Warning: Permanently added '[localhost]:25587' (ED25519) to the list of known hosts.
2025/04/08 13:58:56 ignoring optional flag "sandboxArg"="0"
2025/04/08 13:58:58 parsed 1 programs
[  122.449541][ T5495] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  125.897823][ T5503] chnl_net:caif_netlink_parms(): no params data found
[  126.011644][ T5503] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.016508][ T5503] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.021403][ T5503] bridge_slave_0: entered allmulticast mode
[  126.025300][ T5503] bridge_slave_0: entered promiscuous mode
[  126.031478][ T5503] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.034481][ T5503] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.037397][ T5503] bridge_slave_1: entered allmulticast mode
[  126.042631][ T5503] bridge_slave_1: entered promiscuous mode
[  126.067390][ T5503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.074539][ T5503] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.097469][ T5503] team0: Port device team_slave_0 added
[  126.103452][ T5503] team0: Port device team_slave_1 added
[  126.123182][ T5503] batman_adv: batadv0: Adding interface: batadv_slave_0
[  126.126122][ T5503] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.137577][ T5503] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  126.145206][ T5503] batman_adv: batadv0: Adding interface: batadv_slave_1
[  126.147984][ T5503] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.162202][ T5503] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  126.198730][ T5503] hsr_slave_0: entered promiscuous mode
[  126.203548][ T5503] hsr_slave_1: entered promiscuous mode
[  126.313000][ T5503] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.363295][ T5503] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.411200][ T5503] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.453355][ T5503] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.546519][ T5503] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  126.553846][ T5503] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  126.559249][ T5503] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  126.567663][ T5503] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  126.587032][ T5503] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.589969][ T5503] bridge0: port 2(bridge_slave_1) entered forwarding state
[  126.592918][ T5503] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.595745][ T5503] bridge0: port 1(bridge_slave_0) entered forwarding state
[  126.651445][ T5503] 8021q: adding VLAN 0 to HW filter on device bond0
[  126.663138][ T3008] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.666477][ T3008] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.678594][ T5503] 8021q: adding VLAN 0 to HW filter on device team0
[  126.688408][ T1033] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.691557][ T1033] bridge0: port 1(bridge_slave_0) entered forwarding state
[  126.706436][ T1033] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.709504][ T1033] bridge0: port 2(bridge_slave_1) entered forwarding state
[  126.881498][ T5503] 8021q: adding VLAN 0 to HW filter on device batadv0
[  126.915358][ T5503] veth0_vlan: entered promiscuous mode
[  126.924782][ T5503] veth1_vlan: entered promiscuous mode
[  126.958061][ T5503] veth0_macvtap: entered promiscuous mode
[  126.965110][ T5503] veth1_macvtap: entered promiscuous mode
[  126.979306][ T5503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.985916][ T5503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.991628][ T5503] batman_adv: batadv0: Interface activated: batadv_slave_0
[  127.002044][ T5503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.006209][ T5503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.012628][ T5503] batman_adv: batadv0: Interface activated: batadv_slave_1
[  127.021820][ T5503] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  127.025224][ T5503] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.028643][ T5503] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.032547][ T5503] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  129.854325][ T1036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.857627][ T1036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.890035][ T3008] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.893185][ T3008] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.675278][   T49] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  130.679161][   T49] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  130.686390][   T49] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  130.690402][   T49] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  130.693982][   T49] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/04/08 13:59:11 executed programs: 0
[  131.248357][ T4674] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  131.258516][ T4674] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  131.264327][ T4674] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  131.268379][ T4674] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  131.273545][ T4674] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  131.425110][ T5601] chnl_net:caif_netlink_parms(): no params data found
[  131.492270][ T5601] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.495192][ T5601] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.498112][ T5601] bridge_slave_0: entered allmulticast mode
[  131.502798][ T5601] bridge_slave_0: entered promiscuous mode
[  131.507917][ T5601] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.513964][ T5601] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.517337][ T5601] bridge_slave_1: entered allmulticast mode
[  131.521695][ T5601] bridge_slave_1: entered promiscuous mode
[  131.546711][ T5601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  131.554494][ T5601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  131.580155][ T5601] team0: Port device team_slave_0 added
[  131.586541][ T5601] team0: Port device team_slave_1 added
[  131.609245][ T5601] batman_adv: batadv0: Adding interface: batadv_slave_0
[  131.614224][ T5601] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  131.624745][ T5601] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  131.633186][ T5601] batman_adv: batadv0: Adding interface: batadv_slave_1
[  131.635903][ T5601] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  131.646595][ T5601] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  131.683098][ T5601] hsr_slave_0: entered promiscuous mode
[  131.687421][ T5601] hsr_slave_1: entered promiscuous mode
[  131.692412][ T5601] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  131.695558][ T5601] Cannot create hsr debugfs directory
[  131.798617][ T5601] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.834325][ T5601] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.871640][ T5601] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.910654][ T5601] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.003039][ T5601] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  132.010257][ T5601] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  132.015996][ T5601] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  132.023882][ T5601] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  132.044716][ T5601] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.047705][ T5601] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.051011][ T5601] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.053983][ T5601] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.124360][ T5601] 8021q: adding VLAN 0 to HW filter on device bond0
[  132.135981][ T3008] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.146484][ T3008] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.157014][ T5601] 8021q: adding VLAN 0 to HW filter on device team0
[  132.166706][ T1041] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.169590][ T1041] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.185641][ T1041] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.188587][ T1041] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.363158][ T5601] 8021q: adding VLAN 0 to HW filter on device batadv0
[  132.398755][ T5601] veth0_vlan: entered promiscuous mode
[  132.414658][ T5601] veth1_vlan: entered promiscuous mode
[  132.441896][ T5601] veth0_macvtap: entered promiscuous mode
[  132.447518][ T5601] veth1_macvtap: entered promiscuous mode
[  132.463377][ T5601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  132.467236][ T5601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.472775][ T5601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  132.477643][ T5601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.484956][ T5601] batman_adv: batadv0: Interface activated: batadv_slave_0
[  132.495972][ T5601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  132.502411][ T5601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.507979][ T5601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  132.512973][ T5601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.517943][ T5601] batman_adv: batadv0: Interface activated: batadv_slave_1
[  132.529241][ T5601] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  132.533316][ T5601] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  132.536693][ T5601] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  132.542891][ T5601] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  132.615486][ T3008] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.618365][ T3008] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.657663][ T1041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.662906][ T1041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.765094][ T5616] BUG: Bad page state in process syz.0.16  pfn:4ab02
