Warning: Permanently added '10.128.1.174' (ED25519) to the list of known hosts.
2025/05/22 22:18:53 ignoring optional flag "sandboxArg"="0"
2025/05/22 22:18:53 parsed 1 programs
[  120.717320][ T6300] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  123.351389][ T5865] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  123.360187][ T5865] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  123.378143][ T5865] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  123.387002][ T5865] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  123.396236][ T5865] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  125.011316][ T6346] chnl_net:caif_netlink_parms(): no params data found
[  125.082155][ T6346] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.089582][ T6346] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.096919][ T6346] bridge_slave_0: entered allmulticast mode
[  125.104794][ T6346] bridge_slave_0: entered promiscuous mode
[  125.112950][ T6346] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.120329][ T6346] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.128530][ T6346] bridge_slave_1: entered allmulticast mode
[  125.135843][ T6346] bridge_slave_1: entered promiscuous mode
[  125.173318][ T6346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  125.185881][ T6346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  125.232067][ T6346] team0: Port device team_slave_0 added
[  125.240197][ T6346] team0: Port device team_slave_1 added
[  125.265118][ T6346] batman_adv: batadv0: Adding interface: batadv_slave_0
[  125.272457][ T6346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.299002][ T6346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  125.311370][ T6346] batman_adv: batadv0: Adding interface: batadv_slave_1
[  125.318916][ T6346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.346485][ T6346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  125.387117][ T6346] hsr_slave_0: entered promiscuous mode
[  125.393758][ T6346] hsr_slave_1: entered promiscuous mode
[  126.023830][ T6346] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  126.035246][ T6346] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  126.047121][ T6346] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  126.059718][ T6346] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  126.156901][ T6346] 8021q: adding VLAN 0 to HW filter on device bond0
[  126.188937][ T6346] 8021q: adding VLAN 0 to HW filter on device team0
[  126.202652][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.209962][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  126.236160][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.243476][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  126.501700][ T6346] 8021q: adding VLAN 0 to HW filter on device batadv0
[  126.556079][ T6346] veth0_vlan: entered promiscuous mode
[  126.571410][ T6346] veth1_vlan: entered promiscuous mode
[  126.609269][ T6346] veth0_macvtap: entered promiscuous mode
[  126.622297][ T6346] veth1_macvtap: entered promiscuous mode
[  126.648456][ T6346] batman_adv: batadv0: Interface activated: batadv_slave_0
[  126.668595][ T6346] batman_adv: batadv0: Interface activated: batadv_slave_1
[  126.683176][ T6346] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.694441][ T6346] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  126.703918][ T6346] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  126.713991][ T6346] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  126.887113][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.975772][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.071552][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.214799][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.881621][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.901654][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.951716][   T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.966719][   T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/05/22 22:19:06 executed programs: 0
[  129.313394][ T5865] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  129.321907][ T5865] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  129.332953][ T5865] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  129.342314][ T5865] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  129.350231][ T5865] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  129.481413][   T12] bridge_slave_1: left allmulticast mode
[  129.487213][   T12] bridge_slave_1: left promiscuous mode
[  129.496668][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.512538][   T12] bridge_slave_0: left allmulticast mode
[  129.519779][   T12] bridge_slave_0: left promiscuous mode
[  129.525948][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.829695][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  129.841507][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  129.853022][   T12] bond0 (unregistering): Released all slaves
[  130.022453][   T12] hsr_slave_0: left promiscuous mode
[  130.029989][   T12] hsr_slave_1: left promiscuous mode
[  130.036037][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  130.043908][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  130.053223][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  130.060838][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  130.075399][   T12] veth1_macvtap: left promiscuous mode
[  130.081134][   T12] veth0_macvtap: left promiscuous mode
[  130.086863][   T12] veth1_vlan: left promiscuous mode
[  130.092379][   T12] veth0_vlan: left promiscuous mode
[  130.381765][   T12] team0 (unregistering): Port device team_slave_1 removed
[  130.411224][   T12] team0 (unregistering): Port device team_slave_0 removed
[  130.728673][ T6479] chnl_net:caif_netlink_parms(): no params data found
[  130.885567][ T6479] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.893609][ T6479] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.905499][ T6479] bridge_slave_0: entered allmulticast mode
[  130.913639][ T6479] bridge_slave_0: entered promiscuous mode
[  130.927018][ T6479] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.935864][ T6479] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.944335][ T6479] bridge_slave_1: entered allmulticast mode
[  130.952607][ T6479] bridge_slave_1: entered promiscuous mode
[  131.020659][ T6479] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  131.349011][ T6479] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  131.448384][ T5865] Bluetooth: hci0: command tx timeout
[  131.453507][ T6479] team0: Port device team_slave_0 added
[  131.502371][ T6479] team0: Port device team_slave_1 added
[  131.606289][ T6479] batman_adv: batadv0: Adding interface: batadv_slave_0
[  131.613514][ T6479] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  131.642372][ T6479] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  131.667797][ T6479] batman_adv: batadv0: Adding interface: batadv_slave_1
[  131.674960][ T6479] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  131.702308][ T6479] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  131.809366][ T6479] hsr_slave_0: entered promiscuous mode
[  131.816164][ T6479] hsr_slave_1: entered promiscuous mode
[  132.494963][ T6479] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  132.507332][ T6479] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  132.519585][ T6479] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  132.532731][ T6479] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  132.630792][ T6479] 8021q: adding VLAN 0 to HW filter on device bond0
[  132.654484][ T6479] 8021q: adding VLAN 0 to HW filter on device team0
[  132.670286][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.677766][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.704925][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.712439][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.971841][ T6479] 8021q: adding VLAN 0 to HW filter on device batadv0
[  133.025660][ T6479] veth0_vlan: entered promiscuous mode
[  133.044291][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  133.051310][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  133.066698][ T6479] veth1_vlan: entered promiscuous mode
[  133.095517][ T6479] veth0_macvtap: entered promiscuous mode
[  133.110417][ T6479] veth1_macvtap: entered promiscuous mode
[  133.139538][ T6479] batman_adv: batadv0: Interface activated: batadv_slave_0
[  133.156755][ T6479] batman_adv: batadv0: Interface activated: batadv_slave_1
[  133.172665][ T6479] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  133.184488][ T6479] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  133.195050][ T6479] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  133.205563][ T6479] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  133.281256][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.295013][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  133.334923][ T1106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.344183][ T1106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  133.447791][ T6584] BUG: Bad page state in process syz.0.15  pfn:32b76
[  133.454883][ T6584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888032b76500 pfn:0x32b76
[  133.465408][ T6584] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  133.473497][ T6584] raw: 00fff00000000000 dead000000000040 ffff888021ec2000 0000000000000000
[  133.482914][ T6584] raw: ffff888032b76500 0000000000000001 00000000ffffffff 0000000000000000
[  133.493133][ T6584] page dumped because: page_pool leak
[  133.498763][ T6584] page_owner tracks the page as allocated
[  133.504717][ T6584] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6584, tgid 6583 (syz.0.15), ts 133447648233, free_ts 127980485187
[  133.522515][ T6584]  post_alloc_hook+0x1d8/0x230
[  133.527554][ T6584]  get_page_from_freelist+0x21c7/0x22a0
[  133.530529][ T5865] Bluetooth: hci0: command tx timeout
[  133.533231][ T6584]  __alloc_frozen_pages_noprof+0x181/0x370
[  133.544712][ T6584]  alloc_pages_bulk_noprof+0x560/0x710
[  133.550404][ T6584]  __page_pool_alloc_pages_slow+0x127/0x6c0
[  133.556433][ T6584]  skb_pp_cow_data+0xaf4/0x12f0
[  133.561471][ T6584]  do_xdp_generic+0x51a/0xd20
[  133.566271][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  133.572371][ T6584]  __netif_receive_skb+0x72/0x380
[  133.577557][ T6584]  netif_receive_skb+0x1cb/0x790
[  133.582700][ T6584]  tun_rx_batched+0x1b9/0x730
[  133.587726][ T6584]  tun_get_user+0x2879/0x3c20
[  133.592782][ T6584]  tun_chr_write_iter+0x113/0x200
[  133.598378][ T6584]  vfs_write+0x54b/0xa90
[  133.602740][ T6584]  ksys_write+0x145/0x250
[  133.607212][ T6584]  do_syscall_64+0xf6/0x210
[  133.611812][ T6584] page last free pid 6417 tgid 6417 stack trace:
[  133.618395][ T6584]  __free_frozen_pages+0xb05/0xcd0
[  133.623726][ T6584]  vfree+0x1a6/0x330
[  133.627867][ T6584]  kcov_close+0x28/0x50
[  133.632139][ T6584]  __fput+0x449/0xa70
[  133.636537][ T6584]  task_work_run+0x1d4/0x260
[  133.641357][ T6584]  do_exit+0x8d6/0x2550
[  133.645771][ T6584]  do_group_exit+0x21c/0x2d0
[  133.650901][ T6584]  get_signal+0x125e/0x1310
[  133.655989][ T6584]  arch_do_signal_or_restart+0x95/0x780
[  133.662426][ T6584]  syscall_exit_to_user_mode+0x8b/0x120
[  133.668218][ T6584]  do_syscall_64+0x103/0x210
[  133.673113][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.679425][ T6584] Modules linked in:
[  133.683739][ T6584] CPU: 0 UID: 0 PID: 6584 Comm: syz.0.15 Not tainted 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full) 
[  133.683761][ T6584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  133.683777][ T6584] Call Trace:
[  133.683785][ T6584]  <TASK>
[  133.683795][ T6584]  dump_stack_lvl+0x189/0x250
[  133.683824][ T6584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.683845][ T6584]  ? __pfx_print_modules+0x10/0x10
[  133.683869][ T6584]  bad_page+0x15e/0x1a0
[  133.683890][ T6584]  __free_frozen_pages+0xc77/0xcd0
[  133.683912][ T6584]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  133.683946][ T6584]  bpf_xdp_adjust_tail+0x1d6/0x220
[  133.683971][ T6584]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  133.683993][ T6584]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  133.684041][ T6584]  do_xdp_generic+0x76e/0xd20
[  133.684067][ T6584]  ? __pfx_do_xdp_generic+0x10/0x10
[  133.684086][ T6584]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  133.684135][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  133.684161][ T6584]  ? __pfx___up_read+0x10/0x10
[  133.684177][ T6584]  ? do_user_addr_fault+0xbc1/0x1390
[  133.684205][ T6584]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  133.684278][ T6584]  ? __lock_acquire+0xaac/0xd20
[  133.684302][ T6584]  ? netif_receive_skb+0x115/0x790
[  133.684318][ T6584]  ? netif_receive_skb+0x115/0x790
[  133.684336][ T6584]  __netif_receive_skb+0x72/0x380
[  133.684353][ T6584]  ? rep_movs_alternative+0x4a/0x90
[  133.684371][ T6584]  ? netif_receive_skb+0x115/0x790
[  133.684384][ T6584]  netif_receive_skb+0x1cb/0x790
[  133.684398][ T6584]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  133.684417][ T6584]  ? _copy_from_iter+0x24c/0x15a0
[  133.684436][ T6584]  ? __pfx_netif_receive_skb+0x10/0x10
[  133.684453][ T6584]  ? sock_alloc_send_pskb+0x875/0x990
[  133.684475][ T6584]  ? __pfx__copy_from_iter+0x10/0x10
[  133.684494][ T6584]  ? tun_rx_batched+0x160/0x730
[  133.684518][ T6584]  tun_rx_batched+0x1b9/0x730
[  133.684546][ T6584]  ? __pfx_tun_rx_batched+0x10/0x10
[  133.684571][ T6584]  ? tun_get_user+0x2444/0x3c20
[  133.684601][ T6584]  ? tun_get_user+0x2444/0x3c20
[  133.684622][ T6584]  ? tun_get_user+0x2444/0x3c20
