Warning: Permanently added '10.128.1.171' (ED25519) to the list of known hosts.
2025/03/13 17:28:08 ignoring optional flag "sandboxArg"="0"
2025/03/13 17:28:08 parsed 1 programs
[  105.905079][ T6229] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  108.963280][ T6254] chnl_net:caif_netlink_parms(): no params data found
[  109.021314][ T6254] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.028631][ T6254] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.035790][ T6254] bridge_slave_0: entered allmulticast mode
[  109.043349][ T6254] bridge_slave_0: entered promiscuous mode
[  109.054446][ T6254] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.061725][ T6254] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.069052][ T6254] bridge_slave_1: entered allmulticast mode
[  109.075982][ T6254] bridge_slave_1: entered promiscuous mode
[  109.095574][ T6254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.107122][ T6254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.131819][ T6254] team0: Port device team_slave_0 added
[  109.139163][ T6254] team0: Port device team_slave_1 added
[  109.161930][ T6254] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.169546][ T6254] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.195948][ T6254] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.208400][ T6254] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.215363][ T6254] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.241401][ T6254] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.274422][ T6254] hsr_slave_0: entered promiscuous mode
[  109.280638][ T6254] hsr_slave_1: entered promiscuous mode
[  109.738200][ T6254] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  109.748170][ T6254] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  109.759537][ T6254] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  109.770493][ T6254] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  109.796210][ T6254] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.803564][ T6254] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.811839][ T6254] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.819020][ T6254] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.882347][ T6254] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.900955][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.910575][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.930432][ T6254] 8021q: adding VLAN 0 to HW filter on device team0
[  109.946838][ T1122] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.954047][ T1122] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.984435][ T1122] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.991625][ T1122] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.162104][ T6254] 8021q: adding VLAN 0 to HW filter on device batadv0
[  110.209599][ T6254] veth0_vlan: entered promiscuous mode
[  110.223257][ T6254] veth1_vlan: entered promiscuous mode
[  110.256504][ T6254] veth0_macvtap: entered promiscuous mode
[  110.270545][ T6254] veth1_macvtap: entered promiscuous mode
[  110.293160][ T6254] batman_adv: batadv0: Interface activated: batadv_slave_0
[  110.309862][ T6254] batman_adv: batadv0: Interface activated: batadv_slave_1
[  110.323419][ T6254] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.334752][ T6254] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.345019][ T6254] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.355755][ T6254] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.539914][ T1122] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.629561][ T1122] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.718714][ T1122] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.806691][ T1122] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.200825][ T5134] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  112.212536][ T5134] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  112.222342][ T5134] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  112.231804][ T5134] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  112.240495][ T5134] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  112.249683][ T5134] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  113.228451][ T1122] bridge_slave_1: left allmulticast mode
[  113.234159][ T1122] bridge_slave_1: left promiscuous mode
[  113.266428][ T1122] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.311025][ T1122] bridge_slave_0: left allmulticast mode
[  113.323452][ T1122] bridge_slave_0: left promiscuous mode
[  113.329721][ T1122] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.685945][ T1122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  113.697715][ T1122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  113.709550][ T1122] bond0 (unregistering): Released all slaves
[  113.824949][ T1122] hsr_slave_0: left promiscuous mode
[  113.831504][ T1122] hsr_slave_1: left promiscuous mode
[  113.838338][ T1122] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  113.845892][ T1122] batman_adv: batadv0: Removing interface: batadv_slave_0
[  113.854832][ T1122] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  113.862653][ T1122] batman_adv: batadv0: Removing interface: batadv_slave_1
[  113.881409][ T1122] veth1_macvtap: left promiscuous mode
[  113.888520][ T1122] veth0_macvtap: left promiscuous mode
[  113.894162][ T1122] veth1_vlan: left promiscuous mode
[  113.899981][ T1122] veth0_vlan: left promiscuous mode
[  114.322830][ T1122] team0 (unregistering): Port device team_slave_1 removed
[  114.360078][ T1122] team0 (unregistering): Port device team_slave_0 removed
[  114.767670][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.775608][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.827488][ T1002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.836147][ T1002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/03/13 17:28:21 executed programs: 0
[  114.989245][ T5134] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  114.999524][ T5134] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  115.008796][ T5134] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  115.020701][ T5134] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  115.028366][ T5134] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  115.035659][ T5134] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  115.506283][ T6511] chnl_net:caif_netlink_parms(): no params data found
[  115.663187][ T6511] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.670820][ T6511] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.680642][ T6511] bridge_slave_0: entered allmulticast mode
[  115.688657][ T6511] bridge_slave_0: entered promiscuous mode
[  115.736773][ T6511] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.745956][ T6511] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.754993][ T6511] bridge_slave_1: entered allmulticast mode
[  115.765142][ T6511] bridge_slave_1: entered promiscuous mode
[  115.841928][ T6511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  115.877471][ T6511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  115.915807][ T6511] team0: Port device team_slave_0 added
[  115.978908][ T6511] team0: Port device team_slave_1 added
[  116.012820][ T6511] batman_adv: batadv0: Adding interface: batadv_slave_0
[  116.022571][ T6511] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.048838][ T6511] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  116.062217][ T6511] batman_adv: batadv0: Adding interface: batadv_slave_1
[  116.069403][ T6511] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.095587][ T6511] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  116.143982][ T6511] hsr_slave_0: entered promiscuous mode
[  116.152687][ T6511] hsr_slave_1: entered promiscuous mode
[  116.662078][ T6511] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  116.672534][ T6511] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  116.684721][ T6511] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  116.696785][ T6511] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  116.780894][ T6511] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.809387][ T6511] 8021q: adding VLAN 0 to HW filter on device team0
[  116.825864][ T1122] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.833140][ T1122] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.864376][ T1122] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.871593][ T1122] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.906754][ T6511] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  117.063642][ T6511] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.077940][   T55] Bluetooth: hci0: command tx timeout
[  117.108842][ T6511] veth0_vlan: entered promiscuous mode
[  117.123659][ T6511] veth1_vlan: entered promiscuous mode
[  117.155575][ T6511] veth0_macvtap: entered promiscuous mode
[  117.171376][ T6511] veth1_macvtap: entered promiscuous mode
[  117.192243][ T6511] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.210045][ T6511] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.224073][ T6511] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.234537][ T6511] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.245209][ T6511] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.255029][ T6511] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.344531][ T1002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.364346][ T1002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.393218][ T1002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.403524][ T1002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.475077][ T6616] BUG: Bad page state in process syz.0.15  pfn:34164
[  117.482050][ T6616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888034164d90 pfn:0x34164
[  117.492327][ T6616] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  117.499576][ T6616] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  117.508227][ T6616] raw: ffff888034164d90 0000000000000001 00000000ffffffff 0000000000000000
[  117.516850][ T6616] page dumped because: page_pool leak
[  117.522309][ T6616] page_owner tracks the page as allocated
[  117.528295][ T6616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6616, tgid 6614 (syz.0.15), ts 117474981956, free_ts 117459551300
[  117.545230][ T6616]  post_alloc_hook+0x1f4/0x240
[  117.550087][ T6616]  get_page_from_freelist+0x3651/0x37a0
[  117.555684][ T6616]  __alloc_frozen_pages_noprof+0x292/0x710
[  117.561616][ T6616]  alloc_pages_bulk_noprof+0x847/0xae0
[  117.567162][ T6616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  117.573106][ T6616]  skb_pp_cow_data+0xcc8/0x1720
[  117.578041][ T6616]  do_xdp_generic+0x505/0xd30
[  117.582758][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  117.588560][ T6616]  __netif_receive_skb+0x12f/0x650
[  117.593718][ T6616]  netif_receive_skb+0x1e8/0x890
[  117.598737][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  117.603451][ T6616]  tun_get_user+0x30cd/0x48a0
[  117.608220][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  117.613278][ T6616]  vfs_write+0xacf/0xd10
[  117.617621][ T6616]  ksys_write+0x18f/0x2b0
[  117.621991][ T6616]  do_syscall_64+0xf3/0x230
[  117.626522][ T6616] page last free pid 5196 tgid 5196 stack trace:
[  117.633094][ T6616]  free_frozen_pages+0xe04/0x10e0
[  117.638190][ T6616]  __slab_free+0x2c2/0x380
[  117.642630][ T6616]  qlist_free_all+0x9a/0x140
[  117.647281][ T6616]  kasan_quarantine_reduce+0x14f/0x170
[  117.652776][ T6616]  __kasan_slab_alloc+0x23/0x80
[  117.657805][ T6616]  __kmalloc_cache_noprof+0x1d9/0x390
[  117.663216][ T6616]  kernfs_fop_open+0x3e0/0xd10
[  117.668333][ T6616]  do_dentry_open+0xdec/0x1960
[  117.673136][ T6616]  vfs_open+0x3b/0x370
[  117.677317][ T6616]  path_openat+0x2c81/0x3590
[  117.681948][ T6616]  do_filp_open+0x27f/0x4e0
[  117.686489][ T6616]  do_sys_openat2+0x13e/0x1d0
[  117.691300][ T6616]  __x64_sys_openat+0x247/0x2a0
[  117.696288][ T6616]  do_syscall_64+0xf3/0x230
[  117.700886][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.706815][ T6616] Modules linked in:
[  117.710813][ T6616] CPU: 0 UID: 0 PID: 6616 Comm: syz.0.15 Not tainted 6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  117.710836][ T6616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  117.710849][ T6616] Call Trace:
[  117.710855][ T6616]  <TASK>
[  117.710863][ T6616]  dump_stack_lvl+0x241/0x360
[  117.710889][ T6616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.710906][ T6616]  ? __pfx_print_modules+0x10/0x10
[  117.710940][ T6616]  bad_page+0x176/0x1d0
[  117.710964][ T6616]  free_frozen_pages+0x1079/0x10e0
[  117.710993][ T6616]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  117.711027][ T6616]  bpf_xdp_adjust_tail+0x1c6/0x210
[  117.711054][ T6616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  117.711075][ T6616]  bpf_prog_run_generic_xdp+0x686/0x1510
[  117.711118][ T6616]  do_xdp_generic+0x757/0xd30
[  117.711145][ T6616]  ? __pfx_do_xdp_generic+0x10/0x10
[  117.711174][ T6616]  ? __skb_flow_dissect+0x25f/0x7af0
[  117.711213][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  117.711260][ T6616]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  117.711288][ T6616]  ? mark_lock+0x9a/0x360
[  117.711309][ T6616]  ? __pfx___skb_flow_dissect+0x10/0x10
[  117.711328][ T6616]  ? __lock_acquire+0x1397/0x2100
[  117.711369][ T6616]  __netif_receive_skb+0x12f/0x650
[  117.711391][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  117.711411][ T6616]  ? __pfx___netif_receive_skb+0x10/0x10
[  117.711450][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  117.711467][ T6616]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  117.711494][ T6616]  ? netif_receive_skb+0x131/0x890
[  117.711513][ T6616]  ? netif_receive_skb+0x131/0x890
[  117.711534][ T6616]  netif_receive_skb+0x1e8/0x890
[  117.711554][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  117.711571][ T6616]  ? __pfx_netif_receive_skb+0x10/0x10
[  117.711603][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  117.711620][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  117.711637][ T6616]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  117.711660][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  117.711680][ T6616]  ? __pfx_tun_rx_batched+0x10/0x10
[  117.711712][ T6616]  tun_get_user+0x30cd/0x48a0
[  117.711729][ T6616]  ? tun_get_user+0x2bbb/0x48a0
