./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2856244554

<...>
Warning: Permanently added '10.128.1.166' (ED25519) to the list of known hosts.
execve("./syz-executor2856244554", ["./syz-executor2856244554"], 0x7ffc2b7c1d50 /* 10 vars */) = 0
brk(NULL)                               = 0x555566baa000
brk(0x555566baad00)                     = 0x555566baad00
arch_prctl(ARCH_SET_FS, 0x555566baa380) = 0
set_tid_address(0x555566baa650)         = 5816
set_robust_list(0x555566baa660, 24)     = 0
rseq(0x555566baaca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2856244554", 4096) = 28
getrandom("\xe4\x29\xbe\x1d\x1c\xd5\x36\xfd", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555566baad00
brk(0x555566bcbd00)                     = 0x555566bcbd00
brk(0x555566bcc000)                     = 0x555566bcc000
mprotect(0x7f941ac71000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5817 attached
 <unfinished ...>
[pid  5817] set_robust_list(0x555566baa660, 24 <unfinished ...>
[pid  5816] <... clone resumed>, child_tidptr=0x555566baa650) = 5817
[pid  5817] <... set_robust_list resumed>) = 0
[pid  5817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5817] getppid()                   = 0
[pid  5817] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5817] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5817] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5817] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5817] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5817] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5817] unshare(CLONE_NEWNS)        = 0
[pid  5817] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5817] unshare(CLONE_NEWIPC)       = 0
[pid  5817] unshare(CLONE_NEWCGROUP)    = 0
[pid  5817] unshare(CLONE_NEWUTS)       = 0
[pid  5817] unshare(CLONE_SYSVSEM)      = 0
[pid  5817] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5817] write(3, "16777216", 8)     = 8
[pid  5817] close(3)                    = 0
[pid  5817] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5817] write(3, "536870912", 9)    = 9
[pid  5817] close(3)                    = 0
[pid  5817] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5817] write(3, "1024", 4)         = 4
[pid  5817] close(3)                    = 0
[pid  5817] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5817] write(3, "8192", 4)         = 4
[pid  5817] close(3)                    = 0
[pid  5817] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5817] write(3, "1024", 4)         = 4
[pid  5817] close(3)                    = 0
[pid  5817] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5817] write(3, "1024", 4)         = 4
[pid  5817] close(3)                    = 0
[pid  5817] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5817] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5817] close(3)                    = 0
[pid  5817] getpid()                    = 1
[pid  5817] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5817] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5817] unshare(CLONE_NEWNET)       = 0
[pid  5817] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5817] write(3, "0 65535", 7)      = 7
[pid  5817] close(3)                    = 0
[pid  5817] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid  5817] dup2(3, 200)                = 200
[pid  5817] close(3)                    = 0
[pid  5817] ioctl(200, TUNSETIFF, 0x7ffc09852f90) = 0
[pid  5817] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid  5817] write(3, "0", 1)            = 1
[pid  5817] close(3)                    = 0
[pid  5817] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid  5817] write(3, "0", 1)            = 1
[pid  5817] close(3)                    = 0
[pid  5817] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  5817] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5817] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5817] close(4)                    = 0
[pid  5817] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5817] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5817] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5817] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5817] close(4)                    = 0
[pid  5817] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5817] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5817] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5817] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5817] close(4)                    = 0
[pid  5817] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid  5817] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5817] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5817] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5817] close(4)                    = 0
[pid  5817] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid  5817] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5817] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5817] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5817] close(4)                    = 0
[pid  5817] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid  5817] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5817] close(3)                    = 0
[pid  5817] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5817] write(3, "100000", 6)       = 6
[pid  5817] close(3)                    = 0
[pid  5817] mkdir("./syz-tmp", 0777)    = 0
[pid  5817] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5817] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5817] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5817] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5817] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5817] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5817] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5817] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5817] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5817] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5817] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5817] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5817] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5817] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5817] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5817] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5817] chdir("/")                  = 0
[pid  5817] umount2("./pivot", MNT_DETACH) = 0
[pid  5817] chroot("./newroot")         = 0
[pid  5817] chdir("/")                  = 0
[pid  5817] mkdir("/dev/binderfs", 0777) = 0
[pid  5817] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5817] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5817] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5817] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5820 attached
 <unfinished ...>
[pid  5820] set_robust_list(0x555566baa660, 24 <unfinished ...>
[pid  5817] <... clone resumed>, child_tidptr=0x555566baa650) = 2
[pid  5820] <... set_robust_list resumed>) = 0
[pid  5820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5820] setpgid(0, 0)               = 0
[pid  5820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5820] write(3, "1000", 4)         = 4
[pid  5820] close(3)                    = 0
[pid  5820] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid  5820] read(200, 0x7ffc09852b30, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid  5820] write(1, "executing program\n", 18executing program
) = 18
[pid  5820] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
[pid  5820] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=4, insns=0x20000400, license="", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_TEST_STATE_FREQ|0x20, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 4
[pid  5820] ioctl(3, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5820] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=11, attach_type=BPF_XDP, flags=0x2}, ...}, 24) = 5
[   62.999548][ T5820] BUG: Bad page state in process syz-executor285  pfn:2d302
[   63.006962][ T5820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2d302
[   63.015791][ T5820] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   63.022998][ T5820] raw: 00fff00000000000 dead000000000040 ffff888022ab2000 0000000000000000
[   63.031636][ T5820] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   63.040261][ T5820] page dumped because: page_pool leak
[   63.045642][ T5820] page_owner tracks the page as allocated
[   63.051471][ T5820] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5820, tgid 5820 (syz-executor285), ts 62999485029, free_ts 54592867285
[   63.068789][ T5820]  post_alloc_hook+0x1f3/0x230
[   63.073581][ T5820]  get_page_from_freelist+0x3651/0x37a0
[   63.079157][ T5820]  __alloc_pages_noprof+0x292/0x710
[   63.084394][ T5820]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   63.089918][ T5820]  __page_pool_alloc_pages_slow+0x122/0x690
[   63.095867][ T5820]  page_pool_alloc_pages+0xd0/0x1c0
[   63.101104][ T5820]  skb_pp_cow_data+0xc43/0x1640
[   63.106056][ T5820]  do_xdp_generic+0x505/0xd30
[   63.110766][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   63.116505][ T5820]  __netif_receive_skb+0x12f/0x650
[   63.121659][ T5820]  netif_receive_skb+0x1e8/0x890
[   63.126609][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   63.131327][ T5820]  tun_get_user+0x30d6/0x4890
[   63.136017][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   63.141071][ T5820]  vfs_write+0xaeb/0xd30
[   63.145327][ T5820]  ksys_write+0x18f/0x2b0
[   63.149709][ T5820] page last free pid 5807 tgid 5807 stack trace:
[   63.156046][ T5820]  free_unref_page+0xde3/0x1130
[   63.160946][ T5820]  __folio_put+0x2c7/0x440
[   63.165371][ T5820]  pipe_read+0x6ed/0x13e0
[   63.169731][ T5820]  vfs_read+0x991/0xb70
[   63.173901][ T5820]  ksys_read+0x18f/0x2b0
[   63.178193][ T5820]  do_syscall_64+0xf3/0x230
[   63.182711][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.188640][ T5820] Modules linked in:
[   63.192568][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor285 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   63.203661][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   63.213715][ T5820] Call Trace:
[   63.216981][ T5820]  <TASK>
[   63.219906][ T5820]  dump_stack_lvl+0x241/0x360
[   63.224580][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   63.229769][ T5820]  ? __pfx_print_modules+0x10/0x10
[   63.234875][ T5820]  bad_page+0x176/0x1d0
[   63.239024][ T5820]  free_unref_page+0x1048/0x1130
[   63.243956][ T5820]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   63.249585][ T5820]  bpf_xdp_adjust_tail+0x1c3/0x200
[   63.254690][ T5820]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   63.260144][ T5820]  bpf_prog_run_generic_xdp+0x686/0x1510
[   63.265803][ T5820]  do_xdp_generic+0x757/0xd30
[   63.270481][ T5820]  ? __pfx_do_xdp_generic+0x10/0x10
[   63.275684][ T5820]  ? __skb_flow_dissect+0x4f1/0x7d00
[   63.280980][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   63.286717][ T5820]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   63.292783][ T5820]  ? mark_lock+0x9a/0x360
[   63.297117][ T5820]  ? __lock_acquire+0x1397/0x2100
[   63.302153][ T5820]  __netif_receive_skb+0x12f/0x650
[   63.307264][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   63.312282][ T5820]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   63.318526][ T5820]  ? __pfx___netif_receive_skb+0x10/0x10
[   63.324163][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   63.329011][ T5820]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   63.334727][ T5820]  ? read_tsc+0x9/0x20
[   63.338801][ T5820]  ? netif_receive_skb+0x131/0x890
[   63.343908][ T5820]  ? netif_receive_skb+0x131/0x890
[   63.349016][ T5820]  netif_receive_skb+0x1e8/0x890
[   63.353952][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   63.358811][ T5820]  ? __pfx_netif_receive_skb+0x10/0x10
[   63.364275][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   63.369122][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   63.373801][ T5820]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   63.380128][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   63.385148][ T5820]  ? __pfx_tun_rx_batched+0x10/0x10
[   63.390356][ T5820]  tun_get_user+0x30d6/0x4890
[   63.395032][ T5820]  ? tun_get_user+0x2bbe/0x4890
[   63.399889][ T5820]  ? __lock_acquire+0x1397/0x2100
[   63.404916][ T5820]  ? __pfx_tun_get_user+0x10/0x10
[   63.409952][ T5820]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   63.415412][ T5820]  ? tun_get+0x1e/0x2f0
[   63.419568][ T5820]  ? __pfx_lock_release+0x10/0x10
[   63.424597][ T5820]  ? tun_get+0x1e/0x2f0
[   63.428753][ T5820]  ? tun_get+0x27d/0x2f0
[   63.432998][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   63.438019][ T5820]  vfs_write+0xaeb/0xd30
[   63.442263][ T5820]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   63.447809][ T5820]  ? __pfx_vfs_write+0x10/0x10
[   63.452580][ T5820]  ? _raw_spin_unlock_irq+0x2e/0x50
[   63.457783][ T5820]  ? ptrace_notify+0x279/0x380
[   63.462550][ T5820]  ksys_write+0x18f/0x2b0
[   63.466882][ T5820]  ? __pfx_ksys_write+0x10/0x10
[   63.471732][ T5820]  ? do_syscall_64+0x100/0x230
[   63.476534][ T5820]  do_syscall_64+0xf3/0x230
[   63.481041][ T5820]  ? clear_bhb_loop+0x35/0x90
[   63.485717][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.491608][ T5820] RIP: 0033:0x7f941abf7db0
[   63.496019][ T5820] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   63.515882][ T5820] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   63.524296][ T5820] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   63.532263][ T5820] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   63.540228][ T5820] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[   63.548213][ T5820] R10: 00007ffc09853058 R11: 0000000000000202 R12: 00007f941ac460de
[   63.556206][ T5820] R13: 0000000000000000 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   63.564200][ T5820]  </TASK>
[   63.567383][ T5820] Disabling lock debugging due to kernel taint
[   63.573572][ T5820] BUG: Bad page state in process syz-executor285  pfn:2d301
[   63.580886][ T5820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x2d301
[   63.589674][ T5820] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   63.596786][ T5820] raw: 00fff00000000000 dead000000000040 ffff888022ab2000 0000000000000000
[   63.605393][ T5820] raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
[   63.613990][ T5820] page dumped because: page_pool leak
[   63.619386][ T5820] page_owner tracks the page as allocated
[   63.625096][ T5820] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5820, tgid 5820 (syz-executor285), ts 62999478821, free_ts 55944947211
[   63.642388][ T5820]  post_alloc_hook+0x1f3/0x230
[   63.647160][ T5820]  get_page_from_freelist+0x3651/0x37a0
[   63.652733][ T5820]  __alloc_pages_noprof+0x292/0x710