[  133.684643][ T6584]  tun_get_user+0x2879/0x3c20
[  133.684683][ T6584]  ? preempt_schedule+0xae/0xc0
[  133.684701][ T6584]  ? __pfx_tun_get_user+0x10/0x10
[  133.684720][ T6584]  ? preempt_schedule_common+0x83/0xd0
[  133.684737][ T6584]  ? preempt_schedule+0xae/0xc0
[  133.684754][ T6584]  ? __pfx_preempt_schedule+0x10/0x10
[  133.684770][ T6584]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  133.684785][ T6584]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  133.684805][ T6584]  ? ref_tracker_alloc+0x318/0x460
[  133.684822][ T6584]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  133.684841][ T6584]  ? tun_get+0x1c/0x2f0
[  133.684865][ T6584]  ? tun_get+0x1c/0x2f0
[  133.684885][ T6584]  ? tun_get+0x1c/0x2f0
[  133.684907][ T6584]  tun_chr_write_iter+0x113/0x200
[  133.684929][ T6584]  vfs_write+0x54b/0xa90
[  133.684955][ T6584]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  133.684975][ T6584]  ? __pfx_vfs_write+0x10/0x10
[  133.685003][ T6584]  ? __fget_files+0x2a/0x420
[  133.685026][ T6584]  ksys_write+0x145/0x250
[  133.685044][ T6584]  ? rcu_is_watching+0x15/0xb0
[  133.685067][ T6584]  ? __pfx_ksys_write+0x10/0x10
[  133.685092][ T6584]  ? do_syscall_64+0xba/0x210
[  133.685113][ T6584]  do_syscall_64+0xf6/0x210
[  133.685133][ T6584]  ? clear_bhb_loop+0x60/0xb0
[  133.685153][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.685168][ T6584] RIP: 0033:0x7fb6a6d7e98f
[  133.685183][ T6584] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  133.685196][ T6584] RSP: 002b:00007fb6a7b72020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  133.685214][ T6584] RAX: ffffffffffffffda RBX: 00007fb6a6f45fa0 RCX: 00007fb6a6d7e98f
[  133.685224][ T6584] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  133.685241][ T6584] RBP: 00007fb6a6df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  133.685251][ T6584] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  133.685260][ T6584] R13: 0000000000000000 R14: 00007fb6a6f45fa0 R15: 00007fff4f99ea78
[  133.685287][ T6584]  </TASK>
[  133.685293][ T6584] Disabling lock debugging due to kernel taint
[  134.109635][ T6584] BUG: Bad page state in process syz.0.15  pfn:7a5c5
[  134.116678][ T6584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807a5c5640 pfn:0x7a5c5
[  134.127240][ T6584] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  134.134500][ T6584] raw: 00fff00000000000 dead000000000040 ffff888021ec2000 0000000000000000
[  134.143324][ T6584] raw: ffff88807a5c5640 0000000000000001 00000000ffffffff 0000000000000000
[  134.152219][ T6584] page dumped because: page_pool leak
[  134.157642][ T6584] page_owner tracks the page as allocated
[  134.163469][ T6584] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6584, tgid 6583 (syz.0.15), ts 133447630646, free_ts 127980499738
[  134.180730][ T6584]  post_alloc_hook+0x1d8/0x230
[  134.185598][ T6584]  get_page_from_freelist+0x21c7/0x22a0
[  134.191559][ T6584]  __alloc_frozen_pages_noprof+0x181/0x370
[  134.197429][ T6584]  alloc_pages_bulk_noprof+0x560/0x710
[  134.202910][ T6584]  __page_pool_alloc_pages_slow+0x127/0x6c0
[  134.208897][ T6584]  skb_pp_cow_data+0xaf4/0x12f0
[  134.213773][ T6584]  do_xdp_generic+0x51a/0xd20
[  134.218702][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  134.224805][ T6584]  __netif_receive_skb+0x72/0x380
[  134.230154][ T6584]  netif_receive_skb+0x1cb/0x790
[  134.235111][ T6584]  tun_rx_batched+0x1b9/0x730
[  134.240047][ T6584]  tun_get_user+0x2879/0x3c20
[  134.244850][ T6584]  tun_chr_write_iter+0x113/0x200
[  134.250223][ T6584]  vfs_write+0x54b/0xa90
[  134.254844][ T6584]  ksys_write+0x145/0x250
[  134.259678][ T6584]  do_syscall_64+0xf6/0x210
[  134.264481][ T6584] page last free pid 6417 tgid 6417 stack trace:
[  134.271056][ T6584]  __free_frozen_pages+0xb05/0xcd0
[  134.276471][ T6584]  vfree+0x1a6/0x330
[  134.280543][ T6584]  kcov_close+0x28/0x50
[  134.284713][ T6584]  __fput+0x449/0xa70
[  134.288784][ T6584]  task_work_run+0x1d4/0x260
[  134.293398][ T6584]  do_exit+0x8d6/0x2550
[  134.297707][ T6584]  do_group_exit+0x21c/0x2d0
[  134.302413][ T6584]  get_signal+0x125e/0x1310
[  134.306945][ T6584]  arch_do_signal_or_restart+0x95/0x780
[  134.312775][ T6584]  syscall_exit_to_user_mode+0x8b/0x120
[  134.318490][ T6584]  do_syscall_64+0x103/0x210
[  134.323300][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.329524][ T6584] Modules linked in:
[  134.333619][ T6584] CPU: 0 UID: 0 PID: 6584 Comm: syz.0.15 Tainted: G    B               6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full) 
[  134.333645][ T6584] Tainted: [B]=BAD_PAGE
[  134.333651][ T6584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  134.333660][ T6584] Call Trace:
[  134.333667][ T6584]  <TASK>
[  134.333674][ T6584]  dump_stack_lvl+0x189/0x250
[  134.333701][ T6584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.333721][ T6584]  ? __pfx_print_modules+0x10/0x10
[  134.333741][ T6584]  bad_page+0x15e/0x1a0
[  134.333762][ T6584]  __free_frozen_pages+0xc77/0xcd0
[  134.333782][ T6584]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  134.333812][ T6584]  bpf_xdp_adjust_tail+0x1d6/0x220
[  134.333832][ T6584]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  134.333846][ T6584]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  134.333880][ T6584]  do_xdp_generic+0x76e/0xd20
[  134.333906][ T6584]  ? __pfx_do_xdp_generic+0x10/0x10
[  134.333924][ T6584]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  134.333956][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  134.333978][ T6584]  ? __pfx___up_read+0x10/0x10
[  134.333994][ T6584]  ? do_user_addr_fault+0xbc1/0x1390
[  134.334019][ T6584]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  134.334040][ T6584]  ? __lock_acquire+0xaac/0xd20
[  134.334061][ T6584]  ? netif_receive_skb+0x115/0x790
[  134.334076][ T6584]  ? netif_receive_skb+0x115/0x790
[  134.334091][ T6584]  __netif_receive_skb+0x72/0x380
[  134.334107][ T6584]  ? rep_movs_alternative+0x4a/0x90
[  134.334123][ T6584]  ? netif_receive_skb+0x115/0x790
[  134.334137][ T6584]  netif_receive_skb+0x1cb/0x790
[  134.334152][ T6584]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  134.334180][ T6584]  ? _copy_from_iter+0x24c/0x15a0
[  134.334205][ T6584]  ? __pfx_netif_receive_skb+0x10/0x10
[  134.334220][ T6584]  ? sock_alloc_send_pskb+0x875/0x990
[  134.334241][ T6584]  ? __pfx__copy_from_iter+0x10/0x10
[  134.334259][ T6584]  ? tun_rx_batched+0x160/0x730
[  134.334281][ T6584]  tun_rx_batched+0x1b9/0x730
[  134.334305][ T6584]  ? __pfx_tun_rx_batched+0x10/0x10
[  134.334327][ T6584]  ? tun_get_user+0x2444/0x3c20
[  134.334350][ T6584]  ? tun_get_user+0x2444/0x3c20
[  134.334370][ T6584]  ? tun_get_user+0x2444/0x3c20
[  134.334399][ T6584]  tun_get_user+0x2879/0x3c20
[  134.334426][ T6584]  ? preempt_schedule+0xae/0xc0
[  134.334443][ T6584]  ? __pfx_tun_get_user+0x10/0x10
[  134.334463][ T6584]  ? preempt_schedule_common+0x83/0xd0
[  134.334480][ T6584]  ? preempt_schedule+0xae/0xc0
[  134.334496][ T6584]  ? __pfx_preempt_schedule+0x10/0x10
[  134.334513][ T6584]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  134.334530][ T6584]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  134.334549][ T6584]  ? ref_tracker_alloc+0x318/0x460
[  134.334567][ T6584]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  134.334585][ T6584]  ? tun_get+0x1c/0x2f0
[  134.334607][ T6584]  ? tun_get+0x1c/0x2f0
[  134.334626][ T6584]  ? tun_get+0x1c/0x2f0
[  134.334648][ T6584]  tun_chr_write_iter+0x113/0x200
[  134.334670][ T6584]  vfs_write+0x54b/0xa90
[  134.334693][ T6584]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  134.334714][ T6584]  ? __pfx_vfs_write+0x10/0x10
[  134.334737][ T6584]  ? __fget_files+0x2a/0x420
[  134.334754][ T6584]  ksys_write+0x145/0x250
[  134.334773][ T6584]  ? rcu_is_watching+0x15/0xb0
[  134.334795][ T6584]  ? __pfx_ksys_write+0x10/0x10
[  134.334816][ T6584]  ? do_syscall_64+0xba/0x210
[  134.334836][ T6584]  do_syscall_64+0xf6/0x210
[  134.334854][ T6584]  ? clear_bhb_loop+0x60/0xb0
[  134.334872][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.334888][ T6584] RIP: 0033:0x7fb6a6d7e98f
[  134.334902][ T6584] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  134.334916][ T6584] RSP: 002b:00007fb6a7b72020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  134.334932][ T6584] RAX: ffffffffffffffda RBX: 00007fb6a6f45fa0 RCX: 00007fb6a6d7e98f
[  134.334943][ T6584] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  134.334954][ T6584] RBP: 00007fb6a6df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  134.334964][ T6584] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  134.334974][ T6584] R13: 0000000000000000 R14: 00007fb6a6f45fa0 R15: 00007fff4f99ea78
[  134.334991][ T6584]  </TASK>
[  134.335001][ T6584] BUG: Bad page state in process syz.0.15  pfn:2466f
[  134.761910][ T6584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffffff00000000 pfn:0x2466f
[  134.772301][ T6584] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  134.779537][ T6584] raw: 00fff00000000000 dead000000000040 ffff888021ec2000 0000000000000000
[  134.788431][ T6584] raw: ffffffff00000000 0000000000000001 00000000ffffffff 0000000000000000
[  134.797195][ T6584] page dumped because: page_pool leak
[  134.802694][ T6584] page_owner tracks the page as allocated
[  134.808704][ T6584] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6584, tgid 6583 (syz.0.15), ts 133447613180, free_ts 127980514752
[  134.825967][ T6584]  post_alloc_hook+0x1d8/0x230
[  134.830868][ T6584]  get_page_from_freelist+0x21c7/0x22a0
[  134.836408][ T6584]  __alloc_frozen_pages_noprof+0x181/0x370
[  134.842487][ T6584]  alloc_pages_bulk_noprof+0x560/0x710
[  134.848079][ T6584]  __page_pool_alloc_pages_slow+0x127/0x6c0
[  134.854134][ T6584]  skb_pp_cow_data+0xaf4/0x12f0
[  134.859417][ T6584]  do_xdp_generic+0x51a/0xd20
[  134.864333][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  134.870107][ T6584]  __netif_receive_skb+0x72/0x380
[  134.875141][ T6584]  netif_receive_skb+0x1cb/0x790
[  134.880409][ T6584]  tun_rx_batched+0x1b9/0x730
[  134.885103][ T6584]  tun_get_user+0x2879/0x3c20
[  134.889824][ T6584]  tun_chr_write_iter+0x113/0x200
[  134.895071][ T6584]  vfs_write+0x54b/0xa90
[  134.899494][ T6584]  ksys_write+0x145/0x250
[  134.903868][ T6584]  do_syscall_64+0xf6/0x210
[  134.909111][ T6584] page last free pid 6417 tgid 6417 stack trace:
[  134.915612][ T6584]  __free_frozen_pages+0xb05/0xcd0
[  134.920789][ T6584]  vfree+0x1a6/0x330
[  134.924978][ T6584]  kcov_close+0x28/0x50
[  134.929344][ T6584]  __fput+0x449/0xa70
[  134.933343][ T6584]  task_work_run+0x1d4/0x260
[  134.937957][ T6584]  do_exit+0x8d6/0x2550
[  134.942300][ T6584]  do_group_exit+0x21c/0x2d0
[  134.946897][ T6584]  get_signal+0x125e/0x1310
[  134.951578][ T6584]  arch_do_signal_or_restart+0x95/0x780
[  134.957322][ T6584]  syscall_exit_to_user_mode+0x8b/0x120
[  134.963093][ T6584]  do_syscall_64+0x103/0x210
[  134.967748][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.973760][ T6584] Modules linked in:
[  134.977896][ T6584] CPU: 0 UID: 0 PID: 6584 Comm: syz.0.15 Tainted: G    B               6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full) 
[  134.977923][ T6584] Tainted: [B]=BAD_PAGE
[  134.977929][ T6584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  134.977939][ T6584] Call Trace:
[  134.977945][ T6584]  <TASK>
[  134.977952][ T6584]  dump_stack_lvl+0x189/0x250
[  134.977978][ T6584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.977997][ T6584]  ? __pfx_print_modules+0x10/0x10
[  134.978016][ T6584]  bad_page+0x15e/0x1a0
[  134.978036][ T6584]  __free_frozen_pages+0xc77/0xcd0
[  134.978055][ T6584]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  134.978081][ T6584]  bpf_xdp_adjust_tail+0x1d6/0x220
[  134.978107][ T6584]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  134.978122][ T6584]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  134.978153][ T6584]  do_xdp_generic+0x76e/0xd20
[  134.978179][ T6584]  ? __pfx_do_xdp_generic+0x10/0x10
[  134.978200][ T6584]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  134.978230][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  134.978246][ T6584]  ? __pfx___up_read+0x10/0x10
[  134.978260][ T6584]  ? do_user_addr_fault+0xbc1/0x1390
[  134.978282][ T6584]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  134.978300][ T6584]  ? __lock_acquire+0xaac/0xd20
[  134.978320][ T6584]  ? netif_receive_skb+0x115/0x790
[  134.978333][ T6584]  ? netif_receive_skb+0x115/0x790
[  134.978344][ T6584]  __netif_receive_skb+0x72/0x380
[  134.978358][ T6584]  ? rep_movs_alternative+0x4a/0x90
[  134.978370][ T6584]  ? netif_receive_skb+0x115/0x790
[  134.978382][ T6584]  netif_receive_skb+0x1cb/0x790
[  134.978395][ T6584]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  134.978415][ T6584]  ? _copy_from_iter+0x24c/0x15a0
[  134.978432][ T6584]  ? __pfx_netif_receive_skb+0x10/0x10
[  134.978447][ T6584]  ? sock_alloc_send_pskb+0x875/0x990
[  134.978468][ T6584]  ? __pfx__copy_from_iter+0x10/0x10
[  134.978491][ T6584]  ? tun_rx_batched+0x160/0x730
[  134.978513][ T6584]  tun_rx_batched+0x1b9/0x730
[  134.978535][ T6584]  ? __pfx_tun_rx_batched+0x10/0x10
[  134.978556][ T6584]  ? tun_get_user+0x2444/0x3c20
[  134.978579][ T6584]  ? tun_get_user+0x2444/0x3c20
[  134.978598][ T6584]  ? tun_get_user+0x2444/0x3c20
[  134.978617][ T6584]  tun_get_user+0x2879/0x3c20
[  134.978644][ T6584]  ? preempt_schedule+0xae/0xc0
[  134.978660][ T6584]  ? __pfx_tun_get_user+0x10/0x10
[  134.978679][ T6584]  ? preempt_schedule_common+0x83/0xd0
[  134.978696][ T6584]  ? preempt_schedule+0xae/0xc0
[  134.978711][ T6584]  ? __pfx_preempt_schedule+0x10/0x10
