last executing test programs: 0s ago: executing program 3 (id=4): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000a80)=ANY=[], 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:16636' (ED25519) to the list of known hosts. [ 41.585641][ T5937] cgroup: Unknown subsys name 'net' [ 41.683949][ T5937] cgroup: Unknown subsys name 'cpuset' [ 41.687469][ T5937] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 42.455991][ T5937] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.271495][ T5962] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.281689][ T5966] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.284865][ T5966] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.285317][ T5963] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.287115][ T5966] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.289912][ T5963] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.290031][ T5965] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.291033][ T5965] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.291343][ T5966] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 45.291466][ T5966] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.292916][ T5963] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.294101][ T5964] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.295544][ T5964] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.296588][ T5965] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.297421][ T5965] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.297847][ T5963] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.298988][ T5965] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 45.299099][ T5965] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.300189][ T5964] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.302166][ T5963] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 45.304463][ T5964] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.306127][ T5963] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.307519][ T5964] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 45.325794][ T5964] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.433318][ T5954] chnl_net:caif_netlink_parms(): no params data found [ 45.457666][ T5948] chnl_net:caif_netlink_parms(): no params data found [ 45.524515][ T5950] chnl_net:caif_netlink_parms(): no params data found [ 45.567949][ T5954] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.569856][ T5954] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.572721][ T5954] bridge_slave_0: entered allmulticast mode [ 45.574759][ T5954] bridge_slave_0: entered promiscuous mode [ 45.614382][ T5948] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.616816][ T5948] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.619400][ T5948] bridge_slave_0: entered allmulticast mode [ 45.621513][ T5948] bridge_slave_0: entered promiscuous mode [ 45.624160][ T5948] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.626028][ T5948] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.628355][ T5948] bridge_slave_1: entered allmulticast mode [ 45.630390][ T5948] bridge_slave_1: entered promiscuous mode [ 45.633102][ T5954] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.635043][ T5954] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.636911][ T5954] bridge_slave_1: entered allmulticast mode [ 45.638929][ T5954] bridge_slave_1: entered promiscuous mode [ 45.710549][ T5950] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.712640][ T5950] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.714547][ T5950] bridge_slave_0: entered allmulticast mode [ 45.716516][ T5950] bridge_slave_0: entered promiscuous mode [ 45.720851][ T5948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.734022][ T5954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.736558][ T5950] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.738448][ T5950] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.740362][ T5950] bridge_slave_1: entered allmulticast mode [ 45.742541][ T5950] bridge_slave_1: entered promiscuous mode [ 45.745346][ T5948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.748784][ T5954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.804488][ T5954] team0: Port device team_slave_0 added [ 45.807125][ T5950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.811047][ T5948] team0: Port device team_slave_0 added [ 45.814835][ T5948] team0: Port device team_slave_1 added [ 45.835524][ T5954] team0: Port device team_slave_1 added [ 45.838006][ T5950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.840461][ T5952] chnl_net:caif_netlink_parms(): no params data found [ 45.844054][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.845865][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.852581][ T5948] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.888716][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.890612][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.897367][ T5948] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.900638][ T5954] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.902513][ T5954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.909099][ T5954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.912934][ T5954] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.914741][ T5954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.921352][ T5954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.936205][ T5950] team0: Port device team_slave_0 added [ 45.972203][ T5950] team0: Port device team_slave_1 added [ 46.058546][ T5952] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.060542][ T5952] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.062848][ T5952] bridge_slave_0: entered allmulticast mode [ 46.065551][ T5952] bridge_slave_0: entered promiscuous mode [ 46.068399][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.070407][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.078991][ T5950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.084876][ T5954] hsr_slave_0: entered promiscuous mode [ 46.086696][ T5954] hsr_slave_1: entered promiscuous mode [ 46.090050][ T5948] hsr_slave_0: entered promiscuous mode [ 46.091954][ T5948] hsr_slave_1: entered promiscuous mode [ 46.093664][ T5948] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.095764][ T5948] Cannot create hsr debugfs directory [ 46.098055][ T5952] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.100349][ T5952] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.102647][ T5952] bridge_slave_1: entered allmulticast mode [ 46.104894][ T5952] bridge_slave_1: entered promiscuous mode [ 46.107523][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.109846][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.117837][ T5950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.201306][ T5952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.207535][ T5952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.271852][ T5950] hsr_slave_0: entered promiscuous mode [ 46.274197][ T5950] hsr_slave_1: entered promiscuous mode [ 46.276200][ T5950] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.278712][ T5950] Cannot create hsr debugfs directory [ 46.282199][ T5952] team0: Port device team_slave_0 added [ 46.286130][ T5952] team0: Port device team_slave_1 added [ 46.339731][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.341680][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.348354][ T5952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.353760][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.355591][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.362104][ T5952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.418231][ T5952] hsr_slave_0: entered promiscuous mode [ 46.420154][ T5952] hsr_slave_1: entered promiscuous mode [ 46.421927][ T5952] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.423869][ T5952] Cannot create hsr debugfs directory [ 46.448972][ T5948] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 46.477383][ T5948] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 46.480921][ T5948] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 46.501620][ T5948] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 46.520138][ T5954] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 46.525159][ T5954] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 46.537876][ T5954] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 46.541101][ T5954] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 46.566844][ T5950] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 46.570652][ T5950] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 46.573981][ T5950] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 46.577008][ T5950] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 46.601349][ T5952] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.605096][ T5952] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.608354][ T5952] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.615365][ T5952] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.674074][ T5950] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.681500][ T5948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.697723][ T5950] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.710338][ T5954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.713821][ T5948] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.717702][ T70] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.719683][ T70] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.728532][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.730424][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.733683][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.735565][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.741169][ T5954] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.746994][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.748933][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.755005][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.757371][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.767564][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.769482][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.774495][ T5952] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.795207][ T5952] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.807911][ T70] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.810514][ T70] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.826505][ T70] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.828468][ T70] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.896580][ T5950] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.915584][ T5950] veth0_vlan: entered promiscuous mode [ 46.923375][ T5950] veth1_vlan: entered promiscuous mode [ 46.930381][ T5948] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.945290][ T5950] veth0_macvtap: entered promiscuous mode [ 46.954542][ T5952] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.958335][ T5950] veth1_macvtap: entered promiscuous mode [ 46.972401][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.977327][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.985227][ T5954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.989460][ T5950] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.992073][ T5950] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.994373][ T5950] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.996667][ T5950] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.001878][ T5948] veth0_vlan: entered promiscuous mode [ 47.015321][ T5948] veth1_vlan: entered promiscuous mode [ 47.042307][ T5952] veth0_vlan: entered promiscuous mode [ 47.049907][ T5948] veth0_macvtap: entered promiscuous mode [ 47.057529][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.057541][ T5948] veth1_macvtap: entered promiscuous mode [ 47.061348][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.063692][ T5952] veth1_vlan: entered promiscuous mode [ 47.068781][ T5948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.072358][ T5948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.075723][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.088282][ T5948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.090978][ T5948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.094356][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.099090][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.099196][ T5948] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.101316][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.103695][ T5948] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.107832][ T5948] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.110153][ T5948] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.120885][ T5954] veth0_vlan: entered promiscuous mode [ 47.128016][ T5952] veth0_macvtap: entered promiscuous mode [ 47.130755][ T5952] veth1_macvtap: entered promiscuous mode [ 47.150140][ T5954] veth1_vlan: entered promiscuous mode [ 47.160007][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.164057][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.166613][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.169408][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.173604][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.176745][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.178132][ T5950] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 47.179676][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.179694][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.189188][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.192493][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.197592][ T5952] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.199868][ T5952] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.202407][ T5952] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.204692][ T5952] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.224412][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.226809][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.240058][ T5954] veth0_macvtap: entered promiscuous mode [ 47.251053][ T6013] BUG: Bad page state in process syz.3.4 pfn:49ac5 [ 47.251763][ T5954] veth1_macvtap: entered promiscuous mode [ 47.252984][ T6013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x49ac5 [ 47.258900][ T6013] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 47.260845][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.260854][ T6013] raw: 04fff00000000000 dead000000000040 ffff88801f1ab000 0000000000000000 [ 47.260866][ T6013] raw: ffff888000000000 3fffffffffffffff 00000000ffffffff 0000000000000000 [ 47.263071][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.264545][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.264556][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.265318][ T6013] page dumped because: page_pool leak [ 47.271821][ T5954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.273526][ T6013] page_owner tracks the page as allocated [ 47.273534][ T6013] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6013, tgid 6012 (syz.3.4), ts 47251006027, free_ts 46951890125 [ 47.275629][ T5954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.275645][ T6013] post_alloc_hook+0x181/0x1b0 [ 47.278385][ T5954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.279973][ T6013] get_page_from_freelist+0xfce/0x2f80 [ 47.284415][ T5954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.286965][ T6013] __alloc_frozen_pages_noprof+0x221/0x2470 [ 47.288278][ T5954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.290995][ T6013] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 47.292772][ T5954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.295178][ T6013] __page_pool_alloc_pages_slow+0x18c/0x770 [ 47.298433][ T5954] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.300040][ T6013] page_pool_alloc_netmems+0xc4/0x160 [ 47.300058][ T6013] page_pool_alloc_frag_netmem+0x220/0x760 [ 47.300072][ T6013] skb_pp_cow_data+0x571/0xf10 [ 47.300088][ T6013] skb_cow_data_for_xdp+0x88/0xb0 [ 47.311422][ T5954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.312455][ T6013] do_xdp_generic+0x3f1/0xe70 [ 47.312469][ T6013] tun_get_user+0x1e04/0x3e50 [ 47.312484][ T6013] tun_chr_write_iter+0xdc/0x210 [ 47.314527][ T5954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.317044][ T6013] vfs_write+0x5ae/0x1150 [ 47.318574][ T5954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.319818][ T6013] ksys_write+0x12b/0x250 [ 47.321099][ T5954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.323609][ T6013] __do_fast_syscall_32+0x73/0x120 [ 47.323626][ T6013] do_fast_syscall_32+0x32/0x80 [ 47.323639][ T6013] page last free pid 0 tgid 0 stack trace: [ 47.323646][ T6013] free_frozen_pages+0x6db/0xfb0 [ 47.324936][ T5954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.327434][ T6013] tlb_remove_table_rcu+0x116/0x1a0 [ 47.328621][ T5954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.331111][ T6013] rcu_core+0x79d/0x14d0 [ 47.332689][ T5964] Bluetooth: hci0: command tx timeout [ 47.332823][ T5298] Bluetooth: hci3: command tx timeout [ 47.333081][ T5954] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.333749][ T6013] handle_softirqs+0x213/0x8f0 [ 47.333766][ T6013] __irq_exit_rcu+0x109/0x170 [ 47.335130][ T5954] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.335148][ T5954] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.335182][ T5954] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.335199][ T5954] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.335870][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.336931][ T6013] irq_exit_rcu+0x9/0x30 [ 47.339605][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.340976][ T6013] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 47.368082][ T6013] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 47.369718][ T6013] Modules linked in: [ 47.370808][ T6013] CPU: 1 UID: 0 PID: 6013 Comm: syz.3.4 Not tainted 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 47.370821][ T6013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 47.370827][ T6013] Call Trace: [ 47.370831][ T6013] [ 47.370835][ T6013] dump_stack_lvl+0x16c/0x1f0 [ 47.370851][ T6013] bad_page+0xb3/0x1f0 [ 47.370862][ T6013] ? __pfx_bad_page+0x10/0x10 [ 47.370872][ T6013] ? page_bad_reason+0x9d/0x1e0 [ 47.370882][ T6013] free_frozen_pages+0x701/0xfb0 [ 47.370898][ T6013] page_frag_free+0x255/0x2a0 [ 47.370907][ T6013] __xdp_return+0x363/0xac0 [ 47.370922][ T6013] ? kmem_cache_free+0x2e2/0x4d0 [ 47.370937][ T6013] bpf_xdp_adjust_tail+0x9de/0xf70 [ 47.370957][ T6013] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 47.370966][ T6013] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 