Warning: Permanently added '10.128.0.160' (ED25519) to the list of known hosts.
2024/12/22 23:07:17 ignoring optional flag "sandboxArg"="0"
2024/12/22 23:07:18 parsed 1 programs
[  104.309603][ T6233] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  107.162685][ T6258] chnl_net:caif_netlink_parms(): no params data found
[  107.220340][ T6258] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.227508][ T6258] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.235023][ T6258] bridge_slave_0: entered allmulticast mode
[  107.242586][ T6258] bridge_slave_0: entered promiscuous mode
[  107.252815][ T6258] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.260346][ T6258] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.267592][ T6258] bridge_slave_1: entered allmulticast mode
[  107.274823][ T6258] bridge_slave_1: entered promiscuous mode
[  107.298467][ T6258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.309752][ T6258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.333112][ T6258] team0: Port device team_slave_0 added
[  107.341872][ T6258] team0: Port device team_slave_1 added
[  107.364331][ T6258] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.371381][ T6258] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.397714][ T6258] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.410058][ T6258] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.417655][ T6258] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.444144][ T6258] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.478879][ T6258] hsr_slave_0: entered promiscuous mode
[  107.485386][ T6258] hsr_slave_1: entered promiscuous mode
[  108.004226][ T6258] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  108.015116][ T6258] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  108.025733][ T6258] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  108.037679][ T6258] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  108.064888][ T6258] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.072213][ T6258] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.079860][ T6258] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.087030][ T6258] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.146138][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.156308][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.182800][ T6258] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.203945][ T6258] 8021q: adding VLAN 0 to HW filter on device team0
[  108.215173][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.222982][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.243657][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.250840][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.431477][ T6258] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.478168][ T6258] veth0_vlan: entered promiscuous mode
[  108.490996][ T6258] veth1_vlan: entered promiscuous mode
[  108.524583][ T6258] veth0_macvtap: entered promiscuous mode
[  108.534993][ T6258] veth1_macvtap: entered promiscuous mode
[  108.558852][ T6258] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.576291][ T6258] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.592374][ T6258] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.603731][ T6258] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.614707][ T6258] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.625221][ T6258] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.811501][ T1100] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.894518][ T1100] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.987466][ T1100] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.023510][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  109.037255][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  109.046582][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  109.058826][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  109.067756][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  109.083596][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  109.094413][ T1100] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.527535][ T3540] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.535954][ T3540] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.573000][ T1133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.581196][ T1133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/12/22 23:07:29 executed programs: 0
[  111.673504][ T5133] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  111.687057][ T5133] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  111.696629][ T5133] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  111.704977][ T5133] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  111.713679][ T5133] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  111.722983][ T5133] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  111.901244][ T6467] chnl_net:caif_netlink_parms(): no params data found
[  112.009135][ T6467] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.016574][ T6467] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.024591][ T6467] bridge_slave_0: entered allmulticast mode
[  112.032569][ T6467] bridge_slave_0: entered promiscuous mode
[  112.045130][ T6467] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.052990][ T6467] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.060922][ T6467] bridge_slave_1: entered allmulticast mode
[  112.068057][ T6467] bridge_slave_1: entered promiscuous mode
[  112.095590][ T6467] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  112.109296][ T6467] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  112.142071][ T6467] team0: Port device team_slave_0 added
[  112.151399][ T6467] team0: Port device team_slave_1 added
[  112.185439][ T6467] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.192654][ T6467] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.224962][ T6467] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  112.238521][ T6467] batman_adv: batadv0: Adding interface: batadv_slave_1
[  112.247454][ T6467] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.275950][ T6467] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  112.317865][ T6467] hsr_slave_0: entered promiscuous mode
[  112.324820][ T6467] hsr_slave_1: entered promiscuous mode
[  112.332267][ T6467] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  112.341062][ T6467] Cannot create hsr debugfs directory
[  112.483903][ T1100] bridge_slave_1: left allmulticast mode
[  112.490417][ T1100] bridge_slave_1: left promiscuous mode
[  112.496305][ T1100] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.507324][ T1100] bridge_slave_0: left allmulticast mode
[  112.514491][ T1100] bridge_slave_0: left promiscuous mode
[  112.521374][ T1100] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.824751][ T1100] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  112.835463][ T1100] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  112.845834][ T1100] bond0 (unregistering): Released all slaves
[  112.943307][ T1100] hsr_slave_0: left promiscuous mode
[  112.961973][ T1100] hsr_slave_1: left promiscuous mode
[  112.974637][ T1100] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  112.984948][ T1100] batman_adv: batadv0: Removing interface: batadv_slave_0
[  112.993438][ T1100] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  113.003689][ T1100] batman_adv: batadv0: Removing interface: batadv_slave_1
[  113.024720][ T1100] veth1_macvtap: left promiscuous mode
[  113.030724][ T1100] veth0_macvtap: left promiscuous mode
[  113.036834][ T1100] veth1_vlan: left promiscuous mode
[  113.045619][ T1100] veth0_vlan: left promiscuous mode
[  113.527133][ T1100] team0 (unregistering): Port device team_slave_1 removed
[  113.582026][ T1100] team0 (unregistering): Port device team_slave_0 removed
[  113.819497][   T54] Bluetooth: hci0: command tx timeout
[  114.301790][ T6467] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  114.320098][ T6467] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  114.343248][ T6467] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  114.357872][ T6467] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  114.788929][ T6467] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.817809][ T6467] 8021q: adding VLAN 0 to HW filter on device team0
[  114.851334][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.858535][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.938749][ T1112] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.945956][ T1112] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.078790][ T6467] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  115.273013][ T6467] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.317620][ T6467] veth0_vlan: entered promiscuous mode
[  115.333212][ T6467] veth1_vlan: entered promiscuous mode
[  115.371073][ T6467] veth0_macvtap: entered promiscuous mode
[  115.389001][ T6467] veth1_macvtap: entered promiscuous mode
[  115.408660][ T6467] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.426949][ T6467] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.454174][ T6467] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.463165][ T6467] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.473311][ T6467] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.484267][ T6467] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.569942][ T3540] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.578002][ T3540] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.607466][ T3540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.616197][ T3540] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.692913][ T6612] BUG: Bad page state in process syz.0.15  pfn:2546d
[  115.699865][ T6612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802546d140 pfn:0x2546d
[  115.710153][ T6612] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  115.717317][ T6612] raw: 00fff00000000000 dead000000000040 ffff8880216a6000 0000000000000000
[  115.726379][ T6612] raw: ffff88802546d140 0000000000000001 00000000ffffffff 0000000000000000
[  115.735317][ T6612] page dumped because: page_pool leak
[  115.740787][ T6612] page_owner tracks the page as allocated
[  115.746776][ T6612] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6612, tgid 6611 (syz.0.15), ts 115692805134, free_ts 115167509591
[  115.763726][ T6612]  post_alloc_hook+0x1f3/0x230
[  115.768556][ T6612]  get_page_from_freelist+0x3651/0x37a0
[  115.774410][ T6612]  __alloc_pages_noprof+0x292/0x710
[  115.779975][ T6612]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  115.785481][ T6612]  __page_pool_alloc_pages_slow+0x122/0x690
[  115.791629][ T6612]  page_pool_alloc_pages+0xd0/0x1c0
[  115.796898][ T6612]  skb_pp_cow_data+0xc43/0x1640
[  115.801854][ T6612]  do_xdp_generic+0x505/0xd30
[  115.806579][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  115.812390][ T6612]  __netif_receive_skb+0x12f/0x650
[  115.817558][ T6612]  netif_receive_skb+0x1e8/0x890
[  115.822599][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  115.827410][ T6612]  tun_get_user+0x30cc/0x48a0
[  115.832268][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  115.837388][ T6612]  vfs_write+0xaeb/0xd30
[  115.841805][ T6612]  ksys_write+0x18f/0x2b0
[  115.846206][ T6612] page last free pid 6595 tgid 6595 stack trace:
[  115.852623][ T6612]  free_unref_folios+0xe23/0x1890
[  115.857837][ T6612]  folios_put_refs+0x76c/0x860
[  115.862682][ T6612]  free_pages_and_swap_cache+0x2ea/0x690
[  115.868361][ T6612]  tlb_flush_mmu+0x3a3/0x680
[  115.873041][ T6612]  tlb_finish_mmu+0xd4/0x200
[  115.877669][ T6612]  exit_mmap+0x496/0xc20
[  115.882141][ T6612]  __mmput+0x115/0x3b0
[  115.886260][ T6612]  exit_mm+0x220/0x310
[  115.890404][ T6612]  do_exit+0x9ad/0x28e0
[  115.894625][ T6612]  do_group_exit+0x207/0x2c0
[  115.899259][ T6612]  __x64_sys_exit_group+0x3f/0x40
[  115.904456][ T6612]  x64_sys_call+0x26a8/0x26b0
[  115.909175][ T6612]  do_syscall_64+0xf3/0x230
[  115.913769][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.919741][ T6612] Modules linked in:
[  115.923693][ T6612] CPU: 0 UID: 0 PID: 6612 Comm: syz.0.15 Not tainted 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  115.933913][ T6612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  115.944359][ T6612] Call Trace:
[  115.947666][ T6612]  <TASK>
[  115.950625][ T6612]  dump_stack_lvl+0x241/0x360
[  115.955349][ T6612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  115.960592][ T6612]  ? __pfx_print_modules+0x10/0x10
[  115.965762][ T6612]  bad_page+0x176/0x1d0
[  115.969990][ T6612]  free_unref_page+0xf9e/0x1000
[  115.974887][ T6612]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  115.980574][ T6612]  bpf_xdp_adjust_tail+0x1c3/0x200
[  115.986189][ T6612]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  115.991864][ T6612]  bpf_prog_run_generic_xdp+0x686/0x1510
[  115.997661][ T6612]  do_xdp_generic+0x757/0xd30
[  116.002404][ T6612]  ? __pfx_do_xdp_generic+0x10/0x10
[  116.007679][ T6612]  ? __skb_flow_dissect+0x4f1/0x7d00
[  116.013022][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  116.018816][ T6612]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  116.025017][ T6612]  ? mark_lock+0x9a/0x360
[  116.029396][ T6612]  ? __lock_acquire+0x1397/0x2100
[  116.034505][ T6612]  __netif_receive_skb+0x12f/0x650
[  116.039766][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  116.044844][ T6612]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  116.051222][ T6612]  ? __pfx___netif_receive_skb+0x10/0x10
[  116.056904][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  116.061800][ T6612]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  116.067565][ T6612]  ? read_tsc+0x9/0x20
[  116.071687][ T6612]  ? netif_receive_skb+0x131/0x890
[  116.076853][ T6612]  ? netif_receive_skb+0x131/0x890
[  116.082012][ T6612]  netif_receive_skb+0x1e8/0x890
[  116.086997][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  116.091985][ T6612]  ? __pfx_netif_receive_skb+0x10/0x10
[  116.097502][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  116.102498][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  116.107398][ T6612]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  116.113789][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  116.118911][ T6612]  ? __pfx_tun_rx_batched+0x10/0x10