[  134.978726][ T6584]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  134.978743][ T6584]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  134.978761][ T6584]  ? ref_tracker_alloc+0x318/0x460
[  134.978778][ T6584]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  134.978796][ T6584]  ? tun_get+0x1c/0x2f0
[  134.978817][ T6584]  ? tun_get+0x1c/0x2f0
[  134.978836][ T6584]  ? tun_get+0x1c/0x2f0
[  134.978853][ T6584]  tun_chr_write_iter+0x113/0x200
[  134.978872][ T6584]  vfs_write+0x54b/0xa90
[  134.978893][ T6584]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  134.978913][ T6584]  ? __pfx_vfs_write+0x10/0x10
[  134.978935][ T6584]  ? __fget_files+0x2a/0x420
[  134.978952][ T6584]  ksys_write+0x145/0x250
[  134.978971][ T6584]  ? rcu_is_watching+0x15/0xb0
[  134.978992][ T6584]  ? __pfx_ksys_write+0x10/0x10
[  134.979012][ T6584]  ? do_syscall_64+0xba/0x210
[  134.979032][ T6584]  do_syscall_64+0xf6/0x210
[  134.979049][ T6584]  ? clear_bhb_loop+0x60/0xb0
[  134.979066][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.979081][ T6584] RIP: 0033:0x7fb6a6d7e98f
[  134.979105][ T6584] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  134.979118][ T6584] RSP: 002b:00007fb6a7b72020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  134.979133][ T6584] RAX: ffffffffffffffda RBX: 00007fb6a6f45fa0 RCX: 00007fb6a6d7e98f
[  134.979143][ T6584] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  134.979152][ T6584] RBP: 00007fb6a6df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  134.979161][ T6584] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  134.979171][ T6584] R13: 0000000000000000 R14: 00007fb6a6f45fa0 R15: 00007fff4f99ea78
[  134.979187][ T6584]  </TASK>
[  134.979198][ T6584] BUG: Bad page state in process syz.0.15  pfn:34d5e
[  135.409840][ T6584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x34d5e
[  135.420374][ T6584] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  135.427536][ T6584] raw: 00fff00000000000 dead000000000040 ffff888021ec2000 0000000000000000
[  135.436211][ T6584] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  135.445107][ T6584] page dumped because: page_pool leak
[  135.450502][ T6584] page_owner tracks the page as allocated
[  135.456288][ T6584] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6584, tgid 6583 (syz.0.15), ts 133447595377, free_ts 127980529982
[  135.473343][ T6584]  post_alloc_hook+0x1d8/0x230
[  135.478159][ T6584]  get_page_from_freelist+0x21c7/0x22a0
[  135.483780][ T6584]  __alloc_frozen_pages_noprof+0x181/0x370
[  135.489821][ T6584]  alloc_pages_bulk_noprof+0x560/0x710
[  135.495563][ T6584]  __page_pool_alloc_pages_slow+0x127/0x6c0
[  135.501765][ T6584]  skb_pp_cow_data+0xaf4/0x12f0
[  135.506939][ T6584]  do_xdp_generic+0x51a/0xd20
[  135.511799][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  135.517634][ T6584]  __netif_receive_skb+0x72/0x380
[  135.522652][ T6584]  netif_receive_skb+0x1cb/0x790
[  135.527603][ T6584]  tun_rx_batched+0x1b9/0x730
[  135.532295][ T6584]  tun_get_user+0x2879/0x3c20
[  135.537148][ T6584]  tun_chr_write_iter+0x113/0x200
[  135.542252][ T6584]  vfs_write+0x54b/0xa90
[  135.546504][ T6584]  ksys_write+0x145/0x250
[  135.551160][ T6584]  do_syscall_64+0xf6/0x210
[  135.556110][ T6584] page last free pid 6417 tgid 6417 stack trace:
[  135.562566][ T6584]  __free_frozen_pages+0xb05/0xcd0
[  135.567809][ T6584]  vfree+0x1a6/0x330
[  135.571879][ T6584]  kcov_close+0x28/0x50
[  135.576020][ T6584]  __fput+0x449/0xa70
[  135.580373][ T6584]  task_work_run+0x1d4/0x260
[  135.585032][ T6584]  do_exit+0x8d6/0x2550
[  135.589543][ T6584]  do_group_exit+0x21c/0x2d0
[  135.594318][ T6584]  get_signal+0x125e/0x1310
[  135.598948][ T6584]  arch_do_signal_or_restart+0x95/0x780
[  135.604924][ T6584]  syscall_exit_to_user_mode+0x8b/0x120
[  135.607567][ T5865] Bluetooth: hci0: command tx timeout
[  135.610904][ T6584]  do_syscall_64+0x103/0x210
[  135.610935][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.627605][ T6584] Modules linked in:
[  135.631579][ T6584] CPU: 0 UID: 0 PID: 6584 Comm: syz.0.15 Tainted: G    B               6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full) 
[  135.631595][ T6584] Tainted: [B]=BAD_PAGE
[  135.631598][ T6584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  135.631604][ T6584] Call Trace:
[  135.631610][ T6584]  <TASK>
[  135.631616][ T6584]  dump_stack_lvl+0x189/0x250
[  135.631633][ T6584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.631645][ T6584]  ? __pfx_print_modules+0x10/0x10
[  135.631655][ T6584]  bad_page+0x15e/0x1a0
[  135.631668][ T6584]  __free_frozen_pages+0xc77/0xcd0
[  135.631680][ T6584]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  135.631698][ T6584]  bpf_xdp_adjust_tail+0x1d6/0x220
[  135.631717][ T6584]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  135.631725][ T6584]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  135.631750][ T6584]  do_xdp_generic+0x76e/0xd20
[  135.631765][ T6584]  ? __pfx_do_xdp_generic+0x10/0x10
[  135.631777][ T6584]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  135.631796][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  135.631807][ T6584]  ? __pfx___up_read+0x10/0x10
[  135.631816][ T6584]  ? do_user_addr_fault+0xbc1/0x1390
[  135.631832][ T6584]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  135.631843][ T6584]  ? __lock_acquire+0xaac/0xd20
[  135.631856][ T6584]  ? netif_receive_skb+0x115/0x790
[  135.631864][ T6584]  ? netif_receive_skb+0x115/0x790
[  135.631872][ T6584]  __netif_receive_skb+0x72/0x380
[  135.631881][ T6584]  ? rep_movs_alternative+0x4a/0x90
[  135.631890][ T6584]  ? netif_receive_skb+0x115/0x790
[  135.631897][ T6584]  netif_receive_skb+0x1cb/0x790
[  135.631905][ T6584]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  135.631918][ T6584]  ? _copy_from_iter+0x24c/0x15a0
[  135.631929][ T6584]  ? __pfx_netif_receive_skb+0x10/0x10
[  135.631937][ T6584]  ? sock_alloc_send_pskb+0x875/0x990
[  135.631950][ T6584]  ? __pfx__copy_from_iter+0x10/0x10
[  135.631960][ T6584]  ? tun_rx_batched+0x160/0x730
[  135.631973][ T6584]  tun_rx_batched+0x1b9/0x730
[  135.631986][ T6584]  ? __pfx_tun_rx_batched+0x10/0x10
[  135.631999][ T6584]  ? tun_get_user+0x2444/0x3c20
[  135.632012][ T6584]  ? tun_get_user+0x2444/0x3c20
[  135.632024][ T6584]  ? tun_get_user+0x2444/0x3c20
[  135.632035][ T6584]  tun_get_user+0x2879/0x3c20
[  135.632051][ T6584]  ? preempt_schedule+0xae/0xc0
[  135.632061][ T6584]  ? __pfx_tun_get_user+0x10/0x10
[  135.632073][ T6584]  ? preempt_schedule_common+0x83/0xd0
[  135.632082][ T6584]  ? preempt_schedule+0xae/0xc0
[  135.632091][ T6584]  ? __pfx_preempt_schedule+0x10/0x10
[  135.632100][ T6584]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  135.632110][ T6584]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  135.632120][ T6584]  ? ref_tracker_alloc+0x318/0x460
[  135.632130][ T6584]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  135.632140][ T6584]  ? tun_get+0x1c/0x2f0
[  135.632153][ T6584]  ? tun_get+0x1c/0x2f0
[  135.632164][ T6584]  ? tun_get+0x1c/0x2f0
[  135.632176][ T6584]  tun_chr_write_iter+0x113/0x200
[  135.632189][ T6584]  vfs_write+0x54b/0xa90
[  135.632203][ T6584]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  135.632215][ T6584]  ? __pfx_vfs_write+0x10/0x10
[  135.632228][ T6584]  ? __fget_files+0x2a/0x420
[  135.632238][ T6584]  ksys_write+0x145/0x250
[  135.632249][ T6584]  ? rcu_is_watching+0x15/0xb0
[  135.632263][ T6584]  ? __pfx_ksys_write+0x10/0x10
[  135.632275][ T6584]  ? do_syscall_64+0xba/0x210
[  135.632286][ T6584]  do_syscall_64+0xf6/0x210
[  135.632297][ T6584]  ? clear_bhb_loop+0x60/0xb0
[  135.632307][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.632316][ T6584] RIP: 0033:0x7fb6a6d7e98f
[  135.632325][ T6584] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  135.632332][ T6584] RSP: 002b:00007fb6a7b72020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  135.632343][ T6584] RAX: ffffffffffffffda RBX: 00007fb6a6f45fa0 RCX: 00007fb6a6d7e98f
[  135.632349][ T6584] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  135.632355][ T6584] RBP: 00007fb6a6df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  135.632360][ T6584] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  135.632365][ T6584] R13: 0000000000000000 R14: 00007fb6a6f45fa0 R15: 00007fff4f99ea78
[  135.632375][ T6584]  </TASK>
[  135.632383][ T6584] BUG: Bad page state in process syz.0.15  pfn:28b71
[  136.058445][ T6584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x28b71
[  136.069071][ T6584] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  136.076503][ T6584] raw: 00fff00000000000 dead000000000040 ffff888021ec2000 0000000000000000
[  136.085625][ T6584] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  136.094553][ T6584] page dumped because: page_pool leak
[  136.099986][ T6584] page_owner tracks the page as allocated
[  136.105893][ T6584] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6584, tgid 6583 (syz.0.15), ts 133447577618, free_ts 127980544120
[  136.123242][ T6584]  post_alloc_hook+0x1d8/0x230
[  136.128054][ T6584]  get_page_from_freelist+0x21c7/0x22a0
[  136.134026][ T6584]  __alloc_frozen_pages_noprof+0x181/0x370
[  136.139867][ T6584]  alloc_pages_bulk_noprof+0x560/0x710
[  136.145341][ T6584]  __page_pool_alloc_pages_slow+0x127/0x6c0
[  136.151281][ T6584]  skb_pp_cow_data+0xaf4/0x12f0
[  136.156146][ T6584]  do_xdp_generic+0x51a/0xd20
[  136.161126][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  136.166936][ T6584]  __netif_receive_skb+0x72/0x380
[  136.172222][ T6584]  netif_receive_skb+0x1cb/0x790
[  136.177254][ T6584]  tun_rx_batched+0x1b9/0x730
[  136.182050][ T6584]  tun_get_user+0x2879/0x3c20
[  136.186737][ T6584]  tun_chr_write_iter+0x113/0x200
[  136.191797][ T6584]  vfs_write+0x54b/0xa90
[  136.196051][ T6584]  ksys_write+0x145/0x250
[  136.200501][ T6584]  do_syscall_64+0xf6/0x210
[  136.205103][ T6584] page last free pid 6417 tgid 6417 stack trace:
[  136.211549][ T6584]  __free_frozen_pages+0xb05/0xcd0
[  136.216932][ T6584]  vfree+0x1a6/0x330
[  136.221119][ T6584]  kcov_close+0x28/0x50
[  136.225290][ T6584]  __fput+0x449/0xa70
[  136.229499][ T6584]  task_work_run+0x1d4/0x260
[  136.234600][ T6584]  do_exit+0x8d6/0x2550
[  136.238810][ T6584]  do_group_exit+0x21c/0x2d0
[  136.243784][ T6584]  get_signal+0x125e/0x1310
[  136.248407][ T6584]  arch_do_signal_or_restart+0x95/0x780
[  136.254160][ T6584]  syscall_exit_to_user_mode+0x8b/0x120
[  136.259739][ T6584]  do_syscall_64+0x103/0x210
[  136.264337][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.270478][ T6584] Modules linked in:
[  136.275045][ T6584] CPU: 0 UID: 0 PID: 6584 Comm: syz.0.15 Tainted: G    B               6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full) 
[  136.275060][ T6584] Tainted: [B]=BAD_PAGE
[  136.275064][ T6584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  136.275069][ T6584] Call Trace:
[  136.275074][ T6584]  <TASK>
[  136.275078][ T6584]  dump_stack_lvl+0x189/0x250
[  136.275095][ T6584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.275106][ T6584]  ? __pfx_print_modules+0x10/0x10
[  136.275117][ T6584]  bad_page+0x15e/0x1a0
[  136.275130][ T6584]  __free_frozen_pages+0xc77/0xcd0
[  136.275141][ T6584]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  136.275159][ T6584]  bpf_xdp_adjust_tail+0x1d6/0x220
[  136.275171][ T6584]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  136.275180][ T6584]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  136.275200][ T6584]  do_xdp_generic+0x76e/0xd20
[  136.275214][ T6584]  ? __pfx_do_xdp_generic+0x10/0x10
[  136.275226][ T6584]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  136.275245][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  136.275256][ T6584]  ? __pfx___up_read+0x10/0x10
[  136.275265][ T6584]  ? do_user_addr_fault+0xbc1/0x1390
[  136.275280][ T6584]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  136.275291][ T6584]  ? __lock_acquire+0xaac/0xd20
[  136.275303][ T6584]  ? netif_receive_skb+0x115/0x790
[  136.275311][ T6584]  ? netif_receive_skb+0x115/0x790
[  136.275319][ T6584]  __netif_receive_skb+0x72/0x380
[  136.275328][ T6584]  ? rep_movs_alternative+0x4a/0x90
[  136.275337][ T6584]  ? netif_receive_skb+0x115/0x790
[  136.275344][ T6584]  netif_receive_skb+0x1cb/0x790
[  136.275352][ T6584]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  136.275365][ T6584]  ? _copy_from_iter+0x24c/0x15a0
[  136.275376][ T6584]  ? __pfx_netif_receive_skb+0x10/0x10
[  136.275384][ T6584]  ? sock_alloc_send_pskb+0x875/0x990
[  136.275397][ T6584]  ? __pfx__copy_from_iter+0x10/0x10
[  136.275407][ T6584]  ? tun_rx_batched+0x160/0x730
[  136.275420][ T6584]  tun_rx_batched+0x1b9/0x730
[  136.275433][ T6584]  ? __pfx_tun_rx_batched+0x10/0x10
[  136.275446][ T6584]  ? tun_get_user+0x2444/0x3c20
[  136.275459][ T6584]  ? tun_get_user+0x2444/0x3c20
[  136.275471][ T6584]  ? tun_get_user+0x2444/0x3c20
[  136.275482][ T6584]  tun_get_user+0x2879/0x3c20
[  136.275498][ T6584]  ? preempt_schedule+0xae/0xc0
[  136.275508][ T6584]  ? __pfx_tun_get_user+0x10/0x10
[  136.275519][ T6584]  ? preempt_schedule_common+0x83/0xd0
[  136.275529][ T6584]  ? preempt_schedule+0xae/0xc0
[  136.275537][ T6584]  ? __pfx_preempt_schedule+0x10/0x10
[  136.275547][ T6584]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  136.275556][ T6584]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  136.275566][ T6584]  ? ref_tracker_alloc+0x318/0x460
[  136.275577][ T6584]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  136.275587][ T6584]  ? tun_get+0x1c/0x2f0
[  136.275600][ T6584]  ? tun_get+0x1c/0x2f0
[  136.275611][ T6584]  ? tun_get+0x1c/0x2f0
