./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1673169357 <...> Warning: Permanently added '10.128.0.135' (ED25519) to the list of known hosts. execve("./syz-executor1673169357", ["./syz-executor1673169357"], 0x7ffc00d58030 /* 10 vars */) = 0 brk(NULL) = 0x55557f949000 brk(0x55557f949d00) = 0x55557f949d00 arch_prctl(ARCH_SET_FS, 0x55557f949380) = 0 set_tid_address(0x55557f949650) = 5819 set_robust_list(0x55557f949660, 24) = 0 rseq(0x55557f949ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1673169357", 4096) = 28 getrandom("\xcc\x14\x1f\x94\xf8\xc1\x2e\xb4", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557f949d00 brk(0x55557f96ad00) = 0x55557f96ad00 brk(0x55557f96b000) = 0x55557f96b000 mprotect(0x7fa04c9e8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5820 attached , child_tidptr=0x55557f949650) = 5820 [pid 5820] set_robust_list(0x55557f949660, 24) = 0 [pid 5820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5820] getppid() = 0 [pid 5820] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5820] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5820] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5820] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5820] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5820] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5820] unshare(CLONE_NEWNS) = 0 [pid 5820] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5820] unshare(CLONE_NEWIPC) = 0 [pid 5820] unshare(CLONE_NEWCGROUP) = 0 [pid 5820] unshare(CLONE_NEWUTS) = 0 [pid 5820] unshare(CLONE_SYSVSEM) = 0 [pid 5820] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5820] write(3, "16777216", 8) = 8 [pid 5820] close(3) = 0 [pid 5820] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5820] write(3, "536870912", 9) = 9 [pid 5820] close(3) = 0 [pid 5820] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5820] write(3, "1024", 4) = 4 [pid 5820] close(3) = 0 [pid 5820] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5820] write(3, "8192", 4) = 4 [pid 5820] close(3) = 0 [pid 5820] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5820] write(3, "1024", 4) = 4 [pid 5820] close(3) = 0 [pid 5820] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5820] write(3, "1024", 4) = 4 [pid 5820] close(3) = 0 [pid 5820] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5820] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5820] close(3) = 0 [pid 5820] getpid() = 1 [pid 5820] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5823] set_robust_list(0x55557f949660, 24 [pid 5820] <... clone resumed>, child_tidptr=0x55557f949650) = 2 [pid 5823] <... set_robust_list resumed>) = 0 [pid 5823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5823] setpgid(0, 0) = 0 [pid 5823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5823] write(3, "1000", 4) = 4 executing program [pid 5823] close(3) = 0 [pid 5823] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5823] read(200, 0x7fff7ac122d0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5823] write(1, "executing program\n", 18) = 18 [pid 5823] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3 [pid 5823] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=4, insns=0x20000400, license="", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_TEST_STATE_FREQ|0x20, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 4 [pid 5823] ioctl(3, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 5823] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=11, attach_type=BPF_XDP, flags=0x2}, ...}, 24) = 5 [ 62.274487][ T5823] BUG: Bad page state in process syz-executor167 pfn:75ee2 [ 62.281885][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75ee2 [ 62.290698][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 62.297884][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 62.306492][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 62.315126][ T5823] page dumped because: page_pool leak [ 62.320544][ T5823] page_owner tracks the page as allocated [ 62.326340][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274430155, free_ts 54932467684 [ 62.343735][ T5823] post_alloc_hook+0x1f3/0x230 [ 62.348581][ T5823] get_page_from_freelist+0x3651/0x37a0 [ 62.354123][ T5823] __alloc_pages_noprof+0x292/0x710 [ 62.359351][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 62.364821][ T5823] __page_pool_alloc_pages_slow+0x122/0x690 [ 62.370762][ T5823] page_pool_alloc_pages+0xd0/0x1c0 [ 62.375977][ T5823] skb_pp_cow_data+0xc43/0x1640 [ 62.380862][ T5823] do_xdp_generic+0x505/0xd30 [ 62.385547][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 62.391303][ T5823] __netif_receive_skb+0x12f/0x650 [ 62.396423][ T5823] netif_receive_skb+0x1e8/0x890 [ 62.401491][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 62.406186][ T5823] tun_get_user+0x30d6/0x4890 [ 62.410896][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 62.415943][ T5823] vfs_write+0xaeb/0xd30 [ 62.420231][ T5823] ksys_write+0x18f/0x2b0 [ 62.424572][ T5823] page last free pid 5810 tgid 5810 stack trace: [ 62.430927][ T5823] free_unref_page+0xde3/0x1130 [ 62.435786][ T5823] __folio_put+0x2c7/0x440 [ 62.440250][ T5823] pipe_read+0x6ed/0x13e0 [ 62.444591][ T5823] vfs_read+0x991/0xb70 [ 62.448808][ T5823] ksys_read+0x18f/0x2b0 [ 62.453062][ T5823] do_syscall_64+0xf3/0x230 [ 62.457604][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.463517][ T5823] Modules linked in: [ 62.467471][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 62.478584][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 62.488642][ T5823] Call Trace: [ 62.491907][ T5823] [ 62.494821][ T5823] dump_stack_lvl+0x241/0x360 [ 62.499488][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 62.504673][ T5823] ? __pfx_print_modules+0x10/0x10 [ 62.509866][ T5823] bad_page+0x176/0x1d0 [ 62.514009][ T5823] free_unref_page+0x1048/0x1130 [ 62.518958][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 62.524582][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200 [ 62.529697][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 62.535147][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510 [ 62.540783][ T5823] do_xdp_generic+0x757/0xd30 [ 62.545450][ T5823] ? __pfx_do_xdp_generic+0x10/0x10 [ 62.550642][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00 [ 62.555922][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 62.561645][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 62.567727][ T5823] ? mark_lock+0x9a/0x360 [ 62.572050][ T5823] ? __lock_acquire+0x1397/0x2100 [ 62.577087][ T5823] __netif_receive_skb+0x12f/0x650 [ 62.582200][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 62.587215][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 62.593456][ T5823] ? __pfx___netif_receive_skb+0x10/0x10 [ 62.599089][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 62.603937][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 62.609653][ T5823] ? read_tsc+0x9/0x20 [ 62.613720][ T5823] ? netif_receive_skb+0x131/0x890 [ 62.618827][ T5823] ? netif_receive_skb+0x131/0x890 [ 62.623933][ T5823] netif_receive_skb+0x1e8/0x890 [ 62.628871][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 62.633720][ T5823] ? __pfx_netif_receive_skb+0x10/0x10 [ 62.639187][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 62.644053][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 62.648729][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 62.655058][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 62.660078][ T5823] ? __pfx_tun_rx_batched+0x10/0x10 [ 62.665288][ T5823] tun_get_user+0x30d6/0x4890 [ 62.669962][ T5823] ? tun_get_user+0x2bbe/0x4890 [ 62.674815][ T5823] ? __lock_acquire+0x1397/0x2100 [ 62.679843][ T5823] ? __pfx_tun_get_user+0x10/0x10 [ 62.684879][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 62.690331][ T5823] ? tun_get+0x1e/0x2f0 [ 62.694486][ T5823] ? __pfx_lock_release+0x10/0x10 [ 62.699513][ T5823] ? tun_get+0x1e/0x2f0 [ 62.703663][ T5823] ? tun_get+0x27d/0x2f0 [ 62.707902][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 62.713273][ T5823] vfs_write+0xaeb/0xd30 [ 62.717522][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 62.723150][ T5823] ? __pfx_vfs_write+0x10/0x10 [ 62.727917][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50 [ 62.733115][ T5823] ? ptrace_notify+0x279/0x380 [ 62.737880][ T5823] ksys_write+0x18f/0x2b0 [ 62.742212][ T5823] ? __pfx_ksys_write+0x10/0x10 [ 62.747064][ T5823] ? do_syscall_64+0x100/0x230 [ 62.751832][ T5823] do_syscall_64+0xf3/0x230 [ 62.756335][ T5823] ? clear_bhb_loop+0x35/0x90 [ 62.761007][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.766901][ T5823] RIP: 0033:0x7fa04c96edb0 [ 62.771312][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 62.791007][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 62.799421][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 62.807386][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [ 62.815347][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 62.823308][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de [ 62.831274][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 62.839251][ T5823] [ 62.842378][ T5823] Disabling lock debugging due to kernel taint [ 62.848580][ T5823] BUG: Bad page state in process syz-executor167 pfn:75ee1 [ 62.855863][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75ee1 [ 62.864699][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 62.871846][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 62.880460][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 62.889058][ T5823] page dumped because: page_pool leak [ 62.894404][ T5823] page_owner tracks the page as allocated [ 62.900134][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274423990, free_ts 54932458266 [ 62.917437][ T5823] post_alloc_hook+0x1f3/0x230 [ 62.922188][ T5823] get_page_from_freelist+0x3651/0x37a0 [ 62.927753][ T5823] __alloc_pages_noprof+0x292/0x710 [ 62.932974][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 62.938461][ T5823] __page_pool_alloc_pages_slow+0x122/0x690 [ 62.944365][ T5823] page_pool_alloc_pages+0xd0/0x1c0 [ 62.949599][ T5823] skb_pp_cow_data+0xc43/0x1640 [ 62.954448][ T5823] do_xdp_generic+0x505/0xd30 [ 62.959145][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 62.964869][ T5823] __netif_receive_skb+0x12f/0x650 [ 62.970001][ T5823] netif_receive_skb+0x1e8/0x890 [ 62.974941][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 62.979667][ T5823] tun_get_user+0x30d6/0x4890 [ 62.984359][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 62.989425][ T5823] vfs_write+0xaeb/0xd30 [ 62.993678][ T5823] ksys_write+0x18f/0x2b0 [ 62.998030][ T5823] page last free pid 5810 tgid 5810 stack trace: [ 63.004341][ T5823] free_unref_page+0xde3/0x1130 [ 63.009264][ T5823] __folio_put+0x2c7/0x440 [ 63.013693][ T5823] pipe_read+0x6ed/0x13e0 [ 63.018048][ T5823] vfs_read+0x991/0xb70 [ 63.022211][ T5823] ksys_read+0x18f/0x2b0 [ 63.026441][ T5823] do_syscall_64+0xf3/0x230 [ 63.030989][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.036919][ T5823] Modules linked in: [ 63.040800][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 63.053369][ T5823] Tainted: [B]=BAD_PAGE [ 63.057504][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 63.067553][ T5823] Call Trace: [ 63.070819][ T5823] [ 63.073738][ T5823] dump_stack_lvl+0x241/0x360 [ 63.078409][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 63.083695][ T5823] ? __pfx_print_modules+0x10/0x10 [ 63.088792][ T5823] bad_page+0x176/0x1d0 [ 63.092934][ T5823] free_unref_page+0x1048/0x1130 [ 63.097864][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 63.103492][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200 [ 63.108602][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 63.114045][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510 [ 63.119679][ T5823] do_xdp_generic+0x757/0xd30 [ 63.124350][ T5823] ? __pfx_do_xdp_generic+0x10/0x10 [ 63.129541][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00 [ 63.134825][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 63.140543][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 63.146601][ T5823] ? mark_lock+0x9a/0x360 [ 63.150921][ T5823] ? __lock_acquire+0x1397/0x2100 [ 63.155942][ T5823] __netif_receive_skb+0x12f/0x650 [ 63.161044][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 63.166057][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 63.172287][ T5823] ? __pfx___netif_receive_skb+0x10/0x10 [ 63.177911][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 63.182751][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 63.188458][ T5823] ? read_tsc+0x9/0x20 [ 63.192521][ T5823] ? netif_receive_skb+0x131/0x890 [ 63.197624][ T5823] ? netif_receive_skb+0x131/0x890 [ 63.202723][ T5823] netif_receive_skb+0x1e8/0x890 [ 63.207653][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 63.212497][ T5823] ? __pfx_netif_receive_skb+0x10/0x10 [ 63.217955][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 