[  116.124181][ T6612]  tun_get_user+0x30cc/0x48a0
[  116.128907][ T6612]  ? tun_get_user+0x2bba/0x48a0
[  116.134076][ T6612]  ? __lock_acquire+0x1397/0x2100
[  116.139328][ T6612]  ? __pfx_tun_get_user+0x10/0x10
[  116.144414][ T6612]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  116.149924][ T6612]  ? tun_get+0x1e/0x2f0
[  116.154125][ T6612]  ? __pfx_lock_release+0x10/0x10
[  116.159212][ T6612]  ? tun_get+0x1e/0x2f0
[  116.163496][ T6612]  ? tun_get+0x27d/0x2f0
[  116.167796][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  116.172866][ T6612]  vfs_write+0xaeb/0xd30
[  116.177161][ T6612]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  116.182789][ T6612]  ? __pfx_vfs_write+0x10/0x10
[  116.187689][ T6612]  ? __fget_files+0x2a/0x410
[  116.192508][ T6612]  ? __fget_files+0x2a/0x410
[  116.197246][ T6612]  ksys_write+0x18f/0x2b0
[  116.201720][ T6612]  ? __pfx_ksys_write+0x10/0x10
[  116.206620][ T6612]  ? do_syscall_64+0x100/0x230
[  116.211462][ T6612]  ? do_syscall_64+0xb6/0x230
[  116.216181][ T6612]  do_syscall_64+0xf3/0x230
[  116.220741][ T6612]  ? clear_bhb_loop+0x35/0x90
[  116.225545][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.231509][ T6612] RIP: 0033:0x7f994ab7e98f
[  116.235959][ T6612] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  116.255776][ T6612] RSP: 002b:00007f994b8f2020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  116.264238][ T6612] RAX: ffffffffffffffda RBX: 00007f994ad45fa0 RCX: 00007f994ab7e98f
[  116.272434][ T6612] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  116.280547][ T6612] RBP: 00007f994abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  116.288642][ T6612] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  116.296742][ T6612] R13: 0000000000000000 R14: 00007f994ad45fa0 R15: 00007ffd240077b8
[  116.304773][ T6612]  </TASK>
[  116.307992][ T6612] Disabling lock debugging due to kernel taint
[  116.315199][ T6612] BUG: Bad page state in process syz.0.15  pfn:7902b
[  116.322109][ T6612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807902bb40 pfn:0x7902b
[  116.332538][ T6612] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  116.339754][ T6612] raw: 00fff00000000000 dead000000000040 ffff8880216a6000 0000000000000000
[  116.348417][ T6612] raw: ffff88807902bb40 0000000000000001 00000000ffffffff 0000000000000000
[  116.357065][ T6612] page dumped because: page_pool leak
[  116.362495][ T6612] page_owner tracks the page as allocated
[  116.368226][ T6612] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6612, tgid 6611 (syz.0.15), ts 115692795762, free_ts 115167518303
[  116.385212][ T6612]  post_alloc_hook+0x1f3/0x230
[  116.390206][ T6612]  get_page_from_freelist+0x3651/0x37a0
[  116.395881][ T6612]  __alloc_pages_noprof+0x292/0x710
[  116.401185][ T6612]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  116.406715][ T6612]  __page_pool_alloc_pages_slow+0x122/0x690
[  116.412715][ T6612]  page_pool_alloc_pages+0xd0/0x1c0
[  116.418043][ T6612]  skb_pp_cow_data+0xc43/0x1640
[  116.422985][ T6612]  do_xdp_generic+0x505/0xd30
[  116.427696][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  116.433535][ T6612]  __netif_receive_skb+0x12f/0x650
[  116.438681][ T6612]  netif_receive_skb+0x1e8/0x890
[  116.443877][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  116.448600][ T6612]  tun_get_user+0x30cc/0x48a0
[  116.453431][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  116.458534][ T6612]  vfs_write+0xaeb/0xd30
[  116.462941][ T6612]  ksys_write+0x18f/0x2b0
[  116.467299][ T6612] page last free pid 6595 tgid 6595 stack trace:
[  116.473923][ T6612]  free_unref_folios+0xe23/0x1890
[  116.478984][ T6612]  folios_put_refs+0x76c/0x860
[  116.484003][ T6612]  free_pages_and_swap_cache+0x2ea/0x690
[  116.489959][ T6612]  tlb_flush_mmu+0x3a3/0x680
[  116.494586][ T6612]  tlb_finish_mmu+0xd4/0x200
[  116.499292][ T6612]  exit_mmap+0x496/0xc20
[  116.503606][ T6612]  __mmput+0x115/0x3b0
[  116.507712][ T6612]  exit_mm+0x220/0x310
[  116.511943][ T6612]  do_exit+0x9ad/0x28e0
[  116.516217][ T6612]  do_group_exit+0x207/0x2c0
[  116.521009][ T6612]  __x64_sys_exit_group+0x3f/0x40
[  116.526073][ T6612]  x64_sys_call+0x26a8/0x26b0
[  116.531061][ T6612]  do_syscall_64+0xf3/0x230
[  116.535689][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.541682][ T6612] Modules linked in:
[  116.546164][ T6612] CPU: 0 UID: 0 PID: 6612 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  116.558084][ T6612] Tainted: [B]=BAD_PAGE
[  116.562349][ T6612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  116.572688][ T6612] Call Trace:
[  116.576071][ T6612]  <TASK>
[  116.579025][ T6612]  dump_stack_lvl+0x241/0x360
[  116.583735][ T6612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.589145][ T6612]  ? __pfx_print_modules+0x10/0x10
[  116.594297][ T6612]  bad_page+0x176/0x1d0
[  116.598578][ T6612]  free_unref_page+0xf9e/0x1000
[  116.603467][ T6612]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  116.609231][ T6612]  bpf_xdp_adjust_tail+0x1c3/0x200
[  116.614471][ T6612]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  116.620095][ T6612]  bpf_prog_run_generic_xdp+0x686/0x1510
[  116.625780][ T6612]  do_xdp_generic+0x757/0xd30
[  116.630701][ T6612]  ? __pfx_do_xdp_generic+0x10/0x10
[  116.635935][ T6612]  ? __skb_flow_dissect+0x4f1/0x7d00
[  116.641268][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  116.647042][ T6612]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  116.653149][ T6612]  ? mark_lock+0x9a/0x360
[  116.657512][ T6612]  ? __lock_acquire+0x1397/0x2100
[  116.662672][ T6612]  __netif_receive_skb+0x12f/0x650
[  116.667948][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  116.673013][ T6612]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  116.679292][ T6612]  ? __pfx___netif_receive_skb+0x10/0x10
[  116.684959][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  116.689844][ T6612]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  116.695784][ T6612]  ? read_tsc+0x9/0x20
[  116.699900][ T6612]  ? netif_receive_skb+0x131/0x890
[  116.705051][ T6612]  ? netif_receive_skb+0x131/0x890
[  116.710197][ T6612]  netif_receive_skb+0x1e8/0x890
[  116.715176][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  116.720064][ T6612]  ? __pfx_netif_receive_skb+0x10/0x10
[  116.725567][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  116.730454][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  116.735254][ T6612]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  116.741613][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  116.746679][ T6612]  ? __pfx_tun_rx_batched+0x10/0x10
[  116.751926][ T6612]  tun_get_user+0x30cc/0x48a0
[  116.756635][ T6612]  ? tun_get_user+0x2bba/0x48a0
[  116.761539][ T6612]  ? __lock_acquire+0x1397/0x2100
[  116.766705][ T6612]  ? __pfx_tun_get_user+0x10/0x10
[  116.771866][ T6612]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  116.777366][ T6612]  ? tun_get+0x1e/0x2f0
[  116.781819][ T6612]  ? __pfx_lock_release+0x10/0x10
[  116.786887][ T6612]  ? tun_get+0x1e/0x2f0
[  116.791074][ T6612]  ? tun_get+0x27d/0x2f0
[  116.795446][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  116.800514][ T6612]  vfs_write+0xaeb/0xd30
[  116.804792][ T6612]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  116.810372][ T6612]  ? __pfx_vfs_write+0x10/0x10
[  116.815410][ T6612]  ? __fget_files+0x2a/0x410
[  116.820114][ T6612]  ? __fget_files+0x2a/0x410
[  116.824742][ T6612]  ksys_write+0x18f/0x2b0
[  116.829111][ T6612]  ? __pfx_ksys_write+0x10/0x10
[  116.834007][ T6612]  ? do_syscall_64+0x100/0x230
[  116.838806][ T6612]  ? do_syscall_64+0xb6/0x230
[  116.843527][ T6612]  do_syscall_64+0xf3/0x230
[  116.848332][ T6612]  ? clear_bhb_loop+0x35/0x90
[  116.853073][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.859015][ T6612] RIP: 0033:0x7f994ab7e98f
[  116.863466][ T6612] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  116.883276][ T6612] RSP: 002b:00007f994b8f2020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  116.891815][ T6612] RAX: ffffffffffffffda RBX: 00007f994ad45fa0 RCX: 00007f994ab7e98f
[  116.899818][ T6612] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  116.907913][ T6612] RBP: 00007f994abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  116.916003][ T6612] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  116.924086][ T6612] R13: 0000000000000000 R14: 00007f994ad45fa0 R15: 00007ffd240077b8
[  116.932180][ T6612]  </TASK>
[  116.935322][ T6612] BUG: Bad page state in process syz.0.15  pfn:27648
[  116.942056][ T6612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888027648e58 pfn:0x27648
[  116.952191][ T6612] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  116.959327][ T6612] raw: 00fff00000000000 dead000000000040 ffff8880216a6000 0000000000000000
[  116.968018][ T6612] raw: ffff888027648e58 0000000000000001 00000000ffffffff 0000000000000000
[  116.976801][ T6612] page dumped because: page_pool leak
[  116.982229][ T6612] page_owner tracks the page as allocated
[  116.988039][ T6612] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6612, tgid 6611 (syz.0.15), ts 115692785971, free_ts 115167536005
[  117.005025][ T6612]  post_alloc_hook+0x1f3/0x230
[  117.010096][ T6612]  get_page_from_freelist+0x3651/0x37a0
[  117.015926][ T6612]  __alloc_pages_noprof+0x292/0x710
[  117.021180][ T6612]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  117.026752][ T6612]  __page_pool_alloc_pages_slow+0x122/0x690
[  117.033187][ T6612]  page_pool_alloc_pages+0xd0/0x1c0
[  117.038758][ T6612]  skb_pp_cow_data+0xc43/0x1640
[  117.043822][ T6612]  do_xdp_generic+0x505/0xd30
[  117.048701][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  117.054469][ T6612]  __netif_receive_skb+0x12f/0x650
[  117.059622][ T6612]  netif_receive_skb+0x1e8/0x890
[  117.064603][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  117.069442][ T6612]  tun_get_user+0x30cc/0x48a0
[  117.074319][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  117.079436][ T6612]  vfs_write+0xaeb/0xd30
[  117.083707][ T6612]  ksys_write+0x18f/0x2b0
[  117.088414][ T6612] page last free pid 6595 tgid 6595 stack trace:
[  117.094843][ T6612]  free_unref_folios+0xe23/0x1890
[  117.100015][ T6612]  folios_put_refs+0x76c/0x860
[  117.105182][ T6612]  free_pages_and_swap_cache+0x2ea/0x690
[  117.110966][ T6612]  tlb_flush_mmu+0x3a3/0x680
[  117.115596][ T6612]  tlb_finish_mmu+0xd4/0x200
[  117.120283][ T6612]  exit_mmap+0x496/0xc20
[  117.124566][ T6612]  __mmput+0x115/0x3b0
[  117.128652][ T6612]  exit_mm+0x220/0x310
[  117.132859][ T6612]  do_exit+0x9ad/0x28e0
[  117.137151][ T6612]  do_group_exit+0x207/0x2c0
[  117.142009][ T6612]  __x64_sys_exit_group+0x3f/0x40
[  117.147105][ T6612]  x64_sys_call+0x26a8/0x26b0
[  117.151836][ T6612]  do_syscall_64+0xf3/0x230
[  117.156459][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.162481][ T6612] Modules linked in:
[  117.166406][ T6612] CPU: 0 UID: 0 PID: 6612 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  117.178073][ T6612] Tainted: [B]=BAD_PAGE
[  117.182352][ T6612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  117.192401][ T6612] Call Trace:
[  117.195679][ T6612]  <TASK>
[  117.198616][ T6612]  dump_stack_lvl+0x241/0x360
[  117.203288][ T6612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.208495][ T6612]  ? __pfx_print_modules+0x10/0x10
[  117.213816][ T6612]  bad_page+0x176/0x1d0
[  117.217982][ T6612]  free_unref_page+0xf9e/0x1000
[  117.222915][ T6612]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  117.228575][ T6612]  bpf_xdp_adjust_tail+0x1c3/0x200
[  117.233721][ T6612]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  117.239196][ T6612]  bpf_prog_run_generic_xdp+0x686/0x1510
[  117.244854][ T6612]  do_xdp_generic+0x757/0xd30
[  117.249541][ T6612]  ? __pfx_do_xdp_generic+0x10/0x10
[  117.254944][ T6612]  ? __skb_flow_dissect+0x4f1/0x7d00
[  117.260400][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  117.266271][ T6612]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  117.272352][ T6612]  ? mark_lock+0x9a/0x360
[  117.276858][ T6612]  ? __lock_acquire+0x1397/0x2100
[  117.281929][ T6612]  __netif_receive_skb+0x12f/0x650
[  117.287229][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  117.292253][ T6612]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  117.298558][ T6612]  ? __pfx___netif_receive_skb+0x10/0x10
[  117.304463][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  117.309507][ T6612]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  117.315347][ T6612]  ? read_tsc+0x9/0x20
[  117.319441][ T6612]  ? netif_receive_skb+0x131/0x890
[  117.324593][ T6612]  ? netif_receive_skb+0x131/0x890
[  117.329900][ T6612]  netif_receive_skb+0x1e8/0x890
[  117.334859][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  117.339951][ T6612]  ? __pfx_netif_receive_skb+0x10/0x10
[  117.345406][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  117.350249][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  117.354917][ T6612]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  117.361236][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  117.366404][ T6612]  ? __pfx_tun_rx_batched+0x10/0x10
[  117.371620][ T6612]  tun_get_user+0x30cc/0x48a0
[  117.376328][ T6612]  ? tun_get_user+0x2bba/0x48a0
[  117.381184][ T6612]  ? __lock_acquire+0x1397/0x2100
[  117.386417][ T6612]  ? __pfx_tun_get_user+0x10/0x10
[  117.391657][ T6612]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  117.397204][ T6612]  ? tun_get+0x1e/0x2f0
[  117.401356][ T6612]  ? __pfx_lock_release+0x10/0x10
[  117.406391][ T6612]  ? tun_get+0x1e/0x2f0
[  117.410579][ T6612]  ? tun_get+0x27d/0x2f0
[  117.414890][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  117.419916][ T6612]  vfs_write+0xaeb/0xd30
[  117.424236][ T6612]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  117.429867][ T6612]  ? __pfx_vfs_write+0x10/0x10
[  117.434641][ T6612]  ? __fget_files+0x2a/0x410
[  117.439407][ T6612]  ? __fget_files+0x2a/0x410
[  117.444094][ T6612]  ksys_write+0x18f/0x2b0
[  117.448431][ T6612]  ? __pfx_ksys_write+0x10/0x10
[  117.453360][ T6612]  ? do_syscall_64+0x100/0x230
[  117.458149][ T6612]  ? do_syscall_64+0xb6/0x230