[  117.711756][ T6616]  ? __lock_acquire+0x1397/0x2100
[  117.711781][ T6616]  ? __pfx_tun_get_user+0x10/0x10
[  117.711813][ T6616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  117.711829][ T6616]  ? tun_get+0x1e/0x2f0
[  117.711846][ T6616]  ? __pfx_lock_release+0x10/0x10
[  117.711878][ T6616]  ? tun_get+0x1e/0x2f0
[  117.711894][ T6616]  ? tun_get+0x27d/0x2f0
[  117.711912][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  117.711932][ T6616]  vfs_write+0xacf/0xd10
[  117.711958][ T6616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  117.711976][ T6616]  ? __pfx_vfs_write+0x10/0x10
[  117.711999][ T6616]  ? __fget_files+0x2a/0x410
[  117.712020][ T6616]  ? __fget_files+0x2a/0x410
[  117.712045][ T6616]  ksys_write+0x18f/0x2b0
[  117.712068][ T6616]  ? __pfx_ksys_write+0x10/0x10
[  117.712089][ T6616]  ? do_syscall_64+0x100/0x230
[  117.712108][ T6616]  ? do_syscall_64+0xb6/0x230
[  117.712127][ T6616]  do_syscall_64+0xf3/0x230
[  117.712143][ T6616]  ? clear_bhb_loop+0x35/0x90
[  117.712168][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.712201][ T6616] RIP: 0033:0x7fc3da57e98f
[  117.712217][ T6616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  117.712230][ T6616] RSP: 002b:00007fc3db388020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  117.712247][ T6616] RAX: ffffffffffffffda RBX: 00007fc3da745fa0 RCX: 00007fc3da57e98f
[  117.712259][ T6616] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  117.712268][ T6616] RBP: 00007fc3da5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  117.712278][ T6616] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  117.712288][ T6616] R13: 0000000000000000 R14: 00007fc3da745fa0 R15: 00007ffe7d632228
[  117.712314][ T6616]  </TASK>
[  117.712322][ T6616] Disabling lock debugging due to kernel taint
[  118.092416][ T6616] BUG: Bad page state in process syz.0.15  pfn:6bd39
[  118.099162][ T6616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806bd39d80 pfn:0x6bd39
[  118.109270][ T6616] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  118.116406][ T6616] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  118.125045][ T6616] raw: ffff88806bd39d80 0000000000000001 00000000ffffffff 0000000000000000
[  118.133674][ T6616] page dumped because: page_pool leak
[  118.139085][ T6616] page_owner tracks the page as allocated
[  118.144813][ T6616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6616, tgid 6614 (syz.0.15), ts 117474970660, free_ts 117459578205
[  118.161731][ T6616]  post_alloc_hook+0x1f4/0x240
[  118.166540][ T6616]  get_page_from_freelist+0x3651/0x37a0
[  118.172151][ T6616]  __alloc_frozen_pages_noprof+0x292/0x710
[  118.178017][ T6616]  alloc_pages_bulk_noprof+0x847/0xae0
[  118.183505][ T6616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  118.189461][ T6616]  skb_pp_cow_data+0xcc8/0x1720
[  118.194343][ T6616]  do_xdp_generic+0x505/0xd30
[  118.199084][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  118.204827][ T6616]  __netif_receive_skb+0x12f/0x650
[  118.209998][ T6616]  netif_receive_skb+0x1e8/0x890
[  118.214970][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  118.219719][ T6616]  tun_get_user+0x30cd/0x48a0
[  118.224423][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  118.229513][ T6616]  vfs_write+0xacf/0xd10
[  118.233867][ T6616]  ksys_write+0x18f/0x2b0
[  118.238264][ T6616]  do_syscall_64+0xf3/0x230
[  118.242834][ T6616] page last free pid 5196 tgid 5196 stack trace:
[  118.249214][ T6616]  free_frozen_pages+0xe04/0x10e0
[  118.254353][ T6616]  __slab_free+0x2c2/0x380
[  118.259010][ T6616]  qlist_free_all+0x9a/0x140
[  118.263625][ T6616]  kasan_quarantine_reduce+0x14f/0x170
[  118.269145][ T6616]  __kasan_slab_alloc+0x23/0x80
[  118.274024][ T6616]  __kmalloc_cache_noprof+0x1d9/0x390
[  118.279551][ T6616]  kernfs_fop_open+0x3e0/0xd10
[  118.284349][ T6616]  do_dentry_open+0xdec/0x1960
[  118.289176][ T6616]  vfs_open+0x3b/0x370
[  118.293281][ T6616]  path_openat+0x2c81/0x3590
[  118.297939][ T6616]  do_filp_open+0x27f/0x4e0
[  118.302560][ T6616]  do_sys_openat2+0x13e/0x1d0
[  118.307283][ T6616]  __x64_sys_openat+0x247/0x2a0
[  118.312238][ T6616]  do_syscall_64+0xf3/0x230
[  118.316778][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.322822][ T6616] Modules linked in:
[  118.326746][ T6616] CPU: 0 UID: 0 PID: 6616 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  118.326771][ T6616] Tainted: [B]=BAD_PAGE
[  118.326776][ T6616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  118.326785][ T6616] Call Trace:
[  118.326791][ T6616]  <TASK>
[  118.326797][ T6616]  dump_stack_lvl+0x241/0x360
[  118.326819][ T6616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.326839][ T6616]  ? __pfx_print_modules+0x10/0x10
[  118.326863][ T6616]  bad_page+0x176/0x1d0
[  118.326886][ T6616]  free_frozen_pages+0x1079/0x10e0
[  118.326908][ T6616]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  118.326932][ T6616]  bpf_xdp_adjust_tail+0x1c6/0x210
[  118.326964][ T6616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  118.326980][ T6616]  bpf_prog_run_generic_xdp+0x686/0x1510
[  118.327006][ T6616]  do_xdp_generic+0x757/0xd30
[  118.327025][ T6616]  ? __pfx_do_xdp_generic+0x10/0x10
[  118.327044][ T6616]  ? __skb_flow_dissect+0x25f/0x7af0
[  118.327067][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  118.327096][ T6616]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  118.327117][ T6616]  ? mark_lock+0x9a/0x360
[  118.327137][ T6616]  ? __pfx___skb_flow_dissect+0x10/0x10
[  118.327155][ T6616]  ? __lock_acquire+0x1397/0x2100
[  118.327183][ T6616]  __netif_receive_skb+0x12f/0x650
[  118.327204][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  118.327223][ T6616]  ? __pfx___netif_receive_skb+0x10/0x10
[  118.327245][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  118.327262][ T6616]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  118.327283][ T6616]  ? netif_receive_skb+0x131/0x890
[  118.327310][ T6616]  ? netif_receive_skb+0x131/0x890
[  118.327329][ T6616]  netif_receive_skb+0x1e8/0x890
[  118.327348][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  118.327363][ T6616]  ? __pfx_netif_receive_skb+0x10/0x10
[  118.327386][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  118.327402][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  118.327419][ T6616]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  118.327445][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  118.327469][ T6616]  ? __pfx_tun_rx_batched+0x10/0x10
[  118.327492][ T6616]  tun_get_user+0x30cd/0x48a0
[  118.327509][ T6616]  ? tun_get_user+0x2bbb/0x48a0
[  118.327529][ T6616]  ? __lock_acquire+0x1397/0x2100
[  118.327551][ T6616]  ? __pfx_tun_get_user+0x10/0x10
[  118.327571][ T6616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  118.327586][ T6616]  ? tun_get+0x1e/0x2f0
[  118.327601][ T6616]  ? __pfx_lock_release+0x10/0x10
[  118.327625][ T6616]  ? tun_get+0x1e/0x2f0
[  118.327639][ T6616]  ? tun_get+0x27d/0x2f0
[  118.327656][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  118.327673][ T6616]  vfs_write+0xacf/0xd10
[  118.327694][ T6616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  118.327711][ T6616]  ? __pfx_vfs_write+0x10/0x10
[  118.327730][ T6616]  ? __fget_files+0x2a/0x410
[  118.327748][ T6616]  ? __fget_files+0x2a/0x410
[  118.327777][ T6616]  ksys_write+0x18f/0x2b0
[  118.327796][ T6616]  ? __pfx_ksys_write+0x10/0x10
[  118.327814][ T6616]  ? do_syscall_64+0x100/0x230
[  118.327832][ T6616]  ? do_syscall_64+0xb6/0x230
[  118.327848][ T6616]  do_syscall_64+0xf3/0x230
[  118.327862][ T6616]  ? clear_bhb_loop+0x35/0x90
[  118.327884][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.327904][ T6616] RIP: 0033:0x7fc3da57e98f
[  118.327918][ T6616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  118.327931][ T6616] RSP: 002b:00007fc3db388020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  118.327948][ T6616] RAX: ffffffffffffffda RBX: 00007fc3da745fa0 RCX: 00007fc3da57e98f
[  118.327960][ T6616] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  118.327970][ T6616] RBP: 00007fc3da5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  118.327980][ T6616] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  118.327989][ T6616] R13: 0000000000000000 R14: 00007fc3da745fa0 R15: 00007ffe7d632228
[  118.328005][ T6616]  </TASK>
[  118.706533][ T6616] BUG: Bad page state in process syz.0.15  pfn:337a3
[  118.713256][ T6616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880337a3d90 pfn:0x337a3
[  118.723388][ T6616] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  118.730538][ T6616] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  118.739157][ T6616] raw: ffff8880337a3d90 0000000000000001 00000000ffffffff 0000000000000000
[  118.748015][ T6616] page dumped because: page_pool leak
[  118.753468][ T6616] page_owner tracks the page as allocated
[  118.759391][ T6616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6616, tgid 6614 (syz.0.15), ts 117474959644, free_ts 117459600002
[  118.776452][ T6616]  post_alloc_hook+0x1f4/0x240
[  118.781249][ T6616]  get_page_from_freelist+0x3651/0x37a0
[  118.786814][ T6616]  __alloc_frozen_pages_noprof+0x292/0x710
[  118.792648][ T6616]  alloc_pages_bulk_noprof+0x847/0xae0
[  118.798133][ T6616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  118.804015][ T6616]  skb_pp_cow_data+0xcc8/0x1720
[  118.808882][ T6616]  do_xdp_generic+0x505/0xd30
[  118.813581][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  118.819325][ T6616]  __netif_receive_skb+0x12f/0x650
[  118.824450][ T6616]  netif_receive_skb+0x1e8/0x890
[  118.829440][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  118.834209][ T6616]  tun_get_user+0x30cd/0x48a0
[  118.838912][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  118.843944][ T6616]  vfs_write+0xacf/0xd10
[  118.848211][ T6616]  ksys_write+0x18f/0x2b0
[  118.852552][ T6616]  do_syscall_64+0xf3/0x230
[  118.857110][ T6616] page last free pid 5196 tgid 5196 stack trace:
[  118.863453][ T6616]  free_frozen_pages+0xe04/0x10e0
[  118.868502][ T6616]  __slab_free+0x2c2/0x380
[  118.872930][ T6616]  qlist_free_all+0x9a/0x140
[  118.877565][ T6616]  kasan_quarantine_reduce+0x14f/0x170
[  118.883028][ T6616]  __kasan_slab_alloc+0x23/0x80
[  118.887902][ T6616]  __kmalloc_cache_noprof+0x1d9/0x390
[  118.893299][ T6616]  kernfs_fop_open+0x3e0/0xd10
[  118.898084][ T6616]  do_dentry_open+0xdec/0x1960
[  118.902857][ T6616]  vfs_open+0x3b/0x370
[  118.907055][ T6616]  path_openat+0x2c81/0x3590
[  118.911654][ T6616]  do_filp_open+0x27f/0x4e0
[  118.916161][ T6616]  do_sys_openat2+0x13e/0x1d0
[  118.920858][ T6616]  __x64_sys_openat+0x247/0x2a0
[  118.925804][ T6616]  do_syscall_64+0xf3/0x230
[  118.930330][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.936229][ T6616] Modules linked in:
[  118.940170][ T6616] CPU: 0 UID: 0 PID: 6616 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  118.940192][ T6616] Tainted: [B]=BAD_PAGE
[  118.940197][ T6616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  118.940205][ T6616] Call Trace:
[  118.940210][ T6616]  <TASK>
[  118.940215][ T6616]  dump_stack_lvl+0x241/0x360
[  118.940234][ T6616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.940274][ T6616]  ? __pfx_print_modules+0x10/0x10
[  118.940297][ T6616]  bad_page+0x176/0x1d0
[  118.940317][ T6616]  free_frozen_pages+0x1079/0x10e0
[  118.940337][ T6616]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  118.940360][ T6616]  bpf_xdp_adjust_tail+0x1c6/0x210
[  118.940384][ T6616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  118.940398][ T6616]  bpf_prog_run_generic_xdp+0x686/0x1510
[  118.940429][ T6616]  do_xdp_generic+0x757/0xd30
[  118.940451][ T6616]  ? __pfx_do_xdp_generic+0x10/0x10
[  118.940473][ T6616]  ? __skb_flow_dissect+0x25f/0x7af0
[  118.940495][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  118.940525][ T6616]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  118.940547][ T6616]  ? mark_lock+0x9a/0x360
[  118.940568][ T6616]  ? __pfx___skb_flow_dissect+0x10/0x10
[  118.940585][ T6616]  ? __lock_acquire+0x1397/0x2100
[  118.940613][ T6616]  __netif_receive_skb+0x12f/0x650
[  118.940634][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  118.940652][ T6616]  ? __pfx___netif_receive_skb+0x10/0x10
[  118.940671][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  118.940688][ T6616]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  118.940709][ T6616]  ? netif_receive_skb+0x131/0x890
[  118.940727][ T6616]  ? netif_receive_skb+0x131/0x890
[  118.940746][ T6616]  netif_receive_skb+0x1e8/0x890
[  118.940765][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  118.940781][ T6616]  ? __pfx_netif_receive_skb+0x10/0x10
[  118.940804][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  118.940820][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  118.940836][ T6616]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  118.940858][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  118.940878][ T6616]  ? __pfx_tun_rx_batched+0x10/0x10
[  118.940901][ T6616]  tun_get_user+0x30cd/0x48a0
[  118.940918][ T6616]  ? tun_get_user+0x2bbb/0x48a0
[  118.940938][ T6616]  ? __lock_acquire+0x1397/0x2100
[  118.940961][ T6616]  ? __pfx_tun_get_user+0x10/0x10
[  118.940983][ T6616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  118.940999][ T6616]  ? tun_get+0x1e/0x2f0
[  118.941014][ T6616]  ? __pfx_lock_release+0x10/0x10
[  118.941038][ T6616]  ? tun_get+0x1e/0x2f0
[  118.941053][ T6616]  ? tun_get+0x27d/0x2f0
[  118.941069][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  118.941087][ T6616]  vfs_write+0xacf/0xd10
[  118.941106][ T6616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  118.941120][ T6616]  ? __pfx_vfs_write+0x10/0x10
[  118.941137][ T6616]  ? __fget_files+0x2a/0x410
[  118.941153][ T6616]  ? __fget_files+0x2a/0x410
[  118.941172][ T6616]  ksys_write+0x18f/0x2b0
[  118.941191][ T6616]  ? __pfx_ksys_write+0x10/0x10
[  118.941209][ T6616]  ? do_syscall_64+0x100/0x230
[  118.941226][ T6616]  ? do_syscall_64+0xb6/0x230
[  118.941241][ T6616]  do_syscall_64+0xf3/0x230
[  118.941265][ T6616]  ? clear_bhb_loop+0x35/0x90
[  118.941287][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.941307][ T6616] RIP: 0033:0x7fc3da57e98f
[  118.941321][ T6616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  118.941334][ T6616] RSP: 002b:00007fc3db388020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  118.941351][ T6616] RAX: ffffffffffffffda RBX: 00007fc3da745fa0 RCX: 00007fc3da57e98f