[   63.657934][ T5820]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   63.663434][ T5820]  __page_pool_alloc_pages_slow+0x122/0x690
[   63.669355][ T5820]  page_pool_alloc_pages+0xd0/0x1c0
[   63.674553][ T5820]  skb_pp_cow_data+0xc43/0x1640
[   63.679438][ T5820]  do_xdp_generic+0x505/0xd30
[   63.684123][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   63.689865][ T5820]  __netif_receive_skb+0x12f/0x650
[   63.694979][ T5820]  netif_receive_skb+0x1e8/0x890
[   63.699948][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   63.704636][ T5820]  tun_get_user+0x30d6/0x4890
[   63.709342][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   63.714377][ T5820]  vfs_write+0xaeb/0xd30
[   63.718676][ T5820]  ksys_write+0x18f/0x2b0
[   63.723012][ T5820] page last free pid 5810 tgid 5810 stack trace:
[   63.729350][ T5820]  free_unref_page+0xde3/0x1130
[   63.734206][ T5820]  __folio_put+0x2c7/0x440
[   63.738644][ T5820]  pipe_read+0x6ed/0x13e0
[   63.742992][ T5820]  vfs_read+0x991/0xb70
[   63.747136][ T5820]  ksys_read+0x18f/0x2b0
[   63.751393][ T5820]  do_syscall_64+0xf3/0x230
[   63.755903][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.761839][ T5820] Modules linked in:
[   63.765735][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   63.778311][ T5820] Tainted: [B]=BAD_PAGE
[   63.782445][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   63.792489][ T5820] Call Trace:
[   63.795774][ T5820]  <TASK>
[   63.798693][ T5820]  dump_stack_lvl+0x241/0x360
[   63.803359][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   63.808540][ T5820]  ? __pfx_print_modules+0x10/0x10
[   63.813657][ T5820]  bad_page+0x176/0x1d0
[   63.817795][ T5820]  free_unref_page+0x1048/0x1130
[   63.822734][ T5820]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   63.828367][ T5820]  bpf_xdp_adjust_tail+0x1c3/0x200
[   63.833473][ T5820]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   63.838926][ T5820]  bpf_prog_run_generic_xdp+0x686/0x1510
[   63.844559][ T5820]  do_xdp_generic+0x757/0xd30
[   63.849229][ T5820]  ? __pfx_do_xdp_generic+0x10/0x10
[   63.854420][ T5820]  ? __skb_flow_dissect+0x4f1/0x7d00
[   63.859701][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   63.865420][ T5820]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   63.871482][ T5820]  ? mark_lock+0x9a/0x360
[   63.875802][ T5820]  ? __lock_acquire+0x1397/0x2100
[   63.880823][ T5820]  __netif_receive_skb+0x12f/0x650
[   63.885925][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   63.890938][ T5820]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   63.897171][ T5820]  ? __pfx___netif_receive_skb+0x10/0x10
[   63.902797][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   63.907648][ T5820]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   63.913360][ T5820]  ? read_tsc+0x9/0x20
[   63.917422][ T5820]  ? netif_receive_skb+0x131/0x890
[   63.922525][ T5820]  ? netif_receive_skb+0x131/0x890
[   63.927627][ T5820]  netif_receive_skb+0x1e8/0x890
[   63.932559][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   63.937401][ T5820]  ? __pfx_netif_receive_skb+0x10/0x10
[   63.942855][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   63.947696][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   63.952366][ T5820]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   63.958686][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   63.963699][ T5820]  ? __pfx_tun_rx_batched+0x10/0x10
[   63.968899][ T5820]  tun_get_user+0x30d6/0x4890
[   63.973656][ T5820]  ? tun_get_user+0x2bbe/0x4890
[   63.978503][ T5820]  ? __lock_acquire+0x1397/0x2100
[   63.983521][ T5820]  ? __pfx_tun_get_user+0x10/0x10
[   63.988544][ T5820]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   63.993995][ T5820]  ? tun_get+0x1e/0x2f0
[   63.998145][ T5820]  ? __pfx_lock_release+0x10/0x10
[   64.003172][ T5820]  ? tun_get+0x1e/0x2f0
[   64.007317][ T5820]  ? tun_get+0x27d/0x2f0
[   64.011552][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   64.016568][ T5820]  vfs_write+0xaeb/0xd30
[   64.020810][ T5820]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   64.026347][ T5820]  ? __pfx_vfs_write+0x10/0x10
[   64.031106][ T5820]  ? _raw_spin_unlock_irq+0x2e/0x50
[   64.036294][ T5820]  ? ptrace_notify+0x279/0x380
[   64.041052][ T5820]  ksys_write+0x18f/0x2b0
[   64.045382][ T5820]  ? __pfx_ksys_write+0x10/0x10
[   64.050226][ T5820]  ? do_syscall_64+0x100/0x230
[   64.054989][ T5820]  do_syscall_64+0xf3/0x230
[   64.059485][ T5820]  ? clear_bhb_loop+0x35/0x90
[   64.064151][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.070041][ T5820] RIP: 0033:0x7f941abf7db0
[   64.074444][ T5820] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   64.094054][ T5820] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   64.102464][ T5820] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   64.110426][ T5820] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   64.118390][ T5820] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[   64.126354][ T5820] R10: 00007ffc09853058 R11: 0000000000000202 R12: 00007f941ac460de
[   64.134313][ T5820] R13: 0000000000000000 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   64.142278][ T5820]  </TASK>
[   64.145367][ T5820] BUG: Bad page state in process syz-executor285  pfn:2d300
[   64.152680][ T5820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802d304000 pfn:0x2d300
[   64.162788][ T5820] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   64.169931][ T5820] raw: 00fff00000000000 dead000000000040 ffff888022ab2000 0000000000000000
[   64.178543][ T5820] raw: ffff88802d304000 0000000000000001 00000000ffffffff 0000000000000000
[   64.187122][ T5820] page dumped because: page_pool leak
[   64.192534][ T5820] page_owner tracks the page as allocated
[   64.198270][ T5820] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5820, tgid 5820 (syz-executor285), ts 62999472559, free_ts 55944400344
[   64.215586][ T5820]  post_alloc_hook+0x1f3/0x230
[   64.220377][ T5820]  get_page_from_freelist+0x3651/0x37a0
[   64.225913][ T5820]  __alloc_pages_noprof+0x292/0x710
[   64.231125][ T5820]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   64.236588][ T5820]  __page_pool_alloc_pages_slow+0x122/0x690
[   64.242503][ T5820]  page_pool_alloc_pages+0xd0/0x1c0
[   64.247706][ T5820]  skb_pp_cow_data+0xc43/0x1640
[   64.252572][ T5820]  do_xdp_generic+0x505/0xd30
[   64.257250][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   64.263007][ T5820]  __netif_receive_skb+0x12f/0x650
[   64.268122][ T5820]  netif_receive_skb+0x1e8/0x890
[   64.273095][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   64.277760][ T5820]  tun_get_user+0x30d6/0x4890
[   64.282471][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   64.287502][ T5820]  vfs_write+0xaeb/0xd30
[   64.291776][ T5820]  ksys_write+0x18f/0x2b0
[   64.296107][ T5820] page last free pid 5810 tgid 5810 stack trace:
[   64.302450][ T5820]  free_unref_page+0xde3/0x1130
[   64.307310][ T5820]  __folio_put+0x2c7/0x440
[   64.311754][ T5820]  pipe_read+0x6ed/0x13e0
[   64.316084][ T5820]  vfs_read+0x991/0xb70
[   64.320259][ T5820]  ksys_read+0x18f/0x2b0
[   64.324509][ T5820]  do_syscall_64+0xf3/0x230
[   64.329029][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.334930][ T5820] Modules linked in:
[   64.338843][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   64.351434][ T5820] Tainted: [B]=BAD_PAGE
[   64.355569][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   64.365609][ T5820] Call Trace:
[   64.368876][ T5820]  <TASK>
[   64.371818][ T5820]  dump_stack_lvl+0x241/0x360
[   64.376481][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   64.381664][ T5820]  ? __pfx_print_modules+0x10/0x10
[   64.386759][ T5820]  bad_page+0x176/0x1d0
[   64.390900][ T5820]  free_unref_page+0x1048/0x1130
[   64.395821][ T5820]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   64.401454][ T5820]  bpf_xdp_adjust_tail+0x1c3/0x200
[   64.406562][ T5820]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   64.412010][ T5820]  bpf_prog_run_generic_xdp+0x686/0x1510
[   64.417642][ T5820]  do_xdp_generic+0x757/0xd30
[   64.422316][ T5820]  ? __pfx_do_xdp_generic+0x10/0x10
[   64.427507][ T5820]  ? __skb_flow_dissect+0x4f1/0x7d00
[   64.432790][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   64.438510][ T5820]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   64.444571][ T5820]  ? mark_lock+0x9a/0x360
[   64.448892][ T5820]  ? __lock_acquire+0x1397/0x2100
[   64.453909][ T5820]  __netif_receive_skb+0x12f/0x650
[   64.459014][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   64.464024][ T5820]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   64.470258][ T5820]  ? __pfx___netif_receive_skb+0x10/0x10
[   64.475884][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   64.480727][ T5820]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   64.486437][ T5820]  ? read_tsc+0x9/0x20
[   64.490500][ T5820]  ? netif_receive_skb+0x131/0x890
[   64.495603][ T5820]  ? netif_receive_skb+0x131/0x890
[   64.500705][ T5820]  netif_receive_skb+0x1e8/0x890
[   64.505654][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   64.510508][ T5820]  ? __pfx_netif_receive_skb+0x10/0x10
[   64.515975][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   64.520828][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   64.525507][ T5820]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   64.531829][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   64.536843][ T5820]  ? __pfx_tun_rx_batched+0x10/0x10
[   64.542041][ T5820]  tun_get_user+0x30d6/0x4890
[   64.546710][ T5820]  ? tun_get_user+0x2bbe/0x4890
[   64.551556][ T5820]  ? __lock_acquire+0x1397/0x2100
[   64.556571][ T5820]  ? __pfx_tun_get_user+0x10/0x10
[   64.561597][ T5820]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   64.567046][ T5820]  ? tun_get+0x1e/0x2f0
[   64.571193][ T5820]  ? __pfx_lock_release+0x10/0x10
[   64.576215][ T5820]  ? tun_get+0x1e/0x2f0
[   64.580360][ T5820]  ? tun_get+0x27d/0x2f0
[   64.584595][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   64.589614][ T5820]  vfs_write+0xaeb/0xd30
[   64.593852][ T5820]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   64.599390][ T5820]  ? __pfx_vfs_write+0x10/0x10
[   64.604152][ T5820]  ? _raw_spin_unlock_irq+0x2e/0x50
[   64.609341][ T5820]  ? ptrace_notify+0x279/0x380
[   64.614096][ T5820]  ksys_write+0x18f/0x2b0
[   64.618419][ T5820]  ? __pfx_ksys_write+0x10/0x10
[   64.623268][ T5820]  ? do_syscall_64+0x100/0x230
[   64.628025][ T5820]  do_syscall_64+0xf3/0x230
[   64.632523][ T5820]  ? clear_bhb_loop+0x35/0x90
[   64.637186][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.643073][ T5820] RIP: 0033:0x7f941abf7db0
[   64.647477][ T5820] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   64.667070][ T5820] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   64.675472][ T5820] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   64.683434][ T5820] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   64.691393][ T5820] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[   64.699530][ T5820] R10: 00007ffc09853058 R11: 0000000000000202 R12: 00007f941ac460de
[   64.707493][ T5820] R13: 0000000000000000 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   64.715458][ T5820]  </TASK>
[   64.718524][ T5820] BUG: Bad page state in process syz-executor285  pfn:72d3b
[   64.725827][ T5820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72d3b
[   64.734624][ T5820] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   64.741764][ T5820] raw: 00fff00000000000 dead000000000040 ffff888022ab2000 0000000000000000
[   64.750377][ T5820] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   64.758977][ T5820] page dumped because: page_pool leak
[   64.764327][ T5820] page_owner tracks the page as allocated
[   64.770057][ T5820] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5820, tgid 5820 (syz-executor285), ts 62999466297, free_ts 54575113729
[   64.787355][ T5820]  post_alloc_hook+0x1f3/0x230
[   64.792135][ T5820]  get_page_from_freelist+0x3651/0x37a0
[   64.797688][ T5820]  __alloc_pages_noprof+0x292/0x710
[   64.802906][ T5820]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   64.808387][ T5820]  __page_pool_alloc_pages_slow+0x122/0x690
[   64.814274][ T5820]  page_pool_alloc_pages+0xd0/0x1c0
[   64.819485][ T5820]  skb_pp_cow_data+0xc43/0x1640
[   64.824339][ T5820]  do_xdp_generic+0x505/0xd30
[   64.829040][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   64.834763][ T5820]  __netif_receive_skb+0x12f/0x650
[   64.839890][ T5820]  netif_receive_skb+0x1e8/0x890
[   64.844833][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   64.849536][ T5820]  tun_get_user+0x30d6/0x4890
[   64.854223][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   64.859280][ T5820]  vfs_write+0xaeb/0xd30
[   64.863524][ T5820]  ksys_write+0x18f/0x2b0
[   64.867842][ T5820] page last free pid 5807 tgid 5807 stack trace:
[   64.874175][ T5820]  free_unref_page+0xde3/0x1130
[   64.879044][ T5820]  __folio_put+0x2c7/0x440
[   64.883450][ T5820]  pipe_read+0x6ed/0x13e0
[   64.887757][ T5820]  vfs_read+0x991/0xb70
[   64.891933][ T5820]  ksys_read+0x18f/0x2b0
[   64.896180][ T5820]  do_syscall_64+0xf3/0x230
[   64.900703][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.906603][ T5820] Modules linked in:
[   64.910519][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   64.923106][ T5820] Tainted: [B]=BAD_PAGE
[   64.927235][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   64.937308][ T5820] Call Trace:
[   64.940578][ T5820]  <TASK>
[   64.943497][ T5820]  dump_stack_lvl+0x241/0x360
[   64.948170][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   64.953368][ T5820]  ? __pfx_print_modules+0x10/0x10
[   64.958469][ T5820]  bad_page+0x176/0x1d0
[   64.962612][ T5820]  free_unref_page+0x1048/0x1130
[   64.967535][ T5820]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   64.973159][ T5820]  bpf_xdp_adjust_tail+0x1c3/0x200
[   64.978273][ T5820]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   64.983717][ T5820]  bpf_prog_run_generic_xdp+0x686/0x1510
[   64.989351][ T5820]  do_xdp_generic+0x757/0xd30
[   64.994026][ T5820]  ? __pfx_do_xdp_generic+0x10/0x10
[   64.999231][ T5820]  ? __skb_flow_dissect+0x4f1/0x7d00
[   65.004599][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   65.010318][ T5820]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   65.016378][ T5820]  ? mark_lock+0x9a/0x360
[   65.020705][ T5820]  ? __lock_acquire+0x1397/0x2100
[   65.025727][ T5820]  __netif_receive_skb+0x12f/0x650
[   65.030829][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   65.035840][ T5820]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   65.042073][ T5820]  ? __pfx___netif_receive_skb+0x10/0x10
[   65.047699][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   65.052542][ T5820]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   65.058251][ T5820]  ? read_tsc+0x9/0x20