[  136.275623][ T6584]  tun_chr_write_iter+0x113/0x200
[  136.275635][ T6584]  vfs_write+0x54b/0xa90
[  136.275649][ T6584]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  136.275661][ T6584]  ? __pfx_vfs_write+0x10/0x10
[  136.275674][ T6584]  ? __fget_files+0x2a/0x420
[  136.275684][ T6584]  ksys_write+0x145/0x250
[  136.275696][ T6584]  ? rcu_is_watching+0x15/0xb0
[  136.275709][ T6584]  ? __pfx_ksys_write+0x10/0x10
[  136.275721][ T6584]  ? do_syscall_64+0xba/0x210
[  136.275733][ T6584]  do_syscall_64+0xf6/0x210
[  136.275744][ T6584]  ? clear_bhb_loop+0x60/0xb0
[  136.275754][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.275794][ T6584] RIP: 0033:0x7fb6a6d7e98f
[  136.275803][ T6584] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  136.275810][ T6584] RSP: 002b:00007fb6a7b72020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  136.275821][ T6584] RAX: ffffffffffffffda RBX: 00007fb6a6f45fa0 RCX: 00007fb6a6d7e98f
[  136.275827][ T6584] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  136.275833][ T6584] RBP: 00007fb6a6df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  136.275839][ T6584] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  136.275844][ T6584] R13: 0000000000000000 R14: 00007fb6a6f45fa0 R15: 00007fff4f99ea78
[  136.275853][ T6584]  </TASK>
[  136.275860][ T6584] BUG: Bad page state in process syz.0.15  pfn:7dd85
[  136.703583][ T6584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807dd85b40 pfn:0x7dd85
[  136.714082][ T6584] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  136.721435][ T6584] raw: 00fff00000000000 dead000000000040 ffff888021ec2000 0000000000000000
[  136.730336][ T6584] raw: ffff88807dd85b40 0000000000000001 00000000ffffffff 0000000000000000
[  136.739240][ T6584] page dumped because: page_pool leak
[  136.744961][ T6584] page_owner tracks the page as allocated
[  136.750827][ T6584] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6584, tgid 6583 (syz.0.15), ts 133447560428, free_ts 127980563755
[  136.768345][ T6584]  post_alloc_hook+0x1d8/0x230
[  136.773106][ T6584]  get_page_from_freelist+0x21c7/0x22a0
[  136.778798][ T6584]  __alloc_frozen_pages_noprof+0x181/0x370
[  136.784785][ T6584]  alloc_pages_bulk_noprof+0x560/0x710
[  136.790497][ T6584]  __page_pool_alloc_pages_slow+0x127/0x6c0
[  136.796497][ T6584]  skb_pp_cow_data+0xaf4/0x12f0
[  136.801574][ T6584]  do_xdp_generic+0x51a/0xd20
[  136.806360][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  136.812154][ T6584]  __netif_receive_skb+0x72/0x380
[  136.817297][ T6584]  netif_receive_skb+0x1cb/0x790
[  136.822286][ T6584]  tun_rx_batched+0x1b9/0x730
[  136.826982][ T6584]  tun_get_user+0x2879/0x3c20
[  136.831822][ T6584]  tun_chr_write_iter+0x113/0x200
[  136.837276][ T6584]  vfs_write+0x54b/0xa90
[  136.842056][ T6584]  ksys_write+0x145/0x250
[  136.846646][ T6584]  do_syscall_64+0xf6/0x210
[  136.851597][ T6584] page last free pid 6417 tgid 6417 stack trace:
[  136.858232][ T6584]  __free_frozen_pages+0xb05/0xcd0
[  136.863428][ T6584]  vfree+0x1a6/0x330
[  136.867557][ T6584]  kcov_close+0x28/0x50
[  136.872341][ T6584]  __fput+0x449/0xa70
[  136.876730][ T6584]  task_work_run+0x1d4/0x260
[  136.881549][ T6584]  do_exit+0x8d6/0x2550
[  136.885887][ T6584]  do_group_exit+0x21c/0x2d0
[  136.890761][ T6584]  get_signal+0x125e/0x1310
[  136.895809][ T6584]  arch_do_signal_or_restart+0x95/0x780
[  136.901406][ T6584]  syscall_exit_to_user_mode+0x8b/0x120
[  136.906983][ T6584]  do_syscall_64+0x103/0x210
[  136.911640][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.917652][ T6584] Modules linked in:
[  136.921643][ T6584] CPU: 0 UID: 0 PID: 6584 Comm: syz.0.15 Tainted: G    B               6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full) 
[  136.921658][ T6584] Tainted: [B]=BAD_PAGE
[  136.921661][ T6584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  136.921667][ T6584] Call Trace:
[  136.921672][ T6584]  <TASK>
[  136.921676][ T6584]  dump_stack_lvl+0x189/0x250
[  136.921693][ T6584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.921704][ T6584]  ? __pfx_print_modules+0x10/0x10
[  136.921715][ T6584]  bad_page+0x15e/0x1a0
[  136.921728][ T6584]  __free_frozen_pages+0xc77/0xcd0
[  136.921739][ T6584]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  136.921757][ T6584]  bpf_xdp_adjust_tail+0x1d6/0x220
[  136.921768][ T6584]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  136.921777][ T6584]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  136.921797][ T6584]  do_xdp_generic+0x76e/0xd20
[  136.921811][ T6584]  ? __pfx_do_xdp_generic+0x10/0x10
[  136.921824][ T6584]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  136.921841][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  136.921853][ T6584]  ? __pfx___up_read+0x10/0x10
[  136.921863][ T6584]  ? do_user_addr_fault+0xbc1/0x1390
[  136.921879][ T6584]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  136.921890][ T6584]  ? __lock_acquire+0xaac/0xd20
[  136.921902][ T6584]  ? netif_receive_skb+0x115/0x790
[  136.921910][ T6584]  ? netif_receive_skb+0x115/0x790
[  136.921918][ T6584]  __netif_receive_skb+0x72/0x380
[  136.921927][ T6584]  ? rep_movs_alternative+0x4a/0x90
[  136.921936][ T6584]  ? netif_receive_skb+0x115/0x790
[  136.921944][ T6584]  netif_receive_skb+0x1cb/0x790
[  136.921951][ T6584]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  136.921964][ T6584]  ? _copy_from_iter+0x24c/0x15a0
[  136.921975][ T6584]  ? __pfx_netif_receive_skb+0x10/0x10
[  136.921983][ T6584]  ? sock_alloc_send_pskb+0x875/0x990
[  136.921996][ T6584]  ? __pfx__copy_from_iter+0x10/0x10
[  136.922006][ T6584]  ? tun_rx_batched+0x160/0x730
[  136.922020][ T6584]  tun_rx_batched+0x1b9/0x730
[  136.922033][ T6584]  ? __pfx_tun_rx_batched+0x10/0x10
[  136.922046][ T6584]  ? tun_get_user+0x2444/0x3c20
[  136.922059][ T6584]  ? tun_get_user+0x2444/0x3c20
[  136.922071][ T6584]  ? tun_get_user+0x2444/0x3c20
[  136.922082][ T6584]  tun_get_user+0x2879/0x3c20
[  136.922098][ T6584]  ? preempt_schedule+0xae/0xc0
[  136.922108][ T6584]  ? __pfx_tun_get_user+0x10/0x10
[  136.922119][ T6584]  ? preempt_schedule_common+0x83/0xd0
[  136.922129][ T6584]  ? preempt_schedule+0xae/0xc0
[  136.922138][ T6584]  ? __pfx_preempt_schedule+0x10/0x10
[  136.922147][ T6584]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  136.922157][ T6584]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  136.922167][ T6584]  ? ref_tracker_alloc+0x318/0x460
[  136.922177][ T6584]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  136.922187][ T6584]  ? tun_get+0x1c/0x2f0
[  136.922200][ T6584]  ? tun_get+0x1c/0x2f0
[  136.922211][ T6584]  ? tun_get+0x1c/0x2f0
[  136.922223][ T6584]  tun_chr_write_iter+0x113/0x200
[  136.922236][ T6584]  vfs_write+0x54b/0xa90
[  136.922249][ T6584]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  136.922261][ T6584]  ? __pfx_vfs_write+0x10/0x10
[  136.922274][ T6584]  ? __fget_files+0x2a/0x420
[  136.922284][ T6584]  ksys_write+0x145/0x250
[  136.922296][ T6584]  ? rcu_is_watching+0x15/0xb0
[  136.922309][ T6584]  ? __pfx_ksys_write+0x10/0x10
[  136.922321][ T6584]  ? do_syscall_64+0xba/0x210
[  136.922333][ T6584]  do_syscall_64+0xf6/0x210
[  136.922343][ T6584]  ? clear_bhb_loop+0x60/0xb0
[  136.922353][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.922362][ T6584] RIP: 0033:0x7fb6a6d7e98f
[  136.922371][ T6584] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  136.922378][ T6584] RSP: 002b:00007fb6a7b72020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  136.922388][ T6584] RAX: ffffffffffffffda RBX: 00007fb6a6f45fa0 RCX: 00007fb6a6d7e98f
[  136.922394][ T6584] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  136.922400][ T6584] RBP: 00007fb6a6df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  136.922405][ T6584] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  136.922411][ T6584] R13: 0000000000000000 R14: 00007fb6a6f45fa0 R15: 00007fff4f99ea78
[  136.922420][ T6584]  </TASK>
[  136.922427][ T6584] BUG: Bad page state in process syz.0.15  pfn:20ba9
[  137.352266][ T6584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x20ba9
[  137.362576][ T6584] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  137.369981][ T6584] raw: 00fff00000000000 dead000000000040 ffff888021ec2000 0000000000000000
[  137.378818][ T6584] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  137.387454][ T6584] page dumped because: page_pool leak
[  137.392806][ T6584] page_owner tracks the page as allocated
[  137.398625][ T6584] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6584, tgid 6583 (syz.0.15), ts 133447542941, free_ts 127980578649
[  137.415806][ T6584]  post_alloc_hook+0x1d8/0x230
[  137.420732][ T6584]  get_page_from_freelist+0x21c7/0x22a0
[  137.426289][ T6584]  __alloc_frozen_pages_noprof+0x181/0x370
[  137.432214][ T6584]  alloc_pages_bulk_noprof+0x560/0x710
[  137.437727][ T6584]  __page_pool_alloc_pages_slow+0x127/0x6c0
[  137.443728][ T6584]  skb_pp_cow_data+0xaf4/0x12f0
[  137.448741][ T6584]  do_xdp_generic+0x51a/0xd20
[  137.453602][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  137.459528][ T6584]  __netif_receive_skb+0x72/0x380
[  137.464556][ T6584]  netif_receive_skb+0x1cb/0x790
[  137.469610][ T6584]  tun_rx_batched+0x1b9/0x730
[  137.474491][ T6584]  tun_get_user+0x2879/0x3c20
[  137.479380][ T6584]  tun_chr_write_iter+0x113/0x200
[  137.484502][ T6584]  vfs_write+0x54b/0xa90
[  137.488829][ T6584]  ksys_write+0x145/0x250
[  137.493279][ T6584]  do_syscall_64+0xf6/0x210
[  137.497908][ T6584] page last free pid 6417 tgid 6417 stack trace:
[  137.504586][ T6584]  __free_frozen_pages+0xb05/0xcd0
[  137.510084][ T6584]  vfree+0x1a6/0x330
[  137.514089][ T6584]  kcov_close+0x28/0x50
[  137.518302][ T6584]  __fput+0x449/0xa70
[  137.522291][ T6584]  task_work_run+0x1d4/0x260
[  137.526980][ T6584]  do_exit+0x8d6/0x2550
[  137.531190][ T6584]  do_group_exit+0x21c/0x2d0
[  137.535883][ T6584]  get_signal+0x125e/0x1310
[  137.540448][ T6584]  arch_do_signal_or_restart+0x95/0x780
[  137.546185][ T6584]  syscall_exit_to_user_mode+0x8b/0x120
[  137.552036][ T6584]  do_syscall_64+0x103/0x210
[  137.556721][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.563078][ T6584] Modules linked in:
[  137.566989][ T6584] CPU: 0 UID: 0 PID: 6584 Comm: syz.0.15 Tainted: G    B               6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full) 
[  137.567004][ T6584] Tainted: [B]=BAD_PAGE
[  137.567007][ T6584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  137.567013][ T6584] Call Trace:
[  137.567017][ T6584]  <TASK>
[  137.567021][ T6584]  dump_stack_lvl+0x189/0x250
[  137.567038][ T6584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  137.567049][ T6584]  ? __pfx_print_modules+0x10/0x10
[  137.567060][ T6584]  bad_page+0x15e/0x1a0
[  137.567073][ T6584]  __free_frozen_pages+0xc77/0xcd0
[  137.567084][ T6584]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  137.567103][ T6584]  bpf_xdp_adjust_tail+0x1d6/0x220
[  137.567116][ T6584]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  137.567124][ T6584]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  137.567143][ T6584]  do_xdp_generic+0x76e/0xd20
[  137.567158][ T6584]  ? __pfx_do_xdp_generic+0x10/0x10
[  137.567170][ T6584]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  137.567188][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  137.567200][ T6584]  ? __pfx___up_read+0x10/0x10
[  137.567208][ T6584]  ? do_user_addr_fault+0xbc1/0x1390
[  137.567224][ T6584]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  137.567235][ T6584]  ? __lock_acquire+0xaac/0xd20
[  137.567247][ T6584]  ? netif_receive_skb+0x115/0x790
[  137.567255][ T6584]  ? netif_receive_skb+0x115/0x790
[  137.567263][ T6584]  __netif_receive_skb+0x72/0x380
[  137.567272][ T6584]  ? rep_movs_alternative+0x4a/0x90
[  137.567281][ T6584]  ? netif_receive_skb+0x115/0x790
[  137.567289][ T6584]  netif_receive_skb+0x1cb/0x790
[  137.567300][ T6584]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  137.567313][ T6584]  ? _copy_from_iter+0x24c/0x15a0
[  137.567324][ T6584]  ? __pfx_netif_receive_skb+0x10/0x10
[  137.567332][ T6584]  ? sock_alloc_send_pskb+0x875/0x990
[  137.567345][ T6584]  ? __pfx__copy_from_iter+0x10/0x10
[  137.567361][ T6584]  ? tun_rx_batched+0x160/0x730
[  137.567380][ T6584]  tun_rx_batched+0x1b9/0x730
[  137.567399][ T6584]  ? __pfx_tun_rx_batched+0x10/0x10
[  137.567419][ T6584]  ? tun_get_user+0x2444/0x3c20
[  137.567434][ T6584]  ? tun_get_user+0x2444/0x3c20
[  137.567445][ T6584]  ? tun_get_user+0x2444/0x3c20
[  137.567457][ T6584]  tun_get_user+0x2879/0x3c20
[  137.567473][ T6584]  ? preempt_schedule+0xae/0xc0
[  137.567483][ T6584]  ? __pfx_tun_get_user+0x10/0x10
[  137.567494][ T6584]  ? preempt_schedule_common+0x83/0xd0
[  137.567503][ T6584]  ? preempt_schedule+0xae/0xc0
[  137.567512][ T6584]  ? __pfx_preempt_schedule+0x10/0x10
[  137.567521][ T6584]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  137.567531][ T6584]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  137.567541][ T6584]  ? ref_tracker_alloc+0x318/0x460
[  137.567552][ T6584]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  137.567562][ T6584]  ? tun_get+0x1c/0x2f0
[  137.567575][ T6584]  ? tun_get+0x1c/0x2f0
[  137.567586][ T6584]  ? tun_get+0x1c/0x2f0
[  137.567598][ T6584]  tun_chr_write_iter+0x113/0x200
[  137.567611][ T6584]  vfs_write+0x54b/0xa90
[  137.567631][ T6584]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  137.567643][ T6584]  ? __pfx_vfs_write+0x10/0x10
[  137.567656][ T6584]  ? __fget_files+0x2a/0x420
[  137.567665][ T6584]  ksys_write+0x145/0x250
[  137.567677][ T6584]  ? rcu_is_watching+0x15/0xb0
[  137.567690][ T6584]  ? __pfx_ksys_write+0x10/0x10
