0x2e50 [ 941.148214][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 941.149962][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 941.151689][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 941.153636][T19654] page_pool_alloc_pages+0xb5/0x110 [ 941.155380][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 941.157452][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 941.159223][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 941.161003][T19654] __sys_bpf+0x10d2/0x4a00 [ 941.162421][T19654] __x64_sys_bpf+0x78/0xc0 [ 941.163911][T19654] do_syscall_64+0xcd/0x250 [ 941.165357][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 941.167341][T19654] page last free pid 18137 tgid 18137 stack trace: [ 941.169528][T19654] free_unref_page+0x64a/0xe40 [ 941.171165][T19654] __put_partials+0x14c/0x170 [ 941.172775][T19654] qlist_free_all+0x4e/0x140 [ 941.174420][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 941.176218][T19654] __kasan_slab_alloc+0x69/0x90 [ 941.177865][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 941.179634][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 941.181398][T19654] xt_replace_table+0x1c7/0x910 [ 941.183036][T19654] __do_replace+0x1d9/0x9b0 [ 941.184596][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 941.186171][T19654] nf_setsockopt+0x8a/0xf0 [ 941.187673][T19654] ip_setsockopt+0xcb/0xf0 [ 941.189021][T19654] tcp_setsockopt+0xa4/0x100 [ 941.190068][T19654] do_sock_setsockopt+0x222/0x480 [ 941.191198][T19654] __sys_setsockopt+0x1a4/0x270 [ 941.192294][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 941.193912][T19654] Modules linked in: [ 941.195218][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 941.199224][T19654] Tainted: [B]=BAD_PAGE [ 941.200603][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 941.204200][T19654] Call Trace: [ 941.205348][T19654] [ 941.206446][T19654] dump_stack_lvl+0x16c/0x1f0 [ 941.208012][T19654] bad_page+0xb3/0x220 [ 941.209408][T19654] ? __pfx_bad_page+0x10/0x10 [ 941.210989][T19654] ? page_bad_reason+0x9d/0x1e0 [ 941.212642][T19654] free_unref_page+0x69e/0xe40 [ 941.214250][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 941.216254][T19654] ? __phys_addr+0xc6/0x150 [ 941.217798][T19654] skb_free_head+0xa0/0x1d0 [ 941.219329][T19654] skb_release_data+0x75c/0x980 [ 941.220987][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 941.223256][T19654] ? rcu_is_watching+0x12/0xc0 [ 941.224878][T19654] sk_skb_reason_drop+0x133/0x200 [ 941.226557][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 941.228784][T19654] ? kernel_text_address+0x8d/0x100 [ 941.230491][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 941.232204][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 941.234624][T19654] ? hlock_class+0x4e/0x130 [ 941.236165][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 941.237859][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 941.239615][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 941.241645][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 941.243804][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 941.245726][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 941.247775][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 941.250137][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 941.251888][T19654] ? __build_skb_around+0x278/0x3b0 [ 941.253660][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 941.255431][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 941.257540][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 941.259739][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 941.261627][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 941.263409][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 941.265348][T19654] ? find_held_lock+0x2d/0x110 [ 941.266955][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 941.268947][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 941.270928][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 941.272903][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 941.274674][T19654] ? 0xffffffffa0004340 [ 941.276057][T19654] ? 0xffffffffa0004340 [ 941.277454][T19654] ? 0xffffffffa0004340 [ 941.278843][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 941.280637][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 941.282580][T19654] ? fput+0x32/0x390 [ 941.283896][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 941.285500][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 941.287442][T19654] __sys_bpf+0x10d2/0x4a00 [ 941.288950][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 941.290552][T19654] ? __fget_files+0x256/0x400 [ 941.292138][T19654] ? do_futex+0x123/0x350 [ 941.293606][T19654] ? __pfx_do_futex+0x10/0x10 [ 941.295187][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 941.296951][T19654] __x64_sys_bpf+0x78/0xc0 [ 941.298437][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 941.300168][T19654] do_syscall_64+0xcd/0x250 [ 941.301692][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 941.303658][T19654] RIP: 0033:0x7f679d57def9 [ 941.305158][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 941.311504][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 941.314260][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 941.316860][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 941.319520][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 941.322098][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 941.324697][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 941.327208][T19654] [ 941.328368][T19654] BUG: Bad page state in process syz.2.4065 pfn:283ea [ 941.330656][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880283ebe00 pfn:0x283ea [ 941.333564][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 941.335366][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 941.337560][T19654] raw: ffff8880283ebe00 0000000000000001 00000000ffffffff 0000000000000000 [ 941.339699][T19654] page dumped because: page_pool leak [ 941.341088][T19654] page_owner tracks the page as allocated [ 941.342543][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167075579, free_ts 930645798872 [ 941.347283][T19654] post_alloc_hook+0x2d1/0x350 [ 941.348523][T19654] get_page_from_freelist+0x1351/0x2e50 [ 941.349951][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 941.351331][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 941.352793][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 941.354362][T19654] page_pool_alloc_pages+0xb5/0x110 [ 941.355708][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 941.357294][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 941.358655][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 941.360035][T19654] __sys_bpf+0x10d2/0x4a00 [ 941.361201][T19654] __x64_sys_bpf+0x78/0xc0 [ 941.362360][T19654] do_syscall_64+0xcd/0x250 [ 941.363550][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 941.365082][T19654] page last free pid 18137 tgid 18137 stack trace: [ 941.366743][T19654] free_unref_page+0x64a/0xe40 [ 941.367984][T19654] __put_partials+0x14c/0x170 [ 941.369280][T19654] qlist_free_all+0x4e/0x140 [ 941.370843][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 941.372350][T19654] __kasan_slab_alloc+0x69/0x90 [ 941.374070][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 941.375661][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 941.377038][T19654] xt_replace_table+0x1c7/0x910 [ 941.378301][T19654] __do_replace+0x1d9/0x9b0 [ 941.379484][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 941.380698][T19654] nf_setsockopt+0x8a/0xf0 [ 941.381864][T19654] ip_setsockopt+0xcb/0xf0 [ 941.383013][T19654] tcp_setsockopt+0xa4/0x100 [ 941.384246][T19654] do_sock_setsockopt+0x222/0x480 [ 941.385555][T19654] __sys_setsockopt+0x1a4/0x270 [ 941.386816][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 941.388133][T19654] Modules linked in: [ 941.389159][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 941.392834][T19654] Tainted: [B]=BAD_PAGE [ 941.394159][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 941.397586][T19654] Call Trace: [ 941.398718][T19654] [ 941.399597][T19654] dump_stack_lvl+0x16c/0x1f0 [ 941.401182][T19654] bad_page+0xb3/0x220 [ 941.402265][T19654] ? __pfx_bad_page+0x10/0x10 [ 941.403485][T19654] ? page_bad_reason+0x9d/0x1e0 [ 941.404772][T19654] free_unref_page+0x69e/0xe40 [ 941.406015][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 941.407538][T19654] ? __phys_addr+0xc6/0x150 [ 941.408720][T19654] skb_free_head+0xa0/0x1d0 [ 941.409921][T19654] skb_release_data+0x75c/0x980 [ 941.411188][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 941.412950][T19654] ? rcu_is_watching+0x12/0xc0 [ 941.414178][T19654] sk_skb_reason_drop+0x133/0x200 [ 941.415481][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 941.417201][T19654] ? kernel_text_address+0x8d/0x100 [ 941.418820][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 941.420376][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 941.422390][T19654] ? hlock_class+0x4e/0x130 [ 941.423574][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 941.424891][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 941.426238][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 941.427786][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 941.429460][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 941.430929][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 941.432532][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 941.434224][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 941.435572][T19654] ? __build_skb_around+0x278/0x3b0 [ 941.436903][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 941.438253][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 941.440042][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 941.442186][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 941.444005][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 941.445682][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 941.447188][T19654] ? find_held_lock+0x2d/0x110 [ 941.448434][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 941.449998][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 941.451542][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 941.453086][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 941.454461][T19654] ? 0xffffffffa0004340 [ 941.455546][T19654] ? 0xffffffffa0004340 [ 941.456629][T19654] ? 0xffffffffa0004340 [ 941.457721][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 941.459114][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 941.460650][T19654] ? fput+0x32/0x390 [ 941.461708][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 941.462949][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 941.464661][T19654] __sys_bpf+0x10d2/0x4a00 [ 941.466104][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 941.467344][T19654] ? __fget_files+0x256/0x400 [ 941.468567][T19654] ? do_futex+0x123/0x350 [ 941.469747][T19654] ? __pfx_do_futex+0x10/0x10 [ 941.471186][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 941.472566][T19654] __x64_sys_bpf+0x78/0xc0 [ 941.473741][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 941.475084][T19654] do_syscall_64+0xcd/0x250 [ 941.476307][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 941.477868][T19654] RIP: 0033:0x7f679d57def9 [ 941.479030][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 941.484367][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 941.486541][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 941.488584][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 941.490632][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 941.492699][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 941.494789][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 941.496832][T19654] [ 941.497747][T19654] BUG: Bad page state in process syz.2.4065 pfn:45857 [ 941.499505][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x45857 [ 941.501773][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 941.503647][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 941.505843][T19654] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 941.507981][T19654] page dumped because: page_pool leak [ 941.509372][T19654] page_owner tracks the page as allocated [ 941.510832][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167067262, free_ts 930645815655 [ 941.515591][T19654] post_alloc_hook+0x2d1/0x350 [ 941.516889][T19654] get_page_from_freelist+0x1351/0x2e50 [ 941.518320][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 941.519677][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 941.521083][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 941.522597][T19654] page_pool_alloc_pages+0xb5/0x110 [ 941.523976][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 941.525577][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 941.526927][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 941.528315][T19654] __sys_bpf+0x10d2/0x4a00 [ 941.529493][T19654] __x64_sys_bpf+0x78/0xc0 [ 941.530655][T19654] do_syscall_64+0xcd/0x250 [ 941.531836][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 941.533416][T19654] page last free pid 18137 tgid 18137 stack trace: [ 941.535082][T19654] free_unref_page+0x64a/0xe40 [ 941.536324][T19654] __put_partials+0x14c/0x170 [ 941.537548][T19654] qlist_free_all+0x4e/0x140 [ 941.538749][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 941.540155][T19654] __kasan_slab_alloc+0x69/0x90 [ 941.541425][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 941.542799][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 941.544303][T19654] xt_replace_table+0x1c7/0x910 [ 941.545941][T19654] __do_replace+0x1d9/0x9b0 [ 941.547472][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 941.549064][T19654] nf_setsockopt+0x8a/0xf0 [ 941.550401][T19654] ip_setsockopt+0xcb/0xf0 [ 941.551881][T19654] tcp_setsockopt+0xa4/0x100 [ 941.553426][T19654] do_sock_setsockopt+0x222/0x480 [ 941.555104][T19654] __sys_setsockopt+0x1a4/0x270 [ 941.556657][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 941.558326][T19654] Modules linked in: [ 941.559400][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 941.562542][T19654] Tainted: [B]=BAD_PAGE [ 941.563939][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 941.566951][T19654] Call Trace: [ 941.567829][T19654] [ 941.568611][T19654] dump_stack_lvl+0x16c/0x1f0 [ 941.569859][T19654] bad_page+0xb3/0x220 [ 941.570941][T19654] ? __pfx_bad_page+0x10/0x10 [ 941.572175][T19654] ? page_bad_reason+0x9d/0x1e0 [ 941.573441][T19654] free_unref_page+0x69e/0xe40 [ 941.574705][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 941.576270][T19654] ? __phys_addr+0xc6/0x150 [ 941.577474][T19654] skb_free_head+0xa0/0x1d0 [ 941.578674][T19654] skb_release_data+0x75c/0x980 [ 941.579963][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 941.582149][T19654] ? rcu_is_watching+0x12/0xc0 [ 941.583689][T19654] sk_skb_reason_drop+0x133/0x200 [ 941.585276][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 941.587378][T19654] ? kernel_text_address+0x8d/0x100 [ 941.589168][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 941.590484][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 941.592183][T19654] ? hlock_class+0x4e/0x130 [ 941.593239][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 941.594518][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 941.595882][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 941.597450][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 941.599133][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 941.600615][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 941.602232][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 941.603960][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 941.605318][T19654] ? __build_skb_around+0x278/0x3b0 [ 941.606672][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 941.608049][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 941.609684][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 941.611389][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 941.613100][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 941.614719][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 941.616590][T19654] ? find_held_lock+0x2d/0x110 [ 941.618189][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 941.620079][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 941.621814][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 941.623327][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 941.624697][T19654] ? 0xffffffffa0004340 [ 941.625791][T19654] ? 0xffffffffa0004340 [ 941.626867][T19654] ? 0xffffffffa0004340 [ 941.627949][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 941.629347][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 941.630860][T19654] ? fput+0x32/0x390 [ 941.631879][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 941.633149][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 941.634684][T19654] __sys_bpf+0x10d2/0x4a00 [ 941.635845][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 941.637091][T19654] ? __fget_files+0x256/0x400 [ 941.638294][T19654] ? do_futex+0x123/0x350 [ 941.639420][T19654] ? __pfx_do_futex+0x10/0x10 [ 941.640648][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 941.642027][T19654] __x64_sys_bpf+0x78/0xc0 [ 941.643188][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 941.644536][T19654] do_syscall_64+0xcd/0x250 [ 941.645733][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 941.647257][T19654] RIP: 0033:0x7f679d57def9 [ 941.648409][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 941.653357][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 941.655498][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 941.657549][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 941.659595][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 941.661640][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 941.663667][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 941.665886][T19654] [ 941.666871][T19654] BUG: Bad page state in process syz.2.4065 pfn:45856 [ 941.669004][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888045857e00 pfn:0x45856 [ 941.672037][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 941.673958][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 941.676175][T19654] raw: ffff888045857e00 0000000000000001 00000000ffffffff 0000000000000000 [ 941.678404][T19654] page dumped because: page_pool leak [ 941.679808][T19654] page_owner tracks the page as allocated [ 941.681299][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167059093, free_ts 930645815655 [ 941.686135][T19654] post_alloc_hook+0x2d1/0x350 [ 941.687401][T19654] get_page_from_freelist+0x1351/0x2e50 [ 941.688853][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 941.690227][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 941.691680][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 941.693691][T19654] page_pool_alloc_pages+0xb5/0x110 [ 941.695349][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 941.697308][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 941.698902][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 941.700497][T19654] __sys_bpf+0x10d2/0x4a00 [ 941.701899][T19654] __x64_sys_bpf+0x78/0xc0 [ 941.703132][T19654] do_syscall_64+0xcd/0x250 [ 941.704340][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 941.705916][T19654] page last free pid 18137 tgid 18137 stack trace: [ 941.707588][T19654] free_unref_page+0x64a/0xe40 [ 941.708853][T19654] __put_partials+0x14c/0x170 [ 941.710091][T19654] qlist_free_all+0x4e/0x140 [ 941.711303][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 941.712736][T19654] __kasan_slab_alloc+0x69/0x90 [ 941.714076][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 941.715663][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 941.717335][T19654] xt_replace_table+0x1c7/0x910 [ 941.718984][T19654] __do_replace+0x1d9/0x9b0 [ 941.720320][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 941.721812][T19654] nf_setsockopt+0x8a/0xf0 [ 941.723267][T19654] ip_setsockopt+0xcb/0xf0 [ 941.724548][T19654] tcp_setsockopt+0xa4/0x100 [ 941.725909][T19654] do_sock_setsockopt+0x222/0x480 [ 941.727249][T19654] __sys_setsockopt+0x1a4/0x270 [ 941.728621][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 941.730019][T19654] Modules linked in: [ 941.731158][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 941.734474][T19654] Tainted: [B]=BAD_PAGE [ 941.735574][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 941.738332][T19654] Call Trace: [ 941.739188][T19654] [ 941.739964][T19654] dump_stack_lvl+0x16c/0x1f0 [ 941.741206][T19654] bad_page+0xb3/0x220 [ 941.742271][T19654] ? __pfx_bad_page+0x10/0x10 [ 941.743497][T19654] ? page_bad_reason+0x9d/0x1e0 [ 941.744781][T19654] free_unref_page+0x69e/0xe40 [ 941.746033][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 941.747595][T19654] ? __phys_addr+0xc6/0x150 [ 941.748792][T19654] skb_free_head+0xa0/0x1d0 [ 941.749984][T19654] skb_release_data+0x75c/0x980 [ 941.751250][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 941.753035][T19654] ? rcu_is_watching+0x12/0xc0 [ 941.754257][T19654] sk_skb_reason_drop+0x133/0x200 [ 941.755579][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 941.757383][T19654] ? kernel_text_address+0x8d/0x100 [ 941.758750][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 941.760068][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 941.761908][T19654] ? hlock_class+0x4e/0x130 [ 941.763099][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 941.764395][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 941.765772][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 941.767340][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 941.769034][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 941.770629][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 941.772729][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 941.774986][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 941.776758][T19654] ? __build_skb_around+0x278/0x3b0 [ 941.778454][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 941.779962][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 941.781615][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 941.783332][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 941.784829][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 941.786214][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 941.787745][T19654] ? find_held_lock+0x2d/0x110 [ 941.789004][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 941.790552][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 941.792097][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 941.793658][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 941.794994][T19654] ? 