Warning: Permanently added '[localhost]:54110' (ED25519) to the list of known hosts.
2025/07/05 20:30:51 ignoring optional flag "sandboxArg"="0"
2025/07/05 20:30:53 parsed 1 programs
[ 129.228284][ T5645] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 135.225530][ T5691] chnl_net:caif_netlink_parms(): no params data found
[ 135.293889][ T5691] bridge0: port 1(bridge_slave_0) entered blocking state
[ 135.297422][ T5691] bridge0: port 1(bridge_slave_0) entered disabled state
[ 135.300761][ T5691] bridge_slave_0: entered allmulticast mode
[ 135.305355][ T5691] bridge_slave_0: entered promiscuous mode
[ 135.311430][ T5691] bridge0: port 2(bridge_slave_1) entered blocking state
[ 135.314684][ T5691] bridge0: port 2(bridge_slave_1) entered disabled state
[ 135.318497][ T5691] bridge_slave_1: entered allmulticast mode
[ 135.322574][ T5691] bridge_slave_1: entered promiscuous mode
[ 135.348300][ T5691] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 135.355367][ T5691] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 135.379769][ T5691] team0: Port device team_slave_0 added
[ 135.384219][ T5691] team0: Port device team_slave_1 added
[ 135.403988][ T5691] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 135.407811][ T5691] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 135.419750][ T5691] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 135.427016][ T5691] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 135.430180][ T5691] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 135.442142][ T5691] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 135.480515][ T5691] hsr_slave_0: entered promiscuous mode
[ 135.484246][ T5691] hsr_slave_1: entered promiscuous mode
[ 136.207913][ T5691] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 136.229216][ T5691] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 136.237974][ T5691] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 136.262138][ T5691] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 136.415182][ T5691] 8021q: adding VLAN 0 to HW filter on device bond0
[ 136.459255][ T5691] 8021q: adding VLAN 0 to HW filter on device team0
[ 136.498899][ T1039] bridge0: port 1(bridge_slave_0) entered blocking state
[ 136.502265][ T1039] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 136.518025][ T1039] bridge0: port 2(bridge_slave_1) entered blocking state
[ 136.521341][ T1039] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 136.591969][ T5691] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 136.915303][ T5691] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 136.991878][ T5691] veth0_vlan: entered promiscuous mode
[ 137.014739][ T5691] veth1_vlan: entered promiscuous mode
[ 137.078327][ T5691] veth0_macvtap: entered promiscuous mode
[ 137.084584][ T5691] veth1_macvtap: entered promiscuous mode
[ 137.122502][ T5691] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 137.144297][ T5691] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 137.164272][ T5691] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 137.193705][ T5691] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 137.199198][ T5691] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 137.203323][ T5691] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 137.484906][ T5376] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 137.492069][ T5376] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 137.496185][ T5376] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 137.500274][ T5376] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 137.504049][ T5376] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 137.559588][ T1149] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 137.664511][ T1149] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 137.732004][ T1149] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 137.948619][ T1315] ieee802154 phy0 wpan0: encryption failed: -22
[ 137.952246][ T1315] ieee802154 phy1 wpan1: encryption failed: -22
[ 138.163318][ T1132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 138.167444][ T1132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 138.234919][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 138.240543][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 138.649883][ T1149] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 140.103782][ T1149] bridge_slave_1: left allmulticast mode
[ 140.131252][ T1149] bridge_slave_1: left promiscuous mode
[ 140.133858][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state
[ 140.167964][ T1149] bridge_slave_0: left allmulticast mode
[ 140.170690][ T1149] bridge_slave_0: left promiscuous mode
[ 140.173458][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state
[ 140.743968][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 140.757480][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 140.762286][ T1149] bond0 (unregistering): Released all slaves
[ 140.837379][ T1149] hsr_slave_0: left promiscuous mode
[ 140.876602][ T1149] hsr_slave_1: left promiscuous mode
[ 140.879793][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 140.883035][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 140.921780][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 140.925167][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 140.979592][ T1149] veth1_macvtap: left promiscuous mode
[ 140.982242][ T1149] veth0_macvtap: left promiscuous mode
[ 140.985258][ T1149] veth1_vlan: left promiscuous mode
[ 141.008361][ T1149] veth0_vlan: left promiscuous mode
[ 141.610636][ T1149] team0 (unregistering): Port device team_slave_1 removed
[ 141.659454][ T1149] team0 (unregistering): Port device team_slave_0 removed
2025/07/05 20:31:11 executed programs: 0
[ 143.267489][ T4690] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 143.272193][ T4690] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 143.278664][ T4690] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 143.283641][ T4690] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 143.287734][ T4690] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 143.742265][ T5824] chnl_net:caif_netlink_parms(): no params data found
[ 143.909058][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state
[ 143.912465][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state
[ 143.924956][ T5824] bridge_slave_0: entered allmulticast mode
[ 143.937184][ T5824] bridge_slave_0: entered promiscuous mode
[ 143.942108][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state
[ 143.957652][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state
[ 143.960988][ T5824] bridge_slave_1: entered allmulticast mode
[ 143.977093][ T5824] bridge_slave_1: entered promiscuous mode
[ 144.037674][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 144.044464][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 144.109481][ T5824] team0: Port device team_slave_0 added
[ 144.119169][ T5824] team0: Port device team_slave_1 added
[ 144.171209][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 144.186701][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 144.216666][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 144.226920][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 144.230069][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 144.266282][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 144.344081][ T5824] hsr_slave_0: entered promiscuous mode
[ 144.358385][ T5824] hsr_slave_1: entered promiscuous mode
[ 144.869861][ T5824] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 144.889644][ T5824] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 144.908531][ T5824] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 144.929088][ T5824] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 145.088563][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0
[ 145.129928][ T5824] 8021q: adding VLAN 0 to HW filter on device team0
[ 145.153062][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state
[ 145.156428][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 145.162641][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state
[ 145.166057][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 145.232994][ T5824] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 145.376350][ T4690] Bluetooth: hci0: command tx timeout
[ 145.557696][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 145.624121][ T5824] veth0_vlan: entered promiscuous mode
[ 145.648980][ T5824] veth1_vlan: entered promiscuous mode
[ 145.721458][ T5824] veth0_macvtap: entered promiscuous mode
[ 145.738957][ T5824] veth1_macvtap: entered promiscuous mode
[ 145.768294][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 145.785445][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 145.809274][ T5824] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 145.813297][ T5824] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 145.836369][ T5824] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 145.840375][ T5824] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 145.983392][ T127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 145.994436][ T127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 146.053666][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 146.065365][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 146.184988][ T5882] BUG: Bad page state in process syz.0.16 pfn:595db
[ 146.188379][ T5882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880595db990 pfn:0x595db
[ 146.194067][ T5882] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 146.197406][ T5882] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 146.201206][ T5882] raw: ffff8880595db990 0000000000000001 00000000ffffffff 0000000000000000
[ 146.205229][ T5882] page dumped because: page_pool leak
[ 146.207560][ T5882] page_owner tracks the page as allocated
[ 146.210224][ T5882] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5882, tgid 5881 (syz.0.16), ts 146184881043, free_ts 146096486854
[ 146.217899][ T5882] post_alloc_hook+0x240/0x2a0
[ 146.220178][ T5882] get_page_from_freelist+0x21e4/0x22c0
[ 146.222596][ T5882] __alloc_frozen_pages_noprof+0x181/0x370
[ 146.225148][ T5882] alloc_pages_bulk_noprof+0x560/0x710
[ 146.227682][ T5882] __page_pool_alloc_pages_slow+0x127/0x740
[ 146.230423][ T5882] skb_pp_cow_data+0xb47/0x13e0
[ 146.232498][ T5882] do_xdp_generic+0x699/0x11a0
[ 146.234704][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 146.237331][ T5882] __netif_receive_skb+0x72/0x380
[ 146.239621][ T5882] netif_receive_skb+0x1cb/0x790
[ 146.241883][ T5882] tun_rx_batched+0x1b9/0x730
[ 146.244007][ T5882] tun_get_user+0x298e/0x3ce0
[ 146.246095][ T5882] tun_chr_write_iter+0x113/0x200
[ 146.248286][ T5882] vfs_write+0x54b/0xa90
[ 146.250137][ T5882] ksys_write+0x145/0x250
[ 146.252021][ T5882] do_syscall_64+0xfa/0x3b0
[ 146.254124][ T5882] page last free pid 15 tgid 15 stack trace:
[ 146.256962][ T5882] __free_frozen_pages+0xc71/0xe70
[ 146.259309][ T5882] rcu_core+0xca5/0x1710
[ 146.261182][ T5882] handle_softirqs+0x286/0x870
[ 146.263283][ T5882] run_ksoftirqd+0x9b/0x100
[ 146.265278][ T5882] smpboot_thread_fn+0x53f/0xa60
[ 146.267565][ T5882] kthread+0x70e/0x8a0
[ 146.269419][ T5882] ret_from_fork+0x3fc/0x770
[ 146.271469][ T5882] ret_from_fork_asm+0x1a/0x30
[ 146.273599][ T5882] Modules linked in:
[ 146.275342][ T5882] CPU: 0 UID: 0 PID: 5882 Comm: syz.0.16 Not tainted 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 146.275357][ T5882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 146.275364][ T5882] Call Trace:
[ 146.275371][ T5882]
[ 146.275376][ T5882] dump_stack_lvl+0x189/0x250
[ 146.275394][ T5882] ? __pfx_dump_stack_lvl+0x10/0x10
[ 146.275407][ T5882] ? __pfx_print_modules+0x10/0x10
[ 146.275424][ T5882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 146.275441][ T5882] bad_page+0x180/0x1c0
[ 146.275456][ T5882] __free_frozen_pages+0xe17/0xe70
[ 146.275475][ T5882] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 146.275504][ T5882] bpf_xdp_adjust_tail+0x1d6/0x220
[ 146.275522][ T5882] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 146.275532][ T5882] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 146.275567][ T5882] do_xdp_generic+0x9f7/0x11a0
[ 146.275590][ T5882] ? __pfx_do_xdp_generic+0x10/0x10
[ 146.275603][ T5882] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 146.275637][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 146.275652][ T5882] ? __up_read+0x280/0x680
[ 146.275685][ T5882] ? __pfx___up_read+0x10/0x10
[ 146.275699][ T5882] ? do_user_addr_fault+0xbc1/0x1390
[ 146.275714][ T5882] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 146.275729][ T5882] ? irqentry_exit+0x74/0x90
[ 146.275741][ T5882] ? __lock_acquire+0xab9/0xd20
[ 146.275754][ T5882] ? netif_receive_skb+0x115/0x790
[ 146.275766][ T5882] ? netif_receive_skb+0x115/0x790
[ 146.275778][ T5882] __netif_receive_skb+0x72/0x380
[ 146.275791][ T5882] ? netif_receive_skb+0x115/0x790
[ 146.275801][ T5882] netif_receive_skb+0x1cb/0x790
[ 146.275811][ T5882] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 146.275822][ T5882] ? __pfx_netif_receive_skb+0x10/0x10
[ 146.275833][ T5882] ? __pfx__copy_from_iter+0x10/0x10
[ 146.275844][ T5882] ? sock_alloc_send_pskb+0x875/0x990
[ 146.275860][ T5882] ? tun_rx_batched+0x160/0x730
[ 146.275875][ T5882] tun_rx_batched+0x1b9/0x730
[ 146.275885][ T5882] ? __lock_acquire+0xab9/0xd20
[ 146.275897][ T5882] ? __pfx_tun_rx_batched+0x10/0x10
[ 146.275912][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 146.275931][ T5882] tun_get_user+0x298e/0x3ce0
[ 146.275946][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 146.275963][ T5882] ? aa_file_perm+0x11f/0xed0
[ 146.275976][ T5882] ? __pfx_tun_get_user+0x10/0x10
[ 146.275987][ T5882] ? aa_file_perm+0x3e7/0xed0
[ 146.275996][ T5882] ? __pfx_preempt_schedule+0x10/0x10
[ 146.276018][ T5882] ? ref_tracker_alloc+0x318/0x460
[ 146.276027][ T5882] ? __lock_acquire+0xab9/0xd20
[ 146.276037][ T5882] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 146.276051][ T5882] ? tun_get+0x1c/0x2f0
[ 146.276065][ T5882] ? tun_get+0x1c/0x2f0
[ 146.276075][ T5882] ? tun_get+0x1c/0x2f0
[ 146.276090][ T5882] tun_chr_write_iter+0x113/0x200
[ 146.276102][ T5882] vfs_write+0x54b/0xa90
[ 146.276119][ T5882] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 146.276130][ T5882] ? __pfx_vfs_write+0x10/0x10
[ 146.276149][ T5882] ? __fget_files+0x2a/0x420
[ 146.276168][ T5882] ksys_write+0x145/0x250
[ 146.276183][ T5882] ? __pfx_ksys_write+0x10/0x10
[ 146.276193][ T5882] ? rcu_is_watching+0x15/0xb0
[ 146.276208][ T5882] ? do_syscall_64+0xbe/0x3b0
[ 146.276224][ T5882] do_syscall_64+0xfa/0x3b0
[ 146.276233][ T5882] ? lockdep_hardirqs_on+0x9c/0x150
[ 146.276242][ T5882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 146.276253][ T5882] ? clear_bhb_loop+0x60/0xb0
[ 146.276270][ T5882] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 146.276279][ T5882] RIP: 0033:0x7fca7018d3df
[ 146.276292][ T5882] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 146.276300][ T5882] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 146.276311][ T5882] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 146.276320][ T5882] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 146.276326][ T5882] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 146.276332][ T5882] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 146.276337][ T5882] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 146.276355][ T5882]
[ 146.458996][ T5882] Disabling lock debugging due to kernel taint
[ 146.461876][ T5882] BUG: Bad page state in process syz.0.16 pfn:597b4
[ 146.464889][ T5882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880597b4dc0 pfn:0x597b4
[ 146.469422][ T5882] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 146.472593][ T5882] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 146.476583][ T5882] raw: ffff8880597b4dc0 0000000000000001 00000000ffffffff 0000000000000000
[ 146.480636][ T5882] page dumped because: page_pool leak
[ 146.483329][ T5882] page_owner tracks the page as allocated
[ 146.486016][ T5882] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5882, tgid 5881 (syz.0.16), ts 146184869184, free_ts 146096506283
[ 146.493446][ T5882] post_alloc_hook+0x240/0x2a0
[ 146.495765][ T5882] get_page_from_freelist+0x21e4/0x22c0
[ 146.498441][ T5882] __alloc_frozen_pages_noprof+0x181/0x370
[ 146.501241][ T5882] alloc_pages_bulk_noprof+0x560/0x710
[ 146.503729][ T5882] __page_pool_alloc_pages_slow+0x127/0x740
[ 146.506516][ T5882] skb_pp_cow_data+0xb47/0x13e0
[ 146.508713][ T5882] do_xdp_generic+0x699/0x11a0
[ 146.510916][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 146.513449][ T5882] __netif_receive_skb+0x72/0x380
[ 146.515816][ T5882] netif_receive_skb+0x1cb/0x790
[ 146.518181][ T5882] tun_rx_batched+0x1b9/0x730
[ 146.520524][ T5882] tun_get_user+0x298e/0x3ce0
[ 146.522684][ T5882] tun_chr_write_iter+0x113/0x200
[ 146.525011][ T5882] vfs_write+0x54b/0xa90
[ 146.527081][ T5882] ksys_write+0x145/0x250
[ 146.529061][ T5882] do_syscall_64+0xfa/0x3b0
[ 146.531130][ T5882] page last free pid 15 tgid 15 stack trace:
[ 146.533868][ T5882] __free_frozen_pages+0xc71/0xe70
[ 146.536280][ T5882] rcu_core+0xca5/0x1710
[ 146.538357][ T5882] handle_softirqs+0x286/0x870
[ 146.540677][ T5882] run_ksoftirqd+0x9b/0x100
[ 146.542864][ T5882] smpboot_thread_fn+0x53f/0xa60
[ 146.545130][ T5882] kthread+0x70e/0x8a0
[ 146.547102][ T5882] ret_from_fork+0x3fc/0x770
[ 146.549195][ T5882] ret_from_fork_asm+0x1a/0x30
[ 146.551267][ T5882] Modules linked in:
[ 146.553050][ T5882] CPU: 0 UID: 0 PID: 5882 Comm: syz.0.16 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 146.553068][ T5882] Tainted: [B]=BAD_PAGE
[ 146.553072][ T5882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 146.553079][ T5882] Call Trace:
[ 146.553087][ T5882]
[ 146.553093][ T5882] dump_stack_lvl+0x189/0x250
[ 146.553108][ T5882] ? __pfx_dump_stack_lvl+0x10/0x10
[ 146.553119][ T5882] ? __pfx_print_modules+0x10/0x10
[ 146.553137][ T5882] bad_page+0x180/0x1c0
[ 146.553148][ T5882] __free_frozen_pages+0xe17/0xe70
[ 146.553165][ T5882] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 146.553185][ T5882] bpf_xdp_adjust_tail+0x1d6/0x220
[ 146.553200][ T5882] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 146.553209][ T5882] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 146.553231][ T5882] do_xdp_generic+0x9f7/0x11a0
[ 146.553247][ T5882] ? __pfx_do_xdp_generic+0x10/0x10
[ 146.553261][ T5882] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 146.553280][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 146.553292][ T5882] ? __up_read+0x280/0x680
[ 146.553306][ T5882] ? __pfx___up_read+0x10/0x10
[ 146.553317][ T5882] ? do_user_addr_fault+0xbc1/0x1390
[ 146.553330][ T5882] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 146.553341][ T5882] ? irqentry_exit+0x74/0x90
[ 146.553351][ T5882] ? __lock_acquire+0xab9/0xd20
[ 146.553363][ T5882] ? netif_receive_skb+0x115/0x790
[ 146.553372][ T5882] ? netif_receive_skb+0x115/0x790
[ 146.553381][ T5882] __netif_receive_skb+0x72/0x380
[ 146.553393][ T5882] ? netif_receive_skb+0x115/0x790
[ 146.553402][ T5882] netif_receive_skb+0x1cb/0x790
[ 146.553411][ T5882] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 146.553421][ T5882] ? __pfx_netif_receive_skb+0x10/0x10
[ 146.553432][ T5882] ? __pfx__copy_from_iter+0x10/0x10
[ 146.553442][ T5882] ? sock_alloc_send_pskb+0x875/0x990
[ 146.553455][ T5882] ? tun_rx_batched+0x160/0x730
[ 146.553469][ T5882] tun_rx_batched+0x1b9/0x730
[ 146.553479][ T5882] ? __lock_acquire+0xab9/0xd20
[ 146.553488][ T5882] ? __pfx_tun_rx_batched+0x10/0x10
[ 146.553501][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 146.553513][ T5882] tun_get_user+0x298e/0x3ce0
[ 146.553524][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 146.553538][ T5882] ? aa_file_perm+0x11f/0xed0
[ 146.553548][ T5882] ? __pfx_tun_get_user+0x10/0x10
[ 146.553557][ T5882] ? aa_file_perm+0x3e7/0xed0
[ 146.553568][ T5882] ? __pfx_preempt_schedule+0x10/0x10
[ 146.553583][ T5882] ? ref_tracker_alloc+0x318/0x460
[ 146.553591][ T5882] ? __lock_acquire+0xab9/0xd20
[ 146.553602][ T5882] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 146.553612][ T5882] ? tun_get+0x1c/0x2f0
[ 146.553622][ T5882] ? tun_get+0x1c/0x2f0
[ 146.553631][ T5882] ? tun_get+0x1c/0x2f0
[ 146.553643][ T5882] tun_chr_write_iter+0x113/0x200
[ 146.553654][ T5882] vfs_write+0x54b/0xa90
[ 146.553665][ T5882] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 146.553677][ T5882] ? __pfx_vfs_write+0x10/0x10
[ 146.553689][ T5882] ? __fget_files+0x2a/0x420
[ 146.553705][ T5882] ksys_write+0x145/0x250
[ 146.553717][ T5882] ? __pfx_ksys_write+0x10/0x10
[ 146.553726][ T5882] ? rcu_is_watching+0x15/0xb0
[ 146.553740][ T5882] ? do_syscall_64+0xbe/0x3b0
[ 146.553752][ T5882] do_syscall_64+0xfa/0x3b0
[ 146.553761][ T5882] ? lockdep_hardirqs_on+0x9c/0x150
[ 146.553771][ T5882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 146.553781][ T5882] ? clear_bhb_loop+0x60/0xb0
[ 146.553791][ T5882] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 146.553802][ T5882] RIP: 0033:0x7fca7018d3df
[ 146.553812][ T5882] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 146.553820][ T5882] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 146.553832][ T5882] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 146.553841][ T5882] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 146.553847][ T5882] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 146.553853][ T5882] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 146.553858][ T5882] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 146.553868][ T5882]
[ 146.553877][ T5882] BUG: Bad page state in process syz.0.16 pfn:4bc88
[ 146.742858][ T5882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804bc88dc0 pfn:0x4bc88
[ 146.747373][ T5882] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 146.750886][ T5882] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 146.755495][ T5882] raw: ffff88804bc88dc0 0000000000000001 00000000ffffffff 0000000000000000
[ 146.759301][ T5882] page dumped because: page_pool leak
[ 146.761626][ T5882] page_owner tracks the page as allocated
[ 146.764030][ T5882] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5882, tgid 5881 (syz.0.16), ts 146184859906, free_ts 146096523378
[ 146.772348][ T5882] post_alloc_hook+0x240/0x2a0
[ 146.774651][ T5882] get_page_from_freelist+0x21e4/0x22c0
[ 146.777177][ T5882] __alloc_frozen_pages_noprof+0x181/0x370
[ 146.779770][ T5882] alloc_pages_bulk_noprof+0x560/0x710
[ 146.782195][ T5882] __page_pool_alloc_pages_slow+0x127/0x740
[ 146.784816][ T5882] skb_pp_cow_data+0xb47/0x13e0
[ 146.787162][ T5882] do_xdp_generic+0x699/0x11a0
[ 146.789592][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 146.792433][ T5882] __netif_receive_skb+0x72/0x380
[ 146.794553][ T5882] netif_receive_skb+0x1cb/0x790
[ 146.796846][ T5882] tun_rx_batched+0x1b9/0x730
[ 146.798925][ T5882] tun_get_user+0x298e/0x3ce0
[ 146.801016][ T5882] tun_chr_write_iter+0x113/0x200
[ 146.803211][ T5882] vfs_write+0x54b/0xa90
[ 146.805139][ T5882] ksys_write+0x145/0x250
[ 146.807178][ T5882] do_syscall_64+0xfa/0x3b0
[ 146.809248][ T5882] page last free pid 15 tgid 15 stack trace:
[ 146.811912][ T5882] __free_frozen_pages+0xc71/0xe70
[ 146.814224][ T5882] rcu_core+0xca5/0x1710
[ 146.816274][ T5882] handle_softirqs+0x286/0x870
[ 146.818417][ T5882] run_ksoftirqd+0x9b/0x100
[ 146.820411][ T5882] smpboot_thread_fn+0x53f/0xa60
[ 146.822783][ T5882] kthread+0x70e/0x8a0
[ 146.824672][ T5882] ret_from_fork+0x3fc/0x770
[ 146.826898][ T5882] ret_from_fork_asm+0x1a/0x30
[ 146.829073][ T5882] Modules linked in:
[ 146.830774][ T5882] CPU: 0 UID: 0 PID: 5882 Comm: syz.0.16 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 146.830790][ T5882] Tainted: [B]=BAD_PAGE
[ 146.830794][ T5882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 146.830805][ T5882] Call Trace:
[ 146.830812][ T5882]
[ 146.830818][ T5882] dump_stack_lvl+0x189/0x250
[ 146.830834][ T5882] ? __pfx_dump_stack_lvl+0x10/0x10
[ 146.830846][ T5882] ? __pfx_print_modules+0x10/0x10
[ 146.830862][ T5882] bad_page+0x180/0x1c0
[ 146.830874][ T5882] __free_frozen_pages+0xe17/0xe70
[ 146.830889][ T5882] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 146.830909][ T5882] bpf_xdp_adjust_tail+0x1d6/0x220
[ 146.830922][ T5882] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 146.830932][ T5882] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 146.830953][ T5882] do_xdp_generic+0x9f7/0x11a0
[ 146.830970][ T5882] ? __pfx_do_xdp_generic+0x10/0x10
[ 146.830983][ T5882] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 146.831002][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 146.831012][ T5882] ? __up_read+0x280/0x680
[ 146.831026][ T5882] ? __pfx___up_read+0x10/0x10
[ 146.831045][ T5882] ? do_user_addr_fault+0xbc1/0x1390
[ 146.831056][ T5882] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 146.831066][ T5882] ? irqentry_exit+0x74/0x90
[ 146.831078][ T5882] ? __lock_acquire+0xab9/0xd20
[ 146.831089][ T5882] ? netif_receive_skb+0x115/0x790
[ 146.831098][ T5882] ? netif_receive_skb+0x115/0x790
[ 146.831107][ T5882] __netif_receive_skb+0x72/0x380
[ 146.831117][ T5882] ? netif_receive_skb+0x115/0x790
[ 146.831125][ T5882] netif_receive_skb+0x1cb/0x790
[ 146.831135][ T5882] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 146.831146][ T5882] ? __pfx_netif_receive_skb+0x10/0x10
[ 146.831156][ T5882] ? __pfx__copy_from_iter+0x10/0x10
[ 146.831166][ T5882] ? sock_alloc_send_pskb+0x875/0x990
[ 146.831180][ T5882] ? tun_rx_batched+0x160/0x730
[ 146.831190][ T5882] tun_rx_batched+0x1b9/0x730
[ 146.831200][ T5882] ? __lock_acquire+0xab9/0xd20
[ 146.831209][ T5882] ? __pfx_tun_rx_batched+0x10/0x10
[ 146.831219][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 146.831231][ T5882] tun_get_user+0x298e/0x3ce0
[ 146.831243][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 146.831254][ T5882] ? aa_file_perm+0x11f/0xed0
[ 146.831263][ T5882] ? __pfx_tun_get_user+0x10/0x10
[ 146.831273][ T5882] ? aa_file_perm+0x3e7/0xed0
[ 146.831282][ T5882] ? __pfx_preempt_schedule+0x10/0x10
[ 146.831298][ T5882] ? ref_tracker_alloc+0x318/0x460
[ 146.831307][ T5882] ? __lock_acquire+0xab9/0xd20
[ 146.831317][ T5882] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 146.831327][ T5882] ? tun_get+0x1c/0x2f0
[ 146.831336][ T5882] ? tun_get+0x1c/0x2f0
[ 146.831346][ T5882] ? tun_get+0x1c/0x2f0
[ 146.831356][ T5882] tun_chr_write_iter+0x113/0x200
[ 146.831367][ T5882] vfs_write+0x54b/0xa90
[ 146.831379][ T5882] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 146.831389][ T5882] ? __pfx_vfs_write+0x10/0x10
[ 146.831401][ T5882] ? __fget_files+0x2a/0x420
[ 146.831417][ T5882] ksys_write+0x145/0x250
[ 146.831428][ T5882] ? __pfx_ksys_write+0x10/0x10
[ 146.831439][ T5882] ? rcu_is_watching+0x15/0xb0
[ 146.831452][ T5882] ? do_syscall_64+0xbe/0x3b0
[ 146.831462][ T5882] do_syscall_64+0xfa/0x3b0
[ 146.831471][ T5882] ? lockdep_hardirqs_on+0x9c/0x150
[ 146.831480][ T5882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 146.831490][ T5882] ? clear_bhb_loop+0x60/0xb0
[ 146.831501][ T5882] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 146.831510][ T5882] RIP: 0033:0x7fca7018d3df
[ 146.831522][ T5882] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 146.831530][ T5882] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 146.831541][ T5882] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 146.831548][ T5882] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 146.831555][ T5882] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 146.831566][ T5882] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 146.831571][ T5882] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 146.831582][ T5882]
[ 146.831590][ T5882] BUG: Bad page state in process syz.0.16 pfn:44c78
[ 147.017406][ T5882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888044c78dc0 pfn:0x44c78
[ 147.021927][ T5882] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 147.025528][ T5882] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 147.029497][ T5882] raw: ffff888044c78dc0 0000000000000001 00000000ffffffff 0000000000000000
[ 147.033379][ T5882] page dumped because: page_pool leak
[ 147.035890][ T5882] page_owner tracks the page as allocated
[ 147.038415][ T5882] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5882, tgid 5881 (syz.0.16), ts 146184850119, free_ts 146096539801
[ 147.046137][ T5882] post_alloc_hook+0x240/0x2a0
[ 147.049017][ T5882] get_page_from_freelist+0x21e4/0x22c0
[ 147.051741][ T5882] __alloc_frozen_pages_noprof+0x181/0x370
[ 147.054325][ T5882] alloc_pages_bulk_noprof+0x560/0x710
[ 147.056835][ T5882] __page_pool_alloc_pages_slow+0x127/0x740
[ 147.059395][ T5882] skb_pp_cow_data+0xb47/0x13e0
