./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3366893247

<...>
Warning: Permanently added '10.128.1.146' (ED25519) to the list of known hosts.
execve("./syz-executor3366893247", ["./syz-executor3366893247"], 0x7ffd41e85a20 /* 10 vars */) = 0
brk(NULL)                               = 0x55556222e000
brk(0x55556222ed00)                     = 0x55556222ed00
arch_prctl(ARCH_SET_FS, 0x55556222e380) = 0
set_tid_address(0x55556222e650)         = 5825
set_robust_list(0x55556222e660, 24)     = 0
rseq(0x55556222eca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3366893247", 4096) = 28
getrandom("\xe6\x37\xc0\x08\x65\xbe\xbb\x7a", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55556222ed00
brk(0x55556224fd00)                     = 0x55556224fd00
brk(0x555562250000)                     = 0x555562250000
mprotect(0x7f825919d000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5826 attached
 <unfinished ...>
[pid  5826] set_robust_list(0x55556222e660, 24 <unfinished ...>
[pid  5825] <... clone resumed>, child_tidptr=0x55556222e650) = 5826
[pid  5826] <... set_robust_list resumed>) = 0
[pid  5826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5826] getppid()                   = 0
[pid  5826] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5826] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5826] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5826] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5826] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5826] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5826] unshare(CLONE_NEWNS)        = 0
[pid  5826] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5826] unshare(CLONE_NEWIPC)       = 0
[pid  5826] unshare(CLONE_NEWCGROUP)    = 0
[pid  5826] unshare(CLONE_NEWUTS)       = 0
[pid  5826] unshare(CLONE_SYSVSEM)      = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "16777216", 8)     = 8
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "536870912", 9)    = 9
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "1024", 4)         = 4
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "8192", 4)         = 4
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "1024", 4)         = 4
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "1024", 4)         = 4
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5826] close(3)                    = 0
[pid  5826] getpid()                    = 1
[pid  5826] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5826] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5826] unshare(CLONE_NEWNET)       = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "0 65535", 7)      = 7
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid  5826] dup2(3, 200)                = 200
[pid  5826] close(3)                    = 0
[pid  5826] ioctl(200, TUNSETIFF, 0x7ffd87499160) = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "0", 1)            = 1
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "0", 1)            = 1
[pid  5826] close(3)                    = 0
[pid  5826] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  5826] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5826] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5826] close(4)                    = 0
[pid  5826] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5826] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5826] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5826] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5826] close(4)                    = 0
[pid  5826] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5826] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5826] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5826] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5826] close(4)                    = 0
[pid  5826] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid  5826] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5826] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5826] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5826] close(4)                    = 0
[pid  5826] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid  5826] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5826] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5826] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5826] close(4)                    = 0
[pid  5826] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid  5826] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "100000", 6)       = 6
[pid  5826] close(3)                    = 0
[pid  5826] mkdir("./syz-tmp", 0777)    = 0
[pid  5826] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5826] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5826] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5826] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5826] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5826] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5826] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5826] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5826] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5826] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5826] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5826] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5826] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5826] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5826] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5826] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5826] chdir("/")                  = 0
[pid  5826] umount2("./pivot", MNT_DETACH) = 0
[pid  5826] chroot("./newroot")         = 0
[pid  5826] chdir("/")                  = 0
[pid  5826] mkdir("/dev/binderfs", 0777) = 0
[pid  5826] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5826] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5826] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached
 <unfinished ...>
[pid  5829] set_robust_list(0x55556222e660, 24 <unfinished ...>
[pid  5826] <... clone resumed>, child_tidptr=0x55556222e650) = 2
[pid  5829] <... set_robust_list resumed>) = 0
[pid  5829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5829] setpgid(0, 0)               = 0
[pid  5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5829] write(3, "1000", 4)         = 4
[pid  5829] close(3)                    = 0
[pid  5829] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid  5829] read(200, 0x7ffd87498d00, 1000) = -1 EAGAIN (Resource temporarily unavailable)
executing program
[pid  5829] write(1, "executing program\n", 18) = 18
[pid  5829] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
[pid  5829] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=4, insns=0x20000400, license="", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_TEST_STATE_FREQ|0x20, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 4
[pid  5829] ioctl(3, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5829] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=11, attach_type=BPF_XDP, flags=0x2}, ...}, 24) = 5
[   84.731613][ T5829] BUG: Bad page state in process syz-executor336  pfn:77612
[   84.739839][ T5829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77612
[   84.748878][ T5829] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   84.758024][ T5829] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[   84.767015][ T5829] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   84.776797][ T5829] page dumped because: page_pool leak
[   84.782705][ T5829] page_owner tracks the page as allocated
[   84.789581][ T5829] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5829, tgid 5829 (syz-executor336), ts 84731539993, free_ts 73159978382
[   84.809957][ T5829]  post_alloc_hook+0x1f3/0x230
[   84.815376][ T5829]  get_page_from_freelist+0x3651/0x37a0
[   84.822031][ T5829]  __alloc_pages_noprof+0x292/0x710
[   84.828023][ T5829]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   84.833890][ T5829]  __page_pool_alloc_pages_slow+0x122/0x690
[   84.841556][ T5829]  page_pool_alloc_pages+0xd0/0x1c0
[   84.849245][ T5829]  skb_pp_cow_data+0xc43/0x1640
[   84.855022][ T5829]  do_xdp_generic+0x505/0xd30
[   84.861412][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   84.868877][ T5829]  __netif_receive_skb+0x12f/0x650
[   84.874780][ T5829]  netif_receive_skb+0x1e8/0x890
[   84.881001][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   84.886337][ T5829]  tun_get_user+0x30d6/0x4890
[   84.891235][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   84.901026][ T5829]  vfs_write+0xaeb/0xd30
[   84.906567][ T5829]  ksys_write+0x18f/0x2b0
[   84.911862][ T5829] page last free pid 5812 tgid 5812 stack trace:
[   84.921915][ T5829]  free_unref_page+0xde3/0x1130
[   84.929053][ T5829]  __folio_put+0x2c7/0x440
[   84.935917][ T5829]  pipe_read+0x6ed/0x13e0
[   84.941278][ T5829]  vfs_read+0x991/0xb70
[   84.947472][ T5829]  ksys_read+0x18f/0x2b0
[   84.952304][ T5829]  do_syscall_64+0xf3/0x230
[   84.957002][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.962958][ T5829] Modules linked in:
[   84.967238][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor336 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   84.979845][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   84.992021][ T5829] Call Trace:
[   84.996829][ T5829]  <TASK>
[   84.999981][ T5829]  dump_stack_lvl+0x241/0x360
[   85.005121][ T5829]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.010562][ T5829]  ? __pfx_print_modules+0x10/0x10
[   85.015748][ T5829]  bad_page+0x176/0x1d0
[   85.020272][ T5829]  free_unref_page+0x1048/0x1130
[   85.025360][ T5829]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   85.031375][ T5829]  bpf_xdp_adjust_tail+0x1c3/0x200
[   85.036644][ T5829]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   85.042190][ T5829]  bpf_prog_run_generic_xdp+0x686/0x1510
[   85.047930][ T5829]  do_xdp_generic+0x757/0xd30
[   85.052639][ T5829]  ? __pfx_do_xdp_generic+0x10/0x10
[   85.057857][ T5829]  ? __skb_flow_dissect+0x4f1/0x7d00
[   85.063268][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   85.069052][ T5829]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   85.077449][ T5829]  ? mark_lock+0x9a/0x360
[   85.082454][ T5829]  ? __lock_acquire+0x1397/0x2100
[   85.088087][ T5829]  __netif_receive_skb+0x12f/0x650
[   85.093438][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   85.098956][ T5829]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   85.105702][ T5829]  ? __pfx___netif_receive_skb+0x10/0x10
[   85.113536][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   85.118600][ T5829]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   85.124376][ T5829]  ? read_tsc+0x9/0x20
[   85.128651][ T5829]  ? netif_receive_skb+0x131/0x890
[   85.133863][ T5829]  ? netif_receive_skb+0x131/0x890
[   85.139460][ T5829]  netif_receive_skb+0x1e8/0x890
[   85.145474][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   85.150809][ T5829]  ? __pfx_netif_receive_skb+0x10/0x10
[   85.158265][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   85.164119][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   85.168831][ T5829]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   85.178333][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   85.183898][ T5829]  ? __pfx_tun_rx_batched+0x10/0x10
[   85.189135][ T5829]  tun_get_user+0x30d6/0x4890
[   85.193922][ T5829]  ? tun_get_user+0x2bbe/0x4890
[   85.198886][ T5829]  ? __lock_acquire+0x1397/0x2100
[   85.204215][ T5829]  ? __pfx_tun_get_user+0x10/0x10
[   85.209276][ T5829]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   85.215249][ T5829]  ? tun_get+0x1e/0x2f0
[   85.219491][ T5829]  ? __pfx_lock_release+0x10/0x10
[   85.224937][ T5829]  ? tun_get+0x1e/0x2f0
[   85.229637][ T5829]  ? tun_get+0x27d/0x2f0
[   85.234014][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   85.239551][ T5829]  vfs_write+0xaeb/0xd30
[   85.243938][ T5829]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   85.249702][ T5829]  ? __pfx_vfs_write+0x10/0x10
[   85.254685][ T5829]  ? _raw_spin_unlock_irq+0x2e/0x50
[   85.260747][ T5829]  ? ptrace_notify+0x279/0x380
[   85.267414][ T5829]  ksys_write+0x18f/0x2b0
[   85.272168][ T5829]  ? __pfx_ksys_write+0x10/0x10
[   85.279187][ T5829]  ? do_syscall_64+0x100/0x230
[   85.284345][ T5829]  do_syscall_64+0xf3/0x230
[   85.289636][ T5829]  ? clear_bhb_loop+0x35/0x90