0xffffffffa0004340 [ 941.796021][T19654] ? 0xffffffffa0004340 [ 941.797104][T19654] ? 0xffffffffa0004340 [ 941.798198][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 941.799609][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 941.801148][T19654] ? fput+0x32/0x390 [ 941.802187][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 941.803454][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 941.804991][T19654] __sys_bpf+0x10d2/0x4a00 [ 941.806168][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 941.807423][T19654] ? __fget_files+0x256/0x400 [ 941.808666][T19654] ? do_futex+0x123/0x350 [ 941.809812][T19654] ? __pfx_do_futex+0x10/0x10 [ 941.811046][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 941.812300][T19654] __x64_sys_bpf+0x78/0xc0 [ 941.813502][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 941.814860][T19654] do_syscall_64+0xcd/0x250 [ 941.816058][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 941.817610][T19654] RIP: 0033:0x7f679d57def9 [ 941.819139][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 941.825548][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 941.828105][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 941.830201][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 941.832313][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 941.834390][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 941.836780][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 941.839475][T19654] [ 941.840619][T19654] BUG: Bad page state in process syz.2.4065 pfn:62e8f [ 941.842741][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x62e8f [ 941.845845][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 941.847703][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 941.850242][T19654] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 941.853064][T19654] page dumped because: page_pool leak [ 941.854772][T19654] page_owner tracks the page as allocated [ 941.856348][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167051257, free_ts 930645868657 [ 941.861380][T19654] post_alloc_hook+0x2d1/0x350 [ 941.862791][T19654] get_page_from_freelist+0x1351/0x2e50 [ 941.864398][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 941.865879][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 941.867310][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 941.868855][T19654] page_pool_alloc_pages+0xb5/0x110 [ 941.870210][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 941.871829][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 941.873266][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 941.874650][T19654] __sys_bpf+0x10d2/0x4a00 [ 941.875810][T19654] __x64_sys_bpf+0x78/0xc0 [ 941.876970][T19654] do_syscall_64+0xcd/0x250 [ 941.878153][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 941.879684][T19654] page last free pid 18137 tgid 18137 stack trace: [ 941.881368][T19654] free_unref_page+0x64a/0xe40 [ 941.882644][T19654] qlist_free_all+0x4e/0x140 [ 941.883890][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 941.885317][T19654] __kasan_slab_alloc+0x69/0x90 [ 941.886584][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 941.887958][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 941.889416][T19654] xt_replace_table+0x1c7/0x910 [ 941.890748][T19654] __do_replace+0x1d9/0x9b0 [ 941.891997][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 941.893659][T19654] nf_setsockopt+0x8a/0xf0 [ 941.895201][T19654] ip_setsockopt+0xcb/0xf0 [ 941.896772][T19654] tcp_setsockopt+0xa4/0x100 [ 941.898379][T19654] do_sock_setsockopt+0x222/0x480 [ 941.900122][T19654] __sys_setsockopt+0x1a4/0x270 [ 941.901833][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 941.903560][T19654] do_syscall_64+0xcd/0x250 [ 941.904950][T19654] Modules linked in: [ 941.906201][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 941.909813][T19654] Tainted: [B]=BAD_PAGE [ 941.911222][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 941.914951][T19654] Call Trace: [ 941.916158][T19654] [ 941.917212][T19654] dump_stack_lvl+0x16c/0x1f0 [ 941.918877][T19654] bad_page+0xb3/0x220 [ 941.920326][T19654] ? __pfx_bad_page+0x10/0x10 [ 941.922035][T19654] ? page_bad_reason+0x9d/0x1e0 [ 941.923749][T19654] free_unref_page+0x69e/0xe40 [ 941.925144][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 941.926846][T19654] ? __phys_addr+0xc6/0x150 [ 941.928267][T19654] skb_free_head+0xa0/0x1d0 [ 941.929464][T19654] skb_release_data+0x75c/0x980 [ 941.931058][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 941.933429][T19654] ? rcu_is_watching+0x12/0xc0 [ 941.934990][T19654] sk_skb_reason_drop+0x133/0x200 [ 941.936655][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 941.938793][T19654] ? kernel_text_address+0x8d/0x100 [ 941.940542][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 941.942299][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 941.944675][T19654] ? hlock_class+0x4e/0x130 [ 941.946026][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 941.947722][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 941.949501][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 941.951524][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 941.953717][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 941.955645][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 941.957727][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 941.959968][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 941.961739][T19654] ? __build_skb_around+0x278/0x3b0 [ 941.963518][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 941.965361][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 941.967642][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 941.970005][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 941.972015][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 941.973824][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 941.975788][T19654] ? find_held_lock+0x2d/0x110 [ 941.977416][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 941.979418][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 941.981417][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 941.983388][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 941.985178][T19654] ? 0xffffffffa0004340 [ 941.986597][T19654] ? 0xffffffffa0004340 [ 941.987780][T19654] ? 0xffffffffa0004340 [ 941.988890][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 941.990292][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 941.991807][T19654] ? fput+0x32/0x390 [ 941.993019][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 941.994287][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 941.995808][T19654] __sys_bpf+0x10d2/0x4a00 [ 941.997013][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 941.998261][T19654] ? __fget_files+0x256/0x400 [ 941.999491][T19654] ? do_futex+0x123/0x350 [ 942.000631][T19654] ? __pfx_do_futex+0x10/0x10 [ 942.001883][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 942.003273][T19654] __x64_sys_bpf+0x78/0xc0 [ 942.004449][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 942.005820][T19654] do_syscall_64+0xcd/0x250 [ 942.007028][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.008931][T19654] RIP: 0033:0x7f679d57def9 [ 942.010239][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 942.015861][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 942.018613][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 942.020965][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 942.023238][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 942.025266][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 942.027285][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 942.029332][T19654] [ 942.030236][T19654] BUG: Bad page state in process syz.2.4065 pfn:62e8e [ 942.031990][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888062e8fe00 pfn:0x62e8e [ 942.034641][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 942.036478][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 942.038724][T19654] raw: ffff888062e8fe00 0000000000000001 00000000ffffffff 0000000000000000 [ 942.040835][T19654] page dumped because: page_pool leak [ 942.042217][T19654] page_owner tracks the page as allocated [ 942.043732][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167043476, free_ts 930645868657 [ 942.048437][T19654] post_alloc_hook+0x2d1/0x350 [ 942.049716][T19654] get_page_from_freelist+0x1351/0x2e50 [ 942.051155][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 942.052581][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 942.054081][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 942.055618][T19654] page_pool_alloc_pages+0xb5/0x110 [ 942.056979][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 942.058566][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 942.059936][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 942.061336][T19654] __sys_bpf+0x10d2/0x4a00 [ 942.062495][T19654] __x64_sys_bpf+0x78/0xc0 [ 942.063657][T19654] do_syscall_64+0xcd/0x250 [ 942.064841][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.066368][T19654] page last free pid 18137 tgid 18137 stack trace: [ 942.068039][T19654] free_unref_page+0x64a/0xe40 [ 942.069302][T19654] qlist_free_all+0x4e/0x140 [ 942.070502][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 942.071919][T19654] __kasan_slab_alloc+0x69/0x90 [ 942.073270][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 942.074667][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 942.076042][T19654] xt_replace_table+0x1c7/0x910 [ 942.077355][T19654] __do_replace+0x1d9/0x9b0 [ 942.078559][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 942.079779][T19654] nf_setsockopt+0x8a/0xf0 [ 942.080956][T19654] ip_setsockopt+0xcb/0xf0 [ 942.082129][T19654] tcp_setsockopt+0xa4/0x100 [ 942.083388][T19654] do_sock_setsockopt+0x222/0x480 [ 942.084695][T19654] __sys_setsockopt+0x1a4/0x270 [ 942.085981][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 942.087309][T19654] do_syscall_64+0xcd/0x250 [ 942.088499][T19654] Modules linked in: [ 942.089528][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 942.092629][T19654] Tainted: [B]=BAD_PAGE [ 942.093721][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 942.096454][T19654] Call Trace: [ 942.097334][T19654] [ 942.098108][T19654] dump_stack_lvl+0x16c/0x1f0 [ 942.099346][T19654] bad_page+0xb3/0x220 [ 942.100417][T19654] ? __pfx_bad_page+0x10/0x10 [ 942.101656][T19654] ? page_bad_reason+0x9d/0x1e0 [ 942.102950][T19654] free_unref_page+0x69e/0xe40 [ 942.104203][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 942.105774][T19654] ? __phys_addr+0xc6/0x150 [ 942.106957][T19654] skb_free_head+0xa0/0x1d0 [ 942.108217][T19654] skb_release_data+0x75c/0x980 [ 942.109609][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 942.111388][T19654] ? rcu_is_watching+0x12/0xc0 [ 942.112679][T19654] sk_skb_reason_drop+0x133/0x200 [ 942.113883][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 942.115573][T19654] ? kernel_text_address+0x8d/0x100 [ 942.116948][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 942.118279][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 942.120063][T19654] ? hlock_class+0x4e/0x130 [ 942.121111][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 942.122245][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 942.123500][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 942.125088][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 942.126810][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 942.128295][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 942.129914][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 942.131644][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 942.133028][T19654] ? __build_skb_around+0x278/0x3b0 [ 942.134357][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 942.135742][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 942.137358][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 942.139067][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 942.140544][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 942.141937][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 942.143455][T19654] ? find_held_lock+0x2d/0x110 [ 942.144722][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 942.146274][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 942.147820][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 942.149349][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 942.150723][T19654] ? 0xffffffffa0004340 [ 942.151845][T19654] ? 0xffffffffa0004340 [ 942.152911][T19654] ? 0xffffffffa0004340 [ 942.153959][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 942.155330][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 942.156858][T19654] ? fput+0x32/0x390 [ 942.157893][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 942.159202][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 942.160723][T19654] __sys_bpf+0x10d2/0x4a00 [ 942.161908][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 942.163155][T19654] ? __fget_files+0x256/0x400 [ 942.164398][T19654] ? do_futex+0x123/0x350 [ 942.165550][T19654] ? __pfx_do_futex+0x10/0x10 [ 942.166789][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 942.168174][T19654] __x64_sys_bpf+0x78/0xc0 [ 942.169354][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 942.170721][T19654] do_syscall_64+0xcd/0x250 [ 942.171916][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.173470][T19654] RIP: 0033:0x7f679d57def9 [ 942.174667][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 942.179623][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 942.181738][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 942.183811][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 942.185879][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 942.187917][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 942.189982][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 942.191993][T19654] [ 942.192903][T19654] BUG: Bad page state in process syz.2.4065 pfn:52bf9 [ 942.194724][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x52bf9 [ 942.196987][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 942.198825][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 942.201012][T19654] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 942.203278][T19654] page dumped because: page_pool leak [ 942.204665][T19654] page_owner tracks the page as allocated [ 942.206126][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167035754, free_ts 930645888827 [ 942.210935][T19654] post_alloc_hook+0x2d1/0x350 [ 942.212179][T19654] get_page_from_freelist+0x1351/0x2e50 [ 942.213688][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 942.214972][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 942.216387][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 942.217932][T19654] page_pool_alloc_pages+0xb5/0x110 [ 942.219252][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 942.220828][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 942.222163][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 942.223557][T19654] __sys_bpf+0x10d2/0x4a00 [ 942.224719][T19654] __x64_sys_bpf+0x78/0xc0 [ 942.225890][T19654] do_syscall_64+0xcd/0x250 [ 942.227049][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.228509][T19654] page last free pid 18137 tgid 18137 stack trace: [ 942.230195][T19654] free_unref_page+0x64a/0xe40 [ 942.231449][T19654] qlist_free_all+0x4e/0x140 [ 942.232615][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 942.234024][T19654] __kasan_slab_alloc+0x69/0x90 [ 942.235247][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 942.236602][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 942.237941][T19654] xt_replace_table+0x1c7/0x910 [ 942.239159][T19654] __do_replace+0x1d9/0x9b0 [ 942.240370][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 942.241603][T19654] nf_setsockopt+0x8a/0xf0 [ 942.242767][T19654] ip_setsockopt+0xcb/0xf0 [ 942.243978][T19654] tcp_setsockopt+0xa4/0x100 [ 942.245180][T19654] do_sock_setsockopt+0x222/0x480 [ 942.246697][T19654] __sys_setsockopt+0x1a4/0x270 [ 942.248378][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 942.250181][T19654] do_syscall_64+0xcd/0x250 [ 942.251775][T19654] Modules linked in: [ 942.253138][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 942.256962][T19654] Tainted: [B]=BAD_PAGE [ 942.258375][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 942.261939][T19654] Call Trace: [ 942.263070][T19654] [ 942.263857][T19654] dump_stack_lvl+0x16c/0x1f0 [ 942.265228][T19654] bad_page+0xb3/0x220 [ 942.266622][T19654] ? __pfx_bad_page+0x10/0x10 [ 942.268205][T19654] ? page_bad_reason+0x9d/0x1e0 [ 942.269824][T19654] free_unref_page+0x69e/0xe40 [ 942.271409][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 942.273421][T19654] ? __phys_addr+0xc6/0x150 [ 942.274976][T19654] skb_free_head+0xa0/0x1d0 [ 942.276572][T19654] skb_release_data+0x75c/0x980 [ 942.278264][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 942.280629][T19654] ? rcu_is_watching+0x12/0xc0 [ 942.282315][T19654] sk_skb_reason_drop+0x133/0x200 [ 942.283983][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 942.285703][T19654] ? kernel_text_address+0x8d/0x100 [ 942.287107][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 942.288887][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 942.291326][T19654] ? hlock_class+0x4e/0x130 [ 942.292936][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 942.294686][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 942.296492][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 942.298595][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 942.300839][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 942.302821][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 942.304448][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 942.306308][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 942.308163][T19654] ? __build_skb_around+0x278/0x3b0 [ 942.310043][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 942.311908][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 942.314160][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 942.316103][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 942.318150][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 942.319988][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 942.321949][T19654] ? find_held_lock+0x2d/0x110 [ 942.323181][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 942.324700][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 942.326244][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 942.327754][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 942.329386][T19654] ? 0xffffffffa0004340 [ 942.330802][T19654] ? 0xffffffffa0004340 [ 942.332243][T19654] ? 