[  118.941362][ T6616] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  118.941372][ T6616] RBP: 00007fc3da5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  118.941381][ T6616] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  118.941391][ T6616] R13: 0000000000000000 R14: 00007fc3da745fa0 R15: 00007ffe7d632228
[  118.941407][ T6616]  </TASK>
[  118.941417][ T6616] BUG: Bad page state in process syz.0.15  pfn:2fd59
[  119.157133][   T55] Bluetooth: hci0: command tx timeout
[  119.158557][ T6616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802fd59e58 pfn:0x2fd59
[  119.342030][ T6616] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  119.349479][ T6616] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  119.358098][ T6616] raw: ffff88802fd59e58 0000000000000001 00000000ffffffff 0000000000000000
[  119.366686][ T6616] page dumped because: page_pool leak
[  119.372119][ T6616] page_owner tracks the page as allocated
[  119.377958][ T6616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6616, tgid 6614 (syz.0.15), ts 117474948638, free_ts 117459634797
[  119.394939][ T6616]  post_alloc_hook+0x1f4/0x240
[  119.399741][ T6616]  get_page_from_freelist+0x3651/0x37a0
[  119.405292][ T6616]  __alloc_frozen_pages_noprof+0x292/0x710
[  119.411153][ T6616]  alloc_pages_bulk_noprof+0x847/0xae0
[  119.416700][ T6616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  119.422637][ T6616]  skb_pp_cow_data+0xcc8/0x1720
[  119.427547][ T6616]  do_xdp_generic+0x505/0xd30
[  119.432227][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  119.437975][ T6616]  __netif_receive_skb+0x12f/0x650
[  119.443223][ T6616]  netif_receive_skb+0x1e8/0x890
[  119.448225][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  119.452927][ T6616]  tun_get_user+0x30cd/0x48a0
[  119.457624][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  119.462678][ T6616]  vfs_write+0xacf/0xd10
[  119.466914][ T6616]  ksys_write+0x18f/0x2b0
[  119.471267][ T6616]  do_syscall_64+0xf3/0x230
[  119.475770][ T6616] page last free pid 5196 tgid 5196 stack trace:
[  119.482215][ T6616]  free_frozen_pages+0xe04/0x10e0
[  119.487333][ T6616]  __slab_free+0x2c2/0x380
[  119.491834][ T6616]  qlist_free_all+0x9a/0x140
[  119.496493][ T6616]  kasan_quarantine_reduce+0x14f/0x170
[  119.502061][ T6616]  __kasan_slab_alloc+0x23/0x80
[  119.506934][ T6616]  __kmalloc_cache_noprof+0x1d9/0x390
[  119.512339][ T6616]  kernfs_fop_open+0x3e0/0xd10
[  119.517133][ T6616]  do_dentry_open+0xdec/0x1960
[  119.521886][ T6616]  vfs_open+0x3b/0x370
[  119.525935][ T6616]  path_openat+0x2c81/0x3590
[  119.530650][ T6616]  do_filp_open+0x27f/0x4e0
[  119.535156][ T6616]  do_sys_openat2+0x13e/0x1d0
[  119.539858][ T6616]  __x64_sys_openat+0x247/0x2a0
[  119.544748][ T6616]  do_syscall_64+0xf3/0x230
[  119.549283][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.555209][ T6616] Modules linked in:
[  119.559229][ T6616] CPU: 0 UID: 0 PID: 6616 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  119.559249][ T6616] Tainted: [B]=BAD_PAGE
[  119.559253][ T6616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  119.559266][ T6616] Call Trace:
[  119.559271][ T6616]  <TASK>
[  119.559277][ T6616]  dump_stack_lvl+0x241/0x360
[  119.559296][ T6616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.559310][ T6616]  ? __pfx_print_modules+0x10/0x10
[  119.559332][ T6616]  bad_page+0x176/0x1d0
[  119.559352][ T6616]  free_frozen_pages+0x1079/0x10e0
[  119.559370][ T6616]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  119.559391][ T6616]  bpf_xdp_adjust_tail+0x1c6/0x210
[  119.559415][ T6616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  119.559428][ T6616]  bpf_prog_run_generic_xdp+0x686/0x1510
[  119.559459][ T6616]  do_xdp_generic+0x757/0xd30
[  119.559482][ T6616]  ? __pfx_do_xdp_generic+0x10/0x10
[  119.559504][ T6616]  ? __skb_flow_dissect+0x25f/0x7af0
[  119.559529][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  119.559558][ T6616]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  119.559580][ T6616]  ? mark_lock+0x9a/0x360
[  119.559601][ T6616]  ? __pfx___skb_flow_dissect+0x10/0x10
[  119.559618][ T6616]  ? __lock_acquire+0x1397/0x2100
[  119.559651][ T6616]  __netif_receive_skb+0x12f/0x650
[  119.559673][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  119.559692][ T6616]  ? __pfx___netif_receive_skb+0x10/0x10
[  119.559713][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  119.559730][ T6616]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  119.559752][ T6616]  ? netif_receive_skb+0x131/0x890
[  119.559770][ T6616]  ? netif_receive_skb+0x131/0x890
[  119.559788][ T6616]  netif_receive_skb+0x1e8/0x890
[  119.559808][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  119.559824][ T6616]  ? __pfx_netif_receive_skb+0x10/0x10
[  119.559846][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  119.559861][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  119.559877][ T6616]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  119.559896][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  119.559915][ T6616]  ? __pfx_tun_rx_batched+0x10/0x10
[  119.559939][ T6616]  tun_get_user+0x30cd/0x48a0
[  119.559956][ T6616]  ? tun_get_user+0x2bbb/0x48a0
[  119.559975][ T6616]  ? __lock_acquire+0x1397/0x2100
[  119.559998][ T6616]  ? __pfx_tun_get_user+0x10/0x10
[  119.560021][ T6616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  119.560036][ T6616]  ? tun_get+0x1e/0x2f0
[  119.560051][ T6616]  ? __pfx_lock_release+0x10/0x10
[  119.560073][ T6616]  ? tun_get+0x1e/0x2f0
[  119.560087][ T6616]  ? tun_get+0x27d/0x2f0
[  119.560102][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  119.560119][ T6616]  vfs_write+0xacf/0xd10
[  119.560140][ T6616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  119.560157][ T6616]  ? __pfx_vfs_write+0x10/0x10
[  119.560186][ T6616]  ? __fget_files+0x2a/0x410
[  119.560204][ T6616]  ? __fget_files+0x2a/0x410
[  119.560222][ T6616]  ksys_write+0x18f/0x2b0
[  119.560241][ T6616]  ? __pfx_ksys_write+0x10/0x10
[  119.560260][ T6616]  ? do_syscall_64+0x100/0x230
[  119.560277][ T6616]  ? do_syscall_64+0xb6/0x230
[  119.560292][ T6616]  do_syscall_64+0xf3/0x230
[  119.560306][ T6616]  ? clear_bhb_loop+0x35/0x90
[  119.560328][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.560348][ T6616] RIP: 0033:0x7fc3da57e98f
[  119.560361][ T6616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  119.560374][ T6616] RSP: 002b:00007fc3db388020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  119.560391][ T6616] RAX: ffffffffffffffda RBX: 00007fc3da745fa0 RCX: 00007fc3da57e98f
[  119.560402][ T6616] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  119.560412][ T6616] RBP: 00007fc3da5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  119.560421][ T6616] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  119.560430][ T6616] R13: 0000000000000000 R14: 00007fc3da745fa0 R15: 00007ffe7d632228
[  119.560446][ T6616]  </TASK>
[  119.560456][ T6616] BUG: Bad page state in process syz.0.15  pfn:2fd4e
[  119.945594][ T6616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802fd4ee88 pfn:0x2fd4e
[  119.955757][ T6616] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  119.962913][ T6616] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  119.971554][ T6616] raw: ffff88802fd4ee88 0000000000000001 00000000ffffffff 0000000000000000
[  119.980182][ T6616] page dumped because: page_pool leak
[  119.985540][ T6616] page_owner tracks the page as allocated
[  119.991274][ T6616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6616, tgid 6614 (syz.0.15), ts 117474937440, free_ts 117459653563
[  120.008141][ T6616]  post_alloc_hook+0x1f4/0x240
[  120.012899][ T6616]  get_page_from_freelist+0x3651/0x37a0
[  120.018521][ T6616]  __alloc_frozen_pages_noprof+0x292/0x710
[  120.024386][ T6616]  alloc_pages_bulk_noprof+0x847/0xae0
[  120.029889][ T6616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  120.035792][ T6616]  skb_pp_cow_data+0xcc8/0x1720
[  120.040694][ T6616]  do_xdp_generic+0x505/0xd30
[  120.045469][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  120.051223][ T6616]  __netif_receive_skb+0x12f/0x650
[  120.056342][ T6616]  netif_receive_skb+0x1e8/0x890
[  120.061353][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  120.066044][ T6616]  tun_get_user+0x30cd/0x48a0
[  120.070760][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  120.075785][ T6616]  vfs_write+0xacf/0xd10
[  120.080047][ T6616]  ksys_write+0x18f/0x2b0
[  120.084393][ T6616]  do_syscall_64+0xf3/0x230
[  120.088929][ T6616] page last free pid 5196 tgid 5196 stack trace:
[  120.095258][ T6616]  free_frozen_pages+0xe04/0x10e0
[  120.100374][ T6616]  __slab_free+0x2c2/0x380
[  120.104806][ T6616]  qlist_free_all+0x9a/0x140
[  120.109451][ T6616]  kasan_quarantine_reduce+0x14f/0x170
[  120.114922][ T6616]  __kasan_slab_alloc+0x23/0x80
[  120.119824][ T6616]  __kmalloc_cache_noprof+0x1d9/0x390
[  120.125199][ T6616]  kernfs_fop_open+0x3e0/0xd10
[  120.130013][ T6616]  do_dentry_open+0xdec/0x1960
[  120.134781][ T6616]  vfs_open+0x3b/0x370
[  120.138871][ T6616]  path_openat+0x2c81/0x3590
[  120.143466][ T6616]  do_filp_open+0x27f/0x4e0
[  120.148013][ T6616]  do_sys_openat2+0x13e/0x1d0
[  120.152693][ T6616]  __x64_sys_openat+0x247/0x2a0
[  120.157580][ T6616]  do_syscall_64+0xf3/0x230
[  120.162113][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.168037][ T6616] Modules linked in:
[  120.171937][ T6616] CPU: 0 UID: 0 PID: 6616 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  120.171952][ T6616] Tainted: [B]=BAD_PAGE
[  120.171955][ T6616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  120.171961][ T6616] Call Trace:
[  120.171965][ T6616]  <TASK>
[  120.171970][ T6616]  dump_stack_lvl+0x241/0x360
[  120.171983][ T6616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.171992][ T6616]  ? __pfx_print_modules+0x10/0x10
[  120.172007][ T6616]  bad_page+0x176/0x1d0
[  120.172020][ T6616]  free_frozen_pages+0x1079/0x10e0
[  120.172033][ T6616]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  120.172049][ T6616]  bpf_xdp_adjust_tail+0x1c6/0x210
[  120.172062][ T6616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  120.172070][ T6616]  bpf_prog_run_generic_xdp+0x686/0x1510
[  120.172087][ T6616]  do_xdp_generic+0x757/0xd30
[  120.172100][ T6616]  ? __pfx_do_xdp_generic+0x10/0x10
[  120.172112][ T6616]  ? __skb_flow_dissect+0x25f/0x7af0
[  120.172126][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  120.172148][ T6616]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  120.172161][ T6616]  ? mark_lock+0x9a/0x360
[  120.172173][ T6616]  ? __pfx___skb_flow_dissect+0x10/0x10
[  120.172183][ T6616]  ? __lock_acquire+0x1397/0x2100
[  120.172199][ T6616]  __netif_receive_skb+0x12f/0x650
[  120.172211][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  120.172222][ T6616]  ? __pfx___netif_receive_skb+0x10/0x10
[  120.172234][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  120.172244][ T6616]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  120.172257][ T6616]  ? netif_receive_skb+0x131/0x890
[  120.172267][ T6616]  ? netif_receive_skb+0x131/0x890
[  120.172278][ T6616]  netif_receive_skb+0x1e8/0x890
[  120.172289][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  120.172298][ T6616]  ? __pfx_netif_receive_skb+0x10/0x10
[  120.172310][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  120.172320][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  120.172329][ T6616]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  120.172342][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  120.172353][ T6616]  ? __pfx_tun_rx_batched+0x10/0x10
[  120.172366][ T6616]  tun_get_user+0x30cd/0x48a0
[  120.172376][ T6616]  ? tun_get_user+0x2bbb/0x48a0
[  120.172387][ T6616]  ? __lock_acquire+0x1397/0x2100
[  120.172400][ T6616]  ? __pfx_tun_get_user+0x10/0x10
[  120.172412][ T6616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  120.172421][ T6616]  ? tun_get+0x1e/0x2f0
[  120.172430][ T6616]  ? __pfx_lock_release+0x10/0x10
[  120.172448][ T6616]  ? tun_get+0x1e/0x2f0
[  120.172457][ T6616]  ? tun_get+0x27d/0x2f0
[  120.172466][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  120.172476][ T6616]  vfs_write+0xacf/0xd10
[  120.172488][ T6616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  120.172498][ T6616]  ? __pfx_vfs_write+0x10/0x10
[  120.172509][ T6616]  ? __fget_files+0x2a/0x410
[  120.172519][ T6616]  ? __fget_files+0x2a/0x410
[  120.172529][ T6616]  ksys_write+0x18f/0x2b0
[  120.172541][ T6616]  ? __pfx_ksys_write+0x10/0x10
[  120.172551][ T6616]  ? do_syscall_64+0x100/0x230
[  120.172561][ T6616]  ? do_syscall_64+0xb6/0x230
[  120.172570][ T6616]  do_syscall_64+0xf3/0x230
[  120.172578][ T6616]  ? clear_bhb_loop+0x35/0x90
[  120.172591][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.172603][ T6616] RIP: 0033:0x7fc3da57e98f
[  120.172612][ T6616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  120.172619][ T6616] RSP: 002b:00007fc3db388020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  120.172629][ T6616] RAX: ffffffffffffffda RBX: 00007fc3da745fa0 RCX: 00007fc3da57e98f
[  120.172636][ T6616] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  120.172642][ T6616] RBP: 00007fc3da5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  120.172648][ T6616] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  120.172653][ T6616] R13: 0000000000000000 R14: 00007fc3da745fa0 R15: 00007ffe7d632228
[  120.172662][ T6616]  </TASK>
[  120.172669][ T6616] BUG: Bad page state in process syz.0.15  pfn:29b1b
[  120.558044][ T6616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888029b1b0f8 pfn:0x29b1b
[  120.568601][ T6616] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  120.575901][ T6616] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  120.584521][ T6616] raw: ffff888029b1b0f8 0000000000000001 00000000ffffffff 0000000000000000
[  120.593150][ T6616] page dumped because: page_pool leak
[  120.598578][ T6616] page_owner tracks the page as allocated
[  120.604334][ T6616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6616, tgid 6614 (syz.0.15), ts 117474926909, free_ts 117459837159
[  120.621221][ T6616]  post_alloc_hook+0x1f4/0x240
[  120.626150][ T6616]  get_page_from_freelist+0x3651/0x37a0