[   85.294815][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.301558][ T5829] RIP: 0033:0x7f8259123db0
[   85.307122][ T5829] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   85.332164][ T5829] RSP: 002b:00007ffd874990f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   85.341072][ T5829] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8259123db0
[   85.349593][ T5829] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   85.359279][ T5829] RBP: 0000000000000000 R08: 00007ffd87499228 R09: 00007ffd87499228
[   85.368355][ T5829] R10: 00007ffd87499228 R11: 0000000000000202 R12: 00007f82591720de
[   85.378456][ T5829] R13: 0000000000000000 R14: 00007ffd87499130 R15: 00007ffd87499120
[   85.387401][ T5829]  </TASK>
[   85.393686][ T5829] Disabling lock debugging due to kernel taint
[   85.401443][ T5829] BUG: Bad page state in process syz-executor336  pfn:77c80
[   85.412234][ T5829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77c80
[   85.422227][ T5829] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   85.430820][ T5829] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[   85.445031][ T5829] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   85.454390][ T5829] page dumped because: page_pool leak
[   85.460892][ T5829] page_owner tracks the page as allocated
[   85.467372][ T5829] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5829, tgid 5829 (syz-executor336), ts 84731533127, free_ts 74649141999
[   85.488854][ T5829]  post_alloc_hook+0x1f3/0x230
[   85.493753][ T5829]  get_page_from_freelist+0x3651/0x37a0
[   85.499484][ T5829]  __alloc_pages_noprof+0x292/0x710
[   85.504765][ T5829]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   85.510502][ T5829]  __page_pool_alloc_pages_slow+0x122/0x690
[   85.516766][ T5829]  page_pool_alloc_pages+0xd0/0x1c0
[   85.522304][ T5829]  skb_pp_cow_data+0xc43/0x1640
[   85.527410][ T5829]  do_xdp_generic+0x505/0xd30
[   85.532311][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   85.538311][ T5829]  __netif_receive_skb+0x12f/0x650
[   85.543649][ T5829]  netif_receive_skb+0x1e8/0x890
[   85.548898][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   85.554164][ T5829]  tun_get_user+0x30d6/0x4890
[   85.559113][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   85.564249][ T5829]  vfs_write+0xaeb/0xd30
[   85.569559][ T5829]  ksys_write+0x18f/0x2b0
[   85.574219][ T5829] page last free pid 5815 tgid 5815 stack trace:
[   85.580778][ T5829]  free_unref_page+0xde3/0x1130
[   85.585888][ T5829]  __folio_put+0x2c7/0x440
[   85.590828][ T5829]  pipe_read+0x6ed/0x13e0
[   85.596262][ T5829]  vfs_read+0x991/0xb70
[   85.601685][ T5829]  ksys_read+0x18f/0x2b0
[   85.606174][ T5829]  do_syscall_64+0xf3/0x230
[   85.611160][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.619034][ T5829] Modules linked in:
[   85.623699][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor336 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   85.637511][ T5829] Tainted: [B]=BAD_PAGE
[   85.641877][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   85.652413][ T5829] Call Trace:
[   85.656073][ T5829]  <TASK>
[   85.659313][ T5829]  dump_stack_lvl+0x241/0x360
[   85.665110][ T5829]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.671155][ T5829]  ? __pfx_print_modules+0x10/0x10
[   85.676378][ T5829]  bad_page+0x176/0x1d0
[   85.680799][ T5829]  free_unref_page+0x1048/0x1130
[   85.686991][ T5829]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   85.693866][ T5829]  bpf_xdp_adjust_tail+0x1c3/0x200
[   85.699951][ T5829]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   85.706815][ T5829]  bpf_prog_run_generic_xdp+0x686/0x1510
[   85.714273][ T5829]  do_xdp_generic+0x757/0xd30
[   85.719758][ T5829]  ? __pfx_do_xdp_generic+0x10/0x10
[   85.726763][ T5829]  ? __skb_flow_dissect+0x4f1/0x7d00
[   85.732105][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   85.738044][ T5829]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   85.744126][ T5829]  ? mark_lock+0x9a/0x360
[   85.748486][ T5829]  ? __lock_acquire+0x1397/0x2100
[   85.753736][ T5829]  __netif_receive_skb+0x12f/0x650
[   85.759422][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   85.764501][ T5829]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   85.770795][ T5829]  ? __pfx___netif_receive_skb+0x10/0x10
[   85.776694][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   85.781602][ T5829]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   85.787437][ T5829]  ? read_tsc+0x9/0x20
[   85.791521][ T5829]  ? netif_receive_skb+0x131/0x890
[   85.796722][ T5829]  ? netif_receive_skb+0x131/0x890
[   85.802302][ T5829]  netif_receive_skb+0x1e8/0x890
[   85.807447][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   85.813576][ T5829]  ? __pfx_netif_receive_skb+0x10/0x10
[   85.820561][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   85.825507][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   85.830277][ T5829]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   85.836649][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   85.841781][ T5829]  ? __pfx_tun_rx_batched+0x10/0x10
[   85.847203][ T5829]  tun_get_user+0x30d6/0x4890
[   85.852280][ T5829]  ? tun_get_user+0x2bbe/0x4890
[   85.857519][ T5829]  ? __lock_acquire+0x1397/0x2100
[   85.862853][ T5829]  ? __pfx_tun_get_user+0x10/0x10
[   85.868279][ T5829]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   85.876042][ T5829]  ? tun_get+0x1e/0x2f0
[   85.880585][ T5829]  ? __pfx_lock_release+0x10/0x10
[   85.886184][ T5829]  ? tun_get+0x1e/0x2f0
[   85.891044][ T5829]  ? tun_get+0x27d/0x2f0
[   85.896203][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   85.901501][ T5829]  vfs_write+0xaeb/0xd30
[   85.905783][ T5829]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   85.911539][ T5829]  ? __pfx_vfs_write+0x10/0x10
[   85.916630][ T5829]  ? _raw_spin_unlock_irq+0x2e/0x50
[   85.921954][ T5829]  ? ptrace_notify+0x279/0x380
[   85.926830][ T5829]  ksys_write+0x18f/0x2b0
[   85.932712][ T5829]  ? __pfx_ksys_write+0x10/0x10
[   85.937884][ T5829]  ? do_syscall_64+0x100/0x230
[   85.942786][ T5829]  do_syscall_64+0xf3/0x230
[   85.947666][ T5829]  ? clear_bhb_loop+0x35/0x90
[   85.953000][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.959466][ T5829] RIP: 0033:0x7f8259123db0
[   85.963905][ T5829] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   85.984958][ T5829] RSP: 002b:00007ffd874990f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   85.993682][ T5829] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8259123db0
[   86.002377][ T5829] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   86.010473][ T5829] RBP: 0000000000000000 R08: 00007ffd87499228 R09: 00007ffd87499228
[   86.019083][ T5829] R10: 00007ffd87499228 R11: 0000000000000202 R12: 00007f82591720de
[   86.027900][ T5829] R13: 0000000000000000 R14: 00007ffd87499130 R15: 00007ffd87499120
[   86.036603][ T5829]  </TASK>
[   86.040594][ T5829] BUG: Bad page state in process syz-executor336  pfn:79f3e
[   86.049550][ T5829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79f3e
[   86.059344][ T5829] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   86.066607][ T5829] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[   86.076887][ T5829] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   86.086556][ T5829] page dumped because: page_pool leak
[   86.092262][ T5829] page_owner tracks the page as allocated
[   86.099179][ T5829] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5829, tgid 5829 (syz-executor336), ts 84731526096, free_ts 74260827714
[   86.120796][ T5829]  post_alloc_hook+0x1f3/0x230
[   86.127713][ T5829]  get_page_from_freelist+0x3651/0x37a0
[   86.134312][ T5829]  __alloc_pages_noprof+0x292/0x710
[   86.140426][ T5829]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   86.146341][ T5829]  __page_pool_alloc_pages_slow+0x122/0x690
[   86.152894][ T5829]  page_pool_alloc_pages+0xd0/0x1c0
[   86.159365][ T5829]  skb_pp_cow_data+0xc43/0x1640
[   86.167236][ T5829]  do_xdp_generic+0x505/0xd30
[   86.173166][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   86.180087][ T5829]  __netif_receive_skb+0x12f/0x650
[   86.186459][ T5829]  netif_receive_skb+0x1e8/0x890
[   86.192857][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   86.198912][ T5829]  tun_get_user+0x30d6/0x4890
[   86.204768][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   86.210312][ T5829]  vfs_write+0xaeb/0xd30
[   86.215603][ T5829]  ksys_write+0x18f/0x2b0
[   86.220945][ T5829] page last free pid 5815 tgid 5815 stack trace:
[   86.228807][ T5829]  free_unref_page+0xde3/0x1130
[   86.234336][ T5829]  __folio_put+0x2c7/0x440
[   86.242760][ T5829]  pipe_read+0x6ed/0x13e0
[   86.249970][ T5829]  vfs_read+0x991/0xb70
[   86.254836][ T5829]  ksys_read+0x18f/0x2b0
[   86.262091][ T5829]  do_syscall_64+0xf3/0x230
[   86.267354][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.275894][ T5829] Modules linked in:
[   86.281343][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor336 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   86.296989][ T5829] Tainted: [B]=BAD_PAGE
[   86.302998][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   86.317891][ T5829] Call Trace:
[   86.321896][ T5829]  <TASK>
[   86.326484][ T5829]  dump_stack_lvl+0x241/0x360
[   86.333041][ T5829]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.339141][ T5829]  ? __pfx_print_modules+0x10/0x10
[   86.346808][ T5829]  bad_page+0x176/0x1d0
[   86.353150][ T5829]  free_unref_page+0x1048/0x1130
[   86.359823][ T5829]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   86.369205][ T5829]  bpf_xdp_adjust_tail+0x1c3/0x200
[   86.375920][ T5829]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   86.382396][ T5829]  bpf_prog_run_generic_xdp+0x686/0x1510
[   86.391314][ T5829]  do_xdp_generic+0x757/0xd30
[   86.398396][ T5829]  ? __pfx_do_xdp_generic+0x10/0x10
[   86.405810][ T5829]  ? __skb_flow_dissect+0x4f1/0x7d00
[   86.412805][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   86.419958][ T5829]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   86.427744][ T5829]  ? mark_lock+0x9a/0x360
[   86.434574][ T5829]  ? __lock_acquire+0x1397/0x2100
[   86.439926][ T5829]  __netif_receive_skb+0x12f/0x650
[   86.445328][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   86.451913][ T5829]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   86.459663][ T5829]  ? __pfx___netif_receive_skb+0x10/0x10
[   86.466143][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   86.472034][ T5829]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   86.479959][ T5829]  ? read_tsc+0x9/0x20
[   86.484863][ T5829]  ? netif_receive_skb+0x131/0x890
[   86.492542][ T5829]  ? netif_receive_skb+0x131/0x890
[   86.498740][ T5829]  netif_receive_skb+0x1e8/0x890
[   86.504417][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   86.512599][ T5829]  ? __pfx_netif_receive_skb+0x10/0x10
[   86.521236][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   86.528524][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   86.535223][ T5829]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   86.542385][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   86.547666][ T5829]  ? __pfx_tun_rx_batched+0x10/0x10
[   86.553809][ T5829]  tun_get_user+0x30d6/0x4890
[   86.558847][ T5829]  ? tun_get_user+0x2bbe/0x4890
[   86.565620][ T5829]  ? __lock_acquire+0x1397/0x2100
[   86.573681][ T5829]  ? __pfx_tun_get_user+0x10/0x10
[   86.580109][ T5829]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   86.587893][ T5829]  ? tun_get+0x1e/0x2f0
[   86.594075][ T5829]  ? __pfx_lock_release+0x10/0x10
[   86.600854][ T5829]  ? tun_get+0x1e/0x2f0
[   86.606766][ T5829]  ? tun_get+0x27d/0x2f0
[   86.612238][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   86.619167][ T5829]  vfs_write+0xaeb/0xd30
[   86.625763][ T5829]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   86.633804][ T5829]  ? __pfx_vfs_write+0x10/0x10
[   86.639278][ T5829]  ? _raw_spin_unlock_irq+0x2e/0x50
[   86.646942][ T5829]  ? ptrace_notify+0x279/0x380
[   86.652443][ T5829]  ksys_write+0x18f/0x2b0
[   86.659020][ T5829]  ? __pfx_ksys_write+0x10/0x10
[   86.664458][ T5829]  ? do_syscall_64+0x100/0x230
[   86.669810][ T5829]  do_syscall_64+0xf3/0x230
[   86.675475][ T5829]  ? clear_bhb_loop+0x35/0x90
[   86.682036][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.690266][ T5829] RIP: 0033:0x7f8259123db0