[   65.062313][ T5820]  ? netif_receive_skb+0x131/0x890
[   65.067416][ T5820]  ? netif_receive_skb+0x131/0x890
[   65.072518][ T5820]  netif_receive_skb+0x1e8/0x890
[   65.077445][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   65.082289][ T5820]  ? __pfx_netif_receive_skb+0x10/0x10
[   65.087743][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   65.092587][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   65.097259][ T5820]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   65.103577][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   65.108592][ T5820]  ? __pfx_tun_rx_batched+0x10/0x10
[   65.113787][ T5820]  tun_get_user+0x30d6/0x4890
[   65.118455][ T5820]  ? tun_get_user+0x2bbe/0x4890
[   65.123303][ T5820]  ? __lock_acquire+0x1397/0x2100
[   65.128317][ T5820]  ? __pfx_tun_get_user+0x10/0x10
[   65.133338][ T5820]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   65.138793][ T5820]  ? tun_get+0x1e/0x2f0
[   65.142940][ T5820]  ? __pfx_lock_release+0x10/0x10
[   65.147957][ T5820]  ? tun_get+0x1e/0x2f0
[   65.152104][ T5820]  ? tun_get+0x27d/0x2f0
[   65.156338][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   65.161360][ T5820]  vfs_write+0xaeb/0xd30
[   65.165605][ T5820]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   65.171143][ T5820]  ? __pfx_vfs_write+0x10/0x10
[   65.175902][ T5820]  ? _raw_spin_unlock_irq+0x2e/0x50
[   65.181094][ T5820]  ? ptrace_notify+0x279/0x380
[   65.185852][ T5820]  ksys_write+0x18f/0x2b0
[   65.190172][ T5820]  ? __pfx_ksys_write+0x10/0x10
[   65.195015][ T5820]  ? do_syscall_64+0x100/0x230
[   65.199778][ T5820]  do_syscall_64+0xf3/0x230
[   65.204274][ T5820]  ? clear_bhb_loop+0x35/0x90
[   65.208939][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.214825][ T5820] RIP: 0033:0x7f941abf7db0
[   65.219230][ T5820] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   65.238822][ T5820] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   65.247225][ T5820] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   65.255182][ T5820] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   65.263141][ T5820] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[   65.271103][ T5820] R10: 00007ffc09853058 R11: 0000000000000202 R12: 00007f941ac460de
[   65.279064][ T5820] R13: 0000000000000000 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   65.287030][ T5820]  </TASK>
[   65.290098][ T5820] BUG: Bad page state in process syz-executor285  pfn:72d3a
[   65.297388][ T5820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72d3a
[   65.306187][ T5820] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   65.313323][ T5820] raw: 00fff00000000000 dead000000000040 ffff888022ab2000 0000000000000000
[   65.321936][ T5820] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   65.330531][ T5820] page dumped because: page_pool leak
[   65.335893][ T5820] page_owner tracks the page as allocated
[   65.341628][ T5820] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5820, tgid 5820 (syz-executor285), ts 62999460106, free_ts 54575122306
[   65.358923][ T5820]  post_alloc_hook+0x1f3/0x230
[   65.363679][ T5820]  get_page_from_freelist+0x3651/0x37a0
[   65.369240][ T5820]  __alloc_pages_noprof+0x292/0x710
[   65.374444][ T5820]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   65.379924][ T5820]  __page_pool_alloc_pages_slow+0x122/0x690
[   65.385823][ T5820]  page_pool_alloc_pages+0xd0/0x1c0
[   65.391039][ T5820]  skb_pp_cow_data+0xc43/0x1640
[   65.395894][ T5820]  do_xdp_generic+0x505/0xd30
[   65.400590][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   65.406312][ T5820]  __netif_receive_skb+0x12f/0x650
[   65.411443][ T5820]  netif_receive_skb+0x1e8/0x890
[   65.416418][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   65.421123][ T5820]  tun_get_user+0x30d6/0x4890
[   65.425811][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   65.430857][ T5820]  vfs_write+0xaeb/0xd30
[   65.435114][ T5820]  ksys_write+0x18f/0x2b0
[   65.439475][ T5820] page last free pid 5807 tgid 5807 stack trace:
[   65.445797][ T5820]  free_unref_page+0xde3/0x1130
[   65.450662][ T5820]  __folio_put+0x2c7/0x440
[   65.455087][ T5820]  pipe_read+0x6ed/0x13e0
[   65.459433][ T5820]  vfs_read+0x991/0xb70
[   65.463595][ T5820]  ksys_read+0x18f/0x2b0
[   65.467823][ T5820]  do_syscall_64+0xf3/0x230
[   65.472354][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.478270][ T5820] Modules linked in:
[   65.482148][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   65.494712][ T5820] Tainted: [B]=BAD_PAGE
[   65.498857][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   65.508892][ T5820] Call Trace:
[   65.512154][ T5820]  <TASK>
[   65.515070][ T5820]  dump_stack_lvl+0x241/0x360
[   65.519734][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   65.524916][ T5820]  ? __pfx_print_modules+0x10/0x10
[   65.530105][ T5820]  bad_page+0x176/0x1d0
[   65.534253][ T5820]  free_unref_page+0x1048/0x1130
[   65.539199][ T5820]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   65.544834][ T5820]  bpf_xdp_adjust_tail+0x1c3/0x200
[   65.549951][ T5820]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   65.555404][ T5820]  bpf_prog_run_generic_xdp+0x686/0x1510
[   65.561042][ T5820]  do_xdp_generic+0x757/0xd30
[   65.565714][ T5820]  ? __pfx_do_xdp_generic+0x10/0x10
[   65.570905][ T5820]  ? __skb_flow_dissect+0x4f1/0x7d00
[   65.576190][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   65.581909][ T5820]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   65.587982][ T5820]  ? mark_lock+0x9a/0x360
[   65.592313][ T5820]  ? __lock_acquire+0x1397/0x2100
[   65.597344][ T5820]  __netif_receive_skb+0x12f/0x650
[   65.602460][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   65.607476][ T5820]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   65.613714][ T5820]  ? __pfx___netif_receive_skb+0x10/0x10
[   65.619340][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   65.624185][ T5820]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   65.629893][ T5820]  ? read_tsc+0x9/0x20
[   65.633954][ T5820]  ? netif_receive_skb+0x131/0x890
[   65.639056][ T5820]  ? netif_receive_skb+0x131/0x890
[   65.644160][ T5820]  netif_receive_skb+0x1e8/0x890
[   65.649089][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   65.653933][ T5820]  ? __pfx_netif_receive_skb+0x10/0x10
[   65.659387][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   65.664228][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   65.668897][ T5820]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   65.675227][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   65.680242][ T5820]  ? __pfx_tun_rx_batched+0x10/0x10
[   65.685439][ T5820]  tun_get_user+0x30d6/0x4890
[   65.690116][ T5820]  ? tun_get_user+0x2bbe/0x4890
[   65.694960][ T5820]  ? __lock_acquire+0x1397/0x2100
[   65.699975][ T5820]  ? __pfx_tun_get_user+0x10/0x10
[   65.704996][ T5820]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   65.710441][ T5820]  ? tun_get+0x1e/0x2f0
[   65.714585][ T5820]  ? __pfx_lock_release+0x10/0x10
[   65.719620][ T5820]  ? tun_get+0x1e/0x2f0
[   65.723794][ T5820]  ? tun_get+0x27d/0x2f0
[   65.728040][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   65.733064][ T5820]  vfs_write+0xaeb/0xd30
[   65.737304][ T5820]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   65.742858][ T5820]  ? __pfx_vfs_write+0x10/0x10
[   65.747621][ T5820]  ? _raw_spin_unlock_irq+0x2e/0x50
[   65.752811][ T5820]  ? ptrace_notify+0x279/0x380
[   65.757569][ T5820]  ksys_write+0x18f/0x2b0
[   65.761893][ T5820]  ? __pfx_ksys_write+0x10/0x10
[   65.766745][ T5820]  ? do_syscall_64+0x100/0x230
[   65.771505][ T5820]  do_syscall_64+0xf3/0x230
[   65.776004][ T5820]  ? clear_bhb_loop+0x35/0x90
[   65.780673][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.786579][ T5820] RIP: 0033:0x7f941abf7db0
[   65.790997][ T5820] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   65.810602][ T5820] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   65.819019][ T5820] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   65.826978][ T5820] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   65.834938][ T5820] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[   65.842898][ T5820] R10: 00007ffc09853058 R11: 0000000000000202 R12: 00007f941ac460de
[   65.850861][ T5820] R13: 0000000000000000 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   65.858827][ T5820]  </TASK>
[   65.861893][ T5820] BUG: Bad page state in process syz-executor285  pfn:72d39
[   65.869208][ T5820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72d39
[   65.877976][ T5820] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   65.885110][ T5820] raw: 00fff00000000000 dead000000000040 ffff888022ab2000 0000000000000000
[   65.893716][ T5820] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   65.902316][ T5820] page dumped because: page_pool leak
[   65.907682][ T5820] page_owner tracks the page as allocated
[   65.913418][ T5820] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5820, tgid 5820 (syz-executor285), ts 62999453972, free_ts 54575963863
[   65.930716][ T5820]  post_alloc_hook+0x1f3/0x230
[   65.935469][ T5820]  get_page_from_freelist+0x3651/0x37a0
[   65.941037][ T5820]  __alloc_pages_noprof+0x292/0x710
[   65.946244][ T5820]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   65.951728][ T5820]  __page_pool_alloc_pages_slow+0x122/0x690
[   65.957630][ T5820]  page_pool_alloc_pages+0xd0/0x1c0
[   65.962851][ T5820]  skb_pp_cow_data+0xc43/0x1640
[   65.967701][ T5820]  do_xdp_generic+0x505/0xd30
[   65.972402][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   65.978128][ T5820]  __netif_receive_skb+0x12f/0x650
[   65.983283][ T5820]  netif_receive_skb+0x1e8/0x890
[   65.988242][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   65.992932][ T5820]  tun_get_user+0x30d6/0x4890
[   65.997615][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   66.002668][ T5820]  vfs_write+0xaeb/0xd30
[   66.006930][ T5820]  ksys_write+0x18f/0x2b0
[   66.011300][ T5820] page last free pid 5807 tgid 5807 stack trace:
[   66.017623][ T5820]  free_unref_page+0xde3/0x1130
[   66.022502][ T5820]  __folio_put+0x2c7/0x440
[   66.026919][ T5820]  pipe_read+0x6ed/0x13e0
[   66.031270][ T5820]  vfs_read+0x991/0xb70
[   66.035427][ T5820]  ksys_read+0x18f/0x2b0
[   66.039689][ T5820]  do_syscall_64+0xf3/0x230
[   66.044200][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.050116][ T5820] Modules linked in:
[   66.054019][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   66.066587][ T5820] Tainted: [B]=BAD_PAGE
[   66.070727][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   66.080766][ T5820] Call Trace:
[   66.084027][ T5820]  <TASK>
[   66.086940][ T5820]  dump_stack_lvl+0x241/0x360
[   66.091605][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   66.096786][ T5820]  ? __pfx_print_modules+0x10/0x10
[   66.101879][ T5820]  bad_page+0x176/0x1d0
[   66.106015][ T5820]  free_unref_page+0x1048/0x1130
[   66.110942][ T5820]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   66.116574][ T5820]  bpf_xdp_adjust_tail+0x1c3/0x200
[   66.121686][ T5820]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   66.127135][ T5820]  bpf_prog_run_generic_xdp+0x686/0x1510
[   66.132765][ T5820]  do_xdp_generic+0x757/0xd30
[   66.137434][ T5820]  ? __pfx_do_xdp_generic+0x10/0x10
[   66.142623][ T5820]  ? __skb_flow_dissect+0x4f1/0x7d00
[   66.147902][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   66.153622][ T5820]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   66.159681][ T5820]  ? mark_lock+0x9a/0x360
[   66.164002][ T5820]  ? __lock_acquire+0x1397/0x2100
[   66.169020][ T5820]  __netif_receive_skb+0x12f/0x650
[   66.174125][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   66.179137][ T5820]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   66.185369][ T5820]  ? __pfx___netif_receive_skb+0x10/0x10
[   66.190994][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   66.195837][ T5820]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   66.201546][ T5820]  ? read_tsc+0x9/0x20
[   66.205606][ T5820]  ? netif_receive_skb+0x131/0x890
[   66.210709][ T5820]  ? netif_receive_skb+0x131/0x890
[   66.215813][ T5820]  netif_receive_skb+0x1e8/0x890
[   66.220743][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   66.225584][ T5820]  ? __pfx_netif_receive_skb+0x10/0x10
[   66.231038][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   66.235884][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   66.240553][ T5820]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   66.246870][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   66.251882][ T5820]  ? __pfx_tun_rx_batched+0x10/0x10
[   66.257079][ T5820]  tun_get_user+0x30d6/0x4890
[   66.261748][ T5820]  ? tun_get_user+0x2bbe/0x4890
[   66.266593][ T5820]  ? __lock_acquire+0x1397/0x2100
[   66.271608][ T5820]  ? __pfx_tun_get_user+0x10/0x10
[   66.276631][ T5820]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   66.282080][ T5820]  ? tun_get+0x1e/0x2f0
[   66.286228][ T5820]  ? __pfx_lock_release+0x10/0x10
[   66.291246][ T5820]  ? tun_get+0x1e/0x2f0
[   66.295394][ T5820]  ? tun_get+0x27d/0x2f0
[   66.299631][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   66.304650][ T5820]  vfs_write+0xaeb/0xd30
[   66.308888][ T5820]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   66.314426][ T5820]  ? __pfx_vfs_write+0x10/0x10
[   66.319194][ T5820]  ? _raw_spin_unlock_irq+0x2e/0x50
[   66.324385][ T5820]  ? ptrace_notify+0x279/0x380
[   66.329146][ T5820]  ksys_write+0x18f/0x2b0
[   66.333471][ T5820]  ? __pfx_ksys_write+0x10/0x10
[   66.338315][ T5820]  ? do_syscall_64+0x100/0x230
[   66.343091][ T5820]  do_syscall_64+0xf3/0x230
[   66.347605][ T5820]  ? clear_bhb_loop+0x35/0x90
[   66.352284][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.358184][ T5820] RIP: 0033:0x7f941abf7db0
[   66.362592][ T5820] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   66.382194][ T5820] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   66.390599][ T5820] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   66.398563][ T5820] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   66.406523][ T5820] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[   66.414488][ T5820] R10: 00007ffc09853058 R11: 0000000000000202 R12: 00007f941ac460de
[   66.422447][ T5820] R13: 0000000000000000 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   66.430418][ T5820]  </TASK>
[   66.433496][ T5820] BUG: Bad page state in process syz-executor285  pfn:72d38
[   66.440814][ T5820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72d38
[   66.449593][ T5820] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   66.456713][ T5820] raw: 00fff00000000000 dead000000000040 ffff888022ab2000 0000000000000000
[   66.465312][ T5820] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   66.473907][ T5820] page dumped because: page_pool leak