0xffffffffa0004340 [ 942.333720][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 942.335591][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 942.337645][T19654] ? fput+0x32/0x390 [ 942.339004][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 942.340684][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 942.342708][T19654] __sys_bpf+0x10d2/0x4a00 [ 942.343960][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 942.345209][T19654] ? __fget_files+0x256/0x400 [ 942.346426][T19654] ? do_futex+0x123/0x350 [ 942.347763][T19654] ? __pfx_do_futex+0x10/0x10 [ 942.349424][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 942.351262][T19654] __x64_sys_bpf+0x78/0xc0 [ 942.352853][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 942.354675][T19654] do_syscall_64+0xcd/0x250 [ 942.356272][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.358360][T19654] RIP: 0033:0x7f679d57def9 [ 942.359923][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 942.366336][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 942.369159][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 942.371885][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 942.374202][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 942.376309][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 942.378385][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 942.380464][T19654] [ 942.381566][T19654] BUG: Bad page state in process syz.2.4065 pfn:52bf8 [ 942.383944][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888052bf9cc0 pfn:0x52bf8 [ 942.387251][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 942.389796][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 942.392803][T19654] raw: ffff888052bf9cc0 0000000000000001 00000000ffffffff 0000000000000000 [ 942.395181][T19654] page dumped because: page_pool leak [ 942.396567][T19654] page_owner tracks the page as allocated [ 942.398345][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167027696, free_ts 930645888827 [ 942.404394][T19654] post_alloc_hook+0x2d1/0x350 [ 942.405613][T19654] get_page_from_freelist+0x1351/0x2e50 [ 942.407016][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 942.408285][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 942.409629][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 942.411083][T19654] page_pool_alloc_pages+0xb5/0x110 [ 942.412429][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 942.414139][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 942.415502][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 942.416901][T19654] __sys_bpf+0x10d2/0x4a00 [ 942.418059][T19654] __x64_sys_bpf+0x78/0xc0 [ 942.419209][T19654] do_syscall_64+0xcd/0x250 [ 942.420380][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.421912][T19654] page last free pid 18137 tgid 18137 stack trace: [ 942.423704][T19654] free_unref_page+0x64a/0xe40 [ 942.424952][T19654] qlist_free_all+0x4e/0x140 [ 942.426146][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 942.427703][T19654] __kasan_slab_alloc+0x69/0x90 [ 942.429137][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 942.430510][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 942.431904][T19654] xt_replace_table+0x1c7/0x910 [ 942.433406][T19654] __do_replace+0x1d9/0x9b0 [ 942.435035][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 942.436715][T19654] nf_setsockopt+0x8a/0xf0 [ 942.438355][T19654] ip_setsockopt+0xcb/0xf0 [ 942.440006][T19654] tcp_setsockopt+0xa4/0x100 [ 942.441694][T19654] do_sock_setsockopt+0x222/0x480 [ 942.443531][T19654] __sys_setsockopt+0x1a4/0x270 [ 942.445310][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 942.447134][T19654] do_syscall_64+0xcd/0x250 [ 942.448788][T19654] Modules linked in: [ 942.450213][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 942.454461][T19654] Tainted: [B]=BAD_PAGE [ 942.455936][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 942.459710][T19654] Call Trace: [ 942.460918][T19654] [ 942.461987][T19654] dump_stack_lvl+0x16c/0x1f0 [ 942.463471][T19654] bad_page+0xb3/0x220 [ 942.464960][T19654] ? __pfx_bad_page+0x10/0x10 [ 942.466650][T19654] ? page_bad_reason+0x9d/0x1e0 [ 942.468391][T19654] free_unref_page+0x69e/0xe40 [ 942.470128][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 942.472280][T19654] ? __phys_addr+0xc6/0x150 [ 942.473680][T19654] skb_free_head+0xa0/0x1d0 [ 942.475313][T19654] skb_release_data+0x75c/0x980 [ 942.477075][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 942.479488][T19654] ? rcu_is_watching+0x12/0xc0 [ 942.481235][T19654] sk_skb_reason_drop+0x133/0x200 [ 942.483027][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 942.484918][T19654] ? kernel_text_address+0x8d/0x100 [ 942.486276][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 942.487865][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 942.490380][T19654] ? hlock_class+0x4e/0x130 [ 942.492015][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 942.493729][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 942.495565][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 942.497604][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 942.499945][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 942.501983][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 942.503816][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 942.506163][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 942.508012][T19654] ? __build_skb_around+0x278/0x3b0 [ 942.510007][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 942.511954][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 942.513876][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 942.516130][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 942.518086][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 942.519943][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 942.521492][T19654] ? find_held_lock+0x2d/0x110 [ 942.522760][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 942.524840][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 942.526921][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 942.529010][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 942.530918][T19654] ? 0xffffffffa0004340 [ 942.532414][T19654] ? 0xffffffffa0004340 [ 942.533915][T19654] ? 0xffffffffa0004340 [ 942.535400][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 942.537299][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 942.539370][T19654] ? fput+0x32/0x390 [ 942.540794][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 942.542511][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 942.544584][T19654] __sys_bpf+0x10d2/0x4a00 [ 942.546184][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 942.547893][T19654] ? __fget_files+0x256/0x400 [ 942.549582][T19654] ? do_futex+0x123/0x350 [ 942.551144][T19654] ? __pfx_do_futex+0x10/0x10 [ 942.552837][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 942.554702][T19654] __x64_sys_bpf+0x78/0xc0 [ 942.556305][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 942.558223][T19654] do_syscall_64+0xcd/0x250 [ 942.559865][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.562004][T19654] RIP: 0033:0x7f679d57def9 [ 942.563585][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 942.570329][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 942.573329][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 942.576169][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 942.579010][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 942.581831][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 942.584633][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 942.587437][T19654] [ 942.588677][T19654] BUG: Bad page state in process syz.2.4065 pfn:33f65 [ 942.591093][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x33f65 [ 942.594747][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 942.597282][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 942.600372][T19654] raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 942.603487][T19654] page dumped because: page_pool leak [ 942.605418][T19654] page_owner tracks the page as allocated [ 942.607415][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167019561, free_ts 930645909858 [ 942.614014][T19654] post_alloc_hook+0x2d1/0x350 [ 942.615768][T19654] get_page_from_freelist+0x1351/0x2e50 [ 942.617771][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 942.619697][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 942.621721][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 942.623880][T19654] page_pool_alloc_pages+0xb5/0x110 [ 942.625748][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 942.627568][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 942.629514][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 942.631451][T19654] __sys_bpf+0x10d2/0x4a00 [ 942.633064][T19654] __x64_sys_bpf+0x78/0xc0 [ 942.634704][T19654] do_syscall_64+0xcd/0x250 [ 942.636283][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.638326][T19654] page last free pid 18137 tgid 18137 stack trace: [ 942.640530][T19654] free_unref_page+0x64a/0xe40 [ 942.642199][T19654] qlist_free_all+0x4e/0x140 [ 942.643936][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 942.645840][T19654] __kasan_slab_alloc+0x69/0x90 [ 942.647486][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 942.649333][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 942.651118][T19654] xt_replace_table+0x1c7/0x910 [ 942.652786][T19654] __do_replace+0x1d9/0x9b0 [ 942.654460][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 942.656107][T19654] nf_setsockopt+0x8a/0xf0 [ 942.657716][T19654] ip_setsockopt+0xcb/0xf0 [ 942.659327][T19654] tcp_setsockopt+0xa4/0x100 [ 942.661015][T19654] do_sock_setsockopt+0x222/0x480 [ 942.662827][T19654] __sys_setsockopt+0x1a4/0x270 [ 942.664544][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 942.666359][T19654] do_syscall_64+0xcd/0x250 [ 942.668033][T19654] Modules linked in: [ 942.669453][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 942.673711][T19654] Tainted: [B]=BAD_PAGE [ 942.675165][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 942.678790][T19654] Call Trace: [ 942.679950][T19654] [ 942.680991][T19654] dump_stack_lvl+0x16c/0x1f0 [ 942.682663][T19654] bad_page+0xb3/0x220 [ 942.684044][T19654] ? __pfx_bad_page+0x10/0x10 [ 942.685502][T19654] ? page_bad_reason+0x9d/0x1e0 [ 942.686761][T19654] free_unref_page+0x69e/0xe40 [ 942.688323][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 942.690415][T19654] ? __phys_addr+0xc6/0x150 [ 942.692052][T19654] skb_free_head+0xa0/0x1d0 [ 942.693329][T19654] skb_release_data+0x75c/0x980 [ 942.694738][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 942.696959][T19654] ? rcu_is_watching+0x12/0xc0 [ 942.698548][T19654] sk_skb_reason_drop+0x133/0x200 [ 942.700224][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 942.702509][T19654] ? kernel_text_address+0x8d/0x100 [ 942.704372][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 942.706080][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 942.708426][T19654] ? hlock_class+0x4e/0x130 [ 942.710011][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 942.711735][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 942.713509][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 942.715404][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 942.717027][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 942.718499][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 942.720095][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 942.721817][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 942.723328][T19654] ? __build_skb_around+0x278/0x3b0 [ 942.725197][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 942.727046][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 942.729258][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 942.731633][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 942.733491][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 942.734911][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 942.736956][T19654] ? find_held_lock+0x2d/0x110 [ 942.738673][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 942.740842][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 942.742956][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 942.745034][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 942.746889][T19654] ? 0xffffffffa0004340 [ 942.748388][T19654] ? 0xffffffffa0004340 [ 942.749701][T19654] ? 0xffffffffa0004340 [ 942.750808][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 942.752238][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 942.753793][T19654] ? fput+0x32/0x390 [ 942.754832][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 942.756091][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 942.758088][T19654] __sys_bpf+0x10d2/0x4a00 [ 942.759563][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 942.760878][T19654] ? __fget_files+0x256/0x400 [ 942.762109][T19654] ? do_futex+0x123/0x350 [ 942.763263][T19654] ? __pfx_do_futex+0x10/0x10 [ 942.764509][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 942.765899][T19654] __x64_sys_bpf+0x78/0xc0 [ 942.767104][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 942.768469][T19654] do_syscall_64+0xcd/0x250 [ 942.769683][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.771190][T19654] RIP: 0033:0x7f679d57def9 [ 942.772314][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 942.777728][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 942.780264][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 942.782305][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 942.784265][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 942.786311][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 942.788361][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 942.790406][T19654] [ 942.791304][T19654] BUG: Bad page state in process syz.2.4065 pfn:33f64 [ 942.793132][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888033f65e00 pfn:0x33f64 [ 942.795717][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 942.797665][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 942.799883][T19654] raw: ffff888033f65e00 0000000000000001 00000000ffffffff 0000000000000000 [ 942.802105][T19654] page dumped because: page_pool leak [ 942.803514][T19654] page_owner tracks the page as allocated [ 942.805027][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167008731, free_ts 930645909858 [ 942.809764][T19654] post_alloc_hook+0x2d1/0x350 [ 942.811029][T19654] get_page_from_freelist+0x1351/0x2e50 [ 942.812483][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 942.813930][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 942.815376][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 942.816979][T19654] page_pool_alloc_pages+0xb5/0x110 [ 942.818342][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 942.820212][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 942.821605][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 942.822999][T19654] __sys_bpf+0x10d2/0x4a00 [ 942.824232][T19654] __x64_sys_bpf+0x78/0xc0 [ 942.825411][T19654] do_syscall_64+0xcd/0x250 [ 942.826675][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.828296][T19654] page last free pid 18137 tgid 18137 stack trace: [ 942.829985][T19654] free_unref_page+0x64a/0xe40 [ 942.831238][T19654] qlist_free_all+0x4e/0x140 [ 942.832489][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 942.834075][T19654] __kasan_slab_alloc+0x69/0x90 [ 942.835357][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 942.836754][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 942.838141][T19654] xt_replace_table+0x1c7/0x910 [ 942.839417][T19654] __do_replace+0x1d9/0x9b0 [ 942.840550][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 942.841785][T19654] nf_setsockopt+0x8a/0xf0 [ 942.842955][T19654] ip_setsockopt+0xcb/0xf0 [ 942.844171][T19654] tcp_setsockopt+0xa4/0x100 [ 942.845396][T19654] do_sock_setsockopt+0x222/0x480 [ 942.846749][T19654] __sys_setsockopt+0x1a4/0x270 [ 942.848024][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 942.849372][T19654] do_syscall_64+0xcd/0x250 [ 942.850565][T19654] Modules linked in: [ 942.851597][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 942.854742][T19654] Tainted: [B]=BAD_PAGE [ 942.855824][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 942.858590][T19654] Call Trace: [ 942.859469][T19654] [ 942.860246][T19654] dump_stack_lvl+0x16c/0x1f0 [ 942.861484][T19654] bad_page+0xb3/0x220 [ 942.862557][T19654] ? __pfx_bad_page+0x10/0x10 [ 942.863783][T19654] ? page_bad_reason+0x9d/0x1e0 [ 942.865062][T19654] free_unref_page+0x69e/0xe40 [ 942.866323][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 942.867890][T19654] ? __phys_addr+0xc6/0x150 [ 942.869094][T19654] skb_free_head+0xa0/0x1d0 [ 942.870276][T19654] skb_release_data+0x75c/0x980 [ 942.871561][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 942.873342][T19654] ? rcu_is_watching+0x12/0xc0 [ 942.874604][T19654] sk_skb_reason_drop+0x133/0x200 [ 942.875937][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 942.878032][T19654] ? kernel_text_address+0x8d/0x100 [ 942.879914][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 942.881385][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 942.883217][T19654] ? hlock_class+0x4e/0x130 [ 942.884340][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 942.885652][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 942.887045][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 942.888644][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 942.890347][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 942.891841][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 942.893470][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 942.895197][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 942.896769][T19654] ? __build_skb_around+0x278/0x3b0 [ 942.898678][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 942.900242][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 942.901863][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 942.903582][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 942.905036][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 942.906449][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 942.907966][T19654] ? find_held_lock+0x2d/0x110 [ 942.909224][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 942.910774][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 942.912321][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 942.913868][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 942.915246][T19654] ? 0xffffffffa0004340 [ 942.916344][T19654] ? 0xffffffffa0004340 [ 942.917865][T19654] ? 0xffffffffa0004340 [ 942.919338][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 942.920728][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 942.922253][T19654] ? fput+0x32/0x390 [ 942.923278][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 942.924519][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 942.925963][T19654] __sys_bpf+0x10d2/0x4a00 [ 942.927325][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 942.928944][T19654] ? __fget_files+0x256/0x400 [ 942.930324][T19654] ? do_futex+0x123/0x350 [ 942.931449][T19654] ? __pfx_do_futex+0x10/0x10 [ 942.932727][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 942.934389][T19654] __x64_sys_bpf+0x78/0xc0 [ 942.935936][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 942.937760][T19654] do_syscall_64+0xcd/0x250 [ 942.939345][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.941208][T19654] RIP: 0033:0x7f679d57def9 [ 942.942604][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 942.948201][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 942.950378][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 942.952403][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 942.954462][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 942.956556][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 942.959380][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 942.962234][T19654] [ 942.963479][T19654] BUG: Bad page state in process syz.2.4065 pfn:4d74f [ 942.965951][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888100000002 pfn:0x4d74f [ 942.968747][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 942.970598][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 942.973062][T19654] raw: ffff888100000002 0000000000000001 00000000ffffffff 0000000000000000 [ 942.975304][T19654] page dumped because: page_pool leak [ 942.976855][T19654] page_owner tracks the page as allocated [ 942.978897][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167000926, free_ts 930645927602 [ 942.983737][T19654] post_alloc_hook+0x2d1/0x350 [ 942.985006][T19654] get_page_from_freelist+0x1351/0x2e50 [ 942.986494][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 942.987866][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 942.989301][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 942.990835][T19654] page_pool_alloc_pages+0xb5/0x110 [ 942.992237][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 942.993904][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 942.995274][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 942.996818][T19654] __sys_bpf+0x10d2/0x4a00 [ 942.998462][T19654] __x64_sys_bpf+0x78/0xc0 [ 942.999836][T19654] do_syscall_64+0xcd/0x250 [ 943.001030][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.002511][T19654] page last free pid 18137 tgid 18137 stack trace: [ 943.004221][T19654] free_unref_page+0x64a/0xe40 [ 943.005491][T19654] qlist_free_all+0x4e/0x140 [ 943.006656][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 943.008180][T19654] __kasan_slab_alloc+0x69/0x90 [ 943.009462][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 943.010832][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 943.012197][T19654] xt_replace_table+0x1c7/0x910 [ 943.013537][T19654] __do_replace+0x1d9/0x9b0 [ 943.014724][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 943.015946][T19654] nf_setsockopt+0x8a/0xf0 [ 943.017433][T19654] ip_setsockopt+0xcb/0xf0 [ 943.019058][T19654] tcp_setsockopt+0xa4/0x100 [ 943.020325][T19654] do_sock_setsockopt+0x222/0x480 [ 943.021639][T19654] __sys_setsockopt+0x1a4/0x270 [ 943.022946][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 943.024571][T19654] do_syscall_64+0xcd/0x250 [ 943.026125][T19654] Modules linked in: [ 943.027321][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 943.031208][T19654] Tainted: [B]=BAD_PAGE [ 943.032616][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 943.035734][T19654] Call Trace: [ 943.036693][T19654] [ 943.037787][T19654] dump_stack_lvl+0x16c/0x1f0 [ 943.039453][T19654] bad_page+0xb3/0x220 [ 943.040514][T19654] ? __pfx_bad_page+0x10/0x10 [ 943.041685][T19654] ? page_bad_reason+0x9d/0x1e0 [ 943.042914][T19654] free_unref_page+0x69e/0xe40 [ 943.044170][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 943.045737][T19654] ? __phys_addr+0xc6/0x150 [ 943.047016][T19654] skb_free_head+0xa0/0x1d0 [ 943.048119][T19654] skb_release_data+0x75c/0x980 [ 943.049388][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 943.051120][T19654] ? rcu_is_watching+0x12/0xc0 [ 943.052313][T19654] sk_skb_reason_drop+0x133/0x200 [ 943.053890][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 943.056119][T19654] ? kernel_text_address+0x8d/0x100 [ 943.058045][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 943.059816][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 943.062229][T19654] ? hlock_class+0x4e/0x130 [ 943.063887][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 943.065649][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 943.067269][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 943.069428][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 943.071843][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 943.073878][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 943.076069][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 943.078350][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 943.079974][T19654] ? __build_skb_around+0x278/0x3b0 [ 943.081370][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 943.082699][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 943.084534][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 943.086454][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 943.088033][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 943.089433][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 943.090984][T19654] ? find_held_lock+0x2d/0x110 [ 943.092247][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 943.093840][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 943.095430][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 943.096999][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 943.098401][T19654] ? 