[   86.695512][ T5829] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   86.719364][ T5829] RSP: 002b:00007ffd874990f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   86.732199][ T5829] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8259123db0
[   86.741634][ T5829] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   86.751999][ T5829] RBP: 0000000000000000 R08: 00007ffd87499228 R09: 00007ffd87499228
[   86.761911][ T5829] R10: 00007ffd87499228 R11: 0000000000000202 R12: 00007f82591720de
[   86.772749][ T5829] R13: 0000000000000000 R14: 00007ffd87499130 R15: 00007ffd87499120
[   86.783754][ T5829]  </TASK>
[   86.787930][ T5829] BUG: Bad page state in process syz-executor336  pfn:79f2e
[   86.796308][ T5829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79f2e
[   86.807038][ T5829] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   86.815659][ T5829] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[   86.826230][ T5829] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   86.839604][ T5829] page dumped because: page_pool leak
[   86.845748][ T5829] page_owner tracks the page as allocated
[   86.853053][ T5829] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5829, tgid 5829 (syz-executor336), ts 84731519388, free_ts 74259140194
[   86.874378][ T5829]  post_alloc_hook+0x1f3/0x230
[   86.881052][ T5829]  get_page_from_freelist+0x3651/0x37a0
[   86.888320][ T5829]  __alloc_pages_noprof+0x292/0x710
[   86.894664][ T5829]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   86.901743][ T5829]  __page_pool_alloc_pages_slow+0x122/0x690
[   86.908607][ T5829]  page_pool_alloc_pages+0xd0/0x1c0
[   86.914347][ T5829]  skb_pp_cow_data+0xc43/0x1640
[   86.920927][ T5829]  do_xdp_generic+0x505/0xd30
[   86.926816][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   86.933135][ T5829]  __netif_receive_skb+0x12f/0x650
[   86.939857][ T5829]  netif_receive_skb+0x1e8/0x890
[   86.946957][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   86.951996][ T5829]  tun_get_user+0x30d6/0x4890
[   86.957168][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   86.963430][ T5829]  vfs_write+0xaeb/0xd30
[   86.968494][ T5829]  ksys_write+0x18f/0x2b0
[   86.973530][ T5829] page last free pid 5815 tgid 5815 stack trace:
[   86.982986][ T5829]  free_unref_page+0xde3/0x1130
[   86.988907][ T5829]  tlb_finish_mmu+0x11f/0x200
[   86.994456][ T5829]  vms_clear_ptes+0x437/0x530
[   86.999690][ T5829]  vms_complete_munmap_vmas+0x210/0x8f0
[   87.006106][ T5829]  do_vmi_align_munmap+0x5ef/0x6f0
[   87.006971][   T25] cfg80211: failed to load regulatory.db
[   87.011493][ T5829]  do_vmi_munmap+0x24e/0x2d0
[   87.011524][ T5829]  __vm_munmap+0x24c/0x480
[   87.032653][ T5829]  __x64_sys_munmap+0x60/0x70
[   87.039022][ T5829]  do_syscall_64+0xf3/0x230
[   87.045104][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.051788][ T5829] Modules linked in:
[   87.055849][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor336 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   87.071470][ T5829] Tainted: [B]=BAD_PAGE
[   87.076128][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   87.088900][ T5829] Call Trace:
[   87.094144][ T5829]  <TASK>
[   87.097374][ T5829]  dump_stack_lvl+0x241/0x360
[   87.102529][ T5829]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.108993][ T5829]  ? __pfx_print_modules+0x10/0x10
[   87.115896][ T5829]  bad_page+0x176/0x1d0
[   87.120313][ T5829]  free_unref_page+0x1048/0x1130
[   87.126946][ T5829]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   87.133618][ T5829]  bpf_xdp_adjust_tail+0x1c3/0x200
[   87.139544][ T5829]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   87.145332][ T5829]  bpf_prog_run_generic_xdp+0x686/0x1510
[   87.152113][ T5829]  do_xdp_generic+0x757/0xd30
[   87.159266][ T5829]  ? __pfx_do_xdp_generic+0x10/0x10
[   87.165351][ T5829]  ? __skb_flow_dissect+0x4f1/0x7d00
[   87.174136][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   87.181323][ T5829]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   87.187703][ T5829]  ? mark_lock+0x9a/0x360
[   87.192753][ T5829]  ? __lock_acquire+0x1397/0x2100
[   87.200387][ T5829]  __netif_receive_skb+0x12f/0x650
[   87.205741][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   87.212219][ T5829]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   87.220343][ T5829]  ? __pfx___netif_receive_skb+0x10/0x10
[   87.226932][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   87.232618][ T5829]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   87.239551][ T5829]  ? read_tsc+0x9/0x20
[   87.245719][ T5829]  ? netif_receive_skb+0x131/0x890
[   87.251404][ T5829]  ? netif_receive_skb+0x131/0x890
[   87.261395][ T5829]  netif_receive_skb+0x1e8/0x890
[   87.267953][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   87.273301][ T5829]  ? __pfx_netif_receive_skb+0x10/0x10
[   87.279244][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   87.284383][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   87.291298][ T5829]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   87.298833][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   87.304600][ T5829]  ? __pfx_tun_rx_batched+0x10/0x10
[   87.310535][ T5829]  tun_get_user+0x30d6/0x4890
[   87.316827][ T5829]  ? tun_get_user+0x2bbe/0x4890
[   87.322883][ T5829]  ? __lock_acquire+0x1397/0x2100
[   87.328721][ T5829]  ? __pfx_tun_get_user+0x10/0x10
[   87.334968][ T5829]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   87.342566][ T5829]  ? tun_get+0x1e/0x2f0
[   87.348005][ T5829]  ? __pfx_lock_release+0x10/0x10
[   87.358327][ T5829]  ? tun_get+0x1e/0x2f0
[   87.364431][ T5829]  ? tun_get+0x27d/0x2f0
[   87.370258][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   87.376607][ T5829]  vfs_write+0xaeb/0xd30
[   87.381419][ T5829]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   87.387712][ T5829]  ? __pfx_vfs_write+0x10/0x10
[   87.393778][ T5829]  ? _raw_spin_unlock_irq+0x2e/0x50
[   87.399683][ T5829]  ? ptrace_notify+0x279/0x380
[   87.408235][ T5829]  ksys_write+0x18f/0x2b0
[   87.413539][ T5829]  ? __pfx_ksys_write+0x10/0x10
[   87.420762][ T5829]  ? do_syscall_64+0x100/0x230
[   87.426113][ T5829]  do_syscall_64+0xf3/0x230
[   87.432059][ T5829]  ? clear_bhb_loop+0x35/0x90
[   87.439795][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.449054][ T5829] RIP: 0033:0x7f8259123db0
[   87.455085][ T5829] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   87.478204][ T5829] RSP: 002b:00007ffd874990f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   87.489315][ T5829] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8259123db0
[   87.499647][ T5829] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   87.512402][ T5829] RBP: 0000000000000000 R08: 00007ffd87499228 R09: 00007ffd87499228
[   87.522249][ T5829] R10: 00007ffd87499228 R11: 0000000000000202 R12: 00007f82591720de
[   87.531756][ T5829] R13: 0000000000000000 R14: 00007ffd87499130 R15: 00007ffd87499120
[   87.541951][ T5829]  </TASK>
[   87.545856][ T5829] BUG: Bad page state in process syz-executor336  pfn:7aca5
[   87.554732][ T5829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7aca5
[   87.566060][ T5829] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   87.574993][ T5829] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[   87.586842][ T5829] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   87.597825][ T5829] page dumped because: page_pool leak
[   87.605072][ T5829] page_owner tracks the page as allocated
[   87.612445][ T5829] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5829, tgid 5829 (syz-executor336), ts 84731512577, free_ts 75036591641
[   87.634707][ T5829]  post_alloc_hook+0x1f3/0x230
[   87.640140][ T5829]  get_page_from_freelist+0x3651/0x37a0
[   87.647298][ T5829]  __alloc_pages_noprof+0x292/0x710
[   87.656312][ T5829]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   87.662236][ T5829]  __page_pool_alloc_pages_slow+0x122/0x690
[   87.672938][ T5829]  page_pool_alloc_pages+0xd0/0x1c0
[   87.679738][ T5829]  skb_pp_cow_data+0xc43/0x1640
[   87.685707][ T5829]  do_xdp_generic+0x505/0xd30
[   87.691743][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   87.699890][ T5829]  __netif_receive_skb+0x12f/0x650
[   87.707048][ T5829]  netif_receive_skb+0x1e8/0x890
[   87.713160][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   87.718949][ T5829]  tun_get_user+0x30d6/0x4890
[   87.726404][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   87.733152][ T5829]  vfs_write+0xaeb/0xd30
[   87.738334][ T5829]  ksys_write+0x18f/0x2b0
[   87.746310][ T5829] page last free pid 5815 tgid 5815 stack trace:
[   87.753882][ T5829]  free_unref_page+0xde3/0x1130
[   87.760088][ T5829]  __folio_put+0x2c7/0x440
[   87.765725][ T5829]  pipe_read+0x6ed/0x13e0
[   87.770971][ T5829]  vfs_read+0x991/0xb70
[   87.776660][ T5829]  ksys_read+0x18f/0x2b0
[   87.782589][ T5829]  do_syscall_64+0xf3/0x230
[   87.787650][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.795280][ T5829] Modules linked in:
[   87.800285][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor336 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   87.817515][ T5829] Tainted: [B]=BAD_PAGE
[   87.823291][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   87.838171][ T5829] Call Trace:
[   87.843406][ T5829]  <TASK>
[   87.847330][ T5829]  dump_stack_lvl+0x241/0x360
[   87.853626][ T5829]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.861767][ T5829]  ? __pfx_print_modules+0x10/0x10
[   87.869486][ T5829]  bad_page+0x176/0x1d0
[   87.876318][ T5829]  free_unref_page+0x1048/0x1130
[   87.883641][ T5829]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   87.892515][ T5829]  bpf_xdp_adjust_tail+0x1c3/0x200
[   87.898656][ T5829]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   87.905969][ T5829]  bpf_prog_run_generic_xdp+0x686/0x1510
[   87.913125][ T5829]  do_xdp_generic+0x757/0xd30
[   87.920729][ T5829]  ? __pfx_do_xdp_generic+0x10/0x10
[   87.928093][ T5829]  ? __skb_flow_dissect+0x4f1/0x7d00
[   87.933850][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   87.942823][ T5829]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   87.952919][ T5829]  ? mark_lock+0x9a/0x360
[   87.958213][ T5829]  ? __lock_acquire+0x1397/0x2100
[   87.964462][ T5829]  __netif_receive_skb+0x12f/0x650
[   87.971018][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   87.977383][ T5829]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   87.985587][ T5829]  ? __pfx___netif_receive_skb+0x10/0x10
[   87.991529][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   87.996929][ T5829]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   88.003346][ T5829]  ? read_tsc+0x9/0x20
[   88.008742][ T5829]  ? netif_receive_skb+0x131/0x890
[   88.015354][ T5829]  ? netif_receive_skb+0x131/0x890
[   88.022395][ T5829]  netif_receive_skb+0x1e8/0x890
[   88.028649][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   88.035600][ T5829]  ? __pfx_netif_receive_skb+0x10/0x10
[   88.044179][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   88.049919][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   88.055392][ T5829]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   88.063764][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   88.071804][ T5829]  ? __pfx_tun_rx_batched+0x10/0x10
[   88.078512][ T5829]  tun_get_user+0x30d6/0x4890
[   88.084976][ T5829]  ? tun_get_user+0x2bbe/0x4890
[   88.091179][ T5829]  ? __lock_acquire+0x1397/0x2100
[   88.099138][ T5829]  ? __pfx_tun_get_user+0x10/0x10
[   88.105695][ T5829]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   88.112676][ T5829]  ? tun_get+0x1e/0x2f0
[   88.118075][ T5829]  ? __pfx_lock_release+0x10/0x10
[   88.124707][ T5829]  ? tun_get+0x1e/0x2f0
[   88.129635][ T5829]  ? tun_get+0x27d/0x2f0
[   88.135221][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   88.142204][ T5829]  vfs_write+0xaeb/0xd30
[   88.148882][ T5829]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   88.155983][ T5829]  ? __pfx_vfs_write+0x10/0x10
[   88.162952][ T5829]  ? _raw_spin_unlock_irq+0x2e/0x50
[   88.170796][ T5829]  ? ptrace_notify+0x279/0x380
[   88.181955][ T5829]  ksys_write+0x18f/0x2b0
[   88.186839][ T5829]  ? __pfx_ksys_write+0x10/0x10
[   88.194352][ T5829]  ? do_syscall_64+0x100/0x230
[   88.201523][ T5829]  do_syscall_64+0xf3/0x230
[   88.207909][ T5829]  ? clear_bhb_loop+0x35/0x90