[ 147.061529][ T5882] do_xdp_generic+0x699/0x11a0
[ 147.063652][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 147.066757][ T5882] __netif_receive_skb+0x72/0x380
[ 147.069347][ T5882] netif_receive_skb+0x1cb/0x790
[ 147.071620][ T5882] tun_rx_batched+0x1b9/0x730
[ 147.074088][ T5882] tun_get_user+0x298e/0x3ce0
[ 147.076955][ T5882] tun_chr_write_iter+0x113/0x200
[ 147.079854][ T5882] vfs_write+0x54b/0xa90
[ 147.082380][ T5882] ksys_write+0x145/0x250
[ 147.084522][ T5882] do_syscall_64+0xfa/0x3b0
[ 147.086752][ T5882] page last free pid 15 tgid 15 stack trace:
[ 147.089530][ T5882] __free_frozen_pages+0xc71/0xe70
[ 147.091755][ T5882] rcu_core+0xca5/0x1710
[ 147.093703][ T5882] handle_softirqs+0x286/0x870
[ 147.095826][ T5882] run_ksoftirqd+0x9b/0x100
[ 147.097921][ T5882] smpboot_thread_fn+0x53f/0xa60
[ 147.100048][ T5882] kthread+0x70e/0x8a0
[ 147.101815][ T5882] ret_from_fork+0x3fc/0x770
[ 147.103897][ T5882] ret_from_fork_asm+0x1a/0x30
[ 147.106162][ T5882] Modules linked in:
[ 147.107916][ T5882] CPU: 0 UID: 0 PID: 5882 Comm: syz.0.16 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 147.107933][ T5882] Tainted: [B]=BAD_PAGE
[ 147.107937][ T5882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 147.107944][ T5882] Call Trace:
[ 147.107951][ T5882]
[ 147.107956][ T5882] dump_stack_lvl+0x189/0x250
[ 147.107972][ T5882] ? __pfx_dump_stack_lvl+0x10/0x10
[ 147.107983][ T5882] ? __pfx_print_modules+0x10/0x10
[ 147.108000][ T5882] bad_page+0x180/0x1c0
[ 147.108012][ T5882] __free_frozen_pages+0xe17/0xe70
[ 147.108027][ T5882] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 147.108046][ T5882] bpf_xdp_adjust_tail+0x1d6/0x220
[ 147.108066][ T5882] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 147.108076][ T5882] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 147.108097][ T5882] do_xdp_generic+0x9f7/0x11a0
[ 147.108114][ T5882] ? __pfx_do_xdp_generic+0x10/0x10
[ 147.108128][ T5882] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 147.108146][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 147.108158][ T5882] ? __up_read+0x280/0x680
[ 147.108172][ T5882] ? __pfx___up_read+0x10/0x10
[ 147.108184][ T5882] ? do_user_addr_fault+0xbc1/0x1390
[ 147.108196][ T5882] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 147.108207][ T5882] ? irqentry_exit+0x74/0x90
[ 147.108218][ T5882] ? __lock_acquire+0xab9/0xd20
[ 147.108230][ T5882] ? netif_receive_skb+0x115/0x790
[ 147.108239][ T5882] ? netif_receive_skb+0x115/0x790
[ 147.108248][ T5882] __netif_receive_skb+0x72/0x380
[ 147.108260][ T5882] ? netif_receive_skb+0x115/0x790
[ 147.108268][ T5882] netif_receive_skb+0x1cb/0x790
[ 147.108282][ T5882] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 147.108294][ T5882] ? __pfx_netif_receive_skb+0x10/0x10
[ 147.108303][ T5882] ? __pfx__copy_from_iter+0x10/0x10
[ 147.108312][ T5882] ? sock_alloc_send_pskb+0x875/0x990
[ 147.108328][ T5882] ? tun_rx_batched+0x160/0x730
[ 147.108342][ T5882] tun_rx_batched+0x1b9/0x730
[ 147.108353][ T5882] ? __lock_acquire+0xab9/0xd20
[ 147.108363][ T5882] ? __pfx_tun_rx_batched+0x10/0x10
[ 147.108375][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 147.108388][ T5882] tun_get_user+0x298e/0x3ce0
[ 147.108399][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 147.108410][ T5882] ? aa_file_perm+0x11f/0xed0
[ 147.108421][ T5882] ? __pfx_tun_get_user+0x10/0x10
[ 147.108431][ T5882] ? aa_file_perm+0x3e7/0xed0
[ 147.108440][ T5882] ? __pfx_preempt_schedule+0x10/0x10
[ 147.108456][ T5882] ? ref_tracker_alloc+0x318/0x460
[ 147.108464][ T5882] ? __lock_acquire+0xab9/0xd20
[ 147.108473][ T5882] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 147.108482][ T5882] ? tun_get+0x1c/0x2f0
[ 147.108494][ T5882] ? tun_get+0x1c/0x2f0
[ 147.108503][ T5882] ? tun_get+0x1c/0x2f0
[ 147.108512][ T5882] tun_chr_write_iter+0x113/0x200
[ 147.108523][ T5882] vfs_write+0x54b/0xa90
[ 147.108537][ T5882] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 147.108547][ T5882] ? __pfx_vfs_write+0x10/0x10
[ 147.108558][ T5882] ? __fget_files+0x2a/0x420
[ 147.108573][ T5882] ksys_write+0x145/0x250
[ 147.108584][ T5882] ? __pfx_ksys_write+0x10/0x10
[ 147.108594][ T5882] ? rcu_is_watching+0x15/0xb0
[ 147.108606][ T5882] ? do_syscall_64+0xbe/0x3b0
[ 147.108618][ T5882] do_syscall_64+0xfa/0x3b0
[ 147.108628][ T5882] ? lockdep_hardirqs_on+0x9c/0x150
[ 147.108637][ T5882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.108647][ T5882] ? clear_bhb_loop+0x60/0xb0
[ 147.108658][ T5882] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.108668][ T5882] RIP: 0033:0x7fca7018d3df
[ 147.108678][ T5882] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 147.108686][ T5882] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 147.108697][ T5882] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 147.108704][ T5882] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 147.108711][ T5882] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 147.108717][ T5882] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 147.108723][ T5882] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 147.108733][ T5882]
[ 147.108742][ T5882] BUG: Bad page state in process syz.0.16 pfn:5957a
[ 147.298268][ T5882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805957adc0 pfn:0x5957a
[ 147.302674][ T5882] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 147.305998][ T5882] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 147.309688][ T5882] raw: ffff88805957adc0 0000000000000001 00000000ffffffff 0000000000000000
[ 147.313526][ T5882] page dumped because: page_pool leak
[ 147.316245][ T5882] page_owner tracks the page as allocated
[ 147.318864][ T5882] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5882, tgid 5881 (syz.0.16), ts 146184840762, free_ts 146096558390
[ 147.326150][ T5882] post_alloc_hook+0x240/0x2a0
[ 147.328236][ T5882] get_page_from_freelist+0x21e4/0x22c0
[ 147.330730][ T5882] __alloc_frozen_pages_noprof+0x181/0x370
[ 147.333470][ T5882] alloc_pages_bulk_noprof+0x560/0x710
[ 147.336118][ T5882] __page_pool_alloc_pages_slow+0x127/0x740
[ 147.338795][ T5882] skb_pp_cow_data+0xb47/0x13e0
[ 147.340950][ T5882] do_xdp_generic+0x699/0x11a0
[ 147.343151][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 147.345622][ T5882] __netif_receive_skb+0x72/0x380
[ 147.347951][ T5882] netif_receive_skb+0x1cb/0x790
[ 147.350257][ T5882] tun_rx_batched+0x1b9/0x730
[ 147.352551][ T5882] tun_get_user+0x298e/0x3ce0
[ 147.354893][ T5882] tun_chr_write_iter+0x113/0x200
[ 147.357322][ T5882] vfs_write+0x54b/0xa90
[ 147.359251][ T5882] ksys_write+0x145/0x250
[ 147.361167][ T5882] do_syscall_64+0xfa/0x3b0
[ 147.363247][ T5882] page last free pid 15 tgid 15 stack trace:
[ 147.365946][ T5882] __free_frozen_pages+0xc71/0xe70
[ 147.368213][ T5882] rcu_core+0xca5/0x1710
[ 147.370155][ T5882] handle_softirqs+0x286/0x870
[ 147.372326][ T5882] run_ksoftirqd+0x9b/0x100
[ 147.374432][ T5882] smpboot_thread_fn+0x53f/0xa60
[ 147.376849][ T5882] kthread+0x70e/0x8a0
[ 147.378780][ T5882] ret_from_fork+0x3fc/0x770
[ 147.380816][ T5882] ret_from_fork_asm+0x1a/0x30
[ 147.382886][ T5882] Modules linked in:
[ 147.384641][ T5882] CPU: 0 UID: 0 PID: 5882 Comm: syz.0.16 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 147.384658][ T5882] Tainted: [B]=BAD_PAGE
[ 147.384662][ T5882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 147.384669][ T5882] Call Trace:
[ 147.384676][ T5882]
[ 147.384681][ T5882] dump_stack_lvl+0x189/0x250
[ 147.384698][ T5882] ? __pfx_dump_stack_lvl+0x10/0x10
[ 147.384710][ T5882] ? __pfx_print_modules+0x10/0x10
[ 147.384728][ T5882] bad_page+0x180/0x1c0
[ 147.384741][ T5882] __free_frozen_pages+0xe17/0xe70
[ 147.384757][ T5882] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 147.384802][ T5882] bpf_xdp_adjust_tail+0x1d6/0x220
[ 147.384818][ T5882] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 147.384828][ T5882] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 147.384850][ T5882] do_xdp_generic+0x9f7/0x11a0
[ 147.384866][ T5882] ? __pfx_do_xdp_generic+0x10/0x10
[ 147.384880][ T5882] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 147.384901][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 147.384914][ T5882] ? __up_read+0x280/0x680
[ 147.384929][ T5882] ? __pfx___up_read+0x10/0x10
[ 147.384942][ T5882] ? do_user_addr_fault+0xbc1/0x1390
[ 147.384955][ T5882] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 147.384966][ T5882] ? irqentry_exit+0x74/0x90
[ 147.384977][ T5882] ? __lock_acquire+0xab9/0xd20
[ 147.384988][ T5882] ? netif_receive_skb+0x115/0x790
[ 147.384999][ T5882] ? netif_receive_skb+0x115/0x790
[ 147.385009][ T5882] __netif_receive_skb+0x72/0x380
[ 147.385019][ T5882] ? netif_receive_skb+0x115/0x790
[ 147.385028][ T5882] netif_receive_skb+0x1cb/0x790
[ 147.385037][ T5882] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 147.385056][ T5882] ? __pfx_netif_receive_skb+0x10/0x10
[ 147.385066][ T5882] ? __pfx__copy_from_iter+0x10/0x10
[ 147.385077][ T5882] ? sock_alloc_send_pskb+0x875/0x990
[ 147.385093][ T5882] ? tun_rx_batched+0x160/0x730
[ 147.385104][ T5882] tun_rx_batched+0x1b9/0x730
[ 147.385115][ T5882] ? __lock_acquire+0xab9/0xd20
[ 147.385126][ T5882] ? __pfx_tun_rx_batched+0x10/0x10
[ 147.385138][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 147.385151][ T5882] tun_get_user+0x298e/0x3ce0
[ 147.385163][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 147.385177][ T5882] ? aa_file_perm+0x11f/0xed0
[ 147.385188][ T5882] ? __pfx_tun_get_user+0x10/0x10
[ 147.385199][ T5882] ? aa_file_perm+0x3e7/0xed0
[ 147.385208][ T5882] ? __pfx_preempt_schedule+0x10/0x10
[ 147.385226][ T5882] ? ref_tracker_alloc+0x318/0x460
[ 147.385236][ T5882] ? __lock_acquire+0xab9/0xd20
[ 147.385246][ T5882] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 147.385257][ T5882] ? tun_get+0x1c/0x2f0
[ 147.385269][ T5882] ? tun_get+0x1c/0x2f0
[ 147.385280][ T5882] ? tun_get+0x1c/0x2f0
[ 147.385291][ T5882] tun_chr_write_iter+0x113/0x200
[ 147.385302][ T5882] vfs_write+0x54b/0xa90
[ 147.385316][ T5882] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 147.385327][ T5882] ? __pfx_vfs_write+0x10/0x10
[ 147.385342][ T5882] ? __fget_files+0x2a/0x420
[ 147.385358][ T5882] ksys_write+0x145/0x250
[ 147.385370][ T5882] ? __pfx_ksys_write+0x10/0x10
[ 147.385382][ T5882] ? rcu_is_watching+0x15/0xb0
[ 147.385396][ T5882] ? do_syscall_64+0xbe/0x3b0
[ 147.385408][ T5882] do_syscall_64+0xfa/0x3b0
[ 147.385419][ T5882] ? lockdep_hardirqs_on+0x9c/0x150
[ 147.385428][ T5882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.385439][ T5882] ? clear_bhb_loop+0x60/0xb0
[ 147.385454][ T5882] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.385465][ T5882] RIP: 0033:0x7fca7018d3df
[ 147.385476][ T5882] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 147.385485][ T5882] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 147.385498][ T5882] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 147.385505][ T5882] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 147.385513][ T5882] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 147.385519][ T5882] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 147.385526][ T5882] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 147.385537][ T5882]
[ 147.385547][ T5882] BUG: Bad page state in process syz.0.16 pfn:3d2e8
[ 147.571437][ T5882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803d2e8dc0 pfn:0x3d2e8
[ 147.576167][ T5882] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 147.579359][ T5882] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 147.583279][ T5882] raw: ffff88803d2e8dc0 0000000000000001 00000000ffffffff 0000000000000000
[ 147.587153][ T5882] page dumped because: page_pool leak
[ 147.589544][ T5882] page_owner tracks the page as allocated
[ 147.592345][ T5882] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5882, tgid 5881 (syz.0.16), ts 146184829076, free_ts 146106548844
[ 147.600055][ T5882] post_alloc_hook+0x240/0x2a0
[ 147.602380][ T5882] get_page_from_freelist+0x21e4/0x22c0
[ 147.604880][ T5882] __alloc_frozen_pages_noprof+0x181/0x370
[ 147.607608][ T5882] alloc_pages_bulk_noprof+0x560/0x710
[ 147.609990][ T5882] __page_pool_alloc_pages_slow+0x127/0x740
[ 147.612591][ T5882] skb_pp_cow_data+0xb47/0x13e0
[ 147.614788][ T5882] do_xdp_generic+0x699/0x11a0
[ 147.617157][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 147.619748][ T5882] __netif_receive_skb+0x72/0x380
[ 147.622090][ T5882] netif_receive_skb+0x1cb/0x790
[ 147.624383][ T5882] tun_rx_batched+0x1b9/0x730
[ 147.626625][ T5882] tun_get_user+0x298e/0x3ce0
[ 147.628688][ T5882] tun_chr_write_iter+0x113/0x200
[ 147.630914][ T5882] vfs_write+0x54b/0xa90
[ 147.632820][ T5882] ksys_write+0x145/0x250
[ 147.634754][ T5882] do_syscall_64+0xfa/0x3b0
[ 147.636912][ T5882] page last free pid 15 tgid 15 stack trace:
[ 147.639510][ T5882] __free_frozen_pages+0xc71/0xe70
[ 147.641812][ T5882] __tlb_remove_table+0x2d2/0x3b0
[ 147.644259][ T5882] tlb_remove_table_rcu+0x85/0x100
[ 147.646977][ T5882] rcu_core+0xca5/0x1710
[ 147.648955][ T5882] handle_softirqs+0x286/0x870
[ 147.651179][ T5882] run_ksoftirqd+0x9b/0x100
[ 147.653218][ T5882] smpboot_thread_fn+0x53f/0xa60
[ 147.655415][ T5882] kthread+0x70e/0x8a0
[ 147.657309][ T5882] ret_from_fork+0x3fc/0x770
[ 147.659332][ T5882] ret_from_fork_asm+0x1a/0x30
[ 147.661466][ T5882] Modules linked in:
[ 147.663219][ T5882] CPU: 0 UID: 0 PID: 5882 Comm: syz.0.16 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 147.663236][ T5882] Tainted: [B]=BAD_PAGE
[ 147.663239][ T5882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 147.663246][ T5882] Call Trace:
[ 147.663253][ T5882]
[ 147.663260][ T5882] dump_stack_lvl+0x189/0x250
[ 147.663277][ T5882] ? __pfx_dump_stack_lvl+0x10/0x10
[ 147.663288][ T5882] ? __pfx_print_modules+0x10/0x10
[ 147.663304][ T5882] bad_page+0x180/0x1c0
[ 147.663315][ T5882] __free_frozen_pages+0xe17/0xe70
[ 147.663330][ T5882] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 147.663350][ T5882] bpf_xdp_adjust_tail+0x1d6/0x220
[ 147.663364][ T5882] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 147.663373][ T5882] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 147.663395][ T5882] do_xdp_generic+0x9f7/0x11a0
[ 147.663411][ T5882] ? __pfx_do_xdp_generic+0x10/0x10
[ 147.663423][ T5882] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 147.663442][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 147.663453][ T5882] ? __up_read+0x280/0x680
[ 147.663467][ T5882] ? __pfx___up_read+0x10/0x10
[ 147.663479][ T5882] ? do_user_addr_fault+0xbc1/0x1390
[ 147.663490][ T5882] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 147.663501][ T5882] ? irqentry_exit+0x74/0x90
[ 147.663512][ T5882] ? __lock_acquire+0xab9/0xd20
[ 147.663523][ T5882] ? netif_receive_skb+0x115/0x790
[ 147.663532][ T5882] ? netif_receive_skb+0x115/0x790
[ 147.663541][ T5882] __netif_receive_skb+0x72/0x380
[ 147.663552][ T5882] ? netif_receive_skb+0x115/0x790
[ 147.663569][ T5882] netif_receive_skb+0x1cb/0x790
[ 147.663579][ T5882] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 147.663590][ T5882] ? __pfx_netif_receive_skb+0x10/0x10
[ 147.663604][ T5882] ? __pfx__copy_from_iter+0x10/0x10
[ 147.663614][ T5882] ? sock_alloc_send_pskb+0x875/0x990
[ 147.663628][ T5882] ? tun_rx_batched+0x160/0x730
[ 147.663640][ T5882] tun_rx_batched+0x1b9/0x730
[ 147.663654][ T5882] ? __lock_acquire+0xab9/0xd20
[ 147.663664][ T5882] ? __pfx_tun_rx_batched+0x10/0x10
[ 147.663675][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 147.663688][ T5882] tun_get_user+0x298e/0x3ce0
[ 147.663699][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 147.663711][ T5882] ? aa_file_perm+0x11f/0xed0
[ 147.663721][ T5882] ? __pfx_tun_get_user+0x10/0x10
[ 147.663731][ T5882] ? aa_file_perm+0x3e7/0xed0
[ 147.663740][ T5882] ? __pfx_preempt_schedule+0x10/0x10
[ 147.663756][ T5882] ? ref_tracker_alloc+0x318/0x460
[ 147.663765][ T5882] ? __lock_acquire+0xab9/0xd20
[ 147.663774][ T5882] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 147.663784][ T5882] ? tun_get+0x1c/0x2f0
[ 147.663795][ T5882] ? tun_get+0x1c/0x2f0
[ 147.663804][ T5882] ? tun_get+0x1c/0x2f0
[ 147.663814][ T5882] tun_chr_write_iter+0x113/0x200
[ 147.663825][ T5882] vfs_write+0x54b/0xa90
[ 147.663837][ T5882] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 147.663847][ T5882] ? __pfx_vfs_write+0x10/0x10
[ 147.663861][ T5882] ? __fget_files+0x2a/0x420
[ 147.663875][ T5882] ksys_write+0x145/0x250
[ 147.663887][ T5882] ? __pfx_ksys_write+0x10/0x10
[ 147.663897][ T5882] ? rcu_is_watching+0x15/0xb0
[ 147.663910][ T5882] ? do_syscall_64+0xbe/0x3b0
[ 147.663921][ T5882] do_syscall_64+0xfa/0x3b0
[ 147.663931][ T5882] ? lockdep_hardirqs_on+0x9c/0x150
[ 147.663940][ T5882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.663950][ T5882] ? clear_bhb_loop+0x60/0xb0
[ 147.663961][ T5882] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.663971][ T5882] RIP: 0033:0x7fca7018d3df
[ 147.663981][ T5882] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 147.663990][ T5882] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 147.664014][ T5882] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 147.664021][ T5882] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 147.664028][ T5882] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 147.664034][ T5882] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 147.664040][ T5882] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 147.664051][ T5882]
[ 147.664059][ T5882] BUG: Bad page state in process syz.0.16 pfn:59747
[ 147.850851][ T5882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888059747dc0 pfn:0x59747
[ 147.855516][ T5882] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 147.858815][ T5882] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 147.862468][ T5882] raw: ffff888059747dc0 0000000000000001 00000000ffffffff 0000000000000000
[ 147.866356][ T5882] page dumped because: page_pool leak
[ 147.868802][ T5882] page_owner tracks the page as allocated
[ 147.871434][ T5882] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5882, tgid 5881 (syz.0.16), ts 146184772783, free_ts 146106568616
[ 147.878847][ T5882] post_alloc_hook+0x240/0x2a0
[ 147.880961][ T5882] get_page_from_freelist+0x21e4/0x22c0
[ 147.883444][ T5882] __alloc_frozen_pages_noprof+0x181/0x370
[ 147.886220][ T5882] alloc_pages_bulk_noprof+0x560/0x710
[ 147.888755][ T5882] __page_pool_alloc_pages_slow+0x127/0x740
[ 147.891378][ T5882] skb_pp_cow_data+0xb47/0x13e0
[ 147.893600][ T5882] do_xdp_generic+0x699/0x11a0
[ 147.895843][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 147.898353][ T5882] __netif_receive_skb+0x72/0x380
[ 147.900538][ T5882] netif_receive_skb+0x1cb/0x790
[ 147.902777][ T5882] tun_rx_batched+0x1b9/0x730
[ 147.904944][ T5882] tun_get_user+0x298e/0x3ce0
[ 147.907129][ T5882] tun_chr_write_iter+0x113/0x200
[ 147.909354][ T5882] vfs_write+0x54b/0xa90
[ 147.911258][ T5882] ksys_write+0x145/0x250
[ 147.913461][ T5882] do_syscall_64+0xfa/0x3b0
[ 147.915868][ T5882] page last free pid 15 tgid 15 stack trace:
[ 147.918469][ T5882] __free_frozen_pages+0xc71/0xe70
[ 147.920722][ T5882] __tlb_remove_table+0x2d2/0x3b0
[ 147.923207][ T5882] tlb_remove_table_rcu+0x85/0x100
[ 147.925796][ T5882] rcu_core+0xca5/0x1710
[ 147.927904][ T5882] handle_softirqs+0x286/0x870
[ 147.930089][ T5882] run_ksoftirqd+0x9b/0x100
[ 147.931995][ T5882] smpboot_thread_fn+0x53f/0xa60
[ 147.934198][ T5882] kthread+0x70e/0x8a0
[ 147.936120][ T5882] ret_from_fork+0x3fc/0x770
[ 147.938169][ T5882] ret_from_fork_asm+0x1a/0x30
[ 147.940274][ T5882] Modules linked in:
[ 147.942114][ T5882] CPU: 0 UID: 0 PID: 5882 Comm: syz.0.16 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 147.942132][ T5882] Tainted: [B]=BAD_PAGE
[ 147.942136][ T5882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 147.942143][ T5882] Call Trace:
[ 147.942150][ T5882]
[ 147.942157][ T5882] dump_stack_lvl+0x189/0x250
[ 147.942175][ T5882] ? __pfx_dump_stack_lvl+0x10/0x10
[ 147.942187][ T5882] ? __pfx_print_modules+0x10/0x10
[ 147.942206][ T5882] bad_page+0x180/0x1c0
[ 147.942219][ T5882] __free_frozen_pages+0xe17/0xe70
[ 147.942236][ T5882] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 147.942256][ T5882] bpf_xdp_adjust_tail+0x1d6/0x220
[ 147.942272][ T5882] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 147.942281][ T5882] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 147.942305][ T5882] do_xdp_generic+0x9f7/0x11a0
[ 147.942324][ T5882] ? __pfx_do_xdp_generic+0x10/0x10
[ 147.942338][ T5882] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 147.942361][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 147.942374][ T5882] ? __up_read+0x280/0x680
[ 147.942389][ T5882] ? __pfx___up_read+0x10/0x10
[ 147.942402][ T5882] ? do_user_addr_fault+0xbc1/0x1390
[ 147.942415][ T5882] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 147.942427][ T5882] ? irqentry_exit+0x74/0x90
[ 147.942439][ T5882] ? __lock_acquire+0xab9/0xd20
[ 147.942451][ T5882] ? netif_receive_skb+0x115/0x790
[ 147.942460][ T5882] ? netif_receive_skb+0x115/0x790
[ 147.942470][ T5882] __netif_receive_skb+0x72/0x380
[ 147.942483][ T5882] ? netif_receive_skb+0x115/0x790
[ 147.942492][ T5882] netif_receive_skb+0x1cb/0x790
[ 147.942507][ T5882] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 147.942520][ T5882] ? __pfx_netif_receive_skb+0x10/0x10
[ 147.942529][ T5882] ? __pfx__copy_from_iter+0x10/0x10
[ 147.942540][ T5882] ? sock_alloc_send_pskb+0x875/0x990
[ 147.942556][ T5882] ? tun_rx_batched+0x160/0x730
[ 147.942573][ T5882] tun_rx_batched+0x1b9/0x730
[ 147.942589][ T5882] ? __lock_acquire+0xab9/0xd20
[ 147.942601][ T5882] ? __pfx_tun_rx_batched+0x10/0x10
[ 147.942613][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 147.942627][ T5882] tun_get_user+0x298e/0x3ce0
[ 147.942640][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 147.942653][ T5882] ? aa_file_perm+0x11f/0xed0
[ 147.942668][ T5882] ? __pfx_tun_get_user+0x10/0x10
[ 147.942680][ T5882] ? aa_file_perm+0x3e7/0xed0
[ 147.942689][ T5882] ? __pfx_preempt_schedule+0x10/0x10
[ 147.942707][ T5882] ? ref_tracker_alloc+0x318/0x460
[ 147.942717][ T5882] ? __lock_acquire+0xab9/0xd20
[ 147.942728][ T5882] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 147.942739][ T5882] ? tun_get+0x1c/0x2f0
[ 147.942751][ T5882] ? tun_get+0x1c/0x2f0
[ 147.942762][ T5882] ? tun_get+0x1c/0x2f0
[ 147.942773][ T5882] tun_chr_write_iter+0x113/0x200
[ 147.942785][ T5882] vfs_write+0x54b/0xa90
[ 147.942799][ T5882] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 147.942811][ T5882] ? __pfx_vfs_write+0x10/0x10
[ 147.942825][ T5882] ? __fget_files+0x2a/0x420
[ 147.942841][ T5882] ksys_write+0x145/0x250
[ 147.942853][ T5882] ? __pfx_ksys_write+0x10/0x10
[ 147.942865][ T5882] ? rcu_is_watching+0x15/0xb0
[ 147.942879][ T5882] ? do_syscall_64+0xbe/0x3b0
[ 147.942892][ T5882] do_syscall_64+0xfa/0x3b0
[ 147.942902][ T5882] ? lockdep_hardirqs_on+0x9c/0x150
[ 147.942911][ T5882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.942922][ T5882] ? clear_bhb_loop+0x60/0xb0
[ 147.942934][ T5882] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.942945][ T5882] RIP: 0033:0x7fca7018d3df
[ 147.942956][ T5882] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 147.942964][ T5882] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 147.942976][ T5882] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 147.942984][ T5882] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 147.942991][ T5882] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 147.942999][ T5882] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 147.943006][ T5882] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 147.943018][ T5882]
[ 147.943026][ T5882] BUG: Bad page state in process syz.0.16 pfn:54d0f
[ 148.129627][ T5882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x54d0f
[ 148.133849][ T5882] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 148.137196][ T5882] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 148.141283][ T5882] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 148.145071][ T5882] page dumped because: page_pool leak
[ 148.147520][ T5882] page_owner tracks the page as allocated
[ 148.150060][ T5882] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5882, tgid 5881 (syz.0.16), ts 146184760394, free_ts 146106586018
[ 148.157688][ T5882] post_alloc_hook+0x240/0x2a0
[ 148.159899][ T5882] get_page_from_freelist+0x21e4/0x22c0
[ 148.162468][ T5882] __alloc_frozen_pages_noprof+0x181/0x370
[ 148.165055][ T5882] alloc_pages_bulk_noprof+0x560/0x710
[ 148.167554][ T5882] __page_pool_alloc_pages_slow+0x127/0x740
[ 148.170194][ T5882] skb_pp_cow_data+0xb47/0x13e0
[ 148.172437][ T5882] do_xdp_generic+0x699/0x11a0
[ 148.174641][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 148.177305][ T5882] __netif_receive_skb+0x72/0x380
[ 148.179538][ T5882] netif_receive_skb+0x1cb/0x790
[ 148.182081][ T5882] tun_rx_batched+0x1b9/0x730
[ 148.184458][ T5882] tun_get_user+0x298e/0x3ce0
[ 148.186905][ T5882] tun_chr_write_iter+0x113/0x200
[ 148.189202][ T5882] vfs_write+0x54b/0xa90
[ 148.191191][ T5882] ksys_write+0x145/0x250
[ 148.193227][ T5882] do_syscall_64+0xfa/0x3b0
[ 148.195369][ T5882] page last free pid 15 tgid 15 stack trace:
[ 148.198264][ T5882] __free_frozen_pages+0xc71/0xe70
[ 148.200572][ T5882] __tlb_remove_table+0x2d2/0x3b0
[ 148.202948][ T5882] tlb_remove_table_rcu+0x85/0x100
[ 148.205295][ T5882] rcu_core+0xca5/0x1710
[ 148.207355][ T5882] handle_softirqs+0x286/0x870
[ 148.209597][ T5882] run_ksoftirqd+0x9b/0x100
[ 148.211750][ T5882] smpboot_thread_fn+0x53f/0xa60
[ 148.213965][ T5882] kthread+0x70e/0x8a0
[ 148.215861][ T5882] ret_from_fork+0x3fc/0x770
[ 148.218220][ T5882] ret_from_fork_asm+0x1a/0x30
[ 148.220805][ T5882] Modules linked in:
[ 148.222683][ T5882] CPU: 0 UID: 0 PID: 5882 Comm: syz.0.16 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 148.222700][ T5882] Tainted: [B]=BAD_PAGE
[ 148.222704][ T5882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 148.222711][ T5882] Call Trace:
[ 148.222718][ T5882]
[ 148.222723][ T5882] dump_stack_lvl+0x189/0x250
[ 148.222739][ T5882] ? __pfx_dump_stack_lvl+0x10/0x10
[ 148.222750][ T5882] ? __pfx_print_modules+0x10/0x10
[ 148.222765][ T5882] bad_page+0x180/0x1c0
[ 148.222776][ T5882] __free_frozen_pages+0xe17/0xe70
[ 148.222791][ T5882] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 148.222808][ T5882] bpf_xdp_adjust_tail+0x1d6/0x220
[ 148.222822][ T5882] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 148.222832][ T5882] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 148.222855][ T5882] do_xdp_generic+0x9f7/0x11a0
[ 148.222870][ T5882] ? __pfx_do_xdp_generic+0x10/0x10
[ 148.222883][ T5882] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 148.222901][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 148.222913][ T5882] ? __up_read+0x280/0x680
[ 148.222927][ T5882] ? __pfx___up_read+0x10/0x10
[ 148.222939][ T5882] ? do_user_addr_fault+0xbc1/0x1390
[ 148.222951][ T5882] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 148.222962][ T5882] ? irqentry_exit+0x74/0x90
[ 148.222975][ T5882] ? __lock_acquire+0xab9/0xd20
[ 148.222982][ T5882] ? netif_receive_skb+0x115/0x790
[ 148.222988][ T5882] ? netif_receive_skb+0x115/0x790
[ 148.222994][ T5882] __netif_receive_skb+0x72/0x380
[ 148.223001][ T5882] ? netif_receive_skb+0x115/0x790
[ 148.223007][ T5882] netif_receive_skb+0x1cb/0x790
[ 148.223013][ T5882] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 148.223021][ T5882] ? __pfx_netif_receive_skb+0x10/0x10
[ 148.223029][ T5882] ? __pfx__copy_from_iter+0x10/0x10
[ 148.223038][ T5882] ? sock_alloc_send_pskb+0x875/0x990
[ 148.223058][ T5882] ? tun_rx_batched+0x160/0x730
[ 148.223070][ T5882] tun_rx_batched+0x1b9/0x730
[ 148.223081][ T5882] ? __lock_acquire+0xab9/0xd20
[ 148.223091][ T5882] ? __pfx_tun_rx_batched+0x10/0x10
[ 148.223102][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 148.223113][ T5882] tun_get_user+0x298e/0x3ce0
[ 148.223120][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 148.223127][ T5882] ? aa_file_perm+0x11f/0xed0
[ 148.223134][ T5882] ? __pfx_tun_get_user+0x10/0x10
[ 148.223140][ T5882] ? aa_file_perm+0x3e7/0xed0
[ 148.223146][ T5882] ? __pfx_preempt_schedule+0x10/0x10
[ 148.223156][ T5882] ? ref_tracker_alloc+0x318/0x460
[ 148.223162][ T5882] ? __lock_acquire+0xab9/0xd20
[ 148.223167][ T5882] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 148.223174][ T5882] ? tun_get+0x1c/0x2f0
[ 148.223184][ T5882] ? tun_get+0x1c/0x2f0
[ 148.223192][ T5882] ? tun_get+0x1c/0x2f0
[ 148.223201][ T5882] tun_chr_write_iter+0x113/0x200
[ 148.223212][ T5882] vfs_write+0x54b/0xa90
[ 148.223229][ T5882] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 148.223239][ T5882] ? __pfx_vfs_write+0x10/0x10