[  120.631763][ T6616]  __alloc_frozen_pages_noprof+0x292/0x710
[  120.637611][ T6616]  alloc_pages_bulk_noprof+0x847/0xae0
[  120.643088][ T6616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  120.648997][ T6616]  skb_pp_cow_data+0xcc8/0x1720
[  120.653875][ T6616]  do_xdp_generic+0x505/0xd30
[  120.658658][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  120.664399][ T6616]  __netif_receive_skb+0x12f/0x650
[  120.669543][ T6616]  netif_receive_skb+0x1e8/0x890
[  120.674489][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  120.679247][ T6616]  tun_get_user+0x30cd/0x48a0
[  120.683949][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  120.689003][ T6616]  vfs_write+0xacf/0xd10
[  120.693266][ T6616]  ksys_write+0x18f/0x2b0
[  120.697725][ T6616]  do_syscall_64+0xf3/0x230
[  120.702241][ T6616] page last free pid 5196 tgid 5196 stack trace:
[  120.708589][ T6616]  free_frozen_pages+0xe04/0x10e0
[  120.713711][ T6616]  __put_partials+0x160/0x1c0
[  120.718436][ T6616]  put_cpu_partial+0x17c/0x250
[  120.723222][ T6616]  __slab_free+0x290/0x380
[  120.727661][ T6616]  qlist_free_all+0x9a/0x140
[  120.732272][ T6616]  kasan_quarantine_reduce+0x14f/0x170
[  120.737760][ T6616]  __kasan_slab_alloc+0x23/0x80
[  120.742618][ T6616]  __kmalloc_cache_noprof+0x1d9/0x390
[  120.748017][ T6616]  kernfs_fop_open+0x3e0/0xd10
[  120.752792][ T6616]  do_dentry_open+0xdec/0x1960
[  120.757586][ T6616]  vfs_open+0x3b/0x370
[  120.761667][ T6616]  path_openat+0x2c81/0x3590
[  120.766268][ T6616]  do_filp_open+0x27f/0x4e0
[  120.770797][ T6616]  do_sys_openat2+0x13e/0x1d0
[  120.775499][ T6616]  __x64_sys_openat+0x247/0x2a0
[  120.780381][ T6616]  do_syscall_64+0xf3/0x230
[  120.784889][ T6616] Modules linked in:
[  120.788813][ T6616] CPU: 0 UID: 0 PID: 6616 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  120.788834][ T6616] Tainted: [B]=BAD_PAGE
[  120.788839][ T6616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  120.788847][ T6616] Call Trace:
[  120.788852][ T6616]  <TASK>
[  120.788857][ T6616]  dump_stack_lvl+0x241/0x360
[  120.788877][ T6616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.788890][ T6616]  ? __pfx_print_modules+0x10/0x10
[  120.788912][ T6616]  bad_page+0x176/0x1d0
[  120.788933][ T6616]  free_frozen_pages+0x1079/0x10e0
[  120.788951][ T6616]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  120.788972][ T6616]  bpf_xdp_adjust_tail+0x1c6/0x210
[  120.788994][ T6616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  120.789008][ T6616]  bpf_prog_run_generic_xdp+0x686/0x1510
[  120.789046][ T6616]  do_xdp_generic+0x757/0xd30
[  120.789069][ T6616]  ? __pfx_do_xdp_generic+0x10/0x10
[  120.789091][ T6616]  ? __skb_flow_dissect+0x25f/0x7af0
[  120.789116][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  120.789144][ T6616]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  120.789163][ T6616]  ? mark_lock+0x9a/0x360
[  120.789183][ T6616]  ? __pfx___skb_flow_dissect+0x10/0x10
[  120.789200][ T6616]  ? __lock_acquire+0x1397/0x2100
[  120.789228][ T6616]  __netif_receive_skb+0x12f/0x650
[  120.789248][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  120.789268][ T6616]  ? __pfx___netif_receive_skb+0x10/0x10
[  120.789289][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  120.789306][ T6616]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  120.789328][ T6616]  ? netif_receive_skb+0x131/0x890
[  120.789345][ T6616]  ? netif_receive_skb+0x131/0x890
[  120.789364][ T6616]  netif_receive_skb+0x1e8/0x890
[  120.789384][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  120.789400][ T6616]  ? __pfx_netif_receive_skb+0x10/0x10
[  120.789423][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  120.789439][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  120.789457][ T6616]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  120.789478][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  120.789498][ T6616]  ? __pfx_tun_rx_batched+0x10/0x10
[  120.789522][ T6616]  tun_get_user+0x30cd/0x48a0
[  120.789539][ T6616]  ? tun_get_user+0x2bbb/0x48a0
[  120.789558][ T6616]  ? __lock_acquire+0x1397/0x2100
[  120.789580][ T6616]  ? __pfx_tun_get_user+0x10/0x10
[  120.789604][ T6616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  120.789619][ T6616]  ? tun_get+0x1e/0x2f0
[  120.789634][ T6616]  ? __pfx_lock_release+0x10/0x10
[  120.789658][ T6616]  ? tun_get+0x1e/0x2f0
[  120.789674][ T6616]  ? tun_get+0x27d/0x2f0
[  120.789689][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  120.789707][ T6616]  vfs_write+0xacf/0xd10
[  120.789728][ T6616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  120.789745][ T6616]  ? __pfx_vfs_write+0x10/0x10
[  120.789764][ T6616]  ? __fget_files+0x2a/0x410
[  120.789781][ T6616]  ? __fget_files+0x2a/0x410
[  120.789799][ T6616]  ksys_write+0x18f/0x2b0
[  120.789819][ T6616]  ? __pfx_ksys_write+0x10/0x10
[  120.789838][ T6616]  ? do_syscall_64+0x100/0x230
[  120.789854][ T6616]  ? do_syscall_64+0xb6/0x230
[  120.789869][ T6616]  do_syscall_64+0xf3/0x230
[  120.789884][ T6616]  ? clear_bhb_loop+0x35/0x90
[  120.789905][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.789925][ T6616] RIP: 0033:0x7fc3da57e98f
[  120.789939][ T6616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  120.789952][ T6616] RSP: 002b:00007fc3db388020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  120.789969][ T6616] RAX: ffffffffffffffda RBX: 00007fc3da745fa0 RCX: 00007fc3da57e98f
[  120.789980][ T6616] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  120.789989][ T6616] RBP: 00007fc3da5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  120.789999][ T6616] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  120.790008][ T6616] R13: 0000000000000000 R14: 00007fc3da745fa0 R15: 00007ffe7d632228
[  120.790025][ T6616]  </TASK>
[  120.790043][ T6616] BUG: Bad page state in process syz.0.15  pfn:274e4
[  121.175411][ T6616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880274e4e88 pfn:0x274e4
[  121.185494][ T6616] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  121.192802][ T6616] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  121.201406][ T6616] raw: ffff8880274e4e88 0000000000000001 00000000ffffffff 0000000000000000
[  121.210024][ T6616] page dumped because: page_pool leak
[  121.215376][ T6616] page_owner tracks the page as allocated
[  121.221118][ T6616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6616, tgid 6614 (syz.0.15), ts 117474916558, free_ts 117459853689
[  121.237109][   T55] Bluetooth: hci0: command tx timeout
[  121.237979][ T6616]  post_alloc_hook+0x1f4/0x240
[  121.248122][ T6616]  get_page_from_freelist+0x3651/0x37a0
[  121.253679][ T6616]  __alloc_frozen_pages_noprof+0x292/0x710
[  121.259511][ T6616]  alloc_pages_bulk_noprof+0x847/0xae0
[  121.265070][ T6616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  121.270990][ T6616]  skb_pp_cow_data+0xcc8/0x1720
[  121.275858][ T6616]  do_xdp_generic+0x505/0xd30
[  121.280558][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  121.286286][ T6616]  __netif_receive_skb+0x12f/0x650
[  121.291431][ T6616]  netif_receive_skb+0x1e8/0x890
[  121.296372][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  121.301082][ T6616]  tun_get_user+0x30cd/0x48a0
[  121.305774][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  121.310854][ T6616]  vfs_write+0xacf/0xd10
[  121.315113][ T6616]  ksys_write+0x18f/0x2b0
[  121.319492][ T6616]  do_syscall_64+0xf3/0x230
[  121.324007][ T6616] page last free pid 5196 tgid 5196 stack trace:
[  121.330363][ T6616]  free_frozen_pages+0xe04/0x10e0
[  121.335399][ T6616]  __put_partials+0x160/0x1c0
[  121.340111][ T6616]  put_cpu_partial+0x17c/0x250
[  121.345160][ T6616]  __slab_free+0x290/0x380
[  121.349619][ T6616]  qlist_free_all+0x9a/0x140
[  121.354230][ T6616]  kasan_quarantine_reduce+0x14f/0x170
[  121.359716][ T6616]  __kasan_slab_alloc+0x23/0x80
[  121.364573][ T6616]  __kmalloc_cache_noprof+0x1d9/0x390
[  121.369981][ T6616]  kernfs_fop_open+0x3e0/0xd10
[  121.374764][ T6616]  do_dentry_open+0xdec/0x1960
[  121.379547][ T6616]  vfs_open+0x3b/0x370
[  121.383612][ T6616]  path_openat+0x2c81/0x3590
[  121.388401][ T6616]  do_filp_open+0x27f/0x4e0
[  121.392938][ T6616]  do_sys_openat2+0x13e/0x1d0
[  121.397677][ T6616]  __x64_sys_openat+0x247/0x2a0
[  121.402530][ T6616]  do_syscall_64+0xf3/0x230
[  121.407068][ T6616] Modules linked in:
[  121.410962][ T6616] CPU: 0 UID: 0 PID: 6616 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  121.410976][ T6616] Tainted: [B]=BAD_PAGE
[  121.410979][ T6616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  121.410985][ T6616] Call Trace:
[  121.410989][ T6616]  <TASK>
[  121.410993][ T6616]  dump_stack_lvl+0x241/0x360
[  121.411006][ T6616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.411015][ T6616]  ? __pfx_print_modules+0x10/0x10
[  121.411030][ T6616]  bad_page+0x176/0x1d0
[  121.411048][ T6616]  free_frozen_pages+0x1079/0x10e0
[  121.411061][ T6616]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  121.411075][ T6616]  bpf_xdp_adjust_tail+0x1c6/0x210
[  121.411089][ T6616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  121.411097][ T6616]  bpf_prog_run_generic_xdp+0x686/0x1510
[  121.411115][ T6616]  do_xdp_generic+0x757/0xd30
[  121.411127][ T6616]  ? __pfx_do_xdp_generic+0x10/0x10
[  121.411139][ T6616]  ? __skb_flow_dissect+0x25f/0x7af0
[  121.411153][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  121.411171][ T6616]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  121.411183][ T6616]  ? mark_lock+0x9a/0x360
[  121.411196][ T6616]  ? __pfx___skb_flow_dissect+0x10/0x10
[  121.411206][ T6616]  ? __lock_acquire+0x1397/0x2100
[  121.411221][ T6616]  __netif_receive_skb+0x12f/0x650
[  121.411233][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  121.411245][ T6616]  ? __pfx___netif_receive_skb+0x10/0x10
[  121.411257][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  121.411267][ T6616]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  121.411279][ T6616]  ? netif_receive_skb+0x131/0x890
[  121.411289][ T6616]  ? netif_receive_skb+0x131/0x890
[  121.411300][ T6616]  netif_receive_skb+0x1e8/0x890
[  121.411311][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  121.411320][ T6616]  ? __pfx_netif_receive_skb+0x10/0x10
[  121.411333][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  121.411342][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  121.411351][ T6616]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  121.411364][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  121.411375][ T6616]  ? __pfx_tun_rx_batched+0x10/0x10
[  121.411388][ T6616]  tun_get_user+0x30cd/0x48a0
[  121.411397][ T6616]  ? tun_get_user+0x2bbb/0x48a0
[  121.411408][ T6616]  ? __lock_acquire+0x1397/0x2100
[  121.411421][ T6616]  ? __pfx_tun_get_user+0x10/0x10
[  121.411433][ T6616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  121.411443][ T6616]  ? tun_get+0x1e/0x2f0
[  121.411451][ T6616]  ? __pfx_lock_release+0x10/0x10
[  121.411465][ T6616]  ? tun_get+0x1e/0x2f0
[  121.411473][ T6616]  ? tun_get+0x27d/0x2f0
[  121.411482][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  121.411492][ T6616]  vfs_write+0xacf/0xd10
[  121.411504][ T6616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  121.411513][ T6616]  ? __pfx_vfs_write+0x10/0x10
[  121.411525][ T6616]  ? __fget_files+0x2a/0x410
[  121.411535][ T6616]  ? __fget_files+0x2a/0x410
[  121.411545][ T6616]  ksys_write+0x18f/0x2b0
[  121.411556][ T6616]  ? __pfx_ksys_write+0x10/0x10
[  121.411567][ T6616]  ? do_syscall_64+0x100/0x230
[  121.411577][ T6616]  ? do_syscall_64+0xb6/0x230
[  121.411585][ T6616]  do_syscall_64+0xf3/0x230
[  121.411593][ T6616]  ? clear_bhb_loop+0x35/0x90
[  121.411607][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.411618][ T6616] RIP: 0033:0x7fc3da57e98f
[  121.411627][ T6616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  121.411635][ T6616] RSP: 002b:00007fc3db388020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  121.411645][ T6616] RAX: ffffffffffffffda RBX: 00007fc3da745fa0 RCX: 00007fc3da57e98f
[  121.411652][ T6616] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  121.411658][ T6616] RBP: 00007fc3da5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  121.411664][ T6616] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  121.411669][ T6616] R13: 0000000000000000 R14: 00007fc3da745fa0 R15: 00007ffe7d632228
[  121.411678][ T6616]  </TASK>
[  121.411685][ T6616] BUG: Bad page state in process syz.0.15  pfn:3098c
[  121.795921][ T6616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803098ce88 pfn:0x3098c
[  121.806018][ T6616] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  121.813217][ T6616] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  121.821825][ T6616] raw: ffff88803098ce88 0000000000000001 00000000ffffffff 0000000000000000
[  121.830444][ T6616] page dumped because: page_pool leak
[  121.835801][ T6616] page_owner tracks the page as allocated
[  121.841548][ T6616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6616, tgid 6614 (syz.0.15), ts 117474905545, free_ts 117459871127
[  121.858413][ T6616]  post_alloc_hook+0x1f4/0x240
[  121.863164][ T6616]  get_page_from_freelist+0x3651/0x37a0
[  121.868762][ T6616]  __alloc_frozen_pages_noprof+0x292/0x710
[  121.874582][ T6616]  alloc_pages_bulk_noprof+0x847/0xae0
[  121.880073][ T6616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  121.885968][ T6616]  skb_pp_cow_data+0xcc8/0x1720
[  121.890857][ T6616]  do_xdp_generic+0x505/0xd30
[  121.895537][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  121.901291][ T6616]  __netif_receive_skb+0x12f/0x650
[  121.906425][ T6616]  netif_receive_skb+0x1e8/0x890
[  121.911431][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  121.916121][ T6616]  tun_get_user+0x30cd/0x48a0
[  121.920916][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  121.925978][ T6616]  vfs_write+0xacf/0xd10
[  121.930267][ T6616]  ksys_write+0x18f/0x2b0
[  121.934607][ T6616]  do_syscall_64+0xf3/0x230
[  121.939137][ T6616] page last free pid 5196 tgid 5196 stack trace:
[  121.945463][ T6616]  free_frozen_pages+0xe04/0x10e0
[  121.950512][ T6616]  __put_partials+0x160/0x1c0
[  121.955190][ T6616]  put_cpu_partial+0x17c/0x250
[  121.959982][ T6616]  __slab_free+0x290/0x380
[  121.964402][ T6616]  qlist_free_all+0x9a/0x140
[  121.969007][ T6616]  kasan_quarantine_reduce+0x14f/0x170
[  121.974476][ T6616]  __kasan_slab_alloc+0x23/0x80