[   88.215506][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.224751][ T5829] RIP: 0033:0x7f8259123db0
[   88.230873][ T5829] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   88.256028][ T5829] RSP: 002b:00007ffd874990f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   88.266334][ T5829] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8259123db0
[   88.275824][ T5829] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   88.286699][ T5829] RBP: 0000000000000000 R08: 00007ffd87499228 R09: 00007ffd87499228
[   88.297073][ T5829] R10: 00007ffd87499228 R11: 0000000000000202 R12: 00007f82591720de
[   88.306162][ T5829] R13: 0000000000000000 R14: 00007ffd87499130 R15: 00007ffd87499120
[   88.315828][ T5829]  </TASK>
[   88.319423][ T5829] BUG: Bad page state in process syz-executor336  pfn:7c974
[   88.329572][ T5829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c974
[   88.342346][ T5829] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   88.353006][ T5829] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[   88.366316][ T5829] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   88.381257][ T5829] page dumped because: page_pool leak
[   88.390225][ T5829] page_owner tracks the page as allocated
[   88.398740][ T5829] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5829, tgid 5829 (syz-executor336), ts 84731506129, free_ts 75036567546
[   88.423708][ T5829]  post_alloc_hook+0x1f3/0x230
[   88.431192][ T5829]  get_page_from_freelist+0x3651/0x37a0
[   88.438701][ T5829]  __alloc_pages_noprof+0x292/0x710
[   88.445102][ T5829]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   88.452536][ T5829]  __page_pool_alloc_pages_slow+0x122/0x690
[   88.460326][ T5829]  page_pool_alloc_pages+0xd0/0x1c0
[   88.466326][ T5829]  skb_pp_cow_data+0xc43/0x1640
[   88.471483][ T5829]  do_xdp_generic+0x505/0xd30
[   88.477188][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   88.484203][ T5829]  __netif_receive_skb+0x12f/0x650
[   88.490216][ T5829]  netif_receive_skb+0x1e8/0x890
[   88.496823][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   88.502737][ T5829]  tun_get_user+0x30d6/0x4890
[   88.508509][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   88.515888][ T5829]  vfs_write+0xaeb/0xd30
[   88.521046][ T5829]  ksys_write+0x18f/0x2b0
[   88.526778][ T5829] page last free pid 5815 tgid 5815 stack trace:
[   88.534372][ T5829]  free_unref_page+0xde3/0x1130
[   88.540795][ T5829]  __folio_put+0x2c7/0x440
[   88.548040][ T5829]  pipe_read+0x6ed/0x13e0
[   88.555300][ T5829]  vfs_read+0x991/0xb70
[   88.560113][ T5829]  ksys_read+0x18f/0x2b0
[   88.565553][ T5829]  do_syscall_64+0xf3/0x230
[   88.570721][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.580380][ T5829] Modules linked in:
[   88.585230][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor336 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   88.599552][ T5829] Tainted: [B]=BAD_PAGE
[   88.605468][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   88.619804][ T5829] Call Trace:
[   88.624021][ T5829]  <TASK>
[   88.628421][ T5829]  dump_stack_lvl+0x241/0x360
[   88.636445][ T5829]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.643994][ T5829]  ? __pfx_print_modules+0x10/0x10
[   88.653532][ T5829]  bad_page+0x176/0x1d0
[   88.658144][ T5829]  free_unref_page+0x1048/0x1130
[   88.664320][ T5829]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   88.670494][ T5829]  bpf_xdp_adjust_tail+0x1c3/0x200
[   88.677506][ T5829]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   88.687212][ T5829]  bpf_prog_run_generic_xdp+0x686/0x1510
[   88.692933][ T5829]  do_xdp_generic+0x757/0xd30
[   88.698173][ T5829]  ? __pfx_do_xdp_generic+0x10/0x10
[   88.705480][ T5829]  ? __skb_flow_dissect+0x4f1/0x7d00
[   88.712441][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   88.721822][ T5829]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   88.730216][ T5829]  ? mark_lock+0x9a/0x360
[   88.735211][ T5829]  ? __lock_acquire+0x1397/0x2100
[   88.745492][ T5829]  __netif_receive_skb+0x12f/0x650
[   88.752850][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   88.762378][ T5829]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   88.770155][ T5829]  ? __pfx___netif_receive_skb+0x10/0x10
[   88.778451][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   88.786716][ T5829]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   88.794749][ T5829]  ? read_tsc+0x9/0x20
[   88.801572][ T5829]  ? netif_receive_skb+0x131/0x890
[   88.808441][ T5829]  ? netif_receive_skb+0x131/0x890
[   88.815034][ T5829]  netif_receive_skb+0x1e8/0x890
[   88.820089][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   88.825755][ T5829]  ? __pfx_netif_receive_skb+0x10/0x10
[   88.831703][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   88.837811][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   88.845322][ T5829]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   88.855109][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   88.860895][ T5829]  ? __pfx_tun_rx_batched+0x10/0x10
[   88.866978][ T5829]  tun_get_user+0x30d6/0x4890
[   88.872242][ T5829]  ? tun_get_user+0x2bbe/0x4890
[   88.881301][ T5829]  ? __lock_acquire+0x1397/0x2100
[   88.888534][ T5829]  ? __pfx_tun_get_user+0x10/0x10
[   88.895057][ T5829]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   88.902106][ T5829]  ? tun_get+0x1e/0x2f0
[   88.906923][ T5829]  ? __pfx_lock_release+0x10/0x10
[   88.913772][ T5829]  ? tun_get+0x1e/0x2f0
[   88.920806][ T5829]  ? tun_get+0x27d/0x2f0
[   88.926799][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   88.934138][ T5829]  vfs_write+0xaeb/0xd30
[   88.939941][ T5829]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   88.947612][ T5829]  ? __pfx_vfs_write+0x10/0x10
[   88.956013][ T5829]  ? _raw_spin_unlock_irq+0x2e/0x50
[   88.964793][ T5829]  ? ptrace_notify+0x279/0x380
[   88.970221][ T5829]  ksys_write+0x18f/0x2b0
[   88.975418][ T5829]  ? __pfx_ksys_write+0x10/0x10
[   88.981082][ T5829]  ? do_syscall_64+0x100/0x230
[   88.987620][ T5829]  do_syscall_64+0xf3/0x230
[   88.993902][ T5829]  ? clear_bhb_loop+0x35/0x90
[   89.001212][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.013960][ T5829] RIP: 0033:0x7f8259123db0
[   89.023399][ T5829] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   89.050819][ T5829] RSP: 002b:00007ffd874990f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   89.064748][ T5829] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8259123db0
[   89.074631][ T5829] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   89.082891][ T5829] RBP: 0000000000000000 R08: 00007ffd87499228 R09: 00007ffd87499228
[   89.092832][ T5829] R10: 00007ffd87499228 R11: 0000000000000202 R12: 00007f82591720de
[   89.102017][ T5829] R13: 0000000000000000 R14: 00007ffd87499130 R15: 00007ffd87499120
[   89.112310][ T5829]  </TASK>
[   89.118347][ T5829] BUG: Bad page state in process syz-executor336  pfn:7dd04
[   89.128883][ T5829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7dd04
[   89.143941][ T5829] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   89.154793][ T5829] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[   89.166622][ T5829] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   89.178616][ T5829] page dumped because: page_pool leak
[   89.187685][ T5829] page_owner tracks the page as allocated
[   89.194899][ T5829] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5829, tgid 5829 (syz-executor336), ts 84731499660, free_ts 75036558227
[   89.217842][ T5829]  post_alloc_hook+0x1f3/0x230
[   89.223447][ T5829]  get_page_from_freelist+0x3651/0x37a0
[   89.230797][ T5829]  __alloc_pages_noprof+0x292/0x710
[   89.238381][ T5829]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   89.247249][ T5829]  __page_pool_alloc_pages_slow+0x122/0x690
[   89.256305][ T5829]  page_pool_alloc_pages+0xd0/0x1c0
[   89.262752][ T5829]  skb_pp_cow_data+0xc43/0x1640
[   89.268122][ T5829]  do_xdp_generic+0x505/0xd30
[   89.273191][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   89.279512][ T5829]  __netif_receive_skb+0x12f/0x650
[   89.286222][ T5829]  netif_receive_skb+0x1e8/0x890
[   89.292056][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   89.298913][ T5829]  tun_get_user+0x30d6/0x4890
[   89.304062][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   89.310315][ T5829]  vfs_write+0xaeb/0xd30
[   89.316965][ T5829]  ksys_write+0x18f/0x2b0
[   89.322650][ T5829] page last free pid 5815 tgid 5815 stack trace:
[   89.330005][ T5829]  free_unref_page+0xde3/0x1130
[   89.335091][ T5829]  __folio_put+0x2c7/0x440
[   89.341350][ T5829]  pipe_read+0x6ed/0x13e0
[   89.346315][ T5829]  vfs_read+0x991/0xb70
[   89.350752][ T5829]  ksys_read+0x18f/0x2b0
[   89.356234][ T5829]  do_syscall_64+0xf3/0x230
[   89.361759][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.368432][ T5829] Modules linked in:
[   89.373012][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor336 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   89.389841][ T5829] Tainted: [B]=BAD_PAGE
[   89.395176][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   89.407264][ T5829] Call Trace:
[   89.412157][ T5829]  <TASK>
[   89.416250][ T5829]  dump_stack_lvl+0x241/0x360
[   89.422049][ T5829]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.427817][ T5829]  ? __pfx_print_modules+0x10/0x10
[   89.433808][ T5829]  bad_page+0x176/0x1d0
[   89.440249][ T5829]  free_unref_page+0x1048/0x1130
[   89.445512][ T5829]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   89.451516][ T5829]  bpf_xdp_adjust_tail+0x1c3/0x200
[   89.458599][ T5829]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   89.467061][ T5829]  bpf_prog_run_generic_xdp+0x686/0x1510
[   89.473361][ T5829]  do_xdp_generic+0x757/0xd30
[   89.478269][ T5829]  ? __pfx_do_xdp_generic+0x10/0x10
[   89.485328][ T5829]  ? __skb_flow_dissect+0x4f1/0x7d00
[   89.492493][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   89.498852][ T5829]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   89.507146][ T5829]  ? mark_lock+0x9a/0x360
[   89.512280][ T5829]  ? __lock_acquire+0x1397/0x2100
[   89.517823][ T5829]  __netif_receive_skb+0x12f/0x650
[   89.524283][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   89.535408][ T5829]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   89.543623][ T5829]  ? __pfx___netif_receive_skb+0x10/0x10
[   89.550868][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   89.557896][ T5829]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   89.564591][ T5829]  ? read_tsc+0x9/0x20
[   89.571725][ T5829]  ? netif_receive_skb+0x131/0x890
[   89.578517][ T5829]  ? netif_receive_skb+0x131/0x890
[   89.584284][ T5829]  netif_receive_skb+0x1e8/0x890
[   89.591653][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   89.599545][ T5829]  ? __pfx_netif_receive_skb+0x10/0x10
[   89.607424][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   89.612790][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   89.620619][ T5829]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   89.630118][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   89.636029][ T5829]  ? __pfx_tun_rx_batched+0x10/0x10
[   89.641998][ T5829]  tun_get_user+0x30d6/0x4890
[   89.647323][ T5829]  ? tun_get_user+0x2bbe/0x4890
[   89.653494][ T5829]  ? __lock_acquire+0x1397/0x2100
[   89.659476][ T5829]  ? __pfx_tun_get_user+0x10/0x10
[   89.665175][ T5829]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   89.671295][ T5829]  ? tun_get+0x1e/0x2f0
[   89.675828][ T5829]  ? __pfx_lock_release+0x10/0x10
[   89.681055][ T5829]  ? tun_get+0x1e/0x2f0
[   89.687258][ T5829]  ? tun_get+0x27d/0x2f0
[   89.691999][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   89.698504][ T5829]  vfs_write+0xaeb/0xd30
[   89.703251][ T5829]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   89.708964][ T5829]  ? __pfx_vfs_write+0x10/0x10
[   89.715459][ T5829]  ? _raw_spin_unlock_irq+0x2e/0x50
[   89.720976][ T5829]  ? ptrace_notify+0x279/0x380
[   89.726141][ T5829]  ksys_write+0x18f/0x2b0
[   89.731907][ T5829]  ? __pfx_ksys_write+0x10/0x10
[   89.738023][ T5829]  ? do_syscall_64+0x100/0x230
[   89.745061][ T5829]  do_syscall_64+0xf3/0x230
[   89.750581][ T5829]  ? clear_bhb_loop+0x35/0x90
[   89.756990][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.764357][ T5829] RIP: 0033:0x7f8259123db0