[ 148.223252][ T5882] ? __fget_files+0x2a/0x420
[ 148.223266][ T5882] ksys_write+0x145/0x250
[ 148.223277][ T5882] ? __pfx_ksys_write+0x10/0x10
[ 148.223288][ T5882] ? rcu_is_watching+0x15/0xb0
[ 148.223300][ T5882] ? do_syscall_64+0xbe/0x3b0
[ 148.223312][ T5882] do_syscall_64+0xfa/0x3b0
[ 148.223322][ T5882] ? lockdep_hardirqs_on+0x9c/0x150
[ 148.223329][ T5882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 148.223335][ T5882] ? clear_bhb_loop+0x60/0xb0
[ 148.223342][ T5882] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 148.223348][ T5882] RIP: 0033:0x7fca7018d3df
[ 148.223356][ T5882] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 148.223362][ T5882] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 148.223372][ T5882] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 148.223379][ T5882] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 148.223385][ T5882] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 148.223390][ T5882] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 148.223396][ T5882] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 148.223406][ T5882]
[ 148.223414][ T5882] BUG: Bad page state in process syz.0.16 pfn:59ca1
[ 148.419194][ T5882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888059ca1000 pfn:0x59ca1
[ 148.423679][ T5882] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 148.427153][ T5882] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 148.430892][ T5882] raw: ffff888059ca1000 0000000000000001 00000000ffffffff 0000000000000000
[ 148.434876][ T5882] page dumped because: page_pool leak
[ 148.437368][ T5882] page_owner tracks the page as allocated
[ 148.439872][ T5882] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5882, tgid 5881 (syz.0.16), ts 146184746703, free_ts 146106596648
[ 148.447574][ T5882] post_alloc_hook+0x240/0x2a0
[ 148.449802][ T5882] get_page_from_freelist+0x21e4/0x22c0
[ 148.452376][ T5882] __alloc_frozen_pages_noprof+0x181/0x370
[ 148.455046][ T5882] alloc_pages_bulk_noprof+0x560/0x710
[ 148.457601][ T5882] __page_pool_alloc_pages_slow+0x127/0x740
[ 148.460423][ T5882] skb_pp_cow_data+0xb47/0x13e0
[ 148.462788][ T5882] do_xdp_generic+0x699/0x11a0
[ 148.465135][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 148.467754][ T5882] __netif_receive_skb+0x72/0x380
[ 148.469999][ T5882] netif_receive_skb+0x1cb/0x790
[ 148.472178][ T5882] tun_rx_batched+0x1b9/0x730
[ 148.474303][ T5882] tun_get_user+0x298e/0x3ce0
[ 148.476496][ T5882] tun_chr_write_iter+0x113/0x200
[ 148.478796][ T5882] vfs_write+0x54b/0xa90
[ 148.480718][ T5882] ksys_write+0x145/0x250
[ 148.482794][ T5882] do_syscall_64+0xfa/0x3b0
[ 148.484970][ T5882] page last free pid 15 tgid 15 stack trace:
[ 148.487609][ T5882] __free_frozen_pages+0xc71/0xe70
[ 148.489873][ T5882] __tlb_remove_table+0x2d2/0x3b0
[ 148.492075][ T5882] tlb_remove_table_rcu+0x85/0x100
[ 148.494281][ T5882] rcu_core+0xca5/0x1710
[ 148.496287][ T5882] handle_softirqs+0x286/0x870
[ 148.498416][ T5882] run_ksoftirqd+0x9b/0x100
[ 148.500682][ T5882] smpboot_thread_fn+0x53f/0xa60
[ 148.503140][ T5882] kthread+0x70e/0x8a0
[ 148.505332][ T5882] ret_from_fork+0x3fc/0x770
[ 148.507511][ T5882] ret_from_fork_asm+0x1a/0x30
[ 148.509672][ T5882] Modules linked in:
[ 148.511440][ T5882] CPU: 0 UID: 0 PID: 5882 Comm: syz.0.16 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 148.511456][ T5882] Tainted: [B]=BAD_PAGE
[ 148.511460][ T5882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 148.511467][ T5882] Call Trace:
[ 148.511473][ T5882]
[ 148.511524][ T5882] dump_stack_lvl+0x189/0x250
[ 148.511541][ T5882] ? __pfx_dump_stack_lvl+0x10/0x10
[ 148.511552][ T5882] ? __pfx_print_modules+0x10/0x10
[ 148.511568][ T5882] bad_page+0x180/0x1c0
[ 148.511580][ T5882] __free_frozen_pages+0xe17/0xe70
[ 148.511595][ T5882] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 148.511614][ T5882] bpf_xdp_adjust_tail+0x1d6/0x220
[ 148.511628][ T5882] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 148.511635][ T5882] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 148.511655][ T5882] do_xdp_generic+0x9f7/0x11a0
[ 148.511671][ T5882] ? __pfx_do_xdp_generic+0x10/0x10
[ 148.511684][ T5882] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 148.511703][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 148.511714][ T5882] ? __up_read+0x280/0x680
[ 148.511727][ T5882] ? __pfx___up_read+0x10/0x10
[ 148.511738][ T5882] ? do_user_addr_fault+0xbc1/0x1390
[ 148.511748][ T5882] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 148.511759][ T5882] ? irqentry_exit+0x74/0x90
[ 148.511770][ T5882] ? __lock_acquire+0xab9/0xd20
[ 148.511779][ T5882] ? netif_receive_skb+0x115/0x790
[ 148.511789][ T5882] ? netif_receive_skb+0x115/0x790
[ 148.511798][ T5882] __netif_receive_skb+0x72/0x380
[ 148.511809][ T5882] ? netif_receive_skb+0x115/0x790
[ 148.511818][ T5882] netif_receive_skb+0x1cb/0x790
[ 148.511827][ T5882] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 148.511839][ T5882] ? __pfx_netif_receive_skb+0x10/0x10
[ 148.511849][ T5882] ? __pfx__copy_from_iter+0x10/0x10
[ 148.511860][ T5882] ? sock_alloc_send_pskb+0x875/0x990
[ 148.511877][ T5882] ? tun_rx_batched+0x160/0x730
[ 148.511889][ T5882] tun_rx_batched+0x1b9/0x730
[ 148.511900][ T5882] ? __lock_acquire+0xab9/0xd20
[ 148.511911][ T5882] ? __pfx_tun_rx_batched+0x10/0x10
[ 148.511924][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 148.511937][ T5882] tun_get_user+0x298e/0x3ce0
[ 148.511949][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 148.511962][ T5882] ? aa_file_perm+0x11f/0xed0
[ 148.511971][ T5882] ? __pfx_tun_get_user+0x10/0x10
[ 148.511982][ T5882] ? aa_file_perm+0x3e7/0xed0
[ 148.511991][ T5882] ? __pfx_preempt_schedule+0x10/0x10
[ 148.512008][ T5882] ? ref_tracker_alloc+0x318/0x460
[ 148.512019][ T5882] ? __lock_acquire+0xab9/0xd20
[ 148.512029][ T5882] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 148.512039][ T5882] ? tun_get+0x1c/0x2f0
[ 148.512050][ T5882] ? tun_get+0x1c/0x2f0
[ 148.512059][ T5882] ? tun_get+0x1c/0x2f0
[ 148.512071][ T5882] tun_chr_write_iter+0x113/0x200
[ 148.512083][ T5882] vfs_write+0x54b/0xa90
[ 148.512096][ T5882] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 148.512108][ T5882] ? __pfx_vfs_write+0x10/0x10
[ 148.512122][ T5882] ? __fget_files+0x2a/0x420
[ 148.512136][ T5882] ksys_write+0x145/0x250
[ 148.512147][ T5882] ? __pfx_ksys_write+0x10/0x10
[ 148.512158][ T5882] ? rcu_is_watching+0x15/0xb0
[ 148.512171][ T5882] ? do_syscall_64+0xbe/0x3b0
[ 148.512183][ T5882] do_syscall_64+0xfa/0x3b0
[ 148.512192][ T5882] ? lockdep_hardirqs_on+0x9c/0x150
[ 148.512200][ T5882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 148.512210][ T5882] ? clear_bhb_loop+0x60/0xb0
[ 148.512221][ T5882] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 148.512230][ T5882] RIP: 0033:0x7fca7018d3df
[ 148.512254][ T5882] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 148.512263][ T5882] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 148.512274][ T5882] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 148.512281][ T5882] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 148.512288][ T5882] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 148.512294][ T5882] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 148.512307][ T5882] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 148.512317][ T5882]
[ 148.512365][ T5882] BUG: Bad page state in process syz.0.16 pfn:34bcb
[ 148.700044][ T5882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888034bcbe00 pfn:0x34bcb
[ 148.704471][ T5882] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 148.707770][ T5882] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 148.711585][ T5882] raw: ffff888034bcbe00 0000000000000001 00000000ffffffff 0000000000000000
[ 148.715387][ T5882] page dumped because: page_pool leak
[ 148.717832][ T5882] page_owner tracks the page as allocated
[ 148.720240][ T5882] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5882, tgid 5881 (syz.0.16), ts 146184733954, free_ts 146159128962
[ 148.727229][ T5882] post_alloc_hook+0x240/0x2a0
[ 148.729357][ T5882] get_page_from_freelist+0x21e4/0x22c0
[ 148.731824][ T5882] __alloc_frozen_pages_noprof+0x181/0x370
[ 148.734474][ T5882] alloc_pages_bulk_noprof+0x560/0x710
[ 148.737012][ T5882] __page_pool_alloc_pages_slow+0x127/0x740
[ 148.739606][ T5882] skb_pp_cow_data+0xb47/0x13e0
[ 148.741727][ T5882] do_xdp_generic+0x699/0x11a0
[ 148.743926][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 148.746474][ T5882] __netif_receive_skb+0x72/0x380
[ 148.748623][ T5882] netif_receive_skb+0x1cb/0x790
[ 148.750777][ T5882] tun_rx_batched+0x1b9/0x730
[ 148.752796][ T5882] tun_get_user+0x298e/0x3ce0
[ 148.754943][ T5882] tun_chr_write_iter+0x113/0x200
[ 148.757313][ T5882] vfs_write+0x54b/0xa90
[ 148.759152][ T5882] ksys_write+0x145/0x250
[ 148.761141][ T5882] do_syscall_64+0xfa/0x3b0
[ 148.763233][ T5882] page last free pid 5788 tgid 5788 stack trace:
[ 148.765974][ T5882] __free_frozen_pages+0xc71/0xe70
[ 148.768236][ T5882] __put_partials+0x161/0x1c0
[ 148.770350][ T5882] put_cpu_partial+0x17c/0x250
[ 148.772585][ T5882] __slab_free+0x2f7/0x400
[ 148.774561][ T5882] qlist_free_all+0x97/0x140
[ 148.776666][ T5882] kasan_quarantine_reduce+0x148/0x160
[ 148.778974][ T5882] __kasan_slab_alloc+0x22/0x80
[ 148.781074][ T5882] __kmalloc_noprof+0x224/0x4f0
[ 148.783292][ T5882] tomoyo_realpath_from_path+0xe3/0x5d0
[ 148.785729][ T5882] tomoyo_path2_perm+0x288/0x680
[ 148.787830][ T5882] tomoyo_path_rename+0x141/0x190
[ 148.790008][ T5882] security_path_rename+0x250/0x490
[ 148.792266][ T5882] do_renameat2+0x64d/0xc50
[ 148.794307][ T5882] __x64_sys_rename+0x82/0x90
[ 148.796624][ T5882] do_syscall_64+0xfa/0x3b0
[ 148.798651][ T5882] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 148.801239][ T5882] Modules linked in:
[ 148.802900][ T5882] CPU: 0 UID: 0 PID: 5882 Comm: syz.0.16 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 148.802917][ T5882] Tainted: [B]=BAD_PAGE
[ 148.802921][ T5882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 148.802928][ T5882] Call Trace:
[ 148.802935][ T5882]
[ 148.802941][ T5882] dump_stack_lvl+0x189/0x250
[ 148.802958][ T5882] ? __pfx_dump_stack_lvl+0x10/0x10
[ 148.802969][ T5882] ? __pfx_print_modules+0x10/0x10
[ 148.802986][ T5882] bad_page+0x180/0x1c0
[ 148.802997][ T5882] __free_frozen_pages+0xe17/0xe70
[ 148.803013][ T5882] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 148.803033][ T5882] bpf_xdp_adjust_tail+0x1d6/0x220
[ 148.803046][ T5882] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 148.803054][ T5882] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 148.803075][ T5882] do_xdp_generic+0x9f7/0x11a0
[ 148.803091][ T5882] ? __pfx_do_xdp_generic+0x10/0x10
[ 148.803104][ T5882] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 148.803122][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 148.803134][ T5882] ? __up_read+0x280/0x680
[ 148.803147][ T5882] ? __pfx___up_read+0x10/0x10
[ 148.803159][ T5882] ? do_user_addr_fault+0xbc1/0x1390
[ 148.803170][ T5882] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 148.803179][ T5882] ? irqentry_exit+0x74/0x90
[ 148.803191][ T5882] ? __lock_acquire+0xab9/0xd20
[ 148.803201][ T5882] ? netif_receive_skb+0x115/0x790
[ 148.803210][ T5882] ? netif_receive_skb+0x115/0x790
[ 148.803219][ T5882] __netif_receive_skb+0x72/0x380
[ 148.803230][ T5882] ? netif_receive_skb+0x115/0x790
[ 148.803239][ T5882] netif_receive_skb+0x1cb/0x790
[ 148.803249][ T5882] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 148.803260][ T5882] ? __pfx_netif_receive_skb+0x10/0x10
[ 148.803269][ T5882] ? __pfx__copy_from_iter+0x10/0x10
[ 148.803279][ T5882] ? sock_alloc_send_pskb+0x875/0x990
[ 148.803293][ T5882] ? tun_rx_batched+0x160/0x730
[ 148.803305][ T5882] tun_rx_batched+0x1b9/0x730
[ 148.803315][ T5882] ? __lock_acquire+0xab9/0xd20
[ 148.803334][ T5882] ? __pfx_tun_rx_batched+0x10/0x10
[ 148.803344][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 148.803357][ T5882] tun_get_user+0x298e/0x3ce0
[ 148.803368][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 148.803380][ T5882] ? aa_file_perm+0x11f/0xed0
[ 148.803390][ T5882] ? __pfx_tun_get_user+0x10/0x10
[ 148.803399][ T5882] ? aa_file_perm+0x3e7/0xed0
[ 148.803408][ T5882] ? __pfx_preempt_schedule+0x10/0x10
[ 148.803423][ T5882] ? ref_tracker_alloc+0x318/0x460
[ 148.803432][ T5882] ? __lock_acquire+0xab9/0xd20
[ 148.803442][ T5882] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 148.803451][ T5882] ? tun_get+0x1c/0x2f0
[ 148.803460][ T5882] ? tun_get+0x1c/0x2f0
[ 148.803469][ T5882] ? tun_get+0x1c/0x2f0
[ 148.803480][ T5882] tun_chr_write_iter+0x113/0x200
[ 148.803490][ T5882] vfs_write+0x54b/0xa90
[ 148.803503][ T5882] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 148.803512][ T5882] ? __pfx_vfs_write+0x10/0x10
[ 148.803524][ T5882] ? __fget_files+0x2a/0x420
[ 148.803539][ T5882] ksys_write+0x145/0x250
[ 148.803550][ T5882] ? __pfx_ksys_write+0x10/0x10
[ 148.803559][ T5882] ? rcu_is_watching+0x15/0xb0
[ 148.803571][ T5882] ? do_syscall_64+0xbe/0x3b0
[ 148.803581][ T5882] do_syscall_64+0xfa/0x3b0
[ 148.803591][ T5882] ? lockdep_hardirqs_on+0x9c/0x150
[ 148.803600][ T5882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 148.803610][ T5882] ? clear_bhb_loop+0x60/0xb0
[ 148.803620][ T5882] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 148.803630][ T5882] RIP: 0033:0x7fca7018d3df
[ 148.803640][ T5882] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 148.803649][ T5882] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 148.803662][ T5882] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 148.803669][ T5882] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 148.803674][ T5882] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 148.803680][ T5882] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 148.803686][ T5882] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 148.803697][ T5882]
[ 148.803761][ T5882] BUG: Bad page state in process syz.0.16 pfn:54c57
[ 148.984935][ T5882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888054c57f50 pfn:0x54c57
[ 148.989356][ T5882] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 148.992461][ T5882] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 148.996229][ T5882] raw: ffff888054c57f50 0000000000000001 00000000ffffffff 0000000000000000
[ 149.000033][ T5882] page dumped because: page_pool leak
[ 149.002519][ T5882] page_owner tracks the page as allocated
[ 149.004916][ T5882] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5882, tgid 5881 (syz.0.16), ts 146184720456, free_ts 146159193927
[ 149.011959][ T5882] post_alloc_hook+0x240/0x2a0
[ 149.014157][ T5882] get_page_from_freelist+0x21e4/0x22c0
[ 149.016666][ T5882] __alloc_frozen_pages_noprof+0x181/0x370
[ 149.019156][ T5882] alloc_pages_bulk_noprof+0x560/0x710
[ 149.021652][ T5882] __page_pool_alloc_pages_slow+0x127/0x740
[ 149.024203][ T5882] skb_pp_cow_data+0xb47/0x13e0
[ 149.026470][ T5882] do_xdp_generic+0x699/0x11a0
[ 149.028626][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 149.031203][ T5882] __netif_receive_skb+0x72/0x380
[ 149.033390][ T5882] netif_receive_skb+0x1cb/0x790
[ 149.035607][ T5882] tun_rx_batched+0x1b9/0x730
[ 149.037747][ T5882] tun_get_user+0x298e/0x3ce0
[ 149.039764][ T5882] tun_chr_write_iter+0x113/0x200
[ 149.041941][ T5882] vfs_write+0x54b/0xa90
[ 149.043793][ T5882] ksys_write+0x145/0x250
[ 149.045753][ T5882] do_syscall_64+0xfa/0x3b0
[ 149.047735][ T5882] page last free pid 5788 tgid 5788 stack trace:
[ 149.050397][ T5882] __free_frozen_pages+0xc71/0xe70
[ 149.052526][ T5882] __put_partials+0x161/0x1c0
[ 149.054605][ T5882] put_cpu_partial+0x17c/0x250
[ 149.056789][ T5882] __slab_free+0x2f7/0x400
[ 149.058697][ T5882] qlist_free_all+0x97/0x140
[ 149.060676][ T5882] kasan_quarantine_reduce+0x148/0x160
[ 149.063089][ T5882] __kasan_slab_alloc+0x22/0x80
[ 149.065232][ T5882] __kmalloc_noprof+0x224/0x4f0
[ 149.067460][ T5882] tomoyo_realpath_from_path+0xe3/0x5d0
[ 149.069798][ T5882] tomoyo_path2_perm+0x288/0x680
[ 149.072009][ T5882] tomoyo_path_rename+0x141/0x190
[ 149.074156][ T5882] security_path_rename+0x250/0x490
[ 149.076496][ T5882] do_renameat2+0x64d/0xc50
[ 149.078575][ T5882] __x64_sys_rename+0x82/0x90
[ 149.080717][ T5882] do_syscall_64+0xfa/0x3b0
[ 149.082672][ T5882] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 149.085204][ T5882] Modules linked in:
[ 149.087019][ T5882] CPU: 0 UID: 0 PID: 5882 Comm: syz.0.16 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 149.087035][ T5882] Tainted: [B]=BAD_PAGE
[ 149.087039][ T5882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 149.087048][ T5882] Call Trace:
[ 149.087055][ T5882]
[ 149.087060][ T5882] dump_stack_lvl+0x189/0x250
[ 149.087076][ T5882] ? __pfx_dump_stack_lvl+0x10/0x10
[ 149.087086][ T5882] ? __pfx_print_modules+0x10/0x10
[ 149.087103][ T5882] bad_page+0x180/0x1c0
[ 149.087114][ T5882] __free_frozen_pages+0xe17/0xe70
[ 149.087129][ T5882] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 149.087146][ T5882] bpf_xdp_adjust_tail+0x1d6/0x220
[ 149.087159][ T5882] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 149.087168][ T5882] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 149.087189][ T5882] do_xdp_generic+0x9f7/0x11a0
[ 149.087205][ T5882] ? __pfx_do_xdp_generic+0x10/0x10
[ 149.087218][ T5882] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 149.087237][ T5882] __netif_receive_skb_core+0x1823/0x4180
[ 149.087255][ T5882] ? __up_read+0x280/0x680
[ 149.087269][ T5882] ? __pfx___up_read+0x10/0x10
[ 149.087281][ T5882] ? do_user_addr_fault+0xbc1/0x1390
[ 149.087292][ T5882] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 149.087303][ T5882] ? irqentry_exit+0x74/0x90
[ 149.087314][ T5882] ? __lock_acquire+0xab9/0xd20
[ 149.087324][ T5882] ? netif_receive_skb+0x115/0x790
[ 149.087334][ T5882] ? netif_receive_skb+0x115/0x790
[ 149.087343][ T5882] __netif_receive_skb+0x72/0x380
[ 149.087353][ T5882] ? netif_receive_skb+0x115/0x790
[ 149.087362][ T5882] netif_receive_skb+0x1cb/0x790
[ 149.087370][ T5882] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 149.087382][ T5882] ? __pfx_netif_receive_skb+0x10/0x10
[ 149.087390][ T5882] ? __pfx__copy_from_iter+0x10/0x10
[ 149.087401][ T5882] ? sock_alloc_send_pskb+0x875/0x990
[ 149.087415][ T5882] ? tun_rx_batched+0x160/0x730
[ 149.087427][ T5882] tun_rx_batched+0x1b9/0x730
[ 149.087438][ T5882] ? __lock_acquire+0xab9/0xd20
[ 149.087448][ T5882] ? __pfx_tun_rx_batched+0x10/0x10
[ 149.087460][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 149.087472][ T5882] tun_get_user+0x298e/0x3ce0
[ 149.087482][ T5882] ? tun_get_user+0x2549/0x3ce0
[ 149.087493][ T5882] ? aa_file_perm+0x11f/0xed0
[ 149.087502][ T5882] ? __pfx_tun_get_user+0x10/0x10
[ 149.087512][ T5882] ? aa_file_perm+0x3e7/0xed0
[ 149.087520][ T5882] ? __pfx_preempt_schedule+0x10/0x10
[ 149.087537][ T5882] ? ref_tracker_alloc+0x318/0x460
[ 149.087546][ T5882] ? __lock_acquire+0xab9/0xd20
[ 149.087554][ T5882] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 149.087563][ T5882] ? tun_get+0x1c/0x2f0
[ 149.087573][ T5882] ? tun_get+0x1c/0x2f0
[ 149.087583][ T5882] ? tun_get+0x1c/0x2f0
[ 149.087593][ T5882] tun_chr_write_iter+0x113/0x200
[ 149.087603][ T5882] vfs_write+0x54b/0xa90
[ 149.087616][ T5882] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 149.087626][ T5882] ? __pfx_vfs_write+0x10/0x10
[ 149.087639][ T5882] ? __fget_files+0x2a/0x420
[ 149.087655][ T5882] ksys_write+0x145/0x250
[ 149.087665][ T5882] ? __pfx_ksys_write+0x10/0x10
[ 149.087674][ T5882] ? rcu_is_watching+0x15/0xb0
[ 149.087686][ T5882] ? do_syscall_64+0xbe/0x3b0
[ 149.087697][ T5882] do_syscall_64+0xfa/0x3b0
[ 149.087707][ T5882] ? lockdep_hardirqs_on+0x9c/0x150
[ 149.087716][ T5882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 149.087726][ T5882] ? clear_bhb_loop+0x60/0xb0
[ 149.087736][ T5882] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 149.087745][ T5882] RIP: 0033:0x7fca7018d3df
[ 149.087754][ T5882] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 149.087762][ T5882] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 149.087773][ T5882] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 149.087780][ T5882] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 149.087787][ T5882] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 149.087793][ T5882] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 149.087799][ T5882] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 149.087810][ T5882]
[ 149.278167][ T4690] Bluetooth: hci0: command tx timeout
[ 149.598020][ T5893] BUG: Bad page state in process syz.0.17 pfn:4bd6f
[ 149.601140][ T5893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x4bd6f
[ 149.605597][ T5893] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 149.608816][ T5893] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 149.612392][ T5893] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 149.616173][ T5893] page dumped because: page_pool leak
[ 149.618715][ T5893] page_owner tracks the page as allocated
[ 149.621254][ T5893] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5893, tgid 5891 (syz.0.17), ts 149597958549, free_ts 149596233870
[ 149.628490][ T5893] post_alloc_hook+0x240/0x2a0
[ 149.630594][ T5893] get_page_from_freelist+0x21e4/0x22c0
[ 149.633135][ T5893] __alloc_frozen_pages_noprof+0x181/0x370
[ 149.635550][ T5893] alloc_pages_bulk_noprof+0x560/0x710
[ 149.637993][ T5893] __page_pool_alloc_pages_slow+0x127/0x740
[ 149.640511][ T5893] skb_pp_cow_data+0xb47/0x13e0
[ 149.642507][ T5893] do_xdp_generic+0x699/0x11a0
[ 149.644495][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 149.646968][ T5893] __netif_receive_skb+0x72/0x380
[ 149.649672][ T5893] netif_receive_skb+0x1cb/0x790
[ 149.651828][ T5893] tun_rx_batched+0x1b9/0x730
[ 149.653822][ T5893] tun_get_user+0x298e/0x3ce0
[ 149.655919][ T5893] tun_chr_write_iter+0x113/0x200
[ 149.658083][ T5893] vfs_write+0x54b/0xa90
[ 149.659985][ T5893] ksys_write+0x145/0x250
[ 149.661940][ T5893] do_syscall_64+0xfa/0x3b0
[ 149.664020][ T5893] page last free pid 50 tgid 50 stack trace:
[ 149.666767][ T5893] __free_frozen_pages+0xc71/0xe70
[ 149.669011][ T5893] __tlb_remove_table+0x2d2/0x3b0
[ 149.671302][ T5893] tlb_remove_table_rcu+0x85/0x100
[ 149.673605][ T5893] rcu_core+0xca5/0x1710
[ 149.675489][ T5893] handle_softirqs+0x286/0x870
[ 149.677744][ T5893] do_softirq+0xec/0x180
[ 149.679541][ T5893] __local_bh_enable_ip+0x17d/0x1c0
[ 149.681885][ T5893] srcu_invoke_callbacks+0x215/0x450
[ 149.684536][ T5893] process_scheduled_works+0xade/0x17b0
[ 149.687400][ T5893] worker_thread+0x8a0/0xda0
[ 149.689507][ T5893] kthread+0x70e/0x8a0
[ 149.691240][ T5893] ret_from_fork+0x3fc/0x770
[ 149.693404][ T5893] ret_from_fork_asm+0x1a/0x30
[ 149.695497][ T5893] Modules linked in:
[ 149.697366][ T5893] CPU: 0 UID: 0 PID: 5893 Comm: syz.0.17 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 149.697383][ T5893] Tainted: [B]=BAD_PAGE
[ 149.697386][ T5893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 149.697393][ T5893] Call Trace:
[ 149.697400][ T5893]
[ 149.697405][ T5893] dump_stack_lvl+0x189/0x250
[ 149.697434][ T5893] ? __pfx_dump_stack_lvl+0x10/0x10
[ 149.697446][ T5893] ? __pfx_print_modules+0x10/0x10
[ 149.697459][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 149.697471][ T5893] bad_page+0x180/0x1c0
[ 149.697484][ T5893] __free_frozen_pages+0xe17/0xe70
[ 149.697500][ T5893] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 149.697519][ T5893] bpf_xdp_adjust_tail+0x1d6/0x220
[ 149.697532][ T5893] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 149.697541][ T5893] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 149.697564][ T5893] do_xdp_generic+0x9f7/0x11a0
[ 149.697580][ T5893] ? __pfx_do_xdp_generic+0x10/0x10
[ 149.697592][ T5893] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 149.697613][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 149.697624][ T5893] ? __up_read+0x280/0x680
[ 149.697637][ T5893] ? __pfx___up_read+0x10/0x10
[ 149.697649][ T5893] ? lock_release+0x4b/0x3e0
[ 149.697660][ T5893] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 149.697671][ T5893] ? rcu_is_watching+0x15/0xb0
[ 149.697684][ T5893] ? irqentry_exit+0x74/0x90
[ 149.697693][ T5893] ? exc_page_fault+0x9f/0xf0
[ 149.697708][ T5893] ? netif_receive_skb+0x115/0x790
[ 149.697716][ T5893] ? rcu_is_watching+0x15/0xb0
[ 149.697728][ T5893] ? lock_acquire+0x5f/0x360
[ 149.697738][ T5893] __netif_receive_skb+0x72/0x380
[ 149.697749][ T5893] ? netif_receive_skb+0x115/0x790
[ 149.697758][ T5893] netif_receive_skb+0x1cb/0x790
[ 149.697767][ T5893] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 149.697779][ T5893] ? __pfx_netif_receive_skb+0x10/0x10
[ 149.697787][ T5893] ? __pfx__copy_from_iter+0x10/0x10
[ 149.697797][ T5893] ? sock_alloc_send_pskb+0x875/0x990
[ 149.697811][ T5893] ? tun_rx_batched+0x160/0x730
[ 149.697823][ T5893] tun_rx_batched+0x1b9/0x730
[ 149.697836][ T5893] ? skb_header_pointer+0x8e/0x120
[ 149.697852][ T5893] ? __pfx_tun_rx_batched+0x10/0x10
[ 149.697862][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 149.697871][ T5893] ? rcu_is_watching+0x15/0xb0
[ 149.697878][ T5893] ? lock_acquire+0x5f/0x360
[ 149.697884][ T5893] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 149.697892][ T5893] tun_get_user+0x298e/0x3ce0
[ 149.697901][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 149.697910][ T5893] ? aa_file_perm+0x11f/0xed0
[ 149.697921][ T5893] ? rcu_is_watching+0x15/0xb0
[ 149.697931][ T5893] ? lock_release+0x4b/0x3e0
[ 149.697941][ T5893] ? __pfx_tun_get_user+0x10/0x10
[ 149.697951][ T5893] ? aa_file_perm+0x3e7/0xed0
[ 149.697960][ T5893] ? __pfx_preempt_schedule+0x10/0x10
[ 149.697975][ T5893] ? ref_tracker_alloc+0x318/0x460
[ 149.697985][ T5893] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 149.697993][ T5893] ? futex_private_hash_put+0x23a/0x290
[ 149.698005][ T5893] ? tun_get+0x1c/0x2f0
[ 149.698014][ T5893] ? tun_get+0x1c/0x2f0
[ 149.698023][ T5893] ? rcu_is_watching+0x15/0xb0
[ 149.698033][ T5893] ? tun_get+0x1c/0x2f0
[ 149.698041][ T5893] ? lock_release+0x4b/0x3e0
[ 149.698050][ T5893] ? tun_get+0x1c/0x2f0
[ 149.698059][ T5893] tun_chr_write_iter+0x113/0x200
[ 149.698070][ T5893] vfs_write+0x54b/0xa90
[ 149.698082][ T5893] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 149.698093][ T5893] ? __pfx_vfs_write+0x10/0x10
[ 149.698106][ T5893] ? __fget_files+0x2a/0x420
[ 149.698122][ T5893] ksys_write+0x145/0x250
[ 149.698134][ T5893] ? __pfx_ksys_write+0x10/0x10
[ 149.698142][ T5893] ? rcu_is_watching+0x15/0xb0
[ 149.698149][ T5893] ? rcu_is_watching+0x15/0xb0
[ 149.698160][ T5893] do_syscall_64+0xfa/0x3b0
[ 149.698170][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 149.698179][ T5893] ? clear_bhb_loop+0x60/0xb0
[ 149.698189][ T5893] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 149.698199][ T5893] RIP: 0033:0x7fca7018d3df
[ 149.698210][ T5893] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 149.698219][ T5893] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 149.698231][ T5893] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 149.698239][ T5893] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 149.698245][ T5893] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 149.698250][ T5893] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 149.698256][ T5893] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 149.698266][ T5893]
[ 149.698275][ T5893] BUG: Bad page state in process syz.0.17 pfn:44c5c
[ 149.905183][ T5893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x44c5c
[ 149.909426][ T5893] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 149.912543][ T5893] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 149.916321][ T5893] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 149.920009][ T5893] page dumped because: page_pool leak
[ 149.922732][ T5893] page_owner tracks the page as allocated
[ 149.925142][ T5893] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5893, tgid 5891 (syz.0.17), ts 149597949843, free_ts 149596243267
[ 149.932250][ T5893] post_alloc_hook+0x240/0x2a0
[ 149.934486][ T5893] get_page_from_freelist+0x21e4/0x22c0
[ 149.936948][ T5893] __alloc_frozen_pages_noprof+0x181/0x370
[ 149.939377][ T5893] alloc_pages_bulk_noprof+0x560/0x710
[ 149.941763][ T5893] __page_pool_alloc_pages_slow+0x127/0x740
[ 149.944301][ T5893] skb_pp_cow_data+0xb47/0x13e0
[ 149.946473][ T5893] do_xdp_generic+0x699/0x11a0
[ 149.948435][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 149.950880][ T5893] __netif_receive_skb+0x72/0x380
[ 149.953196][ T5893] netif_receive_skb+0x1cb/0x790
[ 149.955466][ T5893] tun_rx_batched+0x1b9/0x730
[ 149.957802][ T5893] tun_get_user+0x298e/0x3ce0
[ 149.959896][ T5893] tun_chr_write_iter+0x113/0x200
[ 149.962020][ T5893] vfs_write+0x54b/0xa90