[  132.767816][ T5616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f30b38e2 pfn:0x4ab02
[  132.772664][ T5616] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  132.775558][ T5616] raw: 04fff00000000000 dead000000000040 ffff88801e571000 0000000000000000
[  132.778788][ T5616] raw: 00000007f30b38e2 3fffffffffffffff 00000000ffffffff 0000000000000000
[  132.782349][ T5616] page dumped because: page_pool leak
[  132.784552][ T5616] page_owner tracks the page as allocated
[  132.786845][ T5616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5616, tgid 5615 (syz.0.16), ts 132765000420, free_ts 132679059483
[  132.793336][ T5616]  post_alloc_hook+0x1f4/0x240
[  132.795146][ T5616]  get_page_from_freelist+0x352b/0x36c0
[  132.797023][ T5616]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  132.799536][ T5616]  alloc_pages_bulk_noprof+0x84a/0xaf0
[  132.801779][ T5616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  132.804208][ T5616]  page_pool_alloc_frag_netmem+0x59f/0x960
[  132.806563][ T5616]  skb_pp_cow_data+0xd9f/0x1820
[  132.808557][ T5616]  do_xdp_generic+0x52a/0xd50
[  132.810434][ T5616]  tun_get_user+0x2908/0x47c0
[  132.812429][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  132.814485][ T5616]  vfs_write+0x70f/0xd10
[  132.816217][ T5616]  ksys_write+0x19d/0x2d0
[  132.817944][ T5616]  do_syscall_64+0xf3/0x230
[  132.819837][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.822249][ T5616] page last free pid 5601 tgid 5601 stack trace:
[  132.824551][ T5616]  __free_frozen_pages+0xde8/0x10a0
[  132.826619][ T5616]  __slab_free+0x2c6/0x390
[  132.828204][ T5616]  qlist_free_all+0x9a/0x140
[  132.830146][ T5616]  kasan_quarantine_reduce+0x14f/0x170
[  132.832245][ T5616]  __kasan_slab_alloc+0x23/0x80
[  132.833963][ T5616]  __kmalloc_noprof+0x238/0x4d0
[  132.835821][ T5616]  tomoyo_realpath_from_path+0xcf/0x5e0
[  132.837937][ T5616]  tomoyo_mount_permission+0xab8/0xbd0
[  132.840280][ T5616]  security_sb_mount+0xe0/0x2f0
[  132.842156][ T5616]  path_mount+0xb9/0xfa0
[  132.843877][ T5616]  __se_sys_mount+0x38c/0x400
[  132.845820][ T5616]  do_syscall_64+0xf3/0x230
[  132.847700][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.850232][ T5616] Modules linked in:
[  132.851816][ T5616] CPU: 0 UID: 0 PID: 5616 Comm: syz.0.16 Not tainted 6.15.0-rc1-syzkaller-g0af2f6be1b42 #0 PREEMPT(full) 
[  132.851830][ T5616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  132.851837][ T5616] Call Trace:
[  132.851842][ T5616]  <TASK>
[  132.851847][ T5616]  dump_stack_lvl+0x241/0x360
[  132.851867][ T5616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.851881][ T5616]  ? __pfx_print_modules+0x10/0x10
[  132.851903][ T5616]  bad_page+0x176/0x1d0
[  132.851916][ T5616]  __free_frozen_pages+0x1040/0x10a0
[  132.851936][ T5616]  bpf_xdp_frags_shrink_tail+0x3bb/0x780
[  132.851957][ T5616]  bpf_xdp_adjust_tail+0x1c7/0x210
[  132.851976][ T5616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  132.851987][ T5616]  bpf_prog_run_generic_xdp+0x684/0x1510
[  132.852015][ T5616]  do_xdp_generic+0x769/0xd50
[  132.852031][ T5616]  ? __pfx_do_xdp_generic+0x10/0x10
[  132.852058][ T5616]  ? tun_get_user+0x27cf/0x47c0
[  132.852068][ T5616]  tun_get_user+0x2908/0x47c0
[  132.852087][ T5616]  ? aa_file_perm+0x139/0xf60
[  132.852103][ T5616]  ? aa_file_perm+0x139/0xf60
[  132.852117][ T5616]  ? aa_file_perm+0x3f1/0xf60
[  132.852130][ T5616]  ? __pfx_tun_get_user+0x10/0x10
[  132.852146][ T5616]  ? ref_tracker_alloc+0x316/0x4c0
[  132.852159][ T5616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  132.852180][ T5616]  ? tun_get+0x1e/0x2f0
[  132.852194][ T5616]  ? tun_get+0x1e/0x2f0
[  132.852207][ T5616]  ? tun_get+0x27d/0x2f0
[  132.852221][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  132.852238][ T5616]  vfs_write+0x70f/0xd10
[  132.852254][ T5616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  132.852270][ T5616]  ? __pfx_vfs_write+0x10/0x10
[  132.852282][ T5616]  ? __fget_files+0x2a/0x420
[  132.852294][ T5616]  ? __fget_files+0x2a/0x420
[  132.852308][ T5616]  ksys_write+0x19d/0x2d0
[  132.852321][ T5616]  ? __pfx_ksys_write+0x10/0x10
[  132.852336][ T5616]  ? do_syscall_64+0xb6/0x230
[  132.852350][ T5616]  do_syscall_64+0xf3/0x230
[  132.852362][ T5616]  ? clear_bhb_loop+0x45/0xa0
[  132.852375][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.852385][ T5616] RIP: 0033:0x7f1c7158bc1f
[  132.852395][ T5616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  132.852403][ T5616] RSP: 002b:00007f1c72486000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  132.852414][ T5616] RAX: ffffffffffffffda RBX: 00007f1c717a5fa0 RCX: 00007f1c7158bc1f
[  132.852420][ T5616] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  132.852426][ T5616] RBP: 00007f1c7160e2a0 R08: 0000000000000000 R09: 0000000000000000
[  132.852432][ T5616] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  132.852439][ T5616] R13: 0000000000000000 R14: 00007f1c717a5fa0 R15: 00007fff1cbfc2d8
[  132.852455][ T5616]  </TASK>
[  132.852461][ T5616] Disabling lock debugging due to kernel taint
[  132.959527][ T5616] BUG: Bad page state in process syz.0.16  pfn:4ab01
[  132.962218][ T5616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffffffffffffff pfn:0x4ab01
[  132.965801][ T5616] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  132.968596][ T5616] raw: 04fff00000000000 dead000000000040 ffff88801e571000 0000000000000000
[  132.971744][ T5616] raw: ffffffffffffffff 0000000000000001 00000000ffffffff 0000000000000000
[  132.974653][ T5616] page dumped because: page_pool leak
[  132.976654][ T5616] page_owner tracks the page as allocated
[  132.978988][ T5616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5616, tgid 5615 (syz.0.16), ts 132764989313, free_ts 132679059483
[  132.985445][ T5616]  post_alloc_hook+0x1f4/0x240
[  132.987200][ T5616]  get_page_from_freelist+0x352b/0x36c0
[  132.989213][ T5616]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  132.991418][ T5616]  alloc_pages_bulk_noprof+0x84a/0xaf0
[  132.993458][ T5616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  132.995717][ T5616]  skb_pp_cow_data+0xd7d/0x1820
[  132.997686][ T5616]  do_xdp_generic+0x52a/0xd50
[  132.999585][ T5616]  tun_get_user+0x2908/0x47c0
[  133.001401][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  133.003379][ T5616]  vfs_write+0x70f/0xd10
[  133.005083][ T5616]  ksys_write+0x19d/0x2d0
[  133.006774][ T5616]  do_syscall_64+0xf3/0x230
[  133.008435][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.010878][ T5616] page last free pid 5601 tgid 5601 stack trace:
[  133.013478][ T5616]  __free_frozen_pages+0xde8/0x10a0
[  133.015505][ T5616]  __slab_free+0x2c6/0x390
[  133.017343][ T5616]  qlist_free_all+0x9a/0x140
[  133.019254][ T5616]  kasan_quarantine_reduce+0x14f/0x170
[  133.021529][ T5616]  __kasan_slab_alloc+0x23/0x80
[  133.023523][ T5616]  __kmalloc_noprof+0x238/0x4d0
[  133.025553][ T5616]  tomoyo_realpath_from_path+0xcf/0x5e0
[  133.027723][ T5616]  tomoyo_mount_permission+0xab8/0xbd0
[  133.030044][ T5616]  security_sb_mount+0xe0/0x2f0
[  133.031953][ T5616]  path_mount+0xb9/0xfa0
[  133.033717][ T5616]  __se_sys_mount+0x38c/0x400
[  133.035569][ T5616]  do_syscall_64+0xf3/0x230
[  133.037451][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.039881][ T5616] Modules linked in:
[  133.041522][ T5616] CPU: 0 UID: 0 PID: 5616 Comm: syz.0.16 Tainted: G    B               6.15.0-rc1-syzkaller-g0af2f6be1b42 #0 PREEMPT(full) 
[  133.041548][ T5616] Tainted: [B]=BAD_PAGE
[  133.041552][ T5616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  133.041558][ T5616] Call Trace:
[  133.041565][ T5616]  <TASK>
[  133.041570][ T5616]  dump_stack_lvl+0x241/0x360
[  133.041587][ T5616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.041600][ T5616]  ? __pfx_print_modules+0x10/0x10
[  133.041618][ T5616]  bad_page+0x176/0x1d0
[  133.041631][ T5616]  __free_frozen_pages+0x1040/0x10a0
[  133.041649][ T5616]  bpf_xdp_frags_shrink_tail+0x3bb/0x780
[  133.041664][ T5616]  bpf_xdp_adjust_tail+0x1c7/0x210
[  133.041680][ T5616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  133.041690][ T5616]  bpf_prog_run_generic_xdp+0x684/0x1510
[  133.041707][ T5616]  do_xdp_generic+0x769/0xd50
[  133.041721][ T5616]  ? __pfx_do_xdp_generic+0x10/0x10
[  133.041737][ T5616]  ? tun_get_user+0x27cf/0x47c0
[  133.041746][ T5616]  tun_get_user+0x2908/0x47c0
[  133.041759][ T5616]  ? aa_file_perm+0x139/0xf60
[  133.041773][ T5616]  ? aa_file_perm+0x139/0xf60
[  133.041785][ T5616]  ? aa_file_perm+0x3f1/0xf60
[  133.041799][ T5616]  ? __pfx_tun_get_user+0x10/0x10
[  133.041810][ T5616]  ? ref_tracker_alloc+0x316/0x4c0
[  133.041822][ T5616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  133.041835][ T5616]  ? tun_get+0x1e/0x2f0
[  133.041850][ T5616]  ? tun_get+0x1e/0x2f0
[  133.041863][ T5616]  ? tun_get+0x27d/0x2f0
[  133.041877][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  133.041891][ T5616]  vfs_write+0x70f/0xd10
[  133.041903][ T5616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  133.041916][ T5616]  ? __pfx_vfs_write+0x10/0x10
[  133.041927][ T5616]  ? __fget_files+0x2a/0x420
[  133.041936][ T5616]  ? __fget_files+0x2a/0x420
[  133.041947][ T5616]  ksys_write+0x19d/0x2d0
[  133.041958][ T5616]  ? __pfx_ksys_write+0x10/0x10
[  133.041969][ T5616]  ? do_syscall_64+0xb6/0x230
[  133.041981][ T5616]  do_syscall_64+0xf3/0x230
[  133.041993][ T5616]  ? clear_bhb_loop+0x45/0xa0
[  133.042003][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.042013][ T5616] RIP: 0033:0x7f1c7158bc1f
