last executing test programs: 26m29.953091366s ago: executing program 0 (id=1034): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x4c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x100e}, @CTA_SEQ_ADJ_REPLY={0x4, 0x4}]}, 0x4c}}, 0x0) 23m42.361980167s ago: executing program 0 (id=1034): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x4c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x100e}, @CTA_SEQ_ADJ_REPLY={0x4, 0x4}]}, 0x4c}}, 0x0) 20m49.515411504s ago: executing program 0 (id=1034): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x4c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x100e}, @CTA_SEQ_ADJ_REPLY={0x4, 0x4}]}, 0x4c}}, 0x0) 17m40.937635795s ago: executing program 0 (id=1034): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x4c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x100e}, @CTA_SEQ_ADJ_REPLY={0x4, 0x4}]}, 0x4c}}, 0x0) 14m37.107582015s ago: executing program 0 (id=1034): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x4c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x100e}, @CTA_SEQ_ADJ_REPLY={0x4, 0x4}]}, 0x4c}}, 0x0) 14m16.929430432s ago: executing program 0 (id=1034): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x4c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x100e}, @CTA_SEQ_ADJ_REPLY={0x4, 0x4}]}, 0x4c}}, 0x0) 14m8.53393548s ago: executing program 32 (id=1034): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x4c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x100e}, @CTA_SEQ_ADJ_REPLY={0x4, 0x4}]}, 0x4c}}, 0x0) 3m22.550742048s ago: executing program 1 (id=1759): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r1, 0x107, 0x13, &(0x7f0000000100)=0x1003, 0x4) 3m20.42593237s ago: executing program 1 (id=1761): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x0) readv(r0, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000440)=""/4093, 0xffd}], 0x2) 30.015153304s ago: executing program 1 (id=1761): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x0) readv(r0, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000440)=""/4093, 0xffd}], 0x2) 28.70128883s ago: executing program 2 (id=1798): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = dup(r0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="640000000206050000000000fffff40000000001050001000600000a050005000a0000000900020073797a320000000005000400000000001400078008000840fffffff0080006400000000215000300686173683a69702c706f72742c6e6574"], 0x64}, 0x1, 0x0, 0x0, 0x20008894}, 0x8040) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x28, 0x7, 0x6, 0x3, 0x0, 0x0, {0x9cc629eb4d768f77}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x40016}, 0x800) 25.523822159s ago: executing program 1 (id=1799): r0 = socket(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000001c0)=r1, 0x4) sendmsg$nl_route(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)=@ipv4_getroute={0x1c, 0x1a, 0x1}, 0x1c}}, 0x0) 18.333159389s ago: executing program 1 (id=1800): r0 = syz_usb_connect(0x5, 0x3d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2c, 0x32, 0x62, 0x8, 0x3f0, 0x207, 0x1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x44, [{{0x9, 0x4, 0x1d, 0x0, 0x2, 0xe5, 0xb9, 0x6f, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "e37e1b82e6"}]}}, {{0x9, 0x5, 0xb, 0x2}}]}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) syz_usb_disconnect(0xffffffffffffffff) syz_usb_disconnect(0xffffffffffffffff) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000940)={0x44, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 17.788182605s ago: executing program 2 (id=1801): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000000)=r0, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x58) setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000), 0x4) 12.457533213s ago: executing program 2 (id=1802): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000003feffff720a00fef8ffffff71a400fe0000000071302000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00ff040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c9102"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 11.304630745s ago: executing program 2 (id=1803): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@ccm_128={{0x304}, "b1348a2fdf4bd032", "be214298687c62bc5b63c359fc146f68", "f48b7e34", "bad7cfa5892235d9"}, 0x28) setsockopt$inet6_tcp_int(r0, 0x11a, 0x4, &(0x7f0000000100)=0x1000000, 0x3c) 3.377937787s ago: executing program 2 (id=1804): r0 = socket(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000001c0)=r1, 0x4) sendmsg$nl_route(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)=@ipv4_getroute={0x1c, 0x1a, 0x1}, 0x1c}}, 0x0) 538.81µs ago: executing program 1 (id=1805): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f00000000c0)) 0s ago: executing program 2 (id=1806): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa2c"], 0xfdef) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce2200"], 0xfdef) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) kernel console output (not intermixed with test programs): 1-1: USB disconnect, device number 31 [ 2960.643277][ T36] audit: type=1326 audit(2959.284:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.1.911" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 2960.958476][ T36] audit: type=1326 audit(2959.614:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.1.911" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 2961.101903][ T36] audit: type=1326 audit(2959.754:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.1.911" exe="/syz-executor" sig=0 arch=c00000f3 syscall=163 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 2961.104055][ T36] audit: type=1326 audit(2959.754:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.1.911" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 2961.122187][ T36] audit: type=1326 audit(2959.754:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.1.911" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 2961.124138][ T36] audit: type=1326 audit(2959.774:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.1.911" exe="/syz-executor" sig=0 arch=c00000f3 syscall=56 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 2961.144253][ T36] audit: type=1326 audit(2959.784:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.1.911" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 2961.146686][ T36] audit: type=1326 audit(2959.794:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.1.911" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 2961.159940][ T36] audit: type=1326 audit(2959.804:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.1.911" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 2961.172597][ T36] audit: type=1326 audit(2959.824:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.1.911" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 2965.454185][ T4370] usb 1-1: new full-speed USB device number 32 using dummy_hcd [ 2971.067264][ T7212] netlink: 4 bytes leftover after parsing attributes in process `syz.1.913'. [ 2971.680812][ T4370] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 2971.687052][ T4370] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2971.689166][ T4370] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 2971.718590][ T4370] usb 1-1: config 0 interface 0 altsetting 191 has 0 endpoint descriptors, different from the interface descriptor's value: 144 [ 2971.737196][ T4370] usb 1-1: config 0 interface 0 has no altsetting 0 [ 2971.933704][ T4370] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 2971.936868][ T4370] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 2971.938906][ T4370] usb 1-1: Product: syz [ 2971.940420][ T4370] usb 1-1: Manufacturer: syz [ 2971.964681][ T4370] usb 1-1: SerialNumber: syz [ 2972.166916][ T4370] usb 1-1: config 0 descriptor?? [ 2973.607076][ T4370] ldusb 1-1:0.0: Interrupt in endpoint not found [ 2973.704506][ T4370] usb 1-1: USB disconnect, device number 32 [ 2992.813689][ T7234] netlink: 8 bytes leftover after parsing attributes in process `syz.0.919'. [ 3008.505128][ T6873] usb 1-1: new full-speed USB device number 33 using dummy_hcd [ 3008.870556][ T6873] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 3008.880242][ T6873] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3008.899659][ T6873] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 3008.910336][ T6873] usb 1-1: config 0 interface 0 altsetting 191 has 0 endpoint descriptors, different from the interface descriptor's value: 144 [ 3008.914509][ T6873] usb 1-1: config 0 interface 0 has no altsetting 0 [ 3008.995780][ T6873] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 3009.000355][ T6873] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 3009.008454][ T6873] usb 1-1: Product: syz [ 3009.010460][ T6873] usb 1-1: Manufacturer: syz [ 3009.037861][ T6873] usb 1-1: SerialNumber: syz [ 3009.169519][ T6873] usb 1-1: config 0 descriptor?? [ 3010.749793][ T6873] ldusb 1-1:0.0: Interrupt in endpoint not found [ 3010.858831][ T6873] usb 1-1: USB disconnect, device number 33 [ 3035.085141][ T7202] usb 1-1: new full-speed USB device number 34 using dummy_hcd [ 3035.526513][ T7202] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 3035.529262][ T7202] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 3035.560596][ T7202] usb 1-1: config 0 interface 0 altsetting 191 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 3035.582525][ T7202] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x8F has invalid wMaxPacketSize 0 [ 3035.587500][ T7202] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 3035.624846][ T7202] usb 1-1: config 0 interface 0 has no altsetting 0 [ 3035.868133][ T7202] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 3035.907099][ T7202] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 3035.909536][ T7202] usb 1-1: Product: syz [ 3035.934081][ T7202] usb 1-1: Manufacturer: syz [ 3035.936106][ T7202] usb 1-1: SerialNumber: syz [ 3036.597151][ T7202] usb 1-1: config 0 descriptor?? [ 3036.975428][ T7202] ldusb 1-1:0.0: Interrupt in endpoint not found [ 3038.919730][ T6873] usb 1-1: USB disconnect, device number 34 [ 3049.096053][ T7326] netlink: 'syz.0.936': attribute type 3 has an invalid length. [ 3054.917407][ T7309] usb 2-1: new full-speed USB device number 44 using dummy_hcd [ 3055.240172][ T7309] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 3055.244192][ T7309] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 3055.246720][ T7309] usb 2-1: config 0 interface 0 altsetting 191 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 3055.272195][ T7309] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x8F has invalid wMaxPacketSize 0 [ 3055.277306][ T7309] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 3055.280767][ T7309] usb 2-1: config 0 interface 0 has no altsetting 0 [ 3055.546293][ T7309] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 3055.548684][ T7309] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 3055.550671][ T7309] usb 2-1: Product: syz [ 3055.564456][ T7309] usb 2-1: Manufacturer: syz [ 3055.566247][ T7309] usb 2-1: SerialNumber: syz [ 3055.708103][ T7309] usb 2-1: config 0 descriptor?? [ 3055.925355][ T7309] ldusb 2-1:0.0: Interrupt in endpoint not found [ 3057.006101][ T6873] usb 2-1: USB disconnect, device number 44 [ 3072.695525][ T6873] usb 2-1: new full-speed USB device number 45 using dummy_hcd [ 3073.697510][ T6873] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 3073.699457][ T6873] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 3073.712338][ T6873] usb 2-1: config 0 interface 0 altsetting 191 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 3073.713801][ T6873] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x8F has invalid wMaxPacketSize 0 [ 3073.715317][ T6873] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 3073.716917][ T6873] usb 2-1: config 0 interface 0 has no altsetting 0 [ 3073.877425][ T6873] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 3073.896095][ T6873] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 3073.899697][ T6873] usb 2-1: Product: syz [ 3073.905845][ T6873] usb 2-1: Manufacturer: syz [ 3073.908442][ T6873] usb 2-1: SerialNumber: syz [ 3074.038903][ T6873] usb 2-1: config 0 descriptor?? [ 3074.194953][ T6873] ldusb 2-1:0.0: Interrupt in endpoint not found [ 3075.219392][ T7202] usb 2-1: USB disconnect, device number 45 [ 3092.289581][ T7389] netlink: 8 bytes leftover after parsing attributes in process `syz.1.951'. [ 3092.847702][ T7389] netlink: 8 bytes leftover after parsing attributes in process `syz.1.951'. [ 3099.876900][ T7404] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 3109.892723][ T36] kauditd_printk_skb: 19 callbacks suppressed [ 3109.897549][ T36] audit: type=1326 audit(3108.544:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7423 comm="syz.0.965" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 3109.930142][ T36] audit: type=1326 audit(3108.574:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7423 comm="syz.0.965" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 3110.138996][ T36] audit: type=1326 audit(3108.794:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7423 comm="syz.0.965" exe="/syz-executor" sig=0 arch=c00000f3 syscall=218 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 3110.157058][ T36] audit: type=1326 audit(3108.814:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7423 comm="syz.0.965" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 3110.256141][ T36] audit: type=1326 audit(3108.904:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7423 comm="syz.0.965" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 3129.102691][ T36] audit: type=1326 audit(3127.754:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7454 comm="syz.0.977" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 3129.140171][ T36] audit: type=1326 audit(3127.794:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7454 comm="syz.0.977" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 3129.365608][ T36] audit: type=1326 audit(3128.014:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7454 comm="syz.0.977" exe="/syz-executor" sig=0 arch=c00000f3 syscall=26 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 3129.388785][ T36] audit: type=1326 audit(3128.034:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7454 comm="syz.0.977" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 3129.414825][ T36] audit: type=1326 audit(3128.064:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7454 comm="syz.0.977" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 3129.432715][ T36] audit: type=1326 audit(3128.064:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7454 comm="syz.0.977" exe="/syz-executor" sig=0 arch=c00000f3 syscall=55 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 3129.438704][ T36] audit: type=1326 audit(3128.094:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7454 comm="syz.0.977" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 3129.471502][ T36] audit: type=1326 audit(3128.124:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7454 comm="syz.0.977" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 3163.893460][ T7502] netlink: 72 bytes leftover after parsing attributes in process `syz.1.994'. [ 3194.263440][ T7541] ======================================================= [ 3194.263440][ T7541] WARNING: The mand mount option has been deprecated and [ 3194.263440][ T7541] and is ignored by this kernel. Remove the mand [ 3194.263440][ T7541] option from the mount to silence this warning. [ 3194.263440][ T7541] ======================================================= [ 3215.119092][ T7561] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1015'. [ 3217.894775][ T7569] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1016'. [ 3225.090603][ T7583] syz.1.1020 (7583): drop_caches: 2 [ 3225.388883][ T7583] syz.1.1020 (7583): drop_caches: 2 [ 3250.259279][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3251.340972][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3252.569862][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3253.453271][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3262.860707][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3263.182751][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3263.363678][ T11] bond0 (unregistering): Released all slaves [ 3263.958003][ T11] bond1 (unregistering): Released all slaves [ 3271.443836][ T11] hsr_slave_0: left promiscuous mode [ 3271.925257][ T11] hsr_slave_1: left promiscuous mode [ 3272.548480][ T11] veth1_macvtap: left promiscuous mode [ 3272.585944][ T11] veth0_macvtap: left promiscuous mode [ 3279.617414][ T11] pim6reg (unregistering): left allmulticast mode [ 3285.156946][ T3269] smc: removing ib device syz1 [ 3288.877018][ T7657] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1043'. [ 3293.804867][ T6873] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 3294.315610][ T6873] usb 2-1: unable to get BOS descriptor or descriptor too short [ 3294.405034][ T6873] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 233, changing to 11 [ 3294.410094][ T6873] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8 [ 3294.435119][ T6873] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16 [ 3294.642772][ T6873] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 3294.644346][ T6873] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3294.645490][ T6873] usb 2-1: Product: syz [ 3294.646498][ T6873] usb 2-1: Manufacturer: syz [ 3294.647939][ T6873] usb 2-1: SerialNumber: syz [ 3297.464618][ T6873] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 3297.467269][ T6873] cdc_ncm 2-1:1.0: bind() failure [ 3297.968793][ T6873] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 3297.983041][ T6873] cdc_ncm 2-1:1.1: bind() failure [ 3298.748509][ T6873] usb 2-1: USB disconnect, device number 46 [ 3323.883916][ T7633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3323.986172][ T7633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3348.536913][ T7633] hsr_slave_0: entered promiscuous mode [ 3348.595644][ T7633] hsr_slave_1: entered promiscuous mode [ 3348.627242][ T7633] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3348.634244][ T7633] Cannot create hsr debugfs directory [ 3364.758206][ T7633] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 3365.288093][ T7633] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 3365.650155][ T7633] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 3365.987774][ T7633] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 3381.674970][ T7633] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3431.074483][ T7633] veth0_vlan: entered promiscuous mode [ 3431.309069][ T7633] veth1_vlan: entered promiscuous mode [ 3433.689214][ T8153] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1068'. [ 3433.694455][ T8153] wg1: entered promiscuous mode [ 3433.716158][ T8153] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1068'. [ 3434.526598][ T7633] veth0_macvtap: entered promiscuous mode [ 3434.818715][ T7633] veth1_macvtap: entered promiscuous mode [ 3437.569870][ T7633] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3437.596127][ T7633] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3437.598701][ T7633] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3437.600857][ T7633] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3447.088745][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3448.819917][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3450.424634][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3451.698764][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3467.546139][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3467.702439][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3467.823825][ T12] bond0 (unregistering): Released all slaves [ 3469.005477][ T12] hsr_slave_0: left promiscuous mode [ 3469.102333][ T12] hsr_slave_1: left promiscuous mode [ 3469.783068][ T12] veth1_macvtap: left promiscuous mode [ 3469.787190][ T12] veth0_macvtap: left promiscuous mode [ 3469.806566][ T12] veth1_vlan: left promiscuous mode [ 3469.829952][ T12] veth0_vlan: left promiscuous mode [ 3485.538267][ T8207] tap0: tun_chr_ioctl cmd 35108 [ 3511.572862][ T8174] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3511.702618][ T8174] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3519.778199][ T8416] Process accounting resumed [ 3535.924764][ T8174] hsr_slave_0: entered promiscuous mode [ 3536.026342][ T8174] hsr_slave_1: entered promiscuous mode [ 3536.093575][ T8174] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3536.095855][ T8174] Cannot create hsr debugfs directory [ 3546.839650][ T8174] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 3547.032124][ T8174] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 3547.216925][ T8174] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 3547.516838][ T8174] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 3563.043042][ T8174] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3620.362131][ T8174] veth0_vlan: entered promiscuous mode [ 3620.818137][ T8174] veth1_vlan: entered promiscuous mode [ 3622.309457][ T8174] veth0_macvtap: entered promiscuous mode [ 3622.436846][ T8174] veth1_macvtap: entered promiscuous mode [ 3624.376328][ T8174] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3624.379716][ T8174] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3624.413863][ T8174] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3624.418371][ T8174] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3629.542576][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3630.386102][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3630.867131][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3631.929573][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3646.746549][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3646.916557][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3647.053339][ T12] bond0 (unregistering): Released all slaves [ 3647.848168][ T12] hsr_slave_0: left promiscuous mode [ 3647.880463][ T12] hsr_slave_1: left promiscuous mode [ 3648.140671][ T12] veth1_macvtap: left promiscuous mode [ 3648.168187][ T12] veth0_macvtap: left promiscuous mode [ 3648.176176][ T12] veth1_vlan: left promiscuous mode [ 3648.180511][ T12] veth0_vlan: left promiscuous mode [ 3688.264326][ T8811] ICMPv6: NA: aa:aa:aa:aa:aa:00 advertised our address fe80::aa on syz_tun! [ 3699.588886][ T8693] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3699.838892][ T8693] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3700.946551][ T8907] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1115'. [ 3719.993644][ T8693] hsr_slave_0: entered promiscuous mode [ 3720.069005][ T8693] hsr_slave_1: entered promiscuous mode [ 3720.127373][ T8693] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3720.129760][ T8693] Cannot create hsr debugfs directory [ 3732.810115][ T8693] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 3733.450563][ T8693] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 3733.787455][ T8693] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 3733.925161][ T8693] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 3748.920755][ T8693] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3762.058095][ T8693] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 3762.060572][ T8693] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3779.970276][ T9175] syzkaller0: entered promiscuous mode [ 3779.975386][ T9175] syzkaller0: entered allmulticast mode [ 3796.418124][ T9203] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1132'. [ 3808.388421][ T8693] veth0_vlan: entered promiscuous mode [ 3808.655915][ T8693] veth1_vlan: entered promiscuous mode [ 3810.267405][ T8693] veth0_macvtap: entered promiscuous mode [ 3810.765347][ T8693] veth1_macvtap: entered promiscuous mode [ 3813.149671][ T8693] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3813.183831][ T8693] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3813.186494][ T8693] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3813.188632][ T8693] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3820.698320][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3822.579083][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3823.396279][ T9236] fuse: Bad value for 'fd' [ 3823.530371][ T9236] Process accounting resumed [ 3823.922936][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3824.718593][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3840.907804][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3841.160512][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3841.379115][ T11] bond0 (unregistering): Released all slaves [ 3842.841933][ T11] hsr_slave_0: left promiscuous mode [ 3842.873840][ T11] hsr_slave_1: left promiscuous mode [ 3843.460028][ T11] veth1_macvtap: left promiscuous mode [ 3843.467165][ T11] veth0_macvtap: left promiscuous mode [ 3843.526272][ T11] veth1_vlan: left promiscuous mode [ 3843.538008][ T11] veth0_vlan: left promiscuous mode [ 3859.656046][ T9274] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1140'. [ 3890.488874][ T9262] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3890.627522][ T9262] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3906.163395][ T9262] hsr_slave_0: entered promiscuous mode [ 3906.230239][ T9262] hsr_slave_1: entered promiscuous mode [ 3906.319301][ T9262] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3906.346751][ T9262] Cannot create hsr debugfs directory [ 3917.315469][ T9262] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 3917.658655][ T9262] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 3917.926809][ T9262] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 3918.164015][ T9262] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 3922.608754][ T9653] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1154'. [ 3922.638664][ T9653] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1154'. [ 3933.977566][ T7309] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 3934.068825][ T9262] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3934.274458][ T7309] usb 2-1: Using ep0 maxpacket: 32 [ 3934.406579][ T7309] usb 2-1: config 0 has an invalid interface number: 89 but max is 0 [ 3934.409479][ T7309] usb 2-1: config 0 has no interface number 0 [ 3934.584905][ T7309] usb 2-1: New USB device found, idVendor=12d1, idProduct=7ef3, bcdDevice=54.68 [ 3934.587559][ T7309] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3934.589567][ T7309] usb 2-1: Product: syz [ 3934.613638][ T7309] usb 2-1: Manufacturer: syz [ 3934.616403][ T7309] usb 2-1: SerialNumber: syz [ 3934.837135][ T7309] usb 2-1: config 0 descriptor?? [ 3934.969245][ T7309] hub 2-1:0.89: bad descriptor, ignoring hub [ 3935.005519][ T7309] hub 2-1:0.89: probe with driver hub failed with error -5 [ 3935.185324][ T7309] option 2-1:0.89: GSM modem (1-port) converter detected [ 3936.796721][ T7309] usb 2-1: USB disconnect, device number 47 [ 3936.958496][ T7309] option 2-1:0.89: device disconnected [ 3985.513405][ T9262] veth0_vlan: entered promiscuous mode [ 3986.226588][ T9262] veth1_vlan: entered promiscuous mode [ 3986.702958][ T9262] veth0_macvtap: entered promiscuous mode [ 3986.767387][ T9262] veth1_macvtap: entered promiscuous mode [ 3989.315638][ T9262] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3989.318116][ T9262] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3989.320575][ T9262] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3989.335267][ T9262] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3996.789663][ T9214] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3997.679795][ T9214] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3999.179499][ T9214] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4000.040801][ T9214] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4013.854667][ T9214] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4014.049778][ T9214] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4014.118342][ T9214] bond0 (unregistering): Released all slaves [ 4015.035884][ T9214] hsr_slave_0: left promiscuous mode [ 4015.114348][ T9214] hsr_slave_1: left promiscuous mode [ 4015.715791][ T9214] veth1_macvtap: left promiscuous mode [ 4015.717617][ T9214] veth0_macvtap: left promiscuous mode [ 4015.721882][ T9214] veth1_vlan: left promiscuous mode [ 4015.743798][ T9214] veth0_vlan: left promiscuous mode [ 4055.124750][ T9810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4055.317125][ T9810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4077.924763][ T9810] hsr_slave_0: entered promiscuous mode [ 4077.960980][ T9810] hsr_slave_1: entered promiscuous mode [ 4078.048902][ T9810] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 4078.052538][ T9810] Cannot create hsr debugfs directory [ 4089.938296][T10197] raw_sendmsg: syz.1.1185 forgot to set AF_INET. Fix it! [ 4091.169925][ T9810] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 4091.460394][ T9810] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 4091.599900][ T9810] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 4091.800735][ T9810] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 4102.755193][ T9810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4111.963486][T10247] fuse: Unknown parameter 'user_id00000000000000000000' [ 4112.066815][T10247] Process accounting resumed [ 4150.858871][ T9810] veth0_vlan: entered promiscuous mode [ 4151.464157][ T9810] veth1_vlan: entered promiscuous mode [ 4153.708556][ T9810] veth0_macvtap: entered promiscuous mode [ 4154.175101][ T9810] veth1_macvtap: entered promiscuous mode [ 4156.299049][ T9810] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4156.322838][ T9810] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4156.325083][ T9810] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4156.327141][ T9810] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4161.225988][ T9214] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4162.695792][ T9214] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4164.350379][ T9214] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4165.620335][ T9214] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4177.775997][ T9214] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4178.112851][ T9214] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4178.367536][ T9214] bond0 (unregistering): Released all slaves [ 4181.295830][ T9214] hsr_slave_0: left promiscuous mode [ 4181.433179][ T9214] hsr_slave_1: left promiscuous mode [ 4181.687152][ T9214] veth1_macvtap: left promiscuous mode [ 4181.689050][ T9214] veth0_macvtap: left promiscuous mode [ 4181.700771][ T9214] veth1_vlan: left promiscuous mode [ 4181.719302][ T9214] veth0_vlan: left promiscuous mode [ 4211.985952][T10472] syzkaller0: entered allmulticast mode [ 4223.696387][T10364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4223.800372][T10364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4248.874228][T10364] hsr_slave_0: entered promiscuous mode [ 4248.957699][T10364] hsr_slave_1: entered promiscuous mode [ 4249.015167][T10364] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 4249.023847][T10364] Cannot create hsr debugfs directory [ 4260.634350][T10325] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 4260.984332][T10325] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 4260.988328][T10325] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 4261.013691][T10325] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 4261.020075][T10325] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 4261.034340][T10325] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 4261.315937][T10325] usb 2-1: config 0 descriptor?? [ 4263.209994][T10325] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 4263.515571][T10325] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 4263.909804][T10325] usb 2-1: USB disconnect, device number 48 [ 4266.824857][T10364] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 4266.974882][T10364] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 4267.328868][T10364] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 4267.499153][T10364] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 4281.058601][T10364] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4323.724503][T10872] tunl0: entered promiscuous mode [ 4323.839722][T10872] netlink: 'syz.1.1232': attribute type 1 has an invalid length. [ 4323.862104][T10872] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1232'. [ 4339.355816][T10364] veth0_vlan: entered promiscuous mode [ 4339.890216][T10364] veth1_vlan: entered promiscuous mode [ 4341.580082][T10364] veth0_macvtap: entered promiscuous mode [ 4341.815949][T10364] veth1_macvtap: entered promiscuous mode [ 4344.689647][T10364] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4344.715258][T10364] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4344.719861][T10364] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4344.729247][T10364] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4348.408141][T10901] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1237'. [ 4350.126242][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4351.283871][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4352.640612][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4353.797562][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4363.955392][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4364.196284][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4364.298177][ T12] bond0 (unregistering): Released all slaves [ 4366.314095][ T12] hsr_slave_0: left promiscuous mode [ 4366.354525][ T12] hsr_slave_1: left promiscuous mode [ 4366.688160][ T12] veth1_macvtap: left promiscuous mode [ 4366.696617][ T12] veth0_macvtap: left promiscuous mode [ 4366.703059][ T12] veth1_vlan: left promiscuous mode [ 4366.707487][ T12] veth0_vlan: left promiscuous mode [ 4382.446064][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4383.689671][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4384.817273][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4385.778058][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4394.046159][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4394.150513][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4394.228183][ T12] bond0 (unregistering): Released all slaves [ 4395.336576][ T12] hsr_slave_0: left promiscuous mode [ 4395.357722][ T12] hsr_slave_1: left promiscuous mode [ 4395.465147][ T12] veth1_macvtap: left promiscuous mode [ 4395.468317][ T12] veth0_macvtap: left promiscuous mode [ 4395.472731][ T12] veth1_vlan: left promiscuous mode [ 4395.476396][ T12] veth0_vlan: left promiscuous mode [ 4425.207128][T10922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4425.579168][T10922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4428.754812][T10917] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4429.078175][T10917] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4442.806076][T10922] hsr_slave_0: entered promiscuous mode [ 4442.875127][T10922] hsr_slave_1: entered promiscuous mode [ 4449.650886][T10917] hsr_slave_0: entered promiscuous mode [ 4449.690743][T10917] hsr_slave_1: entered promiscuous mode [ 4449.728604][T10917] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 4449.736384][T10917] Cannot create hsr debugfs directory [ 4458.530807][T10922] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 4459.060600][T10922] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 4459.233316][T10922] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 4459.759624][T10922] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 4462.247279][T10917] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 4462.337690][T10917] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 4462.513119][T10917] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 4462.609297][T10917] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 4473.718184][T10922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4476.048852][T10917] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4517.388276][T10922] veth0_vlan: entered promiscuous mode [ 4517.667090][T10922] veth1_vlan: entered promiscuous mode [ 4519.007845][T10922] veth0_macvtap: entered promiscuous mode [ 4519.650102][T10922] veth1_macvtap: entered promiscuous mode [ 4519.980274][T10917] veth0_vlan: entered promiscuous mode [ 4520.514979][T10917] veth1_vlan: entered promiscuous mode [ 4521.058338][T10922] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4521.075379][T10922] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4521.079504][T10922] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4521.092354][T10922] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4522.785820][T10917] veth0_macvtap: entered promiscuous mode [ 4523.265667][T10917] veth1_macvtap: entered promiscuous mode [ 4527.014167][T10384] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4527.993830][T10384] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4528.320589][T10917] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4528.336119][T10917] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4528.338216][T10917] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4528.340182][T10917] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4528.833074][T10384] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4529.286417][T10384] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4538.384994][ T36] audit: type=1326 audit(4537.004:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11731 comm="syz.1.1238" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x0 [ 4540.637177][T10384] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4540.995016][T10384] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4541.140694][T10384] bond0 (unregistering): Released all slaves [ 4542.524317][T10384] hsr_slave_0: left promiscuous mode [ 4542.623434][T10384] hsr_slave_1: left promiscuous mode [ 4542.972426][T10384] veth1_macvtap: left promiscuous mode [ 4542.974330][T10384] veth0_macvtap: left promiscuous mode [ 4542.978170][T10384] veth1_vlan: left promiscuous mode [ 4542.980241][T10384] veth0_vlan: left promiscuous mode [ 4595.495354][T11740] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4595.575151][T11740] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4609.301010][T11740] hsr_slave_0: entered promiscuous mode [ 4609.333051][T11740] hsr_slave_1: entered promiscuous mode [ 4618.083319][T11740] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 4618.366692][T11740] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 4618.594825][T11740] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 4618.777218][T11740] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 4621.356979][T12147] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1261'. [ 4634.474821][T11740] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4668.393656][T12222] Driver unsupported XDP return value 0 on prog (id 101) dev N/A, expect packet loss! [ 4677.732930][T11740] veth0_vlan: entered promiscuous mode [ 4678.180783][T11740] veth1_vlan: entered promiscuous mode [ 4679.815330][T11740] veth0_macvtap: entered promiscuous mode [ 4681.328281][T11740] veth1_macvtap: entered promiscuous mode [ 4684.793583][T11740] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4684.796138][T11740] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4684.798249][T11740] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4684.800396][T11740] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4691.630729][T10384] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4692.288045][T10384] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4695.060147][T10384] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4696.434463][T10384] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4705.907380][T10384] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4706.075823][T10384] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4706.189318][T10384] bond0 (unregistering): Released all slaves [ 4709.124703][T10384] hsr_slave_0: left promiscuous mode [ 4709.178717][T10384] hsr_slave_1: left promiscuous mode [ 4709.376534][T10384] veth1_macvtap: left promiscuous mode [ 4709.380013][T10384] veth0_macvtap: left promiscuous mode [ 4709.406218][T10384] veth1_vlan: left promiscuous mode [ 4709.410332][T10384] veth0_vlan: left promiscuous mode [ 4749.176493][ T7202] usb 2-1: new low-speed USB device number 49 using dummy_hcd [ 4749.509414][ T7202] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 4749.523560][ T7202] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 4749.526305][ T7202] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 4749.767882][ T7202] usb 2-1: string descriptor 0 read error: -22 [ 4749.774600][ T7202] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 4749.779665][ T7202] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 4749.998525][T12431] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 4750.025992][T12431] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 4750.186458][ T7202] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 4751.274563][ T7202] usb 2-1: USB disconnect, device number 49 [ 4756.206157][T12261] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4756.383454][T12261] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4767.144153][T12515] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1296'. [ 4767.247658][T12515] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1296'. [ 4767.277586][T12515] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1296'. [ 4773.654744][T12261] hsr_slave_0: entered promiscuous mode [ 4773.717216][T12261] hsr_slave_1: entered promiscuous mode [ 4784.740970][T12261] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 4785.006389][T12261] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 4785.185117][T12261] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 4785.468796][T12261] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 4795.145574][T12261] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4810.196364][T12700] binder: 12698:12700 ioctl c0306201 20000680 returned -14 [ 4812.957094][T12705] binder: 12704:12705 ioctl c018620c 20000240 returned -1 [ 4831.588493][T12745] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1312'. [ 4843.847989][T12261] veth0_vlan: entered promiscuous mode [ 4844.010858][T12261] veth1_vlan: entered promiscuous mode [ 4846.786341][T12261] veth0_macvtap: entered promiscuous mode [ 4847.233609][T12261] veth1_macvtap: entered promiscuous mode [ 