63.222795][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 63.227462][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 63.233782][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 63.238792][ T5823] ? __pfx_tun_rx_batched+0x10/0x10 [ 63.243987][ T5823] tun_get_user+0x30d6/0x4890 [ 63.248656][ T5823] ? tun_get_user+0x2bbe/0x4890 [ 63.253508][ T5823] ? __lock_acquire+0x1397/0x2100 [ 63.258521][ T5823] ? __pfx_tun_get_user+0x10/0x10 [ 63.263537][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 63.268985][ T5823] ? tun_get+0x1e/0x2f0 [ 63.273130][ T5823] ? __pfx_lock_release+0x10/0x10 [ 63.278147][ T5823] ? tun_get+0x1e/0x2f0 [ 63.282293][ T5823] ? tun_get+0x27d/0x2f0 [ 63.286523][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 63.291541][ T5823] vfs_write+0xaeb/0xd30 [ 63.295785][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 63.301322][ T5823] ? __pfx_vfs_write+0x10/0x10 [ 63.306083][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50 [ 63.311273][ T5823] ? ptrace_notify+0x279/0x380 [ 63.316027][ T5823] ksys_write+0x18f/0x2b0 [ 63.320352][ T5823] ? __pfx_ksys_write+0x10/0x10 [ 63.325191][ T5823] ? do_syscall_64+0x100/0x230 [ 63.329947][ T5823] do_syscall_64+0xf3/0x230 [ 63.334441][ T5823] ? clear_bhb_loop+0x35/0x90 [ 63.339107][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.344991][ T5823] RIP: 0033:0x7fa04c96edb0 [ 63.349395][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 63.368989][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 63.377391][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 63.385347][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [ 63.393304][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 63.401262][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de [ 63.409222][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 63.417186][ T5823] [ 63.420275][ T5823] BUG: Bad page state in process syz-executor167 pfn:75ee0 [ 63.427668][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75ee0 [ 63.436429][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 63.443586][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 63.452190][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 63.460790][ T5823] page dumped because: page_pool leak [ 63.466185][ T5823] page_owner tracks the page as allocated [ 63.471938][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274417695, free_ts 54932448591 [ 63.489231][ T5823] post_alloc_hook+0x1f3/0x230 [ 63.493979][ T5823] get_page_from_freelist+0x3651/0x37a0 [ 63.499562][ T5823] __alloc_pages_noprof+0x292/0x710 [ 63.504763][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 63.510238][ T5823] __page_pool_alloc_pages_slow+0x122/0x690 [ 63.516135][ T5823] page_pool_alloc_pages+0xd0/0x1c0 [ 63.521348][ T5823] skb_pp_cow_data+0xc43/0x1640 [ 63.526201][ T5823] do_xdp_generic+0x505/0xd30 [ 63.530895][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 63.536617][ T5823] __netif_receive_skb+0x12f/0x650 [ 63.541746][ T5823] netif_receive_skb+0x1e8/0x890 [ 63.546688][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 63.551381][ T5823] tun_get_user+0x30d6/0x4890 [ 63.556061][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 63.561110][ T5823] vfs_write+0xaeb/0xd30 [ 63.565366][ T5823] ksys_write+0x18f/0x2b0 [ 63.569732][ T5823] page last free pid 5810 tgid 5810 stack trace: [ 63.576059][ T5823] free_unref_page+0xde3/0x1130 [ 63.580955][ T5823] __folio_put+0x2c7/0x440 [ 63.585376][ T5823] pipe_read+0x6ed/0x13e0 [ 63.589719][ T5823] vfs_read+0x991/0xb70 [ 63.593877][ T5823] ksys_read+0x18f/0x2b0 [ 63.598140][ T5823] do_syscall_64+0xf3/0x230 [ 63.602733][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.608703][ T5823] Modules linked in: [ 63.612624][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 63.625199][ T5823] Tainted: [B]=BAD_PAGE [ 63.629332][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 63.639369][ T5823] Call Trace: [ 63.642637][ T5823] [ 63.645551][ T5823] dump_stack_lvl+0x241/0x360 [ 63.650216][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 63.655397][ T5823] ? __pfx_print_modules+0x10/0x10 [ 63.660503][ T5823] bad_page+0x176/0x1d0 [ 63.664641][ T5823] free_unref_page+0x1048/0x1130 [ 63.669586][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 63.675203][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200 [ 63.680301][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 63.685831][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510 [ 63.691485][ T5823] do_xdp_generic+0x757/0xd30 [ 63.696155][ T5823] ? __pfx_do_xdp_generic+0x10/0x10 [ 63.701351][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00 [ 63.706647][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 63.712369][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 63.718436][ T5823] ? mark_lock+0x9a/0x360 [ 63.722762][ T5823] ? __lock_acquire+0x1397/0x2100 [ 63.727783][ T5823] __netif_receive_skb+0x12f/0x650 [ 63.732894][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 63.737911][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 63.744163][ T5823] ? __pfx___netif_receive_skb+0x10/0x10 [ 63.749803][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 63.754651][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 63.760365][ T5823] ? read_tsc+0x9/0x20 [ 63.764433][ T5823] ? netif_receive_skb+0x131/0x890 [ 63.769554][ T5823] ? netif_receive_skb+0x131/0x890 [ 63.774662][ T5823] netif_receive_skb+0x1e8/0x890 [ 63.779598][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 63.784455][ T5823] ? __pfx_netif_receive_skb+0x10/0x10 [ 63.789907][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 63.794750][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 63.799418][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 63.805740][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 63.810754][ T5823] ? __pfx_tun_rx_batched+0x10/0x10 [ 63.815950][ T5823] tun_get_user+0x30d6/0x4890 [ 63.820618][ T5823] ? tun_get_user+0x2bbe/0x4890 [ 63.825488][ T5823] ? __lock_acquire+0x1397/0x2100 [ 63.830504][ T5823] ? __pfx_tun_get_user+0x10/0x10 [ 63.835524][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 63.840973][ T5823] ? tun_get+0x1e/0x2f0 [ 63.845120][ T5823] ? __pfx_lock_release+0x10/0x10 [ 63.850138][ T5823] ? tun_get+0x1e/0x2f0 [ 63.854282][ T5823] ? tun_get+0x27d/0x2f0 [ 63.858516][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 63.863576][ T5823] vfs_write+0xaeb/0xd30 [ 63.867835][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 63.873389][ T5823] ? __pfx_vfs_write+0x10/0x10 [ 63.878154][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50 [ 63.883347][ T5823] ? ptrace_notify+0x279/0x380 [ 63.888109][ T5823] ksys_write+0x18f/0x2b0 [ 63.892434][ T5823] ? __pfx_ksys_write+0x10/0x10 [ 63.897282][ T5823] ? do_syscall_64+0x100/0x230 [ 63.902042][ T5823] do_syscall_64+0xf3/0x230 [ 63.906536][ T5823] ? clear_bhb_loop+0x35/0x90 [ 63.911202][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.917086][ T5823] RIP: 0033:0x7fa04c96edb0 [ 63.921490][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 63.941102][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 63.949512][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 63.957479][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [ 63.965441][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 63.973404][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de [ 63.981368][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 63.989336][ T5823] [ 63.992443][ T5823] BUG: Bad page state in process syz-executor167 pfn:7575f [ 63.999769][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7575f [ 64.008573][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 64.015700][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 64.024333][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 64.032960][ T5823] page dumped because: page_pool leak [ 64.038345][ T5823] page_owner tracks the page as allocated [ 64.044050][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274411640, free_ts 50813649747 [ 64.061359][ T5823] post_alloc_hook+0x1f3/0x230 [ 64.066140][ T5823] get_page_from_freelist+0x3651/0x37a0 [ 64.071742][ T5823] __alloc_pages_noprof+0x292/0x710 [ 64.076981][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 64.082466][ T5823] __page_pool_alloc_pages_slow+0x122/0x690 [ 64.088413][ T5823] page_pool_alloc_pages+0xd0/0x1c0 [ 64.093633][ T5823] skb_pp_cow_data+0xc43/0x1640 [ 64.098646][ T5823] do_xdp_generic+0x505/0xd30 [ 64.103336][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 64.109082][ T5823] __netif_receive_skb+0x12f/0x650 [ 64.114199][ T5823] netif_receive_skb+0x1e8/0x890 [ 64.119167][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 64.123847][ T5823] tun_get_user+0x30d6/0x4890 [ 64.128564][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 64.133603][ T5823] vfs_write+0xaeb/0xd30 [ 64.137979][ T5823] ksys_write+0x18f/0x2b0 [ 64.142323][ T5823] page last free pid 5672 tgid 5672 stack trace: [ 64.148685][ T5823] free_unref_page+0xde3/0x1130 [ 64.153549][ T5823] __folio_put+0x2c7/0x440 [ 64.158002][ T5823] pipe_read+0x6ed/0x13e0 [ 64.162342][ T5823] vfs_read+0x991/0xb70 [ 64.166504][ T5823] ksys_read+0x18f/0x2b0 [ 64.170772][ T5823] do_syscall_64+0xf3/0x230 [ 64.175297][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.181239][ T5823] Modules linked in: [ 64.185140][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 64.197706][ T5823] Tainted: [B]=BAD_PAGE [ 64.201836][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 64.211872][ T5823] Call Trace: [ 64.215134][ T5823] [ 64.218048][ T5823] dump_stack_lvl+0x241/0x360 [ 64.222708][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 64.227887][ T5823] ? __pfx_print_modules+0x10/0x10 [ 64.232979][ T5823] bad_page+0x176/0x1d0 [ 64.237123][ T5823] free_unref_page+0x1048/0x1130 [ 64.242046][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 64.247676][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200 [ 64.252782][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 64.258229][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510 [ 64.263872][ T5823] do_xdp_generic+0x757/0xd30 [ 64.268554][ T5823] ? __pfx_do_xdp_generic+0x10/0x10 [ 64.273735][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00 [ 64.279007][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 64.284719][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 64.290783][ T5823] ? mark_lock+0x9a/0x360 [ 64.295113][ T5823] ? __lock_acquire+0x1397/0x2100 [ 64.300135][ T5823] __netif_receive_skb+0x12f/0x650 [ 64.305241][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 64.310253][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 64.316491][ T5823] ? __pfx___netif_receive_skb+0x10/0x10 [ 64.322118][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 64.326961][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 64.332668][ T5823] ? read_tsc+0x9/0x20 [ 64.336729][ T5823] ? netif_receive_skb+0x131/0x890 [ 64.341833][ T5823] ? netif_receive_skb+0x131/0x890 [ 64.346934][ T5823] netif_receive_skb+0x1e8/0x890 [ 64.351864][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 64.356707][ T5823] ? __pfx_netif_receive_skb+0x10/0x10 [ 64.362163][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 64.367007][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 64.371675][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 64.377988][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 64.382997][ T5823] ? __pfx_tun_rx_batched+0x10/0x10 [ 64.388193][ T5823] tun_get_user+0x30d6/0x4890 [ 64.392862][ T5823] ? tun_get_user+0x2bbe/0x4890 [ 64.397704][ T5823] ? __lock_acquire+0x1397/0x2100 [ 64.402717][ T5823] ? __pfx_tun_get_user+0x10/0x10 [ 64.407739][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 64.413184][ T5823] ? tun_get+0x1e/0x2f0 [ 64.417337][ T5823] ? __pfx_lock_release+0x10/0x10 [ 64.422354][ T5823] ? tun_get+0x1e/0x2f0 [ 64.426501][ T5823] ? tun_get+0x27d/0x2f0 [ 64.430736][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 64.435753][ T5823] vfs_write+0xaeb/0xd30 [ 64.439992][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 64.445531][ T5823] ? __pfx_vfs_write+0x10/0x10 [ 64.450297][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50 [ 64.455484][ T5823] ? ptrace_notify+0x279/0x380 [ 64.460238][ T5823] ksys_write+0x18f/0x2b0 [ 64.464559][ T5823] ? __pfx_ksys_write+0x10/0x10 [ 64.469418][ T5823] ? do_syscall_64+0x100/0x230 [ 64.474183][ T5823] do_syscall_64+0xf3/0x230 [ 64.478683][ T5823] ? clear_bhb_loop+0x35/0x90 [ 64.483348][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.489239][ T5823] RIP: 0033:0x7fa04c96edb0 [ 64.493645][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 64.513239][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 64.521643][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 64.529609][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [ 64.537571][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 