[  133.042023][ T5616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  133.042031][ T5616] RSP: 002b:00007f1c72486000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  133.042043][ T5616] RAX: ffffffffffffffda RBX: 00007f1c717a5fa0 RCX: 00007f1c7158bc1f
[  133.042050][ T5616] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  133.042057][ T5616] RBP: 00007f1c7160e2a0 R08: 0000000000000000 R09: 0000000000000000
[  133.042062][ T5616] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  133.042068][ T5616] R13: 0000000000000000 R14: 00007f1c717a5fa0 R15: 00007fff1cbfc2d8
[  133.042078][ T5616]  </TASK>
[  133.042086][ T5616] BUG: Bad page state in process syz.0.16  pfn:4ab00
[  133.156111][ T5616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804ab05500 pfn:0x4ab00
[  133.160191][ T5616] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  133.163158][ T5616] raw: 04fff00000000000 dead000000000040 ffff88801e571000 0000000000000000
[  133.166361][ T5616] raw: ffff88804ab05500 0000000000000001 00000000ffffffff 0000000000000000
[  133.169674][ T5616] page dumped because: page_pool leak
[  133.172440][ T5616] page_owner tracks the page as allocated
[  133.174843][ T5616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5616, tgid 5615 (syz.0.16), ts 132764978651, free_ts 132679059483
[  133.181593][ T5616]  post_alloc_hook+0x1f4/0x240
[  133.183424][ T5616]  get_page_from_freelist+0x352b/0x36c0
[  133.185614][ T5616]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  133.187930][ T5616]  alloc_pages_bulk_noprof+0x84a/0xaf0
[  133.190206][ T5616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  133.192762][ T5616]  skb_pp_cow_data+0xd7d/0x1820
[  133.194850][ T5616]  do_xdp_generic+0x52a/0xd50
[  133.196787][ T5616]  tun_get_user+0x2908/0x47c0
[  133.198697][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  133.200846][ T5616]  vfs_write+0x70f/0xd10
[  133.202605][ T5616]  ksys_write+0x19d/0x2d0
[  133.204366][ T5616]  do_syscall_64+0xf3/0x230
[  133.206250][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.208657][ T5616] page last free pid 5601 tgid 5601 stack trace:
[  133.211376][ T5616]  __free_frozen_pages+0xde8/0x10a0
[  133.213528][ T5616]  __slab_free+0x2c6/0x390
[  133.215370][ T5616]  qlist_free_all+0x9a/0x140
[  133.217278][ T5616]  kasan_quarantine_reduce+0x14f/0x170
[  133.219586][ T5616]  __kasan_slab_alloc+0x23/0x80
[  133.221571][ T5616]  __kmalloc_noprof+0x238/0x4d0
[  133.223546][ T5616]  tomoyo_realpath_from_path+0xcf/0x5e0
[  133.225809][ T5616]  tomoyo_mount_permission+0xab8/0xbd0
[  133.228064][ T5616]  security_sb_mount+0xe0/0x2f0
[  133.230281][ T5616]  path_mount+0xb9/0xfa0
[  133.232028][ T5616]  __se_sys_mount+0x38c/0x400
[  133.233912][ T5616]  do_syscall_64+0xf3/0x230
[  133.235849][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.238207][ T5616] Modules linked in:
[  133.239836][ T5616] CPU: 0 UID: 0 PID: 5616 Comm: syz.0.16 Tainted: G    B               6.15.0-rc1-syzkaller-g0af2f6be1b42 #0 PREEMPT(full) 
[  133.239847][ T5616] Tainted: [B]=BAD_PAGE
[  133.239850][ T5616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  133.239854][ T5616] Call Trace:
[  133.239859][ T5616]  <TASK>
[  133.239863][ T5616]  dump_stack_lvl+0x241/0x360
[  133.239879][ T5616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.239890][ T5616]  ? __pfx_print_modules+0x10/0x10
[  133.239908][ T5616]  bad_page+0x176/0x1d0
[  133.239921][ T5616]  __free_frozen_pages+0x1040/0x10a0
[  133.239938][ T5616]  bpf_xdp_frags_shrink_tail+0x3bb/0x780
[  133.239954][ T5616]  bpf_xdp_adjust_tail+0x1c7/0x210
[  133.239968][ T5616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  133.239977][ T5616]  bpf_prog_run_generic_xdp+0x684/0x1510
[  133.239992][ T5616]  do_xdp_generic+0x769/0xd50
[  133.240008][ T5616]  ? __pfx_do_xdp_generic+0x10/0x10
[  133.240023][ T5616]  ? tun_get_user+0x27cf/0x47c0
[  133.240033][ T5616]  tun_get_user+0x2908/0x47c0
[  133.240045][ T5616]  ? aa_file_perm+0x139/0xf60
[  133.240061][ T5616]  ? aa_file_perm+0x139/0xf60
[  133.240073][ T5616]  ? aa_file_perm+0x3f1/0xf60
[  133.240086][ T5616]  ? __pfx_tun_get_user+0x10/0x10
[  133.240096][ T5616]  ? ref_tracker_alloc+0x316/0x4c0
[  133.240107][ T5616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  133.240122][ T5616]  ? tun_get+0x1e/0x2f0
[  133.240136][ T5616]  ? tun_get+0x1e/0x2f0
[  133.240148][ T5616]  ? tun_get+0x27d/0x2f0
[  133.240162][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  133.240172][ T5616]  vfs_write+0x70f/0xd10
[  133.240181][ T5616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  133.240195][ T5616]  ? __pfx_vfs_write+0x10/0x10
[  133.240202][ T5616]  ? __fget_files+0x2a/0x420
[  133.240208][ T5616]  ? __fget_files+0x2a/0x420
[  133.240214][ T5616]  ksys_write+0x19d/0x2d0
[  133.240221][ T5616]  ? __pfx_ksys_write+0x10/0x10
[  133.240228][ T5616]  ? do_syscall_64+0xb6/0x230
[  133.240236][ T5616]  do_syscall_64+0xf3/0x230
[  133.240243][ T5616]  ? clear_bhb_loop+0x45/0xa0
[  133.240250][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.240257][ T5616] RIP: 0033:0x7f1c7158bc1f
[  133.240264][ T5616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  133.240275][ T5616] RSP: 002b:00007f1c72486000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  133.240283][ T5616] RAX: ffffffffffffffda RBX: 00007f1c717a5fa0 RCX: 00007f1c7158bc1f
[  133.240288][ T5616] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  133.240292][ T5616] RBP: 00007f1c7160e2a0 R08: 0000000000000000 R09: 0000000000000000
[  133.240296][ T5616] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  133.240300][ T5616] R13: 0000000000000000 R14: 00007f1c717a5fa0 R15: 00007fff1cbfc2d8
[  133.240307][ T5616]  </TASK>
[  133.240313][ T5616] BUG: Bad page state in process syz.0.16  pfn:594a7
[  133.353502][ T5616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x594a7
[  133.356868][ T5616] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  133.359737][ T5616] raw: 04fff00000000000 dead000000000040 ffff88801e571000 0000000000000000
[  133.362909][ T5616] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  133.366135][ T5616] page dumped because: page_pool leak
[  133.368168][ T5616] page_owner tracks the page as allocated
[  133.370479][ T5616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5616, tgid 5615 (syz.0.16), ts 132764969106, free_ts 132746987775
[  133.376899][ T5616]  post_alloc_hook+0x1f4/0x240
[  133.378797][ T5616]  get_page_from_freelist+0x352b/0x36c0
[  133.381058][ T5616]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  133.383403][ T5616]  alloc_pages_bulk_noprof+0x84a/0xaf0
[  133.385555][ T5616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  133.387828][ T5616]  skb_pp_cow_data+0xd7d/0x1820
[  133.389800][ T5616]  do_xdp_generic+0x52a/0xd50
[  133.391674][ T5616]  tun_get_user+0x2908/0x47c0
[  133.393576][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  133.395559][ T5616]  vfs_write+0x70f/0xd10
[  133.397253][ T5616]  ksys_write+0x19d/0x2d0
[  133.399029][ T5616]  do_syscall_64+0xf3/0x230
[  133.400979][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.403349][ T5616] page last free pid 4734 tgid 4734 stack trace:
[  133.405923][ T5616]  __free_frozen_pages+0xde8/0x10a0
[  133.407975][ T5616]  __slab_free+0x2c6/0x390
[  133.409786][ T5616]  qlist_free_all+0x9a/0x140
[  133.411612][ T5616]  kasan_quarantine_reduce+0x14f/0x170
[  133.413852][ T5616]  __kasan_slab_alloc+0x23/0x80
[  133.415758][ T5616]  kmem_cache_alloc_noprof+0x1e1/0x390
[  133.417891][ T5616]  getname_flags+0xb6/0x530
[  133.419818][ T5616]  do_readlinkat+0xd7/0x380
[  133.421689][ T5616]  __x64_sys_readlink+0x7f/0x90
[  133.423579][ T5616]  do_syscall_64+0xf3/0x230
[  133.425317][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.427522][ T5616] Modules linked in:
[  133.429107][ T5616] CPU: 0 UID: 0 PID: 5616 Comm: syz.0.16 Tainted: G    B               6.15.0-rc1-syzkaller-g0af2f6be1b42 #0 PREEMPT(full) 
[  133.429124][ T5616] Tainted: [B]=BAD_PAGE
[  133.429128][ T5616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  133.429135][ T5616] Call Trace:
[  133.429141][ T5616]  <TASK>
[  133.429146][ T5616]  dump_stack_lvl+0x241/0x360
[  133.429163][ T5616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.429176][ T5616]  ? __pfx_print_modules+0x10/0x10
[  133.429194][ T5616]  bad_page+0x176/0x1d0
[  133.429206][ T5616]  __free_frozen_pages+0x1040/0x10a0
[  133.429224][ T5616]  bpf_xdp_frags_shrink_tail+0x3bb/0x780
[  133.429239][ T5616]  bpf_xdp_adjust_tail+0x1c7/0x210
[  133.429255][ T5616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  133.429264][ T5616]  bpf_prog_run_generic_xdp+0x684/0x1510
[  133.429283][ T5616]  do_xdp_generic+0x769/0xd50
[  133.429295][ T5616]  ? __pfx_do_xdp_generic+0x10/0x10
[  133.429310][ T5616]  ? tun_get_user+0x27cf/0x47c0
[  133.429319][ T5616]  tun_get_user+0x2908/0x47c0
[  133.429327][ T5616]  ? aa_file_perm+0x139/0xf60
[  133.429351][ T5616]  ? aa_file_perm+0x139/0xf60
[  133.429360][ T5616]  ? aa_file_perm+0x3f1/0xf60
[  133.429368][ T5616]  ? __pfx_tun_get_user+0x10/0x10
[  133.429375][ T5616]  ? ref_tracker_alloc+0x316/0x4c0
[  133.429383][ T5616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  133.429392][ T5616]  ? tun_get+0x1e/0x2f0
[  133.429401][ T5616]  ? tun_get+0x1e/0x2f0
[  133.429409][ T5616]  ? tun_get+0x27d/0x2f0
[  133.429418][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  133.429427][ T5616]  vfs_write+0x70f/0xd10
[  133.429436][ T5616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  133.429445][ T5616]  ? __pfx_vfs_write+0x10/0x10
[  133.429454][ T5616]  ? __fget_files+0x2a/0x420
[  133.429463][ T5616]  ? __fget_files+0x2a/0x420
[  133.429472][ T5616]  ksys_write+0x19d/0x2d0
[  133.429483][ T5616]  ? __pfx_ksys_write+0x10/0x10