4848.284216][T12261] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4848.295264][T12261] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4848.297800][T12261] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4848.299857][T12261] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4855.019357][T10317] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4855.983236][T10317] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4857.298474][T10317] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4858.940379][T10317] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4873.246343][T10317] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4873.344051][T10317] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4873.468626][T10317] bond0 (unregistering): Released all slaves [ 4874.554609][T10317] hsr_slave_0: left promiscuous mode [ 4874.654643][T10317] hsr_slave_1: left promiscuous mode [ 4875.136074][T10317] veth1_macvtap: left promiscuous mode [ 4875.139904][T10317] veth0_macvtap: left promiscuous mode [ 4875.176531][T10317] veth1_vlan: left promiscuous mode [ 4875.181683][T10317] veth0_vlan: left promiscuous mode [ 4911.149929][T12795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4911.239562][T12795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4926.257406][T13063] netlink: 'syz.1.1326': attribute type 3 has an invalid length. [ 4926.340646][T13063] netlink: 'syz.1.1326': attribute type 3 has an invalid length. [ 4932.559759][T12795] hsr_slave_0: entered promiscuous mode [ 4932.730564][T12795] hsr_slave_1: entered promiscuous mode [ 4940.893034][T12795] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 4941.057110][T12795] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 4941.159098][T12795] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 4941.475159][T12795] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 4952.920138][T12795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4955.604631][ T8160] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 4955.823358][ T8160] usb 2-1: Using ep0 maxpacket: 8 [ 4956.020433][ T8160] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 4956.023201][ T8160] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 4956.089578][ T8160] usb 2-1: config 0 descriptor?? [ 4957.672964][ T8160] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 4957.675184][ T8160] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0 [ 4957.678398][ T8160] asix 2-1:0.0: probe with driver asix failed with error -32 [ 4970.404615][T10328] usb 2-1: USB disconnect, device number 50 [ 5003.537505][T12795] veth0_vlan: entered promiscuous mode [ 5003.999781][T12795] veth1_vlan: entered promiscuous mode [ 5005.775188][T12795] veth0_macvtap: entered promiscuous mode [ 5006.128515][T12795] veth1_macvtap: entered promiscuous mode [ 5006.527928][T13293] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1342'. [ 5007.616465][T12795] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 5007.619708][T12795] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 5007.636990][T12795] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 5007.639459][T12795] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 5009.559128][T13295] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1343'. [ 5014.839156][T12806] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5015.797121][T12806] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5016.899967][T12806] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5017.834541][T12806] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5025.797859][T12806] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5025.897898][T12806] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5025.955939][T12806] bond0 (unregistering): Released all slaves [ 5026.620873][T12806] hsr_slave_0: left promiscuous mode [ 5026.659634][T12806] hsr_slave_1: left promiscuous mode [ 5026.984345][T12806] veth1_macvtap: left promiscuous mode [ 5026.986636][T12806] veth0_macvtap: left promiscuous mode [ 5026.989233][T12806] veth1_vlan: left promiscuous mode [ 5027.005074][T12806] veth0_vlan: left promiscuous mode [ 5032.108719][T11597] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 5032.374326][T11597] usb 2-1: Using ep0 maxpacket: 16 [ 5032.518118][T11597] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 5032.547374][T11597] usb 2-1: config 0 has no interface number 0 [ 5032.669058][T11597] usb 2-1: New USB device found, idVendor=0ace, idProduct=20ff, bcdDevice= 1.01 [ 5032.682802][T11597] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5032.685352][T11597] usb 2-1: Product: syz [ 5032.687171][T11597] usb 2-1: Manufacturer: syz [ 5032.688897][T11597] usb 2-1: SerialNumber: syz [ 5032.933669][T11597] usb 2-1: config 0 descriptor?? [ 5033.192813][T11597] usb-storage 2-1:0.85: USB Mass Storage device detected [ 5033.439762][T11597] usb-storage 2-1:0.85: device ignored [ 5033.964041][T11597] usb 2-1: USB disconnect, device number 51 [ 5041.822383][T13353] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1348'. [ 5072.878316][T13329] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5072.958345][T13329] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5084.577504][T13617] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 5088.134356][T13329] hsr_slave_0: entered promiscuous mode [ 5088.136704][T13648] tmpfs: Bad value for 'size' [ 5088.169409][T13329] hsr_slave_1: entered promiscuous mode [ 5091.403953][T13667] input: syz0 as /devices/virtual/input/input5 [ 5098.866394][T13329] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 5099.276427][T13329] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 5099.658002][T13329] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 5099.759182][T13329] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 5111.977863][T13329] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5141.628001][T13808] input: syz1 as /devices/virtual/input/input6 [ 5149.914232][T10325] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 5150.224727][T10325] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 5150.227578][T10325] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 5150.230665][T10325] usb 2-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 5150.255821][T10325] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 5150.383479][T10325] usb 2-1: config 0 descriptor?? [ 5152.284959][T10325] logitech-hidpp-device 0003:046D:C086.0004: unknown main item tag 0x0 [ 5152.287367][T10325] logitech-hidpp-device 0003:046D:C086.0004: unknown main item tag 0x0 [ 5152.534941][T10325] logitech-hidpp-device 0003:046D:C086.0004: hidraw0: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.1-1/input0 [ 5152.744832][T10325] usb 2-1: USB disconnect, device number 52 [ 5162.448056][T13329] veth0_vlan: entered promiscuous mode [ 5163.134493][T13329] veth1_vlan: entered promiscuous mode [ 5165.146907][T13329] veth0_macvtap: entered promiscuous mode [ 5165.313538][T13329] veth1_macvtap: entered promiscuous mode [ 5167.346767][T13329] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 5167.349268][T13329] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 5167.362668][T13329] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 5167.364724][T13329] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 5173.166465][T12806] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5174.253279][T12806] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5174.826409][T12806] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5175.997431][T12806] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5189.056310][T12806] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5189.300948][T12806] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5189.554722][T12806] bond0 (unregistering): Released all slaves [ 5190.855141][T12806] hsr_slave_0: left promiscuous mode [ 5191.004418][T12806] hsr_slave_1: left promiscuous mode [ 5191.523869][T12806] veth1_macvtap: left promiscuous mode [ 5191.525653][T12806] veth0_macvtap: left promiscuous mode [ 5191.531677][T12806] veth1_vlan: left promiscuous mode [ 5191.540495][T12806] veth0_vlan: left promiscuous mode [ 5215.929110][T13932] sit0: entered promiscuous mode [ 5216.256778][T13932] netlink: 'syz.1.1381': attribute type 1 has an invalid length. [ 5216.259165][T13932] netlink: 1 bytes leftover after parsing attributes in process `syz.1.1381'. [ 5220.039097][T13959] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1382'. [ 5220.198527][T13959] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1382'. [ 5220.239032][T13959] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1382'. [ 5233.044324][T10325] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 5234.037583][T10325] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 5234.043003][T10325] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 5234.046994][T10325] usb 2-1: New USB device found, idVendor=056a, idProduct=0325, bcdDevice= 0.00 [ 5234.049051][T10325] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 5234.160510][T10325] usb 2-1: config 0 descriptor?? [ 5236.530493][T10325] wacom 0003:056A:0325.0005: unbalanced delimiter at end of report description [ 5236.571838][T10325] wacom 0003:056A:0325.0005: parse failed [ 5236.575761][T10325] wacom 0003:056A:0325.0005: probe with driver wacom failed with error -22 [ 5236.743427][T10325] usb 2-1: USB disconnect, device number 53 [ 5239.480066][T13901] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5239.663667][T13901] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5249.604585][T10325] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 5251.390357][T10325] usb 2-1: unable to get BOS descriptor or descriptor too short [ 5251.509908][T10325] usb 2-1: config 66 has an invalid interface number: 53 but max is 1 [ 5251.514873][T10325] usb 2-1: config 66 has an invalid interface number: 4 but max is 1 [ 5251.517196][T10325] usb 2-1: config 66 has no interface number 0 [ 5251.519008][T10325] usb 2-1: config 66 has no interface number 1 [ 5251.522765][T10325] usb 2-1: config 66 interface 53 has no altsetting 0 [ 5251.525065][T10325] usb 2-1: config 66 interface 4 has no altsetting 0 [ 5251.670523][T10325] usb 2-1: New USB device found, idVendor=0499, idProduct=1509, bcdDevice=8d.1f [ 5251.674179][T10325] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5251.676064][T10325] usb 2-1: Product: syz [ 5251.677716][T10325] usb 2-1: Manufacturer: syz [ 5251.679463][T10325] usb 2-1: SerialNumber: syz [ 5253.638546][T10325] usb 2-1: USB disconnect, device number 54 [ 5258.626588][T13901] hsr_slave_0: entered promiscuous mode [ 5258.692477][T13901] hsr_slave_1: entered promiscuous mode [ 5265.505498][T11597] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 5265.734361][T11597] usb 2-1: Using ep0 maxpacket: 16 [ 5265.848181][T11597] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 5265.850687][T11597] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 5265.874440][T11597] usb 2-1: New USB device found, idVendor=056a, idProduct=0302, bcdDevice= 0.00 [ 5265.876524][T11597] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 5266.115447][T11597] usb 2-1: config 0 descriptor?? [ 5268.026859][T11597] wacom 0003:056A:0302.0006: Unknown device_type for 'HID 056a:0302'. Assuming pen. [ 5268.103471][T11597] wacom 0003:056A:0302.0006: hidraw0: USB HID v0.00 Device [HID 056a:0302] on usb-dummy_hcd.1-1/input0 [ 5268.200938][T11597] input: Wacom Intuos PT S Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0302.0006/input/input7 [ 5268.843477][T11597] usb 2-1: USB disconnect, device number 55 [ 5270.285804][T13901] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 5270.394648][T13901] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 5270.586656][T13901] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 5270.699846][T13901] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 5280.674318][ T6873] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 5280.924160][ T6873] usb 2-1: Using ep0 maxpacket: 32 [ 5281.566145][ T6873] usb 2-1: config 128 has an invalid interface number: 195 but max is 0 [ 5281.568473][ T6873] usb 2-1: config 128 has no interface number 0 [ 5281.569901][ T6873] usb 2-1: config 128 interface 195 altsetting 3 bulk endpoint 0x6 has invalid maxpacket 32 [ 5281.573824][ T6873] usb 2-1: config 128 interface 195 has no altsetting 0 [ 5281.719830][ T6873] usb 2-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=aa.75 [ 5281.726345][ T6873] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5281.727740][ T6873] usb 2-1: Product: syz [ 5281.728786][ T6873] usb 2-1: Manufacturer: syz [ 5281.729777][ T6873] usb 2-1: SerialNumber: syz [ 5281.870366][T14363] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 5283.445516][ T6873] usb 2-1: USB disconnect, device number 56 [ 5286.870047][T13901] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5297.394224][T10325] usb 2-1: new full-speed USB device number 57 using dummy_hcd [ 5297.795987][T10325] usb 2-1: config 0 has an invalid interface number: 189 but max is 0 [ 5297.799590][T10325] usb 2-1: config 0 has no interface number 0 [ 5297.824905][T10325] usb 2-1: config 0 interface 189 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 5297.827977][T10325] usb 2-1: config 0 interface 189 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 5297.859255][T10325] usb 2-1: config 0 interface 189 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 64 [ 5297.870311][T10325] usb 2-1: config 0 interface 189 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 5297.894592][T10325] usb 2-1: config 0 interface 189 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 5298.087558][T10325] usb 2-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 1.02 [ 5298.090474][T10325] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5298.104576][T10325] usb 2-1: Product: syz [ 5298.109220][T10325] usb 2-1: Manufacturer: syz [ 5298.123056][T10325] usb 2-1: SerialNumber: syz [ 5298.364689][T10325] usb 2-1: config 0 descriptor?? [ 5298.460891][T14395] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 5298.714241][T10325] ums-alauda 2-1:0.189: USB Mass Storage device detected [ 5298.908264][T10325] scsi host0: usb-storage 2-1:0.189 [ 5300.395302][T14126] scsi 0:0:0:0: Direct-Access Olympus MAUSB-10 (Alauda 0102 PQ: 0 ANSI: 0 CCS [ 5300.486449][T14126] scsi 0:0:0:1: Direct-Access Olympus MAUSB-10 (Alauda 0102 PQ: 0 ANSI: 0 CCS [ 5301.048043][T14126] sd 0:0:0:0: Attached scsi generic sg0 type 0 [ 5301.528063][ T9974] sd 0:0:0:0: [sda] Media removed, stopped polling [ 5301.845367][T13429] sd 0:0:0:1: [sdb] Media removed, stopped polling [ 5301.846188][T14126] sd 0:0:0:1: Attached scsi generic sg1 type 0 [ 5302.074050][T10899] usb 2-1: USB disconnect, device number 57 [ 5302.565862][ T9974] sd 0:0:0:0: [sda] Attached SCSI removable disk [ 5302.947903][T13429] sd 0:0:0:1: [sdb] Attached SCSI removable disk [ 5322.907545][T11597] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 5323.125832][T11597] usb 2-1: Using ep0 maxpacket: 16 [ 5323.199570][T11597] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 5323.210582][T11597] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 5323.214223][T11597] usb 2-1: config 0 interface 0 has no altsetting 0 [ 5323.216492][T11597] usb 2-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 5323.225399][T11597] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 5323.340220][T11597] usb 2-1: config 0 descriptor?? [ 5325.486338][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.502671][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.508490][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.558963][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.568118][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.570169][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.602617][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.604752][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.606618][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.608483][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.610367][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.663123][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.665412][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.667299][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.669157][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.704758][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.707345][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.709231][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.728795][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.731038][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.744095][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.745958][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.747777][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.749603][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.782695][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.785237][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.787175][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.788940][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.790732][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.815448][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.817361][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.819173][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.865385][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.867648][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.869451][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.894575][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.896775][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.898540][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.900208][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.983206][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.985370][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.987149][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.988945][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5325.990754][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.014880][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.017999][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.019851][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.055658][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.057887][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.059780][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.089425][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.113821][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.117338][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.119254][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.134905][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.137017][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.138835][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.140678][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.165741][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x1 [ 5326.167946][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.169822][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.193908][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.196248][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.198161][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x1 [ 5326.200326][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.224334][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.226642][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.228430][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.263562][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.265776][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.267619][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.269431][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.294429][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.296638][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.298467][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.333277][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.335570][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.337404][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.339268][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.372575][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.374809][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.376647][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.378539][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.380386][T11597] kye 0003:0458:0138.0007: unknown main item tag 0x0 [ 5326.404110][T11597] kye 0003:0458:0138.0007: unexpected long global item [ 5326.468900][T11597] kye 0003:0458:0138.0007: parse failed [ 5326.483726][T11597] kye 0003:0458:0138.0007: probe with driver kye failed with error -22 [ 5326.727693][T11597] usb 2-1: USB disconnect, device number 58 [ 5340.339203][T13901] veth0_vlan: entered promiscuous mode [ 5340.404208][T10899] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 5340.635517][T10899] usb 2-1: Using ep0 maxpacket: 8 [ 5340.743913][T10899] usb 2-1: config 0 has an invalid interface number: 29 but max is 0 [ 5340.746420][T10899] usb 2-1: config 0 has no interface number 0 [ 5340.748562][T10899] usb 2-1: config 0 interface 29 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 5340.750789][T10899] usb 2-1: config 0 interface 29 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 5340.778588][T10899] usb 2-1: config 0 interface 29 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 5340.780196][T10899] usb 2-1: config 0 interface 29 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 5340.792335][T10899] usb 2-1: config 0 interface 29 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 5340.794702][T10899] usb 2-1: config 0 interface 29 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 5340.796917][T10899] usb 2-1: config 0 interface 29 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 5340.944374][T10899] usb 2-1: New USB device found, idVendor=03f0, idProduct=0207, bcdDevice= 0.01 [ 5340.947041][T10899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5340.949069][T10899] usb 2-1: Product: syz [ 5340.950750][T10899] usb 2-1: Manufacturer: syz [ 5340.962847][T10899] usb 2-1: SerialNumber: syz [ 5341.087272][T13901] veth1_vlan: entered promiscuous mode [ 5341.158669][T10899] usb 2-1: config 0 descriptor?? [ 5341.657008][T14520] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 5341.876643][T10899] ums-usbat 2-1:0.29: USB Mass Storage device detected [ 5344.657978][T13901] veth0_macvtap: entered promiscuous mode [ 5344.967306][T13901] veth1_macvtap: entered promiscuous mode [ 5346.878904][T10899] ums-usbat 2-1:0.29: probe with driver ums-usbat failed with error -5 [ 5347.260123][T10899] usb 2-1: USB disconnect, device number 59 [ 5347.327851][T13901] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 5347.330421][T13901] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 5347.349134][T13901] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 5347.372009][T13901] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 5352.077377][T12806] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5353.356632][T12806] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5354.439097][T12806] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5356.367961][T12806] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5365.694641][T10325] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 5366.097737][T10325] usb 2-1: Using ep0 maxpacket: 16 [ 5366.830747][T10325] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 5366.850408][T10325] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 5366.885258][T10325] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0 [ 5366.887764][T10325] usb 2-1: config 0 interface 0 has no altsetting 0 [ 5367.116104][T10325] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 5367.118574][T10325] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5367.120600][T10325] usb 2-1: Product: syz [ 5367.135358][T10325] usb 2-1: Manufacturer: syz [ 5367.136523][T10325] usb 2-1: SerialNumber: syz [ 5367.345862][T10325] usb 2-1: config 0 descriptor?? [ 5368.473463][T10325] usb 2-1: Can not set alternate setting to 1, error: -71 [ 5368.475142][T10325] synaptics_usb 2-1:0.0: probe with driver synaptics_usb failed with error -71 [ 5368.610707][T10325] usb 2-1: USB disconnect, device number 60 [ 5369.623581][T12806] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5369.674151][T11597] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 5370.306684][T11597] usb 2-1: Using ep0 maxpacket: 16 [ 5370.454836][T11597] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 5370.457449][T11597] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 5370.459862][T11597] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0 [ 5370.514012][T11597] usb 2-1: config 0 interface 0 has no altsetting 0 [ 5370.588345][T11597] usb 2-1: language id specifier not provided by device, defaulting to English [ 5371.006907][T12806] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5371.067815][T11597] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 5371.069377][T11597] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5371.070495][T11597] usb 2-1: Product: syz [ 5371.116743][T11597] usb 2-1: SerialNumber: syz [ 5371.226836][T11597] usb 2-1: config 0 descriptor?? [ 5371.946856][T12806] bond0 (unregistering): Released all slaves [ 5372.118218][T11597] input: syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input10 [ 5372.321804][T11597] usb 2-1: USB disconnect, device number 61 [ 5372.913709][T12806] hsr_slave_0: left promiscuous mode [ 5372.949530][T12806] hsr_slave_1: left promiscuous mode [ 5373.280358][T12806] veth1_macvtap: left promiscuous mode [ 5373.299804][T12806] veth0_macvtap: left promiscuous mode [ 5373.319331][T12806] veth1_vlan: left promiscuous mode [ 5373.340781][T12806] veth0_vlan: left promiscuous mode [ 5380.854560][T11597] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 5381.164133][T11597] usb 2-1: Using ep0 maxpacket: 32 [ 5381.230188][T11597] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 5381.240682][T11597] usb 2-1: config 0 has no interface number 0 [ 5381.334587][T11597] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 5381.337592][T11597] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5381.339562][T11597] usb 2-1: Product: syz [ 5381.352508][T11597] usb 2-1: Manufacturer: syz [ 5381.354362][T11597] usb 2-1: SerialNumber: syz [ 5381.485270][T11597] usb 2-1: config 0 descriptor?? [ 5381.635799][T11597] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 5386.136089][ C0] usb-serial (null): qt2_process_read_urb - unsupported command 130 [ 5386.383707][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 5386.452899][T11597] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 5386.558665][T11597] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 5386.774560][T11597] usb 2-1: USB disconnect, device number 62 [ 5387.089544][T11597] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 5387.288766][T11597] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 5387.336052][T11597] quatech2 2-1:0.51: device disconnected [ 5395.713453][T14542] usb 2-1: new full-speed USB device number 63 using dummy_hcd [ 5396.072972][T14542] usb 2-1: unable to get BOS descriptor or descriptor too short [ 5396.103215][T14542] usb 2-1: not running at top speed; connect to a high speed hub [ 5396.227853][T14542] usb 2-1: config 129 has an invalid interface number: 28 but max is 0 [ 5396.229349][T14542] usb 2-1: config 129 has no interface number 0 [ 5396.230655][T14542] usb 2-1: config 129 interface 28 altsetting 250 has an endpoint descriptor with address 0xFD, changing to 0x8D [ 5396.239809][T14542] usb 2-1: config 129 interface 28 altsetting 250 endpoint 0x8D has invalid maxpacket 18502, setting to 64 [ 5396.241433][T14542] usb 2-1: config 129 interface 28 altsetting 250 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 5396.243472][T14542] usb 2-1: config 129 interface 28 has no altsetting 0 [ 5396.357965][T14542] usb 2-1: New USB device found, idVendor=108c, idProduct=0159, bcdDevice=db.57 [ 5396.374657][T14542] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5396.379582][T14542] usb 2-1: Product: syz [ 5396.380789][T14542] usb 2-1: Manufacturer: syz [ 5396.412972][T14542] usb 2-1: SerialNumber: syz [ 5396.794606][T14664] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 5398.008803][T14542] etas_es58x 2-1:129.28: Starting syz syz (Serial Number syz) [ 5398.028964][T14542] etas_es58x 2-1:129.28: could not retrieve the product info string [ 5398.293534][T14542] usb 2-1: USB disconnect, device number 63 [ 5398.368164][T14542] etas_es58x 2-1:129.28: Disconnecting syz syz [ 5410.755908][T14542] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 5410.963889][T14542] usb 2-1: Using ep0 maxpacket: 32 [ 5411.007231][T14542] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 5411.008650][T14542] usb 2-1: config 0 has no interface number 0 [ 5411.083638][T14542] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 5411.085968][T14542] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5411.087921][T14542] usb 2-1: Product: syz [ 5411.089721][T14542] usb 2-1: Manufacturer: syz [ 5411.090737][T14542] usb 2-1: SerialNumber: syz [ 5411.172415][T14542] usb 2-1: config 0 descriptor?? [ 5411.633491][T14542] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 5411.750217][T14588] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5411.905552][T14588] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5416.700769][T14542] usb 2-1: qt2_attach - failed to power on unit: -110 [ 5416.709758][T14542] quatech2 2-1:0.51: probe with driver quatech2 failed with error -110 [ 5423.608375][T14525] usb 2-1: USB disconnect, device number 64 [ 5428.817448][T14588] hsr_slave_0: entered promiscuous mode [ 5428.846651][T14588] hsr_slave_1: entered promiscuous mode [ 5438.793874][T14588] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 5438.966747][T14588] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 5439.138665][T14588] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 5439.636581][T14588] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 5440.655679][T14542] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 5440.905706][T14542] usb 2-1: Using ep0 maxpacket: 32 [ 5441.050504][T14542] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 5441.063555][T14542] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 5441.064804][T14542] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 5441.067363][T14542] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 5441.069382][T14542] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 5441.216469][T14542] usb 2-1: config 0 descriptor?? [ 5443.430316][T14542] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.0008/input/input11 [ 5443.647442][T14542] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.0008/input/input12 [ 5444.196703][T14542] kye 0003:0458:5011.0008: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.1-1/input0 [ 5444.307483][T14542] usb 2-1: USB disconnect, device number 65 [ 5450.098935][T14588] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5454.945547][T13296] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 5455.217533][T13296] usb 2-1: Using ep0 maxpacket: 32 [ 5455.325496][T13296] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 5455.328731][T13296] usb 2-1: config 0 has no interface number 0 [ 5456.033443][T13296] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 5456.038666][T13296] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5456.040816][T13296] usb 2-1: Product: syz [ 5456.088116][T13296] usb 2-1: Manufacturer: syz [ 5456.113194][T13296] usb 2-1: SerialNumber: syz [ 5456.515008][T13296] usb 2-1: config 0 descriptor?? [ 5456.797969][T13296] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 5458.172895][T13296] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 5458.363857][T13296] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 5458.652123][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 5458.846450][T13296] usb 2-1: USB disconnect, device number 66 [ 5459.157820][T13296] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 5459.376639][T13296] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 5459.406479][T13296] quatech2 2-1:0.51: device disconnected [ 5470.156017][ T36] audit: type=1326 audit(5468.794:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15130 comm="syz.1.1405" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x0 [ 5489.633458][T10328] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 5489.893194][T10328] usb 2-1: Using ep0 maxpacket: 8 [ 5489.964042][T10328] usb 2-1: New USB device found, idVendor=0c70, idProduct=f00d, bcdDevice= 0.00 [ 5489.965767][T10328] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 5490.045263][T10328] usb 2-1: config 0 descriptor?? [ 5491.667043][T10328] aquacomputer_d5next 0003:0C70:F00D.0009: item fetching failed at offset 5/7 [ 5491.718603][T10328] aquacomputer_d5next 0003:0C70:F00D.0009: probe with driver aquacomputer_d5next failed with error -22 [ 5491.934702][T13296] usb 2-1: USB disconnect, device number 67 [ 5506.748222][T14588] veth0_vlan: entered promiscuous mode [ 5507.404321][T14588] veth1_vlan: entered promiscuous mode [ 5508.147672][T15197] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1411'. [ 5509.998680][T14588] veth0_macvtap: entered promiscuous mode [ 5510.250124][T14588] veth1_macvtap: entered promiscuous mode [ 5512.395345][T14588] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 5512.397933][T14588] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 5512.400060][T14588] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 5512.417521][T14588] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 5520.473390][T12806] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5521.633181][T12806] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5522.409967][T12806] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5523.374669][T12806] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5532.643644][T12806] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5532.904797][T12806] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5533.005384][T12806] bond0 (unregistering): Released all slaves [ 5534.119126][T12806] hsr_slave_0: left promiscuous mode [ 5534.422919][T12806] hsr_slave_1: left promiscuous mode [ 5535.074793][T12806] veth1_macvtap: left promiscuous mode [ 5535.078611][T12806] veth0_macvtap: left promiscuous mode [ 5535.107235][T12806] veth1_vlan: left promiscuous mode [ 5535.149284][T12806] veth0_vlan: left promiscuous mode [ 5537.243808][T10328] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 5537.513258][T10328] usb 2-1: Using ep0 maxpacket: 32 [ 5537.664869][T10328] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 5537.667343][T10328] usb 2-1: config 0 has no interface number 0 [ 5537.847700][T10328] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 5537.850197][T10328] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5537.883426][T10328] usb 2-1: Product: syz [ 5537.886212][T10328] usb 2-1: Manufacturer: syz [ 5537.887942][T10328] usb 2-1: SerialNumber: syz [ 5538.232848][T10328] usb 2-1: config 0 descriptor?? [ 5538.419355][T10328] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 5538.835341][T10328] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 5538.967277][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 5539.234230][T10328] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 5539.379940][T10328] usb 2-1: USB disconnect, device number 68 [ 5539.807274][T10328] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 5540.310310][T10328] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 5540.456615][T10328] quatech2 2-1:0.51: device disconnected [ 5556.163109][T15264] bridge_slave_0: entered allmulticast mode [ 5556.525971][T15264] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 5584.548021][T15421] futex_wake_op: syz.1.1425 tries to shift op by 32; fix this program [ 5587.643519][T15230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5587.856056][T15230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5606.919818][T15230] hsr_slave_0: entered promiscuous mode [ 5606.956890][T15230] hsr_slave_1: entered promiscuous mode [ 5621.727632][T15230] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 5621.870309][T15230] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 5621.930235][T15230] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 5622.059260][T15230] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 5634.698625][T15230] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5636.403385][T14525] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 5636.665757][T14525] usb 2-1: Using ep0 maxpacket: 16 [ 5637.294778][T14525] usb 2-1: config 2 has an invalid interface number: 84 but max is 0 [ 5637.297204][T14525] usb 2-1: config 2 has no interface number 0 [ 5637.299192][T14525] usb 2-1: config 2 interface 84 has no altsetting 0 [ 5637.480008][T14525] usb 2-1: New USB device found, idVendor=9022, idProduct=d483, bcdDevice=a4.79 [ 5637.498208][T14525] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5637.500445][T14525] usb 2-1: Product: syz [ 5637.519295][T14525] usb 2-1: Manufacturer: syz [ 5637.542938][T14525] usb 2-1: SerialNumber: syz [ 5640.286883][T14525] usb 2-1: USB disconnect, device number 69 [ 5679.599405][T15230] veth0_vlan: entered promiscuous mode [ 5680.384877][T15230] veth1_vlan: entered promiscuous mode [ 5683.279130][T15230] veth0_macvtap: entered promiscuous mode [ 5683.585881][T15230] veth1_macvtap: entered promiscuous mode [ 5686.018796][T15230] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 5686.043532][T15230] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 5686.045997][T15230] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 5686.048242][T15230] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 5686.669069][ T36] audit: type=1326 audit(5685.144:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15753 comm="syz.1.1444" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x0 [ 5692.687241][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5693.433151][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5694.208870][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5694.951966][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5706.483963][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5706.830589][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5707.167171][ T12] bond0 (unregistering): Released all slaves [ 5708.659028][ T12] hsr_slave_0: left promiscuous mode [ 5708.738856][ T12] hsr_slave_1: left promiscuous mode [ 5708.992445][ T12] veth1_macvtap: left promiscuous mode [ 5708.994479][ T12] veth0_macvtap: left promiscuous mode [ 5708.998890][ T12] veth1_vlan: left promiscuous mode [ 5709.002917][ T12] veth0_vlan: left promiscuous mode [ 5735.823972][T14525] usb 2-1: new full-speed USB device number 70 using dummy_hcd [ 5736.813748][T14525] usb 2-1: unable to get BOS descriptor or descriptor too short [ 5736.859571][T14525] usb 2-1: not running at top speed; connect to a high speed hub [ 5736.892781][T14525] usb 2-1: config 129 has an invalid interface number: 28 but max is 0 [ 5736.894334][T14525] usb 2-1: config 129 has no interface number 0 [ 5736.895694][T14525] usb 2-1: config 129 interface 28 altsetting 250 has an endpoint descriptor with address 0xFD, changing to 0x8D [ 5736.897585][T14525] usb 2-1: config 129 interface 28 altsetting 250 endpoint 0x8D has invalid maxpacket 18502, setting to 64 [ 5736.899155][T14525] usb 2-1: config 129 interface 28 altsetting 250 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 5736.916510][T14525] usb 2-1: config 129 interface 28 has no altsetting 0 [ 5736.982582][T14525] usb 2-1: New USB device found, idVendor=108c, idProduct=0159, bcdDevice=db.57 [ 5736.985565][T14525] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5736.987891][T14525] usb 2-1: Product: syz [ 5736.989756][T14525] usb 2-1: Manufacturer: syz [ 5737.006382][T14525] usb 2-1: SerialNumber: syz [ 5737.436864][T15813] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 5738.458921][T14525] etas_es58x 2-1:129.28: Starting syz syz (Serial Number syz) [ 5738.473758][T14525] etas_es58x 2-1:129.28: could not retrieve the product info string [ 5738.929536][T14525] usb 2-1: USB disconnect, device number 70 [ 5738.988595][T14525] etas_es58x 2-1:129.28: Disconnecting syz syz [ 5765.385044][T15792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5765.524595][T15792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5784.288209][T15792] hsr_slave_0: entered promiscuous mode [ 5784.357939][T15792] hsr_slave_1: entered promiscuous mode [ 5801.210789][T15792] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 5801.286187][T15792] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 5801.414273][T15792] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 5801.575537][T15792] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 5816.588868][T15792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5831.742296][T10899] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 5832.217342][T10899] usb 2-1: unable to get BOS descriptor or descriptor too short [ 5832.988513][T10899] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 5832.990779][T10899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5832.994202][T10899] usb 2-1: Product: syz [ 5832.995412][T10899] usb 2-1: Manufacturer: syz [ 5832.996746][T10899] usb 2-1: SerialNumber: syz [ 5834.340537][T10899] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 5834.365000][T10899] usb 2-1: unit 3 not found! [ 5834.852401][T10899] usb 2-1: USB disconnect, device number 71 [ 5844.468934][ T36] audit: type=1326 audit(5843.094:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16274 comm="syz.1.1459" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x0 [ 5868.979483][T15792] veth0_vlan: entered promiscuous mode [ 5869.355945][T15792] veth1_vlan: entered promiscuous mode [ 5869.447512][T14525] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 5869.759581][T14525] usb 2-1: Using ep0 maxpacket: 32 [ 5869.913780][T14525] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 5869.915538][T14525] usb 2-1: config 0 has no interface number 0 [ 5870.080383][T14525] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 5870.084785][T14525] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5870.086311][T14525] usb 2-1: Product: syz [ 5870.087361][T14525] usb 2-1: Manufacturer: syz [ 5870.088421][T14525] usb 2-1: SerialNumber: syz [ 5870.153693][T14525] usb 2-1: config 0 descriptor?? [ 5870.196805][T14525] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 5872.153378][T14525] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 5872.244365][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 5872.332446][T14525] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 5872.563432][T14525] usb 2-1: USB disconnect, device number 72 [ 5872.776306][T14525] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 5872.835401][T15792] veth0_macvtap: entered promiscuous mode [ 5873.006615][T14525] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 5873.066002][T14525] quatech2 2-1:0.51: device disconnected [ 5873.144736][T15792] veth1_macvtap: entered promiscuous mode [ 5874.749183][T15792] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 5874.779050][T15792] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 5874.804572][T15792] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 5874.807145][T15792] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 5881.846287][T15746] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5882.928275][T15746] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5884.124316][T15746] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5884.654738][ T36] audit: type=1326 audit(5883.224:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16347 comm="syz.1.1464" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x0 [ 5885.836868][T15746] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5898.899608][T15746] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5899.255807][T15746] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5899.527519][T15746] bond0 (unregistering): Released all slaves [ 5901.457804][T15746] hsr_slave_0: left promiscuous mode [ 5901.583949][T15746] hsr_slave_1: left promiscuous mode [ 5902.123190][T15746] veth1_macvtap: left promiscuous mode [ 5902.127184][T15746] veth0_macvtap: left promiscuous mode [ 5902.194765][T15746] veth1_vlan: left promiscuous mode [ 5902.200591][T15746] veth0_vlan: left promiscuous mode [ 5908.490696][T16380] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1467'. [ 5912.125304][T16342] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 5912.466359][T16342] usb 2-1: Using ep0 maxpacket: 32 [ 5912.626434][T16342] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 5912.630318][T16342] usb 2-1: config 0 has no interface number 0 [ 5913.388969][T16342] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 5913.414242][T16342] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5913.417509][T16342] usb 2-1: Product: syz [ 5913.419424][T16342] usb 2-1: Manufacturer: syz [ 5913.432976][T16342] usb 2-1: SerialNumber: syz [ 5913.719725][T16342] usb 2-1: config 0 descriptor?? [ 5914.037885][T16342] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 5916.207563][T16342] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 5916.293788][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 5916.618261][T16342] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 5916.995933][T16342] usb 2-1: USB disconnect, device number 73 [ 5917.259080][T16342] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 5917.510645][T16342] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 5917.538721][T16342] quatech2 2-1:0.51: device disconnected [ 5953.967998][T16374] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5954.120017][T16374] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5969.919796][T16342] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 5970.003761][T16374] hsr_slave_0: entered promiscuous mode [ 5970.072947][T16374] hsr_slave_1: entered promiscuous mode [ 5970.203490][T16342] usb 2-1: Using ep0 maxpacket: 32 [ 5970.509680][T16342] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 5970.543974][T16342] usb 2-1: config 0 has no interface number 0 [ 5970.804545][T16342] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 5970.807251][T16342] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5970.809364][T16342] usb 2-1: Product: syz [ 5970.826193][T16342] usb 2-1: Manufacturer: syz [ 5970.828358][T16342] usb 2-1: SerialNumber: syz [ 5971.026789][T16342] usb 2-1: config 0 descriptor?? [ 5971.317935][T16342] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 5973.135060][T16342] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 5973.223477][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 5973.463457][T16342] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 5973.660830][T16342] usb 2-1: USB disconnect, device number 74 [ 5974.095681][T16342] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 5974.567596][T16342] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 5974.637732][T16342] quatech2 2-1:0.51: device disconnected [ 5983.893775][T16374] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 5984.326551][T16374] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 5984.990207][T16374] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 5985.227215][T16374] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 5997.024210][T16374] 8021q: adding VLAN 0 to HW filter on device bond0 [ 6042.399314][T16342] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 6042.683694][T16342] usb 2-1: Using ep0 maxpacket: 32 [ 6042.784805][T16342] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 6042.787125][T16342] usb 2-1: config 0 has no interface number 0 [ 6043.315736][T16342] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 6043.318203][T16342] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 6043.320116][T16342] usb 2-1: Product: syz [ 6043.332465][T16342] usb 2-1: Manufacturer: syz [ 6043.334486][T16342] usb 2-1: SerialNumber: syz [ 6043.770689][T16342] usb 2-1: config 0 descriptor?? [ 6043.985975][T16342] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 6046.045489][T16342] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 6046.322993][T16342] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 6046.484095][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 6046.814736][T16342] usb 2-1: USB disconnect, device number 75 [ 6047.120178][T16342] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 6047.366536][T16342] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 6047.436028][T16342] quatech2 2-1:0.51: device disconnected [ 6053.615745][T16374] veth0_vlan: entered promiscuous mode [ 6054.518798][T16374] veth1_vlan: entered promiscuous mode [ 6057.299973][T16374] veth0_macvtap: entered promiscuous mode [ 6057.648027][T16374] veth1_macvtap: entered promiscuous mode [ 6059.864371][T16374] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 6059.866971][T16374] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 6059.869088][T16374] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 6059.883263][T16374] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 6065.409998][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6066.740210][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6067.760160][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6068.655372][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6076.074622][ T36] audit: type=1326 audit(6074.724:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16981 comm="syz.1.1488" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x0 [ 6078.312404][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6078.447241][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6078.556642][ T12] bond0 (unregistering): Released all slaves [ 6079.643033][ T12] hsr_slave_0: left promiscuous mode [ 6079.723365][ T12] hsr_slave_1: left promiscuous mode [ 6080.314008][ T12] veth1_macvtap: left promiscuous mode [ 6080.315867][ T12] veth0_macvtap: left promiscuous mode [ 6080.324418][ T12] veth1_vlan: left promiscuous mode [ 6080.326756][ T12] veth0_vlan: left promiscuous mode [ 6130.195925][T17001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 6130.395643][T17001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 6138.744601][T17221] ALSA: seq fatal error: cannot create timer (-22) [ 6142.964452][T14542] usb 2-1: new full-speed USB device number 76 using dummy_hcd [ 6143.313597][T14542] usb 2-1: unable to get BOS descriptor or descriptor too short [ 6143.357737][T14542] usb 2-1: not running at top speed; connect to a high speed hub [ 6143.420952][T14542] usb 2-1: config 129 has an invalid interface number: 28 but max is 0 [ 6143.433109][T14542] usb 2-1: config 129 has no interface number 0 [ 6143.435951][T14542] usb 2-1: config 129 interface 28 altsetting 250 has an invalid endpoint descriptor of length 2, skipping [ 6143.438740][T14542] usb 2-1: config 129 interface 28 altsetting 250 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 6143.449460][T14542] usb 2-1: config 129 interface 28 altsetting 250 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 6143.472613][T14542] usb 2-1: config 129 interface 28 has no altsetting 0 [ 6143.774691][T14542] usb 2-1: New USB device found, idVendor=108c, idProduct=0159, bcdDevice=db.57 [ 6143.778428][T14542] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 6143.780402][T14542] usb 2-1: Product: syz [ 6143.804860][T14542] usb 2-1: Manufacturer: syz [ 6143.806883][T14542] usb 2-1: SerialNumber: syz [ 6145.115169][T14542] etas_es58x 2-1:129.28: Starting syz syz (Serial Number syz) [ 6145.424461][T14542] usb 2-1: USB disconnect, device number 76 [ 6148.446100][T17001] hsr_slave_0: entered promiscuous mode [ 6148.498277][T17001] hsr_slave_1: entered promiscuous mode [ 6153.427498][T17001] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 6153.710666][T17001] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 6153.922103][T17001] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 6154.309755][T17001] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 6157.753788][T14542] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 6158.682345][T14542] usb 2-1: Using ep0 maxpacket: 32 [ 6158.902729][T14542] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 6158.905598][T14542] usb 2-1: config 0 has no interface number 0 [ 6159.070610][T14542] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 6159.075999][T14542] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 6159.077615][T14542] usb 2-1: Product: syz [ 6159.078740][T14542] usb 2-1: Manufacturer: syz [ 6159.079821][T14542] usb 2-1: SerialNumber: syz [ 6159.155478][T14542] usb 2-1: config 0 descriptor?? [ 6159.520828][T14542] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 6164.735153][T14542] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 6164.822599][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 6165.132827][T14542] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 6165.288134][T14542] usb 2-1: USB disconnect, device number 77 [ 6165.715947][T14542] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 6165.964823][T14542] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 6165.999909][T14542] quatech2 2-1:0.51: device disconnected [ 6174.687616][T17001] 8021q: adding VLAN 0 to HW filter on device bond0 [ 6186.138866][T11597] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 6186.467428][T11597] usb 2-1: Using ep0 maxpacket: 32 [ 6186.742728][T11597] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 6186.745161][T11597] usb 2-1: config 0 has no interface number 0 [ 6186.999568][T11597] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 6187.015513][T11597] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 6187.017845][T11597] usb 2-1: Product: syz [ 6187.019549][T11597] usb 2-1: Manufacturer: syz [ 6187.034199][T11597] usb 2-1: SerialNumber: syz [ 6187.256696][T11597] usb 2-1: config 0 descriptor?? [ 6187.519873][T11597] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 6192.725819][T11597] usb 2-1: qt2_attach - failed to power on unit: -110 [ 6192.753039][T11597] quatech2 2-1:0.51: probe with driver quatech2 failed with error -110 [ 6201.248552][T14544] usb 2-1: USB disconnect, device number 78 [ 6213.213811][T14525] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 6213.464933][T14525] usb 2-1: Using ep0 maxpacket: 32 [ 6213.550340][T14525] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 6213.562436][T14525] usb 2-1: config 0 has no interface number 0 [ 6213.683564][T14525] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 6213.685034][T14525] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 6213.686352][T14525] usb 2-1: Product: syz [ 6213.687285][T14525] usb 2-1: Manufacturer: syz [ 6213.688215][T14525] usb 2-1: SerialNumber: syz [ 6213.830650][T14525] usb 2-1: config 0 descriptor?? [ 6213.997090][T14525] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 6218.662236][T14525] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 6218.806575][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 6218.830586][T14525] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 6219.280954][T14525] usb 2-1: USB disconnect, device number 79 [ 6219.588841][T14525] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 6219.857961][T14525] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 6219.897912][T14525] quatech2 2-1:0.51: device disconnected [ 6229.967429][T17001] veth0_vlan: entered promiscuous mode [ 6244.836648][T17001] veth1_vlan: entered promiscuous mode [ 6246.277590][T17001] veth0_macvtap: entered promiscuous mode [ 6246.591602][T17001] veth1_macvtap: entered promiscuous mode [ 6247.247513][T17001] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 6247.248954][T17001] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 6247.250149][T17001] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 6247.262588][T17001] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 6275.148039][T16342] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 6275.730826][T16342] usb 2-1: config 0 has an invalid interface number: 86 but max is 0 [ 6275.737511][T16342] usb 2-1: config 0 has no interface number 0 [ 6275.739932][T16342] usb 2-1: New USB device found, idVendor=06cd, idProduct=0107, bcdDevice=99.22 [ 6275.745172][T16342] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 6275.886096][T16342] usb 2-1: config 0 descriptor?? [ 6276.027209][T16342] keyspan 2-1:0.86: Keyspan 1 port adapter converter detected [ 6276.036022][T16342] keyspan 2-1:0.86: found no endpoint descriptor for endpoint 84 [ 6276.065595][T16342] keyspan 2-1:0.86: found no endpoint descriptor for endpoint 81 [ 6276.068648][T16342] keyspan 2-1:0.86: found no endpoint descriptor for endpoint 82 [ 6276.072662][T16342] keyspan 2-1:0.86: found no endpoint descriptor for endpoint 1 [ 6276.076214][T16342] keyspan 2-1:0.86: found no endpoint descriptor for endpoint 2 [ 6276.079204][T16342] keyspan 2-1:0.86: found no endpoint descriptor for endpoint 83 [ 6276.082779][T16342] keyspan 2-1:0.86: found no endpoint descriptor for endpoint 3 [ 6276.189852][T16342] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 6277.294785][T16342] usb 2-1: USB disconnect, device number 80 [ 6277.457024][T16342] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 6277.506160][T16342] keyspan 2-1:0.86: device disconnected [ 6297.949053][T17635] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1541'. [ 6298.029588][T17635] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1541'. [ 6298.040120][T17635] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1541'. [ 6300.998462][T17641] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6301.076942][T17641] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6308.460024][T17649] syz.1.1547 (17649): /proc/17648/oom_adj is deprecated, please use /proc/17648/oom_score_adj instead. [ 6309.192499][T17651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6309.279170][T17651] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6324.183940][T16842] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 6324.425036][T16842] usb 2-1: Using ep0 maxpacket: 32 [ 6324.735289][T16842] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 6324.737697][T16842] usb 2-1: config 0 has no interface number 0 [ 6324.886604][T16842] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 6324.889200][T16842] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 6324.901800][T16842] usb 2-1: Product: syz [ 6324.903978][T16842] usb 2-1: Manufacturer: syz [ 6324.905706][T16842] usb 2-1: SerialNumber: syz [ 6325.079074][T16842] usb 2-1: config 0 descriptor?? [ 6325.198588][T16842] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 6330.080367][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 6330.105911][T16842] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 6330.384371][T16842] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 6330.559415][T16842] usb 2-1: USB disconnect, device number 81 [ 6330.895846][T16842] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 6331.377876][T16842] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 6331.394665][T16842] quatech2 2-1:0.51: device disconnected [ 6341.093927][T17709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6341.149611][T17709] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6360.933048][T17738] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1569'. [ 6374.526731][T17763] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1579'. [ 6374.530386][T17763] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1579'. [ 6377.014524][T17773] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6377.090993][T17773] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6393.127025][T17793] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1589'. [ 6404.667753][T17814] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1595'. [ 6413.949172][T17818] IPv6: Can't replace route, no match found [ 6451.072793][T17871] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6451.104581][T17871] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6476.678653][T17904] xt_hashlimit: overflow, try lower: 3/0 [ 6484.164215][T17912] sch_tbf: burst 6758 is lower than device lo mtu (65550) ! [ 6486.333759][T16342] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 6486.585758][T16342] usb 2-1: Using ep0 maxpacket: 8 [ 6486.655438][T16342] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 6486.657869][T16342] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 6486.780109][T16342] usb 2-1: config 0 descriptor?? [ 6488.487588][T16342] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 6488.489348][T16342] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 6488.506858][T16342] asix 2-1:0.0: probe with driver asix failed with error -71 [ 6488.684103][T16342] usb 2-1: USB disconnect, device number 82 [ 6499.183998][T16342] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 6499.385870][T16342] usb 2-1: Using ep0 maxpacket: 8 [ 6499.450136][T16342] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 6499.466212][T16342] usb 2-1: New USB device found, idVendor=1b3d, idProduct=0146, bcdDevice= 1.b8 [ 6499.468407][T16342] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 6499.597415][T16342] usb 2-1: config 0 descriptor?? [ 6499.703564][T16342] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 6499.724007][T16342] usb 2-1: Detected SIO [ 6499.772886][T16342] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 6500.268767][T16342] usb 2-1: USB disconnect, device number 83 [ 6500.450673][T16342] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 6500.557322][T16342] ftdi_sio 2-1:0.0: device disconnected [ 6520.222843][T17995] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6520.265790][T17995] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6527.673373][T18000] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6527.736424][T18000] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6535.567121][T18004] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6535.599346][T18004] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6546.575129][T17756] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 6546.914832][T17756] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 6546.917659][T17756] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 6546.920121][T17756] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 6546.950459][T17756] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.00 [ 6546.958730][T17756] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 6547.057112][T17756] usb 2-1: config 0 descriptor?? [ 6549.443593][T17756] keytouch 0003:0926:3333.000A: fixing up Keytouch IEC report descriptor [ 6549.517582][T17756] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.000A/input/input15 [ 6549.655872][T17756] keytouch 0003:0926:3333.000A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 6549.746346][T17756] usb 2-1: USB disconnect, device number 84 [ 6562.312460][T18063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6562.415359][T18063] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6569.146201][T13296] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 6569.366204][T13296] usb 2-1: Using ep0 maxpacket: 8 [ 6569.483950][T13296] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 6569.486470][T13296] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 6569.488572][T13296] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 6569.490743][T13296] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 6569.514931][T13296] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 6569.517649][T13296] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 6569.519731][T13296] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 6570.694493][T13296] usb 2-1: GET_CAPABILITIES returned 0 [ 6570.697030][T13296] usbtmc 2-1:16.0: can't read capabilities [ 6571.355446][T13296] usb 2-1: USB disconnect, device number 85 [ 6571.469608][T18087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6571.504707][T18087] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6595.307398][T18112] syzkaller1: entered promiscuous mode [ 6595.310391][T18112] syzkaller1: entered allmulticast mode [ 6600.223574][T18122] mmap: syz.1.1692 (18122) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 6610.916422][T16342] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 6611.159080][T16342] usb 2-1: Using ep0 maxpacket: 32 [ 6611.327713][T16342] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 6611.330838][T16342] usb 2-1: config 0 has no interface number 0 [ 6611.439087][T16342] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 6611.443516][T16342] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 6611.445766][T16342] usb 2-1: Product: syz [ 6611.447599][T16342] usb 2-1: Manufacturer: syz [ 6611.449471][T16342] usb 2-1: SerialNumber: syz [ 6611.578050][T16342] usb 2-1: config 0 descriptor?? [ 6611.727781][T16342] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 6616.436919][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 6616.468606][T16342] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 6616.598567][T16342] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 6616.817235][T16342] usb 2-1: USB disconnect, device number 86 [ 6617.079282][T16342] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 6617.315095][T16342] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 6617.334589][T16342] quatech2 2-1:0.51: device disconnected [ 6629.857683][T18174] sctp: [Deprecated]: syz.2.1704 (pid 18174) Use of struct sctp_assoc_value in delayed_ack socket option. [ 6629.857683][T18174] Use struct sctp_sack_info instead [ 6643.444496][T18190] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6643.462863][T18190] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6669.482259][ T36] audit: type=1326 audit(6668.094:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18222 comm="syz.2.1720" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 6669.485503][ T36] audit: type=1326 audit(6668.104:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18222 comm="syz.2.1720" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 6669.825834][ T36] audit: type=1326 audit(6668.484:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18222 comm="syz.2.1720" exe="/syz-executor" sig=0 arch=c00000f3 syscall=51 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 6669.839123][ T36] audit: type=1326 audit(6668.494:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18222 comm="syz.2.1720" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdabc6 code=0x7ffc0000 [ 6675.984361][T16342] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 6675.987913][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 6676.213657][T16342] usb 2-1: device descriptor read/64, error -32 [ 6676.495509][T16342] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 6676.725597][T16342] usb 2-1: Using ep0 maxpacket: 32 [ 6676.865787][T16342] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 6676.869148][T16342] usb 2-1: config 0 has no interface number 0 [ 6677.224426][T16342] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 6677.228108][T16342] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 6677.229986][T16342] usb 2-1: Product: syz [ 6677.254966][T16342] usb 2-1: Manufacturer: syz [ 6677.256870][T16342] usb 2-1: SerialNumber: syz [ 6677.337764][T16342] usb 2-1: config 0 descriptor?? [ 6677.408756][T16342] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 6682.585656][T16342] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 6682.742508][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 6682.904226][T16342] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 6683.107682][T16342] usb 2-1: USB disconnect, device number 88 [ 6683.224611][T16342] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 6683.423294][T16342] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 6683.432095][T16342] quatech2 2-1:0.51: device disconnected [ 6692.999833][T18283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6693.127223][T18283] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6723.858398][T18243] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 6724.355267][T18243] usb 2-1: Using ep0 maxpacket: 16 [ 6724.516898][T18243] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 6724.519726][T18243] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 6724.549739][T18243] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 6724.946589][T18243] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 6724.949242][T18243] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 6724.964373][T18243] usb 2-1: Product: syz [ 6724.967225][T18243] usb 2-1: Manufacturer: syz [ 6724.968955][T18243] usb 2-1: SerialNumber: syz [ 6726.968596][T18243] usb 2-1: 0:2 : does not exist [ 6727.408980][T18243] usb 2-1: USB disconnect, device number 89 [ 6741.885658][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6742.777661][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6743.836999][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6744.635105][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6754.618616][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6754.784983][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6754.898125][ T12] bond0 (unregistering): Released all slaves [ 6755.984293][ T12] hsr_slave_0: left promiscuous mode [ 6756.086071][ T12] hsr_slave_1: left promiscuous mode [ 6756.403338][ T12] veth1_macvtap: left promiscuous mode [ 6756.405446][ T12] veth0_macvtap: left promiscuous mode [ 6756.415879][ T12] veth1_vlan: left promiscuous mode [ 6756.418707][ T12] veth0_vlan: left promiscuous mode [ 6807.467061][T18388] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 6807.568837][T18388] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 6825.139834][T18388] hsr_slave_0: entered promiscuous mode [ 6825.187739][T18388] hsr_slave_1: entered promiscuous mode [ 6825.214885][T18388] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 6825.216715][T18388] Cannot create hsr debugfs directory [ 6837.033831][T18388] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 6837.368616][T18388] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 6837.734945][T18388] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 6838.005559][T18388] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 6838.237638][T18788] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1784'. [ 6838.618102][T18788] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1784'. [ 6853.699851][T18388] 8021q: adding VLAN 0 to HW filter on device bond0 [ 6870.759106][T18841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6870.797680][T18841] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6901.632522][T18388] veth0_vlan: entered promiscuous mode [ 6902.395818][T18388] veth1_vlan: entered promiscuous mode [ 6904.676875][T18388] veth0_macvtap: entered promiscuous mode [ 6906.626943][T18388] veth1_macvtap: entered promiscuous mode [ 6908.396900][T18388] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 6908.399115][T18388] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 6908.400434][T18388] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 6908.412791][T18388] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 6926.194885][T18892] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 6926.443281][T18892] usb 2-1: Using ep0 maxpacket: 8 [ 6926.684615][T18892] usb 2-1: config 0 has an invalid interface number: 29 but max is 0 [ 6926.688784][T18892] usb 2-1: config 0 has no interface number 0 [ 6926.704915][T18892] usb 2-1: config 0 interface 29 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 6926.708067][T18892] usb 2-1: config 0 interface 29 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 6926.723231][T18892] usb 2-1: config 0 interface 29 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 6926.726352][T18892] usb 2-1: config 0 interface 29 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 6926.729272][T18892] usb 2-1: config 0 interface 29 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 6926.742811][T18892] usb 2-1: config 0 interface 29 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 6926.745464][T18892] usb 2-1: config 0 interface 29 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 6926.903960][T18892] usb 2-1: New USB device found, idVendor=03f0, idProduct=0207, bcdDevice= 0.01 [ 6926.905659][T18892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 6926.906900][T18892] usb 2-1: Product: syz [ 6926.907892][T18892] usb 2-1: Manufacturer: syz [ 6926.908885][T18892] usb 2-1: SerialNumber: syz [ 6927.127472][T18892] usb 2-1: config 0 descriptor?? [ 6927.239579][T18916] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 6927.636966][T18892] ums-usbat 2-1:0.29: USB Mass Storage device detected [ 6930.668941][T18892] ums-usbat 2-1:0.29: probe with driver ums-usbat failed with error -5 [ 6930.988007][T18892] usb 2-1: USB disconnect, device number 90 [ 6943.176781][T18955] BUG: Bad page state in process syz.2.1806 pfn:ab652 [ 6943.179593][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002b6529b0 pfn:0xab652 [ 6943.182640][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6943.184880][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6943.186127][T18955] raw: ff6000002b6529b0 0000000000000001 00000000ffffffff 0000000000000000 [ 6943.187334][T18955] page dumped because: page_pool leak [ 6943.188397][T18955] page_owner tracks the page as allocated [ 6943.189327][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942768126800, free_ts 6922500215400 [ 6943.192178][T18955] __set_page_owner+0xa2/0x70c [ 6943.194763][T18955] post_alloc_hook+0xec/0x1e4 [ 6943.196024][T18955] get_page_from_freelist+0xdaa/0x295a [ 6943.197105][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6943.198213][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6943.199303][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6943.200438][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6943.202454][T18955] page_pool_alloc_pages+0x20/0x62 [ 6943.203536][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6943.204774][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.205812][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.206885][T18955] __sys_bpf+0xd14/0x42cc [ 6943.207849][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6943.208816][T18955] syscall_handler+0x94/0x118 [ 6943.209765][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6943.210830][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.212776][T18955] page last free pid 16342 tgid 16342 stack trace: [ 6943.213711][T18955] __reset_page_owner+0x8c/0x400 [ 6943.214879][T18955] free_unref_page+0x592/0xf08 [ 6943.215954][T18955] __free_pages+0x13c/0x1bc [ 6943.216965][T18955] vfree+0x1b6/0xc88 [ 6943.217862][T18955] delayed_vfree_work+0x58/0x7a [ 6943.218963][T18955] process_one_work+0x956/0x1dae [ 6943.220158][T18955] worker_thread+0x5be/0xdc6 [ 6943.221845][T18955] kthread+0x28c/0x3a6 [ 6943.222912][T18955] ret_from_fork+0xe/0x18 [ 6943.224075][T18955] Modules linked in: [ 6943.226712][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Not tainted 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6943.228035][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6943.228890][T18955] Call Trace: [ 6943.229574][T18955] [] dump_backtrace+0x2e/0x3c [ 6943.230594][T18955] [] show_stack+0x34/0x40 [ 6943.231591][T18955] [] dump_stack_lvl+0x122/0x196 [ 6943.232579][T18955] [] dump_stack+0x1c/0x24 [ 6943.233616][T18955] [] bad_page+0x268/0x2da [ 6943.234633][T18955] [] free_unref_page+0x78a/0xf08 [ 6943.235655][T18955] [] page_frag_free+0x21c/0x268 [ 6943.236731][T18955] [] skb_free_head+0x1ce/0x2ec [ 6943.237605][T18955] [] skb_release_data+0x6ec/0x86a [ 6943.238517][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6943.239464][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6943.240513][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6943.241604][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6943.242741][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6943.243807][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6943.244815][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.245749][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.246761][T18955] [] __sys_bpf+0xd14/0x42cc [ 6943.247633][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6943.248528][T18955] [] syscall_handler+0x94/0x118 [ 6943.249469][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6943.250446][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.252764][T18955] Disabling lock debugging due to kernel taint [ 6943.254099][T18955] BUG: Bad page state in process syz.2.1806 pfn:ae2f7 [ 6943.254973][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0xae2f7 [ 6943.256490][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6943.257585][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6943.258679][T18955] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 6943.259639][T18955] page dumped because: page_pool leak [ 6943.260526][T18955] page_owner tracks the page as allocated [ 6943.262162][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942768005500, free_ts 6922668954700 [ 6943.264062][T18955] __set_page_owner+0xa2/0x70c [ 6943.265059][T18955] post_alloc_hook+0xec/0x1e4 [ 6943.266013][T18955] get_page_from_freelist+0xdaa/0x295a [ 6943.267038][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6943.267990][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6943.268960][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6943.269905][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6943.270878][T18955] page_pool_alloc_pages+0x20/0x62 [ 6943.272280][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6943.273354][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.274337][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.275351][T18955] __sys_bpf+0xd14/0x42cc [ 6943.276296][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6943.277206][T18955] syscall_handler+0x94/0x118 [ 6943.278252][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6943.279198][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.280163][T18955] page last free pid 24 tgid 24 stack trace: [ 6943.281587][T18955] __reset_page_owner+0x8c/0x400 [ 6943.283025][T18955] free_unref_page+0x592/0xf08 [ 6943.283978][T18955] __folio_put+0x1ae/0x22e [ 6943.284864][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6943.285864][T18955] tlb_remove_table_rcu+0x86/0xee [ 6943.286824][T18955] rcu_core+0xa24/0x1eac [ 6943.287698][T18955] rcu_core_si+0xc/0x14 [ 6943.288545][T18955] handle_softirqs+0x4a6/0x10de [ 6943.289396][T18955] run_ksoftirqd+0xce/0x144 [ 6943.290255][T18955] smpboot_thread_fn+0x654/0xb98 [ 6943.291708][T18955] kthread+0x28c/0x3a6 [ 6943.292629][T18955] ret_from_fork+0xe/0x18 [ 6943.293598][T18955] Modules linked in: [ 6943.294997][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6943.296173][T18955] Tainted: [B]=BAD_PAGE [ 6943.296713][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6943.297325][T18955] Call Trace: [ 6943.297833][T18955] [] dump_backtrace+0x2e/0x3c [ 6943.298725][T18955] [] show_stack+0x34/0x40 [ 6943.299486][T18955] [] dump_stack_lvl+0x122/0x196 [ 6943.300620][T18955] [] dump_stack+0x1c/0x24 [ 6943.301493][T18955] [] bad_page+0x268/0x2da [ 6943.302393][T18955] [] free_unref_page+0x78a/0xf08 [ 6943.303264][T18955] [] page_frag_free+0x21c/0x268 [ 6943.304159][T18955] [] skb_free_head+0x1ce/0x2ec [ 6943.304908][T18955] [] skb_release_data+0x6ec/0x86a [ 6943.305906][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6943.306734][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6943.307691][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6943.308598][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6943.309631][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6943.310618][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6943.311555][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.312446][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.313340][T18955] [] __sys_bpf+0xd14/0x42cc [ 6943.314175][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6943.315019][T18955] [] syscall_handler+0x94/0x118 [ 6943.315851][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6943.316731][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.318761][T18955] BUG: Bad page state in process syz.2.1806 pfn:ae2f6 [ 6943.319675][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002e2f6600 pfn:0xae2f6 [ 6943.320906][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6943.322406][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6943.323401][T18955] raw: ff6000002e2f6600 0000000000000001 00000000ffffffff 0000000000000000 [ 6943.324305][T18955] page dumped because: page_pool leak [ 6943.325051][T18955] page_owner tracks the page as allocated [ 6943.325950][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767887000, free_ts 6922912620400 [ 6943.327460][T18955] __set_page_owner+0xa2/0x70c [ 6943.328474][T18955] post_alloc_hook+0xec/0x1e4 [ 6943.329400][T18955] get_page_from_freelist+0xdaa/0x295a [ 6943.331791][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6943.332807][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6943.333866][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6943.334887][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6943.335818][T18955] page_pool_alloc_pages+0x20/0x62 [ 6943.336723][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6943.337771][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.338728][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.339662][T18955] __sys_bpf+0xd14/0x42cc [ 6943.340561][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6943.342047][T18955] syscall_handler+0x94/0x118 [ 6943.342997][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6943.343928][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.344921][T18955] page last free pid 18905 tgid 18905 stack trace: [ 6943.345745][T18955] __reset_page_owner+0x8c/0x400 [ 6943.346742][T18955] free_unref_page+0x592/0xf08 [ 6943.347792][T18955] __free_pages+0x13c/0x1bc [ 6943.352203][T18955] free_pages.part.0+0x26a/0x4cc [ 6943.353175][T18955] free_pages+0xe/0x18 [ 6943.354084][T18955] tlb_finish_mmu+0x20c/0x7e6 [ 6943.354967][T18955] exit_mmap+0x36c/0xbea [ 6943.355813][T18955] mmput+0x122/0x3e2 [ 6943.356600][T18955] do_exit+0x902/0x2986 [ 6943.357468][T18955] do_group_exit+0xd4/0x26c [ 6943.358374][T18955] __riscv_sys_exit_group+0x4a/0x54 [ 6943.359275][T18955] syscall_handler+0x94/0x118 [ 6943.360140][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6943.361537][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.362580][T18955] Modules linked in: [ 6943.363501][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6943.364589][T18955] Tainted: [B]=BAD_PAGE [ 6943.365112][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6943.365723][T18955] Call Trace: [ 6943.366241][T18955] [] dump_backtrace+0x2e/0x3c [ 6943.367114][T18955] [] show_stack+0x34/0x40 [ 6943.367878][T18955] [] dump_stack_lvl+0x122/0x196 [ 6943.368709][T18955] [] dump_stack+0x1c/0x24 [ 6943.369526][T18955] [] bad_page+0x268/0x2da [ 6943.370459][T18955] [] free_unref_page+0x78a/0xf08 [ 6943.371722][T18955] [] page_frag_free+0x21c/0x268 [ 6943.372709][T18955] [] skb_free_head+0x1ce/0x2ec [ 6943.373482][T18955] [] skb_release_data+0x6ec/0x86a [ 6943.374317][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6943.375117][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6943.376123][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6943.377089][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6943.378086][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6943.379051][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6943.380124][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.381079][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.382007][T18955] [] __sys_bpf+0xd14/0x42cc [ 6943.382883][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6943.383758][T18955] [] syscall_handler+0x94/0x118 [ 6943.384589][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6943.385457][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.387136][T18955] BUG: Bad page state in process syz.2.1806 pfn:98b0f [ 6943.388037][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x98b0f [ 6943.389060][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6943.390077][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6943.391369][T18955] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 6943.392225][T18955] page dumped because: page_pool leak [ 6943.393026][T18955] page_owner tracks the page as allocated [ 6943.393747][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767768400, free_ts 6922499537000 [ 6943.395309][T18955] __set_page_owner+0xa2/0x70c [ 6943.396286][T18955] post_alloc_hook+0xec/0x1e4 [ 6943.397204][T18955] get_page_from_freelist+0xdaa/0x295a [ 6943.398232][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6943.399282][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6943.400280][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6943.401827][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6943.402892][T18955] page_pool_alloc_pages+0x20/0x62 [ 6943.403787][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6943.404762][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.405697][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.406672][T18955] __sys_bpf+0xd14/0x42cc [ 6943.407536][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6943.408407][T18955] syscall_handler+0x94/0x118 [ 6943.409277][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6943.410234][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.411823][T18955] page last free pid 16342 tgid 16342 stack trace: [ 6943.412747][T18955] __reset_page_owner+0x8c/0x400 [ 6943.413736][T18955] free_unref_page+0x592/0xf08 [ 6943.414773][T18955] __free_pages+0x13c/0x1bc [ 6943.415677][T18955] vfree+0x1b6/0xc88 [ 6943.416467][T18955] delayed_vfree_work+0x58/0x7a [ 6943.417325][T18955] process_one_work+0x956/0x1dae [ 6943.418287][T18955] worker_thread+0x5be/0xdc6 [ 6943.419185][T18955] kthread+0x28c/0x3a6 [ 6943.420035][T18955] ret_from_fork+0xe/0x18 [ 6943.421325][T18955] Modules linked in: [ 6943.422422][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6943.423481][T18955] Tainted: [B]=BAD_PAGE [ 6943.423999][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6943.424623][T18955] Call Trace: [ 6943.425161][T18955] [] dump_backtrace+0x2e/0x3c [ 6943.425993][T18955] [] show_stack+0x34/0x40 [ 6943.426779][T18955] [] dump_stack_lvl+0x122/0x196 [ 6943.427592][T18955] [] dump_stack+0x1c/0x24 [ 6943.428388][T18955] [] bad_page+0x268/0x2da [ 6943.429170][T18955] [] free_unref_page+0x78a/0xf08 [ 6943.430016][T18955] [] page_frag_free+0x21c/0x268 [ 6943.430944][T18955] [] skb_free_head+0x1ce/0x2ec [ 6943.431794][T18955] [] skb_release_data+0x6ec/0x86a [ 6943.432651][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6943.433488][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6943.434534][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6943.435533][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6943.436568][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6943.437721][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6943.438858][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.439932][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.441020][T18955] [] __sys_bpf+0xd14/0x42cc [ 6943.442128][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6943.443225][T18955] [] syscall_handler+0x94/0x118 [ 6943.444177][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6943.445184][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.447144][T18955] BUG: Bad page state in process syz.2.1806 pfn:98b0e [ 6943.448218][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x98b0e [ 6943.449488][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6943.450725][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6943.452460][T18955] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 6943.453575][T18955] page dumped because: page_pool leak [ 6943.454520][T18955] page_owner tracks the page as allocated [ 6943.455425][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767649200, free_ts 6922935139100 [ 6943.457321][T18955] __set_page_owner+0xa2/0x70c [ 6943.458540][T18955] post_alloc_hook+0xec/0x1e4 [ 6943.459599][T18955] get_page_from_freelist+0xdaa/0x295a [ 6943.460696][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6943.462483][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6943.463626][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6943.464773][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6943.465814][T18955] page_pool_alloc_pages+0x20/0x62 [ 6943.466906][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6943.468076][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.469170][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.470319][T18955] __sys_bpf+0xd14/0x42cc [ 6943.472160][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6943.473298][T18955] syscall_handler+0x94/0x118 [ 6943.474350][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6943.475408][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.476559][T18955] page last free pid 18907 tgid 18901 stack trace: [ 6943.477531][T18955] __reset_page_owner+0x8c/0x400 [ 6943.478768][T18955] free_unref_page+0x592/0xf08 [ 6943.479861][T18955] __folio_put+0x1ae/0x22e [ 6943.480863][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6943.482774][T18955] tlb_remove_table_rcu+0x86/0xee [ 6943.483863][T18955] rcu_core+0xa24/0x1eac [ 6943.484719][T18955] rcu_core_si+0xc/0x14 [ 6943.485793][T18955] handle_softirqs+0x4a6/0x10de [ 6943.486739][T18955] __irq_exit_rcu+0x188/0x372 [ 6943.487658][T18955] irq_exit_rcu+0x10/0xf8 [ 6943.488619][T18955] handle_riscv_irq+0x40/0x4c [ 6943.489673][T18955] call_on_irq_stack+0x32/0x40 [ 6943.490784][T18955] Modules linked in: [ 6943.492436][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6943.493802][T18955] Tainted: [B]=BAD_PAGE [ 6943.494522][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6943.495177][T18955] Call Trace: [ 6943.495761][T18955] [] dump_backtrace+0x2e/0x3c [ 6943.496750][T18955] [] show_stack+0x34/0x40 [ 6943.497607][T18955] [] dump_stack_lvl+0x122/0x196 [ 6943.498670][T18955] [] dump_stack+0x1c/0x24 [ 6943.499636][T18955] [] bad_page+0x268/0x2da [ 6943.500564][T18955] [] free_unref_page+0x78a/0xf08 [ 6943.501676][T18955] [] page_frag_free+0x21c/0x268 [ 6943.502913][T18955] [] skb_free_head+0x1ce/0x2ec [ 6943.503862][T18955] [] skb_release_data+0x6ec/0x86a [ 6943.504815][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6943.505837][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6943.507086][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6943.508209][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6943.509345][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6943.510528][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6943.511741][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.512868][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.513968][T18955] [] __sys_bpf+0xd14/0x42cc [ 6943.515107][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6943.516128][T18955] [] syscall_handler+0x94/0x118 [ 6943.517227][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6943.518366][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.520294][T18955] BUG: Bad page state in process syz.2.1806 pfn:9aa97 [ 6943.522192][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9aa97 [ 6943.523304][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6943.524312][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6943.525279][T18955] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 6943.526391][T18955] page dumped because: page_pool leak [ 6943.527140][T18955] page_owner tracks the page as allocated [ 6943.527860][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767531800, free_ts 6922937997000 [ 6943.529330][T18955] __set_page_owner+0xa2/0x70c [ 6943.530378][T18955] post_alloc_hook+0xec/0x1e4 [ 6943.531984][T18955] get_page_from_freelist+0xdaa/0x295a [ 6943.533083][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6943.534134][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6943.535147][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6943.536139][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6943.537061][T18955] page_pool_alloc_pages+0x20/0x62 [ 6943.537959][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6943.539016][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.539949][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.541552][T18955] __sys_bpf+0xd14/0x42cc [ 6943.542614][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6943.543526][T18955] syscall_handler+0x94/0x118 [ 6943.544574][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6943.545510][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.546527][T18955] page last free pid 18907 tgid 18901 stack trace: [ 6943.547354][T18955] __reset_page_owner+0x8c/0x400 [ 6943.548284][T18955] free_unref_page+0x592/0xf08 [ 6943.549204][T18955] __folio_put+0x1ae/0x22e [ 6943.550108][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6943.551834][T18955] tlb_remove_table_rcu+0x86/0xee [ 6943.552820][T18955] rcu_core+0xa24/0x1eac [ 6943.553695][T18955] rcu_core_si+0xc/0x14 [ 6943.554605][T18955] handle_softirqs+0x4a6/0x10de [ 6943.555453][T18955] __irq_exit_rcu+0x188/0x372 [ 6943.556318][T18955] irq_exit_rcu+0x10/0xf8 [ 6943.557129][T18955] handle_riscv_irq+0x40/0x4c [ 6943.558084][T18955] call_on_irq_stack+0x32/0x40 [ 6943.559039][T18955] Modules linked in: [ 6943.559957][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6943.561117][T18955] Tainted: [B]=BAD_PAGE [ 6943.561777][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6943.562514][T18955] Call Trace: [ 6943.563028][T18955] [] dump_backtrace+0x2e/0x3c [ 6943.563939][T18955] [] show_stack+0x34/0x40 [ 6943.564709][T18955] [] dump_stack_lvl+0x122/0x196 [ 6943.565596][T18955] [] dump_stack+0x1c/0x24 [ 6943.566539][T18955] [] bad_page+0x268/0x2da [ 6943.567378][T18955] [] free_unref_page+0x78a/0xf08 [ 6943.568257][T18955] [] page_frag_free+0x21c/0x268 [ 6943.569155][T18955] [] skb_free_head+0x1ce/0x2ec [ 6943.569938][T18955] [] skb_release_data+0x6ec/0x86a [ 6943.570824][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6943.571709][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6943.572726][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6943.573682][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6943.574751][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6943.575692][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6943.576625][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.577507][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.578469][T18955] [] __sys_bpf+0xd14/0x42cc [ 6943.579287][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6943.580125][T18955] [] syscall_handler+0x94/0x118 [ 6943.580963][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6943.581998][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.583824][T18955] BUG: Bad page state in process syz.2.1806 pfn:9aa96 [ 6943.584749][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9aa96 [ 6943.586093][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6943.587213][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6943.588203][T18955] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 6943.589112][T18955] page dumped because: page_pool leak [ 6943.589888][T18955] page_owner tracks the page as allocated [ 6943.590716][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767412800, free_ts 6922933818500 [ 6943.592856][T18955] __set_page_owner+0xa2/0x70c [ 6943.593877][T18955] post_alloc_hook+0xec/0x1e4 [ 6943.594873][T18955] get_page_from_freelist+0xdaa/0x295a [ 6943.595842][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6943.596816][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6943.597789][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6943.598789][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6943.599714][T18955] page_pool_alloc_pages+0x20/0x62 [ 6943.600630][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6943.602342][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.603362][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.604321][T18955] __sys_bpf+0xd14/0x42cc [ 6943.605258][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6943.606234][T18955] syscall_handler+0x94/0x118 [ 6943.607164][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6943.608091][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.609087][T18955] page last free pid 18907 tgid 18901 stack trace: [ 6943.609917][T18955] __reset_page_owner+0x8c/0x400 [ 6943.611439][T18955] free_unref_page+0x592/0xf08 [ 6943.612543][T18955] __folio_put+0x1ae/0x22e [ 6943.613427][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6943.614491][T18955] tlb_remove_table_rcu+0x86/0xee [ 6943.615410][T18955] rcu_core+0xa24/0x1eac [ 6943.616255][T18955] rcu_core_si+0xc/0x14 [ 6943.617106][T18955] handle_softirqs+0x4a6/0x10de [ 6943.617955][T18955] __irq_exit_rcu+0x188/0x372 [ 6943.618853][T18955] irq_exit_rcu+0x10/0xf8 [ 6943.619671][T18955] handle_riscv_irq+0x40/0x4c [ 6943.620589][T18955] call_on_irq_stack+0x32/0x40 [ 6943.622192][T18955] Modules linked in: [ 6943.623287][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6943.624362][T18955] Tainted: [B]=BAD_PAGE [ 6943.624882][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6943.625474][T18955] Call Trace: [ 6943.625964][T18955] [] dump_backtrace+0x2e/0x3c [ 6943.626834][T18955] [] show_stack+0x34/0x40 [ 6943.627594][T18955] [] dump_stack_lvl+0x122/0x196 [ 6943.628442][T18955] [] dump_stack+0x1c/0x24 [ 6943.629253][T18955] [] bad_page+0x268/0x2da [ 6943.630110][T18955] [] free_unref_page+0x78a/0xf08 [ 6943.631043][T18955] [] page_frag_free+0x21c/0x268 [ 6943.632068][T18955] [] skb_free_head+0x1ce/0x2ec [ 6943.632898][T18955] [] skb_release_data+0x6ec/0x86a [ 6943.633693][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6943.634630][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6943.635702][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6943.636663][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6943.637610][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6943.638589][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6943.639538][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.640421][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.641660][T18955] [] __sys_bpf+0xd14/0x42cc [ 6943.642659][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6943.643551][T18955] [] syscall_handler+0x94/0x118 [ 6943.644410][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6943.645291][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.646985][T18955] BUG: Bad page state in process syz.2.1806 pfn:af1f5 [ 6943.647870][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xaf1f5 [ 6943.648852][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6943.649846][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6943.650908][T18955] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 6943.652271][T18955] page dumped because: page_pool leak [ 6943.653083][T18955] page_owner tracks the page as allocated [ 6943.653828][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767292300, free_ts 6922669162900 [ 6943.655353][T18955] __set_page_owner+0xa2/0x70c [ 6943.656495][T18955] post_alloc_hook+0xec/0x1e4 [ 6943.657997][T18955] get_page_from_freelist+0xdaa/0x295a [ 6943.659230][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6943.660316][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6943.662793][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6943.663983][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6943.665077][T18955] page_pool_alloc_pages+0x20/0x62 [ 6943.666210][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6943.667376][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.668460][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.669609][T18955] __sys_bpf+0xd14/0x42cc [ 6943.670672][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6943.672363][T18955] syscall_handler+0x94/0x118 [ 6943.673379][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6943.674523][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.675702][T18955] page last free pid 24 tgid 24 stack trace: [ 6943.676821][T18955] __reset_page_owner+0x8c/0x400 [ 6943.677997][T18955] free_unref_page+0x592/0xf08 [ 6943.679195][T18955] __folio_put+0x1ae/0x22e [ 6943.680222][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6943.682507][T18955] tlb_remove_table_rcu+0x86/0xee [ 6943.683676][T18955] rcu_core+0xa24/0x1eac [ 6943.684710][T18955] rcu_core_si+0xc/0x14 [ 6943.685689][T18955] handle_softirqs+0x4a6/0x10de [ 6943.686830][T18955] run_ksoftirqd+0xce/0x144 [ 6943.687864][T18955] smpboot_thread_fn+0x654/0xb98 [ 6943.689054][T18955] kthread+0x28c/0x3a6 [ 6943.690171][T18955] ret_from_fork+0xe/0x18 [ 6943.691948][T18955] Modules linked in: [ 6943.693069][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6943.694642][T18955] Tainted: [B]=BAD_PAGE [ 6943.695302][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6943.696059][T18955] Call Trace: [ 6943.696694][T18955] [] dump_backtrace+0x2e/0x3c [ 6943.697840][T18955] [] show_stack+0x34/0x40 [ 6943.698822][T18955] [] dump_stack_lvl+0x122/0x196 [ 6943.699860][T18955] [] dump_stack+0x1c/0x24 [ 6943.700883][T18955] [] bad_page+0x268/0x2da [ 6943.702134][T18955] [] free_unref_page+0x78a/0xf08 [ 6943.703417][T18955] [] page_frag_free+0x21c/0x268 [ 6943.704576][T18955] [] skb_free_head+0x1ce/0x2ec [ 6943.705677][T18955] [] skb_release_data+0x6ec/0x86a [ 6943.706735][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6943.707784][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6943.708999][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6943.710154][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6943.711754][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6943.712893][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6943.714198][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.715317][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.716436][T18955] [] __sys_bpf+0xd14/0x42cc [ 6943.717462][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6943.718530][T18955] [] syscall_handler+0x94/0x118 [ 6943.719511][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6943.720572][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.722710][T18955] BUG: Bad page state in process syz.2.1806 pfn:af1f4 [ 6943.723785][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002f1f4f50 pfn:0xaf1f4 [ 6943.725001][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6943.726244][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6943.727456][T18955] raw: ff6000002f1f4f50 0000000000000001 00000000ffffffff 0000000000000000 [ 6943.728548][T18955] page dumped because: page_pool leak [ 6943.729433][T18955] page_owner tracks the page as allocated [ 6943.730357][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767168100, free_ts 6922942911100 [ 6943.734501][T18955] __set_page_owner+0xa2/0x70c [ 6943.735671][T18955] post_alloc_hook+0xec/0x1e4 [ 6943.736770][T18955] get_page_from_freelist+0xdaa/0x295a [ 6943.737929][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6943.739082][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6943.740178][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6943.742182][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6943.743219][T18955] page_pool_alloc_pages+0x20/0x62 [ 6943.744320][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6943.745451][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.746630][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.747860][T18955] __sys_bpf+0xd14/0x42cc [ 6943.748922][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6943.750089][T18955] syscall_handler+0x94/0x118 [ 6943.751721][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6943.752870][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.754161][T18955] page last free pid 18907 tgid 18901 stack trace: [ 6943.755194][T18955] __reset_page_owner+0x8c/0x400 [ 6943.756451][T18955] free_unref_page+0x592/0xf08 [ 6943.757625][T18955] __folio_put+0x1ae/0x22e [ 6943.758792][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6943.759975][T18955] tlb_remove_table_rcu+0x86/0xee [ 6943.761628][T18955] rcu_core+0xa24/0x1eac [ 6943.762763][T18955] rcu_core_si+0xc/0x14 [ 6943.763717][T18955] handle_softirqs+0x4a6/0x10de [ 6943.764640][T18955] __irq_exit_rcu+0x188/0x372 [ 6943.765660][T18955] irq_exit_rcu+0x10/0xf8 [ 6943.766665][T18955] handle_riscv_irq+0x40/0x4c [ 6943.767768][T18955] call_on_irq_stack+0x32/0x40 [ 6943.768986][T18955] Modules linked in: [ 6943.770182][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6943.771865][T18955] Tainted: [B]=BAD_PAGE [ 6943.772516][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6943.773290][T18955] Call Trace: [ 6943.773884][T18955] [] dump_backtrace+0x2e/0x3c [ 6943.774979][T18955] [] show_stack+0x34/0x40 [ 6943.775882][T18955] [] dump_stack_lvl+0x122/0x196 [ 6943.776898][T18955] [] dump_stack+0x1c/0x24 [ 6943.777751][T18955] [] bad_page+0x268/0x2da [ 6943.778704][T18955] [] free_unref_page+0x78a/0xf08 [ 6943.779579][T18955] [] page_frag_free+0x21c/0x268 [ 6943.780464][T18955] [] skb_free_head+0x1ce/0x2ec [ 6943.781582][T18955] [] skb_release_data+0x6ec/0x86a [ 6943.782581][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6943.783546][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6943.784756][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6943.785746][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6943.786833][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6943.787851][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6943.789020][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.790172][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.791736][T18955] [] __sys_bpf+0xd14/0x42cc [ 6943.792633][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6943.793654][T18955] [] syscall_handler+0x94/0x118 [ 6943.794783][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6943.795825][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.797767][T18955] BUG: Bad page state in process syz.2.1806 pfn:aea9d [ 6943.798885][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0xaea9d [ 6943.800062][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6943.801622][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6943.802893][T18955] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 6943.803974][T18955] page dumped because: page_pool leak [ 6943.804764][T18955] page_owner tracks the page as allocated [ 6943.805630][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767048800, free_ts 6922912807500 [ 6943.807637][T18955] __set_page_owner+0xa2/0x70c [ 6943.808805][T18955] post_alloc_hook+0xec/0x1e4 [ 6943.809824][T18955] get_page_from_freelist+0xdaa/0x295a [ 6943.811486][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6943.812607][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6943.813731][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6943.814872][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6943.815889][T18955] page_pool_alloc_pages+0x20/0x62 [ 6943.816947][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6943.818179][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.819278][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.820342][T18955] __sys_bpf+0xd14/0x42cc [ 6943.822132][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6943.823149][T18955] syscall_handler+0x94/0x118 [ 6943.824156][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6943.825226][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.826436][T18955] page last free pid 18905 tgid 18905 stack trace: [ 6943.827461][T18955] __reset_page_owner+0x8c/0x400 [ 6943.828656][T18955] free_unref_page+0x592/0xf08 [ 6943.829789][T18955] __free_pages+0x13c/0x1bc [ 6943.831485][T18955] free_pages.part.0+0x26a/0x4cc [ 6943.832667][T18955] free_pages+0xe/0x18 [ 6943.833732][T18955] tlb_finish_mmu+0x20c/0x7e6 [ 6943.834864][T18955] exit_mmap+0x36c/0xbea [ 6943.835885][T18955] mmput+0x122/0x3e2 [ 6943.836895][T18955] do_exit+0x902/0x2986 [ 6943.837987][T18955] do_group_exit+0xd4/0x26c [ 6943.839156][T18955] __riscv_sys_exit_group+0x4a/0x54 [ 6943.840324][T18955] syscall_handler+0x94/0x118 [ 6943.842448][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6943.843635][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.844887][T18955] Modules linked in: [ 6943.845968][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6943.847448][T18955] Tainted: [B]=BAD_PAGE [ 6943.848125][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6943.848934][T18955] Call Trace: [ 6943.849583][T18955] [] dump_backtrace+0x2e/0x3c [ 6943.850689][T18955] [] show_stack+0x34/0x40 [ 6943.851739][T18955] [] dump_stack_lvl+0x122/0x196 [ 6943.852889][T18955] [] dump_stack+0x1c/0x24 [ 6943.853963][T18955] [] bad_page+0x268/0x2da [ 6943.855072][T18955] [] free_unref_page+0x78a/0xf08 [ 6943.856296][T18955] [] page_frag_free+0x21c/0x268 [ 6943.857561][T18955] [] skb_free_head+0x1ce/0x2ec [ 6943.858723][T18955] [] skb_release_data+0x6ec/0x86a [ 6943.859849][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6943.861031][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6943.862439][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6943.863693][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6943.864946][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6943.865930][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6943.867188][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.868462][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.869713][T18955] [] __sys_bpf+0xd14/0x42cc [ 6943.871258][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6943.872385][T18955] [] syscall_handler+0x94/0x118 [ 6943.873597][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6943.874818][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.876945][T18955] BUG: Bad page state in process syz.2.1806 pfn:aea9c [ 6943.878121][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002ea9de00 pfn:0xaea9c [ 6943.879419][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6943.880639][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6943.882380][T18955] raw: ff6000002ea9de00 0000000000000001 00000000ffffffff 0000000000000000 [ 6943.883514][T18955] page dumped because: page_pool leak [ 6943.884421][T18955] page_owner tracks the page as allocated [ 6943.885320][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766928100, free_ts 6923527240100 [ 6943.887176][T18955] __set_page_owner+0xa2/0x70c [ 6943.888325][T18955] post_alloc_hook+0xec/0x1e4 [ 6943.889401][T18955] get_page_from_freelist+0xdaa/0x295a [ 6943.890583][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6943.892181][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6943.893332][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6943.894530][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6943.895624][T18955] page_pool_alloc_pages+0x20/0x62 [ 6943.896737][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6943.897992][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.899149][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.900325][T18955] __sys_bpf+0xd14/0x42cc [ 6943.902330][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6943.903415][T18955] syscall_handler+0x94/0x118 [ 6943.904474][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6943.905516][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.906747][T18955] page last free pid 18907 tgid 18901 stack trace: [ 6943.907781][T18955] __reset_page_owner+0x8c/0x400 [ 6943.908936][T18955] free_unref_page+0x592/0xf08 [ 6943.910068][T18955] __free_pages+0x13c/0x1bc [ 6943.911628][T18955] free_pages.part.0+0x26a/0x4cc [ 6943.912732][T18955] free_pages+0xe/0x18 [ 6943.913778][T18955] tlb_finish_mmu+0x20c/0x7e6 [ 6943.914895][T18955] exit_mmap+0x36c/0xbea [ 6943.915893][T18955] mmput+0x122/0x3e2 [ 6943.916912][T18955] do_exit+0x902/0x2986 [ 6943.917969][T18955] do_group_exit+0xd4/0x26c [ 6943.919102][T18955] get_signal+0x1e98/0x23b0 [ 6943.920336][T18955] arch_do_signal_or_restart+0x8d6/0x1190 [ 6943.922506][T18955] syscall_exit_to_user_mode+0x2a6/0x31e [ 6943.923685][T18955] do_trap_ecall_u+0x86/0x216 [ 6943.924760][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.925944][T18955] Modules linked in: [ 6943.927116][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6943.928499][T18955] Tainted: [B]=BAD_PAGE [ 6943.929173][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6943.929957][T18955] Call Trace: [ 6943.930607][T18955] [] dump_backtrace+0x2e/0x3c [ 6943.931749][T18955] [] show_stack+0x34/0x40 [ 6943.932738][T18955] [] dump_stack_lvl+0x122/0x196 [ 6943.933872][T18955] [] dump_stack+0x1c/0x24 [ 6943.934971][T18955] [] bad_page+0x268/0x2da [ 6943.936097][T18955] [] free_unref_page+0x78a/0xf08 [ 6943.937222][T18955] [] page_frag_free+0x21c/0x268 [ 6943.938362][T18955] [] skb_free_head+0x1ce/0x2ec [ 6943.939396][T18955] [] skb_release_data+0x6ec/0x86a [ 6943.940481][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6943.942580][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6943.943921][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6943.945189][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6943.946516][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6943.947773][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6943.949097][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.950300][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.951897][T18955] [] __sys_bpf+0xd14/0x42cc [ 6943.953015][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6943.954185][T18955] [] syscall_handler+0x94/0x118 [ 6943.956042][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6943.957168][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.959119][T18955] BUG: Bad page state in process syz.2.1806 pfn:9daad [ 6943.960226][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x9daad [ 6943.962711][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6943.963965][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6943.965216][T18955] raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000 [ 6943.966333][T18955] page dumped because: page_pool leak [ 6943.967211][T18955] page_owner tracks the page as allocated [ 6943.968321][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766810000, free_ts 6922912977000 [ 6943.970218][T18955] __set_page_owner+0xa2/0x70c [ 6943.972480][T18955] post_alloc_hook+0xec/0x1e4 [ 6943.973660][T18955] get_page_from_freelist+0xdaa/0x295a [ 6943.974886][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6943.976008][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6943.977135][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6943.978324][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6943.979410][T18955] page_pool_alloc_pages+0x20/0x62 [ 6943.980514][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6943.982302][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6943.983416][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6943.984578][T18955] __sys_bpf+0xd14/0x42cc [ 6943.985644][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6943.986778][T18955] syscall_handler+0x94/0x118 [ 6943.987857][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6943.988971][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6943.990235][T18955] page last free pid 18905 tgid 18905 stack trace: [ 6943.991929][T18955] __reset_page_owner+0x8c/0x400 [ 6943.993118][T18955] free_unref_page+0x592/0xf08 [ 6943.994272][T18955] __free_pages+0x13c/0x1bc [ 6943.995360][T18955] free_pages.part.0+0x26a/0x4cc [ 6943.996528][T18955] free_pages+0xe/0x18 [ 6943.997656][T18955] tlb_finish_mmu+0x20c/0x7e6 [ 6943.998851][T18955] exit_mmap+0x36c/0xbea [ 6943.999886][T18955] mmput+0x122/0x3e2 [ 6944.000813][T18955] do_exit+0x902/0x2986 [ 6944.002434][T18955] do_group_exit+0xd4/0x26c [ 6944.003508][T18955] __riscv_sys_exit_group+0x4a/0x54 [ 6944.004631][T18955] syscall_handler+0x94/0x118 [ 6944.006322][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6944.007515][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.008753][T18955] Modules linked in: [ 6944.009818][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6944.011810][T18955] Tainted: [B]=BAD_PAGE [ 6944.012529][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6944.013386][T18955] Call Trace: [ 6944.013989][T18955] [] dump_backtrace+0x2e/0x3c [ 6944.015216][T18955] [] show_stack+0x34/0x40 [ 6944.016225][T18955] [] dump_stack_lvl+0x122/0x196 [ 6944.017259][T18955] [] dump_stack+0x1c/0x24 [ 6944.019093][T18955] [] bad_page+0x268/0x2da [ 6944.020296][T18955] [] free_unref_page+0x78a/0xf08 [ 6944.022233][T18955] [] page_frag_free+0x21c/0x268 [ 6944.023340][T18955] [] skb_free_head+0x1ce/0x2ec [ 6944.024347][T18955] [] skb_release_data+0x6ec/0x86a [ 6944.025468][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6944.026593][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6944.027990][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6944.029273][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6944.030648][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6944.031891][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6944.033342][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.035507][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.036862][T18955] [] __sys_bpf+0xd14/0x42cc [ 6944.038008][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6944.039449][T18955] [] syscall_handler+0x94/0x118 [ 6944.040522][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6944.042584][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.044607][T18955] BUG: Bad page state in process syz.2.1806 pfn:9daac [ 6944.045711][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001daacdc0 pfn:0x9daac [ 6944.047095][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6944.048382][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6944.049579][T18955] raw: ff6000001daacdc0 0000000000000001 00000000ffffffff 0000000000000000 [ 6944.050806][T18955] page dumped because: page_pool leak [ 6944.052305][T18955] page_owner tracks the page as allocated [ 6944.053204][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766691000, free_ts 6923527489100 [ 6944.055128][T18955] __set_page_owner+0xa2/0x70c [ 6944.056307][T18955] post_alloc_hook+0xec/0x1e4 [ 6944.057429][T18955] get_page_from_freelist+0xdaa/0x295a [ 6944.058680][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6944.059802][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6944.061435][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6944.062694][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6944.063832][T18955] page_pool_alloc_pages+0x20/0x62 [ 6944.064958][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6944.066256][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.067493][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.068632][T18955] __sys_bpf+0xd14/0x42cc [ 6944.069689][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6944.070805][T18955] syscall_handler+0x94/0x118 [ 6944.072362][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6944.073491][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.074725][T18955] page last free pid 18907 tgid 18901 stack trace: [ 6944.075805][T18955] __reset_page_owner+0x8c/0x400 [ 6944.076945][T18955] free_unref_page+0x592/0xf08 [ 6944.078139][T18955] __free_pages+0x13c/0x1bc [ 6944.079232][T18955] free_pages.part.0+0x26a/0x4cc [ 6944.080354][T18955] free_pages+0xe/0x18 [ 6944.082441][T18955] tlb_finish_mmu+0x20c/0x7e6 [ 6944.083532][T18955] exit_mmap+0x36c/0xbea [ 6944.084557][T18955] mmput+0x122/0x3e2 [ 6944.085511][T18955] do_exit+0x902/0x2986 [ 6944.086658][T18955] do_group_exit+0xd4/0x26c [ 6944.087949][T18955] get_signal+0x1e98/0x23b0 [ 6944.089063][T18955] arch_do_signal_or_restart+0x8d6/0x1190 [ 6944.090210][T18955] syscall_exit_to_user_mode+0x2a6/0x31e [ 6944.092260][T18955] do_trap_ecall_u+0x86/0x216 [ 6944.093471][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.094721][T18955] Modules linked in: [ 6944.095791][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6944.098002][T18955] Tainted: [B]=BAD_PAGE [ 6944.098759][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6944.099551][T18955] Call Trace: [ 6944.100241][T18955] [] dump_backtrace+0x2e/0x3c [ 6944.101873][T18955] [] show_stack+0x34/0x40 [ 6944.102960][T18955] [] dump_stack_lvl+0x122/0x196 [ 6944.104091][T18955] [] dump_stack+0x1c/0x24 [ 6944.105241][T18955] [] bad_page+0x268/0x2da [ 6944.106413][T18955] [] free_unref_page+0x78a/0xf08 [ 6944.107755][T18955] [] page_frag_free+0x21c/0x268 [ 6944.108965][T18955] [] skb_free_head+0x1ce/0x2ec [ 6944.110114][T18955] [] skb_release_data+0x6ec/0x86a [ 6944.111110][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6944.112114][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6944.113349][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6944.114615][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6944.115835][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6944.116995][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6944.118074][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.119049][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.119985][T18955] [] __sys_bpf+0xd14/0x42cc [ 6944.120848][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6944.121773][T18955] [] syscall_handler+0x94/0x118 [ 6944.122724][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6944.123975][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.125854][T18955] BUG: Bad page state in process syz.2.1806 pfn:adfff [ 6944.126915][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002dfffc80 pfn:0xadfff [ 6944.128296][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6944.129543][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6944.131602][T18955] raw: ff6000002dfffc80 0000000000000001 00000000ffffffff 0000000000000000 [ 6944.132536][T18955] page dumped because: page_pool leak [ 6944.133320][T18955] page_owner tracks the page as allocated [ 6944.134140][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766573000, free_ts 6922196654300 [ 6944.135640][T18955] __set_page_owner+0xa2/0x70c [ 6944.136632][T18955] post_alloc_hook+0xec/0x1e4 [ 6944.137650][T18955] get_page_from_freelist+0xdaa/0x295a [ 6944.138726][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6944.139689][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6944.140713][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6944.142287][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6944.143218][T18955] page_pool_alloc_pages+0x20/0x62 [ 6944.144106][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6944.145061][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.146057][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.147063][T18955] __sys_bpf+0xd14/0x42cc [ 6944.147974][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6944.148859][T18955] syscall_handler+0x94/0x118 [ 6944.149985][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6944.151734][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.152763][T18955] page last free pid 18908 tgid 18908 stack trace: [ 6944.153721][T18955] __reset_page_owner+0x8c/0x400 [ 6944.154815][T18955] free_unref_page+0x592/0xf08 [ 6944.155904][T18955] __free_pages+0x13c/0x1bc [ 6944.157014][T18955] __free_slab+0xc8/0x16e [ 6944.158196][T18955] free_slab+0x38/0x1ae [ 6944.159051][T18955] discard_slab+0x42/0x5a [ 6944.159912][T18955] __slab_free+0x346/0x3f6 [ 6944.161449][T18955] ___cache_free+0x1a6/0x1e0 [ 6944.162483][T18955] qlist_free_all+0x76/0x16c [ 6944.163383][T18955] kasan_quarantine_reduce+0x158/0x1ba [ 6944.164320][T18955] __kasan_slab_alloc+0x5c/0x82 [ 6944.165242][T18955] __kmalloc_noprof+0x24a/0x4e4 [ 6944.166185][T18955] tomoyo_realpath_from_path+0xb8/0x64a [ 6944.167204][T18955] tomoyo_path_perm+0x28e/0x45e [ 6944.168141][T18955] tomoyo_inode_getattr+0x1e/0x28 [ 6944.168998][T18955] security_inode_getattr+0x12a/0x2fe [ 6944.170142][T18955] Modules linked in: [ 6944.171832][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6944.172871][T18955] Tainted: [B]=BAD_PAGE [ 6944.173386][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6944.173947][T18955] Call Trace: [ 6944.174490][T18955] [] dump_backtrace+0x2e/0x3c [ 6944.175353][T18955] [] show_stack+0x34/0x40 [ 6944.176078][T18955] [] dump_stack_lvl+0x122/0x196 [ 6944.176990][T18955] [] dump_stack+0x1c/0x24 [ 6944.177851][T18955] [] bad_page+0x268/0x2da [ 6944.178748][T18955] [] free_unref_page+0x78a/0xf08 [ 6944.179618][T18955] [] page_frag_free+0x21c/0x268 [ 6944.180482][T18955] [] skb_free_head+0x1ce/0x2ec [ 6944.181613][T18955] [] skb_release_data+0x6ec/0x86a [ 6944.182560][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6944.183382][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6944.184349][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6944.185412][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6944.187093][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6944.188600][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6944.190352][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.191958][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.193541][T18955] [] __sys_bpf+0xd14/0x42cc [ 6944.195414][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6944.196494][T18955] [] syscall_handler+0x94/0x118 [ 6944.197565][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6944.199069][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.201229][T18955] BUG: Bad page state in process syz.2.1806 pfn:adffe [ 6944.202380][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002dfffc00 pfn:0xadffe [ 6944.203642][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6944.204858][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6944.206113][T18955] raw: ff6000002dfffc00 0000000000000001 00000000ffffffff 0000000000000000 [ 6944.207069][T18955] page dumped because: page_pool leak [ 6944.207973][T18955] page_owner tracks the page as allocated [ 6944.208710][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766452800, free_ts 6923544377300 [ 6944.210189][T18955] __set_page_owner+0xa2/0x70c [ 6944.211898][T18955] post_alloc_hook+0xec/0x1e4 [ 6944.212906][T18955] get_page_from_freelist+0xdaa/0x295a [ 6944.213893][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6944.214953][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6944.215916][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6944.216858][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6944.217773][T18955] page_pool_alloc_pages+0x20/0x62 [ 6944.218751][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6944.219754][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.220788][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.222453][T18955] __sys_bpf+0xd14/0x42cc [ 6944.223392][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6944.224378][T18955] syscall_handler+0x94/0x118 [ 6944.225314][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6944.226429][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.227457][T18955] page last free pid 18388 tgid 18388 stack trace: [ 6944.228280][T18955] __reset_page_owner+0x8c/0x400 [ 6944.229589][T18955] free_unref_page+0x592/0xf08 [ 6944.232155][T18955] __folio_put+0x1ae/0x22e [ 6944.233785][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6944.235550][T18955] tlb_remove_table_rcu+0x86/0xee [ 6944.237009][T18955] rcu_core+0xa24/0x1eac [ 6944.237918][T18955] rcu_core_si+0xc/0x14 [ 6944.238873][T18955] handle_softirqs+0x4a6/0x10de [ 6944.239737][T18955] __irq_exit_rcu+0x188/0x372 [ 6944.240589][T18955] irq_exit_rcu+0x10/0xf8 [ 6944.242127][T18955] handle_riscv_irq+0x40/0x4c [ 6944.243117][T18955] call_on_irq_stack+0x32/0x40 [ 6944.244070][T18955] Modules linked in: [ 6944.244980][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6944.246118][T18955] Tainted: [B]=BAD_PAGE [ 6944.246663][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6944.247279][T18955] Call Trace: [ 6944.247806][T18955] [] dump_backtrace+0x2e/0x3c [ 6944.249096][T18955] [] show_stack+0x34/0x40 [ 6944.250353][T18955] [] dump_stack_lvl+0x122/0x196 [ 6944.251957][T18955] [] dump_stack+0x1c/0x24 [ 6944.253364][T18955] [] bad_page+0x268/0x2da [ 6944.254367][T18955] [] free_unref_page+0x78a/0xf08 [ 6944.255543][T18955] [] page_frag_free+0x21c/0x268 [ 6944.256666][T18955] [] skb_free_head+0x1ce/0x2ec [ 6944.257698][T18955] [] skb_release_data+0x6ec/0x86a [ 6944.258554][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6944.259362][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6944.260416][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6944.261771][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6944.262915][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6944.263857][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6944.264826][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.265717][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.266751][T18955] [] __sys_bpf+0xd14/0x42cc [ 6944.268128][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6944.269713][T18955] [] syscall_handler+0x94/0x118 [ 6944.271719][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6944.273252][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.275497][T18955] BUG: Bad page state in process syz.2.1806 pfn:ace27 [ 6944.276450][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xace27 [ 6944.277535][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6944.278638][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6944.279661][T18955] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 6944.280587][T18955] page dumped because: page_pool leak [ 6944.282157][T18955] page_owner tracks the page as allocated [ 6944.282966][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766332200, free_ts 6922499651500 [ 6944.284510][T18955] __set_page_owner+0xa2/0x70c [ 6944.285524][T18955] post_alloc_hook+0xec/0x1e4 [ 6944.286521][T18955] get_page_from_freelist+0xdaa/0x295a [ 6944.287505][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6944.288481][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6944.289508][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6944.290489][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6944.292013][T18955] page_pool_alloc_pages+0x20/0x62 [ 6944.293009][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6944.294064][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.295013][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.295974][T18955] __sys_bpf+0xd14/0x42cc [ 6944.296865][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6944.297773][T18955] syscall_handler+0x94/0x118 [ 6944.298673][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6944.299607][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.300607][T18955] page last free pid 16342 tgid 16342 stack trace: [ 6944.302058][T18955] __reset_page_owner+0x8c/0x400 [ 6944.303092][T18955] free_unref_page+0x592/0xf08 [ 6944.304043][T18955] __free_pages+0x13c/0x1bc [ 6944.305053][T18955] vfree+0x1b6/0xc88 [ 6944.305886][T18955] delayed_vfree_work+0x58/0x7a [ 6944.306991][T18955] process_one_work+0x956/0x1dae [ 6944.307966][T18955] worker_thread+0x5be/0xdc6 [ 6944.308890][T18955] kthread+0x28c/0x3a6 [ 6944.309780][T18955] ret_from_fork+0xe/0x18 [ 6944.310767][T18955] Modules linked in: [ 6944.312356][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6944.313734][T18955] Tainted: [B]=BAD_PAGE [ 6944.314447][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6944.315272][T18955] Call Trace: [ 6944.316117][T18955] [] dump_backtrace+0x2e/0x3c [ 6944.317596][T18955] [] show_stack+0x34/0x40 [ 6944.319561][T18955] [] dump_stack_lvl+0x122/0x196 [ 6944.321617][T18955] [] dump_stack+0x1c/0x24 [ 6944.322821][T18955] [] bad_page+0x268/0x2da [ 6944.323661][T18955] [] free_unref_page+0x78a/0xf08 [ 6944.324589][T18955] [] page_frag_free+0x21c/0x268 [ 6944.325466][T18955] [] skb_free_head+0x1ce/0x2ec [ 6944.326295][T18955] [] skb_release_data+0x6ec/0x86a [ 6944.327102][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6944.327952][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6944.328968][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6944.329957][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6944.331077][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6944.332065][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6944.333110][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.334353][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.335293][T18955] [] __sys_bpf+0xd14/0x42cc [ 6944.336134][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6944.336997][T18955] [] syscall_handler+0x94/0x118 [ 6944.337828][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6944.338748][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.340467][T18955] BUG: Bad page state in process syz.2.1806 pfn:ace26 [ 6944.342054][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xace26 [ 6944.343144][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6944.345046][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6944.347028][T18955] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 6944.348491][T18955] page dumped because: page_pool leak [ 6944.349686][T18955] page_owner tracks the page as allocated [ 6944.350906][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766201400, free_ts 6923545200600 [ 6944.353302][T18955] __set_page_owner+0xa2/0x70c [ 6944.354313][T18955] post_alloc_hook+0xec/0x1e4 [ 6944.355229][T18955] get_page_from_freelist+0xdaa/0x295a [ 6944.356200][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6944.357154][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6944.358333][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6944.359286][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6944.360239][T18955] page_pool_alloc_pages+0x20/0x62 [ 6944.361606][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6944.362661][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.363582][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.364499][T18955] __sys_bpf+0xd14/0x42cc [ 6944.365357][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6944.366256][T18955] syscall_handler+0x94/0x118 [ 6944.367112][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6944.368030][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.368962][T18955] page last free pid 18388 tgid 18388 stack trace: [ 6944.369749][T18955] __reset_page_owner+0x8c/0x400 [ 6944.370740][T18955] free_unref_page+0x592/0xf08 [ 6944.372110][T18955] __folio_put+0x1ae/0x22e [ 6944.372987][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6944.373972][T18955] tlb_remove_table_rcu+0x86/0xee [ 6944.374916][T18955] rcu_core+0xa24/0x1eac [ 6944.375770][T18955] rcu_core_si+0xc/0x14 [ 6944.376588][T18955] handle_softirqs+0x4a6/0x10de [ 6944.377409][T18955] __irq_exit_rcu+0x188/0x372 [ 6944.378285][T18955] irq_exit_rcu+0x10/0xf8 [ 6944.379128][T18955] handle_riscv_irq+0x40/0x4c [ 6944.380028][T18955] call_on_irq_stack+0x32/0x40 [ 6944.381380][T18955] Modules linked in: [ 6944.382350][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6944.383412][T18955] Tainted: [B]=BAD_PAGE [ 6944.383916][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6944.384485][T18955] Call Trace: [ 6944.384967][T18955] [] dump_backtrace+0x2e/0x3c [ 6944.385952][T18955] [] show_stack+0x34/0x40 [ 6944.386767][T18955] [] dump_stack_lvl+0x122/0x196 [ 6944.387603][T18955] [] dump_stack+0x1c/0x24 [ 6944.388699][T18955] [] bad_page+0x268/0x2da [ 6944.389497][T18955] [] free_unref_page+0x78a/0xf08 [ 6944.390440][T18955] [] page_frag_free+0x21c/0x268 [ 6944.392063][T18955] [] skb_free_head+0x1ce/0x2ec [ 6944.393351][T18955] [] skb_release_data+0x6ec/0x86a [ 6944.394703][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6944.395923][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6944.397417][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6944.398773][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6944.399761][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6944.400705][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6944.401761][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.402722][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.403632][T18955] [] __sys_bpf+0xd14/0x42cc [ 6944.404468][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6944.405314][T18955] [] syscall_handler+0x94/0x118 [ 6944.406155][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6944.407177][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.408880][T18955] BUG: Bad page state in process syz.2.1806 pfn:9dec5 [ 6944.409932][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x9dec5 [ 6944.411302][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6944.412319][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6944.413316][T18955] raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000 [ 6944.414392][T18955] page dumped because: page_pool leak [ 6944.415133][T18955] page_owner tracks the page as allocated [ 6944.415836][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766075600, free_ts 6923546529800 [ 6944.417340][T18955] __set_page_owner+0xa2/0x70c [ 6944.418316][T18955] post_alloc_hook+0xec/0x1e4 [ 6944.419244][T18955] get_page_from_freelist+0xdaa/0x295a [ 6944.420194][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6944.421640][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6944.422677][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6944.423651][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6944.424577][T18955] page_pool_alloc_pages+0x20/0x62 [ 6944.425525][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6944.427200][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.428815][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.430434][T18955] __sys_bpf+0xd14/0x42cc [ 6944.432372][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6944.433320][T18955] syscall_handler+0x94/0x118 [ 6944.434244][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6944.435196][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.436275][T18955] page last free pid 18388 tgid 18388 stack trace: [ 6944.437086][T18955] __reset_page_owner+0x8c/0x400 [ 6944.438157][T18955] free_unref_page+0x592/0xf08 [ 6944.439095][T18955] __folio_put+0x1ae/0x22e [ 6944.439953][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6944.441402][T18955] tlb_remove_table_rcu+0x86/0xee [ 6944.442389][T18955] rcu_core+0xa24/0x1eac [ 6944.443232][T18955] rcu_core_si+0xc/0x14 [ 6944.444083][T18955] handle_softirqs+0x4a6/0x10de [ 6944.444947][T18955] __irq_exit_rcu+0x188/0x372 [ 6944.445769][T18955] irq_exit_rcu+0x10/0xf8 [ 6944.446600][T18955] handle_riscv_irq+0x40/0x4c [ 6944.447509][T18955] call_on_irq_stack+0x32/0x40 [ 6944.448439][T18955] Modules linked in: [ 6944.449344][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6944.450430][T18955] Tainted: [B]=BAD_PAGE [ 6944.451015][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6944.451647][T18955] Call Trace: [ 6944.452149][T18955] [] dump_backtrace+0x2e/0x3c [ 6944.453001][T18955] [] show_stack+0x34/0x40 [ 6944.453757][T18955] [] dump_stack_lvl+0x122/0x196 [ 6944.454655][T18955] [] dump_stack+0x1c/0x24 [ 6944.455522][T18955] [] bad_page+0x268/0x2da [ 6944.456391][T18955] [] free_unref_page+0x78a/0xf08 [ 6944.457273][T18955] [] page_frag_free+0x21c/0x268 [ 6944.458167][T18955] [] skb_free_head+0x1ce/0x2ec [ 6944.458948][T18955] [] skb_release_data+0x6ec/0x86a [ 6944.459747][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6944.460559][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6944.461595][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6944.462608][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6944.463557][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6944.464470][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6944.465707][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.466668][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.467555][T18955] [] __sys_bpf+0xd14/0x42cc [ 6944.468384][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6944.469266][T18955] [] syscall_handler+0x94/0x118 [ 6944.470245][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6944.471455][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.473576][T18955] BUG: Bad page state in process syz.2.1806 pfn:9dec4 [ 6944.474635][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001dec5080 pfn:0x9dec4 [ 6944.475696][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6944.476756][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6944.477737][T18955] raw: ff6000001dec5080 0000000000000001 00000000ffffffff 0000000000000000 [ 6944.478662][T18955] page dumped because: page_pool leak [ 6944.479415][T18955] page_owner tracks the page as allocated [ 6944.480144][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765929200, free_ts 6923547349200 [ 6944.482764][T18955] __set_page_owner+0xa2/0x70c [ 6944.483808][T18955] post_alloc_hook+0xec/0x1e4 [ 6944.484761][T18955] get_page_from_freelist+0xdaa/0x295a [ 6944.485736][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6944.486715][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6944.487666][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6944.488697][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6944.489627][T18955] page_pool_alloc_pages+0x20/0x62 [ 6944.490590][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6944.492200][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.493169][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.494209][T18955] __sys_bpf+0xd14/0x42cc [ 6944.495251][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6944.496139][T18955] syscall_handler+0x94/0x118 [ 6944.497008][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6944.497941][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.498950][T18955] page last free pid 18388 tgid 18388 stack trace: [ 6944.499804][T18955] __reset_page_owner+0x8c/0x400 [ 6944.500761][T18955] free_unref_page+0x592/0xf08 [ 6944.502324][T18955] __folio_put+0x1ae/0x22e [ 6944.503272][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6944.504291][T18955] tlb_remove_table_rcu+0x86/0xee [ 6944.505444][T18955] rcu_core+0xa24/0x1eac [ 6944.506321][T18955] rcu_core_si+0xc/0x14 [ 6944.507240][T18955] handle_softirqs+0x4a6/0x10de [ 6944.508205][T18955] __irq_exit_rcu+0x188/0x372 [ 6944.509070][T18955] irq_exit_rcu+0x10/0xf8 [ 6944.509884][T18955] handle_riscv_irq+0x40/0x4c [ 6944.511522][T18955] call_on_irq_stack+0x32/0x40 [ 6944.512635][T18955] Modules linked in: [ 6944.513573][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6944.514967][T18955] Tainted: [B]=BAD_PAGE [ 6944.515561][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6944.516262][T18955] Call Trace: [ 6944.516892][T18955] [] dump_backtrace+0x2e/0x3c [ 6944.517889][T18955] [] show_stack+0x34/0x40 [ 6944.518835][T18955] [] dump_stack_lvl+0x122/0x196 [ 6944.519981][T18955] [] dump_stack+0x1c/0x24 [ 6944.520966][T18955] [] bad_page+0x268/0x2da [ 6944.522013][T18955] [] free_unref_page+0x78a/0xf08 [ 6944.523112][T18955] [] page_frag_free+0x21c/0x268 [ 6944.524107][T18955] [] skb_free_head+0x1ce/0x2ec [ 6944.524929][T18955] [] skb_release_data+0x6ec/0x86a [ 6944.525870][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6944.526841][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6944.527939][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6944.528996][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6944.530147][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6944.531444][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6944.532793][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.533793][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.535016][T18955] [] __sys_bpf+0xd14/0x42cc [ 6944.536020][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6944.537063][T18955] [] syscall_handler+0x94/0x118 [ 6944.538130][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6944.539271][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.541431][T18955] BUG: Bad page state in process syz.2.1806 pfn:9d607 [ 6944.542755][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001d6079b0 pfn:0x9d607 [ 6944.544853][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6944.546096][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6944.547342][T18955] raw: ff6000001d6079b0 0000000000000001 00000000ffffffff 0000000000000000 [ 6944.548451][T18955] page dumped because: page_pool leak [ 6944.549383][T18955] page_owner tracks the page as allocated [ 6944.550264][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765812300, free_ts 6925915629200 [ 6944.555318][T18955] __set_page_owner+0xa2/0x70c [ 6944.556782][T18955] post_alloc_hook+0xec/0x1e4 [ 6944.557916][T18955] get_page_from_freelist+0xdaa/0x295a [ 6944.559149][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6944.560327][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6944.562918][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6944.564155][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6944.565223][T18955] page_pool_alloc_pages+0x20/0x62 [ 6944.566372][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6944.567522][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.568628][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.569775][T18955] __sys_bpf+0xd14/0x42cc [ 6944.570938][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6944.572645][T18955] syscall_handler+0x94/0x118 [ 6944.573748][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6944.574891][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.576028][T18955] page last free pid 18910 tgid 18910 stack trace: [ 6944.577006][T18955] __reset_page_owner+0x8c/0x400 [ 6944.578208][T18955] free_unref_page+0x592/0xf08 [ 6944.579283][T18955] __folio_put+0x1ae/0x22e [ 6944.580326][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6944.582853][T18955] tlb_remove_table_rcu+0x86/0xee [ 6944.584019][T18955] rcu_core+0xa24/0x1eac [ 6944.585011][T18955] rcu_core_si+0xc/0x14 [ 6944.586059][T18955] handle_softirqs+0x4a6/0x10de [ 6944.587152][T18955] __irq_exit_rcu+0x188/0x372 [ 6944.588336][T18955] irq_exit_rcu+0x10/0xf8 [ 6944.589283][T18955] handle_riscv_irq+0x40/0x4c [ 6944.590398][T18955] call_on_irq_stack+0x32/0x40 [ 6944.592772][T18955] Modules linked in: [ 6944.593889][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6944.595381][T18955] Tainted: [B]=BAD_PAGE [ 6944.596065][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6944.596842][T18955] Call Trace: [ 6944.597521][T18955] [] dump_backtrace+0x2e/0x3c [ 6944.598577][T18955] [] show_stack+0x34/0x40 [ 6944.599901][T18955] [] dump_stack_lvl+0x122/0x196 [ 6944.601352][T18955] [] dump_stack+0x1c/0x24 [ 6944.602604][T18955] [] bad_page+0x268/0x2da [ 6944.603676][T18955] [] free_unref_page+0x78a/0xf08 [ 6944.604911][T18955] [] page_frag_free+0x21c/0x268 [ 6944.605989][T18955] [] skb_free_head+0x1ce/0x2ec [ 6944.607104][T18955] [] skb_release_data+0x6ec/0x86a [ 6944.608169][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6944.609251][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6944.610559][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6944.611895][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6944.613517][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6944.614706][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6944.615629][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.616475][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.617331][T18955] [] __sys_bpf+0xd14/0x42cc [ 6944.618175][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6944.619027][T18955] [] syscall_handler+0x94/0x118 [ 6944.619817][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6944.620660][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.622534][T18955] BUG: Bad page state in process syz.2.1806 pfn:9d606 [ 6944.623425][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001d606440 pfn:0x9d606 [ 6944.624412][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6944.625554][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6944.626798][T18955] raw: ff6000001d606440 0000000000000001 00000000ffffffff 0000000000000000 [ 6944.627654][T18955] page dumped because: page_pool leak [ 6944.628383][T18955] page_owner tracks the page as allocated [ 6944.629074][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765695000, free_ts 6922499989500 [ 6944.630483][T18955] __set_page_owner+0xa2/0x70c [ 6944.632125][T18955] post_alloc_hook+0xec/0x1e4 [ 6944.633220][T18955] get_page_from_freelist+0xdaa/0x295a [ 6944.634284][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6944.635303][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6944.636342][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6944.637379][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6944.638435][T18955] page_pool_alloc_pages+0x20/0x62 [ 6944.639844][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6944.642956][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.644668][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.646228][T18955] __sys_bpf+0xd14/0x42cc [ 6944.647867][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6944.649477][T18955] syscall_handler+0x94/0x118 [ 6944.651891][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6944.653042][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.654252][T18955] page last free pid 16342 tgid 16342 stack trace: [ 6944.655465][T18955] __reset_page_owner+0x8c/0x400 [ 6944.656564][T18955] free_unref_page+0x592/0xf08 [ 6944.657718][T18955] __free_pages+0x13c/0x1bc [ 6944.659235][T18955] vfree+0x1b6/0xc88 [ 6944.660595][T18955] delayed_vfree_work+0x58/0x7a [ 6944.662942][T18955] process_one_work+0x956/0x1dae [ 6944.664568][T18955] worker_thread+0x5be/0xdc6 [ 6944.666157][T18955] kthread+0x28c/0x3a6 [ 6944.667542][T18955] ret_from_fork+0xe/0x18 [ 6944.669081][T18955] Modules linked in: [ 6944.670642][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6944.671979][T18955] Tainted: [B]=BAD_PAGE [ 6944.672864][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6944.673828][T18955] Call Trace: [ 6944.674750][T18955] [] dump_backtrace+0x2e/0x3c [ 6944.676104][T18955] [] show_stack+0x34/0x40 [ 6944.677303][T18955] [] dump_stack_lvl+0x122/0x196 [ 6944.678772][T18955] [] dump_stack+0x1c/0x24 [ 6944.680048][T18955] [] bad_page+0x268/0x2da [ 6944.680965][T18955] [] free_unref_page+0x78a/0xf08 [ 6944.682051][T18955] [] page_frag_free+0x21c/0x268 [ 6944.683129][T18955] [] skb_free_head+0x1ce/0x2ec [ 6944.683922][T18955] [] skb_release_data+0x6ec/0x86a [ 6944.684717][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6944.685762][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6944.687367][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6944.688842][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6944.689879][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6944.690929][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6944.692035][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.692983][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.693911][T18955] [] __sys_bpf+0xd14/0x42cc [ 6944.694851][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6944.696140][T18955] [] syscall_handler+0x94/0x118 [ 6944.697444][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6944.698485][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.700354][T18955] BUG: Bad page state in process syz.2.1806 pfn:a8ee9 [ 6944.701916][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff60000000000002 pfn:0xa8ee9 [ 6944.703059][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6944.704061][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6944.705074][T18955] raw: ff60000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 6944.706102][T18955] page dumped because: page_pool leak [ 6944.706855][T18955] page_owner tracks the page as allocated [ 6944.707591][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765575900, free_ts 6925948942300 [ 6944.709487][T18955] __set_page_owner+0xa2/0x70c [ 6944.710847][T18955] post_alloc_hook+0xec/0x1e4 [ 6944.713223][T18955] get_page_from_freelist+0xdaa/0x295a [ 6944.714992][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6944.716677][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6944.717677][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6944.719059][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6944.720634][T18955] page_pool_alloc_pages+0x20/0x62 [ 6944.723024][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6944.724665][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.726073][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.727327][T18955] __sys_bpf+0xd14/0x42cc [ 6944.728398][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6944.729468][T18955] syscall_handler+0x94/0x118 [ 6944.730408][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6944.731882][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.732899][T18955] page last free pid 17001 tgid 17001 stack trace: [ 6944.733726][T18955] __reset_page_owner+0x8c/0x400 [ 6944.734731][T18955] free_unref_page+0x592/0xf08 [ 6944.735665][T18955] __free_pages+0x13c/0x1bc [ 6944.736964][T18955] vfree+0x1b6/0xc88 [ 6944.737975][T18955] do_ip6t_get_ctl+0x76c/0x91e [ 6944.738904][T18955] nf_getsockopt+0x6e/0xd2 [ 6944.739783][T18955] ipv6_getsockopt+0x240/0x2ce [ 6944.740699][T18955] tcp_getsockopt+0x84/0xd6 [ 6944.742227][T18955] sock_common_getsockopt+0x86/0xb8 [ 6944.743119][T18955] do_sock_getsockopt+0x37a/0x5ea [ 6944.744067][T18955] __sys_getsockopt+0x100/0x1b6 [ 6944.745006][T18955] __riscv_sys_getsockopt+0xa6/0x114 [ 6944.746653][T18955] syscall_handler+0x94/0x118 [ 6944.748328][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6944.749987][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.752506][T18955] Modules linked in: [ 6944.753443][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6944.754677][T18955] Tainted: [B]=BAD_PAGE [ 6944.755635][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6944.756806][T18955] Call Trace: [ 6944.757646][T18955] [] dump_backtrace+0x2e/0x3c [ 6944.759180][T18955] [] show_stack+0x34/0x40 [ 6944.760573][T18955] [] dump_stack_lvl+0x122/0x196 [ 6944.761841][T18955] [] dump_stack+0x1c/0x24 [ 6944.762806][T18955] [] bad_page+0x268/0x2da [ 6944.763999][T18955] [] free_unref_page+0x78a/0xf08 [ 6944.764897][T18955] [] page_frag_free+0x21c/0x268 [ 6944.766278][T18955] [] skb_free_head+0x1ce/0x2ec [ 6944.767055][T18955] [] skb_release_data+0x6ec/0x86a [ 6944.767880][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6944.768711][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6944.769792][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6944.770855][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6944.771898][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6944.772829][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6944.773859][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.774828][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.776175][T18955] [] __sys_bpf+0xd14/0x42cc [ 6944.777666][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6944.779128][T18955] [] syscall_handler+0x94/0x118 [ 6944.779987][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6944.780914][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.782704][T18955] BUG: Bad page state in process syz.2.1806 pfn:a8ee8 [ 6944.783619][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff60000028ee9e00 pfn:0xa8ee8 [ 6944.784704][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6944.785717][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6944.787174][T18955] raw: ff60000028ee9e00 0000000000000001 00000000ffffffff 0000000000000000 [ 6944.788093][T18955] page dumped because: page_pool leak [ 6944.788847][T18955] page_owner tracks the page as allocated [ 6944.789572][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765458100, free_ts 6922940797600 [ 6944.793694][T18955] __set_page_owner+0xa2/0x70c [ 6944.795448][T18955] post_alloc_hook+0xec/0x1e4 [ 6944.796731][T18955] get_page_from_freelist+0xdaa/0x295a [ 6944.797793][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6944.798809][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6944.799800][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6944.800804][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6944.803342][T18955] page_pool_alloc_pages+0x20/0x62 [ 6944.804952][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6944.806750][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.808407][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.810120][T18955] __sys_bpf+0xd14/0x42cc [ 6944.813125][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6944.815405][T18955] syscall_handler+0x94/0x118 [ 6944.816956][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6944.818634][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.820364][T18955] page last free pid 18907 tgid 18901 stack trace: [ 6944.823549][T18955] __reset_page_owner+0x8c/0x400 [ 6944.825322][T18955] free_unref_page+0x592/0xf08 [ 6944.827057][T18955] __folio_put+0x1ae/0x22e [ 6944.828654][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6944.830507][T18955] tlb_remove_table_rcu+0x86/0xee [ 6944.832993][T18955] rcu_core+0xa24/0x1eac [ 6944.834609][T18955] rcu_core_si+0xc/0x14 [ 6944.836204][T18955] handle_softirqs+0x4a6/0x10de [ 6944.837643][T18955] __irq_exit_rcu+0x188/0x372 [ 6944.839120][T18955] irq_exit_rcu+0x10/0xf8 [ 6944.840513][T18955] handle_riscv_irq+0x40/0x4c [ 6944.843035][T18955] call_on_irq_stack+0x32/0x40 [ 6944.844631][T18955] Modules linked in: [ 6944.846342][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6944.849197][T18955] Tainted: [B]=BAD_PAGE [ 6944.850107][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6944.851166][T18955] Call Trace: [ 6944.852103][T18955] [] dump_backtrace+0x2e/0x3c [ 6944.854497][T18955] [] show_stack+0x34/0x40 [ 6944.855909][T18955] [] dump_stack_lvl+0x122/0x196 [ 6944.857450][T18955] [] dump_stack+0x1c/0x24 [ 6944.858898][T18955] [] bad_page+0x268/0x2da [ 6944.860380][T18955] [] free_unref_page+0x78a/0xf08 [ 6944.861967][T18955] [] page_frag_free+0x21c/0x268 [ 6944.863621][T18955] [] skb_free_head+0x1ce/0x2ec [ 6944.865020][T18955] [] skb_release_data+0x6ec/0x86a [ 6944.867523][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6944.869054][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6944.870924][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6944.872712][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6944.874460][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6944.876073][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6944.877765][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.879489][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.881121][T18955] [] __sys_bpf+0xd14/0x42cc [ 6944.882758][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6944.885182][T18955] [] syscall_handler+0x94/0x118 [ 6944.886652][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6944.888271][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.891693][T18955] BUG: Bad page state in process syz.2.1806 pfn:a9217 [ 6944.893220][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0xa9217 [ 6944.896516][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6944.899477][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6944.902704][T18955] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 6944.904341][T18955] page dumped because: page_pool leak [ 6944.905723][T18955] page_owner tracks the page as allocated [ 6944.907046][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765338600, free_ts 6933702538200 [ 6944.909747][T18955] __set_page_owner+0xa2/0x70c [ 6944.912979][T18955] post_alloc_hook+0xec/0x1e4 [ 6944.914912][T18955] get_page_from_freelist+0xdaa/0x295a [ 6944.916649][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6944.918390][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6944.920133][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6944.922421][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6944.924070][T18955] page_pool_alloc_pages+0x20/0x62 [ 6944.925639][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6944.927413][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.929049][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6944.930798][T18955] __sys_bpf+0xd14/0x42cc [ 6944.933059][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6944.934819][T18955] syscall_handler+0x94/0x118 [ 6944.936716][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6944.938321][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6944.940012][T18955] page last free pid 18388 tgid 18388 stack trace: [ 6944.942384][T18955] __reset_page_owner+0x8c/0x400 [ 6944.944176][T18955] free_unref_page+0x592/0xf08 [ 6944.945862][T18955] __folio_put+0x1ae/0x22e [ 6944.947442][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6944.949174][T18955] tlb_remove_table_rcu+0x86/0xee [ 6944.950851][T18955] rcu_core+0xa24/0x1eac [ 6944.953219][T18955] rcu_core_si+0xc/0x14 [ 6944.954809][T18955] handle_softirqs+0x4a6/0x10de [ 6944.956278][T18955] __irq_exit_rcu+0x188/0x372 [ 6944.957688][T18955] irq_exit_rcu+0x10/0xf8 [ 6944.959163][T18955] handle_riscv_irq+0x40/0x4c [ 6944.960811][T18955] call_on_irq_stack+0x32/0x40 [ 6944.963255][T18955] Modules linked in: [ 6944.964885][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6944.966944][T18955] Tainted: [B]=BAD_PAGE [ 6944.967904][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6944.968972][T18955] Call Trace: [ 6944.969857][T18955] [] dump_backtrace+0x2e/0x3c [ 6944.971818][T18955] [] show_stack+0x34/0x40 [ 6944.973155][T18955] [] dump_stack_lvl+0x122/0x196 [ 6944.975425][T18955] [] dump_stack+0x1c/0x24 [ 6944.976915][T18955] [] bad_page+0x268/0x2da [ 6944.978429][T18955] [] free_unref_page+0x78a/0xf08 [ 6944.980068][T18955] [] page_frag_free+0x21c/0x268 [ 6944.982569][T18955] [] skb_free_head+0x1ce/0x2ec [ 6944.984407][T18955] [] skb_release_data+0x6ec/0x86a [ 6944.985889][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6944.988030][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6944.989816][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6944.991987][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6944.993807][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6944.995509][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6944.997224][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6944.998825][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.000440][T18955] [] __sys_bpf+0xd14/0x42cc [ 6945.001966][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6945.003482][T18955] [] syscall_handler+0x94/0x118 [ 6945.005011][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6945.006662][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.009732][T18955] BUG: Bad page state in process syz.2.1806 pfn:a9216 [ 6945.011889][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff60000029217e00 pfn:0xa9216 [ 6945.013798][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6945.015607][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6945.017430][T18955] raw: ff60000029217e00 0000000000000001 00000000ffffffff 0000000000000000 [ 6945.019048][T18955] page dumped because: page_pool leak [ 6945.020404][T18955] page_owner tracks the page as allocated [ 6945.022743][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765211900, free_ts 6935903750800 [ 6945.025376][T18955] __set_page_owner+0xa2/0x70c [ 6945.027075][T18955] post_alloc_hook+0xec/0x1e4 [ 6945.028659][T18955] get_page_from_freelist+0xdaa/0x295a [ 6945.030411][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6945.032645][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6945.034445][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6945.036108][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6945.037702][T18955] page_pool_alloc_pages+0x20/0x62 [ 6945.039318][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6945.041544][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.043250][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.044916][T18955] __sys_bpf+0xd14/0x42cc [ 6945.046496][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6945.048038][T18955] syscall_handler+0x94/0x118 [ 6945.049525][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6945.051678][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.053471][T18955] page last free pid 18891 tgid 18891 stack trace: [ 6945.054959][T18955] __reset_page_owner+0x8c/0x400 [ 6945.056605][T18955] free_unref_page+0x592/0xf08 [ 6945.058242][T18955] __folio_put+0x1ae/0x22e [ 6945.059769][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6945.062474][T18955] tlb_remove_table_rcu+0x86/0xee [ 6945.064112][T18955] rcu_core+0xa24/0x1eac [ 6945.065573][T18955] rcu_core_si+0xc/0x14 [ 6945.067088][T18955] handle_softirqs+0x4a6/0x10de [ 6945.068545][T18955] __irq_exit_rcu+0x188/0x372 [ 6945.069959][T18955] irq_exit_rcu+0x10/0xf8 [ 6945.071954][T18955] handle_riscv_irq+0x40/0x4c [ 6945.073591][T18955] call_on_irq_stack+0x32/0x40 [ 6945.075200][T18955] Modules linked in: [ 6945.076775][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6945.078603][T18955] Tainted: [B]=BAD_PAGE [ 6945.079484][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6945.080532][T18955] Call Trace: [ 6945.081749][T18955] [] dump_backtrace+0x2e/0x3c [ 6945.083231][T18955] [] show_stack+0x34/0x40 [ 6945.084537][T18955] [] dump_stack_lvl+0x122/0x196 [ 6945.086010][T18955] [] dump_stack+0x1c/0x24 [ 6945.087475][T18955] [] bad_page+0x268/0x2da [ 6945.088911][T18955] [] free_unref_page+0x78a/0xf08 [ 6945.090486][T18955] [] page_frag_free+0x21c/0x268 [ 6945.092061][T18955] [] skb_free_head+0x1ce/0x2ec [ 6945.093442][T18955] [] skb_release_data+0x6ec/0x86a [ 6945.094863][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6945.096476][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6945.098234][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6945.099903][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6945.102273][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6945.103934][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6945.105565][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.107160][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.108739][T18955] [] __sys_bpf+0xd14/0x42cc [ 6945.110231][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6945.112409][T18955] [] syscall_handler+0x94/0x118 [ 6945.113893][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6945.115394][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.118449][T18955] BUG: Bad page state in process syz.2.1806 pfn:9aa93 [ 6945.120006][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x9aa93 [ 6945.122931][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6945.124688][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6945.126345][T18955] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 6945.127968][T18955] page dumped because: page_pool leak [ 6945.129168][T18955] page_owner tracks the page as allocated [ 6945.130480][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765092800, free_ts 6932779102600 [ 6945.133580][T18955] __set_page_owner+0xa2/0x70c [ 6945.135333][T18955] post_alloc_hook+0xec/0x1e4 [ 6945.136933][T18955] get_page_from_freelist+0xdaa/0x295a [ 6945.138660][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6945.140359][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6945.142658][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6945.144384][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6945.146111][T18955] page_pool_alloc_pages+0x20/0x62 [ 6945.147650][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6945.149390][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.151531][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.153221][T18955] __sys_bpf+0xd14/0x42cc [ 6945.154814][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6945.156398][T18955] syscall_handler+0x94/0x118 [ 6945.157924][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6945.159536][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.161828][T18955] page last free pid 18939 tgid 18939 stack trace: [ 6945.163455][T18955] __reset_page_owner+0x8c/0x400 [ 6945.165076][T18955] free_unref_page+0x592/0xf08 [ 6945.166698][T18955] __free_pages+0x13c/0x1bc [ 6945.168180][T18955] __free_slab+0xc8/0x16e [ 6945.169703][T18955] free_slab+0x38/0x1ae [ 6945.171893][T18955] discard_slab+0x42/0x5a [ 6945.173480][T18955] __slab_free+0x346/0x3f6 [ 6945.175039][T18955] ___cache_free+0x1a6/0x1e0 [ 6945.176633][T18955] qlist_free_all+0x76/0x16c [ 6945.178117][T18955] kasan_quarantine_reduce+0x158/0x1ba [ 6945.179701][T18955] __kasan_slab_alloc+0x5c/0x82 [ 6945.182085][T18955] __kmalloc_node_noprof+0x232/0x522 [ 6945.183748][T18955] __vmalloc_node_range_noprof+0x36e/0x1450 [ 6945.185414][T18955] copy_process+0x365c/0x8e32 [ 6945.186922][T18955] kernel_clone+0x11e/0x92c [ 6945.188400][T18955] __do_sys_clone+0xe4/0x118 [ 6945.189901][T18955] Modules linked in: [ 6945.192035][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6945.193982][T18955] Tainted: [B]=BAD_PAGE [ 6945.194903][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6945.195963][T18955] Call Trace: [ 6945.196828][T18955] [] dump_backtrace+0x2e/0x3c [ 6945.198313][T18955] [] show_stack+0x34/0x40 [ 6945.199624][T18955] [] dump_stack_lvl+0x122/0x196 [ 6945.201147][T18955] [] dump_stack+0x1c/0x24 [ 6945.202551][T18955] [] bad_page+0x268/0x2da [ 6945.204072][T18955] [] free_unref_page+0x78a/0xf08 [ 6945.205612][T18955] [] page_frag_free+0x21c/0x268 [ 6945.207120][T18955] [] skb_free_head+0x1ce/0x2ec [ 6945.208397][T18955] [] skb_release_data+0x6ec/0x86a [ 6945.209811][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6945.211558][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6945.213231][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6945.214994][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6945.216759][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6945.218423][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6945.220118][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.222635][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.224296][T18955] [] __sys_bpf+0xd14/0x42cc [ 6945.225808][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6945.227425][T18955] [] syscall_handler+0x94/0x118 [ 6945.228975][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6945.230609][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.233735][T18955] BUG: Bad page state in process syz.2.1806 pfn:9aa92 [ 6945.235355][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001aa93e00 pfn:0x9aa92 [ 6945.237292][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6945.239101][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6945.241933][T18955] raw: ff6000001aa93e00 