[  117.462837][ T6612]  do_syscall_64+0xf3/0x230
[  117.467541][ T6612]  ? clear_bhb_loop+0x35/0x90
[  117.472218][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.478229][ T6612] RIP: 0033:0x7f994ab7e98f
[  117.482676][ T6612] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  117.502318][ T6612] RSP: 002b:00007f994b8f2020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  117.510750][ T6612] RAX: ffffffffffffffda RBX: 00007f994ad45fa0 RCX: 00007f994ab7e98f
[  117.518816][ T6612] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  117.526920][ T6612] RBP: 00007f994abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  117.534991][ T6612] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  117.543058][ T6612] R13: 0000000000000000 R14: 00007f994ad45fa0 R15: 00007ffd240077b8
[  117.551235][ T6612]  </TASK>
[  117.554324][ T6612] BUG: Bad page state in process syz.0.15  pfn:33a63
[  117.561179][ T6612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888033a630f0 pfn:0x33a63
[  117.571295][ T6612] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  117.578526][ T6612] raw: 00fff00000000000 dead000000000040 ffff8880216a6000 0000000000000000
[  117.587427][ T6612] raw: ffff888033a630f0 0000000000000001 00000000ffffffff 0000000000000000
[  117.596049][ T6612] page dumped because: page_pool leak
[  117.601699][ T6612] page_owner tracks the page as allocated
[  117.607479][ T6612] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6612, tgid 6611 (syz.0.15), ts 115692776685, free_ts 115167561535
[  117.624916][ T6612]  post_alloc_hook+0x1f3/0x230
[  117.629824][ T6612]  get_page_from_freelist+0x3651/0x37a0
[  117.635387][ T6612]  __alloc_pages_noprof+0x292/0x710
[  117.640651][ T6612]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  117.646183][ T6612]  __page_pool_alloc_pages_slow+0x122/0x690
[  117.652249][ T6612]  page_pool_alloc_pages+0xd0/0x1c0
[  117.657683][ T6612]  skb_pp_cow_data+0xc43/0x1640
[  117.662583][ T6612]  do_xdp_generic+0x505/0xd30
[  117.667283][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  117.673094][ T6612]  __netif_receive_skb+0x12f/0x650
[  117.678526][ T6612]  netif_receive_skb+0x1e8/0x890
[  117.683549][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  117.688438][ T6612]  tun_get_user+0x30cc/0x48a0
[  117.693282][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  117.698531][ T6612]  vfs_write+0xaeb/0xd30
[  117.702848][ T6612]  ksys_write+0x18f/0x2b0
[  117.707270][ T6612] page last free pid 6595 tgid 6595 stack trace:
[  117.713849][ T6612]  free_unref_folios+0xe23/0x1890
[  117.718997][ T6612]  folios_put_refs+0x76c/0x860
[  117.723990][ T6612]  free_pages_and_swap_cache+0x2ea/0x690
[  117.729714][ T6612]  tlb_flush_mmu+0x3a3/0x680
[  117.734687][ T6612]  tlb_finish_mmu+0xd4/0x200
[  117.739290][ T6612]  exit_mmap+0x496/0xc20
[  117.743691][ T6612]  __mmput+0x115/0x3b0
[  117.747784][ T6612]  exit_mm+0x220/0x310
[  117.751892][ T6612]  do_exit+0x9ad/0x28e0
[  117.756073][ T6612]  do_group_exit+0x207/0x2c0
[  117.760818][ T6612]  __x64_sys_exit_group+0x3f/0x40
[  117.765948][ T6612]  x64_sys_call+0x26a8/0x26b0
[  117.770764][ T6612]  do_syscall_64+0xf3/0x230
[  117.775305][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.781264][ T6612] Modules linked in:
[  117.785184][ T6612] CPU: 0 UID: 0 PID: 6612 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  117.796851][ T6612] Tainted: [B]=BAD_PAGE
[  117.801199][ T6612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  117.811370][ T6612] Call Trace:
[  117.814745][ T6612]  <TASK>
[  117.818016][ T6612]  dump_stack_lvl+0x241/0x360
[  117.822720][ T6612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.827922][ T6612]  ? __pfx_print_modules+0x10/0x10
[  117.833045][ T6612]  bad_page+0x176/0x1d0
[  117.837302][ T6612]  free_unref_page+0xf9e/0x1000
[  117.842181][ T6612]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  117.847909][ T6612]  bpf_xdp_adjust_tail+0x1c3/0x200
[  117.853040][ T6612]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  117.858492][ T6612]  bpf_prog_run_generic_xdp+0x686/0x1510
[  117.864324][ T6612]  do_xdp_generic+0x757/0xd30
[  117.869034][ T6612]  ? __pfx_do_xdp_generic+0x10/0x10
[  117.874428][ T6612]  ? __skb_flow_dissect+0x4f1/0x7d00
[  117.879985][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  117.885818][ T6612]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  117.892086][ T6612]  ? mark_lock+0x9a/0x360
[  117.896418][ T6612]  ? __lock_acquire+0x1397/0x2100
[  117.901687][ T6612]  __netif_receive_skb+0x12f/0x650
[  117.906806][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  117.911923][ T6612]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  117.918322][ T6612]  ? __pfx___netif_receive_skb+0x10/0x10
[  117.923968][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  117.928813][ T6612]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  117.934537][ T6612]  ? read_tsc+0x9/0x20
[  117.938636][ T6612]  ? netif_receive_skb+0x131/0x890
[  117.943758][ T6612]  ? netif_receive_skb+0x131/0x890
[  117.948865][ T6612]  netif_receive_skb+0x1e8/0x890
[  117.953853][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  117.958807][ T6612]  ? __pfx_netif_receive_skb+0x10/0x10
[  117.964295][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  117.969178][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  117.973880][ T6612]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  117.980391][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  117.985441][ T6612]  ? __pfx_tun_rx_batched+0x10/0x10
[  117.990669][ T6612]  tun_get_user+0x30cc/0x48a0
[  117.995350][ T6612]  ? tun_get_user+0x2bba/0x48a0
[  118.000645][ T6612]  ? __lock_acquire+0x1397/0x2100
[  118.005660][ T6612]  ? __pfx_tun_get_user+0x10/0x10
[  118.010689][ T6612]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  118.016163][ T6612]  ? tun_get+0x1e/0x2f0
[  118.020348][ T6612]  ? __pfx_lock_release+0x10/0x10
[  118.025429][ T6612]  ? tun_get+0x1e/0x2f0
[  118.029581][ T6612]  ? tun_get+0x27d/0x2f0
[  118.033904][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  118.038925][ T6612]  vfs_write+0xaeb/0xd30
[  118.043164][ T6612]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  118.048839][ T6612]  ? __pfx_vfs_write+0x10/0x10
[  118.053611][ T6612]  ? __fget_files+0x2a/0x410
[  118.058216][ T6612]  ? __fget_files+0x2a/0x410
[  118.062897][ T6612]  ksys_write+0x18f/0x2b0
[  118.067242][ T6612]  ? __pfx_ksys_write+0x10/0x10
[  118.072101][ T6612]  ? do_syscall_64+0x100/0x230
[  118.076882][ T6612]  ? do_syscall_64+0xb6/0x230
[  118.081668][ T6612]  do_syscall_64+0xf3/0x230
[  118.086427][ T6612]  ? clear_bhb_loop+0x35/0x90
[  118.091211][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.097502][ T6612] RIP: 0033:0x7f994ab7e98f
[  118.102137][ T6612] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  118.121931][ T6612] RSP: 002b:00007f994b8f2020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  118.130389][ T6612] RAX: ffffffffffffffda RBX: 00007f994ad45fa0 RCX: 00007f994ab7e98f
[  118.138452][ T6612] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  118.146607][ T6612] RBP: 00007f994abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  118.154937][ T6612] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  118.162912][ T6612] R13: 0000000000000000 R14: 00007f994ad45fa0 R15: 00007ffd240077b8
[  118.170934][ T6612]  </TASK>
[  118.174025][ T6612] BUG: Bad page state in process syz.0.15  pfn:34644
[  118.181356][ T6612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888034644280 pfn:0x34644
[  118.191558][ T6612] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  118.198681][ T6612] raw: 00fff00000000000 dead000000000040 ffff8880216a6000 0000000000000000
[  118.207399][ T6612] raw: ffff888034644280 0000000000000001 00000000ffffffff 0000000000000000
[  118.216280][ T6612] page dumped because: page_pool leak
[  118.221704][ T6612] page_owner tracks the page as allocated
[  118.227605][ T6612] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6612, tgid 6611 (syz.0.15), ts 115692765971, free_ts 115167570067
[  118.244609][ T6612]  post_alloc_hook+0x1f3/0x230
[  118.249428][ T6612]  get_page_from_freelist+0x3651/0x37a0
[  118.254996][ T6612]  __alloc_pages_noprof+0x292/0x710
[  118.260244][ T6612]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  118.265751][ T6612]  __page_pool_alloc_pages_slow+0x122/0x690
[  118.271783][ T6612]  page_pool_alloc_pages+0xd0/0x1c0
[  118.277632][ T6612]  skb_pp_cow_data+0xc43/0x1640
[  118.282628][ T6612]  do_xdp_generic+0x505/0xd30
[  118.287422][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  118.293228][ T6612]  __netif_receive_skb+0x12f/0x650
[  118.298506][ T6612]  netif_receive_skb+0x1e8/0x890
[  118.305109][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  118.310217][ T6612]  tun_get_user+0x30cc/0x48a0
[  118.316010][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  118.321474][ T6612]  vfs_write+0xaeb/0xd30
[  118.325762][ T6612]  ksys_write+0x18f/0x2b0
[  118.330334][ T6612] page last free pid 6595 tgid 6595 stack trace:
[  118.336828][ T6612]  free_unref_folios+0xe23/0x1890
[  118.341904][ T6612]  folios_put_refs+0x76c/0x860
[  118.346683][ T6612]  free_pages_and_swap_cache+0x2ea/0x690
[  118.352378][ T6612]  tlb_flush_mmu+0x3a3/0x680
[  118.357013][ T6612]  tlb_finish_mmu+0xd4/0x200
[  118.361722][ T6612]  exit_mmap+0x496/0xc20
[  118.365984][ T6612]  __mmput+0x115/0x3b0
[  118.370455][ T6612]  exit_mm+0x220/0x310
[  118.374634][ T6612]  do_exit+0x9ad/0x28e0
[  118.378806][ T6612]  do_group_exit+0x207/0x2c0
[  118.383452][ T6612]  __x64_sys_exit_group+0x3f/0x40
[  118.388702][ T6612]  x64_sys_call+0x26a8/0x26b0
[  118.393894][ T6612]  do_syscall_64+0xf3/0x230
[  118.398450][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.404631][ T6612] Modules linked in:
[  118.408570][ T6612] CPU: 0 UID: 0 PID: 6612 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  118.420136][ T6612] Tainted: [B]=BAD_PAGE
[  118.424421][ T6612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  118.434501][ T6612] Call Trace:
[  118.437837][ T6612]  <TASK>
[  118.440835][ T6612]  dump_stack_lvl+0x241/0x360
[  118.445629][ T6612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.450889][ T6612]  ? __pfx_print_modules+0x10/0x10
[  118.456016][ T6612]  bad_page+0x176/0x1d0
[  118.460270][ T6612]  free_unref_page+0xf9e/0x1000
[  118.465317][ T6612]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  118.471064][ T6612]  bpf_xdp_adjust_tail+0x1c3/0x200
[  118.476165][ T6612]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  118.481619][ T6612]  bpf_prog_run_generic_xdp+0x686/0x1510
[  118.487339][ T6612]  do_xdp_generic+0x757/0xd30
[  118.492037][ T6612]  ? __pfx_do_xdp_generic+0x10/0x10
[  118.497223][ T6612]  ? __skb_flow_dissect+0x4f1/0x7d00
[  118.502610][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  118.508334][ T6612]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  118.514680][ T6612]  ? mark_lock+0x9a/0x360
[  118.519070][ T6612]  ? __lock_acquire+0x1397/0x2100
[  118.524116][ T6612]  __netif_receive_skb+0x12f/0x650
[  118.529438][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  118.534586][ T6612]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  118.540834][ T6612]  ? __pfx___netif_receive_skb+0x10/0x10
[  118.546513][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  118.551372][ T6612]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  118.557100][ T6612]  ? read_tsc+0x9/0x20
[  118.561189][ T6612]  ? netif_receive_skb+0x131/0x890
[  118.566338][ T6612]  ? netif_receive_skb+0x131/0x890
[  118.571472][ T6612]  netif_receive_skb+0x1e8/0x890
[  118.576407][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  118.581251][ T6612]  ? __pfx_netif_receive_skb+0x10/0x10
[  118.586738][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  118.591865][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  118.596565][ T6612]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  118.603209][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  118.608225][ T6612]  ? __pfx_tun_rx_batched+0x10/0x10
[  118.613439][ T6612]  tun_get_user+0x30cc/0x48a0
[  118.618220][ T6612]  ? tun_get_user+0x2bba/0x48a0
[  118.623155][ T6612]  ? __lock_acquire+0x1397/0x2100
[  118.628189][ T6612]  ? __pfx_tun_get_user+0x10/0x10
[  118.633323][ T6612]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  118.638861][ T6612]  ? tun_get+0x1e/0x2f0
[  118.643007][ T6612]  ? __pfx_lock_release+0x10/0x10
[  118.648018][ T6612]  ? tun_get+0x1e/0x2f0
[  118.652254][ T6612]  ? tun_get+0x27d/0x2f0
[  118.656594][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  118.661715][ T6612]  vfs_write+0xaeb/0xd30
[  118.665992][ T6612]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  118.671544][ T6612]  ? __pfx_vfs_write+0x10/0x10
[  118.676322][ T6612]  ? __fget_files+0x2a/0x410
[  118.680911][ T6612]  ? __fget_files+0x2a/0x410
[  118.685688][ T6612]  ksys_write+0x18f/0x2b0
[  118.690017][ T6612]  ? __pfx_ksys_write+0x10/0x10
[  118.694871][ T6612]  ? do_syscall_64+0x100/0x230
[  118.699636][ T6612]  ? do_syscall_64+0xb6/0x230
[  118.704329][ T6612]  do_syscall_64+0xf3/0x230
[  118.708871][ T6612]  ? clear_bhb_loop+0x35/0x90
[  118.713583][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.719488][ T6612] RIP: 0033:0x7f994ab7e98f
[  118.723900][ T6612] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  118.743609][ T6612] RSP: 002b:00007f994b8f2020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  118.752040][ T6612] RAX: ffffffffffffffda RBX: 00007f994ad45fa0 RCX: 00007f994ab7e98f
[  118.760006][ T6612] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  118.767989][ T6612] RBP: 00007f994abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  118.776070][ T6612] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  118.784304][ T6612] R13: 0000000000000000 R14: 00007f994ad45fa0 R15: 00007ffd240077b8
[  118.792298][ T6612]  </TASK>
[  118.795411][ T6612] BUG: Bad page state in process syz.0.15  pfn:79e84
[  118.802143][ T6612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807baa2600 pfn:0x79e84
[  118.812372][ T6612] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  118.819524][ T6612] raw: 00fff00000000000 dead000000000040 ffff8880216a6000 0000000000000000
