Warning: Permanently added '10.128.1.145' (ED25519) to the list of known hosts.
2025/03/13 17:49:56 ignoring optional flag "sandboxArg"="0"
2025/03/13 17:49:57 parsed 1 programs
[  101.832529][ T6232] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  104.690868][ T1086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.703045][ T1086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.722167][ T1165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.729990][ T1165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.094008][ T5132] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  106.104795][ T5132] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  106.113507][ T5132] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  106.123200][ T5132] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  106.131124][ T5132] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  106.141163][ T5132] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  106.769061][ T6308] chnl_net:caif_netlink_parms(): no params data found
[  106.822806][ T6308] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.830687][ T6308] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.838295][ T6308] bridge_slave_0: entered allmulticast mode
[  106.844979][ T6308] bridge_slave_0: entered promiscuous mode
[  106.852977][ T6308] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.860166][ T6308] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.868032][ T6308] bridge_slave_1: entered allmulticast mode
[  106.876458][ T6308] bridge_slave_1: entered promiscuous mode
[  106.901834][ T6308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.913646][ T6308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.944272][ T6308] team0: Port device team_slave_0 added
[  106.954704][ T6308] team0: Port device team_slave_1 added
[  106.974748][ T6308] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.981884][ T6308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.007814][ T6308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.019628][ T6308] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.027160][ T6308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.053617][ T6308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.083891][ T6308] hsr_slave_0: entered promiscuous mode
[  107.090091][ T6308] hsr_slave_1: entered promiscuous mode
[  107.610255][ T6308] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  107.633650][ T6308] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  107.647706][ T6308] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  107.663683][ T6308] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  107.698547][ T6308] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.705944][ T6308] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.714851][ T6308] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.722233][ T6308] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.773578][ T1086] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.785726][ T1086] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.814997][ T6308] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.836548][ T6308] 8021q: adding VLAN 0 to HW filter on device team0
[  107.847997][ T1086] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.855884][ T1086] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.869474][ T1165] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.877066][ T1165] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.064036][ T6308] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.114131][ T6308] veth0_vlan: entered promiscuous mode
[  108.127820][ T6308] veth1_vlan: entered promiscuous mode
[  108.156687][ T6308] veth0_macvtap: entered promiscuous mode
[  108.168113][ T6308] veth1_macvtap: entered promiscuous mode
[  108.188005][ T6308] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.203058][ T6308] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.218250][ T6308] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.228630][ T6308] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.239901][ T6308] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.249216][ T6308] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/03/13 17:50:07 executed programs: 0
[  108.455958][   T70] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.466867][ T5132] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  108.479364][ T5132] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  108.488712][ T5132] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  108.498860][ T5132] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  108.510327][ T5132] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  108.517963][ T5132] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  108.555619][   T70] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.627468][   T70] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.724609][   T70] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.775700][ T6375] chnl_net:caif_netlink_parms(): no params data found
[  108.857814][ T6375] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.875158][ T6375] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.882962][ T6375] bridge_slave_0: entered allmulticast mode
[  108.889937][ T6375] bridge_slave_0: entered promiscuous mode
[  108.899710][ T6375] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.907010][ T6375] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.915539][ T6375] bridge_slave_1: entered allmulticast mode
[  108.922522][ T6375] bridge_slave_1: entered promiscuous mode
[  108.953322][ T6375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.964918][ T6375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.004113][ T6375] team0: Port device team_slave_0 added
[  109.012560][ T6375] team0: Port device team_slave_1 added
[  109.041928][ T6375] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.048914][ T6375] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.075929][ T6375] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.093097][ T6375] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.100175][ T6375] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.129046][ T6375] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.178443][ T6375] hsr_slave_0: entered promiscuous mode
[  109.188080][ T6375] hsr_slave_1: entered promiscuous mode
[  109.195701][ T6375] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  109.206078][ T6375] Cannot create hsr debugfs directory
[  110.581136][ T5132] Bluetooth: hci0: command tx timeout
[  111.263119][   T70] bridge_slave_1: left allmulticast mode
[  111.268916][   T70] bridge_slave_1: left promiscuous mode
[  111.275520][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.286676][   T70] bridge_slave_0: left allmulticast mode
[  111.292896][   T70] bridge_slave_0: left promiscuous mode
[  111.298934][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.665699][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  111.677683][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  111.700100][   T70] bond0 (unregistering): Released all slaves
[  111.776286][   T70] hsr_slave_0: left promiscuous mode
[  111.789974][   T70] hsr_slave_1: left promiscuous mode
[  111.796844][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  111.810067][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[  111.819734][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  111.827911][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[  111.849731][   T70] veth1_macvtap: left promiscuous mode
[  111.855594][   T70] veth0_macvtap: left promiscuous mode
[  111.861824][   T70] veth1_vlan: left promiscuous mode
[  111.867235][   T70] veth0_vlan: left promiscuous mode
[  112.349654][   T70] team0 (unregistering): Port device team_slave_1 removed
[  112.394455][   T70] team0 (unregistering): Port device team_slave_0 removed
[  112.652759][ T5132] Bluetooth: hci0: command tx timeout
[  113.070101][ T6375] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  113.081632][ T6375] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  113.094425][ T6375] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  113.105284][ T6375] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  113.198206][ T6375] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.220342][ T6375] 8021q: adding VLAN 0 to HW filter on device team0
[  113.232856][ T1165] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.240202][ T1165] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.257520][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.264672][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.315204][ T6375] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  113.476589][ T6375] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.524018][ T6375] veth0_vlan: entered promiscuous mode
[  113.538168][ T6375] veth1_vlan: entered promiscuous mode
[  113.568667][ T6375] veth0_macvtap: entered promiscuous mode
[  113.578501][ T6375] veth1_macvtap: entered promiscuous mode
[  113.602312][ T6375] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.622250][ T6375] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.644108][ T6375] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.653339][ T6375] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.662713][ T6375] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.671843][ T6375] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.728195][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.744236][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/03/13 17:50:13 executed programs: 2
[  113.774877][   T70] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.784814][   T70] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.857200][ T6633] BUG: Bad page state in process syz.0.15  pfn:7ed6c
[  113.864202][ T6633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ed6c
[  113.873076][ T6633] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  113.880219][ T6633] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  113.888973][ T6633] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  113.897614][ T6633] page dumped because: page_pool leak
[  113.903104][ T6633] page_owner tracks the page as allocated
[  113.909080][ T6633] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6633, tgid 6632 (syz.0.15), ts 113857096516, free_ts 113793117876
[  113.926571][ T6633]  post_alloc_hook+0x1f4/0x240
[  113.931464][ T6633]  get_page_from_freelist+0x3651/0x37a0
[  113.937157][ T6633]  __alloc_frozen_pages_noprof+0x292/0x710
[  113.943074][ T6633]  alloc_pages_bulk_noprof+0x847/0xae0
[  113.948667][ T6633]  __page_pool_alloc_pages_slow+0x11f/0x690
[  113.954660][ T6633]  skb_pp_cow_data+0xcc8/0x1720
[  113.959717][ T6633]  do_xdp_generic+0x505/0xd30
[  113.964598][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  113.970357][ T6633]  __netif_receive_skb+0x12f/0x650
[  113.976141][ T6633]  netif_receive_skb+0x1e8/0x890
[  113.981179][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  113.985898][ T6633]  tun_get_user+0x30cd/0x48a0
[  113.990613][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  113.995732][ T6633]  vfs_write+0xacf/0xd10
[  114.000111][ T6633]  ksys_write+0x18f/0x2b0
[  114.004624][ T6633]  do_syscall_64+0xf3/0x230
[  114.009162][ T6633] page last free pid 6629 tgid 6629 stack trace:
[  114.015567][ T6633]  free_frozen_pages+0xe04/0x10e0
[  114.020623][ T6633]  __put_partials+0x160/0x1c0
[  114.025551][ T6633]  put_cpu_partial+0x17c/0x250
[  114.030357][ T6633]  __slab_free+0x290/0x380
[  114.034964][ T6633]  qlist_free_all+0x9a/0x140
[  114.039590][ T6633]  kasan_quarantine_reduce+0x14f/0x170
[  114.045157][ T6633]  __kasan_slab_alloc+0x23/0x80
[  114.050055][ T6633]  kmem_cache_alloc_noprof+0x1d9/0x380
[  114.055612][ T6633]  vm_area_dup+0x27/0x290
[  114.059974][ T6633]  __split_vma+0x1bf/0xbf0
[  114.064557][ T6633]  vma_modify+0x280/0x390
[  114.068925][ T6633]  vma_modify_flags+0x3a5/0x430
[  114.073959][ T6633]  mprotect_fixup+0x45a/0xaa0
[  114.078676][ T6633]  do_mprotect_pkey+0x99d/0xdd0
[  114.083630][ T6633]  __x64_sys_mprotect+0x80/0x90
[  114.088523][ T6633]  do_syscall_64+0xf3/0x230