0xffffffffa0004340 [ 943.099506][T19654] ? 0xffffffffa0004340 [ 943.100611][T19654] ? 0xffffffffa0004340 [ 943.101744][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 943.103185][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 943.104750][T19654] ? fput+0x32/0x390 [ 943.105805][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 943.107101][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 943.108655][T19654] __sys_bpf+0x10d2/0x4a00 [ 943.109864][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 943.111168][T19654] ? __fget_files+0x256/0x400 [ 943.112387][T19654] ? do_futex+0x123/0x350 [ 943.113537][T19654] ? __pfx_do_futex+0x10/0x10 [ 943.114956][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 943.116352][T19654] __x64_sys_bpf+0x78/0xc0 [ 943.117602][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 943.118940][T19654] do_syscall_64+0xcd/0x250 [ 943.120138][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.121687][T19654] RIP: 0033:0x7f679d57def9 [ 943.122864][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 943.127850][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 943.130008][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 943.132046][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 943.134111][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 943.136167][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 943.138346][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 943.140406][T19654] [ 943.141323][T19654] BUG: Bad page state in process syz.2.4065 pfn:4d74e [ 943.143160][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804d74fcc0 pfn:0x4d74e [ 943.145686][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 943.147993][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 943.151039][T19654] raw: ffff88804d74fcc0 0000000000000001 00000000ffffffff 0000000000000000 [ 943.154139][T19654] page dumped because: page_pool leak [ 943.156096][T19654] page_owner tracks the page as allocated [ 943.158038][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166992804, free_ts 930645927602 [ 943.164596][T19654] post_alloc_hook+0x2d1/0x350 [ 943.166341][T19654] get_page_from_freelist+0x1351/0x2e50 [ 943.168312][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 943.170237][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 943.172221][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 943.174439][T19654] page_pool_alloc_pages+0xb5/0x110 [ 943.176335][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 943.178575][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 943.180490][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 943.182441][T19654] __sys_bpf+0x10d2/0x4a00 [ 943.184133][T19654] __x64_sys_bpf+0x78/0xc0 [ 943.185767][T19654] do_syscall_64+0xcd/0x250 [ 943.187413][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.189529][T19654] page last free pid 18137 tgid 18137 stack trace: [ 943.191787][T19654] free_unref_page+0x64a/0xe40 [ 943.193560][T19654] qlist_free_all+0x4e/0x140 [ 943.195237][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 943.197195][T19654] __kasan_slab_alloc+0x69/0x90 [ 943.198947][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 943.200873][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 943.202777][T19654] xt_replace_table+0x1c7/0x910 [ 943.204636][T19654] __do_replace+0x1d9/0x9b0 [ 943.206287][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 943.207930][T19654] nf_setsockopt+0x8a/0xf0 [ 943.209399][T19654] ip_setsockopt+0xcb/0xf0 [ 943.210497][T19654] tcp_setsockopt+0xa4/0x100 [ 943.211664][T19654] do_sock_setsockopt+0x222/0x480 [ 943.212988][T19654] __sys_setsockopt+0x1a4/0x270 [ 943.214266][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 943.215574][T19654] do_syscall_64+0xcd/0x250 [ 943.216855][T19654] Modules linked in: [ 943.217935][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 943.221044][T19654] Tainted: [B]=BAD_PAGE [ 943.222129][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 943.224881][T19654] Call Trace: [ 943.225755][T19654] [ 943.226605][T19654] dump_stack_lvl+0x16c/0x1f0 [ 943.228292][T19654] bad_page+0xb3/0x220 [ 943.229788][T19654] ? __pfx_bad_page+0x10/0x10 [ 943.231479][T19654] ? page_bad_reason+0x9d/0x1e0 [ 943.233242][T19654] free_unref_page+0x69e/0xe40 [ 943.234984][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 943.237131][T19654] ? __phys_addr+0xc6/0x150 [ 943.238492][T19654] skb_free_head+0xa0/0x1d0 [ 943.239678][T19654] skb_release_data+0x75c/0x980 [ 943.240953][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 943.242708][T19654] ? rcu_is_watching+0x12/0xc0 [ 943.243953][T19654] sk_skb_reason_drop+0x133/0x200 [ 943.245272][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 943.247213][T19654] ? kernel_text_address+0x8d/0x100 [ 943.248968][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 943.250275][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 943.252105][T19654] ? hlock_class+0x4e/0x130 [ 943.253318][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 943.254610][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 943.255964][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 943.257837][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 943.259503][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 943.261001][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 943.262599][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 943.264318][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 943.265687][T19654] ? __build_skb_around+0x278/0x3b0 [ 943.267127][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 943.268595][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 943.270214][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 943.271907][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 943.273338][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 943.274694][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 943.276276][T19654] ? find_held_lock+0x2d/0x110 [ 943.277841][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 943.279778][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 943.281705][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 943.283720][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 943.285564][T19654] ? 0xffffffffa0004340 [ 943.286987][T19654] ? 0xffffffffa0004340 [ 943.288374][T19654] ? 0xffffffffa0004340 [ 943.289780][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 943.291555][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 943.293489][T19654] ? fput+0x32/0x390 [ 943.294824][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 943.296420][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 943.298205][T19654] __sys_bpf+0x10d2/0x4a00 [ 943.299779][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 943.301312][T19654] ? __fget_files+0x256/0x400 [ 943.302524][T19654] ? do_futex+0x123/0x350 [ 943.303644][T19654] ? __pfx_do_futex+0x10/0x10 [ 943.304875][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 943.306240][T19654] __x64_sys_bpf+0x78/0xc0 [ 943.307717][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 943.309185][T19654] do_syscall_64+0xcd/0x250 [ 943.310369][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.311895][T19654] RIP: 0033:0x7f679d57def9 [ 943.313070][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 943.317947][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 943.320232][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 943.322388][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 943.324438][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 943.326555][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 943.329337][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 943.332178][T19654] [ 943.333445][T19654] BUG: Bad page state in process syz.2.4065 pfn:53937 [ 943.335820][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x53937 [ 943.339279][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 943.341837][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 943.344955][T19654] raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 943.347952][T19654] page dumped because: page_pool leak [ 943.349880][T19654] page_owner tracks the page as allocated [ 943.351682][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166984954, free_ts 930645947530 [ 943.357693][T19654] post_alloc_hook+0x2d1/0x350 [ 943.359443][T19654] get_page_from_freelist+0x1351/0x2e50 [ 943.361428][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 943.363365][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 943.365330][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 943.367203][T19654] page_pool_alloc_pages+0xb5/0x110 [ 943.368551][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 943.370156][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 943.371542][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 943.372998][T19654] __sys_bpf+0x10d2/0x4a00 [ 943.374207][T19654] __x64_sys_bpf+0x78/0xc0 [ 943.375412][T19654] do_syscall_64+0xcd/0x250 [ 943.376652][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.378707][T19654] page last free pid 18137 tgid 18137 stack trace: [ 943.380973][T19654] free_unref_page+0x64a/0xe40 [ 943.382665][T19654] qlist_free_all+0x4e/0x140 [ 943.384359][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 943.386280][T19654] __kasan_slab_alloc+0x69/0x90 [ 943.387986][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 943.389846][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 943.391742][T19654] xt_replace_table+0x1c7/0x910 [ 943.393605][T19654] __do_replace+0x1d9/0x9b0 [ 943.395263][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 943.396916][T19654] nf_setsockopt+0x8a/0xf0 [ 943.398440][T19654] ip_setsockopt+0xcb/0xf0 [ 943.400001][T19654] tcp_setsockopt+0xa4/0x100 [ 943.401631][T19654] do_sock_setsockopt+0x222/0x480 [ 943.403450][T19654] __sys_setsockopt+0x1a4/0x270 [ 943.405149][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 943.406833][T19654] do_syscall_64+0xcd/0x250 [ 943.408482][T19654] Modules linked in: [ 943.409946][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 943.414245][T19654] Tainted: [B]=BAD_PAGE [ 943.415734][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 943.419280][T19654] Call Trace: [ 943.420148][T19654] [ 943.420937][T19654] dump_stack_lvl+0x16c/0x1f0 [ 943.422162][T19654] bad_page+0xb3/0x220 [ 943.423452][T19654] ? __pfx_bad_page+0x10/0x10 [ 943.425162][T19654] ? page_bad_reason+0x9d/0x1e0 [ 943.426914][T19654] free_unref_page+0x69e/0xe40 [ 943.428634][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 943.430792][T19654] ? __phys_addr+0xc6/0x150 [ 943.432420][T19654] skb_free_head+0xa0/0x1d0 [ 943.434075][T19654] skb_release_data+0x75c/0x980 [ 943.435835][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 943.438249][T19654] ? rcu_is_watching+0x12/0xc0 [ 943.439984][T19654] sk_skb_reason_drop+0x133/0x200 [ 943.441618][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 943.443550][T19654] ? kernel_text_address+0x8d/0x100 [ 943.445179][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 943.446671][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 943.448796][T19654] ? hlock_class+0x4e/0x130 [ 943.449962][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 943.451275][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 943.453038][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 943.454637][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 943.456320][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 943.457964][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 943.459823][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 943.461717][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 943.463387][T19654] ? __build_skb_around+0x278/0x3b0 [ 943.464811][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 943.466352][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 943.468315][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 943.470114][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 943.471858][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 943.473498][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 943.475198][T19654] ? find_held_lock+0x2d/0x110 [ 943.476537][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 943.478216][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 943.479818][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 943.481712][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 943.483192][T19654] ? 0xffffffffa0004340 [ 943.484445][T19654] ? 0xffffffffa0004340 [ 943.485594][T19654] ? 0xffffffffa0004340 [ 943.486791][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 943.488124][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 943.489659][T19654] ? fput+0x32/0x390 [ 943.490681][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 943.492027][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 943.493781][T19654] __sys_bpf+0x10d2/0x4a00 [ 943.495005][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 943.496400][T19654] ? __fget_files+0x256/0x400 [ 943.498007][T19654] ? do_futex+0x123/0x350 [ 943.499214][T19654] ? __pfx_do_futex+0x10/0x10 [ 943.500656][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 943.502190][T19654] __x64_sys_bpf+0x78/0xc0 [ 943.503360][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 943.505069][T19654] do_syscall_64+0xcd/0x250 [ 943.506379][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.507920][T19654] RIP: 0033:0x7f679d57def9 [ 943.509232][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 943.514849][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 943.517036][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 943.518974][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 943.520924][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 943.523185][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 943.525337][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 943.527282][T19654] [ 943.528121][T19654] BUG: Bad page state in process syz.2.4065 pfn:53936 [ 943.529785][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888053937e00 pfn:0x53936 [ 943.532210][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 943.534084][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 943.536280][T19654] raw: ffff888053937e00 0000000000000001 00000000ffffffff 0000000000000000 [ 943.538844][T19654] page dumped because: page_pool leak [ 943.540493][T19654] page_owner tracks the page as allocated [ 943.542176][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166976873, free_ts 930645947530 [ 943.548086][T19654] post_alloc_hook+0x2d1/0x350 [ 943.549424][T19654] get_page_from_freelist+0x1351/0x2e50 [ 943.551233][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 943.552620][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 943.554215][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 943.555996][T19654] page_pool_alloc_pages+0xb5/0x110 [ 943.557484][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 943.559345][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 943.560869][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 943.562553][T19654] __sys_bpf+0x10d2/0x4a00 [ 943.563846][T19654] __x64_sys_bpf+0x78/0xc0 [ 943.565089][T19654] do_syscall_64+0xcd/0x250 [ 943.566301][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.567785][T19654] page last free pid 18137 tgid 18137 stack trace: [ 943.569379][T19654] free_unref_page+0x64a/0xe40 [ 943.570563][T19654] qlist_free_all+0x4e/0x140 [ 943.571735][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 943.573477][T19654] __kasan_slab_alloc+0x69/0x90 [ 943.574759][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 943.576301][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 943.577778][T19654] xt_replace_table+0x1c7/0x910 [ 943.579169][T19654] __do_replace+0x1d9/0x9b0 [ 943.580532][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 943.581789][T19654] nf_setsockopt+0x8a/0xf0 [ 943.583021][T19654] ip_setsockopt+0xcb/0xf0 [ 943.584340][T19654] tcp_setsockopt+0xa4/0x100 [ 943.585732][T19654] do_sock_setsockopt+0x222/0x480 [ 943.587136][T19654] __sys_setsockopt+0x1a4/0x270 [ 943.588400][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 943.589709][T19654] do_syscall_64+0xcd/0x250 [ 943.590844][T19654] Modules linked in: [ 943.591846][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 943.595112][T19654] Tainted: [B]=BAD_PAGE [ 943.596324][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 943.599068][T19654] Call Trace: [ 943.599904][T19654] [ 943.600864][T19654] dump_stack_lvl+0x16c/0x1f0 [ 943.602361][T19654] bad_page+0xb3/0x220 [ 943.603414][T19654] ? __pfx_bad_page+0x10/0x10 [ 943.604803][T19654] ? page_bad_reason+0x9d/0x1e0 [ 943.606165][T19654] free_unref_page+0x69e/0xe40 [ 943.607504][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 943.609060][T19654] ? __phys_addr+0xc6/0x150 [ 943.610210][T19654] skb_free_head+0xa0/0x1d0 [ 943.611354][T19654] skb_release_data+0x75c/0x980 [ 943.612584][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 943.614622][T19654] ? rcu_is_watching+0x12/0xc0 [ 943.615922][T19654] sk_skb_reason_drop+0x133/0x200 [ 943.617295][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 943.618960][T19654] ? kernel_text_address+0x8d/0x100 [ 943.620242][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 943.621510][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 943.623246][T19654] ? hlock_class+0x4e/0x130 [ 943.624400][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 943.625635][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 943.626972][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 943.628474][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 943.630073][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 943.631476][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 943.633035][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 943.634772][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 943.636137][T19654] ? __build_skb_around+0x278/0x3b0 [ 943.637788][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 943.639145][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 943.640762][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 943.642444][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 943.643895][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 943.645473][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 943.647237][T19654] ? find_held_lock+0x2d/0x110 [ 943.648799][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 943.650396][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 943.652231][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 943.653787][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 943.655255][T19654] ? 0xffffffffa0004340 [ 943.656424][T19654] ? 0xffffffffa0004340 [ 943.657634][T19654] ? 