[ 149.963876][ T5893] ksys_write+0x145/0x250
[ 149.965838][ T5893] do_syscall_64+0xfa/0x3b0
[ 149.967838][ T5893] page last free pid 50 tgid 50 stack trace:
[ 149.970421][ T5893] __free_frozen_pages+0xc71/0xe70
[ 149.972615][ T5893] __tlb_remove_table+0x2d2/0x3b0
[ 149.974820][ T5893] tlb_remove_table_rcu+0x85/0x100
[ 149.977177][ T5893] rcu_core+0xca5/0x1710
[ 149.979079][ T5893] handle_softirqs+0x286/0x870
[ 149.981165][ T5893] do_softirq+0xec/0x180
[ 149.983071][ T5893] __local_bh_enable_ip+0x17d/0x1c0
[ 149.985310][ T5893] srcu_invoke_callbacks+0x215/0x450
[ 149.987674][ T5893] process_scheduled_works+0xade/0x17b0
[ 149.990102][ T5893] worker_thread+0x8a0/0xda0
[ 149.992239][ T5893] kthread+0x70e/0x8a0
[ 149.994281][ T5893] ret_from_fork+0x3fc/0x770
[ 149.996608][ T5893] ret_from_fork_asm+0x1a/0x30
[ 149.998697][ T5893] Modules linked in:
[ 150.000437][ T5893] CPU: 0 UID: 0 PID: 5893 Comm: syz.0.17 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 150.000455][ T5893] Tainted: [B]=BAD_PAGE
[ 150.000459][ T5893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 150.000465][ T5893] Call Trace:
[ 150.000472][ T5893]
[ 150.000478][ T5893] dump_stack_lvl+0x189/0x250
[ 150.000495][ T5893] ? __pfx_dump_stack_lvl+0x10/0x10
[ 150.000507][ T5893] ? __pfx_print_modules+0x10/0x10
[ 150.000521][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.000534][ T5893] bad_page+0x180/0x1c0
[ 150.000544][ T5893] __free_frozen_pages+0xe17/0xe70
[ 150.000561][ T5893] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 150.000578][ T5893] bpf_xdp_adjust_tail+0x1d6/0x220
[ 150.000591][ T5893] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 150.000600][ T5893] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 150.000623][ T5893] do_xdp_generic+0x9f7/0x11a0
[ 150.000641][ T5893] ? __pfx_do_xdp_generic+0x10/0x10
[ 150.000653][ T5893] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 150.000675][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 150.000685][ T5893] ? __up_read+0x280/0x680
[ 150.000700][ T5893] ? __pfx___up_read+0x10/0x10
[ 150.000711][ T5893] ? lock_release+0x4b/0x3e0
[ 150.000724][ T5893] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 150.000734][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.000769][ T5893] ? irqentry_exit+0x74/0x90
[ 150.000780][ T5893] ? exc_page_fault+0x9f/0xf0
[ 150.000796][ T5893] ? netif_receive_skb+0x115/0x790
[ 150.000805][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.000815][ T5893] ? lock_acquire+0x5f/0x360
[ 150.000825][ T5893] __netif_receive_skb+0x72/0x380
[ 150.000836][ T5893] ? netif_receive_skb+0x115/0x790
[ 150.000845][ T5893] netif_receive_skb+0x1cb/0x790
[ 150.000854][ T5893] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 150.000866][ T5893] ? __pfx_netif_receive_skb+0x10/0x10
[ 150.000874][ T5893] ? __pfx__copy_from_iter+0x10/0x10
[ 150.000884][ T5893] ? sock_alloc_send_pskb+0x875/0x990
[ 150.000899][ T5893] ? tun_rx_batched+0x160/0x730
[ 150.000910][ T5893] tun_rx_batched+0x1b9/0x730
[ 150.000920][ T5893] ? skb_header_pointer+0x8e/0x120
[ 150.000934][ T5893] ? __pfx_tun_rx_batched+0x10/0x10
[ 150.000945][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 150.000954][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.000964][ T5893] ? lock_acquire+0x5f/0x360
[ 150.000972][ T5893] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 150.000984][ T5893] tun_get_user+0x298e/0x3ce0
[ 150.000996][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 150.001006][ T5893] ? aa_file_perm+0x11f/0xed0
[ 150.001015][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.001025][ T5893] ? lock_release+0x4b/0x3e0
[ 150.001035][ T5893] ? __pfx_tun_get_user+0x10/0x10
[ 150.001046][ T5893] ? aa_file_perm+0x3e7/0xed0
[ 150.001062][ T5893] ? __pfx_preempt_schedule+0x10/0x10
[ 150.001077][ T5893] ? ref_tracker_alloc+0x318/0x460
[ 150.001087][ T5893] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 150.001094][ T5893] ? futex_private_hash_put+0x23a/0x290
[ 150.001106][ T5893] ? tun_get+0x1c/0x2f0
[ 150.001116][ T5893] ? tun_get+0x1c/0x2f0
[ 150.001124][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.001135][ T5893] ? tun_get+0x1c/0x2f0
[ 150.001144][ T5893] ? lock_release+0x4b/0x3e0
[ 150.001153][ T5893] ? tun_get+0x1c/0x2f0
[ 150.001163][ T5893] tun_chr_write_iter+0x113/0x200
[ 150.001173][ T5893] vfs_write+0x54b/0xa90
[ 150.001186][ T5893] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 150.001196][ T5893] ? __pfx_vfs_write+0x10/0x10
[ 150.001208][ T5893] ? __fget_files+0x2a/0x420
[ 150.001224][ T5893] ksys_write+0x145/0x250
[ 150.001236][ T5893] ? __pfx_ksys_write+0x10/0x10
[ 150.001246][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.001258][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.001270][ T5893] do_syscall_64+0xfa/0x3b0
[ 150.001281][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.001289][ T5893] ? clear_bhb_loop+0x60/0xb0
[ 150.001300][ T5893] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.001310][ T5893] RIP: 0033:0x7fca7018d3df
[ 150.001321][ T5893] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 150.001330][ T5893] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 150.001342][ T5893] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 150.001350][ T5893] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 150.001357][ T5893] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 150.001363][ T5893] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 150.001370][ T5893] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 150.001379][ T5893]
[ 150.001389][ T5893] BUG: Bad page state in process syz.0.17 pfn:44dc3
[ 150.198586][ T5893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x44dc3
[ 150.202249][ T5893] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 150.205006][ T5893] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 150.208333][ T5893] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 150.211727][ T5893] page dumped because: page_pool leak
[ 150.213926][ T5893] page_owner tracks the page as allocated
[ 150.216401][ T5893] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5893, tgid 5891 (syz.0.17), ts 149597939041, free_ts 149596253054
[ 150.223286][ T5893] post_alloc_hook+0x240/0x2a0
[ 150.225297][ T5893] get_page_from_freelist+0x21e4/0x22c0
[ 150.227669][ T5893] __alloc_frozen_pages_noprof+0x181/0x370
[ 150.230190][ T5893] alloc_pages_bulk_noprof+0x560/0x710
[ 150.232498][ T5893] __page_pool_alloc_pages_slow+0x127/0x740
[ 150.235408][ T5893] skb_pp_cow_data+0xb47/0x13e0
[ 150.237798][ T5893] do_xdp_generic+0x699/0x11a0
[ 150.239873][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 150.242302][ T5893] __netif_receive_skb+0x72/0x380
[ 150.244478][ T5893] netif_receive_skb+0x1cb/0x790
[ 150.246696][ T5893] tun_rx_batched+0x1b9/0x730
[ 150.248626][ T5893] tun_get_user+0x298e/0x3ce0
[ 150.251483][ T5893] tun_chr_write_iter+0x113/0x200
[ 150.253911][ T5893] vfs_write+0x54b/0xa90
[ 150.256080][ T5893] ksys_write+0x145/0x250
[ 150.257994][ T5893] do_syscall_64+0xfa/0x3b0
[ 150.260024][ T5893] page last free pid 50 tgid 50 stack trace:
[ 150.262766][ T5893] __free_frozen_pages+0xc71/0xe70
[ 150.265096][ T5893] __tlb_remove_table+0x2d2/0x3b0
[ 150.267446][ T5893] tlb_remove_table_rcu+0x85/0x100
[ 150.269661][ T5893] rcu_core+0xca5/0x1710
[ 150.271561][ T5893] handle_softirqs+0x286/0x870
[ 150.273801][ T5893] do_softirq+0xec/0x180
[ 150.275790][ T5893] __local_bh_enable_ip+0x17d/0x1c0
[ 150.278096][ T5893] srcu_invoke_callbacks+0x215/0x450
[ 150.280319][ T5893] process_scheduled_works+0xade/0x17b0
[ 150.282771][ T5893] worker_thread+0x8a0/0xda0
[ 150.284775][ T5893] kthread+0x70e/0x8a0
[ 150.286642][ T5893] ret_from_fork+0x3fc/0x770
[ 150.288650][ T5893] ret_from_fork_asm+0x1a/0x30
[ 150.290738][ T5893] Modules linked in:
[ 150.292471][ T5893] CPU: 0 UID: 0 PID: 5893 Comm: syz.0.17 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 150.292488][ T5893] Tainted: [B]=BAD_PAGE
[ 150.292500][ T5893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 150.292513][ T5893] Call Trace:
[ 150.292596][ T5893]
[ 150.292629][ T5893] dump_stack_lvl+0x189/0x250
[ 150.292672][ T5893] ? __pfx_dump_stack_lvl+0x10/0x10
[ 150.292684][ T5893] ? __pfx_print_modules+0x10/0x10
[ 150.292699][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.292711][ T5893] bad_page+0x180/0x1c0
[ 150.292743][ T5893] __free_frozen_pages+0xe17/0xe70
[ 150.292782][ T5893] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 150.292851][ T5893] bpf_xdp_adjust_tail+0x1d6/0x220
[ 150.292865][ T5893] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 150.292875][ T5893] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 150.292898][ T5893] do_xdp_generic+0x9f7/0x11a0
[ 150.292916][ T5893] ? __pfx_do_xdp_generic+0x10/0x10
[ 150.292930][ T5893] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 150.292947][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 150.292957][ T5893] ? __up_read+0x280/0x680
[ 150.292971][ T5893] ? __pfx___up_read+0x10/0x10
[ 150.292982][ T5893] ? lock_release+0x4b/0x3e0
[ 150.292993][ T5893] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 150.293004][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.293017][ T5893] ? irqentry_exit+0x74/0x90
[ 150.293026][ T5893] ? exc_page_fault+0x9f/0xf0
[ 150.293040][ T5893] ? netif_receive_skb+0x115/0x790
[ 150.293048][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.293059][ T5893] ? lock_acquire+0x5f/0x360
[ 150.293068][ T5893] __netif_receive_skb+0x72/0x380
[ 150.293079][ T5893] ? netif_receive_skb+0x115/0x790
[ 150.293095][ T5893] netif_receive_skb+0x1cb/0x790
[ 150.293103][ T5893] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 150.293114][ T5893] ? __pfx_netif_receive_skb+0x10/0x10
[ 150.293122][ T5893] ? __pfx__copy_from_iter+0x10/0x10
[ 150.293132][ T5893] ? sock_alloc_send_pskb+0x875/0x990
[ 150.293147][ T5893] ? tun_rx_batched+0x160/0x730
[ 150.293158][ T5893] tun_rx_batched+0x1b9/0x730
[ 150.293226][ T5893] ? skb_header_pointer+0x8e/0x120
[ 150.293243][ T5893] ? __pfx_tun_rx_batched+0x10/0x10
[ 150.293253][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 150.293262][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.293273][ T5893] ? lock_acquire+0x5f/0x360
[ 150.293281][ T5893] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 150.293293][ T5893] tun_get_user+0x298e/0x3ce0
[ 150.293304][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 150.293314][ T5893] ? aa_file_perm+0x11f/0xed0
[ 150.293324][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.293334][ T5893] ? lock_release+0x4b/0x3e0
[ 150.293344][ T5893] ? __pfx_tun_get_user+0x10/0x10
[ 150.293354][ T5893] ? aa_file_perm+0x3e7/0xed0
[ 150.293363][ T5893] ? __pfx_preempt_schedule+0x10/0x10
[ 150.293380][ T5893] ? ref_tracker_alloc+0x318/0x460
[ 150.293390][ T5893] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 150.293398][ T5893] ? futex_private_hash_put+0x23a/0x290
[ 150.293412][ T5893] ? tun_get+0x1c/0x2f0
[ 150.293421][ T5893] ? tun_get+0x1c/0x2f0
[ 150.293430][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.293440][ T5893] ? tun_get+0x1c/0x2f0
[ 150.293449][ T5893] ? lock_release+0x4b/0x3e0
[ 150.293459][ T5893] ? tun_get+0x1c/0x2f0
[ 150.293470][ T5893] tun_chr_write_iter+0x113/0x200
[ 150.293481][ T5893] vfs_write+0x54b/0xa90
[ 150.293520][ T5893] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 150.293532][ T5893] ? __pfx_vfs_write+0x10/0x10
[ 150.293546][ T5893] ? __fget_files+0x2a/0x420
[ 150.293560][ T5893] ksys_write+0x145/0x250
[ 150.293571][ T5893] ? __pfx_ksys_write+0x10/0x10
[ 150.293581][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.293592][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.293604][ T5893] do_syscall_64+0xfa/0x3b0
[ 150.293651][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.293663][ T5893] ? clear_bhb_loop+0x60/0xb0
[ 150.293674][ T5893] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.293684][ T5893] RIP: 0033:0x7fca7018d3df
[ 150.293694][ T5893] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 150.293703][ T5893] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 150.293715][ T5893] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 150.293722][ T5893] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 150.293728][ T5893] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 150.293734][ T5893] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 150.293739][ T5893] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 150.293749][ T5893]
[ 150.293814][ T5893] BUG: Bad page state in process syz.0.17 pfn:595ac
[ 150.494262][ T5893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x595ac
[ 150.498852][ T5893] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 150.502121][ T5893] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 150.505846][ T5893] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 150.509506][ T5893] page dumped because: page_pool leak
[ 150.511910][ T5893] page_owner tracks the page as allocated
[ 150.514512][ T5893] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5893, tgid 5891 (syz.0.17), ts 149597932693, free_ts 149596262863
[ 150.522100][ T5893] post_alloc_hook+0x240/0x2a0
[ 150.524188][ T5893] get_page_from_freelist+0x21e4/0x22c0
[ 150.526674][ T5893] __alloc_frozen_pages_noprof+0x181/0x370
[ 150.529249][ T5893] alloc_pages_bulk_noprof+0x560/0x710
[ 150.531561][ T5893] __page_pool_alloc_pages_slow+0x127/0x740
[ 150.534486][ T5893] skb_pp_cow_data+0xb47/0x13e0
[ 150.537353][ T5893] do_xdp_generic+0x699/0x11a0
[ 150.540017][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 150.542737][ T5893] __netif_receive_skb+0x72/0x380
[ 150.545015][ T5893] netif_receive_skb+0x1cb/0x790
[ 150.547349][ T5893] tun_rx_batched+0x1b9/0x730
[ 150.549506][ T5893] tun_get_user+0x298e/0x3ce0
[ 150.551563][ T5893] tun_chr_write_iter+0x113/0x200
[ 150.553837][ T5893] vfs_write+0x54b/0xa90
[ 150.555753][ T5893] ksys_write+0x145/0x250
[ 150.557652][ T5893] do_syscall_64+0xfa/0x3b0
[ 150.559704][ T5893] page last free pid 50 tgid 50 stack trace:
[ 150.562351][ T5893] __free_frozen_pages+0xc71/0xe70
[ 150.564576][ T5893] __tlb_remove_table+0x2d2/0x3b0
[ 150.566889][ T5893] tlb_remove_table_rcu+0x85/0x100
[ 150.569313][ T5893] rcu_core+0xca5/0x1710
[ 150.571168][ T5893] handle_softirqs+0x286/0x870
[ 150.573704][ T5893] do_softirq+0xec/0x180
[ 150.576139][ T5893] __local_bh_enable_ip+0x17d/0x1c0
[ 150.578930][ T5893] srcu_invoke_callbacks+0x215/0x450
[ 150.581384][ T5893] process_scheduled_works+0xade/0x17b0
[ 150.583874][ T5893] worker_thread+0x8a0/0xda0
[ 150.586053][ T5893] kthread+0x70e/0x8a0
[ 150.587941][ T5893] ret_from_fork+0x3fc/0x770
[ 150.590131][ T5893] ret_from_fork_asm+0x1a/0x30
[ 150.592620][ T5893] Modules linked in:
[ 150.594761][ T5893] CPU: 0 UID: 0 PID: 5893 Comm: syz.0.17 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 150.594779][ T5893] Tainted: [B]=BAD_PAGE
[ 150.594783][ T5893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 150.594790][ T5893] Call Trace:
[ 150.594797][ T5893]
[ 150.594804][ T5893] dump_stack_lvl+0x189/0x250
[ 150.594823][ T5893] ? __pfx_dump_stack_lvl+0x10/0x10
[ 150.594835][ T5893] ? __pfx_print_modules+0x10/0x10
[ 150.594850][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.594862][ T5893] bad_page+0x180/0x1c0
[ 150.594875][ T5893] __free_frozen_pages+0xe17/0xe70
[ 150.594890][ T5893] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 150.594911][ T5893] bpf_xdp_adjust_tail+0x1d6/0x220
[ 150.594925][ T5893] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 150.594935][ T5893] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 150.594959][ T5893] do_xdp_generic+0x9f7/0x11a0
[ 150.595004][ T5893] ? __pfx_do_xdp_generic+0x10/0x10
[ 150.595020][ T5893] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 150.595042][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 150.595053][ T5893] ? __up_read+0x280/0x680
[ 150.595069][ T5893] ? __pfx___up_read+0x10/0x10
[ 150.595082][ T5893] ? lock_release+0x4b/0x3e0
[ 150.595095][ T5893] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 150.595107][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.595120][ T5893] ? irqentry_exit+0x74/0x90
[ 150.595130][ T5893] ? exc_page_fault+0x9f/0xf0
[ 150.595148][ T5893] ? netif_receive_skb+0x115/0x790
[ 150.595157][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.595168][ T5893] ? lock_acquire+0x5f/0x360
[ 150.595179][ T5893] __netif_receive_skb+0x72/0x380
[ 150.595190][ T5893] ? netif_receive_skb+0x115/0x790
[ 150.595200][ T5893] netif_receive_skb+0x1cb/0x790
[ 150.595209][ T5893] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 150.595222][ T5893] ? __pfx_netif_receive_skb+0x10/0x10
[ 150.595231][ T5893] ? __pfx__copy_from_iter+0x10/0x10
[ 150.595243][ T5893] ? sock_alloc_send_pskb+0x875/0x990
[ 150.595260][ T5893] ? tun_rx_batched+0x160/0x730
[ 150.595273][ T5893] tun_rx_batched+0x1b9/0x730
[ 150.595285][ T5893] ? skb_header_pointer+0x8e/0x120
[ 150.595316][ T5893] ? __pfx_tun_rx_batched+0x10/0x10
[ 150.595327][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 150.595337][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.595350][ T5893] ? lock_acquire+0x5f/0x360
[ 150.595360][ T5893] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 150.595373][ T5893] tun_get_user+0x298e/0x3ce0
[ 150.595385][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 150.595396][ T5893] ? aa_file_perm+0x11f/0xed0
[ 150.595408][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.595420][ T5893] ? lock_release+0x4b/0x3e0
[ 150.595431][ T5893] ? __pfx_tun_get_user+0x10/0x10
[ 150.595442][ T5893] ? aa_file_perm+0x3e7/0xed0
[ 150.595452][ T5893] ? __pfx_preempt_schedule+0x10/0x10
[ 150.595470][ T5893] ? ref_tracker_alloc+0x318/0x460
[ 150.595482][ T5893] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 150.595491][ T5893] ? futex_private_hash_put+0x23a/0x290
[ 150.595506][ T5893] ? tun_get+0x1c/0x2f0
[ 150.595516][ T5893] ? tun_get+0x1c/0x2f0
[ 150.595526][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.595536][ T5893] ? tun_get+0x1c/0x2f0
[ 150.595546][ T5893] ? lock_release+0x4b/0x3e0
[ 150.595557][ T5893] ? tun_get+0x1c/0x2f0
[ 150.595569][ T5893] tun_chr_write_iter+0x113/0x200
[ 150.595580][ T5893] vfs_write+0x54b/0xa90
[ 150.595596][ T5893] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 150.595607][ T5893] ? __pfx_vfs_write+0x10/0x10
[ 150.595621][ T5893] ? __fget_files+0x2a/0x420
[ 150.595638][ T5893] ksys_write+0x145/0x250
[ 150.595651][ T5893] ? __pfx_ksys_write+0x10/0x10
[ 150.595702][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.595717][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.595730][ T5893] do_syscall_64+0xfa/0x3b0
[ 150.595744][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.595754][ T5893] ? clear_bhb_loop+0x60/0xb0
[ 150.595765][ T5893] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.595776][ T5893] RIP: 0033:0x7fca7018d3df
[ 150.595787][ T5893] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 150.595796][ T5893] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 150.595810][ T5893] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 150.595817][ T5893] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 150.595823][ T5893] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 150.595829][ T5893] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 150.595835][ T5893] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 150.595845][ T5893]
[ 150.794317][ T5893] BUG: Bad page state in process syz.0.17 pfn:56eba
[ 150.797327][ T5893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x56eba
[ 150.801649][ T5893] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 150.804779][ T5893] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 150.808483][ T5893] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 150.812158][ T5893] page dumped because: page_pool leak
[ 150.814506][ T5893] page_owner tracks the page as allocated
[ 150.817033][ T5893] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5893, tgid 5891 (syz.0.17), ts 149597925941, free_ts 149596273027
[ 150.824333][ T5893] post_alloc_hook+0x240/0x2a0
[ 150.826528][ T5893] get_page_from_freelist+0x21e4/0x22c0
[ 150.828916][ T5893] __alloc_frozen_pages_noprof+0x181/0x370
[ 150.831421][ T5893] alloc_pages_bulk_noprof+0x560/0x710
[ 150.833739][ T5893] __page_pool_alloc_pages_slow+0x127/0x740
[ 150.836356][ T5893] skb_pp_cow_data+0xb47/0x13e0
[ 150.838469][ T5893] do_xdp_generic+0x699/0x11a0
[ 150.840606][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 150.843171][ T5893] __netif_receive_skb+0x72/0x380
[ 150.845337][ T5893] netif_receive_skb+0x1cb/0x790
[ 150.847588][ T5893] tun_rx_batched+0x1b9/0x730
[ 150.849678][ T5893] tun_get_user+0x298e/0x3ce0
[ 150.851698][ T5893] tun_chr_write_iter+0x113/0x200
[ 150.854087][ T5893] vfs_write+0x54b/0xa90
[ 150.856104][ T5893] ksys_write+0x145/0x250
[ 150.858003][ T5893] do_syscall_64+0xfa/0x3b0
[ 150.859964][ T5893] page last free pid 50 tgid 50 stack trace:
[ 150.862536][ T5893] __free_frozen_pages+0xc71/0xe70
[ 150.864782][ T5893] __tlb_remove_table+0x2d2/0x3b0
[ 150.867048][ T5893] tlb_remove_table_rcu+0x85/0x100
[ 150.869449][ T5893] rcu_core+0xca5/0x1710
[ 150.871352][ T5893] handle_softirqs+0x286/0x870
[ 150.873749][ T5893] do_softirq+0xec/0x180
[ 150.875599][ T5893] __local_bh_enable_ip+0x17d/0x1c0
[ 150.878026][ T5893] srcu_invoke_callbacks+0x215/0x450
[ 150.880322][ T5893] process_scheduled_works+0xade/0x17b0
[ 150.882714][ T5893] worker_thread+0x8a0/0xda0
[ 150.884711][ T5893] kthread+0x70e/0x8a0
[ 150.886605][ T5893] ret_from_fork+0x3fc/0x770
[ 150.888671][ T5893] ret_from_fork_asm+0x1a/0x30
[ 150.890799][ T5893] Modules linked in:
[ 150.892618][ T5893] CPU: 0 UID: 0 PID: 5893 Comm: syz.0.17 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 150.892636][ T5893] Tainted: [B]=BAD_PAGE
[ 150.892640][ T5893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 150.892647][ T5893] Call Trace:
[ 150.892654][ T5893]
[ 150.892661][ T5893] dump_stack_lvl+0x189/0x250
[ 150.892676][ T5893] ? __pfx_dump_stack_lvl+0x10/0x10
[ 150.892687][ T5893] ? __pfx_print_modules+0x10/0x10
[ 150.892702][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.892715][ T5893] bad_page+0x180/0x1c0
[ 150.892728][ T5893] __free_frozen_pages+0xe17/0xe70
[ 150.892767][ T5893] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 150.892790][ T5893] bpf_xdp_adjust_tail+0x1d6/0x220
[ 150.892804][ T5893] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 150.892814][ T5893] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 150.892837][ T5893] do_xdp_generic+0x9f7/0x11a0
[ 150.892855][ T5893] ? __pfx_do_xdp_generic+0x10/0x10
[ 150.892869][ T5893] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 150.892890][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 150.892902][ T5893] ? __up_read+0x280/0x680
[ 150.892916][ T5893] ? __pfx___up_read+0x10/0x10
[ 150.892928][ T5893] ? lock_release+0x4b/0x3e0
[ 150.892940][ T5893] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 150.892952][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.892964][ T5893] ? irqentry_exit+0x74/0x90
[ 150.892982][ T5893] ? exc_page_fault+0x9f/0xf0
[ 150.892999][ T5893] ? netif_receive_skb+0x115/0x790
[ 150.893007][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.893018][ T5893] ? lock_acquire+0x5f/0x360
[ 150.893028][ T5893] __netif_receive_skb+0x72/0x380
[ 150.893038][ T5893] ? netif_receive_skb+0x115/0x790
[ 150.893048][ T5893] netif_receive_skb+0x1cb/0x790
[ 150.893057][ T5893] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 150.893068][ T5893] ? __pfx_netif_receive_skb+0x10/0x10
[ 150.893077][ T5893] ? __pfx__copy_from_iter+0x10/0x10
[ 150.893086][ T5893] ? sock_alloc_send_pskb+0x875/0x990
[ 150.893102][ T5893] ? tun_rx_batched+0x160/0x730
[ 150.893115][ T5893] tun_rx_batched+0x1b9/0x730
[ 150.893125][ T5893] ? skb_header_pointer+0x8e/0x120
[ 150.893141][ T5893] ? __pfx_tun_rx_batched+0x10/0x10
[ 150.893151][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 150.893161][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.893172][ T5893] ? lock_acquire+0x5f/0x360
[ 150.893181][ T5893] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 150.893194][ T5893] tun_get_user+0x298e/0x3ce0
[ 150.893206][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 150.893217][ T5893] ? aa_file_perm+0x11f/0xed0
[ 150.893228][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.893239][ T5893] ? lock_release+0x4b/0x3e0
[ 150.893250][ T5893] ? __pfx_tun_get_user+0x10/0x10
[ 150.893260][ T5893] ? aa_file_perm+0x3e7/0xed0
[ 150.893270][ T5893] ? __pfx_preempt_schedule+0x10/0x10
[ 150.893287][ T5893] ? ref_tracker_alloc+0x318/0x460
[ 150.893298][ T5893] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 150.893306][ T5893] ? futex_private_hash_put+0x23a/0x290
[ 150.893320][ T5893] ? tun_get+0x1c/0x2f0
[ 150.893330][ T5893] ? tun_get+0x1c/0x2f0
[ 150.893340][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.893350][ T5893] ? tun_get+0x1c/0x2f0
[ 150.893359][ T5893] ? lock_release+0x4b/0x3e0
[ 150.893369][ T5893] ? tun_get+0x1c/0x2f0
[ 150.893381][ T5893] tun_chr_write_iter+0x113/0x200
[ 150.893393][ T5893] vfs_write+0x54b/0xa90
[ 150.893406][ T5893] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 150.893417][ T5893] ? __pfx_vfs_write+0x10/0x10
[ 150.893431][ T5893] ? __fget_files+0x2a/0x420
[ 150.893444][ T5893] ksys_write+0x145/0x250
[ 150.893456][ T5893] ? __pfx_ksys_write+0x10/0x10
[ 150.893467][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.893479][ T5893] ? rcu_is_watching+0x15/0xb0
[ 150.893491][ T5893] do_syscall_64+0xfa/0x3b0
[ 150.893503][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.893514][ T5893] ? clear_bhb_loop+0x60/0xb0
[ 150.893525][ T5893] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.893535][ T5893] RIP: 0033:0x7fca7018d3df
[ 150.893545][ T5893] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 150.893555][ T5893] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 150.893567][ T5893] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 150.893574][ T5893] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 150.893581][ T5893] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 150.893587][ T5893] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 150.893594][ T5893] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 150.893604][ T5893]
[ 150.893613][ T5893] BUG: Bad page state in process syz.0.17 pfn:4f922
[ 151.096208][ T5893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804f922e00 pfn:0x4f922
[ 151.100315][ T5893] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 151.103392][ T5893] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 151.107146][ T5893] raw: ffff88804f922e00 0000000000000001 00000000ffffffff 0000000000000000
[ 151.110872][ T5893] page dumped because: page_pool leak
[ 151.113272][ T5893] page_owner tracks the page as allocated
[ 151.115751][ T5893] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5893, tgid 5891 (syz.0.17), ts 149597919083, free_ts 149596279067
[ 151.122735][ T5893] post_alloc_hook+0x240/0x2a0
[ 151.125003][ T5893] get_page_from_freelist+0x21e4/0x22c0
[ 151.127478][ T5893] __alloc_frozen_pages_noprof+0x181/0x370
[ 151.130041][ T5893] alloc_pages_bulk_noprof+0x560/0x710
[ 151.132349][ T5893] __page_pool_alloc_pages_slow+0x127/0x740
[ 151.134915][ T5893] skb_pp_cow_data+0xb47/0x13e0
[ 151.137119][ T5893] do_xdp_generic+0x699/0x11a0
[ 151.139277][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 151.141813][ T5893] __netif_receive_skb+0x72/0x380
[ 151.144192][ T5893] netif_receive_skb+0x1cb/0x790
[ 151.146363][ T5893] tun_rx_batched+0x1b9/0x730
[ 151.148425][ T5893] tun_get_user+0x298e/0x3ce0
[ 151.150454][ T5893] tun_chr_write_iter+0x113/0x200
[ 151.152647][ T5893] vfs_write+0x54b/0xa90
[ 151.154471][ T5893] ksys_write+0x145/0x250
[ 151.156544][ T5893] do_syscall_64+0xfa/0x3b0
[ 151.158507][ T5893] page last free pid 50 tgid 50 stack trace:
[ 151.160908][ T5893] __free_frozen_pages+0xc71/0xe70
[ 151.163066][ T5893] __tlb_remove_table+0x2d2/0x3b0
[ 151.165300][ T5893] tlb_remove_table_rcu+0x85/0x100
[ 151.167637][ T5893] rcu_core+0xca5/0x1710
[ 151.169722][ T5893] handle_softirqs+0x286/0x870
[ 151.171848][ T5893] do_softirq+0xec/0x180
[ 151.173511][ T5893] __local_bh_enable_ip+0x17d/0x1c0
[ 151.175883][ T5893] srcu_invoke_callbacks+0x215/0x450
[ 151.178095][ T5893] process_scheduled_works+0xade/0x17b0
[ 151.180371][ T5893] worker_thread+0x8a0/0xda0
[ 151.182354][ T5893] kthread+0x70e/0x8a0
[ 151.184042][ T5893] ret_from_fork+0x3fc/0x770
[ 151.186011][ T5893] ret_from_fork_asm+0x1a/0x30
[ 151.188067][ T5893] Modules linked in:
[ 151.189823][ T5893] CPU: 0 UID: 0 PID: 5893 Comm: syz.0.17 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 151.189840][ T5893] Tainted: [B]=BAD_PAGE