[  118.828102][ T6612] raw: ffff88807baa2600 0000000000000001 00000000ffffffff 0000000000000000
[  118.836761][ T6612] page dumped because: page_pool leak
[  118.842433][ T6612] page_owner tracks the page as allocated
[  118.848220][ T6612] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6612, tgid 6611 (syz.0.15), ts 115692755078, free_ts 115167583866
[  118.865121][ T6612]  post_alloc_hook+0x1f3/0x230
[  118.869926][ T6612]  get_page_from_freelist+0x3651/0x37a0
[  118.875503][ T6612]  __alloc_pages_noprof+0x292/0x710
[  118.880754][ T6612]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  118.886500][ T6612]  __page_pool_alloc_pages_slow+0x122/0x690
[  118.892463][ T6612]  page_pool_alloc_pages+0xd0/0x1c0
[  118.897781][ T6612]  skb_pp_cow_data+0xc43/0x1640
[  118.902779][ T6612]  do_xdp_generic+0x505/0xd30
[  118.907485][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  118.913249][ T6612]  __netif_receive_skb+0x12f/0x650
[  118.918372][ T6612]  netif_receive_skb+0x1e8/0x890
[  118.923346][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  118.928035][ T6612]  tun_get_user+0x30cc/0x48a0
[  118.932747][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  118.937797][ T6612]  vfs_write+0xaeb/0xd30
[  118.942119][ T6612]  ksys_write+0x18f/0x2b0
[  118.946537][ T6612] page last free pid 6595 tgid 6595 stack trace:
[  118.952930][ T6612]  free_unref_folios+0xe23/0x1890
[  118.958088][ T6612]  folios_put_refs+0x76c/0x860
[  118.962973][ T6612]  free_pages_and_swap_cache+0x5c8/0x690
[  118.968966][ T6612]  tlb_flush_mmu+0x3a3/0x680
[  118.973624][ T6612]  tlb_finish_mmu+0xd4/0x200
[  118.978335][ T6612]  exit_mmap+0x496/0xc20
[  118.982724][ T6612]  __mmput+0x115/0x3b0
[  118.986837][ T6612]  exit_mm+0x220/0x310
[  118.991052][ T6612]  do_exit+0x9ad/0x28e0
[  118.995334][ T6612]  do_group_exit+0x207/0x2c0
[  118.999950][ T6612]  __x64_sys_exit_group+0x3f/0x40
[  119.005088][ T6612]  x64_sys_call+0x26a8/0x26b0
[  119.009827][ T6612]  do_syscall_64+0xf3/0x230
[  119.014343][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.020279][ T6612] Modules linked in:
[  119.024794][ T6612] CPU: 0 UID: 0 PID: 6612 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  119.036435][ T6612] Tainted: [B]=BAD_PAGE
[  119.040672][ T6612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  119.050819][ T6612] Call Trace:
[  119.054164][ T6612]  <TASK>
[  119.057195][ T6612]  dump_stack_lvl+0x241/0x360
[  119.062069][ T6612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.067267][ T6612]  ? __pfx_print_modules+0x10/0x10
[  119.072381][ T6612]  bad_page+0x176/0x1d0
[  119.076566][ T6612]  free_unref_page+0xf9e/0x1000
[  119.081513][ T6612]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  119.087252][ T6612]  bpf_xdp_adjust_tail+0x1c3/0x200
[  119.092962][ T6612]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  119.098451][ T6612]  bpf_prog_run_generic_xdp+0x686/0x1510
[  119.104699][ T6612]  do_xdp_generic+0x757/0xd30
[  119.110373][ T6612]  ? __pfx_do_xdp_generic+0x10/0x10
[  119.115736][ T6612]  ? __skb_flow_dissect+0x4f1/0x7d00
[  119.121120][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  119.127271][ T6612]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  119.133406][ T6612]  ? mark_lock+0x9a/0x360
[  119.137781][ T6612]  ? __lock_acquire+0x1397/0x2100
[  119.142835][ T6612]  __netif_receive_skb+0x12f/0x650
[  119.148078][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  119.153177][ T6612]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  119.159477][ T6612]  ? __pfx___netif_receive_skb+0x10/0x10
[  119.165119][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  119.170126][ T6612]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  119.175885][ T6612]  ? read_tsc+0x9/0x20
[  119.179958][ T6612]  ? netif_receive_skb+0x131/0x890
[  119.185165][ T6612]  ? netif_receive_skb+0x131/0x890
[  119.190312][ T6612]  netif_receive_skb+0x1e8/0x890
[  119.195346][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  119.200206][ T6612]  ? __pfx_netif_receive_skb+0x10/0x10
[  119.205678][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  119.210537][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  119.215205][ T6612]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  119.221535][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  119.226547][ T6612]  ? __pfx_tun_rx_batched+0x10/0x10
[  119.231808][ T6612]  tun_get_user+0x30cc/0x48a0
[  119.236489][ T6612]  ? tun_get_user+0x2bba/0x48a0
[  119.241354][ T6612]  ? __lock_acquire+0x1397/0x2100
[  119.246424][ T6612]  ? __pfx_tun_get_user+0x10/0x10
[  119.251470][ T6612]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  119.256930][ T6612]  ? tun_get+0x1e/0x2f0
[  119.261106][ T6612]  ? __pfx_lock_release+0x10/0x10
[  119.266243][ T6612]  ? tun_get+0x1e/0x2f0
[  119.270632][ T6612]  ? tun_get+0x27d/0x2f0
[  119.274985][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  119.280115][ T6612]  vfs_write+0xaeb/0xd30
[  119.284353][ T6612]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  119.289894][ T6612]  ? __pfx_vfs_write+0x10/0x10
[  119.294754][ T6612]  ? __fget_files+0x2a/0x410
[  119.299412][ T6612]  ? __fget_files+0x2a/0x410
[  119.304112][ T6612]  ksys_write+0x18f/0x2b0
[  119.308541][ T6612]  ? __pfx_ksys_write+0x10/0x10
[  119.313385][ T6612]  ? do_syscall_64+0x100/0x230
[  119.318143][ T6612]  ? do_syscall_64+0xb6/0x230
[  119.322835][ T6612]  do_syscall_64+0xf3/0x230
[  119.327612][ T6612]  ? clear_bhb_loop+0x35/0x90
[  119.332282][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.338168][ T6612] RIP: 0033:0x7f994ab7e98f
[  119.342576][ T6612] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  119.362457][ T6612] RSP: 002b:00007f994b8f2020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  119.371231][ T6612] RAX: ffffffffffffffda RBX: 00007f994ad45fa0 RCX: 00007f994ab7e98f
[  119.379513][ T6612] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  119.387498][ T6612] RBP: 00007f994abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  119.395657][ T6612] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  119.403813][ T6612] R13: 0000000000000000 R14: 00007f994ad45fa0 R15: 00007ffd240077b8
[  119.411789][ T6612]  </TASK>
[  119.414861][ T6612] BUG: Bad page state in process syz.0.15  pfn:342f5
[  119.421588][ T6612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880342f53c0 pfn:0x342f5
[  119.431928][ T6612] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  119.439415][ T6612] raw: 00fff00000000000 dead000000000040 ffff8880216a6000 0000000000000000
[  119.448456][ T6612] raw: ffff8880342f53c0 0000000000000001 00000000ffffffff 0000000000000000
[  119.457175][ T6612] page dumped because: page_pool leak
[  119.462583][ T6612] page_owner tracks the page as allocated
[  119.468583][ T6612] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6612, tgid 6611 (syz.0.15), ts 115692743838, free_ts 115167598991
[  119.485525][ T6612]  post_alloc_hook+0x1f3/0x230
[  119.490329][ T6612]  get_page_from_freelist+0x3651/0x37a0
[  119.495880][ T6612]  __alloc_pages_noprof+0x292/0x710
[  119.501380][ T6612]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  119.506954][ T6612]  __page_pool_alloc_pages_slow+0x122/0x690
[  119.513000][ T6612]  page_pool_alloc_pages+0xd0/0x1c0
[  119.518221][ T6612]  skb_pp_cow_data+0xc43/0x1640
[  119.523150][ T6612]  do_xdp_generic+0x505/0xd30
[  119.527876][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  119.533713][ T6612]  __netif_receive_skb+0x12f/0x650
[  119.538849][ T6612]  netif_receive_skb+0x1e8/0x890
[  119.543959][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  119.548677][ T6612]  tun_get_user+0x30cc/0x48a0
[  119.553469][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  119.558558][ T6612]  vfs_write+0xaeb/0xd30
[  119.562870][ T6612]  ksys_write+0x18f/0x2b0
[  119.567246][ T6612] page last free pid 6595 tgid 6595 stack trace:
[  119.573864][ T6612]  free_unref_folios+0xe23/0x1890
[  119.579392][ T6612]  folios_put_refs+0x76c/0x860
[  119.584353][ T6612]  free_pages_and_swap_cache+0x5c8/0x690
[  119.590415][ T6612]  tlb_flush_mmu+0x3a3/0x680
[  119.595035][ T6612]  tlb_finish_mmu+0xd4/0x200
[  119.599768][ T6612]  exit_mmap+0x496/0xc20
[  119.604121][ T6612]  __mmput+0x115/0x3b0
[  119.608798][ T6612]  exit_mm+0x220/0x310
[  119.613035][ T6612]  do_exit+0x9ad/0x28e0
[  119.617232][ T6612]  do_group_exit+0x207/0x2c0
[  119.622265][ T6612]  __x64_sys_exit_group+0x3f/0x40
[  119.627780][ T6612]  x64_sys_call+0x26a8/0x26b0
[  119.632992][ T6612]  do_syscall_64+0xf3/0x230
[  119.637703][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.643873][ T6612] Modules linked in:
[  119.648059][ T6612] CPU: 0 UID: 0 PID: 6612 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  119.659532][ T6612] Tainted: [B]=BAD_PAGE
[  119.663867][ T6612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  119.673930][ T6612] Call Trace:
[  119.677232][ T6612]  <TASK>
[  119.680163][ T6612]  dump_stack_lvl+0x241/0x360
[  119.685041][ T6612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.690240][ T6612]  ? __pfx_print_modules+0x10/0x10
[  119.695479][ T6612]  bad_page+0x176/0x1d0
[  119.699671][ T6612]  free_unref_page+0xf9e/0x1000
[  119.704542][ T6612]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  119.710301][ T6612]  bpf_xdp_adjust_tail+0x1c3/0x200
[  119.715436][ T6612]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  119.720904][ T6612]  bpf_prog_run_generic_xdp+0x686/0x1510
[  119.726556][ T6612]  do_xdp_generic+0x757/0xd30
[  119.731234][ T6612]  ? __pfx_do_xdp_generic+0x10/0x10
[  119.736440][ T6612]  ? __skb_flow_dissect+0x4f1/0x7d00
[  119.741741][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  119.747474][ T6612]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  119.753539][ T6612]  ? mark_lock+0x9a/0x360
[  119.757861][ T6612]  ? __lock_acquire+0x1397/0x2100
[  119.762894][ T6612]  __netif_receive_skb+0x12f/0x650
[  119.768013][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  119.773026][ T6612]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  119.779339][ T6612]  ? __pfx___netif_receive_skb+0x10/0x10
[  119.785113][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  119.789993][ T6612]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  119.795828][ T6612]  ? read_tsc+0x9/0x20
[  119.799899][ T6612]  ? netif_receive_skb+0x131/0x890
[  119.805024][ T6612]  ? netif_receive_skb+0x131/0x890
[  119.810235][ T6612]  netif_receive_skb+0x1e8/0x890
[  119.815181][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  119.820101][ T6612]  ? __pfx_netif_receive_skb+0x10/0x10
[  119.825592][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  119.830449][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  119.835134][ T6612]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  119.841464][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  119.846523][ T6612]  ? __pfx_tun_rx_batched+0x10/0x10
[  119.851738][ T6612]  tun_get_user+0x30cc/0x48a0
[  119.856442][ T6612]  ? tun_get_user+0x2bba/0x48a0
[  119.861296][ T6612]  ? __lock_acquire+0x1397/0x2100
[  119.866496][ T6612]  ? __pfx_tun_get_user+0x10/0x10
[  119.871545][ T6612]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  119.877293][ T6612]  ? tun_get+0x1e/0x2f0
[  119.881560][ T6612]  ? __pfx_lock_release+0x10/0x10
[  119.886623][ T6612]  ? tun_get+0x1e/0x2f0
[  119.890921][ T6612]  ? tun_get+0x27d/0x2f0
[  119.895171][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  119.900212][ T6612]  vfs_write+0xaeb/0xd30
[  119.904456][ T6612]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  119.910129][ T6612]  ? __pfx_vfs_write+0x10/0x10
[  119.914887][ T6612]  ? __fget_files+0x2a/0x410
[  119.919465][ T6612]  ? __fget_files+0x2a/0x410
[  119.924058][ T6612]  ksys_write+0x18f/0x2b0
[  119.928732][ T6612]  ? __pfx_ksys_write+0x10/0x10
[  119.933599][ T6612]  ? do_syscall_64+0x100/0x230
[  119.938387][ T6612]  ? do_syscall_64+0xb6/0x230
[  119.943100][ T6612]  do_syscall_64+0xf3/0x230
[  119.947632][ T6612]  ? clear_bhb_loop+0x35/0x90
[  119.952313][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.958226][ T6612] RIP: 0033:0x7f994ab7e98f
[  119.962659][ T6612] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  119.982529][ T6612] RSP: 002b:00007f994b8f2020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  119.990943][ T6612] RAX: ffffffffffffffda RBX: 00007f994ad45fa0 RCX: 00007f994ab7e98f
[  119.998929][ T6612] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  120.006909][ T6612] RBP: 00007f994abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  120.014890][ T6612] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  120.022859][ T6612] R13: 0000000000000000 R14: 00007f994ad45fa0 R15: 00007ffd240077b8
[  120.030858][ T6612]  </TASK>
[  120.033944][ T6612] BUG: Bad page state in process syz.0.15  pfn:20f13
[  120.040642][ T6612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888020f13000 pfn:0x20f13
[  120.050754][ T6612] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  120.057876][ T6612] raw: 00fff00000000000 dead000000000040 ffff8880216a6000 0000000000000000
[  120.066503][ T6612] raw: ffff888020f13000 0000000000000001 00000000ffffffff 0000000000000000
[  120.075113][ T6612] page dumped because: page_pool leak
[  120.080497][ T6612] page_owner tracks the page as allocated
[  120.086207][ T6612] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6612, tgid 6611 (syz.0.15), ts 115692732517, free_ts 115167610501
[  120.103122][ T6612]  post_alloc_hook+0x1f3/0x230
[  120.107919][ T6612]  get_page_from_freelist+0x3651/0x37a0
[  120.113531][ T6612]  __alloc_pages_noprof+0x292/0x710
[  120.118774][ T6612]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  120.124571][ T6612]  __page_pool_alloc_pages_slow+0x122/0x690
[  120.130547][ T6612]  page_pool_alloc_pages+0xd0/0x1c0
[  120.135835][ T6612]  skb_pp_cow_data+0xc43/0x1640
[  120.140827][ T6612]  do_xdp_generic+0x505/0xd30
[  120.145530][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  120.151342][ T6612]  __netif_receive_skb+0x12f/0x650
[  120.156478][ T6612]  netif_receive_skb+0x1e8/0x890
[  120.161521][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  120.166302][ T6612]  tun_get_user+0x30cc/0x48a0