[  114.093137][ T6633] Modules linked in:
[  114.097083][ T6633] CPU: 0 UID: 0 PID: 6633 Comm: syz.0.15 Not tainted 6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  114.097112][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  114.097125][ T6633] Call Trace:
[  114.097132][ T6633]  <TASK>
[  114.097139][ T6633]  dump_stack_lvl+0x241/0x360
[  114.097164][ T6633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.097180][ T6633]  ? __pfx_print_modules+0x10/0x10
[  114.097213][ T6633]  bad_page+0x176/0x1d0
[  114.097238][ T6633]  free_frozen_pages+0x1079/0x10e0
[  114.097268][ T6633]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  114.097301][ T6633]  bpf_xdp_adjust_tail+0x1c6/0x210
[  114.097328][ T6633]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  114.097349][ T6633]  bpf_prog_run_generic_xdp+0x686/0x1510
[  114.097397][ T6633]  do_xdp_generic+0x757/0xd30
[  114.097424][ T6633]  ? __pfx_do_xdp_generic+0x10/0x10
[  114.097453][ T6633]  ? __skb_flow_dissect+0x25f/0x7af0
[  114.097492][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  114.097539][ T6633]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  114.097566][ T6633]  ? mark_lock+0x9a/0x360
[  114.097586][ T6633]  ? __pfx___skb_flow_dissect+0x10/0x10
[  114.097607][ T6633]  ? __lock_acquire+0x1397/0x2100
[  114.097653][ T6633]  __netif_receive_skb+0x12f/0x650
[  114.097677][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  114.097699][ T6633]  ? __pfx___netif_receive_skb+0x10/0x10
[  114.097724][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  114.097742][ T6633]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  114.097769][ T6633]  ? netif_receive_skb+0x131/0x890
[  114.097807][ T6633]  ? netif_receive_skb+0x131/0x890
[  114.097828][ T6633]  netif_receive_skb+0x1e8/0x890
[  114.097848][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  114.097866][ T6633]  ? __pfx_netif_receive_skb+0x10/0x10
[  114.097898][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  114.097916][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  114.097934][ T6633]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  114.097959][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  114.097981][ T6633]  ? __pfx_tun_rx_batched+0x10/0x10
[  114.098019][ T6633]  tun_get_user+0x30cd/0x48a0
[  114.098037][ T6633]  ? tun_get_user+0x2bbb/0x48a0
[  114.098067][ T6633]  ? __lock_acquire+0x1397/0x2100
[  114.098102][ T6633]  ? __pfx_tun_get_user+0x10/0x10
[  114.098138][ T6633]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  114.098156][ T6633]  ? tun_get+0x1e/0x2f0
[  114.098173][ T6633]  ? __pfx_lock_release+0x10/0x10
[  114.098208][ T6633]  ? tun_get+0x1e/0x2f0
[  114.098224][ T6633]  ? tun_get+0x27d/0x2f0
[  114.098244][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  114.098266][ T6633]  vfs_write+0xacf/0xd10
[  114.098292][ T6633]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  114.098312][ T6633]  ? __pfx_vfs_write+0x10/0x10
[  114.098334][ T6633]  ? __fget_files+0x2a/0x410
[  114.098354][ T6633]  ? __fget_files+0x2a/0x410
[  114.098377][ T6633]  ksys_write+0x18f/0x2b0
[  114.098399][ T6633]  ? __pfx_ksys_write+0x10/0x10
[  114.098420][ T6633]  ? do_syscall_64+0x100/0x230
[  114.098439][ T6633]  ? do_syscall_64+0xb6/0x230
[  114.098459][ T6633]  do_syscall_64+0xf3/0x230
[  114.098475][ T6633]  ? clear_bhb_loop+0x35/0x90
[  114.098500][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.098530][ T6633] RIP: 0033:0x7f415157e98f
[  114.098547][ T6633] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  114.098559][ T6633] RSP: 002b:00007f41522b4020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  114.098577][ T6633] RAX: ffffffffffffffda RBX: 00007f4151745fa0 RCX: 00007f415157e98f
[  114.098588][ T6633] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  114.098598][ T6633] RBP: 00007f41515f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  114.098606][ T6633] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  114.098615][ T6633] R13: 0000000000000000 R14: 00007f4151745fa0 R15: 00007fff451d8b48
[  114.098642][ T6633]  </TASK>
[  114.098648][ T6633] Disabling lock debugging due to kernel taint
[  114.485622][ T6633] BUG: Bad page state in process syz.0.15  pfn:7ed6b
[  114.492347][ T6633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ed6b
[  114.501163][ T6633] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  114.508295][ T6633] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  114.517206][ T6633] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  114.525845][ T6633] page dumped because: page_pool leak
[  114.531268][ T6633] page_owner tracks the page as allocated
[  114.537086][ T6633] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6633, tgid 6632 (syz.0.15), ts 113857085765, free_ts 113793117876
[  114.554189][ T6633]  post_alloc_hook+0x1f4/0x240
[  114.558972][ T6633]  get_page_from_freelist+0x3651/0x37a0
[  114.564599][ T6633]  __alloc_frozen_pages_noprof+0x292/0x710
[  114.570424][ T6633]  alloc_pages_bulk_noprof+0x847/0xae0
[  114.575991][ T6633]  __page_pool_alloc_pages_slow+0x11f/0x690
[  114.582021][ T6633]  skb_pp_cow_data+0xcc8/0x1720
[  114.586978][ T6633]  do_xdp_generic+0x505/0xd30
[  114.591727][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  114.597473][ T6633]  __netif_receive_skb+0x12f/0x650
[  114.603007][ T6633]  netif_receive_skb+0x1e8/0x890
[  114.608569][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  114.613326][ T6633]  tun_get_user+0x30cd/0x48a0
[  114.618116][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  114.623345][ T6633]  vfs_write+0xacf/0xd10
[  114.627618][ T6633]  ksys_write+0x18f/0x2b0
[  114.632113][ T6633]  do_syscall_64+0xf3/0x230
[  114.636737][ T6633] page last free pid 6629 tgid 6629 stack trace:
[  114.643281][ T6633]  free_frozen_pages+0xe04/0x10e0
[  114.648343][ T6633]  __put_partials+0x160/0x1c0
[  114.653345][ T6633]  put_cpu_partial+0x17c/0x250
[  114.658136][ T6633]  __slab_free+0x290/0x380
[  114.662624][ T6633]  qlist_free_all+0x9a/0x140
[  114.667322][ T6633]  kasan_quarantine_reduce+0x14f/0x170
[  114.672882][ T6633]  __kasan_slab_alloc+0x23/0x80
[  114.677852][ T6633]  kmem_cache_alloc_noprof+0x1d9/0x380
[  114.683367][ T6633]  vm_area_dup+0x27/0x290
[  114.687721][ T6633]  __split_vma+0x1bf/0xbf0
[  114.692213][ T6633]  vma_modify+0x280/0x390
[  114.696573][ T6633]  vma_modify_flags+0x3a5/0x430
[  114.701496][ T6633]  mprotect_fixup+0x45a/0xaa0
[  114.706207][ T6633]  do_mprotect_pkey+0x99d/0xdd0
[  114.711478][ T6633]  __x64_sys_mprotect+0x80/0x90
[  114.716368][ T6633]  do_syscall_64+0xf3/0x230
[  114.720878][ T6633] Modules linked in:
[  114.724885][ T6633] CPU: 0 UID: 0 PID: 6633 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  114.724909][ T6633] Tainted: [B]=BAD_PAGE
[  114.724913][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  114.724921][ T6633] Call Trace:
[  114.724926][ T6633]  <TASK>
[  114.724931][ T6633]  dump_stack_lvl+0x241/0x360
[  114.724951][ T6633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.724964][ T6633]  ? __pfx_print_modules+0x10/0x10
[  114.724989][ T6633]  bad_page+0x176/0x1d0
[  114.725011][ T6633]  free_frozen_pages+0x1079/0x10e0
[  114.725032][ T6633]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  114.725063][ T6633]  bpf_xdp_adjust_tail+0x1c6/0x210
[  114.725087][ T6633]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  114.725102][ T6633]  bpf_prog_run_generic_xdp+0x686/0x1510
[  114.725132][ T6633]  do_xdp_generic+0x757/0xd30
[  114.725154][ T6633]  ? __pfx_do_xdp_generic+0x10/0x10
[  114.725175][ T6633]  ? __skb_flow_dissect+0x25f/0x7af0
[  114.725199][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  114.725230][ T6633]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  114.725252][ T6633]  ? mark_lock+0x9a/0x360
[  114.725273][ T6633]  ? __pfx___skb_flow_dissect+0x10/0x10
[  114.725289][ T6633]  ? __lock_acquire+0x1397/0x2100
[  114.725318][ T6633]  __netif_receive_skb+0x12f/0x650
[  114.725339][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  114.725356][ T6633]  ? __pfx___netif_receive_skb+0x10/0x10
[  114.725375][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  114.725390][ T6633]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  114.725408][ T6633]  ? netif_receive_skb+0x131/0x890
[  114.725425][ T6633]  ? netif_receive_skb+0x131/0x890
[  114.725444][ T6633]  netif_receive_skb+0x1e8/0x890
[  114.725463][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  114.725479][ T6633]  ? __pfx_netif_receive_skb+0x10/0x10
[  114.725502][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  114.725519][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  114.725536][ T6633]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  114.725558][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  114.725578][ T6633]  ? __pfx_tun_rx_batched+0x10/0x10
[  114.725602][ T6633]  tun_get_user+0x30cd/0x48a0
[  114.725619][ T6633]  ? tun_get_user+0x2bbb/0x48a0
[  114.725640][ T6633]  ? __lock_acquire+0x1397/0x2100
[  114.725662][ T6633]  ? __pfx_tun_get_user+0x10/0x10
[  114.725685][ T6633]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  114.725700][ T6633]  ? tun_get+0x1e/0x2f0
[  114.725715][ T6633]  ? __pfx_lock_release+0x10/0x10
[  114.725740][ T6633]  ? tun_get+0x1e/0x2f0
[  114.725755][ T6633]  ? tun_get+0x27d/0x2f0
[  114.725771][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  114.725788][ T6633]  vfs_write+0xacf/0xd10
[  114.725808][ T6633]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  114.725824][ T6633]  ? __pfx_vfs_write+0x10/0x10
[  114.725844][ T6633]  ? __fget_files+0x2a/0x410
[  114.725861][ T6633]  ? __fget_files+0x2a/0x410
[  114.725880][ T6633]  ksys_write+0x18f/0x2b0
[  114.725899][ T6633]  ? __pfx_ksys_write+0x10/0x10
[  114.725918][ T6633]  ? do_syscall_64+0x100/0x230
[  114.725934][ T6633]  ? do_syscall_64+0xb6/0x230
[  114.725950][ T6633]  do_syscall_64+0xf3/0x230
[  114.725964][ T6633]  ? clear_bhb_loop+0x35/0x90
[  114.725986][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.726006][ T6633] RIP: 0033:0x7f415157e98f
[  114.726020][ T6633] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  114.726033][ T6633] RSP: 002b:00007f41522b4020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  114.726050][ T6633] RAX: ffffffffffffffda RBX: 00007f4151745fa0 RCX: 00007f415157e98f
[  114.726070][ T6633] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  114.726079][ T6633] RBP: 00007f41515f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  114.726089][ T6633] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  114.726098][ T6633] R13: 0000000000000000 R14: 00007f4151745fa0 R15: 00007fff451d8b48
[  114.726115][ T6633]  </TASK>
[  114.726124][ T6633] BUG: Bad page state in process syz.0.15  pfn:7ed6a
[  115.118633][ T6633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ed6a
[  115.127507][ T6633] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  115.134676][ T6633] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  115.143404][ T6633] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  115.152109][ T6633] page dumped because: page_pool leak
[  115.157487][ T6633] page_owner tracks the page as allocated
[  115.163233][ T6633] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6633, tgid 6632 (syz.0.15), ts 113857075173, free_ts 113793117876
[  115.180230][ T6633]  post_alloc_hook+0x1f4/0x240
[  115.185106][ T6633]  get_page_from_freelist+0x3651/0x37a0
[  115.190688][ T6633]  __alloc_frozen_pages_noprof+0x292/0x710
[  115.196662][ T6633]  alloc_pages_bulk_noprof+0x847/0xae0
[  115.202156][ T6633]  __page_pool_alloc_pages_slow+0x11f/0x690
[  115.208244][ T6633]  skb_pp_cow_data+0xcc8/0x1720
[  115.213337][ T6633]  do_xdp_generic+0x505/0xd30
[  115.218033][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  115.223897][ T6633]  __netif_receive_skb+0x12f/0x650
[  115.229022][ T6633]  netif_receive_skb+0x1e8/0x890
[  115.234024][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  115.238721][ T6633]  tun_get_user+0x30cd/0x48a0
[  115.243453][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  115.248675][ T6633]  vfs_write+0xacf/0xd10
[  115.252986][ T6633]  ksys_write+0x18f/0x2b0