47.370984][ T6013] do_xdp_generic+0x70a/0xe70 [ 47.370996][ T6013] ? __pfx_do_xdp_generic+0x10/0x10 [ 47.371014][ T6013] ? tun_get_user+0x1d55/0x3e50 [ 47.371031][ T6013] tun_get_user+0x1e04/0x3e50 [ 47.371048][ T6013] ? __pfx___futex_wait+0x10/0x10 [ 47.371064][ T6013] ? __pfx_tun_get_user+0x10/0x10 [ 47.371077][ T6013] ? find_held_lock+0x2d/0x110 [ 47.371091][ T6013] ? __pfx_lock_release+0x10/0x10 [ 47.371110][ T6013] tun_chr_write_iter+0xdc/0x210 [ 47.371125][ T6013] vfs_write+0x5ae/0x1150 [ 47.371140][ T6013] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 47.371154][ T6013] ? __pfx_lock_release+0x10/0x10 [ 47.371181][ T6013] ? __pfx_vfs_write+0x10/0x10 [ 47.371195][ T6013] ? lock_acquire+0x2f/0xb0 [ 47.371208][ T6013] ? __fget_files+0x40/0x3b0 [ 47.371228][ T6013] ksys_write+0x12b/0x250 [ 47.371241][ T6013] ? __pfx_ksys_write+0x10/0x10 [ 47.371261][ T6013] __do_fast_syscall_32+0x73/0x120 [ 47.371276][ T6013] do_fast_syscall_32+0x32/0x80 [ 47.371289][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 47.371308][ T6013] RIP: 0023:0xf73ce579 [ 47.371316][ T6013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 47.371325][ T6013] RSP: 002b:00000000f5056520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 47.371335][ T6013] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 47.371344][ T6013] RDX: 000000000000fdef RSI: 00000000f73bcff4 RDI: 0000000000000000 [ 47.371349][ T6013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 47.371354][ T6013] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 47.371360][ T6013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 47.371371][ T6013] [ 47.371375][ T6013] Disabling lock debugging due to kernel taint [ 47.440471][ T6013] BUG: Bad page state in process syz.3.4 pfn:49f41 [ 47.442287][ T6013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888049f410f0 pfn:0x49f41 [ 47.444973][ T6013] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 47.446874][ T6013] raw: 04fff00000000000 dead000000000040 ffff88801f1ab000 0000000000000000 [ 47.449218][ T6013] raw: ffff888049f410f0 0000000000000001 00000000ffffffff 0000000000000000 [ 47.451487][ T6013] page dumped because: page_pool leak [ 47.452936][ T6013] page_owner tracks the page as allocated [ 47.454413][ T6013] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6013, tgid 6012 (syz.3.4), ts 47251001664, free_ts 46951896341 [ 47.458697][ T6013] post_alloc_hook+0x181/0x1b0 [ 47.460038][ T6013] get_page_from_freelist+0xfce/0x2f80 [ 47.461567][ T6013] __alloc_frozen_pages_noprof+0x221/0x2470 [ 47.463157][ T6013] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 47.464707][ T6013] __page_pool_alloc_pages_slow+0x18c/0x770 [ 47.466252][ T6013] page_pool_alloc_netmems+0xc4/0x160 [ 47.467710][ T6013] skb_pp_cow_data+0x776/0xf10 [ 47.468998][ T6013] skb_cow_data_for_xdp+0x88/0xb0 [ 47.470351][ T6013] do_xdp_generic+0x3f1/0xe70 [ 47.471674][ T6013] tun_get_user+0x1e04/0x3e50 [ 47.472936][ T6013] tun_chr_write_iter+0xdc/0x210 [ 47.474298][ T6013] vfs_write+0x5ae/0x1150 [ 47.475476][ T6013] ksys_write+0x12b/0x250 [ 47.476636][ T6013] __do_fast_syscall_32+0x73/0x120 [ 47.478039][ T6013] do_fast_syscall_32+0x32/0x80 [ 47.479383][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 47.481074][ T6013] page last free pid 0 tgid 0 stack trace: [ 47.482705][ T6013] free_frozen_pages+0x6db/0xfb0 [ 47.484074][ T6013] tlb_remove_table_rcu+0x116/0x1a0 [ 47.485520][ T6013] rcu_core+0x79d/0x14d0 [ 47.486701][ T6013] handle_softirqs+0x213/0x8f0 [ 47.488045][ T6013] __irq_exit_rcu+0x109/0x170 [ 47.489323][ T6013] irq_exit_rcu+0x9/0x30 [ 47.490485][ T6013] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 47.492056][ T6013] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 47.493677][ T6013] Modules linked in: [ 47.494724][ T6013] CPU: 1 UID: 0 PID: 6013 Comm: syz.3.4 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 47.494739][ T6013] Tainted: [B]=BAD_PAGE [ 47.494742][ T6013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 47.494748][ T6013] Call Trace: [ 47.494752][ T6013] [ 47.494756][ T6013] dump_stack_lvl+0x16c/0x1f0 [ 47.494770][ T6013] bad_page+0xb3/0x1f0 [ 47.494780][ T6013] ? __pfx_bad_page+0x10/0x10 [ 47.494789][ T6013] ? page_bad_reason+0x9d/0x1e0 [ 47.494799][ T6013] free_frozen_pages+0x701/0xfb0 [ 47.494813][ T6013] page_frag_free+0x255/0x2a0 [ 47.494822][ T6013] __xdp_return+0x363/0xac0 [ 47.494836][ T6013] ? kmem_cache_free+0x2e2/0x4d0 [ 47.494850][ T6013] bpf_xdp_adjust_tail+0x9de/0xf70 [ 47.494866][ T6013] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 47.494874][ T6013] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 47.494889][ T6013] do_xdp_generic+0x70a/0xe70 [ 47.494900][ T6013] ? __pfx_do_xdp_generic+0x10/0x10 [ 47.494913][ T6013] ? tun_get_user+0x1d55/0x3e50 [ 47.494929][ T6013] tun_get_user+0x1e04/0x3e50 [ 47.494943][ T6013] ? __pfx___futex_wait+0x10/0x10 [ 47.494958][ T6013] ? __pfx_tun_get_user+0x10/0x10 [ 47.494971][ T6013] ? find_held_lock+0x2d/0x110 [ 47.494982][ T6013] ? __pfx_lock_release+0x10/0x10 [ 47.494998][ T6013] tun_chr_write_iter+0xdc/0x210 [ 47.495012][ T6013] vfs_write+0x5ae/0x1150 [ 47.495024][ T6013] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 47.495039][ T6013] ? __pfx_lock_release+0x10/0x10 [ 47.495051][ T6013] ? __pfx_vfs_write+0x10/0x10 [ 47.495064][ T6013] ? lock_acquire+0x2f/0xb0 [ 47.495076][ T6013] ? __fget_files+0x40/0x3b0 [ 47.495091][ T6013] ksys_write+0x12b/0x250 [ 47.495104][ T6013] ? __pfx_ksys_write+0x10/0x10 [ 47.495118][ T6013] __do_fast_syscall_32+0x73/0x120 [ 47.495131][ T6013] do_fast_syscall_32+0x32/0x80 [ 47.495144][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 47.495159][ T6013] RIP: 0023:0xf73ce579 [ 47.495179][ T6013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 47.495188][ T6013] RSP: 002b:00000000f5056520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 47.495198][ T6013] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 47.495204][ T6013] RDX: 000000000000fdef RSI: 00000000f73bcff4 RDI: 0000000000000000 [ 47.495209][ T6013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 47.495214][ T6013] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 47.495219][ T6013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 47.495227][ T6013] [ 47.495233][ T6013] BUG: Bad page state in process syz.3.4 pfn:4c463 [ 47.565594][ T6013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c463 [ 47.567874][ T6013] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 47.569745][ T6013] raw: 04fff00000000000 dead000000000040 ffff88801f1ab000 0000000000000000 [ 47.572027][ T6013] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 47.574259][ T6013] page dumped because: page_pool leak [ 47.575723][ T6013] page_owner tracks the page as allocated [ 47.577237][ T6013] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6013, tgid 6012 (syz.3.4), ts 47250997739, free_ts 46951902650 [ 47.581579][ T6013] post_alloc_hook+0x181/0x1b0 [ 47.582818][ T6013] get_page_from_freelist+0xfce/0x2f80 [ 47.584266][ T6013] __alloc_frozen_pages_noprof+0x221/0x2470 [ 47.585872][ T6013] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 47.587395][ T6013] __page_pool_alloc_pages_slow+0x18c/0x770 [ 47.589012][ T6013] page_pool_alloc_netmems+0xc4/0x160 [ 47.590676][ T6013] skb_pp_cow_data+0x776/0xf10 [ 47.592271][ T6013] skb_cow_data_for_xdp+0x88/0xb0 [ 47.594030][ T6013] do_xdp_generic+0x3f1/0xe70 [ 47.595341][ T6013] tun_get_user+0x1e04/0x3e50 [ 47.596607][ T6013] tun_chr_write_iter+0xdc/0x210 [ 47.597962][ T6013] vfs_write+0x5ae/0x1150 [ 47.599110][ T6013] ksys_write+0x12b/0x250 [ 47.600310][ T6013] __do_fast_syscall_32+0x73/0x120 [ 47.601726][ T6013] do_fast_syscall_32+0x32/0x80 [ 47.603030][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 47.604712][ T6013] page last free pid 0 tgid 0 stack trace: [ 47.606224][ T6013] free_frozen_pages+0x6db/0xfb0 [ 47.607555][ T6013] rcu_core+0x79d/0x14d0 [ 47.608695][ T6013] handle_softirqs+0x213/0x8f0 [ 47.609977][ T6013] __irq_exit_rcu+0x109/0x170 [ 47.611262][ T6013] irq_exit_rcu+0x9/0x30 [ 47.612446][ T6013] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 47.613937][ T6013] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 47.615558][ T6013] Modules linked in: [ 47.616651][ T6013] CPU: 1 UID: 0 PID: 6013 Comm: syz.3.4 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 47.616665][ T6013] Tainted: [B]=BAD_PAGE [ 47.616668][ T6013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 47.616674][ T6013] Call Trace: [ 47.616678][ T6013] [ 47.616682][ T6013] dump_stack_lvl+0x16c/0x1f0 [ 47.616697][ T6013] bad_page+0xb3/0x1f0 [ 47.616707][ T6013] ? __pfx_bad_page+0x10/0x10 [ 47.616716][ T6013] ? page_bad_reason+0x9d/0x1e0 [ 47.616726][ T6013] free_frozen_pages+0x701/0xfb0 [ 47.616740][ T6013] page_frag_free+0x255/0x2a0 [ 47.616749][ T6013] __xdp_return+0x363/0xac0 [ 47.616763][ T6013] ? kmem_cache_free+0x2e2/0x4d0 [ 47.616777][ T6013] bpf_xdp_adjust_tail+0x9de/0xf70 [ 47.616794][ T6013] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 47.616802][ T6013] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 47.616816][ T6013] do_xdp_generic+0x70a/0xe70 [ 47.616832][ T6013] ? __pfx_do_xdp_generic+0x10/0x10 [ 47.616853][ T6013] ? tun_get_user+0x1d55/0x3e50 [ 47.616874][ T6013] tun_get_user+0x1e04/0x3e50 [ 47.616889][ T6013] ? __pfx___futex_wait+0x10/0x10 [ 47.616904][ T6013] ? __pfx_tun_get_user+0x10/0x10 [ 47.616916][ T6013] ? find_held_lock+0x2d/0x110 [ 47.616928][ T6013] ? __pfx_lock_release+0x10/0x10 [ 47.616944][ T6013] tun_chr_write_iter+0xdc/0x210 [ 47.616958][ T6013] vfs_write+0x5ae/0x1150 [ 47.616971][ T6013] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 47.616984][ T6013] ? __pfx_lock_release+0x10/0x10 [ 47.616997][ T6013] ? __pfx_vfs_write+0x10/0x10 [ 47.617009][ T6013] ? lock_acquire+0x2f/0xb0 [ 47.617021][ T6013] ? __fget_files+0x40/0x3b0 [ 47.617037][ T6013] ksys_write+0x12b/0x250 [ 47.617049][ T6013] ? __pfx_ksys_write+0x10/0x10 [ 47.617063][ T6013] __do_fast_syscall_32+0x73/0x120 [ 47.617076][ T6013] do_fast_syscall_32+0x32/0x80 [ 47.617089][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 47.617104][ T6013] RIP: 0023:0xf73ce579 [ 47.617111][ T6013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 47.617120][ T6013] RSP: 002b:00000000f5056520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 47.617129][ T6013] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 47.617135][ T6013] RDX: 000000000000fdef RSI: 00000000f73bcff4 RDI: 0000000000000000 [ 47.617141][ T6013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 47.617146][ T6013] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 47.617151][ T6013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 47.617159][ T6013] [ 47.617164][ T6013] BUG: Bad page state in process syz.3.4 pfn:67367 [ 47.687800][ T6013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880673670f0 pfn:0x67367 [ 47.690360][ T6013] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 47.692307][ T6013] raw: 04fff00000000000 dead000000000040 ffff88801f1ab000 0000000000000000 [ 47.694507][ T6013] raw: ffff8880673670f0 0000000000000001 00000000ffffffff 0000000000000000 [ 47.696892][ T6013] page dumped because: page_pool leak [ 47.698335][ T6013] page_owner tracks the page as allocated [ 47.699819][ T6013] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6013, tgid 6012 (syz.3.4), ts 47250993767, free_ts 46952792470 [ 47.705364][ T6013] post_alloc_hook+0x181/0x1b0 [ 47.707014][ T6013] get_page_from_freelist+0xfce/0x2f80 [ 47.708460][ T6013] __alloc_frozen_pages_noprof+0x221/0x2470 [ 47.710312][ T6013] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 47.712303][ T6013] __page_pool_alloc_pages_slow+0x18c/0x770 [ 47.714350][ T6013] page_pool_alloc_netmems+0xc4/0x160 [ 47.716211][ T6013] skb_pp_cow_data+0x776/0xf10 [ 47.717734][ T6013] skb_cow_data_for_xdp+0x88/0xb0 [ 47.719463][ T6013] do_xdp_generic+0x3f1/0xe70 [ 47.721051][ T6013] tun_get_user+0x1e04/0x3e50 [ 47.722630][ T6013] tun_chr_write_iter+0xdc/0x210 [ 47.724367][ T6013] vfs_write+0x5ae/0x1150 [ 47.725939][ T6013] ksys_write+0x12b/0x250 [ 47.727466][ T6013] __do_fast_syscall_32+0x73/0x120 [ 47.729270][ T6013] do_fast_syscall_32+0x32/0x80 [ 47.731031][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 47.733567][ T6013] page last free pid 5957 tgid 5957 stack trace: [ 47.736312][ T6013] free_frozen_pages+0x6db/0xfb0 [ 47.738049][ T6013] __put_partials+0x14c/0x170 [ 47.739789][ T6013] qlist_free_all+0x4e/0x120 [ 47.741163][ T6013] kasan_quarantine_reduce+0x195/0x1e0 [ 47.743632][ T6013] __kasan_slab_alloc+0x69/0x90 [ 47.745683][ T6013] __kmalloc_cache_noprof+0x243/0x410 [ 47.747815][ T6013] nsim_fib_event_work+0x1384/0x26d0 [ 47.749857][ T6013] process_one_work+0x9c5/0x1ba0 [ 47.751705][ T6013] worker_thread+0x6c8/0xf00 [ 47.753112][ T6013] kthread+0x3af/0x750 [ 47.754440][ T6013] ret_from_fork+0x45/0x80 [ 47.756174][ T6013] ret_from_fork_asm+0x1a/0x30 [ 47.757635][ T6013] Modules linked in: [ 47.759107][ T6013] CPU: 1 UID: 0 PID: 6013 Comm: syz.3.4 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 47.759121][ T6013] Tainted: [B]=BAD_PAGE [ 47.759124][ T6013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 47.759130][ T6013] Call Trace: [ 47.759133][ T6013] [ 47.759137][ T6013] dump_stack_lvl+0x16c/0x1f0 [ 47.759154][ T6013] bad_page+0xb3/0x1f0 [ 47.759185][ T6013] ? __pfx_bad_page+0x10/0x10 [ 47.759198][ T6013] ? page_bad_reason+0x9d/0x1e0 [ 47.759208][ T6013] free_frozen_pages+0x701/0xfb0 [ 47.759222][ T6013] page_frag_free+0x255/0x2a0 [ 47.759232][ T6013] __xdp_return+0x363/0xac0 [ 47.759246][ T6013] ? kmem_cache_free+0x2e2/0x4d0 [ 47.759259][ T6013] bpf_xdp_adjust_tail+0x9de/0xf70 [ 47.759276][ T6013] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 47.759284][ T6013] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 47.759298][ T6013] do_xdp_generic+0x70a/0xe70 [ 47.759309][ T6013] ? __pfx_do_xdp_generic+0x10/0x10 [ 47.759323][ T6013] ? tun_get_user+0x1d55/0x3e50 [ 47.759348][ T6013] tun_get_user+0x1e04/0x3e50 [ 47.759371][ T6013] ? __pfx___futex_wait+0x10/0x10 [ 47.759393][ T6013] ? __pfx_tun_get_user+0x10/0x10 [ 47.759413][ T6013] ? find_held_lock+0x2d/0x110 [ 47.759430][ T6013] ? __pfx_lock_release+0x10/0x10 [ 47.759454][ T6013] tun_chr_write_iter+0xdc/0x210 [ 47.759477][ T6013] vfs_write+0x5ae/0x1150 [ 47.759498][ T6013] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 47.759520][ T6013] ? __pfx_lock_release+0x10/0x10 [ 47.759536][ T6013] ? __pfx_vfs_write+0x10/0x10 [ 47.759548][ T6013] ? lock_acquire+0x2f/0xb0 [ 47.759560][ T6013] ? __fget_files+0x40/0x3b0 [ 47.759575][ T6013] ksys_write+0x12b/0x250 [ 47.759588][ T6013] ? __pfx_ksys_write+0x10/0x10 [ 47.759601][ T6013] __do_fast_syscall_32+0x73/0x120 [ 47.759615][ T6013] do_fast_syscall_32+0x32/0x80 [ 47.759628][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 47.759644][ T6013] RIP: 0023:0xf73ce579 [ 47.759651][ T6013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 47.759660][ T6013] RSP: 002b:00000000f5056520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 47.759669][ T6013] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 47.759675][ T6013] RDX: 000000000000fdef RSI: 00000000f73bcff4 RDI: 0000000000000000 [ 47.759681][ T6013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 47.759686][ T6013] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 47.759691][ T6013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 47.759699][ T6013] [ 47.759705][ T6013] BUG: Bad page state in process syz.3.4 pfn:67365 [ 47.831457][ T6013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888067365000 pfn:0x67365 [ 47.834030][ T6013] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 47.835909][ T6013] raw: 04fff00000000000 dead000000000040 ffff88801f1ab000 0000000000000000 [ 47.838108][ T6013] raw: ffff888067365000 0000000000000001 00000000ffffffff 0000000000000000 [ 47.840327][ T6013] page dumped because: page_pool leak [ 47.841766][ T6013] page_owner tracks the page as allocated [ 47.843247][ T6013] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6013, tgid 6012 (syz.3.4), ts 47250989735, free_ts 46952796156 [ 47.847430][ T6013] post_alloc_hook+0x181/0x1b0 [ 47.848678][ T6013] get_page_from_freelist+0xfce/0x2f80 [ 47.850100][ T6013] __alloc_frozen_pages_noprof+0x221/0x2470 [ 47.851731][ T6013] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 47.853186][ T6013] __page_pool_alloc_pages_slow+0x18c/0x770 [ 47.854741][ T6013] page_pool_alloc_netmems+0xc4/0x160 [ 47.856177][ T6013] skb_pp_cow_data+0x776/0xf10 [ 47.857467][ T6013] skb_cow_data_for_xdp+0x88/0xb0 [ 47.858827][ T6013] do_xdp_generic+0x3f1/0xe70 [ 47.860096][ T6013] tun_get_user+0x1e04/0x3e50 [ 47.861382][ T6013] tun_chr_write_iter+0xdc/0x210 [ 47.862775][ T6013] vfs_write+0x5ae/0x1150 [ 47.863988][ T6013] ksys_write+0x12b/0x250 [ 47.865188][ T6013] __do_fast_syscall_32+0x73/0x120 [ 47.866583][ T6013] do_fast_syscall_32+0x32/0x80 [ 47.867958][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 47.869691][ T6013] page last free pid 5957 tgid 5957 stack trace: [ 47.871385][ T6013] free_frozen_pages+0x6db/0xfb0 [ 47.872748][ T6013] __put_partials+0x14c/0x170 [ 47.874032][ T6013] qlist_free_all+0x4e/0x120 [ 47.875273][ T6013] kasan_quarantine_reduce+0x195/0x1e0 [ 47.876693][ T6013] __kasan_slab_alloc+0x69/0x90 [ 47.878020][ T6013] __kmalloc_cache_noprof+0x243/0x410 [ 47.879432][ T6013] nsim_fib_event_work+0x1384/0x26d0 [ 47.880863][ T6013] process_one_work+0x9c5/0x1ba0 [ 47.882229][ T6013] worker_thread+0x6c8/0xf00 [ 47.883464][ T6013] kthread+0x3af/0x750 [ 47.884569][ T6013] ret_from_fork+0x45/0x80 [ 47.885777][ T6013] ret_from_fork_asm+0x1a/0x30 [ 47.887061][ T6013] Modules linked in: [ 47.888085][ T6013] CPU: 1 UID: 0 PID: 6013 Comm: syz.3.4 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 47.888099][ T6013] Tainted: [B]=BAD_PAGE [ 47.888102][ T6013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 47.888108][ T6013] Call Trace: [ 47.888112][ T6013] [ 47.888116][ T6013] dump_stack_lvl+0x16c/0x1f0 [ 47.888130][ T6013] bad_page+0xb3/0x1f0 [ 47.888140][ T6013] ? __pfx_bad_page+0x10/0x10 [ 47.888150][ T6013] ? page_bad_reason+0x9d/0x1e0 [ 47.888159][ T6013] free_frozen_pages+0x701/0xfb0 [ 47.888173][ T6013] page_frag_free+0x255/0x2a0 [ 47.888182][ T6013] __xdp_return+0x363/0xac0 [ 47.888196][ T6013] ? kmem_cache_free+0x2e2/0x4d0 [ 47.888210][ T6013] bpf_xdp_adjust_tail+0x9de/0xf70 [ 47.888227][ T6013] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 47.888235][ T6013] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 47.888249][ T6013] do_xdp_generic+0x70a/0xe70 [ 47.888260][ T6013] ? __pfx_do_xdp_generic+0x10/0x10 [ 47.888273][ T6013] ? tun_get_user+0x1d55/0x3e50 [ 47.888288][ T6013] tun_get_user+0x1e04/0x3e50 [ 47.888303][ T6013] ? __pfx___futex_wait+0x10/0x10 [ 47.888317][ T6013] ? __pfx_tun_get_user+0x10/0x10 [ 47.888330][ T6013] ? find_held_lock+0x2d/0x110 [ 47.888342][ T6013] ? __pfx_lock_release+0x10/0x10 [ 47.888357][ T6013] tun_chr_write_iter+0xdc/0x210 [ 47.888371][ T6013] vfs_write+0x5ae/0x1150 [ 47.888384][ T6013] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 47.888398][ T6013] ? __pfx_lock_release+0x10/0x10 [ 47.888410][ T6013] ? __pfx_vfs_write+0x10/0x10 [ 47.888423][ T6013] ? lock_acquire+0x2f/0xb0 [ 47.888434][ T6013] ? __fget_files+0x40/0x3b0 [ 47.888450][ T6013] ksys_write+0x12b/0x250 [ 47.888462][ T6013] ? __pfx_ksys_write+0x10/0x10 [ 47.888476][ T6013] __do_fast_syscall_32+0x73/0x120 [ 47.888490][ T6013] do_fast_syscall_32+0x32/0x80 [ 47.888503][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 47.888518][ T6013] RIP: 0023:0xf73ce579 [ 47.888525][ T6013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 47.888534][ T6013] RSP: 002b:00000000f5056520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 47.888543][ T6013] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 47.888549][ T6013] RDX: 000000000000fdef RSI: 00000000f73bcff4 RDI: 0000000000000000 [ 47.888555][ T6013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 47.888560][ T6013] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 47.888565][ T6013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 47.888573][ T6013] [ 47.888579][ T6013] BUG: Bad page state in process syz.3.4 pfn:67e65 [ 47.958003][ T6013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888067e651e0 pfn:0x67e65 [ 47.960543][ T6013] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 47.962432][ T6013] raw: 04fff00000000000 dead000000000040 ffff88801f1ab000 0000000000000000 [ 47.964596][ T6013] raw: ffff888067e651e0 0000000000000001 00000000ffffffff 0000000000000000 [ 47.966731][ T6013] page dumped because: page_pool leak [ 47.968148][ T6013] page_owner tracks the page as allocated [ 47.969633][ T6013] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6013, tgid 6012 (syz.3.4), ts 47250985655, free_ts 46952799734 [ 47.973706][ T6013] post_alloc_hook+0x181/0x1b0 [ 47.974949][ T6013] get_page_from_freelist+0xfce/0x2f80 [ 47.976390][ T6013] __alloc_frozen_pages_noprof+0x221/0x2470 [ 47.977930][ T6013] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 47.979454][ T6013] __page_pool_alloc_pages_slow+0x18c/0x770 [ 47.981053][ T6013] page_pool_alloc_netmems+0xc4/0x160 [ 47.982479][ T6013] skb_pp_cow_data+0x776/0xf10 [ 47.983747][ T6013] skb_cow_data_for_xdp+0x88/0xb0 [ 47.985052][ T6013] do_xdp_generic+0x3f1/0xe70 [ 47.986301][ T6013] tun_get_user+0x1e04/0x3e50 [ 47.987621][ T6013] tun_chr_write_iter+0xdc/0x210 [ 47.988972][ T6013] vfs_write+0x5ae/0x1150 [ 47.990023][ T6013] ksys_write+0x12b/0x250 [ 47.991123][ T6013] __do_fast_syscall_32+0x73/0x120 [ 47.992509][ T6013] do_fast_syscall_32+0x32/0x80 [ 47.993803][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 47.995435][ T6013] page last free pid 5957 tgid 5957 stack trace: [ 47.997115][ T6013] free_frozen_pages+0x6db/0xfb0 [ 47.998386][ T6013] __put_partials+0x14c/0x170 [ 47.999630][ T6013] qlist_free_all+0x4e/0x120 [ 48.000858][ T6013] kasan_quarantine_reduce+0x195/0x1e0 [ 48.002370][ T6013] __kasan_slab_alloc+0x69/0x90 [ 48.003654][ T6013] __kmalloc_cache_noprof+0x243/0x410 [ 48.005022][ T6013] nsim_fib_event_work+0x1384/0x26d0 [ 48.006400][ T6013] process_one_work+0x9c5/0x1ba0 [ 48.007740][ T6013] worker_thread+0x6c8/0xf00 [ 48.008939][ T6013] kthread+0x3af/0x750 [ 48.010013][ T6013] ret_from_fork+0x45/0x80 [ 48.011204][ T6013] ret_from_fork_asm+0x1a/0x30 [ 48.012524][ T6013] Modules linked in: [ 48.013559][ T6013] CPU: 1 UID: 0 PID: 6013 Comm: syz.3.4 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 48.013572][ T6013] Tainted: [B]=BAD_PAGE [ 48.013576][ T6013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.013581][ T6013] Call Trace: [ 48.013585][ T6013] [ 48.013588][ T6013] dump_stack_lvl+0x16c/0x1f0 [ 48.013603][ T6013] bad_page+0xb3/0x1f0 [ 48.013612][ T6013] ? __pfx_bad_page+0x10/0x10 [ 48.013621][ T6013] ? page_bad_reason+0x9d/0x1e0 [ 48.013631][ T6013] free_frozen_pages+0x701/0xfb0 [ 48.013644][ T6013] page_frag_free+0x255/0x2a0 [ 48.013654][ T6013] __xdp_return+0x363/0xac0 [ 48.013667][ T6013] ? kmem_cache_free+0x2e2/0x4d0 [ 48.013681][ T6013] bpf_xdp_adjust_tail+0x9de/0xf70 [ 48.013698][ T6013] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 48.013705][ T6013] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 48.013720][ T6013] do_xdp_generic+0x70a/0xe70 [ 48.013731][ T6013] ? __pfx_do_xdp_generic+0x10/0x10 [ 48.013744][ T6013] ? tun_get_user+0x1d55/0x3e50 [ 48.013760][ T6013] tun_get_user+0x1e04/0x3e50 [ 48.013774][ T6013] ? __pfx___futex_wait+0x10/0x10 [ 48.013789][ T6013] ? __pfx_tun_get_user+0x10/0x10 [ 48.013802][ T6013] ? find_held_lock+0x2d/0x110 [ 48.013814][ T6013] ? __pfx_lock_release+0x10/0x10 [ 48.013829][ T6013] tun_chr_write_iter+0xdc/0x210 [ 48.013843][ T6013] vfs_write+0x5ae/0x1150 [ 48.013855][ T6013] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 48.013869][ T6013] ? __pfx_lock_release+0x10/0x10 [ 48.013882][ T6013] ? __pfx_vfs_write+0x10/0x10 [ 48.013897][ T6013] ? lock_acquire+0x2f/0xb0 [ 48.013910][ T6013] ? __fget_files+0x40/0x3b0 [ 48.013925][ T6013] ksys_write+0x12b/0x250 [ 48.013938][ T6013] ? __pfx_ksys_write+0x10/0x10 [ 48.013952][ T6013] __do_fast_syscall_32+0x73/0x120 [ 48.013966][ T6013] do_fast_syscall_32+0x32/0x80 [ 48.013978][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.013994][ T6013] RIP: 0023:0xf73ce579 [ 48.014001][ T6013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 48.014010][ T6013] RSP: 002b:00000000f5056520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 48.014019][ T6013] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 48.014025][ T6013] RDX: 000000000000fdef RSI: 00000000f73bcff4 RDI: 0000000000000000 [ 48.014030][ T6013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 48.014036][ T6013] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 48.014041][ T6013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.014049][ T6013] [ 48.014055][ T6013] BUG: Bad page state in process syz.3.4 pfn:4f379 [ 48.083135][ T6013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804f379000 pfn:0x4f379 [ 48.085679][ T6013] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 48.087582][ T6013] raw: 04fff00000000000 dead000000000040 ffff88801f1ab000 0000000000000000 [ 48.089729][ T6013] raw: ffff88804f379000 0000000000000001 00000000ffffffff 0000000000000000 [ 48.092018][ T6013] page dumped because: page_pool leak [ 48.093418][ T6013] page_owner tracks the page as allocated [ 48.094877][ T6013] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6013, tgid 6012 (syz.3.4), ts 47250981021, free_ts 46952803386 [ 48.099037][ T6013] post_alloc_hook+0x181/0x1b0 [ 48.100300][ T6013] get_page_from_freelist+0xfce/0x2f80 [ 48.101762][ T6013] __alloc_frozen_pages_noprof+0x221/0x2470 [ 48.103475][ T6013] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 48.104973][ T6013] __page_pool_alloc_pages_slow+0x18c/0x770 [ 48.106538][ T6013] page_pool_alloc_netmems+0xc4/0x160 [ 48.107980][ T6013] skb_pp_cow_data+0x776/0xf10 [ 48.109212][ T6013] skb_cow_data_for_xdp+0x88/0xb0 [ 48.110549][ T6013] do_xdp_generic+0x3f1/0xe70 [ 48.111918][ T6013] tun_get_user+0x1e04/0x3e50 [ 48.113213][ T6013] tun_chr_write_iter+0xdc/0x210 [ 48.114543][ T6013] vfs_write+0x5ae/0x1150 [ 48.115682][ T6013] ksys_write+0x12b/0x250 [ 48.117070][ T6013] __do_fast_syscall_32+0x73/0x120 [ 48.118452][ T6013] do_fast_syscall_32+0x32/0x80 [ 48.119756][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.121512][ T6013] page last free pid 5957 tgid 5957 stack trace: [ 48.123272][ T6013] free_frozen_pages+0x6db/0xfb0 [ 48.124593][ T6013] __put_partials+0x14c/0x170 [ 48.125852][ T6013] qlist_free_all+0x4e/0x120 [ 48.127091][ T6013] kasan_quarantine_reduce+0x195/0x1e0 [ 48.128526][ T6013] __kasan_slab_alloc+0x69/0x90 [ 48.129851][ T6013] __kmalloc_cache_noprof+0x243/0x410 [ 48.131321][ T6013] nsim_fib_event_work+0x1384/0x26d0 [ 48.132802][ T6013] process_one_work+0x9c5/0x1ba0 [ 48.134079][ T6013] worker_thread+0x6c8/0xf00 [ 48.135353][ T6013] kthread+0x3af/0x750 [ 48.136530][ T6013] ret_from_fork+0x45/0x80 [ 48.137803][ T6013] ret_from_fork_asm+0x1a/0x30 [ 48.139077][ T6013] Modules linked in: [ 48.140173][ T6013] CPU: 1 UID: 0 PID: 6013 Comm: syz.3.4 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 48.140187][ T6013] Tainted: [B]=BAD_PAGE [ 48.140191][ T6013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.140202][ T6013] Call Trace: [ 48.140206][ T6013] [ 48.140210][ T6013] dump_stack_lvl+0x16c/0x1f0 [ 48.140225][ T6013] bad_page+0xb3/0x1f0 [ 48.140235][ T6013] ? __pfx_bad_page+0x10/0x10 [ 48.140245][ T6013] ? page_bad_reason+0x9d/0x1e0 [ 48.140254][ T6013] free_frozen_pages+0x701/0xfb0 [ 48.140268][ T6013] page_frag_free+0x255/0x2a0 [ 48.140277][ T6013] __xdp_return+0x363/0xac0 [ 48.140291][ T6013] ? kmem_cache_free+0x2e2/0x4d0 [ 48.140304][ T6013] bpf_xdp_adjust_tail+0x9de/0xf70 [ 48.140322][ T6013] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 48.140330][ T6013] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 48.140344][ T6013] do_xdp_generic+0x70a/0xe70 [ 48.140355][ T6013] ? __pfx_do_xdp_generic+0x10/0x10 [ 48.140368][ T6013] ? tun_get_user+0x1d55/0x3e50 [ 48.140383][ T6013] tun_get_user+0x1e04/0x3e50 [ 48.140398][ T6013] ? __pfx___futex_wait+0x10/0x10 [ 48.140412][ T6013] ? __pfx_tun_get_user+0x10/0x10 [ 48.140425][ T6013] ? find_held_lock+0x2d/0x110 [ 48.140436][ T6013] ? __pfx_lock_release+0x10/0x10 [ 48.140452][ T6013] tun_chr_write_iter+0xdc/0x210 [ 48.140466][ T6013] vfs_write+0x5ae/0x1150 [ 48.140478][ T6013] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 48.140492][ T6013] ? __pfx_lock_release+0x10/0x10 [ 48.140504][ T6013] ? __pfx_vfs_write+0x10/0x10 [ 48.140517][ T6013] ? lock_acquire+0x2f/0xb0 [ 48.140529][ T6013] ? __fget_files+0x40/0x3b0 [ 48.140545][ T6013] ksys_write+0x12b/0x250 [ 48.140557][ T6013] ? __pfx_ksys_write+0x10/0x10 [ 48.140571][ T6013] __do_fast_syscall_32+0x73/0x120 [ 48.140585][ T6013] do_fast_syscall_32+0x32/0x80 [ 48.140599][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.140614][ T6013] RIP: 0023:0xf73ce579 [ 48.140622][ T6013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 48.140631][ T6013] RSP: 002b:00000000f5056520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 48.140640][ T6013] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 48.140646][ T6013] RDX: 000000000000fdef RSI: 00000000f73bcff4 RDI: 0000000000000000 [ 48.140652][ T6013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 48.140657][ T6013] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 48.140662][ T6013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.140670][ T6013] [ 48.140677][ T6013] BUG: Bad page state in process syz.3.4 pfn:65bdd [ 48.212070][ T6013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888065bdd3c0 pfn:0x65bdd [ 48.214760][ T6013] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 48.216732][ T6013] raw: 04fff00000000000 dead000000000040 ffff88801f1ab000 0000000000000000 [ 48.218958][ T6013] raw: ffff888065bdd3c0 0000000000000001 00000000ffffffff 0000000000000000 [ 48.221187][ T6013] page dumped because: page_pool leak [ 48.222695][ T6013] page_owner tracks the page as allocated [ 48.224288][ T6013] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6013, tgid 6012 (syz.3.4), ts 47250976778, free_ts 46952806914 [ 48.228860][ T6013] post_alloc_hook+0x181/0x1b0 [ 48.230263][ T6013] get_page_from_freelist+0xfce/0x2f80 [ 48.231850][ T6013] __alloc_frozen_pages_noprof+0x221/0x2470 [ 48.233499][ T6013] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 48.235017][ T6013] __page_pool_alloc_pages_slow+0x18c/0x770 [ 48.236646][ T6013] page_pool_alloc_netmems+0xc4/0x160 [ 48.238137][ T6013] skb_pp_cow_data+0x776/0xf10 [ 48.239458][ T6013] skb_cow_data_for_xdp+0x88/0xb0 [ 48.240833][ T6013] do_xdp_generic+0x3f1/0xe70 [ 48.242154][ T6013] tun_get_user+0x1e04/0x3e50 [ 48.243440][ T6013] tun_chr_write_iter+0xdc/0x210 [ 48.244817][ T6013] vfs_write+0x5ae/0x1150 [ 48.245993][ T6013] ksys_write+0x12b/0x250 [ 48.247211][ T6013] __do_fast_syscall_32+0x73/0x120 [ 48.248640][ T6013] do_fast_syscall_32+0x32/0x80 [ 48.249962][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.251719][ T6013] page last free pid 5957 tgid 5957 stack trace: [ 48.253452][ T6013] free_frozen_pages+0x6db/0xfb0 [ 48.254817][ T6013] __put_partials+0x14c/0x170 [ 48.256088][ T6013] qlist_free_all+0x4e/0x120 [ 48.257459][ T6013] kasan_quarantine_reduce+0x195/0x1e0 [ 48.258955][ T6013] __kasan_slab_alloc+0x69/0x90 [ 48.260334][ T6013] __kmalloc_cache_noprof+0x243/0x410 [ 48.261817][ T6013] nsim_fib_event_work+0x1384/0x26d0 [ 48.263202][ T6013] process_one_work+0x9c5/0x1ba0 [ 48.264511][ T6013] worker_thread+0x6c8/0xf00 [ 48.265756][ T6013] kthread+0x3af/0x750 [ 48.266870][ T6013] ret_from_fork+0x45/0x80 [ 48.268059][ T6013] ret_from_fork_asm+0x1a/0x30 [ 48.269341][ T6013] Modules linked in: [ 48.270408][ T6013] CPU: 1 UID: 0 PID: 6013 Comm: syz.3.4 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 48.270423][ T6013] Tainted: [B]=BAD_PAGE [ 48.270426][ T6013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.270432][ T6013] Call Trace: [ 48.270435][ T6013] [ 48.270439][ T6013] dump_stack_lvl+0x16c/0x1f0 [ 48.270455][ T6013] bad_page+0xb3/0x1f0 [ 48.270465][ T6013] ? __pfx_bad_page+0x10/0x10 [ 48.270474][ T6013] ? page_bad_reason+0x9d/0x1e0 [ 48.270484][ T6013] free_frozen_pages+0x701/0xfb0 [ 48.270498][ T6013] page_frag_free+0x255/0x2a0 [ 48.270507][ T6013] __xdp_return+0x363/0xac0 [ 48.270521][ T6013] ? kmem_cache_free+0x2e2/0x4d0 [ 48.270534][ T6013] bpf_xdp_adjust_tail+0x9de/0xf70 [ 48.270552][ T6013] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 48.270560][ T6013] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 48.270574][ T6013] do_xdp_generic+0x70a/0xe70 [ 48.270585][ T6013] ? __pfx_do_xdp_generic+0x10/0x10 [ 48.270599][ T6013] ? tun_get_user+0x1d55/0x3e50 [ 48.270613][ T6013] tun_get_user+0x1e04/0x3e50 [ 48.270628][ T6013] ? __pfx___futex_wait+0x10/0x10 [ 48.270643][ T6013] ? __pfx_tun_get_user+0x10/0x10 [ 48.270656][ T6013] ? find_held_lock+0x2d/0x110 [ 48.270667][ T6013] ? __pfx_lock_release+0x10/0x10 [ 48.270682][ T6013] tun_chr_write_iter+0xdc/0x210 [ 48.270696][ T6013] vfs_write+0x5ae/0x1150 [ 48.270710][ T6013] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 48.270724][ T6013] ? __pfx_lock_release+0x10/0x10 [ 48.270736][ T6013] ? __pfx_vfs_write+0x10/0x10 [ 48.270749][ T6013] ? lock_acquire+0x2f/0xb0 [ 48.270761][ T6013] ? __fget_files+0x40/0x3b0 [ 48.270776][ T6013] ksys_write+0x12b/0x250 [ 48.270789][ T6013] ? __pfx_ksys_write+0x10/0x10 [ 48.270802][ T6013] __do_fast_syscall_32+0x73/0x120 [ 48.270817][ T6013] do_fast_syscall_32+0x32/0x80 [ 48.270830][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.270846][ T6013] RIP: 0023:0xf73ce579 [ 48.270853][ T6013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 48.270862][ T6013] RSP: 002b:00000000f5056520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 48.270872][ T6013] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 48.270878][ T6013] RDX: 000000000000fdef RSI: 00000000f73bcff4 RDI: 0000000000000000 [ 48.270884][ T6013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 48.270889][ T6013] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 48.270894][ T6013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.270902][ T6013] [ 48.270908][ T6013] BUG: Bad page state in process syz.3.4 pfn:68500 [ 48.342659][ T6013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888068506000 pfn:0x68500 [ 48.345312][ T6013] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 48.347261][ T6013] raw: 04fff00000000000 dead000000000040 ffff88801f1ab000 0000000000000000 [ 48.349483][ T6013] raw: ffff888068506000 0000000000000001 00000000ffffffff 0000000000000000 [ 48.351774][ T6013] page dumped because: page_pool leak [ 48.353229][ T6013] page_owner tracks the page as allocated [ 48.354799][ T6013] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6013, tgid 6012 (syz.3.4), ts 47250972587, free_ts 46901847420 [ 48.359125][ T6013] post_alloc_hook+0x181/0x1b0 [ 48.360433][ T6013] get_page_from_freelist+0xfce/0x2f80 [ 48.361959][ T6013] __alloc_frozen_pages_noprof+0x221/0x2470 [ 48.363562][ T6013] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 48.365003][ T6013] __page_pool_alloc_pages_slow+0x18c/0x770 [ 48.366562][ T6013] page_pool_alloc_netmems+0xc4/0x160 [ 48.368047][ T6013] skb_pp_cow_data+0x776/0xf10 [ 48.369336][ T6013] skb_cow_data_for_xdp+0x88/0xb0 [ 48.370671][ T6013] do_xdp_generic+0x3f1/0xe70 [ 48.371960][ T6013] tun_get_user+0x1e04/0x3e50 [ 48.373207][ T6013] tun_chr_write_iter+0xdc/0x210 [ 48.374562][ T6013] vfs_write+0x5ae/0x1150 [ 48.375765][ T6013] ksys_write+0x12b/0x250 [ 48.376981][ T6013] __do_fast_syscall_32+0x73/0x120 [ 48.378384][ T6013] do_fast_syscall_32+0x32/0x80 [ 48.379676][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.381347][ T6013] page last free pid 6009 tgid 6009 stack trace: [ 48.383059][ T6013] free_frozen_pages+0x6db/0xfb0 [ 48.384358][ T6013] tlb_remove_table_rcu+0x116/0x1a0 [ 48.385702][ T6013] rcu_core+0x79d/0x14d0 [ 48.386849][ T6013] handle_softirqs+0x213/0x8f0 [ 48.388166][ T6013] __irq_exit_rcu+0x109/0x170 [ 48.389433][ T6013] irq_exit_rcu+0x9/0x30 [ 48.390563][ T6013] sysvec_apic_timer_interrupt+0x57/0xc0 [ 48.392108][ T6013] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 48.393685][ T6013] Modules linked in: [ 48.394754][ T6013] CPU: 1 UID: 0 PID: 6013 Comm: syz.3.4 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 48.394768][ T6013] Tainted: [B]=BAD_PAGE [ 48.394771][ T6013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.394777][ T6013] Call Trace: [ 48.394780][ T6013] [ 48.394784][ T6013] dump_stack_lvl+0x16c/0x1f0 [ 48.394798][ T6013] bad_page+0xb3/0x1f0 [ 48.394808][ T6013] ? __pfx_bad_page+0x10/0x10 [ 48.394817][ T6013] ? page_bad_reason+0x9d/0x1e0 [ 48.394826][ T6013] free_frozen_pages+0x701/0xfb0 [ 48.394840][ T6013] page_frag_free+0x255/0x2a0 [ 48.394850][ T6013] __xdp_return+0x363/0xac0 [ 48.394864][ T6013] ? kmem_cache_free+0x2e2/0x4d0 [ 48.394877][ T6013] bpf_xdp_adjust_tail+0x9de/0xf70 [ 48.394894][ T6013] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 48.394902][ T6013] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 48.394917][ T6013] do_xdp_generic+0x70a/0xe70 [ 48.394928][ T6013] ? __pfx_do_xdp_generic+0x10/0x10 [ 48.394941][ T6013] ? tun_get_user+0x1d55/0x3e50 [ 48.394956][ T6013] tun_get_user+0x1e04/0x3e50 [ 48.394970][ T6013] ? __pfx___futex_wait+0x10/0x10 [ 48.394985][ T6013] ? __pfx_tun_get_user+0x10/0x10 [ 48.394998][ T6013] ? find_held_lock+0x2d/0x110 [ 48.395010][ T6013] ? __pfx_lock_release+0x10/0x10 [ 48.395026][ T6013] tun_chr_write_iter+0xdc/0x210 [ 48.395040][ T6013] vfs_write+0x5ae/0x1150 [ 48.395052][ T6013] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 48.395066][ T6013] ? __pfx_lock_release+0x10/0x10 [ 48.395079][ T6013] ? __pfx_vfs_write+0x10/0x10 [ 48.395091][ T6013] ? lock_acquire+0x2f/0xb0 [ 48.395103][ T6013] ? __fget_files+0x40/0x3b0 [ 48.395119][ T6013] ksys_write+0x12b/0x250 [ 48.395131][ T6013] ? __pfx_ksys_write+0x10/0x10 [ 48.395145][ T6013] __do_fast_syscall_32+0x73/0x120 [ 48.395174][ T6013] do_fast_syscall_32+0x32/0x80 [ 48.395188][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.395203][ T6013] RIP: 0023:0xf73ce579 [ 48.395210][ T6013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 48.395219][ T6013] RSP: 002b:00000000f5056520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 48.395234][ T6013] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 48.395240][ T6013] RDX: 000000000000fdef RSI: 00000000f73bcff4 RDI: 0000000000000000 [ 48.395245][ T6013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 48.395250][ T6013] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 48.395256][ T6013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.395264][ T6013] [ 48.395269][ T6013] BUG: Bad page state in process syz.3.4 pfn:68507 [ 48.467395][ T6013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x68507 [ 48.469712][ T6013] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 48.471715][ T6013] raw: 04fff00000000000 dead000000000040 ffff88801f1ab000 0000000000000000 [ 48.473912][ T6013] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 48.476143][ T6013] page dumped because: page_pool leak [ 48.477605][ T6013] page_owner tracks the page as allocated [ 48.479084][ T6013] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6013, tgid 6012 (syz.3.4), ts 47250968655, free_ts 46901860942 [ 48.483339][ T6013] post_alloc_hook+0x181/0x1b0 [ 48.484594][ T6013] get_page_from_freelist+0xfce/0x2f80 [ 48.486035][ T6013] __alloc_frozen_pages_noprof+0x221/0x2470 [ 48.487634][ T6013] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 48.489057][ T6013] __page_pool_alloc_pages_slow+0x18c/0x770 [ 48.490611][ T6013] page_pool_alloc_netmems+0xc4/0x160 [ 48.492213][ T6013] skb_pp_cow_data+0x776/0xf10 [ 48.493472][ T6013] skb_cow_data_for_xdp+0x88/0xb0 [ 48.494761][ T6013] do_xdp_generic+0x3f1/0xe70 [ 48.496009][ T6013] tun_get_user+0x1e04/0x3e50 [ 48.497349][ T6013] tun_chr_write_iter+0xdc/0x210 [ 48.498688][ T6013] vfs_write+0x5ae/0x1150 [ 48.499872][ T6013] ksys_write+0x12b/0x250 [ 48.501033][ T6013] __do_fast_syscall_32+0x73/0x120 [ 48.502457][ T6013] do_fast_syscall_32+0x32/0x80 [ 48.503793][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.505424][ T6013] page last free pid 6009 tgid 6009 stack trace: [ 48.507080][ T6013] free_frozen_pages+0x6db/0xfb0 [ 48.508535][ T6013] tlb_remove_table_rcu+0x116/0x1a0 [ 48.509940][ T6013] rcu_core+0x79d/0x14d0 [ 48.511091][ T6013] handle_softirqs+0x213/0x8f0 [ 48.512699][ T6013] __irq_exit_rcu+0x109/0x170 [ 48.513983][ T6013] irq_exit_rcu+0x9/0x30 [ 48.515439][ T6013] sysvec_apic_timer_interrupt+0x57/0xc0 [ 48.517152][ T6013] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 48.519047][ T6013] Modules linked in: [ 48.520304][ T6013] CPU: 1 UID: 0 PID: 6013 Comm: syz.3.4 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 48.520321][ T6013] Tainted: [B]=BAD_PAGE [ 48.520325][ T6013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.520332][ T6013] Call Trace: [ 48.520337][ T6013] [ 48.520343][ T6013] dump_stack_lvl+0x16c/0x1f0 [ 48.520361][ T6013] bad_page+0xb3/0x1f0 [ 48.520373][ T6013] ? __pfx_bad_page+0x10/0x10 [ 48.520384][ T6013] ? page_bad_reason+0x9d/0x1e0 [ 48.520395][ T6013] free_frozen_pages+0x701/0xfb0 [ 48.520412][ T6013] page_frag_free+0x255/0x2a0 [ 48.520422][ T6013] __xdp_return+0x363/0xac0 [ 48.520439][ T6013] ? kmem_cache_free+0x2e2/0x4d0 [ 48.520455][ T6013] bpf_xdp_adjust_tail+0x9de/0xf70 [ 48.520475][ T6013] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 48.520484][ T6013] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 48.520501][ T6013] do_xdp_generic+0x70a/0xe70 [ 48.520513][ T6013] ? __pfx_do_xdp_generic+0x10/0x10 [ 48.520529][ T6013] ? tun_get_user+0x1d55/0x3e50 [ 48.520546][ T6013] tun_get_user+0x1e04/0x3e50 [ 48.520560][ T6013] ? __pfx___futex_wait+0x10/0x10 [ 48.520576][ T6013] ? __pfx_tun_get_user+0x10/0x10 [ 48.520588][ T6013] ? find_held_lock+0x2d/0x110 [ 48.520600][ T6013] ? __pfx_lock_release+0x10/0x10 [ 48.520616][ T6013] tun_chr_write_iter+0xdc/0x210 [ 48.520630][ T6013] vfs_write+0x5ae/0x1150 [ 48.520644][ T6013] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 48.520658][ T6013] ? __pfx_lock_release+0x10/0x10 [ 48.520670][ T6013] ? __pfx_vfs_write+0x10/0x10 [ 48.520682][ T6013] ? lock_acquire+0x2f/0xb0 [ 48.520694][ T6013] ? __fget_files+0x40/0x3b0 [ 48.520710][ T6013] ksys_write+0x12b/0x250 [ 48.520722][ T6013] ? __pfx_ksys_write+0x10/0x10 [ 48.520736][ T6013] __do_fast_syscall_32+0x73/0x120 [ 48.520750][ T6013] do_fast_syscall_32+0x32/0x80 [ 48.520763][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.520779][ T6013] RIP: 0023:0xf73ce579 [ 48.520786][ T6013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 48.520796][ T6013] RSP: 002b:00000000f5056520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 48.520805][ T6013] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 48.520812][ T6013] RDX: 000000000000fdef RSI: 00000000f73bcff4 RDI: 0000000000000000 [ 48.520817][ T6013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 48.520823][ T6013] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 48.520828][ T6013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.520836][ T6013] [ 48.520843][ T6013] BUG: Bad page state in process syz.3.4 pfn:4e30e [ 48.595360][ T6013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4e30e [ 48.597726][ T6013] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 48.599668][ T6013] raw: 04fff00000000000 dead000000000040 ffff88801f1ab000 0000000000000000 [ 48.601985][ T6013] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 48.604252][ T6013] page dumped because: page_pool leak [ 48.605712][ T6013] page_owner tracks the page as allocated [ 48.607273][ T6013] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6013, tgid 6012 (syz.3.4), ts 47250964697, free_ts 46912287037 [ 48.611710][ T6013] post_alloc_hook+0x181/0x1b0 [ 48.613059][ T6013] get_page_from_freelist+0xfce/0x2f80 [ 48.614587][ T6013] __alloc_frozen_pages_noprof+0x221/0x2470 [ 48.616262][ T6013] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 48.617838][ T6013] __page_pool_alloc_pages_slow+0x18c/0x770 [ 48.619504][ T6013] page_pool_alloc_netmems+0xc4/0x160 [ 48.620999][ T6013] skb_pp_cow_data+0x776/0xf10 [ 48.622377][ T6013] skb_cow_data_for_xdp+0x88/0xb0 [ 48.623787][ T6013] do_xdp_generic+0x3f1/0xe70 [ 48.625107][ T6013] tun_get_user+0x1e04/0x3e50 [ 48.626448][ T6013] tun_chr_write_iter+0xdc/0x210 [ 48.627880][ T6013] vfs_write+0x5ae/0x1150 [ 48.629106][ T6013] ksys_write+0x12b/0x250 [ 48.630306][ T6013] __do_fast_syscall_32+0x73/0x120 [ 48.631792][ T6013] do_fast_syscall_32+0x32/0x80 [ 48.633135][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.634837][ T6013] page last free pid 17 tgid 17 stack trace: [ 48.636467][ T6013] free_frozen_pages+0x6db/0xfb0 [ 48.637871][ T6013] rcu_core+0x79d/0x14d0 [ 48.639061][ T6013] handle_softirqs+0x213/0x8f0 [ 48.640421][ T6013] run_ksoftirqd+0x3a/0x60 [ 48.641700][ T6013] smpboot_thread_fn+0x661/0xa30 [ 48.643069][ T6013] kthread+0x3af/0x750 [ 48.644218][ T6013] ret_from_fork+0x45/0x80 [ 48.645431][ T6013] ret_from_fork_asm+0x1a/0x30 [ 48.646744][ T6013] Modules linked in: [ 48.647888][ T6013] CPU: 1 UID: 0 PID: 6013 Comm: syz.3.4 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 48.647902][ T6013] Tainted: [B]=BAD_PAGE [ 48.647905][ T6013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.647911][ T6013] Call Trace: [ 48.647915][ T6013] [ 48.647920][ T6013] dump_stack_lvl+0x16c/0x1f0 [ 48.647934][ T6013] bad_page+0xb3/0x1f0 [ 48.647944][ T6013] ? __pfx_bad_page+0x10/0x10 [ 48.647954][ T6013] ? page_bad_reason+0x9d/0x1e0 [ 48.647963][ T6013] free_frozen_pages+0x701/0xfb0 [ 48.647977][ T6013] page_frag_free+0x255/0x2a0 [ 48.647986][ T6013] __xdp_return+0x363/0xac0 [ 48.648000][ T6013] ? kmem_cache_free+0x2e2/0x4d0 [ 48.648013][ T6013] bpf_xdp_adjust_tail+0x9de/0xf70 [ 48.648030][ T6013] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 48.648038][ T6013] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 48.648053][ T6013] do_xdp_generic+0x70a/0xe70 [ 48.648064][ T6013] ? __pfx_do_xdp_generic+0x10/0x10 [ 48.648077][ T6013] ? tun_get_user+0x1d55/0x3e50 [ 48.648092][ T6013] tun_get_user+0x1e04/0x3e50 [ 48.648106][ T6013] ? __pfx___futex_wait+0x10/0x10 [ 48.648120][ T6013] ? __pfx_tun_get_user+0x10/0x10 [ 48.648134][ T6013] ? find_held_lock+0x2d/0x110 [ 48.648146][ T6013] ? __pfx_lock_release+0x10/0x10 [ 48.648161][ T6013] tun_chr_write_iter+0xdc/0x210 [ 48.648175][ T6013] vfs_write+0x5ae/0x1150 [ 48.648188][ T6013] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 48.648202][ T6013] ? __pfx_lock_release+0x10/0x10 [ 48.648219][ T6013] ? __pfx_vfs_write+0x10/0x10 [ 48.648232][ T6013] ? lock_acquire+0x2f/0xb0 [ 48.648243][ T6013] ? __fget_files+0x40/0x3b0 [ 48.648259][ T6013] ksys_write+0x12b/0x250 [ 48.648272][ T6013] ? __pfx_ksys_write+0x10/0x10 [ 48.648295][ T6013] __do_fast_syscall_32+0x73/0x120 [ 48.648310][ T6013] do_fast_syscall_32+0x32/0x80 [ 48.648323][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.648338][ T6013] RIP: 0023:0xf73ce579 [ 48.648346][ T6013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 48.648355][ T6013] RSP: 002b:00000000f5056520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 48.648364][ T6013] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 48.648370][ T6013] RDX: 000000000000fdef RSI: 00000000f73bcff4 RDI: 0000000000000000 [ 48.648376][ T6013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 48.648381][ T6013] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 48.648387][ T6013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.648394][ T6013] [ 48.648401][ T6013] BUG: Bad page state in process syz.3.4 pfn:4cbdd [ 48.719266][ T6013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804cbdd000 pfn:0x4cbdd [ 48.721898][ T6013] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 48.723781][ T6013] raw: 04fff00000000000 dead000000000040 ffff88801f1ab000 0000000000000000 [ 48.726030][ T6013] raw: ffff88804cbdd000 0000000000000001 00000000ffffffff 0000000000000000 [ 48.728300][ T6013] page dumped because: page_pool leak [ 48.729707][ T6013] page_owner tracks the page as allocated [ 48.731197][ T6013] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6013, tgid 6012 (syz.3.4), ts 47250960699, free_ts 46933654038 [ 48.735517][ T6013] post_alloc_hook+0x181/0x1b0 [ 48.736822][ T6013] get_page_from_freelist+0xfce/0x2f80 [ 48.738321][ T6013] __alloc_frozen_pages_noprof+0x221/0x2470 [ 48.739909][ T6013] alloc_pages_bulk_noprof+0x6f9/0x1390 [ 48.741359][ T6013] __page_pool_alloc_pages_slow+0x18c/0x770 [ 48.742983][ T6013] page_pool_alloc_netmems+0xc4/0x160 [ 48.744534][ T6013] skb_pp_cow_data+0x776/0xf10 [ 48.745887][ T6013] skb_cow_data_for_xdp+0x88/0xb0 [ 48.747295][ T6013] do_xdp_generic+0x3f1/0xe70 [ 48.748624][ T6013] tun_get_user+0x1e04/0x3e50 [ 48.749892][ T6013] tun_chr_write_iter+0xdc/0x210 [ 48.751233][ T6013] vfs_write+0x5ae/0x1150 [ 48.752432][ T6013] ksys_write+0x12b/0x250 [ 48.753583][ T6013] __do_fast_syscall_32+0x73/0x120 [ 48.754934][ T6013] do_fast_syscall_32+0x32/0x80 [ 48.756207][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.757881][ T6013] page last free pid 17 tgid 17 stack trace: [ 48.759465][ T6013] free_frozen_pages+0x6db/0xfb0 [ 48.760834][ T6013] tlb_remove_table_rcu+0x116/0x1a0 [ 48.762391][ T6013] rcu_core+0x79d/0x14d0 [ 48.763586][ T6013] handle_softirqs+0x213/0x8f0 [ 48.764917][ T6013] run_ksoftirqd+0x3a/0x60 [ 48.766124][ T6013] smpboot_thread_fn+0x661/0xa30 [ 48.767518][ T6013] kthread+0x3af/0x750 [ 48.768633][ T6013] ret_from_fork+0x45/0x80 [ 48.769835][ T6013] ret_from_fork_asm+0x1a/0x30 [ 48.771112][ T6013] Modules linked in: [ 48.772238][ T6013] CPU: 1 UID: 0 PID: 6013 Comm: syz.3.4 Tainted: G B 6.14.0-syzkaller-00624-g2f2d52945852 #0 [ 48.772252][ T6013] Tainted: [B]=BAD_PAGE [ 48.772256][ T6013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.772262][ T6013] Call Trace: [ 48.772265][ T6013] [ 48.772269][ T6013] dump_stack_lvl+0x16c/0x1f0 [ 48.772284][ T6013] bad_page+0xb3/0x1f0 [ 48.772295][ T6013] ? __pfx_bad_page+0x10/0x10 [ 48.772304][ T6013] ? page_bad_reason+0x9d/0x1e0 [ 48.772314][ T6013] free_frozen_pages+0x701/0xfb0 [ 48.772328][ T6013] page_frag_free+0x255/0x2a0 [ 48.772337][ T6013] __xdp_return+0x363/0xac0 [ 48.772351][ T6013] ? kmem_cache_free+0x2e2/0x4d0 [ 48.772365][ T6013] bpf_xdp_adjust_tail+0x9de/0xf70 [ 48.772382][ T6013] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 48.772390][ T6013] bpf_prog_run_generic_xdp+0xe33/0x1500 [ 48.772404][ T6013] do_xdp_generic+0x70a/0xe70 [ 48.772415][ T6013] ? __pfx_do_xdp_generic+0x10/0x10 [ 48.772429][ T6013] ? tun_get_user+0x1d55/0x3e50 [ 48.772444][ T6013] tun_get_user+0x1e04/0x3e50 [ 48.772459][ T6013] ? __pfx___futex_wait+0x10/0x10 [ 48.772473][ T6013] ? __pfx_tun_get_user+0x10/0x10 [ 48.772486][ T6013] ? find_held_lock+0x2d/0x110 [ 48.772498][ T6013] ? __pfx_lock_release+0x10/0x10 [ 48.772513][ T6013] tun_chr_write_iter+0xdc/0x210 [ 48.772527][ T6013] vfs_write+0x5ae/0x1150 [ 48.772540][ T6013] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 48.772554][ T6013] ? __pfx_lock_release+0x10/0x10 [ 48.772567][ T6013] ? __pfx_vfs_write+0x10/0x10 [ 48.772579][ T6013] ? lock_acquire+0x2f/0xb0 [ 48.772591][ T6013] ? __fget_files+0x40/0x3b0 [ 48.772607][ T6013] ksys_write+0x12b/0x250 [ 48.772619][ T6013] ? __pfx_ksys_write+0x10/0x10 [ 48.772633][ T6013] __do_fast_syscall_32+0x73/0x120 [ 48.772647][ T6013] do_fast_syscall_32+0x32/0x80 [ 48.772660][ T6013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.772676][ T6013] RIP: 0023:0xf73ce579 [ 48.772683][ T6013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 48.772693][ T6013] RSP: 002b:00000000f5056520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 48.772702][ T6013] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000a80 [ 48.772708][ T6013] RDX: 000000000000fdef RSI: 00000000f73bcff4 RDI: 0000000000000000 [ 48.772713][ T6013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 48.772718][ T6013] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 48.772724][ T6013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.772732][ T6013] [ 48.841246][ T5964] Bluetooth: hci2: command tx timeout [ 48.841268][ T5298] Bluetooth: hci1: command tx timeout [ 48.877033][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.879822][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.890794][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.893693][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.411729][ T5298] Bluetooth: hci3: command tx timeout [ 49.411763][ T5964] Bluetooth: hci0: command tx timeout [ 50.851634][ T5964] Bluetooth: hci2: command tx timeout [ 50.851842][ T5298] Bluetooth: hci1: command tx timeout [ 51.491827][ T5298] Bluetooth: hci3: command tx timeout [ 51.491848][ T5964] Bluetooth: hci0: command tx timeout [ 52.932202][ T5964] Bluetooth: hci1: command tx timeout [ 52.941896][ T5964] Bluetooth: hci2: command tx timeout [ 53.572225][ T5964] Bluetooth: hci3: command tx timeout [ 53.581713][ T5964] Bluetooth: hci0: command tx timeout [ 55.011722][ T5964] Bluetooth: hci2: command tx timeout [ 55.011959][ T5298] Bluetooth: hci1: command tx timeout VM DIAGNOSIS: 06:48:45 Registers: info registers vcpu 0 CPU#0 RAX=0000000000095381 RBX=0000000000000000 RCX=ffffffff8b55c5f9 RDX=0000000000000000 RSI=ffffffff8b6cfd40 RDI=ffffffff8bd346a0 RBP=fffffbfff1bd2ee8 RSP=ffffffff8de07e20 R8 =0000000000000001 R9 =ffffed1005686f85 R10=ffff88802b437c2b R11=0000000000000000 R12=0000000000000000 R13=ffffffff8de97740 R14=ffffffff90627510 R15=0000000000000000 RIP=ffffffff8b55d9df RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000000c230000 CR3=00000000699b6000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff853e6e95 RDI=ffffffff9ab70da0 RBP=ffffffff9ab70d60 RSP=ffffc9000311ef90 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000005 R12=0000000000000000 R13=0000000000000000 R14=ffffffff9ab70d60 R15=0000000000000000 RIP=ffffffff853e6ebf RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000080010000 CR3=00000000699b6000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000559649f02210 RCX=0000000000000000 RDX=0000000000000060 RSI=0000000000000000 RDI=0000000000000000 RBP=0000559649f02560 RSP=00007ffeacfc6380 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=000000000000000a R13=0000000000000010 R14=0000000000000010 R15=0000000000000000 RIP=00005596381edb23 RFL=00000a83 [-OS---C] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA] SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fd87ea94d00 ffffffff 00c00000 GS =0000 0000000000000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055e0fc12c5b0 CR3=000000004bdf4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=11cb43a111cb43a1 11cb43a111cb43a1 11cb43a111cb43a1 11cb43a111cb43a1 11cb43a111cb43a1 11cb43a111cb43a1 11cb43a111cb43a1 11cb43a111cb43a1 ZMM22=0e56a4260e56a426 0e56a4260e56a426 0e56a4260e56a426 0e56a4260e56a426 0e56a4260e56a426 0e56a4260e56a426 0e56a4260e56a426 0e56a4260e56a426 ZMM23=60df397060df3970 60df397060df3970 60df397060df3970 60df397060df3970 60df397060df3970 60df397060df3970 60df397060df3970 60df397060df3970 ZMM24=15c0033215c00332 15c0033215c00332 15c0033215c00332 15c0033215c00332 15c0033215c00332 15c0033215c00332 15c0033215c00332 15c0033215c00332 ZMM25=a34481b5a34481b5 a34481b5a34481b5 a34481b5a34481b5 a34481b5a34481b5 a34481b5a34481b5 a34481b5a34481b5 a34481b5a34481b5 a34481b5a34481b5 ZMM26=7c8830727c883072 7c8830727c883072 7c8830727c883072 7c8830727c883072 7c8830727c883072 7c8830727c883072 7c8830727c883072 7c8830727c883072 ZMM27=d8b57803d8b57803 d8b57803d8b57803 d8b57803d8b57803 d8b57803d8b57803 d8b57803d8b57803 d8b57803d8b57803 d8b57803d8b57803 d8b57803d8b57803 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=8b0100008b010000 8b0100008b010000 8b0100008b010000 8b0100008b010000 8b0100008b010000 8b0100008b010000 8b0100008b010000 8b0100008b010000 info registers vcpu 3 CPU#3 RAX=000000000003cc35 RBX=0000000000000003 RCX=ffffffff8b55c5f9 RDX=0000000000000000 RSI=ffffffff8b6cfd40 RDI=ffffffff8bd346a0 RBP=ffffed1003765910 RSP=ffffc900004afe08 R8 =0000000000000001 R9 =ffffed10056e6f85 R10=ffff88802b737c2b R11=0000000000000000 R12=0000000000000003 R13=ffff88801bb2c880 R14=ffffffff90627510 R15=0000000000000000 RIP=ffffffff8b55d9df RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000056a734c0 CR3=000000004b9ae000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000