0xffffffffa0004340 [ 943.658755][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 943.660330][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 943.662253][T19654] ? fput+0x32/0x390 [ 943.663314][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 943.664705][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 943.666348][T19654] __sys_bpf+0x10d2/0x4a00 [ 943.667644][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 943.668951][T19654] ? __fget_files+0x256/0x400 [ 943.670200][T19654] ? do_futex+0x123/0x350 [ 943.671345][T19654] ? __pfx_do_futex+0x10/0x10 [ 943.672601][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 943.674012][T19654] __x64_sys_bpf+0x78/0xc0 [ 943.675202][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 943.676600][T19654] do_syscall_64+0xcd/0x250 [ 943.677870][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.679431][T19654] RIP: 0033:0x7f679d57def9 [ 943.680617][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 943.685720][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 943.687953][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 943.690040][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 943.692126][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 943.694232][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 943.696352][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 943.698571][T19654] [ 943.699555][T19654] BUG: Bad page state in process syz.2.4065 pfn:5b17f [ 943.701524][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x5b17f [ 943.704045][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 943.706330][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 943.709045][T19654] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 943.711582][T19654] page dumped because: page_pool leak [ 943.713225][T19654] page_owner tracks the page as allocated [ 943.714940][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166969096, free_ts 930646009891 [ 943.720775][T19654] post_alloc_hook+0x2d1/0x350 [ 943.722280][T19654] get_page_from_freelist+0x1351/0x2e50 [ 943.724264][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 943.726106][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 943.728025][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 943.730077][T19654] page_pool_alloc_pages+0xb5/0x110 [ 943.731885][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 943.734079][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 943.735889][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 943.737750][T19654] __sys_bpf+0x10d2/0x4a00 [ 943.739281][T19654] __x64_sys_bpf+0x78/0xc0 [ 943.740835][T19654] do_syscall_64+0xcd/0x250 [ 943.742147][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.744185][T19654] page last free pid 18137 tgid 18137 stack trace: [ 943.746199][T19654] free_unref_page+0x64a/0xe40 [ 943.747614][T19654] qlist_free_all+0x4e/0x140 [ 943.749112][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 943.750933][T19654] __kasan_slab_alloc+0x69/0x90 [ 943.752283][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 943.754015][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 943.755688][T19654] xt_replace_table+0x1c7/0x910 [ 943.757369][T19654] __do_replace+0x1d9/0x9b0 [ 943.758670][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 943.760202][T19654] nf_setsockopt+0x8a/0xf0 [ 943.761763][T19654] ip_setsockopt+0xcb/0xf0 [ 943.763168][T19654] tcp_setsockopt+0xa4/0x100 [ 943.764699][T19654] do_sock_setsockopt+0x222/0x480 [ 943.766431][T19654] __sys_setsockopt+0x1a4/0x270 [ 943.768083][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 943.769589][T19654] do_syscall_64+0xcd/0x250 [ 943.771182][T19654] Modules linked in: [ 943.772216][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 943.776303][T19654] Tainted: [B]=BAD_PAGE [ 943.777781][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 943.780897][T19654] Call Trace: [ 943.782117][T19654] [ 943.783181][T19654] dump_stack_lvl+0x16c/0x1f0 [ 943.784865][T19654] bad_page+0xb3/0x220 [ 943.786316][T19654] ? __pfx_bad_page+0x10/0x10 [ 943.787917][T19654] ? page_bad_reason+0x9d/0x1e0 [ 943.789587][T19654] free_unref_page+0x69e/0xe40 [ 943.791248][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 943.793318][T19654] ? __phys_addr+0xc6/0x150 [ 943.794934][T19654] skb_free_head+0xa0/0x1d0 [ 943.796523][T19654] skb_release_data+0x75c/0x980 [ 943.798249][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 943.800649][T19654] ? rcu_is_watching+0x12/0xc0 [ 943.802335][T19654] sk_skb_reason_drop+0x133/0x200 [ 943.804109][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 943.806426][T19654] ? kernel_text_address+0x8d/0x100 [ 943.808189][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 943.809946][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 943.812419][T19654] ? hlock_class+0x4e/0x130 [ 943.814059][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 943.815816][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 943.817641][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 943.819807][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 943.822021][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 943.823957][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 943.826092][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 943.827894][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 943.829253][T19654] ? __build_skb_around+0x278/0x3b0 [ 943.830607][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 943.832012][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 943.833666][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 943.835361][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 943.837002][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 943.838828][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 943.840907][T19654] ? find_held_lock+0x2d/0x110 [ 943.842756][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 943.844945][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 943.847055][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 943.849132][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 943.850998][T19654] ? 0xffffffffa0004340 [ 943.852485][T19654] ? 0xffffffffa0004340 [ 943.853967][T19654] ? 0xffffffffa0004340 [ 943.855436][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 943.857330][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 943.859213][T19654] ? fput+0x32/0x390 [ 943.860232][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 943.861509][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 943.863013][T19654] __sys_bpf+0x10d2/0x4a00 [ 943.864168][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 943.865409][T19654] ? __fget_files+0x256/0x400 [ 943.866660][T19654] ? do_futex+0x123/0x350 [ 943.867824][T19654] ? __pfx_do_futex+0x10/0x10 [ 943.869131][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 943.870495][T19654] __x64_sys_bpf+0x78/0xc0 [ 943.871652][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 943.873034][T19654] do_syscall_64+0xcd/0x250 [ 943.874214][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.875736][T19654] RIP: 0033:0x7f679d57def9 [ 943.876993][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 943.881904][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 943.884034][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 943.886063][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 943.888714][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 943.891516][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 943.894322][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 943.897109][T19654] [ 943.898380][T19654] BUG: Bad page state in process syz.2.4065 pfn:5b17e [ 943.900987][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805b17fcc0 pfn:0x5b17e [ 943.904787][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 943.907283][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 943.910318][T19654] raw: ffff88805b17fcc0 0000000000000001 00000000ffffffff 0000000000000000 [ 943.913366][T19654] page dumped because: page_pool leak [ 943.915234][T19654] page_owner tracks the page as allocated [ 943.917212][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166961153, free_ts 930646009891 [ 943.923619][T19654] post_alloc_hook+0x2d1/0x350 [ 943.925375][T19654] get_page_from_freelist+0x1351/0x2e50 [ 943.927307][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 943.929238][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 943.931225][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 943.933447][T19654] page_pool_alloc_pages+0xb5/0x110 [ 943.935338][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 943.937551][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 943.939399][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 943.941292][T19654] __sys_bpf+0x10d2/0x4a00 [ 943.942872][T19654] __x64_sys_bpf+0x78/0xc0 [ 943.944527][T19654] do_syscall_64+0xcd/0x250 [ 943.946158][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.948209][T19654] page last free pid 18137 tgid 18137 stack trace: [ 943.950429][T19654] free_unref_page+0x64a/0xe40 [ 943.952093][T19654] qlist_free_all+0x4e/0x140 [ 943.953831][T19654] kasan_quarantine_reduce+0x192/0x1e0 [ 943.955738][T19654] __kasan_slab_alloc+0x69/0x90 [ 943.957447][T19654] __kmalloc_node_noprof+0x1c3/0x430 [ 943.959307][T19654] __kvmalloc_node_noprof+0x9d/0x1a0 [ 943.961170][T19654] xt_replace_table+0x1c7/0x910 [ 943.962872][T19654] __do_replace+0x1d9/0x9b0 [ 943.964159][T19654] do_ipt_set_ctl+0x93c/0xc30 [ 943.965407][T19654] nf_setsockopt+0x8a/0xf0 [ 943.966677][T19654] ip_setsockopt+0xcb/0xf0 [ 943.968289][T19654] tcp_setsockopt+0xa4/0x100 [ 943.969965][T19654] do_sock_setsockopt+0x222/0x480 [ 943.971786][T19654] __sys_setsockopt+0x1a4/0x270 [ 943.973621][T19654] __x64_sys_setsockopt+0xbd/0x160 [ 943.975420][T19654] do_syscall_64+0xcd/0x250 [ 943.976994][T19654] Modules linked in: [ 943.978330][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 943.982435][T19654] Tainted: [B]=BAD_PAGE [ 943.983887][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 943.987525][T19654] Call Trace: [ 943.988683][T19654] [ 943.989715][T19654] dump_stack_lvl+0x16c/0x1f0 [ 943.991340][T19654] bad_page+0xb3/0x220 [ 943.992776][T19654] ? __pfx_bad_page+0x10/0x10 [ 943.994431][T19654] ? page_bad_reason+0x9d/0x1e0 [ 943.996145][T19654] free_unref_page+0x69e/0xe40 [ 943.997625][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 943.999181][T19654] ? __phys_addr+0xc6/0x150 [ 944.000358][T19654] skb_free_head+0xa0/0x1d0 [ 944.001556][T19654] skb_release_data+0x75c/0x980 [ 944.002863][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 944.005364][T19654] ? rcu_is_watching+0x12/0xc0 [ 944.006662][T19654] sk_skb_reason_drop+0x133/0x200 [ 944.008004][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 944.009744][T19654] ? kernel_text_address+0x8d/0x100 [ 944.011107][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 944.012554][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 944.014660][T19654] ? hlock_class+0x4e/0x130 [ 944.016001][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 944.017320][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 944.018679][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 944.020242][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 944.021939][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 944.023426][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 944.025044][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 944.026777][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 944.028126][T19654] ? __build_skb_around+0x278/0x3b0 [ 944.029486][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 944.030862][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 944.032495][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 944.034218][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 944.035692][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 944.037097][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 944.038619][T19654] ? find_held_lock+0x2d/0x110 [ 944.039864][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 944.041457][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 944.042995][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 944.044528][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 944.045921][T19654] ? 0xffffffffa0004340 [ 944.047012][T19654] ? 0xffffffffa0004340 [ 944.048094][T19654] ? 0xffffffffa0004340 [ 944.049183][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 944.050577][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 944.052101][T19654] ? fput+0x32/0x390 [ 944.053163][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 944.054425][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 944.055940][T19654] __sys_bpf+0x10d2/0x4a00 [ 944.057114][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 944.058519][T19654] ? __fget_files+0x256/0x400 [ 944.059893][T19654] ? do_futex+0x123/0x350 [ 944.061029][T19654] ? __pfx_do_futex+0x10/0x10 [ 944.062275][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 944.063646][T19654] __x64_sys_bpf+0x78/0xc0 [ 944.064806][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 944.066206][T19654] do_syscall_64+0xcd/0x250 [ 944.067382][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.068926][T19654] RIP: 0033:0x7f679d57def9 [ 944.070090][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 944.075036][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 944.077189][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 944.079190][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 944.081215][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 944.083245][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 944.085278][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 944.087306][T19654] [ 944.088206][T19654] BUG: Bad page state in process syz.2.4065 pfn:4767b [ 944.089983][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x4767b [ 944.092583][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 944.094501][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 944.096763][T19654] raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 944.098968][T19654] page dumped because: page_pool leak [ 944.100354][T19654] page_owner tracks the page as allocated [ 944.101845][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166952874, free_ts 930681426416 [ 944.106600][T19654] post_alloc_hook+0x2d1/0x350 [ 944.107842][T19654] get_page_from_freelist+0x1351/0x2e50 [ 944.109272][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 944.110631][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 944.112084][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 944.113719][T19654] page_pool_alloc_pages+0xb5/0x110 [ 944.115069][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 944.116672][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 944.118044][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 944.119433][T19654] __sys_bpf+0x10d2/0x4a00 [ 944.120597][T19654] __x64_sys_bpf+0x78/0xc0 [ 944.121773][T19654] do_syscall_64+0xcd/0x250 [ 944.122970][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.124550][T19654] page last free pid 17199 tgid 17199 stack trace: [ 944.126228][T19654] free_unref_page+0x64a/0xe40 [ 944.127477][T19654] __mmdrop+0xd5/0x460 [ 944.128539][T19654] finish_task_switch.isra.0+0x7af/0xcc0 [ 944.130010][T19654] __schedule+0xe3f/0x5490 [ 944.131170][T19654] schedule+0xe7/0x350 [ 944.132236][T19654] do_nanosleep+0x216/0x510 [ 944.133486][T19654] hrtimer_nanosleep+0x1ab/0x440 [ 944.134786][T19654] common_nsleep+0xa1/0xd0 [ 944.135956][T19654] __x64_sys_clock_nanosleep+0x344/0x4a0 [ 944.137420][T19654] do_syscall_64+0xcd/0x250 [ 944.138891][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.140871][T19654] Modules linked in: [ 944.141967][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 944.145536][T19654] Tainted: [B]=BAD_PAGE [ 944.146993][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 944.149848][T19654] Call Trace: [ 944.150734][T19654] [ 944.151506][T19654] dump_stack_lvl+0x16c/0x1f0 [ 944.152760][T19654] bad_page+0xb3/0x220 [ 944.153827][T19654] ? __pfx_bad_page+0x10/0x10 [ 944.155052][T19654] ? page_bad_reason+0x9d/0x1e0 [ 944.156331][T19654] free_unref_page+0x69e/0xe40 [ 944.157617][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 944.159240][T19654] ? __phys_addr+0xc6/0x150 [ 944.160861][T19654] skb_free_head+0xa0/0x1d0 [ 944.162476][T19654] skb_release_data+0x75c/0x980 [ 944.163812][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 944.165584][T19654] ? rcu_is_watching+0x12/0xc0 [ 944.166835][T19654] sk_skb_reason_drop+0x133/0x200 [ 944.168149][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 944.169876][T19654] ? kernel_text_address+0x8d/0x100 [ 944.171224][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 944.172545][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 944.174245][T19654] ? hlock_class+0x4e/0x130 [ 944.175349][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 944.176526][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 944.177768][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 944.179322][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 944.181001][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 944.182479][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 944.184075][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 944.185801][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 944.187147][T19654] ? __build_skb_around+0x278/0x3b0 [ 944.188495][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 944.189898][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 944.191532][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 944.193239][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 944.194702][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 944.196317][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 944.198183][T19654] ? find_held_lock+0x2d/0x110 [ 944.199750][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 944.201296][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 944.202823][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 944.204336][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 944.205713][T19654] ? 0xffffffffa0004340 [ 944.206795][T19654] ? 0xffffffffa0004340 [ 944.207896][T19654] ? 0xffffffffa0004340 [ 944.208997][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 944.210388][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 944.211893][T19654] ? fput+0x32/0x390 [ 944.212941][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 944.214189][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 944.215699][T19654] __sys_bpf+0x10d2/0x4a00 [ 944.216916][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 944.218576][T19654] ? __fget_files+0x256/0x400 [ 944.220135][T19654] ? do_futex+0x123/0x350 [ 944.221269][T19654] ? __pfx_do_futex+0x10/0x10 [ 944.222485][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 944.223842][T19654] __x64_sys_bpf+0x78/0xc0 [ 944.225019][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 944.226688][T19654] do_syscall_64+0xcd/0x250 [ 944.228367][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.229931][T19654] RIP: 0033:0x7f679d57def9 [ 944.231328][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 944.236960][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 944.238978][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 944.240916][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 944.242838][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 944.244840][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 944.246873][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 944.248897][T19654] [ 944.249818][T19654] BUG: Bad page state in process syz.2.4065 pfn:4767a [ 944.251568][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880272d2f80 pfn:0x4767a [ 944.254212][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 944.256041][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 944.258265][T19654] raw: ffff8880272d2f80 0000000000000001 00000000ffffffff 0000000000000000 [ 944.260409][T19654] page dumped because: page_pool leak [ 944.261795][T19654] page_owner tracks the page as allocated [ 944.263255][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166944689, free_ts 930681426416 [ 944.267947][T19654] post_alloc_hook+0x2d1/0x350 [ 944.269209][T19654] get_page_from_freelist+0x1351/0x2e50 [ 944.270642][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 944.272012][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 944.273517][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 944.275054][T19654] page_pool_alloc_pages+0xb5/0x110 [ 944.276446][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 944.278064][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 944.279433][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 944.280839][T19654] __sys_bpf+0x10d2/0x4a00 [ 944.281994][T19654] __x64_sys_bpf+0x78/0xc0 [ 944.283229][T19654] do_syscall_64+0xcd/0x250 [ 944.284412][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.285944][T19654] page last free pid 17199 tgid 17199 stack trace: [ 944.287574][T19654] free_unref_page+0x64a/0xe40 [ 944.288783][T19654] __mmdrop+0xd5/0x460 [ 944.289848][T19654] finish_task_switch.isra.0+0x7af/0xcc0 [ 944.291294][T19654] __schedule+0xe3f/0x5490 [ 944.292505][T19654] schedule+0xe7/0x350 [ 944.293742][T19654] do_nanosleep+0x216/0x510 [ 944.294941][T19654] hrtimer_nanosleep+0x1ab/0x440 [ 944.296233][T19654] common_nsleep+0xa1/0xd0 [ 944.297411][T19654] __x64_sys_clock_nanosleep+0x344/0x4a0 [ 944.298872][T19654] do_syscall_64+0xcd/0x250 [ 944.300077][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.301641][T19654] Modules linked in: [ 944.302946][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 944.306739][T19654] Tainted: [B]=BAD_PAGE [ 944.307817][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 944.311009][T19654] Call Trace: [ 944.312036][T19654] [ 944.313079][T19654] dump_stack_lvl+0x16c/0x1f0 [ 944.314612][T19654] bad_page+0xb3/0x220 [ 944.315854][T19654] ? __pfx_bad_page+0x10/0x10 [ 944.317101][T19654] ? page_bad_reason+0x9d/0x1e0 [ 944.318385][T19654] free_unref_page+0x69e/0xe40 [ 944.319692][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 944.321432][T19654] ? __phys_addr+0xc6/0x150 [ 944.322643][T19654] skb_free_head+0xa0/0x1d0 [ 944.323828][T19654] skb_release_data+0x75c/0x980 [ 944.325131][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 944.326938][T19654] ? rcu_is_watching+0x12/0xc0 [ 944.328187][T19654] sk_skb_reason_drop+0x133/0x200 [ 944.329502][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 944.331220][T19654] ? kernel_text_address+0x8d/0x100 [ 944.332591][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 944.333914][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 944.335746][T19654] ? hlock_class+0x4e/0x130 [ 944.337020][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 944.338312][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 944.339656][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 944.341188][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 944.342861][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 944.344339][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 944.345970][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 944.347710][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 944.349113][T19654] ? __build_skb_around+0x278/0x3b0 [ 944.350469][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 944.351844][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 944.353479][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 944.355157][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 944.356622][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 944.357994][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 944.359495][T19654] ? find_held_lock+0x2d/0x110 [ 944.360746][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 944.362278][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 944.363813][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 944.365329][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 944.366703][T19654] ? 