0000000000000001 00000000ffffffff 0000000000000000 [ 6945.243604][T18955] page dumped because: page_pool leak [ 6945.244945][T18955] page_owner tracks the page as allocated [ 6945.246213][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764968900, free_ts 6932779102600 [ 6945.248947][T18955] __set_page_owner+0xa2/0x70c [ 6945.250662][T18955] post_alloc_hook+0xec/0x1e4 [ 6945.252796][T18955] get_page_from_freelist+0xdaa/0x295a [ 6945.254581][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6945.256333][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6945.258067][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6945.259816][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6945.262197][T18955] page_pool_alloc_pages+0x20/0x62 [ 6945.264222][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6945.265979][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.267622][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.269296][T18955] __sys_bpf+0xd14/0x42cc [ 6945.270830][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6945.273028][T18955] syscall_handler+0x94/0x118 [ 6945.274633][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6945.276299][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.278075][T18955] page last free pid 18939 tgid 18939 stack trace: [ 6945.279520][T18955] __reset_page_owner+0x8c/0x400 [ 6945.281686][T18955] free_unref_page+0x592/0xf08 [ 6945.283409][T18955] __free_pages+0x13c/0x1bc [ 6945.284996][T18955] __free_slab+0xc8/0x16e [ 6945.286555][T18955] free_slab+0x38/0x1ae [ 6945.288038][T18955] discard_slab+0x42/0x5a [ 6945.289603][T18955] __slab_free+0x346/0x3f6 [ 6945.291754][T18955] ___cache_free+0x1a6/0x1e0 [ 6945.293374][T18955] qlist_free_all+0x76/0x16c [ 6945.295077][T18955] kasan_quarantine_reduce+0x158/0x1ba [ 6945.296756][T18955] __kasan_slab_alloc+0x5c/0x82 [ 6945.298435][T18955] __kmalloc_node_noprof+0x232/0x522 [ 6945.300102][T18955] __vmalloc_node_range_noprof+0x36e/0x1450 [ 6945.302991][T18955] copy_process+0x365c/0x8e32 [ 6945.304485][T18955] kernel_clone+0x11e/0x92c [ 6945.305942][T18955] __do_sys_clone+0xe4/0x118 [ 6945.307482][T18955] Modules linked in: [ 6945.309064][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6945.311078][T18955] Tainted: [B]=BAD_PAGE [ 6945.312044][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6945.313199][T18955] Call Trace: [ 6945.314144][T18955] [] dump_backtrace+0x2e/0x3c [ 6945.315668][T18955] [] show_stack+0x34/0x40 [ 6945.316999][T18955] [] dump_stack_lvl+0x122/0x196 [ 6945.318514][T18955] [] dump_stack+0x1c/0x24 [ 6945.319983][T18955] [] bad_page+0x268/0x2da [ 6945.321973][T18955] [] free_unref_page+0x78a/0xf08 [ 6945.323830][T18955] [] page_frag_free+0x21c/0x268 [ 6945.325398][T18955] [] skb_free_head+0x1ce/0x2ec [ 6945.326807][T18955] [] skb_release_data+0x6ec/0x86a [ 6945.328209][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6945.329625][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6945.331657][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6945.333358][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6945.335378][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6945.337004][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6945.338691][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.340234][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.341839][T18955] [] __sys_bpf+0xd14/0x42cc [ 6945.343246][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6945.344637][T18955] [] syscall_handler+0x94/0x118 [ 6945.346301][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6945.348056][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.351529][T18955] BUG: Bad page state in process syz.2.1806 pfn:97efd [ 6945.353255][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x97efd [ 6945.355049][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6945.356775][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6945.358581][T18955] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 6945.360154][T18955] page dumped because: page_pool leak [ 6945.362198][T18955] page_owner tracks the page as allocated [ 6945.363671][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764850600, free_ts 6932779866500 [ 6945.366451][T18955] __set_page_owner+0xa2/0x70c [ 6945.368694][T18955] post_alloc_hook+0xec/0x1e4 [ 6945.370338][T18955] get_page_from_freelist+0xdaa/0x295a [ 6945.372636][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6945.374342][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6945.376113][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6945.378261][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6945.379880][T18955] page_pool_alloc_pages+0x20/0x62 [ 6945.382298][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6945.384054][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.385669][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.387263][T18955] __sys_bpf+0xd14/0x42cc [ 6945.388855][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6945.391603][T18955] syscall_handler+0x94/0x118 [ 6945.393181][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6945.394833][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.396498][T18955] page last free pid 18939 tgid 18939 stack trace: [ 6945.397938][T18955] __reset_page_owner+0x8c/0x400 [ 6945.399808][T18955] free_unref_page+0x592/0xf08 [ 6945.402339][T18955] __free_pages+0x13c/0x1bc [ 6945.404226][T18955] __free_slab+0xc8/0x16e [ 6945.405741][T18955] free_slab+0x38/0x1ae [ 6945.407314][T18955] discard_slab+0x42/0x5a [ 6945.408878][T18955] __slab_free+0x346/0x3f6 [ 6945.410523][T18955] ___cache_free+0x1a6/0x1e0 [ 6945.412611][T18955] qlist_free_all+0x76/0x16c [ 6945.414194][T18955] kasan_quarantine_reduce+0x158/0x1ba [ 6945.415879][T18955] __kasan_slab_alloc+0x5c/0x82 [ 6945.417979][T18955] __kmalloc_node_noprof+0x232/0x522 [ 6945.419655][T18955] __vmalloc_node_range_noprof+0x36e/0x1450 [ 6945.421809][T18955] copy_process+0x365c/0x8e32 [ 6945.423394][T18955] kernel_clone+0x11e/0x92c [ 6945.424865][T18955] __do_sys_clone+0xe4/0x118 [ 6945.426414][T18955] Modules linked in: [ 6945.428003][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6945.429832][T18955] Tainted: [B]=BAD_PAGE [ 6945.430785][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6945.431856][T18955] Call Trace: [ 6945.432776][T18955] [] dump_backtrace+0x2e/0x3c [ 6945.434550][T18955] [] show_stack+0x34/0x40 [ 6945.435939][T18955] [] dump_stack_lvl+0x122/0x196 [ 6945.437482][T18955] [] dump_stack+0x1c/0x24 [ 6945.438977][T18955] [] bad_page+0x268/0x2da [ 6945.440444][T18955] [] free_unref_page+0x78a/0xf08 [ 6945.442130][T18955] [] page_frag_free+0x21c/0x268 [ 6945.443789][T18955] [] skb_free_head+0x1ce/0x2ec [ 6945.445201][T18955] [] skb_release_data+0x6ec/0x86a [ 6945.447105][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6945.448631][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6945.450490][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6945.452312][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6945.454077][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6945.455720][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6945.457483][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.459229][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.460925][T18955] [] __sys_bpf+0xd14/0x42cc [ 6945.462466][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6945.463996][T18955] [] syscall_handler+0x94/0x118 [ 6945.465511][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6945.467165][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.470182][T18955] BUG: Bad page state in process syz.2.1806 pfn:97efc [ 6945.472625][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff60000017efde00 pfn:0x97efc [ 6945.474551][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6945.476354][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6945.478119][T18955] raw: ff60000017efde00 0000000000000001 00000000ffffffff 0000000000000000 [ 6945.479723][T18955] page dumped because: page_pool leak [ 6945.481618][T18955] page_owner tracks the page as allocated [ 6945.482972][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764731300, free_ts 6932779866500 [ 6945.485462][T18955] __set_page_owner+0xa2/0x70c [ 6945.487216][T18955] post_alloc_hook+0xec/0x1e4 [ 6945.488891][T18955] get_page_from_freelist+0xdaa/0x295a [ 6945.490614][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6945.492880][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6945.494671][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6945.496348][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6945.498863][T18955] page_pool_alloc_pages+0x20/0x62 [ 6945.501834][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6945.503769][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.505346][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.507099][T18955] __sys_bpf+0xd14/0x42cc [ 6945.508703][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6945.510355][T18955] syscall_handler+0x94/0x118 [ 6945.512824][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6945.514535][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.516229][T18955] page last free pid 18939 tgid 18939 stack trace: [ 6945.517758][T18955] __reset_page_owner+0x8c/0x400 [ 6945.519550][T18955] free_unref_page+0x592/0xf08 [ 6945.522132][T18955] __free_pages+0x13c/0x1bc [ 6945.523952][T18955] __free_slab+0xc8/0x16e [ 6945.525519][T18955] free_slab+0x38/0x1ae [ 6945.527078][T18955] discard_slab+0x42/0x5a [ 6945.528649][T18955] __slab_free+0x346/0x3f6 [ 6945.530242][T18955] ___cache_free+0x1a6/0x1e0 [ 6945.532564][T18955] qlist_free_all+0x76/0x16c [ 6945.534152][T18955] kasan_quarantine_reduce+0x158/0x1ba [ 6945.535981][T18955] __kasan_slab_alloc+0x5c/0x82 [ 6945.537699][T18955] __kmalloc_node_noprof+0x232/0x522 [ 6945.539513][T18955] __vmalloc_node_range_noprof+0x36e/0x1450 [ 6945.541901][T18955] copy_process+0x365c/0x8e32 [ 6945.543561][T18955] kernel_clone+0x11e/0x92c [ 6945.545043][T18955] __do_sys_clone+0xe4/0x118 [ 6945.546616][T18955] Modules linked in: [ 6945.548236][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6945.550210][T18955] Tainted: [B]=BAD_PAGE [ 6945.551169][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6945.552336][T18955] Call Trace: [ 6945.553232][T18955] [] dump_backtrace+0x2e/0x3c [ 6945.555379][T18955] [] show_stack+0x34/0x40 [ 6945.556728][T18955] [] dump_stack_lvl+0x122/0x196 [ 6945.558383][T18955] [] dump_stack+0x1c/0x24 [ 6945.559930][T18955] [] bad_page+0x268/0x2da [ 6945.561690][T18955] [] free_unref_page+0x78a/0xf08 [ 6945.563372][T18955] [] page_frag_free+0x21c/0x268 [ 6945.564999][T18955] [] skb_free_head+0x1ce/0x2ec [ 6945.566410][T18955] [] skb_release_data+0x6ec/0x86a [ 6945.567914][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6945.569435][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6945.571366][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6945.573040][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6945.574849][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6945.576724][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6945.578470][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.580393][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.582131][T18955] [] __sys_bpf+0xd14/0x42cc [ 6945.583663][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6945.585178][T18955] [] syscall_handler+0x94/0x118 [ 6945.586725][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6945.588974][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.592105][T18955] BUG: Bad page state in process syz.2.1806 pfn:a9e8d [ 6945.593771][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x31 pfn:0xa9e8d [ 6945.595618][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6945.597430][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6945.599193][T18955] raw: 0000000000000031 0000000000000001 00000000ffffffff 0000000000000000 [ 6945.600769][T18955] page dumped because: page_pool leak [ 6945.602856][T18955] page_owner tracks the page as allocated [ 6945.604193][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764612700, free_ts 6940797167800 [ 6945.607947][T18955] __set_page_owner+0xa2/0x70c [ 6945.609667][T18955] post_alloc_hook+0xec/0x1e4 [ 6945.612175][T18955] get_page_from_freelist+0xdaa/0x295a [ 6945.613934][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6945.615771][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6945.617492][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6945.619204][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6945.620781][T18955] page_pool_alloc_pages+0x20/0x62 [ 6945.623055][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6945.624836][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.626614][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.628295][T18955] __sys_bpf+0xd14/0x42cc [ 6945.629836][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6945.632541][T18955] syscall_handler+0x94/0x118 [ 6945.634212][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6945.635852][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.637532][T18955] page last free pid 16932 tgid 16932 stack trace: [ 6945.639060][T18955] __reset_page_owner+0x8c/0x400 [ 6945.640810][T18955] free_unref_page+0x592/0xf08 [ 6945.643341][T18955] __folio_put+0x1ae/0x22e [ 6945.645325][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6945.647046][T18955] tlb_remove_table_rcu+0x86/0xee [ 6945.648615][T18955] rcu_core+0xa24/0x1eac [ 6945.650212][T18955] rcu_core_si+0xc/0x14 [ 6945.652462][T18955] handle_softirqs+0x4a6/0x10de [ 6945.653978][T18955] __do_softirq+0x12/0x1a [ 6945.655729][T18955] Modules linked in: [ 6945.657656][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6945.659658][T18955] Tainted: [B]=BAD_PAGE [ 6945.660592][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6945.661678][T18955] Call Trace: [ 6945.662747][T18955] [] dump_backtrace+0x2e/0x3c [ 6945.664262][T18955] [] show_stack+0x34/0x40 [ 6945.665768][T18955] [] dump_stack_lvl+0x122/0x196 [ 6945.667337][T18955] [] dump_stack+0x1c/0x24 [ 6945.668853][T18955] [] bad_page+0x268/0x2da [ 6945.670409][T18955] [] free_unref_page+0x78a/0xf08 [ 6945.671934][T18955] [] page_frag_free+0x21c/0x268 [ 6945.673603][T18955] [] skb_free_head+0x1ce/0x2ec [ 6945.675096][T18955] [] skb_release_data+0x6ec/0x86a [ 6945.676503][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6945.677933][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6945.679626][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6945.681367][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6945.683342][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6945.685138][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6945.687984][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.690396][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.692258][T18955] [] __sys_bpf+0xd14/0x42cc [ 6945.693798][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6945.695262][T18955] [] syscall_handler+0x94/0x118 [ 6945.696738][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6945.698500][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.701992][T18955] BUG: Bad page state in process syz.2.1806 pfn:a9e8c [ 6945.703754][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x30 pfn:0xa9e8c [ 6945.705460][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6945.707419][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6945.709441][T18955] raw: 0000000000000030 0000000000000001 00000000ffffffff 0000000000000000 [ 6945.711908][T18955] page dumped because: page_pool leak [ 6945.713403][T18955] page_owner tracks the page as allocated [ 6945.714851][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764495000, free_ts 6940797650600 [ 6945.717644][T18955] __set_page_owner+0xa2/0x70c [ 6945.719410][T18955] post_alloc_hook+0xec/0x1e4 [ 6945.721788][T18955] get_page_from_freelist+0xdaa/0x295a [ 6945.724220][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6945.726090][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6945.727996][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6945.729745][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6945.732195][T18955] page_pool_alloc_pages+0x20/0x62 [ 6945.733816][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6945.735545][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.737199][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.738955][T18955] __sys_bpf+0xd14/0x42cc [ 6945.740501][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6945.742887][T18955] syscall_handler+0x94/0x118 [ 6945.744537][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6945.746356][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.747995][T18955] page last free pid 16932 tgid 16932 stack trace: [ 6945.749476][T18955] __reset_page_owner+0x8c/0x400 [ 6945.752131][T18955] free_unref_page+0x592/0xf08 [ 6945.753872][T18955] __folio_put+0x1ae/0x22e [ 6945.755495][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6945.757261][T18955] tlb_remove_table_rcu+0x86/0xee [ 6945.758926][T18955] rcu_core+0xa24/0x1eac [ 6945.760502][T18955] rcu_core_si+0xc/0x14 [ 6945.762738][T18955] handle_softirqs+0x4a6/0x10de [ 6945.764781][T18955] __do_softirq+0x12/0x1a [ 6945.766849][T18955] Modules linked in: [ 6945.768539][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6945.770527][T18955] Tainted: [B]=BAD_PAGE [ 6945.771913][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6945.773064][T18955] Call Trace: [ 6945.773959][T18955] [] dump_backtrace+0x2e/0x3c [ 6945.777110][T18955] [] show_stack+0x34/0x40 [ 6945.778811][T18955] [] dump_stack_lvl+0x122/0x196 [ 6945.780301][T18955] [] dump_stack+0x1c/0x24 [ 6945.781756][T18955] [] bad_page+0x268/0x2da [ 6945.783261][T18955] [] free_unref_page+0x78a/0xf08 [ 6945.784816][T18955] [] page_frag_free+0x21c/0x268 [ 6945.786464][T18955] [] skb_free_head+0x1ce/0x2ec [ 6945.787898][T18955] [] skb_release_data+0x6ec/0x86a [ 6945.789358][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6945.790834][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6945.792592][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6945.794759][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6945.796549][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6945.798278][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6945.800232][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.802601][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.804292][T18955] [] __sys_bpf+0xd14/0x42cc [ 6945.805774][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6945.807479][T18955] [] syscall_handler+0x94/0x118 [ 6945.809085][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6945.810715][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.813910][T18955] BUG: Bad page state in process syz.2.1806 pfn:ae1f3 [ 6945.815631][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002e1f3000 pfn:0xae1f3 [ 6945.817682][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6945.820111][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6945.823801][T18955] raw: ff6000002e1f3000 0000000000000001 00000000ffffffff 0000000000000000 [ 6945.825621][T18955] page dumped because: page_pool leak [ 6945.827032][T18955] page_owner tracks the page as allocated [ 6945.828404][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764377100, free_ts 6940798494500 [ 6945.831973][T18955] __set_page_owner+0xa2/0x70c [ 6945.833823][T18955] post_alloc_hook+0xec/0x1e4 [ 6945.835590][T18955] get_page_from_freelist+0xdaa/0x295a [ 6945.837410][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6945.839344][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6945.841971][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6945.843808][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6945.845482][T18955] page_pool_alloc_pages+0x20/0x62 [ 6945.847091][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6945.848848][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.850516][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.852970][T18955] __sys_bpf+0xd14/0x42cc [ 6945.854564][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6945.856157][T18955] syscall_handler+0x94/0x118 [ 6945.857697][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6945.859565][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.862009][T18955] page last free pid 16932 tgid 16932 stack trace: [ 6945.863589][T18955] __reset_page_owner+0x8c/0x400 [ 6945.865333][T18955] free_unref_page+0x592/0xf08 [ 6945.867013][T18955] __folio_put+0x1ae/0x22e [ 6945.868537][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6945.870218][T18955] tlb_remove_table_rcu+0x86/0xee [ 6945.872747][T18955] rcu_core+0xa24/0x1eac [ 6945.874346][T18955] rcu_core_si+0xc/0x14 [ 6945.875941][T18955] handle_softirqs+0x4a6/0x10de [ 6945.877435][T18955] __do_softirq+0x12/0x1a [ 6945.879072][T18955] Modules linked in: [ 6945.880719][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6945.882693][T18955] Tainted: [B]=BAD_PAGE [ 6945.884006][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6945.885229][T18955] Call Trace: [ 6945.886278][T18955] [] dump_backtrace+0x2e/0x3c [ 6945.887798][T18955] [] show_stack+0x34/0x40 [ 6945.889047][T18955] [] dump_stack_lvl+0x122/0x196 [ 6945.890574][T18955] [] dump_stack+0x1c/0x24 [ 6945.891996][T18955] [] bad_page+0x268/0x2da [ 6945.893405][T18955] [] free_unref_page+0x78a/0xf08 [ 6945.895007][T18955] [] page_frag_free+0x21c/0x268 [ 6945.896557][T18955] [] skb_free_head+0x1ce/0x2ec [ 6945.897880][T18955] [] skb_release_data+0x6ec/0x86a [ 6945.899303][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6945.900808][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6945.902514][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6945.904157][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6945.905813][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6945.907477][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6945.909106][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.910729][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.912307][T18955] [] __sys_bpf+0xd14/0x42cc [ 6945.913843][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6945.915351][T18955] [] syscall_handler+0x94/0x118 [ 6945.916816][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6945.918406][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.921608][T18955] BUG: Bad page state in process syz.2.1806 pfn:ae1f2 [ 6945.923201][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002e1f2dc0 pfn:0xae1f2 [ 6945.925011][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6945.926889][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6945.928461][T18955] raw: ff6000002e1f2dc0 0000000000000001 00000000ffffffff 0000000000000000 [ 6945.929984][T18955] page dumped because: page_pool leak [ 6945.932291][T18955] page_owner tracks the page as allocated [ 6945.933570][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764251800, free_ts 6940303820200 [ 6945.936214][T18955] __set_page_owner+0xa2/0x70c [ 6945.937953][T18955] post_alloc_hook+0xec/0x1e4 [ 6945.939663][T18955] get_page_from_freelist+0xdaa/0x295a [ 6945.942260][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6945.944032][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6945.945768][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6945.947459][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6945.949045][T18955] page_pool_alloc_pages+0x20/0x62 [ 6945.950635][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6945.952986][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6945.954729][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6945.956442][T18955] __sys_bpf+0xd14/0x42cc [ 6945.957983][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6945.959683][T18955] syscall_handler+0x94/0x118 [ 6945.961810][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6945.963502][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6945.965195][T18955] page last free pid 24 tgid 24 stack trace: [ 6945.966600][T18955] __reset_page_owner+0x8c/0x400 [ 6945.968205][T18955] free_unref_page+0x592/0xf08 [ 6945.969941][T18955] __folio_put+0x1ae/0x22e [ 6945.972314][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6945.974077][T18955] tlb_remove_table_rcu+0x86/0xee [ 6945.975678][T18955] rcu_core+0xa24/0x1eac [ 6945.977193][T18955] rcu_core_si+0xc/0x14 [ 6945.978653][T18955] handle_softirqs+0x4a6/0x10de [ 6945.980103][T18955] run_ksoftirqd+0xce/0x144 [ 6945.982177][T18955] smpboot_thread_fn+0x654/0xb98 [ 6945.983756][T18955] kthread+0x28c/0x3a6 [ 6945.985251][T18955] ret_from_fork+0xe/0x18 [ 6945.986842][T18955] Modules linked in: [ 6945.988416][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6945.990235][T18955] Tainted: [B]=BAD_PAGE [ 6945.991186][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6945.992235][T18955] Call Trace: [ 6945.993126][T18955] [] dump_backtrace+0x2e/0x3c [ 6945.994744][T18955] [] show_stack+0x34/0x40 [ 6945.995959][T18955] [] dump_stack_lvl+0x122/0x196 [ 6945.997385][T18955] [] dump_stack+0x1c/0x24 [ 6945.998850][T18955] [] bad_page+0x268/0x2da [ 6946.000299][T18955] [] free_unref_page+0x78a/0xf08 [ 6946.001830][T18955] [] page_frag_free+0x21c/0x268 [ 6946.003445][T18955] [] skb_free_head+0x1ce/0x2ec [ 6946.004836][T18955] [] skb_release_data+0x6ec/0x86a [ 6946.006203][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6946.007504][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6946.009188][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6946.010828][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6946.012438][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6946.014003][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6946.015718][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.017241][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.018782][T18955] [] __sys_bpf+0xd14/0x42cc [ 6946.020198][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6946.022518][T18955] [] syscall_handler+0x94/0x118 [ 6946.024385][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6946.025915][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.028854][T18955] BUG: Bad page state in process syz.2.1806 pfn:ad2e1 [ 6946.030396][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002d2e1e58 pfn:0xad2e1 [ 6946.032671][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6946.034449][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6946.036927][T18955] raw: ff6000002d2e1e58 0000000000000001 00000000ffffffff 0000000000000000 [ 6946.038493][T18955] page dumped because: page_pool leak [ 6946.039803][T18955] page_owner tracks the page as allocated [ 6946.041613][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764133900, free_ts 6940798084500 [ 6946.044197][T18955] __set_page_owner+0xa2/0x70c [ 6946.045824][T18955] post_alloc_hook+0xec/0x1e4 [ 6946.047458][T18955] get_page_from_freelist+0xdaa/0x295a [ 6946.049753][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6946.052235][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6946.054496][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6946.056139][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6946.057750][T18955] page_pool_alloc_pages+0x20/0x62 [ 6946.059389][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6946.061558][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.063255][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.064897][T18955] __sys_bpf+0xd14/0x42cc [ 6946.066452][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6946.067970][T18955] syscall_handler+0x94/0x118 [ 6946.069526][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6946.071642][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.073431][T18955] page last free pid 16932 tgid 16932 stack trace: [ 6946.074875][T18955] __reset_page_owner+0x8c/0x400 [ 6946.076527][T18955] free_unref_page+0x592/0xf08 [ 6946.078187][T18955] __folio_put+0x1ae/0x22e [ 6946.079694][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6946.081925][T18955] tlb_remove_table_rcu+0x86/0xee [ 6946.083792][T18955] rcu_core+0xa24/0x1eac [ 6946.085258][T18955] rcu_core_si+0xc/0x14 [ 6946.086715][T18955] handle_softirqs+0x4a6/0x10de [ 6946.088121][T18955] __do_softirq+0x12/0x1a [ 6946.089735][T18955] Modules linked in: [ 6946.091840][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6946.093757][T18955] Tainted: [B]=BAD_PAGE [ 6946.094953][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6946.095948][T18955] Call Trace: [ 6946.096878][T18955] [] dump_backtrace+0x2e/0x3c [ 6946.098307][T18955] [] show_stack+0x34/0x40 [ 6946.099589][T18955] [] dump_stack_lvl+0x122/0x196 [ 6946.101173][T18955] [] dump_stack+0x1c/0x24 [ 6946.102663][T18955] [] bad_page+0x268/0x2da [ 6946.104123][T18955] [] free_unref_page+0x78a/0xf08 [ 6946.105646][T18955] [] page_frag_free+0x21c/0x268 [ 6946.107246][T18955] [] skb_free_head+0x1ce/0x2ec [ 6946.108904][T18955] [] skb_release_data+0x6ec/0x86a [ 6946.110229][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6946.112494][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6946.114401][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6946.116015][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6946.117686][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6946.119350][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6946.121127][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.122759][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.124631][T18955] [] __sys_bpf+0xd14/0x42cc [ 6946.126700][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6946.128155][T18955] [] syscall_handler+0x94/0x118 [ 6946.129578][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6946.131114][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.133530][T18955] BUG: Bad page state in process syz.2.1806 pfn:ad2e0 [ 6946.135046][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002d2e0d90 pfn:0xad2e0 [ 6946.136852][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6946.138600][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6946.140777][T18955] raw: ff6000002d2e0d90 0000000000000001 00000000ffffffff 0000000000000000 [ 6946.143666][T18955] page dumped because: page_pool leak [ 6946.144992][T18955] page_owner tracks the page as allocated [ 6946.146327][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764012100, free_ts 6940798882400 [ 6946.149148][T18955] __set_page_owner+0xa2/0x70c [ 6946.150823][T18955] post_alloc_hook+0xec/0x1e4 [ 6946.152865][T18955] get_page_from_freelist+0xdaa/0x295a [ 6946.154607][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6946.156342][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6946.158112][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6946.159762][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6946.161767][T18955] page_pool_alloc_pages+0x20/0x62 [ 6946.163415][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6946.165099][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.166676][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.168405][T18955] __sys_bpf+0xd14/0x42cc [ 6946.169947][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6946.172477][T18955] syscall_handler+0x94/0x118 [ 6946.173994][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6946.175622][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.177302][T18955] page last free pid 16932 tgid 16932 stack trace: [ 6946.178741][T18955] __reset_page_owner+0x8c/0x400 [ 6946.180388][T18955] free_unref_page+0x592/0xf08 [ 6946.182539][T18955] __folio_put+0x1ae/0x22e [ 6946.184047][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6946.185767][T18955] tlb_remove_table_rcu+0x86/0xee [ 6946.187344][T18955] rcu_core+0xa24/0x1eac [ 6946.188944][T18955] rcu_core_si+0xc/0x14 [ 6946.190444][T18955] handle_softirqs+0x4a6/0x10de [ 6946.192417][T18955] __do_softirq+0x12/0x1a [ 6946.193994][T18955] Modules linked in: [ 6946.195597][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6946.197514][T18955] Tainted: [B]=BAD_PAGE [ 6946.198426][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6946.199471][T18955] Call Trace: [ 6946.200408][T18955] [] dump_backtrace+0x2e/0x3c [ 6946.202088][T18955] [] show_stack+0x34/0x40 [ 6946.203438][T18955] [] dump_stack_lvl+0x122/0x196 [ 6946.204921][T18955] [] dump_stack+0x1c/0x24 [ 6946.206299][T18955] [] bad_page+0x268/0x2da [ 6946.207710][T18955] [] free_unref_page+0x78a/0xf08 [ 6946.209263][T18955] [] page_frag_free+0x21c/0x268 [ 6946.210976][T18955] [] skb_free_head+0x1ce/0x2ec [ 6946.212504][T18955] [] skb_release_data+0x6ec/0x86a [ 6946.213835][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6946.215142][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6946.216882][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6946.218559][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6946.220303][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6946.222102][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6946.224662][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.226337][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.227927][T18955] [] __sys_bpf+0xd14/0x42cc [ 6946.229403][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6946.231103][T18955] [] syscall_handler+0x94/0x118 [ 6946.232687][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6946.234301][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.237350][T18955] BUG: Bad page state in process syz.2.1806 pfn:ac2d3 [ 6946.239006][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x21 pfn:0xac2d3 [ 6946.240736][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6946.243025][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6946.244749][T18955] raw: 0000000000000021 0000000000000001 00000000ffffffff 0000000000000000 [ 6946.246359][T18955] page dumped because: page_pool leak [ 6946.247688][T18955] page_owner tracks the page as allocated [ 6946.249427][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763892100, free_ts 6940802634600 [ 6946.253882][T18955] __set_page_owner+0xa2/0x70c [ 6946.255583][T18955] post_alloc_hook+0xec/0x1e4 [ 6946.257169][T18955] get_page_from_freelist+0xdaa/0x295a [ 6946.258954][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6946.260632][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6946.262861][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6946.264522][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6946.266111][T18955] page_pool_alloc_pages+0x20/0x62 [ 6946.267688][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6946.269347][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.271398][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.273132][T18955] __sys_bpf+0xd14/0x42cc [ 6946.274706][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6946.276271][T18955] syscall_handler+0x94/0x118 [ 6946.277767][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6946.279377][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.281506][T18955] page last free pid 16932 tgid 16932 stack trace: [ 6946.283094][T18955] __reset_page_owner+0x8c/0x400 [ 6946.284799][T18955] free_unref_page+0x592/0xf08 [ 6946.286480][T18955] __folio_put+0x1ae/0x22e [ 6946.288026][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6946.289753][T18955] tlb_remove_table_rcu+0x86/0xee [ 6946.291832][T18955] rcu_core+0xa24/0x1eac [ 6946.293306][T18955] rcu_core_si+0xc/0x14 [ 6946.294814][T18955] handle_softirqs+0x4a6/0x10de [ 6946.296269][T18955] __do_softirq+0x12/0x1a [ 6946.297807][T18955] Modules linked in: [ 6946.299414][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6946.301445][T18955] Tainted: [B]=BAD_PAGE [ 6946.302538][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6946.303591][T18955] Call Trace: [ 6946.304494][T18955] [] dump_backtrace+0x2e/0x3c [ 6946.305970][T18955] [] show_stack+0x34/0x40 [ 6946.307260][T18955] [] dump_stack_lvl+0x122/0x196 [ 6946.308724][T18955] [] dump_stack+0x1c/0x24 [ 6946.310150][T18955] [] bad_page+0x268/0x2da [ 6946.312186][T18955] [] free_unref_page+0x78a/0xf08 [ 6946.313828][T18955] [] page_frag_free+0x21c/0x268 [ 6946.315420][T18955] [] skb_free_head+0x1ce/0x2ec [ 6946.316752][T18955] [] skb_release_data+0x6ec/0x86a [ 6946.318136][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6946.319533][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6946.321436][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6946.323163][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6946.325307][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6946.327639][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6946.329428][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.331002][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.332474][T18955] [] __sys_bpf+0xd14/0x42cc [ 6946.333797][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6946.335204][T18955] [] syscall_handler+0x94/0x118 [ 6946.336535][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6946.338003][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.340807][T18955] BUG: Bad page state in process syz.2.1806 pfn:ac2d2 [ 6946.342791][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x20 pfn:0xac2d2 [ 6946.344405][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6946.346073][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6946.347734][T18955] raw: 0000000000000020 0000000000000001 00000000ffffffff 0000000000000000 [ 6946.349165][T18955] page dumped because: page_pool leak [ 6946.350438][T18955] page_owner tracks the page as allocated [ 6946.353083][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763772200, free_ts 6940799262400 [ 6946.355537][T18955] __set_page_owner+0xa2/0x70c [ 6946.357237][T18955] post_alloc_hook+0xec/0x1e4 [ 6946.358874][T18955] get_page_from_freelist+0xdaa/0x295a [ 6946.360572][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6946.363042][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6946.364735][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6946.366370][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6946.367919][T18955] page_pool_alloc_pages+0x20/0x62 [ 6946.369385][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6946.371858][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.373458][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.375114][T18955] __sys_bpf+0xd14/0x42cc [ 6946.376547][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6946.378090][T18955] syscall_handler+0x94/0x118 [ 6946.379543][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6946.381846][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.384194][T18955] page last free pid 16932 tgid 16932 stack trace: [ 6946.385551][T18955] __reset_page_owner+0x8c/0x400 [ 6946.387232][T18955] free_unref_page+0x592/0xf08 [ 6946.388764][T18955] __folio_put+0x1ae/0x22e [ 6946.390240][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6946.392945][T18955] tlb_remove_table_rcu+0x86/0xee [ 6946.394523][T18955] rcu_core+0xa24/0x1eac [ 6946.395871][T18955] rcu_core_si+0xc/0x14 [ 6946.397243][T18955] handle_softirqs+0x4a6/0x10de [ 6946.398619][T18955] __do_softirq+0x12/0x1a [ 6946.400091][T18955] Modules linked in: [ 6946.402534][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6946.404187][T18955] Tainted: [B]=BAD_PAGE [ 6946.405033][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6946.405971][T18955] Call Trace: [ 6946.406826][T18955] [] dump_backtrace+0x2e/0x3c [ 6946.408165][T18955] [] show_stack+0x34/0x40 [ 6946.409346][T18955] [] dump_stack_lvl+0x122/0x196 [ 6946.410734][T18955] [] dump_stack+0x1c/0x24 [ 6946.412211][T18955] [] bad_page+0x268/0x2da [ 6946.413547][T18955] [] free_unref_page+0x78a/0xf08 [ 6946.415028][T18955] [] page_frag_free+0x21c/0x268 [ 6946.416488][T18955] [] skb_free_head+0x1ce/0x2ec [ 6946.417721][T18955] [] skb_release_data+0x6ec/0x86a [ 6946.419092][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6946.420497][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6946.422269][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6946.423932][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6946.425612][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6946.427209][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6946.428873][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.430467][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.432004][T18955] [] __sys_bpf+0xd14/0x42cc [ 6946.433438][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6946.434931][T18955] [] syscall_handler+0x94/0x118 [ 6946.436409][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6946.437942][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.440798][T18955] BUG: Bad page state in process syz.2.1806 pfn:9de23 [ 6946.442688][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x9de23 [ 6946.445267][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6946.447041][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6946.448731][T18955] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 6946.450313][T18955] page dumped because: page_pool leak [ 6946.452594][T18955] page_owner tracks the page as allocated [ 6946.453870][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763651500, free_ts 6941283772200 [ 6946.456266][T18955] __set_page_owner+0xa2/0x70c [ 6946.457941][T18955] post_alloc_hook+0xec/0x1e4 [ 6946.459574][T18955] get_page_from_freelist+0xdaa/0x295a [ 6946.461968][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6946.463622][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6946.465308][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6946.466949][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6946.468506][T18955] page_pool_alloc_pages+0x20/0x62 [ 6946.469956][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6946.472840][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.474482][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.476037][T18955] __sys_bpf+0xd14/0x42cc [ 6946.477502][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6946.479046][T18955] syscall_handler+0x94/0x118 [ 6946.480573][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6946.482871][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.484905][T18955] page last free pid 3146 tgid 3146 stack trace: [ 6946.486299][T18955] __reset_page_owner+0x8c/0x400 [ 6946.487925][T18955] free_unref_page+0x592/0xf08 [ 6946.489491][T18955] page_frag_free+0x21c/0x268 [ 6946.491800][T18955] skb_free_head+0x1ce/0x2ec [ 6946.493242][T18955] skb_release_data+0x6ec/0x86a [ 6946.494690][T18955] __kfree_skb+0x46/0x68 [ 6946.496109][T18955] tcp_rcv_established+0xff2/0x2592 [ 6946.497605][T18955] tcp_v4_do_rcv+0x68a/0xbaa [ 6946.499147][T18955] __release_sock+0x106/0x36e [ 6946.500716][T18955] release_sock+0x5c/0x1c8 [ 6946.502975][T18955] tcp_sendmsg+0x3e/0x4e [ 6946.504478][T18955] inet_sendmsg+0x9c/0xda [ 6946.505819][T18955] __sock_sendmsg+0xcc/0x160 [ 6946.507430][T18955] sock_write_iter+0x2a0/0x3ba [ 6946.508946][T18955] vfs_write+0x4d4/0x9b4 [ 6946.510437][T18955] ksys_write+0x1f0/0x266 [ 6946.512707][T18955] Modules linked in: [ 6946.514282][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6946.516001][T18955] Tainted: [B]=BAD_PAGE [ 6946.516903][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6946.517901][T18955] Call Trace: [ 6946.518801][T18955] [] dump_backtrace+0x2e/0x3c [ 6946.520458][T18955] [] show_stack+0x34/0x40 [ 6946.521774][T18955] [] dump_stack_lvl+0x122/0x196 [ 6946.523236][T18955] [] dump_stack+0x1c/0x24 [ 6946.524607][T18955] [] bad_page+0x268/0x2da [ 6946.526012][T18955] [] free_unref_page+0x78a/0xf08 [ 6946.527532][T18955] [] page_frag_free+0x21c/0x268 [ 6946.528984][T18955] [] skb_free_head+0x1ce/0x2ec [ 6946.530372][T18955] [] skb_release_data+0x6ec/0x86a [ 6946.532331][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6946.533618][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6946.535238][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6946.536800][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6946.538485][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6946.540078][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6946.543338][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.544882][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.546471][T18955] [] __sys_bpf+0xd14/0x42cc [ 6946.547852][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6946.549241][T18955] [] syscall_handler+0x94/0x118 [ 6946.550678][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6946.552217][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.555006][T18955] BUG: Bad page state in process syz.2.1806 pfn:9de22 [ 6946.556443][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001de22c00 pfn:0x9de22 [ 6946.558208][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6946.559919][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6946.562712][T18955] raw: ff6000001de22c00 0000000000000001 00000000ffffffff 0000000000000000 [ 6946.564295][T18955] page dumped because: page_pool leak [ 6946.565576][T18955] page_owner tracks the page as allocated [ 6946.566840][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763526500, free_ts 6940305420800 [ 6946.569174][T18955] __set_page_owner+0xa2/0x70c [ 6946.570872][T18955] post_alloc_hook+0xec/0x1e4 [ 6946.573184][T18955] get_page_from_freelist+0xdaa/0x295a [ 6946.574908][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6946.576557][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6946.578246][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6946.579826][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6946.582200][T18955] page_pool_alloc_pages+0x20/0x62 [ 6946.583743][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6946.585416][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.587035][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.588647][T18955] __sys_bpf+0xd14/0x42cc [ 6946.590131][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6946.592780][T18955] syscall_handler+0x94/0x118 [ 6946.594318][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6946.595880][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.597537][T18955] page last free pid 24 tgid 24 stack trace: [ 6946.598905][T18955] __reset_page_owner+0x8c/0x400 [ 6946.600532][T18955] free_unref_page+0x592/0xf08 [ 6946.602714][T18955] __folio_put+0x1ae/0x22e [ 6946.604205][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6946.605868][T18955] tlb_remove_table_rcu+0x86/0xee [ 6946.607460][T18955] rcu_core+0xa24/0x1eac [ 6946.608913][T18955] rcu_core_si+0xc/0x14 [ 6946.610395][T18955] handle_softirqs+0x4a6/0x10de [ 6946.612372][T18955] run_ksoftirqd+0xce/0x144 [ 6946.613785][T18955] smpboot_thread_fn+0x654/0xb98 [ 6946.615306][T18955] kthread+0x28c/0x3a6 [ 6946.616785][T18955] ret_from_fork+0xe/0x18 [ 6946.618361][T18955] Modules linked in: [ 6946.619900][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6946.621935][T18955] Tainted: [B]=BAD_PAGE [ 6946.622890][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6946.624003][T18955] Call Trace: [ 6946.625151][T18955] [] dump_backtrace+0x2e/0x3c [ 6946.626805][T18955] [] show_stack+0x34/0x40 [ 6946.628199][T18955] [] dump_stack_lvl+0x122/0x196 [ 6946.629771][T18955] [] dump_stack+0x1c/0x24 [ 6946.631399][T18955] [] bad_page+0x268/0x2da [ 6946.633062][T18955] [] free_unref_page+0x78a/0xf08 [ 6946.634772][T18955] [] page_frag_free+0x21c/0x268 [ 6946.636370][T18955] [] skb_free_head+0x1ce/0x2ec [ 6946.637792][T18955] [] skb_release_data+0x6ec/0x86a [ 6946.639339][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6946.640888][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6946.642795][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6946.644627][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6946.646444][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6946.648116][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6946.649870][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.651830][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.653475][T18955] [] __sys_bpf+0xd14/0x42cc [ 6946.655280][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6946.656757][T18955] [] syscall_handler+0x94/0x118 [ 6946.658243][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6946.659753][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.662963][T18955] BUG: Bad page state in process syz.2.1806 pfn:ac193 [ 6946.665030][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2cf pfn:0xac193 [ 6946.666780][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6946.668493][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6946.670331][T18955] raw: 00000000000002cf 0000000000000001 00000000ffffffff 0000000000000000 [ 6946.673612][T18955] page dumped because: page_pool leak [ 6946.674949][T18955] page_owner tracks the page as allocated [ 6946.676643][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763405400, free_ts 6941446538700 [ 6946.679347][T18955] __set_page_owner+0xa2/0x70c [ 6946.681592][T18955] post_alloc_hook+0xec/0x1e4 [ 6946.683292][T18955] get_page_from_freelist+0xdaa/0x295a [ 6946.684999][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6946.686542][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6946.687553][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6946.688574][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6946.689822][T18955] page_pool_alloc_pages+0x20/0x62 [ 6946.690841][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6946.692340][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.693845][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.695639][T18955] __sys_bpf+0xd14/0x42cc [ 6946.697197][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6946.698771][T18955] syscall_handler+0x94/0x118 [ 6946.700352][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6946.702748][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.704549][T18955] page last free pid 3146 tgid 3146 stack trace: [ 6946.705604][T18955] __reset_page_owner+0x8c/0x400 [ 6946.706677][T18955] free_unref_page+0x592/0xf08 [ 6946.708266][T18955] page_frag_free+0x21c/0x268 [ 6946.709867][T18955] skb_free_head+0x1ce/0x2ec [ 6946.710781][T18955] skb_release_data+0x6ec/0x86a [ 6946.712605][T18955] __kfree_skb+0x46/0x68 [ 6946.713636][T18955] tcp_rcv_established+0xff2/0x2592 [ 6946.714584][T18955] tcp_v4_do_rcv+0x68a/0xbaa [ 6946.715516][T18955] __release_sock+0x106/0x36e [ 6946.717035][T18955] release_sock+0x5c/0x1c8 [ 6946.718595][T18955] tcp_sendmsg+0x3e/0x4e [ 6946.720130][T18955] inet_sendmsg+0x9c/0xda [ 6946.722711][T18955] __sock_sendmsg+0xcc/0x160 [ 6946.724409][T18955] sock_write_iter+0x2a0/0x3ba [ 6946.726123][T18955] vfs_write+0x4d4/0x9b4 [ 6946.727623][T18955] ksys_write+0x1f0/0x266 [ 6946.729187][T18955] Modules linked in: [ 6946.730817][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6946.732882][T18955] Tainted: [B]=BAD_PAGE [ 6946.733978][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6946.735099][T18955] Call Trace: [ 6946.736041][T18955] [] dump_backtrace+0x2e/0x3c [ 6946.737525][T18955] [] show_stack+0x34/0x40 [ 6946.738937][T18955] [] dump_stack_lvl+0x122/0x196 [ 6946.740480][T18955] [] dump_stack+0x1c/0x24 [ 6946.742069][T18955] [] bad_page+0x268/0x2da [ 6946.743593][T18955] [] free_unref_page+0x78a/0xf08 [ 6946.746193][T18955] [] page_frag_free+0x21c/0x268 [ 6946.747847][T18955] [] skb_free_head+0x1ce/0x2ec [ 6946.749359][T18955] [] skb_release_data+0x6ec/0x86a [ 6946.750822][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6946.752363][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6946.754138][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6946.755892][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6946.758378][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6946.760094][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6946.762900][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.764550][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.766231][T18955] [] __sys_bpf+0xd14/0x42cc [ 6946.767734][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6946.769268][T18955] [] syscall_handler+0x94/0x118 [ 6946.770914][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6946.772607][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.775637][T18955] BUG: Bad page state in process syz.2.1806 pfn:ae1f1 [ 6946.777177][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002e1f1c80 pfn:0xae1f1 [ 6946.779113][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6946.781440][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6946.783365][T18955] raw: ff6000002e1f1c80 0000000000000001 00000000ffffffff 0000000000000000 [ 6946.784984][T18955] page dumped because: page_pool leak [ 6946.786327][T18955] page_owner tracks the page as allocated [ 6946.787683][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763283200, free_ts 6940813897500 [ 6946.790450][T18955] __set_page_owner+0xa2/0x70c [ 6946.792990][T18955] post_alloc_hook+0xec/0x1e4 [ 6946.794662][T18955] get_page_from_freelist+0xdaa/0x295a [ 6946.796381][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6946.798080][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6946.799778][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6946.802499][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6946.804144][T18955] page_pool_alloc_pages+0x20/0x62 [ 6946.805811][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6946.807521][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.809162][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.811530][T18955] __sys_bpf+0xd14/0x42cc [ 6946.813119][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6946.814740][T18955] syscall_handler+0x94/0x118 [ 6946.816300][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6946.817964][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.819816][T18955] page last free pid 18914 tgid 18914 stack trace: [ 6946.822003][T18955] __reset_page_owner+0x8c/0x400 [ 6946.823725][T18955] free_unref_page+0x592/0xf08 [ 6946.825363][T18955] __free_pages+0x13c/0x1bc [ 6946.827011][T18955] free_pages.part.0+0x26a/0x4cc [ 6946.828671][T18955] free_pages+0xe/0x18 [ 6946.830233][T18955] tlb_finish_mmu+0x20c/0x7e6 [ 6946.832612][T18955] exit_mmap+0x36c/0xbea [ 6946.834159][T18955] mmput+0x122/0x3e2 [ 6946.835583][T18955] do_exit+0x902/0x2986 [ 6946.837091][T18955] do_group_exit+0xd4/0x26c [ 6946.838711][T18955] __riscv_sys_exit_group+0x4a/0x54 [ 6946.840344][T18955] syscall_handler+0x94/0x118 [ 6946.842566][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6946.844649][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.846441][T18955] Modules linked in: [ 6946.848007][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6946.849972][T18955] Tainted: [B]=BAD_PAGE [ 6946.850910][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6946.851891][T18955] Call Trace: [ 6946.852752][T18955] [] dump_backtrace+0x2e/0x3c [ 6946.854316][T18955] [] show_stack+0x34/0x40 [ 6946.855667][T18955] [] dump_stack_lvl+0x122/0x196 [ 6946.857176][T18955] [] dump_stack+0x1c/0x24 [ 6946.858894][T18955] [] bad_page+0x268/0x2da [ 6946.860415][T18955] [] free_unref_page+0x78a/0xf08 [ 6946.862142][T18955] [] page_frag_free+0x21c/0x268 [ 6946.863773][T18955] [] skb_free_head+0x1ce/0x2ec [ 6946.865174][T18955] [] skb_release_data+0x6ec/0x86a [ 6946.866646][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6946.868158][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6946.869979][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6946.871734][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6946.873480][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6946.875028][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6946.877087][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.878749][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.880332][T18955] [] __sys_bpf+0xd14/0x42cc [ 6946.881750][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6946.883339][T18955] [] syscall_handler+0x94/0x118 [ 6946.884837][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6946.886516][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.889808][T18955] BUG: Bad page state in process syz.2.1806 pfn:97eff [ 6946.891830][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff60000017effc80 pfn:0x97eff [ 6946.894207][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6946.896007][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6946.897724][T18955] raw: ff60000017effc80 0000000000000001 00000000ffffffff 0000000000000000 [ 6946.899303][T18955] page dumped because: page_pool leak [ 6946.900586][T18955] page_owner tracks the page as allocated [ 6946.902460][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763154100, free_ts 6940803461300 [ 6946.905077][T18955] __set_page_owner+0xa2/0x70c [ 6946.906814][T18955] post_alloc_hook+0xec/0x1e4 [ 6946.908445][T18955] get_page_from_freelist+0xdaa/0x295a [ 6946.910231][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6946.912485][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6946.914292][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6946.915987][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6946.917583][T18955] page_pool_alloc_pages+0x20/0x62 [ 6946.919174][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6946.921384][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.923115][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.924773][T18955] __sys_bpf+0xd14/0x42cc [ 6946.926391][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6946.927965][T18955] syscall_handler+0x94/0x118 [ 6946.929479][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6946.931727][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.933460][T18955] page last free pid 16932 tgid 16932 stack trace: [ 6946.934920][T18955] __reset_page_owner+0x8c/0x400 [ 6946.936584][T18955] free_unref_page+0x592/0xf08 [ 6946.938286][T18955] __folio_put+0x1ae/0x22e [ 6946.939828][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6946.942667][T18955] tlb_remove_table_rcu+0x86/0xee [ 6946.944295][T18955] rcu_core+0xa24/0x1eac [ 6946.945723][T18955] rcu_core_si+0xc/0x14 [ 6946.947197][T18955] handle_softirqs+0x4a6/0x10de [ 6946.948649][T18955] __do_softirq+0x12/0x1a [ 6946.950210][T18955] Modules linked in: [ 6946.952389][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6946.954287][T18955] Tainted: [B]=BAD_PAGE [ 6946.955155][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6946.956146][T18955] Call Trace: [ 6946.956956][T18955] [] dump_backtrace+0x2e/0x3c [ 6946.958383][T18955] [] show_stack+0x34/0x40 [ 6946.959634][T18955] [] dump_stack_lvl+0x122/0x196 [ 6946.961114][T18955] [] dump_stack+0x1c/0x24 [ 6946.962641][T18955] [] bad_page+0x268/0x2da [ 6946.964116][T18955] [] free_unref_page+0x78a/0xf08 [ 6946.965633][T18955] [] page_frag_free+0x21c/0x268 [ 6946.967536][T18955] [] skb_free_head+0x1ce/0x2ec [ 6946.969305][T18955] [] skb_release_data+0x6ec/0x86a [ 6946.970614][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6946.971895][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6946.973405][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6946.974894][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6946.976453][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6946.977855][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6946.979358][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6946.980728][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6946.982264][T18955] [] __sys_bpf+0xd14/0x42cc [ 6946.983622][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6946.984961][T18955] [] syscall_handler+0x94/0x118 [ 6946.986366][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6946.987723][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6946.990276][T18955] BUG: Bad page state in process syz.2.1806 pfn:aaf87 [ 6946.992883][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0xaaf87 [ 6946.994543][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6946.996500][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6946.998222][T18955] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 6946.999626][T18955] page dumped because: page_pool leak [ 6947.000831][T18955] page_owner tracks the page as allocated [ 6947.002779][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763030800, free_ts 6940304808900 [ 6947.005117][T18955] __set_page_owner+0xa2/0x70c [ 6947.006875][T18955] post_alloc_hook+0xec/0x1e4 [ 6947.008360][T18955] get_page_from_freelist+0xdaa/0x295a [ 6947.009919][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6947.012640][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6947.014387][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6947.016003][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6947.017549][T18955] page_pool_alloc_pages+0x20/0x62 [ 6947.019154][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6947.020748][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.022955][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.024498][T18955] __sys_bpf+0xd14/0x42cc [ 6947.025899][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6947.027386][T18955] syscall_handler+0x94/0x118 [ 6947.028805][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6947.030382][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.032663][T18955] page last free pid 24 tgid 24 stack trace: [ 6947.033993][T18955] __reset_page_owner+0x8c/0x400 [ 6947.035690][T18955] free_unref_page+0x592/0xf08 [ 6947.037202][T18955] __folio_put+0x1ae/0x22e [ 6947.038658][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6947.040456][T18955] tlb_remove_table_rcu+0x86/0xee [ 6947.042927][T18955] rcu_core+0xa24/0x1eac [ 6947.044418][T18955] rcu_core_si+0xc/0x14 [ 6947.045815][T18955] handle_softirqs+0x4a6/0x10de [ 6947.047231][T18955] run_ksoftirqd+0xce/0x144 [ 6947.048570][T18955] smpboot_thread_fn+0x654/0xb98 [ 6947.050080][T18955] kthread+0x28c/0x3a6 [ 6947.052551][T18955] ret_from_fork+0xe/0x18 [ 6947.054184][T18955] Modules linked in: [ 6947.055742][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6947.057372][T18955] Tainted: [B]=BAD_PAGE [ 6947.058214][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6947.059173][T18955] Call Trace: [ 6947.059978][T18955] [] dump_backtrace+0x2e/0x3c [ 6947.061749][T18955] [] show_stack+0x34/0x40 [ 6947.063060][T18955] [] dump_stack_lvl+0x122/0x196 [ 6947.064530][T18955] [] dump_stack+0x1c/0x24 [ 6947.065880][T18955] [] bad_page+0x268/0x2da [ 6947.067315][T18955] [] free_unref_page+0x78a/0xf08 [ 6947.068725][T18955] [] page_frag_free+0x21c/0x268 [ 6947.070184][T18955] [] skb_free_head+0x1ce/0x2ec [ 6947.071949][T18955] [] skb_release_data+0x6ec/0x86a [ 6947.073261][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6947.074621][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6947.076321][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6947.078510][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6947.080051][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6947.082063][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6947.083567][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.084978][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.086493][T18955] [] __sys_bpf+0xd14/0x42cc [ 6947.087839][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6947.089304][T18955] [] syscall_handler+0x94/0x118 [ 6947.090975][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6947.092466][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.095263][T18955] BUG: Bad page state in process syz.2.1806 pfn:aaf83 [ 6947.096729][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0xaaf83 [ 6947.098413][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6947.100098][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6947.103099][T18955] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 6947.104631][T18955] page dumped because: page_pool leak [ 6947.106340][T18955] page_owner tracks the page as allocated [ 6947.107551][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942762892700, free_ts 6925915425900 [ 6947.109873][T18955] __set_page_owner+0xa2/0x70c [ 6947.112804][T18955] post_alloc_hook+0xec/0x1e4 [ 6947.114558][T18955] get_page_from_freelist+0xdaa/0x295a [ 6947.116169][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6947.117810][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6947.119493][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6947.121796][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6947.123480][T18955] page_pool_alloc_pages+0x20/0x62 [ 6947.125029][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6947.127132][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.128799][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.130780][T18955] __sys_bpf+0xd14/0x42cc [ 6947.133299][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6947.134935][T18955] syscall_handler+0x94/0x118 [ 6947.136404][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6947.137988][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.139776][T18955] page last free pid 18910 tgid 18910 stack trace: [ 6947.141976][T18955] __reset_page_owner+0x8c/0x400 [ 6947.143756][T18955] free_unref_page+0x592/0xf08 [ 6947.145402][T18955] __folio_put+0x1ae/0x22e [ 6947.146959][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6947.148706][T18955] tlb_remove_table_rcu+0x86/0xee [ 6947.150329][T18955] rcu_core+0xa24/0x1eac [ 6947.152613][T18955] rcu_core_si+0xc/0x14 [ 6947.154189][T18955] handle_softirqs+0x4a6/0x10de [ 6947.155597][T18955] __irq_exit_rcu+0x188/0x372 [ 6947.156976][T18955] irq_exit_rcu+0x10/0xf8 [ 6947.158376][T18955] handle_riscv_irq+0x40/0x4c [ 6947.159882][T18955] call_on_irq_stack+0x32/0x40 [ 6947.162621][T18955] Modules linked in: [ 6947.164278][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6947.166197][T18955] Tainted: [B]=BAD_PAGE [ 6947.167109][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6947.168092][T18955] Call Trace: [ 6947.168936][T18955] [] dump_backtrace+0x2e/0x3c [ 6947.170416][T18955] [] show_stack+0x34/0x40 [ 6947.171709][T18955] [] dump_stack_lvl+0x122/0x196 [ 6947.173203][T18955] [] dump_stack+0x1c/0x24 [ 6947.174690][T18955] [] bad_page+0x268/0x2da [ 6947.176120][T18955] [] free_unref_page+0x78a/0xf08 [ 6947.177632][T18955] [] page_frag_free+0x21c/0x268 [ 6947.179248][T18955] [] skb_free_head+0x1ce/0x2ec [ 6947.180581][T18955] [] skb_release_data+0x6ec/0x86a [ 6947.181971][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6947.183412][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6947.185127][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6947.186803][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6947.188394][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6947.189856][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6947.192108][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.193794][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.195418][T18955] [] __sys_bpf+0xd14/0x42cc [ 6947.196913][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6947.198428][T18955] [] syscall_handler+0x94/0x118 [ 6947.199856][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6947.201742][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.204533][T18955] BUG: Bad page state in process syz.2.1806 pfn:ab091 [ 6947.206104][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002b091e88 pfn:0xab091 [ 6947.207866][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6947.209693][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6947.212163][T18955] raw: ff6000002b091e88 0000000000000001 00000000ffffffff 0000000000000000 [ 6947.213727][T18955] page dumped because: page_pool leak [ 6947.215081][T18955] page_owner tracks the page as allocated [ 6947.216335][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942762468000, free_ts 6923527716600 [ 6947.218749][T18955] __set_page_owner+0xa2/0x70c [ 6947.220485][T18955] post_alloc_hook+0xec/0x1e4 [ 6947.222849][T18955] get_page_from_freelist+0xdaa/0x295a [ 6947.224538][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6947.226270][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6947.228427][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6947.230165][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6947.232429][T18955] page_pool_alloc_pages+0x20/0x62 [ 6947.233995][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6947.235707][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.237332][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.239070][T18955] __sys_bpf+0xd14/0x42cc [ 6947.240569][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6947.242869][T18955] syscall_handler+0x94/0x118 [ 6947.244426][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6947.245987][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.247740][T18955] page last free pid 18907 tgid 18901 stack trace: [ 6947.249131][T18955] __reset_page_owner+0x8c/0x400 [ 6947.250812][T18955] free_unref_page+0x592/0xf08 [ 6947.252994][T18955] __free_pages+0x13c/0x1bc [ 6947.254661][T18955] free_pages.part.0+0x26a/0x4cc [ 6947.256225][T18955] free_pages+0xe/0x18 [ 6947.258004][T18955] tlb_finish_mmu+0x20c/0x7e6 [ 6947.259675][T18955] exit_mmap+0x36c/0xbea [ 6947.261870][T18955] mmput+0x122/0x3e2 [ 6947.263335][T18955] do_exit+0x902/0x2986 [ 6947.264867][T18955] do_group_exit+0xd4/0x26c [ 6947.266468][T18955] get_signal+0x1e98/0x23b0 [ 6947.267986][T18955] arch_do_signal_or_restart+0x8d6/0x1190 [ 6947.269539][T18955] syscall_exit_to_user_mode+0x2a6/0x31e [ 6947.271942][T18955] do_trap_ecall_u+0x86/0x216 [ 6947.273555][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.275289][T18955] Modules linked in: [ 6947.277159][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6947.278882][T18955] Tainted: [B]=BAD_PAGE [ 6947.279737][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6947.280708][T18955] Call Trace: [ 6947.281625][T18955] [] dump_backtrace+0x2e/0x3c [ 6947.283116][T18955] [] show_stack+0x34/0x40 [ 6947.284830][T18955] [] dump_stack_lvl+0x122/0x196 [ 6947.286391][T18955] [] dump_stack+0x1c/0x24 [ 6947.287777][T18955] [] bad_page+0x268/0x2da [ 6947.289296][T18955] [] free_unref_page+0x78a/0xf08 [ 6947.291036][T18955] [] page_frag_free+0x21c/0x268 [ 6947.292521][T18955] [] skb_free_head+0x1ce/0x2ec [ 6947.293821][T18955] [] skb_release_data+0x6ec/0x86a [ 6947.295183][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6947.296625][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6947.298905][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6947.300522][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6947.302224][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6947.303712][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6947.305462][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.306977][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.308551][T18955] [] __sys_bpf+0xd14/0x42cc [ 6947.309944][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6947.312380][T18955] [] syscall_handler+0x94/0x118 [ 6947.313790][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6947.315288][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.318183][T18955] BUG: Bad page state in process syz.2.1806 pfn:9daf5 [ 6947.319746][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001daf5dc0 pfn:0x9daf5 [ 6947.322551][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6947.324325][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6947.326104][T18955] raw: ff6000001daf5dc0 0000000000000001 00000000ffffffff 0000000000000000 [ 6947.327579][T18955] page dumped because: page_pool leak [ 6947.328835][T18955] page_owner tracks the page as allocated [ 6947.330129][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942762073900, free_ts 6937445753000 [ 6947.333252][T18955] __set_page_owner+0xa2/0x70c [ 6947.335257][T18955] post_alloc_hook+0xec/0x1e4 [ 6947.336890][T18955] get_page_from_freelist+0xdaa/0x295a [ 6947.338593][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6947.340293][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6947.342783][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6947.344489][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6947.346097][T18955] page_pool_alloc_pages+0x20/0x62 [ 6947.347645][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6947.349334][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.351730][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.353437][T18955] __sys_bpf+0xd14/0x42cc [ 6947.354930][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6947.356422][T18955] syscall_handler+0x94/0x118 [ 6947.357916][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6947.359500][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.361832][T18955] page last free pid 17449 tgid 17449 stack trace: [ 6947.363344][T18955] __reset_page_owner+0x8c/0x400 [ 6947.364999][T18955] free_unref_page+0x592/0xf08 [ 6947.366623][T18955] __folio_put+0x1ae/0x22e [ 6947.368104][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6947.369793][T18955] tlb_remove_table_rcu+0x86/0xee [ 6947.372376][T18955] rcu_core+0xa24/0x1eac [ 6947.374117][T18955] rcu_core_si+0xc/0x14 [ 6947.375537][T18955] handle_softirqs+0x4a6/0x10de [ 6947.376969][T18955] __do_softirq+0x12/0x1a [ 6947.378646][T18955] Modules linked in: [ 6947.380304][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6947.382442][T18955] Tainted: [B]=BAD_PAGE [ 6947.383340][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6947.384335][T18955] Call Trace: [ 6947.385179][T18955] [] dump_backtrace+0x2e/0x3c [ 6947.386891][T18955] [] show_stack+0x34/0x40 [ 6947.388171][T18955] [] dump_stack_lvl+0x122/0x196 [ 6947.389636][T18955] [] dump_stack+0x1c/0x24 [ 6947.391057][T18955] [] bad_page+0x268/0x2da [ 6947.392405][T18955] [] free_unref_page+0x78a/0xf08 [ 6947.394157][T18955] [] page_frag_free+0x21c/0x268 [ 6947.395745][T18955] [] skb_free_head+0x1ce/0x2ec [ 6947.397134][T18955] [] skb_release_data+0x6ec/0x86a [ 6947.398580][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6947.399918][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6947.402438][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6947.404065][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6947.405622][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6947.407209][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6947.408836][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.410375][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.411952][T18955] [] __sys_bpf+0xd14/0x42cc [ 6947.413369][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6947.415042][T18955] [] syscall_handler+0x94/0x118 [ 6947.416437][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6947.417937][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.420819][T18955] BUG: Bad page state in process syz.2.1806 pfn:af05c [ 6947.422747][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002f05cc98 pfn:0xaf05c [ 6947.424438][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6947.426152][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6947.427812][T18955] raw: ff6000002f05cc98 0000000000000001 00000000ffffffff 0000000000000000 [ 6947.429282][T18955] page dumped because: page_pool leak [ 6947.430649][T18955] page_owner tracks the page as allocated [ 6947.432893][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942761890300, free_ts 6937446318600 [ 6947.435478][T18955] __set_page_owner+0xa2/0x70c [ 6947.437265][T18955] post_alloc_hook+0xec/0x1e4 [ 6947.438994][T18955] get_page_from_freelist+0xdaa/0x295a [ 6947.440770][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6947.443481][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6947.445184][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6947.446915][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6947.448429][T18955] page_pool_alloc_pages+0x20/0x62 [ 6947.449855][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6947.452712][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.454382][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.456059][T18955] __sys_bpf+0xd14/0x42cc [ 6947.457576][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6947.459143][T18955] syscall_handler+0x94/0x118 [ 6947.460691][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6947.463224][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.464878][T18955] page last free pid 17449 tgid 17449 stack trace: [ 6947.466308][T18955] __reset_page_owner+0x8c/0x400 [ 6947.467907][T18955] free_unref_page+0x592/0xf08 [ 6947.469434][T18955] __folio_put+0x1ae/0x22e [ 6947.470928][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6947.473502][T18955] tlb_remove_table_rcu+0x86/0xee [ 6947.475139][T18955] rcu_core+0xa24/0x1eac [ 6947.476640][T18955] rcu_core_si+0xc/0x14 [ 6947.478238][T18955] handle_softirqs+0x4a6/0x10de [ 6947.479696][T18955] __do_softirq+0x12/0x1a [ 6947.482291][T18955] Modules linked in: [ 6947.483873][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6947.485704][T18955] Tainted: [B]=BAD_PAGE [ 6947.486641][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6947.487647][T18955] Call Trace: [ 6947.488540][T18955] [] dump_backtrace+0x2e/0x3c [ 6947.490093][T18955] [] show_stack+0x34/0x40 [ 6947.491839][T18955] [] dump_stack_lvl+0x122/0x196 [ 6947.493279][T18955] [] dump_stack+0x1c/0x24 [ 6947.494765][T18955] [] bad_page+0x268/0x2da [ 6947.496253][T18955] [] free_unref_page+0x78a/0xf08 [ 6947.497731][T18955] [] page_frag_free+0x21c/0x268 [ 6947.499201][T18955] [] skb_free_head+0x1ce/0x2ec [ 6947.500435][T18955] [] skb_release_data+0x6ec/0x86a [ 6947.501811][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6947.503254][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6947.505065][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6947.506855][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6947.508624][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6947.510370][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6947.512103][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.513567][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.515152][T18955] [] __sys_bpf+0xd14/0x42cc [ 6947.516622][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6947.518148][T18955] [] syscall_handler+0x94/0x118 [ 6947.519636][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6947.521256][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.524284][T18955] BUG: Bad page state in process syz.2.1806 pfn:aea0c [ 6947.525823][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002ea0c0d8 pfn:0xaea0c [ 6947.527820][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6947.529705][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6947.532624][T18955] raw: ff6000002ea0c0d8 0000000000000001 00000000ffffffff 0000000000000000 [ 6947.534887][T18955] page dumped because: page_pool leak [ 6947.536137][T18955] page_owner tracks the page as allocated [ 6947.537335][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942761767100, free_ts 6937446732200 [ 6947.539825][T18955] __set_page_owner+0xa2/0x70c [ 6947.542620][T18955] post_alloc_hook+0xec/0x1e4 [ 6947.544300][T18955] get_page_from_freelist+0xdaa/0x295a [ 6947.546101][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6947.547812][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6947.549591][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6947.552206][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6947.553863][T18955] page_pool_alloc_pages+0x20/0x62 [ 6947.555518][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6947.557342][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.559117][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.560768][T18955] __sys_bpf+0xd14/0x42cc [ 6947.563219][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6947.564721][T18955] syscall_handler+0x94/0x118 [ 6947.566188][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6947.567738][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.569415][T18955] page last free pid 17449 tgid 17449 stack trace: [ 6947.570866][T18955] __reset_page_owner+0x8c/0x400 [ 6947.573440][T18955] free_unref_page+0x592/0xf08 [ 6947.575158][T18955] __folio_put+0x1ae/0x22e [ 6947.576643][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6947.578327][T18955] tlb_remove_table_rcu+0x86/0xee [ 6947.579900][T18955] rcu_core+0xa24/0x1eac [ 6947.582744][T18955] rcu_core_si+0xc/0x14 [ 6947.584297][T18955] handle_softirqs+0x4a6/0x10de [ 6947.585862][T18955] __do_softirq+0x12/0x1a [ 6947.587505][T18955] Modules linked in: [ 6947.589144][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6947.591328][T18955] Tainted: [B]=BAD_PAGE [ 6947.592262][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6947.593282][T18955] Call Trace: [ 6947.594574][T18955] [] dump_backtrace+0x2e/0x3c [ 6947.596212][T18955] [] show_stack+0x34/0x40 [ 6947.597538][T18955] [] dump_stack_lvl+0x122/0x196 [ 6947.599129][T18955] [] dump_stack+0x1c/0x24 [ 6947.600575][T18955] [] bad_page+0x268/0x2da [ 6947.602187][T18955] [] free_unref_page+0x78a/0xf08 [ 6947.603749][T18955] [] page_frag_free+0x21c/0x268 [ 6947.605249][T18955] [] skb_free_head+0x1ce/0x2ec [ 6947.606604][T18955] [] skb_release_data+0x6ec/0x86a [ 6947.607907][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6947.609250][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6947.611042][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6947.612621][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6947.614418][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6947.616021][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6947.617609][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.619056][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.620508][T18955] [] __sys_bpf+0xd14/0x42cc [ 6947.621922][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6947.623438][T18955] [] syscall_handler+0x94/0x118 [ 6947.624847][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6947.626304][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.629182][T18955] BUG: Bad page state in process syz.2.1806 pfn:adffd [ 6947.630733][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0xadffd [ 6947.633053][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6947.634834][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6947.636654][T18955] raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000 [ 6947.638377][T18955] page dumped because: page_pool leak [ 6947.639746][T18955] page_owner tracks the page as allocated [ 6947.642356][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942761636500, free_ts 6937447140300 [ 6947.644927][T18955] __set_page_owner+0xa2/0x70c [ 6947.646671][T18955] post_alloc_hook+0xec/0x1e4 [ 6947.648334][T18955] get_page_from_freelist+0xdaa/0x295a [ 6947.649998][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6947.653155][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6947.654951][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6947.656532][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6947.658245][T18955] page_pool_alloc_pages+0x20/0x62 [ 6947.659806][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6947.662736][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.664559][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.666967][T18955] __sys_bpf+0xd14/0x42cc [ 6947.668654][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6947.670308][T18955] syscall_handler+0x94/0x118 [ 6947.672781][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6947.674527][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.676265][T18955] page last free pid 17449 tgid 17449 stack trace: [ 6947.677598][T18955] __reset_page_owner+0x8c/0x400 [ 6947.679536][T18955] free_unref_page+0x592/0xf08 [ 6947.681937][T18955] __folio_put+0x1ae/0x22e [ 6947.683520][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6947.685222][T18955] tlb_remove_table_rcu+0x86/0xee [ 6947.686853][T18955] rcu_core+0xa24/0x1eac [ 6947.688298][T18955] rcu_core_si+0xc/0x14 [ 6947.689729][T18955] handle_softirqs+0x4a6/0x10de [ 6947.692094][T18955] __do_softirq+0x12/0x1a [ 6947.693733][T18955] Modules linked in: [ 6947.695330][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6947.697164][T18955] Tainted: [B]=BAD_PAGE [ 6947.698096][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6947.699073][T18955] Call Trace: [ 6947.699918][T18955] [] dump_backtrace+0x2e/0x3c [ 6947.701419][T18955] [] show_stack+0x34/0x40 [ 6947.702757][T18955] [] dump_stack_lvl+0x122/0x196 [ 6947.704265][T18955] [] dump_stack+0x1c/0x24 [ 6947.705661][T18955] [] bad_page+0x268/0x2da [ 6947.707024][T18955] [] free_unref_page+0x78a/0xf08 [ 6947.708389][T18955] [] page_frag_free+0x21c/0x268 [ 6947.709760][T18955] [] skb_free_head+0x1ce/0x2ec [ 6947.711029][T18955] [] skb_release_data+0x6ec/0x86a [ 6947.712225][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6947.713475][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6947.715022][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6947.716591][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6947.718174][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6947.719627][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6947.721128][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.722640][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.724132][T18955] [] __sys_bpf+0xd14/0x42cc [ 6947.725479][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6947.726892][T18955] [] syscall_handler+0x94/0x118 [ 6947.728262][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6947.729738][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.732674][T18955] BUG: Bad page state in process syz.2.1806 pfn:92e90 [ 6947.734230][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff60000012e90000 pfn:0x92e90 [ 6947.736004][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6947.737733][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6947.739465][T18955] raw: ff60000012e90000 