[  115.257351][ T6633]  do_syscall_64+0xf3/0x230
[  115.261933][ T6633] page last free pid 6629 tgid 6629 stack trace:
[  115.268386][ T6633]  free_frozen_pages+0xe04/0x10e0
[  115.273525][ T6633]  __put_partials+0x160/0x1c0
[  115.278342][ T6633]  put_cpu_partial+0x17c/0x250
[  115.283251][ T6633]  __slab_free+0x290/0x380
[  115.287730][ T6633]  qlist_free_all+0x9a/0x140
[  115.292400][ T6633]  kasan_quarantine_reduce+0x14f/0x170
[  115.297967][ T6633]  __kasan_slab_alloc+0x23/0x80
[  115.302898][ T6633]  kmem_cache_alloc_noprof+0x1d9/0x380
[  115.308464][ T6633]  vm_area_dup+0x27/0x290
[  115.312917][ T6633]  __split_vma+0x1bf/0xbf0
[  115.317444][ T6633]  vma_modify+0x280/0x390
[  115.322667][ T6633]  vma_modify_flags+0x3a5/0x430
[  115.327629][ T6633]  mprotect_fixup+0x45a/0xaa0
[  115.332983][ T6633]  do_mprotect_pkey+0x99d/0xdd0
[  115.337870][ T6633]  __x64_sys_mprotect+0x80/0x90
[  115.342966][ T6633]  do_syscall_64+0xf3/0x230
[  115.347496][ T6633] Modules linked in:
[  115.351454][ T6633] CPU: 0 UID: 0 PID: 6633 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  115.351475][ T6633] Tainted: [B]=BAD_PAGE
[  115.351481][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  115.351488][ T6633] Call Trace:
[  115.351494][ T6633]  <TASK>
[  115.351501][ T6633]  dump_stack_lvl+0x241/0x360
[  115.351522][ T6633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  115.351537][ T6633]  ? __pfx_print_modules+0x10/0x10
[  115.351563][ T6633]  bad_page+0x176/0x1d0
[  115.351586][ T6633]  free_frozen_pages+0x1079/0x10e0
[  115.351604][ T6633]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  115.351623][ T6633]  bpf_xdp_adjust_tail+0x1c6/0x210
[  115.351643][ T6633]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  115.351655][ T6633]  bpf_prog_run_generic_xdp+0x686/0x1510
[  115.351681][ T6633]  do_xdp_generic+0x757/0xd30
[  115.351700][ T6633]  ? __pfx_do_xdp_generic+0x10/0x10
[  115.351718][ T6633]  ? __skb_flow_dissect+0x25f/0x7af0
[  115.351738][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  115.351778][ T6633]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  115.351800][ T6633]  ? mark_lock+0x9a/0x360
[  115.351822][ T6633]  ? __pfx___skb_flow_dissect+0x10/0x10
[  115.351839][ T6633]  ? __lock_acquire+0x1397/0x2100
[  115.351864][ T6633]  __netif_receive_skb+0x12f/0x650
[  115.351884][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  115.351902][ T6633]  ? __pfx___netif_receive_skb+0x10/0x10
[  115.351923][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  115.351940][ T6633]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  115.351962][ T6633]  ? netif_receive_skb+0x131/0x890
[  115.351980][ T6633]  ? netif_receive_skb+0x131/0x890
[  115.351998][ T6633]  netif_receive_skb+0x1e8/0x890
[  115.352017][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  115.352032][ T6633]  ? __pfx_netif_receive_skb+0x10/0x10
[  115.352055][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  115.352071][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  115.352088][ T6633]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  115.352109][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  115.352128][ T6633]  ? __pfx_tun_rx_batched+0x10/0x10
[  115.352152][ T6633]  tun_get_user+0x30cd/0x48a0
[  115.352169][ T6633]  ? tun_get_user+0x2bbb/0x48a0
[  115.352189][ T6633]  ? __lock_acquire+0x1397/0x2100
[  115.352210][ T6633]  ? __pfx_tun_get_user+0x10/0x10
[  115.352233][ T6633]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  115.352249][ T6633]  ? tun_get+0x1e/0x2f0
[  115.352264][ T6633]  ? __pfx_lock_release+0x10/0x10
[  115.352289][ T6633]  ? tun_get+0x1e/0x2f0
[  115.352305][ T6633]  ? tun_get+0x27d/0x2f0
[  115.352321][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  115.352338][ T6633]  vfs_write+0xacf/0xd10
[  115.352359][ T6633]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  115.352375][ T6633]  ? __pfx_vfs_write+0x10/0x10
[  115.352394][ T6633]  ? __fget_files+0x2a/0x410
[  115.352412][ T6633]  ? __fget_files+0x2a/0x410
[  115.352431][ T6633]  ksys_write+0x18f/0x2b0
[  115.352452][ T6633]  ? __pfx_ksys_write+0x10/0x10
[  115.352471][ T6633]  ? do_syscall_64+0x100/0x230
[  115.352489][ T6633]  ? do_syscall_64+0xb6/0x230
[  115.352505][ T6633]  do_syscall_64+0xf3/0x230
[  115.352520][ T6633]  ? clear_bhb_loop+0x35/0x90
[  115.352542][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.352562][ T6633] RIP: 0033:0x7f415157e98f
[  115.352577][ T6633] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  115.352589][ T6633] RSP: 002b:00007f41522b4020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  115.352607][ T6633] RAX: ffffffffffffffda RBX: 00007f4151745fa0 RCX: 00007f415157e98f
[  115.352618][ T6633] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  115.352628][ T6633] RBP: 00007f41515f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  115.352638][ T6633] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  115.352647][ T6633] R13: 0000000000000000 R14: 00007f4151745fa0 R15: 00007fff451d8b48
[  115.352664][ T6633]  </TASK>
[  115.352674][ T6633] BUG: Bad page state in process syz.0.15  pfn:7ed69
[  115.743608][ T6633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x7ed69
[  115.752521][ T6633] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  115.759795][ T6633] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  115.768441][ T6633] raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
[  115.777065][ T6633] page dumped because: page_pool leak
[  115.782456][ T6633] page_owner tracks the page as allocated
[  115.788175][ T6633] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6633, tgid 6632 (syz.0.15), ts 113857065077, free_ts 113793117876
[  115.805141][ T6633]  post_alloc_hook+0x1f4/0x240
[  115.809937][ T6633]  get_page_from_freelist+0x3651/0x37a0
[  115.815959][ T6633]  __alloc_frozen_pages_noprof+0x292/0x710
[  115.821818][ T6633]  alloc_pages_bulk_noprof+0x847/0xae0
[  115.827276][ T6633]  __page_pool_alloc_pages_slow+0x11f/0x690
[  115.833290][ T6633]  skb_pp_cow_data+0xcc8/0x1720
[  115.838159][ T6633]  do_xdp_generic+0x505/0xd30
[  115.842879][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  115.848624][ T6633]  __netif_receive_skb+0x12f/0x650
[  115.853808][ T6633]  netif_receive_skb+0x1e8/0x890
[  115.858777][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  115.863590][ T6633]  tun_get_user+0x30cd/0x48a0
[  115.868284][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  115.873796][ T6633]  vfs_write+0xacf/0xd10
[  115.878060][ T6633]  ksys_write+0x18f/0x2b0
[  115.882574][ T6633]  do_syscall_64+0xf3/0x230
[  115.887268][ T6633] page last free pid 6629 tgid 6629 stack trace:
[  115.893938][ T6633]  free_frozen_pages+0xe04/0x10e0
[  115.899088][ T6633]  __put_partials+0x160/0x1c0
[  115.904032][ T6633]  put_cpu_partial+0x17c/0x250
[  115.908854][ T6633]  __slab_free+0x290/0x380
[  115.913372][ T6633]  qlist_free_all+0x9a/0x140
[  115.918082][ T6633]  kasan_quarantine_reduce+0x14f/0x170
[  115.923833][ T6633]  __kasan_slab_alloc+0x23/0x80
[  115.928972][ T6633]  kmem_cache_alloc_noprof+0x1d9/0x380
[  115.934623][ T6633]  vm_area_dup+0x27/0x290
[  115.939011][ T6633]  __split_vma+0x1bf/0xbf0
[  115.943746][ T6633]  vma_modify+0x280/0x390
[  115.948098][ T6633]  vma_modify_flags+0x3a5/0x430
[  115.953554][ T6633]  mprotect_fixup+0x45a/0xaa0
[  115.958249][ T6633]  do_mprotect_pkey+0x99d/0xdd0
[  115.963286][ T6633]  __x64_sys_mprotect+0x80/0x90
[  115.968357][ T6633]  do_syscall_64+0xf3/0x230
[  115.972909][ T6633] Modules linked in:
[  115.976946][ T6633] CPU: 0 UID: 0 PID: 6633 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  115.976961][ T6633] Tainted: [B]=BAD_PAGE
[  115.976965][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  115.976973][ T6633] Call Trace:
[  115.976979][ T6633]  <TASK>
[  115.976985][ T6633]  dump_stack_lvl+0x241/0x360
[  115.976999][ T6633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  115.977008][ T6633]  ? __pfx_print_modules+0x10/0x10
[  115.977022][ T6633]  bad_page+0x176/0x1d0
[  115.977036][ T6633]  free_frozen_pages+0x1079/0x10e0
[  115.977048][ T6633]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  115.977062][ T6633]  bpf_xdp_adjust_tail+0x1c6/0x210
[  115.977076][ T6633]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  115.977085][ T6633]  bpf_prog_run_generic_xdp+0x686/0x1510
[  115.977101][ T6633]  do_xdp_generic+0x757/0xd30
[  115.977114][ T6633]  ? __pfx_do_xdp_generic+0x10/0x10
[  115.977131][ T6633]  ? __skb_flow_dissect+0x25f/0x7af0
[  115.977149][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  115.977167][ T6633]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  115.977180][ T6633]  ? mark_lock+0x9a/0x360
[  115.977192][ T6633]  ? __pfx___skb_flow_dissect+0x10/0x10
[  115.977203][ T6633]  ? __lock_acquire+0x1397/0x2100
[  115.977219][ T6633]  __netif_receive_skb+0x12f/0x650
[  115.977231][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  115.977242][ T6633]  ? __pfx___netif_receive_skb+0x10/0x10
[  115.977255][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  115.977264][ T6633]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  115.977277][ T6633]  ? netif_receive_skb+0x131/0x890
[  115.977287][ T6633]  ? netif_receive_skb+0x131/0x890
[  115.977298][ T6633]  netif_receive_skb+0x1e8/0x890
[  115.977309][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  115.977318][ T6633]  ? __pfx_netif_receive_skb+0x10/0x10
[  115.977331][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  115.977340][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  115.977349][ T6633]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  115.977362][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  115.977373][ T6633]  ? __pfx_tun_rx_batched+0x10/0x10
[  115.977386][ T6633]  tun_get_user+0x30cd/0x48a0
[  115.977395][ T6633]  ? tun_get_user+0x2bbb/0x48a0
[  115.977406][ T6633]  ? __lock_acquire+0x1397/0x2100
[  115.977419][ T6633]  ? __pfx_tun_get_user+0x10/0x10
[  115.977431][ T6633]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  115.977441][ T6633]  ? tun_get+0x1e/0x2f0
[  115.977449][ T6633]  ? __pfx_lock_release+0x10/0x10
[  115.977463][ T6633]  ? tun_get+0x1e/0x2f0
[  115.977471][ T6633]  ? tun_get+0x27d/0x2f0
[  115.977480][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  115.977490][ T6633]  vfs_write+0xacf/0xd10
[  115.977503][ T6633]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  115.977512][ T6633]  ? __pfx_vfs_write+0x10/0x10
[  115.977523][ T6633]  ? __fget_files+0x2a/0x410
[  115.977533][ T6633]  ? __fget_files+0x2a/0x410
[  115.977543][ T6633]  ksys_write+0x18f/0x2b0
[  115.977554][ T6633]  ? __pfx_ksys_write+0x10/0x10
[  115.977565][ T6633]  ? do_syscall_64+0x100/0x230
[  115.977576][ T6633]  ? do_syscall_64+0xb6/0x230
[  115.977585][ T6633]  do_syscall_64+0xf3/0x230
[  115.977593][ T6633]  ? clear_bhb_loop+0x35/0x90
[  115.977618][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.977630][ T6633] RIP: 0033:0x7f415157e98f
[  115.977643][ T6633] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  115.977653][ T6633] RSP: 002b:00007f41522b4020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  115.977669][ T6633] RAX: ffffffffffffffda RBX: 00007f4151745fa0 RCX: 00007f415157e98f
[  115.977677][ T6633] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  115.977682][ T6633] RBP: 00007f41515f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  115.977688][ T6633] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  115.977693][ T6633] R13: 0000000000000000 R14: 00007f4151745fa0 R15: 00007fff451d8b48
[  115.977702][ T6633]  </TASK>
[  115.977709][ T6633] BUG: Bad page state in process syz.0.15  pfn:7ed68
[  116.368646][ T6633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807ed6e000 pfn:0x7ed68
[  116.378894][ T6633] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  116.386145][ T6633] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  116.394880][ T6633] raw: ffff88807ed6e000 0000000000000001 00000000ffffffff 0000000000000000
[  116.403516][ T6633] page dumped because: page_pool leak
[  116.408880][ T6633] page_owner tracks the page as allocated