[   66.479285][ T5820] page_owner tracks the page as allocated
[   66.484980][ T5820] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5820, tgid 5820 (syz-executor285), ts 62999447572, free_ts 54575218247
[   66.502272][ T5820]  post_alloc_hook+0x1f3/0x230
[   66.507043][ T5820]  get_page_from_freelist+0x3651/0x37a0
[   66.512607][ T5820]  __alloc_pages_noprof+0x292/0x710
[   66.517814][ T5820]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   66.523287][ T5820]  __page_pool_alloc_pages_slow+0x122/0x690
[   66.529199][ T5820]  page_pool_alloc_pages+0xd0/0x1c0
[   66.534396][ T5820]  skb_pp_cow_data+0xc43/0x1640
[   66.539258][ T5820]  do_xdp_generic+0x505/0xd30
[   66.543936][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   66.549673][ T5820]  __netif_receive_skb+0x12f/0x650
[   66.554787][ T5820]  netif_receive_skb+0x1e8/0x890
[   66.559755][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   66.564443][ T5820]  tun_get_user+0x30d6/0x4890
[   66.569148][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   66.574171][ T5820]  vfs_write+0xaeb/0xd30
[   66.578428][ T5820]  ksys_write+0x18f/0x2b0
[   66.582770][ T5820] page last free pid 5807 tgid 5807 stack trace:
[   66.589108][ T5820]  free_unref_page+0xde3/0x1130
[   66.593965][ T5820]  __folio_put+0x2c7/0x440
[   66.598397][ T5820]  pipe_read+0x6ed/0x13e0
[   66.602725][ T5820]  vfs_read+0x991/0xb70
[   66.606861][ T5820]  ksys_read+0x18f/0x2b0
[   66.611121][ T5820]  do_syscall_64+0xf3/0x230
[   66.615631][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.621542][ T5820] Modules linked in:
[   66.625440][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   66.638019][ T5820] Tainted: [B]=BAD_PAGE
[   66.642150][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   66.652185][ T5820] Call Trace:
[   66.655446][ T5820]  <TASK>
[   66.658365][ T5820]  dump_stack_lvl+0x241/0x360
[   66.663031][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   66.668221][ T5820]  ? __pfx_print_modules+0x10/0x10
[   66.673329][ T5820]  bad_page+0x176/0x1d0
[   66.677518][ T5820]  free_unref_page+0x1048/0x1130
[   66.682477][ T5820]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   66.688117][ T5820]  bpf_xdp_adjust_tail+0x1c3/0x200
[   66.693240][ T5820]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   66.698690][ T5820]  bpf_prog_run_generic_xdp+0x686/0x1510
[   66.704326][ T5820]  do_xdp_generic+0x757/0xd30
[   66.708998][ T5820]  ? __pfx_do_xdp_generic+0x10/0x10
[   66.714190][ T5820]  ? __skb_flow_dissect+0x4f1/0x7d00
[   66.719470][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   66.725192][ T5820]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   66.731255][ T5820]  ? mark_lock+0x9a/0x360
[   66.735578][ T5820]  ? __lock_acquire+0x1397/0x2100
[   66.740597][ T5820]  __netif_receive_skb+0x12f/0x650
[   66.745702][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   66.750714][ T5820]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   66.756951][ T5820]  ? __pfx___netif_receive_skb+0x10/0x10
[   66.762575][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   66.767422][ T5820]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   66.773128][ T5820]  ? read_tsc+0x9/0x20
[   66.777194][ T5820]  ? netif_receive_skb+0x131/0x890
[   66.782296][ T5820]  ? netif_receive_skb+0x131/0x890
[   66.787396][ T5820]  netif_receive_skb+0x1e8/0x890
[   66.792331][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   66.797172][ T5820]  ? __pfx_netif_receive_skb+0x10/0x10
[   66.802626][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   66.807489][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   66.812178][ T5820]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   66.818510][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   66.823530][ T5820]  ? __pfx_tun_rx_batched+0x10/0x10
[   66.828730][ T5820]  tun_get_user+0x30d6/0x4890
[   66.833399][ T5820]  ? tun_get_user+0x2bbe/0x4890
[   66.838251][ T5820]  ? __lock_acquire+0x1397/0x2100
[   66.843267][ T5820]  ? __pfx_tun_get_user+0x10/0x10
[   66.848288][ T5820]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   66.853735][ T5820]  ? tun_get+0x1e/0x2f0
[   66.857882][ T5820]  ? __pfx_lock_release+0x10/0x10
[   66.862899][ T5820]  ? tun_get+0x1e/0x2f0
[   66.867043][ T5820]  ? tun_get+0x27d/0x2f0
[   66.871280][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   66.876295][ T5820]  vfs_write+0xaeb/0xd30
[   66.880535][ T5820]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   66.886072][ T5820]  ? __pfx_vfs_write+0x10/0x10
[   66.890829][ T5820]  ? _raw_spin_unlock_irq+0x2e/0x50
[   66.896018][ T5820]  ? ptrace_notify+0x279/0x380
[   66.900776][ T5820]  ksys_write+0x18f/0x2b0
[   66.905103][ T5820]  ? __pfx_ksys_write+0x10/0x10
[   66.909945][ T5820]  ? do_syscall_64+0x100/0x230
[   66.914706][ T5820]  do_syscall_64+0xf3/0x230
[   66.919206][ T5820]  ? clear_bhb_loop+0x35/0x90
[   66.923871][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.929755][ T5820] RIP: 0033:0x7f941abf7db0
[   66.934162][ T5820] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   66.953753][ T5820] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   66.962155][ T5820] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   66.970117][ T5820] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   66.978099][ T5820] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[   66.986069][ T5820] R10: 00007ffc09853058 R11: 0000000000000202 R12: 00007f941ac460de
[   66.994028][ T5820] R13: 0000000000000000 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   67.001994][ T5820]  </TASK>
[   67.005054][ T5820] BUG: Bad page state in process syz-executor285  pfn:76907
[   67.012355][ T5820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76907
[   67.021142][ T5820] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   67.028294][ T5820] raw: 00fff00000000000 dead000000000040 ffff888022ab2000 0000000000000000
[   67.036872][ T5820] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   67.045462][ T5820] page dumped because: page_pool leak
[   67.050842][ T5820] page_owner tracks the page as allocated
[   67.056537][ T5820] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5820, tgid 5820 (syz-executor285), ts 62999441200, free_ts 54582364655
[   67.073833][ T5820]  post_alloc_hook+0x1f3/0x230
[   67.078621][ T5820]  get_page_from_freelist+0x3651/0x37a0
[   67.084158][ T5820]  __alloc_pages_noprof+0x292/0x710
[   67.089368][ T5820]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   67.094837][ T5820]  __page_pool_alloc_pages_slow+0x122/0x690
[   67.100749][ T5820]  page_pool_alloc_pages+0xd0/0x1c0
[   67.105961][ T5820]  skb_pp_cow_data+0xc43/0x1640
[   67.110825][ T5820]  do_xdp_generic+0x505/0xd30
[   67.115506][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   67.121243][ T5820]  __netif_receive_skb+0x12f/0x650
[   67.126358][ T5820]  netif_receive_skb+0x1e8/0x890
[   67.131318][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   67.136000][ T5820]  tun_get_user+0x30d6/0x4890
[   67.140716][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   67.145746][ T5820]  vfs_write+0xaeb/0xd30
[   67.150014][ T5820]  ksys_write+0x18f/0x2b0
[   67.154358][ T5820] page last free pid 5807 tgid 5807 stack trace:
[   67.160713][ T5820]  free_unref_page+0xde3/0x1130
[   67.165566][ T5820]  __folio_put+0x2c7/0x440
[   67.169995][ T5820]  pipe_read+0x6ed/0x13e0
[   67.174327][ T5820]  vfs_read+0x991/0xb70
[   67.178520][ T5820]  ksys_read+0x18f/0x2b0
[   67.182765][ T5820]  do_syscall_64+0xf3/0x230
[   67.187252][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.193168][ T5820] Modules linked in:
[   67.197065][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   67.209631][ T5820] Tainted: [B]=BAD_PAGE
[   67.213763][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   67.223806][ T5820] Call Trace:
[   67.227069][ T5820]  <TASK>
[   67.229982][ T5820]  dump_stack_lvl+0x241/0x360
[   67.234649][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   67.239832][ T5820]  ? __pfx_print_modules+0x10/0x10
[   67.244932][ T5820]  bad_page+0x176/0x1d0
[   67.249070][ T5820]  free_unref_page+0x1048/0x1130
[   67.253993][ T5820]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   67.259616][ T5820]  bpf_xdp_adjust_tail+0x1c3/0x200
[   67.264717][ T5820]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   67.270159][ T5820]  bpf_prog_run_generic_xdp+0x686/0x1510
[   67.275793][ T5820]  do_xdp_generic+0x757/0xd30
[   67.280465][ T5820]  ? __pfx_do_xdp_generic+0x10/0x10
[   67.285655][ T5820]  ? __skb_flow_dissect+0x4f1/0x7d00
[   67.290932][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   67.296650][ T5820]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   67.302709][ T5820]  ? mark_lock+0x9a/0x360
[   67.307028][ T5820]  ? __lock_acquire+0x1397/0x2100
[   67.312048][ T5820]  __netif_receive_skb+0x12f/0x650
[   67.317152][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   67.322162][ T5820]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   67.328394][ T5820]  ? __pfx___netif_receive_skb+0x10/0x10
[   67.334017][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   67.338861][ T5820]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   67.344569][ T5820]  ? read_tsc+0x9/0x20
[   67.348631][ T5820]  ? netif_receive_skb+0x131/0x890
[   67.353729][ T5820]  ? netif_receive_skb+0x131/0x890
[   67.358828][ T5820]  netif_receive_skb+0x1e8/0x890
[   67.363755][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   67.368598][ T5820]  ? __pfx_netif_receive_skb+0x10/0x10
[   67.374049][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   67.378893][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   67.383565][ T5820]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   67.389884][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   67.394897][ T5820]  ? __pfx_tun_rx_batched+0x10/0x10
[   67.400092][ T5820]  tun_get_user+0x30d6/0x4890
[   67.404760][ T5820]  ? tun_get_user+0x2bbe/0x4890
[   67.409604][ T5820]  ? __lock_acquire+0x1397/0x2100
[   67.414621][ T5820]  ? __pfx_tun_get_user+0x10/0x10
[   67.419640][ T5820]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   67.425092][ T5820]  ? tun_get+0x1e/0x2f0
[   67.429242][ T5820]  ? __pfx_lock_release+0x10/0x10
[   67.434259][ T5820]  ? tun_get+0x1e/0x2f0
[   67.438405][ T5820]  ? tun_get+0x27d/0x2f0
[   67.442638][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   67.447653][ T5820]  vfs_write+0xaeb/0xd30
[   67.451891][ T5820]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   67.457429][ T5820]  ? __pfx_vfs_write+0x10/0x10
[   67.462195][ T5820]  ? _raw_spin_unlock_irq+0x2e/0x50
[   67.467381][ T5820]  ? ptrace_notify+0x279/0x380
[   67.472135][ T5820]  ksys_write+0x18f/0x2b0
[   67.476455][ T5820]  ? __pfx_ksys_write+0x10/0x10
[   67.481299][ T5820]  ? do_syscall_64+0x100/0x230
[   67.486061][ T5820]  do_syscall_64+0xf3/0x230
[   67.490556][ T5820]  ? clear_bhb_loop+0x35/0x90
[   67.495217][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.501105][ T5820] RIP: 0033:0x7f941abf7db0
[   67.505509][ T5820] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   67.525119][ T5820] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   67.533530][ T5820] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   67.541495][ T5820] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   67.549457][ T5820] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[   67.557416][ T5820] R10: 00007ffc09853058 R11: 0000000000000202 R12: 00007f941ac460de
[   67.565382][ T5820] R13: 0000000000000000 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   67.573352][ T5820]  </TASK>
[   67.576422][ T5820] BUG: Bad page state in process syz-executor285  pfn:76906
[   67.583725][ T5820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76906
[   67.592506][ T5820] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   67.599655][ T5820] raw: 00fff00000000000 dead000000000040 ffff888022ab2000 0000000000000000
[   67.608265][ T5820] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   67.616840][ T5820] page dumped because: page_pool leak
[   67.622221][ T5820] page_owner tracks the page as allocated
[   67.627928][ T5820] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5820, tgid 5820 (syz-executor285), ts 62999421067, free_ts 54582851254
[   67.645222][ T5820]  post_alloc_hook+0x1f3/0x230
[   67.650023][ T5820]  get_page_from_freelist+0x3651/0x37a0
[   67.655573][ T5820]  __alloc_pages_noprof+0x292/0x710
[   67.660786][ T5820]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   67.666246][ T5820]  __page_pool_alloc_pages_slow+0x122/0x690
[   67.672160][ T5820]  page_pool_alloc_pages+0xd0/0x1c0
[   67.677366][ T5820]  skb_pp_cow_data+0xc43/0x1640
[   67.682228][ T5820]  do_xdp_generic+0x505/0xd30
[   67.686906][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   67.692638][ T5820]  __netif_receive_skb+0x12f/0x650
[   67.697752][ T5820]  netif_receive_skb+0x1e8/0x890
[   67.702733][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   67.707421][ T5820]  tun_get_user+0x30d6/0x4890
[   67.712151][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   67.717184][ T5820]  vfs_write+0xaeb/0xd30
[   67.721464][ T5820]  ksys_write+0x18f/0x2b0
[   67.725796][ T5820] page last free pid 5807 tgid 5807 stack trace:
[   67.732139][ T5820]  free_unref_page+0xde3/0x1130
[   67.736993][ T5820]  __folio_put+0x2c7/0x440
[   67.741426][ T5820]  pipe_read+0x6ed/0x13e0
[   67.745754][ T5820]  vfs_read+0x991/0xb70
[   67.749920][ T5820]  ksys_read+0x18f/0x2b0
[   67.754164][ T5820]  do_syscall_64+0xf3/0x230
[   67.758682][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.764580][ T5820] Modules linked in:
[   67.768489][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   67.781075][ T5820] Tainted: [B]=BAD_PAGE
[   67.785209][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   67.795246][ T5820] Call Trace:
[   67.798510][ T5820]  <TASK>
[   67.801424][ T5820]  dump_stack_lvl+0x241/0x360
[   67.806090][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   67.811281][ T5820]  ? __pfx_print_modules+0x10/0x10
[   67.816377][ T5820]  bad_page+0x176/0x1d0
[   67.820519][ T5820]  free_unref_page+0x1048/0x1130
[   67.825443][ T5820]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   67.831068][ T5820]  bpf_xdp_adjust_tail+0x1c3/0x200
[   67.836176][ T5820]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   67.841618][ T5820]  bpf_prog_run_generic_xdp+0x686/0x1510
[   67.847251][ T5820]  do_xdp_generic+0x757/0xd30
[   67.851920][ T5820]  ? __pfx_do_xdp_generic+0x10/0x10
[   67.857113][ T5820]  ? __skb_flow_dissect+0x4f1/0x7d00
[   67.862391][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   67.868116][ T5820]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   67.874180][ T5820]  ? mark_lock+0x9a/0x360