0000000000000001 00000000ffffffff 0000000000000000 [ 6947.741995][T18955] page dumped because: page_pool leak [ 6947.743340][T18955] page_owner tracks the page as allocated [ 6947.744631][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942760798600, free_ts 6937447551300 [ 6947.747369][T18955] __set_page_owner+0xa2/0x70c [ 6947.749085][T18955] post_alloc_hook+0xec/0x1e4 [ 6947.750718][T18955] get_page_from_freelist+0xdaa/0x295a [ 6947.753192][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6947.754815][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6947.756559][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6947.758215][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6947.759813][T18955] page_pool_alloc_pages+0x20/0x62 [ 6947.762394][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6947.764174][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.765773][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.767440][T18955] __sys_bpf+0xd14/0x42cc [ 6947.768907][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6947.770407][T18955] syscall_handler+0x94/0x118 [ 6947.772742][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6947.774392][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.776121][T18955] page last free pid 17449 tgid 17449 stack trace: [ 6947.777466][T18955] __reset_page_owner+0x8c/0x400 [ 6947.779115][T18955] free_unref_page+0x592/0xf08 [ 6947.780726][T18955] __folio_put+0x1ae/0x22e [ 6947.783209][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6947.785003][T18955] tlb_remove_table_rcu+0x86/0xee [ 6947.786611][T18955] rcu_core+0xa24/0x1eac [ 6947.788075][T18955] rcu_core_si+0xc/0x14 [ 6947.789537][T18955] handle_softirqs+0x4a6/0x10de [ 6947.792058][T18955] __do_softirq+0x12/0x1a [ 6947.793646][T18955] Modules linked in: [ 6947.795227][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6947.796851][T18955] Tainted: [B]=BAD_PAGE [ 6947.797695][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6947.798700][T18955] Call Trace: [ 6947.799463][T18955] [] dump_backtrace+0x2e/0x3c [ 6947.800788][T18955] [] show_stack+0x34/0x40 [ 6947.802171][T18955] [] dump_stack_lvl+0x122/0x196 [ 6947.803598][T18955] [] dump_stack+0x1c/0x24 [ 6947.805019][T18955] [] bad_page+0x268/0x2da [ 6947.807739][T18955] [] free_unref_page+0x78a/0xf08 [ 6947.811417][T18955] [] page_frag_free+0x21c/0x268 [ 6947.814595][T18955] [] skb_free_head+0x1ce/0x2ec [ 6947.817011][T18955] [] skb_release_data+0x6ec/0x86a [ 6947.818827][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6947.820221][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6947.822252][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6947.824115][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6947.826416][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6947.828103][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6947.829764][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.831662][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.833283][T18955] [] __sys_bpf+0xd14/0x42cc [ 6947.834853][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6947.836545][T18955] [] syscall_handler+0x94/0x118 [ 6947.838278][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6947.840783][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.843933][T18955] BUG: Bad page state in process syz.2.1806 pfn:ad24d [ 6947.845506][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002d24ddc0 pfn:0xad24d [ 6947.847437][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6947.849224][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6947.850846][T18955] raw: ff6000002d24ddc0 0000000000000001 00000000ffffffff 0000000000000000 [ 6947.853143][T18955] page dumped because: page_pool leak [ 6947.854455][T18955] page_owner tracks the page as allocated [ 6947.855644][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942760668500, free_ts 6937447952200 [ 6947.858156][T18955] __set_page_owner+0xa2/0x70c [ 6947.859869][T18955] post_alloc_hook+0xec/0x1e4 [ 6947.862813][T18955] get_page_from_freelist+0xdaa/0x295a [ 6947.864531][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6947.866158][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6947.867766][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6947.869343][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6947.871757][T18955] page_pool_alloc_pages+0x20/0x62 [ 6947.873316][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6947.874878][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.876407][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.877916][T18955] __sys_bpf+0xd14/0x42cc [ 6947.879396][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6947.880954][T18955] syscall_handler+0x94/0x118 [ 6947.883270][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6947.884845][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.886519][T18955] page last free pid 17449 tgid 17449 stack trace: [ 6947.887940][T18955] __reset_page_owner+0x8c/0x400 [ 6947.889605][T18955] free_unref_page+0x592/0xf08 [ 6947.892091][T18955] __folio_put+0x1ae/0x22e [ 6947.893575][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6947.895304][T18955] tlb_remove_table_rcu+0x86/0xee [ 6947.896952][T18955] rcu_core+0xa24/0x1eac [ 6947.898804][T18955] rcu_core_si+0xc/0x14 [ 6947.900329][T18955] handle_softirqs+0x4a6/0x10de [ 6947.902828][T18955] __do_softirq+0x12/0x1a [ 6947.904418][T18955] Modules linked in: [ 6947.905961][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6947.907796][T18955] Tainted: [B]=BAD_PAGE [ 6947.908629][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6947.909487][T18955] Call Trace: [ 6947.910276][T18955] [] dump_backtrace+0x2e/0x3c [ 6947.911615][T18955] [] show_stack+0x34/0x40 [ 6947.913321][T18955] [] dump_stack_lvl+0x122/0x196 [ 6947.914843][T18955] [] dump_stack+0x1c/0x24 [ 6947.916222][T18955] [] bad_page+0x268/0x2da [ 6947.917663][T18955] [] free_unref_page+0x78a/0xf08 [ 6947.919184][T18955] [] page_frag_free+0x21c/0x268 [ 6947.920697][T18955] [] skb_free_head+0x1ce/0x2ec [ 6947.922309][T18955] [] skb_release_data+0x6ec/0x86a [ 6947.923635][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6947.925030][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6947.926646][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6947.928194][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6947.929892][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6947.932046][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6947.933517][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.934905][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.936283][T18955] [] __sys_bpf+0xd14/0x42cc [ 6947.937585][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6947.938894][T18955] [] syscall_handler+0x94/0x118 [ 6947.940196][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6947.941830][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.944248][T18955] BUG: Bad page state in process syz.2.1806 pfn:a96fe [ 6947.945933][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff600000296fe400 pfn:0xa96fe [ 6947.947704][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6947.949365][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6947.951657][T18955] raw: ff600000296fe400 0000000000000001 00000000ffffffff 0000000000000000 [ 6947.953108][T18955] page dumped because: page_pool leak [ 6947.954367][T18955] page_owner tracks the page as allocated [ 6947.955580][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942760546300, free_ts 6937448369400 [ 6947.957833][T18955] __set_page_owner+0xa2/0x70c [ 6947.959499][T18955] post_alloc_hook+0xec/0x1e4 [ 6947.961742][T18955] get_page_from_freelist+0xdaa/0x295a [ 6947.963411][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6947.965061][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6947.966798][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6947.968422][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6947.970002][T18955] page_pool_alloc_pages+0x20/0x62 [ 6947.972564][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6947.974303][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6947.975832][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6947.977345][T18955] __sys_bpf+0xd14/0x42cc [ 6947.978746][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6947.980133][T18955] syscall_handler+0x94/0x118 [ 6947.982550][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6947.984089][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6947.986058][T18955] page last free pid 17449 tgid 17449 stack trace: [ 6947.987408][T18955] __reset_page_owner+0x8c/0x400 [ 6947.989043][T18955] free_unref_page+0x592/0xf08 [ 6947.990645][T18955] __folio_put+0x1ae/0x22e [ 6947.993002][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6947.994800][T18955] tlb_remove_table_rcu+0x86/0xee [ 6947.996693][T18955] rcu_core+0xa24/0x1eac [ 6947.998996][T18955] rcu_core_si+0xc/0x14 [ 6948.000505][T18955] handle_softirqs+0x4a6/0x10de [ 6948.003030][T18955] __do_softirq+0x12/0x1a [ 6948.004666][T18955] Modules linked in: [ 6948.006332][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6948.008239][T18955] Tainted: [B]=BAD_PAGE [ 6948.009113][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6948.010109][T18955] Call Trace: [ 6948.010901][T18955] [] dump_backtrace+0x2e/0x3c [ 6948.012353][T18955] [] show_stack+0x34/0x40 [ 6948.013691][T18955] [] dump_stack_lvl+0x122/0x196 [ 6948.015202][T18955] [] dump_stack+0x1c/0x24 [ 6948.016713][T18955] [] bad_page+0x268/0x2da [ 6948.018271][T18955] [] free_unref_page+0x78a/0xf08 [ 6948.019895][T18955] [] page_frag_free+0x21c/0x268 [ 6948.021741][T18955] [] skb_free_head+0x1ce/0x2ec [ 6948.023122][T18955] [] skb_release_data+0x6ec/0x86a [ 6948.024486][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6948.025918][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6948.027753][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6948.029452][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6948.031220][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6948.033040][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6948.034987][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.036539][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.038322][T18955] [] __sys_bpf+0xd14/0x42cc [ 6948.039979][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6948.041798][T18955] [] syscall_handler+0x94/0x118 [ 6948.043323][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6948.045476][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.049084][T18955] BUG: Bad page state in process syz.2.1806 pfn:a96ff [ 6948.051644][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0xa96ff [ 6948.053492][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6948.055332][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6948.057195][T18955] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000 [ 6948.058820][T18955] page dumped because: page_pool leak [ 6948.060138][T18955] page_owner tracks the page as allocated [ 6948.062341][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942760419600, free_ts 6937448810500 [ 6948.065809][T18955] __set_page_owner+0xa2/0x70c [ 6948.067585][T18955] post_alloc_hook+0xec/0x1e4 [ 6948.069328][T18955] get_page_from_freelist+0xdaa/0x295a [ 6948.072271][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6948.074155][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6948.076104][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6948.078131][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6948.080072][T18955] page_pool_alloc_pages+0x20/0x62 [ 6948.084515][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6948.086615][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.088419][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.090170][T18955] __sys_bpf+0xd14/0x42cc [ 6948.092793][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6948.094485][T18955] syscall_handler+0x94/0x118 [ 6948.096152][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6948.097999][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.099876][T18955] page last free pid 17449 tgid 17449 stack trace: [ 6948.102736][T18955] __reset_page_owner+0x8c/0x400 [ 6948.105390][T18955] free_unref_page+0x592/0xf08 [ 6948.107390][T18955] __folio_put+0x1ae/0x22e [ 6948.108939][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6948.110757][T18955] tlb_remove_table_rcu+0x86/0xee [ 6948.113701][T18955] rcu_core+0xa24/0x1eac [ 6948.115396][T18955] rcu_core_si+0xc/0x14 [ 6948.116882][T18955] handle_softirqs+0x4a6/0x10de [ 6948.118488][T18955] __do_softirq+0x12/0x1a [ 6948.120169][T18955] Modules linked in: [ 6948.122718][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6948.125024][T18955] Tainted: [B]=BAD_PAGE [ 6948.126099][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6948.127338][T18955] Call Trace: [ 6948.128304][T18955] [] dump_backtrace+0x2e/0x3c [ 6948.129931][T18955] [] show_stack+0x34/0x40 [ 6948.131618][T18955] [] dump_stack_lvl+0x122/0x196 [ 6948.133251][T18955] [] dump_stack+0x1c/0x24 [ 6948.134888][T18955] [] bad_page+0x268/0x2da [ 6948.136482][T18955] [] free_unref_page+0x78a/0xf08 [ 6948.138666][T18955] [] page_frag_free+0x21c/0x268 [ 6948.140606][T18955] [] skb_free_head+0x1ce/0x2ec [ 6948.142143][T18955] [] skb_release_data+0x6ec/0x86a [ 6948.143660][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6948.145265][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6948.147163][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6948.149008][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6948.150858][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6948.152606][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6948.154632][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.156482][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.158326][T18955] [] __sys_bpf+0xd14/0x42cc [ 6948.160664][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6948.162320][T18955] [] syscall_handler+0x94/0x118 [ 6948.163988][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6948.166076][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.169615][T18955] BUG: Bad page state in process syz.2.1806 pfn:ab650 [ 6948.171914][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002b6505d0 pfn:0xab650 [ 6948.174372][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6948.176355][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6948.178631][T18955] raw: ff6000002b6505d0 0000000000000001 00000000ffffffff 0000000000000000 [ 6948.180484][T18955] page dumped because: page_pool leak [ 6948.183060][T18955] page_owner tracks the page as allocated [ 6948.184500][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942760297400, free_ts 6937449247400 [ 6948.187592][T18955] __set_page_owner+0xa2/0x70c [ 6948.189828][T18955] post_alloc_hook+0xec/0x1e4 [ 6948.193001][T18955] get_page_from_freelist+0xdaa/0x295a [ 6948.195201][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6948.197040][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6948.198857][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6948.201901][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6948.203796][T18955] page_pool_alloc_pages+0x20/0x62 [ 6948.205543][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6948.207502][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.209207][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.211928][T18955] __sys_bpf+0xd14/0x42cc [ 6948.213707][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6948.215495][T18955] syscall_handler+0x94/0x118 [ 6948.217209][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6948.218887][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.220735][T18955] page last free pid 17449 tgid 17449 stack trace: [ 6948.223419][T18955] __reset_page_owner+0x8c/0x400 [ 6948.225325][T18955] free_unref_page+0x592/0xf08 [ 6948.227088][T18955] __folio_put+0x1ae/0x22e [ 6948.228726][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6948.230658][T18955] tlb_remove_table_rcu+0x86/0xee [ 6948.233386][T18955] rcu_core+0xa24/0x1eac [ 6948.235356][T18955] rcu_core_si+0xc/0x14 [ 6948.236988][T18955] handle_softirqs+0x4a6/0x10de [ 6948.238609][T18955] __do_softirq+0x12/0x1a [ 6948.240343][T18955] Modules linked in: [ 6948.243141][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6948.245336][T18955] Tainted: [B]=BAD_PAGE [ 6948.246336][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6948.247492][T18955] Call Trace: [ 6948.248325][T18955] [] dump_backtrace+0x2e/0x3c [ 6948.249870][T18955] [] show_stack+0x34/0x40 [ 6948.251392][T18955] [] dump_stack_lvl+0x122/0x196 [ 6948.253000][T18955] [] dump_stack+0x1c/0x24 [ 6948.254652][T18955] [] bad_page+0x268/0x2da [ 6948.256216][T18955] [] free_unref_page+0x78a/0xf08 [ 6948.257942][T18955] [] page_frag_free+0x21c/0x268 [ 6948.259702][T18955] [] skb_free_head+0x1ce/0x2ec [ 6948.261631][T18955] [] skb_release_data+0x6ec/0x86a [ 6948.263280][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6948.265456][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6948.267431][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6948.269256][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6948.271835][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6948.273981][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6948.275734][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.277338][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.279035][T18955] [] __sys_bpf+0xd14/0x42cc [ 6948.280518][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6948.282244][T18955] [] syscall_handler+0x94/0x118 [ 6948.283769][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6948.285535][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.288836][T18955] BUG: Bad page state in process syz.2.1806 pfn:a0071 [ 6948.290565][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff60000020071000 pfn:0xa0071 [ 6948.293184][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6948.295110][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6948.296771][T18955] raw: ff60000020071000 0000000000000001 00000000ffffffff 0000000000000000 [ 6948.298341][T18955] page dumped because: page_pool leak [ 6948.299654][T18955] page_owner tracks the page as allocated [ 6948.301825][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942760163400, free_ts 6937449676900 [ 6948.304611][T18955] __set_page_owner+0xa2/0x70c [ 6948.306480][T18955] post_alloc_hook+0xec/0x1e4 [ 6948.308168][T18955] get_page_from_freelist+0xdaa/0x295a [ 6948.309924][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6948.312931][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6948.314954][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6948.316680][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6948.318373][T18955] page_pool_alloc_pages+0x20/0x62 [ 6948.319949][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6948.323129][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.324889][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.326586][T18955] __sys_bpf+0xd14/0x42cc [ 6948.328066][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6948.329596][T18955] syscall_handler+0x94/0x118 [ 6948.332557][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6948.334362][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.336170][T18955] page last free pid 17449 tgid 17449 stack trace: [ 6948.337649][T18955] __reset_page_owner+0x8c/0x400 [ 6948.339378][T18955] free_unref_page+0x592/0xf08 [ 6948.342147][T18955] __folio_put+0x1ae/0x22e [ 6948.343852][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6948.345577][T18955] tlb_remove_table_rcu+0x86/0xee [ 6948.347250][T18955] rcu_core+0xa24/0x1eac [ 6948.348812][T18955] rcu_core_si+0xc/0x14 [ 6948.350381][T18955] handle_softirqs+0x4a6/0x10de [ 6948.352957][T18955] __do_softirq+0x12/0x1a [ 6948.354728][T18955] Modules linked in: [ 6948.356373][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6948.358601][T18955] Tainted: [B]=BAD_PAGE [ 6948.359580][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6948.360645][T18955] Call Trace: [ 6948.361731][T18955] [] dump_backtrace+0x2e/0x3c [ 6948.363616][T18955] [] show_stack+0x34/0x40 [ 6948.364964][T18955] [] dump_stack_lvl+0x122/0x196 [ 6948.366591][T18955] [] dump_stack+0x1c/0x24 [ 6948.368114][T18955] [] bad_page+0x268/0x2da [ 6948.369629][T18955] [] free_unref_page+0x78a/0xf08 [ 6948.371462][T18955] [] page_frag_free+0x21c/0x268 [ 6948.373086][T18955] [] skb_free_head+0x1ce/0x2ec [ 6948.374856][T18955] [] skb_release_data+0x6ec/0x86a [ 6948.376293][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6948.377998][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6948.379976][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6948.382548][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6948.384374][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6948.386328][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6948.388184][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.389887][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.392386][T18955] [] __sys_bpf+0xd14/0x42cc [ 6948.393957][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6948.395554][T18955] [] syscall_handler+0x94/0x118 [ 6948.397172][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6948.398829][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.402578][T18955] BUG: Bad page state in process syz.2.1806 pfn:9dec2 [ 6948.404345][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9dec2 [ 6948.406315][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6948.408238][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6948.410086][T18955] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 6948.414058][T18955] page dumped because: page_pool leak [ 6948.416144][T18955] page_owner tracks the page as allocated [ 6948.417476][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942760037900, free_ts 6937450131300 [ 6948.420236][T18955] __set_page_owner+0xa2/0x70c [ 6948.423165][T18955] post_alloc_hook+0xec/0x1e4 [ 6948.424863][T18955] get_page_from_freelist+0xdaa/0x295a [ 6948.426704][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6948.428413][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6948.430223][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6948.433523][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6948.435320][T18955] page_pool_alloc_pages+0x20/0x62 [ 6948.436948][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6948.438753][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.440533][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.443454][T18955] __sys_bpf+0xd14/0x42cc [ 6948.445120][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6948.446842][T18955] syscall_handler+0x94/0x118 [ 6948.448441][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6948.450216][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.453154][T18955] page last free pid 17449 tgid 17449 stack trace: [ 6948.454614][T18955] __reset_page_owner+0x8c/0x400 [ 6948.456381][T18955] free_unref_page+0x592/0xf08 [ 6948.458146][T18955] __folio_put+0x1ae/0x22e [ 6948.459757][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6948.463019][T18955] tlb_remove_table_rcu+0x86/0xee [ 6948.464683][T18955] rcu_core+0xa24/0x1eac [ 6948.466258][T18955] rcu_core_si+0xc/0x14 [ 6948.467735][T18955] handle_softirqs+0x4a6/0x10de [ 6948.469333][T18955] __do_softirq+0x12/0x1a [ 6948.471908][T18955] Modules linked in: [ 6948.473643][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6948.475586][T18955] Tainted: [B]=BAD_PAGE [ 6948.476558][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6948.477650][T18955] Call Trace: [ 6948.478591][T18955] [] dump_backtrace+0x2e/0x3c [ 6948.480148][T18955] [] show_stack+0x34/0x40 [ 6948.482337][T18955] [] dump_stack_lvl+0x122/0x196 [ 6948.484002][T18955] [] dump_stack+0x1c/0x24 [ 6948.485560][T18955] [] bad_page+0x268/0x2da [ 6948.487242][T18955] [] free_unref_page+0x78a/0xf08 [ 6948.488979][T18955] [] page_frag_free+0x21c/0x268 [ 6948.490734][T18955] [] skb_free_head+0x1ce/0x2ec [ 6948.492278][T18955] [] skb_release_data+0x6ec/0x86a [ 6948.493817][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6948.495535][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6948.497361][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6948.499294][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6948.501085][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6948.502980][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6948.504495][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.505457][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.506722][T18955] [] __sys_bpf+0xd14/0x42cc [ 6948.507599][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6948.508476][T18955] [] syscall_handler+0x94/0x118 [ 6948.509338][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6948.510310][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.512484][T18955] BUG: Bad page state in process syz.2.1806 pfn:9d513 [ 6948.513471][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001d513220 pfn:0x9d513 [ 6948.514704][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6948.515764][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6948.516785][T18955] raw: ff6000001d513220 0000000000000001 00000000ffffffff 0000000000000000 [ 6948.517698][T18955] page dumped because: page_pool leak [ 6948.518708][T18955] page_owner tracks the page as allocated [ 6948.519513][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942759913000, free_ts 6937450552800 [ 6948.521495][T18955] __set_page_owner+0xa2/0x70c [ 6948.522740][T18955] post_alloc_hook+0xec/0x1e4 [ 6948.523919][T18955] get_page_from_freelist+0xdaa/0x295a [ 6948.525176][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6948.526373][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6948.527581][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6948.528794][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6948.530150][T18955] page_pool_alloc_pages+0x20/0x62 [ 6948.532009][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6948.533294][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.534547][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.535684][T18955] __sys_bpf+0xd14/0x42cc [ 6948.536741][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6948.537833][T18955] syscall_handler+0x94/0x118 [ 6948.538963][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6948.540138][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.542389][T18955] page last free pid 17449 tgid 17449 stack trace: [ 6948.543560][T18955] __reset_page_owner+0x8c/0x400 [ 6948.544699][T18955] free_unref_page+0x592/0xf08 [ 6948.545825][T18955] __folio_put+0x1ae/0x22e [ 6948.546952][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6948.548351][T18955] tlb_remove_table_rcu+0x86/0xee [ 6948.549477][T18955] rcu_core+0xa24/0x1eac [ 6948.550592][T18955] rcu_core_si+0xc/0x14 [ 6948.552190][T18955] handle_softirqs+0x4a6/0x10de [ 6948.553305][T18955] __do_softirq+0x12/0x1a [ 6948.554413][T18955] Modules linked in: [ 6948.555522][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6948.556967][T18955] Tainted: [B]=BAD_PAGE [ 6948.557651][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6948.558467][T18955] Call Trace: [ 6948.559447][T18955] [] dump_backtrace+0x2e/0x3c [ 6948.560526][T18955] [] show_stack+0x34/0x40 [ 6948.561690][T18955] [] dump_stack_lvl+0x122/0x196 [ 6948.563006][T18955] [] dump_stack+0x1c/0x24 [ 6948.564128][T18955] [] bad_page+0x268/0x2da [ 6948.565239][T18955] [] free_unref_page+0x78a/0xf08 [ 6948.566477][T18955] [] page_frag_free+0x21c/0x268 [ 6948.567688][T18955] [] skb_free_head+0x1ce/0x2ec [ 6948.568769][T18955] [] skb_release_data+0x6ec/0x86a [ 6948.569911][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6948.571117][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6948.572619][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6948.573941][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6948.575309][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6948.576522][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6948.577788][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.579118][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.580445][T18955] [] __sys_bpf+0xd14/0x42cc [ 6948.582419][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6948.583991][T18955] [] syscall_handler+0x94/0x118 [ 6948.585196][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6948.586388][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.589033][T18955] BUG: Bad page state in process syz.2.1806 pfn:adf81 [ 6948.590285][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002df81ca8 pfn:0xadf81 [ 6948.592988][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6948.594343][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6948.595715][T18955] raw: ff6000002df81ca8 0000000000000001 00000000ffffffff 0000000000000000 [ 6948.596816][T18955] page dumped because: page_pool leak [ 6948.597852][T18955] page_owner tracks the page as allocated [ 6948.598691][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942759792600, free_ts 6937452060400 [ 6948.600157][T18955] __set_page_owner+0xa2/0x70c [ 6948.601777][T18955] post_alloc_hook+0xec/0x1e4 [ 6948.602888][T18955] get_page_from_freelist+0xdaa/0x295a [ 6948.603875][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6948.604865][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6948.605872][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6948.606919][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6948.607855][T18955] page_pool_alloc_pages+0x20/0x62 [ 6948.608786][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6948.609783][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.610809][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.612371][T18955] __sys_bpf+0xd14/0x42cc [ 6948.613298][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6948.614270][T18955] syscall_handler+0x94/0x118 [ 6948.615181][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6948.616123][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.617136][T18955] page last free pid 17449 tgid 17449 stack trace: [ 6948.618002][T18955] __reset_page_owner+0x8c/0x400 [ 6948.619077][T18955] free_unref_page+0x592/0xf08 [ 6948.620286][T18955] __folio_put+0x1ae/0x22e [ 6948.622111][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6948.623203][T18955] tlb_remove_table_rcu+0x86/0xee [ 6948.624154][T18955] rcu_core+0xa24/0x1eac [ 6948.625028][T18955] rcu_core_si+0xc/0x14 [ 6948.625887][T18955] handle_softirqs+0x4a6/0x10de [ 6948.626803][T18955] __do_softirq+0x12/0x1a [ 6948.627756][T18955] Modules linked in: [ 6948.628739][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6948.630013][T18955] Tainted: [B]=BAD_PAGE [ 6948.630635][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6948.631501][T18955] Call Trace: [ 6948.632058][T18955] [] dump_backtrace+0x2e/0x3c [ 6948.632952][T18955] [] show_stack+0x34/0x40 [ 6948.633717][T18955] [] dump_stack_lvl+0x122/0x196 [ 6948.634734][T18955] [] dump_stack+0x1c/0x24 [ 6948.635586][T18955] [] bad_page+0x268/0x2da [ 6948.636570][T18955] [] free_unref_page+0x78a/0xf08 [ 6948.637466][T18955] [] page_frag_free+0x21c/0x268 [ 6948.638443][T18955] [] skb_free_head+0x1ce/0x2ec [ 6948.639244][T18955] [] skb_release_data+0x6ec/0x86a [ 6948.640051][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6948.640977][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6948.642222][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6948.643487][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6948.644741][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6948.646009][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6948.647484][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.648723][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.650112][T18955] [] __sys_bpf+0xd14/0x42cc [ 6948.651687][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6948.653480][T18955] [] syscall_handler+0x94/0x118 [ 6948.654596][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6948.655865][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.658163][T18955] BUG: Bad page state in process syz.2.1806 pfn:acee6 [ 6948.659313][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff pfn:0xacee6 [ 6948.660658][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6948.662498][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6948.663769][T18955] raw: 00000000000000ff 0000000000000001 00000000ffffffff 0000000000000000 [ 6948.664946][T18955] page dumped because: page_pool leak [ 6948.665969][T18955] page_owner tracks the page as allocated [ 6948.666941][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942759671900, free_ts 6937452544100 [ 6948.668920][T18955] __set_page_owner+0xa2/0x70c [ 6948.670149][T18955] post_alloc_hook+0xec/0x1e4 [ 6948.672501][T18955] get_page_from_freelist+0xdaa/0x295a [ 6948.674484][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6948.676287][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6948.678087][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6948.679849][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6948.682837][T18955] page_pool_alloc_pages+0x20/0x62 [ 6948.684574][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6948.686387][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.688002][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.689732][T18955] __sys_bpf+0xd14/0x42cc [ 6948.692205][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6948.694505][T18955] syscall_handler+0x94/0x118 [ 6948.696027][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6948.697787][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.699783][T18955] page last free pid 17449 tgid 17449 stack trace: [ 6948.702134][T18955] __reset_page_owner+0x8c/0x400 [ 6948.703958][T18955] free_unref_page+0x592/0xf08 [ 6948.705590][T18955] __folio_put+0x1ae/0x22e [ 6948.707209][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6948.709003][T18955] tlb_remove_table_rcu+0x86/0xee [ 6948.711822][T18955] rcu_core+0xa24/0x1eac [ 6948.713548][T18955] rcu_core_si+0xc/0x14 [ 6948.715183][T18955] handle_softirqs+0x4a6/0x10de [ 6948.716761][T18955] __do_softirq+0x12/0x1a [ 6948.718417][T18955] Modules linked in: [ 6948.720130][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6948.724141][T18955] Tainted: [B]=BAD_PAGE [ 6948.725367][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6948.726533][T18955] Call Trace: [ 6948.727522][T18955] [] dump_backtrace+0x2e/0x3c [ 6948.729279][T18955] [] show_stack+0x34/0x40 [ 6948.730777][T18955] [] dump_stack_lvl+0x122/0x196 [ 6948.732502][T18955] [] dump_stack+0x1c/0x24 [ 6948.734182][T18955] [] bad_page+0x268/0x2da [ 6948.735867][T18955] [] free_unref_page+0x78a/0xf08 [ 6948.737691][T18955] [] page_frag_free+0x21c/0x268 [ 6948.739446][T18955] [] skb_free_head+0x1ce/0x2ec [ 6948.741044][T18955] [] skb_release_data+0x6ec/0x86a [ 6948.742745][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6948.744414][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6948.746440][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6948.748517][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6948.750477][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6948.752163][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6948.754118][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.755745][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.757253][T18955] [] __sys_bpf+0xd14/0x42cc [ 6948.758676][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6948.760080][T18955] [] syscall_handler+0x94/0x118 [ 6948.761840][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6948.763465][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.766966][T18955] BUG: Bad page state in process syz.2.1806 pfn:9bcfa [ 6948.768587][T18955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001bcfa6c8 pfn:0x9bcfa [ 6948.770557][T18955] flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff) [ 6948.773064][T18955] raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000 [ 6948.774820][T18955] raw: ff6000001bcfa6c8 0000000000000001 00000000ffffffff 0000000000000000 [ 6948.776432][T18955] page dumped because: page_pool leak [ 6948.777876][T18955] page_owner tracks the page as allocated [ 6948.779227][T18955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942759550900, free_ts 6937452958700 [ 6948.783611][T18955] __set_page_owner+0xa2/0x70c [ 6948.785486][T18955] post_alloc_hook+0xec/0x1e4 [ 6948.787250][T18955] get_page_from_freelist+0xdaa/0x295a [ 6948.789004][T18955] __alloc_pages_noprof+0x1e2/0x1eb6 [ 6948.790733][T18955] alloc_pages_bulk_noprof+0x252/0x13d8 [ 6948.793409][T18955] __page_pool_alloc_pages_slow+0x18e/0xc50 [ 6948.795179][T18955] page_pool_alloc_netmem+0xc0/0x158 [ 6948.798327][T18955] page_pool_alloc_pages+0x20/0x62 [ 6948.799951][T18955] xdp_test_run_batch.constprop.0+0x362/0x1816 [ 6948.803039][T18955] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.804820][T18955] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.806560][T18955] __sys_bpf+0xd14/0x42cc [ 6948.808247][T18955] __riscv_sys_bpf+0x6c/0x9e [ 6948.809811][T18955] syscall_handler+0x94/0x118 [ 6948.812369][T18955] do_trap_ecall_u+0x1aa/0x216 [ 6948.814229][T18955] _new_vmalloc_restore_context_a0+0xc2/0xce [ 6948.817009][T18955] page last free pid 17449 tgid 17449 stack trace: [ 6948.819355][T18955] __reset_page_owner+0x8c/0x400 [ 6948.823117][T18955] free_unref_page+0x592/0xf08 [ 6948.824894][T18955] __folio_put+0x1ae/0x22e [ 6948.826541][T18955] free_page_and_swap_cache+0x1a8/0x1de [ 6948.828373][T18955] tlb_remove_table_rcu+0x86/0xee [ 6948.830092][T18955] rcu_core+0xa24/0x1eac [ 6948.833067][T18955] rcu_core_si+0xc/0x14 [ 6948.834757][T18955] handle_softirqs+0x4a6/0x10de [ 6948.836221][T18955] __do_softirq+0x12/0x1a [ 6948.837837][T18955] Modules linked in: [ 6948.839540][T18955] CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 [ 6948.841646][T18955] Tainted: [B]=BAD_PAGE [ 6948.842798][T18955] Hardware name: riscv-virtio,qemu (DT) [ 6948.843801][T18955] Call Trace: [ 6948.844804][T18955] [] dump_backtrace+0x2e/0x3c [ 6948.846453][T18955] [] show_stack+0x34/0x40 [ 6948.847948][T18955] [] dump_stack_lvl+0x122/0x196 [ 6948.849483][T18955] [] dump_stack+0x1c/0x24 [ 6948.851150][T18955] [] bad_page+0x268/0x2da [ 6948.852697][T18955] [] free_unref_page+0x78a/0xf08 [ 6948.854317][T18955] [] page_frag_free+0x21c/0x268 [ 6948.855962][T18955] [] skb_free_head+0x1ce/0x2ec [ 6948.857353][T18955] [] skb_release_data+0x6ec/0x86a [ 6948.858795][T18955] [] sk_skb_reason_drop+0x130/0x180 [ 6948.860317][T18955] [] __netif_receive_skb_core.constprop.0+0x650/0x4374 [ 6948.862281][T18955] [] __netif_receive_skb_list_core+0x1be/0x75e [ 6948.864021][T18955] [] netif_receive_skb_list_internal+0x64e/0xc36 [ 6948.865837][T18955] [] netif_receive_skb_list+0x60/0x634 [ 6948.867583][T18955] [] xdp_test_run_batch.constprop.0+0x1244/0x1816 [ 6948.869369][T18955] [] bpf_test_run_xdp_live+0x2f6/0x49e [ 6948.871119][T18955] [] bpf_prog_test_run_xdp+0x7f6/0x15a8 [ 6948.872751][T18955] [] __sys_bpf+0xd14/0x42cc [ 6948.874263][T18955] [] __riscv_sys_bpf+0x6c/0x9e [ 6948.875740][T18955] [] syscall_handler+0x94/0x118 [ 6948.877208][T18955] [] do_trap_ecall_u+0x1aa/0x216 [ 6948.878798][T18955] [] _new_vmalloc_restore_context_a0+0xc2/0xce SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 6958.830742][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6959.464795][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6960.170660][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6960.474458][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6966.045293][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6966.189620][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6966.314335][ T12] bond0 (unregistering): Released all slaves [ 6967.082764][ T12] hsr_slave_0: left promiscuous mode [ 6967.115652][ T12] hsr_slave_1: left promiscuous mode [ 6967.185640][ T12] veth1_macvtap: left promiscuous mode [ 6967.188234][ T12] veth0_macvtap: left promiscuous mode [ 6967.190541][ T12] veth1_vlan: left promiscuous mode [ 6967.193595][ T12] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 09:46:12 Registers: info registers vcpu 0 CPU#0 V = 0 pc ffffffff80010552 mhartid 0000000000000000 mstatus 0000000a000000a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000000 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b109 mtvec 0000000080000428 stvec ffffffff85ffc980 vstvec 0000000000000000 mepc ffffffff8001fb16 sepc ffffffff80263290 vsepc 0000000000000000 mcause 0000000000000009 scause 8000000000000005 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080029000 sscratch 0000000000000000 satp a1764000000acee0 x0/zero 0000000000000000 x1/ra ffffffff85fd9d70 x2/sp ff200000022464d0 x3/gp ffffffff897bea80 x4/tp ff60000018624ec0 x5/t0 ff600000186259e0 x6/t1 fffffffef0fdb024 x7/t2 0000000000000049 x8/s0 ff20000002246550 x9/s1 ff20000002246610 x10/a0 0000000000000001 x11/a1 0000000000000000 x12/a2 0000000000040000 x13/a3 ffffffff8001044e x14/a4 0000000000001000 x15/a5 0000000000040000 x16/a6 0000000000000003 x17/a7 ffffffff87ed8123 x18/s2 0000000000000000 x19/s3 1fe4000000448cb0 x20/s4 ffffffff898ba6c0 x21/s5 0000000000000001 x22/s6 0000000000000000 x23/s7 dfffffff00000000 x24/s8 dfffffff00000000 x25/s9 ffffffff85ffc980 x26/s10 0000000000007fff x27/s11 ff20000002246560 x28/t3 1fec0000030c4b3b x29/t4 fffffffef0fdb024 x30/t5 fffffffef0fdb025 x31/t6 1fec0000030c4b4a f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 CPU#1 V = 0 pc ffffffff80430902 mhartid 0000000000000001 mstatus 0000000a000000a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000000 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b109 mtvec 0000000080000428 stvec ffffffff85ffc980 vstvec 0000000000000000 mepc ffffffff806aaab8 sepc ffffffff85fe7032 vsepc 0000000000000000 mcause 8000000000000003 scause 8000000000000001 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080027000 sscratch 0000000000000000 satp a1765000000aaf86 x0/zero 0000000000000000 x1/ra ffffffff800104c8 x2/sp ff20000003427440 x3/gp ffffffff897bea80 x4/tp ff60000018561a40 x5/t0 ff60000018562560 x6/t1 ffebffff0dd89da0 x7/t2 0000000000000026 x8/s0 ff20000003427440 x9/s1 ff20000003427600 x10/a0 0000000000000005 x11/a1 ffffffff85fdb17e x12/a2 0000000000000000 x13/a3 ffffffff8000a77e x14/a4 0000000000000000 x15/a5 ff60000018562a40 x16/a6 0000000000000003 x17/a7 ff6000006ec4ed03 x18/s2 ff200000034274c0 x19/s3 0000000000000000 x20/s4 ff200000034274d0 x21/s5 0000000000000000 x22/s6 ffffffff8000a754 x23/s7 dfffffff00000000 x24/s8 dfffffff00000000 x25/s9 ffffffff85ffc980 x26/s10 0000000000007fff x27/s11 ff200000034275d0 x28/t3 1fec0000030ac4ab x29/t4 ffebffff0dd89da0 x30/t5 ffebffff0dd89da1 x31/t6 1fec0000030ac4b0 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000