[  116.414621][ T6633] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6633, tgid 6632 (syz.0.15), ts 113857054088, free_ts 113793117876
[  116.431687][ T6633]  post_alloc_hook+0x1f4/0x240
[  116.436471][ T6633]  get_page_from_freelist+0x3651/0x37a0
[  116.442067][ T6633]  __alloc_frozen_pages_noprof+0x292/0x710
[  116.447898][ T6633]  alloc_pages_bulk_noprof+0x847/0xae0
[  116.453585][ T6633]  __page_pool_alloc_pages_slow+0x11f/0x690
[  116.459497][ T6633]  skb_pp_cow_data+0xcc8/0x1720
[  116.464528][ T6633]  do_xdp_generic+0x505/0xd30
[  116.469236][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  116.475058][ T6633]  __netif_receive_skb+0x12f/0x650
[  116.480317][ T6633]  netif_receive_skb+0x1e8/0x890
[  116.485343][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  116.490124][ T6633]  tun_get_user+0x30cd/0x48a0
[  116.495020][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  116.500050][ T6633]  vfs_write+0xacf/0xd10
[  116.504422][ T6633]  ksys_write+0x18f/0x2b0
[  116.508791][ T6633]  do_syscall_64+0xf3/0x230
[  116.513355][ T6633] page last free pid 6629 tgid 6629 stack trace:
[  116.519779][ T6633]  free_frozen_pages+0xe04/0x10e0
[  116.524837][ T6633]  __put_partials+0x160/0x1c0
[  116.529582][ T6633]  put_cpu_partial+0x17c/0x250
[  116.534468][ T6633]  __slab_free+0x290/0x380
[  116.538911][ T6633]  qlist_free_all+0x9a/0x140
[  116.543549][ T6633]  kasan_quarantine_reduce+0x14f/0x170
[  116.549133][ T6633]  __kasan_slab_alloc+0x23/0x80
[  116.554020][ T6633]  kmem_cache_alloc_noprof+0x1d9/0x380
[  116.559570][ T6633]  vm_area_dup+0x27/0x290
[  116.563950][ T6633]  __split_vma+0x1bf/0xbf0
[  116.568371][ T6633]  vma_modify+0x280/0x390
[  116.572763][ T6633]  vma_modify_flags+0x3a5/0x430
[  116.577633][ T6633]  mprotect_fixup+0x45a/0xaa0
[  116.582365][ T6633]  do_mprotect_pkey+0x99d/0xdd0
[  116.587227][ T6633]  __x64_sys_mprotect+0x80/0x90
[  116.592153][ T6633]  do_syscall_64+0xf3/0x230
[  116.596874][ T6633] Modules linked in:
[  116.600769][ T6633] CPU: 0 UID: 0 PID: 6633 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  116.600784][ T6633] Tainted: [B]=BAD_PAGE
[  116.600788][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  116.600793][ T6633] Call Trace:
[  116.600799][ T6633]  <TASK>
[  116.600805][ T6633]  dump_stack_lvl+0x241/0x360
[  116.600820][ T6633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.600829][ T6633]  ? __pfx_print_modules+0x10/0x10
[  116.600845][ T6633]  bad_page+0x176/0x1d0
[  116.600860][ T6633]  free_frozen_pages+0x1079/0x10e0
[  116.600872][ T6633]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  116.600886][ T6633]  bpf_xdp_adjust_tail+0x1c6/0x210
[  116.600899][ T6633]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  116.600907][ T6633]  bpf_prog_run_generic_xdp+0x686/0x1510
[  116.600925][ T6633]  do_xdp_generic+0x757/0xd30
[  116.600937][ T6633]  ? __pfx_do_xdp_generic+0x10/0x10
[  116.600955][ T6633]  ? __skb_flow_dissect+0x25f/0x7af0
[  116.600976][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  116.601003][ T6633]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  116.601022][ T6633]  ? mark_lock+0x9a/0x360
[  116.601040][ T6633]  ? __pfx___skb_flow_dissect+0x10/0x10
[  116.601055][ T6633]  ? __lock_acquire+0x1397/0x2100
[  116.601080][ T6633]  __netif_receive_skb+0x12f/0x650
[  116.601099][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  116.601118][ T6633]  ? __pfx___netif_receive_skb+0x10/0x10
[  116.601130][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  116.601141][ T6633]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  116.601153][ T6633]  ? netif_receive_skb+0x131/0x890
[  116.601163][ T6633]  ? netif_receive_skb+0x131/0x890
[  116.601174][ T6633]  netif_receive_skb+0x1e8/0x890
[  116.601185][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  116.601195][ T6633]  ? __pfx_netif_receive_skb+0x10/0x10
[  116.601208][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  116.601217][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  116.601226][ T6633]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  116.601239][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  116.601250][ T6633]  ? __pfx_tun_rx_batched+0x10/0x10
[  116.601263][ T6633]  tun_get_user+0x30cd/0x48a0
[  116.601272][ T6633]  ? tun_get_user+0x2bbb/0x48a0
[  116.601284][ T6633]  ? __lock_acquire+0x1397/0x2100
[  116.601296][ T6633]  ? __pfx_tun_get_user+0x10/0x10
[  116.601309][ T6633]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  116.601318][ T6633]  ? tun_get+0x1e/0x2f0
[  116.601326][ T6633]  ? __pfx_lock_release+0x10/0x10
[  116.601341][ T6633]  ? tun_get+0x1e/0x2f0
[  116.601349][ T6633]  ? tun_get+0x27d/0x2f0
[  116.601358][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  116.601368][ T6633]  vfs_write+0xacf/0xd10
[  116.601380][ T6633]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  116.601390][ T6633]  ? __pfx_vfs_write+0x10/0x10
[  116.601401][ T6633]  ? __fget_files+0x2a/0x410
[  116.601411][ T6633]  ? __fget_files+0x2a/0x410
[  116.601421][ T6633]  ksys_write+0x18f/0x2b0
[  116.601433][ T6633]  ? __pfx_ksys_write+0x10/0x10
[  116.601444][ T6633]  ? do_syscall_64+0x100/0x230
[  116.601454][ T6633]  ? do_syscall_64+0xb6/0x230
[  116.601462][ T6633]  do_syscall_64+0xf3/0x230
[  116.601471][ T6633]  ? clear_bhb_loop+0x35/0x90
[  116.601484][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.601496][ T6633] RIP: 0033:0x7f415157e98f
[  116.601505][ T6633] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  116.601512][ T6633] RSP: 002b:00007f41522b4020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  116.601523][ T6633] RAX: ffffffffffffffda RBX: 00007f4151745fa0 RCX: 00007f415157e98f
[  116.601530][ T6633] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  116.601535][ T6633] RBP: 00007f41515f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  116.601541][ T6633] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  116.601546][ T6633] R13: 0000000000000000 R14: 00007f4151745fa0 R15: 00007fff451d8b48
[  116.601555][ T6633]  </TASK>
[  116.984427][ T6633] BUG: Bad page state in process syz.0.15  pfn:77c87
[  116.991142][ T6633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77c87
[  117.000022][ T6633] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  117.008183][ T6633] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  117.017183][ T6633] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  117.025913][ T6633] page dumped because: page_pool leak
[  117.031553][ T6633] page_owner tracks the page as allocated
[  117.037381][ T6633] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6633, tgid 6632 (syz.0.15), ts 113857042319, free_ts 106698365538
[  117.054543][ T6633]  post_alloc_hook+0x1f4/0x240
[  117.059318][ T6633]  get_page_from_freelist+0x3651/0x37a0
[  117.064907][ T6633]  __alloc_frozen_pages_noprof+0x292/0x710
[  117.070732][ T6633]  alloc_pages_bulk_noprof+0x847/0xae0
[  117.076246][ T6633]  __page_pool_alloc_pages_slow+0x11f/0x690
[  117.082197][ T6633]  skb_pp_cow_data+0xcc8/0x1720
[  117.087351][ T6633]  do_xdp_generic+0x505/0xd30
[  117.092089][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  117.097931][ T6633]  __netif_receive_skb+0x12f/0x650
[  117.103180][ T6633]  netif_receive_skb+0x1e8/0x890
[  117.108137][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  117.112862][ T6633]  tun_get_user+0x30cd/0x48a0
[  117.117676][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  117.122859][ T6633]  vfs_write+0xacf/0xd10
[  117.127211][ T6633]  ksys_write+0x18f/0x2b0
[  117.131597][ T6633]  do_syscall_64+0xf3/0x230
[  117.136127][ T6633] page last free pid 6303 tgid 6303 stack trace:
[  117.142492][ T6633]  free_frozen_pages+0xe04/0x10e0
[  117.147804][ T6633]  vfree+0x1c3/0x360
[  117.151749][ T6633]  kcov_close+0x28/0x50
[  117.156007][ T6633]  __fput+0x3e9/0x9f0
[  117.160251][ T6633]  task_work_run+0x24f/0x310
[  117.165193][ T6633]  do_exit+0xa2a/0x28e0
[  117.169372][ T6633]  do_group_exit+0x207/0x2c0
[  117.174297][ T6633]  get_signal+0x168c/0x1720
[  117.178820][ T6633]  arch_do_signal_or_restart+0x96/0x860
[  117.184464][ T6633]  syscall_exit_to_user_mode+0xce/0x340
[  117.190124][ T6633]  do_syscall_64+0x100/0x230
[  117.194756][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.200673][ T6633] Modules linked in:
[  117.204612][ T6633] CPU: 0 UID: 0 PID: 6633 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  117.204635][ T6633] Tainted: [B]=BAD_PAGE
[  117.204640][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  117.204648][ T6633] Call Trace:
[  117.204652][ T6633]  <TASK>
[  117.204658][ T6633]  dump_stack_lvl+0x241/0x360
[  117.204677][ T6633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.204690][ T6633]  ? __pfx_print_modules+0x10/0x10
[  117.204712][ T6633]  bad_page+0x176/0x1d0
[  117.204732][ T6633]  free_frozen_pages+0x1079/0x10e0
[  117.204751][ T6633]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  117.204771][ T6633]  bpf_xdp_adjust_tail+0x1c6/0x210
[  117.204793][ T6633]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  117.204805][ T6633]  bpf_prog_run_generic_xdp+0x686/0x1510
[  117.204844][ T6633]  do_xdp_generic+0x757/0xd30
[  117.204867][ T6633]  ? __pfx_do_xdp_generic+0x10/0x10
[  117.204890][ T6633]  ? __skb_flow_dissect+0x25f/0x7af0
[  117.204915][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  117.204946][ T6633]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  117.204965][ T6633]  ? mark_lock+0x9a/0x360
[  117.204985][ T6633]  ? __pfx___skb_flow_dissect+0x10/0x10
[  117.205002][ T6633]  ? __lock_acquire+0x1397/0x2100
[  117.205029][ T6633]  __netif_receive_skb+0x12f/0x650
[  117.205050][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  117.205069][ T6633]  ? __pfx___netif_receive_skb+0x10/0x10
[  117.205091][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  117.205108][ T6633]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  117.205129][ T6633]  ? netif_receive_skb+0x131/0x890
[  117.205147][ T6633]  ? netif_receive_skb+0x131/0x890
[  117.205167][ T6633]  netif_receive_skb+0x1e8/0x890
[  117.205186][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  117.205202][ T6633]  ? __pfx_netif_receive_skb+0x10/0x10
[  117.205225][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  117.205241][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  117.205258][ T6633]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  117.205280][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  117.205299][ T6633]  ? __pfx_tun_rx_batched+0x10/0x10
[  117.205322][ T6633]  tun_get_user+0x30cd/0x48a0
[  117.205339][ T6633]  ? tun_get_user+0x2bbb/0x48a0
[  117.205359][ T6633]  ? __lock_acquire+0x1397/0x2100
[  117.205381][ T6633]  ? __pfx_tun_get_user+0x10/0x10
[  117.205404][ T6633]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  117.205419][ T6633]  ? tun_get+0x1e/0x2f0
[  117.205434][ T6633]  ? __pfx_lock_release+0x10/0x10
[  117.205459][ T6633]  ? tun_get+0x1e/0x2f0
[  117.205474][ T6633]  ? tun_get+0x27d/0x2f0
[  117.205490][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  117.205507][ T6633]  vfs_write+0xacf/0xd10
[  117.205528][ T6633]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  117.205545][ T6633]  ? __pfx_vfs_write+0x10/0x10
[  117.205563][ T6633]  ? __fget_files+0x2a/0x410
[  117.205580][ T6633]  ? __fget_files+0x2a/0x410
[  117.205598][ T6633]  ksys_write+0x18f/0x2b0
[  117.205617][ T6633]  ? __pfx_ksys_write+0x10/0x10
[  117.205636][ T6633]  ? do_syscall_64+0x100/0x230
[  117.205653][ T6633]  ? do_syscall_64+0xb6/0x230
[  117.205668][ T6633]  do_syscall_64+0xf3/0x230
[  117.205683][ T6633]  ? clear_bhb_loop+0x35/0x90
[  117.205705][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.205725][ T6633] RIP: 0033:0x7f415157e98f
[  117.205739][ T6633] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  117.205752][ T6633] RSP: 002b:00007f41522b4020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  117.205769][ T6633] RAX: ffffffffffffffda RBX: 00007f4151745fa0 RCX: 00007f415157e98f