[   67.878500][ T5820]  ? __lock_acquire+0x1397/0x2100
[   67.883520][ T5820]  __netif_receive_skb+0x12f/0x650
[   67.888621][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   67.893630][ T5820]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   67.899861][ T5820]  ? __pfx___netif_receive_skb+0x10/0x10
[   67.905487][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   67.910328][ T5820]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   67.916035][ T5820]  ? read_tsc+0x9/0x20
[   67.920101][ T5820]  ? netif_receive_skb+0x131/0x890
[   67.925201][ T5820]  ? netif_receive_skb+0x131/0x890
[   67.930304][ T5820]  netif_receive_skb+0x1e8/0x890
[   67.935229][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   67.940070][ T5820]  ? __pfx_netif_receive_skb+0x10/0x10
[   67.945525][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   67.950369][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   67.955037][ T5820]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   67.961355][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   67.966367][ T5820]  ? __pfx_tun_rx_batched+0x10/0x10
[   67.971560][ T5820]  tun_get_user+0x30d6/0x4890
[   67.976229][ T5820]  ? tun_get_user+0x2bbe/0x4890
[   67.981073][ T5820]  ? __lock_acquire+0x1397/0x2100
[   67.986095][ T5820]  ? __pfx_tun_get_user+0x10/0x10
[   67.991115][ T5820]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   67.996562][ T5820]  ? tun_get+0x1e/0x2f0
[   68.000709][ T5820]  ? __pfx_lock_release+0x10/0x10
[   68.005723][ T5820]  ? tun_get+0x1e/0x2f0
[   68.009868][ T5820]  ? tun_get+0x27d/0x2f0
[   68.014101][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   68.019120][ T5820]  vfs_write+0xaeb/0xd30
[   68.023358][ T5820]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   68.028895][ T5820]  ? __pfx_vfs_write+0x10/0x10
[   68.033652][ T5820]  ? _raw_spin_unlock_irq+0x2e/0x50
[   68.038841][ T5820]  ? ptrace_notify+0x279/0x380
[   68.043598][ T5820]  ksys_write+0x18f/0x2b0
[   68.047922][ T5820]  ? __pfx_ksys_write+0x10/0x10
[   68.052762][ T5820]  ? do_syscall_64+0x100/0x230
[   68.057519][ T5820]  do_syscall_64+0xf3/0x230
[   68.062018][ T5820]  ? clear_bhb_loop+0x35/0x90
[   68.066683][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.072566][ T5820] RIP: 0033:0x7f941abf7db0
[   68.076971][ T5820] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   68.096563][ T5820] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   68.104966][ T5820] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   68.112927][ T5820] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   68.120884][ T5820] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[   68.128845][ T5820] R10: 00007ffc09853058 R11: 0000000000000202 R12: 00007f941ac460de
[   68.136803][ T5820] R13: 0000000000000000 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   68.144768][ T5820]  </TASK>
[   68.147824][ T5820] BUG: Bad page state in process syz-executor285  pfn:76905
[   68.155137][ T5820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76905
[   68.163920][ T5820] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   68.171052][ T5820] raw: 00fff00000000000 dead000000000040 ffff888022ab2000 0000000000000000
[   68.179660][ T5820] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   68.188258][ T5820] page dumped because: page_pool leak
[   68.193629][ T5820] page_owner tracks the page as allocated
[   68.199357][ T5820] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5820, tgid 5820 (syz-executor285), ts 62999414838, free_ts 54582871367
[   68.216647][ T5820]  post_alloc_hook+0x1f3/0x230
[   68.221433][ T5820]  get_page_from_freelist+0x3651/0x37a0
[   68.226966][ T5820]  __alloc_pages_noprof+0x292/0x710
[   68.232182][ T5820]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   68.237646][ T5820]  __page_pool_alloc_pages_slow+0x122/0x690
[   68.243557][ T5820]  page_pool_alloc_pages+0xd0/0x1c0
[   68.248783][ T5820]  skb_pp_cow_data+0xc43/0x1640
[   68.253634][ T5820]  do_xdp_generic+0x505/0xd30
[   68.258322][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   68.264042][ T5820]  __netif_receive_skb+0x12f/0x650
[   68.269172][ T5820]  netif_receive_skb+0x1e8/0x890
[   68.274109][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   68.278799][ T5820]  tun_get_user+0x30d6/0x4890
[   68.283476][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   68.288512][ T5820]  vfs_write+0xaeb/0xd30
[   68.292761][ T5820]  ksys_write+0x18f/0x2b0
[   68.297073][ T5820] page last free pid 5807 tgid 5807 stack trace:
[   68.303417][ T5820]  free_unref_page+0xde3/0x1130
[   68.308292][ T5820]  __folio_put+0x2c7/0x440
[   68.312723][ T5820]  pipe_read+0x6ed/0x13e0
[   68.317063][ T5820]  vfs_read+0x991/0xb70
[   68.321246][ T5820]  ksys_read+0x18f/0x2b0
[   68.325493][ T5820]  do_syscall_64+0xf3/0x230
[   68.330015][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.335920][ T5820] Modules linked in:
[   68.339824][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   68.352406][ T5820] Tainted: [B]=BAD_PAGE
[   68.356539][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   68.366576][ T5820] Call Trace:
[   68.369840][ T5820]  <TASK>
[   68.372756][ T5820]  dump_stack_lvl+0x241/0x360
[   68.377423][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.382616][ T5820]  ? __pfx_print_modules+0x10/0x10
[   68.387717][ T5820]  bad_page+0x176/0x1d0
[   68.391856][ T5820]  free_unref_page+0x1048/0x1130
[   68.396777][ T5820]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   68.402396][ T5820]  bpf_xdp_adjust_tail+0x1c3/0x200
[   68.407492][ T5820]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   68.412929][ T5820]  bpf_prog_run_generic_xdp+0x686/0x1510
[   68.418556][ T5820]  do_xdp_generic+0x757/0xd30
[   68.423226][ T5820]  ? __pfx_do_xdp_generic+0x10/0x10
[   68.428421][ T5820]  ? __skb_flow_dissect+0x4f1/0x7d00
[   68.433700][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   68.439420][ T5820]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   68.445478][ T5820]  ? mark_lock+0x9a/0x360
[   68.449798][ T5820]  ? __lock_acquire+0x1397/0x2100
[   68.454817][ T5820]  __netif_receive_skb+0x12f/0x650
[   68.459921][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   68.464934][ T5820]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   68.471179][ T5820]  ? __pfx___netif_receive_skb+0x10/0x10
[   68.476829][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   68.481685][ T5820]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   68.487408][ T5820]  ? read_tsc+0x9/0x20
[   68.491476][ T5820]  ? netif_receive_skb+0x131/0x890
[   68.496585][ T5820]  ? netif_receive_skb+0x131/0x890
[   68.501689][ T5820]  netif_receive_skb+0x1e8/0x890
[   68.506620][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   68.511462][ T5820]  ? __pfx_netif_receive_skb+0x10/0x10
[   68.516910][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   68.521751][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   68.526418][ T5820]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   68.532734][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   68.537750][ T5820]  ? __pfx_tun_rx_batched+0x10/0x10
[   68.542947][ T5820]  tun_get_user+0x30d6/0x4890
[   68.547617][ T5820]  ? tun_get_user+0x2bbe/0x4890
[   68.552460][ T5820]  ? __lock_acquire+0x1397/0x2100
[   68.557471][ T5820]  ? __pfx_tun_get_user+0x10/0x10
[   68.562493][ T5820]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   68.567943][ T5820]  ? tun_get+0x1e/0x2f0
[   68.572092][ T5820]  ? __pfx_lock_release+0x10/0x10
[   68.577106][ T5820]  ? tun_get+0x1e/0x2f0
[   68.581250][ T5820]  ? tun_get+0x27d/0x2f0
[   68.585489][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   68.590507][ T5820]  vfs_write+0xaeb/0xd30
[   68.594743][ T5820]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   68.600283][ T5820]  ? __pfx_vfs_write+0x10/0x10
[   68.605041][ T5820]  ? _raw_spin_unlock_irq+0x2e/0x50
[   68.610230][ T5820]  ? ptrace_notify+0x279/0x380
[   68.614990][ T5820]  ksys_write+0x18f/0x2b0
[   68.619315][ T5820]  ? __pfx_ksys_write+0x10/0x10
[   68.624156][ T5820]  ? do_syscall_64+0x100/0x230
[   68.628913][ T5820]  do_syscall_64+0xf3/0x230
[   68.633410][ T5820]  ? clear_bhb_loop+0x35/0x90
[   68.638076][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.643964][ T5820] RIP: 0033:0x7f941abf7db0
[   68.648367][ T5820] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   68.667978][ T5820] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   68.676392][ T5820] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   68.684373][ T5820] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   68.692335][ T5820] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[   68.700294][ T5820] R10: 00007ffc09853058 R11: 0000000000000202 R12: 00007f941ac460de
[   68.708254][ T5820] R13: 0000000000000000 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   68.716228][ T5820]  </TASK>
[   68.719297][ T5820] BUG: Bad page state in process syz-executor285  pfn:76904
[   68.726576][ T5820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76904
[   68.735353][ T5820] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   68.742493][ T5820] raw: 00fff00000000000 dead000000000040 ffff888022ab2000 0000000000000000
[   68.751105][ T5820] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   68.759713][ T5820] page dumped because: page_pool leak
[   68.765078][ T5820] page_owner tracks the page as allocated
[   68.770806][ T5820] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5820, tgid 5820 (syz-executor285), ts 62999408239, free_ts 54582895841
[   68.788105][ T5820]  post_alloc_hook+0x1f3/0x230
[   68.792930][ T5820]  get_page_from_freelist+0x3651/0x37a0
[   68.798511][ T5820]  __alloc_pages_noprof+0x292/0x710
[   68.803699][ T5820]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   68.809173][ T5820]  __page_pool_alloc_pages_slow+0x122/0x690
[   68.815075][ T5820]  page_pool_alloc_pages+0xd0/0x1c0
[   68.820297][ T5820]  skb_pp_cow_data+0xc43/0x1640
[   68.825149][ T5820]  do_xdp_generic+0x505/0xd30
[   68.829846][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   68.835571][ T5820]  __netif_receive_skb+0x12f/0x650
[   68.840706][ T5820]  netif_receive_skb+0x1e8/0x890
[   68.845649][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   68.850342][ T5820]  tun_get_user+0x30d6/0x4890
[   68.855022][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   68.860417][ T5820]  vfs_write+0xaeb/0xd30
[   68.864665][ T5820]  ksys_write+0x18f/0x2b0
[   68.869026][ T5820] page last free pid 5807 tgid 5807 stack trace:
[   68.875350][ T5820]  free_unref_page+0xde3/0x1130
[   68.880231][ T5820]  __folio_put+0x2c7/0x440
[   68.884649][ T5820]  pipe_read+0x6ed/0x13e0
[   68.888996][ T5820]  vfs_read+0x991/0xb70
[   68.893155][ T5820]  ksys_read+0x18f/0x2b0
[   68.897383][ T5820]  do_syscall_64+0xf3/0x230
[   68.901898][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.907800][ T5820] Modules linked in:
[   68.911714][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   68.924301][ T5820] Tainted: [B]=BAD_PAGE
[   68.928433][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   68.938472][ T5820] Call Trace:
[   68.941735][ T5820]  <TASK>
[   68.944645][ T5820]  dump_stack_lvl+0x241/0x360
[   68.949314][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.954492][ T5820]  ? __pfx_print_modules+0x10/0x10
[   68.959850][ T5820]  bad_page+0x176/0x1d0
[   68.963988][ T5820]  free_unref_page+0x1048/0x1130
[   68.968913][ T5820]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   68.974555][ T5820]  bpf_xdp_adjust_tail+0x1c3/0x200
[   68.979655][ T5820]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   68.985108][ T5820]  bpf_prog_run_generic_xdp+0x686/0x1510
[   68.990742][ T5820]  do_xdp_generic+0x757/0xd30
[   68.995416][ T5820]  ? __pfx_do_xdp_generic+0x10/0x10
[   69.000606][ T5820]  ? __skb_flow_dissect+0x4f1/0x7d00
[   69.005887][ T5820]  __netif_receive_skb_core+0x1ce9/0x4690
[   69.011604][ T5820]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   69.017664][ T5820]  ? mark_lock+0x9a/0x360
[   69.021990][ T5820]  ? __lock_acquire+0x1397/0x2100
[   69.027006][ T5820]  __netif_receive_skb+0x12f/0x650
[   69.032106][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   69.037117][ T5820]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   69.043350][ T5820]  ? __pfx___netif_receive_skb+0x10/0x10
[   69.048975][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   69.053815][ T5820]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   69.059523][ T5820]  ? read_tsc+0x9/0x20
[   69.063585][ T5820]  ? netif_receive_skb+0x131/0x890
[   69.068684][ T5820]  ? netif_receive_skb+0x131/0x890
[   69.073784][ T5820]  netif_receive_skb+0x1e8/0x890
[   69.078713][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   69.083552][ T5820]  ? __pfx_netif_receive_skb+0x10/0x10
[   69.089003][ T5820]  ? tun_rx_batched+0x160/0x8f0
[   69.093845][ T5820]  tun_rx_batched+0x1b7/0x8f0
[   69.098513][ T5820]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.104828][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   69.109838][ T5820]  ? __pfx_tun_rx_batched+0x10/0x10
[   69.115030][ T5820]  tun_get_user+0x30d6/0x4890
[   69.119699][ T5820]  ? tun_get_user+0x2bbe/0x4890
[   69.124543][ T5820]  ? __lock_acquire+0x1397/0x2100
[   69.129554][ T5820]  ? __pfx_tun_get_user+0x10/0x10
[   69.134573][ T5820]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   69.140019][ T5820]  ? tun_get+0x1e/0x2f0
[   69.144166][ T5820]  ? __pfx_lock_release+0x10/0x10
[   69.149182][ T5820]  ? tun_get+0x1e/0x2f0
[   69.153328][ T5820]  ? tun_get+0x27d/0x2f0
[   69.157558][ T5820]  tun_chr_write_iter+0x10d/0x1f0
[   69.162575][ T5820]  vfs_write+0xaeb/0xd30
[   69.166811][ T5820]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   69.172347][ T5820]  ? __pfx_vfs_write+0x10/0x10
[   69.177103][ T5820]  ? _raw_spin_unlock_irq+0x2e/0x50
[   69.182293][ T5820]  ? ptrace_notify+0x279/0x380
[   69.187048][ T5820]  ksys_write+0x18f/0x2b0
[   69.191380][ T5820]  ? __pfx_ksys_write+0x10/0x10
[   69.196220][ T5820]  ? do_syscall_64+0x100/0x230
[   69.200979][ T5820]  do_syscall_64+0xf3/0x230
[   69.205474][ T5820]  ? clear_bhb_loop+0x35/0x90
[   69.210141][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.216026][ T5820] RIP: 0033:0x7f941abf7db0
[   69.220431][ T5820] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   69.240026][ T5820] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   69.248428][ T5820] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   69.256388][ T5820] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   69.264345][ T5820] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[pid  5820] write(200, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 73152 <unfinished ...>
[pid  5817] kill(-2, SIGKILL)           = 0
[pid  5817] kill(2, SIGKILL)            = 0
[pid  5820] <... write resumed>)        = ?