[  137.567702][ T6584]  ? do_syscall_64+0xba/0x210
[  137.567713][ T6584]  do_syscall_64+0xf6/0x210
[  137.567724][ T6584]  ? clear_bhb_loop+0x60/0xb0
[  137.567734][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.567743][ T6584] RIP: 0033:0x7fb6a6d7e98f
[  137.567752][ T6584] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  137.567759][ T6584] RSP: 002b:00007fb6a7b72020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  137.567771][ T6584] RAX: ffffffffffffffda RBX: 00007fb6a6f45fa0 RCX: 00007fb6a6d7e98f
[  137.567777][ T6584] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  137.567783][ T6584] RBP: 00007fb6a6df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  137.567788][ T6584] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  137.567793][ T6584] R13: 0000000000000000 R14: 00007fb6a6f45fa0 R15: 00007fff4f99ea78
[  137.567802][ T6584]  </TASK>
[  137.677797][ T5865] Bluetooth: hci0: command tx timeout
[  137.679917][ T6584] BUG: Bad page state in process syz.0.15  pfn:34f89
[  137.994444][ T6584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888034f89dc0 pfn:0x34f89
[  138.004681][ T6584] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  138.011870][ T6584] raw: 00fff00000000000 dead000000000040 ffff888021ec2000 0000000000000000
[  138.021040][ T6584] raw: ffff888034f89dc0 0000000000000001 00000000ffffffff 0000000000000000
[  138.029925][ T6584] page dumped because: page_pool leak
[  138.035275][ T6584] page_owner tracks the page as allocated
[  138.041451][ T6584] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6584, tgid 6583 (syz.0.15), ts 133447525546, free_ts 127980593387
[  138.058862][ T6584]  post_alloc_hook+0x1d8/0x230
[  138.063705][ T6584]  get_page_from_freelist+0x21c7/0x22a0
[  138.069397][ T6584]  __alloc_frozen_pages_noprof+0x181/0x370
[  138.075299][ T6584]  alloc_pages_bulk_noprof+0x560/0x710
[  138.080888][ T6584]  __page_pool_alloc_pages_slow+0x127/0x6c0
[  138.086959][ T6584]  skb_pp_cow_data+0xaf4/0x12f0
[  138.091850][ T6584]  do_xdp_generic+0x51a/0xd20
[  138.096627][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  138.102383][ T6584]  __netif_receive_skb+0x72/0x380
[  138.107746][ T6584]  netif_receive_skb+0x1cb/0x790
[  138.112676][ T6584]  tun_rx_batched+0x1b9/0x730
[  138.117478][ T6584]  tun_get_user+0x2879/0x3c20
[  138.122251][ T6584]  tun_chr_write_iter+0x113/0x200
[  138.127670][ T6584]  vfs_write+0x54b/0xa90
[  138.131939][ T6584]  ksys_write+0x145/0x250
[  138.136251][ T6584]  do_syscall_64+0xf6/0x210
[  138.140827][ T6584] page last free pid 6417 tgid 6417 stack trace:
[  138.147258][ T6584]  __free_frozen_pages+0xb05/0xcd0
[  138.152447][ T6584]  vfree+0x1a6/0x330
[  138.156366][ T6584]  kcov_close+0x28/0x50
[  138.160544][ T6584]  __fput+0x449/0xa70
[  138.164624][ T6584]  task_work_run+0x1d4/0x260
[  138.169453][ T6584]  do_exit+0x8d6/0x2550
[  138.173724][ T6584]  do_group_exit+0x21c/0x2d0
[  138.178622][ T6584]  get_signal+0x125e/0x1310
[  138.183308][ T6584]  arch_do_signal_or_restart+0x95/0x780
[  138.188890][ T6584]  syscall_exit_to_user_mode+0x8b/0x120
[  138.194616][ T6584]  do_syscall_64+0x103/0x210
[  138.199331][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.205443][ T6584] Modules linked in:
[  138.209466][ T6584] CPU: 0 UID: 0 PID: 6584 Comm: syz.0.15 Tainted: G    B               6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full) 
[  138.209488][ T6584] Tainted: [B]=BAD_PAGE
[  138.209492][ T6584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  138.209501][ T6584] Call Trace:
[  138.209505][ T6584]  <TASK>
[  138.209511][ T6584]  dump_stack_lvl+0x189/0x250
[  138.209533][ T6584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  138.209549][ T6584]  ? __pfx_print_modules+0x10/0x10
[  138.209573][ T6584]  bad_page+0x15e/0x1a0
[  138.209592][ T6584]  __free_frozen_pages+0xc77/0xcd0
[  138.209608][ T6584]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  138.209634][ T6584]  bpf_xdp_adjust_tail+0x1d6/0x220
[  138.209652][ T6584]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  138.209664][ T6584]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  138.209698][ T6584]  do_xdp_generic+0x76e/0xd20
[  138.209723][ T6584]  ? __pfx_do_xdp_generic+0x10/0x10
[  138.209744][ T6584]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  138.209776][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  138.209796][ T6584]  ? __pfx___up_read+0x10/0x10
[  138.209810][ T6584]  ? do_user_addr_fault+0xbc1/0x1390
[  138.209829][ T6584]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  138.209845][ T6584]  ? __lock_acquire+0xaac/0xd20
[  138.209860][ T6584]  ? netif_receive_skb+0x115/0x790
[  138.209873][ T6584]  ? netif_receive_skb+0x115/0x790
[  138.209886][ T6584]  __netif_receive_skb+0x72/0x380
[  138.209902][ T6584]  ? rep_movs_alternative+0x4a/0x90
[  138.209917][ T6584]  ? netif_receive_skb+0x115/0x790
[  138.209930][ T6584]  netif_receive_skb+0x1cb/0x790
[  138.209944][ T6584]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  138.209965][ T6584]  ? _copy_from_iter+0x24c/0x15a0
[  138.209983][ T6584]  ? __pfx_netif_receive_skb+0x10/0x10
[  138.209996][ T6584]  ? sock_alloc_send_pskb+0x875/0x990
[  138.210017][ T6584]  ? __pfx__copy_from_iter+0x10/0x10
[  138.210034][ T6584]  ? tun_rx_batched+0x160/0x730
[  138.210055][ T6584]  tun_rx_batched+0x1b9/0x730
[  138.210077][ T6584]  ? __pfx_tun_rx_batched+0x10/0x10
[  138.210098][ T6584]  ? tun_get_user+0x2444/0x3c20
[  138.210121][ T6584]  ? tun_get_user+0x2444/0x3c20
[  138.210140][ T6584]  ? tun_get_user+0x2444/0x3c20
[  138.210159][ T6584]  tun_get_user+0x2879/0x3c20
[  138.210186][ T6584]  ? preempt_schedule+0xae/0xc0
[  138.210203][ T6584]  ? __pfx_tun_get_user+0x10/0x10
[  138.210222][ T6584]  ? preempt_schedule_common+0x83/0xd0
[  138.210238][ T6584]  ? preempt_schedule+0xae/0xc0
[  138.210253][ T6584]  ? __pfx_preempt_schedule+0x10/0x10
[  138.210270][ T6584]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  138.210286][ T6584]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  138.210304][ T6584]  ? ref_tracker_alloc+0x318/0x460
[  138.210321][ T6584]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  138.210339][ T6584]  ? tun_get+0x1c/0x2f0
[  138.210360][ T6584]  ? tun_get+0x1c/0x2f0
[  138.210378][ T6584]  ? tun_get+0x1c/0x2f0
[  138.210398][ T6584]  tun_chr_write_iter+0x113/0x200
[  138.210420][ T6584]  vfs_write+0x54b/0xa90
[  138.210441][ T6584]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  138.210461][ T6584]  ? __pfx_vfs_write+0x10/0x10
[  138.210484][ T6584]  ? __fget_files+0x2a/0x420
[  138.210500][ T6584]  ksys_write+0x145/0x250
[  138.210519][ T6584]  ? rcu_is_watching+0x15/0xb0
[  138.210540][ T6584]  ? __pfx_ksys_write+0x10/0x10
[  138.210569][ T6584]  ? do_syscall_64+0xba/0x210
[  138.210588][ T6584]  do_syscall_64+0xf6/0x210
[  138.210606][ T6584]  ? clear_bhb_loop+0x60/0xb0
[  138.210622][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.210637][ T6584] RIP: 0033:0x7fb6a6d7e98f
[  138.210651][ T6584] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  138.210664][ T6584] RSP: 002b:00007fb6a7b72020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  138.210680][ T6584] RAX: ffffffffffffffda RBX: 00007fb6a6f45fa0 RCX: 00007fb6a6d7e98f
[  138.210691][ T6584] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  138.210699][ T6584] RBP: 00007fb6a6df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  138.210709][ T6584] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  138.210718][ T6584] R13: 0000000000000000 R14: 00007fb6a6f45fa0 R15: 00007fff4f99ea78
[  138.210734][ T6584]  </TASK>
[  138.210744][ T6584] BUG: Bad page state in process syz.0.15  pfn:348a2
[  138.633266][ T6584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x348a2
[  138.643914][ T6584] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  138.651234][ T6584] raw: 00fff00000000000 dead000000000040 ffff888021ec2000 0000000000000000
[  138.659960][ T6584] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  138.669197][ T6584] page dumped because: page_pool leak
[  138.674822][ T6584] page_owner tracks the page as allocated
[  138.680723][ T6584] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6584, tgid 6583 (syz.0.15), ts 133447507951, free_ts 127980608080
[  138.697814][ T6584]  post_alloc_hook+0x1d8/0x230
[  138.702650][ T6584]  get_page_from_freelist+0x21c7/0x22a0
[  138.708310][ T6584]  __alloc_frozen_pages_noprof+0x181/0x370
[  138.714120][ T6584]  alloc_pages_bulk_noprof+0x560/0x710
[  138.719608][ T6584]  __page_pool_alloc_pages_slow+0x127/0x6c0
[  138.725706][ T6584]  skb_pp_cow_data+0xaf4/0x12f0
[  138.730619][ T6584]  do_xdp_generic+0x51a/0xd20
[  138.735482][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  138.741241][ T6584]  __netif_receive_skb+0x72/0x380
[  138.746372][ T6584]  netif_receive_skb+0x1cb/0x790
[  138.751400][ T6584]  tun_rx_batched+0x1b9/0x730
[  138.756100][ T6584]  tun_get_user+0x2879/0x3c20
[  138.760986][ T6584]  tun_chr_write_iter+0x113/0x200
[  138.766721][ T6584]  vfs_write+0x54b/0xa90
[  138.771196][ T6584]  ksys_write+0x145/0x250
[  138.775709][ T6584]  do_syscall_64+0xf6/0x210
[  138.780334][ T6584] page last free pid 6417 tgid 6417 stack trace:
[  138.786740][ T6584]  __free_frozen_pages+0xb05/0xcd0
[  138.792141][ T6584]  vfree+0x1a6/0x330
[  138.796218][ T6584]  kcov_close+0x28/0x50
[  138.800443][ T6584]  __fput+0x449/0xa70
[  138.804436][ T6584]  task_work_run+0x1d4/0x260
[  138.809079][ T6584]  do_exit+0x8d6/0x2550
[  138.813412][ T6584]  do_group_exit+0x21c/0x2d0
[  138.818586][ T6584]  get_signal+0x125e/0x1310
[  138.823208][ T6584]  arch_do_signal_or_restart+0x95/0x780
[  138.828976][ T6584]  syscall_exit_to_user_mode+0x8b/0x120
[  138.834718][ T6584]  do_syscall_64+0x103/0x210
[  138.839545][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.845832][ T6584] Modules linked in:
[  138.850150][ T6584] CPU: 0 UID: 0 PID: 6584 Comm: syz.0.15 Tainted: G    B               6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full) 
[  138.850175][ T6584] Tainted: [B]=BAD_PAGE
[  138.850181][ T6584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  138.850190][ T6584] Call Trace:
[  138.850196][ T6584]  <TASK>
[  138.850203][ T6584]  dump_stack_lvl+0x189/0x250
[  138.850224][ T6584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  138.850239][ T6584]  ? __pfx_print_modules+0x10/0x10
[  138.850257][ T6584]  bad_page+0x15e/0x1a0
[  138.850274][ T6584]  __free_frozen_pages+0xc77/0xcd0
[  138.850291][ T6584]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  138.850319][ T6584]  bpf_xdp_adjust_tail+0x1d6/0x220
[  138.850342][ T6584]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  138.850355][ T6584]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  138.850387][ T6584]  do_xdp_generic+0x76e/0xd20
[  138.850413][ T6584]  ? __pfx_do_xdp_generic+0x10/0x10
[  138.850434][ T6584]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  138.850475][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  138.850496][ T6584]  ? __pfx___up_read+0x10/0x10
[  138.850512][ T6584]  ? do_user_addr_fault+0xbc1/0x1390
[  138.850537][ T6584]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  138.850558][ T6584]  ? __lock_acquire+0xaac/0xd20
[  138.850578][ T6584]  ? netif_receive_skb+0x115/0x790
[  138.850593][ T6584]  ? netif_receive_skb+0x115/0x790
[  138.850608][ T6584]  __netif_receive_skb+0x72/0x380
[  138.850623][ T6584]  ? rep_movs_alternative+0x4a/0x90
[  138.850639][ T6584]  ? netif_receive_skb+0x115/0x790
[  138.850653][ T6584]  netif_receive_skb+0x1cb/0x790
[  138.850667][ T6584]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  138.850686][ T6584]  ? _copy_from_iter+0x24c/0x15a0
[  138.850702][ T6584]  ? __pfx_netif_receive_skb+0x10/0x10
[  138.850713][ T6584]  ? sock_alloc_send_pskb+0x875/0x990
[  138.850742][ T6584]  ? __pfx__copy_from_iter+0x10/0x10
[  138.850761][ T6584]  ? tun_rx_batched+0x160/0x730
[  138.850780][ T6584]  tun_rx_batched+0x1b9/0x730
[  138.850801][ T6584]  ? __pfx_tun_rx_batched+0x10/0x10
[  138.850818][ T6584]  ? tun_get_user+0x2444/0x3c20
[  138.850840][ T6584]  ? tun_get_user+0x2444/0x3c20
[  138.850860][ T6584]  ? tun_get_user+0x2444/0x3c20
[  138.850879][ T6584]  tun_get_user+0x2879/0x3c20
[  138.850906][ T6584]  ? preempt_schedule+0xae/0xc0
[  138.850923][ T6584]  ? __pfx_tun_get_user+0x10/0x10
[  138.850942][ T6584]  ? preempt_schedule_common+0x83/0xd0
[  138.850959][ T6584]  ? preempt_schedule+0xae/0xc0
[  138.850974][ T6584]  ? __pfx_preempt_schedule+0x10/0x10
[  138.850991][ T6584]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  138.851008][ T6584]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  138.851025][ T6584]  ? ref_tracker_alloc+0x318/0x460
[  138.851042][ T6584]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  138.851060][ T6584]  ? tun_get+0x1c/0x2f0
[  138.851080][ T6584]  ? tun_get+0x1c/0x2f0
[  138.851099][ T6584]  ? tun_get+0x1c/0x2f0
[  138.851119][ T6584]  tun_chr_write_iter+0x113/0x200
[  138.851140][ T6584]  vfs_write+0x54b/0xa90
[  138.851162][ T6584]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  138.851182][ T6584]  ? __pfx_vfs_write+0x10/0x10
[  138.851204][ T6584]  ? __fget_files+0x2a/0x420
[  138.851221][ T6584]  ksys_write+0x145/0x250
[  138.851240][ T6584]  ? rcu_is_watching+0x15/0xb0
[  138.851262][ T6584]  ? __pfx_ksys_write+0x10/0x10
[  138.851282][ T6584]  ? do_syscall_64+0xba/0x210
[  138.851302][ T6584]  do_syscall_64+0xf6/0x210
[  138.851320][ T6584]  ? clear_bhb_loop+0x60/0xb0
[  138.851337][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.851351][ T6584] RIP: 0033:0x7fb6a6d7e98f