0xffffffffa0004340 [ 944.367781][T19654] ? 0xffffffffa0004340 [ 944.368893][T19654] ? 0xffffffffa0004340 [ 944.369971][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 944.371371][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 944.372902][T19654] ? fput+0x32/0x390 [ 944.373943][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 944.375255][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 944.376785][T19654] __sys_bpf+0x10d2/0x4a00 [ 944.377950][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 944.379198][T19654] ? __fget_files+0x256/0x400 [ 944.380423][T19654] ? do_futex+0x123/0x350 [ 944.381568][T19654] ? __pfx_do_futex+0x10/0x10 [ 944.382803][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 944.384173][T19654] __x64_sys_bpf+0x78/0xc0 [ 944.385340][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 944.386693][T19654] do_syscall_64+0xcd/0x250 [ 944.387874][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.389405][T19654] RIP: 0033:0x7f679d57def9 [ 944.390561][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 944.395575][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 944.397756][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 944.399896][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 944.401990][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 944.404213][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 944.406438][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 944.408591][T19654] [ 944.409585][T19654] BUG: Bad page state in process syz.2.4065 pfn:4ea93 [ 944.411537][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888100000002 pfn:0x4ea93 [ 944.414226][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 944.416055][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 944.418244][T19654] raw: ffff888100000002 0000000000000001 00000000ffffffff 0000000000000000 [ 944.420446][T19654] page dumped because: page_pool leak [ 944.421833][T19654] page_owner tracks the page as allocated [ 944.423326][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166936936, free_ts 931051156725 [ 944.428023][T19654] post_alloc_hook+0x2d1/0x350 [ 944.429275][T19654] get_page_from_freelist+0x1351/0x2e50 [ 944.430707][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 944.432065][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 944.433590][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 944.435100][T19654] page_pool_alloc_pages+0xb5/0x110 [ 944.436453][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 944.438057][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 944.439428][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 944.440831][T19654] __sys_bpf+0x10d2/0x4a00 [ 944.441996][T19654] __x64_sys_bpf+0x78/0xc0 [ 944.443248][T19654] do_syscall_64+0xcd/0x250 [ 944.444457][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.446005][T19654] page last free pid 19507 tgid 19505 stack trace: [ 944.447690][T19654] free_unref_page+0x64a/0xe40 [ 944.448957][T19654] __mmdrop+0xd5/0x460 [ 944.450033][T19654] __mmput+0x3c8/0x480 [ 944.451102][T19654] mmput+0x62/0x70 [ 944.452085][T19654] do_exit+0x9bf/0x2bb0 [ 944.453278][T19654] do_group_exit+0xd3/0x2a0 [ 944.454460][T19654] get_signal+0x25fb/0x2770 [ 944.455618][T19654] arch_do_signal_or_restart+0x90/0x7e0 [ 944.457051][T19654] syscall_exit_to_user_mode+0x150/0x2a0 [ 944.458514][T19654] do_syscall_64+0xda/0x250 [ 944.459701][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.461236][T19654] Modules linked in: [ 944.462260][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 944.465379][T19654] Tainted: [B]=BAD_PAGE [ 944.466454][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 944.469204][T19654] Call Trace: [ 944.470080][T19654] [ 944.470862][T19654] dump_stack_lvl+0x16c/0x1f0 [ 944.472102][T19654] bad_page+0xb3/0x220 [ 944.473194][T19654] ? __pfx_bad_page+0x10/0x10 [ 944.474442][T19654] ? page_bad_reason+0x9d/0x1e0 [ 944.475753][T19654] free_unref_page+0x69e/0xe40 [ 944.477013][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 944.478556][T19654] ? __phys_addr+0xc6/0x150 [ 944.479732][T19654] skb_free_head+0xa0/0x1d0 [ 944.480930][T19654] skb_release_data+0x75c/0x980 [ 944.482190][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 944.484026][T19654] ? rcu_is_watching+0x12/0xc0 [ 944.485303][T19654] sk_skb_reason_drop+0x133/0x200 [ 944.486610][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 944.488322][T19654] ? kernel_text_address+0x8d/0x100 [ 944.489675][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 944.490979][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 944.492803][T19654] ? hlock_class+0x4e/0x130 [ 944.494044][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 944.495479][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 944.496869][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 944.498621][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 944.500406][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 944.502014][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 944.503626][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 944.505353][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 944.506674][T19654] ? __build_skb_around+0x278/0x3b0 [ 944.508041][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 944.509433][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 944.511044][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 944.512767][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 944.514243][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 944.515624][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 944.517137][T19654] ? find_held_lock+0x2d/0x110 [ 944.518395][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 944.519936][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 944.521464][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 944.522983][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 944.524361][T19654] ? 0xffffffffa0004340 [ 944.525449][T19654] ? 0xffffffffa0004340 [ 944.526531][T19654] ? 0xffffffffa0004340 [ 944.527609][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 944.529005][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 944.530512][T19654] ? fput+0x32/0x390 [ 944.531533][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 944.532795][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 944.534296][T19654] __sys_bpf+0x10d2/0x4a00 [ 944.535460][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 944.536732][T19654] ? __fget_files+0x256/0x400 [ 944.537976][T19654] ? do_futex+0x123/0x350 [ 944.539105][T19654] ? __pfx_do_futex+0x10/0x10 [ 944.540332][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 944.541665][T19654] __x64_sys_bpf+0x78/0xc0 [ 944.542798][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 944.544156][T19654] do_syscall_64+0xcd/0x250 [ 944.545369][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.546900][T19654] RIP: 0033:0x7f679d57def9 [ 944.548057][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 944.553003][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 944.555137][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 944.557175][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 944.559203][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 944.561291][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 944.563652][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 944.566187][T19654] [ 944.567331][T19654] BUG: Bad page state in process syz.2.4065 pfn:4ea92 [ 944.569553][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802dba9c80 pfn:0x4ea92 [ 944.572856][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 944.575151][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 944.577972][T19654] raw: ffff88802dba9c80 0000000000000001 00000000ffffffff 0000000000000000 [ 944.580756][T19654] page dumped because: page_pool leak [ 944.582504][T19654] page_owner tracks the page as allocated [ 944.584424][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166928757, free_ts 931051156725 [ 944.590616][T19654] post_alloc_hook+0x2d1/0x350 [ 944.592197][T19654] get_page_from_freelist+0x1351/0x2e50 [ 944.594009][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 944.595732][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 944.597562][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 944.599528][T19654] page_pool_alloc_pages+0xb5/0x110 [ 944.601256][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 944.603341][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 944.605066][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 944.606837][T19654] __sys_bpf+0x10d2/0x4a00 [ 944.608337][T19654] __x64_sys_bpf+0x78/0xc0 [ 944.609860][T19654] do_syscall_64+0xcd/0x250 [ 944.611316][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.613314][T19654] page last free pid 19507 tgid 19505 stack trace: [ 944.615490][T19654] free_unref_page+0x64a/0xe40 [ 944.617139][T19654] __mmdrop+0xd5/0x460 [ 944.618500][T19654] __mmput+0x3c8/0x480 [ 944.619891][T19654] mmput+0x62/0x70 [ 944.621139][T19654] do_exit+0x9bf/0x2bb0 [ 944.622565][T19654] do_group_exit+0xd3/0x2a0 [ 944.624165][T19654] get_signal+0x25fb/0x2770 [ 944.625713][T19654] arch_do_signal_or_restart+0x90/0x7e0 [ 944.627548][T19654] syscall_exit_to_user_mode+0x150/0x2a0 [ 944.629401][T19654] do_syscall_64+0xda/0x250 [ 944.630921][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.632894][T19654] Modules linked in: [ 944.634116][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 944.637226][T19654] Tainted: [B]=BAD_PAGE [ 944.638338][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 944.641704][T19654] Call Trace: [ 944.642794][T19654] [ 944.643775][T19654] dump_stack_lvl+0x16c/0x1f0 [ 944.645300][T19654] bad_page+0xb3/0x220 [ 944.646619][T19654] ? __pfx_bad_page+0x10/0x10 [ 944.648142][T19654] ? page_bad_reason+0x9d/0x1e0 [ 944.649732][T19654] free_unref_page+0x69e/0xe40 [ 944.651279][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 944.653263][T19654] ? __phys_addr+0xc6/0x150 [ 944.654603][T19654] skb_free_head+0xa0/0x1d0 [ 944.656021][T19654] skb_release_data+0x75c/0x980 [ 944.657619][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 944.659518][T19654] ? rcu_is_watching+0x12/0xc0 [ 944.660921][T19654] sk_skb_reason_drop+0x133/0x200 [ 944.662529][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 944.664351][T19654] ? kernel_text_address+0x8d/0x100 [ 944.665923][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 944.667611][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 944.669855][T19654] ? hlock_class+0x4e/0x130 [ 944.671149][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 944.672856][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 944.674563][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 944.676649][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 944.678885][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 944.680590][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 944.682620][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 944.684550][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 944.685943][T19654] ? __build_skb_around+0x278/0x3b0 [ 944.687325][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 944.688787][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 944.690831][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 944.693006][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 944.694909][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 944.696631][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 944.698631][T19654] ? find_held_lock+0x2d/0x110 [ 944.700310][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 944.702359][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 944.704232][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 944.706110][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 944.707895][T19654] ? 0xffffffffa0004340 [ 944.709281][T19654] ? 0xffffffffa0004340 [ 944.710670][T19654] ? 0xffffffffa0004340 [ 944.712064][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 944.713810][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 944.715360][T19654] ? fput+0x32/0x390 [ 944.716601][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 944.718261][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 944.719920][T19654] __sys_bpf+0x10d2/0x4a00 [ 944.721102][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 944.722347][T19654] ? __fget_files+0x256/0x400 [ 944.723567][T19654] ? do_futex+0x123/0x350 [ 944.724922][T19654] ? __pfx_do_futex+0x10/0x10 [ 944.726503][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 944.728331][T19654] __x64_sys_bpf+0x78/0xc0 [ 944.729873][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 944.731558][T19654] do_syscall_64+0xcd/0x250 [ 944.733098][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.734698][T19654] RIP: 0033:0x7f679d57def9 [ 944.736075][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 944.742152][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 944.744736][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 944.747237][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 944.749778][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 944.752029][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 944.754384][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 944.757044][T19654] [ 944.758197][T19654] BUG: Bad page state in process syz.2.4065 pfn:36e43 [ 944.760491][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x700000002 pfn:0x36e43 [ 944.763686][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 944.766066][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 944.768952][T19654] raw: 0000000700000002 0000000000000001 00000000ffffffff 0000000000000000 [ 944.771642][T19654] page dumped because: page_pool leak [ 944.773058][T19654] page_owner tracks the page as allocated [ 944.774559][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166920700, free_ts 931300240094 [ 944.779329][T19654] post_alloc_hook+0x2d1/0x350 [ 944.780583][T19654] get_page_from_freelist+0x1351/0x2e50 [ 944.782018][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 944.783431][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 944.784871][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 944.786401][T19654] page_pool_alloc_pages+0xb5/0x110 [ 944.787756][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 944.789360][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 944.790730][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 944.792119][T19654] __sys_bpf+0x10d2/0x4a00 [ 944.793312][T19654] __x64_sys_bpf+0x78/0xc0 [ 944.794458][T19654] do_syscall_64+0xcd/0x250 [ 944.795952][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.797727][T19654] page last free pid 19513 tgid 19512 stack trace: [ 944.799711][T19654] free_unref_page+0x64a/0xe40 [ 944.800983][T19654] __mmdrop+0xd5/0x460 [ 944.802048][T19654] __mmput+0x3c8/0x480 [ 944.803168][T19654] mmput+0x62/0x70 [ 944.804153][T19654] do_exit+0x9bf/0x2bb0 [ 944.805254][T19654] do_group_exit+0xd3/0x2a0 [ 944.806436][T19654] get_signal+0x25fb/0x2770 [ 944.807617][T19654] arch_do_signal_or_restart+0x90/0x7e0 [ 944.809092][T19654] syscall_exit_to_user_mode+0x150/0x2a0 [ 944.810547][T19654] do_syscall_64+0xda/0x250 [ 944.811750][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.813410][T19654] Modules linked in: [ 944.814432][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 944.817712][T19654] Tainted: [B]=BAD_PAGE [ 944.819102][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 944.822295][T19654] Call Trace: [ 944.823186][T19654] [ 944.823961][T19654] dump_stack_lvl+0x16c/0x1f0 [ 944.825207][T19654] bad_page+0xb3/0x220 [ 944.826263][T19654] ? __pfx_bad_page+0x10/0x10 [ 944.827489][T19654] ? page_bad_reason+0x9d/0x1e0 [ 944.828768][T19654] free_unref_page+0x69e/0xe40 [ 944.829857][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 944.831212][T19654] ? __phys_addr+0xc6/0x150 [ 944.832242][T19654] skb_free_head+0xa0/0x1d0 [ 944.833381][T19654] skb_release_data+0x75c/0x980 [ 944.834658][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 944.836411][T19654] ? rcu_is_watching+0x12/0xc0 [ 944.837680][T19654] sk_skb_reason_drop+0x133/0x200 [ 944.838980][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 944.840672][T19654] ? kernel_text_address+0x8d/0x100 [ 944.842119][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 944.843455][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 944.845344][T19654] ? hlock_class+0x4e/0x130 [ 944.846581][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 944.847936][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 944.849313][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 944.850868][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 944.852541][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 944.854031][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 944.855625][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 944.857345][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 944.858703][T19654] ? __build_skb_around+0x278/0x3b0 [ 944.860056][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 944.861440][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 944.863071][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 944.864778][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 944.866391][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 944.867768][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 944.869288][T19654] ? find_held_lock+0x2d/0x110 [ 944.870527][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 944.872067][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 944.873617][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 944.875143][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 944.876523][T19654] ? 0xffffffffa0004340 [ 944.877617][T19654] ? 0xffffffffa0004340 [ 944.878703][T19654] ? 