[  120.171018][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  120.176495][ T6612]  vfs_write+0xaeb/0xd30
[  120.180776][ T6612]  ksys_write+0x18f/0x2b0
[  120.185117][ T6612] page last free pid 6595 tgid 6595 stack trace:
[  120.191552][ T6612]  free_unref_page+0xd2c/0x1000
[  120.196511][ T6612]  tlb_finish_mmu+0x11f/0x200
[  120.201360][ T6612]  exit_mmap+0x496/0xc20
[  120.205782][ T6612]  __mmput+0x115/0x3b0
[  120.209903][ T6612]  exit_mm+0x220/0x310
[  120.214126][ T6612]  do_exit+0x9ad/0x28e0
[  120.218294][ T6612]  do_group_exit+0x207/0x2c0
[  120.222956][ T6612]  __x64_sys_exit_group+0x3f/0x40
[  120.228100][ T6612]  x64_sys_call+0x26a8/0x26b0
[  120.233096][ T6612]  do_syscall_64+0xf3/0x230
[  120.237635][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.243700][ T6612] Modules linked in:
[  120.247631][ T6612] CPU: 0 UID: 0 PID: 6612 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  120.259527][ T6612] Tainted: [B]=BAD_PAGE
[  120.263755][ T6612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  120.273896][ T6612] Call Trace:
[  120.277169][ T6612]  <TASK>
[  120.280196][ T6612]  dump_stack_lvl+0x241/0x360
[  120.285046][ T6612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.290253][ T6612]  ? __pfx_print_modules+0x10/0x10
[  120.295446][ T6612]  bad_page+0x176/0x1d0
[  120.299707][ T6612]  free_unref_page+0xf9e/0x1000
[  120.304655][ T6612]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  120.310424][ T6612]  bpf_xdp_adjust_tail+0x1c3/0x200
[  120.315585][ T6612]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  120.321042][ T6612]  bpf_prog_run_generic_xdp+0x686/0x1510
[  120.326676][ T6612]  do_xdp_generic+0x757/0xd30
[  120.331358][ T6612]  ? __pfx_do_xdp_generic+0x10/0x10
[  120.336841][ T6612]  ? __skb_flow_dissect+0x4f1/0x7d00
[  120.342156][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  120.347899][ T6612]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  120.353979][ T6612]  ? mark_lock+0x9a/0x360
[  120.358390][ T6612]  ? __lock_acquire+0x1397/0x2100
[  120.363511][ T6612]  __netif_receive_skb+0x12f/0x650
[  120.368691][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  120.373942][ T6612]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  120.380453][ T6612]  ? __pfx___netif_receive_skb+0x10/0x10
[  120.386119][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  120.391084][ T6612]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  120.397085][ T6612]  ? read_tsc+0x9/0x20
[  120.401156][ T6612]  ? netif_receive_skb+0x131/0x890
[  120.406264][ T6612]  ? netif_receive_skb+0x131/0x890
[  120.411383][ T6612]  netif_receive_skb+0x1e8/0x890
[  120.416329][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  120.421215][ T6612]  ? __pfx_netif_receive_skb+0x10/0x10
[  120.426706][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  120.431572][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  120.436428][ T6612]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  120.442769][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  120.447814][ T6612]  ? __pfx_tun_rx_batched+0x10/0x10
[  120.453035][ T6612]  tun_get_user+0x30cc/0x48a0
[  120.457715][ T6612]  ? tun_get_user+0x2bba/0x48a0
[  120.462650][ T6612]  ? __lock_acquire+0x1397/0x2100
[  120.467910][ T6612]  ? __pfx_tun_get_user+0x10/0x10
[  120.472948][ T6612]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  120.478494][ T6612]  ? tun_get+0x1e/0x2f0
[  120.482654][ T6612]  ? __pfx_lock_release+0x10/0x10
[  120.487671][ T6612]  ? tun_get+0x1e/0x2f0
[  120.491913][ T6612]  ? tun_get+0x27d/0x2f0
[  120.496164][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  120.501204][ T6612]  vfs_write+0xaeb/0xd30
[  120.505472][ T6612]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  120.511088][ T6612]  ? __pfx_vfs_write+0x10/0x10
[  120.515958][ T6612]  ? __fget_files+0x2a/0x410
[  120.520643][ T6612]  ? __fget_files+0x2a/0x410
[  120.525244][ T6612]  ksys_write+0x18f/0x2b0
[  120.529627][ T6612]  ? __pfx_ksys_write+0x10/0x10
[  120.534490][ T6612]  ? do_syscall_64+0x100/0x230
[  120.539266][ T6612]  ? do_syscall_64+0xb6/0x230
[  120.543982][ T6612]  do_syscall_64+0xf3/0x230
[  120.548488][ T6612]  ? clear_bhb_loop+0x35/0x90
[  120.553184][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.559179][ T6612] RIP: 0033:0x7f994ab7e98f
[  120.563634][ T6612] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  120.583332][ T6612] RSP: 002b:00007f994b8f2020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  120.591741][ T6612] RAX: ffffffffffffffda RBX: 00007f994ad45fa0 RCX: 00007f994ab7e98f
[  120.599717][ T6612] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  120.607800][ T6612] RBP: 00007f994abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  120.615871][ T6612] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  120.624104][ T6612] R13: 0000000000000000 R14: 00007f994ad45fa0 R15: 00007ffd240077b8
[  120.632602][ T6612]  </TASK>
[  120.635683][ T6612] BUG: Bad page state in process syz.0.15  pfn:33ece
[  120.642391][ T6612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888033ece000 pfn:0x33ece
[  120.652601][ T6612] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  120.659779][ T6612] raw: 00fff00000000000 dead000000000040 ffff8880216a6000 0000000000000000
[  120.668372][ T6612] raw: ffff888033ece000 0000000000000001 00000000ffffffff 0000000000000000
[  120.677283][ T6612] page dumped because: page_pool leak
[  120.682905][ T6612] page_owner tracks the page as allocated
[  120.688708][ T6612] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6612, tgid 6611 (syz.0.15), ts 115692721338, free_ts 115167619770
[  120.705617][ T6612]  post_alloc_hook+0x1f3/0x230
[  120.710424][ T6612]  get_page_from_freelist+0x3651/0x37a0
[  120.715962][ T6612]  __alloc_pages_noprof+0x292/0x710
[  120.721214][ T6612]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  120.726853][ T6612]  __page_pool_alloc_pages_slow+0x122/0x690
[  120.733181][ T6612]  page_pool_alloc_pages+0xd0/0x1c0
[  120.738501][ T6612]  skb_pp_cow_data+0xc43/0x1640
[  120.743765][ T6612]  do_xdp_generic+0x505/0xd30
[  120.748552][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  120.754539][ T6612]  __netif_receive_skb+0x12f/0x650
[  120.759799][ T6612]  netif_receive_skb+0x1e8/0x890
[  120.765288][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  120.770050][ T6612]  tun_get_user+0x30cc/0x48a0
[  120.774753][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  120.779848][ T6612]  vfs_write+0xaeb/0xd30
[  120.784103][ T6612]  ksys_write+0x18f/0x2b0
[  120.788420][ T6612] page last free pid 6595 tgid 6595 stack trace:
[  120.795031][ T6612]  free_unref_page+0xd2c/0x1000
[  120.800010][ T6612]  tlb_finish_mmu+0x11f/0x200
[  120.804702][ T6612]  exit_mmap+0x496/0xc20
[  120.808935][ T6612]  __mmput+0x115/0x3b0
[  120.813125][ T6612]  exit_mm+0x220/0x310
[  120.817638][ T6612]  do_exit+0x9ad/0x28e0
[  120.821836][ T6612]  do_group_exit+0x207/0x2c0
[  120.826433][ T6612]  __x64_sys_exit_group+0x3f/0x40
[  120.831490][ T6612]  x64_sys_call+0x26a8/0x26b0
[  120.836187][ T6612]  do_syscall_64+0xf3/0x230
[  120.840724][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.846654][ T6612] Modules linked in:
[  120.850686][ T6612] CPU: 0 UID: 0 PID: 6612 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  120.862156][ T6612] Tainted: [B]=BAD_PAGE
[  120.866467][ T6612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  120.876791][ T6612] Call Trace:
[  120.880411][ T6612]  <TASK>
[  120.883334][ T6612]  dump_stack_lvl+0x241/0x360
[  120.888006][ T6612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.893231][ T6612]  ? __pfx_print_modules+0x10/0x10
[  120.898452][ T6612]  bad_page+0x176/0x1d0
[  120.902625][ T6612]  free_unref_page+0xf9e/0x1000
[  120.907754][ T6612]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  120.913495][ T6612]  bpf_xdp_adjust_tail+0x1c3/0x200
[  120.918694][ T6612]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  120.924174][ T6612]  bpf_prog_run_generic_xdp+0x686/0x1510
[  120.930191][ T6612]  do_xdp_generic+0x757/0xd30
[  120.934861][ T6612]  ? __pfx_do_xdp_generic+0x10/0x10
[  120.940082][ T6612]  ? __skb_flow_dissect+0x4f1/0x7d00
[  120.945475][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  120.951251][ T6612]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  120.957356][ T6612]  ? mark_lock+0x9a/0x360
[  120.961708][ T6612]  ? __lock_acquire+0x1397/0x2100
[  120.966927][ T6612]  __netif_receive_skb+0x12f/0x650
[  120.972155][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  120.977295][ T6612]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  120.983600][ T6612]  ? __pfx___netif_receive_skb+0x10/0x10
[  120.989284][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  120.994151][ T6612]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  120.999978][ T6612]  ? read_tsc+0x9/0x20
[  121.004129][ T6612]  ? netif_receive_skb+0x131/0x890
[  121.009359][ T6612]  ? netif_receive_skb+0x131/0x890
[  121.014513][ T6612]  netif_receive_skb+0x1e8/0x890
[  121.019485][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  121.024372][ T6612]  ? __pfx_netif_receive_skb+0x10/0x10
[  121.030186][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  121.035050][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  121.039823][ T6612]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  121.046144][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  121.051160][ T6612]  ? __pfx_tun_rx_batched+0x10/0x10
[  121.056353][ T6612]  tun_get_user+0x30cc/0x48a0
[  121.061137][ T6612]  ? tun_get_user+0x2bba/0x48a0
[  121.066018][ T6612]  ? __lock_acquire+0x1397/0x2100
[  121.071162][ T6612]  ? __pfx_tun_get_user+0x10/0x10
[  121.076214][ T6612]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  121.081808][ T6612]  ? tun_get+0x1e/0x2f0
[  121.086038][ T6612]  ? __pfx_lock_release+0x10/0x10
[  121.091082][ T6612]  ? tun_get+0x1e/0x2f0
[  121.095270][ T6612]  ? tun_get+0x27d/0x2f0
[  121.099639][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  121.104701][ T6612]  vfs_write+0xaeb/0xd30
[  121.109448][ T6612]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  121.115748][ T6612]  ? __pfx_vfs_write+0x10/0x10
[  121.121229][ T6612]  ? __fget_files+0x2a/0x410
[  121.126095][ T6612]  ? __fget_files+0x2a/0x410
[  121.130757][ T6612]  ksys_write+0x18f/0x2b0
[  121.135293][ T6612]  ? __pfx_ksys_write+0x10/0x10
[  121.141029][ T6612]  ? do_syscall_64+0x100/0x230
[  121.146825][ T6612]  ? do_syscall_64+0xb6/0x230
[  121.152160][ T6612]  do_syscall_64+0xf3/0x230
[  121.157137][ T6612]  ? clear_bhb_loop+0x35/0x90
[  121.162021][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.168464][ T6612] RIP: 0033:0x7f994ab7e98f
[  121.173764][ T6612] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  121.193720][ T6612] RSP: 002b:00007f994b8f2020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  121.202409][ T6612] RAX: ffffffffffffffda RBX: 00007f994ad45fa0 RCX: 00007f994ab7e98f
[  121.210389][ T6612] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  121.218475][ T6612] RBP: 00007f994abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  121.226790][ T6612] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  121.235723][ T6612] R13: 0000000000000000 R14: 00007f994ad45fa0 R15: 00007ffd240077b8
[  121.243944][ T6612]  </TASK>
[  121.247136][ T6612] BUG: Bad page state in process syz.0.15  pfn:73fc7
[  121.253961][ T6612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888073fc7000 pfn:0x73fc7
[  121.264346][ T6612] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  121.272262][ T6612] raw: 00fff00000000000 dead000000000040 ffff8880216a6000 0000000000000000
[  121.280955][ T6612] raw: ffff888073fc7000 0000000000000001 00000000ffffffff 0000000000000000
[  121.290323][ T6612] page dumped because: page_pool leak
[  121.295992][ T6612] page_owner tracks the page as allocated
[  121.301825][ T6612] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6612, tgid 6611 (syz.0.15), ts 115692710374, free_ts 115203644938
[  121.319801][ T6612]  post_alloc_hook+0x1f3/0x230
[  121.327333][ T6612]  get_page_from_freelist+0x3651/0x37a0
[  121.334180][ T6612]  __alloc_pages_noprof+0x292/0x710
[  121.341181][ T6612]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  121.348492][ T6612]  __page_pool_alloc_pages_slow+0x122/0x690
[  121.355314][ T6612]  page_pool_alloc_pages+0xd0/0x1c0
[  121.361094][ T6612]  skb_pp_cow_data+0xc43/0x1640
[  121.366123][ T6612]  do_xdp_generic+0x505/0xd30
[  121.371212][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  121.377099][ T6612]  __netif_receive_skb+0x12f/0x650
[  121.382402][ T6612]  netif_receive_skb+0x1e8/0x890
[  121.387575][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  121.392563][ T6612]  tun_get_user+0x30cc/0x48a0
[  121.397568][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  121.403232][ T6612]  vfs_write+0xaeb/0xd30
[  121.407893][ T6612]  ksys_write+0x18f/0x2b0
[  121.413654][ T6612] page last free pid 6599 tgid 6599 stack trace:
[  121.420776][ T6612]  free_unref_folios+0xe23/0x1890
[  121.426486][ T6612]  folios_put_refs+0x76c/0x860
[  121.431759][ T6612]  free_pages_and_swap_cache+0x2ea/0x690
[  121.437605][ T6612]  tlb_flush_mmu+0x3a3/0x680
[  121.442476][ T6612]  tlb_finish_mmu+0xd4/0x200
[  121.447543][ T6612]  exit_mmap+0x496/0xc20
[  121.451901][ T6612]  __mmput+0x115/0x3b0
[  121.456296][ T6612]  exec_mmap+0x779/0x860
[  121.460876][ T6612]  begin_new_exec+0x1285/0x1f90
[  121.466739][ T6612]  load_elf_binary+0x95b/0x2770
[  121.471982][ T6612]  bprm_execve+0xaf5/0x17a0
[  121.476615][ T6612]  do_execveat_common+0x55f/0x6f0
[  121.481731][ T6612]  __x64_sys_execve+0x92/0xb0
[  121.486631][ T6612]  do_syscall_64+0xf3/0x230
[  121.491307][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.497528][ T6612] Modules linked in:
[  121.501695][ T6612] CPU: 0 UID: 0 PID: 6612 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  121.513618][ T6612] Tainted: [B]=BAD_PAGE
[  121.517792][ T6612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  121.528493][ T6612] Call Trace:
[  121.531979][ T6612]  <TASK>
[  121.535065][ T6612]  dump_stack_lvl+0x241/0x360
[  121.540041][ T6612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.545338][ T6612]  ? __pfx_print_modules+0x10/0x10
[  121.550543][ T6612]  bad_page+0x176/0x1d0