[  133.429494][ T5616]  ? do_syscall_64+0xb6/0x230
[  133.429507][ T5616]  do_syscall_64+0xf3/0x230
[  133.429518][ T5616]  ? clear_bhb_loop+0x45/0xa0
[  133.429529][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.429539][ T5616] RIP: 0033:0x7f1c7158bc1f
[  133.429548][ T5616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  133.429561][ T5616] RSP: 002b:00007f1c72486000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  133.429577][ T5616] RAX: ffffffffffffffda RBX: 00007f1c717a5fa0 RCX: 00007f1c7158bc1f
[  133.429584][ T5616] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  133.429591][ T5616] RBP: 00007f1c7160e2a0 R08: 0000000000000000 R09: 0000000000000000
[  133.429596][ T5616] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  133.429601][ T5616] R13: 0000000000000000 R14: 00007f1c717a5fa0 R15: 00007fff1cbfc2d8
[  133.429612][ T5616]  </TASK>
[  133.542321][ T5616] BUG: Bad page state in process syz.0.16  pfn:594a6
[  133.545017][ T5616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x594a6
[  133.548483][ T5616] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  133.551441][ T5616] raw: 04fff00000000000 dead000000000040 ffff88801e571000 0000000000000000
[  133.554881][ T5616] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  133.558286][ T5616] page dumped because: page_pool leak
[  133.560524][ T5616] page_owner tracks the page as allocated
[  133.562874][ T5616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5616, tgid 5615 (syz.0.16), ts 132764958398, free_ts 132746987775
[  133.569759][ T5616]  post_alloc_hook+0x1f4/0x240
[  133.572315][ T5616]  get_page_from_freelist+0x352b/0x36c0
[  133.574853][ T5616]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  133.577188][ T5616]  alloc_pages_bulk_noprof+0x84a/0xaf0
[  133.579528][ T5616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  133.582022][ T5616]  skb_pp_cow_data+0xd7d/0x1820
[  133.584020][ T5616]  do_xdp_generic+0x52a/0xd50
[  133.585970][ T5616]  tun_get_user+0x2908/0x47c0
[  133.587890][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  133.590035][ T5616]  vfs_write+0x70f/0xd10
[  133.592227][ T5616]  ksys_write+0x19d/0x2d0
[  133.594192][ T5616]  do_syscall_64+0xf3/0x230
[  133.596588][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.599182][ T5616] page last free pid 4734 tgid 4734 stack trace:
[  133.602061][ T5616]  __free_frozen_pages+0xde8/0x10a0
[  133.604102][ T5616]  __slab_free+0x2c6/0x390
[  133.605952][ T5616]  qlist_free_all+0x9a/0x140
[  133.607853][ T5616]  kasan_quarantine_reduce+0x14f/0x170
[  133.610136][ T5616]  __kasan_slab_alloc+0x23/0x80
[  133.612025][ T5616]  kmem_cache_alloc_noprof+0x1e1/0x390
[  133.614252][ T5616]  getname_flags+0xb6/0x530
[  133.616164][ T5616]  do_readlinkat+0xd7/0x380
[  133.618277][ T5616]  __x64_sys_readlink+0x7f/0x90
[  133.620594][ T5616]  do_syscall_64+0xf3/0x230
[  133.622505][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.624723][ T5616] Modules linked in:
[  133.626525][ T5616] CPU: 0 UID: 0 PID: 5616 Comm: syz.0.16 Tainted: G    B               6.15.0-rc1-syzkaller-g0af2f6be1b42 #0 PREEMPT(full) 
[  133.626542][ T5616] Tainted: [B]=BAD_PAGE
[  133.626546][ T5616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  133.626552][ T5616] Call Trace:
[  133.626558][ T5616]  <TASK>
[  133.626565][ T5616]  dump_stack_lvl+0x241/0x360
[  133.626583][ T5616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.626597][ T5616]  ? __pfx_print_modules+0x10/0x10
[  133.626616][ T5616]  bad_page+0x176/0x1d0
[  133.626629][ T5616]  __free_frozen_pages+0x1040/0x10a0
[  133.626646][ T5616]  bpf_xdp_frags_shrink_tail+0x3bb/0x780
[  133.626663][ T5616]  bpf_xdp_adjust_tail+0x1c7/0x210
[  133.626739][ T5616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  133.626759][ T5616]  bpf_prog_run_generic_xdp+0x684/0x1510
[  133.626779][ T5616]  do_xdp_generic+0x769/0xd50
[  133.626791][ T5616]  ? __pfx_do_xdp_generic+0x10/0x10
[  133.626808][ T5616]  ? tun_get_user+0x27cf/0x47c0
[  133.626818][ T5616]  tun_get_user+0x2908/0x47c0
[  133.626830][ T5616]  ? aa_file_perm+0x139/0xf60
[  133.626846][ T5616]  ? aa_file_perm+0x139/0xf60
[  133.626858][ T5616]  ? aa_file_perm+0x3f1/0xf60
[  133.626871][ T5616]  ? __pfx_tun_get_user+0x10/0x10
[  133.626882][ T5616]  ? ref_tracker_alloc+0x316/0x4c0
[  133.626893][ T5616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  133.626907][ T5616]  ? tun_get+0x1e/0x2f0
[  133.626920][ T5616]  ? tun_get+0x1e/0x2f0
[  133.626932][ T5616]  ? tun_get+0x27d/0x2f0
[  133.626946][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  133.626960][ T5616]  vfs_write+0x70f/0xd10
[  133.626972][ T5616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  133.626985][ T5616]  ? __pfx_vfs_write+0x10/0x10
[  133.626996][ T5616]  ? __fget_files+0x2a/0x420
[  133.627005][ T5616]  ? __fget_files+0x2a/0x420
[  133.627014][ T5616]  ksys_write+0x19d/0x2d0
[  133.627024][ T5616]  ? __pfx_ksys_write+0x10/0x10
[  133.627036][ T5616]  ? do_syscall_64+0xb6/0x230
[  133.627048][ T5616]  do_syscall_64+0xf3/0x230
[  133.627059][ T5616]  ? clear_bhb_loop+0x45/0xa0
[  133.627071][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.627081][ T5616] RIP: 0033:0x7f1c7158bc1f
[  133.627092][ T5616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  133.627100][ T5616] RSP: 002b:00007f1c72486000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  133.627112][ T5616] RAX: ffffffffffffffda RBX: 00007f1c717a5fa0 RCX: 00007f1c7158bc1f
[  133.627120][ T5616] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  133.627126][ T5616] RBP: 00007f1c7160e2a0 R08: 0000000000000000 R09: 0000000000000000
[  133.627133][ T5616] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  133.627139][ T5616] R13: 0000000000000000 R14: 00007f1c717a5fa0 R15: 00007fff1cbfc2d8
[  133.627149][ T5616]  </TASK>
[  133.627157][ T5616] BUG: Bad page state in process syz.0.16  pfn:594a5
[  133.743110][ T5616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x594a5
[  133.746568][ T5616] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  133.749475][ T5616] raw: 04fff00000000000 dead000000000040 ffff88801e571000 0000000000000000
[  133.753116][ T5616] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  133.757235][ T5616] page dumped because: page_pool leak
[  133.760143][ T5616] page_owner tracks the page as allocated
[  133.762398][ T5616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5616, tgid 5615 (syz.0.16), ts 132764946555, free_ts 132746987775
[  133.768965][ T5616]  post_alloc_hook+0x1f4/0x240
[  133.771037][ T5616]  get_page_from_freelist+0x352b/0x36c0
[  133.773311][ T5616]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  133.775613][ T5616]  alloc_pages_bulk_noprof+0x84a/0xaf0
[  133.777787][ T5616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  133.780182][ T5616]  skb_pp_cow_data+0xd7d/0x1820
[  133.782178][ T5616]  do_xdp_generic+0x52a/0xd50
[  133.784060][ T5616]  tun_get_user+0x2908/0x47c0
[  133.785982][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  133.788014][ T5616]  vfs_write+0x70f/0xd10
[  133.789871][ T5616]  ksys_write+0x19d/0x2d0
[  133.791685][ T5616]  do_syscall_64+0xf3/0x230
[  133.793585][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.795979][ T5616] page last free pid 4734 tgid 4734 stack trace:
[  133.798537][ T5616]  __free_frozen_pages+0xde8/0x10a0
[  133.800699][ T5616]  __slab_free+0x2c6/0x390
[  133.802552][ T5616]  qlist_free_all+0x9a/0x140
[  133.804374][ T5616]  kasan_quarantine_reduce+0x14f/0x170
[  133.806485][ T5616]  __kasan_slab_alloc+0x23/0x80
[  133.808495][ T5616]  kmem_cache_alloc_noprof+0x1e1/0x390
[  133.810722][ T5616]  getname_flags+0xb6/0x530
[  133.812571][ T5616]  do_readlinkat+0xd7/0x380
[  133.814378][ T5616]  __x64_sys_readlink+0x7f/0x90
[  133.816345][ T5616]  do_syscall_64+0xf3/0x230
[  133.818270][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.820559][ T5616] Modules linked in:
[  133.822218][ T5616] CPU: 0 UID: 0 PID: 5616 Comm: syz.0.16 Tainted: G    B               6.15.0-rc1-syzkaller-g0af2f6be1b42 #0 PREEMPT(full) 
[  133.822235][ T5616] Tainted: [B]=BAD_PAGE
[  133.822239][ T5616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  133.822245][ T5616] Call Trace:
[  133.822251][ T5616]  <TASK>
[  133.822256][ T5616]  dump_stack_lvl+0x241/0x360
[  133.822272][ T5616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.822285][ T5616]  ? __pfx_print_modules+0x10/0x10
[  133.822303][ T5616]  bad_page+0x176/0x1d0
[  133.822315][ T5616]  __free_frozen_pages+0x1040/0x10a0
[  133.822332][ T5616]  bpf_xdp_frags_shrink_tail+0x3bb/0x780
[  133.822347][ T5616]  bpf_xdp_adjust_tail+0x1c7/0x210
[  133.822362][ T5616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  133.822371][ T5616]  bpf_prog_run_generic_xdp+0x684/0x1510
[  133.822388][ T5616]  do_xdp_generic+0x769/0xd50
[  133.822399][ T5616]  ? __pfx_do_xdp_generic+0x10/0x10
[  133.822416][ T5616]  ? tun_get_user+0x27cf/0x47c0
[  133.822425][ T5616]  tun_get_user+0x2908/0x47c0
[  133.822436][ T5616]  ? aa_file_perm+0x139/0xf60
[  133.822450][ T5616]  ? aa_file_perm+0x139/0xf60
[  133.822463][ T5616]  ? aa_file_perm+0x3f1/0xf60
[  133.822475][ T5616]  ? __pfx_tun_get_user+0x10/0x10
[  133.822485][ T5616]  ? ref_tracker_alloc+0x316/0x4c0
[  133.822496][ T5616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  133.822511][ T5616]  ? tun_get+0x1e/0x2f0
[  133.822524][ T5616]  ? tun_get+0x1e/0x2f0
[  133.822536][ T5616]  ? tun_get+0x27d/0x2f0
[  133.822555][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  133.822570][ T5616]  vfs_write+0x70f/0xd10
[  133.822583][ T5616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  133.822597][ T5616]  ? __pfx_vfs_write+0x10/0x10
[  133.822608][ T5616]  ? __fget_files+0x2a/0x420