[  138.851365][ T6584] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  138.851378][ T6584] RSP: 002b:00007fb6a7b72020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  138.851395][ T6584] RAX: ffffffffffffffda RBX: 00007fb6a6f45fa0 RCX: 00007fb6a6d7e98f
[  138.851406][ T6584] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  138.851416][ T6584] RBP: 00007fb6a6df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  138.851425][ T6584] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  138.851434][ T6584] R13: 0000000000000000 R14: 00007fb6a6f45fa0 R15: 00007fff4f99ea78
[  138.851462][ T6584]  </TASK>
[  138.851472][ T6584] BUG: Bad page state in process syz.0.15  pfn:24ed6
[  139.279712][ T6584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888024ed6dc0 pfn:0x24ed6
[  139.290107][ T6584] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  139.297321][ T6584] raw: 00fff00000000000 dead000000000040 ffff888021ec2000 0000000000000000
[  139.305971][ T6584] raw: ffff888024ed6dc0 0000000000000001 00000000ffffffff 0000000000000000
[  139.314615][ T6584] page dumped because: page_pool leak
[  139.320272][ T6584] page_owner tracks the page as allocated
[  139.326280][ T6584] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6584, tgid 6583 (syz.0.15), ts 133447490820, free_ts 127980622951
[  139.344540][ T6584]  post_alloc_hook+0x1d8/0x230
[  139.349754][ T6584]  get_page_from_freelist+0x21c7/0x22a0
[  139.355485][ T6584]  __alloc_frozen_pages_noprof+0x181/0x370
[  139.361535][ T6584]  alloc_pages_bulk_noprof+0x560/0x710
[  139.367420][ T6584]  __page_pool_alloc_pages_slow+0x127/0x6c0
[  139.373325][ T6584]  skb_pp_cow_data+0xaf4/0x12f0
[  139.378383][ T6584]  do_xdp_generic+0x51a/0xd20
[  139.383328][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  139.389172][ T6584]  __netif_receive_skb+0x72/0x380
[  139.394408][ T6584]  netif_receive_skb+0x1cb/0x790
[  139.399807][ T6584]  tun_rx_batched+0x1b9/0x730
[  139.404938][ T6584]  tun_get_user+0x2879/0x3c20
[  139.409661][ T6584]  tun_chr_write_iter+0x113/0x200
[  139.414704][ T6584]  vfs_write+0x54b/0xa90
[  139.419079][ T6584]  ksys_write+0x145/0x250
[  139.423582][ T6584]  do_syscall_64+0xf6/0x210
[  139.428119][ T6584] page last free pid 6417 tgid 6417 stack trace:
[  139.434451][ T6584]  __free_frozen_pages+0xb05/0xcd0
[  139.439747][ T6584]  vfree+0x1a6/0x330
[  139.443751][ T6584]  kcov_close+0x28/0x50
[  139.447967][ T6584]  __fput+0x449/0xa70
[  139.451983][ T6584]  task_work_run+0x1d4/0x260
[  139.456584][ T6584]  do_exit+0x8d6/0x2550
[  139.460829][ T6584]  do_group_exit+0x21c/0x2d0
[  139.465520][ T6584]  get_signal+0x125e/0x1310
[  139.470808][ T6584]  arch_do_signal_or_restart+0x95/0x780
[  139.476736][ T6584]  syscall_exit_to_user_mode+0x8b/0x120
[  139.482353][ T6584]  do_syscall_64+0x103/0x210
[  139.487112][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.493050][ T6584] Modules linked in:
[  139.496952][ T6584] CPU: 0 UID: 0 PID: 6584 Comm: syz.0.15 Tainted: G    B               6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full) 
[  139.496967][ T6584] Tainted: [B]=BAD_PAGE
[  139.496970][ T6584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  139.496976][ T6584] Call Trace:
[  139.496980][ T6584]  <TASK>
[  139.496985][ T6584]  dump_stack_lvl+0x189/0x250
[  139.497001][ T6584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.497012][ T6584]  ? __pfx_print_modules+0x10/0x10
[  139.497023][ T6584]  bad_page+0x15e/0x1a0
[  139.497036][ T6584]  __free_frozen_pages+0xc77/0xcd0
[  139.497046][ T6584]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  139.497064][ T6584]  bpf_xdp_adjust_tail+0x1d6/0x220
[  139.497076][ T6584]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  139.497084][ T6584]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  139.497104][ T6584]  do_xdp_generic+0x76e/0xd20
[  139.497119][ T6584]  ? __pfx_do_xdp_generic+0x10/0x10
[  139.497131][ T6584]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  139.497148][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  139.497160][ T6584]  ? __pfx___up_read+0x10/0x10
[  139.497169][ T6584]  ? do_user_addr_fault+0xbc1/0x1390
[  139.497184][ T6584]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  139.497196][ T6584]  ? __lock_acquire+0xaac/0xd20
[  139.497208][ T6584]  ? netif_receive_skb+0x115/0x790
[  139.497216][ T6584]  ? netif_receive_skb+0x115/0x790
[  139.497224][ T6584]  __netif_receive_skb+0x72/0x380
[  139.497233][ T6584]  ? rep_movs_alternative+0x4a/0x90
[  139.497242][ T6584]  ? netif_receive_skb+0x115/0x790
[  139.497249][ T6584]  netif_receive_skb+0x1cb/0x790
[  139.497257][ T6584]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  139.497270][ T6584]  ? _copy_from_iter+0x24c/0x15a0
[  139.497282][ T6584]  ? __pfx_netif_receive_skb+0x10/0x10
[  139.497290][ T6584]  ? sock_alloc_send_pskb+0x875/0x990
[  139.497308][ T6584]  ? __pfx__copy_from_iter+0x10/0x10
[  139.497318][ T6584]  ? tun_rx_batched+0x160/0x730
[  139.497331][ T6584]  tun_rx_batched+0x1b9/0x730
[  139.497350][ T6584]  ? __pfx_tun_rx_batched+0x10/0x10
[  139.497372][ T6584]  ? tun_get_user+0x2444/0x3c20
[  139.497390][ T6584]  ? tun_get_user+0x2444/0x3c20
[  139.497406][ T6584]  ? tun_get_user+0x2444/0x3c20
[  139.497422][ T6584]  tun_get_user+0x2879/0x3c20
[  139.497443][ T6584]  ? preempt_schedule+0xae/0xc0
[  139.497454][ T6584]  ? __pfx_tun_get_user+0x10/0x10
[  139.497466][ T6584]  ? preempt_schedule_common+0x83/0xd0
[  139.497475][ T6584]  ? preempt_schedule+0xae/0xc0
[  139.497484][ T6584]  ? __pfx_preempt_schedule+0x10/0x10
[  139.497494][ T6584]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  139.497503][ T6584]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  139.497513][ T6584]  ? ref_tracker_alloc+0x318/0x460
[  139.497523][ T6584]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  139.497533][ T6584]  ? tun_get+0x1c/0x2f0
[  139.497546][ T6584]  ? tun_get+0x1c/0x2f0
[  139.497557][ T6584]  ? tun_get+0x1c/0x2f0
[  139.497570][ T6584]  tun_chr_write_iter+0x113/0x200
[  139.497582][ T6584]  vfs_write+0x54b/0xa90
[  139.497598][ T6584]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  139.497610][ T6584]  ? __pfx_vfs_write+0x10/0x10
[  139.497624][ T6584]  ? __fget_files+0x2a/0x420
[  139.497634][ T6584]  ksys_write+0x145/0x250
[  139.497645][ T6584]  ? rcu_is_watching+0x15/0xb0
[  139.497659][ T6584]  ? __pfx_ksys_write+0x10/0x10
[  139.497671][ T6584]  ? do_syscall_64+0xba/0x210
[  139.497682][ T6584]  do_syscall_64+0xf6/0x210
[  139.497693][ T6584]  ? clear_bhb_loop+0x60/0xb0
[  139.497703][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.497712][ T6584] RIP: 0033:0x7fb6a6d7e98f
[  139.497721][ T6584] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  139.497728][ T6584] RSP: 002b:00007fb6a7b72020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  139.497738][ T6584] RAX: ffffffffffffffda RBX: 00007fb6a6f45fa0 RCX: 00007fb6a6d7e98f
[  139.497745][ T6584] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  139.497750][ T6584] RBP: 00007fb6a6df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  139.497756][ T6584] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  139.497761][ T6584] R13: 0000000000000000 R14: 00007fb6a6f45fa0 R15: 00007fff4f99ea78
[  139.497770][ T6584]  </TASK>
[  139.921214][ T6584] BUG: Bad page state in process syz.0.15  pfn:2075b
[  139.927911][ T6584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802075bee0 pfn:0x2075b
[  139.938218][ T6584] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  139.945699][ T6584] raw: 00fff00000000000 dead000000000040 ffff888021ec2000 0000000000000000
[  139.954884][ T6584] raw: ffff88802075bee0 0000000000000001 00000000ffffffff 0000000000000000
[  139.964745][ T6584] page dumped because: page_pool leak
[  139.970684][ T6584] page_owner tracks the page as allocated
[  139.977008][ T6584] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6584, tgid 6583 (syz.0.15), ts 133447473481, free_ts 127980638155
[  139.994449][ T6584]  post_alloc_hook+0x1d8/0x230
[  139.999436][ T6584]  get_page_from_freelist+0x21c7/0x22a0
[  140.005168][ T6584]  __alloc_frozen_pages_noprof+0x181/0x370
[  140.011305][ T6584]  alloc_pages_bulk_noprof+0x560/0x710
[  140.016957][ T6584]  __page_pool_alloc_pages_slow+0x127/0x6c0
[  140.023247][ T6584]  skb_pp_cow_data+0xaf4/0x12f0
[  140.028656][ T6584]  do_xdp_generic+0x51a/0xd20
[  140.033687][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  140.039655][ T6584]  __netif_receive_skb+0x72/0x380
[  140.044783][ T6584]  netif_receive_skb+0x1cb/0x790
[  140.050030][ T6584]  tun_rx_batched+0x1b9/0x730
[  140.055087][ T6584]  tun_get_user+0x2879/0x3c20
[  140.060096][ T6584]  tun_chr_write_iter+0x113/0x200
[  140.065582][ T6584]  vfs_write+0x54b/0xa90
[  140.070321][ T6584]  ksys_write+0x145/0x250
[  140.074750][ T6584]  do_syscall_64+0xf6/0x210
[  140.079469][ T6584] page last free pid 6417 tgid 6417 stack trace:
[  140.085807][ T6584]  __free_frozen_pages+0xb05/0xcd0
[  140.090967][ T6584]  vfree+0x1a6/0x330
[  140.094955][ T6584]  kcov_close+0x28/0x50
[  140.099490][ T6584]  __fput+0x449/0xa70
[  140.103767][ T6584]  task_work_run+0x1d4/0x260
[  140.108574][ T6584]  do_exit+0x8d6/0x2550
[  140.112915][ T6584]  do_group_exit+0x21c/0x2d0
[  140.117961][ T6584]  get_signal+0x125e/0x1310
[  140.122495][ T6584]  arch_do_signal_or_restart+0x95/0x780
[  140.128168][ T6584]  syscall_exit_to_user_mode+0x8b/0x120
[  140.133911][ T6584]  do_syscall_64+0x103/0x210
[  140.138644][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.144748][ T6584] Modules linked in:
[  140.149038][ T6584] CPU: 0 UID: 0 PID: 6584 Comm: syz.0.15 Tainted: G    B               6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full) 
[  140.149059][ T6584] Tainted: [B]=BAD_PAGE
[  140.149064][ T6584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  140.149073][ T6584] Call Trace:
[  140.149082][ T6584]  <TASK>
[  140.149090][ T6584]  dump_stack_lvl+0x189/0x250
[  140.149115][ T6584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.149130][ T6584]  ? __pfx_print_modules+0x10/0x10
[  140.149145][ T6584]  bad_page+0x15e/0x1a0
[  140.149163][ T6584]  __free_frozen_pages+0xc77/0xcd0
[  140.149179][ T6584]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  140.149204][ T6584]  bpf_xdp_adjust_tail+0x1d6/0x220
[  140.149222][ T6584]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  140.149233][ T6584]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  140.149274][ T6584]  do_xdp_generic+0x76e/0xd20
[  140.149298][ T6584]  ? __pfx_do_xdp_generic+0x10/0x10
[  140.149318][ T6584]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  140.149349][ T6584]  __netif_receive_skb_core+0x1823/0x4180
[  140.149370][ T6584]  ? __pfx___up_read+0x10/0x10
[  140.149385][ T6584]  ? do_user_addr_fault+0xbc1/0x1390
[  140.149410][ T6584]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  140.149432][ T6584]  ? __lock_acquire+0xaac/0xd20
[  140.149454][ T6584]  ? netif_receive_skb+0x115/0x790
[  140.149469][ T6584]  ? netif_receive_skb+0x115/0x790
[  140.149485][ T6584]  __netif_receive_skb+0x72/0x380
[  140.149501][ T6584]  ? rep_movs_alternative+0x4a/0x90
[  140.149521][ T6584]  ? netif_receive_skb+0x115/0x790
[  140.149534][ T6584]  netif_receive_skb+0x1cb/0x790
[  140.149548][ T6584]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  140.149570][ T6584]  ? _copy_from_iter+0x24c/0x15a0
[  140.149588][ T6584]  ? __pfx_netif_receive_skb+0x10/0x10
[  140.149602][ T6584]  ? sock_alloc_send_pskb+0x875/0x990
[  140.149623][ T6584]  ? __pfx__copy_from_iter+0x10/0x10
[  140.149640][ T6584]  ? tun_rx_batched+0x160/0x730
[  140.149661][ T6584]  tun_rx_batched+0x1b9/0x730
[  140.149680][ T6584]  ? __pfx_tun_rx_batched+0x10/0x10
[  140.149699][ T6584]  ? tun_get_user+0x2444/0x3c20
[  140.149718][ T6584]  ? tun_get_user+0x2444/0x3c20
[  140.149736][ T6584]  ? tun_get_user+0x2444/0x3c20
[  140.149755][ T6584]  tun_get_user+0x2879/0x3c20
[  140.149782][ T6584]  ? preempt_schedule+0xae/0xc0
[  140.149800][ T6584]  ? __pfx_tun_get_user+0x10/0x10
[  140.149819][ T6584]  ? preempt_schedule_common+0x83/0xd0
[  140.149835][ T6584]  ? preempt_schedule+0xae/0xc0
[  140.149851][ T6584]  ? __pfx_preempt_schedule+0x10/0x10
[  140.149867][ T6584]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  140.149884][ T6584]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  140.149902][ T6584]  ? ref_tracker_alloc+0x318/0x460
[  140.149920][ T6584]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  140.149937][ T6584]  ? tun_get+0x1c/0x2f0
[  140.149958][ T6584]  ? tun_get+0x1c/0x2f0
[  140.149977][ T6584]  ? tun_get+0x1c/0x2f0
[  140.149996][ T6584]  tun_chr_write_iter+0x113/0x200
[  140.150018][ T6584]  vfs_write+0x54b/0xa90
[  140.150039][ T6584]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  140.150064][ T6584]  ? __pfx_vfs_write+0x10/0x10
[  140.150087][ T6584]  ? __fget_files+0x2a/0x420
[  140.150102][ T6584]  ksys_write+0x145/0x250
[  140.150116][ T6584]  ? rcu_is_watching+0x15/0xb0
[  140.150137][ T6584]  ? __pfx_ksys_write+0x10/0x10
[  140.150157][ T6584]  ? do_syscall_64+0xba/0x210
[  140.150176][ T6584]  do_syscall_64+0xf6/0x210
[  140.150195][ T6584]  ? clear_bhb_loop+0x60/0xb0
[  140.150211][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.150226][ T6584] RIP: 0033:0x7fb6a6d7e98f
[  140.150240][ T6584] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  140.150261][ T6584] RSP: 002b:00007fb6a7b72020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  140.150278][ T6584] RAX: ffffffffffffffda RBX: 00007fb6a6f45fa0 RCX: 00007fb6a6d7e98f
[  140.150290][ T6584] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  140.150300][ T6584] RBP: 00007fb6a6df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  140.150309][ T6584] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  140.150318][ T6584] R13: 0000000000000000 R14: 00007fb6a6f45fa0 R15: 00007fff4f99ea78