[pid  5820] +++ killed by SIGKILL +++
[pid  5817] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=217 /* 2.17 s */} ---
[pid  5817] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566baa650) = 3
./strace-static-x86_64: Process 5821 attached
[   69.272304][ T5820] R10: 00007ffc09853058 R11: 0000000000000202 R12: 00007f941ac460de
[   69.280261][ T5820] R13: 0000000000000000 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   69.288228][ T5820]  </TASK>
[pid  5821] set_robust_list(0x555566baa660, 24) = 0
[pid  5821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5821] setpgid(0, 0)               = 0
[pid  5821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5821] write(3, "1000", 4)         = 4
[pid  5821] close(3)                    = 0
[pid  5821] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid  5821] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid  5821] read(200, 0x7ffc09852b30, 1000) = -1 EAGAIN (Resource temporarily unavailable)
executing program
[pid  5821] write(1, "executing program\n", 18) = 18
[pid  5821] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
[pid  5821] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=4, insns=0x20000400, license="", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_TEST_STATE_FREQ|0x20, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 4
[pid  5821] ioctl(3, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5821] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=11, attach_type=BPF_XDP, flags=0x2}, ...}, 24) = 5
[   69.443165][ T5821] BUG: Bad page state in process syz-executor285  pfn:7d994
[   69.450529][ T5821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d994
[   69.459577][ T5821] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   69.466693][ T5821] raw: 00fff00000000000 dead000000000040 ffff888022ab4000 0000000000000000
[   69.475299][ T5821] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   69.483897][ T5821] page dumped because: page_pool leak
[   69.489277][ T5821] page_owner tracks the page as allocated
[   69.495006][ T5821] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5821, tgid 5821 (syz-executor285), ts 69443096706, free_ts 68195221179
[   69.512330][ T5821]  post_alloc_hook+0x1f3/0x230
[   69.517100][ T5821]  get_page_from_freelist+0x3651/0x37a0
[   69.522675][ T5821]  __alloc_pages_noprof+0x292/0x710
[   69.527875][ T5821]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   69.533356][ T5821]  __page_pool_alloc_pages_slow+0x122/0x690
[   69.539272][ T5821]  page_pool_alloc_pages+0xd0/0x1c0
[   69.544456][ T5821]  skb_pp_cow_data+0xc43/0x1640
[   69.549321][ T5821]  do_xdp_generic+0x505/0xd30
[   69.553998][ T5821]  __netif_receive_skb_core+0x1ce9/0x4690
[   69.559765][ T5821]  __netif_receive_skb+0x12f/0x650
[   69.564904][ T5821]  netif_receive_skb+0x1e8/0x890
[   69.569900][ T5821]  tun_rx_batched+0x1b7/0x8f0
[   69.574581][ T5821]  tun_get_user+0x30d6/0x4890
[   69.579287][ T5821]  tun_chr_write_iter+0x10d/0x1f0
[   69.584330][ T5821]  vfs_write+0xaeb/0xd30
[   69.588599][ T5821]  ksys_write+0x18f/0x2b0
[   69.592933][ T5821] page last free pid 5181 tgid 5181 stack trace:
[   69.599281][ T5821]  free_unref_page+0xde3/0x1130
[   69.604137][ T5821]  __slab_free+0x31b/0x3d0
[   69.608578][ T5821]  qlist_free_all+0x9a/0x140
[   69.613169][ T5821]  kasan_quarantine_reduce+0x14f/0x170
[   69.618652][ T5821]  __kasan_slab_alloc+0x23/0x80
[   69.623511][ T5821]  __kmalloc_cache_noprof+0x1d9/0x390
[   69.628914][ T5821]  syslog_print+0x121/0x9c0
[   69.633421][ T5821]  do_syslog+0x3c2/0x820
[   69.637648][ T5821]  __x64_sys_syslog+0x7c/0x90
[   69.642350][ T5821]  do_syscall_64+0xf3/0x230
[   69.646869][ T5821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.652791][ T5821] Modules linked in:
[   69.656691][ T5821] CPU: 1 UID: 0 PID: 5821 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   69.669267][ T5821] Tainted: [B]=BAD_PAGE
[   69.673397][ T5821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   69.683435][ T5821] Call Trace:
[   69.686710][ T5821]  <TASK>
[   69.689631][ T5821]  dump_stack_lvl+0x241/0x360
[   69.694297][ T5821]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.699483][ T5821]  ? __pfx_print_modules+0x10/0x10
[   69.704581][ T5821]  bad_page+0x176/0x1d0
[   69.708724][ T5821]  free_unref_page+0x1048/0x1130
[   69.713650][ T5821]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   69.719291][ T5821]  bpf_xdp_adjust_tail+0x1c3/0x200
[   69.724389][ T5821]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   69.729847][ T5821]  bpf_prog_run_generic_xdp+0x686/0x1510
[   69.735476][ T5821]  do_xdp_generic+0x757/0xd30
[   69.740136][ T5821]  ? __pfx_do_xdp_generic+0x10/0x10
[   69.745315][ T5821]  ? rcu_is_watching+0x15/0xb0
[   69.750069][ T5821]  ? rcu_is_watching+0x15/0xb0
[   69.754815][ T5821]  ? count_memcg_event_mm+0x94/0x420
[   69.760084][ T5821]  __netif_receive_skb_core+0x1ce9/0x4690
[   69.765795][ T5821]  ? handle_mm_fault+0x173f/0x1ad0
[   69.770891][ T5821]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   69.776944][ T5821]  ? rcu_is_watching+0x15/0xb0
[   69.781690][ T5821]  ? lock_release+0xbf/0xa30
[   69.786261][ T5821]  ? __pfx_lock_acquire+0x10/0x10
[   69.791267][ T5821]  ? __up_read+0x2c2/0x6b0
[   69.795665][ T5821]  ? rcu_is_watching+0x15/0xb0
[   69.800409][ T5821]  __netif_receive_skb+0x12f/0x650
[   69.805503][ T5821]  ? __pfx_lock_acquire+0x10/0x10
[   69.810511][ T5821]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   69.816739][ T5821]  ? __pfx___netif_receive_skb+0x10/0x10
[   69.822362][ T5821]  ? tun_rx_batched+0x160/0x8f0
[   69.827197][ T5821]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   69.832895][ T5821]  ? read_tsc+0x9/0x20
[   69.836944][ T5821]  ? ktime_get_with_offset+0x249/0x290
[   69.842389][ T5821]  ? netif_receive_skb+0x131/0x890
[   69.847482][ T5821]  netif_receive_skb+0x1e8/0x890
[   69.852404][ T5821]  ? tun_rx_batched+0x160/0x8f0
[   69.857238][ T5821]  ? __pfx_netif_receive_skb+0x10/0x10
[   69.862679][ T5821]  ? skb_set_owner_w+0x246/0x380
[   69.867600][ T5821]  ? __pfx_lock_release+0x10/0x10
[   69.872608][ T5821]  ? tun_rx_batched+0x160/0x8f0
[   69.877442][ T5821]  tun_rx_batched+0x1b7/0x8f0
[   69.882102][ T5821]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.888415][ T5821]  ? __pfx_lock_acquire+0x10/0x10
[   69.893422][ T5821]  ? rcu_is_watching+0x15/0xb0
[   69.898175][ T5821]  ? __pfx_tun_rx_batched+0x10/0x10
[   69.903369][ T5821]  tun_get_user+0x30d6/0x4890
[   69.908031][ T5821]  ? tun_get_user+0x2bbe/0x4890
[   69.912876][ T5821]  ? do_raw_spin_unlock+0x13c/0x8b0
[   69.918058][ T5821]  ? __pfx_tun_get_user+0x10/0x10
[   69.923067][ T5821]  ? tun_get+0x1e/0x2f0
[   69.927202][ T5821]  ? rcu_is_watching+0x15/0xb0
[   69.931970][ T5821]  ? tun_get+0x1e/0x2f0
[   69.936107][ T5821]  ? lock_release+0xbf/0xa30
[   69.940678][ T5821]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   69.946119][ T5821]  ? rcu_is_watching+0x15/0xb0
[   69.950865][ T5821]  ? __pfx_lock_release+0x10/0x10
[   69.955871][ T5821]  ? do_raw_spin_lock+0x14f/0x370
[   69.960880][ T5821]  ? tun_get+0x1e/0x2f0
[   69.965017][ T5821]  ? tun_get+0x27d/0x2f0
[   69.969243][ T5821]  tun_chr_write_iter+0x10d/0x1f0
[   69.974251][ T5821]  vfs_write+0xaeb/0xd30
[   69.978479][ T5821]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   69.984009][ T5821]  ? __pfx_vfs_write+0x10/0x10
[   69.988755][ T5821]  ? rcu_is_watching+0x15/0xb0
[   69.993513][ T5821]  ? _raw_spin_unlock_irq+0x2e/0x50
[   69.998711][ T5821]  ? ptrace_notify+0x279/0x380
[   70.003460][ T5821]  ksys_write+0x18f/0x2b0
[   70.007774][ T5821]  ? __pfx_ksys_write+0x10/0x10
[   70.012606][ T5821]  ? rcu_is_watching+0x15/0xb0
[   70.017354][ T5821]  do_syscall_64+0xf3/0x230
[   70.021847][ T5821]  ? clear_bhb_loop+0x35/0x90
[   70.026501][ T5821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.032381][ T5821] RIP: 0033:0x7f941abf7db0
[   70.036778][ T5821] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   70.056368][ T5821] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   70.064765][ T5821] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   70.072720][ T5821] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   70.080672][ T5821] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[   70.088626][ T5821] R10: 00007ffc09853058 R11: 0000000000000202 R12: 000000000000f58e
[   70.096578][ T5821] R13: 00007ffc09852f44 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   70.104538][ T5821]  </TASK>
[   70.107586][ T5821] BUG: Bad page state in process syz-executor285  pfn:7d993
[   70.114903][ T5821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d993
[   70.123687][ T5821] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   70.130813][ T5821] raw: 00fff00000000000 dead000000000040 ffff888022ab4000 0000000000000000
[   70.139418][ T5821] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   70.147984][ T5821] page dumped because: page_pool leak
[   70.153367][ T5821] page_owner tracks the page as allocated
[   70.159443][ T5821] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5821, tgid 5821 (syz-executor285), ts 69443088014, free_ts 68195221179
[   70.176736][ T5821]  post_alloc_hook+0x1f3/0x230
[   70.181525][ T5821]  get_page_from_freelist+0x3651/0x37a0
[   70.187060][ T5821]  __alloc_pages_noprof+0x292/0x710
[   70.192302][ T5821]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   70.197766][ T5821]  __page_pool_alloc_pages_slow+0x122/0x690
[   70.203683][ T5821]  page_pool_alloc_pages+0xd0/0x1c0
[   70.208903][ T5821]  skb_pp_cow_data+0xc43/0x1640
[   70.213735][ T5821]  do_xdp_generic+0x505/0xd30
[   70.218433][ T5821]  __netif_receive_skb_core+0x1ce9/0x4690
[   70.224159][ T5821]  __netif_receive_skb+0x12f/0x650
[   70.229291][ T5821]  netif_receive_skb+0x1e8/0x890
[   70.234230][ T5821]  tun_rx_batched+0x1b7/0x8f0
[   70.238929][ T5821]  tun_get_user+0x30d6/0x4890
[   70.243608][ T5821]  tun_chr_write_iter+0x10d/0x1f0
[   70.248650][ T5821]  vfs_write+0xaeb/0xd30
[   70.252895][ T5821]  ksys_write+0x18f/0x2b0
[   70.257214][ T5821] page last free pid 5181 tgid 5181 stack trace:
[   70.263550][ T5821]  free_unref_page+0xde3/0x1130
[   70.268420][ T5821]  __slab_free+0x31b/0x3d0
[   70.272819][ T5821]  qlist_free_all+0x9a/0x140
[   70.277391][ T5821]  kasan_quarantine_reduce+0x14f/0x170
[   70.282873][ T5821]  __kasan_slab_alloc+0x23/0x80
[   70.287731][ T5821]  __kmalloc_cache_noprof+0x1d9/0x390
[   70.293124][ T5821]  syslog_print+0x121/0x9c0
[   70.297633][ T5821]  do_syslog+0x3c2/0x820
[   70.301889][ T5821]  __x64_sys_syslog+0x7c/0x90
[   70.306569][ T5821]  do_syscall_64+0xf3/0x230
[   70.311094][ T5821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.316993][ T5821] Modules linked in:
[   70.320909][ T5821] CPU: 1 UID: 0 PID: 5821 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   70.333493][ T5821] Tainted: [B]=BAD_PAGE
[   70.337626][ T5821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   70.347663][ T5821] Call Trace:
[   70.350926][ T5821]  <TASK>
[   70.353842][ T5821]  dump_stack_lvl+0x241/0x360
[   70.358508][ T5821]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.363693][ T5821]  ? __pfx_print_modules+0x10/0x10
[   70.368788][ T5821]  bad_page+0x176/0x1d0
[   70.372929][ T5821]  free_unref_page+0x1048/0x1130
[   70.377853][ T5821]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   70.383471][ T5821]  bpf_xdp_adjust_tail+0x1c3/0x200
[   70.388569][ T5821]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   70.394006][ T5821]  bpf_prog_run_generic_xdp+0x686/0x1510
[   70.399627][ T5821]  do_xdp_generic+0x757/0xd30
[   70.404289][ T5821]  ? __pfx_do_xdp_generic+0x10/0x10
[   70.409467][ T5821]  ? rcu_is_watching+0x15/0xb0
[   70.414219][ T5821]  ? rcu_is_watching+0x15/0xb0
[   70.418965][ T5821]  ? count_memcg_event_mm+0x94/0x420
[   70.424230][ T5821]  __netif_receive_skb_core+0x1ce9/0x4690
[   70.429938][ T5821]  ? handle_mm_fault+0x173f/0x1ad0
[   70.435030][ T5821]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   70.441080][ T5821]  ? rcu_is_watching+0x15/0xb0
[   70.445823][ T5821]  ? lock_release+0xbf/0xa30
[   70.450394][ T5821]  ? __pfx_lock_acquire+0x10/0x10
[   70.455395][ T5821]  ? __up_read+0x2c2/0x6b0
[   70.459800][ T5821]  ? rcu_is_watching+0x15/0xb0
[   70.464556][ T5821]  __netif_receive_skb+0x12f/0x650
[   70.469653][ T5821]  ? __pfx_lock_acquire+0x10/0x10
[   70.474656][ T5821]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   70.480882][ T5821]  ? __pfx___netif_receive_skb+0x10/0x10
[   70.486496][ T5821]  ? tun_rx_batched+0x160/0x8f0
[   70.491330][ T5821]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   70.497030][ T5821]  ? read_tsc+0x9/0x20
[   70.501082][ T5821]  ? ktime_get_with_offset+0x249/0x290
[   70.506525][ T5821]  ? netif_receive_skb+0x131/0x890
[   70.511619][ T5821]  netif_receive_skb+0x1e8/0x890
[   70.516537][ T5821]  ? tun_rx_batched+0x160/0x8f0
[   70.521372][ T5821]  ? __pfx_netif_receive_skb+0x10/0x10
[   70.526815][ T5821]  ? skb_set_owner_w+0x246/0x380
[   70.531734][ T5821]  ? __pfx_lock_release+0x10/0x10