[  117.205781][ T6633] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  117.205790][ T6633] RBP: 00007f41515f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  117.205800][ T6633] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  117.205816][ T6633] R13: 0000000000000000 R14: 00007f4151745fa0 R15: 00007fff451d8b48
[  117.205833][ T6633]  </TASK>
[  117.205842][ T6633] BUG: Bad page state in process syz.0.15  pfn:77c86
[  117.595789][ T6633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77c86
[  117.604658][ T6633] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  117.611821][ T6633] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  117.620526][ T6633] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  117.629312][ T6633] page dumped because: page_pool leak
[  117.634904][ T6633] page_owner tracks the page as allocated
[  117.640794][ T6633] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6633, tgid 6632 (syz.0.15), ts 113857030765, free_ts 106698355832
[  117.657784][ T6633]  post_alloc_hook+0x1f4/0x240
[  117.662601][ T6633]  get_page_from_freelist+0x3651/0x37a0
[  117.668139][ T6633]  __alloc_frozen_pages_noprof+0x292/0x710
[  117.673978][ T6633]  alloc_pages_bulk_noprof+0x847/0xae0
[  117.679445][ T6633]  __page_pool_alloc_pages_slow+0x11f/0x690
[  117.685396][ T6633]  skb_pp_cow_data+0xcc8/0x1720
[  117.690261][ T6633]  do_xdp_generic+0x505/0xd30
[  117.695024][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  117.700852][ T6633]  __netif_receive_skb+0x12f/0x650
[  117.706003][ T6633]  netif_receive_skb+0x1e8/0x890
[  117.711010][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  117.715693][ T6633]  tun_get_user+0x30cd/0x48a0
[  117.720364][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  117.725415][ T6633]  vfs_write+0xacf/0xd10
[  117.729687][ T6633]  ksys_write+0x18f/0x2b0
[  117.734235][ T6633]  do_syscall_64+0xf3/0x230
[  117.738942][ T6633] page last free pid 6303 tgid 6303 stack trace:
[  117.745317][ T6633]  free_frozen_pages+0xe04/0x10e0
[  117.750367][ T6633]  vfree+0x1c3/0x360
[  117.754317][ T6633]  kcov_close+0x28/0x50
[  117.758556][ T6633]  __fput+0x3e9/0x9f0
[  117.762817][ T6633]  task_work_run+0x24f/0x310
[  117.767455][ T6633]  do_exit+0xa2a/0x28e0
[  117.771707][ T6633]  do_group_exit+0x207/0x2c0
[  117.776354][ T6633]  get_signal+0x168c/0x1720
[  117.781090][ T6633]  arch_do_signal_or_restart+0x96/0x860
[  117.786681][ T6633]  syscall_exit_to_user_mode+0xce/0x340
[  117.792539][ T6633]  do_syscall_64+0x100/0x230
[  117.797166][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.803363][ T6633] Modules linked in:
[  117.807381][ T6633] CPU: 0 UID: 0 PID: 6633 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  117.807398][ T6633] Tainted: [B]=BAD_PAGE
[  117.807401][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  117.807407][ T6633] Call Trace:
[  117.807412][ T6633]  <TASK>
[  117.807417][ T6633]  dump_stack_lvl+0x241/0x360
[  117.807431][ T6633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.807527][ T6633]  ? __pfx_print_modules+0x10/0x10
[  117.807542][ T6633]  bad_page+0x176/0x1d0
[  117.807556][ T6633]  free_frozen_pages+0x1079/0x10e0
[  117.807569][ T6633]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  117.807583][ T6633]  bpf_xdp_adjust_tail+0x1c6/0x210
[  117.807596][ T6633]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  117.807607][ T6633]  bpf_prog_run_generic_xdp+0x686/0x1510
[  117.807626][ T6633]  do_xdp_generic+0x757/0xd30
[  117.807638][ T6633]  ? __pfx_do_xdp_generic+0x10/0x10
[  117.807650][ T6633]  ? __skb_flow_dissect+0x25f/0x7af0
[  117.807663][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  117.807681][ T6633]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  117.807700][ T6633]  ? mark_lock+0x9a/0x360
[  117.807787][ T6633]  ? __pfx___skb_flow_dissect+0x10/0x10
[  117.807799][ T6633]  ? __lock_acquire+0x1397/0x2100
[  117.807815][ T6633]  __netif_receive_skb+0x12f/0x650
[  117.807829][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  117.807841][ T6633]  ? __pfx___netif_receive_skb+0x10/0x10
[  117.807853][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  117.807863][ T6633]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  117.807876][ T6633]  ? netif_receive_skb+0x131/0x890
[  117.807887][ T6633]  ? netif_receive_skb+0x131/0x890
[  117.807898][ T6633]  netif_receive_skb+0x1e8/0x890
[  117.807909][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  117.807919][ T6633]  ? __pfx_netif_receive_skb+0x10/0x10
[  117.807932][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  117.807941][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  117.807951][ T6633]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  117.807964][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  117.807975][ T6633]  ? __pfx_tun_rx_batched+0x10/0x10
[  117.807988][ T6633]  tun_get_user+0x30cd/0x48a0
[  117.807998][ T6633]  ? tun_get_user+0x2bbb/0x48a0
[  117.808009][ T6633]  ? __lock_acquire+0x1397/0x2100
[  117.808022][ T6633]  ? __pfx_tun_get_user+0x10/0x10
[  117.808035][ T6633]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  117.808044][ T6633]  ? tun_get+0x1e/0x2f0
[  117.808053][ T6633]  ? __pfx_lock_release+0x10/0x10
[  117.808067][ T6633]  ? tun_get+0x1e/0x2f0
[  117.808076][ T6633]  ? tun_get+0x27d/0x2f0
[  117.808085][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  117.808095][ T6633]  vfs_write+0xacf/0xd10
[  117.808107][ T6633]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  117.808117][ T6633]  ? __pfx_vfs_write+0x10/0x10
[  117.808128][ T6633]  ? __fget_files+0x2a/0x410
[  117.808138][ T6633]  ? __fget_files+0x2a/0x410
[  117.808149][ T6633]  ksys_write+0x18f/0x2b0
[  117.808160][ T6633]  ? __pfx_ksys_write+0x10/0x10
[  117.808171][ T6633]  ? do_syscall_64+0x100/0x230
[  117.808181][ T6633]  ? do_syscall_64+0xb6/0x230
[  117.808190][ T6633]  do_syscall_64+0xf3/0x230
[  117.808199][ T6633]  ? clear_bhb_loop+0x35/0x90
[  117.808213][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.808225][ T6633] RIP: 0033:0x7f415157e98f
[  117.808235][ T6633] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  117.808243][ T6633] RSP: 002b:00007f41522b4020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  117.808255][ T6633] RAX: ffffffffffffffda RBX: 00007f4151745fa0 RCX: 00007f415157e98f
[  117.808261][ T6633] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  117.808267][ T6633] RBP: 00007f41515f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  117.808273][ T6633] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  117.808279][ T6633] R13: 0000000000000000 R14: 00007f4151745fa0 R15: 00007fff451d8b48
[  117.808288][ T6633]  </TASK>
[  117.808296][ T6633] BUG: Bad page state in process syz.0.15  pfn:77c85
[  118.196543][ T6633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x77c85
[  118.205524][ T6633] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  118.212703][ T6633] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  118.221453][ T6633] raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000
[  118.230178][ T6633] page dumped because: page_pool leak
[  118.235614][ T6633] page_owner tracks the page as allocated
[  118.241361][ T6633] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6633, tgid 6632 (syz.0.15), ts 113857019581, free_ts 106698346173
[  118.258339][ T6633]  post_alloc_hook+0x1f4/0x240
[  118.263167][ T6633]  get_page_from_freelist+0x3651/0x37a0
[  118.268812][ T6633]  __alloc_frozen_pages_noprof+0x292/0x710
[  118.274837][ T6633]  alloc_pages_bulk_noprof+0x847/0xae0
[  118.280317][ T6633]  __page_pool_alloc_pages_slow+0x11f/0x690
[  118.286594][ T6633]  skb_pp_cow_data+0xcc8/0x1720
[  118.291535][ T6633]  do_xdp_generic+0x505/0xd30
[  118.296223][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  118.302015][ T6633]  __netif_receive_skb+0x12f/0x650
[  118.307145][ T6633]  netif_receive_skb+0x1e8/0x890
[  118.312136][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  118.317004][ T6633]  tun_get_user+0x30cd/0x48a0
[  118.321904][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  118.327937][ T6633]  vfs_write+0xacf/0xd10
[  118.332322][ T6633]  ksys_write+0x18f/0x2b0
[  118.336851][ T6633]  do_syscall_64+0xf3/0x230
[  118.341539][ T6633] page last free pid 6303 tgid 6303 stack trace:
[  118.348310][ T6633]  free_frozen_pages+0xe04/0x10e0
[  118.353594][ T6633]  vfree+0x1c3/0x360
[  118.357524][ T6633]  kcov_close+0x28/0x50
[  118.361748][ T6633]  __fput+0x3e9/0x9f0
[  118.365844][ T6633]  task_work_run+0x24f/0x310
[  118.370478][ T6633]  do_exit+0xa2a/0x28e0
[  118.374690][ T6633]  do_group_exit+0x207/0x2c0
[  118.379409][ T6633]  get_signal+0x168c/0x1720
[  118.383970][ T6633]  arch_do_signal_or_restart+0x96/0x860
[  118.389549][ T6633]  syscall_exit_to_user_mode+0xce/0x340
[  118.395148][ T6633]  do_syscall_64+0x100/0x230
[  118.399763][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.405732][ T6633] Modules linked in:
[  118.409636][ T6633] CPU: 0 UID: 0 PID: 6633 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  118.409652][ T6633] Tainted: [B]=BAD_PAGE
[  118.409655][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  118.409661][ T6633] Call Trace:
[  118.409665][ T6633]  <TASK>
[  118.409669][ T6633]  dump_stack_lvl+0x241/0x360
[  118.409683][ T6633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.409692][ T6633]  ? __pfx_print_modules+0x10/0x10
[  118.409707][ T6633]  bad_page+0x176/0x1d0
[  118.409726][ T6633]  free_frozen_pages+0x1079/0x10e0
[  118.409738][ T6633]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  118.409753][ T6633]  bpf_xdp_adjust_tail+0x1c6/0x210
[  118.409766][ T6633]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  118.409774][ T6633]  bpf_prog_run_generic_xdp+0x686/0x1510
[  118.409791][ T6633]  do_xdp_generic+0x757/0xd30
[  118.409803][ T6633]  ? __pfx_do_xdp_generic+0x10/0x10
[  118.409815][ T6633]  ? __skb_flow_dissect+0x25f/0x7af0
[  118.409829][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  118.409846][ T6633]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  118.409858][ T6633]  ? mark_lock+0x9a/0x360
[  118.409871][ T6633]  ? __pfx___skb_flow_dissect+0x10/0x10
[  118.409881][ T6633]  ? __lock_acquire+0x1397/0x2100
[  118.409897][ T6633]  __netif_receive_skb+0x12f/0x650
[  118.409909][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  118.409920][ T6633]  ? __pfx___netif_receive_skb+0x10/0x10
[  118.409932][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  118.409942][ T6633]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  118.409954][ T6633]  ? netif_receive_skb+0x131/0x890
[  118.409965][ T6633]  ? netif_receive_skb+0x131/0x890
[  118.409975][ T6633]  netif_receive_skb+0x1e8/0x890
[  118.409986][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  118.409995][ T6633]  ? __pfx_netif_receive_skb+0x10/0x10
[  118.410008][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  118.410017][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  118.410027][ T6633]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  118.410040][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  118.410051][ T6633]  ? __pfx_tun_rx_batched+0x10/0x10
[  118.410064][ T6633]  tun_get_user+0x30cd/0x48a0
[  118.410073][ T6633]  ? tun_get_user+0x2bbb/0x48a0
[  118.410084][ T6633]  ? __lock_acquire+0x1397/0x2100
[  118.410097][ T6633]  ? __pfx_tun_get_user+0x10/0x10
[  118.410109][ T6633]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  118.410118][ T6633]  ? tun_get+0x1e/0x2f0
[  118.410127][ T6633]  ? __pfx_lock_release+0x10/0x10
[  118.410141][ T6633]  ? tun_get+0x1e/0x2f0
[  118.410149][ T6633]  ? tun_get+0x27d/0x2f0
[  118.410158][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  118.410168][ T6633]  vfs_write+0xacf/0xd10
[  118.410180][ T6633]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  118.410190][ T6633]  ? __pfx_vfs_write+0x10/0x10
[  118.410201][ T6633]  ? __fget_files+0x2a/0x410
[  118.410211][ T6633]  ? __fget_files+0x2a/0x410
[  118.410221][ T6633]  ksys_write+0x18f/0x2b0
[  118.410232][ T6633]  ? __pfx_ksys_write+0x10/0x10
[  118.410243][ T6633]  ? do_syscall_64+0x100/0x230
[  118.410253][ T6633]  ? do_syscall_64+0xb6/0x230
[  118.410262][ T6633]  do_syscall_64+0xf3/0x230
[  118.410270][ T6633]  ? clear_bhb_loop+0x35/0x90