[ 151.189843][ T5893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 151.189850][ T5893] Call Trace:
[ 151.189856][ T5893]
[ 151.189862][ T5893] dump_stack_lvl+0x189/0x250
[ 151.189877][ T5893] ? __pfx_dump_stack_lvl+0x10/0x10
[ 151.189889][ T5893] ? __pfx_print_modules+0x10/0x10
[ 151.189903][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 151.189914][ T5893] bad_page+0x180/0x1c0
[ 151.189926][ T5893] __free_frozen_pages+0xe17/0xe70
[ 151.189940][ T5893] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 151.189959][ T5893] bpf_xdp_adjust_tail+0x1d6/0x220
[ 151.189972][ T5893] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 151.189981][ T5893] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 151.190002][ T5893] do_xdp_generic+0x9f7/0x11a0
[ 151.190025][ T5893] ? __pfx_do_xdp_generic+0x10/0x10
[ 151.190039][ T5893] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 151.190060][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 151.190072][ T5893] ? __up_read+0x280/0x680
[ 151.190085][ T5893] ? __pfx___up_read+0x10/0x10
[ 151.190096][ T5893] ? lock_release+0x4b/0x3e0
[ 151.190107][ T5893] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 151.190118][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.190130][ T5893] ? irqentry_exit+0x74/0x90
[ 151.190139][ T5893] ? exc_page_fault+0x9f/0xf0
[ 151.190153][ T5893] ? netif_receive_skb+0x115/0x790
[ 151.190162][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.190172][ T5893] ? lock_acquire+0x5f/0x360
[ 151.190181][ T5893] __netif_receive_skb+0x72/0x380
[ 151.190191][ T5893] ? netif_receive_skb+0x115/0x790
[ 151.190200][ T5893] netif_receive_skb+0x1cb/0x790
[ 151.190209][ T5893] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 151.190221][ T5893] ? __pfx_netif_receive_skb+0x10/0x10
[ 151.190229][ T5893] ? __pfx__copy_from_iter+0x10/0x10
[ 151.190239][ T5893] ? sock_alloc_send_pskb+0x875/0x990
[ 151.190253][ T5893] ? tun_rx_batched+0x160/0x730
[ 151.190265][ T5893] tun_rx_batched+0x1b9/0x730
[ 151.190275][ T5893] ? skb_header_pointer+0x8e/0x120
[ 151.190289][ T5893] ? __pfx_tun_rx_batched+0x10/0x10
[ 151.190299][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 151.190309][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.190319][ T5893] ? lock_acquire+0x5f/0x360
[ 151.190328][ T5893] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 151.190341][ T5893] tun_get_user+0x298e/0x3ce0
[ 151.190351][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 151.190361][ T5893] ? aa_file_perm+0x11f/0xed0
[ 151.190371][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.190381][ T5893] ? lock_release+0x4b/0x3e0
[ 151.190391][ T5893] ? __pfx_tun_get_user+0x10/0x10
[ 151.190401][ T5893] ? aa_file_perm+0x3e7/0xed0
[ 151.190410][ T5893] ? __pfx_preempt_schedule+0x10/0x10
[ 151.190426][ T5893] ? ref_tracker_alloc+0x318/0x460
[ 151.190436][ T5893] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 151.190445][ T5893] ? futex_private_hash_put+0x23a/0x290
[ 151.190457][ T5893] ? tun_get+0x1c/0x2f0
[ 151.190467][ T5893] ? tun_get+0x1c/0x2f0
[ 151.190476][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.190486][ T5893] ? tun_get+0x1c/0x2f0
[ 151.190496][ T5893] ? lock_release+0x4b/0x3e0
[ 151.190506][ T5893] ? tun_get+0x1c/0x2f0
[ 151.190516][ T5893] tun_chr_write_iter+0x113/0x200
[ 151.190527][ T5893] vfs_write+0x54b/0xa90
[ 151.190539][ T5893] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 151.190550][ T5893] ? __pfx_vfs_write+0x10/0x10
[ 151.190563][ T5893] ? __fget_files+0x2a/0x420
[ 151.190578][ T5893] ksys_write+0x145/0x250
[ 151.190589][ T5893] ? __pfx_ksys_write+0x10/0x10
[ 151.190598][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.190610][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.190622][ T5893] do_syscall_64+0xfa/0x3b0
[ 151.190633][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 151.190642][ T5893] ? clear_bhb_loop+0x60/0xb0
[ 151.190653][ T5893] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 151.190662][ T5893] RIP: 0033:0x7fca7018d3df
[ 151.190670][ T5893] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 151.190675][ T5893] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 151.190684][ T5893] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 151.190688][ T5893] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 151.190692][ T5893] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 151.190698][ T5893] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 151.190704][ T5893] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 151.190713][ T5893]
[ 151.190721][ T5893] BUG: Bad page state in process syz.0.17 pfn:4f7a9
[ 151.390438][ T5893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804f7a9e00 pfn:0x4f7a9
[ 151.395013][ T5893] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 151.398300][ T5893] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 151.402014][ T5893] raw: ffff88804f7a9e00 0000000000000001 00000000ffffffff 0000000000000000
[ 151.405652][ T5893] page dumped because: page_pool leak
[ 151.408074][ T5893] page_owner tracks the page as allocated
[ 151.410575][ T5893] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5893, tgid 5891 (syz.0.17), ts 149597906201, free_ts 149596284432
[ 151.417784][ T5893] post_alloc_hook+0x240/0x2a0
[ 151.419905][ T5893] get_page_from_freelist+0x21e4/0x22c0
[ 151.422383][ T5893] __alloc_frozen_pages_noprof+0x181/0x370
[ 151.424965][ T5893] alloc_pages_bulk_noprof+0x560/0x710
[ 151.427423][ T5893] __page_pool_alloc_pages_slow+0x127/0x740
[ 151.429949][ T5893] skb_pp_cow_data+0xb47/0x13e0
[ 151.432103][ T5893] do_xdp_generic+0x699/0x11a0
[ 151.434310][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 151.437017][ T5893] __netif_receive_skb+0x72/0x380
[ 151.439188][ T5893] netif_receive_skb+0x1cb/0x790
[ 151.441320][ T5893] tun_rx_batched+0x1b9/0x730
[ 151.443351][ T5893] tun_get_user+0x298e/0x3ce0
[ 151.445412][ T5893] tun_chr_write_iter+0x113/0x200
[ 151.447696][ T5893] vfs_write+0x54b/0xa90
[ 151.449523][ T5893] ksys_write+0x145/0x250
[ 151.451406][ T5893] do_syscall_64+0xfa/0x3b0
[ 151.453436][ T5893] page last free pid 50 tgid 50 stack trace:
[ 151.456094][ T5893] __free_frozen_pages+0xc71/0xe70
[ 151.458288][ T5893] rcu_core+0xca5/0x1710
[ 151.460101][ T5893] handle_softirqs+0x286/0x870
[ 151.462172][ T5893] do_softirq+0xec/0x180
[ 151.464257][ T5893] __local_bh_enable_ip+0x17d/0x1c0
[ 151.466702][ T5893] srcu_invoke_callbacks+0x215/0x450
[ 151.469167][ T5893] process_scheduled_works+0xade/0x17b0
[ 151.471631][ T5893] worker_thread+0x8a0/0xda0
[ 151.473659][ T5893] kthread+0x70e/0x8a0
[ 151.475430][ T5893] ret_from_fork+0x3fc/0x770
[ 151.477566][ T5893] ret_from_fork_asm+0x1a/0x30
[ 151.479658][ T5893] Modules linked in:
[ 151.481383][ T5893] CPU: 0 UID: 0 PID: 5893 Comm: syz.0.17 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 151.481400][ T5893] Tainted: [B]=BAD_PAGE
[ 151.481445][ T5893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 151.481455][ T5893] Call Trace:
[ 151.481500][ T5893]
[ 151.481513][ T5893] dump_stack_lvl+0x189/0x250
[ 151.481539][ T5893] ? __pfx_dump_stack_lvl+0x10/0x10
[ 151.481552][ T5893] ? __pfx_print_modules+0x10/0x10
[ 151.481568][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 151.481583][ T5893] bad_page+0x180/0x1c0
[ 151.481600][ T5893] __free_frozen_pages+0xe17/0xe70
[ 151.481619][ T5893] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 151.481651][ T5893] bpf_xdp_adjust_tail+0x1d6/0x220
[ 151.481667][ T5893] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 151.481679][ T5893] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 151.481703][ T5893] do_xdp_generic+0x9f7/0x11a0
[ 151.481723][ T5893] ? __pfx_do_xdp_generic+0x10/0x10
[ 151.481739][ T5893] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 151.481761][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 151.481775][ T5893] ? __up_read+0x280/0x680
[ 151.481790][ T5893] ? __pfx___up_read+0x10/0x10
[ 151.481803][ T5893] ? lock_release+0x4b/0x3e0
[ 151.481817][ T5893] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 151.481830][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.481843][ T5893] ? irqentry_exit+0x74/0x90
[ 151.481854][ T5893] ? exc_page_fault+0x9f/0xf0
[ 151.481870][ T5893] ? netif_receive_skb+0x115/0x790
[ 151.481879][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.481891][ T5893] ? lock_acquire+0x5f/0x360
[ 151.481901][ T5893] __netif_receive_skb+0x72/0x380
[ 151.481914][ T5893] ? netif_receive_skb+0x115/0x790
[ 151.481923][ T5893] netif_receive_skb+0x1cb/0x790
[ 151.481934][ T5893] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 151.481947][ T5893] ? __pfx_netif_receive_skb+0x10/0x10
[ 151.481958][ T5893] ? __pfx__copy_from_iter+0x10/0x10
[ 151.481970][ T5893] ? sock_alloc_send_pskb+0x875/0x990
[ 151.481987][ T5893] ? tun_rx_batched+0x160/0x730
[ 151.482006][ T5893] tun_rx_batched+0x1b9/0x730
[ 151.482024][ T5893] ? skb_header_pointer+0x8e/0x120
[ 151.482040][ T5893] ? __pfx_tun_rx_batched+0x10/0x10
[ 151.482052][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 151.482062][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.482073][ T5893] ? lock_acquire+0x5f/0x360
[ 151.482083][ T5893] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 151.482097][ T5893] tun_get_user+0x298e/0x3ce0
[ 151.482110][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 151.482121][ T5893] ? aa_file_perm+0x11f/0xed0
[ 151.482132][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.482144][ T5893] ? lock_release+0x4b/0x3e0
[ 151.482155][ T5893] ? __pfx_tun_get_user+0x10/0x10
[ 151.482165][ T5893] ? aa_file_perm+0x3e7/0xed0
[ 151.482175][ T5893] ? __pfx_preempt_schedule+0x10/0x10
[ 151.482193][ T5893] ? ref_tracker_alloc+0x318/0x460
[ 151.482204][ T5893] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 151.482213][ T5893] ? futex_private_hash_put+0x23a/0x290
[ 151.482227][ T5893] ? tun_get+0x1c/0x2f0
[ 151.482238][ T5893] ? tun_get+0x1c/0x2f0
[ 151.482246][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.482256][ T5893] ? tun_get+0x1c/0x2f0
[ 151.482266][ T5893] ? lock_release+0x4b/0x3e0
[ 151.482276][ T5893] ? tun_get+0x1c/0x2f0
[ 151.482286][ T5893] tun_chr_write_iter+0x113/0x200
[ 151.482297][ T5893] vfs_write+0x54b/0xa90
[ 151.482316][ T5893] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 151.482326][ T5893] ? __pfx_vfs_write+0x10/0x10
[ 151.482340][ T5893] ? __fget_files+0x2a/0x420
[ 151.482356][ T5893] ksys_write+0x145/0x250
[ 151.482369][ T5893] ? __pfx_ksys_write+0x10/0x10
[ 151.482379][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.482391][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.482404][ T5893] do_syscall_64+0xfa/0x3b0
[ 151.482464][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 151.482477][ T5893] ? clear_bhb_loop+0x60/0xb0
[ 151.482488][ T5893] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 151.482498][ T5893] RIP: 0033:0x7fca7018d3df
[ 151.482509][ T5893] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 151.482518][ T5893] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 151.482532][ T5893] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 151.482539][ T5893] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 151.482546][ T5893] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 151.482552][ T5893] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 151.482559][ T5893] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 151.482570][ T5893]
[ 151.482594][ T5893] BUG: Bad page state in process syz.0.17 pfn:4fee3
[ 151.681975][ T5893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804fee3640 pfn:0x4fee3
[ 151.686543][ T5893] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 151.689682][ T5893] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 151.693378][ T5893] raw: ffff88804fee3640 0000000000000001 00000000ffffffff 0000000000000000
[ 151.697198][ T5893] page dumped because: page_pool leak
[ 151.699529][ T5893] page_owner tracks the page as allocated
[ 151.702012][ T5893] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5893, tgid 5891 (syz.0.17), ts 149597900466, free_ts 149596791012
[ 151.709222][ T5893] post_alloc_hook+0x240/0x2a0
[ 151.711342][ T5893] get_page_from_freelist+0x21e4/0x22c0
[ 151.713814][ T5893] __alloc_frozen_pages_noprof+0x181/0x370
[ 151.716420][ T5893] alloc_pages_bulk_noprof+0x560/0x710
[ 151.718816][ T5893] __page_pool_alloc_pages_slow+0x127/0x740
[ 151.721504][ T5893] skb_pp_cow_data+0xb47/0x13e0
[ 151.723628][ T5893] do_xdp_generic+0x699/0x11a0
[ 151.725902][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 151.728398][ T5893] __netif_receive_skb+0x72/0x380
[ 151.730592][ T5893] netif_receive_skb+0x1cb/0x790
[ 151.732757][ T5893] tun_rx_batched+0x1b9/0x730
[ 151.734848][ T5893] tun_get_user+0x298e/0x3ce0
[ 151.737071][ T5893] tun_chr_write_iter+0x113/0x200
[ 151.739294][ T5893] vfs_write+0x54b/0xa90
[ 151.741170][ T5893] ksys_write+0x145/0x250
[ 151.743070][ T5893] do_syscall_64+0xfa/0x3b0
[ 151.745063][ T5893] page last free pid 50 tgid 50 stack trace:
[ 151.747721][ T5893] __free_frozen_pages+0xc71/0xe70
[ 151.749962][ T5893] rcu_core+0xca5/0x1710
[ 151.751848][ T5893] handle_softirqs+0x286/0x870
[ 151.754000][ T5893] do_softirq+0xec/0x180
[ 151.756047][ T5893] __local_bh_enable_ip+0x17d/0x1c0
[ 151.758358][ T5893] srcu_invoke_callbacks+0x215/0x450
[ 151.760663][ T5893] process_scheduled_works+0xade/0x17b0
[ 151.763104][ T5893] worker_thread+0x8a0/0xda0
[ 151.765279][ T5893] kthread+0x70e/0x8a0
[ 151.767284][ T5893] ret_from_fork+0x3fc/0x770
[ 151.769378][ T5893] ret_from_fork_asm+0x1a/0x30
[ 151.771518][ T5893] Modules linked in:
[ 151.773342][ T5893] CPU: 0 UID: 0 PID: 5893 Comm: syz.0.17 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 151.773360][ T5893] Tainted: [B]=BAD_PAGE
[ 151.773363][ T5893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 151.773371][ T5893] Call Trace:
[ 151.773378][ T5893]
[ 151.773384][ T5893] dump_stack_lvl+0x189/0x250
[ 151.773401][ T5893] ? __pfx_dump_stack_lvl+0x10/0x10
[ 151.773414][ T5893] ? __pfx_print_modules+0x10/0x10
[ 151.773429][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 151.773443][ T5893] bad_page+0x180/0x1c0
[ 151.773455][ T5893] __free_frozen_pages+0xe17/0xe70
[ 151.773473][ T5893] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 151.773494][ T5893] bpf_xdp_adjust_tail+0x1d6/0x220
[ 151.773509][ T5893] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 151.773520][ T5893] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 151.773545][ T5893] do_xdp_generic+0x9f7/0x11a0
[ 151.773564][ T5893] ? __pfx_do_xdp_generic+0x10/0x10
[ 151.773579][ T5893] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 151.773602][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 151.773614][ T5893] ? __up_read+0x280/0x680
[ 151.773630][ T5893] ? __pfx___up_read+0x10/0x10
[ 151.773643][ T5893] ? lock_release+0x4b/0x3e0
[ 151.773656][ T5893] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 151.773669][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.773683][ T5893] ? irqentry_exit+0x74/0x90
[ 151.773694][ T5893] ? exc_page_fault+0x9f/0xf0
[ 151.773711][ T5893] ? netif_receive_skb+0x115/0x790
[ 151.773721][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.773732][ T5893] ? lock_acquire+0x5f/0x360
[ 151.773743][ T5893] __netif_receive_skb+0x72/0x380
[ 151.773755][ T5893] ? netif_receive_skb+0x115/0x790
[ 151.773765][ T5893] netif_receive_skb+0x1cb/0x790
[ 151.773775][ T5893] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 151.773788][ T5893] ? __pfx_netif_receive_skb+0x10/0x10
[ 151.773798][ T5893] ? __pfx__copy_from_iter+0x10/0x10
[ 151.773810][ T5893] ? sock_alloc_send_pskb+0x875/0x990
[ 151.773826][ T5893] ? tun_rx_batched+0x160/0x730
[ 151.773839][ T5893] tun_rx_batched+0x1b9/0x730
[ 151.773851][ T5893] ? skb_header_pointer+0x8e/0x120
[ 151.773868][ T5893] ? __pfx_tun_rx_batched+0x10/0x10
[ 151.773880][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 151.773891][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.773903][ T5893] ? lock_acquire+0x5f/0x360
[ 151.773912][ T5893] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 151.773927][ T5893] tun_get_user+0x298e/0x3ce0
[ 151.773940][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 151.773951][ T5893] ? aa_file_perm+0x11f/0xed0
[ 151.773963][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.773975][ T5893] ? lock_release+0x4b/0x3e0
[ 151.773987][ T5893] ? __pfx_tun_get_user+0x10/0x10
[ 151.773998][ T5893] ? aa_file_perm+0x3e7/0xed0
[ 151.774008][ T5893] ? __pfx_preempt_schedule+0x10/0x10
[ 151.774035][ T5893] ? ref_tracker_alloc+0x318/0x460
[ 151.774047][ T5893] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 151.774056][ T5893] ? futex_private_hash_put+0x23a/0x290
[ 151.774071][ T5893] ? tun_get+0x1c/0x2f0
[ 151.774081][ T5893] ? tun_get+0x1c/0x2f0
[ 151.774092][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.774103][ T5893] ? tun_get+0x1c/0x2f0
[ 151.774113][ T5893] ? lock_release+0x4b/0x3e0
[ 151.774124][ T5893] ? tun_get+0x1c/0x2f0
[ 151.774136][ T5893] tun_chr_write_iter+0x113/0x200
[ 151.774149][ T5893] vfs_write+0x54b/0xa90
[ 151.774163][ T5893] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 151.774175][ T5893] ? __pfx_vfs_write+0x10/0x10
[ 151.774189][ T5893] ? __fget_files+0x2a/0x420
[ 151.774206][ T5893] ksys_write+0x145/0x250
[ 151.774220][ T5893] ? __pfx_ksys_write+0x10/0x10
[ 151.774231][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.774244][ T5893] ? rcu_is_watching+0x15/0xb0
[ 151.774257][ T5893] do_syscall_64+0xfa/0x3b0
[ 151.774269][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 151.774278][ T5893] ? clear_bhb_loop+0x60/0xb0
[ 151.774290][ T5893] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 151.774301][ T5893] RIP: 0033:0x7fca7018d3df
[ 151.774311][ T5893] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 151.774320][ T5893] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 151.774332][ T5893] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 151.774340][ T5893] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 151.774347][ T5893] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 151.774354][ T5893] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 151.774361][ T5893] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 151.774373][ T5893]
[ 151.774381][ T5893] BUG: Bad page state in process syz.0.17 pfn:59524
[ 151.977956][ T5893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888059524140 pfn:0x59524
[ 151.982238][ T5893] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 151.985326][ T5893] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 151.989036][ T5893] raw: ffff888059524140 0000000000000001 00000000ffffffff 0000000000000000
[ 151.992696][ T5893] page dumped because: page_pool leak
[ 151.995064][ T5893] page_owner tracks the page as allocated
[ 151.997628][ T5893] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5893, tgid 5891 (syz.0.17), ts 149597894864, free_ts 149596803590
[ 152.004717][ T5893] post_alloc_hook+0x240/0x2a0
[ 152.006941][ T5893] get_page_from_freelist+0x21e4/0x22c0
[ 152.009349][ T5893] __alloc_frozen_pages_noprof+0x181/0x370
[ 152.011821][ T5893] alloc_pages_bulk_noprof+0x560/0x710
[ 152.014164][ T5893] __page_pool_alloc_pages_slow+0x127/0x740
[ 152.016757][ T5893] skb_pp_cow_data+0xb47/0x13e0
[ 152.018846][ T5893] do_xdp_generic+0x699/0x11a0
[ 152.020921][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 152.023419][ T5893] __netif_receive_skb+0x72/0x380
[ 152.025611][ T5893] netif_receive_skb+0x1cb/0x790
[ 152.027776][ T5893] tun_rx_batched+0x1b9/0x730
[ 152.029812][ T5893] tun_get_user+0x298e/0x3ce0
[ 152.031814][ T5893] tun_chr_write_iter+0x113/0x200
[ 152.034044][ T5893] vfs_write+0x54b/0xa90
[ 152.036044][ T5893] ksys_write+0x145/0x250
[ 152.037931][ T5893] do_syscall_64+0xfa/0x3b0
[ 152.039940][ T5893] page last free pid 50 tgid 50 stack trace:
[ 152.042498][ T5893] __free_frozen_pages+0xc71/0xe70
[ 152.044712][ T5893] rcu_core+0xca5/0x1710
[ 152.046684][ T5893] handle_softirqs+0x286/0x870
[ 152.048769][ T5893] do_softirq+0xec/0x180
[ 152.050607][ T5893] __local_bh_enable_ip+0x17d/0x1c0
[ 152.052814][ T5893] srcu_invoke_callbacks+0x215/0x450
[ 152.055087][ T5893] process_scheduled_works+0xade/0x17b0
[ 152.057609][ T5893] worker_thread+0x8a0/0xda0
[ 152.059586][ T5893] kthread+0x70e/0x8a0
[ 152.061357][ T5893] ret_from_fork+0x3fc/0x770
[ 152.063389][ T5893] ret_from_fork_asm+0x1a/0x30
[ 152.065485][ T5893] Modules linked in:
[ 152.067254][ T5893] CPU: 0 UID: 0 PID: 5893 Comm: syz.0.17 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 152.067269][ T5893] Tainted: [B]=BAD_PAGE
[ 152.067273][ T5893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 152.067279][ T5893] Call Trace:
[ 152.067286][ T5893]
[ 152.067292][ T5893] dump_stack_lvl+0x189/0x250
[ 152.067308][ T5893] ? __pfx_dump_stack_lvl+0x10/0x10
[ 152.067320][ T5893] ? __pfx_print_modules+0x10/0x10
[ 152.067335][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 152.067347][ T5893] bad_page+0x180/0x1c0
[ 152.067359][ T5893] __free_frozen_pages+0xe17/0xe70
[ 152.067374][ T5893] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 152.067395][ T5893] bpf_xdp_adjust_tail+0x1d6/0x220
[ 152.067410][ T5893] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 152.067420][ T5893] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 152.067443][ T5893] do_xdp_generic+0x9f7/0x11a0
[ 152.067460][ T5893] ? __pfx_do_xdp_generic+0x10/0x10
[ 152.067473][ T5893] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 152.067493][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 152.067506][ T5893] ? __up_read+0x280/0x680
[ 152.067521][ T5893] ? __pfx___up_read+0x10/0x10
[ 152.067534][ T5893] ? lock_release+0x4b/0x3e0
[ 152.067547][ T5893] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 152.067558][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.067570][ T5893] ? irqentry_exit+0x74/0x90
[ 152.067580][ T5893] ? exc_page_fault+0x9f/0xf0
[ 152.067597][ T5893] ? netif_receive_skb+0x115/0x790
[ 152.067606][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.067617][ T5893] ? lock_acquire+0x5f/0x360
[ 152.067628][ T5893] __netif_receive_skb+0x72/0x380
[ 152.067640][ T5893] ? netif_receive_skb+0x115/0x790
[ 152.067650][ T5893] netif_receive_skb+0x1cb/0x790
[ 152.067659][ T5893] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 152.067672][ T5893] ? __pfx_netif_receive_skb+0x10/0x10
[ 152.067682][ T5893] ? __pfx__copy_from_iter+0x10/0x10
[ 152.067693][ T5893] ? sock_alloc_send_pskb+0x875/0x990
[ 152.067709][ T5893] ? tun_rx_batched+0x160/0x730
[ 152.067722][ T5893] tun_rx_batched+0x1b9/0x730
[ 152.067732][ T5893] ? skb_header_pointer+0x8e/0x120
[ 152.067750][ T5893] ? __pfx_tun_rx_batched+0x10/0x10
[ 152.067761][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 152.067772][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.067784][ T5893] ? lock_acquire+0x5f/0x360
[ 152.067794][ T5893] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 152.067810][ T5893] tun_get_user+0x298e/0x3ce0
[ 152.067822][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 152.067833][ T5893] ? aa_file_perm+0x11f/0xed0
[ 152.067848][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.067860][ T5893] ? lock_release+0x4b/0x3e0
[ 152.067871][ T5893] ? __pfx_tun_get_user+0x10/0x10
[ 152.067883][ T5893] ? aa_file_perm+0x3e7/0xed0
[ 152.067892][ T5893] ? __pfx_preempt_schedule+0x10/0x10
[ 152.067911][ T5893] ? ref_tracker_alloc+0x318/0x460
[ 152.067922][ T5893] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 152.067931][ T5893] ? futex_private_hash_put+0x23a/0x290
[ 152.067946][ T5893] ? tun_get+0x1c/0x2f0
[ 152.067956][ T5893] ? tun_get+0x1c/0x2f0
[ 152.067966][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.067977][ T5893] ? tun_get+0x1c/0x2f0
[ 152.067988][ T5893] ? lock_release+0x4b/0x3e0
[ 152.067999][ T5893] ? tun_get+0x1c/0x2f0
[ 152.068011][ T5893] tun_chr_write_iter+0x113/0x200
[ 152.068030][ T5893] vfs_write+0x54b/0xa90
[ 152.068045][ T5893] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 152.068056][ T5893] ? __pfx_vfs_write+0x10/0x10
[ 152.068071][ T5893] ? __fget_files+0x2a/0x420
[ 152.068088][ T5893] ksys_write+0x145/0x250
[ 152.068101][ T5893] ? __pfx_ksys_write+0x10/0x10
[ 152.068112][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.068126][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.068138][ T5893] do_syscall_64+0xfa/0x3b0
[ 152.068150][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 152.068161][ T5893] ? clear_bhb_loop+0x60/0xb0
[ 152.068173][ T5893] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 152.068183][ T5893] RIP: 0033:0x7fca7018d3df
[ 152.068194][ T5893] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 152.068204][ T5893] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 152.068217][ T5893] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 152.068225][ T5893] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 152.068232][ T5893] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 152.068239][ T5893] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 152.068246][ T5893] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 152.068258][ T5893]
[ 152.068265][ T5893] BUG: Bad page state in process syz.0.17 pfn:402ff
[ 152.267281][ T5893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880402ff640 pfn:0x402ff
[ 152.271511][ T5893] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 152.274449][ T5893] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 152.278038][ T5893] raw: ffff8880402ff640 0000000000000001 00000000ffffffff 0000000000000000
[ 152.281582][ T5893] page dumped because: page_pool leak
[ 152.283948][ T5893] page_owner tracks the page as allocated
[ 152.286373][ T5893] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5893, tgid 5891 (syz.0.17), ts 149597888005, free_ts 149596880961
[ 152.293005][ T5893] post_alloc_hook+0x240/0x2a0
[ 152.295055][ T5893] get_page_from_freelist+0x21e4/0x22c0
[ 152.297482][ T5893] __alloc_frozen_pages_noprof+0x181/0x370
[ 152.299878][ T5893] alloc_pages_bulk_noprof+0x560/0x710
[ 152.302113][ T5893] __page_pool_alloc_pages_slow+0x127/0x740
[ 152.304628][ T5893] skb_pp_cow_data+0xb47/0x13e0
[ 152.306788][ T5893] do_xdp_generic+0x699/0x11a0
[ 152.308872][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 152.311242][ T5893] __netif_receive_skb+0x72/0x380
[ 152.313348][ T5893] netif_receive_skb+0x1cb/0x790
[ 152.315615][ T5893] tun_rx_batched+0x1b9/0x730
[ 152.317703][ T5893] tun_get_user+0x298e/0x3ce0
[ 152.319705][ T5893] tun_chr_write_iter+0x113/0x200
[ 152.321870][ T5893] vfs_write+0x54b/0xa90
[ 152.323624][ T5893] ksys_write+0x145/0x250
[ 152.325459][ T5893] do_syscall_64+0xfa/0x3b0
[ 152.327400][ T5893] page last free pid 50 tgid 50 stack trace:
[ 152.329805][ T5893] __free_frozen_pages+0xc71/0xe70
[ 152.331863][ T5893] rcu_core+0xca5/0x1710
[ 152.333809][ T5893] handle_softirqs+0x286/0x870
[ 152.336019][ T5893] do_softirq+0xec/0x180
[ 152.337868][ T5893] __local_bh_enable_ip+0x17d/0x1c0
[ 152.340107][ T5893] srcu_invoke_callbacks+0x215/0x450
[ 152.342404][ T5893] process_scheduled_works+0xade/0x17b0
[ 152.344803][ T5893] worker_thread+0x8a0/0xda0
[ 152.346818][ T5893] kthread+0x70e/0x8a0
[ 152.348540][ T5893] ret_from_fork+0x3fc/0x770
[ 152.350440][ T5893] ret_from_fork_asm+0x1a/0x30
[ 152.352332][ T5893] Modules linked in:
[ 152.354008][ T5893] CPU: 0 UID: 0 PID: 5893 Comm: syz.0.17 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 152.354020][ T5893] Tainted: [B]=BAD_PAGE
[ 152.354031][ T5893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 152.354037][ T5893] Call Trace:
[ 152.354056][ T5893]
[ 152.354068][ T5893] dump_stack_lvl+0x189/0x250
[ 152.354090][ T5893] ? __pfx_dump_stack_lvl+0x10/0x10
[ 152.354102][ T5893] ? __pfx_print_modules+0x10/0x10
[ 152.354116][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 152.354129][ T5893] bad_page+0x180/0x1c0
[ 152.354146][ T5893] __free_frozen_pages+0xe17/0xe70
[ 152.354161][ T5893] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 152.354193][ T5893] bpf_xdp_adjust_tail+0x1d6/0x220
[ 152.354207][ T5893] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 152.354218][ T5893] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 152.354237][ T5893] do_xdp_generic+0x9f7/0x11a0
[ 152.354247][ T5893] ? __pfx_do_xdp_generic+0x10/0x10
[ 152.354255][ T5893] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 152.354267][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 152.354275][ T5893] ? __up_read+0x280/0x680
[ 152.354284][ T5893] ? __pfx___up_read+0x10/0x10
[ 152.354291][ T5893] ? lock_release+0x4b/0x3e0
[ 152.354299][ T5893] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 152.354306][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.354315][ T5893] ? irqentry_exit+0x74/0x90