[  133.822617][ T5616]  ? __fget_files+0x2a/0x420
[  133.822628][ T5616]  ksys_write+0x19d/0x2d0
[  133.822640][ T5616]  ? __pfx_ksys_write+0x10/0x10
[  133.822651][ T5616]  ? do_syscall_64+0xb6/0x230
[  133.822664][ T5616]  do_syscall_64+0xf3/0x230
[  133.822675][ T5616]  ? clear_bhb_loop+0x45/0xa0
[  133.822687][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.822696][ T5616] RIP: 0033:0x7f1c7158bc1f
[  133.822706][ T5616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  133.822715][ T5616] RSP: 002b:00007f1c72486000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  133.822725][ T5616] RAX: ffffffffffffffda RBX: 00007f1c717a5fa0 RCX: 00007f1c7158bc1f
[  133.822732][ T5616] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  133.822739][ T5616] RBP: 00007f1c7160e2a0 R08: 0000000000000000 R09: 0000000000000000
[  133.822746][ T5616] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  133.822752][ T5616] R13: 0000000000000000 R14: 00007f1c717a5fa0 R15: 00007fff1cbfc2d8
[  133.822761][ T5616]  </TASK>
[  133.822770][ T5616] BUG: Bad page state in process syz.0.16  pfn:594a4
[  133.936503][ T5616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x594a4
[  133.939816][ T5616] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  133.942876][ T5616] raw: 04fff00000000000 dead000000000040 ffff88801e571000 0000000000000000
[  133.946446][ T5616] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  133.949997][ T5616] page dumped because: page_pool leak
[  133.952186][ T5616] page_owner tracks the page as allocated
[  133.954543][ T5616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5616, tgid 5615 (syz.0.16), ts 132764907870, free_ts 132746987775
[  133.961268][ T5616]  post_alloc_hook+0x1f4/0x240
[  133.963175][ T5616]  get_page_from_freelist+0x352b/0x36c0
[  133.965487][ T5616]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  133.967725][ T5616]  alloc_pages_bulk_noprof+0x84a/0xaf0
[  133.970007][ T5616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  133.972391][ T5616]  skb_pp_cow_data+0xd7d/0x1820
[  133.974375][ T5616]  do_xdp_generic+0x52a/0xd50
[  133.976215][ T5616]  tun_get_user+0x2908/0x47c0
[  133.978134][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  133.980280][ T5616]  vfs_write+0x70f/0xd10
[  133.981997][ T5616]  ksys_write+0x19d/0x2d0
[  133.983793][ T5616]  do_syscall_64+0xf3/0x230
[  133.985616][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.987977][ T5616] page last free pid 4734 tgid 4734 stack trace:
[  133.990602][ T5616]  __free_frozen_pages+0xde8/0x10a0
[  133.992934][ T5616]  __slab_free+0x2c6/0x390
[  133.994891][ T5616]  qlist_free_all+0x9a/0x140
[  133.996808][ T5616]  kasan_quarantine_reduce+0x14f/0x170
[  133.999090][ T5616]  __kasan_slab_alloc+0x23/0x80
[  134.001171][ T5616]  kmem_cache_alloc_noprof+0x1e1/0x390
[  134.003344][ T5616]  getname_flags+0xb6/0x530
[  134.005120][ T5616]  do_readlinkat+0xd7/0x380
[  134.007023][ T5616]  __x64_sys_readlink+0x7f/0x90
[  134.008892][ T5616]  do_syscall_64+0xf3/0x230
[  134.010955][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.013429][ T5616] Modules linked in:
[  134.015141][ T5616] CPU: 0 UID: 0 PID: 5616 Comm: syz.0.16 Tainted: G    B               6.15.0-rc1-syzkaller-g0af2f6be1b42 #0 PREEMPT(full) 
[  134.015160][ T5616] Tainted: [B]=BAD_PAGE
[  134.015164][ T5616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  134.015171][ T5616] Call Trace:
[  134.015179][ T5616]  <TASK>
[  134.015186][ T5616]  dump_stack_lvl+0x241/0x360
[  134.015211][ T5616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.015230][ T5616]  ? __pfx_print_modules+0x10/0x10
[  134.015250][ T5616]  bad_page+0x176/0x1d0
[  134.015263][ T5616]  __free_frozen_pages+0x1040/0x10a0
[  134.015282][ T5616]  bpf_xdp_frags_shrink_tail+0x3bb/0x780
[  134.015299][ T5616]  bpf_xdp_adjust_tail+0x1c7/0x210
[  134.015317][ T5616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  134.015328][ T5616]  bpf_prog_run_generic_xdp+0x684/0x1510
[  134.015348][ T5616]  do_xdp_generic+0x769/0xd50
[  134.015363][ T5616]  ? __pfx_do_xdp_generic+0x10/0x10
[  134.015386][ T5616]  ? tun_get_user+0x27cf/0x47c0
[  134.015397][ T5616]  tun_get_user+0x2908/0x47c0
[  134.015411][ T5616]  ? aa_file_perm+0x139/0xf60
[  134.015428][ T5616]  ? aa_file_perm+0x139/0xf60
[  134.015442][ T5616]  ? aa_file_perm+0x3f1/0xf60
[  134.015457][ T5616]  ? __pfx_tun_get_user+0x10/0x10
[  134.015474][ T5616]  ? ref_tracker_alloc+0x316/0x4c0
[  134.015487][ T5616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  134.015506][ T5616]  ? tun_get+0x1e/0x2f0
[  134.015525][ T5616]  ? tun_get+0x1e/0x2f0
[  134.015539][ T5616]  ? tun_get+0x27d/0x2f0
[  134.015554][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  134.015571][ T5616]  vfs_write+0x70f/0xd10
[  134.015586][ T5616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  134.015602][ T5616]  ? __pfx_vfs_write+0x10/0x10
[  134.015614][ T5616]  ? __fget_files+0x2a/0x420
[  134.015624][ T5616]  ? __fget_files+0x2a/0x420
[  134.015636][ T5616]  ksys_write+0x19d/0x2d0
[  134.015648][ T5616]  ? __pfx_ksys_write+0x10/0x10
[  134.015661][ T5616]  ? do_syscall_64+0xb6/0x230
[  134.015675][ T5616]  do_syscall_64+0xf3/0x230
[  134.015688][ T5616]  ? clear_bhb_loop+0x45/0xa0
[  134.015701][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.015712][ T5616] RIP: 0033:0x7f1c7158bc1f
[  134.015723][ T5616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  134.015733][ T5616] RSP: 002b:00007f1c72486000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  134.015746][ T5616] RAX: ffffffffffffffda RBX: 00007f1c717a5fa0 RCX: 00007f1c7158bc1f
[  134.015754][ T5616] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  134.015761][ T5616] RBP: 00007f1c7160e2a0 R08: 0000000000000000 R09: 0000000000000000
[  134.015768][ T5616] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  134.015775][ T5616] R13: 0000000000000000 R14: 00007f1c717a5fa0 R15: 00007fff1cbfc2d8
[  134.015786][ T5616]  </TASK>
[  134.015795][ T5616] BUG: Bad page state in process syz.0.16  pfn:594a3
[  134.134184][ T5616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x594a3
[  134.137907][ T5616] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  134.141055][ T5616] raw: 04fff00000000000 dead000000000040 ffff88801e571000 0000000000000000
[  134.144663][ T5616] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  134.148221][ T5616] page dumped because: page_pool leak
[  134.150618][ T5616] page_owner tracks the page as allocated
[  134.153050][ T5616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5616, tgid 5615 (syz.0.16), ts 132764896677, free_ts 132746987775
[  134.160001][ T5616]  post_alloc_hook+0x1f4/0x240
[  134.162017][ T5616]  get_page_from_freelist+0x352b/0x36c0
[  134.164296][ T5616]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  134.166718][ T5616]  alloc_pages_bulk_noprof+0x84a/0xaf0
[  134.169017][ T5616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  134.171566][ T5616]  skb_pp_cow_data+0xd7d/0x1820
[  134.173649][ T5616]  do_xdp_generic+0x52a/0xd50
[  134.175635][ T5616]  tun_get_user+0x2908/0x47c0
[  134.177663][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  134.179861][ T5616]  vfs_write+0x70f/0xd10
[  134.181665][ T5616]  ksys_write+0x19d/0x2d0
[  134.183489][ T5616]  do_syscall_64+0xf3/0x230
[  134.185399][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.187919][ T5616] page last free pid 4734 tgid 4734 stack trace:
[  134.190696][ T5616]  __free_frozen_pages+0xde8/0x10a0
[  134.192903][ T5616]  __slab_free+0x2c6/0x390
[  134.194825][ T5616]  qlist_free_all+0x9a/0x140
[  134.196805][ T5616]  kasan_quarantine_reduce+0x14f/0x170
[  134.199136][ T5616]  __kasan_slab_alloc+0x23/0x80
[  134.201287][ T5616]  kmem_cache_alloc_noprof+0x1e1/0x390
[  134.203608][ T5616]  getname_flags+0xb6/0x530
[  134.205545][ T5616]  do_readlinkat+0xd7/0x380
[  134.207445][ T5616]  __x64_sys_readlink+0x7f/0x90
[  134.209607][ T5616]  do_syscall_64+0xf3/0x230
[  134.211539][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.214147][ T5616] Modules linked in:
[  134.215811][ T5616] CPU: 0 UID: 0 PID: 5616 Comm: syz.0.16 Tainted: G    B               6.15.0-rc1-syzkaller-g0af2f6be1b42 #0 PREEMPT(full) 
[  134.215828][ T5616] Tainted: [B]=BAD_PAGE
[  134.215832][ T5616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  134.215839][ T5616] Call Trace:
[  134.215845][ T5616]  <TASK>
[  134.215850][ T5616]  dump_stack_lvl+0x241/0x360
[  134.215868][ T5616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.215881][ T5616]  ? __pfx_print_modules+0x10/0x10
[  134.215898][ T5616]  bad_page+0x176/0x1d0
[  134.215912][ T5616]  __free_frozen_pages+0x1040/0x10a0
[  134.215930][ T5616]  bpf_xdp_frags_shrink_tail+0x3bb/0x780
[  134.215947][ T5616]  bpf_xdp_adjust_tail+0x1c7/0x210
[  134.215963][ T5616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  134.215973][ T5616]  bpf_prog_run_generic_xdp+0x684/0x1510
[  134.215990][ T5616]  do_xdp_generic+0x769/0xd50
[  134.216002][ T5616]  ? __pfx_do_xdp_generic+0x10/0x10
[  134.216018][ T5616]  ? tun_get_user+0x27cf/0x47c0
[  134.216028][ T5616]  tun_get_user+0x2908/0x47c0
[  134.216041][ T5616]  ? aa_file_perm+0x139/0xf60
[  134.216056][ T5616]  ? aa_file_perm+0x139/0xf60
[  134.216069][ T5616]  ? aa_file_perm+0x3f1/0xf60
[  134.216082][ T5616]  ? __pfx_tun_get_user+0x10/0x10
[  134.216092][ T5616]  ? ref_tracker_alloc+0x316/0x4c0
[  134.216103][ T5616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  134.216117][ T5616]  ? tun_get+0x1e/0x2f0
[  134.216132][ T5616]  ? tun_get+0x1e/0x2f0
[  134.216144][ T5616]  ? tun_get+0x27d/0x2f0
[  134.216157][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  134.216172][ T5616]  vfs_write+0x70f/0xd10