[  118.410283][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.410295][ T6633] RIP: 0033:0x7f415157e98f
[  118.410304][ T6633] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  118.410311][ T6633] RSP: 002b:00007f41522b4020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  118.410322][ T6633] RAX: ffffffffffffffda RBX: 00007f4151745fa0 RCX: 00007f415157e98f
[  118.410328][ T6633] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  118.410334][ T6633] RBP: 00007f41515f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  118.410340][ T6633] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  118.410345][ T6633] R13: 0000000000000000 R14: 00007f4151745fa0 R15: 00007fff451d8b48
[  118.410354][ T6633]  </TASK>
[  118.410360][ T6633] BUG: Bad page state in process syz.0.15  pfn:77c84
[  118.798358][ T6633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888077c84000 pfn:0x77c84
[  118.808561][ T6633] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  118.815725][ T6633] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  118.824449][ T6633] raw: ffff888077c84000 0000000000000001 00000000ffffffff 0000000000000000
[  118.833146][ T6633] page dumped because: page_pool leak
[  118.838521][ T6633] page_owner tracks the page as allocated
[  118.844291][ T6633] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6633, tgid 6632 (syz.0.15), ts 113857007716, free_ts 106698336219
[  118.861296][ T6633]  post_alloc_hook+0x1f4/0x240
[  118.866059][ T6633]  get_page_from_freelist+0x3651/0x37a0
[  118.871811][ T6633]  __alloc_frozen_pages_noprof+0x292/0x710
[  118.877646][ T6633]  alloc_pages_bulk_noprof+0x847/0xae0
[  118.883238][ T6633]  __page_pool_alloc_pages_slow+0x11f/0x690
[  118.889156][ T6633]  skb_pp_cow_data+0xcc8/0x1720
[  118.894066][ T6633]  do_xdp_generic+0x505/0xd30
[  118.898760][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  118.904547][ T6633]  __netif_receive_skb+0x12f/0x650
[  118.909719][ T6633]  netif_receive_skb+0x1e8/0x890
[  118.914718][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  118.919438][ T6633]  tun_get_user+0x30cd/0x48a0
[  118.924281][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  118.929460][ T6633]  vfs_write+0xacf/0xd10
[  118.933825][ T6633]  ksys_write+0x18f/0x2b0
[  118.938182][ T6633]  do_syscall_64+0xf3/0x230
[  118.942948][ T6633] page last free pid 6303 tgid 6303 stack trace:
[  118.949310][ T6633]  free_frozen_pages+0xe04/0x10e0
[  118.954478][ T6633]  vfree+0x1c3/0x360
[  118.958399][ T6633]  kcov_close+0x28/0x50
[  118.962675][ T6633]  __fput+0x3e9/0x9f0
[  118.966895][ T6633]  task_work_run+0x24f/0x310
[  118.971560][ T6633]  do_exit+0xa2a/0x28e0
[  118.975736][ T6633]  do_group_exit+0x207/0x2c0
[  118.980334][ T6633]  get_signal+0x168c/0x1720
[  118.984907][ T6633]  arch_do_signal_or_restart+0x96/0x860
[  118.990487][ T6633]  syscall_exit_to_user_mode+0xce/0x340
[  118.996277][ T6633]  do_syscall_64+0x100/0x230
[  119.001032][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.006941][ T6633] Modules linked in:
[  119.010828][ T6633] CPU: 0 UID: 0 PID: 6633 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  119.010842][ T6633] Tainted: [B]=BAD_PAGE
[  119.010846][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  119.010852][ T6633] Call Trace:
[  119.010857][ T6633]  <TASK>
[  119.010862][ T6633]  dump_stack_lvl+0x241/0x360
[  119.010876][ T6633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.010885][ T6633]  ? __pfx_print_modules+0x10/0x10
[  119.010899][ T6633]  bad_page+0x176/0x1d0
[  119.010913][ T6633]  free_frozen_pages+0x1079/0x10e0
[  119.010925][ T6633]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  119.010939][ T6633]  bpf_xdp_adjust_tail+0x1c6/0x210
[  119.010966][ T6633]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  119.010981][ T6633]  bpf_prog_run_generic_xdp+0x686/0x1510
[  119.011006][ T6633]  do_xdp_generic+0x757/0xd30
[  119.011025][ T6633]  ? __pfx_do_xdp_generic+0x10/0x10
[  119.011042][ T6633]  ? __skb_flow_dissect+0x25f/0x7af0
[  119.011056][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  119.011073][ T6633]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  119.011086][ T6633]  ? mark_lock+0x9a/0x360
[  119.011098][ T6633]  ? __pfx___skb_flow_dissect+0x10/0x10
[  119.011108][ T6633]  ? __lock_acquire+0x1397/0x2100
[  119.011124][ T6633]  __netif_receive_skb+0x12f/0x650
[  119.011136][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  119.011147][ T6633]  ? __pfx___netif_receive_skb+0x10/0x10
[  119.011159][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  119.011169][ T6633]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  119.011182][ T6633]  ? netif_receive_skb+0x131/0x890
[  119.011192][ T6633]  ? netif_receive_skb+0x131/0x890
[  119.011203][ T6633]  netif_receive_skb+0x1e8/0x890
[  119.011213][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  119.011222][ T6633]  ? __pfx_netif_receive_skb+0x10/0x10
[  119.011235][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  119.011244][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  119.011254][ T6633]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  119.011266][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  119.011277][ T6633]  ? __pfx_tun_rx_batched+0x10/0x10
[  119.011290][ T6633]  tun_get_user+0x30cd/0x48a0
[  119.011299][ T6633]  ? tun_get_user+0x2bbb/0x48a0
[  119.011310][ T6633]  ? __lock_acquire+0x1397/0x2100
[  119.011323][ T6633]  ? __pfx_tun_get_user+0x10/0x10
[  119.011335][ T6633]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  119.011344][ T6633]  ? tun_get+0x1e/0x2f0
[  119.011352][ T6633]  ? __pfx_lock_release+0x10/0x10
[  119.011366][ T6633]  ? tun_get+0x1e/0x2f0
[  119.011378][ T6633]  ? tun_get+0x27d/0x2f0
[  119.011387][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  119.011397][ T6633]  vfs_write+0xacf/0xd10
[  119.011409][ T6633]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  119.011419][ T6633]  ? __pfx_vfs_write+0x10/0x10
[  119.011430][ T6633]  ? __fget_files+0x2a/0x410
[  119.011440][ T6633]  ? __fget_files+0x2a/0x410
[  119.011451][ T6633]  ksys_write+0x18f/0x2b0
[  119.011462][ T6633]  ? __pfx_ksys_write+0x10/0x10
[  119.011473][ T6633]  ? do_syscall_64+0x100/0x230
[  119.011483][ T6633]  ? do_syscall_64+0xb6/0x230
[  119.011491][ T6633]  do_syscall_64+0xf3/0x230
[  119.011500][ T6633]  ? clear_bhb_loop+0x35/0x90
[  119.011513][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.011526][ T6633] RIP: 0033:0x7f415157e98f
[  119.011535][ T6633] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  119.011543][ T6633] RSP: 002b:00007f41522b4020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  119.011553][ T6633] RAX: ffffffffffffffda RBX: 00007f4151745fa0 RCX: 00007f415157e98f
[  119.011560][ T6633] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  119.011566][ T6633] RBP: 00007f41515f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  119.011571][ T6633] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  119.011577][ T6633] R13: 0000000000000000 R14: 00007f4151745fa0 R15: 00007fff451d8b48
[  119.011585][ T6633]  </TASK>
[  119.394492][ T6633] BUG: Bad page state in process syz.0.15  pfn:7e367
[  119.401210][ T6633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e367
[  119.409996][ T6633] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  119.417169][ T6633] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  119.425799][ T6633] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  119.434453][ T6633] page dumped because: page_pool leak
[  119.439818][ T6633] page_owner tracks the page as allocated
[  119.445644][ T6633] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6633, tgid 6632 (syz.0.15), ts 113856996317, free_ts 106698326435
[  119.462723][ T6633]  post_alloc_hook+0x1f4/0x240
[  119.467491][ T6633]  get_page_from_freelist+0x3651/0x37a0
[  119.473119][ T6633]  __alloc_frozen_pages_noprof+0x292/0x710
[  119.478949][ T6633]  alloc_pages_bulk_noprof+0x847/0xae0
[  119.484482][ T6633]  __page_pool_alloc_pages_slow+0x11f/0x690
[  119.490545][ T6633]  skb_pp_cow_data+0xcc8/0x1720
[  119.495475][ T6633]  do_xdp_generic+0x505/0xd30
[  119.500177][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  119.506144][ T6633]  __netif_receive_skb+0x12f/0x650
[  119.511449][ T6633]  netif_receive_skb+0x1e8/0x890
[  119.516461][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  119.521226][ T6633]  tun_get_user+0x30cd/0x48a0
[  119.525920][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  119.530995][ T6633]  vfs_write+0xacf/0xd10
[  119.535240][ T6633]  ksys_write+0x18f/0x2b0
[  119.539663][ T6633]  do_syscall_64+0xf3/0x230
[  119.544215][ T6633] page last free pid 6303 tgid 6303 stack trace:
[  119.550569][ T6633]  free_frozen_pages+0xe04/0x10e0
[  119.555692][ T6633]  vfree+0x1c3/0x360
[  119.559632][ T6633]  kcov_close+0x28/0x50
[  119.563844][ T6633]  __fput+0x3e9/0x9f0
[  119.567838][ T6633]  task_work_run+0x24f/0x310
[  119.572457][ T6633]  do_exit+0xa2a/0x28e0
[  119.576655][ T6633]  do_group_exit+0x207/0x2c0
[  119.581298][ T6633]  get_signal+0x168c/0x1720
[  119.585924][ T6633]  arch_do_signal_or_restart+0x96/0x860
[  119.591522][ T6633]  syscall_exit_to_user_mode+0xce/0x340
[  119.597094][ T6633]  do_syscall_64+0x100/0x230
[  119.601758][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.607664][ T6633] Modules linked in:
[  119.611788][ T6633] CPU: 0 UID: 0 PID: 6633 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  119.611813][ T6633] Tainted: [B]=BAD_PAGE
[  119.611818][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  119.611826][ T6633] Call Trace:
[  119.611830][ T6633]  <TASK>
[  119.611835][ T6633]  dump_stack_lvl+0x241/0x360
[  119.611854][ T6633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.611868][ T6633]  ? __pfx_print_modules+0x10/0x10
[  119.611889][ T6633]  bad_page+0x176/0x1d0
[  119.611909][ T6633]  free_frozen_pages+0x1079/0x10e0
[  119.611929][ T6633]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  119.611949][ T6633]  bpf_xdp_adjust_tail+0x1c6/0x210
[  119.611969][ T6633]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  119.611981][ T6633]  bpf_prog_run_generic_xdp+0x686/0x1510
[  119.612009][ T6633]  do_xdp_generic+0x757/0xd30
[  119.612031][ T6633]  ? __pfx_do_xdp_generic+0x10/0x10
[  119.612054][ T6633]  ? __skb_flow_dissect+0x25f/0x7af0
[  119.612079][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  119.612112][ T6633]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  119.612135][ T6633]  ? mark_lock+0x9a/0x360
[  119.612155][ T6633]  ? __pfx___skb_flow_dissect+0x10/0x10
[  119.612172][ T6633]  ? __lock_acquire+0x1397/0x2100
[  119.612201][ T6633]  __netif_receive_skb+0x12f/0x650
[  119.612222][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  119.612240][ T6633]  ? __pfx___netif_receive_skb+0x10/0x10
[  119.612258][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  119.612288][ T6633]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  119.612309][ T6633]  ? netif_receive_skb+0x131/0x890
[  119.612328][ T6633]  ? netif_receive_skb+0x131/0x890
[  119.612346][ T6633]  netif_receive_skb+0x1e8/0x890
[  119.612365][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  119.612382][ T6633]  ? __pfx_netif_receive_skb+0x10/0x10
[  119.612404][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  119.612420][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  119.612437][ T6633]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  119.612459][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  119.612479][ T6633]  ? __pfx_tun_rx_batched+0x10/0x10
[  119.612502][ T6633]  tun_get_user+0x30cd/0x48a0
[  119.612519][ T6633]  ? tun_get_user+0x2bbb/0x48a0
[  119.612538][ T6633]  ? __lock_acquire+0x1397/0x2100
[  119.612560][ T6633]  ? __pfx_tun_get_user+0x10/0x10
[  119.612583][ T6633]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  119.612598][ T6633]  ? tun_get+0x1e/0x2f0
[  119.612613][ T6633]  ? __pfx_lock_release+0x10/0x10
[  119.612637][ T6633]  ? tun_get+0x1e/0x2f0
[  119.612653][ T6633]  ? tun_get+0x27d/0x2f0
[  119.612669][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  119.612686][ T6633]  vfs_write+0xacf/0xd10