[   70.536741][ T5821]  ? tun_rx_batched+0x160/0x8f0
[   70.541578][ T5821]  tun_rx_batched+0x1b7/0x8f0
[   70.546238][ T5821]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   70.552565][ T5821]  ? __pfx_lock_acquire+0x10/0x10
[   70.557573][ T5821]  ? rcu_is_watching+0x15/0xb0
[   70.562317][ T5821]  ? __pfx_tun_rx_batched+0x10/0x10
[   70.567502][ T5821]  tun_get_user+0x30d6/0x4890
[   70.572164][ T5821]  ? tun_get_user+0x2bbe/0x4890
[   70.577023][ T5821]  ? do_raw_spin_unlock+0x13c/0x8b0
[   70.582205][ T5821]  ? __pfx_tun_get_user+0x10/0x10
[   70.587213][ T5821]  ? tun_get+0x1e/0x2f0
[   70.591352][ T5821]  ? rcu_is_watching+0x15/0xb0
[   70.596097][ T5821]  ? tun_get+0x1e/0x2f0
[   70.600234][ T5821]  ? lock_release+0xbf/0xa30
[   70.604802][ T5821]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   70.610241][ T5821]  ? rcu_is_watching+0x15/0xb0
[   70.614988][ T5821]  ? __pfx_lock_release+0x10/0x10
[   70.620002][ T5821]  ? do_raw_spin_lock+0x14f/0x370
[   70.625022][ T5821]  ? tun_get+0x1e/0x2f0
[   70.629161][ T5821]  ? tun_get+0x27d/0x2f0
[   70.633388][ T5821]  tun_chr_write_iter+0x10d/0x1f0
[   70.638398][ T5821]  vfs_write+0xaeb/0xd30
[   70.642627][ T5821]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   70.648163][ T5821]  ? __pfx_vfs_write+0x10/0x10
[   70.652923][ T5821]  ? rcu_is_watching+0x15/0xb0
[   70.657668][ T5821]  ? _raw_spin_unlock_irq+0x2e/0x50
[   70.662850][ T5821]  ? ptrace_notify+0x279/0x380
[   70.667596][ T5821]  ksys_write+0x18f/0x2b0
[   70.671914][ T5821]  ? __pfx_ksys_write+0x10/0x10
[   70.676751][ T5821]  ? rcu_is_watching+0x15/0xb0
[   70.681507][ T5821]  do_syscall_64+0xf3/0x230
[   70.685993][ T5821]  ? clear_bhb_loop+0x35/0x90
[   70.690648][ T5821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.696613][ T5821] RIP: 0033:0x7f941abf7db0
[   70.701015][ T5821] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   70.720619][ T5821] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   70.729016][ T5821] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   70.736970][ T5821] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   70.744925][ T5821] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[   70.752878][ T5821] R10: 00007ffc09853058 R11: 0000000000000202 R12: 000000000000f58e
[   70.760830][ T5821] R13: 00007ffc09852f44 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   70.768786][ T5821]  </TASK>
[   70.771855][ T5821] BUG: Bad page state in process syz-executor285  pfn:7d992
[   70.779157][ T5821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d992
[   70.787901][ T5821] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   70.795031][ T5821] raw: 00fff00000000000 dead000000000040 ffff888022ab4000 0000000000000000
[   70.803631][ T5821] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   70.812222][ T5821] page dumped because: page_pool leak
[   70.817585][ T5821] page_owner tracks the page as allocated
[   70.823324][ T5821] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5821, tgid 5821 (syz-executor285), ts 69443079449, free_ts 68195221179
[   70.840625][ T5821]  post_alloc_hook+0x1f3/0x230
[   70.845384][ T5821]  get_page_from_freelist+0x3651/0x37a0
[   70.850949][ T5821]  __alloc_pages_noprof+0x292/0x710
[   70.856154][ T5821]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   70.861632][ T5821]  __page_pool_alloc_pages_slow+0x122/0x690
[   70.867528][ T5821]  page_pool_alloc_pages+0xd0/0x1c0
[   70.872755][ T5821]  skb_pp_cow_data+0xc43/0x1640
[   70.877604][ T5821]  do_xdp_generic+0x505/0xd30
[   70.882301][ T5821]  __netif_receive_skb_core+0x1ce9/0x4690
[   70.888021][ T5821]  __netif_receive_skb+0x12f/0x650
[   70.893152][ T5821]  netif_receive_skb+0x1e8/0x890
[   70.898091][ T5821]  tun_rx_batched+0x1b7/0x8f0
[   70.902789][ T5821]  tun_get_user+0x30d6/0x4890
[   70.907472][ T5821]  tun_chr_write_iter+0x10d/0x1f0
[   70.912513][ T5821]  vfs_write+0xaeb/0xd30
[   70.916762][ T5821]  ksys_write+0x18f/0x2b0
[   70.921108][ T5821] page last free pid 5181 tgid 5181 stack trace:
[   70.927429][ T5821]  free_unref_page+0xde3/0x1130
[   70.932298][ T5821]  __slab_free+0x31b/0x3d0
[   70.936716][ T5821]  qlist_free_all+0x9a/0x140
[   70.941328][ T5821]  kasan_quarantine_reduce+0x14f/0x170
[   70.946788][ T5821]  __kasan_slab_alloc+0x23/0x80
[   70.951662][ T5821]  __kmalloc_cache_noprof+0x1d9/0x390
[   70.957033][ T5821]  syslog_print+0x121/0x9c0
[   70.961555][ T5821]  do_syslog+0x3c2/0x820
[   70.965798][ T5821]  __x64_sys_syslog+0x7c/0x90
[   70.970492][ T5821]  do_syscall_64+0xf3/0x230
[   70.974995][ T5821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.980908][ T5821] Modules linked in:
[   70.984802][ T5821] CPU: 1 UID: 0 PID: 5821 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   70.997366][ T5821] Tainted: [B]=BAD_PAGE
[   71.001498][ T5821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   71.011532][ T5821] Call Trace:
[   71.014792][ T5821]  <TASK>
[   71.017707][ T5821]  dump_stack_lvl+0x241/0x360
[   71.022377][ T5821]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.027558][ T5821]  ? __pfx_print_modules+0x10/0x10
[   71.032654][ T5821]  bad_page+0x176/0x1d0
[   71.036792][ T5821]  free_unref_page+0x1048/0x1130
[   71.041719][ T5821]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   71.047344][ T5821]  bpf_xdp_adjust_tail+0x1c3/0x200
[   71.052441][ T5821]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   71.057896][ T5821]  bpf_prog_run_generic_xdp+0x686/0x1510
[   71.063518][ T5821]  do_xdp_generic+0x757/0xd30
[   71.068188][ T5821]  ? __pfx_do_xdp_generic+0x10/0x10
[   71.073368][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.078118][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.082868][ T5821]  ? count_memcg_event_mm+0x94/0x420
[   71.088150][ T5821]  __netif_receive_skb_core+0x1ce9/0x4690
[   71.093891][ T5821]  ? handle_mm_fault+0x173f/0x1ad0
[   71.099001][ T5821]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   71.105061][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.109813][ T5821]  ? lock_release+0xbf/0xa30
[   71.114386][ T5821]  ? __pfx_lock_acquire+0x10/0x10
[   71.119391][ T5821]  ? __up_read+0x2c2/0x6b0
[   71.123799][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.128546][ T5821]  __netif_receive_skb+0x12f/0x650
[   71.133644][ T5821]  ? __pfx_lock_acquire+0x10/0x10
[   71.138667][ T5821]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   71.144891][ T5821]  ? __pfx___netif_receive_skb+0x10/0x10
[   71.150506][ T5821]  ? tun_rx_batched+0x160/0x8f0
[   71.155337][ T5821]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   71.161038][ T5821]  ? read_tsc+0x9/0x20
[   71.165088][ T5821]  ? ktime_get_with_offset+0x249/0x290
[   71.170530][ T5821]  ? netif_receive_skb+0x131/0x890
[   71.175623][ T5821]  netif_receive_skb+0x1e8/0x890
[   71.180541][ T5821]  ? tun_rx_batched+0x160/0x8f0
[   71.185376][ T5821]  ? __pfx_netif_receive_skb+0x10/0x10
[   71.190818][ T5821]  ? skb_set_owner_w+0x246/0x380
[   71.195736][ T5821]  ? __pfx_lock_release+0x10/0x10
[   71.200745][ T5821]  ? tun_rx_batched+0x160/0x8f0
[   71.205579][ T5821]  tun_rx_batched+0x1b7/0x8f0
[   71.210240][ T5821]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   71.216561][ T5821]  ? __pfx_lock_acquire+0x10/0x10
[   71.221564][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.226310][ T5821]  ? __pfx_tun_rx_batched+0x10/0x10
[   71.231493][ T5821]  tun_get_user+0x30d6/0x4890
[   71.236155][ T5821]  ? tun_get_user+0x2bbe/0x4890
[   71.240995][ T5821]  ? do_raw_spin_unlock+0x13c/0x8b0
[   71.246176][ T5821]  ? __pfx_tun_get_user+0x10/0x10
[   71.251185][ T5821]  ? tun_get+0x1e/0x2f0
[   71.255321][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.260069][ T5821]  ? tun_get+0x1e/0x2f0
[   71.264209][ T5821]  ? lock_release+0xbf/0xa30
[   71.268792][ T5821]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   71.274230][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.278981][ T5821]  ? __pfx_lock_release+0x10/0x10
[   71.283989][ T5821]  ? do_raw_spin_lock+0x14f/0x370
[   71.289016][ T5821]  ? tun_get+0x1e/0x2f0
[   71.293160][ T5821]  ? tun_get+0x27d/0x2f0
[   71.297384][ T5821]  tun_chr_write_iter+0x10d/0x1f0
[   71.302391][ T5821]  vfs_write+0xaeb/0xd30
[   71.306618][ T5821]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   71.312143][ T5821]  ? __pfx_vfs_write+0x10/0x10
[   71.316892][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.321639][ T5821]  ? _raw_spin_unlock_irq+0x2e/0x50
[   71.326819][ T5821]  ? ptrace_notify+0x279/0x380
[   71.331568][ T5821]  ksys_write+0x18f/0x2b0
[   71.335881][ T5821]  ? __pfx_ksys_write+0x10/0x10
[   71.340714][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.345460][ T5821]  do_syscall_64+0xf3/0x230
[   71.349945][ T5821]  ? clear_bhb_loop+0x35/0x90
[   71.354604][ T5821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.360489][ T5821] RIP: 0033:0x7f941abf7db0
[   71.364882][ T5821] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   71.384488][ T5821] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   71.392888][ T5821] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   71.400849][ T5821] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   71.408813][ T5821] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[   71.416769][ T5821] R10: 00007ffc09853058 R11: 0000000000000202 R12: 000000000000f58e
[   71.424723][ T5821] R13: 00007ffc09852f44 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   71.432686][ T5821]  </TASK>
[   71.435729][ T5821] BUG: Bad page state in process syz-executor285  pfn:7d991
[   71.443037][ T5821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x7d991
[   71.451812][ T5821] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   71.458945][ T5821] raw: 00fff00000000000 dead000000000040 ffff888022ab4000 0000000000000000
[   71.467513][ T5821] raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
[   71.476112][ T5821] page dumped because: page_pool leak
[   71.481492][ T5821] page_owner tracks the page as allocated
[   71.487188][ T5821] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5821, tgid 5821 (syz-executor285), ts 69443070981, free_ts 68195221179
[   71.504488][ T5821]  post_alloc_hook+0x1f3/0x230
[   71.509289][ T5821]  get_page_from_freelist+0x3651/0x37a0
[   71.514964][ T5821]  __alloc_pages_noprof+0x292/0x710
[   71.520198][ T5821]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   71.525664][ T5821]  __page_pool_alloc_pages_slow+0x122/0x690
[   71.531593][ T5821]  page_pool_alloc_pages+0xd0/0x1c0
[   71.536802][ T5821]  skb_pp_cow_data+0xc43/0x1640
[   71.541720][ T5821]  do_xdp_generic+0x505/0xd30
[   71.546413][ T5821]  __netif_receive_skb_core+0x1ce9/0x4690
[   71.552212][ T5821]  __netif_receive_skb+0x12f/0x650
[   71.557345][ T5821]  netif_receive_skb+0x1e8/0x890
[   71.562541][ T5821]  tun_rx_batched+0x1b7/0x8f0
[   71.567228][ T5821]  tun_get_user+0x30d6/0x4890
[   71.571953][ T5821]  tun_chr_write_iter+0x10d/0x1f0
[   71.576987][ T5821]  vfs_write+0xaeb/0xd30
[   71.581257][ T5821]  ksys_write+0x18f/0x2b0
[   71.585619][ T5821] page last free pid 5181 tgid 5181 stack trace:
[   71.591963][ T5821]  free_unref_page+0xde3/0x1130
[   71.596826][ T5821]  __slab_free+0x31b/0x3d0
[   71.601275][ T5821]  qlist_free_all+0x9a/0x140
[   71.605868][ T5821]  kasan_quarantine_reduce+0x14f/0x170
[   71.611353][ T5821]  __kasan_slab_alloc+0x23/0x80
[   71.616210][ T5821]  __kmalloc_cache_noprof+0x1d9/0x390
[   71.621607][ T5821]  syslog_print+0x121/0x9c0
[   71.626118][ T5821]  do_syslog+0x3c2/0x820
[   71.630383][ T5821]  __x64_sys_syslog+0x7c/0x90
[   71.635063][ T5821]  do_syscall_64+0xf3/0x230
[   71.639587][ T5821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.645491][ T5821] Modules linked in:
[   71.649419][ T5821] CPU: 1 UID: 0 PID: 5821 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   71.662025][ T5821] Tainted: [B]=BAD_PAGE
[   71.666158][ T5821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   71.676223][ T5821] Call Trace:
[   71.679493][ T5821]  <TASK>
[   71.682409][ T5821]  dump_stack_lvl+0x241/0x360
[   71.687078][ T5821]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.692284][ T5821]  ? __pfx_print_modules+0x10/0x10
[   71.697381][ T5821]  bad_page+0x176/0x1d0
[   71.701522][ T5821]  free_unref_page+0x1048/0x1130
[   71.706448][ T5821]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   71.712065][ T5821]  bpf_xdp_adjust_tail+0x1c3/0x200
[   71.717167][ T5821]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   71.722606][ T5821]  bpf_prog_run_generic_xdp+0x686/0x1510
[   71.728232][ T5821]  do_xdp_generic+0x757/0xd30
[   71.732895][ T5821]  ? __pfx_do_xdp_generic+0x10/0x10
[   71.738072][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.742821][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.747569][ T5821]  ? count_memcg_event_mm+0x94/0x420
[   71.752839][ T5821]  __netif_receive_skb_core+0x1ce9/0x4690
[   71.758560][ T5821]  ? handle_mm_fault+0x173f/0x1ad0