[ 152.354322][ T5893] ? exc_page_fault+0x9f/0xf0
[ 152.354332][ T5893] ? netif_receive_skb+0x115/0x790
[ 152.354337][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.354345][ T5893] ? lock_acquire+0x5f/0x360
[ 152.354354][ T5893] __netif_receive_skb+0x72/0x380
[ 152.354365][ T5893] ? netif_receive_skb+0x115/0x790
[ 152.354373][ T5893] netif_receive_skb+0x1cb/0x790
[ 152.354381][ T5893] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 152.354394][ T5893] ? __pfx_netif_receive_skb+0x10/0x10
[ 152.354403][ T5893] ? __pfx__copy_from_iter+0x10/0x10
[ 152.354414][ T5893] ? sock_alloc_send_pskb+0x875/0x990
[ 152.354429][ T5893] ? tun_rx_batched+0x160/0x730
[ 152.354440][ T5893] tun_rx_batched+0x1b9/0x730
[ 152.354456][ T5893] ? skb_header_pointer+0x8e/0x120
[ 152.354471][ T5893] ? __pfx_tun_rx_batched+0x10/0x10
[ 152.354481][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 152.354490][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.354501][ T5893] ? lock_acquire+0x5f/0x360
[ 152.354510][ T5893] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 152.354524][ T5893] tun_get_user+0x298e/0x3ce0
[ 152.354536][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 152.354545][ T5893] ? aa_file_perm+0x11f/0xed0
[ 152.354554][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.354564][ T5893] ? lock_release+0x4b/0x3e0
[ 152.354574][ T5893] ? __pfx_tun_get_user+0x10/0x10
[ 152.354585][ T5893] ? aa_file_perm+0x3e7/0xed0
[ 152.354593][ T5893] ? __pfx_preempt_schedule+0x10/0x10
[ 152.354610][ T5893] ? ref_tracker_alloc+0x318/0x460
[ 152.354621][ T5893] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 152.354629][ T5893] ? futex_private_hash_put+0x23a/0x290
[ 152.354642][ T5893] ? tun_get+0x1c/0x2f0
[ 152.354651][ T5893] ? tun_get+0x1c/0x2f0
[ 152.354660][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.354670][ T5893] ? tun_get+0x1c/0x2f0
[ 152.354680][ T5893] ? lock_release+0x4b/0x3e0
[ 152.354688][ T5893] ? tun_get+0x1c/0x2f0
[ 152.354697][ T5893] tun_chr_write_iter+0x113/0x200
[ 152.354708][ T5893] vfs_write+0x54b/0xa90
[ 152.354726][ T5893] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 152.354737][ T5893] ? __pfx_vfs_write+0x10/0x10
[ 152.354748][ T5893] ? __fget_files+0x2a/0x420
[ 152.354763][ T5893] ksys_write+0x145/0x250
[ 152.354776][ T5893] ? __pfx_ksys_write+0x10/0x10
[ 152.354786][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.354797][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.354808][ T5893] do_syscall_64+0xfa/0x3b0
[ 152.354835][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 152.354846][ T5893] ? clear_bhb_loop+0x60/0xb0
[ 152.354857][ T5893] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 152.354867][ T5893] RIP: 0033:0x7fca7018d3df
[ 152.354877][ T5893] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 152.354884][ T5893] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 152.354893][ T5893] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 152.354898][ T5893] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 152.354902][ T5893] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 152.354906][ T5893] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 152.354913][ T5893] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 152.354922][ T5893]
[ 152.355006][ T5893] BUG: Bad page state in process syz.0.17 pfn:56f66
[ 152.551469][ T5893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888056f66780 pfn:0x56f66
[ 152.555617][ T5893] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 152.558812][ T5893] raw: 04fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 152.562515][ T5893] raw: ffff888056f66780 0000000000000001 00000000ffffffff 0000000000000000
[ 152.566167][ T5893] page dumped because: page_pool leak
[ 152.568503][ T5893] page_owner tracks the page as allocated
[ 152.570884][ T5893] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5893, tgid 5891 (syz.0.17), ts 149597877554, free_ts 149596890571
[ 152.577915][ T5893] post_alloc_hook+0x240/0x2a0
[ 152.579985][ T5893] get_page_from_freelist+0x21e4/0x22c0
[ 152.582288][ T5893] __alloc_frozen_pages_noprof+0x181/0x370
[ 152.584916][ T5893] alloc_pages_bulk_noprof+0x560/0x710
[ 152.587206][ T5893] __page_pool_alloc_pages_slow+0x127/0x740
[ 152.589658][ T5893] skb_pp_cow_data+0xb47/0x13e0
[ 152.591764][ T5893] do_xdp_generic+0x699/0x11a0
[ 152.593833][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 152.596306][ T5893] __netif_receive_skb+0x72/0x380
[ 152.598420][ T5893] netif_receive_skb+0x1cb/0x790
[ 152.600457][ T5893] tun_rx_batched+0x1b9/0x730
[ 152.602538][ T5893] tun_get_user+0x298e/0x3ce0
[ 152.604767][ T5893] tun_chr_write_iter+0x113/0x200
[ 152.607157][ T5893] vfs_write+0x54b/0xa90
[ 152.608923][ T5893] ksys_write+0x145/0x250
[ 152.610706][ T5893] do_syscall_64+0xfa/0x3b0
[ 152.612623][ T5893] page last free pid 50 tgid 50 stack trace:
[ 152.615210][ T5893] __free_frozen_pages+0xc71/0xe70
[ 152.617628][ T5893] rcu_core+0xca5/0x1710
[ 152.619521][ T5893] handle_softirqs+0x286/0x870
[ 152.621661][ T5893] do_softirq+0xec/0x180
[ 152.623676][ T5893] __local_bh_enable_ip+0x17d/0x1c0
[ 152.626125][ T5893] srcu_invoke_callbacks+0x215/0x450
[ 152.628362][ T5893] process_scheduled_works+0xade/0x17b0
[ 152.630676][ T5893] worker_thread+0x8a0/0xda0
[ 152.632618][ T5893] kthread+0x70e/0x8a0
[ 152.634397][ T5893] ret_from_fork+0x3fc/0x770
[ 152.636511][ T5893] ret_from_fork_asm+0x1a/0x30
[ 152.638612][ T5893] Modules linked in:
[ 152.640327][ T5893] CPU: 0 UID: 0 PID: 5893 Comm: syz.0.17 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 152.640347][ T5893] Tainted: [B]=BAD_PAGE
[ 152.640351][ T5893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 152.640359][ T5893] Call Trace:
[ 152.640367][ T5893]
[ 152.640373][ T5893] dump_stack_lvl+0x189/0x250
[ 152.640390][ T5893] ? __pfx_dump_stack_lvl+0x10/0x10
[ 152.640402][ T5893] ? __pfx_print_modules+0x10/0x10
[ 152.640417][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 152.640430][ T5893] bad_page+0x180/0x1c0
[ 152.640442][ T5893] __free_frozen_pages+0xe17/0xe70
[ 152.640458][ T5893] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 152.640478][ T5893] bpf_xdp_adjust_tail+0x1d6/0x220
[ 152.640493][ T5893] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 152.640503][ T5893] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 152.640524][ T5893] do_xdp_generic+0x9f7/0x11a0
[ 152.640540][ T5893] ? __pfx_do_xdp_generic+0x10/0x10
[ 152.640554][ T5893] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 152.640575][ T5893] __netif_receive_skb_core+0x1823/0x4180
[ 152.640587][ T5893] ? __up_read+0x280/0x680
[ 152.640601][ T5893] ? __pfx___up_read+0x10/0x10
[ 152.640610][ T5893] ? lock_release+0x4b/0x3e0
[ 152.640618][ T5893] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 152.640625][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.640634][ T5893] ? irqentry_exit+0x74/0x90
[ 152.640640][ T5893] ? exc_page_fault+0x9f/0xf0
[ 152.640651][ T5893] ? netif_receive_skb+0x115/0x790
[ 152.640656][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.640663][ T5893] ? lock_acquire+0x5f/0x360
[ 152.640669][ T5893] __netif_receive_skb+0x72/0x380
[ 152.640677][ T5893] ? netif_receive_skb+0x115/0x790
[ 152.640683][ T5893] netif_receive_skb+0x1cb/0x790
[ 152.640689][ T5893] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 152.640697][ T5893] ? __pfx_netif_receive_skb+0x10/0x10
[ 152.640703][ T5893] ? __pfx__copy_from_iter+0x10/0x10
[ 152.640710][ T5893] ? sock_alloc_send_pskb+0x875/0x990
[ 152.640720][ T5893] ? tun_rx_batched+0x160/0x730
[ 152.640763][ T5893] tun_rx_batched+0x1b9/0x730
[ 152.640774][ T5893] ? skb_header_pointer+0x8e/0x120
[ 152.640789][ T5893] ? __pfx_tun_rx_batched+0x10/0x10
[ 152.640799][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 152.640809][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.640821][ T5893] ? lock_acquire+0x5f/0x360
[ 152.640831][ T5893] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 152.640845][ T5893] tun_get_user+0x298e/0x3ce0
[ 152.640857][ T5893] ? tun_get_user+0x2549/0x3ce0
[ 152.640867][ T5893] ? aa_file_perm+0x11f/0xed0
[ 152.640878][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.640888][ T5893] ? lock_release+0x4b/0x3e0
[ 152.640898][ T5893] ? __pfx_tun_get_user+0x10/0x10
[ 152.640909][ T5893] ? aa_file_perm+0x3e7/0xed0
[ 152.640919][ T5893] ? __pfx_preempt_schedule+0x10/0x10
[ 152.640937][ T5893] ? ref_tracker_alloc+0x318/0x460
[ 152.640948][ T5893] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 152.640956][ T5893] ? futex_private_hash_put+0x23a/0x290
[ 152.640969][ T5893] ? tun_get+0x1c/0x2f0
[ 152.640979][ T5893] ? tun_get+0x1c/0x2f0
[ 152.640989][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.641000][ T5893] ? tun_get+0x1c/0x2f0
[ 152.641010][ T5893] ? lock_release+0x4b/0x3e0
[ 152.641027][ T5893] ? tun_get+0x1c/0x2f0
[ 152.641038][ T5893] tun_chr_write_iter+0x113/0x200
[ 152.641050][ T5893] vfs_write+0x54b/0xa90
[ 152.641065][ T5893] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 152.641075][ T5893] ? __pfx_vfs_write+0x10/0x10
[ 152.641087][ T5893] ? __fget_files+0x2a/0x420
[ 152.641109][ T5893] ksys_write+0x145/0x250
[ 152.641121][ T5893] ? __pfx_ksys_write+0x10/0x10
[ 152.641137][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.641148][ T5893] ? rcu_is_watching+0x15/0xb0
[ 152.641159][ T5893] do_syscall_64+0xfa/0x3b0
[ 152.641170][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 152.641180][ T5893] ? clear_bhb_loop+0x60/0xb0
[ 152.641192][ T5893] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 152.641203][ T5893] RIP: 0033:0x7fca7018d3df
[ 152.641215][ T5893] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 152.641225][ T5893] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 152.641238][ T5893] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 152.641246][ T5893] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 152.641253][ T5893] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 152.641260][ T5893] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 152.641267][ T5893] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 152.641278][ T5893]
[ 152.866656][ T4690] Bluetooth: hci0: command tx timeout
2025/07/05 20:31:21 executed programs: 3
[ 152.994549][ T5896] BUG: Bad page state in process syz.0.18 pfn:1179b
[ 152.997534][ T5896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x1179b
[ 153.001756][ T5896] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 153.004765][ T5896] raw: 00fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 153.008484][ T5896] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 153.012140][ T5896] page dumped because: page_pool leak
[ 153.014518][ T5896] page_owner tracks the page as allocated
[ 153.017058][ T5896] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5896, tgid 5895 (syz.0.18), ts 152994500468, free_ts 140093346764
[ 153.024107][ T5896] post_alloc_hook+0x240/0x2a0
[ 153.026140][ T5896] get_page_from_freelist+0x21e4/0x22c0
[ 153.028685][ T5896] __alloc_frozen_pages_noprof+0x181/0x370
[ 153.031391][ T5896] alloc_pages_bulk_noprof+0x560/0x710
[ 153.033653][ T5896] __page_pool_alloc_pages_slow+0x127/0x740
[ 153.036133][ T5896] skb_pp_cow_data+0xb47/0x13e0
[ 153.038323][ T5896] do_xdp_generic+0x699/0x11a0
[ 153.040422][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 153.042857][ T5896] __netif_receive_skb+0x72/0x380
[ 153.045057][ T5896] netif_receive_skb+0x1cb/0x790
[ 153.047187][ T5896] tun_rx_batched+0x1b9/0x730
[ 153.049208][ T5896] tun_get_user+0x298e/0x3ce0
[ 153.051191][ T5896] tun_chr_write_iter+0x113/0x200
[ 153.053366][ T5896] vfs_write+0x54b/0xa90
[ 153.055229][ T5896] ksys_write+0x145/0x250
[ 153.057119][ T5896] do_syscall_64+0xfa/0x3b0
[ 153.058994][ T5896] page last free pid 5765 tgid 5765 stack trace:
[ 153.061798][ T5896] __free_frozen_pages+0xc71/0xe70
[ 153.064094][ T5896] vfree+0x25a/0x400
[ 153.066041][ T5896] kcov_close+0x28/0x50
[ 153.067853][ T5896] __fput+0x449/0xa70
[ 153.069603][ T5896] task_work_run+0x1d1/0x260
[ 153.071744][ T5896] do_exit+0x6b5/0x22e0
[ 153.074019][ T5896] do_group_exit+0x21c/0x2d0
[ 153.076674][ T5896] get_signal+0x1286/0x1340
[ 153.079118][ T5896] arch_do_signal_or_restart+0x9a/0x750
[ 153.082075][ T5896] exit_to_user_mode_loop+0x75/0x110
[ 153.084548][ T5896] do_syscall_64+0x2bd/0x3b0
[ 153.086631][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.089248][ T5896] Modules linked in:
[ 153.090905][ T5896] CPU: 0 UID: 0 PID: 5896 Comm: syz.0.18 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 153.090922][ T5896] Tainted: [B]=BAD_PAGE
[ 153.090926][ T5896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 153.090933][ T5896] Call Trace:
[ 153.090939][ T5896]
[ 153.090945][ T5896] dump_stack_lvl+0x189/0x250
[ 153.090960][ T5896] ? __pfx_dump_stack_lvl+0x10/0x10
[ 153.090971][ T5896] ? __pfx_print_modules+0x10/0x10
[ 153.090984][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.090997][ T5896] bad_page+0x180/0x1c0
[ 153.091015][ T5896] __free_frozen_pages+0xe17/0xe70
[ 153.091030][ T5896] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 153.091049][ T5896] bpf_xdp_adjust_tail+0x1d6/0x220
[ 153.091063][ T5896] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 153.091073][ T5896] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 153.091094][ T5896] do_xdp_generic+0x9f7/0x11a0
[ 153.091110][ T5896] ? __pfx_do_xdp_generic+0x10/0x10
[ 153.091123][ T5896] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 153.091143][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 153.091155][ T5896] ? __up_read+0x280/0x680
[ 153.091167][ T5896] ? __pfx___up_read+0x10/0x10
[ 153.091178][ T5896] ? lock_release+0x4b/0x3e0
[ 153.091190][ T5896] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 153.091200][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.091213][ T5896] ? irqentry_exit+0x74/0x90
[ 153.091222][ T5896] ? exc_page_fault+0x9f/0xf0
[ 153.091239][ T5896] ? netif_receive_skb+0x115/0x790
[ 153.091247][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.091258][ T5896] ? lock_acquire+0x5f/0x360
[ 153.091267][ T5896] __netif_receive_skb+0x72/0x380
[ 153.091277][ T5896] ? netif_receive_skb+0x115/0x790
[ 153.091286][ T5896] netif_receive_skb+0x1cb/0x790
[ 153.091294][ T5896] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 153.091305][ T5896] ? __pfx_netif_receive_skb+0x10/0x10
[ 153.091314][ T5896] ? __pfx__copy_from_iter+0x10/0x10
[ 153.091324][ T5896] ? sock_alloc_send_pskb+0x875/0x990
[ 153.091340][ T5896] ? tun_rx_batched+0x160/0x730
[ 153.091352][ T5896] tun_rx_batched+0x1b9/0x730
[ 153.091363][ T5896] ? skb_header_pointer+0x8e/0x120
[ 153.091377][ T5896] ? __pfx_tun_rx_batched+0x10/0x10
[ 153.091386][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 153.091395][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.091407][ T5896] ? lock_acquire+0x5f/0x360
[ 153.091416][ T5896] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 153.091430][ T5896] tun_get_user+0x298e/0x3ce0
[ 153.091441][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 153.091451][ T5896] ? aa_file_perm+0x11f/0xed0
[ 153.091460][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.091468][ T5896] ? lock_release+0x4b/0x3e0
[ 153.091477][ T5896] ? __pfx_tun_get_user+0x10/0x10
[ 153.091486][ T5896] ? aa_file_perm+0x3e7/0xed0
[ 153.091495][ T5896] ? __pfx_preempt_schedule+0x10/0x10
[ 153.091511][ T5896] ? ref_tracker_alloc+0x318/0x460
[ 153.091521][ T5896] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 153.091528][ T5896] ? futex_private_hash_put+0x23a/0x290
[ 153.091541][ T5896] ? tun_get+0x1c/0x2f0
[ 153.091549][ T5896] ? tun_get+0x1c/0x2f0
[ 153.091558][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.091568][ T5896] ? tun_get+0x1c/0x2f0
[ 153.091576][ T5896] ? lock_release+0x4b/0x3e0
[ 153.091586][ T5896] ? tun_get+0x1c/0x2f0
[ 153.091595][ T5896] tun_chr_write_iter+0x113/0x200
[ 153.091606][ T5896] vfs_write+0x54b/0xa90
[ 153.091620][ T5896] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 153.091630][ T5896] ? __pfx_vfs_write+0x10/0x10
[ 153.091643][ T5896] ? __fget_files+0x2a/0x420
[ 153.091660][ T5896] ksys_write+0x145/0x250
[ 153.091671][ T5896] ? __pfx_ksys_write+0x10/0x10
[ 153.091681][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.091700][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.091712][ T5896] do_syscall_64+0xfa/0x3b0
[ 153.091723][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.091733][ T5896] ? clear_bhb_loop+0x60/0xb0
[ 153.091745][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.091755][ T5896] RIP: 0033:0x7fca7018d3df
[ 153.091765][ T5896] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 153.091774][ T5896] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 153.091785][ T5896] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 153.091795][ T5896] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 153.091802][ T5896] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 153.091808][ T5896] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 153.091814][ T5896] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 153.091825][ T5896]
[ 153.091833][ T5896] BUG: Bad page state in process syz.0.18 pfn:1a3e6
[ 153.289935][ T5896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801a3e6000 pfn:0x1a3e6
[ 153.294083][ T5896] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 153.297168][ T5896] raw: 00fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 153.300786][ T5896] raw: ffff88801a3e6000 0000000000000001 00000000ffffffff 0000000000000000
[ 153.305174][ T5896] page dumped because: page_pool leak
[ 153.308050][ T5896] page_owner tracks the page as allocated
[ 153.310532][ T5896] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5896, tgid 5895 (syz.0.18), ts 152994493939, free_ts 140093356154
[ 153.319845][ T5896] post_alloc_hook+0x240/0x2a0
[ 153.321844][ T5896] get_page_from_freelist+0x21e4/0x22c0
[ 153.324161][ T5896] __alloc_frozen_pages_noprof+0x181/0x370
[ 153.326770][ T5896] alloc_pages_bulk_noprof+0x560/0x710
[ 153.329232][ T5896] __page_pool_alloc_pages_slow+0x127/0x740
[ 153.332104][ T5896] skb_pp_cow_data+0xb47/0x13e0
[ 153.334489][ T5896] do_xdp_generic+0x699/0x11a0
[ 153.336689][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 153.339069][ T5896] __netif_receive_skb+0x72/0x380
[ 153.341229][ T5896] netif_receive_skb+0x1cb/0x790
[ 153.343362][ T5896] tun_rx_batched+0x1b9/0x730
[ 153.345417][ T5896] tun_get_user+0x298e/0x3ce0
[ 153.347630][ T5896] tun_chr_write_iter+0x113/0x200
[ 153.349903][ T5896] vfs_write+0x54b/0xa90
[ 153.351802][ T5896] ksys_write+0x145/0x250
[ 153.353661][ T5896] do_syscall_64+0xfa/0x3b0
[ 153.355579][ T5896] page last free pid 5765 tgid 5765 stack trace:
[ 153.358456][ T5896] __free_frozen_pages+0xc71/0xe70
[ 153.360587][ T5896] vfree+0x25a/0x400
[ 153.362309][ T5896] kcov_close+0x28/0x50
[ 153.364121][ T5896] __fput+0x449/0xa70
[ 153.365930][ T5896] task_work_run+0x1d1/0x260
[ 153.367946][ T5896] do_exit+0x6b5/0x22e0
[ 153.369766][ T5896] do_group_exit+0x21c/0x2d0
[ 153.371753][ T5896] get_signal+0x1286/0x1340
[ 153.373731][ T5896] arch_do_signal_or_restart+0x9a/0x750
[ 153.376125][ T5896] exit_to_user_mode_loop+0x75/0x110
[ 153.378470][ T5896] do_syscall_64+0x2bd/0x3b0
[ 153.380554][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.383146][ T5896] Modules linked in:
[ 153.384847][ T5896] CPU: 0 UID: 0 PID: 5896 Comm: syz.0.18 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 153.384865][ T5896] Tainted: [B]=BAD_PAGE
[ 153.384875][ T5896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 153.384883][ T5896] Call Trace:
[ 153.384911][ T5896]
[ 153.384922][ T5896] dump_stack_lvl+0x189/0x250
[ 153.384948][ T5896] ? __pfx_dump_stack_lvl+0x10/0x10
[ 153.384961][ T5896] ? __pfx_print_modules+0x10/0x10
[ 153.384977][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.384992][ T5896] bad_page+0x180/0x1c0
[ 153.385010][ T5896] __free_frozen_pages+0xe17/0xe70
[ 153.385027][ T5896] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 153.385060][ T5896] bpf_xdp_adjust_tail+0x1d6/0x220
[ 153.385075][ T5896] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 153.385086][ T5896] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 153.385111][ T5896] do_xdp_generic+0x9f7/0x11a0
[ 153.385131][ T5896] ? __pfx_do_xdp_generic+0x10/0x10
[ 153.385147][ T5896] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 153.385170][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 153.385183][ T5896] ? __up_read+0x280/0x680
[ 153.385199][ T5896] ? __pfx___up_read+0x10/0x10
[ 153.385212][ T5896] ? lock_release+0x4b/0x3e0
[ 153.385225][ T5896] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 153.385238][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.385252][ T5896] ? irqentry_exit+0x74/0x90
[ 153.385270][ T5896] ? exc_page_fault+0x9f/0xf0
[ 153.385287][ T5896] ? netif_receive_skb+0x115/0x790
[ 153.385297][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.385310][ T5896] ? lock_acquire+0x5f/0x360
[ 153.385321][ T5896] __netif_receive_skb+0x72/0x380
[ 153.385334][ T5896] ? netif_receive_skb+0x115/0x790
[ 153.385344][ T5896] netif_receive_skb+0x1cb/0x790
[ 153.385355][ T5896] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 153.385368][ T5896] ? __pfx_netif_receive_skb+0x10/0x10
[ 153.385379][ T5896] ? __pfx__copy_from_iter+0x10/0x10
[ 153.385391][ T5896] ? sock_alloc_send_pskb+0x875/0x990
[ 153.385407][ T5896] ? tun_rx_batched+0x160/0x730
[ 153.385420][ T5896] tun_rx_batched+0x1b9/0x730
[ 153.385445][ T5896] ? skb_header_pointer+0x8e/0x120
[ 153.385463][ T5896] ? __pfx_tun_rx_batched+0x10/0x10
[ 153.385476][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 153.385487][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.385499][ T5896] ? lock_acquire+0x5f/0x360
[ 153.385510][ T5896] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 153.385525][ T5896] tun_get_user+0x298e/0x3ce0
[ 153.385538][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 153.385550][ T5896] ? aa_file_perm+0x11f/0xed0
[ 153.385563][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.385575][ T5896] ? lock_release+0x4b/0x3e0
[ 153.385587][ T5896] ? __pfx_tun_get_user+0x10/0x10
[ 153.385598][ T5896] ? aa_file_perm+0x3e7/0xed0
[ 153.385608][ T5896] ? __pfx_preempt_schedule+0x10/0x10
[ 153.385625][ T5896] ? ref_tracker_alloc+0x318/0x460
[ 153.385636][ T5896] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 153.385645][ T5896] ? futex_private_hash_put+0x23a/0x290
[ 153.385678][ T5896] ? tun_get+0x1c/0x2f0
[ 153.385690][ T5896] ? tun_get+0x1c/0x2f0
[ 153.385701][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.385713][ T5896] ? tun_get+0x1c/0x2f0
[ 153.385723][ T5896] ? lock_release+0x4b/0x3e0
[ 153.385735][ T5896] ? tun_get+0x1c/0x2f0
[ 153.385748][ T5896] tun_chr_write_iter+0x113/0x200
[ 153.385760][ T5896] vfs_write+0x54b/0xa90
[ 153.385780][ T5896] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 153.385792][ T5896] ? __pfx_vfs_write+0x10/0x10
[ 153.385807][ T5896] ? __fget_files+0x2a/0x420
[ 153.385825][ T5896] ksys_write+0x145/0x250
[ 153.385838][ T5896] ? __pfx_ksys_write+0x10/0x10
[ 153.385851][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.385865][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.385878][ T5896] do_syscall_64+0xfa/0x3b0
[ 153.385945][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.385957][ T5896] ? clear_bhb_loop+0x60/0xb0
[ 153.385970][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.385981][ T5896] RIP: 0033:0x7fca7018d3df
[ 153.386005][ T5896] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 153.386014][ T5896] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 153.386027][ T5896] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 153.386035][ T5896] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 153.386042][ T5896] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 153.386049][ T5896] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 153.386057][ T5896] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 153.386068][ T5896]
[ 153.581943][ T5896] BUG: Bad page state in process syz.0.18 pfn:1a3e7
[ 153.584793][ T5896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801a3e7c00 pfn:0x1a3e7
[ 153.589091][ T5896] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 153.592049][ T5896] raw: 00fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 153.595860][ T5896] raw: ffff88801a3e7c00 0000000000000001 00000000ffffffff 0000000000000000
[ 153.599467][ T5896] page dumped because: page_pool leak
[ 153.601726][ T5896] page_owner tracks the page as allocated
[ 153.604121][ T5896] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5896, tgid 5895 (syz.0.18), ts 152994486979, free_ts 140093365362
[ 153.610993][ T5896] post_alloc_hook+0x240/0x2a0
[ 153.613135][ T5896] get_page_from_freelist+0x21e4/0x22c0
[ 153.615523][ T5896] __alloc_frozen_pages_noprof+0x181/0x370
[ 153.618155][ T5896] alloc_pages_bulk_noprof+0x560/0x710
[ 153.620426][ T5896] __page_pool_alloc_pages_slow+0x127/0x740
[ 153.622969][ T5896] skb_pp_cow_data+0xb47/0x13e0
[ 153.625078][ T5896] do_xdp_generic+0x699/0x11a0
[ 153.627226][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 153.629643][ T5896] __netif_receive_skb+0x72/0x380
[ 153.631744][ T5896] netif_receive_skb+0x1cb/0x790
[ 153.633872][ T5896] tun_rx_batched+0x1b9/0x730
[ 153.636067][ T5896] tun_get_user+0x298e/0x3ce0
[ 153.638188][ T5896] tun_chr_write_iter+0x113/0x200
[ 153.640599][ T5896] vfs_write+0x54b/0xa90
[ 153.642457][ T5896] ksys_write+0x145/0x250
[ 153.644275][ T5896] do_syscall_64+0xfa/0x3b0
[ 153.646266][ T5896] page last free pid 5765 tgid 5765 stack trace:
[ 153.648883][ T5896] __free_frozen_pages+0xc71/0xe70
[ 153.651000][ T5896] vfree+0x25a/0x400
[ 153.652685][ T5896] kcov_close+0x28/0x50
[ 153.654567][ T5896] __fput+0x449/0xa70
[ 153.656364][ T5896] task_work_run+0x1d1/0x260
[ 153.658272][ T5896] do_exit+0x6b5/0x22e0
[ 153.660020][ T5896] do_group_exit+0x21c/0x2d0
[ 153.661955][ T5896] get_signal+0x1286/0x1340
[ 153.663913][ T5896] arch_do_signal_or_restart+0x9a/0x750
[ 153.666255][ T5896] exit_to_user_mode_loop+0x75/0x110
[ 153.668515][ T5896] do_syscall_64+0x2bd/0x3b0
[ 153.670591][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.673405][ T5896] Modules linked in:
[ 153.675270][ T5896] CPU: 0 UID: 0 PID: 5896 Comm: syz.0.18 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 153.675288][ T5896] Tainted: [B]=BAD_PAGE
[ 153.675292][ T5896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 153.675298][ T5896] Call Trace:
[ 153.675305][ T5896]
[ 153.675311][ T5896] dump_stack_lvl+0x189/0x250
[ 153.675328][ T5896] ? __pfx_dump_stack_lvl+0x10/0x10
[ 153.675340][ T5896] ? __pfx_print_modules+0x10/0x10
[ 153.675355][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.675367][ T5896] bad_page+0x180/0x1c0
[ 153.675380][ T5896] __free_frozen_pages+0xe17/0xe70
[ 153.675397][ T5896] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 153.675417][ T5896] bpf_xdp_adjust_tail+0x1d6/0x220
[ 153.675433][ T5896] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 153.675444][ T5896] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 153.675468][ T5896] do_xdp_generic+0x9f7/0x11a0
[ 153.675486][ T5896] ? __pfx_do_xdp_generic+0x10/0x10
[ 153.675500][ T5896] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 153.675523][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 153.675536][ T5896] ? __up_read+0x280/0x680
[ 153.675551][ T5896] ? __pfx___up_read+0x10/0x10
[ 153.675563][ T5896] ? lock_release+0x4b/0x3e0
[ 153.675577][ T5896] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 153.675589][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.675603][ T5896] ? irqentry_exit+0x74/0x90
[ 153.675612][ T5896] ? exc_page_fault+0x9f/0xf0
[ 153.675629][ T5896] ? netif_receive_skb+0x115/0x790
[ 153.675639][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.675650][ T5896] ? lock_acquire+0x5f/0x360
[ 153.675683][ T5896] __netif_receive_skb+0x72/0x380
[ 153.675697][ T5896] ? netif_receive_skb+0x115/0x790
[ 153.675706][ T5896] netif_receive_skb+0x1cb/0x790
[ 153.675717][ T5896] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 153.675730][ T5896] ? __pfx_netif_receive_skb+0x10/0x10
[ 153.675740][ T5896] ? __pfx__copy_from_iter+0x10/0x10
[ 153.675751][ T5896] ? sock_alloc_send_pskb+0x875/0x990
[ 153.675767][ T5896] ? tun_rx_batched+0x160/0x730
[ 153.675781][ T5896] tun_rx_batched+0x1b9/0x730
[ 153.675792][ T5896] ? skb_header_pointer+0x8e/0x120
[ 153.675816][ T5896] ? __pfx_tun_rx_batched+0x10/0x10
[ 153.675827][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 153.675838][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.675855][ T5896] ? lock_acquire+0x5f/0x360
[ 153.675866][ T5896] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 153.675881][ T5896] tun_get_user+0x298e/0x3ce0