[  119.612707][ T6633]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  119.612724][ T6633]  ? __pfx_vfs_write+0x10/0x10
[  119.612743][ T6633]  ? __fget_files+0x2a/0x410
[  119.612761][ T6633]  ? __fget_files+0x2a/0x410
[  119.612779][ T6633]  ksys_write+0x18f/0x2b0
[  119.612798][ T6633]  ? __pfx_ksys_write+0x10/0x10
[  119.612817][ T6633]  ? do_syscall_64+0x100/0x230
[  119.612834][ T6633]  ? do_syscall_64+0xb6/0x230
[  119.612850][ T6633]  do_syscall_64+0xf3/0x230
[  119.612864][ T6633]  ? clear_bhb_loop+0x35/0x90
[  119.612885][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.612904][ T6633] RIP: 0033:0x7f415157e98f
[  119.612918][ T6633] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  119.612931][ T6633] RSP: 002b:00007f41522b4020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  119.612948][ T6633] RAX: ffffffffffffffda RBX: 00007f4151745fa0 RCX: 00007f415157e98f
[  119.612959][ T6633] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  119.612969][ T6633] RBP: 00007f41515f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  119.612978][ T6633] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  119.612988][ T6633] R13: 0000000000000000 R14: 00007f4151745fa0 R15: 00007fff451d8b48
[  119.613004][ T6633]  </TASK>
[  119.613014][ T6633] BUG: Bad page state in process syz.0.15  pfn:7e366
[  120.001187][ T6633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e366
[  120.009945][ T6633] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  120.017185][ T6633] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  120.025906][ T6633] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  120.034697][ T6633] page dumped because: page_pool leak
[  120.040066][ T6633] page_owner tracks the page as allocated
[  120.046013][ T6633] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6633, tgid 6632 (syz.0.15), ts 113856985162, free_ts 106698316646
[  120.063002][ T6633]  post_alloc_hook+0x1f4/0x240
[  120.067873][ T6633]  get_page_from_freelist+0x3651/0x37a0
[  120.073586][ T6633]  __alloc_frozen_pages_noprof+0x292/0x710
[  120.079427][ T6633]  alloc_pages_bulk_noprof+0x847/0xae0
[  120.085047][ T6633]  __page_pool_alloc_pages_slow+0x11f/0x690
[  120.091177][ T6633]  skb_pp_cow_data+0xcc8/0x1720
[  120.096214][ T6633]  do_xdp_generic+0x505/0xd30
[  120.100880][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  120.106635][ T6633]  __netif_receive_skb+0x12f/0x650
[  120.111782][ T6633]  netif_receive_skb+0x1e8/0x890
[  120.116727][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  120.121456][ T6633]  tun_get_user+0x30cd/0x48a0
[  120.126136][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  120.131281][ T6633]  vfs_write+0xacf/0xd10
[  120.135531][ T6633]  ksys_write+0x18f/0x2b0
[  120.140024][ T6633]  do_syscall_64+0xf3/0x230
[  120.144562][ T6633] page last free pid 6303 tgid 6303 stack trace:
[  120.150889][ T6633]  free_frozen_pages+0xe04/0x10e0
[  120.155965][ T6633]  vfree+0x1c3/0x360
[  120.159875][ T6633]  kcov_close+0x28/0x50
[  120.164083][ T6633]  __fput+0x3e9/0x9f0
[  120.168249][ T6633]  task_work_run+0x24f/0x310
[  120.172886][ T6633]  do_exit+0xa2a/0x28e0
[  120.177047][ T6633]  do_group_exit+0x207/0x2c0
[  120.181666][ T6633]  get_signal+0x168c/0x1720
[  120.186170][ T6633]  arch_do_signal_or_restart+0x96/0x860
[  120.191754][ T6633]  syscall_exit_to_user_mode+0xce/0x340
[  120.197306][ T6633]  do_syscall_64+0x100/0x230
[  120.202124][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.208160][ T6633] Modules linked in:
[  120.212278][ T6633] CPU: 0 UID: 0 PID: 6633 Comm: syz.0.15 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  120.212300][ T6633] Tainted: [B]=BAD_PAGE
[  120.212306][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  120.212314][ T6633] Call Trace:
[  120.212319][ T6633]  <TASK>
[  120.212325][ T6633]  dump_stack_lvl+0x241/0x360
[  120.212345][ T6633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.212359][ T6633]  ? __pfx_print_modules+0x10/0x10
[  120.212380][ T6633]  bad_page+0x176/0x1d0
[  120.212400][ T6633]  free_frozen_pages+0x1079/0x10e0
[  120.212421][ T6633]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  120.212444][ T6633]  bpf_xdp_adjust_tail+0x1c6/0x210
[  120.212468][ T6633]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  120.212482][ T6633]  bpf_prog_run_generic_xdp+0x686/0x1510
[  120.212513][ T6633]  do_xdp_generic+0x757/0xd30
[  120.212536][ T6633]  ? __pfx_do_xdp_generic+0x10/0x10
[  120.212558][ T6633]  ? __skb_flow_dissect+0x25f/0x7af0
[  120.212581][ T6633]  __netif_receive_skb_core+0x1be5/0x4540
[  120.212611][ T6633]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  120.212633][ T6633]  ? mark_lock+0x9a/0x360
[  120.212653][ T6633]  ? __pfx___skb_flow_dissect+0x10/0x10
[  120.212670][ T6633]  ? __lock_acquire+0x1397/0x2100
[  120.212698][ T6633]  __netif_receive_skb+0x12f/0x650
[  120.212720][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  120.212739][ T6633]  ? __pfx___netif_receive_skb+0x10/0x10
[  120.212760][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  120.212778][ T6633]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  120.212799][ T6633]  ? netif_receive_skb+0x131/0x890
[  120.212817][ T6633]  ? netif_receive_skb+0x131/0x890
[  120.212836][ T6633]  netif_receive_skb+0x1e8/0x890
[  120.212855][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  120.212878][ T6633]  ? __pfx_netif_receive_skb+0x10/0x10
[  120.212899][ T6633]  ? tun_rx_batched+0x160/0x8f0
[  120.212915][ T6633]  tun_rx_batched+0x1b7/0x8f0
[  120.212931][ T6633]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  120.212953][ T6633]  ? __pfx_lock_acquire+0x10/0x10
[  120.212972][ T6633]  ? __pfx_tun_rx_batched+0x10/0x10
[  120.212995][ T6633]  tun_get_user+0x30cd/0x48a0
[  120.213012][ T6633]  ? tun_get_user+0x2bbb/0x48a0
[  120.213032][ T6633]  ? __lock_acquire+0x1397/0x2100
[  120.213055][ T6633]  ? __pfx_tun_get_user+0x10/0x10
[  120.213077][ T6633]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  120.213092][ T6633]  ? tun_get+0x1e/0x2f0
[  120.213108][ T6633]  ? __pfx_lock_release+0x10/0x10
[  120.213132][ T6633]  ? tun_get+0x1e/0x2f0
[  120.213147][ T6633]  ? tun_get+0x27d/0x2f0
[  120.213163][ T6633]  tun_chr_write_iter+0x10d/0x1f0
[  120.213180][ T6633]  vfs_write+0xacf/0xd10
[  120.213201][ T6633]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  120.213217][ T6633]  ? __pfx_vfs_write+0x10/0x10
[  120.213320][ T6633]  ? __fget_files+0x2a/0x410
[  120.213338][ T6633]  ? __fget_files+0x2a/0x410
[  120.213357][ T6633]  ksys_write+0x18f/0x2b0
[  120.213376][ T6633]  ? __pfx_ksys_write+0x10/0x10
[  120.213395][ T6633]  ? do_syscall_64+0x100/0x230
[  120.213411][ T6633]  ? do_syscall_64+0xb6/0x230
[  120.213426][ T6633]  do_syscall_64+0xf3/0x230
[  120.213439][ T6633]  ? clear_bhb_loop+0x35/0x90
[  120.213461][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.213481][ T6633] RIP: 0033:0x7f415157e98f
[  120.213540][ T6633] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  120.213552][ T6633] RSP: 002b:00007f41522b4020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  120.213568][ T6633] RAX: ffffffffffffffda RBX: 00007f4151745fa0 RCX: 00007f415157e98f
[  120.213578][ T6633] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  120.213585][ T6633] RBP: 00007f41515f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  120.213593][ T6633] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  120.213600][ T6633] R13: 0000000000000000 R14: 00007f4151745fa0 R15: 00007fff451d8b48
[  120.213615][ T6633]  </TASK>
[  120.217824][ T5132] Bluetooth: hci0: command tx timeout
[  120.655758][ T6676] BUG: Bad page state in process syz.0.16  pfn:1eb46
[  120.662523][ T6676] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eb46
[  120.671438][ T6676] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  120.678576][ T6676] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  120.687742][ T6676] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  120.696385][ T6676] page dumped because: page_pool leak
[  120.701890][ T6676] page_owner tracks the page as allocated
[  120.707620][ T6676] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6676, tgid 6675 (syz.0.16), ts 120655694929, free_ts 120017554364
[  120.725377][ T6676]  post_alloc_hook+0x1f4/0x240
[  120.730628][ T6676]  get_page_from_freelist+0x3651/0x37a0
[  120.736240][ T6676]  __alloc_frozen_pages_noprof+0x292/0x710
[  120.742198][ T6676]  alloc_pages_bulk_noprof+0x847/0xae0
[  120.747693][ T6676]  __page_pool_alloc_pages_slow+0x11f/0x690
[  120.753676][ T6676]  skb_pp_cow_data+0xcc8/0x1720
[  120.758547][ T6676]  do_xdp_generic+0x505/0xd30
[  120.763282][ T6676]  __netif_receive_skb_core+0x1be5/0x4540
[  120.769020][ T6676]  __netif_receive_skb+0x12f/0x650
[  120.774309][ T6676]  netif_receive_skb+0x1e8/0x890
[  120.779266][ T6676]  tun_rx_batched+0x1b7/0x8f0
[  120.784090][ T6676]  tun_get_user+0x30cd/0x48a0
[  120.788797][ T6676]  tun_chr_write_iter+0x10d/0x1f0
[  120.793913][ T6676]  vfs_write+0xacf/0xd10
[  120.798177][ T6676]  ksys_write+0x18f/0x2b0
[  120.802580][ T6676]  do_syscall_64+0xf3/0x230
[  120.807095][ T6676] page last free pid 5184 tgid 5184 stack trace:
[  120.813469][ T6676]  free_frozen_pages+0xe04/0x10e0
[  120.818520][ T6676]  __put_partials+0x160/0x1c0
[  120.823268][ T6676]  put_cpu_partial+0x17c/0x250
[  120.828061][ T6676]  __slab_free+0x290/0x380
[  120.832539][ T6676]  qlist_free_all+0x9a/0x140
[  120.837169][ T6676]  kasan_quarantine_reduce+0x14f/0x170
[  120.842719][ T6676]  __kasan_slab_alloc+0x23/0x80
[  120.847681][ T6676]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  120.853853][ T6676]  __alloc_skb+0x1c3/0x440
[  120.858277][ T6676]  alloc_skb_with_frags+0xc3/0x820
[  120.863745][ T6676]  sock_alloc_send_pskb+0x91a/0xa60
[  120.869053][ T6676]  unix_dgram_sendmsg+0x5e8/0x1df0
[  120.874209][ T6676]  __sock_sendmsg+0x221/0x270
[  120.879162][ T6676]  __sys_sendto+0x363/0x4c0
[  120.883749][ T6676]  __x64_sys_sendto+0xde/0x100
[  120.888552][ T6676]  do_syscall_64+0xf3/0x230
[  120.893399][ T6676] Modules linked in:
[  120.897490][ T6676] CPU: 0 UID: 0 PID: 6676 Comm: syz.0.16 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  120.897515][ T6676] Tainted: [B]=BAD_PAGE
[  120.897521][ T6676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  120.897531][ T6676] Call Trace:
[  120.897538][ T6676]  <TASK>
[  120.897546][ T6676]  dump_stack_lvl+0x241/0x360
[  120.897569][ T6676]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.897584][ T6676]  ? __pfx_print_modules+0x10/0x10
[  120.897610][ T6676]  bad_page+0x176/0x1d0
[  120.897633][ T6676]  free_frozen_pages+0x1079/0x10e0
[  120.897656][ T6676]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  120.897680][ T6676]  bpf_xdp_adjust_tail+0x1c6/0x210
[  120.897704][ T6676]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  120.897719][ T6676]  bpf_prog_run_generic_xdp+0x686/0x1510
[  120.897751][ T6676]  do_xdp_generic+0x757/0xd30
[  120.897771][ T6676]  ? __pfx_do_xdp_generic+0x10/0x10
[  120.897787][ T6676]  ? rcu_is_watching+0x15/0xb0
[  120.897807][ T6676]  ? cgroup_rstat_updated+0x13b/0xc30
[  120.897827][ T6676]  __netif_receive_skb_core+0x1be5/0x4540
[  120.897859][ T6676]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  120.897883][ T6676]  ? __pfx___skb_flow_dissect+0x10/0x10
[  120.897900][ T6676]  ? rcu_is_watching+0x15/0xb0
[  120.897915][ T6676]  ? lock_release+0xbf/0xa30
[  120.897936][ T6676]  ? __pfx_count_memcg_event_mm+0x10/0x10
[  120.897957][ T6676]  ? __up_read+0x2c2/0x6b0
[  120.897974][ T6676]  ? rcu_is_watching+0x15/0xb0
[  120.897988][ T6676]  __netif_receive_skb+0x12f/0x650
[  120.898009][ T6676]  ? __pfx_lock_acquire+0x10/0x10
[  120.898028][ T6676]  ? __pfx___netif_receive_skb+0x10/0x10
[  120.898046][ T6676]  ? tun_rx_batched+0x160/0x8f0
[  120.898062][ T6676]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  120.898081][ T6676]  ? _copy_from_iter+0x161/0x1c40
[  120.898099][ T6676]  ? netif_receive_skb+0x131/0x890
[  120.898118][ T6676]  netif_receive_skb+0x1e8/0x890
[  120.898138][ T6676]  ? tun_rx_batched+0x160/0x8f0
[  120.898155][ T6676]  ? __pfx_netif_receive_skb+0x10/0x10