[  121.554861][ T6612]  free_unref_page+0xf9e/0x1000
[  121.560056][ T6612]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  121.565704][ T6612]  bpf_xdp_adjust_tail+0x1c3/0x200
[  121.570859][ T6612]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  121.576355][ T6612]  bpf_prog_run_generic_xdp+0x686/0x1510
[  121.581992][ T6612]  do_xdp_generic+0x757/0xd30
[  121.586836][ T6612]  ? __pfx_do_xdp_generic+0x10/0x10
[  121.592114][ T6612]  ? __skb_flow_dissect+0x4f1/0x7d00
[  121.597498][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  121.603349][ T6612]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  121.609718][ T6612]  ? mark_lock+0x9a/0x360
[  121.615199][ T6612]  ? __lock_acquire+0x1397/0x2100
[  121.620434][ T6612]  __netif_receive_skb+0x12f/0x650
[  121.625853][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  121.631065][ T6612]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  121.637510][ T6612]  ? __pfx___netif_receive_skb+0x10/0x10
[  121.643268][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  121.649188][ T6612]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  121.655126][ T6612]  ? read_tsc+0x9/0x20
[  121.659292][ T6612]  ? netif_receive_skb+0x131/0x890
[  121.664602][ T6612]  ? netif_receive_skb+0x131/0x890
[  121.669743][ T6612]  netif_receive_skb+0x1e8/0x890
[  121.675041][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  121.679984][ T6612]  ? __pfx_netif_receive_skb+0x10/0x10
[  121.685438][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  121.690454][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  121.695457][ T6612]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  121.702323][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  121.707999][ T6612]  ? __pfx_tun_rx_batched+0x10/0x10
[  121.714173][ T6612]  tun_get_user+0x30cc/0x48a0
[  121.718881][ T6612]  ? tun_get_user+0x2bba/0x48a0
[  121.723829][ T6612]  ? __lock_acquire+0x1397/0x2100
[  121.728934][ T6612]  ? __pfx_tun_get_user+0x10/0x10
[  121.734240][ T6612]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  121.740242][ T6612]  ? tun_get+0x1e/0x2f0
[  121.744529][ T6612]  ? __pfx_lock_release+0x10/0x10
[  121.749578][ T6612]  ? tun_get+0x1e/0x2f0
[  121.753765][ T6612]  ? tun_get+0x27d/0x2f0
[  121.758277][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  121.763330][ T6612]  vfs_write+0xaeb/0xd30
[  121.767676][ T6612]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  121.773321][ T6612]  ? __pfx_vfs_write+0x10/0x10
[  121.778170][ T6612]  ? __fget_files+0x2a/0x410
[  121.782771][ T6612]  ? __fget_files+0x2a/0x410
[  121.787468][ T6612]  ksys_write+0x18f/0x2b0
[  121.791823][ T6612]  ? __pfx_ksys_write+0x10/0x10
[  121.796779][ T6612]  ? do_syscall_64+0x100/0x230
[  121.801537][ T6612]  ? do_syscall_64+0xb6/0x230
[  121.806209][ T6612]  do_syscall_64+0xf3/0x230
[  121.810706][ T6612]  ? clear_bhb_loop+0x35/0x90
[  121.815383][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.821450][ T6612] RIP: 0033:0x7f994ab7e98f
[  121.825971][ T6612] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  121.845666][ T6612] RSP: 002b:00007f994b8f2020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  121.854078][ T6612] RAX: ffffffffffffffda RBX: 00007f994ad45fa0 RCX: 00007f994ab7e98f
[  121.862150][ T6612] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  121.870139][ T6612] RBP: 00007f994abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  121.878125][ T6612] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  121.886374][ T6612] R13: 0000000000000000 R14: 00007f994ad45fa0 R15: 00007ffd240077b8
[  121.894347][ T6612]  </TASK>
[  121.897530][ T6612] BUG: Bad page state in process syz.0.15  pfn:1e762
[  121.904595][ T6612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e762
[  121.913772][ T6612] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  121.920931][ T6612] raw: 00fff00000000000 dead000000000040 ffff8880216a6000 0000000000000000
[  121.929736][ T6612] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  121.938342][ T6612] page dumped because: page_pool leak
[  121.943759][ T6612] page_owner tracks the page as allocated
[  121.949517][ T6612] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6612, tgid 6611 (syz.0.15), ts 115692699265, free_ts 115214696309
[  121.966668][ T6612]  post_alloc_hook+0x1f3/0x230
[  121.971663][ T6612]  get_page_from_freelist+0x3651/0x37a0
[  121.977296][ T6612]  __alloc_pages_noprof+0x292/0x710
[  121.982540][ T6612]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  121.988122][ T6612]  __page_pool_alloc_pages_slow+0x122/0x690
[  121.994259][ T6612]  page_pool_alloc_pages+0xd0/0x1c0
[  121.999538][ T6612]  skb_pp_cow_data+0xc43/0x1640
[  122.004488][ T6612]  do_xdp_generic+0x505/0xd30
[  122.009243][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  122.015043][ T6612]  __netif_receive_skb+0x12f/0x650
[  122.020291][ T6612]  netif_receive_skb+0x1e8/0x890
[  122.025222][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  122.029917][ T6612]  tun_get_user+0x30cc/0x48a0
[  122.034623][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  122.039716][ T6612]  vfs_write+0xaeb/0xd30
[  122.043982][ T6612]  ksys_write+0x18f/0x2b0
[  122.048309][ T6612] page last free pid 25 tgid 25 stack trace:
[  122.054496][ T6612]  free_unref_page+0xd2c/0x1000
[  122.059446][ T6612]  vfree+0x1c3/0x360
[  122.063389][ T6612]  delayed_vfree_work+0x56/0x80
[  122.068247][ T6612]  process_scheduled_works+0xa66/0x1840
[  122.073970][ T6612]  worker_thread+0x870/0xd30
[  122.078585][ T6612]  kthread+0x2f0/0x390
[  122.082913][ T6612]  ret_from_fork+0x4b/0x80
[  122.087366][ T6612]  ret_from_fork_asm+0x1a/0x30
[  122.092293][ T6612] Modules linked in:
[  122.096206][ T6612] CPU: 0 UID: 0 PID: 6612 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  122.108409][ T6612] Tainted: [B]=BAD_PAGE
[  122.112590][ T6612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  122.122991][ T6612] Call Trace:
[  122.126497][ T6612]  <TASK>
[  122.129522][ T6612]  dump_stack_lvl+0x241/0x360
[  122.134333][ T6612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  122.139544][ T6612]  ? __pfx_print_modules+0x10/0x10
[  122.144673][ T6612]  bad_page+0x176/0x1d0
[  122.148856][ T6612]  free_unref_page+0xf9e/0x1000
[  122.153724][ T6612]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  122.159450][ T6612]  bpf_xdp_adjust_tail+0x1c3/0x200
[  122.164572][ T6612]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  122.170063][ T6612]  bpf_prog_run_generic_xdp+0x686/0x1510
[  122.175713][ T6612]  do_xdp_generic+0x757/0xd30
[  122.180470][ T6612]  ? __pfx_do_xdp_generic+0x10/0x10
[  122.186398][ T6612]  ? __skb_flow_dissect+0x4f1/0x7d00
[  122.191690][ T6612]  __netif_receive_skb_core+0x1ce9/0x4690
[  122.197434][ T6612]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  122.203502][ T6612]  ? mark_lock+0x9a/0x360
[  122.207862][ T6612]  ? __lock_acquire+0x1397/0x2100
[  122.213050][ T6612]  __netif_receive_skb+0x12f/0x650
[  122.218150][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  122.223174][ T6612]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  122.229849][ T6612]  ? __pfx___netif_receive_skb+0x10/0x10
[  122.235572][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  122.240666][ T6612]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  122.246783][ T6612]  ? read_tsc+0x9/0x20
[  122.250846][ T6612]  ? netif_receive_skb+0x131/0x890
[  122.256393][ T6612]  ? netif_receive_skb+0x131/0x890
[  122.261505][ T6612]  netif_receive_skb+0x1e8/0x890
[  122.266524][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  122.271379][ T6612]  ? __pfx_netif_receive_skb+0x10/0x10
[  122.276844][ T6612]  ? tun_rx_batched+0x160/0x8f0
[  122.281719][ T6612]  tun_rx_batched+0x1b7/0x8f0
[  122.286399][ T6612]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  122.293000][ T6612]  ? __pfx_lock_acquire+0x10/0x10
[  122.298039][ T6612]  ? __pfx_tun_rx_batched+0x10/0x10
[  122.303255][ T6612]  tun_get_user+0x30cc/0x48a0
[  122.307947][ T6612]  ? tun_get_user+0x2bba/0x48a0
[  122.312989][ T6612]  ? __lock_acquire+0x1397/0x2100
[  122.318218][ T6612]  ? __pfx_tun_get_user+0x10/0x10
[  122.323408][ T6612]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  122.328977][ T6612]  ? tun_get+0x1e/0x2f0
[  122.333383][ T6612]  ? __pfx_lock_release+0x10/0x10
[  122.338417][ T6612]  ? tun_get+0x1e/0x2f0
[  122.342587][ T6612]  ? tun_get+0x27d/0x2f0
[  122.346848][ T6612]  tun_chr_write_iter+0x10d/0x1f0
[  122.351909][ T6612]  vfs_write+0xaeb/0xd30
[  122.356231][ T6612]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  122.361880][ T6612]  ? __pfx_vfs_write+0x10/0x10
[  122.366679][ T6612]  ? __fget_files+0x2a/0x410
[  122.371439][ T6612]  ? __fget_files+0x2a/0x410
[  122.376107][ T6612]  ksys_write+0x18f/0x2b0
[  122.380451][ T6612]  ? __pfx_ksys_write+0x10/0x10
[  122.385321][ T6612]  ? do_syscall_64+0x100/0x230
[  122.390087][ T6612]  ? do_syscall_64+0xb6/0x230
[  122.394961][ T6612]  do_syscall_64+0xf3/0x230
[  122.399837][ T6612]  ? clear_bhb_loop+0x35/0x90
[  122.405956][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.412703][ T6612] RIP: 0033:0x7f994ab7e98f
[  122.417951][ T6612] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  122.439152][ T6612] RSP: 002b:00007f994b8f2020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  122.447908][ T6612] RAX: ffffffffffffffda RBX: 00007f994ad45fa0 RCX: 00007f994ab7e98f
[  122.455911][ T6612] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  122.464043][ T6612] RBP: 00007f994abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  122.472210][ T6612] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  122.480372][ T6612] R13: 0000000000000000 R14: 00007f994ad45fa0 R15: 00007ffd240077b8
[  122.488529][ T6612]  </TASK>
[  122.498084][   T54] Bluetooth: hci0: command tx timeout
[  122.549450][ T6680] BUG: Bad page state in process syz.0.16  pfn:28947
[  122.556229][ T6680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888028947960 pfn:0x28947
[  122.566667][ T6680] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  122.574062][ T6680] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  122.582713][ T6680] raw: ffff888028947960 0000000000000001 00000000ffffffff 0000000000000000
[  122.591442][ T6680] page dumped because: page_pool leak
[  122.597005][ T6680] page_owner tracks the page as allocated
[  122.603271][ T6680] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6680, tgid 6679 (syz.0.16), ts 122549375341, free_ts 121334656099
[  122.620702][ T6680]  post_alloc_hook+0x1f3/0x230
[  122.625474][ T6680]  get_page_from_freelist+0x3651/0x37a0
[  122.631148][ T6680]  __alloc_pages_noprof+0x292/0x710
[  122.636458][ T6680]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  122.641992][ T6680]  __page_pool_alloc_pages_slow+0x122/0x690
[  122.647930][ T6680]  page_pool_alloc_pages+0xd0/0x1c0
[  122.653315][ T6680]  skb_pp_cow_data+0xc43/0x1640
[  122.658218][ T6680]  do_xdp_generic+0x505/0xd30
[  122.662965][ T6680]  __netif_receive_skb_core+0x1ce9/0x4690
[  122.669157][ T6680]  __netif_receive_skb+0x12f/0x650
[  122.674569][ T6680]  netif_receive_skb+0x1e8/0x890
[  122.679584][ T6680]  tun_rx_batched+0x1b7/0x8f0
[  122.684289][ T6680]  tun_get_user+0x30cc/0x48a0
[  122.689087][ T6680]  tun_chr_write_iter+0x10d/0x1f0
[  122.694208][ T6680]  vfs_write+0xaeb/0xd30
[  122.698585][ T6680]  ksys_write+0x18f/0x2b0
[  122.703240][ T6680] page last free pid 5183 tgid 5183 stack trace:
[  122.709604][ T6680]  free_unref_page+0xd2c/0x1000
[  122.714554][ T6680]  __slab_free+0x2c2/0x380
[  122.719074][ T6680]  qlist_free_all+0x9a/0x140
[  122.723730][ T6680]  kasan_quarantine_reduce+0x14f/0x170
[  122.729585][ T6680]  __kasan_slab_alloc+0x23/0x80
[  122.734451][ T6680]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  122.740389][ T6680]  __alloc_skb+0x1c3/0x440
[  122.744869][ T6680]  alloc_skb_with_frags+0xc3/0x820
[  122.750041][ T6680]  sock_alloc_send_pskb+0x91a/0xa60
[  122.755266][ T6680]  unix_dgram_sendmsg+0x6d3/0x1f80
[  122.760441][ T6680]  __sock_sendmsg+0x221/0x270
[  122.765141][ T6680]  __sys_sendto+0x363/0x4c0
[  122.769823][ T6680]  __x64_sys_sendto+0xde/0x100
[  122.774649][ T6680]  do_syscall_64+0xf3/0x230
[  122.779180][ T6680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.785173][ T6680] Modules linked in:
[  122.789408][ T6680] CPU: 1 UID: 0 PID: 6680 Comm: syz.0.16 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  122.800968][ T6680] Tainted: [B]=BAD_PAGE
[  122.805300][ T6680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  122.815448][ T6680] Call Trace:
[  122.818853][ T6680]  <TASK>
[  122.822142][ T6680]  dump_stack_lvl+0x241/0x360
[  122.826839][ T6680]  ? __pfx_dump_stack_lvl+0x10/0x10
[  122.832177][ T6680]  ? __pfx_print_modules+0x10/0x10
[  122.837399][ T6680]  bad_page+0x176/0x1d0
[  122.841569][ T6680]  free_unref_page+0xf9e/0x1000
[  122.846448][ T6680]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  122.852240][ T6680]  bpf_xdp_adjust_tail+0x1c3/0x200
[  122.857364][ T6680]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  122.863091][ T6680]  bpf_prog_run_generic_xdp+0x686/0x1510
[  122.868728][ T6680]  do_xdp_generic+0x757/0xd30
[  122.873406][ T6680]  ? __pfx_do_xdp_generic+0x10/0x10
[  122.878593][ T6680]  ? rcu_is_watching+0x15/0xb0
[  122.883375][ T6680]  ? rcu_is_watching+0x15/0xb0
[  122.888143][ T6680]  ? count_memcg_event_mm+0x94/0x420
[  122.893451][ T6680]  __netif_receive_skb_core+0x1ce9/0x4690
[  122.899190][ T6680]  ? handle_mm_fault+0x173f/0x1ad0
[  122.904321][ T6680]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  122.910418][ T6680]  ? rcu_is_watching+0x15/0xb0
[  122.915184][ T6680]  ? lock_release+0xbf/0xa30
[  122.919774][ T6680]  ? __pfx_lock_acquire+0x10/0x10
[  122.924808][ T6680]  ? __up_read+0x2c2/0x6b0
[  122.929223][ T6680]  ? rcu_is_watching+0x15/0xb0
[  122.933997][ T6680]  __netif_receive_skb+0x12f/0x650
[  122.939224][ T6680]  ? __pfx_lock_acquire+0x10/0x10
[  122.944276][ T6680]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  122.950717][ T6680]  ? __pfx___netif_receive_skb+0x10/0x10
[  122.956383][ T6680]  ? tun_rx_batched+0x160/0x8f0
[  122.961388][ T6680]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  122.967207][ T6680]  ? read_tsc+0x9/0x20