[ 153.675894][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 153.675905][ T5896] ? aa_file_perm+0x11f/0xed0
[ 153.675917][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.675929][ T5896] ? lock_release+0x4b/0x3e0
[ 153.675941][ T5896] ? __pfx_tun_get_user+0x10/0x10
[ 153.675952][ T5896] ? aa_file_perm+0x3e7/0xed0
[ 153.675963][ T5896] ? __pfx_preempt_schedule+0x10/0x10
[ 153.675982][ T5896] ? ref_tracker_alloc+0x318/0x460
[ 153.675992][ T5896] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 153.676000][ T5896] ? futex_private_hash_put+0x23a/0x290
[ 153.676015][ T5896] ? tun_get+0x1c/0x2f0
[ 153.676025][ T5896] ? tun_get+0x1c/0x2f0
[ 153.676035][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.676045][ T5896] ? tun_get+0x1c/0x2f0
[ 153.676056][ T5896] ? lock_release+0x4b/0x3e0
[ 153.676067][ T5896] ? tun_get+0x1c/0x2f0
[ 153.676079][ T5896] tun_chr_write_iter+0x113/0x200
[ 153.676091][ T5896] vfs_write+0x54b/0xa90
[ 153.676106][ T5896] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 153.676118][ T5896] ? __pfx_vfs_write+0x10/0x10
[ 153.676132][ T5896] ? __fget_files+0x2a/0x420
[ 153.676150][ T5896] ksys_write+0x145/0x250
[ 153.676164][ T5896] ? __pfx_ksys_write+0x10/0x10
[ 153.676175][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.676188][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.676201][ T5896] do_syscall_64+0xfa/0x3b0
[ 153.676214][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.676225][ T5896] ? clear_bhb_loop+0x60/0xb0
[ 153.676237][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.676258][ T5896] RIP: 0033:0x7fca7018d3df
[ 153.676268][ T5896] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 153.676279][ T5896] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 153.676293][ T5896] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 153.676301][ T5896] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 153.676309][ T5896] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 153.676316][ T5896] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 153.676323][ T5896] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 153.676335][ T5896]
[ 153.868335][ T5896] BUG: Bad page state in process syz.0.18 pfn:11f7a
[ 153.871166][ T5896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888011f7a700 pfn:0x11f7a
[ 153.875249][ T5896] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 153.878112][ T5896] raw: 00fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 153.881563][ T5896] raw: ffff888011f7a700 0000000000000001 00000000ffffffff 0000000000000000
[ 153.885406][ T5896] page dumped because: page_pool leak
[ 153.887926][ T5896] page_owner tracks the page as allocated
[ 153.890358][ T5896] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5896, tgid 5895 (syz.0.18), ts 152994480235, free_ts 140093375419
[ 153.897334][ T5896] post_alloc_hook+0x240/0x2a0
[ 153.899372][ T5896] get_page_from_freelist+0x21e4/0x22c0
[ 153.901676][ T5896] __alloc_frozen_pages_noprof+0x181/0x370
[ 153.903953][ T5896] alloc_pages_bulk_noprof+0x560/0x710
[ 153.906345][ T5896] __page_pool_alloc_pages_slow+0x127/0x740
[ 153.908846][ T5896] skb_pp_cow_data+0xb47/0x13e0
[ 153.910858][ T5896] do_xdp_generic+0x699/0x11a0
[ 153.912882][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 153.915292][ T5896] __netif_receive_skb+0x72/0x380
[ 153.917438][ T5896] netif_receive_skb+0x1cb/0x790
[ 153.919452][ T5896] tun_rx_batched+0x1b9/0x730
[ 153.921390][ T5896] tun_get_user+0x298e/0x3ce0
[ 153.923493][ T5896] tun_chr_write_iter+0x113/0x200
[ 153.925616][ T5896] vfs_write+0x54b/0xa90
[ 153.927380][ T5896] ksys_write+0x145/0x250
[ 153.929176][ T5896] do_syscall_64+0xfa/0x3b0
[ 153.931063][ T5896] page last free pid 5765 tgid 5765 stack trace:
[ 153.933728][ T5896] __free_frozen_pages+0xc71/0xe70
[ 153.935863][ T5896] vfree+0x25a/0x400
[ 153.937363][ T5896] kcov_close+0x28/0x50
[ 153.939138][ T5896] __fput+0x449/0xa70
[ 153.940922][ T5896] task_work_run+0x1d1/0x260
[ 153.942891][ T5896] do_exit+0x6b5/0x22e0
[ 153.944685][ T5896] do_group_exit+0x21c/0x2d0
[ 153.946750][ T5896] get_signal+0x1286/0x1340
[ 153.948655][ T5896] arch_do_signal_or_restart+0x9a/0x750
[ 153.951043][ T5896] exit_to_user_mode_loop+0x75/0x110
[ 153.953308][ T5896] do_syscall_64+0x2bd/0x3b0
[ 153.955217][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.957811][ T5896] Modules linked in:
[ 153.959480][ T5896] CPU: 0 UID: 0 PID: 5896 Comm: syz.0.18 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 153.959498][ T5896] Tainted: [B]=BAD_PAGE
[ 153.959502][ T5896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 153.959510][ T5896] Call Trace:
[ 153.959518][ T5896]
[ 153.959524][ T5896] dump_stack_lvl+0x189/0x250
[ 153.959540][ T5896] ? __pfx_dump_stack_lvl+0x10/0x10
[ 153.959554][ T5896] ? __pfx_print_modules+0x10/0x10
[ 153.959568][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.959583][ T5896] bad_page+0x180/0x1c0
[ 153.959595][ T5896] __free_frozen_pages+0xe17/0xe70
[ 153.959611][ T5896] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 153.959632][ T5896] bpf_xdp_adjust_tail+0x1d6/0x220
[ 153.959647][ T5896] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 153.959659][ T5896] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 153.959682][ T5896] do_xdp_generic+0x9f7/0x11a0
[ 153.959700][ T5896] ? __pfx_do_xdp_generic+0x10/0x10
[ 153.959715][ T5896] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 153.959736][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 153.959750][ T5896] ? __up_read+0x280/0x680
[ 153.959764][ T5896] ? __pfx___up_read+0x10/0x10
[ 153.959775][ T5896] ? lock_release+0x4b/0x3e0
[ 153.959789][ T5896] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 153.959801][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.959815][ T5896] ? irqentry_exit+0x74/0x90
[ 153.959825][ T5896] ? exc_page_fault+0x9f/0xf0
[ 153.959841][ T5896] ? netif_receive_skb+0x115/0x790
[ 153.959852][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.959863][ T5896] ? lock_acquire+0x5f/0x360
[ 153.959873][ T5896] __netif_receive_skb+0x72/0x380
[ 153.959886][ T5896] ? netif_receive_skb+0x115/0x790
[ 153.959896][ T5896] netif_receive_skb+0x1cb/0x790
[ 153.959905][ T5896] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 153.959917][ T5896] ? __pfx_netif_receive_skb+0x10/0x10
[ 153.959928][ T5896] ? __pfx__copy_from_iter+0x10/0x10
[ 153.959939][ T5896] ? sock_alloc_send_pskb+0x875/0x990
[ 153.959957][ T5896] ? tun_rx_batched+0x160/0x730
[ 153.959971][ T5896] tun_rx_batched+0x1b9/0x730
[ 153.959981][ T5896] ? skb_header_pointer+0x8e/0x120
[ 153.959998][ T5896] ? __pfx_tun_rx_batched+0x10/0x10
[ 153.960010][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 153.960019][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.960030][ T5896] ? lock_acquire+0x5f/0x360
[ 153.960041][ T5896] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 153.960054][ T5896] tun_get_user+0x298e/0x3ce0
[ 153.960066][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 153.960078][ T5896] ? aa_file_perm+0x11f/0xed0
[ 153.960089][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.960109][ T5896] ? lock_release+0x4b/0x3e0
[ 153.960124][ T5896] ? __pfx_tun_get_user+0x10/0x10
[ 153.960135][ T5896] ? aa_file_perm+0x3e7/0xed0
[ 153.960146][ T5896] ? __pfx_preempt_schedule+0x10/0x10
[ 153.960162][ T5896] ? ref_tracker_alloc+0x318/0x460
[ 153.960175][ T5896] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 153.960184][ T5896] ? futex_private_hash_put+0x23a/0x290
[ 153.960197][ T5896] ? tun_get+0x1c/0x2f0
[ 153.960207][ T5896] ? tun_get+0x1c/0x2f0
[ 153.960224][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.960234][ T5896] ? tun_get+0x1c/0x2f0
[ 153.960245][ T5896] ? lock_release+0x4b/0x3e0
[ 153.960255][ T5896] ? tun_get+0x1c/0x2f0
[ 153.960266][ T5896] tun_chr_write_iter+0x113/0x200
[ 153.960280][ T5896] vfs_write+0x54b/0xa90
[ 153.960293][ T5896] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 153.960305][ T5896] ? __pfx_vfs_write+0x10/0x10
[ 153.960319][ T5896] ? __fget_files+0x2a/0x420
[ 153.960333][ T5896] ksys_write+0x145/0x250
[ 153.960344][ T5896] ? __pfx_ksys_write+0x10/0x10
[ 153.960354][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.960369][ T5896] ? rcu_is_watching+0x15/0xb0
[ 153.960381][ T5896] do_syscall_64+0xfa/0x3b0
[ 153.960395][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.960405][ T5896] ? clear_bhb_loop+0x60/0xb0
[ 153.960416][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 153.960428][ T5896] RIP: 0033:0x7fca7018d3df
[ 153.960439][ T5896] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 153.960448][ T5896] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 153.960462][ T5896] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 153.960469][ T5896] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 153.960476][ T5896] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 153.960485][ T5896] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 153.960491][ T5896] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 153.960502][ T5896]
[ 153.960509][ T5896] BUG: Bad page state in process syz.0.18 pfn:11f7b
[ 154.153943][ T5896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888011f7b800 pfn:0x11f7b
[ 154.158093][ T5896] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 154.160980][ T5896] raw: 00fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 154.164484][ T5896] raw: ffff888011f7b800 0000000000000001 00000000ffffffff 0000000000000000
[ 154.168124][ T5896] page dumped because: page_pool leak
[ 154.170408][ T5896] page_owner tracks the page as allocated
[ 154.172706][ T5896] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5896, tgid 5895 (syz.0.18), ts 152994472904, free_ts 140093385430
[ 154.179682][ T5896] post_alloc_hook+0x240/0x2a0
[ 154.181813][ T5896] get_page_from_freelist+0x21e4/0x22c0
[ 154.184318][ T5896] __alloc_frozen_pages_noprof+0x181/0x370
[ 154.186796][ T5896] alloc_pages_bulk_noprof+0x560/0x710
[ 154.189025][ T5896] __page_pool_alloc_pages_slow+0x127/0x740
[ 154.191457][ T5896] skb_pp_cow_data+0xb47/0x13e0
[ 154.193521][ T5896] do_xdp_generic+0x699/0x11a0
[ 154.195581][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 154.198339][ T5896] __netif_receive_skb+0x72/0x380
[ 154.200442][ T5896] netif_receive_skb+0x1cb/0x790
[ 154.202519][ T5896] tun_rx_batched+0x1b9/0x730
[ 154.204659][ T5896] tun_get_user+0x298e/0x3ce0
[ 154.206789][ T5896] tun_chr_write_iter+0x113/0x200
[ 154.208933][ T5896] vfs_write+0x54b/0xa90
[ 154.210767][ T5896] ksys_write+0x145/0x250
[ 154.212629][ T5896] do_syscall_64+0xfa/0x3b0
[ 154.214627][ T5896] page last free pid 5765 tgid 5765 stack trace:
[ 154.217433][ T5896] __free_frozen_pages+0xc71/0xe70
[ 154.219590][ T5896] vfree+0x25a/0x400
[ 154.221336][ T5896] kcov_close+0x28/0x50
[ 154.223162][ T5896] __fput+0x449/0xa70
[ 154.224907][ T5896] task_work_run+0x1d1/0x260
[ 154.226992][ T5896] do_exit+0x6b5/0x22e0
[ 154.228801][ T5896] do_group_exit+0x21c/0x2d0
[ 154.230826][ T5896] get_signal+0x1286/0x1340
[ 154.232753][ T5896] arch_do_signal_or_restart+0x9a/0x750
[ 154.235218][ T5896] exit_to_user_mode_loop+0x75/0x110
[ 154.237599][ T5896] do_syscall_64+0x2bd/0x3b0
[ 154.239597][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.242098][ T5896] Modules linked in:
[ 154.243848][ T5896] CPU: 0 UID: 0 PID: 5896 Comm: syz.0.18 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 154.243865][ T5896] Tainted: [B]=BAD_PAGE
[ 154.243869][ T5896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 154.243878][ T5896] Call Trace:
[ 154.243884][ T5896]
[ 154.243890][ T5896] dump_stack_lvl+0x189/0x250
[ 154.243906][ T5896] ? __pfx_dump_stack_lvl+0x10/0x10
[ 154.243919][ T5896] ? __pfx_print_modules+0x10/0x10
[ 154.243934][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.243947][ T5896] bad_page+0x180/0x1c0
[ 154.243959][ T5896] __free_frozen_pages+0xe17/0xe70
[ 154.243985][ T5896] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 154.244006][ T5896] bpf_xdp_adjust_tail+0x1d6/0x220
[ 154.244020][ T5896] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 154.244030][ T5896] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 154.244054][ T5896] do_xdp_generic+0x9f7/0x11a0
[ 154.244072][ T5896] ? __pfx_do_xdp_generic+0x10/0x10
[ 154.244087][ T5896] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 154.244108][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 154.244121][ T5896] ? __up_read+0x280/0x680
[ 154.244135][ T5896] ? __pfx___up_read+0x10/0x10
[ 154.244148][ T5896] ? lock_release+0x4b/0x3e0
[ 154.244161][ T5896] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 154.244173][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.244186][ T5896] ? irqentry_exit+0x74/0x90
[ 154.244198][ T5896] ? exc_page_fault+0x9f/0xf0
[ 154.244214][ T5896] ? netif_receive_skb+0x115/0x790
[ 154.244223][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.244235][ T5896] ? lock_acquire+0x5f/0x360
[ 154.244246][ T5896] __netif_receive_skb+0x72/0x380
[ 154.244265][ T5896] ? netif_receive_skb+0x115/0x790
[ 154.244274][ T5896] netif_receive_skb+0x1cb/0x790
[ 154.244284][ T5896] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 154.244297][ T5896] ? __pfx_netif_receive_skb+0x10/0x10
[ 154.244308][ T5896] ? __pfx__copy_from_iter+0x10/0x10
[ 154.244319][ T5896] ? sock_alloc_send_pskb+0x875/0x990
[ 154.244334][ T5896] ? tun_rx_batched+0x160/0x730
[ 154.244347][ T5896] tun_rx_batched+0x1b9/0x730
[ 154.244359][ T5896] ? skb_header_pointer+0x8e/0x120
[ 154.244375][ T5896] ? __pfx_tun_rx_batched+0x10/0x10
[ 154.244386][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 154.244397][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.244409][ T5896] ? lock_acquire+0x5f/0x360
[ 154.244418][ T5896] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 154.244433][ T5896] tun_get_user+0x298e/0x3ce0
[ 154.244445][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 154.244457][ T5896] ? aa_file_perm+0x11f/0xed0
[ 154.244467][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.244479][ T5896] ? lock_release+0x4b/0x3e0
[ 154.244490][ T5896] ? __pfx_tun_get_user+0x10/0x10
[ 154.244501][ T5896] ? aa_file_perm+0x3e7/0xed0
[ 154.244511][ T5896] ? __pfx_preempt_schedule+0x10/0x10
[ 154.244528][ T5896] ? ref_tracker_alloc+0x318/0x460
[ 154.244539][ T5896] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 154.244548][ T5896] ? futex_private_hash_put+0x23a/0x290
[ 154.244562][ T5896] ? tun_get+0x1c/0x2f0
[ 154.244571][ T5896] ? tun_get+0x1c/0x2f0
[ 154.244582][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.244592][ T5896] ? tun_get+0x1c/0x2f0
[ 154.244602][ T5896] ? lock_release+0x4b/0x3e0
[ 154.244613][ T5896] ? tun_get+0x1c/0x2f0
[ 154.244625][ T5896] tun_chr_write_iter+0x113/0x200
[ 154.244637][ T5896] vfs_write+0x54b/0xa90
[ 154.244651][ T5896] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 154.244662][ T5896] ? __pfx_vfs_write+0x10/0x10
[ 154.244676][ T5896] ? __fget_files+0x2a/0x420
[ 154.244692][ T5896] ksys_write+0x145/0x250
[ 154.244704][ T5896] ? __pfx_ksys_write+0x10/0x10
[ 154.244741][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.244755][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.244770][ T5896] do_syscall_64+0xfa/0x3b0
[ 154.244781][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.244792][ T5896] ? clear_bhb_loop+0x60/0xb0
[ 154.244803][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.244819][ T5896] RIP: 0033:0x7fca7018d3df
[ 154.244984][ T5896] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 154.244995][ T5896] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 154.245008][ T5896] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 154.245017][ T5896] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 154.245023][ T5896] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 154.245029][ T5896] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 154.245036][ T5896] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 154.245051][ T5896]
[ 154.245067][ T5896] BUG: Bad page state in process syz.0.18 pfn:11962
[ 154.444237][ T5896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888011962c00 pfn:0x11962
[ 154.448779][ T5896] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 154.451797][ T5896] raw: 00fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 154.455562][ T5896] raw: ffff888011962c00 0000000000000001 00000000ffffffff 0000000000000000
[ 154.459293][ T5896] page dumped because: page_pool leak
[ 154.461604][ T5896] page_owner tracks the page as allocated
[ 154.464068][ T5896] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5896, tgid 5895 (syz.0.18), ts 152994465987, free_ts 140093394514
[ 154.471518][ T5896] post_alloc_hook+0x240/0x2a0
[ 154.473664][ T5896] get_page_from_freelist+0x21e4/0x22c0
[ 154.476195][ T5896] __alloc_frozen_pages_noprof+0x181/0x370
[ 154.478783][ T5896] alloc_pages_bulk_noprof+0x560/0x710
[ 154.481133][ T5896] __page_pool_alloc_pages_slow+0x127/0x740
[ 154.483675][ T5896] skb_pp_cow_data+0xb47/0x13e0
[ 154.485809][ T5896] do_xdp_generic+0x699/0x11a0
[ 154.487848][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 154.490242][ T5896] __netif_receive_skb+0x72/0x380
[ 154.492362][ T5896] netif_receive_skb+0x1cb/0x790
[ 154.494663][ T5896] tun_rx_batched+0x1b9/0x730
[ 154.496831][ T5896] tun_get_user+0x298e/0x3ce0
[ 154.499013][ T5896] tun_chr_write_iter+0x113/0x200
[ 154.501253][ T5896] vfs_write+0x54b/0xa90
[ 154.503083][ T5896] ksys_write+0x145/0x250
[ 154.504966][ T5896] do_syscall_64+0xfa/0x3b0
[ 154.506969][ T5896] page last free pid 5765 tgid 5765 stack trace:
[ 154.509613][ T5896] __free_frozen_pages+0xc71/0xe70
[ 154.511722][ T5896] vfree+0x25a/0x400
[ 154.513513][ T5896] kcov_close+0x28/0x50
[ 154.515330][ T5896] __fput+0x449/0xa70
[ 154.517298][ T5896] task_work_run+0x1d1/0x260
[ 154.519387][ T5896] do_exit+0x6b5/0x22e0
[ 154.521269][ T5896] do_group_exit+0x21c/0x2d0
[ 154.523394][ T5896] get_signal+0x1286/0x1340
[ 154.525365][ T5896] arch_do_signal_or_restart+0x9a/0x750
[ 154.527782][ T5896] exit_to_user_mode_loop+0x75/0x110
[ 154.530055][ T5896] do_syscall_64+0x2bd/0x3b0
[ 154.532048][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.534547][ T5896] Modules linked in:
[ 154.536329][ T5896] CPU: 0 UID: 0 PID: 5896 Comm: syz.0.18 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 154.536345][ T5896] Tainted: [B]=BAD_PAGE
[ 154.536349][ T5896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 154.536356][ T5896] Call Trace:
[ 154.536362][ T5896]
[ 154.536368][ T5896] dump_stack_lvl+0x189/0x250
[ 154.536385][ T5896] ? __pfx_dump_stack_lvl+0x10/0x10
[ 154.536397][ T5896] ? __pfx_print_modules+0x10/0x10
[ 154.536410][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.536422][ T5896] bad_page+0x180/0x1c0
[ 154.536434][ T5896] __free_frozen_pages+0xe17/0xe70
[ 154.536449][ T5896] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 154.536467][ T5896] bpf_xdp_adjust_tail+0x1d6/0x220
[ 154.536481][ T5896] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 154.536490][ T5896] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 154.536512][ T5896] do_xdp_generic+0x9f7/0x11a0
[ 154.536528][ T5896] ? __pfx_do_xdp_generic+0x10/0x10
[ 154.536540][ T5896] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 154.536561][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 154.536572][ T5896] ? __up_read+0x280/0x680
[ 154.536586][ T5896] ? __pfx___up_read+0x10/0x10
[ 154.536598][ T5896] ? lock_release+0x4b/0x3e0
[ 154.536610][ T5896] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 154.536621][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.536634][ T5896] ? irqentry_exit+0x74/0x90
[ 154.536644][ T5896] ? exc_page_fault+0x9f/0xf0
[ 154.536658][ T5896] ? netif_receive_skb+0x115/0x790
[ 154.536666][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.536677][ T5896] ? lock_acquire+0x5f/0x360
[ 154.536687][ T5896] __netif_receive_skb+0x72/0x380
[ 154.536698][ T5896] ? netif_receive_skb+0x115/0x790
[ 154.536707][ T5896] netif_receive_skb+0x1cb/0x790
[ 154.536743][ T5896] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 154.536756][ T5896] ? __pfx_netif_receive_skb+0x10/0x10
[ 154.536765][ T5896] ? __pfx__copy_from_iter+0x10/0x10
[ 154.536775][ T5896] ? sock_alloc_send_pskb+0x875/0x990
[ 154.536789][ T5896] ? tun_rx_batched+0x160/0x730
[ 154.536800][ T5896] tun_rx_batched+0x1b9/0x730
[ 154.536809][ T5896] ? skb_header_pointer+0x8e/0x120
[ 154.536824][ T5896] ? __pfx_tun_rx_batched+0x10/0x10
[ 154.536834][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 154.536842][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.536853][ T5896] ? lock_acquire+0x5f/0x360
[ 154.536862][ T5896] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 154.536875][ T5896] tun_get_user+0x298e/0x3ce0
[ 154.536886][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 154.536897][ T5896] ? aa_file_perm+0x11f/0xed0
[ 154.536907][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.536918][ T5896] ? lock_release+0x4b/0x3e0
[ 154.536928][ T5896] ? __pfx_tun_get_user+0x10/0x10
[ 154.536938][ T5896] ? aa_file_perm+0x3e7/0xed0
[ 154.536956][ T5896] ? __pfx_preempt_schedule+0x10/0x10
[ 154.536972][ T5896] ? ref_tracker_alloc+0x318/0x460
[ 154.536983][ T5896] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 154.536991][ T5896] ? futex_private_hash_put+0x23a/0x290
[ 154.537004][ T5896] ? tun_get+0x1c/0x2f0
[ 154.537012][ T5896] ? tun_get+0x1c/0x2f0
[ 154.537021][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.537032][ T5896] ? tun_get+0x1c/0x2f0
[ 154.537040][ T5896] ? lock_release+0x4b/0x3e0
[ 154.537050][ T5896] ? tun_get+0x1c/0x2f0
[ 154.537061][ T5896] tun_chr_write_iter+0x113/0x200
[ 154.537072][ T5896] vfs_write+0x54b/0xa90
[ 154.537086][ T5896] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 154.537097][ T5896] ? __pfx_vfs_write+0x10/0x10
[ 154.537111][ T5896] ? __fget_files+0x2a/0x420
[ 154.537126][ T5896] ksys_write+0x145/0x250
[ 154.537138][ T5896] ? __pfx_ksys_write+0x10/0x10
[ 154.537148][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.537160][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.537172][ T5896] do_syscall_64+0xfa/0x3b0
[ 154.537183][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.537193][ T5896] ? clear_bhb_loop+0x60/0xb0
[ 154.537203][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.537213][ T5896] RIP: 0033:0x7fca7018d3df
[ 154.537223][ T5896] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 154.537233][ T5896] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 154.537245][ T5896] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 154.537252][ T5896] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 154.537259][ T5896] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 154.537265][ T5896] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 154.537271][ T5896] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 154.537280][ T5896]
[ 154.537289][ T5896] BUG: Bad page state in process syz.0.18 pfn:11963
[ 154.737513][ T5896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888011963dc0 pfn:0x11963
[ 154.741842][ T5896] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 154.744919][ T5896] raw: 00fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 154.748778][ T5896] raw: ffff888011963dc0 0000000000000001 00000000ffffffff 0000000000000000
[ 154.752611][ T5896] page dumped because: page_pool leak
[ 154.754865][ T5896] page_owner tracks the page as allocated
[ 154.757401][ T5896] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5896, tgid 5895 (syz.0.18), ts 152994458857, free_ts 140093403519
[ 154.764381][ T5896] post_alloc_hook+0x240/0x2a0
[ 154.766581][ T5896] get_page_from_freelist+0x21e4/0x22c0
[ 154.768904][ T5896] __alloc_frozen_pages_noprof+0x181/0x370
[ 154.771335][ T5896] alloc_pages_bulk_noprof+0x560/0x710
[ 154.773815][ T5896] __page_pool_alloc_pages_slow+0x127/0x740
[ 154.776368][ T5896] skb_pp_cow_data+0xb47/0x13e0
[ 154.778433][ T5896] do_xdp_generic+0x699/0x11a0
[ 154.780503][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 154.782965][ T5896] __netif_receive_skb+0x72/0x380
[ 154.785136][ T5896] netif_receive_skb+0x1cb/0x790
[ 154.787352][ T5896] tun_rx_batched+0x1b9/0x730
[ 154.789237][ T5896] tun_get_user+0x298e/0x3ce0
[ 154.791255][ T5896] tun_chr_write_iter+0x113/0x200
[ 154.793467][ T5896] vfs_write+0x54b/0xa90
[ 154.795265][ T5896] ksys_write+0x145/0x250
[ 154.797227][ T5896] do_syscall_64+0xfa/0x3b0
[ 154.799171][ T5896] page last free pid 5765 tgid 5765 stack trace:
[ 154.801813][ T5896] __free_frozen_pages+0xc71/0xe70
[ 154.804016][ T5896] vfree+0x25a/0x400
[ 154.805776][ T5896] kcov_close+0x28/0x50
[ 154.807553][ T5896] __fput+0x449/0xa70
[ 154.809629][ T5896] task_work_run+0x1d1/0x260
[ 154.812226][ T5896] do_exit+0x6b5/0x22e0
[ 154.814213][ T5896] do_group_exit+0x21c/0x2d0
[ 154.816479][ T5896] get_signal+0x1286/0x1340
[ 154.818396][ T5896] arch_do_signal_or_restart+0x9a/0x750
[ 154.820731][ T5896] exit_to_user_mode_loop+0x75/0x110
[ 154.822951][ T5896] do_syscall_64+0x2bd/0x3b0
[ 154.824915][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.827443][ T5896] Modules linked in:
[ 154.829141][ T5896] CPU: 0 UID: 0 PID: 5896 Comm: syz.0.18 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 154.829159][ T5896] Tainted: [B]=BAD_PAGE
[ 154.829163][ T5896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 154.829169][ T5896] Call Trace:
[ 154.829176][ T5896]
[ 154.829182][ T5896] dump_stack_lvl+0x189/0x250
[ 154.829197][ T5896] ? __pfx_dump_stack_lvl+0x10/0x10
[ 154.829209][ T5896] ? __pfx_print_modules+0x10/0x10
[ 154.829223][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.829234][ T5896] bad_page+0x180/0x1c0
[ 154.829245][ T5896] __free_frozen_pages+0xe17/0xe70
[ 154.829262][ T5896] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 154.829287][ T5896] bpf_xdp_adjust_tail+0x1d6/0x220
[ 154.829301][ T5896] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 154.829310][ T5896] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 154.829332][ T5896] do_xdp_generic+0x9f7/0x11a0
[ 154.829348][ T5896] ? __pfx_do_xdp_generic+0x10/0x10
[ 154.829362][ T5896] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 154.829381][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 154.829392][ T5896] ? __up_read+0x280/0x680
[ 154.829405][ T5896] ? __pfx___up_read+0x10/0x10
[ 154.829417][ T5896] ? lock_release+0x4b/0x3e0
[ 154.829429][ T5896] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 154.829440][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.829452][ T5896] ? irqentry_exit+0x74/0x90
[ 154.829461][ T5896] ? exc_page_fault+0x9f/0xf0
[ 154.829475][ T5896] ? netif_receive_skb+0x115/0x790
[ 154.829483][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.829494][ T5896] ? lock_acquire+0x5f/0x360
[ 154.829503][ T5896] __netif_receive_skb+0x72/0x380
[ 154.829514][ T5896] ? netif_receive_skb+0x115/0x790
[ 154.829522][ T5896] netif_receive_skb+0x1cb/0x790
[ 154.829531][ T5896] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 154.829543][ T5896] ? __pfx_netif_receive_skb+0x10/0x10
[ 154.829552][ T5896] ? __pfx__copy_from_iter+0x10/0x10
[ 154.829562][ T5896] ? sock_alloc_send_pskb+0x875/0x990
[ 154.829577][ T5896] ? tun_rx_batched+0x160/0x730
[ 154.829589][ T5896] tun_rx_batched+0x1b9/0x730
[ 154.829599][ T5896] ? skb_header_pointer+0x8e/0x120
[ 154.829615][ T5896] ? __pfx_tun_rx_batched+0x10/0x10
[ 154.829625][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 154.829635][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.829645][ T5896] ? lock_acquire+0x5f/0x360
[ 154.829655][ T5896] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 154.829667][ T5896] tun_get_user+0x298e/0x3ce0
[ 154.829678][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 154.829688][ T5896] ? aa_file_perm+0x11f/0xed0
[ 154.829699][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.829709][ T5896] ? lock_release+0x4b/0x3e0
[ 154.829720][ T5896] ? __pfx_tun_get_user+0x10/0x10
[ 154.829730][ T5896] ? aa_file_perm+0x3e7/0xed0
[ 154.829739][ T5896] ? __pfx_preempt_schedule+0x10/0x10
[ 154.829755][ T5896] ? ref_tracker_alloc+0x318/0x460
[ 154.829766][ T5896] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 154.829773][ T5896] ? futex_private_hash_put+0x23a/0x290
[ 154.829784][ T5896] ? tun_get+0x1c/0x2f0
[ 154.829794][ T5896] ? tun_get+0x1c/0x2f0
[ 154.829802][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.829812][ T5896] ? tun_get+0x1c/0x2f0
[ 154.829821][ T5896] ? lock_release+0x4b/0x3e0
[ 154.829831][ T5896] ? tun_get+0x1c/0x2f0
[ 154.829842][ T5896] tun_chr_write_iter+0x113/0x200
[ 154.829853][ T5896] vfs_write+0x54b/0xa90
[ 154.829865][ T5896] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 154.829875][ T5896] ? __pfx_vfs_write+0x10/0x10