[   89.769426][ T5829] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   89.792050][ T5829] RSP: 002b:00007ffd874990f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   89.801507][ T5829] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8259123db0
[   89.810646][ T5829] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   89.820201][ T5829] RBP: 0000000000000000 R08: 00007ffd87499228 R09: 00007ffd87499228
[   89.828844][ T5829] R10: 00007ffd87499228 R11: 0000000000000202 R12: 00007f82591720de
[   89.837710][ T5829] R13: 0000000000000000 R14: 00007ffd87499130 R15: 00007ffd87499120
[   89.846070][ T5829]  </TASK>
[   89.849405][ T5829] BUG: Bad page state in process syz-executor336  pfn:79519
[   89.858621][ T5829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79519
[   89.869807][ T5829] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   89.878300][ T5829] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[   89.890140][ T5829] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   89.899783][ T5829] page dumped because: page_pool leak
[   89.906782][ T5829] page_owner tracks the page as allocated
[   89.915245][ T5829] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5829, tgid 5829 (syz-executor336), ts 84731492872, free_ts 74879971936
[   89.936592][ T5829]  post_alloc_hook+0x1f3/0x230
[   89.942937][ T5829]  get_page_from_freelist+0x3651/0x37a0
[   89.949910][ T5829]  __alloc_pages_noprof+0x292/0x710
[   89.956682][ T5829]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   89.964702][ T5829]  __page_pool_alloc_pages_slow+0x122/0x690
[   89.972735][ T5829]  page_pool_alloc_pages+0xd0/0x1c0
[   89.980153][ T5829]  skb_pp_cow_data+0xc43/0x1640
[   89.986495][ T5829]  do_xdp_generic+0x505/0xd30
[   89.992010][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   89.999298][ T5829]  __netif_receive_skb+0x12f/0x650
[   90.005621][ T5829]  netif_receive_skb+0x1e8/0x890
[   90.011409][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   90.017599][ T5829]  tun_get_user+0x30d6/0x4890
[   90.023388][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   90.029549][ T5829]  vfs_write+0xaeb/0xd30
[   90.034345][ T5829]  ksys_write+0x18f/0x2b0
[   90.039308][ T5829] page last free pid 5815 tgid 5815 stack trace:
[   90.047653][ T5829]  free_unref_page+0xde3/0x1130
[   90.053749][ T5829]  __folio_put+0x2c7/0x440
[   90.059119][ T5829]  pipe_read+0x6ed/0x13e0
[   90.064019][ T5829]  vfs_read+0x991/0xb70
[   90.069033][ T5829]  ksys_read+0x18f/0x2b0
[   90.074196][ T5829]  do_syscall_64+0xf3/0x230
[   90.079024][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.085513][ T5829] Modules linked in:
[   90.090136][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor336 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   90.103708][ T5829] Tainted: [B]=BAD_PAGE
[   90.108056][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   90.119610][ T5829] Call Trace:
[   90.122918][ T5829]  <TASK>
[   90.125938][ T5829]  dump_stack_lvl+0x241/0x360
[   90.130661][ T5829]  ? __pfx_dump_stack_lvl+0x10/0x10
[   90.136038][ T5829]  ? __pfx_print_modules+0x10/0x10
[   90.142611][ T5829]  bad_page+0x176/0x1d0
[   90.147302][ T5829]  free_unref_page+0x1048/0x1130
[   90.152731][ T5829]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   90.159542][ T5829]  bpf_xdp_adjust_tail+0x1c3/0x200
[   90.164879][ T5829]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   90.170996][ T5829]  bpf_prog_run_generic_xdp+0x686/0x1510
[   90.177362][ T5829]  do_xdp_generic+0x757/0xd30
[   90.183557][ T5829]  ? __pfx_do_xdp_generic+0x10/0x10
[   90.189033][ T5829]  ? __skb_flow_dissect+0x4f1/0x7d00
[   90.194586][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   90.200408][ T5829]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   90.206847][ T5829]  ? mark_lock+0x9a/0x360
[   90.211566][ T5829]  ? __lock_acquire+0x1397/0x2100
[   90.217815][ T5829]  __netif_receive_skb+0x12f/0x650
[   90.223040][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   90.228774][ T5829]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   90.235653][ T5829]  ? __pfx___netif_receive_skb+0x10/0x10
[   90.244276][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   90.251041][ T5829]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   90.256972][ T5829]  ? read_tsc+0x9/0x20
[   90.261558][ T5829]  ? netif_receive_skb+0x131/0x890
[   90.268500][ T5829]  ? netif_receive_skb+0x131/0x890
[   90.275148][ T5829]  netif_receive_skb+0x1e8/0x890
[   90.280466][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   90.285435][ T5829]  ? __pfx_netif_receive_skb+0x10/0x10
[   90.291638][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   90.297116][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   90.301977][ T5829]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   90.308500][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   90.314523][ T5829]  ? __pfx_tun_rx_batched+0x10/0x10
[   90.320562][ T5829]  tun_get_user+0x30d6/0x4890
[   90.325459][ T5829]  ? tun_get_user+0x2bbe/0x4890
[   90.331211][ T5829]  ? __lock_acquire+0x1397/0x2100
[   90.336957][ T5829]  ? __pfx_tun_get_user+0x10/0x10
[   90.342660][ T5829]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   90.348593][ T5829]  ? tun_get+0x1e/0x2f0
[   90.352963][ T5829]  ? __pfx_lock_release+0x10/0x10
[   90.358025][ T5829]  ? tun_get+0x1e/0x2f0
[   90.363559][ T5829]  ? tun_get+0x27d/0x2f0
[   90.368863][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   90.376074][ T5829]  vfs_write+0xaeb/0xd30
[   90.381253][ T5829]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   90.387414][ T5829]  ? __pfx_vfs_write+0x10/0x10
[   90.392848][ T5829]  ? _raw_spin_unlock_irq+0x2e/0x50
[   90.398534][ T5829]  ? ptrace_notify+0x279/0x380
[   90.404089][ T5829]  ksys_write+0x18f/0x2b0
[   90.409998][ T5829]  ? __pfx_ksys_write+0x10/0x10
[   90.415629][ T5829]  ? do_syscall_64+0x100/0x230
[   90.420990][ T5829]  do_syscall_64+0xf3/0x230
[   90.426314][ T5829]  ? clear_bhb_loop+0x35/0x90
[   90.433398][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.440989][ T5829] RIP: 0033:0x7f8259123db0
[   90.446819][ T5829] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   90.468304][ T5829] RSP: 002b:00007ffd874990f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   90.478029][ T5829] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8259123db0
[   90.486663][ T5829] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   90.494932][ T5829] RBP: 0000000000000000 R08: 00007ffd87499228 R09: 00007ffd87499228
[   90.503556][ T5829] R10: 00007ffd87499228 R11: 0000000000000202 R12: 00007f82591720de
[   90.511883][ T5829] R13: 0000000000000000 R14: 00007ffd87499130 R15: 00007ffd87499120
[   90.520463][ T5829]  </TASK>
[   90.524045][ T5829] BUG: Bad page state in process syz-executor336  pfn:35224
[   90.533811][ T5829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35224
[   90.544039][ T5829] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   90.551764][ T5829] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[   90.562079][ T5829] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   90.572989][ T5829] page dumped because: page_pool leak
[   90.578607][ T5829] page_owner tracks the page as allocated
[   90.584702][ T5829] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5829, tgid 5829 (syz-executor336), ts 84731486016, free_ts 74879962349
[   90.605586][ T5829]  post_alloc_hook+0x1f3/0x230
[   90.611787][ T5829]  get_page_from_freelist+0x3651/0x37a0
[   90.619173][ T5829]  __alloc_pages_noprof+0x292/0x710
[   90.626560][ T5829]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   90.633017][ T5829]  __page_pool_alloc_pages_slow+0x122/0x690
[   90.642425][ T5829]  page_pool_alloc_pages+0xd0/0x1c0
[   90.649579][ T5829]  skb_pp_cow_data+0xc43/0x1640
[   90.656251][ T5829]  do_xdp_generic+0x505/0xd30
[   90.661054][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   90.668275][ T5829]  __netif_receive_skb+0x12f/0x650
[   90.674226][ T5829]  netif_receive_skb+0x1e8/0x890
[   90.680026][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   90.686407][ T5829]  tun_get_user+0x30d6/0x4890
[   90.692195][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   90.697725][ T5829]  vfs_write+0xaeb/0xd30
[   90.704572][ T5829]  ksys_write+0x18f/0x2b0
[   90.709435][ T5829] page last free pid 5815 tgid 5815 stack trace:
[   90.717161][ T5829]  free_unref_page+0xde3/0x1130
[   90.722648][ T5829]  __folio_put+0x2c7/0x440
[   90.728456][ T5829]  pipe_read+0x6ed/0x13e0
[   90.733772][ T5829]  vfs_read+0x991/0xb70
[   90.739940][ T5829]  ksys_read+0x18f/0x2b0
[   90.744622][ T5829]  do_syscall_64+0xf3/0x230
[   90.749960][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.756424][ T5829] Modules linked in:
[   90.761164][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor336 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   90.774326][ T5829] Tainted: [B]=BAD_PAGE
[   90.778784][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   90.789201][ T5829] Call Trace:
[   90.792605][ T5829]  <TASK>
[   90.795888][ T5829]  dump_stack_lvl+0x241/0x360
[   90.800640][ T5829]  ? __pfx_dump_stack_lvl+0x10/0x10
[   90.805860][ T5829]  ? __pfx_print_modules+0x10/0x10
[   90.811526][ T5829]  bad_page+0x176/0x1d0
[   90.815824][ T5829]  free_unref_page+0x1048/0x1130
[   90.821523][ T5829]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   90.828143][ T5829]  bpf_xdp_adjust_tail+0x1c3/0x200
[   90.834438][ T5829]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   90.841864][ T5829]  bpf_prog_run_generic_xdp+0x686/0x1510
[   90.848727][ T5829]  do_xdp_generic+0x757/0xd30
[   90.855275][ T5829]  ? __pfx_do_xdp_generic+0x10/0x10
[   90.861343][ T5829]  ? __skb_flow_dissect+0x4f1/0x7d00
[   90.867298][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   90.875802][ T5829]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   90.882344][ T5829]  ? mark_lock+0x9a/0x360
[   90.888205][ T5829]  ? __lock_acquire+0x1397/0x2100
[   90.893310][ T5829]  __netif_receive_skb+0x12f/0x650
[   90.898462][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   90.903509][ T5829]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   90.909949][ T5829]  ? __pfx___netif_receive_skb+0x10/0x10
[   90.915905][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   90.921266][ T5829]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   90.927467][ T5829]  ? read_tsc+0x9/0x20
[   90.931920][ T5829]  ? netif_receive_skb+0x131/0x890
[   90.937602][ T5829]  ? netif_receive_skb+0x131/0x890
[   90.943365][ T5829]  netif_receive_skb+0x1e8/0x890
[   90.948950][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   90.953986][ T5829]  ? __pfx_netif_receive_skb+0x10/0x10
[   90.959502][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   90.964496][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   90.969210][ T5829]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   90.975987][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   90.981099][ T5829]  ? __pfx_tun_rx_batched+0x10/0x10
[   90.986694][ T5829]  tun_get_user+0x30d6/0x4890
[   90.991680][ T5829]  ? tun_get_user+0x2bbe/0x4890
[   90.996627][ T5829]  ? __lock_acquire+0x1397/0x2100
[   91.002185][ T5829]  ? __pfx_tun_get_user+0x10/0x10
[   91.007438][ T5829]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   91.013173][ T5829]  ? tun_get+0x1e/0x2f0
[   91.017439][ T5829]  ? __pfx_lock_release+0x10/0x10
[   91.023106][ T5829]  ? tun_get+0x1e/0x2f0
[   91.028359][ T5829]  ? tun_get+0x27d/0x2f0
[   91.033361][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   91.039340][ T5829]  vfs_write+0xaeb/0xd30
[   91.043631][ T5829]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   91.049914][ T5829]  ? __pfx_vfs_write+0x10/0x10
[   91.055121][ T5829]  ? _raw_spin_unlock_irq+0x2e/0x50
[   91.060521][ T5829]  ? ptrace_notify+0x279/0x380
[   91.065305][ T5829]  ksys_write+0x18f/0x2b0
[   91.070282][ T5829]  ? __pfx_ksys_write+0x10/0x10
[   91.075359][ T5829]  ? do_syscall_64+0x100/0x230
[   91.081607][ T5829]  do_syscall_64+0xf3/0x230
[   91.086416][ T5829]  ? clear_bhb_loop+0x35/0x90
[   91.091403][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.098297][ T5829] RIP: 0033:0x7f8259123db0
[   91.103365][ T5829] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   91.123779][ T5829] RSP: 002b:00007ffd874990f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   91.132376][ T5829] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8259123db0