[  122.971344][ T6680]  ? ktime_get_with_offset+0x249/0x290
[  122.977017][ T6680]  ? netif_receive_skb+0x131/0x890
[  122.982377][ T6680]  netif_receive_skb+0x1e8/0x890
[  122.987431][ T6680]  ? tun_rx_batched+0x160/0x8f0
[  122.992433][ T6680]  ? __pfx_netif_receive_skb+0x10/0x10
[  122.997933][ T6680]  ? skb_set_owner_w+0x246/0x380
[  123.002901][ T6680]  ? tun_rx_batched+0x160/0x8f0
[  123.007757][ T6680]  tun_rx_batched+0x1b7/0x8f0
[  123.012543][ T6680]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  123.018877][ T6680]  ? __pfx_lock_acquire+0x10/0x10
[  123.023993][ T6680]  ? rcu_is_watching+0x15/0xb0
[  123.028863][ T6680]  ? __pfx_tun_rx_batched+0x10/0x10
[  123.034602][ T6680]  tun_get_user+0x30cc/0x48a0
[  123.039284][ T6680]  ? tun_get_user+0x2bba/0x48a0
[  123.044510][ T6680]  ? preempt_schedule_thunk+0x1a/0x30
[  123.049977][ T6680]  ? __pfx_tun_get_user+0x10/0x10
[  123.055096][ T6680]  ? try_to_wake_up+0x9c3/0x1470
[  123.060054][ T6680]  ? tun_get+0x1e/0x2f0
[  123.064230][ T6680]  ? rcu_is_watching+0x15/0xb0
[  123.069008][ T6680]  ? tun_get+0x1e/0x2f0
[  123.073180][ T6680]  ? lock_release+0xbf/0xa30
[  123.077789][ T6680]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  123.083273][ T6680]  ? __pfx_lock_release+0x10/0x10
[  123.088609][ T6680]  ? futex_wake+0x523/0x5c0
[  123.093490][ T6680]  ? tun_get+0x1e/0x2f0
[  123.097745][ T6680]  ? tun_get+0x27d/0x2f0
[  123.102934][ T6680]  tun_chr_write_iter+0x10d/0x1f0
[  123.107994][ T6680]  vfs_write+0xaeb/0xd30
[  123.112343][ T6680]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  123.117903][ T6680]  ? __pfx_vfs_write+0x10/0x10
[  123.122687][ T6680]  ? __fget_files+0x2a/0x410
[  123.127298][ T6680]  ? __fget_files+0x2a/0x410
[  123.131950][ T6680]  ksys_write+0x18f/0x2b0
[  123.136402][ T6680]  ? __pfx_ksys_write+0x10/0x10
[  123.141458][ T6680]  ? rcu_is_watching+0x15/0xb0
[  123.146418][ T6680]  ? rcu_is_watching+0x15/0xb0
[  123.151313][ T6680]  do_syscall_64+0xf3/0x230
[  123.155860][ T6680]  ? clear_bhb_loop+0x35/0x90
[  123.160569][ T6680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.166562][ T6680] RIP: 0033:0x7f994ab7e98f
[  123.170985][ T6680] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  123.190799][ T6680] RSP: 002b:00007f994b8f2020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  123.199311][ T6680] RAX: ffffffffffffffda RBX: 00007f994ad45fa0 RCX: 00007f994ab7e98f
[  123.207296][ T6680] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  123.215356][ T6680] RBP: 00007f994abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  123.223667][ T6680] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  123.231740][ T6680] R13: 0000000000000000 R14: 00007f994ad45fa0 R15: 00007ffd240077b8
[  123.239808][ T6680]  </TASK>
[  123.243004][ T6680] BUG: Bad page state in process syz.0.16  pfn:259e6
[  123.249724][ T6680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880259e6a80 pfn:0x259e6
[  123.259931][ T6680] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  123.267071][ T6680] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  123.275809][ T6680] raw: ffff8880259e6a80 0000000000000001 00000000ffffffff 0000000000000000
[  123.284441][ T6680] page dumped because: page_pool leak
[  123.290021][ T6680] page_owner tracks the page as allocated
[  123.295829][ T6680] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6680, tgid 6679 (syz.0.16), ts 122549277528, free_ts 121334710676
[  123.313369][ T6680]  post_alloc_hook+0x1f3/0x230
[  123.318243][ T6680]  get_page_from_freelist+0x3651/0x37a0
[  123.323853][ T6680]  __alloc_pages_noprof+0x292/0x710
[  123.329066][ T6680]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  123.334857][ T6680]  __page_pool_alloc_pages_slow+0x122/0x690
[  123.340819][ T6680]  page_pool_alloc_pages+0xd0/0x1c0
[  123.346049][ T6680]  skb_pp_cow_data+0xc43/0x1640
[  123.350970][ T6680]  do_xdp_generic+0x505/0xd30
[  123.355668][ T6680]  __netif_receive_skb_core+0x1ce9/0x4690
[  123.361440][ T6680]  __netif_receive_skb+0x12f/0x650
[  123.366588][ T6680]  netif_receive_skb+0x1e8/0x890
[  123.371759][ T6680]  tun_rx_batched+0x1b7/0x8f0
[  123.376638][ T6680]  tun_get_user+0x30cc/0x48a0
[  123.381430][ T6680]  tun_chr_write_iter+0x10d/0x1f0
[  123.386492][ T6680]  vfs_write+0xaeb/0xd30
[  123.390800][ T6680]  ksys_write+0x18f/0x2b0
[  123.395157][ T6680] page last free pid 5183 tgid 5183 stack trace:
[  123.401531][ T6680]  free_unref_page+0xd2c/0x1000
[  123.406445][ T6680]  __slab_free+0x2c2/0x380
[  123.410930][ T6680]  qlist_free_all+0x9a/0x140
[  123.415535][ T6680]  kasan_quarantine_reduce+0x14f/0x170
[  123.421133][ T6680]  __kasan_slab_alloc+0x23/0x80
[  123.426002][ T6680]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  123.431957][ T6680]  __alloc_skb+0x1c3/0x440
[  123.436401][ T6680]  alloc_skb_with_frags+0xc3/0x820
[  123.441909][ T6680]  sock_alloc_send_pskb+0x91a/0xa60
[  123.447123][ T6680]  unix_dgram_sendmsg+0x6d3/0x1f80
[  123.452493][ T6680]  __sock_sendmsg+0x221/0x270
[  123.457211][ T6680]  __sys_sendto+0x363/0x4c0
[  123.461835][ T6680]  __x64_sys_sendto+0xde/0x100
[  123.466685][ T6680]  do_syscall_64+0xf3/0x230
[  123.471438][ T6680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.477368][ T6680] Modules linked in:
[  123.481340][ T6680] CPU: 1 UID: 0 PID: 6680 Comm: syz.0.16 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  123.493432][ T6680] Tainted: [B]=BAD_PAGE
[  123.497594][ T6680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  123.507938][ T6680] Call Trace:
[  123.511241][ T6680]  <TASK>
[  123.514197][ T6680]  dump_stack_lvl+0x241/0x360
[  123.518908][ T6680]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.524116][ T6680]  ? __pfx_print_modules+0x10/0x10
[  123.529314][ T6680]  bad_page+0x176/0x1d0
[  123.533478][ T6680]  free_unref_page+0xf9e/0x1000
[  123.538321][ T6680]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  123.544042][ T6680]  bpf_xdp_adjust_tail+0x1c3/0x200
[  123.549155][ T6680]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  123.554610][ T6680]  bpf_prog_run_generic_xdp+0x686/0x1510
[  123.560503][ T6680]  do_xdp_generic+0x757/0xd30
[  123.565693][ T6680]  ? __pfx_do_xdp_generic+0x10/0x10
[  123.570915][ T6680]  ? rcu_is_watching+0x15/0xb0
[  123.575709][ T6680]  ? rcu_is_watching+0x15/0xb0
[  123.580468][ T6680]  ? count_memcg_event_mm+0x94/0x420
[  123.585759][ T6680]  __netif_receive_skb_core+0x1ce9/0x4690
[  123.591494][ T6680]  ? handle_mm_fault+0x173f/0x1ad0
[  123.596815][ T6680]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  123.603267][ T6680]  ? rcu_is_watching+0x15/0xb0
[  123.608156][ T6680]  ? lock_release+0xbf/0xa30
[  123.612759][ T6680]  ? __pfx_lock_acquire+0x10/0x10
[  123.617868][ T6680]  ? __up_read+0x2c2/0x6b0
[  123.622280][ T6680]  ? rcu_is_watching+0x15/0xb0
[  123.627043][ T6680]  __netif_receive_skb+0x12f/0x650
[  123.632145][ T6680]  ? __pfx_lock_acquire+0x10/0x10
[  123.637153][ T6680]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  123.643404][ T6680]  ? __pfx___netif_receive_skb+0x10/0x10
[  123.649316][ T6680]  ? tun_rx_batched+0x160/0x8f0
[  123.654198][ T6680]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  123.659924][ T6680]  ? read_tsc+0x9/0x20
[  123.663990][ T6680]  ? ktime_get_with_offset+0x249/0x290
[  123.669465][ T6680]  ? netif_receive_skb+0x131/0x890
[  123.674686][ T6680]  netif_receive_skb+0x1e8/0x890
[  123.679745][ T6680]  ? tun_rx_batched+0x160/0x8f0
[  123.684602][ T6680]  ? __pfx_netif_receive_skb+0x10/0x10
[  123.690072][ T6680]  ? skb_set_owner_w+0x246/0x380
[  123.695003][ T6680]  ? tun_rx_batched+0x160/0x8f0
[  123.699859][ T6680]  tun_rx_batched+0x1b7/0x8f0
[  123.704551][ T6680]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  123.710958][ T6680]  ? __pfx_lock_acquire+0x10/0x10
[  123.715966][ T6680]  ? rcu_is_watching+0x15/0xb0
[  123.720863][ T6680]  ? __pfx_tun_rx_batched+0x10/0x10
[  123.726068][ T6680]  tun_get_user+0x30cc/0x48a0
[  123.730762][ T6680]  ? tun_get_user+0x2bba/0x48a0
[  123.735693][ T6680]  ? preempt_schedule_thunk+0x1a/0x30
[  123.741173][ T6680]  ? __pfx_tun_get_user+0x10/0x10
[  123.746199][ T6680]  ? try_to_wake_up+0x9c3/0x1470
[  123.751231][ T6680]  ? tun_get+0x1e/0x2f0
[  123.755378][ T6680]  ? rcu_is_watching+0x15/0xb0
[  123.760130][ T6680]  ? tun_get+0x1e/0x2f0
[  123.764297][ T6680]  ? lock_release+0xbf/0xa30
[  123.768892][ T6680]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  123.774369][ T6680]  ? __pfx_lock_release+0x10/0x10
[  123.779518][ T6680]  ? futex_wake+0x523/0x5c0
[  123.784021][ T6680]  ? tun_get+0x1e/0x2f0
[  123.788194][ T6680]  ? tun_get+0x27d/0x2f0
[  123.792541][ T6680]  tun_chr_write_iter+0x10d/0x1f0
[  123.797780][ T6680]  vfs_write+0xaeb/0xd30
[  123.802028][ T6680]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  123.807569][ T6680]  ? __pfx_vfs_write+0x10/0x10
[  123.812414][ T6680]  ? __fget_files+0x2a/0x410
[  123.817175][ T6680]  ? __fget_files+0x2a/0x410
[  123.821752][ T6680]  ksys_write+0x18f/0x2b0
[  123.826255][ T6680]  ? __pfx_ksys_write+0x10/0x10
[  123.831088][ T6680]  ? rcu_is_watching+0x15/0xb0
[  123.835864][ T6680]  ? rcu_is_watching+0x15/0xb0
[  123.840727][ T6680]  do_syscall_64+0xf3/0x230
[  123.845252][ T6680]  ? clear_bhb_loop+0x35/0x90
[  123.849940][ T6680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.855931][ T6680] RIP: 0033:0x7f994ab7e98f
[  123.860432][ T6680] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  123.880045][ T6680] RSP: 002b:00007f994b8f2020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  123.888585][ T6680] RAX: ffffffffffffffda RBX: 00007f994ad45fa0 RCX: 00007f994ab7e98f
[  123.896652][ T6680] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  123.904823][ T6680] RBP: 00007f994abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  123.913310][ T6680] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  123.921283][ T6680] R13: 0000000000000000 R14: 00007f994ad45fa0 R15: 00007ffd240077b8
[  123.929255][ T6680]  </TASK>
[  123.932372][ T6680] BUG: Bad page state in process syz.0.16  pfn:5fe18
[  123.939055][ T6680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805fe18e88 pfn:0x5fe18
[  123.949253][ T6680] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  123.956402][ T6680] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  123.965025][ T6680] raw: ffff88805fe18e88 0000000000000001 00000000ffffffff 0000000000000000
[  123.973728][ T6680] page dumped because: page_pool leak
[  123.979079][ T6680] page_owner tracks the page as allocated
[  123.984937][ T6680] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6680, tgid 6679 (syz.0.16), ts 122549268933, free_ts 121334733439
[  124.001822][ T6680]  post_alloc_hook+0x1f3/0x230
[  124.006587][ T6680]  get_page_from_freelist+0x3651/0x37a0
[  124.012288][ T6680]  __alloc_pages_noprof+0x292/0x710
[  124.017526][ T6680]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  124.023115][ T6680]  __page_pool_alloc_pages_slow+0x122/0x690
[  124.029023][ T6680]  page_pool_alloc_pages+0xd0/0x1c0
[  124.034267][ T6680]  skb_pp_cow_data+0xc43/0x1640
[  124.039186][ T6680]  do_xdp_generic+0x505/0xd30
[  124.044146][ T6680]  __netif_receive_skb_core+0x1ce9/0x4690
[  124.049925][ T6680]  __netif_receive_skb+0x12f/0x650
[  124.055837][ T6680]  netif_receive_skb+0x1e8/0x890
[  124.061364][ T6680]  tun_rx_batched+0x1b7/0x8f0
[  124.066062][ T6680]  tun_get_user+0x30cc/0x48a0
[  124.071063][ T6680]  tun_chr_write_iter+0x10d/0x1f0
[  124.076288][ T6680]  vfs_write+0xaeb/0xd30
[  124.080753][ T6680]  ksys_write+0x18f/0x2b0
[  124.085241][ T6680] page last free pid 5183 tgid 5183 stack trace:
[  124.091786][ T6680]  free_unref_page+0xd2c/0x1000
[  124.097131][ T6680]  __put_partials+0x160/0x1c0
[  124.102051][ T6680]  put_cpu_partial+0x17c/0x250
[  124.106944][ T6680]  __slab_free+0x290/0x380
[  124.111443][ T6680]  qlist_free_all+0x9a/0x140
[  124.116163][ T6680]  kasan_quarantine_reduce+0x14f/0x170
[  124.121771][ T6680]  __kasan_slab_alloc+0x23/0x80
[  124.126772][ T6680]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  124.133310][ T6680]  __alloc_skb+0x1c3/0x440
[  124.137752][ T6680]  alloc_skb_with_frags+0xc3/0x820
[  124.143301][ T6680]  sock_alloc_send_pskb+0x91a/0xa60
[  124.148732][ T6680]  unix_dgram_sendmsg+0x6d3/0x1f80
[  124.154004][ T6680]  __sock_sendmsg+0x221/0x270
[  124.158919][ T6680]  __sys_sendto+0x363/0x4c0
[  124.163861][ T6680]  __x64_sys_sendto+0xde/0x100
[  124.168897][ T6680]  do_syscall_64+0xf3/0x230
[  124.173630][ T6680] Modules linked in:
[  124.177544][ T6680] CPU: 1 UID: 0 PID: 6680 Comm: syz.0.16 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  124.188998][ T6680] Tainted: [B]=BAD_PAGE
[  124.193148][ T6680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  124.203376][ T6680] Call Trace:
[  124.206666][ T6680]  <TASK>
[  124.209586][ T6680]  dump_stack_lvl+0x241/0x360
[  124.214264][ T6680]  ? __pfx_dump_stack_lvl+0x10/0x10
[  124.219638][ T6680]  ? __pfx_print_modules+0x10/0x10
[  124.224835][ T6680]  bad_page+0x176/0x1d0
[  124.229435][ T6680]  free_unref_page+0xf9e/0x1000
[  124.234299][ T6680]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  124.239927][ T6680]  bpf_xdp_adjust_tail+0x1c3/0x200
[  124.245032][ T6680]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  124.250492][ T6680]  bpf_prog_run_generic_xdp+0x686/0x1510
[  124.256214][ T6680]  do_xdp_generic+0x757/0xd30
[  124.260969][ T6680]  ? __pfx_do_xdp_generic+0x10/0x10
[  124.266325][ T6680]  ? rcu_is_watching+0x15/0xb0
[  124.271188][ T6680]  ? rcu_is_watching+0x15/0xb0
[  124.276123][ T6680]  ? count_memcg_event_mm+0x94/0x420
[  124.281561][ T6680]  __netif_receive_skb_core+0x1ce9/0x4690
[  124.287324][ T6680]  ? handle_mm_fault+0x173f/0x1ad0
[  124.292454][ T6680]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  124.298626][ T6680]  ? rcu_is_watching+0x15/0xb0
[  124.303406][ T6680]  ? lock_release+0xbf/0xa30
[  124.308148][ T6680]  ? __pfx_lock_acquire+0x10/0x10
[  124.313170][ T6680]  ? __up_read+0x2c2/0x6b0
[  124.317574][ T6680]  ? rcu_is_watching+0x15/0xb0
[  124.322590][ T6680]  __netif_receive_skb+0x12f/0x650
[  124.327736][ T6680]  ? __pfx_lock_acquire+0x10/0x10
[  124.332861][ T6680]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  124.339120][ T6680]  ? __pfx___netif_receive_skb+0x10/0x10