[  121.979350][ T6616]  __kmalloc_cache_noprof+0x1d9/0x390
[  121.984723][ T6616]  kernfs_fop_open+0x3e0/0xd10
[  121.989507][ T6616]  do_dentry_open+0xdec/0x1960
[  121.994356][ T6616]  vfs_open+0x3b/0x370
[  121.998442][ T6616]  path_openat+0x2c81/0x3590
[  122.003035][ T6616]  do_filp_open+0x27f/0x4e0
[  122.007556][ T6616]  do_sys_openat2+0x13e/0x1d0
[  122.012234][ T6616]  __x64_sys_openat+0x247/0x2a0
[  122.017115][ T6616]  do_syscall_64+0xf3/0x230
[  122.021620][ T6616] Modules linked in:
[  122.025508][ T6616] CPU: 0 UID: 0 PID: 6616 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  122.025522][ T6616] Tainted: [B]=BAD_PAGE
[  122.025525][ T6616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  122.025531][ T6616] Call Trace:
[  122.025536][ T6616]  <TASK>
[  122.025540][ T6616]  dump_stack_lvl+0x241/0x360
[  122.025553][ T6616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  122.025562][ T6616]  ? __pfx_print_modules+0x10/0x10
[  122.025576][ T6616]  bad_page+0x176/0x1d0
[  122.025590][ T6616]  free_frozen_pages+0x1079/0x10e0
[  122.025603][ T6616]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  122.025617][ T6616]  bpf_xdp_adjust_tail+0x1c6/0x210
[  122.025631][ T6616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  122.025639][ T6616]  bpf_prog_run_generic_xdp+0x686/0x1510
[  122.025657][ T6616]  do_xdp_generic+0x757/0xd30
[  122.025669][ T6616]  ? __pfx_do_xdp_generic+0x10/0x10
[  122.025681][ T6616]  ? __skb_flow_dissect+0x25f/0x7af0
[  122.025694][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  122.025712][ T6616]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  122.025725][ T6616]  ? mark_lock+0x9a/0x360
[  122.025737][ T6616]  ? __pfx___skb_flow_dissect+0x10/0x10
[  122.025747][ T6616]  ? __lock_acquire+0x1397/0x2100
[  122.025763][ T6616]  __netif_receive_skb+0x12f/0x650
[  122.025775][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  122.025786][ T6616]  ? __pfx___netif_receive_skb+0x10/0x10
[  122.025798][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  122.025808][ T6616]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  122.025821][ T6616]  ? netif_receive_skb+0x131/0x890
[  122.025831][ T6616]  ? netif_receive_skb+0x131/0x890
[  122.025842][ T6616]  netif_receive_skb+0x1e8/0x890
[  122.025853][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  122.025862][ T6616]  ? __pfx_netif_receive_skb+0x10/0x10
[  122.025875][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  122.025884][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  122.025894][ T6616]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  122.025906][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  122.025930][ T6616]  ? __pfx_tun_rx_batched+0x10/0x10
[  122.025943][ T6616]  tun_get_user+0x30cd/0x48a0
[  122.025953][ T6616]  ? tun_get_user+0x2bbb/0x48a0
[  122.025964][ T6616]  ? __lock_acquire+0x1397/0x2100
[  122.025976][ T6616]  ? __pfx_tun_get_user+0x10/0x10
[  122.025989][ T6616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  122.025998][ T6616]  ? tun_get+0x1e/0x2f0
[  122.026006][ T6616]  ? __pfx_lock_release+0x10/0x10
[  122.026020][ T6616]  ? tun_get+0x1e/0x2f0
[  122.026028][ T6616]  ? tun_get+0x27d/0x2f0
[  122.026037][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  122.026047][ T6616]  vfs_write+0xacf/0xd10
[  122.026059][ T6616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  122.026069][ T6616]  ? __pfx_vfs_write+0x10/0x10
[  122.026080][ T6616]  ? __fget_files+0x2a/0x410
[  122.026091][ T6616]  ? __fget_files+0x2a/0x410
[  122.026101][ T6616]  ksys_write+0x18f/0x2b0
[  122.026112][ T6616]  ? __pfx_ksys_write+0x10/0x10
[  122.026125][ T6616]  ? do_syscall_64+0x100/0x230
[  122.026136][ T6616]  ? do_syscall_64+0xb6/0x230
[  122.026144][ T6616]  do_syscall_64+0xf3/0x230
[  122.026153][ T6616]  ? clear_bhb_loop+0x35/0x90
[  122.026166][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.026178][ T6616] RIP: 0033:0x7fc3da57e98f
[  122.026187][ T6616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  122.026195][ T6616] RSP: 002b:00007fc3db388020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  122.026205][ T6616] RAX: ffffffffffffffda RBX: 00007fc3da745fa0 RCX: 00007fc3da57e98f
[  122.026212][ T6616] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  122.026218][ T6616] RBP: 00007fc3da5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  122.026223][ T6616] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  122.026229][ T6616] R13: 0000000000000000 R14: 00007fc3da745fa0 R15: 00007ffe7d632228
[  122.026238][ T6616]  </TASK>
[  122.026245][ T6616] BUG: Bad page state in process syz.0.15  pfn:61691
[  122.411191][ T6616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888061691e88 pfn:0x61691
[  122.421394][ T6616] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  122.428557][ T6616] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  122.437179][ T6616] raw: ffff888061691e88 0000000000000001 00000000ffffffff 0000000000000000
[  122.445958][ T6616] page dumped because: page_pool leak
[  122.451374][ T6616] page_owner tracks the page as allocated
[  122.457123][ T6616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6616, tgid 6614 (syz.0.15), ts 117474894285, free_ts 117459887482
[  122.474093][ T6616]  post_alloc_hook+0x1f4/0x240
[  122.478893][ T6616]  get_page_from_freelist+0x3651/0x37a0
[  122.484458][ T6616]  __alloc_frozen_pages_noprof+0x292/0x710
[  122.490298][ T6616]  alloc_pages_bulk_noprof+0x847/0xae0
[  122.495876][ T6616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  122.501894][ T6616]  skb_pp_cow_data+0xcc8/0x1720
[  122.506794][ T6616]  do_xdp_generic+0x505/0xd30
[  122.511618][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  122.517399][ T6616]  __netif_receive_skb+0x12f/0x650
[  122.522501][ T6616]  netif_receive_skb+0x1e8/0x890
[  122.527488][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  122.532209][ T6616]  tun_get_user+0x30cd/0x48a0
[  122.536874][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  122.541937][ T6616]  vfs_write+0xacf/0xd10
[  122.546187][ T6616]  ksys_write+0x18f/0x2b0
[  122.550547][ T6616]  do_syscall_64+0xf3/0x230
[  122.555098][ T6616] page last free pid 5196 tgid 5196 stack trace:
[  122.561462][ T6616]  free_frozen_pages+0xe04/0x10e0
[  122.566524][ T6616]  __put_partials+0x160/0x1c0
[  122.571225][ T6616]  put_cpu_partial+0x17c/0x250
[  122.576078][ T6616]  __slab_free+0x290/0x380
[  122.580536][ T6616]  qlist_free_all+0x9a/0x140
[  122.585134][ T6616]  kasan_quarantine_reduce+0x14f/0x170
[  122.590621][ T6616]  __kasan_slab_alloc+0x23/0x80
[  122.595479][ T6616]  __kmalloc_cache_noprof+0x1d9/0x390
[  122.600878][ T6616]  kernfs_fop_open+0x3e0/0xd10
[  122.605651][ T6616]  do_dentry_open+0xdec/0x1960
[  122.610454][ T6616]  vfs_open+0x3b/0x370
[  122.614522][ T6616]  path_openat+0x2c81/0x3590
[  122.619161][ T6616]  do_filp_open+0x27f/0x4e0
[  122.623672][ T6616]  do_sys_openat2+0x13e/0x1d0
[  122.628370][ T6616]  __x64_sys_openat+0x247/0x2a0
[  122.633244][ T6616]  do_syscall_64+0xf3/0x230
[  122.637770][ T6616] Modules linked in:
[  122.641667][ T6616] CPU: 0 UID: 0 PID: 6616 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  122.641682][ T6616] Tainted: [B]=BAD_PAGE
[  122.641685][ T6616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  122.641691][ T6616] Call Trace:
[  122.641695][ T6616]  <TASK>
[  122.641699][ T6616]  dump_stack_lvl+0x241/0x360
[  122.641713][ T6616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  122.641722][ T6616]  ? __pfx_print_modules+0x10/0x10
[  122.641736][ T6616]  bad_page+0x176/0x1d0
[  122.641750][ T6616]  free_frozen_pages+0x1079/0x10e0
[  122.641762][ T6616]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  122.641776][ T6616]  bpf_xdp_adjust_tail+0x1c6/0x210
[  122.641789][ T6616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  122.641797][ T6616]  bpf_prog_run_generic_xdp+0x686/0x1510
[  122.641814][ T6616]  do_xdp_generic+0x757/0xd30
[  122.641827][ T6616]  ? __pfx_do_xdp_generic+0x10/0x10
[  122.641839][ T6616]  ? __skb_flow_dissect+0x25f/0x7af0
[  122.641852][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  122.641870][ T6616]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  122.641882][ T6616]  ? mark_lock+0x9a/0x360
[  122.641895][ T6616]  ? __pfx___skb_flow_dissect+0x10/0x10
[  122.641905][ T6616]  ? __lock_acquire+0x1397/0x2100
[  122.641921][ T6616]  __netif_receive_skb+0x12f/0x650
[  122.641932][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  122.641944][ T6616]  ? __pfx___netif_receive_skb+0x10/0x10
[  122.641955][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  122.641966][ T6616]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  122.641978][ T6616]  ? netif_receive_skb+0x131/0x890
[  122.641988][ T6616]  ? netif_receive_skb+0x131/0x890
[  122.641999][ T6616]  netif_receive_skb+0x1e8/0x890
[  122.642010][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  122.642019][ T6616]  ? __pfx_netif_receive_skb+0x10/0x10
[  122.642032][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  122.642041][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  122.642050][ T6616]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  122.642063][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  122.642074][ T6616]  ? __pfx_tun_rx_batched+0x10/0x10
[  122.642087][ T6616]  tun_get_user+0x30cd/0x48a0
[  122.642097][ T6616]  ? tun_get_user+0x2bbb/0x48a0
[  122.642108][ T6616]  ? __lock_acquire+0x1397/0x2100
[  122.642120][ T6616]  ? __pfx_tun_get_user+0x10/0x10
[  122.642138][ T6616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  122.642147][ T6616]  ? tun_get+0x1e/0x2f0
[  122.642155][ T6616]  ? __pfx_lock_release+0x10/0x10
[  122.642169][ T6616]  ? tun_get+0x1e/0x2f0
[  122.642177][ T6616]  ? tun_get+0x27d/0x2f0
[  122.642187][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  122.642197][ T6616]  vfs_write+0xacf/0xd10
[  122.642209][ T6616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  122.642218][ T6616]  ? __pfx_vfs_write+0x10/0x10
[  122.642229][ T6616]  ? __fget_files+0x2a/0x410
[  122.642239][ T6616]  ? __fget_files+0x2a/0x410
[  122.642249][ T6616]  ksys_write+0x18f/0x2b0
[  122.642261][ T6616]  ? __pfx_ksys_write+0x10/0x10
[  122.642271][ T6616]  ? do_syscall_64+0x100/0x230
[  122.642281][ T6616]  ? do_syscall_64+0xb6/0x230
[  122.642290][ T6616]  do_syscall_64+0xf3/0x230
[  122.642298][ T6616]  ? clear_bhb_loop+0x35/0x90
[  122.642311][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.642323][ T6616] RIP: 0033:0x7fc3da57e98f
[  122.642332][ T6616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  122.642339][ T6616] RSP: 002b:00007fc3db388020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  122.642349][ T6616] RAX: ffffffffffffffda RBX: 00007fc3da745fa0 RCX: 00007fc3da57e98f
[  122.642356][ T6616] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  122.642362][ T6616] RBP: 00007fc3da5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  122.642367][ T6616] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  122.642372][ T6616] R13: 0000000000000000 R14: 00007fc3da745fa0 R15: 00007ffe7d632228
[  122.642381][ T6616]  </TASK>
[  122.642388][ T6616] BUG: Bad page state in process syz.0.15  pfn:7efe0
[  123.027628][ T6616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807efe0e58 pfn:0x7efe0
[  123.037706][ T6616] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  123.044870][ T6616] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  123.053520][ T6616] raw: ffff88807efe0e58 0000000000000001 00000000ffffffff 0000000000000000
[  123.062149][ T6616] page dumped because: page_pool leak
[  123.067595][ T6616] page_owner tracks the page as allocated
[  123.073313][ T6616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6616, tgid 6614 (syz.0.15), ts 117474883361, free_ts 117459961280
[  123.090187][ T6616]  post_alloc_hook+0x1f4/0x240
[  123.094964][ T6616]  get_page_from_freelist+0x3651/0x37a0
[  123.100626][ T6616]  __alloc_frozen_pages_noprof+0x292/0x710
[  123.106459][ T6616]  alloc_pages_bulk_noprof+0x847/0xae0
[  123.111960][ T6616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  123.117879][ T6616]  skb_pp_cow_data+0xcc8/0x1720
[  123.122719][ T6616]  do_xdp_generic+0x505/0xd30
[  123.127413][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  123.133220][ T6616]  __netif_receive_skb+0x12f/0x650
[  123.138354][ T6616]  netif_receive_skb+0x1e8/0x890
[  123.143295][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  123.148046][ T6616]  tun_get_user+0x30cd/0x48a0
[  123.152723][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  123.157770][ T6616]  vfs_write+0xacf/0xd10
[  123.162033][ T6616]  ksys_write+0x18f/0x2b0
[  123.166468][ T6616]  do_syscall_64+0xf3/0x230
[  123.171025][ T6616] page last free pid 5196 tgid 5196 stack trace:
[  123.177367][ T6616]  free_frozen_pages+0xe04/0x10e0
[  123.182379][ T6616]  __slab_free+0x2c2/0x380
[  123.186789][ T6616]  qlist_free_all+0x9a/0x140
[  123.191401][ T6616]  kasan_quarantine_reduce+0x14f/0x170
[  123.196867][ T6616]  __kasan_slab_alloc+0x23/0x80
[  123.201751][ T6616]  __kmalloc_cache_noprof+0x1d9/0x390
[  123.207168][ T6616]  kernfs_fop_open+0x3e0/0xd10
[  123.211937][ T6616]  do_dentry_open+0xdec/0x1960
[  123.216776][ T6616]  vfs_open+0x3b/0x370
[  123.220954][ T6616]  path_openat+0x2c81/0x3590
[  123.225566][ T6616]  do_filp_open+0x27f/0x4e0
[  123.230102][ T6616]  do_sys_openat2+0x13e/0x1d0
[  123.234794][ T6616]  __x64_sys_openat+0x247/0x2a0
[  123.239676][ T6616]  do_syscall_64+0xf3/0x230
[  123.244184][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.250108][ T6616] Modules linked in:
[  123.254097][ T6616] CPU: 0 UID: 0 PID: 6616 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  123.254112][ T6616] Tainted: [B]=BAD_PAGE
[  123.254115][ T6616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  123.254121][ T6616] Call Trace:
[  123.254125][ T6616]  <TASK>
[  123.254129][ T6616]  dump_stack_lvl+0x241/0x360
[  123.254142][ T6616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.254151][ T6616]  ? __pfx_print_modules+0x10/0x10
[  123.254165][ T6616]  bad_page+0x176/0x1d0
[  123.254179][ T6616]  free_frozen_pages+0x1079/0x10e0
[  123.254192][ T6616]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  123.254205][ T6616]  bpf_xdp_adjust_tail+0x1c6/0x210
[  123.254219][ T6616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  123.254227][ T6616]  bpf_prog_run_generic_xdp+0x686/0x1510