0xffffffffa0004340 [ 944.879794][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 944.881209][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 944.882758][T19654] ? fput+0x32/0x390 [ 944.883790][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 944.885050][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 944.886566][T19654] __sys_bpf+0x10d2/0x4a00 [ 944.887734][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 944.888987][T19654] ? __fget_files+0x256/0x400 [ 944.890219][T19654] ? do_futex+0x123/0x350 [ 944.891355][T19654] ? __pfx_do_futex+0x10/0x10 [ 944.892604][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 944.893999][T19654] __x64_sys_bpf+0x78/0xc0 [ 944.895184][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 944.896566][T19654] do_syscall_64+0xcd/0x250 [ 944.897737][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.899268][T19654] RIP: 0033:0x7f679d57def9 [ 944.900432][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 944.905618][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 944.907965][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 944.910120][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 944.912306][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 944.914378][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 944.916430][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 944.918596][T19654] [ 944.919459][T19654] BUG: Bad page state in process syz.2.4065 pfn:36e42 [ 944.921196][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802983d580 pfn:0x36e42 [ 944.923868][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 944.925845][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 944.928199][T19654] raw: ffff88802983d580 0000000000000001 00000000ffffffff 0000000000000000 [ 944.930548][T19654] page dumped because: page_pool leak [ 944.931937][T19654] page_owner tracks the page as allocated [ 944.933468][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166912770, free_ts 931300240094 [ 944.938224][T19654] post_alloc_hook+0x2d1/0x350 [ 944.939479][T19654] get_page_from_freelist+0x1351/0x2e50 [ 944.940903][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 944.942303][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 944.944176][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 944.946171][T19654] page_pool_alloc_pages+0xb5/0x110 [ 944.947930][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 944.950004][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 944.951776][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 944.953663][T19654] __sys_bpf+0x10d2/0x4a00 [ 944.955202][T19654] __x64_sys_bpf+0x78/0xc0 [ 944.956712][T19654] do_syscall_64+0xcd/0x250 [ 944.958290][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.960276][T19654] page last free pid 19513 tgid 19512 stack trace: [ 944.962466][T19654] free_unref_page+0x64a/0xe40 [ 944.964162][T19654] __mmdrop+0xd5/0x460 [ 944.965540][T19654] __mmput+0x3c8/0x480 [ 944.966920][T19654] mmput+0x62/0x70 [ 944.968188][T19654] do_exit+0x9bf/0x2bb0 [ 944.969604][T19654] do_group_exit+0xd3/0x2a0 [ 944.971060][T19654] get_signal+0x25fb/0x2770 [ 944.972602][T19654] arch_do_signal_or_restart+0x90/0x7e0 [ 944.974537][T19654] syscall_exit_to_user_mode+0x150/0x2a0 [ 944.976415][T19654] do_syscall_64+0xda/0x250 [ 944.977981][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.979973][T19654] Modules linked in: [ 944.981309][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 944.985376][T19654] Tainted: [B]=BAD_PAGE [ 944.986775][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 944.990353][T19654] Call Trace: [ 944.991481][T19654] [ 944.992493][T19654] dump_stack_lvl+0x16c/0x1f0 [ 944.994099][T19654] bad_page+0xb3/0x220 [ 944.995460][T19654] ? __pfx_bad_page+0x10/0x10 [ 944.996783][T19654] ? page_bad_reason+0x9d/0x1e0 [ 944.998065][T19654] free_unref_page+0x69e/0xe40 [ 944.999333][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 945.000917][T19654] ? __phys_addr+0xc6/0x150 [ 945.002116][T19654] skb_free_head+0xa0/0x1d0 [ 945.003317][T19654] skb_release_data+0x75c/0x980 [ 945.004605][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 945.006389][T19654] ? rcu_is_watching+0x12/0xc0 [ 945.007657][T19654] sk_skb_reason_drop+0x133/0x200 [ 945.008993][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 945.010725][T19654] ? kernel_text_address+0x8d/0x100 [ 945.012095][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 945.013436][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 945.015271][T19654] ? hlock_class+0x4e/0x130 [ 945.016464][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 945.017770][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 945.019140][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 945.020709][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 945.022408][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 945.023888][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 945.025497][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 945.027221][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 945.028606][T19654] ? __build_skb_around+0x278/0x3b0 [ 945.029989][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 945.031368][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 945.033012][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 945.034709][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 945.036159][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 945.037539][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 945.039049][T19654] ? find_held_lock+0x2d/0x110 [ 945.040298][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 945.041839][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 945.043378][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 945.044939][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 945.046306][T19654] ? 0xffffffffa0004340 [ 945.047403][T19654] ? 0xffffffffa0004340 [ 945.048492][T19654] ? 0xffffffffa0004340 [ 945.049587][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 945.051027][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 945.053032][T19654] ? fput+0x32/0x390 [ 945.054385][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 945.056026][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 945.058134][T19654] __sys_bpf+0x10d2/0x4a00 [ 945.059759][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 945.061429][T19654] ? __fget_files+0x256/0x400 [ 945.063043][T19654] ? do_futex+0x123/0x350 [ 945.064530][T19654] ? __pfx_do_futex+0x10/0x10 [ 945.066195][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 945.068020][T19654] __x64_sys_bpf+0x78/0xc0 [ 945.069587][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 945.071399][T19654] do_syscall_64+0xcd/0x250 [ 945.073028][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.075072][T19654] RIP: 0033:0x7f679d57def9 [ 945.076573][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 945.083111][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 945.085878][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 945.088536][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 945.091213][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 945.093896][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 945.096567][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 945.099307][T19654] [ 945.100496][T19654] BUG: Bad page state in process syz.2.4065 pfn:31d7f [ 945.102867][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888100000002 pfn:0x31d7f [ 945.106439][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 945.108920][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 945.111788][T19654] raw: ffff888100000002 0000000000000001 00000000ffffffff 0000000000000000 [ 945.114699][T19654] page dumped because: page_pool leak [ 945.116521][T19654] page_owner tracks the page as allocated [ 945.118525][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166905122, free_ts 935793179499 [ 945.124688][T19654] post_alloc_hook+0x2d1/0x350 [ 945.126359][T19654] get_page_from_freelist+0x1351/0x2e50 [ 945.128318][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 945.130142][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 945.132041][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 945.134164][T19654] page_pool_alloc_pages+0xb5/0x110 [ 945.135969][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 945.138051][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 945.139832][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 945.141589][T19654] __sys_bpf+0x10d2/0x4a00 [ 945.143167][T19654] __x64_sys_bpf+0x78/0xc0 [ 945.144686][T19654] do_syscall_64+0xcd/0x250 [ 945.146277][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.148303][T19654] page last free pid 5430 tgid 5422 stack trace: [ 945.150481][T19654] free_unref_page+0x64a/0xe40 [ 945.152094][T19654] __mmdrop+0xd5/0x460 [ 945.153644][T19654] finish_task_switch.isra.0+0x7af/0xcc0 [ 945.155644][T19654] __schedule+0xe3f/0x5490 [ 945.157188][T19654] preempt_schedule_common+0x44/0xc0 [ 945.159004][T19654] preempt_schedule_thunk+0x1a/0x30 [ 945.160795][T19654] _raw_spin_unlock_irqrestore+0x61/0x80 [ 945.162768][T19654] prepare_to_wait_exclusive+0xdc/0x2a0 [ 945.164619][T19654] io_cqring_wait+0xbda/0x1480 [ 945.166261][T19654] __do_sys_io_uring_enter+0x410/0x1130 [ 945.168068][T19654] do_syscall_64+0xcd/0x250 [ 945.169609][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.171217][T19654] Modules linked in: [ 945.172296][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 945.176355][T19654] Tainted: [B]=BAD_PAGE [ 945.177761][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 945.181308][T19654] Call Trace: [ 945.182452][T19654] [ 945.183477][T19654] dump_stack_lvl+0x16c/0x1f0 [ 945.185128][T19654] bad_page+0xb3/0x220 [ 945.186601][T19654] ? __pfx_bad_page+0x10/0x10 [ 945.188284][T19654] ? page_bad_reason+0x9d/0x1e0 [ 945.190071][T19654] free_unref_page+0x69e/0xe40 [ 945.191820][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 945.193956][T19654] ? __phys_addr+0xc6/0x150 [ 945.195560][T19654] skb_free_head+0xa0/0x1d0 [ 945.197039][T19654] skb_release_data+0x75c/0x980 [ 945.198457][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 945.200829][T19654] ? rcu_is_watching+0x12/0xc0 [ 945.202513][T19654] sk_skb_reason_drop+0x133/0x200 [ 945.204263][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 945.206546][T19654] ? kernel_text_address+0x8d/0x100 [ 945.207918][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 945.209553][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 945.211908][T19654] ? hlock_class+0x4e/0x130 [ 945.213509][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 945.215205][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 945.217004][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 945.219032][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 945.220812][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 945.222742][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 945.224830][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 945.227031][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 945.228513][T19654] ? __build_skb_around+0x278/0x3b0 [ 945.229919][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 945.231321][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 945.232970][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 945.234816][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 945.236419][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 945.238058][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 945.239822][T19654] ? find_held_lock+0x2d/0x110 [ 945.241424][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 945.243375][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 945.245379][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 945.247380][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 945.249208][T19654] ? 0xffffffffa0004340 [ 945.250643][T19654] ? 0xffffffffa0004340 [ 945.252067][T19654] ? 0xffffffffa0004340 [ 945.253509][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 945.255344][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 945.257316][T19654] ? fput+0x32/0x390 [ 945.258646][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 945.260284][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 945.262299][T19654] __sys_bpf+0x10d2/0x4a00 [ 945.263850][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 945.265529][T19654] ? __fget_files+0x256/0x400 [ 945.267190][T19654] ? do_futex+0x123/0x350 [ 945.268702][T19654] ? __pfx_do_futex+0x10/0x10 [ 945.270362][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 945.272205][T19654] __x64_sys_bpf+0x78/0xc0 [ 945.273779][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 945.275576][T19654] do_syscall_64+0xcd/0x250 [ 945.277176][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.279264][T19654] RIP: 0033:0x7f679d57def9 [ 945.280869][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 945.287361][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 945.290280][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 945.292982][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 945.295670][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 945.298378][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 945.301139][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 945.303808][T19654] [ 945.305008][T19654] BUG: Bad page state in process syz.2.4065 pfn:31d7e [ 945.307341][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802030a600 pfn:0x31d7e [ 945.310750][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 945.313269][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 945.316023][T19654] raw: ffff88802030a600 0000000000000001 00000000ffffffff 0000000000000000 [ 945.318910][T19654] page dumped because: page_pool leak [ 945.320825][T19654] page_owner tracks the page as allocated [ 945.322730][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166897413, free_ts 935793179499 [ 945.328798][T19654] post_alloc_hook+0x2d1/0x350 [ 945.330564][T19654] get_page_from_freelist+0x1351/0x2e50 [ 945.332528][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 945.334446][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 945.336406][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 945.338253][T19654] page_pool_alloc_pages+0xb5/0x110 [ 945.340064][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 945.342193][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 945.344056][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 945.345910][T19654] __sys_bpf+0x10d2/0x4a00 [ 945.347444][T19654] __x64_sys_bpf+0x78/0xc0 [ 945.348989][T19654] do_syscall_64+0xcd/0x250 [ 945.350546][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.352572][T19654] page last free pid 5430 tgid 5422 stack trace: [ 945.354762][T19654] free_unref_page+0x64a/0xe40 [ 945.356477][T19654] __mmdrop+0xd5/0x460 [ 945.357878][T19654] finish_task_switch.isra.0+0x7af/0xcc0 [ 945.359793][T19654] __schedule+0xe3f/0x5490 [ 945.361328][T19654] preempt_schedule_common+0x44/0xc0 [ 945.363191][T19654] preempt_schedule_thunk+0x1a/0x30 [ 945.365093][T19654] _raw_spin_unlock_irqrestore+0x61/0x80 [ 945.367032][T19654] prepare_to_wait_exclusive+0xdc/0x2a0 [ 945.368936][T19654] io_cqring_wait+0xbda/0x1480 [ 945.370584][T19654] __do_sys_io_uring_enter+0x410/0x1130 [ 945.372547][T19654] do_syscall_64+0xcd/0x250 [ 945.374237][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.376251][T19654] Modules linked in: [ 945.377635][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 945.381729][T19654] Tainted: [B]=BAD_PAGE [ 945.383160][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 945.386821][T19654] Call Trace: [ 945.388034][T19654] [ 945.389083][T19654] dump_stack_lvl+0x16c/0x1f0 [ 945.390680][T19654] bad_page+0xb3/0x220 [ 945.392072][T19654] ? __pfx_bad_page+0x10/0x10 [ 945.393688][T19654] ? page_bad_reason+0x9d/0x1e0 [ 945.395293][T19654] free_unref_page+0x69e/0xe40 [ 945.396933][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 945.398969][T19654] ? __phys_addr+0xc6/0x150 [ 945.400541][T19654] skb_free_head+0xa0/0x1d0 [ 945.402116][T19654] skb_release_data+0x75c/0x980 [ 945.403743][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 945.406059][T19654] ? rcu_is_watching+0x12/0xc0 [ 945.407701][T19654] sk_skb_reason_drop+0x133/0x200 [ 945.409401][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 945.411649][T19654] ? kernel_text_address+0x8d/0x100 [ 945.413445][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 945.415159][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 945.417537][T19654] ? hlock_class+0x4e/0x130 [ 945.419086][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 945.420809][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 945.422662][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 945.424813][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 945.426992][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 945.428937][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 945.431049][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 945.433411][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 945.435215][T19654] ? __build_skb_around+0x278/0x3b0 [ 945.436926][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 945.438779][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 945.440954][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 945.443264][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 945.445415][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 945.447186][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 945.449248][T19654] ? find_held_lock+0x2d/0x110 [ 945.450916][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 945.452973][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 945.455037][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 945.457024][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 945.458787][T19654] ? 0xffffffffa0004340 [ 945.460208][T19654] ? 0xffffffffa0004340 [ 945.461631][T19654] ? 0xffffffffa0004340 [ 945.463052][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 945.464874][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 945.466848][T19654] ? fput+0x32/0x390 [ 945.468171][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 945.469786][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 945.471734][T19654] __sys_bpf+0x10d2/0x4a00 [ 945.473287][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 945.475067][T19654] ? __fget_files+0x256/0x400 [ 945.476696][T19654] ? do_futex+0x123/0x350 [ 945.478191][T19654] ? __pfx_do_futex+0x10/0x10 [ 945.479779][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 945.481586][T19654] __x64_sys_bpf+0x78/0xc0 [ 945.483116][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 945.484875][T19654] do_syscall_64+0xcd/0x250 [ 945.486444][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.488499][T19654] RIP: 0033:0x7f679d57def9 [ 945.490028][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 945.496487][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 945.499301][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 945.501943][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 945.504581][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 945.507325][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 945.509927][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 945.512610][T19654] [ 945.513815][T19654] BUG: Bad page state in process syz.2.4065 pfn:4c007 [ 945.516071][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x4c007 [ 945.519001][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 945.521372][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 945.524282][T19654] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 945.527147][T19654] page dumped because: page_pool leak [ 945.528748][T19654] page_owner tracks the page as allocated [ 945.530214][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166889622, free_ts 935851559781 [ 945.535018][T19654] post_alloc_hook+0x2d1/0x350 [ 945.536306][T19654] get_page_from_freelist+0x1351/0x2e50 [ 945.538208][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 945.539996][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 945.541909][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 945.544006][T19654] page_pool_alloc_pages+0xb5/0x110 [ 945.545805][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 945.547966][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 945.549780][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 945.551620][T19654] __sys_bpf+0x10d2/0x4a00 [ 945.553229][T19654] __x64_sys_bpf+0x78/0xc0 [ 945.554741][T19654] do_syscall_64+0xcd/0x250 [ 945.556246][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.558266][T19654] page last free pid 7838 tgid 7833 stack trace: [ 945.560399][T19654] free_unref_page+0x64a/0xe40 [ 945.562066][T19654] __mmdrop+0xd5/0x460 [ 945.563524][T19654] finish_task_switch.isra.0+0x7af/0xcc0 [ 945.565390][T19654] __schedule+0xe3f/0x5490 [ 945.566861][T19654] preempt_schedule_common+0x44/0xc0 [ 945.568619][T19654] preempt_schedule_thunk+0x1a/0x30 [ 945.570354][T19654] _raw_spin_unlock_irqrestore+0x61/0x80 [ 945.572107][T19654] prepare_to_wait_exclusive+0xdc/0x2a0 [ 945.574028][T19654] io_cqring_wait+0xbda/0x1480 [ 945.575641][T19654] __do_sys_io_uring_enter+0x410/0x1130 [ 945.577532][T19654] do_syscall_64+0xcd/0x250 [ 945.579094][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.581061][T19654] Modules linked in: [ 945.582239][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 945.586097][T19654] Tainted: [B]=BAD_PAGE [ 945.587455][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 945.590888][T19654] Call Trace: [ 945.591989][T19654] [ 945.592848][T19654] dump_stack_lvl+0x16c/0x1f0 [ 945.594430][T19654] bad_page+0xb3/0x220 [ 945.595733][T19654] ? __pfx_bad_page+0x10/0x10 [ 945.597278][T19654] ? page_bad_reason+0x9d/0x1e0 [ 945.598755][T19654] free_unref_page+0x69e/0xe40 [ 945.600274][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 945.602265][T19654] ? __phys_addr+0xc6/0x150 [ 945.603533][T19654] skb_free_head+0xa0/0x1d0 [ 945.605081][T19654] skb_release_data+0x75c/0x980 [ 945.606737][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 945.608943][T19654] ? rcu_is_watching+0x12/0xc0 [ 945.610500][T19654] sk_skb_reason_drop+0x133/0x200 [ 945.612225][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 945.614343][T19654] ? kernel_text_address+0x8d/0x100 [ 945.616163][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 945.617705][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 945.620051][T19654] ? hlock_class+0x4e/0x130 [ 945.621471][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 945.623042][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 945.624858][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 945.626834][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 945.628913][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 945.630828][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 945.632926][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 945.635116][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 945.636856][T19654] ? __build_skb_around+0x278/0x3b0 [ 945.638552][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 945.640389][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 945.642518][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 945.644615][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 945.646484][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 945.648220][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 945.650092][T19654] ? find_held_lock+0x2d/0x110 [ 945.651759][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 945.653533][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 945.655547][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 945.657444][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 945.659085][T19654] ? 0xffffffffa0004340 [ 945.660454][T19654] ? 0xffffffffa0004340 [ 945.661722][T19654] ? 