[   91.140435][ T5829] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   91.149473][ T5829] RBP: 0000000000000000 R08: 00007ffd87499228 R09: 00007ffd87499228
[   91.157929][ T5829] R10: 00007ffd87499228 R11: 0000000000000202 R12: 00007f82591720de
[   91.167299][ T5829] R13: 0000000000000000 R14: 00007ffd87499130 R15: 00007ffd87499120
[   91.175649][ T5829]  </TASK>
[   91.178783][ T5829] BUG: Bad page state in process syz-executor336  pfn:77eb3
[   91.186126][ T5829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77eb3
[   91.195340][ T5829] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   91.202594][ T5829] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[   91.211530][ T5829] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   91.220792][ T5829] page dumped because: page_pool leak
[   91.226356][ T5829] page_owner tracks the page as allocated
[   91.232877][ T5829] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5829, tgid 5829 (syz-executor336), ts 84731471143, free_ts 73160187123
[   91.252617][ T5829]  post_alloc_hook+0x1f3/0x230
[   91.257919][ T5829]  get_page_from_freelist+0x3651/0x37a0
[   91.263870][ T5829]  __alloc_pages_noprof+0x292/0x710
[   91.269605][ T5829]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   91.275979][ T5829]  __page_pool_alloc_pages_slow+0x122/0x690
[   91.281904][ T5829]  page_pool_alloc_pages+0xd0/0x1c0
[   91.287788][ T5829]  skb_pp_cow_data+0xc43/0x1640
[   91.292882][ T5829]  do_xdp_generic+0x505/0xd30
[   91.297924][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   91.304871][ T5829]  __netif_receive_skb+0x12f/0x650
[   91.312090][ T5829]  netif_receive_skb+0x1e8/0x890
[   91.317345][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   91.322359][ T5829]  tun_get_user+0x30d6/0x4890
[   91.327894][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   91.333398][ T5829]  vfs_write+0xaeb/0xd30
[   91.337854][ T5829]  ksys_write+0x18f/0x2b0
[   91.342591][ T5829] page last free pid 5812 tgid 5812 stack trace:
[   91.349381][ T5829]  free_unref_page+0xde3/0x1130
[   91.354365][ T5829]  __folio_put+0x2c7/0x440
[   91.359986][ T5829]  pipe_read+0x6ed/0x13e0
[   91.364728][ T5829]  vfs_read+0x991/0xb70
[   91.370649][ T5829]  ksys_read+0x18f/0x2b0
[   91.376694][ T5829]  do_syscall_64+0xf3/0x230
[   91.382097][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.388626][ T5829] Modules linked in:
[   91.394618][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor336 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   91.409946][ T5829] Tainted: [B]=BAD_PAGE
[   91.415088][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   91.426400][ T5829] Call Trace:
[   91.429794][ T5829]  <TASK>
[   91.432785][ T5829]  dump_stack_lvl+0x241/0x360
[   91.438121][ T5829]  ? __pfx_dump_stack_lvl+0x10/0x10
[   91.443792][ T5829]  ? __pfx_print_modules+0x10/0x10
[   91.449455][ T5829]  bad_page+0x176/0x1d0
[   91.454418][ T5829]  free_unref_page+0x1048/0x1130
[   91.459640][ T5829]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   91.465379][ T5829]  bpf_xdp_adjust_tail+0x1c3/0x200
[   91.470588][ T5829]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   91.476408][ T5829]  bpf_prog_run_generic_xdp+0x686/0x1510
[   91.482074][ T5829]  do_xdp_generic+0x757/0xd30
[   91.486889][ T5829]  ? __pfx_do_xdp_generic+0x10/0x10
[   91.492486][ T5829]  ? __skb_flow_dissect+0x4f1/0x7d00
[   91.497982][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   91.504837][ T5829]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   91.510928][ T5829]  ? mark_lock+0x9a/0x360
[   91.516125][ T5829]  ? __lock_acquire+0x1397/0x2100
[   91.521533][ T5829]  __netif_receive_skb+0x12f/0x650
[   91.526809][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   91.531950][ T5829]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   91.539026][ T5829]  ? __pfx___netif_receive_skb+0x10/0x10
[   91.548533][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   91.556063][ T5829]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   91.563017][ T5829]  ? read_tsc+0x9/0x20
[   91.567747][ T5829]  ? netif_receive_skb+0x131/0x890
[   91.574219][ T5829]  ? netif_receive_skb+0x131/0x890
[   91.580328][ T5829]  netif_receive_skb+0x1e8/0x890
[   91.586268][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   91.591702][ T5829]  ? __pfx_netif_receive_skb+0x10/0x10
[   91.597632][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   91.603560][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   91.609686][ T5829]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   91.617166][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   91.622998][ T5829]  ? __pfx_tun_rx_batched+0x10/0x10
[   91.628414][ T5829]  tun_get_user+0x30d6/0x4890
[   91.633588][ T5829]  ? tun_get_user+0x2bbe/0x4890
[   91.638456][ T5829]  ? __lock_acquire+0x1397/0x2100
[   91.643699][ T5829]  ? __pfx_tun_get_user+0x10/0x10
[   91.649503][ T5829]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   91.659350][ T5829]  ? tun_get+0x1e/0x2f0
[   91.665146][ T5829]  ? __pfx_lock_release+0x10/0x10
[   91.670988][ T5829]  ? tun_get+0x1e/0x2f0
[   91.675801][ T5829]  ? tun_get+0x27d/0x2f0
[   91.680076][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   91.685939][ T5829]  vfs_write+0xaeb/0xd30
[   91.692761][ T5829]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   91.698769][ T5829]  ? __pfx_vfs_write+0x10/0x10
[   91.703758][ T5829]  ? _raw_spin_unlock_irq+0x2e/0x50
[   91.710826][ T5829]  ? ptrace_notify+0x279/0x380
[   91.716056][ T5829]  ksys_write+0x18f/0x2b0
[   91.720931][ T5829]  ? __pfx_ksys_write+0x10/0x10
[   91.726619][ T5829]  ? do_syscall_64+0x100/0x230
[   91.731522][ T5829]  do_syscall_64+0xf3/0x230
[   91.737466][ T5829]  ? clear_bhb_loop+0x35/0x90
[   91.742924][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.750547][ T5829] RIP: 0033:0x7f8259123db0
[   91.755060][ T5829] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   91.776350][ T5829] RSP: 002b:00007ffd874990f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   91.786116][ T5829] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8259123db0
[   91.795612][ T5829] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   91.806741][ T5829] RBP: 0000000000000000 R08: 00007ffd87499228 R09: 00007ffd87499228
[   91.815445][ T5829] R10: 00007ffd87499228 R11: 0000000000000202 R12: 00007f82591720de
[   91.825278][ T5829] R13: 0000000000000000 R14: 00007ffd87499130 R15: 00007ffd87499120
[   91.835576][ T5829]  </TASK>
[   91.839858][ T5829] BUG: Bad page state in process syz-executor336  pfn:78e31
[   91.848190][ T5829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78e31
[   91.858363][ T5829] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   91.867311][ T5829] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[   91.878939][ T5829] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   91.887821][ T5829] page dumped because: page_pool leak
[   91.893298][ T5829] page_owner tracks the page as allocated
[   91.899453][ T5829] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5829, tgid 5829 (syz-executor336), ts 84731464728, free_ts 74648983191
[   91.918918][ T5829]  post_alloc_hook+0x1f3/0x230
[   91.924696][ T5829]  get_page_from_freelist+0x3651/0x37a0
[   91.931800][ T5829]  __alloc_pages_noprof+0x292/0x710
[   91.939444][ T5829]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   91.945830][ T5829]  __page_pool_alloc_pages_slow+0x122/0x690
[   91.952444][ T5829]  page_pool_alloc_pages+0xd0/0x1c0
[   91.957826][ T5829]  skb_pp_cow_data+0xc43/0x1640
[   91.962919][ T5829]  do_xdp_generic+0x505/0xd30
[   91.968969][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   91.976669][ T5829]  __netif_receive_skb+0x12f/0x650
[   91.982580][ T5829]  netif_receive_skb+0x1e8/0x890
[   91.988162][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   91.994554][ T5829]  tun_get_user+0x30d6/0x4890
[   92.003081][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   92.008963][ T5829]  vfs_write+0xaeb/0xd30
[   92.013946][ T5829]  ksys_write+0x18f/0x2b0
[   92.019928][ T5829] page last free pid 5815 tgid 5815 stack trace:
[   92.027257][ T5829]  free_unref_page+0xde3/0x1130
[   92.033849][ T5829]  __folio_put+0x2c7/0x440
[   92.043769][ T5829]  pipe_read+0x6ed/0x13e0
[   92.049884][ T5829]  vfs_read+0x991/0xb70
[   92.054522][ T5829]  ksys_read+0x18f/0x2b0
[   92.060520][ T5829]  do_syscall_64+0xf3/0x230
[   92.066890][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.075189][ T5829] Modules linked in:
[   92.079377][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor336 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   92.097033][ T5829] Tainted: [B]=BAD_PAGE
[   92.104249][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   92.116452][ T5829] Call Trace:
[   92.120908][ T5829]  <TASK>
[   92.124800][ T5829]  dump_stack_lvl+0x241/0x360
[   92.130138][ T5829]  ? __pfx_dump_stack_lvl+0x10/0x10
[   92.136764][ T5829]  ? __pfx_print_modules+0x10/0x10
[   92.144038][ T5829]  bad_page+0x176/0x1d0
[   92.148602][ T5829]  free_unref_page+0x1048/0x1130
[   92.154339][ T5829]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   92.160350][ T5829]  bpf_xdp_adjust_tail+0x1c3/0x200
[   92.166103][ T5829]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   92.172130][ T5829]  bpf_prog_run_generic_xdp+0x686/0x1510
[   92.180592][ T5829]  do_xdp_generic+0x757/0xd30
[   92.187230][ T5829]  ? __pfx_do_xdp_generic+0x10/0x10
[   92.193850][ T5829]  ? __skb_flow_dissect+0x4f1/0x7d00
[   92.201183][ T5829]  __netif_receive_skb_core+0x1ce9/0x4690
[   92.207303][ T5829]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   92.216973][ T5829]  ? mark_lock+0x9a/0x360
[   92.222244][ T5829]  ? __lock_acquire+0x1397/0x2100
[   92.229439][ T5829]  __netif_receive_skb+0x12f/0x650
[   92.235044][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   92.242147][ T5829]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   92.250392][ T5829]  ? __pfx___netif_receive_skb+0x10/0x10
[   92.258805][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   92.264583][ T5829]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   92.273457][ T5829]  ? read_tsc+0x9/0x20
[   92.278831][ T5829]  ? netif_receive_skb+0x131/0x890
[   92.285369][ T5829]  ? netif_receive_skb+0x131/0x890
[   92.290712][ T5829]  netif_receive_skb+0x1e8/0x890
[   92.297445][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   92.305072][ T5829]  ? __pfx_netif_receive_skb+0x10/0x10
[   92.312232][ T5829]  ? tun_rx_batched+0x160/0x8f0
[   92.318510][ T5829]  tun_rx_batched+0x1b7/0x8f0
[   92.325146][ T5829]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   92.332066][ T5829]  ? __pfx_lock_acquire+0x10/0x10
[   92.337759][ T5829]  ? __pfx_tun_rx_batched+0x10/0x10
[   92.344918][ T5829]  tun_get_user+0x30d6/0x4890
[   92.350298][ T5829]  ? tun_get_user+0x2bbe/0x4890
[   92.358576][ T5829]  ? __lock_acquire+0x1397/0x2100
[   92.365164][ T5829]  ? __pfx_tun_get_user+0x10/0x10
[   92.372372][ T5829]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   92.379887][ T5829]  ? tun_get+0x1e/0x2f0
[   92.384625][ T5829]  ? __pfx_lock_release+0x10/0x10
[   92.390556][ T5829]  ? tun_get+0x1e/0x2f0
[   92.396650][ T5829]  ? tun_get+0x27d/0x2f0
[   92.401454][ T5829]  tun_chr_write_iter+0x10d/0x1f0
[   92.407396][ T5829]  vfs_write+0xaeb/0xd30
[   92.412423][ T5829]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   92.419947][ T5829]  ? __pfx_vfs_write+0x10/0x10
[   92.426888][ T5829]  ? _raw_spin_unlock_irq+0x2e/0x50
[   92.434242][ T5829]  ? ptrace_notify+0x279/0x380
[   92.441254][ T5829]  ksys_write+0x18f/0x2b0
[   92.447016][ T5829]  ? __pfx_ksys_write+0x10/0x10
[   92.452140][ T5829]  ? do_syscall_64+0x100/0x230
[   92.457962][ T5829]  do_syscall_64+0xf3/0x230
[   92.462645][ T5829]  ? clear_bhb_loop+0x35/0x90
[   92.468694][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.475740][ T5829] RIP: 0033:0x7f8259123db0
[   92.481026][ T5829] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   92.503381][ T5829] RSP: 002b:00007ffd874990f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   92.512802][ T5829] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8259123db0
[pid  5829] write(200, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 73152 <unfinished ...>
[pid  5826] kill(-2, SIGKILL)           = 0
[pid  5826] kill(2, SIGKILL)            = 0
[pid  5829] <... write resumed>)        = ?