[  123.254244][ T6616]  do_xdp_generic+0x757/0xd30
[  123.254256][ T6616]  ? __pfx_do_xdp_generic+0x10/0x10
[  123.254269][ T6616]  ? __skb_flow_dissect+0x25f/0x7af0
[  123.254282][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  123.254299][ T6616]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  123.254312][ T6616]  ? mark_lock+0x9a/0x360
[  123.254325][ T6616]  ? __pfx___skb_flow_dissect+0x10/0x10
[  123.254334][ T6616]  ? __lock_acquire+0x1397/0x2100
[  123.254350][ T6616]  __netif_receive_skb+0x12f/0x650
[  123.254362][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  123.254373][ T6616]  ? __pfx___netif_receive_skb+0x10/0x10
[  123.254385][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  123.254395][ T6616]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  123.254408][ T6616]  ? netif_receive_skb+0x131/0x890
[  123.254418][ T6616]  ? netif_receive_skb+0x131/0x890
[  123.254429][ T6616]  netif_receive_skb+0x1e8/0x890
[  123.254439][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  123.254448][ T6616]  ? __pfx_netif_receive_skb+0x10/0x10
[  123.254461][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  123.254470][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  123.254480][ T6616]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  123.254492][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  123.254503][ T6616]  ? __pfx_tun_rx_batched+0x10/0x10
[  123.254516][ T6616]  tun_get_user+0x30cd/0x48a0
[  123.254525][ T6616]  ? tun_get_user+0x2bbb/0x48a0
[  123.254537][ T6616]  ? __lock_acquire+0x1397/0x2100
[  123.254549][ T6616]  ? __pfx_tun_get_user+0x10/0x10
[  123.254561][ T6616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  123.254570][ T6616]  ? tun_get+0x1e/0x2f0
[  123.254579][ T6616]  ? __pfx_lock_release+0x10/0x10
[  123.254593][ T6616]  ? tun_get+0x1e/0x2f0
[  123.254601][ T6616]  ? tun_get+0x27d/0x2f0
[  123.254610][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  123.254620][ T6616]  vfs_write+0xacf/0xd10
[  123.254632][ T6616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  123.254642][ T6616]  ? __pfx_vfs_write+0x10/0x10
[  123.254653][ T6616]  ? __fget_files+0x2a/0x410
[  123.254663][ T6616]  ? __fget_files+0x2a/0x410
[  123.254673][ T6616]  ksys_write+0x18f/0x2b0
[  123.254685][ T6616]  ? __pfx_ksys_write+0x10/0x10
[  123.254695][ T6616]  ? do_syscall_64+0x100/0x230
[  123.254706][ T6616]  ? do_syscall_64+0xb6/0x230
[  123.254714][ T6616]  do_syscall_64+0xf3/0x230
[  123.254722][ T6616]  ? clear_bhb_loop+0x35/0x90
[  123.254735][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.254747][ T6616] RIP: 0033:0x7fc3da57e98f
[  123.254756][ T6616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  123.254763][ T6616] RSP: 002b:00007fc3db388020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  123.254774][ T6616] RAX: ffffffffffffffda RBX: 00007fc3da745fa0 RCX: 00007fc3da57e98f
[  123.254781][ T6616] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  123.254786][ T6616] RBP: 00007fc3da5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  123.254792][ T6616] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  123.254803][ T6616] R13: 0000000000000000 R14: 00007fc3da745fa0 R15: 00007ffe7d632228
[  123.254812][ T6616]  </TASK>
[  123.254819][ T6616] BUG: Bad page state in process syz.0.15  pfn:6c421
[  123.317126][   T55] Bluetooth: hci0: command tx timeout
[  123.317441][ T6616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806c421e88 pfn:0x6c421
[  123.655706][ T6616] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  123.662865][ T6616] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  123.671472][ T6616] raw: ffff88806c421e88 0000000000000001 00000000ffffffff 0000000000000000
[  123.680072][ T6616] page dumped because: page_pool leak
[  123.685439][ T6616] page_owner tracks the page as allocated
[  123.693041][ T6616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6616, tgid 6614 (syz.0.15), ts 117474872140, free_ts 117459978756
[  123.709920][ T6616]  post_alloc_hook+0x1f4/0x240
[  123.714672][ T6616]  get_page_from_freelist+0x3651/0x37a0
[  123.720237][ T6616]  __alloc_frozen_pages_noprof+0x292/0x710
[  123.726046][ T6616]  alloc_pages_bulk_noprof+0x847/0xae0
[  123.731531][ T6616]  __page_pool_alloc_pages_slow+0x11f/0x690
[  123.737444][ T6616]  skb_pp_cow_data+0xcc8/0x1720
[  123.742279][ T6616]  do_xdp_generic+0x505/0xd30
[  123.746933][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  123.752674][ T6616]  __netif_receive_skb+0x12f/0x650
[  123.757814][ T6616]  netif_receive_skb+0x1e8/0x890
[  123.762739][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  123.767428][ T6616]  tun_get_user+0x30cd/0x48a0
[  123.772107][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  123.777145][ T6616]  vfs_write+0xacf/0xd10
[  123.781390][ T6616]  ksys_write+0x18f/0x2b0
[  123.785702][ T6616]  do_syscall_64+0xf3/0x230
[  123.790217][ T6616] page last free pid 5196 tgid 5196 stack trace:
[  123.796535][ T6616]  free_frozen_pages+0xe04/0x10e0
[  123.801580][ T6616]  __slab_free+0x2c2/0x380
[  123.805994][ T6616]  qlist_free_all+0x9a/0x140
[  123.810608][ T6616]  kasan_quarantine_reduce+0x14f/0x170
[  123.816068][ T6616]  __kasan_slab_alloc+0x23/0x80
[  123.820962][ T6616]  __kmalloc_cache_noprof+0x1d9/0x390
[  123.826413][ T6616]  kernfs_fop_open+0x3e0/0xd10
[  123.831230][ T6616]  do_dentry_open+0xdec/0x1960
[  123.836012][ T6616]  vfs_open+0x3b/0x370
[  123.840116][ T6616]  path_openat+0x2c81/0x3590
[  123.844714][ T6616]  do_filp_open+0x27f/0x4e0
[  123.849242][ T6616]  do_sys_openat2+0x13e/0x1d0
[  123.853922][ T6616]  __x64_sys_openat+0x247/0x2a0
[  123.858797][ T6616]  do_syscall_64+0xf3/0x230
[  123.863316][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.869245][ T6616] Modules linked in:
[  123.873146][ T6616] CPU: 0 UID: 0 PID: 6616 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  123.873161][ T6616] Tainted: [B]=BAD_PAGE
[  123.873165][ T6616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  123.873170][ T6616] Call Trace:
[  123.873174][ T6616]  <TASK>
[  123.873178][ T6616]  dump_stack_lvl+0x241/0x360
[  123.873191][ T6616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.873200][ T6616]  ? __pfx_print_modules+0x10/0x10
[  123.873214][ T6616]  bad_page+0x176/0x1d0
[  123.873228][ T6616]  free_frozen_pages+0x1079/0x10e0
[  123.873240][ T6616]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  123.873254][ T6616]  bpf_xdp_adjust_tail+0x1c6/0x210
[  123.873268][ T6616]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  123.873276][ T6616]  bpf_prog_run_generic_xdp+0x686/0x1510
[  123.873293][ T6616]  do_xdp_generic+0x757/0xd30
[  123.873305][ T6616]  ? __pfx_do_xdp_generic+0x10/0x10
[  123.873317][ T6616]  ? __skb_flow_dissect+0x25f/0x7af0
[  123.873331][ T6616]  __netif_receive_skb_core+0x1be5/0x4540
[  123.873352][ T6616]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  123.873365][ T6616]  ? mark_lock+0x9a/0x360
[  123.873377][ T6616]  ? __pfx___skb_flow_dissect+0x10/0x10
[  123.873387][ T6616]  ? __lock_acquire+0x1397/0x2100
[  123.873403][ T6616]  __netif_receive_skb+0x12f/0x650
[  123.873415][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  123.873426][ T6616]  ? __pfx___netif_receive_skb+0x10/0x10
[  123.873441][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  123.873451][ T6616]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  123.873464][ T6616]  ? netif_receive_skb+0x131/0x890
[  123.873474][ T6616]  ? netif_receive_skb+0x131/0x890
[  123.873485][ T6616]  netif_receive_skb+0x1e8/0x890
[  123.873495][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  123.873505][ T6616]  ? __pfx_netif_receive_skb+0x10/0x10
[  123.873517][ T6616]  ? tun_rx_batched+0x160/0x8f0
[  123.873526][ T6616]  tun_rx_batched+0x1b7/0x8f0
[  123.873536][ T6616]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  123.873548][ T6616]  ? __pfx_lock_acquire+0x10/0x10
[  123.873560][ T6616]  ? __pfx_tun_rx_batched+0x10/0x10
[  123.873572][ T6616]  tun_get_user+0x30cd/0x48a0
[  123.873582][ T6616]  ? tun_get_user+0x2bbb/0x48a0
[  123.873593][ T6616]  ? __lock_acquire+0x1397/0x2100
[  123.873606][ T6616]  ? __pfx_tun_get_user+0x10/0x10
[  123.873618][ T6616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  123.873627][ T6616]  ? tun_get+0x1e/0x2f0
[  123.873636][ T6616]  ? __pfx_lock_release+0x10/0x10
[  123.873650][ T6616]  ? tun_get+0x1e/0x2f0
[  123.873658][ T6616]  ? tun_get+0x27d/0x2f0
[  123.873667][ T6616]  tun_chr_write_iter+0x10d/0x1f0
[  123.873677][ T6616]  vfs_write+0xacf/0xd10
[  123.873689][ T6616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  123.873699][ T6616]  ? __pfx_vfs_write+0x10/0x10
[  123.873710][ T6616]  ? __fget_files+0x2a/0x410
[  123.873720][ T6616]  ? __fget_files+0x2a/0x410
[  123.873730][ T6616]  ksys_write+0x18f/0x2b0
[  123.873741][ T6616]  ? __pfx_ksys_write+0x10/0x10
[  123.873752][ T6616]  ? do_syscall_64+0x100/0x230
[  123.873762][ T6616]  ? do_syscall_64+0xb6/0x230
[  123.873771][ T6616]  do_syscall_64+0xf3/0x230
[  123.873779][ T6616]  ? clear_bhb_loop+0x35/0x90
[  123.873792][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.873804][ T6616] RIP: 0033:0x7fc3da57e98f
[  123.873813][ T6616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  123.873820][ T6616] RSP: 002b:00007fc3db388020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  123.873831][ T6616] RAX: ffffffffffffffda RBX: 00007fc3da745fa0 RCX: 00007fc3da57e98f
[  123.873837][ T6616] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  123.873843][ T6616] RBP: 00007fc3da5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  123.873848][ T6616] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  123.873854][ T6616] R13: 0000000000000000 R14: 00007fc3da745fa0 R15: 00007ffe7d632228
[  123.873863][ T6616]  </TASK>
2025/03/13 17:28:31 executed programs: 3
[  124.334553][ T6677] BUG: Bad page state in process syz.0.16  pfn:7cfda
[  124.341305][ T6677] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807cfda000 pfn:0x7cfda
[  124.351509][ T6677] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  124.358691][ T6677] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  124.367316][ T6677] raw: ffff88807cfda000 0000000000000001 00000000ffffffff 0000000000000000
[  124.375917][ T6677] page dumped because: page_pool leak
[  124.381319][ T6677] page_owner tracks the page as allocated
[  124.387078][ T6677] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6677, tgid 6676 (syz.0.16), ts 124334491015, free_ts 124329085475
[  124.403971][ T6677]  post_alloc_hook+0x1f4/0x240
[  124.408764][ T6677]  get_page_from_freelist+0x3651/0x37a0
[  124.414337][ T6677]  __alloc_frozen_pages_noprof+0x292/0x710
[  124.420200][ T6677]  alloc_pages_bulk_noprof+0x847/0xae0
[  124.425672][ T6677]  __page_pool_alloc_pages_slow+0x11f/0x690
[  124.431608][ T6677]  skb_pp_cow_data+0xcc8/0x1720
[  124.436472][ T6677]  do_xdp_generic+0x505/0xd30
[  124.441176][ T6677]  __netif_receive_skb_core+0x1be5/0x4540
[  124.447030][ T6677]  __netif_receive_skb+0x12f/0x650
[  124.452160][ T6677]  netif_receive_skb+0x1e8/0x890
[  124.457489][ T6677]  tun_rx_batched+0x1b7/0x8f0
[  124.462176][ T6677]  tun_get_user+0x30cd/0x48a0
[  124.466933][ T6677]  tun_chr_write_iter+0x10d/0x1f0
[  124.471983][ T6677]  vfs_write+0xacf/0xd10
[  124.476240][ T6677]  ksys_write+0x18f/0x2b0
[  124.480602][ T6677]  do_syscall_64+0xf3/0x230
[  124.485136][ T6677] page last free pid 5489 tgid 5489 stack trace:
[  124.491490][ T6677]  free_frozen_pages+0xe04/0x10e0
[  124.496523][ T6677]  __put_partials+0x160/0x1c0
[  124.501227][ T6677]  put_cpu_partial+0x17c/0x250
[  124.505998][ T6677]  __slab_free+0x290/0x380
[  124.510440][ T6677]  qlist_free_all+0x9a/0x140
[  124.515051][ T6677]  kasan_quarantine_reduce+0x14f/0x170
[  124.520551][ T6677]  __kasan_slab_alloc+0x23/0x80
[  124.525480][ T6677]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  124.531398][ T6677]  __alloc_skb+0x1c3/0x440
[  124.535820][ T6677]  alloc_skb_with_frags+0xc3/0x820
[  124.540962][ T6677]  sock_alloc_send_pskb+0x91a/0xa60
[  124.546172][ T6677]  unix_dgram_sendmsg+0x5e8/0x1df0
[  124.551307][ T6677]  __sock_sendmsg+0x221/0x270
[  124.555994][ T6677]  sock_write_iter+0x2d7/0x3f0
[  124.560781][ T6677]  do_iter_readv_writev+0x71a/0x9d0
[  124.565984][ T6677]  vfs_writev+0x38b/0xbc0
[  124.570338][ T6677] Modules linked in:
[  124.574235][ T6677] CPU: 0 UID: 0 PID: 6677 Comm: syz.0.16 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  124.574250][ T6677] Tainted: [B]=BAD_PAGE
[  124.574253][ T6677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  124.574259][ T6677] Call Trace:
[  124.574264][ T6677]  <TASK>
[  124.574268][ T6677]  dump_stack_lvl+0x241/0x360
[  124.574281][ T6677]  ? __pfx_dump_stack_lvl+0x10/0x10
[  124.574290][ T6677]  ? __pfx_print_modules+0x10/0x10
[  124.574304][ T6677]  bad_page+0x176/0x1d0
[  124.574318][ T6677]  free_frozen_pages+0x1079/0x10e0
[  124.574330][ T6677]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  124.574344][ T6677]  bpf_xdp_adjust_tail+0x1c6/0x210
[  124.574357][ T6677]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  124.574365][ T6677]  bpf_prog_run_generic_xdp+0x686/0x1510
[  124.574383][ T6677]  do_xdp_generic+0x757/0xd30
[  124.574395][ T6677]  ? __pfx_do_xdp_generic+0x10/0x10
[  124.574405][ T6677]  ? rcu_is_watching+0x15/0xb0
[  124.574419][ T6677]  ? cgroup_rstat_updated+0x13b/0xc30
[  124.574430][ T6677]  __netif_receive_skb_core+0x1be5/0x4540
[  124.574448][ T6677]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  124.574461][ T6677]  ? __pfx___skb_flow_dissect+0x10/0x10
[  124.574470][ T6677]  ? rcu_is_watching+0x15/0xb0
[  124.574479][ T6677]  ? lock_release+0xbf/0xa30
[  124.574490][ T6677]  ? __pfx_count_memcg_event_mm+0x10/0x10
[  124.574502][ T6677]  ? __up_read+0x2c2/0x6b0
[  124.574514][ T6677]  ? rcu_is_watching+0x15/0xb0
[  124.574530][ T6677]  __netif_receive_skb+0x12f/0x650
[  124.574550][ T6677]  ? __pfx_lock_acquire+0x10/0x10
[  124.574570][ T6677]  ? __pfx___netif_receive_skb+0x10/0x10
[  124.574588][ T6677]  ? tun_rx_batched+0x160/0x8f0
[  124.574598][ T6677]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  124.574609][ T6677]  ? _copy_from_iter+0x161/0x1c40
[  124.574620][ T6677]  ? netif_receive_skb+0x131/0x890
[  124.574636][ T6677]  netif_receive_skb+0x1e8/0x890
[  124.574648][ T6677]  ? tun_rx_batched+0x160/0x8f0