0xffffffffa0004340 [ 945.663143][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 945.664846][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 945.666776][T19654] ? fput+0x32/0x390 [ 945.667933][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 945.669607][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 945.671580][T19654] __sys_bpf+0x10d2/0x4a00 [ 945.672988][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 945.674597][T19654] ? __fget_files+0x256/0x400 [ 945.676198][T19654] ? do_futex+0x123/0x350 [ 945.677740][T19654] ? __pfx_do_futex+0x10/0x10 [ 945.679444][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 945.681322][T19654] __x64_sys_bpf+0x78/0xc0 [ 945.682703][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 945.684553][T19654] do_syscall_64+0xcd/0x250 [ 945.686186][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.688150][T19654] RIP: 0033:0x7f679d57def9 [ 945.689744][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 945.695825][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 945.698777][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 945.701468][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 945.704008][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 945.706414][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 945.709076][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 945.711750][T19654] [ 945.712960][T19654] BUG: Bad page state in process syz.2.4065 pfn:4c006 [ 945.715323][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802030c280 pfn:0x4c006 [ 945.718602][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 945.721043][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 945.724088][T19654] raw: ffff88802030c280 0000000000000001 00000000ffffffff 0000000000000000 [ 945.726986][T19654] page dumped because: page_pool leak [ 945.728823][T19654] page_owner tracks the page as allocated [ 945.730746][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166881587, free_ts 935851559781 [ 945.737029][T19654] post_alloc_hook+0x2d1/0x350 [ 945.738688][T19654] get_page_from_freelist+0x1351/0x2e50 [ 945.740576][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 945.742407][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 945.744365][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 945.746397][T19654] page_pool_alloc_pages+0xb5/0x110 [ 945.748177][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 945.750276][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 945.752075][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 945.754000][T19654] __sys_bpf+0x10d2/0x4a00 [ 945.755533][T19654] __x64_sys_bpf+0x78/0xc0 [ 945.757074][T19654] do_syscall_64+0xcd/0x250 [ 945.758618][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.760619][T19654] page last free pid 7838 tgid 7833 stack trace: [ 945.762699][T19654] free_unref_page+0x64a/0xe40 [ 945.764204][T19654] __mmdrop+0xd5/0x460 [ 945.765636][T19654] finish_task_switch.isra.0+0x7af/0xcc0 [ 945.767561][T19654] __schedule+0xe3f/0x5490 [ 945.769117][T19654] preempt_schedule_common+0x44/0xc0 [ 945.770930][T19654] preempt_schedule_thunk+0x1a/0x30 [ 945.772750][T19654] _raw_spin_unlock_irqrestore+0x61/0x80 [ 945.774756][T19654] prepare_to_wait_exclusive+0xdc/0x2a0 [ 945.776653][T19654] io_cqring_wait+0xbda/0x1480 [ 945.778293][T19654] __do_sys_io_uring_enter+0x410/0x1130 [ 945.780194][T19654] do_syscall_64+0xcd/0x250 [ 945.781770][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.783853][T19654] Modules linked in: [ 945.785217][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 945.789497][T19654] Tainted: [B]=BAD_PAGE [ 945.790939][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 945.794616][T19654] Call Trace: [ 945.795770][T19654] [ 945.796845][T19654] dump_stack_lvl+0x16c/0x1f0 [ 945.798519][T19654] bad_page+0xb3/0x220 [ 945.799962][T19654] ? __pfx_bad_page+0x10/0x10 [ 945.801589][T19654] ? page_bad_reason+0x9d/0x1e0 [ 945.803264][T19654] free_unref_page+0x69e/0xe40 [ 945.804923][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 945.806994][T19654] ? __phys_addr+0xc6/0x150 [ 945.808565][T19654] skb_free_head+0xa0/0x1d0 [ 945.810159][T19654] skb_release_data+0x75c/0x980 [ 945.811952][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 945.814381][T19654] ? rcu_is_watching+0x12/0xc0 [ 945.816037][T19654] sk_skb_reason_drop+0x133/0x200 [ 945.817756][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 945.820021][T19654] ? kernel_text_address+0x8d/0x100 [ 945.821582][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 945.823319][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 945.825700][T19654] ? hlock_class+0x4e/0x130 [ 945.827438][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 945.829186][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 945.830955][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 945.833075][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 945.835366][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 945.837326][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 945.839072][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 945.840748][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 945.842187][T19654] ? __build_skb_around+0x278/0x3b0 [ 945.843981][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 945.845853][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 945.848033][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 945.850356][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 945.852327][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 945.854166][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 945.856214][T19654] ? find_held_lock+0x2d/0x110 [ 945.857949][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 945.860087][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 945.862233][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 945.864343][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 945.866238][T19654] ? 0xffffffffa0004340 [ 945.867696][T19654] ? 0xffffffffa0004340 [ 945.869212][T19654] ? 0xffffffffa0004340 [ 945.870731][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 945.872657][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 945.874745][T19654] ? fput+0x32/0x390 [ 945.876130][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 945.877809][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 945.879705][T19654] __sys_bpf+0x10d2/0x4a00 [ 945.881082][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 945.882765][T19654] ? __fget_files+0x256/0x400 [ 945.884480][T19654] ? do_futex+0x123/0x350 [ 945.886060][T19654] ? __pfx_do_futex+0x10/0x10 [ 945.887688][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 945.889553][T19654] __x64_sys_bpf+0x78/0xc0 [ 945.891172][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 945.893041][T19654] do_syscall_64+0xcd/0x250 [ 945.894659][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.896760][T19654] RIP: 0033:0x7f679d57def9 [ 945.898355][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 945.905295][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 945.907804][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 945.910289][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 945.913052][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 945.915834][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 945.918601][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 945.921372][T19654] [ 945.922610][T19654] BUG: Bad page state in process syz.2.4065 pfn:65d2f [ 945.924989][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x65d2f [ 945.928426][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 945.930904][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 945.933895][T19654] raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 945.936462][T19654] page dumped because: page_pool leak [ 945.938084][T19654] page_owner tracks the page as allocated [ 945.939802][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166873687, free_ts 935870449149 [ 945.945561][T19654] post_alloc_hook+0x2d1/0x350 [ 945.947284][T19654] get_page_from_freelist+0x1351/0x2e50 [ 945.949233][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 945.951087][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 945.953071][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 945.955251][T19654] page_pool_alloc_pages+0xb5/0x110 [ 945.957076][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 945.959266][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 945.961148][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 945.963063][T19654] __sys_bpf+0x10d2/0x4a00 [ 945.964756][T19654] __x64_sys_bpf+0x78/0xc0 [ 945.966368][T19654] do_syscall_64+0xcd/0x250 [ 945.967944][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.969975][T19654] page last free pid 7838 tgid 7833 stack trace: [ 945.972201][T19654] free_unref_page+0x64a/0xe40 [ 945.974006][T19654] __mmdrop+0xd5/0x460 [ 945.975471][T19654] finish_task_switch.isra.0+0x7af/0xcc0 [ 945.977453][T19654] __schedule+0xe3f/0x5490 [ 945.979063][T19654] preempt_schedule_common+0x44/0xc0 [ 945.980934][T19654] preempt_schedule_thunk+0x1a/0x30 [ 945.982749][T19654] _raw_spin_unlock_irqrestore+0x61/0x80 [ 945.984781][T19654] prepare_to_wait_exclusive+0xdc/0x2a0 [ 945.986733][T19654] io_cqring_wait+0xbda/0x1480 [ 945.988394][T19654] __do_sys_io_uring_enter+0x410/0x1130 [ 945.990137][T19654] do_syscall_64+0xcd/0x250 [ 945.991567][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.993743][T19654] Modules linked in: [ 945.995125][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 945.999282][T19654] Tainted: [B]=BAD_PAGE [ 946.000769][T19654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 946.004487][T19654] Call Trace: [ 946.005694][T19654] [ 946.006739][T19654] dump_stack_lvl+0x16c/0x1f0 [ 946.008333][T19654] bad_page+0xb3/0x220 [ 946.009773][T19654] ? __pfx_bad_page+0x10/0x10 [ 946.011378][T19654] ? page_bad_reason+0x9d/0x1e0 [ 946.013097][T19654] free_unref_page+0x69e/0xe40 [ 946.014739][T19654] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 946.016864][T19654] ? __phys_addr+0xc6/0x150 [ 946.018483][T19654] skb_free_head+0xa0/0x1d0 [ 946.020076][T19654] skb_release_data+0x75c/0x980 [ 946.021815][T19654] ? __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 946.024174][T19654] ? rcu_is_watching+0x12/0xc0 [ 946.025903][T19654] sk_skb_reason_drop+0x133/0x200 [ 946.027702][T19654] __netif_receive_skb_core.constprop.0+0x592/0x4330 [ 946.030048][T19654] ? kernel_text_address+0x8d/0x100 [ 946.031904][T19654] ? __lock_acquire+0x1620/0x3cb0 [ 946.033662][T19654] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 946.035461][T19654] ? hlock_class+0x4e/0x130 [ 946.036759][T19654] ? __lock_acquire+0xbdd/0x3cb0 [ 946.038115][T19654] ? __pfx___lock_acquire+0x10/0x10 [ 946.039563][T19654] __netif_receive_skb_list_core+0x357/0x950 [ 946.041137][T19654] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 946.042863][T19654] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 946.044359][T19654] netif_receive_skb_list_internal+0x753/0xda0 [ 946.045993][T19654] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 946.047739][T19654] ? __pfx_eth_type_trans+0x10/0x10 [ 946.049104][T19654] ? __build_skb_around+0x278/0x3b0 [ 946.050463][T19654] netif_receive_skb_list+0x4f/0x4a0 [ 946.051846][T19654] xdp_test_run_batch.constprop.0+0x138d/0x1960 [ 946.053497][T19654] ? __pfx_xdp_test_run_batch.constprop.0+0x10/0x10 [ 946.055201][T19654] ? bpf_test_timer_continue+0x150/0x3d0 [ 946.056654][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 946.058033][T19654] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 946.059531][T19654] ? find_held_lock+0x2d/0x110 [ 946.060783][T19654] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 946.062317][T19654] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 946.063844][T19654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 946.065363][T19654] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 946.066730][T19654] ? 0xffffffffa0004340 [ 946.067812][T19654] ? 0xffffffffa0004340 [ 946.068910][T19654] ? 0xffffffffa0004340 [ 946.069994][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 946.071381][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 946.072920][T19654] ? fput+0x32/0x390 [ 946.073948][T19654] ? __bpf_prog_get+0xa0/0x2f0 [ 946.075192][T19654] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 946.076697][T19654] __sys_bpf+0x10d2/0x4a00 [ 946.077875][T19654] ? __pfx___sys_bpf+0x10/0x10 [ 946.079111][T19654] ? __fget_files+0x256/0x400 [ 946.080333][T19654] ? do_futex+0x123/0x350 [ 946.081468][T19654] ? __pfx_do_futex+0x10/0x10 [ 946.082698][T19654] ? __pfx___x64_sys_futex+0x10/0x10 [ 946.084068][T19654] __x64_sys_bpf+0x78/0xc0 [ 946.085238][T19654] ? lockdep_hardirqs_on+0x7c/0x110 [ 946.086586][T19654] do_syscall_64+0xcd/0x250 [ 946.087743][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 946.089279][T19654] RIP: 0033:0x7f679d57def9 [ 946.090439][T19654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 946.095352][T19654] RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 946.097530][T19654] RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9 [ 946.099558][T19654] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 946.101592][T19654] RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 946.103612][T19654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 946.105659][T19654] R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398 [ 946.107700][T19654] [ 946.108596][T19654] BUG: Bad page state in process syz.2.4065 pfn:65d2e [ 946.110368][T19654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888059dcdf00 pfn:0x65d2e [ 946.112965][T19654] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 946.114928][T19654] raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000 [ 946.117304][T19654] raw: ffff888059dcdf00 0000000000000001 00000000ffffffff 0000000000000000 [ 946.119735][T19654] page dumped because: page_pool leak [ 946.121565][T19654] page_owner tracks the page as allocated [ 946.123681][T19654] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166865643, free_ts 935870449149 [ 946.129994][T19654] post_alloc_hook+0x2d1/0x350 [ 946.131718][T19654] get_page_from_freelist+0x1351/0x2e50 [ 946.133745][T19654] __alloc_pages_noprof+0x22b/0x2460 [ 946.135603][T19654] alloc_pages_bulk_noprof+0x742/0x14f0 [ 946.137572][T19654] __page_pool_alloc_pages_slow+0x19b/0xb30 [ 946.139679][T19654] page_pool_alloc_pages+0xb5/0x110 [ 946.141545][T19654] xdp_test_run_batch.constprop.0+0x3a8/0x1960 [ 946.143791][T19654] bpf_test_run_xdp_live+0x365/0x500 [ 946.145707][T19654] bpf_prog_test_run_xdp+0x82d/0x1530 [ 946.147606][T19654] __sys_bpf+0x10d2/0x4a00 [ 946.149159][T19654] __x64_sys_bpf+0x78/0xc0 [ 946.150741][T19654] do_syscall_64+0xcd/0x250 [ 946.151993][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 946.153765][T19654] page last free pid 7838 tgid 7833 stack trace: [ 946.155393][T19654] free_unref_page+0x64a/0xe40 [ 946.156918][T19654] __mmdrop+0xd5/0x460 [ 946.158387][T19654] finish_task_switch.isra.0+0x7af/0xcc0 [ 946.160249][T19654] __schedule+0xe3f/0x5490 [ 946.161425][T19654] preempt_schedule_common+0x44/0xc0 [ 946.162773][T19654] preempt_schedule_thunk+0x1a/0x30 [ 946.164341][T19654] _raw_spin_unlock_irqrestore+0x61/0x80 [ 946.165906][T19654] prepare_to_wait_exclusive+0xdc/0x2a0 [ 946.167393][T19654] io_cqring_wait+0xbda/0x1480 [ 946.168677][T19654] __do_sys_io_uring_enter+0x410/0x1130 [ 946.170501][T19654] do_syscall_64+0xcd/0x250 [ 946.171724][T19654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 946.173917][T19654] Modules linked in: [ 946.175314][T19654] CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G B 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0 [ 946.179394][T19654] Tainted: [B]=BAD_PAGE VM DIAGNOSIS: 23:15:46 Registers: info registers vcpu 0 CPU#0 RAX=ffffffff96998390 RBX=ffff88802366af48 RCX=1ffffffff2d3307e RDX=dffffc0000000000 RSI=0000000000000008 RDI=ffffffff969983f0 RBP=ffffc900042479c8 RSP=ffffc90004247890 R8 =0000000000000000 R9 =fffffbfff2d24904 R10=ffffffff96924827 R11=0000000000000000 R12=ffff88802366a440 R13=0000000000000040 R14=0000000000000006 R15=1ffff92000848f18 RIP=ffffffff81696dbe RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fc6f1b396c0 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fefb33adf98 CR3=000000004c406000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000054 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb25f199a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb25f19a7 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb25f19a1 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb25f19b5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb25f1a3b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb25f1b19 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb270b488 00007fefb270b480 00007fefb270b478 00007fefb270b450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb326d100 00007fefb270b440 00007fefb270b458 00007fefb270b4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb270b498 00007fefb270b490 00007fefb270b488 00007fefb270b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 edff2b932ceacddc cee78d064c51542a b36b9517274550d5 9cf38259b6334d1b ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c018dced4d34edff 2b932ceacddccee7 8d064c51542ab36b 9517274550d59cf3 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8259b6334d1b5a88 90bbd7623d07ce43 024f36ee2365a21b 1ebfad661c0a42b8 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fb11c81cb22ac9d2 820b0587f7ef09dd 9cad0611a34f8abb 295487e6144bd893 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ccfc74d7a0bea237 1823763283520088 3385e3c3a08f0c77 e1d674ff197dc41c ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffff888021812f48 RCX=0000000000000004 RDX=1ffff110043025ed RSI=0000000000000008 RDI=ffff888021812f68 RBP=0000000000000001 RSP=ffffc90003797970 R8 =0000000000000000 R9 =fffffbfff2d24904 R10=ffffffff96924827 R11=0000000000000000 R12=0000000000000002 R13=ffff888021812f48 R14=000000000000093c R15=ffff888021812440 RIP=ffffffff8168d919 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007fb727d8b6c0 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f84ab100f98 CR3=000000002d91e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0030657267367069 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdeea1f199a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdeea1f19a7 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdeea1f19a1 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdeea1f19b5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdeea1f1a3b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fdeea1f1b19 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005900000085 00000000000004b7 00000008000003b7 fffffff800000207 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 9500000059000000 8500000000000004 b700000008000004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 07000000000000a2 bf00000000fff88a 7b00000000000008 b700000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000078 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85031285 RDI=ffffffff9a5b4fa0 RBP=ffffffff9a5b4f60 RSP=ffffc90022b8ea10 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000078 R14=ffffffff85031220 R15=0000000000000000 RIP=ffffffff850312af RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f679e4106c0 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b3141fffc CR3=0000000034a58000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f84aa3f199a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f84aa3f19a7 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f84aa3f19a1 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f84aa3f19b5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f84aa3f1a3b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f84aa3f1b19 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f84aa50b488 00007f84aa50b480 00007f84aa50b478 00007f84aa50b450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f84ab06d100 00007f84aa50b440 00007f84aa50b458 00007f84aa50b4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f84aa50b498 00007f84aa50b490 00007f84aa50b488 00007f84aa50b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000fe5c51 RBX=0000000000000003 RCX=ffffffff8b170ab9 RDX=0000000000000000 RSI=ffffffff8b4cd740 RDI=ffffffff8bb0fc00 RBP=ffffed1003adb488 RSP=ffffc900001a7e08 R8 =0000000000000001 R9 =ffffed100d526fd9 R10=ffff88806a937ecb R11=0000000000000000 R12=0000000000000003 R13=ffff88801d6da440 R14=ffffffff90144d98 R15=0000000000000000 RIP=ffffffff8b171eaf RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00005614bc1818e8 CR3=0000000031b00000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb25f199a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb25f19a7 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb25f19a1 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb25f19b5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb25f1a3b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb25f1b19 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb270b488 00007fefb270b480 00007fefb270b478 00007fefb270b450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb326d100 00007fefb270b440 00007fefb2700004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fefb270b498 00007fefb270b490 00007fefb270b488 00007fefb270b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 edff2b932ceacddc cee78d064c51542a b36b9517274550d5 9cf38259b6334d1b ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c018dced4d34edff 2b932ceacddccee7 8d064c51542ab36b 9517274550d59cf3 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8259b6334d1b5a88 90bbd7623d07ce43 024f36ee2365a21b 1ebfad661c0a42b8 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fb11c81cb22ac9d2 820b0587f7ef09dd 9cad0611a34f8abb 295487e6144bd893 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ccfc74d7a0bea237 1823763283520088 3385e3c3a08f0c77 e1d674ff197dc41c ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000