[  134.216185][ T5616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  134.216201][ T5616]  ? __pfx_vfs_write+0x10/0x10
[  134.216213][ T5616]  ? __fget_files+0x2a/0x420
[  134.216223][ T5616]  ? __fget_files+0x2a/0x420
[  134.216234][ T5616]  ksys_write+0x19d/0x2d0
[  134.216246][ T5616]  ? __pfx_ksys_write+0x10/0x10
[  134.216258][ T5616]  ? do_syscall_64+0xb6/0x230
[  134.216272][ T5616]  do_syscall_64+0xf3/0x230
[  134.216284][ T5616]  ? clear_bhb_loop+0x45/0xa0
[  134.216296][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.216307][ T5616] RIP: 0033:0x7f1c7158bc1f
[  134.216317][ T5616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  134.216326][ T5616] RSP: 002b:00007f1c72486000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  134.216338][ T5616] RAX: ffffffffffffffda RBX: 00007f1c717a5fa0 RCX: 00007f1c7158bc1f
[  134.216346][ T5616] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  134.216353][ T5616] RBP: 00007f1c7160e2a0 R08: 0000000000000000 R09: 0000000000000000
[  134.216360][ T5616] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  134.216366][ T5616] R13: 0000000000000000 R14: 00007f1c717a5fa0 R15: 00007fff1cbfc2d8
[  134.216378][ T5616]  </TASK>
[  134.216386][ T5616] BUG: Bad page state in process syz.0.16  pfn:594a2
[  134.334821][ T5616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x594a2
[  134.338441][ T5616] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  134.341546][ T5616] raw: 04fff00000000000 dead000000000040 ffff88801e571000 0000000000000000
[  134.345199][ T5616] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  134.348782][ T5616] page dumped because: page_pool leak
[  134.351118][ T5616] page_owner tracks the page as allocated
[  134.353527][ T5616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5616, tgid 5615 (syz.0.16), ts 132764886408, free_ts 132746987775
[  134.360490][ T5616]  post_alloc_hook+0x1f4/0x240
[  134.362620][ T5616]  get_page_from_freelist+0x352b/0x36c0
[  134.364940][ T5616]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  134.367353][ T5616]  alloc_pages_bulk_noprof+0x84a/0xaf0
[  134.369728][ T5616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  134.372241][ T5616]  skb_pp_cow_data+0xd7d/0x1820
[  134.374252][ T5616]  do_xdp_generic+0x52a/0xd50
[  134.376317][ T5616]  tun_get_user+0x2908/0x47c0
[  134.378296][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  134.380514][ T5616]  vfs_write+0x70f/0xd10
[  134.382337][ T5616]  ksys_write+0x19d/0x2d0
[  134.384171][ T5616]  do_syscall_64+0xf3/0x230
[  134.386133][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.388605][ T5616] page last free pid 4734 tgid 4734 stack trace:
[  134.391308][ T5616]  __free_frozen_pages+0xde8/0x10a0
[  134.393552][ T5616]  __slab_free+0x2c6/0x390
[  134.395430][ T5616]  qlist_free_all+0x9a/0x140
[  134.397390][ T5616]  kasan_quarantine_reduce+0x14f/0x170
[  134.399748][ T5616]  __kasan_slab_alloc+0x23/0x80
[  134.401828][ T5616]  kmem_cache_alloc_noprof+0x1e1/0x390
[  134.404141][ T5616]  getname_flags+0xb6/0x530
[  134.406069][ T5616]  do_readlinkat+0xd7/0x380
[  134.408001][ T5616]  __x64_sys_readlink+0x7f/0x90
[  134.410168][ T5616]  do_syscall_64+0xf3/0x230
[  134.412073][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.414575][ T5616] Modules linked in:
[  134.416263][ T5616] CPU: 0 UID: 0 PID: 5616 Comm: syz.0.16 Tainted: G    B               6.15.0-rc1-syzkaller-g0af2f6be1b42 #0 PREEMPT(full) 
[  134.416281][ T5616] Tainted: [B]=BAD_PAGE
[  134.416286][ T5616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  134.416293][ T5616] Call Trace:
[  134.416300][ T5616]  <TASK>
[  134.416306][ T5616]  dump_stack_lvl+0x241/0x360
[  134.416325][ T5616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.416341][ T5616]  ? __pfx_print_modules+0x10/0x10
[  134.416361][ T5616]  bad_page+0x176/0x1d0
[  134.416375][ T5616]  __free_frozen_pages+0x1040/0x10a0
[  134.416395][ T5616]  bpf_xdp_frags_shrink_tail+0x3bb/0x780
[  134.416412][ T5616]  bpf_xdp_adjust_tail+0x1c7/0x210
[  134.416429][ T5616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  134.416440][ T5616]  bpf_prog_run_generic_xdp+0x684/0x1510
[  134.416461][ T5616]  do_xdp_generic+0x769/0xd50
[  134.416476][ T5616]  ? __pfx_do_xdp_generic+0x10/0x10
[  134.416495][ T5616]  ? tun_get_user+0x27cf/0x47c0
[  134.416511][ T5616]  tun_get_user+0x2908/0x47c0
[  134.416525][ T5616]  ? aa_file_perm+0x139/0xf60
[  134.416542][ T5616]  ? aa_file_perm+0x139/0xf60
[  134.416558][ T5616]  ? aa_file_perm+0x3f1/0xf60
[  134.416572][ T5616]  ? __pfx_tun_get_user+0x10/0x10
[  134.416586][ T5616]  ? ref_tracker_alloc+0x316/0x4c0
[  134.416599][ T5616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  134.416614][ T5616]  ? tun_get+0x1e/0x2f0
[  134.416630][ T5616]  ? tun_get+0x1e/0x2f0
[  134.416644][ T5616]  ? tun_get+0x27d/0x2f0
[  134.416659][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  134.416676][ T5616]  vfs_write+0x70f/0xd10
[  134.416691][ T5616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  134.416707][ T5616]  ? __pfx_vfs_write+0x10/0x10
[  134.416720][ T5616]  ? __fget_files+0x2a/0x420
[  134.416730][ T5616]  ? __fget_files+0x2a/0x420
[  134.416742][ T5616]  ksys_write+0x19d/0x2d0
[  134.416754][ T5616]  ? __pfx_ksys_write+0x10/0x10
[  134.416767][ T5616]  ? do_syscall_64+0xb6/0x230
[  134.416781][ T5616]  do_syscall_64+0xf3/0x230
[  134.416794][ T5616]  ? clear_bhb_loop+0x45/0xa0
[  134.416807][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.416818][ T5616] RIP: 0033:0x7f1c7158bc1f
[  134.416829][ T5616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  134.416842][ T5616] RSP: 002b:00007f1c72486000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  134.416856][ T5616] RAX: ffffffffffffffda RBX: 00007f1c717a5fa0 RCX: 00007f1c7158bc1f
[  134.416863][ T5616] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  134.416869][ T5616] RBP: 00007f1c7160e2a0 R08: 0000000000000000 R09: 0000000000000000
[  134.416875][ T5616] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  134.416881][ T5616] R13: 0000000000000000 R14: 00007f1c717a5fa0 R15: 00007fff1cbfc2d8
[  134.416892][ T5616]  </TASK>
[  134.416899][ T5616] BUG: Bad page state in process syz.0.16  pfn:594a1
[  134.530883][ T5616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffffffffffffff pfn:0x594a1
[  134.534657][ T5616] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  134.537486][ T5616] raw: 04fff00000000000 dead000000000040 ffff88801e571000 0000000000000000
[  134.540797][ T5616] raw: ffffffffffffffff 0000000000000001 00000000ffffffff 0000000000000000
[  134.544150][ T5616] page dumped because: page_pool leak
[  134.546278][ T5616] page_owner tracks the page as allocated
[  134.548586][ T5616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5616, tgid 5615 (syz.0.16), ts 132764875827, free_ts 132746987775
[  134.555091][ T5616]  post_alloc_hook+0x1f4/0x240
[  134.556993][ T5616]  get_page_from_freelist+0x352b/0x36c0
[  134.559246][ T5616]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  134.561625][ T5616]  alloc_pages_bulk_noprof+0x84a/0xaf0
[  134.563871][ T5616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  134.566230][ T5616]  skb_pp_cow_data+0xd7d/0x1820
[  134.568241][ T5616]  do_xdp_generic+0x52a/0xd50
[  134.570288][ T5616]  tun_get_user+0x2908/0x47c0
[  134.572187][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  134.574195][ T5616]  vfs_write+0x70f/0xd10
[  134.575923][ T5616]  ksys_write+0x19d/0x2d0
[  134.577607][ T5616]  do_syscall_64+0xf3/0x230
[  134.579513][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.581913][ T5616] page last free pid 4734 tgid 4734 stack trace:
[  134.584383][ T5616]  __free_frozen_pages+0xde8/0x10a0
[  134.586472][ T5616]  __slab_free+0x2c6/0x390
[  134.588217][ T5616]  qlist_free_all+0x9a/0x140
[  134.590174][ T5616]  kasan_quarantine_reduce+0x14f/0x170
[  134.592368][ T5616]  __kasan_slab_alloc+0x23/0x80
[  134.594298][ T5616]  kmem_cache_alloc_noprof+0x1e1/0x390
[  134.596447][ T5616]  getname_flags+0xb6/0x530
[  134.598315][ T5616]  do_readlinkat+0xd7/0x380
[  134.600168][ T5616]  __x64_sys_readlink+0x7f/0x90
[  134.602439][ T5616]  do_syscall_64+0xf3/0x230
[  134.604534][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.606715][ T5616] Modules linked in:
[  134.608336][ T5616] CPU: 0 UID: 0 PID: 5616 Comm: syz.0.16 Tainted: G    B               6.15.0-rc1-syzkaller-g0af2f6be1b42 #0 PREEMPT(full) 
[  134.608349][ T5616] Tainted: [B]=BAD_PAGE
[  134.608351][ T5616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  134.608356][ T5616] Call Trace:
[  134.608361][ T5616]  <TASK>
[  134.608365][ T5616]  dump_stack_lvl+0x241/0x360
[  134.608377][ T5616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.608386][ T5616]  ? __pfx_print_modules+0x10/0x10
[  134.608398][ T5616]  bad_page+0x176/0x1d0
[  134.608411][ T5616]  __free_frozen_pages+0x1040/0x10a0
[  134.608427][ T5616]  bpf_xdp_frags_shrink_tail+0x3bb/0x780
[  134.608443][ T5616]  bpf_xdp_adjust_tail+0x1c7/0x210
[  134.608458][ T5616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  134.608467][ T5616]  bpf_prog_run_generic_xdp+0x684/0x1510
[  134.608486][ T5616]  do_xdp_generic+0x769/0xd50
[  134.608498][ T5616]  ? __pfx_do_xdp_generic+0x10/0x10
[  134.608522][ T5616]  ? tun_get_user+0x27cf/0x47c0
[  134.608531][ T5616]  tun_get_user+0x2908/0x47c0
[  134.608543][ T5616]  ? aa_file_perm+0x139/0xf60
[  134.608558][ T5616]  ? aa_file_perm+0x139/0xf60
[  134.608570][ T5616]  ? aa_file_perm+0x3f1/0xf60
[  134.608583][ T5616]  ? __pfx_tun_get_user+0x10/0x10
[  134.608594][ T5616]  ? ref_tracker_alloc+0x316/0x4c0
[  134.608607][ T5616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  134.608619][ T5616]  ? tun_get+0x1e/0x2f0