[  124.574657][ T6677]  ? __pfx_netif_receive_skb+0x10/0x10
[  124.574668][ T6677]  ? __pfx_lock_release+0x10/0x10
[  124.574680][ T6677]  ? tun_rx_batched+0x160/0x8f0
[  124.574690][ T6677]  tun_rx_batched+0x1b7/0x8f0
[  124.574699][ T6677]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  124.574712][ T6677]  ? __pfx_lock_acquire+0x10/0x10
[  124.574722][ T6677]  ? rcu_is_watching+0x15/0xb0
[  124.574730][ T6677]  ? __pfx_tun_rx_batched+0x10/0x10
[  124.574743][ T6677]  tun_get_user+0x30cd/0x48a0
[  124.574753][ T6677]  ? tun_get_user+0x2bbb/0x48a0
[  124.574764][ T6677]  ? schedule+0x90/0x320
[  124.574775][ T6677]  ? schedule+0x90/0x320
[  124.574786][ T6677]  ? schedule+0x155/0x320
[  124.574797][ T6677]  ? futex_wait_queue+0x27/0x1e0
[  124.574809][ T6677]  ? futex_wait_queue+0x159/0x1e0
[  124.574820][ T6677]  ? __pfx_tun_get_user+0x10/0x10
[  124.574830][ T6677]  ? __futex_wait+0x287/0x320
[  124.574842][ T6677]  ? tun_get+0x1e/0x2f0
[  124.574850][ T6677]  ? rcu_is_watching+0x15/0xb0
[  124.574858][ T6677]  ? tun_get+0x1e/0x2f0
[  124.574867][ T6677]  ? lock_release+0xbf/0xa30
[  124.574878][ T6677]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  124.574890][ T6677]  ? __pfx_lock_release+0x10/0x10
[  124.574904][ T6677]  ? tun_get+0x1e/0x2f0
[  124.574913][ T6677]  ? tun_get+0x27d/0x2f0
[  124.574922][ T6677]  tun_chr_write_iter+0x10d/0x1f0
[  124.574932][ T6677]  vfs_write+0xacf/0xd10
[  124.574944][ T6677]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  124.574953][ T6677]  ? __pfx_vfs_write+0x10/0x10
[  124.574964][ T6677]  ? __fget_files+0x2a/0x410
[  124.574974][ T6677]  ? __fget_files+0x2a/0x410
[  124.574985][ T6677]  ksys_write+0x18f/0x2b0
[  124.574996][ T6677]  ? __pfx_ksys_write+0x10/0x10
[  124.575006][ T6677]  ? rcu_is_watching+0x15/0xb0
[  124.575015][ T6677]  ? rcu_is_watching+0x15/0xb0
[  124.575024][ T6677]  do_syscall_64+0xf3/0x230
[  124.575033][ T6677]  ? clear_bhb_loop+0x35/0x90
[  124.575047][ T6677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.575058][ T6677] RIP: 0033:0x7fc3da57e98f
[  124.575067][ T6677] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  124.575074][ T6677] RSP: 002b:00007fc3db388020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  124.575085][ T6677] RAX: ffffffffffffffda RBX: 00007fc3da745fa0 RCX: 00007fc3da57e98f
[  124.575091][ T6677] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  124.575097][ T6677] RBP: 00007fc3da5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  124.575102][ T6677] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  124.575108][ T6677] R13: 0000000000000000 R14: 00007fc3da745fa0 R15: 00007ffe7d632228
[  124.575117][ T6677]  </TASK>
[  124.575124][ T6677] BUG: Bad page state in process syz.0.16  pfn:2f712
[  125.025979][ T6677] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802f712000 pfn:0x2f712
[  125.036062][ T6677] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  125.043197][ T6677] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  125.051825][ T6677] raw: ffff88802f712000 0000000000000001 00000000ffffffff 0000000000000000
[  125.060516][ T6677] page dumped because: page_pool leak
[  125.065982][ T6677] page_owner tracks the page as allocated
[  125.071724][ T6677] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6677, tgid 6676 (syz.0.16), ts 124334482084, free_ts 124329100696
[  125.088694][ T6677]  post_alloc_hook+0x1f4/0x240
[  125.093491][ T6677]  get_page_from_freelist+0x3651/0x37a0
[  125.099064][ T6677]  __alloc_frozen_pages_noprof+0x292/0x710
[  125.104908][ T6677]  alloc_pages_bulk_noprof+0x847/0xae0
[  125.110400][ T6677]  __page_pool_alloc_pages_slow+0x11f/0x690
[  125.116301][ T6677]  skb_pp_cow_data+0xcc8/0x1720
[  125.121177][ T6677]  do_xdp_generic+0x505/0xd30
[  125.125898][ T6677]  __netif_receive_skb_core+0x1be5/0x4540
[  125.131653][ T6677]  __netif_receive_skb+0x12f/0x650
[  125.136791][ T6677]  netif_receive_skb+0x1e8/0x890
[  125.141784][ T6677]  tun_rx_batched+0x1b7/0x8f0
[  125.146504][ T6677]  tun_get_user+0x30cd/0x48a0
[  125.151317][ T6677]  tun_chr_write_iter+0x10d/0x1f0
[  125.156380][ T6677]  vfs_write+0xacf/0xd10
[  125.160668][ T6677]  ksys_write+0x18f/0x2b0
[  125.165004][ T6677]  do_syscall_64+0xf3/0x230
[  125.169534][ T6677] page last free pid 5489 tgid 5489 stack trace:
[  125.175892][ T6677]  free_frozen_pages+0xe04/0x10e0
[  125.180964][ T6677]  __put_partials+0x160/0x1c0
[  125.185650][ T6677]  put_cpu_partial+0x17c/0x250
[  125.190458][ T6677]  __slab_free+0x290/0x380
[  125.194884][ T6677]  qlist_free_all+0x9a/0x140
[  125.199517][ T6677]  kasan_quarantine_reduce+0x14f/0x170
[  125.204985][ T6677]  __kasan_slab_alloc+0x23/0x80
[  125.209867][ T6677]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  125.215760][ T6677]  __alloc_skb+0x1c3/0x440
[  125.220200][ T6677]  alloc_skb_with_frags+0xc3/0x820
[  125.225339][ T6677]  sock_alloc_send_pskb+0x91a/0xa60
[  125.230576][ T6677]  unix_dgram_sendmsg+0x5e8/0x1df0
[  125.235697][ T6677]  __sock_sendmsg+0x221/0x270
[  125.240404][ T6677]  sock_write_iter+0x2d7/0x3f0
[  125.245174][ T6677]  do_iter_readv_writev+0x71a/0x9d0
[  125.250483][ T6677]  vfs_writev+0x38b/0xbc0
[  125.254898][ T6677] Modules linked in:
[  125.258830][ T6677] CPU: 0 UID: 0 PID: 6677 Comm: syz.0.16 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  125.258859][ T6677] Tainted: [B]=BAD_PAGE
[  125.258864][ T6677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  125.258872][ T6677] Call Trace:
[  125.258878][ T6677]  <TASK>
[  125.258884][ T6677]  dump_stack_lvl+0x241/0x360
[  125.258903][ T6677]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.258917][ T6677]  ? __pfx_print_modules+0x10/0x10
[  125.258939][ T6677]  bad_page+0x176/0x1d0
[  125.258960][ T6677]  free_frozen_pages+0x1079/0x10e0
[  125.258980][ T6677]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  125.259005][ T6677]  bpf_xdp_adjust_tail+0x1c6/0x210
[  125.259029][ T6677]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  125.259043][ T6677]  bpf_prog_run_generic_xdp+0x686/0x1510
[  125.259075][ T6677]  do_xdp_generic+0x757/0xd30
[  125.259097][ T6677]  ? __pfx_do_xdp_generic+0x10/0x10
[  125.259114][ T6677]  ? rcu_is_watching+0x15/0xb0
[  125.259137][ T6677]  ? cgroup_rstat_updated+0x13b/0xc30
[  125.259157][ T6677]  __netif_receive_skb_core+0x1be5/0x4540
[  125.259188][ T6677]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  125.259210][ T6677]  ? __pfx___skb_flow_dissect+0x10/0x10
[  125.259226][ T6677]  ? rcu_is_watching+0x15/0xb0
[  125.259240][ T6677]  ? lock_release+0xbf/0xa30
[  125.259260][ T6677]  ? __pfx_count_memcg_event_mm+0x10/0x10
[  125.259280][ T6677]  ? __up_read+0x2c2/0x6b0
[  125.259298][ T6677]  ? rcu_is_watching+0x15/0xb0
[  125.259314][ T6677]  __netif_receive_skb+0x12f/0x650
[  125.259335][ T6677]  ? __pfx_lock_acquire+0x10/0x10
[  125.259354][ T6677]  ? __pfx___netif_receive_skb+0x10/0x10
[  125.259376][ T6677]  ? tun_rx_batched+0x160/0x8f0
[  125.259393][ T6677]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  125.259414][ T6677]  ? _copy_from_iter+0x161/0x1c40
[  125.259432][ T6677]  ? netif_receive_skb+0x131/0x890
[  125.259451][ T6677]  netif_receive_skb+0x1e8/0x890
[  125.259471][ T6677]  ? tun_rx_batched+0x160/0x8f0
[  125.259487][ T6677]  ? __pfx_netif_receive_skb+0x10/0x10
[  125.259506][ T6677]  ? __pfx_lock_release+0x10/0x10
[  125.259528][ T6677]  ? tun_rx_batched+0x160/0x8f0
[  125.259544][ T6677]  tun_rx_batched+0x1b7/0x8f0
[  125.259561][ T6677]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  125.259583][ T6677]  ? __pfx_lock_acquire+0x10/0x10
[  125.259602][ T6677]  ? rcu_is_watching+0x15/0xb0
[  125.259616][ T6677]  ? __pfx_tun_rx_batched+0x10/0x10
[  125.259640][ T6677]  tun_get_user+0x30cd/0x48a0
[  125.259656][ T6677]  ? tun_get_user+0x2bbb/0x48a0
[  125.259676][ T6677]  ? schedule+0x90/0x320
[  125.259695][ T6677]  ? schedule+0x90/0x320
[  125.259713][ T6677]  ? schedule+0x155/0x320
[  125.259732][ T6677]  ? futex_wait_queue+0x27/0x1e0
[  125.259752][ T6677]  ? futex_wait_queue+0x159/0x1e0
[  125.259773][ T6677]  ? __pfx_tun_get_user+0x10/0x10
[  125.259789][ T6677]  ? __futex_wait+0x287/0x320
[  125.259811][ T6677]  ? tun_get+0x1e/0x2f0
[  125.259825][ T6677]  ? rcu_is_watching+0x15/0xb0
[  125.259840][ T6677]  ? tun_get+0x1e/0x2f0
[  125.259864][ T6677]  ? lock_release+0xbf/0xa30
[  125.259885][ T6677]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  125.259901][ T6677]  ? __pfx_lock_release+0x10/0x10
[  125.259926][ T6677]  ? tun_get+0x1e/0x2f0
[  125.259941][ T6677]  ? tun_get+0x27d/0x2f0
[  125.259957][ T6677]  tun_chr_write_iter+0x10d/0x1f0
[  125.259976][ T6677]  vfs_write+0xacf/0xd10
[  125.259997][ T6677]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  125.260013][ T6677]  ? __pfx_vfs_write+0x10/0x10
[  125.260033][ T6677]  ? __fget_files+0x2a/0x410
[  125.260050][ T6677]  ? __fget_files+0x2a/0x410
[  125.260069][ T6677]  ksys_write+0x18f/0x2b0
[  125.260088][ T6677]  ? __pfx_ksys_write+0x10/0x10
[  125.260106][ T6677]  ? rcu_is_watching+0x15/0xb0
[  125.260122][ T6677]  ? rcu_is_watching+0x15/0xb0
[  125.260138][ T6677]  do_syscall_64+0xf3/0x230
[  125.260153][ T6677]  ? clear_bhb_loop+0x35/0x90
[  125.260175][ T6677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.260195][ T6677] RIP: 0033:0x7fc3da57e98f
[  125.260209][ T6677] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  125.260222][ T6677] RSP: 002b:00007fc3db388020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  125.260239][ T6677] RAX: ffffffffffffffda RBX: 00007fc3da745fa0 RCX: 00007fc3da57e98f
[  125.260250][ T6677] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  125.260260][ T6677] RBP: 00007fc3da5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  125.260269][ T6677] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  125.260279][ T6677] R13: 0000000000000000 R14: 00007fc3da745fa0 R15: 00007ffe7d632228
[  125.260297][ T6677]  </TASK>
[  125.260307][ T6677] BUG: Bad page state in process syz.0.16  pfn:78ebd
[  125.710572][ T6677] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078ebd000 pfn:0x78ebd
[  125.720683][ T6677] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  125.727824][ T6677] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  125.736393][ T6677] raw: ffff888078ebd000 0000000000000001 00000000ffffffff 0000000000000000
[  125.745021][ T6677] page dumped because: page_pool leak
[  125.750416][ T6677] page_owner tracks the page as allocated
[  125.756206][ T6677] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6677, tgid 6676 (syz.0.16), ts 124334472918, free_ts 124329115268
[  125.773079][ T6677]  post_alloc_hook+0x1f4/0x240
[  125.777879][ T6677]  get_page_from_freelist+0x3651/0x37a0
[  125.783418][ T6677]  __alloc_frozen_pages_noprof+0x292/0x710
[  125.789261][ T6677]  alloc_pages_bulk_noprof+0x847/0xae0
[  125.794818][ T6677]  __page_pool_alloc_pages_slow+0x11f/0x690
[  125.800766][ T6677]  skb_pp_cow_data+0xcc8/0x1720
[  125.805652][ T6677]  do_xdp_generic+0x505/0xd30
[  125.810372][ T6677]  __netif_receive_skb_core+0x1be5/0x4540
[  125.816104][ T6677]  __netif_receive_skb+0x12f/0x650
[  125.821253][ T6677]  netif_receive_skb+0x1e8/0x890
[  125.826226][ T6677]  tun_rx_batched+0x1b7/0x8f0
[  125.830928][ T6677]  tun_get_user+0x30cd/0x48a0
[  125.835627][ T6677]  tun_chr_write_iter+0x10d/0x1f0
[  125.840684][ T6677]  vfs_write+0xacf/0xd10
[  125.844933][ T6677]  ksys_write+0x18f/0x2b0
[  125.849286][ T6677]  do_syscall_64+0xf3/0x230
[  125.853800][ T6677] page last free pid 5489 tgid 5489 stack trace:
[  125.860518][ T6677]  free_frozen_pages+0xe04/0x10e0
[  125.865550][ T6677]  __put_partials+0x160/0x1c0
[  125.870259][ T6677]  put_cpu_partial+0x17c/0x250
[  125.875037][ T6677]  __slab_free+0x290/0x380
[  125.879496][ T6677]  qlist_free_all+0x9a/0x140
[  125.884128][ T6677]  kasan_quarantine_reduce+0x14f/0x170
[  125.889623][ T6677]  __kasan_slab_alloc+0x23/0x80
[  125.894484][ T6677]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  125.900405][ T6677]  __alloc_skb+0x1c3/0x440
[  125.904828][ T6677]  alloc_skb_with_frags+0xc3/0x820
[  125.909977][ T6677]  sock_alloc_send_pskb+0x91a/0xa60
[  125.915217][ T6677]  unix_dgram_sendmsg+0x5e8/0x1df0
[  125.920374][ T6677]  __sock_sendmsg+0x221/0x270
[  125.925096][ T6677]  sock_write_iter+0x2d7/0x3f0
[  125.929904][ T6677]  do_iter_readv_writev+0x71a/0x9d0
[  125.935109][ T6677]  vfs_writev+0x38b/0xbc0
[  125.939483][ T6677] Modules linked in:
[  125.943399][ T6677] CPU: 0 UID: 0 PID: 6677 Comm: syz.0.16 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  125.943415][ T6677] Tainted: [B]=BAD_PAGE
[  125.943418][ T6677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  125.943424][ T6677] Call Trace:
[  125.943428][ T6677]  <TASK>
[  125.943432][ T6677]  dump_stack_lvl+0x241/0x360
[  125.943446][ T6677]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.943455][ T6677]  ? __pfx_print_modules+0x10/0x10
[  125.943469][ T6677]  bad_page+0x176/0x1d0
[  125.943483][ T6677]  free_frozen_pages+0x1079/0x10e0
[  125.943495][ T6677]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  125.943509][ T6677]  bpf_xdp_adjust_tail+0x1c6/0x210
[  125.943523][ T6677]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  125.943531][ T6677]  bpf_prog_run_generic_xdp+0x686/0x1510
[  125.943549][ T6677]  do_xdp_generic+0x757/0xd30
[  125.943568][ T6677]  ? __pfx_do_xdp_generic+0x10/0x10
[  125.943578][ T6677]  ? rcu_is_watching+0x15/0xb0
[  125.943592][ T6677]  ? cgroup_rstat_updated+0x13b/0xc30
[  125.943603][ T6677]  __netif_receive_skb_core+0x1be5/0x4540
[  125.943622][ T6677]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  125.943635][ T6677]  ? __pfx___skb_flow_dissect+0x10/0x10
[  125.943644][ T6677]  ? rcu_is_watching+0x15/0xb0
[  125.943653][ T6677]  ? lock_release+0xbf/0xa30
[  125.943665][ T6677]  ? __pfx_count_memcg_event_mm+0x10/0x10
[  125.943677][ T6677]  ? __up_read+0x2c2/0x6b0
[  125.943686][ T6677]  ? rcu_is_watching+0x15/0xb0
[  125.943695][ T6677]  __netif_receive_skb+0x12f/0x650
[  125.943708][ T6677]  ? __pfx_lock_acquire+0x10/0x10
[  125.943719][ T6677]  ? __pfx___netif_receive_skb+0x10/0x10
[  125.943731][ T6677]  ? tun_rx_batched+0x160/0x8f0
[  125.943741][ T6677]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  125.943753][ T6677]  ? _copy_from_iter+0x161/0x1c40
[  125.943764][ T6677]  ? netif_receive_skb+0x131/0x890
[  125.943775][ T6677]  netif_receive_skb+0x1e8/0x890
[  125.943786][ T6677]  ? tun_rx_batched+0x160/0x8f0