64.545533][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de [ 64.553495][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 64.561461][ T5823] [ 64.564526][ T5823] BUG: Bad page state in process syz-executor167 pfn:7575e [ 64.571833][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7575e [ 64.580623][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 64.587759][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 64.596344][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 64.604950][ T5823] page dumped because: page_pool leak [ 64.610329][ T5823] page_owner tracks the page as allocated [ 64.616132][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274405511, free_ts 50813624494 [ 64.633437][ T5823] post_alloc_hook+0x1f3/0x230 [ 64.638226][ T5823] get_page_from_freelist+0x3651/0x37a0 [ 64.643759][ T5823] __alloc_pages_noprof+0x292/0x710 [ 64.648970][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 64.654434][ T5823] __page_pool_alloc_pages_slow+0x122/0x690 [ 64.660394][ T5823] page_pool_alloc_pages+0xd0/0x1c0 [ 64.665618][ T5823] skb_pp_cow_data+0xc43/0x1640 [ 64.670490][ T5823] do_xdp_generic+0x505/0xd30 [ 64.675167][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 64.680906][ T5823] __netif_receive_skb+0x12f/0x650 [ 64.686023][ T5823] netif_receive_skb+0x1e8/0x890 [ 64.690984][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 64.695666][ T5823] tun_get_user+0x30d6/0x4890 [ 64.700363][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 64.705390][ T5823] vfs_write+0xaeb/0xd30 [ 64.709664][ T5823] ksys_write+0x18f/0x2b0 [ 64.714010][ T5823] page last free pid 5672 tgid 5672 stack trace: [ 64.720373][ T5823] free_unref_page+0xde3/0x1130 [ 64.725239][ T5823] __folio_put+0x2c7/0x440 [ 64.729707][ T5823] pipe_read+0x6ed/0x13e0 [ 64.734046][ T5823] vfs_read+0x991/0xb70 [ 64.738222][ T5823] ksys_read+0x18f/0x2b0 [ 64.742468][ T5823] do_syscall_64+0xf3/0x230 [ 64.747007][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.752915][ T5823] Modules linked in: [ 64.756847][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 64.769435][ T5823] Tainted: [B]=BAD_PAGE [ 64.773659][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 64.783708][ T5823] Call Trace: [ 64.786975][ T5823] [ 64.789890][ T5823] dump_stack_lvl+0x241/0x360 [ 64.794560][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 64.799746][ T5823] ? __pfx_print_modules+0x10/0x10 [ 64.804844][ T5823] bad_page+0x176/0x1d0 [ 64.808987][ T5823] free_unref_page+0x1048/0x1130 [ 64.813911][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 64.819534][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200 [ 64.824642][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 64.830342][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510 [ 64.835979][ T5823] do_xdp_generic+0x757/0xd30 [ 64.840680][ T5823] ? __pfx_do_xdp_generic+0x10/0x10 [ 64.845877][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00 [ 64.851157][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 64.856889][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 64.862998][ T5823] ? mark_lock+0x9a/0x360 [ 64.867330][ T5823] ? __lock_acquire+0x1397/0x2100 [ 64.872357][ T5823] __netif_receive_skb+0x12f/0x650 [ 64.877467][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 64.882485][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 64.888723][ T5823] ? __pfx___netif_receive_skb+0x10/0x10 [ 64.894350][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 64.899198][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 64.904914][ T5823] ? read_tsc+0x9/0x20 [ 64.908977][ T5823] ? netif_receive_skb+0x131/0x890 [ 64.914078][ T5823] ? netif_receive_skb+0x131/0x890 [ 64.919264][ T5823] netif_receive_skb+0x1e8/0x890 [ 64.924190][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 64.929037][ T5823] ? __pfx_netif_receive_skb+0x10/0x10 [ 64.934489][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 64.939345][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 64.944012][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 64.950331][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 64.955344][ T5823] ? __pfx_tun_rx_batched+0x10/0x10 [ 64.960536][ T5823] tun_get_user+0x30d6/0x4890 [ 64.965206][ T5823] ? tun_get_user+0x2bbe/0x4890 [ 64.970054][ T5823] ? __lock_acquire+0x1397/0x2100 [ 64.975070][ T5823] ? __pfx_tun_get_user+0x10/0x10 [ 64.980090][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 64.985537][ T5823] ? tun_get+0x1e/0x2f0 [ 64.989684][ T5823] ? __pfx_lock_release+0x10/0x10 [ 64.994698][ T5823] ? tun_get+0x1e/0x2f0 [ 64.998853][ T5823] ? tun_get+0x27d/0x2f0 [ 65.003087][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 65.008103][ T5823] vfs_write+0xaeb/0xd30 [ 65.012339][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 65.017882][ T5823] ? __pfx_vfs_write+0x10/0x10 [ 65.022646][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50 [ 65.027835][ T5823] ? ptrace_notify+0x279/0x380 [ 65.032591][ T5823] ksys_write+0x18f/0x2b0 [ 65.036915][ T5823] ? __pfx_ksys_write+0x10/0x10 [ 65.041757][ T5823] ? do_syscall_64+0x100/0x230 [ 65.046513][ T5823] do_syscall_64+0xf3/0x230 [ 65.051007][ T5823] ? clear_bhb_loop+0x35/0x90 [ 65.055673][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.061644][ T5823] RIP: 0033:0x7fa04c96edb0 [ 65.066047][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 65.085642][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 65.094046][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 65.102003][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [ 65.109960][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 65.117924][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de [ 65.125880][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 65.133845][ T5823] [ 65.136932][ T5823] BUG: Bad page state in process syz-executor167 pfn:7575d [ 65.144215][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7575d [ 65.153003][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 65.160145][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 65.168746][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 65.177343][ T5823] page dumped because: page_pool leak [ 65.182705][ T5823] page_owner tracks the page as allocated [ 65.188436][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274399461, free_ts 50813614970 [ 65.205731][ T5823] post_alloc_hook+0x1f3/0x230 [ 65.210512][ T5823] get_page_from_freelist+0x3651/0x37a0 [ 65.216063][ T5823] __alloc_pages_noprof+0x292/0x710 [ 65.221280][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 65.226745][ T5823] __page_pool_alloc_pages_slow+0x122/0x690 [ 65.232694][ T5823] page_pool_alloc_pages+0xd0/0x1c0 [ 65.237928][ T5823] skb_pp_cow_data+0xc43/0x1640 [ 65.242766][ T5823] do_xdp_generic+0x505/0xd30 [ 65.247469][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 65.253193][ T5823] __netif_receive_skb+0x12f/0x650 [ 65.258334][ T5823] netif_receive_skb+0x1e8/0x890 [ 65.263281][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 65.267978][ T5823] tun_get_user+0x30d6/0x4890 [ 65.272661][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 65.277715][ T5823] vfs_write+0xaeb/0xd30 [ 65.281982][ T5823] ksys_write+0x18f/0x2b0 [ 65.286333][ T5823] page last free pid 5672 tgid 5672 stack trace: [ 65.292673][ T5823] free_unref_page+0xde3/0x1130 [ 65.297547][ T5823] __folio_put+0x2c7/0x440 [ 65.301975][ T5823] pipe_read+0x6ed/0x13e0 [ 65.306298][ T5823] vfs_read+0x991/0xb70 [ 65.310493][ T5823] ksys_read+0x18f/0x2b0 [ 65.314742][ T5823] do_syscall_64+0xf3/0x230 [ 65.319268][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.325175][ T5823] Modules linked in: [ 65.329100][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 65.341694][ T5823] Tainted: [B]=BAD_PAGE [ 65.345840][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 65.355888][ T5823] Call Trace: [ 65.359164][ T5823] [ 65.362084][ T5823] dump_stack_lvl+0x241/0x360 [ 65.366748][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 65.372017][ T5823] ? __pfx_print_modules+0x10/0x10 [ 65.377111][ T5823] bad_page+0x176/0x1d0 [ 65.381251][ T5823] free_unref_page+0x1048/0x1130 [ 65.386185][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 65.391814][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200 [ 65.396925][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 65.402401][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510 [ 65.408032][ T5823] do_xdp_generic+0x757/0xd30 [ 65.412703][ T5823] ? __pfx_do_xdp_generic+0x10/0x10 [ 65.417895][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00 [ 65.423177][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 65.428895][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 65.434953][ T5823] ? mark_lock+0x9a/0x360 [ 65.439276][ T5823] ? __lock_acquire+0x1397/0x2100 [ 65.444292][ T5823] __netif_receive_skb+0x12f/0x650 [ 65.449394][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 65.454405][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 65.460638][ T5823] ? __pfx___netif_receive_skb+0x10/0x10 [ 65.466264][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 65.471106][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 65.476811][ T5823] ? read_tsc+0x9/0x20 [ 65.480878][ T5823] ? netif_receive_skb+0x131/0x890 [ 65.485977][ T5823] ? netif_receive_skb+0x131/0x890 [ 65.491082][ T5823] netif_receive_skb+0x1e8/0x890 [ 65.496006][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 65.500853][ T5823] ? __pfx_netif_receive_skb+0x10/0x10 [ 65.506327][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 65.511182][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 65.515851][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 65.522169][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 65.527179][ T5823] ? __pfx_tun_rx_batched+0x10/0x10 [ 65.532376][ T5823] tun_get_user+0x30d6/0x4890 [ 65.537054][ T5823] ? tun_get_user+0x2bbe/0x4890 [ 65.541909][ T5823] ? __lock_acquire+0x1397/0x2100 [ 65.546935][ T5823] ? __pfx_tun_get_user+0x10/0x10 [ 65.551970][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 65.557421][ T5823] ? tun_get+0x1e/0x2f0 [ 65.561574][ T5823] ? __pfx_lock_release+0x10/0x10 [ 65.566613][ T5823] ? tun_get+0x1e/0x2f0 [ 65.570765][ T5823] ? tun_get+0x27d/0x2f0 [ 65.575000][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 65.580024][ T5823] vfs_write+0xaeb/0xd30 [ 65.584264][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 65.589808][ T5823] ? __pfx_vfs_write+0x10/0x10 [ 65.594569][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50 [ 65.599761][ T5823] ? ptrace_notify+0x279/0x380 [ 65.604523][ T5823] ksys_write+0x18f/0x2b0 [ 65.608846][ T5823] ? __pfx_ksys_write+0x10/0x10 [ 65.613691][ T5823] ? do_syscall_64+0x100/0x230 [ 65.618449][ T5823] do_syscall_64+0xf3/0x230 [ 65.622945][ T5823] ? clear_bhb_loop+0x35/0x90 [ 65.627608][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.633496][ T5823] RIP: 0033:0x7fa04c96edb0 [ 65.637902][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 65.657497][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 65.665899][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 65.673858][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [ 65.681816][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 65.689795][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de [ 65.697754][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 65.705717][ T5823] [ 65.708782][ T5823] BUG: Bad page state in process syz-executor167 pfn:7575c [ 65.716069][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7575c [ 65.724872][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 65.732014][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 65.740615][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 65.749211][ T5823] page dumped because: page_pool leak [ 65.754574][ T5823] page_owner tracks the page as allocated [ 65.760339][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274393210, free_ts 50813604036 [ 65.777635][ T5823] post_alloc_hook+0x1f3/0x230 [ 65.782384][ T5823] get_page_from_freelist+0x3651/0x37a0 [ 65.787961][ T5823] __alloc_pages_noprof+0x292/0x710 [ 65.793171][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 65.798656][ T5823] __page_pool_alloc_pages_slow+0x122/0x690 [ 65.804563][ T5823] page_pool_alloc_pages+0xd0/0x1c0 [ 65.809786][ T5823] skb_pp_cow_data+0xc43/0x1640 [ 65.814638][ T5823] do_xdp_generic+0x505/0xd30 [ 65.819338][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 65.825061][ T5823] __netif_receive_skb+0x12f/0x650 [ 65.830187][ T5823] netif_receive_skb+0x1e8/0x890 [ 65.835130][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 65.839824][ T5823] tun_get_user+0x30d6/0x4890 [ 65.844505][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 65.849560][ T5823] vfs_write+0xaeb/0xd30 [ 65.853815][ T5823] ksys_write+0x18f/0x2b0 [ 65.858203][ T5823] page last free pid 5672 tgid 5672 stack trace: [ 65.864540][ T5823] free_unref_page+0xde3/0x1130 [ 65.869444][ T5823] __folio_put+0x2c7/0x440 [ 65.873876][ T5823] pipe_read+0x6ed/0x13e0 [ 65.878230][ T5823] vfs_read+0x991/0xb70 [ 65.882396][ T5823] ksys_read+0x18f/0x2b0 [ 65.886639][ T5823] do_syscall_64+0xf3/0x230 [ 65.891164][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.897101][ T5823] Modules linked in: [ 65.900982][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 65.913550][ T5823] Tainted: [B]=BAD_PAGE [ 65.917680][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 65.927740][ T5823] Call Trace: [ 65.931002][ T5823] [ 65.933915][ T5823] dump_stack_lvl+0x241/0x360 [ 65.938582][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 65.943761][ T5823] ? __pfx_print_modules+0x10/0x10 [ 65.948857][ T5823] bad_page+0x176/0x1d0 [ 65.952991][ T5823] free_unref_page+0x1048/0x1130 [ 65.957914][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 65.963532][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200 [ 65.968629][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 65.974066][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510 [ 65.979703][ T5823] do_xdp_generic+0x757/0xd30 [ 65.984380][ T5823] ? __pfx_do_xdp_generic+0x10/0x10 [ 65.989572][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00 [ 65.994862][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 66.000581][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 66.006633][ T5823] ? mark_lock+0x9a/0x360 [ 66.010951][ T5823] ? __lock_acquire+0x1397/0x2100 [ 66.015975][ T5823] __netif_receive_skb+0x12f/0x650 [ 66.021085][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 66.026097][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 66.032418][ T5823] ? __pfx___netif_receive_skb+0x10/0x10 [ 66.038045][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 66.042906][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 66.048646][ T5823] ? read_tsc+0x9/0x20 [ 66.052723][ T5823] ? netif_receive_skb+0x131/0x890 [ 66.057830][ T5823] ? netif_receive_skb+0x131/0x890 [ 66.062939][ T5823] netif_receive_skb+0x1e8/0x890 [ 66.067875][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 66.072727][ T5823] ? __pfx_netif_receive_skb+0x10/0x10 [ 66.078188][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 66.083034][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 66.087709][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 66.094029][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 66.099040][ T5823] ? __pfx_tun_rx_batched+0x10/0x10 [ 66.104235][ T5823] tun_get_user+0x30d6/0x4890 [ 66.108904][ T5823] ? tun_get_user+0x2bbe/0x4890 [ 66.113747][ T5823] ? __lock_acquire+0x1397/0x2100 [ 66.118761][ T5823] ? __pfx_tun_get_user+0x10/0x10 [ 66.123778][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 66.129229][ T5823] ? tun_get+0x1e/0x2f0 [ 66.133375][ T5823] ? __pfx_lock_release+0x10/0x10 [ 66.138395][ T5823] ? tun_get+0x1e/0x2f0 [ 66.142549][ T5823] ? tun_get+0x27d/0x2f0 [ 66.146782][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 66.151801][ T5823] vfs_write+0xaeb/0xd30 [ 66.156037][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 66.161572][ T5823] ? __pfx_vfs_write+0x10/0x10 [ 66.166330][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50 [ 66.171521][ T5823] ? ptrace_notify+0x279/0x380 [ 66.176382][ T5823] ksys_write+0x18f/0x2b0 [ 66.180704][ T5823] ? __pfx_ksys_write+0x10/0x10 [ 66.185549][ T5823] ? do_syscall_64+0x100/0x230 [ 66.190309][ T5823] do_syscall_64+0xf3/0x230 [ 66.194805][ T5823] ? clear_bhb_loop+0x35/0x90 [ 66.199477][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.205365][ T5823] RIP: 0033:0x7fa04c96edb0 [ 66.209770][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 66.229449][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 66.237860][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 66.245818][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [ 66.253776][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 66.261822][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de [ 66.269782][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 66.277751][ T5823] [ 66.280821][ T5823] BUG: Bad page state in process syz-executor167 pfn:2c057 [ 66.288128][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c057 [ 66.296927][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 66.304062][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 66.312680][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 66.321281][ T5823] page dumped because: page_pool leak [ 66.326630][ T5823] page_owner tracks the page as allocated [ 66.332360][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274387049, free_ts 55571351288 [ 66.349659][ T5823] post_alloc_hook+0x1f3/0x230 [ 66.354412][ T5823] get_page_from_freelist+0x3651/0x37a0 [ 66.360065][ T5823] __alloc_pages_noprof+0x292/0x710 [ 66.365293][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 66.370770][ T5823] __page_pool_alloc_pages_slow+0x122/0x690 [ 66.376669][ T5823] page_pool_alloc_pages+0xd0/0x1c0 [ 66.381916][ T5823] skb_pp_cow_data+0xc43/0x1640 [ 66.386772][ T5823] do_xdp_generic+0x505/0xd30 [ 66.391500][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 66.397241][ T5823] __netif_receive_skb+0x12f/0x650 [ 66.402361][ T5823] netif_receive_skb+0x1e8/0x890 [ 66.407314][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 66.411994][ T5823] tun_get_user+0x30d6/0x4890 [ 66.416654][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 66.421705][ T5823] vfs_write+0xaeb/0xd30 [ 66.425967][ T5823] ksys_write+0x18f/0x2b0 [ 66.430330][ T5823] page last free pid 5813 tgid 5813 stack trace: [ 66.436659][ T5823] free_unref_page+0xde3/0x1130 [ 66.441537][ T5823] __slab_free+0x31b/0x3d0 [ 66.445959][ T5823] qlist_free_all+0x9a/0x140 [ 66.450586][ T5823] kasan_quarantine_reduce+0x14f/0x170 [ 66.456049][ T5823] __kasan_slab_alloc+0x23/0x80 [ 66.460922][ T5823] kmem_cache_alloc_noprof+0x1d9/0x380 [ 66.466383][ T5823] getname_flags+0xb7/0x540 [ 66.470906][ T5823] do_sys_openat2+0xd2/0x1d0 [ 66.475498][ T5823] __x64_sys_openat+0x247/0x2a0 [ 66.480368][ T5823] do_syscall_64+0xf3/0x230 [ 66.484875][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.490789][ T5823] Modules linked in: [ 66.494684][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 66.507248][ T5823] Tainted: [B]=BAD_PAGE [ 66.511382][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 66.521421][ T5823] Call Trace: [ 66.524682][ T5823] [ 66.527598][ T5823] dump_stack_lvl+0x241/0x360 [ 66.532288][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 66.537474][ T5823] ? __pfx_print_modules+0x10/0x10 [ 66.542569][ T5823] bad_page+0x176/0x1d0 [ 66.546704][ T5823] free_unref_page+0x1048/0x1130 [ 66.551633][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 66.557261][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200 [ 66.562367][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 66.567812][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510 [ 66.573446][ T5823] do_xdp_generic+0x757/0xd30 [ 66.578112][ T5823] ? __pfx_do_xdp_generic+0x10/0x10 [ 66.583306][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00 [ 66.588585][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 66.594304][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 66.600363][ T5823] ? mark_lock+0x9a/0x360 [ 66.604684][ T5823] ? __lock_acquire+0x1397/0x2100 [ 66.609706][ T5823] __netif_receive_skb+0x12f/0x650 [ 66.614815][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 66.619828][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 66.626062][ T5823] ? __pfx___netif_receive_skb+0x10/0x10 [ 66.631687][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 66.636529][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 66.642238][ T5823] ? read_tsc+0x9/0x20 [ 66.646384][ T5823] ? netif_receive_skb+0x131/0x890 [ 66.651487][ T5823] ? netif_receive_skb+0x131/0x890 [ 66.656588][ T5823] netif_receive_skb+0x1e8/0x890 [ 66.661514][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 66.666352][ T5823] ? __pfx_netif_receive_skb+0x10/0x10 [ 66.671801][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 66.676640][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 66.681327][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 66.687664][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 66.692698][ T5823] ? __pfx_tun_rx_batched+0x10/0x10 [ 66.697910][ T5823] tun_get_user+0x30d6/0x4890 [ 66.702585][ T5823] ? tun_get_user+0x2bbe/0x4890 [ 66.707440][ T5823] ? __lock_acquire+0x1397/0x2100 [ 66.712471][ T5823] ? __pfx_tun_get_user+0x10/0x10 [ 66.717493][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 66.722943][ T5823] ? tun_get+0x1e/0x2f0 [ 66.727090][ T5823] ? __pfx_lock_release+0x10/0x10 [ 66.732106][ T5823] ? tun_get+0x1e/0x2f0 [ 66.736250][ T5823] ? tun_get+0x27d/0x2f0 [ 66.740490][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 66.745509][ T5823] vfs_write+0xaeb/0xd30 [ 66.749747][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 66.755292][ T5823] ? __pfx_vfs_write+0x10/0x10 [ 66.760053][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50 [ 66.765241][ T5823] ? ptrace_notify+0x279/0x380 [ 66.770000][ T5823] ksys_write+0x18f/0x2b0 [ 66.774322][ T5823] ? __pfx_ksys_write+0x10/0x10 [ 66.779168][ T5823] ? do_syscall_64+0x100/0x230 [ 66.783926][ T5823] do_syscall_64+0xf3/0x230 [ 66.788424][ T5823] ? clear_bhb_loop+0x35/0x90 [ 66.793085][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.798977][ T5823] RIP: 0033:0x7fa04c96edb0 [ 66.803381][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 66.822992][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 66.831410][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 66.839370][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [ 66.847332][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 66.855294][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de [ 66.863259][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 66.871263][ T5823] [ 66.874354][ T5823] BUG: Bad page state in process syz-executor167 pfn:2c056 [ 66.881691][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c056 [ 66.890480][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 66.897623][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 66.906206][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 66.914818][ T5823] page dumped because: page_pool leak [ 66.920199][ T5823] page_owner tracks the page as allocated [ 66.925898][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274380727, free_ts 55571351288 [ 66.943202][ T5823] post_alloc_hook+0x1f3/0x230 [ 66.947989][ T5823] get_page_from_freelist+0x3651/0x37a0 [ 66.953523][ T5823] __alloc_pages_noprof+0x292/0x710 [ 66.958742][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 66.964205][ T5823] __page_pool_alloc_pages_slow+0x122/0x690 [ 66.970120][ T5823] page_pool_alloc_pages+0xd0/0x1c0 [ 66.975324][ T5823] skb_pp_cow_data+0xc43/0x1640 [ 66.980193][ T5823] do_xdp_generic+0x505/0xd30 [ 66.984871][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 66.990620][ T5823] __netif_receive_skb+0x12f/0x650 [ 66.995734][ T5823] netif_receive_skb+0x1e8/0x890 [ 67.000708][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 67.005391][ T5823] tun_get_user+0x30d6/0x4890 [ 67.010102][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 67.015161][ T5823] vfs_write+0xaeb/0xd30 [ 67.019448][ T5823] ksys_write+0x18f/0x2b0 [ 67.023788][ T5823] page last free pid 5813 tgid 5813 stack trace: [ 67.030147][ T5823] free_unref_page+0xde3/0x1130 [ 67.035008][ T5823] __slab_free+0x31b/0x3d0 [ 67.039460][ T5823] qlist_free_all+0x9a/0x140 [ 67.044055][ T5823] kasan_quarantine_reduce+0x14f/0x170 [ 67.049540][ T5823] __kasan_slab_alloc+0x23/0x80 [ 67.054396][ T5823] kmem_cache_alloc_noprof+0x1d9/0x380 [ 67.059880][ T5823] getname_flags+0xb7/0x540 [ 67.064495][ T5823] do_sys_openat2+0xd2/0x1d0 [ 67.069190][ T5823] __x64_sys_openat+0x247/0x2a0 [ 67.074043][ T5823] do_syscall_64+0xf3/0x230 [ 67.078583][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.084507][ T5823] Modules linked in: [ 67.088425][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 67.101016][ T5823] Tainted: [B]=BAD_PAGE [ 67.105144][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 67.115198][ T5823] Call Trace: [ 67.118464][ T5823] [ 67.121384][ T5823] dump_stack_lvl+0x241/0x360 [ 67.126044][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 67.131250][ T5823] ? __pfx_print_modules+0x10/0x10 [ 67.136344][ T5823] bad_page+0x176/0x1d0 [ 67.140482][ T5823] free_unref_page+0x1048/0x1130 [ 67.145404][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 67.151035][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200 [ 67.156147][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 67.161593][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510 [ 67.167226][ T5823] do_xdp_generic+0x757/0xd30 [ 67.171895][ T5823] ? __pfx_do_xdp_generic+0x10/0x10 [ 67.177094][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00 [ 67.182375][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 67.188098][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 67.194158][ T5823] ? mark_lock+0x9a/0x360 [ 67.198476][ T5823] ? __lock_acquire+0x1397/0x2100 [ 67.203495][ T5823] __netif_receive_skb+0x12f/0x650 [ 67.208597][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 67.213608][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 67.219840][ T5823] ? __pfx___netif_receive_skb+0x10/0x10 [ 67.225463][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 67.230308][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 67.236014][ T5823] ? read_tsc+0x9/0x20 [ 67.240074][ T5823] ? netif_receive_skb+0x131/0x890 [ 67.245179][ T5823] ? netif_receive_skb+0x131/0x890 [ 67.250279][ T5823] netif_receive_skb+0x1e8/0x890 [ 67.255207][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 67.260049][ T5823] ? __pfx_netif_receive_skb+0x10/0x10 [ 67.265508][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 67.270349][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 67.275018][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 67.281353][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 67.286364][ T5823] ? __pfx_tun_rx_batched+0x10/0x10 [ 67.291582][ T5823] tun_get_user+0x30d6/0x4890 [ 67.296248][ T5823] ? tun_get_user+0x2bbe/0x4890 [ 67.301097][ T5823] ? __lock_acquire+0x1397/0x2100 [ 67.306123][ T5823] ? __pfx_tun_get_user+0x10/0x10 [ 67.311143][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 67.316589][ T5823] ? tun_get+0x1e/0x2f0 [ 67.320734][ T5823] ? __pfx_lock_release+0x10/0x10 [ 67.325758][ T5823] ? tun_get+0x1e/0x2f0 [ 67.329904][ T5823] ? tun_get+0x27d/0x2f0 [ 67.334139][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 67.339155][ T5823] vfs_write+0xaeb/0xd30 [ 67.343389][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 67.348926][ T5823] ? __pfx_vfs_write+0x10/0x10 [ 67.353685][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50 [ 67.358875][ T5823] ? ptrace_notify+0x279/0x380 [ 67.363631][ T5823] ksys_write+0x18f/0x2b0 [ 67.367954][ T5823] ? __pfx_ksys_write+0x10/0x10 [ 67.372794][ T5823] ? do_syscall_64+0x100/0x230 [ 67.377555][ T5823] do_syscall_64+0xf3/0x230 [ 67.382050][ T5823] ? clear_bhb_loop+0x35/0x90 [ 67.386721][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.392606][ T5823] RIP: 0033:0x7fa04c96edb0 [ 67.397009][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 67.416601][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 67.425001][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 67.432959][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [pid 5823] write(200, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 73152 [pid 5820] kill(-2, SIGKILL) = 0 [pid 5820] kill(2, SIGKILL) = 0 [ 67.440919][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 67.448879][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de [ 67.456836][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 67.464799][ T5823] [ 67.467865][ T5823] BUG: Bad page state in process syz-executor167 pfn:2c055 [ 67.475151][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x2c055 [ 67.483941][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 67.491094][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 67.499698][ T5823] raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000 [ 67.508302][ T5823] page dumped because: page_pool leak [ 67.513679][ T5823] page_owner tracks the page as allocated [ 67.519411][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274374532, free_ts 55571351288 [ 67.536703][ T5823] post_alloc_hook+0x1f3/0x230 [ 67.541493][ T5823] get_page_from_freelist+0x3651/0x37a0 [ 67.547060][ T5823] __alloc_pages_noprof+0x292/0x710 [ 67.552267][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 67.557740][ T5823] __page_pool_alloc_pages_slow+0x122/0x690 [ 67.563644][ T5823] page_pool_alloc_pages+0xd0/0x1c0 [ 67.568865][ T5823] skb_pp_cow_data+0xc43/0x1640 [ 67.573716][ T5823] do_xdp_generic+0x505/0xd30 [ 67.578409][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 67.584129][ T5823] __netif_receive_skb+0x12f/0x650 [ 67.589257][ T5823] netif_receive_skb+0x1e8/0x890 [ 67.594196][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 67.598890][ T5823] tun_get_user+0x30d6/0x4890 [ 67.603569][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 67.608606][ T5823] vfs_write+0xaeb/0xd30 [ 67.612853][ T5823] ksys_write+0x18f/0x2b0 [ 67.617201][ T5823] page last free pid 5813 tgid 5813 stack trace: [ 67.623522][ T5823] free_unref_page+0xde3/0x1130 [ 67.628846][ T5823] __slab_free+0x31b/0x3d0 [ 67.633269][ T5823] qlist_free_all+0x9a/0x140 [ 67.637895][ T5823] kasan_quarantine_reduce+0x14f/0x170 [ 67.643370][ T5823] __kasan_slab_alloc+0x23/0x80 [ 67.648255][ T5823] kmem_cache_alloc_noprof+0x1d9/0x380 [ 67.653716][ T5823] getname_flags+0xb7/0x540 [ 67.658232][ T5823] do_sys_openat2+0xd2/0x1d0 [ 67.662822][ T5823] __x64_sys_openat+0x247/0x2a0 [ 67.667687][ T5823] do_syscall_64+0xf3/0x230 [ 67.672206][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.678119][ T5823] Modules linked in: [ 67.682019][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 67.694589][ T5823] Tainted: [B]=BAD_PAGE [ 67.698808][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 67.708841][ T5823] Call Trace: [ 67.712101][ T5823] [ 67.715012][ T5823] dump_stack_lvl+0x241/0x360 [ 67.719684][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 67.724868][ T5823] ? __pfx_print_modules+0x10/0x10 [ 67.729983][ T5823] bad_page+0x176/0x1d0 [ 67.734120][ T5823] free_unref_page+0x1048/0x1130 [ 67.739060][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 67.744693][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200 [ 67.749794][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 67.755230][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510 [ 67.760854][ T5823] do_xdp_generic+0x757/0xd30 [ 67.765513][ T5823] ? __pfx_do_xdp_generic+0x10/0x10 [ 67.770708][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00 [ 67.775986][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 67.781698][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 67.787756][ T5823] ? mark_lock+0x9a/0x360 [ 67.792083][ T5823] ? __lock_acquire+0x1397/0x2100 [ 67.797108][ T5823] __netif_receive_skb+0x12f/0x650 [ 67.802218][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 67.807234][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 67.813469][ T5823] ? __pfx___netif_receive_skb+0x10/0x10 [ 67.819102][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 67.823953][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 67.829664][ T5823] ? read_tsc+0x9/0x20 [ 67.833760][ T5823] ? netif_receive_skb+0x131/0x890 [ 67.838878][ T5823] ? netif_receive_skb+0x131/0x890 [ 67.843990][ T5823] netif_receive_skb+0x1e8/0x890 [ 67.848943][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 67.853796][ T5823] ? __pfx_netif_receive_skb+0x10/0x10 [ 67.859342][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 67.864191][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 67.868868][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 67.875193][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 67.880211][ T5823] ? __pfx_tun_rx_batched+0x10/0x10 [ 67.885415][ T5823] tun_get_user+0x30d6/0x4890 [ 67.890091][ T5823] ? tun_get_user+0x2bbe/0x4890 [ 67.894935][ T5823] ? __lock_acquire+0x1397/0x2100 [ 67.899948][ T5823] ? __pfx_tun_get_user+0x10/0x10 [ 67.904966][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 67.910415][ T5823] ? tun_get+0x1e/0x2f0 [ 67.914565][ T5823] ? __pfx_lock_release+0x10/0x10 [ 67.919582][ T5823] ? tun_get+0x1e/0x2f0 [ 67.923725][ T5823] ? tun_get+0x27d/0x2f0 [ 67.927961][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 67.932975][ T5823] vfs_write+0xaeb/0xd30 [ 67.937221][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 67.942763][ T5823] ? __pfx_vfs_write+0x10/0x10 [ 67.947529][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50 [ 67.952715][ T5823] ? ptrace_notify+0x279/0x380 [ 67.957471][ T5823] ksys_write+0x18f/0x2b0 [ 67.961820][ T5823] ? __pfx_ksys_write+0x10/0x10 [ 67.966660][ T5823] ? do_syscall_64+0x100/0x230 [ 67.971417][ T5823] do_syscall_64+0xf3/0x230 [ 67.975911][ T5823] ? clear_bhb_loop+0x35/0x90 [ 67.980574][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.986459][ T5823] RIP: 0033:0x7fa04c96edb0 [ 67.990859][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 68.010449][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 68.018855][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 68.026912][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [ 68.034879][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 68.042843][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de [ 68.050811][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 68.058782][ T5823] [ 68.061854][ T5823] BUG: Bad page state in process syz-executor167 pfn:2c054 [ 68.069160][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802c055800 pfn:0x2c054 [ 68.079251][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 68.086371][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 68.094979][ T5823] raw: ffff88802c055800 0000000000000001 00000000ffffffff 0000000000000000 [ 68.103579][ T5823] page dumped because: page_pool leak [ 68.108954][ T5823] page_owner tracks the page as allocated [ 68.114662][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274368222, free_ts 55571351288 [ 68.131957][ T5823] post_alloc_hook+0x1f3/0x230 [ 68.136724][ T5823] get_page_from_freelist+0x3651/0x37a0 [ 68.142297][ T5823] __alloc_pages_noprof+0x292/0x710 [ 68.147541][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 68.152993][ T5823] __page_pool_alloc_pages_slow+0x122/0x690 [ 68.158911][ T5823] page_pool_alloc_pages+0xd0/0x1c0 [ 68.164113][ T5823] skb_pp_cow_data+0xc43/0x1640 [ 68.168982][ T5823] do_xdp_generic+0x505/0xd30 [ 68.173671][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 68.179418][ T5823] __netif_receive_skb+0x12f/0x650 [ 68.184531][ T5823] netif_receive_skb+0x1e8/0x890 [ 68.189491][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 68.194195][ T5823] tun_get_user+0x30d6/0x4890 [ 68.198891][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 68.203919][ T5823] vfs_write+0xaeb/0xd30 [ 68.208191][ T5823] ksys_write+0x18f/0x2b0 [ 68.212532][ T5823] page last free pid 5813 tgid 5813 stack trace: [ 68.218874][ T5823] free_unref_page+0xde3/0x1130 [ 68.223734][ T5823] __slab_free+0x31b/0x3d0 [ 68.228183][ T5823] qlist_free_all+0x9a/0x140 [ 68.232779][ T5823] kasan_quarantine_reduce+0x14f/0x170 [ 68.238255][ T5823] __kasan_slab_alloc+0x23/0x80 [ 68.243113][ T5823] kmem_cache_alloc_noprof+0x1d9/0x380 [ 68.248587][ T5823] getname_flags+0xb7/0x540 [ 68.253091][ T5823] do_sys_openat2+0xd2/0x1d0 [ 68.257692][ T5823] __x64_sys_openat+0x247/0x2a0 [ 68.262545][ T5823] do_syscall_64+0xf3/0x230 [ 68.267070][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.272969][ T5823] Modules linked in: [ 68.276883][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 68.289467][ T5823] Tainted: [B]=BAD_PAGE [ 68.293600][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 68.303635][ T5823] Call Trace: [ 68.306897][ T5823] [ 68.309815][ T5823] dump_stack_lvl+0x241/0x360 [ 68.314501][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.319685][ T5823] ? __pfx_print_modules+0x10/0x10 [ 68.324780][ T5823] bad_page+0x176/0x1d0 [ 68.328918][ T5823] free_unref_page+0x1048/0x1130 [ 68.333867][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 68.339491][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200 [ 68.344601][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 68.350046][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510 [ 68.355682][ T5823] do_xdp_generic+0x757/0xd30 [ 68.360351][ T5823] ? __pfx_do_xdp_generic+0x10/0x10 [ 68.365541][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00 [ 68.370822][ T5823] __netif_receive_skb_core+0x1ce9/0x4690 [ 68.376541][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 68.382602][ T5823] ? mark_lock+0x9a/0x360 [ 68.386923][ T5823] ? __lock_acquire+0x1397/0x2100 [ 68.391947][ T5823] __netif_receive_skb+0x12f/0x650 [ 68.397051][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 68.402062][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 68.408295][ T5823] ? __pfx___netif_receive_skb+0x10/0x10 [ 68.413918][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 68.418763][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 68.424563][ T5823] ? read_tsc+0x9/0x20 [ 68.428625][ T5823] ? netif_receive_skb+0x131/0x890 [ 68.433731][ T5823] ? netif_receive_skb+0x131/0x890 [ 68.438834][ T5823] netif_receive_skb+0x1e8/0x890 [ 68.443762][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 68.448777][ T5823] ? __pfx_netif_receive_skb+0x10/0x10 [ 68.454230][ T5823] ? tun_rx_batched+0x160/0x8f0 [ 68.459074][ T5823] tun_rx_batched+0x1b7/0x8f0 [ 68.463744][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 68.470063][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 68.475074][ T5823] ? __pfx_tun_rx_batched+0x10/0x10 [ 68.480269][ T5823] tun_get_user+0x30d6/0x4890 [ 68.484938][ T5823] ? tun_get_user+0x2bbe/0x4890 [ 68.489787][ T5823] ? __lock_acquire+0x1397/0x2100 [ 68.494825][ T5823] ? __pfx_tun_get_user+0x10/0x10 [ 68.499848][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 68.505299][ T5823] ? tun_get+0x1e/0x2f0 [ 68.509447][ T5823] ? __pfx_lock_release+0x10/0x10 [ 68.514465][ T5823] ? tun_get+0x1e/0x2f0 [ 68.518613][ T5823] ? tun_get+0x27d/0x2f0 [ 68.522849][ T5823] tun_chr_write_iter+0x10d/0x1f0 [ 68.528299][ T5823] vfs_write+0xaeb/0xd30 [ 68.532552][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 68.538098][ T5823] ? __pfx_vfs_write+0x10/0x10 [ 68.542856][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50 [ 68.548044][ T5823] ? ptrace_notify+0x279/0x380 [ 68.552802][ T5823] ksys_write+0x18f/0x2b0 [ 68.557125][ T5823] ? __pfx_ksys_write+0x10/0x10 [ 68.561965][ T5823] ? do_syscall_64+0x100/0x230 [ 68.566728][ T5823] do_syscall_64+0xf3/0x230 [ 68.571222][ T5823] ? clear_bhb_loop+0x35/0x90 [ 68.575885][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.581770][ T5823] RIP: 0033:0x7fa04c96edb0 [pid 5823] <... write resumed>) = ? [ 68.586173][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 68.605765][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 68.614169][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 68.622129][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [ 68.630086][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 68.638044][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de [pid 5823] +++ killed by SIGKILL +++ [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=223 /* 2.23 s */} --- [pid 5820] restart_syscall(<... resuming interrupted kill ...