[  134.608632][ T5616]  ? tun_get+0x1e/0x2f0
[  134.608645][ T5616]  ? tun_get+0x27d/0x2f0
[  134.608658][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  134.608672][ T5616]  vfs_write+0x70f/0xd10
[  134.608684][ T5616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  134.608698][ T5616]  ? __pfx_vfs_write+0x10/0x10
[  134.608709][ T5616]  ? __fget_files+0x2a/0x420
[  134.608719][ T5616]  ? __fget_files+0x2a/0x420
[  134.608728][ T5616]  ksys_write+0x19d/0x2d0
[  134.608739][ T5616]  ? __pfx_ksys_write+0x10/0x10
[  134.608750][ T5616]  ? do_syscall_64+0xb6/0x230
[  134.608763][ T5616]  do_syscall_64+0xf3/0x230
[  134.608774][ T5616]  ? clear_bhb_loop+0x45/0xa0
[  134.608786][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.608795][ T5616] RIP: 0033:0x7f1c7158bc1f
[  134.608806][ T5616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  134.608813][ T5616] RSP: 002b:00007f1c72486000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  134.608825][ T5616] RAX: ffffffffffffffda RBX: 00007f1c717a5fa0 RCX: 00007f1c7158bc1f
[  134.608832][ T5616] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  134.608838][ T5616] RBP: 00007f1c7160e2a0 R08: 0000000000000000 R09: 0000000000000000
[  134.608844][ T5616] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  134.608850][ T5616] R13: 0000000000000000 R14: 00007f1c717a5fa0 R15: 00007fff1cbfc2d8
[  134.608859][ T5616]  </TASK>
[  134.608866][ T5616] BUG: Bad page state in process syz.0.16  pfn:594a0
[  134.723207][ T5616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880594a0000 pfn:0x594a0
[  134.727160][ T5616] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  134.730109][ T5616] raw: 04fff00000000000 dead000000000040 ffff88801e571000 0000000000000000
[  134.733632][ T5616] raw: ffff8880594a0000 0000000000000001 00000000ffffffff 0000000000000000
[  134.737698][ T5616] page dumped because: page_pool leak
[  134.739908][ T5616] page_owner tracks the page as allocated
[  134.742163][ T5616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5616, tgid 5615 (syz.0.16), ts 132764865859, free_ts 132746987775
[  134.748851][ T5616]  post_alloc_hook+0x1f4/0x240
[  134.750903][ T5616]  get_page_from_freelist+0x352b/0x36c0
[  134.753093][ T5616]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  134.755421][ T5616]  alloc_pages_bulk_noprof+0x84a/0xaf0
[  134.757603][ T5616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  134.759994][ T5616]  skb_pp_cow_data+0xd7d/0x1820
[  134.761954][ T5616]  do_xdp_generic+0x52a/0xd50
[  134.763832][ T5616]  tun_get_user+0x2908/0x47c0
[  134.765631][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  134.767670][ T5616]  vfs_write+0x70f/0xd10
[  134.769478][ T5616]  ksys_write+0x19d/0x2d0
[  134.771220][ T5616]  do_syscall_64+0xf3/0x230
[  134.773112][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.775535][ T5616] page last free pid 4734 tgid 4734 stack trace:
[  134.778081][ T5616]  __free_frozen_pages+0xde8/0x10a0
[  134.780211][ T5616]  __slab_free+0x2c6/0x390
[  134.782004][ T5616]  qlist_free_all+0x9a/0x140
[  134.783841][ T5616]  kasan_quarantine_reduce+0x14f/0x170
[  134.786110][ T5616]  __kasan_slab_alloc+0x23/0x80
[  134.788549][ T5616]  kmem_cache_alloc_noprof+0x1e1/0x390
[  134.791061][ T5616]  getname_flags+0xb6/0x530
[  134.792929][ T5616]  do_readlinkat+0xd7/0x380
[  134.794744][ T5616]  __x64_sys_readlink+0x7f/0x90
[  134.796669][ T5616]  do_syscall_64+0xf3/0x230
[  134.798515][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.800885][ T5616] Modules linked in:
[  134.802521][ T5616] CPU: 0 UID: 0 PID: 5616 Comm: syz.0.16 Tainted: G    B               6.15.0-rc1-syzkaller-g0af2f6be1b42 #0 PREEMPT(full) 
[  134.802538][ T5616] Tainted: [B]=BAD_PAGE
[  134.802542][ T5616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  134.802549][ T5616] Call Trace:
[  134.802555][ T5616]  <TASK>
[  134.802561][ T5616]  dump_stack_lvl+0x241/0x360
[  134.802578][ T5616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.802592][ T5616]  ? __pfx_print_modules+0x10/0x10
[  134.802611][ T5616]  bad_page+0x176/0x1d0
[  134.802623][ T5616]  __free_frozen_pages+0x1040/0x10a0
[  134.802642][ T5616]  bpf_xdp_frags_shrink_tail+0x3bb/0x780
[  134.802658][ T5616]  bpf_xdp_adjust_tail+0x1c7/0x210
[  134.802674][ T5616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  134.802684][ T5616]  bpf_prog_run_generic_xdp+0x684/0x1510
[  134.802703][ T5616]  do_xdp_generic+0x769/0xd50
[  134.802716][ T5616]  ? __pfx_do_xdp_generic+0x10/0x10
[  134.802733][ T5616]  ? tun_get_user+0x27cf/0x47c0
[  134.802743][ T5616]  tun_get_user+0x2908/0x47c0
[  134.802757][ T5616]  ? aa_file_perm+0x139/0xf60
[  134.802773][ T5616]  ? aa_file_perm+0x139/0xf60
[  134.802791][ T5616]  ? aa_file_perm+0x3f1/0xf60
[  134.802805][ T5616]  ? __pfx_tun_get_user+0x10/0x10
[  134.802816][ T5616]  ? ref_tracker_alloc+0x316/0x4c0
[  134.802827][ T5616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  134.802840][ T5616]  ? tun_get+0x1e/0x2f0
[  134.802854][ T5616]  ? tun_get+0x1e/0x2f0
[  134.802865][ T5616]  ? tun_get+0x27d/0x2f0
[  134.802879][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  134.802893][ T5616]  vfs_write+0x70f/0xd10
[  134.802906][ T5616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  134.802920][ T5616]  ? __pfx_vfs_write+0x10/0x10
[  134.802930][ T5616]  ? __fget_files+0x2a/0x420
[  134.802939][ T5616]  ? __fget_files+0x2a/0x420
[  134.802949][ T5616]  ksys_write+0x19d/0x2d0
[  134.802960][ T5616]  ? __pfx_ksys_write+0x10/0x10
[  134.802972][ T5616]  ? do_syscall_64+0xb6/0x230
[  134.802985][ T5616]  do_syscall_64+0xf3/0x230
[  134.802997][ T5616]  ? clear_bhb_loop+0x45/0xa0
[  134.803008][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.803018][ T5616] RIP: 0033:0x7f1c7158bc1f
[  134.803028][ T5616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  134.803036][ T5616] RSP: 002b:00007f1c72486000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  134.803048][ T5616] RAX: ffffffffffffffda RBX: 00007f1c717a5fa0 RCX: 00007f1c7158bc1f
[  134.803055][ T5616] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  134.803061][ T5616] RBP: 00007f1c7160e2a0 R08: 0000000000000000 R09: 0000000000000000
[  134.803067][ T5616] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  134.803073][ T5616] R13: 0000000000000000 R14: 00007f1c717a5fa0 R15: 00007fff1cbfc2d8
[  134.803084][ T5616]  </TASK>
[  134.803092][ T5616] BUG: Bad page state in process syz.0.16  pfn:543a7
[  134.917122][ T5616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3276 pfn:0x543a7
[  134.920687][ T5616] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  134.923634][ T5616] raw: 04fff00000000000 dead000000000040 ffff88801e571000 0000000000000000
[  134.927041][ T5616] raw: 0000000000003276 0000000000000001 00000000ffffffff 0000000000000000
[  134.930568][ T5616] page dumped because: page_pool leak
[  134.932773][ T5616] page_owner tracks the page as allocated
[  134.935004][ T5616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5616, tgid 5615 (syz.0.16), ts 132764855515, free_ts 132747038398
[  134.941476][ T5616]  post_alloc_hook+0x1f4/0x240
[  134.943452][ T5616]  get_page_from_freelist+0x352b/0x36c0
[  134.945602][ T5616]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  134.947887][ T5616]  alloc_pages_bulk_noprof+0x84a/0xaf0
[  134.950124][ T5616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  134.952515][ T5616]  skb_pp_cow_data+0xd7d/0x1820
[  134.954463][ T5616]  do_xdp_generic+0x52a/0xd50
[  134.956330][ T5616]  tun_get_user+0x2908/0x47c0
[  134.958215][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  134.960361][ T5616]  vfs_write+0x70f/0xd10
[  134.962181][ T5616]  ksys_write+0x19d/0x2d0
[  134.963940][ T5616]  do_syscall_64+0xf3/0x230
[  134.965776][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.968172][ T5616] page last free pid 4734 tgid 4734 stack trace:
[  134.970900][ T5616]  __free_frozen_pages+0xde8/0x10a0
[  134.973101][ T5616]  __slab_free+0x2c6/0x390
[  134.974928][ T5616]  qlist_free_all+0x9a/0x140
[  134.976719][ T5616]  kasan_quarantine_reduce+0x14f/0x170
[  134.978817][ T5616]  __kasan_slab_alloc+0x23/0x80
[  134.980800][ T5616]  kmem_cache_alloc_noprof+0x1e1/0x390
[  134.983088][ T5616]  getname_flags+0xb6/0x530
[  134.984961][ T5616]  do_readlinkat+0xd7/0x380
[  134.986790][ T5616]  __x64_sys_readlink+0x7f/0x90
[  134.988749][ T5616]  do_syscall_64+0xf3/0x230
[  134.990645][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.993107][ T5616] Modules linked in:
[  134.994680][ T5616] CPU: 0 UID: 0 PID: 5616 Comm: syz.0.16 Tainted: G    B               6.15.0-rc1-syzkaller-g0af2f6be1b42 #0 PREEMPT(full) 
[  134.994692][ T5616] Tainted: [B]=BAD_PAGE
[  134.994694][ T5616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  134.994698][ T5616] Call Trace:
[  134.994704][ T5616]  <TASK>
[  134.994708][ T5616]  dump_stack_lvl+0x241/0x360
[  134.994722][ T5616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.994734][ T5616]  ? __pfx_print_modules+0x10/0x10
[  134.994750][ T5616]  bad_page+0x176/0x1d0
[  134.994763][ T5616]  __free_frozen_pages+0x1040/0x10a0
[  134.994781][ T5616]  bpf_xdp_frags_shrink_tail+0x3bb/0x780
[  134.994796][ T5616]  bpf_xdp_adjust_tail+0x1c7/0x210
[  134.994812][ T5616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  134.994820][ T5616]  bpf_prog_run_generic_xdp+0x684/0x1510
[  134.994832][ T5616]  do_xdp_generic+0x769/0xd50
[  134.994840][ T5616]  ? __pfx_do_xdp_generic+0x10/0x10
[  134.994850][ T5616]  ? tun_get_user+0x27cf/0x47c0
[  134.994857][ T5616]  tun_get_user+0x2908/0x47c0
[  134.994869][ T5616]  ? aa_file_perm+0x139/0xf60
[  134.994879][ T5616]  ? aa_file_perm+0x139/0xf60
[  134.994888][ T5616]  ? aa_file_perm+0x3f1/0xf60