[pid  5829] +++ killed by SIGKILL +++
[pid  5826] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=230 /* 2.30 s */} ---
[pid  5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5831 attached
, child_tidptr=0x55556222e650) = 3
[   92.522504][ T5829] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   92.531465][ T5829] RBP: 0000000000000000 R08: 00007ffd87499228 R09: 00007ffd87499228
[   92.539644][ T5829] R10: 00007ffd87499228 R11: 0000000000000202 R12: 00007f82591720de
[   92.549025][ T5829] R13: 0000000000000000 R14: 00007ffd87499130 R15: 00007ffd87499120
[   92.558100][ T5829]  </TASK>
[pid  5831] set_robust_list(0x55556222e660, 24) = 0
[pid  5831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5831] setpgid(0, 0)               = 0
[pid  5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5831] write(3, "1000", 4)         = 4
[pid  5831] close(3)                    = 0
[pid  5831] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid  5831] read(200, 0x7ffd87498d00, 1000) = -1 EAGAIN (Resource temporarily unavailable)
executing program
[pid  5831] write(1, "executing program\n", 18) = 18
[pid  5831] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
[pid  5831] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=4, insns=0x20000400, license="", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_TEST_STATE_FREQ|0x20, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 4
[pid  5831] ioctl(3, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5831] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=11, attach_type=BPF_XDP, flags=0x2}, ...}, 24) = 5
[   92.748946][ T5831] BUG: Bad page state in process syz-executor336  pfn:7ae88
[   92.757813][ T5831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ae88
[   92.769002][ T5831] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   92.777579][ T5831] raw: 00fff00000000000 dead000000000040 ffff88802168a000 0000000000000000
[   92.786871][ T5831] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   92.797192][ T5831] page dumped because: page_pool leak
[   92.803275][ T5831] page_owner tracks the page as allocated
[   92.811007][ T5831] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5831, tgid 5831 (syz-executor336), ts 92748872683, free_ts 71002017910
[   92.834745][ T5831]  post_alloc_hook+0x1f3/0x230
[   92.841445][ T5831]  get_page_from_freelist+0x3651/0x37a0
[   92.848161][ T5831]  __alloc_pages_noprof+0x292/0x710
[   92.854205][ T5831]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   92.861806][ T5831]  __page_pool_alloc_pages_slow+0x122/0x690
[   92.868410][ T5831]  page_pool_alloc_pages+0xd0/0x1c0
[   92.874338][ T5831]  skb_pp_cow_data+0xc43/0x1640
[   92.879710][ T5831]  do_xdp_generic+0x505/0xd30
[   92.885914][ T5831]  __netif_receive_skb_core+0x1ce9/0x4690
[   92.892886][ T5831]  __netif_receive_skb+0x12f/0x650
[   92.898442][ T5831]  netif_receive_skb+0x1e8/0x890
[   92.903876][ T5831]  tun_rx_batched+0x1b7/0x8f0
[   92.911410][ T5831]  tun_get_user+0x30d6/0x4890
[   92.916356][ T5831]  tun_chr_write_iter+0x10d/0x1f0
[   92.921587][ T5831]  vfs_write+0xaeb/0xd30
[   92.927063][ T5831]  ksys_write+0x18f/0x2b0
[   92.931636][ T5831] page last free pid 5809 tgid 5809 stack trace:
[   92.938659][ T5831]  free_unref_page+0xde3/0x1130
[   92.943841][ T5831]  __folio_put+0x2c7/0x440
[   92.948625][ T5831]  pipe_read+0x6ed/0x13e0
[   92.953388][ T5831]  vfs_read+0x991/0xb70
[   92.957652][ T5831]  ksys_read+0x18f/0x2b0
[   92.962037][ T5831]  do_syscall_64+0xf3/0x230
[   92.967745][ T5831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.975630][ T5831] Modules linked in:
[   92.979582][ T5831] CPU: 1 UID: 0 PID: 5831 Comm: syz-executor336 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   92.996312][ T5831] Tainted: [B]=BAD_PAGE
[   93.001405][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   93.012966][ T5831] Call Trace:
[   93.016431][ T5831]  <TASK>
[   93.019678][ T5831]  dump_stack_lvl+0x241/0x360
[   93.025805][ T5831]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.032396][ T5831]  ? __pfx_print_modules+0x10/0x10
[   93.037701][ T5831]  bad_page+0x176/0x1d0
[   93.042644][ T5831]  free_unref_page+0x1048/0x1130
[   93.048578][ T5831]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   93.054589][ T5831]  bpf_xdp_adjust_tail+0x1c3/0x200
[   93.060424][ T5831]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   93.066017][ T5831]  bpf_prog_run_generic_xdp+0x686/0x1510
[   93.073443][ T5831]  do_xdp_generic+0x757/0xd30
[   93.080674][ T5831]  ? __pfx_do_xdp_generic+0x10/0x10
[   93.086789][ T5831]  ? rcu_is_watching+0x15/0xb0
[   93.092815][ T5831]  ? rcu_is_watching+0x15/0xb0
[   93.097820][ T5831]  ? count_memcg_event_mm+0x94/0x420
[   93.104023][ T5831]  __netif_receive_skb_core+0x1ce9/0x4690
[   93.110121][ T5831]  ? handle_mm_fault+0x173f/0x1ad0
[   93.115733][ T5831]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   93.122197][ T5831]  ? rcu_is_watching+0x15/0xb0
[   93.128491][ T5831]  ? lock_release+0xbf/0xa30
[   93.134399][ T5831]  ? __pfx_lock_acquire+0x10/0x10
[   93.140447][ T5831]  ? __up_read+0x2c2/0x6b0
[   93.145042][ T5831]  ? rcu_is_watching+0x15/0xb0
[   93.151978][ T5831]  __netif_receive_skb+0x12f/0x650
[   93.159490][ T5831]  ? __pfx_lock_acquire+0x10/0x10
[   93.165652][ T5831]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   93.173601][ T5831]  ? __pfx___netif_receive_skb+0x10/0x10
[   93.179984][ T5831]  ? tun_rx_batched+0x160/0x8f0
[   93.186591][ T5831]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   93.194230][ T5831]  ? read_tsc+0x9/0x20
[   93.199635][ T5831]  ? ktime_get_with_offset+0x249/0x290
[   93.206008][ T5831]  ? netif_receive_skb+0x131/0x890
[   93.211750][ T5831]  netif_receive_skb+0x1e8/0x890
[   93.217996][ T5831]  ? tun_rx_batched+0x160/0x8f0
[   93.223687][ T5831]  ? __pfx_netif_receive_skb+0x10/0x10
[   93.230589][ T5831]  ? skb_set_owner_w+0x246/0x380
[   93.236542][ T5831]  ? __pfx_lock_release+0x10/0x10
[   93.242635][ T5831]  ? tun_rx_batched+0x160/0x8f0
[   93.248242][ T5831]  tun_rx_batched+0x1b7/0x8f0
[   93.253540][ T5831]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   93.260536][ T5831]  ? __pfx_lock_acquire+0x10/0x10
[   93.268022][ T5831]  ? rcu_is_watching+0x15/0xb0
[   93.273000][ T5831]  ? __pfx_tun_rx_batched+0x10/0x10
[   93.278546][ T5831]  tun_get_user+0x30d6/0x4890
[   93.284260][ T5831]  ? tun_get_user+0x2bbe/0x4890
[   93.289588][ T5831]  ? rcu_is_watching+0x15/0xb0
[   93.294491][ T5831]  ? __pfx_tun_get_user+0x10/0x10
[   93.301457][ T5831]  ? finish_task_switch+0x1ea/0x870
[   93.306948][ T5831]  ? tun_get+0x1e/0x2f0
[   93.312200][ T5831]  ? rcu_is_watching+0x15/0xb0
[   93.319857][ T5831]  ? tun_get+0x1e/0x2f0
[   93.324966][ T5831]  ? lock_release+0xbf/0xa30
[   93.330462][ T5831]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   93.337005][ T5831]  ? rcu_is_watching+0x15/0xb0
[   93.342638][ T5831]  ? __pfx_lock_release+0x10/0x10
[   93.348479][ T5831]  ? do_raw_spin_lock+0x14f/0x370
[   93.354326][ T5831]  ? tun_get+0x1e/0x2f0
[   93.360336][ T5831]  ? tun_get+0x27d/0x2f0
[   93.366135][ T5831]  tun_chr_write_iter+0x10d/0x1f0
[   93.372442][ T5831]  vfs_write+0xaeb/0xd30
[   93.378016][ T5831]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   93.385016][ T5831]  ? __pfx_vfs_write+0x10/0x10
[   93.392568][ T5831]  ? rcu_is_watching+0x15/0xb0
[   93.398269][ T5831]  ? _raw_spin_unlock_irq+0x2e/0x50
[   93.403538][ T5831]  ? ptrace_notify+0x279/0x380
[   93.408744][ T5831]  ksys_write+0x18f/0x2b0
[   93.414537][ T5831]  ? __pfx_ksys_write+0x10/0x10
[   93.419708][ T5831]  ? rcu_is_watching+0x15/0xb0
[   93.426186][ T5831]  do_syscall_64+0xf3/0x230
[   93.433953][ T5831]  ? clear_bhb_loop+0x35/0x90
[   93.439689][ T5831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.446383][ T5831] RIP: 0033:0x7f8259123db0
[   93.455155][ T5831] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   93.481720][ T5831] RSP: 002b:00007ffd874990f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   93.492726][ T5831] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8259123db0
[   93.503413][ T5831] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   93.512873][ T5831] RBP: 0000000000000000 R08: 00007ffd87499228 R09: 00007ffd87499228
[   93.521963][ T5831] R10: 00007ffd87499228 R11: 0000000000000202 R12: 0000000000014a66
[   93.530880][ T5831] R13: 00007ffd87499114 R14: 00007ffd87499130 R15: 00007ffd87499120
[   93.539752][ T5831]  </TASK>
[   93.543036][ T5831] BUG: Bad page state in process syz-executor336  pfn:7ae6b
[   93.553865][ T5831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ae6b
[   93.563744][ T5831] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   93.572416][ T5831] raw: 00fff00000000000 dead000000000040 ffff88802168a000 0000000000000000
[   93.583739][ T5831] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   93.592965][ T5831] page dumped because: page_pool leak
[   93.599456][ T5831] page_owner tracks the page as allocated
[   93.606302][ T5831] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5831, tgid 5831 (syz-executor336), ts 92748864259, free_ts 71002061397
[   93.630752][ T5831]  post_alloc_hook+0x1f3/0x230
[   93.638193][ T5831]  get_page_from_freelist+0x3651/0x37a0
[   93.643930][ T5831]  __alloc_pages_noprof+0x292/0x710
[   93.652868][ T5831]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   93.659188][ T5831]  __page_pool_alloc_pages_slow+0x122/0x690
[   93.667296][ T5831]  page_pool_alloc_pages+0xd0/0x1c0
[   93.674126][ T5831]  skb_pp_cow_data+0xc43/0x1640