[ 154.829888][ T5896] ? __fget_files+0x2a/0x420
[ 154.829903][ T5896] ksys_write+0x145/0x250
[ 154.829915][ T5896] ? __pfx_ksys_write+0x10/0x10
[ 154.829925][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.829936][ T5896] ? rcu_is_watching+0x15/0xb0
[ 154.829948][ T5896] do_syscall_64+0xfa/0x3b0
[ 154.829959][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.829968][ T5896] ? clear_bhb_loop+0x60/0xb0
[ 154.829979][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.829989][ T5896] RIP: 0033:0x7fca7018d3df
[ 154.829998][ T5896] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 154.830007][ T5896] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 154.830020][ T5896] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 154.830028][ T5896] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 154.830034][ T5896] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 154.830039][ T5896] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 154.830044][ T5896] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 154.830055][ T5896]
[ 154.830064][ T5896] BUG: Bad page state in process syz.0.18 pfn:118c4
[ 155.029131][ T5896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880362d0000 pfn:0x118c4
[ 155.033463][ T5896] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 155.036491][ T5896] raw: 00fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 155.040061][ T5896] raw: ffff8880362d0000 0000000000000001 00000000ffffffff 0000000000000000
[ 155.043663][ T5896] page dumped because: page_pool leak
[ 155.045953][ T5896] page_owner tracks the page as allocated
[ 155.048287][ T5896] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5896, tgid 5895 (syz.0.18), ts 152994451816, free_ts 140093414629
[ 155.055157][ T5896] post_alloc_hook+0x240/0x2a0
[ 155.057241][ T5896] get_page_from_freelist+0x21e4/0x22c0
[ 155.059537][ T5896] __alloc_frozen_pages_noprof+0x181/0x370
[ 155.062055][ T5896] alloc_pages_bulk_noprof+0x560/0x710
[ 155.064357][ T5896] __page_pool_alloc_pages_slow+0x127/0x740
[ 155.067077][ T5896] skb_pp_cow_data+0xb47/0x13e0
[ 155.069238][ T5896] do_xdp_generic+0x699/0x11a0
[ 155.071259][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 155.073626][ T5896] __netif_receive_skb+0x72/0x380
[ 155.075919][ T5896] netif_receive_skb+0x1cb/0x790
[ 155.077978][ T5896] tun_rx_batched+0x1b9/0x730
[ 155.079908][ T5896] tun_get_user+0x298e/0x3ce0
[ 155.081890][ T5896] tun_chr_write_iter+0x113/0x200
[ 155.084014][ T5896] vfs_write+0x54b/0xa90
[ 155.085983][ T5896] ksys_write+0x145/0x250
[ 155.088013][ T5896] do_syscall_64+0xfa/0x3b0
[ 155.089990][ T5896] page last free pid 5765 tgid 5765 stack trace:
[ 155.092614][ T5896] __free_frozen_pages+0xc71/0xe70
[ 155.094806][ T5896] vfree+0x25a/0x400
[ 155.096541][ T5896] kcov_close+0x28/0x50
[ 155.098751][ T5896] __fput+0x449/0xa70
[ 155.100963][ T5896] task_work_run+0x1d1/0x260
[ 155.102959][ T5896] do_exit+0x6b5/0x22e0
[ 155.104690][ T5896] do_group_exit+0x21c/0x2d0
[ 155.106770][ T5896] get_signal+0x1286/0x1340
[ 155.108702][ T5896] arch_do_signal_or_restart+0x9a/0x750
[ 155.111118][ T5896] exit_to_user_mode_loop+0x75/0x110
[ 155.113399][ T5896] do_syscall_64+0x2bd/0x3b0
[ 155.115414][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.118018][ T5896] Modules linked in:
[ 155.119768][ T5896] CPU: 0 UID: 0 PID: 5896 Comm: syz.0.18 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 155.119786][ T5896] Tainted: [B]=BAD_PAGE
[ 155.119790][ T5896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 155.119797][ T5896] Call Trace:
[ 155.119804][ T5896]
[ 155.119810][ T5896] dump_stack_lvl+0x189/0x250
[ 155.119826][ T5896] ? __pfx_dump_stack_lvl+0x10/0x10
[ 155.119838][ T5896] ? __pfx_print_modules+0x10/0x10
[ 155.119852][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.119864][ T5896] bad_page+0x180/0x1c0
[ 155.119877][ T5896] __free_frozen_pages+0xe17/0xe70
[ 155.119893][ T5896] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 155.119914][ T5896] bpf_xdp_adjust_tail+0x1d6/0x220
[ 155.119928][ T5896] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 155.119947][ T5896] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 155.119970][ T5896] do_xdp_generic+0x9f7/0x11a0
[ 155.119987][ T5896] ? __pfx_do_xdp_generic+0x10/0x10
[ 155.120001][ T5896] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 155.120022][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 155.120034][ T5896] ? __up_read+0x280/0x680
[ 155.120049][ T5896] ? __pfx___up_read+0x10/0x10
[ 155.120060][ T5896] ? lock_release+0x4b/0x3e0
[ 155.120072][ T5896] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 155.120082][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.120095][ T5896] ? irqentry_exit+0x74/0x90
[ 155.120103][ T5896] ? exc_page_fault+0x9f/0xf0
[ 155.120118][ T5896] ? netif_receive_skb+0x115/0x790
[ 155.120127][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.120137][ T5896] ? lock_acquire+0x5f/0x360
[ 155.120147][ T5896] __netif_receive_skb+0x72/0x380
[ 155.120159][ T5896] ? netif_receive_skb+0x115/0x790
[ 155.120168][ T5896] netif_receive_skb+0x1cb/0x790
[ 155.120178][ T5896] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 155.120189][ T5896] ? __pfx_netif_receive_skb+0x10/0x10
[ 155.120197][ T5896] ? __pfx__copy_from_iter+0x10/0x10
[ 155.120208][ T5896] ? sock_alloc_send_pskb+0x875/0x990
[ 155.120225][ T5896] ? tun_rx_batched+0x160/0x730
[ 155.120236][ T5896] tun_rx_batched+0x1b9/0x730
[ 155.120246][ T5896] ? skb_header_pointer+0x8e/0x120
[ 155.120262][ T5896] ? __pfx_tun_rx_batched+0x10/0x10
[ 155.120273][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 155.120283][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.120295][ T5896] ? lock_acquire+0x5f/0x360
[ 155.120303][ T5896] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 155.120316][ T5896] tun_get_user+0x298e/0x3ce0
[ 155.120328][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 155.120338][ T5896] ? aa_file_perm+0x11f/0xed0
[ 155.120349][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.120361][ T5896] ? lock_release+0x4b/0x3e0
[ 155.120372][ T5896] ? __pfx_tun_get_user+0x10/0x10
[ 155.120382][ T5896] ? aa_file_perm+0x3e7/0xed0
[ 155.120389][ T5896] ? __pfx_preempt_schedule+0x10/0x10
[ 155.120401][ T5896] ? ref_tracker_alloc+0x318/0x460
[ 155.120410][ T5896] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 155.120418][ T5896] ? futex_private_hash_put+0x23a/0x290
[ 155.120431][ T5896] ? tun_get+0x1c/0x2f0
[ 155.120440][ T5896] ? tun_get+0x1c/0x2f0
[ 155.120449][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.120460][ T5896] ? tun_get+0x1c/0x2f0
[ 155.120469][ T5896] ? lock_release+0x4b/0x3e0
[ 155.120480][ T5896] ? tun_get+0x1c/0x2f0
[ 155.120491][ T5896] tun_chr_write_iter+0x113/0x200
[ 155.120502][ T5896] vfs_write+0x54b/0xa90
[ 155.120515][ T5896] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 155.120526][ T5896] ? __pfx_vfs_write+0x10/0x10
[ 155.120540][ T5896] ? __fget_files+0x2a/0x420
[ 155.120555][ T5896] ksys_write+0x145/0x250
[ 155.120567][ T5896] ? __pfx_ksys_write+0x10/0x10
[ 155.120577][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.120589][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.120602][ T5896] do_syscall_64+0xfa/0x3b0
[ 155.120614][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.120624][ T5896] ? clear_bhb_loop+0x60/0xb0
[ 155.120635][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.120645][ T5896] RIP: 0033:0x7fca7018d3df
[ 155.120655][ T5896] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 155.120665][ T5896] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 155.120677][ T5896] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 155.120685][ T5896] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 155.120692][ T5896] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 155.120698][ T5896] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 155.120738][ T5896] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 155.120751][ T5896]
[ 155.120759][ T5896] BUG: Bad page state in process syz.0.18 pfn:118c5
[ 155.324344][ T5896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880118c5400 pfn:0x118c5
[ 155.328523][ T5896] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 155.331494][ T5896] raw: 00fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 155.335535][ T5896] raw: ffff8880118c5400 0000000000000001 00000000ffffffff 0000000000000000
[ 155.339288][ T5896] page dumped because: page_pool leak
[ 155.341532][ T5896] page_owner tracks the page as allocated
[ 155.343943][ T5896] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5896, tgid 5895 (syz.0.18), ts 152994444054, free_ts 140093424629
[ 155.350792][ T5896] post_alloc_hook+0x240/0x2a0
[ 155.352822][ T5896] get_page_from_freelist+0x21e4/0x22c0
[ 155.355563][ T5896] __alloc_frozen_pages_noprof+0x181/0x370
[ 155.358319][ T5896] alloc_pages_bulk_noprof+0x560/0x710
[ 155.360674][ T5896] __page_pool_alloc_pages_slow+0x127/0x740
[ 155.363257][ T5896] skb_pp_cow_data+0xb47/0x13e0
[ 155.365337][ T5896] do_xdp_generic+0x699/0x11a0
[ 155.367471][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 155.369974][ T5896] __netif_receive_skb+0x72/0x380
[ 155.372226][ T5896] netif_receive_skb+0x1cb/0x790
[ 155.374427][ T5896] tun_rx_batched+0x1b9/0x730
[ 155.376543][ T5896] tun_get_user+0x298e/0x3ce0
[ 155.378523][ T5896] tun_chr_write_iter+0x113/0x200
[ 155.380583][ T5896] vfs_write+0x54b/0xa90
[ 155.382384][ T5896] ksys_write+0x145/0x250
[ 155.384348][ T5896] do_syscall_64+0xfa/0x3b0
[ 155.386386][ T5896] page last free pid 5765 tgid 5765 stack trace:
[ 155.389472][ T5896] __free_frozen_pages+0xc71/0xe70
[ 155.391634][ T5896] vfree+0x25a/0x400
[ 155.393355][ T5896] kcov_close+0x28/0x50
[ 155.395155][ T5896] __fput+0x449/0xa70
[ 155.396980][ T5896] task_work_run+0x1d1/0x260
[ 155.399179][ T5896] do_exit+0x6b5/0x22e0
[ 155.401122][ T5896] do_group_exit+0x21c/0x2d0
[ 155.403180][ T5896] get_signal+0x1286/0x1340
[ 155.405073][ T5896] arch_do_signal_or_restart+0x9a/0x750
[ 155.407447][ T5896] exit_to_user_mode_loop+0x75/0x110
[ 155.409661][ T5896] do_syscall_64+0x2bd/0x3b0
[ 155.411606][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.414064][ T5896] Modules linked in:
[ 155.415840][ T5896] CPU: 0 UID: 0 PID: 5896 Comm: syz.0.18 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 155.415857][ T5896] Tainted: [B]=BAD_PAGE
[ 155.415861][ T5896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 155.415867][ T5896] Call Trace:
[ 155.415876][ T5896]
[ 155.415882][ T5896] dump_stack_lvl+0x189/0x250
[ 155.415898][ T5896] ? __pfx_dump_stack_lvl+0x10/0x10
[ 155.415909][ T5896] ? __pfx_print_modules+0x10/0x10
[ 155.415922][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.415934][ T5896] bad_page+0x180/0x1c0
[ 155.415946][ T5896] __free_frozen_pages+0xe17/0xe70
[ 155.416010][ T5896] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 155.416031][ T5896] bpf_xdp_adjust_tail+0x1d6/0x220
[ 155.416044][ T5896] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 155.416053][ T5896] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 155.416080][ T5896] do_xdp_generic+0x9f7/0x11a0
[ 155.416096][ T5896] ? __pfx_do_xdp_generic+0x10/0x10
[ 155.416109][ T5896] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 155.416130][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 155.416140][ T5896] ? __up_read+0x280/0x680
[ 155.416154][ T5896] ? __pfx___up_read+0x10/0x10
[ 155.416165][ T5896] ? lock_release+0x4b/0x3e0
[ 155.416177][ T5896] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 155.416187][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.416199][ T5896] ? irqentry_exit+0x74/0x90
[ 155.416213][ T5896] ? exc_page_fault+0x9f/0xf0
[ 155.416234][ T5896] ? netif_receive_skb+0x115/0x790
[ 155.416243][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.416254][ T5896] ? lock_acquire+0x5f/0x360
[ 155.416264][ T5896] __netif_receive_skb+0x72/0x380
[ 155.416276][ T5896] ? netif_receive_skb+0x115/0x790
[ 155.416285][ T5896] netif_receive_skb+0x1cb/0x790
[ 155.416293][ T5896] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 155.416304][ T5896] ? __pfx_netif_receive_skb+0x10/0x10
[ 155.416313][ T5896] ? __pfx__copy_from_iter+0x10/0x10
[ 155.416322][ T5896] ? sock_alloc_send_pskb+0x875/0x990
[ 155.416337][ T5896] ? tun_rx_batched+0x160/0x730
[ 155.416350][ T5896] tun_rx_batched+0x1b9/0x730
[ 155.416359][ T5896] ? skb_header_pointer+0x8e/0x120
[ 155.416374][ T5896] ? __pfx_tun_rx_batched+0x10/0x10
[ 155.416385][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 155.416394][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.416406][ T5896] ? lock_acquire+0x5f/0x360
[ 155.416415][ T5896] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 155.416429][ T5896] tun_get_user+0x298e/0x3ce0
[ 155.416439][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 155.416449][ T5896] ? aa_file_perm+0x11f/0xed0
[ 155.416460][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.416471][ T5896] ? lock_release+0x4b/0x3e0
[ 155.416482][ T5896] ? __pfx_tun_get_user+0x10/0x10
[ 155.416493][ T5896] ? aa_file_perm+0x3e7/0xed0
[ 155.416500][ T5896] ? __pfx_preempt_schedule+0x10/0x10
[ 155.416517][ T5896] ? ref_tracker_alloc+0x318/0x460
[ 155.416527][ T5896] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 155.416535][ T5896] ? futex_private_hash_put+0x23a/0x290
[ 155.416547][ T5896] ? tun_get+0x1c/0x2f0
[ 155.416558][ T5896] ? tun_get+0x1c/0x2f0
[ 155.416567][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.416578][ T5896] ? tun_get+0x1c/0x2f0
[ 155.416587][ T5896] ? lock_release+0x4b/0x3e0
[ 155.416597][ T5896] ? tun_get+0x1c/0x2f0
[ 155.416607][ T5896] tun_chr_write_iter+0x113/0x200
[ 155.416618][ T5896] vfs_write+0x54b/0xa90
[ 155.416632][ T5896] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 155.416643][ T5896] ? __pfx_vfs_write+0x10/0x10
[ 155.416655][ T5896] ? __fget_files+0x2a/0x420
[ 155.416672][ T5896] ksys_write+0x145/0x250
[ 155.416684][ T5896] ? __pfx_ksys_write+0x10/0x10
[ 155.416696][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.416739][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.416750][ T5896] do_syscall_64+0xfa/0x3b0
[ 155.416761][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.416772][ T5896] ? clear_bhb_loop+0x60/0xb0
[ 155.416783][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.416792][ T5896] RIP: 0033:0x7fca7018d3df
[ 155.416814][ T5896] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 155.416824][ T5896] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 155.416836][ T5896] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 155.416843][ T5896] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 155.416849][ T5896] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 155.416856][ T5896] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 155.416863][ T5896] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 155.416873][ T5896]
[ 155.416919][ T5896] BUG: Bad page state in process syz.0.18 pfn:11710
[ 155.615309][ T5896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888011710f50 pfn:0x11710
[ 155.619640][ T5896] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 155.622618][ T5896] raw: 00fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 155.626483][ T5896] raw: ffff888011710f50 0000000000000001 00000000ffffffff 0000000000000000
[ 155.630033][ T5896] page dumped because: page_pool leak
[ 155.632263][ T5896] page_owner tracks the page as allocated
[ 155.634540][ T5896] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5896, tgid 5895 (syz.0.18), ts 152994436563, free_ts 152993702990
[ 155.641565][ T5896] post_alloc_hook+0x240/0x2a0
[ 155.643626][ T5896] get_page_from_freelist+0x21e4/0x22c0
[ 155.646033][ T5896] __alloc_frozen_pages_noprof+0x181/0x370
[ 155.648482][ T5896] alloc_pages_bulk_noprof+0x560/0x710
[ 155.650750][ T5896] __page_pool_alloc_pages_slow+0x127/0x740
[ 155.653319][ T5896] skb_pp_cow_data+0xb47/0x13e0
[ 155.655390][ T5896] do_xdp_generic+0x699/0x11a0
[ 155.657464][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 155.659797][ T5896] __netif_receive_skb+0x72/0x380
[ 155.661980][ T5896] netif_receive_skb+0x1cb/0x790
[ 155.664258][ T5896] tun_rx_batched+0x1b9/0x730
[ 155.666467][ T5896] tun_get_user+0x298e/0x3ce0
[ 155.668551][ T5896] tun_chr_write_iter+0x113/0x200
[ 155.670665][ T5896] vfs_write+0x54b/0xa90
[ 155.672486][ T5896] ksys_write+0x145/0x250
[ 155.674358][ T5896] do_syscall_64+0xfa/0x3b0
[ 155.676312][ T5896] page last free pid 5896 tgid 5895 stack trace:
[ 155.679005][ T5896] __free_frozen_pages+0xc71/0xe70
[ 155.681193][ T5896] kasan_populate_vmalloc+0x118/0x1a0
[ 155.683548][ T5896] alloc_vmap_area+0xd51/0x1490
[ 155.685785][ T5896] __get_vm_area_node+0x1f8/0x300
[ 155.687957][ T5896] __vmalloc_node_range_noprof+0x301/0x12f0
[ 155.690444][ T5896] vmalloc_noprof+0xb2/0xf0
[ 155.692340][ T5896] bpf_prog_calc_tag+0xb9/0x620
[ 155.694430][ T5896] resolve_pseudo_ldimm64+0xbc/0xc60
[ 155.696643][ T5896] bpf_check+0x1c0f/0x19c60
[ 155.698572][ T5896] bpf_prog_load+0x1318/0x1930
[ 155.700543][ T5896] __sys_bpf+0x5f1/0x860
[ 155.702425][ T5896] __x64_sys_bpf+0x7c/0x90
[ 155.704368][ T5896] do_syscall_64+0xfa/0x3b0
[ 155.706365][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.708909][ T5896] Modules linked in:
[ 155.710570][ T5896] CPU: 0 UID: 0 PID: 5896 Comm: syz.0.18 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 155.710587][ T5896] Tainted: [B]=BAD_PAGE
[ 155.710591][ T5896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 155.710598][ T5896] Call Trace:
[ 155.710605][ T5896]
[ 155.710611][ T5896] dump_stack_lvl+0x189/0x250
[ 155.710627][ T5896] ? __pfx_dump_stack_lvl+0x10/0x10
[ 155.710638][ T5896] ? __pfx_print_modules+0x10/0x10
[ 155.710653][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.710664][ T5896] bad_page+0x180/0x1c0
[ 155.710675][ T5896] __free_frozen_pages+0xe17/0xe70
[ 155.710691][ T5896] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 155.710712][ T5896] bpf_xdp_adjust_tail+0x1d6/0x220
[ 155.710725][ T5896] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 155.710734][ T5896] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 155.710757][ T5896] do_xdp_generic+0x9f7/0x11a0
[ 155.710774][ T5896] ? __pfx_do_xdp_generic+0x10/0x10
[ 155.710788][ T5896] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 155.710808][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 155.710819][ T5896] ? __up_read+0x280/0x680
[ 155.710832][ T5896] ? __pfx___up_read+0x10/0x10
[ 155.710844][ T5896] ? lock_release+0x4b/0x3e0
[ 155.710857][ T5896] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 155.710869][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.710882][ T5896] ? irqentry_exit+0x74/0x90
[ 155.710895][ T5896] ? exc_page_fault+0x9f/0xf0
[ 155.710912][ T5896] ? netif_receive_skb+0x115/0x790
[ 155.710922][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.710932][ T5896] ? lock_acquire+0x5f/0x360
[ 155.710942][ T5896] __netif_receive_skb+0x72/0x380
[ 155.710953][ T5896] ? netif_receive_skb+0x115/0x790
[ 155.710961][ T5896] netif_receive_skb+0x1cb/0x790
[ 155.710971][ T5896] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 155.710985][ T5896] ? __pfx_netif_receive_skb+0x10/0x10
[ 155.710995][ T5896] ? __pfx__copy_from_iter+0x10/0x10
[ 155.711006][ T5896] ? sock_alloc_send_pskb+0x875/0x990
[ 155.711023][ T5896] ? tun_rx_batched+0x160/0x730
[ 155.711037][ T5896] tun_rx_batched+0x1b9/0x730
[ 155.711047][ T5896] ? skb_header_pointer+0x8e/0x120
[ 155.711063][ T5896] ? __pfx_tun_rx_batched+0x10/0x10
[ 155.711072][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 155.711081][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.711093][ T5896] ? lock_acquire+0x5f/0x360
[ 155.711103][ T5896] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 155.711116][ T5896] tun_get_user+0x298e/0x3ce0
[ 155.711126][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 155.711135][ T5896] ? aa_file_perm+0x11f/0xed0
[ 155.711145][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.711155][ T5896] ? lock_release+0x4b/0x3e0
[ 155.711165][ T5896] ? __pfx_tun_get_user+0x10/0x10
[ 155.711174][ T5896] ? aa_file_perm+0x3e7/0xed0
[ 155.711183][ T5896] ? __pfx_preempt_schedule+0x10/0x10
[ 155.711201][ T5896] ? ref_tracker_alloc+0x318/0x460
[ 155.711223][ T5896] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 155.711232][ T5896] ? futex_private_hash_put+0x23a/0x290
[ 155.711247][ T5896] ? tun_get+0x1c/0x2f0
[ 155.711258][ T5896] ? tun_get+0x1c/0x2f0
[ 155.711268][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.711278][ T5896] ? tun_get+0x1c/0x2f0
[ 155.711288][ T5896] ? lock_release+0x4b/0x3e0
[ 155.711299][ T5896] ? tun_get+0x1c/0x2f0
[ 155.711311][ T5896] tun_chr_write_iter+0x113/0x200
[ 155.711323][ T5896] vfs_write+0x54b/0xa90
[ 155.711337][ T5896] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 155.711349][ T5896] ? __pfx_vfs_write+0x10/0x10
[ 155.711363][ T5896] ? __fget_files+0x2a/0x420
[ 155.711379][ T5896] ksys_write+0x145/0x250
[ 155.711391][ T5896] ? __pfx_ksys_write+0x10/0x10
[ 155.711402][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.711415][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.711427][ T5896] do_syscall_64+0xfa/0x3b0
[ 155.711439][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.711449][ T5896] ? clear_bhb_loop+0x60/0xb0
[ 155.711461][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.711471][ T5896] RIP: 0033:0x7fca7018d3df
[ 155.711482][ T5896] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 155.711491][ T5896] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 155.711504][ T5896] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 155.711513][ T5896] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 155.711520][ T5896] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 155.711528][ T5896] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 155.711535][ T5896] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 155.711546][ T5896]
[ 155.711554][ T5896] BUG: Bad page state in process syz.0.18 pfn:115f8
[ 155.908395][ T5896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115f8
[ 155.912352][ T5896] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 155.915269][ T5896] raw: 00fff00000000000 dead000000000040 ffff88801eed8000 0000000000000000
[ 155.918845][ T5896] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 155.922400][ T5896] page dumped because: page_pool leak
[ 155.924644][ T5896] page_owner tracks the page as allocated
[ 155.927139][ T5896] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5896, tgid 5895 (syz.0.18), ts 152994427728, free_ts 152993740587
[ 155.934035][ T5896] post_alloc_hook+0x240/0x2a0
[ 155.936179][ T5896] get_page_from_freelist+0x21e4/0x22c0
[ 155.938531][ T5896] __alloc_frozen_pages_noprof+0x181/0x370
[ 155.941295][ T5896] alloc_pages_bulk_noprof+0x560/0x710
[ 155.943718][ T5896] __page_pool_alloc_pages_slow+0x127/0x740
[ 155.946458][ T5896] skb_pp_cow_data+0xb47/0x13e0
[ 155.948534][ T5896] do_xdp_generic+0x699/0x11a0
[ 155.950594][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 155.953024][ T5896] __netif_receive_skb+0x72/0x380
[ 155.955170][ T5896] netif_receive_skb+0x1cb/0x790
[ 155.957386][ T5896] tun_rx_batched+0x1b9/0x730
[ 155.959397][ T5896] tun_get_user+0x298e/0x3ce0
[ 155.961425][ T5896] tun_chr_write_iter+0x113/0x200
[ 155.963708][ T5896] vfs_write+0x54b/0xa90
[ 155.965794][ T5896] ksys_write+0x145/0x250
[ 155.967724][ T5896] do_syscall_64+0xfa/0x3b0
[ 155.969696][ T5896] page last free pid 5896 tgid 5895 stack trace:
[ 155.972295][ T5896] __free_frozen_pages+0xc71/0xe70
[ 155.974550][ T5896] vfree+0x25a/0x400
[ 155.976301][ T5896] bpf_prog_calc_tag+0x55c/0x620
[ 155.978416][ T5896] resolve_pseudo_ldimm64+0xbc/0xc60
[ 155.980612][ T5896] bpf_check+0x1c0f/0x19c60
[ 155.982547][ T5896] bpf_prog_load+0x1318/0x1930
[ 155.984631][ T5896] __sys_bpf+0x5f1/0x860
[ 155.986623][ T5896] __x64_sys_bpf+0x7c/0x90
[ 155.988574][ T5896] do_syscall_64+0xfa/0x3b0
[ 155.990684][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.993261][ T5896] Modules linked in:
[ 155.994944][ T5896] CPU: 0 UID: 0 PID: 5896 Comm: syz.0.18 Tainted: G B 6.16.0-rc4-syzkaller-g05df91921da6 #0 PREEMPT(full)
[ 155.994956][ T5896] Tainted: [B]=BAD_PAGE
[ 155.994960][ T5896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 155.994967][ T5896] Call Trace:
[ 155.994975][ T5896]
[ 155.994980][ T5896] dump_stack_lvl+0x189/0x250
[ 155.995003][ T5896] ? __pfx_dump_stack_lvl+0x10/0x10
[ 155.995014][ T5896] ? __pfx_print_modules+0x10/0x10
[ 155.995029][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.995040][ T5896] bad_page+0x180/0x1c0
[ 155.995052][ T5896] __free_frozen_pages+0xe17/0xe70
[ 155.995068][ T5896] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 155.995087][ T5896] bpf_xdp_adjust_tail+0x1d6/0x220
[ 155.995101][ T5896] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 155.995111][ T5896] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 155.995132][ T5896] do_xdp_generic+0x9f7/0x11a0
[ 155.995149][ T5896] ? __pfx_do_xdp_generic+0x10/0x10
[ 155.995163][ T5896] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 155.995184][ T5896] __netif_receive_skb_core+0x1823/0x4180
[ 155.995195][ T5896] ? __up_read+0x280/0x680
[ 155.995208][ T5896] ? __pfx___up_read+0x10/0x10
[ 155.995219][ T5896] ? lock_release+0x4b/0x3e0
[ 155.995232][ T5896] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 155.995243][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.995255][ T5896] ? irqentry_exit+0x74/0x90
[ 155.995264][ T5896] ? exc_page_fault+0x9f/0xf0
[ 155.995280][ T5896] ? netif_receive_skb+0x115/0x790
[ 155.995289][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.995300][ T5896] ? lock_acquire+0x5f/0x360
[ 155.995311][ T5896] __netif_receive_skb+0x72/0x380
[ 155.995320][ T5896] ? netif_receive_skb+0x115/0x790
[ 155.995325][ T5896] netif_receive_skb+0x1cb/0x790
[ 155.995331][ T5896] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 155.995339][ T5896] ? __pfx_netif_receive_skb+0x10/0x10
[ 155.995345][ T5896] ? __pfx__copy_from_iter+0x10/0x10
[ 155.995352][ T5896] ? sock_alloc_send_pskb+0x875/0x990
[ 155.995366][ T5896] ? tun_rx_batched+0x160/0x730
[ 155.995381][ T5896] tun_rx_batched+0x1b9/0x730
[ 155.995390][ T5896] ? skb_header_pointer+0x8e/0x120
[ 155.995406][ T5896] ? __pfx_tun_rx_batched+0x10/0x10
[ 155.995418][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 155.995427][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.995437][ T5896] ? lock_acquire+0x5f/0x360
[ 155.995445][ T5896] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 155.995459][ T5896] tun_get_user+0x298e/0x3ce0
[ 155.995470][ T5896] ? tun_get_user+0x2549/0x3ce0
[ 155.995479][ T5896] ? aa_file_perm+0x11f/0xed0
[ 155.995489][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.995499][ T5896] ? lock_release+0x4b/0x3e0
[ 155.995509][ T5896] ? __pfx_tun_get_user+0x10/0x10
[ 155.995520][ T5896] ? aa_file_perm+0x3e7/0xed0
[ 155.995529][ T5896] ? __pfx_preempt_schedule+0x10/0x10
[ 155.995545][ T5896] ? ref_tracker_alloc+0x318/0x460
[ 155.995556][ T5896] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 155.995564][ T5896] ? futex_private_hash_put+0x23a/0x290
[ 155.995577][ T5896] ? tun_get+0x1c/0x2f0
[ 155.995585][ T5896] ? tun_get+0x1c/0x2f0
[ 155.995594][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.995603][ T5896] ? tun_get+0x1c/0x2f0
[ 155.995611][ T5896] ? lock_release+0x4b/0x3e0
[ 155.995620][ T5896] ? tun_get+0x1c/0x2f0
[ 155.995630][ T5896] tun_chr_write_iter+0x113/0x200
[ 155.995641][ T5896] vfs_write+0x54b/0xa90
[ 155.995653][ T5896] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 155.995689][ T5896] ? __pfx_vfs_write+0x10/0x10
[ 155.995703][ T5896] ? __fget_files+0x2a/0x420
[ 155.995718][ T5896] ksys_write+0x145/0x250
[ 155.995729][ T5896] ? __pfx_ksys_write+0x10/0x10
[ 155.995740][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.995752][ T5896] ? rcu_is_watching+0x15/0xb0
[ 155.995763][ T5896] do_syscall_64+0xfa/0x3b0
[ 155.995775][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.995784][ T5896] ? clear_bhb_loop+0x60/0xb0
[ 155.995794][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.995804][ T5896] RIP: 0033:0x7fca7018d3df
[ 155.995815][ T5896] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 155.995823][ T5896] RSP: 002b:00007fca6f3fe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 155.995835][ T5896] RAX: ffffffffffffffda RBX: 00007fca703b5fa0 RCX: 00007fca7018d3df
[ 155.995843][ T5896] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[ 155.995850][ T5896] RBP: 00007fca70210b39 R08: 0000000000000000 R09: 0000000000000000
[ 155.995856][ T5896] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 155.995862][ T5896] R13: 0000000000000000 R14: 00007fca703b5fa0 R15: 00007ffce3be7c68
[ 155.995873][ T5896]