[  134.994900][ T5616]  ? __pfx_tun_get_user+0x10/0x10
[  134.994910][ T5616]  ? ref_tracker_alloc+0x316/0x4c0
[  134.994921][ T5616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  134.994939][ T5616]  ? tun_get+0x1e/0x2f0
[  134.994956][ T5616]  ? tun_get+0x1e/0x2f0
[  134.994967][ T5616]  ? tun_get+0x27d/0x2f0
[  134.994980][ T5616]  tun_chr_write_iter+0x10d/0x1f0
[  134.994994][ T5616]  vfs_write+0x70f/0xd10
[  134.995006][ T5616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  134.995023][ T5616]  ? __pfx_vfs_write+0x10/0x10
[  134.995032][ T5616]  ? __fget_files+0x2a/0x420
[  134.995041][ T5616]  ? __fget_files+0x2a/0x420
[  134.995050][ T5616]  ksys_write+0x19d/0x2d0
[  134.995060][ T5616]  ? __pfx_ksys_write+0x10/0x10
[  134.995072][ T5616]  ? do_syscall_64+0xb6/0x230
[  134.995085][ T5616]  do_syscall_64+0xf3/0x230
[  134.995096][ T5616]  ? clear_bhb_loop+0x45/0xa0
[  134.995107][ T5616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.995117][ T5616] RIP: 0033:0x7f1c7158bc1f
[  134.995125][ T5616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  134.995131][ T5616] RSP: 002b:00007f1c72486000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  134.995139][ T5616] RAX: ffffffffffffffda RBX: 00007f1c717a5fa0 RCX: 00007f1c7158bc1f
[  134.995144][ T5616] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  134.995148][ T5616] RBP: 00007f1c7160e2a0 R08: 0000000000000000 R09: 0000000000000000
[  134.995153][ T5616] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  134.995157][ T5616] R13: 0000000000000000 R14: 00007f1c717a5fa0 R15: 00007fff1cbfc2d8
[  134.995163][ T5616]  </TASK>
[  135.113699][ T4674] Bluetooth: hci0: command tx timeout
[  135.210476][ T5618] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f30b38e2 pfn:0x4ab02
[  135.214339][ T5618] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  135.217250][ T5618] raw: 04fff00000000000 dead000000000040 ffff88801e571000 0000000000000000
[  135.220667][ T5618] raw: 00000007f30b38e2 3fffffffffffffff 00000000ffffffff 0000000000000000
[  135.224022][ T5618] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[  135.227002][ T5618] page_owner tracks the page as allocated
[  135.229262][ T5618] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5616, tgid 5615 (syz.0.16), ts 132765000420, free_ts 132679059483
[  135.235999][ T5618]  post_alloc_hook+0x1f4/0x240
[  135.237927][ T5618]  get_page_from_freelist+0x352b/0x36c0
[  135.240223][ T5618]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  135.242587][ T5618]  alloc_pages_bulk_noprof+0x84a/0xaf0
[  135.244785][ T5618]  __page_pool_alloc_pages_slow+0x11f/0x690
[  135.247168][ T5618]  page_pool_alloc_frag_netmem+0x59f/0x960
[  135.249573][ T5618]  skb_pp_cow_data+0xd9f/0x1820
[  135.251540][ T5618]  do_xdp_generic+0x52a/0xd50
[  135.253449][ T5618]  tun_get_user+0x2908/0x47c0
[  135.255314][ T5618]  tun_chr_write_iter+0x10d/0x1f0
[  135.257330][ T5618]  vfs_write+0x70f/0xd10
[  135.259011][ T5618]  ksys_write+0x19d/0x2d0
[  135.260860][ T5618]  do_syscall_64+0xf3/0x230
[  135.262790][ T5618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.265803][ T5618] page last free pid 5601 tgid 5601 stack trace:
[  135.268420][ T5618]  __free_frozen_pages+0xde8/0x10a0
[  135.270608][ T5618]  __slab_free+0x2c6/0x390
[  135.272418][ T5618]  qlist_free_all+0x9a/0x140
[  135.274273][ T5618]  kasan_quarantine_reduce+0x14f/0x170
[  135.276445][ T5618]  __kasan_slab_alloc+0x23/0x80
[  135.278413][ T5618]  __kmalloc_noprof+0x238/0x4d0
[  135.280394][ T5618]  tomoyo_realpath_from_path+0xcf/0x5e0
[  135.282803][ T5618]  tomoyo_mount_permission+0xab8/0xbd0
[  135.284880][ T5618]  security_sb_mount+0xe0/0x2f0
[  135.286865][ T5618]  path_mount+0xb9/0xfa0
[  135.288608][ T5618]  __se_sys_mount+0x38c/0x400
[  135.290621][ T5618]  do_syscall_64+0xf3/0x230
[  135.292477][ T5618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.294868][ T5618] ------------[ cut here ]------------
[  135.296999][ T5618] kernel BUG at ./include/linux/mm.h:1241!
[  135.299632][ T5618] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[  135.302200][ T5618] CPU: 0 UID: 0 PID: 5618 Comm: syz.0.17 Tainted: G    B               6.15.0-rc1-syzkaller-g0af2f6be1b42 #0 PREEMPT(full) 
[  135.307358][ T5618] Tainted: [B]=BAD_PAGE
[  135.309091][ T5618] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  135.313234][ T5618] RIP: 0010:page_frag_free+0x185/0x220
[  135.315329][ T5618] Code: 4c 89 f0 48 25 c0 0f 00 00 74 21 e8 75 a8 a2 ff e9 12 ff ff ff e8 6b a8 a2 ff 4c 89 f7 48 c7 c6 a0 98 56 8c e8 7c f1 ee ff 90 <0f> 0b 4c 89 f7 be 08 00 00 00 e8 dc d3 0c 00 4c 89 f0 48 c1 e8 03
[  135.323034][ T5618] RSP: 0018:ffffc9000ce4f4a8 EFLAGS: 00010246
[  135.325502][ T5618] RAX: 0bc3bb46cd2a0400 RBX: ffffea00012ac0b4 RCX: ffff88803c998000
[  135.328707][ T5618] RDX: 0000000000000000 RSI: ffffffff8ca1b640 RDI: ffffffff8ca1b600
[  135.331856][ T5618] RBP: 0000000000000000 R08: ffffffff823946a6 R09: fffffbfff1d7a978
[  135.335070][ T5618] R10: dffffc0000000000 R11: fffffbfff1d7a978 R12: 1ffff1100a8745fd
[  135.338209][ T5618] R13: 000000000000bcdd R14: ffffea00012ac080 R15: dffffc0000000000
[  135.341593][ T5618] FS:  00007f1c724866c0(0000) GS:ffff88808c596000(0000) knlGS:0000000000000000
[  135.345153][ T5618] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  135.347768][ T5618] CR2: 0000200000010000 CR3: 0000000055fc0000 CR4: 0000000000352ef0
[  135.351716][ T5618] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  135.355144][ T5618] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  135.358430][ T5618] Call Trace:
[  135.359845][ T5618]  <TASK>
[  135.361083][ T5618]  bpf_xdp_frags_shrink_tail+0x3bb/0x780
[  135.363407][ T5618]  bpf_xdp_adjust_tail+0x1c7/0x210
[  135.365483][ T5618]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  135.367642][ T5618]  bpf_prog_run_generic_xdp+0x684/0x1510
[  135.369957][ T5618]  do_xdp_generic+0x769/0xd50
[  135.371886][ T5618]  ? __pfx_do_xdp_generic+0x10/0x10
[  135.374090][ T5618]  ? __local_bh_disable_ip+0x17a/0x220
[  135.376337][ T5618]  ? tun_get_user+0x27cf/0x47c0
[  135.378738][ T5618]  ? lock_acquire+0x5e/0x2f0
[  135.380635][ T5618]  ? tun_get_user+0x27cf/0x47c0
[  135.382651][ T5618]  tun_get_user+0x2908/0x47c0
[  135.384550][ T5618]  ? aa_file_perm+0x139/0xf60
[  135.386483][ T5618]  ? lock_release+0x4e/0x3e0
[  135.388489][ T5618]  ? aa_file_perm+0x139/0xf60
[  135.390396][ T5618]  ? aa_file_perm+0x3f1/0xf60
[  135.392253][ T5618]  ? __pfx_tun_get_user+0x10/0x10
[  135.394351][ T5618]  ? ref_tracker_alloc+0x316/0x4c0
[  135.396433][ T5618]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  135.398719][ T5618]  ? tun_get+0x1e/0x2f0
[  135.400480][ T5618]  ? check_all_holdout_tasks_trace+0x240/0xdd0
[  135.402993][ T5618]  ? tun_get+0x1e/0x2f0
[  135.404725][ T5618]  ? lock_release+0x4e/0x3e0
[  135.406609][ T5618]  ? tun_get+0x1e/0x2f0
[  135.408294][ T5618]  ? tun_get+0x27d/0x2f0
[  135.410039][ T5618]  tun_chr_write_iter+0x10d/0x1f0
[  135.412135][ T5618]  vfs_write+0x70f/0xd10
[  135.413921][ T5618]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  135.416157][ T5618]  ? __pfx_vfs_write+0x10/0x10
[  135.418145][ T5618]  ? __fget_files+0x2a/0x420
[  135.420047][ T5618]  ? __fget_files+0x2a/0x420
[  135.422159][ T5618]  ksys_write+0x19d/0x2d0
[  135.423959][ T5618]  ? __pfx_ksys_write+0x10/0x10
[  135.425905][ T5618]  ? rcu_is_watching+0x15/0xb0
[  135.427856][ T5618]  ? rcu_is_watching+0x15/0xb0
[  135.429807][ T5618]  do_syscall_64+0xf3/0x230
[  135.431662][ T5618]  ? clear_bhb_loop+0x45/0xa0
[  135.433746][ T5618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.436262][ T5618] RIP: 0033:0x7f1c7158bc1f
[  135.438131][ T5618] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  135.445976][ T5618] RSP: 002b:00007f1c72486000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  135.449407][ T5618] RAX: ffffffffffffffda RBX: 00007f1c717a5fa0 RCX: 00007f1c7158bc1f
[  135.452573][ T5618] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  135.455852][ T5618] RBP: 00007f1c7160e2a0 R08: 0000000000000000 R09: 0000000000000000
[  135.459030][ T5618] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  135.462170][ T5618] R13: 0000000000000000 R14: 00007f1c717a5fa0 R15: 00007fff1cbfc2d8
[  135.465298][ T5618]  </TASK>
[  135.466598][ T5618] Modules linked in:
[  135.468294][ T5618] ---[ end trace 0000000000000000 ]---
[  135.470549][ T5618] RIP: 0010:page_frag_free+0x185/0x220
[  135.472802][ T5618] Code: 4c 89 f0 48 25 c0 0f 00 00 74 21 e8 75 a8 a2 ff e9 12 ff ff ff e8 6b a8 a2 ff 4c 89 f7 48 c7 c6 a0 98 56 8c e8 7c f1 ee ff 90 <0f> 0b 4c 89 f7 be 08 00 00 00 e8 dc d3 0c 00 4c 89 f0 48 c1 e8 03
[  135.481308][ T5618] RSP: 0018:ffffc9000ce4f4a8 EFLAGS: 00010246
[  135.483861][ T5618] RAX: 0bc3bb46cd2a0400 RBX: ffffea00012ac0b4 RCX: ffff88803c998000
[  135.487101][ T5618] RDX: 0000000000000000 RSI: ffffffff8ca1b640 RDI: ffffffff8ca1b600
[  135.490656][ T5618] RBP: 0000000000000000 R08: ffffffff823946a6 R09: fffffbfff1d7a978
[  135.493770][ T5618] R10: dffffc0000000000 R11: fffffbfff1d7a978 R12: 1ffff1100a8745fd
[  135.496867][ T5618] R13: 000000000000bcdd R14: ffffea00012ac080 R15: dffffc0000000000
[  135.500142][ T5618] FS:  00007f1c724866c0(0000) GS:ffff88808c596000(0000) knlGS:0000000000000000
[  135.503664][ T5618] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  135.506307][ T5618] CR2: 0000200000010000 CR3: 0000000055fc0000 CR4: 0000000000352ef0
[  135.509562][ T5618] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  135.512543][ T5618] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  135.515700][ T5618] Kernel panic - not syncing: Fatal exception in interrupt
[  135.518908][ T5618] Kernel Offset: disabled
[  135.520675][ T5618] Rebooting in 86400 seconds..