>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5824 attached , child_tidptr=0x55557f949650) = 3 [pid 5824] set_robust_list(0x55557f949660, 24) = 0 [pid 5824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5824] setpgid(0, 0) = 0 [ 68.646007][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 68.653977][ T5823] [pid 5824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5824] write(3, "1000", 4) = 4 [pid 5824] close(3) = 0 [pid 5824] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5824] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5824] read(200, 0x7fff7ac122d0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5824] write(1, "executing program\n", 18executing program ) = 18 [pid 5824] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3 [pid 5824] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=4, insns=0x20000400, license="", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_TEST_STATE_FREQ|0x20, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 4 [pid 5824] ioctl(3, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 5824] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=11, attach_type=BPF_XDP, flags=0x2}, ...}, 24) = 5 [ 68.719216][ T5824] BUG: Bad page state in process syz-executor167 pfn:74dd5 [ 68.726896][ T5824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x74dd5 [ 68.735659][ T5824] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 68.742793][ T5824] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 68.751390][ T5824] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 68.759990][ T5824] page dumped because: page_pool leak [ 68.765352][ T5824] page_owner tracks the page as allocated [ 68.771087][ T5824] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5824, tgid 5824 (syz-executor167), ts 68719180054, free_ts 55623697353 [ 68.788379][ T5824] post_alloc_hook+0x1f3/0x230 [ 68.793168][ T5824] get_page_from_freelist+0x3651/0x37a0 [ 68.798759][ T5824] __alloc_pages_noprof+0x292/0x710 [ 68.804041][ T5824] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 68.809547][ T5824] __page_pool_alloc_pages_slow+0x122/0x690 [ 68.815434][ T5824] page_pool_alloc_pages+0xd0/0x1c0 [ 68.820637][ T5824] skb_pp_cow_data+0xc43/0x1640 [ 68.825473][ T5824] do_xdp_generic+0x505/0xd30 [ 68.830160][ T5824] __netif_receive_skb_core+0x1ce9/0x4690 [ 68.835900][ T5824] __netif_receive_skb+0x12f/0x650 [ 68.841031][ T5824] netif_receive_skb+0x1e8/0x890 [ 68.845971][ T5824] tun_rx_batched+0x1b7/0x8f0 [ 68.850667][ T5824] tun_get_user+0x30d6/0x4890 [ 68.855351][ T5824] tun_chr_write_iter+0x10d/0x1f0 [ 68.860391][ T5824] vfs_write+0xaeb/0xd30 [ 68.864637][ T5824] ksys_write+0x18f/0x2b0 [ 68.868985][ T5824] page last free pid 5813 tgid 5813 stack trace: [ 68.875308][ T5824] free_unref_page+0xde3/0x1130 [ 68.880181][ T5824] tlb_finish_mmu+0x11f/0x200 [ 68.884864][ T5824] vms_clear_ptes+0x437/0x530 [ 68.889551][ T5824] vms_complete_munmap_vmas+0x210/0x8f0 [ 68.895096][ T5824] do_vmi_align_munmap+0x5ef/0x6f0 [ 68.900213][ T5824] do_vmi_munmap+0x24e/0x2d0 [ 68.904802][ T5824] __vm_munmap+0x24c/0x480 [ 68.909243][ T5824] __x64_sys_munmap+0x60/0x70 [ 68.913933][ T5824] do_syscall_64+0xf3/0x230 [ 68.918460][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.924365][ T5824] Modules linked in: [ 68.928293][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 68.940876][ T5824] Tainted: [B]=BAD_PAGE [ 68.945002][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 68.955038][ T5824] Call Trace: [ 68.958302][ T5824] [ 68.961219][ T5824] dump_stack_lvl+0x241/0x360 [ 68.965883][ T5824] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.971067][ T5824] ? __pfx_print_modules+0x10/0x10 [ 68.976173][ T5824] bad_page+0x176/0x1d0 [ 68.980311][ T5824] free_unref_page+0x1048/0x1130 [ 68.985247][ T5824] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 68.990876][ T5824] bpf_xdp_adjust_tail+0x1c3/0x200 [ 68.995990][ T5824] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 69.001430][ T5824] bpf_prog_run_generic_xdp+0x686/0x1510 [ 69.007057][ T5824] do_xdp_generic+0x757/0xd30 [ 69.011721][ T5824] ? __pfx_do_xdp_generic+0x10/0x10 [ 69.016904][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.021658][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.026403][ T5824] ? count_memcg_event_mm+0x94/0x420 [ 69.031680][ T5824] __netif_receive_skb_core+0x1ce9/0x4690 [ 69.037402][ T5824] ? handle_mm_fault+0x173f/0x1ad0 [ 69.042510][ T5824] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 69.048575][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.053329][ T5824] ? lock_release+0xbf/0xa30 [ 69.057910][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 69.062951][ T5824] ? __up_read+0x2c2/0x6b0 [ 69.067365][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.072121][ T5824] __netif_receive_skb+0x12f/0x650 [ 69.077224][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 69.082239][ T5824] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 69.088471][ T5824] ? __pfx___netif_receive_skb+0x10/0x10 [ 69.094103][ T5824] ? tun_rx_batched+0x160/0x8f0 [ 69.098951][ T5824] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 69.104659][ T5824] ? read_tsc+0x9/0x20 [ 69.108720][ T5824] ? ktime_get_with_offset+0x249/0x290 [ 69.114170][ T5824] ? netif_receive_skb+0x131/0x890 [ 69.119272][ T5824] netif_receive_skb+0x1e8/0x890 [ 69.124198][ T5824] ? tun_rx_batched+0x160/0x8f0 [ 69.129041][ T5824] ? __pfx_netif_receive_skb+0x10/0x10 [ 69.134492][ T5824] ? skb_set_owner_w+0x246/0x380 [ 69.139419][ T5824] ? __pfx_lock_release+0x10/0x10 [ 69.144433][ T5824] ? tun_rx_batched+0x160/0x8f0 [ 69.149275][ T5824] tun_rx_batched+0x1b7/0x8f0 [ 69.153949][ T5824] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 69.160269][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 69.165281][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.170036][ T5824] ? __pfx_tun_rx_batched+0x10/0x10 [ 69.175233][ T5824] tun_get_user+0x30d6/0x4890 [ 69.179904][ T5824] ? tun_get_user+0x2bbe/0x4890 [ 69.184758][ T5824] ? do_raw_spin_unlock+0x13c/0x8b0 [ 69.189951][ T5824] ? __pfx_tun_get_user+0x10/0x10 [ 69.194969][ T5824] ? tun_get+0x1e/0x2f0 [ 69.199113][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.203871][ T5824] ? tun_get+0x1e/0x2f0 [ 69.208021][ T5824] ? lock_release+0xbf/0xa30 [ 69.212599][ T5824] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 69.218044][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.222796][ T5824] ? __pfx_lock_release+0x10/0x10 [ 69.227811][ T5824] ? do_raw_spin_lock+0x14f/0x370 [ 69.232828][ T5824] ? tun_get+0x1e/0x2f0 [ 69.236974][ T5824] ? tun_get+0x27d/0x2f0 [ 69.241208][ T5824] tun_chr_write_iter+0x10d/0x1f0 [ 69.246225][ T5824] vfs_write+0xaeb/0xd30 [ 69.250463][ T5824] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 69.256000][ T5824] ? __pfx_vfs_write+0x10/0x10 [ 69.260755][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.265599][ T5824] ? _raw_spin_unlock_irq+0x2e/0x50 [ 69.270789][ T5824] ? ptrace_notify+0x279/0x380 [ 69.275545][ T5824] ksys_write+0x18f/0x2b0 [ 69.279867][ T5824] ? __pfx_ksys_write+0x10/0x10 [ 69.284706][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.289463][ T5824] do_syscall_64+0xf3/0x230 [ 69.293959][ T5824] ? clear_bhb_loop+0x35/0x90 [ 69.298622][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.304510][ T5824] RIP: 0033:0x7fa04c96edb0 [ 69.308913][ T5824] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 69.328881][ T5824] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 69.337304][ T5824] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 69.345270][ T5824] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [ 69.353236][ T5824] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 69.361201][ T5824] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 000000000000f313 [ 69.369169][ T5824] R13: 00007fff7ac126e4 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 69.377146][ T5824] [ 69.380209][ T5824] BUG: Bad page state in process syz-executor167 pfn:74dd4 [ 69.387512][ T5824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x74dd4 [ 69.396277][ T5824] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 69.403427][ T5824] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 69.412030][ T5824] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 69.420620][ T5824] page dumped because: page_pool leak [ 69.425982][ T5824] page_owner tracks the page as allocated [ 69.431711][ T5824] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5824, tgid 5824 (syz-executor167), ts 68719174649, free_ts 55622085975 [ 69.449003][ T5824] post_alloc_hook+0x1f3/0x230 [ 69.453756][ T5824] get_page_from_freelist+0x3651/0x37a0 [ 69.459332][ T5824] __alloc_pages_noprof+0x292/0x710 [ 69.464545][ T5824] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 69.470032][ T5824] __page_pool_alloc_pages_slow+0x122/0x690 [ 69.475939][ T5824] page_pool_alloc_pages+0xd0/0x1c0 [ 69.481180][ T5824] skb_pp_cow_data+0xc43/0x1640 [ 69.486035][ T5824] do_xdp_generic+0x505/0xd30 [ 69.490752][ T5824] __netif_receive_skb_core+0x1ce9/0x4690 [ 69.496478][ T5824] __netif_receive_skb+0x12f/0x650 [ 69.501628][ T5824] netif_receive_skb+0x1e8/0x890 [ 69.506581][ T5824] tun_rx_batched+0x1b7/0x8f0 [ 69.511315][ T5824] tun_get_user+0x30d6/0x4890 [ 69.516017][ T5824] tun_chr_write_iter+0x10d/0x1f0 [ 69.521095][ T5824] vfs_write+0xaeb/0xd30 [ 69.525355][ T5824] ksys_write+0x18f/0x2b0 [ 69.529722][ T5824] page last free pid 5813 tgid 5813 stack trace: [ 69.536035][ T5824] free_unref_page+0xde3/0x1130 [ 69.540908][ T5824] __folio_put+0x2c7/0x440 [ 69.545330][ T5824] pipe_read+0x6ed/0x13e0 [ 69.549683][ T5824] vfs_read+0x991/0xb70 [ 69.553843][ T5824] ksys_read+0x18f/0x2b0 [ 69.558117][ T5824] do_syscall_64+0xf3/0x230 [ 69.562625][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.568544][ T5824] Modules linked in: [ 69.572441][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 69.585007][ T5824] Tainted: [B]=BAD_PAGE [ 69.589149][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 69.599189][ T5824] Call Trace: [ 69.602450][ T5824] [ 69.605362][ T5824] dump_stack_lvl+0x241/0x360 [ 69.610028][ T5824] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.615209][ T5824] ? __pfx_print_modules+0x10/0x10 [ 69.620306][ T5824] bad_page+0x176/0x1d0 [ 69.624445][ T5824] free_unref_page+0x1048/0x1130 [ 69.629373][ T5824] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 69.635000][ T5824] bpf_xdp_adjust_tail+0x1c3/0x200 [ 69.640112][ T5824] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 69.645563][ T5824] bpf_prog_run_generic_xdp+0x686/0x1510 [ 69.651228][ T5824] do_xdp_generic+0x757/0xd30 [ 69.655912][ T5824] ? __pfx_do_xdp_generic+0x10/0x10 [ 69.661103][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.665871][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.670628][ T5824] ? count_memcg_event_mm+0x94/0x420 [ 69.675907][ T5824] __netif_receive_skb_core+0x1ce9/0x4690 [ 69.681626][ T5824] ? handle_mm_fault+0x173f/0x1ad0 [ 69.686771][ T5824] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 69.692844][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.697628][ T5824] ? lock_release+0xbf/0xa30 [ 69.702220][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 69.707241][ T5824] ? __up_read+0x2c2/0x6b0 [ 69.711659][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.716422][ T5824] __netif_receive_skb+0x12f/0x650 [ 69.721531][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 69.726554][ T5824] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 69.732792][ T5824] ? __pfx___netif_receive_skb+0x10/0x10 [ 69.738594][ T5824] ? tun_rx_batched+0x160/0x8f0 [ 69.743439][ T5824] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 69.749151][ T5824] ? read_tsc+0x9/0x20 [ 69.753216][ T5824] ? ktime_get_with_offset+0x249/0x290 [ 69.758673][ T5824] ? netif_receive_skb+0x131/0x890 [ 69.763774][ T5824] netif_receive_skb+0x1e8/0x890 [ 69.768704][ T5824] ? tun_rx_batched+0x160/0x8f0 [ 69.773553][ T5824] ? __pfx_netif_receive_skb+0x10/0x10 [ 69.779003][ T5824] ? skb_set_owner_w+0x246/0x380 [ 69.783931][ T5824] ? __pfx_lock_release+0x10/0x10 [ 69.788946][ T5824] ? tun_rx_batched+0x160/0x8f0 [ 69.793789][ T5824] tun_rx_batched+0x1b7/0x8f0 [ 69.798458][ T5824] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 69.804775][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 69.809789][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.814547][ T5824] ? __pfx_tun_rx_batched+0x10/0x10 [ 69.819744][ T5824] tun_get_user+0x30d6/0x4890 [ 69.824413][ T5824] ? tun_get_user+0x2bbe/0x4890 [ 69.829260][ T5824] ? do_raw_spin_unlock+0x13c/0x8b0 [ 69.834452][ T5824] ? __pfx_tun_get_user+0x10/0x10 [ 69.839473][ T5824] ? tun_get+0x1e/0x2f0 [ 69.843620][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.848376][ T5824] ? tun_get+0x1e/0x2f0 [ 69.852528][ T5824] ? lock_release+0xbf/0xa30 [ 69.857107][ T5824] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 69.862557][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.867317][ T5824] ? __pfx_lock_release+0x10/0x10 [ 69.872337][ T5824] ? do_raw_spin_lock+0x14f/0x370 [ 69.877356][ T5824] ? tun_get+0x1e/0x2f0 [ 69.881504][ T5824] ? tun_get+0x27d/0x2f0 [ 69.885738][ T5824] tun_chr_write_iter+0x10d/0x1f0 [ 69.890757][ T5824] vfs_write+0xaeb/0xd30 [ 69.894994][ T5824] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 69.900533][ T5824] ? __pfx_vfs_write+0x10/0x10 [ 69.905293][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.910049][ T5824] ? _raw_spin_unlock_irq+0x2e/0x50 [ 69.915237][ T5824] ? ptrace_notify+0x279/0x380 [ 69.920084][ T5824] ksys_write+0x18f/0x2b0 [ 69.924415][ T5824] ? __pfx_ksys_write+0x10/0x10 [ 69.929258][ T5824] ? rcu_is_watching+0x15/0xb0 [ 69.934020][ T5824] do_syscall_64+0xf3/0x230 [ 69.938517][ T5824] ? clear_bhb_loop+0x35/0x90 [ 69.943181][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.949070][ T5824] RIP: 0033:0x7fa04c96edb0 [ 69.953473][ T5824] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 69.973068][ T5824] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 69.981471][ T5824] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 69.989432][ T5824] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [ 69.997389][ T5824] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 70.005346][ T5824] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 000000000000f313 [ 70.013319][ T5824] R13: 00007fff7ac126e4 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 70.021303][ T5824] [ 70.024484][ T5824] BUG: Bad page state in process syz-executor167 pfn:756d9 [ 70.032326][ T5824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x756d9 [ 70.041128][ T5824] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 70.048358][ T5824] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 70.056972][ T5824] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 70.065553][ T5824] page dumped because: page_pool leak [ 70.070938][ T5824] page_owner tracks the page as allocated [ 70.076647][ T5824] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5824, tgid 5824 (syz-executor167), ts 68719169302, free_ts 55625467940 [ 70.093943][ T5824] post_alloc_hook+0x1f3/0x230 [ 70.098729][ T5824] get_page_from_freelist+0x3651/0x37a0 [ 70.104263][ T5824] __alloc_pages_noprof+0x292/0x710 [ 70.109474][ T5824] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 70.114939][ T5824] __page_pool_alloc_pages_slow+0x122/0x690 [ 70.120848][ T5824] page_pool_alloc_pages+0xd0/0x1c0 [ 70.126058][ T5824] skb_pp_cow_data+0xc43/0x1640 [ 70.130918][ T5824] do_xdp_generic+0x505/0xd30 [ 70.135598][ T5824] __netif_receive_skb_core+0x1ce9/0x4690 [ 70.141330][ T5824] __netif_receive_skb+0x12f/0x650 [ 70.146443][ T5824] netif_receive_skb+0x1e8/0x890 [ 70.151416][ T5824] tun_rx_batched+0x1b7/0x8f0 [ 70.156135][ T5824] tun_get_user+0x30d6/0x4890 [ 70.160839][ T5824] tun_chr_write_iter+0x10d/0x1f0 [ 70.165869][ T5824] vfs_write+0xaeb/0xd30 [ 70.170138][ T5824] ksys_write+0x18f/0x2b0 [ 70.174480][ T5824] page last free pid 5813 tgid 5813 stack trace: [ 70.180816][ T5824] free_unref_page+0xde3/0x1130 [ 70.185654][ T5824] __folio_put+0x2c7/0x440 [ 70.190081][ T5824] pipe_read+0x6ed/0x13e0 [ 70.194434][ T5824] vfs_read+0x991/0xb70 [ 70.198605][ T5824] ksys_read+0x18f/0x2b0 [ 70.202852][ T5824] do_syscall_64+0xf3/0x230 [ 70.207376][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.213274][ T5824] Modules linked in: [ 70.217181][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 70.229869][ T5824] Tainted: [B]=BAD_PAGE [ 70.233997][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 70.244037][ T5824] Call Trace: [ 70.247313][ T5824] [ 70.250241][ T5824] dump_stack_lvl+0x241/0x360 [ 70.254906][ T5824] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.260089][ T5824] ? __pfx_print_modules+0x10/0x10 [ 70.265184][ T5824] bad_page+0x176/0x1d0 [ 70.269321][ T5824] free_unref_page+0x1048/0x1130 [ 70.274241][ T5824] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 70.279862][ T5824] bpf_xdp_adjust_tail+0x1c3/0x200 [ 70.284967][ T5824] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 70.290411][ T5824] bpf_prog_run_generic_xdp+0x686/0x1510 [ 70.296049][ T5824] do_xdp_generic+0x757/0xd30 [ 70.300805][ T5824] ? __pfx_do_xdp_generic+0x10/0x10 [ 70.305990][ T5824] ? rcu_is_watching+0x15/0xb0 [ 70.310758][ T5824] ? rcu_is_watching+0x15/0xb0 [ 70.315533][ T5824] ? count_memcg_event_mm+0x94/0x420 [ 70.320815][ T5824] __netif_receive_skb_core+0x1ce9/0x4690 [ 70.326533][ T5824] ? handle_mm_fault+0x173f/0x1ad0 [ 70.331675][ T5824] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 70.337735][ T5824] ? rcu_is_watching+0x15/0xb0 [ 70.342490][ T5824] ? lock_release+0xbf/0xa30 [ 70.347065][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 70.352076][ T5824] ? __up_read+0x2c2/0x6b0 [ 70.356483][ T5824] ? rcu_is_watching+0x15/0xb0 [ 70.361235][ T5824] __netif_receive_skb+0x12f/0x650 [ 70.366337][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 70.371349][ T5824] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 70.377586][ T5824] ? __pfx___netif_receive_skb+0x10/0x10 [ 70.383208][ T5824] ? tun_rx_batched+0x160/0x8f0 [ 70.388053][ T5824] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 70.393761][ T5824] ? read_tsc+0x9/0x20 [ 70.397853][ T5824] ? ktime_get_with_offset+0x249/0x290 [ 70.403306][ T5824] ? netif_receive_skb+0x131/0x890 [ 70.408408][ T5824] netif_receive_skb+0x1e8/0x890 [ 70.413335][ T5824] ? tun_rx_batched+0x160/0x8f0 [ 70.418178][ T5824] ? __pfx_netif_receive_skb+0x10/0x10 [ 70.423627][ T5824] ? skb_set_owner_w+0x246/0x380 [ 70.428551][ T5824] ? __pfx_lock_release+0x10/0x10 [ 70.433562][ T5824] ? tun_rx_batched+0x160/0x8f0 [ 70.438402][ T5824] tun_rx_batched+0x1b7/0x8f0 [ 70.443078][ T5824] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 70.449398][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 70.454410][ T5824] ? rcu_is_watching+0x15/0xb0 [ 70.459167][ T5824] ? __pfx_tun_rx_batched+0x10/0x10 [ 70.464360][ T5824] tun_get_user+0x30d6/0x4890 [ 70.469028][ T5824] ? tun_get_user+0x2bbe/0x4890 [ 70.473873][ T5824] ? do_raw_spin_unlock+0x13c/0x8b0 [ 70.479070][ T5824] ? __pfx_tun_get_user+0x10/0x10 [ 70.484094][ T5824] ? tun_get+0x1e/0x2f0 [ 70.488238][ T5824] ? rcu_is_watching+0x15/0xb0 [ 70.492989][ T5824] ? tun_get+0x1e/0x2f0 [ 70.497137][ T5824] ? lock_release+0xbf/0xa30 [ 70.501712][ T5824] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 70.507158][ T5824] ? rcu_is_watching+0x15/0xb0 [ 70.511913][ T5824] ? __pfx_lock_release+0x10/0x10 [ 70.516926][ T5824] ? do_raw_spin_lock+0x14f/0x370 [ 70.521944][ T5824] ? tun_get+0x1e/0x2f0 [ 70.526086][ T5824] ? tun_get+0x27d/0x2f0 [ 70.530321][ T5824] tun_chr_write_iter+0x10d/0x1f0 [ 70.535337][ T5824] vfs_write+0xaeb/0xd30 [ 70.539574][ T5824] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 70.545109][ T5824] ? __pfx_vfs_write+0x10/0x10 [ 70.549865][ T5824] ? rcu_is_watching+0x15/0xb0 [ 70.554624][ T5824] ? _raw_spin_unlock_irq+0x2e/0x50 [ 70.559813][ T5824] ? ptrace_notify+0x279/0x380 [ 70.564568][ T5824] ksys_write+0x18f/0x2b0 [ 70.568901][ T5824] ? __pfx_ksys_write+0x10/0x10 [ 70.573741][ T5824] ? rcu_is_watching+0x15/0xb0 [ 70.578502][ T5824] do_syscall_64+0xf3/0x230 [ 70.583088][ T5824] ? clear_bhb_loop+0x35/0x90 [ 70.587758][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.593641][ T5824] RIP: 0033:0x7fa04c96edb0 [ 70.598043][ T5824] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 70.617636][ T5824] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 70.626039][ T5824] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 70.633997][ T5824] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [ 70.641954][ T5824] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 70.649913][ T5824] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 000000000000f313 [ 70.657870][ T5824] R13: 00007fff7ac126e4 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 70.665835][ T5824] [ 70.668896][ T5824] BUG: Bad page state in process syz-executor167 pfn:756d8 [ 70.676183][ T5824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x756d8 [ 70.684975][ T5824] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 70.692131][ T5824] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 70.700725][ T5824] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 70.709322][ T5824] page dumped because: page_pool leak [ 70.714715][ T5824] page_owner tracks the page as allocated [ 70.720463][ T5824] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5824, tgid 5824 (syz-executor167), ts 68719163803, free_ts 55613348068 [ 70.737766][ T5824] post_alloc_hook+0x1f3/0x230 [ 70.742518][ T5824] get_page_from_freelist+0x3651/0x37a0 [ 70.748078][ T5824] __alloc_pages_noprof+0x292/0x710 [ 70.753282][ T5824] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 70.758767][ T5824] __page_pool_alloc_pages_slow+0x122/0x690 [ 70.764681][ T5824] page_pool_alloc_pages+0xd0/0x1c0 [ 70.769900][ T5824] skb_pp_cow_data+0xc43/0x1640 [ 70.774760][ T5824] do_xdp_generic+0x505/0xd30 [ 70.779459][ T5824] __netif_receive_skb_core+0x1ce9/0x4690 [ 70.785184][ T5824] __netif_receive_skb+0x12f/0x650 [ 70.790311][ T5824] netif_receive_skb+0x1e8/0x890 [ 70.795249][ T5824] tun_rx_batched+0x1b7/0x8f0 [ 70.800039][ T5824] tun_get_user+0x30d6/0x4890 [ 70.804728][ T5824] tun_chr_write_iter+0x10d/0x1f0 [ 70.809809][ T5824] vfs_write+0xaeb/0xd30 [ 70.814063][ T5824] ksys_write+0x18f/0x2b0 [ 70.818428][ T5824] page last free pid 5813 tgid 5813 stack trace: [ 70.824770][ T5824] free_unref_page+0xde3/0x1130 [ 70.829639][ T5824] __folio_put+0x2c7/0x440 [ 70.834060][ T5824] pipe_read+0x6ed/0x13e0 [ 70.838400][ T5824] vfs_read+0x991/0xb70 [ 70.842559][ T5824] ksys_read+0x18f/0x2b0 [ 70.846823][ T5824] do_syscall_64+0xf3/0x230 [ 70.851336][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.857277][ T5824] Modules linked in: [ 70.861181][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 70.873755][ T5824] Tainted: [B]=BAD_PAGE [ 70.877887][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 70.887922][ T5824] Call Trace: [ 70.891187][ T5824] [ 70.894103][ T5824] dump_stack_lvl+0x241/0x360 [ 70.898772][ T5824] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.903957][ T5824] ? __pfx_print_modules+0x10/0x10 [ 70.909060][ T5824] bad_page+0x176/0x1d0 [ 70.913459][ T5824] free_unref_page+0x1048/0x1130 [ 70.918389][ T5824] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 70.924022][ T5824] bpf_xdp_adjust_tail+0x1c3/0x200 [ 70.929130][ T5824] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 70.934573][ T5824] bpf_prog_run_generic_xdp+0x686/0x1510 [ 70.940211][ T5824] do_xdp_generic+0x757/0xd30 [ 70.944883][ T5824] ? __pfx_do_xdp_generic+0x10/0x10 [ 70.950071][ T5824] ? rcu_is_watching+0x15/0xb0 [ 70.954835][ T5824] ? rcu_is_watching+0x15/0xb0 [ 70.959590][ T5824] ? count_memcg_event_mm+0x94/0x420 [ 70.964866][ T5824] __netif_receive_skb_core+0x1ce9/0x4690 [ 70.970580][ T5824] ? handle_mm_fault+0x173f/0x1ad0 [ 70.975685][ T5824] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 70.981766][ T5824] ? rcu_is_watching+0x15/0xb0 [ 70.986522][ T5824] ? lock_release+0xbf/0xa30 [ 70.991101][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 70.996113][ T5824] ? __up_read+0x2c2/0x6b0 [ 71.000521][ T5824] ? rcu_is_watching+0x15/0xb0 [ 71.005274][ T5824] __netif_receive_skb+0x12f/0x650 [ 71.010378][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 71.015389][ T5824] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 71.021625][ T5824] ? __pfx___netif_receive_skb+0x10/0x10 [ 71.027250][ T5824] ? tun_rx_batched+0x160/0x8f0 [ 71.032114][ T5824] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 71.037840][ T5824] ? read_tsc+0x9/0x20 [ 71.041999][ T5824] ? ktime_get_with_offset+0x249/0x290 [ 71.047460][ T5824] ? netif_receive_skb+0x131/0x890 [ 71.052570][ T5824] netif_receive_skb+0x1e8/0x890 [ 71.057507][ T5824] ? tun_rx_batched+0x160/0x8f0 [ 71.062353][ T5824] ? __pfx_netif_receive_skb+0x10/0x10 [ 71.067822][ T5824] ? skb_set_owner_w+0x246/0x380 [ 71.072766][ T5824] ? __pfx_lock_release+0x10/0x10 [ 71.077794][ T5824] ? tun_rx_batched+0x160/0x8f0 [ 71.082653][ T5824] tun_rx_batched+0x1b7/0x8f0 [ 71.087338][ T5824] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 71.093660][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 71.098676][ T5824] ? rcu_is_watching+0x15/0xb0 [ 71.103438][ T5824] ? __pfx_tun_rx_batched+0x10/0x10 [ 71.108631][ T5824] tun_get_user+0x30d6/0x4890 [ 71.113299][ T5824] ? tun_get_user+0x2bbe/0x4890 [ 71.118144][ T5824] ? do_raw_spin_unlock+0x13c/0x8b0 [ 71.123339][ T5824] ? __pfx_tun_get_user+0x10/0x10 [ 71.128356][ T5824] ? tun_get+0x1e/0x2f0 [ 71.132502][ T5824] ? rcu_is_watching+0x15/0xb0 [ 71.137256][ T5824] ? tun_get+0x1e/0x2f0 [ 71.141406][ T5824] ? lock_release+0xbf/0xa30 [ 71.146010][ T5824] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 71.151458][ T5824] ? rcu_is_watching+0x15/0xb0 [ 71.156213][ T5824] ? __pfx_lock_release+0x10/0x10 [ 71.161227][ T5824] ? do_raw_spin_lock+0x14f/0x370 [ 71.166243][ T5824] ? tun_get+0x1e/0x2f0 [ 71.170390][ T5824] ? tun_get+0x27d/0x2f0 [ 71.174624][ T5824] tun_chr_write_iter+0x10d/0x1f0 [ 71.179640][ T5824] vfs_write+0xaeb/0xd30 [ 71.183875][ T5824] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 71.189414][ T5824] ? __pfx_vfs_write+0x10/0x10 [ 71.194175][ T5824] ? rcu_is_watching+0x15/0xb0 [ 71.198931][ T5824] ? _raw_spin_unlock_irq+0x2e/0x50 [ 71.204120][ T5824] ? ptrace_notify+0x279/0x380 [ 71.208876][ T5824] ksys_write+0x18f/0x2b0 [ 71.213196][ T5824] ? __pfx_ksys_write+0x10/0x10 [ 71.218038][ T5824] ? rcu_is_watching+0x15/0xb0 [ 71.222795][ T5824] do_syscall_64+0xf3/0x230 [ 71.227292][ T5824] ? clear_bhb_loop+0x35/0x90 [ 71.231957][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.237851][ T5824] RIP: 0033:0x7fa04c96edb0 [ 71.242254][ T5824] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 71.262397][ T5824] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 71.270800][ T5824] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 71.278762][ T5824] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [ 71.286719][ T5824] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 71.294691][ T5824] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 000000000000f313 [ 71.302649][ T5824] R13: 00007fff7ac126e4 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 71.310618][ T5824] [ 71.313687][ T5824] BUG: Bad page state in process syz-executor167 pfn:28649 [ 71.320989][ T5824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x28649 [ 71.329769][ T5824] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 71.336914][ T5824] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 71.345501][ T5824] raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000 [ 71.354106][ T5824] page dumped because: page_pool leak [ 71.359482][ T5824] page_owner tracks the page as allocated [ 71.365171][ T5824] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5824, tgid 5824 (syz-executor167), ts 68719158669, free_ts 55633107404 [ 71.382473][ T5824] post_alloc_hook+0x1f3/0x230 [ 71.387266][ T5824] get_page_from_freelist+0x3651/0x37a0 [ 71.392798][ T5824] __alloc_pages_noprof+0x292/0x710 [ 71.398029][ T5824] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 71.403493][ T5824] __page_pool_alloc_pages_slow+0x122/0x690 [ 71.409404][ T5824] page_pool_alloc_pages+0xd0/0x1c0 [ 71.414608][ T5824] skb_pp_cow_data+0xc43/0x1640 [ 71.419469][ T5824] do_xdp_generic+0x505/0xd30 [ 71.424145][ T5824] __netif_receive_skb_core+0x1ce9/0x4690 [ 71.429875][ T5824] __netif_receive_skb+0x12f/0x650 [ 71.434990][ T5824] netif_receive_skb+0x1e8/0x890 [ 71.439941][ T5824] tun_rx_batched+0x1b7/0x8f0 [ 71.444618][ T5824] tun_get_user+0x30d6/0x4890 [ 71.449304][ T5824] tun_chr_write_iter+0x10d/0x1f0 [ 71.454328][ T5824] vfs_write+0xaeb/0xd30 [ 71.458593][ T5824] ksys_write+0x18f/0x2b0 [ 71.462939][ T5824] page last free pid 5813 tgid 5813 stack trace: [ 71.469286][ T5824] free_unref_page+0xde3/0x1130 [ 71.474152][ T5824] tlb_finish_mmu+0x11f/0x200 [ 71.478857][ T5824] vms_clear_ptes+0x437/0x530 [ 71.483533][ T5824] vms_complete_munmap_vmas+0x210/0x8f0 [ 71.489111][ T5824] do_vmi_align_munmap+0x5ef/0x6f0 [ 71.494218][ T5824] do_vmi_munmap+0x24e/0x2d0 [ 71.498820][ T5824] __vm_munmap+0x24c/0x480 [ 71.503237][ T5824] __x64_sys_munmap+0x60/0x70 [ 71.507927][ T5824] do_syscall_64+0xf3/0x230 [ 71.512452][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.518361][ T5824] Modules linked in: [ 71.522256][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 71.534820][ T5824] Tainted: [B]=BAD_PAGE [ 71.538950][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 71.548988][ T5824] Call Trace: [ 71.552252][ T5824] [ 71.555179][ T5824] dump_stack_lvl+0x241/0x360 [ 71.559855][ T5824] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.565041][ T5824] ? __pfx_print_modules+0x10/0x10 [ 71.570135][ T5824] bad_page+0x176/0x1d0 [ 71.574273][ T5824] free_unref_page+0x1048/0x1130 [ 71.579204][ T5824] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 71.584834][ T5824] bpf_xdp_adjust_tail+0x1c3/0x200 [ 71.589941][ T5824] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 71.595385][ T5824] bpf_prog_run_generic_xdp+0x686/0x1510 [ 71.601016][ T5824] do_xdp_generic+0x757/0xd30 [ 71.605686][ T5824] ? __pfx_do_xdp_generic+0x10/0x10 [ 71.610873][ T5824] ? rcu_is_watching+0x15/0xb0 [ 71.615634][ T5824] ? rcu_is_watching+0x15/0xb0 [ 71.620394][ T5824] ? count_memcg_event_mm+0x94/0x420 [ 71.625675][ T5824] __netif_receive_skb_core+0x1ce9/0x4690 [ 71.631394][ T5824] ? handle_mm_fault+0x173f/0x1ad0 [ 71.636498][ T5824] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 71.642561][ T5824] ? rcu_is_watching+0x15/0xb0 [ 71.647316][ T5824] ? lock_release+0xbf/0xa30 [ 71.651897][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 71.656910][ T5824] ? __up_read+0x2c2/0x6b0 [ 71.661328][ T5824] ? rcu_is_watching+0x15/0xb0 [ 71.666081][ T5824] __netif_receive_skb+0x12f/0x650 [ 71.671184][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 71.676196][ T5824] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 71.682426][ T5824] ? __pfx___netif_receive_skb+0x10/0x10 [ 71.688060][ T5824] ? tun_rx_batched+0x160/0x8f0 [ 71.692925][ T5824] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 71.698646][ T5824] ? read_tsc+0x9/0x20 [ 71.702705][ T5824] ? ktime_get_with_offset+0x249/0x290 [ 71.708157][ T5824] ? netif_receive_skb+0x131/0x890 [ 71.713261][ T5824] netif_receive_skb+0x1e8/0x890 [ 71.718197][ T5824] ? tun_rx_batched+0x160/0x8f0 [ 71.723037][ T5824] ? __pfx_netif_receive_skb+0x10/0x10 [ 71.728487][ T5824] ? skb_set_owner_w+0x246/0x380 [ 71.733417][ T5824] ? __pfx_lock_release+0x10/0x10 [ 71.738431][ T5824] ? tun_rx_batched+0x160/0x8f0 [ 71.743274][ T5824] tun_rx_batched+0x1b7/0x8f0 [ 71.747943][ T5824] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 71.754265][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 71.759347][ T5824] ? rcu_is_watching+0x15/0xb0 [ 71.764103][ T5824] ? __pfx_tun_rx_batched+0x10/0x10 [ 71.769297][ T5824] tun_get_user+0x30d6/0x4890 [ 71.773963][ T5824] ? tun_get_user+0x2bbe/0x4890 [ 71.778807][ T5824] ? do_raw_spin_unlock+0x13c/0x8b0 [ 71.783994][ T5824] ? __pfx_tun_get_user+0x10/0x10 [ 71.789013][ T5824] ? tun_get+0x1e/0x2f0 [ 71.793159][ T5824] ? rcu_is_watching+0x15/0xb0 [ 71.797911][ T5824] ? tun_get+0x1e/0x2f0 [ 71.802057][ T5824] ? lock_release+0xbf/0xa30 [ 71.806635][ T5824] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 71.812080][ T5824] ? rcu_is_watching+0x15/0xb0 [ 71.816838][ T5824] ? __pfx_lock_release+0x10/0x10 [ 71.821851][ T5824] ? do_raw_spin_lock+0x14f/0x370 [ 71.826869][ T5824] ? tun_get+0x1e/0x2f0 [ 71.831016][ T5824] ? tun_get+0x27d/0x2f0 [ 71.835247][ T5824] tun_chr_write_iter+0x10d/0x1f0 [ 71.840265][ T5824] vfs_write+0xaeb/0xd30 [ 71.844503][ T5824] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 71.850036][ T5824] ? __pfx_vfs_write+0x10/0x10 [ 71.854794][ T5824] ? rcu_is_watching+0x15/0xb0 [ 71.859550][ T5824] ? _raw_spin_unlock_irq+0x2e/0x50 [ 71.864740][ T5824] ? ptrace_notify+0x279/0x380 [ 71.869495][ T5824] ksys_write+0x18f/0x2b0 [ 71.873815][ T5824] ? __pfx_ksys_write+0x10/0x10 [ 71.878659][ T5824] ? rcu_is_watching+0x15/0xb0 [ 71.883417][ T5824] do_syscall_64+0xf3/0x230 [ 71.887913][ T5824] ? clear_bhb_loop+0x35/0x90 [ 71.892580][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.898468][ T5824] RIP: 0033:0x7fa04c96edb0 [ 71.902870][ T5824] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 71.922464][ T5824] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 71.930870][ T5824] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0 [ 71.938830][ T5824] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8 [ 71.946806][ T5824] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8 [ 71.954767][ T5824] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 000000000000f313 [ 71.962724][ T5824] R13: 00007fff7ac126e4 R14: 00007fff7ac12700 R15: 00007fff7ac126f0 [ 71.970690][ T5824] [ 71.973750][ T5824] BUG: Bad page state in process syz-executor167 pfn:28648 [ 71.981050][ T5824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888028648800 pfn:0x28648 [ 71.991160][ T5824] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 71.998307][ T5824] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000 [ 72.006922][ T5824] raw: ffff888028648800 0000000000000001 00000000ffffffff 0000000000000000 [ 72.015490][ T5824] page dumped because: page_pool leak [ 72.020869][ T5824] page_owner tracks the page as allocated [ 72.026577][ T5824] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5824, tgid 5824 (syz-executor167), ts 68719153343, free_ts 55625474421 [ 72.043873][ T5824] post_alloc_hook+0x1f3/0x230 [ 72.048661][ T5824] get_page_from_freelist+0x3651/0x37a0 [ 72.054202][ T5824] __alloc_pages_noprof+0x292/0x710 [ 72.059413][ T5824] alloc_pages_bulk_noprof+0x70b/0xcc0 [ 72.064881][ T5824] __page_pool_alloc_pages_slow+0x122/0x690 [ 72.070812][ T5824] page_pool_alloc_pages+0xd0/0x1c0 [ 72.076019][ T5824] skb_pp_cow_data+0xc43/0x1640 [ 72.080877][ T5824] do_xdp_generic+0x505/0xd30 [ 72.085553][ T5824] __netif_receive_skb_core+0x1ce9/0x4690 [ 72.091284][ T5824] __netif_receive_skb+0x12f/0x650 [ 72.096399][ T5824] netif_receive_skb+0x1e8/0x890 [ 72.101351][ T5824] tun_rx_batched+0x1b7/0x8f0 [ 72.106028][ T5824] tun_get_user+0x30d6/0x4890 [ 72.110726][ T5824] tun_chr_write_iter+0x10d/0x1f0 [ 72.115756][ T5824] vfs_write+0xaeb/0xd30 [ 72.120033][ T5824] ksys_write+0x18f/0x2b0 [ 72.124370][ T5824] page last free pid 5813 tgid 5813 stack trace: [ 72.130717][ T5824] free_unref_page+0xde3/0x1130 [ 72.135566][ T5824] __folio_put+0x2c7/0x440 [ 72.140003][ T5824] pipe_read+0x6ed/0x13e0 [ 72.144337][ T5824] vfs_read+0x991/0xb70 [ 72.148506][ T5824] ksys_read+0x18f/0x2b0 [ 72.152751][ T5824] do_syscall_64+0xf3/0x230 [ 72.157269][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.163164][ T5824] Modules linked in: [ 72.167088][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 72.179667][ T5824] Tainted: [B]=BAD_PAGE [ 72.183797][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 72.193831][ T5824] Call Trace: [ 72.197093][ T5824] [ 72.200010][ T5824] dump_stack_lvl+0x241/0x360 [ 72.204670][ T5824] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.209854][ T5824] ? __pfx_print_modules+0x10/0x10 [ 72.214953][ T5824] bad_page+0x176/0x1d0 [ 72.219092][ T5824] free_unref_page+0x1048/0x1130 [ 72.224017][ T5824] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0 [ 72.229638][ T5824] bpf_xdp_adjust_tail+0x1c3/0x200 [ 72.234736][ T5824] bpf_prog_f476d5219b92964a+0x1e/0x20 [ 72.240177][ T5824] bpf_prog_run_generic_xdp+0x686/0x1510 [ 72.245813][ T5824] do_xdp_generic+0x757/0xd30 [ 72.250484][ T5824] ? __pfx_do_xdp_generic+0x10/0x10 [ 72.255670][ T5824] ? rcu_is_watching+0x15/0xb0 [ 72.260431][ T5824] ? rcu_is_watching+0x15/0xb0 [ 72.265188][ T5824] ? count_memcg_event_mm+0x94/0x420 [ 72.270465][ T5824] __netif_receive_skb_core+0x1ce9/0x4690 [ 72.276184][ T5824] ? handle_mm_fault+0x173f/0x1ad0