[  140.150335][ T6584]  </TASK>
2025/05/22 22:19:17 executed programs: 3
[  140.795208][ T6640] BUG: Bad page state in process syz.0.16  pfn:243b1
[  140.802376][ T6640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffffffffffffff pfn:0x243b1
[  140.812956][ T6640] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  140.820407][ T6640] raw: 00fff00000000000 dead000000000040 ffff888021ec5000 0000000000000000
[  140.829218][ T6640] raw: ffffffffffffffff 0000000000000001 00000000ffffffff 0000000000000000
[  140.838033][ T6640] page dumped because: page_pool leak
[  140.843507][ T6640] page_owner tracks the page as allocated
[  140.849487][ T6640] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6640, tgid 6630 (syz.0.16), ts 140795134441, free_ts 140790552109
[  140.866756][ T6640]  post_alloc_hook+0x1d8/0x230
[  140.871762][ T6640]  get_page_from_freelist+0x21c7/0x22a0
[  140.877728][ T6640]  __alloc_frozen_pages_noprof+0x181/0x370
[  140.883834][ T6640]  alloc_pages_bulk_noprof+0x560/0x710
[  140.889546][ T6640]  __page_pool_alloc_pages_slow+0x127/0x6c0
[  140.896190][ T6640]  skb_pp_cow_data+0xaf4/0x12f0
[  140.901183][ T6640]  do_xdp_generic+0x51a/0xd20
[  140.906398][ T6640]  __netif_receive_skb_core+0x1823/0x4180
[  140.912176][ T6640]  __netif_receive_skb+0x72/0x380
[  140.917216][ T6640]  netif_receive_skb+0x1cb/0x790
[  140.922392][ T6640]  tun_rx_batched+0x1b9/0x730
[  140.927192][ T6640]  tun_get_user+0x2879/0x3c20
[  140.931941][ T6640]  tun_chr_write_iter+0x113/0x200
[  140.937161][ T6640]  vfs_write+0x54b/0xa90
[  140.941561][ T6640]  ksys_write+0x145/0x250
[  140.945935][ T6640]  do_syscall_64+0xf6/0x210
[  140.950510][ T6640] page last free pid 48 tgid 48 stack trace:
[  140.956515][ T6640]  __free_frozen_pages+0xb05/0xcd0
[  140.961785][ T6640]  vfree+0x1a6/0x330
[  140.965995][ T6640]  delayed_vfree_work+0x55/0x80
[  140.970909][ T6640]  process_scheduled_works+0xade/0x17a0
[  140.976665][ T6640]  worker_thread+0x8a0/0xda0
[  140.981378][ T6640]  kthread+0x711/0x8a0
[  140.985474][ T6640]  ret_from_fork+0x4b/0x80
[  140.989950][ T6640]  ret_from_fork_asm+0x1a/0x30
[  140.994755][ T6640] Modules linked in:
[  140.998880][ T6640] CPU: 1 UID: 0 PID: 6640 Comm: syz.0.16 Tainted: G    B               6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full) 
[  140.998907][ T6640] Tainted: [B]=BAD_PAGE
[  140.998913][ T6640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  140.998922][ T6640] Call Trace:
[  140.998928][ T6640]  <TASK>
[  140.998934][ T6640]  dump_stack_lvl+0x189/0x250
[  140.998961][ T6640]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.999006][ T6640]  ? __pfx_print_modules+0x10/0x10
[  140.999027][ T6640]  bad_page+0x15e/0x1a0
[  140.999047][ T6640]  __free_frozen_pages+0xc77/0xcd0
[  140.999080][ T6640]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  140.999110][ T6640]  bpf_xdp_adjust_tail+0x1d6/0x220
[  140.999131][ T6640]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  140.999145][ T6640]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  140.999183][ T6640]  do_xdp_generic+0x76e/0xd20
[  140.999209][ T6640]  ? __pfx_do_xdp_generic+0x10/0x10
[  140.999229][ T6640]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  140.999263][ T6640]  __netif_receive_skb_core+0x1823/0x4180
[  140.999285][ T6640]  ? __pfx___up_read+0x10/0x10
[  140.999299][ T6640]  ? lock_release+0x4b/0x3e0
[  140.999321][ T6640]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  140.999340][ T6640]  ? rcu_is_watching+0x15/0xb0
[  140.999363][ T6640]  ? irqentry_exit+0x74/0x90
[  140.999380][ T6640]  ? exc_page_fault+0x91/0x110
[  140.999406][ T6640]  ? netif_receive_skb+0x115/0x790
[  140.999420][ T6640]  ? rcu_is_watching+0x15/0xb0
[  140.999444][ T6640]  ? lock_acquire+0x5f/0x360
[  140.999462][ T6640]  __netif_receive_skb+0x72/0x380
[  140.999477][ T6640]  ? rep_movs_alternative+0x4a/0x90
[  140.999491][ T6640]  ? netif_receive_skb+0x115/0x790
[  140.999504][ T6640]  netif_receive_skb+0x1cb/0x790
[  140.999517][ T6640]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  140.999536][ T6640]  ? _copy_from_iter+0x24c/0x15a0
[  140.999551][ T6640]  ? __pfx_netif_receive_skb+0x10/0x10
[  140.999562][ T6640]  ? sock_alloc_send_pskb+0x875/0x990
[  140.999582][ T6640]  ? __pfx__copy_from_iter+0x10/0x10
[  140.999597][ T6640]  ? tun_rx_batched+0x160/0x730
[  140.999617][ T6640]  tun_rx_batched+0x1b9/0x730
[  140.999636][ T6640]  ? skb_header_pointer+0x8e/0x120
[  140.999656][ T6640]  ? __pfx_tun_rx_batched+0x10/0x10
[  140.999675][ T6640]  ? tun_get_user+0x2444/0x3c20
[  140.999693][ T6640]  ? rcu_is_watching+0x15/0xb0
[  140.999712][ T6640]  ? lock_acquire+0x5f/0x360
[  140.999729][ T6640]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  140.999752][ T6640]  ? tun_get_user+0x2444/0x3c20
[  140.999770][ T6640]  tun_get_user+0x2879/0x3c20
[  140.999798][ T6640]  ? __pfx_tun_get_user+0x10/0x10
[  140.999819][ T6640]  ? __futex_wait+0x217/0x2a0
[  140.999841][ T6640]  ? ref_tracker_alloc+0x318/0x460
[  140.999857][ T6640]  ? __pfx_futex_wake_mark+0x10/0x10
[  140.999875][ T6640]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  140.999890][ T6640]  ? tun_get+0x1c/0x2f0
[  140.999908][ T6640]  ? tun_get+0x1c/0x2f0
[  140.999927][ T6640]  ? rcu_is_watching+0x15/0xb0
[  140.999947][ T6640]  ? tun_get+0x1c/0x2f0
[  140.999966][ T6640]  ? lock_release+0x4b/0x3e0
[  140.999983][ T6640]  ? futex_wait+0x285/0x360
[  141.000001][ T6640]  ? tun_get+0x1c/0x2f0
[  141.000021][ T6640]  tun_chr_write_iter+0x113/0x200
[  141.000042][ T6640]  vfs_write+0x54b/0xa90
[  141.000064][ T6640]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  141.000083][ T6640]  ? __pfx_vfs_write+0x10/0x10
[  141.000105][ T6640]  ? __fget_files+0x2a/0x420
[  141.000120][ T6640]  ksys_write+0x145/0x250
[  141.000138][ T6640]  ? rcu_is_watching+0x15/0xb0
[  141.000177][ T6640]  ? __pfx_ksys_write+0x10/0x10
[  141.000197][ T6640]  ? rcu_is_watching+0x15/0xb0
[  141.000218][ T6640]  do_syscall_64+0xf6/0x210
[  141.000237][ T6640]  ? clear_bhb_loop+0x60/0xb0
[  141.000254][ T6640]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.000269][ T6640] RIP: 0033:0x7fb6a6d7e98f
[  141.000283][ T6640] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  141.000296][ T6640] RSP: 002b:00007fb6a7b72020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  141.000313][ T6640] RAX: ffffffffffffffda RBX: 00007fb6a6f45fa0 RCX: 00007fb6a6d7e98f
[  141.000324][ T6640] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  141.000334][ T6640] RBP: 00007fb6a6df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  141.000377][ T6640] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  141.000387][ T6640] R13: 0000000000000000 R14: 00007fb6a6f45fa0 R15: 00007fff4f99ea78
[  141.000405][ T6640]  </TASK>
[  141.000414][ T6640] BUG: Bad page state in process syz.0.16  pfn:6539e
[  141.449620][ T6640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806539e140 pfn:0x6539e
[  141.459940][ T6640] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  141.467072][ T6640] raw: 00fff00000000000 dead000000000040 ffff888021ec5000 0000000000000000
[  141.476567][ T6640] raw: ffff88806539e140 0000000000000001 00000000ffffffff 0000000000000000
[  141.485643][ T6640] page dumped because: page_pool leak
[  141.491152][ T6640] page_owner tracks the page as allocated
[  141.496880][ T6640] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6640, tgid 6630 (syz.0.16), ts 140795123694, free_ts 140790579370
[  141.514321][ T6640]  post_alloc_hook+0x1d8/0x230
[  141.519140][ T6640]  get_page_from_freelist+0x21c7/0x22a0
[  141.524709][ T6640]  __alloc_frozen_pages_noprof+0x181/0x370
[  141.530675][ T6640]  alloc_pages_bulk_noprof+0x560/0x710
[  141.536508][ T6640]  __page_pool_alloc_pages_slow+0x127/0x6c0
[  141.542494][ T6640]  skb_pp_cow_data+0xaf4/0x12f0
[  141.547419][ T6640]  do_xdp_generic+0x51a/0xd20
[  141.552134][ T6640]  __netif_receive_skb_core+0x1823/0x4180
[  141.557922][ T6640]  __netif_receive_skb+0x72/0x380
[  141.562962][ T6640]  netif_receive_skb+0x1cb/0x790
[  141.568494][ T6640]  tun_rx_batched+0x1b9/0x730
[  141.573203][ T6640]  tun_get_user+0x2879/0x3c20
[  141.578108][ T6640]  tun_chr_write_iter+0x113/0x200
[  141.583240][ T6640]  vfs_write+0x54b/0xa90
[  141.587726][ T6640]  ksys_write+0x145/0x250
[  141.592257][ T6640]  do_syscall_64+0xf6/0x210
[  141.597053][ T6640] page last free pid 48 tgid 48 stack trace:
[  141.603309][ T6640]  __free_frozen_pages+0xb05/0xcd0
[  141.608661][ T6640]  vfree+0x1a6/0x330
[  141.612675][ T6640]  delayed_vfree_work+0x55/0x80
[  141.617854][ T6640]  process_scheduled_works+0xade/0x17a0
[  141.623445][ T6640]  worker_thread+0x8a0/0xda0
[  141.628284][ T6640]  kthread+0x711/0x8a0
[  141.632396][ T6640]  ret_from_fork+0x4b/0x80
[  141.636947][ T6640]  ret_from_fork_asm+0x1a/0x30
[  141.641785][ T6640] Modules linked in:
[  141.645793][ T6640] CPU: 1 UID: 0 PID: 6640 Comm: syz.0.16 Tainted: G    B               6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full) 
[  141.645819][ T6640] Tainted: [B]=BAD_PAGE
[  141.645825][ T6640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  141.645834][ T6640] Call Trace:
[  141.645840][ T6640]  <TASK>
[  141.645847][ T6640]  dump_stack_lvl+0x189/0x250
[  141.645873][ T6640]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.645892][ T6640]  ? __pfx_print_modules+0x10/0x10
[  141.645912][ T6640]  bad_page+0x15e/0x1a0
[  141.645933][ T6640]  __free_frozen_pages+0xc77/0xcd0
[  141.645953][ T6640]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  141.645981][ T6640]  bpf_xdp_adjust_tail+0x1d6/0x220
[  141.646002][ T6640]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  141.646015][ T6640]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  141.646049][ T6640]  do_xdp_generic+0x76e/0xd20
[  141.646075][ T6640]  ? __pfx_do_xdp_generic+0x10/0x10
[  141.646095][ T6640]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  141.646129][ T6640]  __netif_receive_skb_core+0x1823/0x4180
[  141.646157][ T6640]  ? __pfx___up_read+0x10/0x10
[  141.646172][ T6640]  ? lock_release+0x4b/0x3e0
[  141.646194][ T6640]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  141.646214][ T6640]  ? rcu_is_watching+0x15/0xb0
[  141.646236][ T6640]  ? irqentry_exit+0x74/0x90
[  141.646253][ T6640]  ? exc_page_fault+0x91/0x110
[  141.646271][ T6640]  ? netif_receive_skb+0x115/0x790
[  141.646284][ T6640]  ? rcu_is_watching+0x15/0xb0
[  141.646305][ T6640]  ? lock_acquire+0x5f/0x360
[  141.646324][ T6640]  __netif_receive_skb+0x72/0x380
[  141.646339][ T6640]  ? rep_movs_alternative+0x4a/0x90
[  141.646355][ T6640]  ? netif_receive_skb+0x115/0x790
[  141.646369][ T6640]  netif_receive_skb+0x1cb/0x790
[  141.646384][ T6640]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  141.646405][ T6640]  ? _copy_from_iter+0x24c/0x15a0
[  141.646423][ T6640]  ? __pfx_netif_receive_skb+0x10/0x10
[  141.646438][ T6640]  ? sock_alloc_send_pskb+0x875/0x990
[  141.646460][ T6640]  ? __pfx__copy_from_iter+0x10/0x10
[  141.646478][ T6640]  ? tun_rx_batched+0x160/0x730
[  141.646499][ T6640]  tun_rx_batched+0x1b9/0x730
[  141.646520][ T6640]  ? skb_header_pointer+0x8e/0x120
[  141.646541][ T6640]  ? __pfx_tun_rx_batched+0x10/0x10
[  141.646562][ T6640]  ? tun_get_user+0x2444/0x3c20
[  141.646581][ T6640]  ? rcu_is_watching+0x15/0xb0
[  141.646600][ T6640]  ? lock_acquire+0x5f/0x360
[  141.646617][ T6640]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  141.646641][ T6640]  ? tun_get_user+0x2444/0x3c20
[  141.646661][ T6640]  tun_get_user+0x2879/0x3c20
[  141.646690][ T6640]  ? __pfx_tun_get_user+0x10/0x10
[  141.646712][ T6640]  ? __futex_wait+0x217/0x2a0
[  141.646733][ T6640]  ? ref_tracker_alloc+0x318/0x460
[  141.646750][ T6640]  ? __pfx_futex_wake_mark+0x10/0x10
[  141.646767][ T6640]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  141.646784][ T6640]  ? tun_get+0x1c/0x2f0
[  141.646804][ T6640]  ? tun_get+0x1c/0x2f0
[  141.646822][ T6640]  ? rcu_is_watching+0x15/0xb0
[  141.646842][ T6640]  ? tun_get+0x1c/0x2f0
[  141.646861][ T6640]  ? lock_release+0x4b/0x3e0
[  141.646878][ T6640]  ? futex_wait+0x285/0x360
[  141.646896][ T6640]  ? tun_get+0x1c/0x2f0
[  141.646918][ T6640]  tun_chr_write_iter+0x113/0x200
[  141.646940][ T6640]  vfs_write+0x54b/0xa90
[  141.646962][ T6640]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  141.646983][ T6640]  ? __pfx_vfs_write+0x10/0x10
[  141.647006][ T6640]  ? __fget_files+0x2a/0x420
[  141.647024][ T6640]  ksys_write+0x145/0x250
[  141.647044][ T6640]  ? rcu_is_watching+0x15/0xb0
[  141.647065][ T6640]  ? __pfx_ksys_write+0x10/0x10
[  141.647086][ T6640]  ? rcu_is_watching+0x15/0xb0
[  141.647107][ T6640]  do_syscall_64+0xf6/0x210
[  141.647126][ T6640]  ? clear_bhb_loop+0x60/0xb0
[  141.647149][ T6640]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.647164][ T6640] RIP: 0033:0x7fb6a6d7e98f
[  141.647178][ T6640] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  141.647191][ T6640] RSP: 002b:00007fb6a7b72020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  141.647209][ T6640] RAX: ffffffffffffffda RBX: 00007fb6a6f45fa0 RCX: 00007fb6a6d7e98f
[  141.647221][ T6640] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  141.647231][ T6640] RBP: 00007fb6a6df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  141.647241][ T6640] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  141.647251][ T6640] R13: 0000000000000000 R14: 00007fb6a6f45fa0 R15: 00007fff4f99ea78
[  141.647268][ T6640]  </TASK>
[  141.647277][ T6640] BUG: Bad page state in process syz.0.16  pfn:2f789
[  142.120280][ T6640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802f789f00 pfn:0x2f789