[   71.763659][ T5821]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   71.769715][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.774462][ T5821]  ? lock_release+0xbf/0xa30
[   71.779049][ T5821]  ? __pfx_lock_acquire+0x10/0x10
[   71.784050][ T5821]  ? __up_read+0x2c2/0x6b0
[   71.788451][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.793213][ T5821]  __netif_receive_skb+0x12f/0x650
[   71.798322][ T5821]  ? __pfx_lock_acquire+0x10/0x10
[   71.803339][ T5821]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   71.809574][ T5821]  ? __pfx___netif_receive_skb+0x10/0x10
[   71.815198][ T5821]  ? tun_rx_batched+0x160/0x8f0
[   71.820037][ T5821]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   71.825737][ T5821]  ? read_tsc+0x9/0x20
[   71.829793][ T5821]  ? ktime_get_with_offset+0x249/0x290
[   71.835235][ T5821]  ? netif_receive_skb+0x131/0x890
[   71.840332][ T5821]  netif_receive_skb+0x1e8/0x890
[   71.845252][ T5821]  ? tun_rx_batched+0x160/0x8f0
[   71.850089][ T5821]  ? __pfx_netif_receive_skb+0x10/0x10
[   71.855554][ T5821]  ? skb_set_owner_w+0x246/0x380
[   71.860475][ T5821]  ? __pfx_lock_release+0x10/0x10
[   71.865478][ T5821]  ? tun_rx_batched+0x160/0x8f0
[   71.870313][ T5821]  tun_rx_batched+0x1b7/0x8f0
[   71.874972][ T5821]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   71.881280][ T5821]  ? __pfx_lock_acquire+0x10/0x10
[   71.886285][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.891031][ T5821]  ? __pfx_tun_rx_batched+0x10/0x10
[   71.896215][ T5821]  tun_get_user+0x30d6/0x4890
[   71.900873][ T5821]  ? tun_get_user+0x2bbe/0x4890
[   71.905714][ T5821]  ? do_raw_spin_unlock+0x13c/0x8b0
[   71.910895][ T5821]  ? __pfx_tun_get_user+0x10/0x10
[   71.915899][ T5821]  ? tun_get+0x1e/0x2f0
[   71.920035][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.924784][ T5821]  ? tun_get+0x1e/0x2f0
[   71.928923][ T5821]  ? lock_release+0xbf/0xa30
[   71.933492][ T5821]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   71.938935][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.943698][ T5821]  ? __pfx_lock_release+0x10/0x10
[   71.948709][ T5821]  ? do_raw_spin_lock+0x14f/0x370
[   71.953719][ T5821]  ? tun_get+0x1e/0x2f0
[   71.957857][ T5821]  ? tun_get+0x27d/0x2f0
[   71.962084][ T5821]  tun_chr_write_iter+0x10d/0x1f0
[   71.967091][ T5821]  vfs_write+0xaeb/0xd30
[   71.971321][ T5821]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   71.976849][ T5821]  ? __pfx_vfs_write+0x10/0x10
[   71.981596][ T5821]  ? rcu_is_watching+0x15/0xb0
[   71.986341][ T5821]  ? _raw_spin_unlock_irq+0x2e/0x50
[   71.991523][ T5821]  ? ptrace_notify+0x279/0x380
[   71.996269][ T5821]  ksys_write+0x18f/0x2b0
[   72.000583][ T5821]  ? __pfx_ksys_write+0x10/0x10
[   72.005418][ T5821]  ? rcu_is_watching+0x15/0xb0
[   72.010165][ T5821]  do_syscall_64+0xf3/0x230
[   72.014651][ T5821]  ? clear_bhb_loop+0x35/0x90
[   72.019307][ T5821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.025183][ T5821] RIP: 0033:0x7f941abf7db0
[   72.029577][ T5821] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   72.049184][ T5821] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   72.057582][ T5821] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   72.065538][ T5821] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   72.073493][ T5821] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[   72.081447][ T5821] R10: 00007ffc09853058 R11: 0000000000000202 R12: 000000000000f58e
[   72.089398][ T5821] R13: 00007ffc09852f44 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   72.097360][ T5821]  </TASK>
[   72.100407][ T5821] BUG: Bad page state in process syz-executor285  pfn:7d990
[   72.107686][ T5821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807d994400 pfn:0x7d990
[   72.117774][ T5821] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   72.124909][ T5821] raw: 00fff00000000000 dead000000000040 ffff888022ab4000 0000000000000000
[   72.133514][ T5821] raw: ffff88807d994400 0000000000000001 00000000ffffffff 0000000000000000
[   72.142111][ T5821] page dumped because: page_pool leak
[   72.147466][ T5821] page_owner tracks the page as allocated
[   72.153200][ T5821] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5821, tgid 5821 (syz-executor285), ts 69443062769, free_ts 68195221179
[   72.170759][ T5821]  post_alloc_hook+0x1f3/0x230
[   72.175516][ T5821]  get_page_from_freelist+0x3651/0x37a0
[   72.181081][ T5821]  __alloc_pages_noprof+0x292/0x710
[   72.186287][ T5821]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   72.191763][ T5821]  __page_pool_alloc_pages_slow+0x122/0x690
[   72.197667][ T5821]  page_pool_alloc_pages+0xd0/0x1c0
[   72.202889][ T5821]  skb_pp_cow_data+0xc43/0x1640
[   72.207741][ T5821]  do_xdp_generic+0x505/0xd30
[   72.212440][ T5821]  __netif_receive_skb_core+0x1ce9/0x4690
[   72.218197][ T5821]  __netif_receive_skb+0x12f/0x650
[   72.223304][ T5821]  netif_receive_skb+0x1e8/0x890
[   72.228255][ T5821]  tun_rx_batched+0x1b7/0x8f0
[   72.232933][ T5821]  tun_get_user+0x30d6/0x4890
[   72.237596][ T5821]  tun_chr_write_iter+0x10d/0x1f0
[   72.242638][ T5821]  vfs_write+0xaeb/0xd30
[   72.246891][ T5821]  ksys_write+0x18f/0x2b0
[   72.251239][ T5821] page last free pid 5181 tgid 5181 stack trace:
[   72.257559][ T5821]  free_unref_page+0xde3/0x1130
[   72.262430][ T5821]  __slab_free+0x31b/0x3d0
[   72.266849][ T5821]  qlist_free_all+0x9a/0x140
[   72.271462][ T5821]  kasan_quarantine_reduce+0x14f/0x170
[   72.276923][ T5821]  __kasan_slab_alloc+0x23/0x80
[   72.281793][ T5821]  __kmalloc_cache_noprof+0x1d9/0x390
[   72.287167][ T5821]  syslog_print+0x121/0x9c0
[   72.291695][ T5821]  do_syslog+0x3c2/0x820
[   72.295940][ T5821]  __x64_sys_syslog+0x7c/0x90
[   72.300637][ T5821]  do_syscall_64+0xf3/0x230
[   72.305149][ T5821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.311071][ T5821] Modules linked in:
[   72.314976][ T5821] CPU: 1 UID: 0 PID: 5821 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   72.327556][ T5821] Tainted: [B]=BAD_PAGE
[   72.331684][ T5821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   72.341719][ T5821] Call Trace:
[   72.344982][ T5821]  <TASK>
[   72.347898][ T5821]  dump_stack_lvl+0x241/0x360
[   72.352564][ T5821]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.357746][ T5821]  ? __pfx_print_modules+0x10/0x10
[   72.362855][ T5821]  bad_page+0x176/0x1d0
[   72.366993][ T5821]  free_unref_page+0x1048/0x1130
[   72.371917][ T5821]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[   72.377538][ T5821]  bpf_xdp_adjust_tail+0x1c3/0x200
[   72.382634][ T5821]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   72.388077][ T5821]  bpf_prog_run_generic_xdp+0x686/0x1510
[   72.393696][ T5821]  do_xdp_generic+0x757/0xd30
[   72.398359][ T5821]  ? __pfx_do_xdp_generic+0x10/0x10
[   72.403537][ T5821]  ? rcu_is_watching+0x15/0xb0
[   72.408288][ T5821]  ? rcu_is_watching+0x15/0xb0
[   72.413054][ T5821]  ? count_memcg_event_mm+0x94/0x420
[   72.418351][ T5821]  __netif_receive_skb_core+0x1ce9/0x4690
[   72.424075][ T5821]  ? handle_mm_fault+0x173f/0x1ad0
[   72.429193][ T5821]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   72.435252][ T5821]  ? rcu_is_watching+0x15/0xb0
[   72.440006][ T5821]  ? lock_release+0xbf/0xa30
[   72.444579][ T5821]  ? __pfx_lock_acquire+0x10/0x10
[   72.449589][ T5821]  ? __up_read+0x2c2/0x6b0
[   72.453992][ T5821]  ? rcu_is_watching+0x15/0xb0
[   72.458742][ T5821]  __netif_receive_skb+0x12f/0x650
[   72.463844][ T5821]  ? __pfx_lock_acquire+0x10/0x10
[   72.468854][ T5821]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   72.475080][ T5821]  ? __pfx___netif_receive_skb+0x10/0x10
[   72.480700][ T5821]  ? tun_rx_batched+0x160/0x8f0
[   72.485535][ T5821]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   72.491237][ T5821]  ? read_tsc+0x9/0x20
[   72.495289][ T5821]  ? ktime_get_with_offset+0x249/0x290
[   72.500732][ T5821]  ? netif_receive_skb+0x131/0x890
[   72.505841][ T5821]  netif_receive_skb+0x1e8/0x890
[   72.510777][ T5821]  ? tun_rx_batched+0x160/0x8f0
[   72.515612][ T5821]  ? __pfx_netif_receive_skb+0x10/0x10
[   72.521056][ T5821]  ? skb_set_owner_w+0x246/0x380
[   72.525978][ T5821]  ? __pfx_lock_release+0x10/0x10
[   72.530989][ T5821]  ? tun_rx_batched+0x160/0x8f0
[   72.535826][ T5821]  tun_rx_batched+0x1b7/0x8f0
[   72.540488][ T5821]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.546800][ T5821]  ? __pfx_lock_acquire+0x10/0x10
[   72.551803][ T5821]  ? rcu_is_watching+0x15/0xb0
[   72.556552][ T5821]  ? __pfx_tun_rx_batched+0x10/0x10
[   72.561743][ T5821]  tun_get_user+0x30d6/0x4890
[   72.566404][ T5821]  ? tun_get_user+0x2bbe/0x4890
[   72.571244][ T5821]  ? do_raw_spin_unlock+0x13c/0x8b0
[   72.576424][ T5821]  ? __pfx_tun_get_user+0x10/0x10
[   72.581436][ T5821]  ? tun_get+0x1e/0x2f0
[   72.585579][ T5821]  ? rcu_is_watching+0x15/0xb0
[   72.590329][ T5821]  ? tun_get+0x1e/0x2f0
[   72.594468][ T5821]  ? lock_release+0xbf/0xa30
[   72.599036][ T5821]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   72.604476][ T5821]  ? rcu_is_watching+0x15/0xb0
[   72.609224][ T5821]  ? __pfx_lock_release+0x10/0x10
[   72.614232][ T5821]  ? do_raw_spin_lock+0x14f/0x370
[   72.619256][ T5821]  ? tun_get+0x1e/0x2f0
[   72.623399][ T5821]  ? tun_get+0x27d/0x2f0
[   72.627624][ T5821]  tun_chr_write_iter+0x10d/0x1f0
[   72.632652][ T5821]  vfs_write+0xaeb/0xd30
[   72.636880][ T5821]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   72.642409][ T5821]  ? __pfx_vfs_write+0x10/0x10
[   72.647157][ T5821]  ? rcu_is_watching+0x15/0xb0
[   72.651903][ T5821]  ? _raw_spin_unlock_irq+0x2e/0x50
[   72.657085][ T5821]  ? ptrace_notify+0x279/0x380
[   72.661835][ T5821]  ksys_write+0x18f/0x2b0
[   72.666149][ T5821]  ? __pfx_ksys_write+0x10/0x10
[   72.670985][ T5821]  ? rcu_is_watching+0x15/0xb0
[   72.675732][ T5821]  do_syscall_64+0xf3/0x230
[   72.680220][ T5821]  ? clear_bhb_loop+0x35/0x90
[   72.684878][ T5821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.690760][ T5821] RIP: 0033:0x7f941abf7db0
[   72.695169][ T5821] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   72.714770][ T5821] RSP: 002b:00007ffc09852f28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   72.723174][ T5821] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f941abf7db0
[   72.731135][ T5821] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[   72.739101][ T5821] RBP: 0000000000000000 R08: 00007ffc09853058 R09: 00007ffc09853058
[   72.747087][ T5821] R10: 00007ffc09853058 R11: 0000000000000202 R12: 000000000000f58e
[   72.755057][ T5821] R13: 00007ffc09852f44 R14: 00007ffc09852f60 R15: 00007ffc09852f50
[   72.763017][ T5821]  </TASK>
[   72.766085][ T5821] BUG: Bad page state in process syz-executor285  pfn:7d42f
[   72.773385][ T5821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d42f
[   72.782162][ T5821] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   72.789289][ T5821] raw: 00fff00000000000 dead000000000040 ffff888022ab4000 0000000000000000
[   72.797853][ T5821] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   72.806446][ T5821] page dumped because: page_pool leak
[   72.811852][ T5821] page_owner tracks the page as allocated
[   72.817552][ T5821] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5821, tgid 5821 (syz-executor285), ts 69443055442, free_ts 68195238460
[   72.834848][ T5821]  post_alloc_hook+0x1f3/0x230
[   72.839635][ T5821]  get_page_from_freelist+0x3651/0x37a0
[   72.845172][ T5821]  __alloc_pages_noprof+0x292/0x710
[   72.850389][ T5821]  alloc_pages_bulk_noprof+0x70b/0xcc0
[   72.855853][ T5821]  __page_pool_alloc_pages_slow+0x122/0x690
[   72.861771][ T5821]  page_pool_alloc_pages+0xd0/0x1c0
[   72.866975][ T5821]  skb_pp_cow_data+0xc43/0x1640
[   72.871847][ T5821]  do_xdp_generic+0x505/0xd30
[   72.876528][ T5821]  __netif_receive_skb_core+0x1ce9/0x4690
[   72.882270][ T5821]  __netif_receive_skb+0x12f/0x650
[   72.887383][ T5821]  netif_receive_skb+0x1e8/0x890
[   72.892346][ T5821]  tun_rx_batched+0x1b7/0x8f0
[   72.897028][ T5821]  tun_get_user+0x30d6/0x4890
[   72.901721][ T5821]  tun_chr_write_iter+0x10d/0x1f0
[   72.906747][ T5821]  vfs_write+0xaeb/0xd30
[   72.911009][ T5821]  ksys_write+0x18f/0x2b0
[   72.915342][ T5821] page last free pid 5181 tgid 5181 stack trace:
[   72.921682][ T5821]  free_unref_page+0xde3/0x1130
[   72.926539][ T5821]  __put_partials+0xeb/0x130
[   72.931147][ T5821]  put_cpu_partial+0x17c/0x250
[   72.935912][ T5821]  __slab_free+0x2ea/0x3d0
[   72.940348][ T5821]  qlist_free_all+0x9a/0x140
[   72.944939][ T5821]  kasan_quarantine_reduce+0x14f/0x170
[   72.950417][ T5821]  __kasan_slab_alloc+0x23/0x80
[   72.955270][ T5821]  __kmalloc_cache_noprof+0x1d9/0x390
[   72.960659][ T5821]  syslog_print+0x121/0x9c0
[   72.965167][ T5821]  do_syslog+0x3c2/0x820
[   72.969423][ T5821]  __x64_sys_syslog+0x7c/0x90
[   72.974098][ T5821]  do_syscall_64+0xf3/0x230
[   72.978623][ T5821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.984533][ T5821] Modules linked in:
[   72.988458][ T5821] CPU: 1 UID: 0 PID: 5821 Comm: syz-executor285 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[   73.001042][ T5821] Tainted: [B]=BAD_PAGE