[  124.344777][ T6680]  ? tun_rx_batched+0x160/0x8f0
[  124.349650][ T6680]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  124.355398][ T6680]  ? read_tsc+0x9/0x20
[  124.359835][ T6680]  ? ktime_get_with_offset+0x249/0x290
[  124.365303][ T6680]  ? netif_receive_skb+0x131/0x890
[  124.370429][ T6680]  netif_receive_skb+0x1e8/0x890
[  124.375510][ T6680]  ? tun_rx_batched+0x160/0x8f0
[  124.380543][ T6680]  ? __pfx_netif_receive_skb+0x10/0x10
[  124.386202][ T6680]  ? skb_set_owner_w+0x246/0x380
[  124.391162][ T6680]  ? tun_rx_batched+0x160/0x8f0
[  124.396224][ T6680]  tun_rx_batched+0x1b7/0x8f0
[  124.400931][ T6680]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  124.407357][ T6680]  ? __pfx_lock_acquire+0x10/0x10
[  124.412401][ T6680]  ? rcu_is_watching+0x15/0xb0
[  124.417192][ T6680]  ? __pfx_tun_rx_batched+0x10/0x10
[  124.422430][ T6680]  tun_get_user+0x30cc/0x48a0
[  124.427140][ T6680]  ? tun_get_user+0x2bba/0x48a0
[  124.432092][ T6680]  ? preempt_schedule_thunk+0x1a/0x30
[  124.437460][ T6680]  ? __pfx_tun_get_user+0x10/0x10
[  124.442571][ T6680]  ? try_to_wake_up+0x9c3/0x1470
[  124.447499][ T6680]  ? tun_get+0x1e/0x2f0
[  124.451681][ T6680]  ? rcu_is_watching+0x15/0xb0
[  124.456452][ T6680]  ? tun_get+0x1e/0x2f0
[  124.460669][ T6680]  ? lock_release+0xbf/0xa30
[  124.465268][ T6680]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  124.470737][ T6680]  ? __pfx_lock_release+0x10/0x10
[  124.475821][ T6680]  ? futex_wake+0x523/0x5c0
[  124.480347][ T6680]  ? tun_get+0x1e/0x2f0
[  124.484517][ T6680]  ? tun_get+0x27d/0x2f0
[  124.488825][ T6680]  tun_chr_write_iter+0x10d/0x1f0
[  124.493884][ T6680]  vfs_write+0xaeb/0xd30
[  124.498326][ T6680]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  124.503867][ T6680]  ? __pfx_vfs_write+0x10/0x10
[  124.508635][ T6680]  ? __fget_files+0x2a/0x410
[  124.513223][ T6680]  ? __fget_files+0x2a/0x410
[  124.517799][ T6680]  ksys_write+0x18f/0x2b0
[  124.522116][ T6680]  ? __pfx_ksys_write+0x10/0x10
[  124.526950][ T6680]  ? rcu_is_watching+0x15/0xb0
[  124.531703][ T6680]  ? rcu_is_watching+0x15/0xb0
[  124.536477][ T6680]  do_syscall_64+0xf3/0x230
[  124.540992][ T6680]  ? clear_bhb_loop+0x35/0x90
[  124.545687][ T6680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.551596][ T6680] RIP: 0033:0x7f994ab7e98f
[  124.556000][ T6680] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  124.575621][ T6680] RSP: 002b:00007f994b8f2020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  124.579555][   T54] Bluetooth: hci0: command tx timeout
[  124.584045][ T6680] RAX: ffffffffffffffda RBX: 00007f994ad45fa0 RCX: 00007f994ab7e98f
[  124.584068][ T6680] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  124.584080][ T6680] RBP: 00007f994abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  124.613378][ T6680] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  124.621349][ T6680] R13: 0000000000000000 R14: 00007f994ad45fa0 R15: 00007ffd240077b8
[  124.629345][ T6680]  </TASK>
[  124.632442][ T6680] BUG: Bad page state in process syz.0.16  pfn:7c84c
[  124.639135][ T6680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807c84ce88 pfn:0x7c84c
[  124.649450][ T6680] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  124.656577][ T6680] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  124.665352][ T6680] raw: ffff88807c84ce88 0000000000000001 00000000ffffffff 0000000000000000
[  124.674111][ T6680] page dumped because: page_pool leak
[  124.679814][ T6680] page_owner tracks the page as allocated
[  124.685724][ T6680] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6680, tgid 6679 (syz.0.16), ts 122549259858, free_ts 121334747645
[  124.702800][ T6680]  post_alloc_hook+0x1f3/0x230
[  124.707582][ T6680]  get_page_from_freelist+0x3651/0x37a0
[  124.713175][ T6680]  __alloc_pages_noprof+0x292/0x710
[  124.718436][ T6680]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  124.724051][ T6680]  __page_pool_alloc_pages_slow+0x122/0x690
[  124.730098][ T6680]  page_pool_alloc_pages+0xd0/0x1c0
[  124.735415][ T6680]  skb_pp_cow_data+0xc43/0x1640
[  124.740296][ T6680]  do_xdp_generic+0x505/0xd30
[  124.745121][ T6680]  __netif_receive_skb_core+0x1ce9/0x4690
[  124.750951][ T6680]  __netif_receive_skb+0x12f/0x650
[  124.756077][ T6680]  netif_receive_skb+0x1e8/0x890
[  124.761063][ T6680]  tun_rx_batched+0x1b7/0x8f0
[  124.765932][ T6680]  tun_get_user+0x30cc/0x48a0
[  124.770658][ T6680]  tun_chr_write_iter+0x10d/0x1f0
[  124.775706][ T6680]  vfs_write+0xaeb/0xd30
[  124.780004][ T6680]  ksys_write+0x18f/0x2b0
[  124.784343][ T6680] page last free pid 5183 tgid 5183 stack trace:
[  124.790694][ T6680]  free_unref_page+0xd2c/0x1000
[  124.795562][ T6680]  __put_partials+0x160/0x1c0
[  124.800358][ T6680]  put_cpu_partial+0x17c/0x250
[  124.805225][ T6680]  __slab_free+0x290/0x380
[  124.809678][ T6680]  qlist_free_all+0x9a/0x140
[  124.814382][ T6680]  kasan_quarantine_reduce+0x14f/0x170
[  124.819887][ T6680]  __kasan_slab_alloc+0x23/0x80
[  124.824748][ T6680]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  124.830814][ T6680]  __alloc_skb+0x1c3/0x440
[  124.835249][ T6680]  alloc_skb_with_frags+0xc3/0x820
[  124.840398][ T6680]  sock_alloc_send_pskb+0x91a/0xa60
[  124.845606][ T6680]  unix_dgram_sendmsg+0x6d3/0x1f80
[  124.850780][ T6680]  __sock_sendmsg+0x221/0x270
[  124.855485][ T6680]  __sys_sendto+0x363/0x4c0
[  124.860017][ T6680]  __x64_sys_sendto+0xde/0x100
[  124.864783][ T6680]  do_syscall_64+0xf3/0x230
[  124.869298][ T6680] Modules linked in:
[  124.873266][ T6680] CPU: 1 UID: 0 PID: 6680 Comm: syz.0.16 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  124.884832][ T6680] Tainted: [B]=BAD_PAGE
[  124.888973][ T6680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  124.899138][ T6680] Call Trace:
[  124.902404][ T6680]  <TASK>
[  124.905419][ T6680]  dump_stack_lvl+0x241/0x360
[  124.910176][ T6680]  ? __pfx_dump_stack_lvl+0x10/0x10
[  124.915397][ T6680]  ? __pfx_print_modules+0x10/0x10
[  124.921021][ T6680]  bad_page+0x176/0x1d0
[  124.925270][ T6680]  free_unref_page+0xf9e/0x1000
[  124.930119][ T6680]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  124.935918][ T6680]  bpf_xdp_adjust_tail+0x1c3/0x200
[  124.941023][ T6680]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  124.946555][ T6680]  bpf_prog_run_generic_xdp+0x686/0x1510
[  124.952215][ T6680]  do_xdp_generic+0x757/0xd30
[  124.956919][ T6680]  ? __pfx_do_xdp_generic+0x10/0x10
[  124.962129][ T6680]  ? rcu_is_watching+0x15/0xb0
[  124.966912][ T6680]  ? rcu_is_watching+0x15/0xb0
[  124.971704][ T6680]  ? count_memcg_event_mm+0x94/0x420
[  124.977026][ T6680]  __netif_receive_skb_core+0x1ce9/0x4690
[  124.982767][ T6680]  ? handle_mm_fault+0x173f/0x1ad0
[  124.987914][ T6680]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  124.994010][ T6680]  ? rcu_is_watching+0x15/0xb0
[  124.998795][ T6680]  ? lock_release+0xbf/0xa30
[  125.003391][ T6680]  ? __pfx_lock_acquire+0x10/0x10
[  125.008413][ T6680]  ? __up_read+0x2c2/0x6b0
[  125.012841][ T6680]  ? rcu_is_watching+0x15/0xb0
[  125.017713][ T6680]  __netif_receive_skb+0x12f/0x650
[  125.022832][ T6680]  ? __pfx_lock_acquire+0x10/0x10
[  125.027859][ T6680]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  125.034451][ T6680]  ? __pfx___netif_receive_skb+0x10/0x10
[  125.040178][ T6680]  ? tun_rx_batched+0x160/0x8f0
[  125.045085][ T6680]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  125.050795][ T6680]  ? read_tsc+0x9/0x20
[  125.054950][ T6680]  ? ktime_get_with_offset+0x249/0x290
[  125.060454][ T6680]  ? netif_receive_skb+0x131/0x890
[  125.065562][ T6680]  netif_receive_skb+0x1e8/0x890
[  125.070545][ T6680]  ? tun_rx_batched+0x160/0x8f0
[  125.075388][ T6680]  ? __pfx_netif_receive_skb+0x10/0x10
[  125.080938][ T6680]  ? skb_set_owner_w+0x246/0x380
[  125.085990][ T6680]  ? tun_rx_batched+0x160/0x8f0
[  125.090930][ T6680]  tun_rx_batched+0x1b7/0x8f0
[  125.095610][ T6680]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  125.101931][ T6680]  ? __pfx_lock_acquire+0x10/0x10
[  125.106941][ T6680]  ? rcu_is_watching+0x15/0xb0
[  125.111709][ T6680]  ? __pfx_tun_rx_batched+0x10/0x10
[  125.116953][ T6680]  tun_get_user+0x30cc/0x48a0
[  125.121725][ T6680]  ? tun_get_user+0x2bba/0x48a0
[  125.126655][ T6680]  ? preempt_schedule_thunk+0x1a/0x30
[  125.132082][ T6680]  ? __pfx_tun_get_user+0x10/0x10
[  125.137108][ T6680]  ? try_to_wake_up+0x9c3/0x1470
[  125.142064][ T6680]  ? tun_get+0x1e/0x2f0
[  125.146206][ T6680]  ? rcu_is_watching+0x15/0xb0
[  125.150989][ T6680]  ? tun_get+0x1e/0x2f0
[  125.155323][ T6680]  ? lock_release+0xbf/0xa30
[  125.159995][ T6680]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  125.165447][ T6680]  ? __pfx_lock_release+0x10/0x10
[  125.170457][ T6680]  ? futex_wake+0x523/0x5c0
[  125.174942][ T6680]  ? tun_get+0x1e/0x2f0
[  125.179136][ T6680]  ? tun_get+0x27d/0x2f0
[  125.183433][ T6680]  tun_chr_write_iter+0x10d/0x1f0
[  125.188574][ T6680]  vfs_write+0xaeb/0xd30
[  125.192830][ T6680]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  125.198447][ T6680]  ? __pfx_vfs_write+0x10/0x10
[  125.203331][ T6680]  ? __fget_files+0x2a/0x410
[  125.207918][ T6680]  ? __fget_files+0x2a/0x410
[  125.212504][ T6680]  ksys_write+0x18f/0x2b0
[  125.216859][ T6680]  ? __pfx_ksys_write+0x10/0x10
[  125.221713][ T6680]  ? rcu_is_watching+0x15/0xb0
[  125.226511][ T6680]  ? rcu_is_watching+0x15/0xb0
[  125.231316][ T6680]  do_syscall_64+0xf3/0x230
[  125.235915][ T6680]  ? clear_bhb_loop+0x35/0x90
[  125.240700][ T6680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.246645][ T6680] RIP: 0033:0x7f994ab7e98f
[  125.251185][ T6680] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  125.270807][ T6680] RSP: 002b:00007f994b8f2020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  125.279225][ T6680] RAX: ffffffffffffffda RBX: 00007f994ad45fa0 RCX: 00007f994ab7e98f
[  125.287500][ T6680] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  125.295470][ T6680] RBP: 00007f994abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  125.303626][ T6680] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  125.311610][ T6680] R13: 0000000000000000 R14: 00007f994ad45fa0 R15: 00007ffd240077b8
[  125.319672][ T6680]  </TASK>
[  125.322742][ T6680] BUG: Bad page state in process syz.0.16  pfn:1e686
[  125.329561][ T6680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801e686e88 pfn:0x1e686
[  125.339686][ T6680] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  125.346884][ T6680] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  125.355739][ T6680] raw: ffff88801e686e88 0000000000000001 00000000ffffffff 0000000000000000
[  125.364539][ T6680] page dumped because: page_pool leak
[  125.370233][ T6680] page_owner tracks the page as allocated
[  125.375988][ T6680] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6680, tgid 6679 (syz.0.16), ts 122549250440, free_ts 121334761635
[  125.393361][ T6680]  post_alloc_hook+0x1f3/0x230
[  125.398157][ T6680]  get_page_from_freelist+0x3651/0x37a0
[  125.403862][ T6680]  __alloc_pages_noprof+0x292/0x710
[  125.409174][ T6680]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  125.414687][ T6680]  __page_pool_alloc_pages_slow+0x122/0x690
[  125.420638][ T6680]  page_pool_alloc_pages+0xd0/0x1c0
[  125.425946][ T6680]  skb_pp_cow_data+0xc43/0x1640
[  125.430861][ T6680]  do_xdp_generic+0x505/0xd30
[  125.435611][ T6680]  __netif_receive_skb_core+0x1ce9/0x4690
[  125.441388][ T6680]  __netif_receive_skb+0x12f/0x650
[  125.446529][ T6680]  netif_receive_skb+0x1e8/0x890
[  125.451801][ T6680]  tun_rx_batched+0x1b7/0x8f0
[  125.456765][ T6680]  tun_get_user+0x30cc/0x48a0
[  125.461586][ T6680]  tun_chr_write_iter+0x10d/0x1f0
[  125.466635][ T6680]  vfs_write+0xaeb/0xd30
[  125.471278][ T6680]  ksys_write+0x18f/0x2b0
[  125.475630][ T6680] page last free pid 5183 tgid 5183 stack trace:
[  125.482107][ T6680]  free_unref_page+0xd2c/0x1000
[  125.487073][ T6680]  __put_partials+0x160/0x1c0
[  125.491828][ T6680]  put_cpu_partial+0x17c/0x250
[  125.496611][ T6680]  __slab_free+0x290/0x380
[  125.501172][ T6680]  qlist_free_all+0x9a/0x140
[  125.505794][ T6680]  kasan_quarantine_reduce+0x14f/0x170
[  125.511352][ T6680]  __kasan_slab_alloc+0x23/0x80
[  125.516228][ T6680]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  125.522543][ T6680]  __alloc_skb+0x1c3/0x440
[  125.526988][ T6680]  alloc_skb_with_frags+0xc3/0x820
[  125.532321][ T6680]  sock_alloc_send_pskb+0x91a/0xa60
[  125.537880][ T6680]  unix_dgram_sendmsg+0x6d3/0x1f80
[  125.543045][ T6680]  __sock_sendmsg+0x221/0x270
[  125.547738][ T6680]  __sys_sendto+0x363/0x4c0
[  125.552285][ T6680]  __x64_sys_sendto+0xde/0x100
[  125.557148][ T6680]  do_syscall_64+0xf3/0x230
[  125.561712][ T6680] Modules linked in:
[  125.565625][ T6680] CPU: 1 UID: 0 PID: 6680 Comm: syz.0.16 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  125.577083][ T6680] Tainted: [B]=BAD_PAGE
[  125.581258][ T6680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  125.591550][ T6680] Call Trace:
[  125.594924][ T6680]  <TASK>
[  125.597902][ T6680]  dump_stack_lvl+0x241/0x360
[  125.602698][ T6680]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.608170][ T6680]  ? __pfx_print_modules+0x10/0x10
[  125.613424][ T6680]  bad_page+0x176/0x1d0
[  125.617578][ T6680]  free_unref_page+0xf9e/0x1000
[  125.622435][ T6680]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  125.628069][ T6680]  bpf_xdp_adjust_tail+0x1c3/0x200
[  125.633194][ T6680]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  125.638685][ T6680]  bpf_prog_run_generic_xdp+0x686/0x1510
[  125.644366][ T6680]  do_xdp_generic+0x757/0xd30
[  125.649087][ T6680]  ? __pfx_do_xdp_generic+0x10/0x10
[  125.654294][ T6680]  ? rcu_is_watching+0x15/0xb0
[  125.659068][ T6680]  ? rcu_is_watching+0x15/0xb0
[  125.663823][ T6680]  ? count_memcg_event_mm+0x94/0x420
[  125.669548][ T6680]  __netif_receive_skb_core+0x1ce9/0x4690
[  125.675380][ T6680]  ? handle_mm_fault+0x173f/0x1ad0
[  125.680494][ T6680]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  125.686561][ T6680]  ? rcu_is_watching+0x15/0xb0
[  125.691403][ T6680]  ? lock_release+0xbf/0xa30
[  125.696070][ T6680]  ? __pfx_lock_acquire+0x10/0x10
[  125.701102][ T6680]  ? __up_read+0x2c2/0x6b0
[  125.705648][ T6680]  ? rcu_is_watching+0x15/0xb0