[  142.131027][ T6640] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  142.138717][ T6640] raw: 00fff00000000000 dead000000000040 ffff888021ec5000 0000000000000000
[  142.147699][ T6640] raw: ffff88802f789f00 0000000000000001 00000000ffffffff 0000000000000000
[  142.157330][ T6640] page dumped because: page_pool leak
[  142.163036][ T6640] page_owner tracks the page as allocated
[  142.169244][ T6640] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6640, tgid 6630 (syz.0.16), ts 140795113682, free_ts 140790586649
[  142.187306][ T6640]  post_alloc_hook+0x1d8/0x230
[  142.192349][ T6640]  get_page_from_freelist+0x21c7/0x22a0
[  142.198676][ T6640]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.204600][ T6640]  alloc_pages_bulk_noprof+0x560/0x710
[  142.211235][ T6640]  __page_pool_alloc_pages_slow+0x127/0x6c0
[  142.218939][ T6640]  skb_pp_cow_data+0xaf4/0x12f0
[  142.224056][ T6640]  do_xdp_generic+0x51a/0xd20
[  142.228978][ T6640]  __netif_receive_skb_core+0x1823/0x4180
[  142.235267][ T6640]  __netif_receive_skb+0x72/0x380
[  142.240540][ T6640]  netif_receive_skb+0x1cb/0x790
[  142.245673][ T6640]  tun_rx_batched+0x1b9/0x730
[  142.250608][ T6640]  tun_get_user+0x2879/0x3c20
[  142.255573][ T6640]  tun_chr_write_iter+0x113/0x200
[  142.261054][ T6640]  vfs_write+0x54b/0xa90
[  142.265684][ T6640]  ksys_write+0x145/0x250
[  142.270172][ T6640]  do_syscall_64+0xf6/0x210
[  142.274870][ T6640] page last free pid 48 tgid 48 stack trace:
[  142.280911][ T6640]  __free_frozen_pages+0xb05/0xcd0
[  142.286089][ T6640]  vfree+0x1a6/0x330
[  142.290160][ T6640]  delayed_vfree_work+0x55/0x80
[  142.295224][ T6640]  process_scheduled_works+0xade/0x17a0
[  142.300944][ T6640]  worker_thread+0x8a0/0xda0
[  142.305722][ T6640]  kthread+0x711/0x8a0
[  142.309863][ T6640]  ret_from_fork+0x4b/0x80
[  142.314299][ T6640]  ret_from_fork_asm+0x1a/0x30
[  142.319130][ T6640] Modules linked in:
[  142.323050][ T6640] CPU: 1 UID: 0 PID: 6640 Comm: syz.0.16 Tainted: G    B               6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full) 
[  142.323081][ T6640] Tainted: [B]=BAD_PAGE
[  142.323087][ T6640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  142.323096][ T6640] Call Trace:
[  142.323102][ T6640]  <TASK>
[  142.323109][ T6640]  dump_stack_lvl+0x189/0x250
[  142.323134][ T6640]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.323154][ T6640]  ? __pfx_print_modules+0x10/0x10
[  142.323169][ T6640]  bad_page+0x15e/0x1a0
[  142.323185][ T6640]  __free_frozen_pages+0xc77/0xcd0
[  142.323200][ T6640]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  142.323228][ T6640]  bpf_xdp_adjust_tail+0x1d6/0x220
[  142.323248][ T6640]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  142.323261][ T6640]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  142.323296][ T6640]  do_xdp_generic+0x76e/0xd20
[  142.323320][ T6640]  ? __pfx_do_xdp_generic+0x10/0x10
[  142.323340][ T6640]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  142.323373][ T6640]  __netif_receive_skb_core+0x1823/0x4180
[  142.323395][ T6640]  ? __pfx___up_read+0x10/0x10
[  142.323409][ T6640]  ? lock_release+0x4b/0x3e0
[  142.323432][ T6640]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  142.323451][ T6640]  ? rcu_is_watching+0x15/0xb0
[  142.323474][ T6640]  ? irqentry_exit+0x74/0x90
[  142.323491][ T6640]  ? exc_page_fault+0x91/0x110
[  142.323509][ T6640]  ? netif_receive_skb+0x115/0x790
[  142.323523][ T6640]  ? rcu_is_watching+0x15/0xb0
[  142.323543][ T6640]  ? lock_acquire+0x5f/0x360
[  142.323562][ T6640]  __netif_receive_skb+0x72/0x380
[  142.323578][ T6640]  ? rep_movs_alternative+0x4a/0x90
[  142.323593][ T6640]  ? netif_receive_skb+0x115/0x790
[  142.323608][ T6640]  netif_receive_skb+0x1cb/0x790
[  142.323622][ T6640]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  142.323644][ T6640]  ? _copy_from_iter+0x24c/0x15a0
[  142.323663][ T6640]  ? __pfx_netif_receive_skb+0x10/0x10
[  142.323678][ T6640]  ? sock_alloc_send_pskb+0x875/0x990
[  142.323699][ T6640]  ? __pfx__copy_from_iter+0x10/0x10
[  142.323716][ T6640]  ? tun_rx_batched+0x160/0x730
[  142.323738][ T6640]  tun_rx_batched+0x1b9/0x730
[  142.323758][ T6640]  ? skb_header_pointer+0x8e/0x120
[  142.323780][ T6640]  ? __pfx_tun_rx_batched+0x10/0x10
[  142.323800][ T6640]  ? tun_get_user+0x2444/0x3c20
[  142.323819][ T6640]  ? rcu_is_watching+0x15/0xb0
[  142.323840][ T6640]  ? lock_acquire+0x5f/0x360
[  142.323858][ T6640]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  142.323883][ T6640]  ? tun_get_user+0x2444/0x3c20
[  142.323903][ T6640]  tun_get_user+0x2879/0x3c20
[  142.323932][ T6640]  ? __pfx_tun_get_user+0x10/0x10
[  142.323954][ T6640]  ? __futex_wait+0x217/0x2a0
[  142.323977][ T6640]  ? ref_tracker_alloc+0x318/0x460
[  142.323994][ T6640]  ? __pfx_futex_wake_mark+0x10/0x10
[  142.324011][ T6640]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  142.324029][ T6640]  ? tun_get+0x1c/0x2f0
[  142.324048][ T6640]  ? tun_get+0x1c/0x2f0
[  142.324073][ T6640]  ? rcu_is_watching+0x15/0xb0
[  142.324092][ T6640]  ? tun_get+0x1c/0x2f0
[  142.324111][ T6640]  ? lock_release+0x4b/0x3e0
[  142.324129][ T6640]  ? futex_wait+0x285/0x360
[  142.324148][ T6640]  ? tun_get+0x1c/0x2f0
[  142.324168][ T6640]  tun_chr_write_iter+0x113/0x200
[  142.324190][ T6640]  vfs_write+0x54b/0xa90
[  142.324212][ T6640]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  142.324231][ T6640]  ? __pfx_vfs_write+0x10/0x10
[  142.324253][ T6640]  ? __fget_files+0x2a/0x420
[  142.324271][ T6640]  ksys_write+0x145/0x250
[  142.324289][ T6640]  ? rcu_is_watching+0x15/0xb0
[  142.324310][ T6640]  ? __pfx_ksys_write+0x10/0x10
[  142.324330][ T6640]  ? rcu_is_watching+0x15/0xb0
[  142.324352][ T6640]  do_syscall_64+0xf6/0x210
[  142.324371][ T6640]  ? clear_bhb_loop+0x60/0xb0
[  142.324389][ T6640]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.324404][ T6640] RIP: 0033:0x7fb6a6d7e98f
[  142.324419][ T6640] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  142.324432][ T6640] RSP: 002b:00007fb6a7b72020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  142.324449][ T6640] RAX: ffffffffffffffda RBX: 00007fb6a6f45fa0 RCX: 00007fb6a6d7e98f
[  142.324461][ T6640] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  142.324472][ T6640] RBP: 00007fb6a6df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  142.324482][ T6640] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  142.324492][ T6640] R13: 0000000000000000 R14: 00007fb6a6f45fa0 R15: 00007fff4f99ea78
[  142.324509][ T6640]  </TASK>
[  142.324518][ T6640] BUG: Bad page state in process syz.0.16  pfn:34724
[  142.773897][ T6640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888034724000 pfn:0x34724
[  142.784181][ T6640] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  142.791416][ T6640] raw: 00fff00000000000 dead000000000040 ffff888021ec5000 0000000000000000
[  142.800306][ T6640] raw: ffff888034724000 0000000000000001 00000000ffffffff 0000000000000000
[  142.809184][ T6640] page dumped because: page_pool leak
[  142.814799][ T6640] page_owner tracks the page as allocated
[  142.821176][ T6640] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6640, tgid 6630 (syz.0.16), ts 140795103325, free_ts 140790593926
[  142.839145][ T6640]  post_alloc_hook+0x1d8/0x230
[  142.844001][ T6640]  get_page_from_freelist+0x21c7/0x22a0
[  142.849614][ T6640]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.855736][ T6640]  alloc_pages_bulk_noprof+0x560/0x710
[  142.861437][ T6640]  __page_pool_alloc_pages_slow+0x127/0x6c0
[  142.867583][ T6640]  skb_pp_cow_data+0xaf4/0x12f0
[  142.872830][ T6640]  do_xdp_generic+0x51a/0xd20
[  142.877841][ T6640]  __netif_receive_skb_core+0x1823/0x4180
[  142.883771][ T6640]  __netif_receive_skb+0x72/0x380
[  142.889356][ T6640]  netif_receive_skb+0x1cb/0x790
[  142.894475][ T6640]  tun_rx_batched+0x1b9/0x730
[  142.899192][ T6640]  tun_get_user+0x2879/0x3c20
[  142.903885][ T6640]  tun_chr_write_iter+0x113/0x200
[  142.909830][ T6640]  vfs_write+0x54b/0xa90
[  142.914174][ T6640]  ksys_write+0x145/0x250
[  142.918541][ T6640]  do_syscall_64+0xf6/0x210
[  142.923056][ T6640] page last free pid 48 tgid 48 stack trace:
[  142.929316][ T6640]  __free_frozen_pages+0xb05/0xcd0
[  142.935416][ T6640]  vfree+0x1a6/0x330
[  142.939985][ T6640]  delayed_vfree_work+0x55/0x80
[  142.945490][ T6640]  process_scheduled_works+0xade/0x17a0
[  142.951651][ T6640]  worker_thread+0x8a0/0xda0
[  142.956697][ T6640]  kthread+0x711/0x8a0
[  142.961393][ T6640]  ret_from_fork+0x4b/0x80
[  142.966700][ T6640]  ret_from_fork_asm+0x1a/0x30
[  142.971595][ T6640] Modules linked in:
[  142.975678][ T6640] CPU: 1 UID: 0 PID: 6640 Comm: syz.0.16 Tainted: G    B               6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full) 
[  142.975693][ T6640] Tainted: [B]=BAD_PAGE
[  142.975696][ T6640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  142.975702][ T6640] Call Trace:
[  142.975707][ T6640]  <TASK>
[  142.975711][ T6640]  dump_stack_lvl+0x189/0x250
[  142.975727][ T6640]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.975738][ T6640]  ? __pfx_print_modules+0x10/0x10
[  142.975749][ T6640]  bad_page+0x15e/0x1a0
[  142.975762][ T6640]  __free_frozen_pages+0xc77/0xcd0
[  142.975773][ T6640]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  142.975791][ T6640]  bpf_xdp_adjust_tail+0x1d6/0x220
[  142.975803][ T6640]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  142.975812][ T6640]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  142.975832][ T6640]  do_xdp_generic+0x76e/0xd20
[  142.975848][ T6640]  ? __pfx_do_xdp_generic+0x10/0x10
[  142.975860][ T6640]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  142.975878][ T6640]  __netif_receive_skb_core+0x1823/0x4180
[  142.975889][ T6640]  ? __pfx___up_read+0x10/0x10
[  142.975898][ T6640]  ? lock_release+0x4b/0x3e0
[  142.975911][ T6640]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  142.975921][ T6640]  ? rcu_is_watching+0x15/0xb0
[  142.975935][ T6640]  ? irqentry_exit+0x74/0x90
[  142.975945][ T6640]  ? exc_page_fault+0x91/0x110
[  142.975956][ T6640]  ? netif_receive_skb+0x115/0x790
[  142.975963][ T6640]  ? rcu_is_watching+0x15/0xb0
[  142.975982][ T6640]  ? lock_acquire+0x5f/0x360
[  142.975994][ T6640]  __netif_receive_skb+0x72/0x380
[  142.976002][ T6640]  ? rep_movs_alternative+0x4a/0x90
[  142.976011][ T6640]  ? netif_receive_skb+0x115/0x790
[  142.976019][ T6640]  netif_receive_skb+0x1cb/0x790
[  142.976027][ T6640]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  142.976040][ T6640]  ? _copy_from_iter+0x24c/0x15a0
[  142.976051][ T6640]  ? __pfx_netif_receive_skb+0x10/0x10
[  142.976059][ T6640]  ? sock_alloc_send_pskb+0x875/0x990
[  142.976072][ T6640]  ? __pfx__copy_from_iter+0x10/0x10
[  142.976082][ T6640]  ? tun_rx_batched+0x160/0x730
[  142.976095][ T6640]  tun_rx_batched+0x1b9/0x730
[  142.976107][ T6640]  ? skb_header_pointer+0x8e/0x120
[  142.976120][ T6640]  ? __pfx_tun_rx_batched+0x10/0x10
[  142.976132][ T6640]  ? tun_get_user+0x2444/0x3c20
[  142.976143][ T6640]  ? rcu_is_watching+0x15/0xb0
[  142.976156][ T6640]  ? lock_acquire+0x5f/0x360
[  142.976166][ T6640]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  142.976181][ T6640]  ? tun_get_user+0x2444/0x3c20
[  142.976193][ T6640]  tun_get_user+0x2879/0x3c20
[  142.976209][ T6640]  ? __pfx_tun_get_user+0x10/0x10
[  142.976222][ T6640]  ? __futex_wait+0x217/0x2a0
[  142.976235][ T6640]  ? ref_tracker_alloc+0x318/0x460
[  142.976245][ T6640]  ? __pfx_futex_wake_mark+0x10/0x10
[  142.976255][ T6640]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  142.976264][ T6640]  ? tun_get+0x1c/0x2f0
[  142.976276][ T6640]  ? tun_get+0x1c/0x2f0
[  142.976287][ T6640]  ? rcu_is_watching+0x15/0xb0
[  142.976298][ T6640]  ? tun_get+0x1c/0x2f0
[  142.976309][ T6640]  ? lock_release+0x4b/0x3e0
[  142.976320][ T6640]  ? futex_wait+0x285/0x360
[  142.976330][ T6640]  ? tun_get+0x1c/0x2f0
[  142.976343][ T6640]  tun_chr_write_iter+0x113/0x200
[  142.976355][ T6640]  vfs_write+0x54b/0xa90
[  142.976369][ T6640]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  142.976381][ T6640]  ? __pfx_vfs_write+0x10/0x10
[  142.976394][ T6640]  ? __fget_files+0x2a/0x420
[  142.976404][ T6640]  ksys_write+0x145/0x250
[  142.976415][ T6640]  ? rcu_is_watching+0x15/0xb0
[  142.976427][ T6640]  ? __pfx_ksys_write+0x10/0x10
[  142.976439][ T6640]  ? rcu_is_watching+0x15/0xb0
[  142.976456][ T6640]  do_syscall_64+0xf6/0x210
[  142.976471][ T6640]  ? clear_bhb_loop+0x60/0xb0
[  142.976481][ T6640]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.976490][ T6640] RIP: 0033:0x7fb6a6d7e98f
[  142.976498][ T6640] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  142.976505][ T6640] RSP: 002b:00007fb6a7b72020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  142.976515][ T6640] RAX: ffffffffffffffda RBX: 00007fb6a6f45fa0 RCX: 00007fb6a6d7e98f
[  142.976522][ T6640] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  142.976527][ T6640] RBP: 00007fb6a6df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  142.976532][ T6640] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  142.976538][ T6640] R13: 0000000000000000 R14: 00007fb6a6f45fa0 R15: 00007fff4f99ea78
[  142.976553][ T6640]  </TASK>
[  142.976560][ T6640] BUG: Bad page state in process syz.0.16  pfn:5cc79
[  143.422828][ T6640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805cc79000 pfn:0x5cc79
[  143.433568][ T6640] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  143.440716][ T6640] raw: 00fff00000000000 dead000000000040 ffff888021ec5000 0000000000000000
[  143.449520][ T6640] raw: ffff88805cc79000 0000000000000001 00000000ffffffff 0000000000000000
[  143.458129][ T6640] page dumped because: page_pool leak