[  125.943795][ T6677]  ? __pfx_netif_receive_skb+0x10/0x10
[  125.943806][ T6677]  ? __pfx_lock_release+0x10/0x10
[  125.943819][ T6677]  ? tun_rx_batched+0x160/0x8f0
[  125.943828][ T6677]  tun_rx_batched+0x1b7/0x8f0
[  125.943838][ T6677]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  125.943850][ T6677]  ? __pfx_lock_acquire+0x10/0x10
[  125.943861][ T6677]  ? rcu_is_watching+0x15/0xb0
[  125.943869][ T6677]  ? __pfx_tun_rx_batched+0x10/0x10
[  125.943882][ T6677]  tun_get_user+0x30cd/0x48a0
[  125.943892][ T6677]  ? tun_get_user+0x2bbb/0x48a0
[  125.943903][ T6677]  ? schedule+0x90/0x320
[  125.943914][ T6677]  ? schedule+0x90/0x320
[  125.943925][ T6677]  ? schedule+0x155/0x320
[  125.943936][ T6677]  ? futex_wait_queue+0x27/0x1e0
[  125.943948][ T6677]  ? futex_wait_queue+0x159/0x1e0
[  125.943959][ T6677]  ? __pfx_tun_get_user+0x10/0x10
[  125.943968][ T6677]  ? __futex_wait+0x287/0x320
[  125.943981][ T6677]  ? tun_get+0x1e/0x2f0
[  125.943989][ T6677]  ? rcu_is_watching+0x15/0xb0
[  125.943997][ T6677]  ? tun_get+0x1e/0x2f0
[  125.944006][ T6677]  ? lock_release+0xbf/0xa30
[  125.944017][ T6677]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  125.944027][ T6677]  ? __pfx_lock_release+0x10/0x10
[  125.944041][ T6677]  ? tun_get+0x1e/0x2f0
[  125.944050][ T6677]  ? tun_get+0x27d/0x2f0
[  125.944059][ T6677]  tun_chr_write_iter+0x10d/0x1f0
[  125.944069][ T6677]  vfs_write+0xacf/0xd10
[  125.944081][ T6677]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  125.944090][ T6677]  ? __pfx_vfs_write+0x10/0x10
[  125.944101][ T6677]  ? __fget_files+0x2a/0x410
[  125.944112][ T6677]  ? __fget_files+0x2a/0x410
[  125.944122][ T6677]  ksys_write+0x18f/0x2b0
[  125.944133][ T6677]  ? __pfx_ksys_write+0x10/0x10
[  125.944144][ T6677]  ? rcu_is_watching+0x15/0xb0
[  125.944153][ T6677]  ? rcu_is_watching+0x15/0xb0
[  125.944162][ T6677]  do_syscall_64+0xf3/0x230
[  125.944170][ T6677]  ? clear_bhb_loop+0x35/0x90
[  125.944183][ T6677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.944195][ T6677] RIP: 0033:0x7fc3da57e98f
[  125.944204][ T6677] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  125.944211][ T6677] RSP: 002b:00007fc3db388020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  125.944221][ T6677] RAX: ffffffffffffffda RBX: 00007fc3da745fa0 RCX: 00007fc3da57e98f
[  125.944227][ T6677] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  125.944233][ T6677] RBP: 00007fc3da5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  125.944239][ T6677] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  125.944244][ T6677] R13: 0000000000000000 R14: 00007fc3da745fa0 R15: 00007ffe7d632228
[  125.944253][ T6677]  </TASK>
[  125.944261][ T6677] BUG: Bad page state in process syz.0.16  pfn:32373
[  126.394313][ T6677] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888032373000 pfn:0x32373
[  126.404433][ T6677] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  126.411590][ T6677] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  126.420264][ T6677] raw: ffff888032373000 0000000000000001 00000000ffffffff 0000000000000000
[  126.428994][ T6677] page dumped because: page_pool leak
[  126.434379][ T6677] page_owner tracks the page as allocated
[  126.440160][ T6677] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6677, tgid 6676 (syz.0.16), ts 124334463523, free_ts 124329136735
[  126.457041][ T6677]  post_alloc_hook+0x1f4/0x240
[  126.461810][ T6677]  get_page_from_freelist+0x3651/0x37a0
[  126.467388][ T6677]  __alloc_frozen_pages_noprof+0x292/0x710
[  126.473211][ T6677]  alloc_pages_bulk_noprof+0x847/0xae0
[  126.478704][ T6677]  __page_pool_alloc_pages_slow+0x11f/0x690
[  126.484633][ T6677]  skb_pp_cow_data+0xcc8/0x1720
[  126.489518][ T6677]  do_xdp_generic+0x505/0xd30
[  126.494222][ T6677]  __netif_receive_skb_core+0x1be5/0x4540
[  126.499984][ T6677]  __netif_receive_skb+0x12f/0x650
[  126.505106][ T6677]  netif_receive_skb+0x1e8/0x890
[  126.510072][ T6677]  tun_rx_batched+0x1b7/0x8f0
[  126.514773][ T6677]  tun_get_user+0x30cd/0x48a0
[  126.519501][ T6677]  tun_chr_write_iter+0x10d/0x1f0
[  126.524804][ T6677]  vfs_write+0xacf/0xd10
[  126.529074][ T6677]  ksys_write+0x18f/0x2b0
[  126.533422][ T6677]  do_syscall_64+0xf3/0x230
[  126.538047][ T6677] page last free pid 5489 tgid 5489 stack trace:
[  126.544390][ T6677]  free_frozen_pages+0xe04/0x10e0
[  126.549510][ T6677]  __put_partials+0x160/0x1c0
[  126.554195][ T6677]  put_cpu_partial+0x17c/0x250
[  126.558990][ T6677]  __slab_free+0x290/0x380
[  126.563432][ T6677]  qlist_free_all+0x9a/0x140
[  126.568059][ T6677]  kasan_quarantine_reduce+0x14f/0x170
[  126.573609][ T6677]  __kasan_slab_alloc+0x23/0x80
[  126.578578][ T6677]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  126.584476][ T6677]  __alloc_skb+0x1c3/0x440
[  126.589006][ T6677]  alloc_skb_with_frags+0xc3/0x820
[  126.594131][ T6677]  sock_alloc_send_pskb+0x91a/0xa60
[  126.599448][ T6677]  unix_dgram_sendmsg+0x5e8/0x1df0
[  126.605082][ T6677]  __sock_sendmsg+0x221/0x270
[  126.609782][ T6677]  sock_write_iter+0x2d7/0x3f0
[  126.614551][ T6677]  do_iter_readv_writev+0x71a/0x9d0
[  126.619776][ T6677]  vfs_writev+0x38b/0xbc0
[  126.624106][ T6677] Modules linked in:
[  126.628049][ T6677] CPU: 0 UID: 0 PID: 6677 Comm: syz.0.16 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  126.628071][ T6677] Tainted: [B]=BAD_PAGE
[  126.628076][ T6677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  126.628085][ T6677] Call Trace:
[  126.628090][ T6677]  <TASK>
[  126.628096][ T6677]  dump_stack_lvl+0x241/0x360
[  126.628115][ T6677]  ? __pfx_dump_stack_lvl+0x10/0x10
[  126.628129][ T6677]  ? __pfx_print_modules+0x10/0x10
[  126.628150][ T6677]  bad_page+0x176/0x1d0
[  126.628172][ T6677]  free_frozen_pages+0x1079/0x10e0
[  126.628192][ T6677]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  126.628214][ T6677]  bpf_xdp_adjust_tail+0x1c6/0x210
[  126.628237][ T6677]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  126.628251][ T6677]  bpf_prog_run_generic_xdp+0x686/0x1510
[  126.628283][ T6677]  do_xdp_generic+0x757/0xd30
[  126.628305][ T6677]  ? __pfx_do_xdp_generic+0x10/0x10
[  126.628323][ T6677]  ? rcu_is_watching+0x15/0xb0
[  126.628347][ T6677]  ? cgroup_rstat_updated+0x13b/0xc30
[  126.628367][ T6677]  __netif_receive_skb_core+0x1be5/0x4540
[  126.628435][ T6677]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  126.628459][ T6677]  ? __pfx___skb_flow_dissect+0x10/0x10
[  126.628475][ T6677]  ? rcu_is_watching+0x15/0xb0
[  126.628490][ T6677]  ? lock_release+0xbf/0xa30
[  126.628510][ T6677]  ? __pfx_count_memcg_event_mm+0x10/0x10
[  126.628530][ T6677]  ? __up_read+0x2c2/0x6b0
[  126.628548][ T6677]  ? rcu_is_watching+0x15/0xb0
[  126.628564][ T6677]  __netif_receive_skb+0x12f/0x650
[  126.628583][ T6677]  ? __pfx_lock_acquire+0x10/0x10
[  126.628601][ T6677]  ? __pfx___netif_receive_skb+0x10/0x10
[  126.628619][ T6677]  ? tun_rx_batched+0x160/0x8f0
[  126.628634][ T6677]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  126.628652][ T6677]  ? _copy_from_iter+0x161/0x1c40
[  126.628671][ T6677]  ? netif_receive_skb+0x131/0x890
[  126.628690][ T6677]  netif_receive_skb+0x1e8/0x890
[  126.628709][ T6677]  ? tun_rx_batched+0x160/0x8f0
[  126.628726][ T6677]  ? __pfx_netif_receive_skb+0x10/0x10
[  126.628744][ T6677]  ? __pfx_lock_release+0x10/0x10
[  126.628763][ T6677]  ? tun_rx_batched+0x160/0x8f0
[  126.628779][ T6677]  tun_rx_batched+0x1b7/0x8f0
[  126.628795][ T6677]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  126.628817][ T6677]  ? __pfx_lock_acquire+0x10/0x10
[  126.628836][ T6677]  ? rcu_is_watching+0x15/0xb0
[  126.628851][ T6677]  ? __pfx_tun_rx_batched+0x10/0x10
[  126.628875][ T6677]  tun_get_user+0x30cd/0x48a0
[  126.628893][ T6677]  ? tun_get_user+0x2bbb/0x48a0
[  126.628911][ T6677]  ? schedule+0x90/0x320
[  126.628930][ T6677]  ? schedule+0x90/0x320
[  126.628948][ T6677]  ? schedule+0x155/0x320
[  126.628967][ T6677]  ? futex_wait_queue+0x27/0x1e0
[  126.628987][ T6677]  ? futex_wait_queue+0x159/0x1e0
[  126.629006][ T6677]  ? __pfx_tun_get_user+0x10/0x10
[  126.629020][ T6677]  ? __futex_wait+0x287/0x320
[  126.629041][ T6677]  ? tun_get+0x1e/0x2f0
[  126.629055][ T6677]  ? rcu_is_watching+0x15/0xb0
[  126.629069][ T6677]  ? tun_get+0x1e/0x2f0
[  126.629084][ T6677]  ? lock_release+0xbf/0xa30
[  126.629104][ T6677]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  126.629121][ T6677]  ? __pfx_lock_release+0x10/0x10
[  126.629145][ T6677]  ? tun_get+0x1e/0x2f0
[  126.629161][ T6677]  ? tun_get+0x27d/0x2f0
[  126.629176][ T6677]  tun_chr_write_iter+0x10d/0x1f0
[  126.629194][ T6677]  vfs_write+0xacf/0xd10
[  126.629213][ T6677]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  126.629230][ T6677]  ? __pfx_vfs_write+0x10/0x10
[  126.629251][ T6677]  ? __fget_files+0x2a/0x410
[  126.629269][ T6677]  ? __fget_files+0x2a/0x410
[  126.629289][ T6677]  ksys_write+0x18f/0x2b0
[  126.629309][ T6677]  ? __pfx_ksys_write+0x10/0x10
[  126.629328][ T6677]  ? rcu_is_watching+0x15/0xb0
[  126.629345][ T6677]  ? rcu_is_watching+0x15/0xb0
[  126.629361][ T6677]  do_syscall_64+0xf3/0x230
[  126.629376][ T6677]  ? clear_bhb_loop+0x35/0x90
[  126.629406][ T6677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.629426][ T6677] RIP: 0033:0x7fc3da57e98f
[  126.629441][ T6677] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  126.629454][ T6677] RSP: 002b:00007fc3db388020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  126.629470][ T6677] RAX: ffffffffffffffda RBX: 00007fc3da745fa0 RCX: 00007fc3da57e98f
[  126.629482][ T6677] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  126.629491][ T6677] RBP: 00007fc3da5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  126.629500][ T6677] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  126.629510][ T6677] R13: 0000000000000000 R14: 00007fc3da745fa0 R15: 00007ffe7d632228
[  126.629527][ T6677]  </TASK>
[  126.629538][ T6677] BUG: Bad page state in process syz.0.16  pfn:34637
[  127.080077][ T6677] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888034637000 pfn:0x34637
[  127.090170][ T6677] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  127.097311][ T6677] raw: 00fff00000000000 dead000000000040 ffff8880226b8000 0000000000000000
[  127.105967][ T6677] raw: ffff888034637000 0000000000000001 00000000ffffffff 0000000000000000
[  127.114601][ T6677] page dumped because: page_pool leak
[  127.120008][ T6677] page_owner tracks the page as allocated
[  127.125704][ T6677] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6677, tgid 6676 (syz.0.16), ts 124334454191, free_ts 124329152088
[  127.142575][ T6677]  post_alloc_hook+0x1f4/0x240
[  127.147380][ T6677]  get_page_from_freelist+0x3651/0x37a0
[  127.152936][ T6677]  __alloc_frozen_pages_noprof+0x292/0x710
[  127.158787][ T6677]  alloc_pages_bulk_noprof+0x847/0xae0
[  127.164283][ T6677]  __page_pool_alloc_pages_slow+0x11f/0x690
[  127.170230][ T6677]  skb_pp_cow_data+0xcc8/0x1720
[  127.175115][ T6677]  do_xdp_generic+0x505/0xd30
[  127.179823][ T6677]  __netif_receive_skb_core+0x1be5/0x4540
[  127.185557][ T6677]  __netif_receive_skb+0x12f/0x650
[  127.190710][ T6677]  netif_receive_skb+0x1e8/0x890
[  127.195658][ T6677]  tun_rx_batched+0x1b7/0x8f0
[  127.200392][ T6677]  tun_get_user+0x30cd/0x48a0
[  127.205076][ T6677]  tun_chr_write_iter+0x10d/0x1f0
[  127.210123][ T6677]  vfs_write+0xacf/0xd10
[  127.214369][ T6677]  ksys_write+0x18f/0x2b0
[  127.218746][ T6677]  do_syscall_64+0xf3/0x230
[  127.223264][ T6677] page last free pid 5489 tgid 5489 stack trace:
[  127.229604][ T6677]  free_frozen_pages+0xe04/0x10e0
[  127.234634][ T6677]  __put_partials+0x160/0x1c0
[  127.239524][ T6677]  put_cpu_partial+0x17c/0x250
[  127.244305][ T6677]  __slab_free+0x290/0x380
[  127.248752][ T6677]  qlist_free_all+0x9a/0x140
[  127.253348][ T6677]  kasan_quarantine_reduce+0x14f/0x170
[  127.258836][ T6677]  __kasan_slab_alloc+0x23/0x80
[  127.263727][ T6677]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  127.269658][ T6677]  __alloc_skb+0x1c3/0x440
[  127.274082][ T6677]  alloc_skb_with_frags+0xc3/0x820
[  127.279214][ T6677]  sock_alloc_send_pskb+0x91a/0xa60
[  127.284451][ T6677]  unix_dgram_sendmsg+0x5e8/0x1df0
[  127.289582][ T6677]  __sock_sendmsg+0x221/0x270
[  127.294271][ T6677]  sock_write_iter+0x2d7/0x3f0
[  127.299058][ T6677]  do_iter_readv_writev+0x71a/0x9d0
[  127.304260][ T6677]  vfs_writev+0x38b/0xbc0
[  127.308625][ T6677] Modules linked in:
[  127.312519][ T6677] CPU: 0 UID: 0 PID: 6677 Comm: syz.0.16 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  127.312533][ T6677] Tainted: [B]=BAD_PAGE
[  127.312536][ T6677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  127.312543][ T6677] Call Trace:
[  127.312546][ T6677]  <TASK>
[  127.312550][ T6677]  dump_stack_lvl+0x241/0x360
[  127.312563][ T6677]  ? __pfx_dump_stack_lvl+0x10/0x10
[  127.312572][ T6677]  ? __pfx_print_modules+0x10/0x10
[  127.312587][ T6677]  bad_page+0x176/0x1d0
[  127.312609][ T6677]  free_frozen_pages+0x1079/0x10e0
[  127.312622][ T6677]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  127.312636][ T6677]  bpf_xdp_adjust_tail+0x1c6/0x210
[  127.312650][ T6677]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  127.312658][ T6677]  bpf_prog_run_generic_xdp+0x686/0x1510
[  127.312675][ T6677]  do_xdp_generic+0x757/0xd30
[  127.312688][ T6677]  ? __pfx_do_xdp_generic+0x10/0x10
[  127.312697][ T6677]  ? rcu_is_watching+0x15/0xb0
[  127.312711][ T6677]  ? cgroup_rstat_updated+0x13b/0xc30
[  127.312722][ T6677]  __netif_receive_skb_core+0x1be5/0x4540
[  127.312740][ T6677]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  127.312753][ T6677]  ? __pfx___skb_flow_dissect+0x10/0x10
[  127.312763][ T6677]  ? rcu_is_watching+0x15/0xb0
[  127.312771][ T6677]  ? lock_release+0xbf/0xa30
[  127.312783][ T6677]  ? __pfx_count_memcg_event_mm+0x10/0x10
[  127.312795][ T6677]  ? __up_read+0x2c2/0x6b0
[  127.312804][ T6677]  ? rcu_is_watching+0x15/0xb0
[  127.312813][ T6677]  __netif_receive_skb+0x12f/0x650
[  127.312826][ T6677]  ? __pfx_lock_acquire+0x10/0x10
[  127.312837][ T6677]  ? __pfx___netif_receive_skb+0x10/0x10
[  127.312849][ T6677]  ? tun_rx_batched+0x160/0x8f0
[  127.312859][ T6677]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  127.312871][ T6677]  ? _copy_from_iter+0x161/0x1c40
[  127.312882][ T6677]  ? netif_receive_skb+0x131/0x890
[  127.312893][ T6677]  netif_receive_skb+0x1e8/0x890