[   93.679613][ T5831]  do_xdp_generic+0x505/0xd30
[   93.684795][ T5831]  __netif_receive_skb_core+0x1ce9/0x4690
[   93.693210][ T5831]  __netif_receive_skb+0x12f/0x650
[   93.699944][ T5831]  netif_receive_skb+0x1e8/0x890
[   93.706063][ T5831]  tun_rx_batched+0x1b7/0x8f0
[   93.712303][ T5831]  tun_get_user+0x30d6/0x4890
[   93.717689][ T5831]  tun_chr_write_iter+0x10d/0x1f0
[   93.724085][ T5831]  vfs_write+0xaeb/0xd30
[   93.729859][ T5831]  ksys_write+0x18f/0x2b0
[   93.737678][ T5831] page last free pid 5809 tgid 5809 stack trace:
[   93.744576][ T5831]  free_unref_page+0xde3/0x1130
[   93.752001][ T5831]  __folio_put+0x2c7/0x440
[   93.756760][ T5831]  pipe_read+0x6ed/0x13e0
[   93.761323][ T5831]  vfs_read+0x991/0xb70
[   93.766605][ T5831]  ksys_read+0x18f/0x2b0
[   93.772397][ T5831]  do_syscall_64+0xf3/0x230
[   93.777221][ T5831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.785578][ T5831] Modules linked in:
[   93.790327][ T5831] CPU: 1 UID: 0 PID: 5831 Comm: syz-executor336 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   93.803618][ T5831] Tainted: [B]=BAD_PAGE
[   93.808044][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   93.821888][ T5831] Call Trace:
[   93.827100][ T5831]  <TASK>
[   93.830927][ T5831]  dump_stack_lvl+0x241/0x360
[   93.836110][ T5831]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.841787][ T5831]  ? __pfx_print_modules+0x10/0x10
[   93.849646][ T5831]  bad_page+0x176/0x1d0
[   93.854604][ T5831]  free_unref_page+0x1048/0x1130
[   93.861081][ T5831]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   93.867774][ T5831]  bpf_xdp_adjust_tail+0x1c3/0x200
[   93.874397][ T5831]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   93.880232][ T5831]  bpf_prog_run_generic_xdp+0x686/0x1510
[   93.886186][ T5831]  do_xdp_generic+0x757/0xd30
[   93.892167][ T5831]  ? __pfx_do_xdp_generic+0x10/0x10
[   93.897864][ T5831]  ? rcu_is_watching+0x15/0xb0
[   93.903401][ T5831]  ? rcu_is_watching+0x15/0xb0
[   93.908716][ T5831]  ? count_memcg_event_mm+0x94/0x420
[   93.914471][ T5831]  __netif_receive_skb_core+0x1ce9/0x4690
[   93.921233][ T5831]  ? handle_mm_fault+0x173f/0x1ad0
[   93.926728][ T5831]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   93.933144][ T5831]  ? rcu_is_watching+0x15/0xb0
[   93.938124][ T5831]  ? lock_release+0xbf/0xa30
[   93.942866][ T5831]  ? __pfx_lock_acquire+0x10/0x10
[   93.948141][ T5831]  ? __up_read+0x2c2/0x6b0
[   93.952944][ T5831]  ? rcu_is_watching+0x15/0xb0
[   93.958614][ T5831]  __netif_receive_skb+0x12f/0x650
[   93.964411][ T5831]  ? __pfx_lock_acquire+0x10/0x10
[   93.970341][ T5831]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   93.977672][ T5831]  ? __pfx___netif_receive_skb+0x10/0x10
[   93.983962][ T5831]  ? tun_rx_batched+0x160/0x8f0
[   93.989781][ T5831]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   93.995793][ T5831]  ? read_tsc+0x9/0x20
[   94.001014][ T5831]  ? ktime_get_with_offset+0x249/0x290
[   94.006862][ T5831]  ? netif_receive_skb+0x131/0x890
[   94.013170][ T5831]  netif_receive_skb+0x1e8/0x890
[   94.018937][ T5831]  ? tun_rx_batched+0x160/0x8f0
[   94.025932][ T5831]  ? __pfx_netif_receive_skb+0x10/0x10
[   94.035125][ T5831]  ? skb_set_owner_w+0x246/0x380
[   94.041729][ T5831]  ? __pfx_lock_release+0x10/0x10
[   94.047791][ T5831]  ? tun_rx_batched+0x160/0x8f0
[   94.053266][ T5831]  tun_rx_batched+0x1b7/0x8f0
[   94.058561][ T5831]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   94.066997][ T5831]  ? __pfx_lock_acquire+0x10/0x10
[   94.072499][ T5831]  ? rcu_is_watching+0x15/0xb0
[   94.078405][ T5831]  ? __pfx_tun_rx_batched+0x10/0x10
[   94.085061][ T5831]  tun_get_user+0x30d6/0x4890
[   94.091066][ T5831]  ? tun_get_user+0x2bbe/0x4890
[   94.096183][ T5831]  ? rcu_is_watching+0x15/0xb0
[   94.102988][ T5831]  ? __pfx_tun_get_user+0x10/0x10
[   94.109139][ T5831]  ? finish_task_switch+0x1ea/0x870
[   94.115256][ T5831]  ? tun_get+0x1e/0x2f0
[   94.120880][ T5831]  ? rcu_is_watching+0x15/0xb0
[   94.126797][ T5831]  ? tun_get+0x1e/0x2f0
[   94.131937][ T5831]  ? lock_release+0xbf/0xa30
[   94.138438][ T5831]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   94.144791][ T5831]  ? rcu_is_watching+0x15/0xb0
[   94.152241][ T5831]  ? __pfx_lock_release+0x10/0x10
[   94.158957][ T5831]  ? do_raw_spin_lock+0x14f/0x370
[   94.164858][ T5831]  ? tun_get+0x1e/0x2f0
[   94.169223][ T5831]  ? tun_get+0x27d/0x2f0
[   94.174272][ T5831]  tun_chr_write_iter+0x10d/0x1f0
[   94.180899][ T5831]  vfs_write+0xaeb/0xd30
[   94.186499][ T5831]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   94.194537][ T5831]  ? __pfx_vfs_write+0x10/0x10
[   94.200941][ T5831]  ? rcu_is_watching+0x15/0xb0
[   94.206383][ T5831]  ? _raw_spin_unlock_irq+0x2e/0x50
[   94.212578][ T5831]  ? ptrace_notify+0x279/0x380
[   94.219381][ T5831]  ksys_write+0x18f/0x2b0
[   94.225867][ T5831]  ? __pfx_ksys_write+0x10/0x10
[   94.231413][ T5831]  ? rcu_is_watching+0x15/0xb0
[   94.237423][ T5831]  do_syscall_64+0xf3/0x230
[   94.243616][ T5831]  ? clear_bhb_loop+0x35/0x90
[   94.249098][ T5831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.259409][ T5831] RIP: 0033:0x7f8259123db0
[   94.266186][ T5831] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   94.291664][ T5831] RSP: 002b:00007ffd874990f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   94.301388][ T5831] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8259123db0
[   94.313149][ T5831] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   94.323456][ T5831] RBP: 0000000000000000 R08: 00007ffd87499228 R09: 00007ffd87499228
[   94.333066][ T5831] R10: 00007ffd87499228 R11: 0000000000000202 R12: 0000000000014a66
[   94.343286][ T5831] R13: 00007ffd87499114 R14: 00007ffd87499130 R15: 00007ffd87499120
[   94.351466][ T5831]  </TASK>
[   94.354973][ T5831] BUG: Bad page state in process syz-executor336  pfn:7ae6a
[   94.362536][ T5831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ae6a
[   94.374841][ T5831] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   94.384782][ T5831] raw: 00fff00000000000 dead000000000040 ffff88802168a000 0000000000000000
[   94.394707][ T5831] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   94.405395][ T5831] page dumped because: page_pool leak
[   94.411357][ T5831] page_owner tracks the page as allocated
[   94.418570][ T5831] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5831, tgid 5831 (syz-executor336), ts 92748856037, free_ts 71002051722
[   94.441430][ T5831]  post_alloc_hook+0x1f3/0x230
[   94.447334][ T5831]  get_page_from_freelist+0x3651/0x37a0
[   94.453559][ T5831]  __alloc_pages_noprof+0x292/0x710
[   94.458890][ T5831]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   94.464397][ T5831]  __page_pool_alloc_pages_slow+0x122/0x690
[   94.470655][ T5831]  page_pool_alloc_pages+0xd0/0x1c0
[   94.476365][ T5831]  skb_pp_cow_data+0xc43/0x1640
[   94.482345][ T5831]  do_xdp_generic+0x505/0xd30
[   94.488847][ T5831]  __netif_receive_skb_core+0x1ce9/0x4690
[   94.495667][ T5831]  __netif_receive_skb+0x12f/0x650
[   94.502279][ T5831]  netif_receive_skb+0x1e8/0x890
[   94.508351][ T5831]  tun_rx_batched+0x1b7/0x8f0
[   94.513817][ T5831]  tun_get_user+0x30d6/0x4890
[   94.520609][ T5831]  tun_chr_write_iter+0x10d/0x1f0
[   94.526536][ T5831]  vfs_write+0xaeb/0xd30
[   94.531689][ T5831]  ksys_write+0x18f/0x2b0
[   94.536543][ T5831] page last free pid 5809 tgid 5809 stack trace:
[   94.544350][ T5831]  free_unref_page+0xde3/0x1130
[   94.549388][ T5831]  __folio_put+0x2c7/0x440
[   94.554044][ T5831]  pipe_read+0x6ed/0x13e0
[   94.558625][ T5831]  vfs_read+0x991/0xb70
[   94.563077][ T5831]  ksys_read+0x18f/0x2b0
[   94.567687][ T5831]  do_syscall_64+0xf3/0x230
[   94.573536][ T5831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.580052][ T5831] Modules linked in:
[   94.584416][ T5831] CPU: 1 UID: 0 PID: 5831 Comm: syz-executor336 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   94.597018][ T5831] Tainted: [B]=BAD_PAGE
[   94.601204][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   94.611663][ T5831] Call Trace:
[   94.615144][ T5831]  <TASK>
[   94.618198][ T5831]  dump_stack_lvl+0x241/0x360
[   94.623010][ T5831]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.628344][ T5831]  ? __pfx_print_modules+0x10/0x10
[   94.633682][ T5831]  bad_page+0x176/0x1d0
[   94.638483][ T5831]  free_unref_page+0x1048/0x1130
[   94.643487][ T5831]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   94.649298][ T5831]  bpf_xdp_adjust_tail+0x1c3/0x200
[   94.654824][ T5831]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   94.660517][ T5831]  bpf_prog_run_generic_xdp+0x686/0x1510
[   94.666284][ T5831]  do_xdp_generic+0x757/0xd30
[   94.671775][ T5831]  ? __pfx_do_xdp_generic+0x10/0x10
[   94.677114][ T5831]  ? rcu_is_watching+0x15/0xb0
[   94.682725][ T5831]  ? rcu_is_watching+0x15/0xb0
[   94.687952][ T5831]  ? count_memcg_event_mm+0x94/0x420
[   94.693292][ T5831]  __netif_receive_skb_core+0x1ce9/0x4690
[   94.699058][ T5831]  ? handle_mm_fault+0x173f/0x1ad0
[   94.704278][ T5831]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   94.711231][ T5831]  ? rcu_is_watching+0x15/0xb0
[   94.716563][ T5831]  ? lock_release+0xbf/0xa30
[   94.722309][ T5831]  ? __pfx_lock_acquire+0x10/0x10
[   94.727839][ T5831]  ? __up_read+0x2c2/0x6b0
[   94.734719][ T5831]  ? rcu_is_watching+0x15/0xb0
[   94.740725][ T5831]  __netif_receive_skb+0x12f/0x650
[   94.746300][ T5831]  ? __pfx_lock_acquire+0x10/0x10
[   94.751629][ T5831]  ? seqcount_lockdep_reader_access+0x1d7/0x220