[  120.898175][ T6676]  ? __pfx_lock_release+0x10/0x10
[  120.898198][ T6676]  ? tun_rx_batched+0x160/0x8f0
[  120.898215][ T6676]  tun_rx_batched+0x1b7/0x8f0
[  120.898239][ T6676]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  120.898260][ T6676]  ? __pfx_lock_acquire+0x10/0x10
[  120.898277][ T6676]  ? rcu_is_watching+0x15/0xb0
[  120.898291][ T6676]  ? __pfx_tun_rx_batched+0x10/0x10
[  120.898314][ T6676]  tun_get_user+0x30cd/0x48a0
[  120.898331][ T6676]  ? tun_get_user+0x2bbb/0x48a0
[  120.898352][ T6676]  ? schedule+0x90/0x320
[  120.898372][ T6676]  ? schedule+0x90/0x320
[  120.898391][ T6676]  ? schedule+0x155/0x320
[  120.898410][ T6676]  ? futex_wait_queue+0x27/0x1e0
[  120.898431][ T6676]  ? futex_wait_queue+0x159/0x1e0
[  120.898451][ T6676]  ? __pfx_tun_get_user+0x10/0x10
[  120.898467][ T6676]  ? __futex_wait+0x287/0x320
[  120.898489][ T6676]  ? tun_get+0x1e/0x2f0
[  120.898502][ T6676]  ? rcu_is_watching+0x15/0xb0
[  120.898516][ T6676]  ? tun_get+0x1e/0x2f0
[  120.898531][ T6676]  ? lock_release+0xbf/0xa30
[  120.898551][ T6676]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  120.898564][ T6676]  ? __pfx_lock_release+0x10/0x10
[  120.898588][ T6676]  ? tun_get+0x1e/0x2f0
[  120.898602][ T6676]  ? tun_get+0x27d/0x2f0
[  120.898619][ T6676]  tun_chr_write_iter+0x10d/0x1f0
[  120.898637][ T6676]  vfs_write+0xacf/0xd10
[  120.898658][ T6676]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  120.898675][ T6676]  ? __pfx_vfs_write+0x10/0x10
[  120.898694][ T6676]  ? __fget_files+0x2a/0x410
[  120.898711][ T6676]  ? __fget_files+0x2a/0x410
[  120.898731][ T6676]  ksys_write+0x18f/0x2b0
[  120.898750][ T6676]  ? __pfx_ksys_write+0x10/0x10
[  120.898769][ T6676]  ? rcu_is_watching+0x15/0xb0
[  120.898785][ T6676]  ? rcu_is_watching+0x15/0xb0
[  120.898802][ T6676]  do_syscall_64+0xf3/0x230
[  120.898818][ T6676]  ? clear_bhb_loop+0x35/0x90
[  120.898858][ T6676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.898878][ T6676] RIP: 0033:0x7f415157e98f
[  120.898891][ T6676] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  120.898904][ T6676] RSP: 002b:00007f41522b4020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  120.898922][ T6676] RAX: ffffffffffffffda RBX: 00007f4151745fa0 RCX: 00007f415157e98f
[  120.898939][ T6676] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  120.898949][ T6676] RBP: 00007f41515f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  120.898959][ T6676] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  120.898968][ T6676] R13: 0000000000000000 R14: 00007f4151745fa0 R15: 00007fff451d8b48
[  120.898985][ T6676]  </TASK>
[  120.898995][ T6676] BUG: Bad page state in process syz.0.16  pfn:62957
[  121.355071][ T6676] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x62957
[  121.364067][ T6676] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  121.371241][ T6676] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  121.379923][ T6676] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  121.388571][ T6676] page dumped because: page_pool leak
[  121.393980][ T6676] page_owner tracks the page as allocated
[  121.399684][ T6676] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6676, tgid 6675 (syz.0.16), ts 120655685801, free_ts 106702524197
[  121.416655][ T6676]  post_alloc_hook+0x1f4/0x240
[  121.421451][ T6676]  get_page_from_freelist+0x3651/0x37a0
[  121.426994][ T6676]  __alloc_frozen_pages_noprof+0x292/0x710
[  121.432860][ T6676]  alloc_pages_bulk_noprof+0x847/0xae0
[  121.438351][ T6676]  __page_pool_alloc_pages_slow+0x11f/0x690
[  121.444299][ T6676]  skb_pp_cow_data+0xcc8/0x1720
[  121.449160][ T6676]  do_xdp_generic+0x505/0xd30
[  121.453912][ T6676]  __netif_receive_skb_core+0x1be5/0x4540
[  121.459717][ T6676]  __netif_receive_skb+0x12f/0x650
[  121.464897][ T6676]  netif_receive_skb+0x1e8/0x890
[  121.469973][ T6676]  tun_rx_batched+0x1b7/0x8f0
[  121.474969][ T6676]  tun_get_user+0x30cd/0x48a0
[  121.479670][ T6676]  tun_chr_write_iter+0x10d/0x1f0
[  121.484771][ T6676]  vfs_write+0xacf/0xd10
[  121.489035][ T6676]  ksys_write+0x18f/0x2b0
[  121.493447][ T6676]  do_syscall_64+0xf3/0x230
[  121.497962][ T6676] page last free pid 6303 tgid 6303 stack trace:
[  121.504462][ T6676]  free_frozen_pages+0xe04/0x10e0
[  121.509497][ T6676]  vfree+0x1c3/0x360
[  121.513535][ T6676]  kcov_close+0x28/0x50
[  121.517716][ T6676]  __fput+0x3e9/0x9f0
[  121.521805][ T6676]  task_work_run+0x24f/0x310
[  121.526403][ T6676]  do_exit+0xa2a/0x28e0
[  121.530722][ T6676]  do_group_exit+0x207/0x2c0
[  121.535375][ T6676]  get_signal+0x168c/0x1720
[  121.539883][ T6676]  arch_do_signal_or_restart+0x96/0x860
[  121.545721][ T6676]  syscall_exit_to_user_mode+0xce/0x340
[  121.551301][ T6676]  do_syscall_64+0x100/0x230
[  121.555876][ T6676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.561818][ T6676] Modules linked in:
[  121.565722][ T6676] CPU: 0 UID: 0 PID: 6676 Comm: syz.0.16 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  121.565744][ T6676] Tainted: [B]=BAD_PAGE
[  121.565748][ T6676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  121.565755][ T6676] Call Trace:
[  121.565762][ T6676]  <TASK>
[  121.565767][ T6676]  dump_stack_lvl+0x241/0x360
[  121.565784][ T6676]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.565796][ T6676]  ? __pfx_print_modules+0x10/0x10
[  121.565817][ T6676]  bad_page+0x176/0x1d0
[  121.565836][ T6676]  free_frozen_pages+0x1079/0x10e0
[  121.565853][ T6676]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  121.565873][ T6676]  bpf_xdp_adjust_tail+0x1c6/0x210
[  121.565892][ T6676]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  121.565903][ T6676]  bpf_prog_run_generic_xdp+0x686/0x1510
[  121.565928][ T6676]  do_xdp_generic+0x757/0xd30
[  121.565946][ T6676]  ? __pfx_do_xdp_generic+0x10/0x10
[  121.565960][ T6676]  ? rcu_is_watching+0x15/0xb0
[  121.565979][ T6676]  ? cgroup_rstat_updated+0x13b/0xc30
[  121.565995][ T6676]  __netif_receive_skb_core+0x1be5/0x4540
[  121.566021][ T6676]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  121.566039][ T6676]  ? __pfx___skb_flow_dissect+0x10/0x10
[  121.566052][ T6676]  ? rcu_is_watching+0x15/0xb0
[  121.566064][ T6676]  ? lock_release+0xbf/0xa30
[  121.566080][ T6676]  ? __pfx_count_memcg_event_mm+0x10/0x10
[  121.566097][ T6676]  ? __up_read+0x2c2/0x6b0
[  121.566111][ T6676]  ? rcu_is_watching+0x15/0xb0
[  121.566129][ T6676]  __netif_receive_skb+0x12f/0x650
[  121.566146][ T6676]  ? __pfx_lock_acquire+0x10/0x10
[  121.566162][ T6676]  ? __pfx___netif_receive_skb+0x10/0x10
[  121.566180][ T6676]  ? tun_rx_batched+0x160/0x8f0
[  121.566194][ T6676]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  121.566210][ T6676]  ? _copy_from_iter+0x161/0x1c40
[  121.566225][ T6676]  ? netif_receive_skb+0x131/0x890
[  121.566240][ T6676]  netif_receive_skb+0x1e8/0x890
[  121.566256][ T6676]  ? tun_rx_batched+0x160/0x8f0
[  121.566269][ T6676]  ? __pfx_netif_receive_skb+0x10/0x10
[  121.566284][ T6676]  ? __pfx_lock_release+0x10/0x10
[  121.566302][ T6676]  ? tun_rx_batched+0x160/0x8f0
[  121.566315][ T6676]  tun_rx_batched+0x1b7/0x8f0
[  121.566329][ T6676]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  121.566346][ T6676]  ? __pfx_lock_acquire+0x10/0x10
[  121.566361][ T6676]  ? rcu_is_watching+0x15/0xb0
[  121.566373][ T6676]  ? __pfx_tun_rx_batched+0x10/0x10
[  121.566393][ T6676]  tun_get_user+0x30cd/0x48a0
[  121.566406][ T6676]  ? tun_get_user+0x2bbb/0x48a0
[  121.566422][ T6676]  ? schedule+0x90/0x320
[  121.566439][ T6676]  ? schedule+0x90/0x320
[  121.566453][ T6676]  ? schedule+0x155/0x320
[  121.566469][ T6676]  ? futex_wait_queue+0x27/0x1e0
[  121.566486][ T6676]  ? futex_wait_queue+0x159/0x1e0
[  121.566502][ T6676]  ? __pfx_tun_get_user+0x10/0x10
[  121.566515][ T6676]  ? __futex_wait+0x287/0x320
[  121.566533][ T6676]  ? tun_get+0x1e/0x2f0
[  121.566544][ T6676]  ? rcu_is_watching+0x15/0xb0
[  121.566556][ T6676]  ? tun_get+0x1e/0x2f0
[  121.566568][ T6676]  ? lock_release+0xbf/0xa30
[  121.566585][ T6676]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  121.566598][ T6676]  ? __pfx_lock_release+0x10/0x10
[  121.566619][ T6676]  ? tun_get+0x1e/0x2f0
[  121.566630][ T6676]  ? tun_get+0x27d/0x2f0
[  121.566643][ T6676]  tun_chr_write_iter+0x10d/0x1f0
[  121.566657][ T6676]  vfs_write+0xacf/0xd10
[  121.566674][ T6676]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  121.566688][ T6676]  ? __pfx_vfs_write+0x10/0x10
[  121.566704][ T6676]  ? __fget_files+0x2a/0x410
[  121.566718][ T6676]  ? __fget_files+0x2a/0x410
[  121.566736][ T6676]  ksys_write+0x18f/0x2b0
[  121.566753][ T6676]  ? __pfx_ksys_write+0x10/0x10
[  121.566768][ T6676]  ? rcu_is_watching+0x15/0xb0
[  121.566780][ T6676]  ? rcu_is_watching+0x15/0xb0
[  121.566793][ T6676]  do_syscall_64+0xf3/0x230
[  121.566806][ T6676]  ? clear_bhb_loop+0x35/0x90
[  121.566824][ T6676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.566840][ T6676] RIP: 0033:0x7f415157e98f
[  121.566851][ T6676] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  121.566862][ T6676] RSP: 002b:00007f41522b4020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  121.566875][ T6676] RAX: ffffffffffffffda RBX: 00007f4151745fa0 RCX: 00007f415157e98f
[  121.566885][ T6676] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  121.566893][ T6676] RBP: 00007f41515f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  121.566901][ T6676] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  121.566908][ T6676] R13: 0000000000000000 R14: 00007f4151745fa0 R15: 00007fff451d8b48
[  121.566921][ T6676]  </TASK>
[  121.566932][ T6676] BUG: Bad page state in process syz.0.16  pfn:62956
[  122.023997][ T6676] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x62956
[  122.032816][ T6676] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  122.039944][ T6676] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  122.048611][ T6676] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  122.057250][ T6676] page dumped because: page_pool leak
[  122.062646][ T6676] page_owner tracks the page as allocated
[  122.068473][ T6676] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6676, tgid 6675 (syz.0.16), ts 120655677031, free_ts 106702514907
[  122.085359][ T6676]  post_alloc_hook+0x1f4/0x240
[  122.090167][ T6676]  get_page_from_freelist+0x3651/0x37a0
[  122.095774][ T6676]  __alloc_frozen_pages_noprof+0x292/0x710
[  122.101624][ T6676]  alloc_pages_bulk_noprof+0x847/0xae0
[  122.107102][ T6676]  __page_pool_alloc_pages_slow+0x11f/0x690
[  122.113118][ T6676]  skb_pp_cow_data+0xcc8/0x1720
[  122.117986][ T6676]  do_xdp_generic+0x505/0xd30
[  122.122717][ T6676]  __netif_receive_skb_core+0x1be5/0x4540
[  122.128446][ T6676]  __netif_receive_skb+0x12f/0x650
[  122.133595][ T6676]  netif_receive_skb+0x1e8/0x890
[  122.138536][ T6676]  tun_rx_batched+0x1b7/0x8f0
[  122.143259][ T6676]  tun_get_user+0x30cd/0x48a0
[  122.148025][ T6676]  tun_chr_write_iter+0x10d/0x1f0
[  122.153222][ T6676]  vfs_write+0xacf/0xd10
[  122.157574][ T6676]  ksys_write+0x18f/0x2b0
[  122.161972][ T6676]  do_syscall_64+0xf3/0x230
[  122.166839][ T6676] page last free pid 6303 tgid 6303 stack trace:
[  122.173195][ T6676]  free_frozen_pages+0xe04/0x10e0
[  122.178224][ T6676]  vfree+0x1c3/0x360
[  122.182174][ T6676]  kcov_close+0x28/0x50
[  122.186335][ T6676]  __fput+0x3e9/0x9f0
[  122.190318][ T6676]  task_work_run+0x24f/0x310
[  122.194934][ T6676]  do_exit+0xa2a/0x28e0
[  122.199143][ T6676]  do_group_exit+0x207/0x2c0
[  122.203767][ T6676]  get_signal+0x168c/0x1720
[  122.208271][ T6676]  arch_do_signal_or_restart+0x96/0x860
[  122.213896][ T6676]  syscall_exit_to_user_mode+0xce/0x340
[  122.219487][ T6676]  do_syscall_64+0x100/0x230
[  122.224178][ T6676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.230101][ T6676] Modules linked in:
[  122.234036][ T6676] CPU: 0 UID: 0 PID: 6676 Comm: syz.0.16 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  122.234058][ T6676] Tainted: [B]=BAD_PAGE
[  122.234063][ T6676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  122.234073][ T6676] Call Trace:
[  122.234081][ T6676]  <TASK>
[  122.234088][ T6676]  dump_stack_lvl+0x241/0x360
[  122.234115][ T6676]  ? __pfx_dump_stack_lvl+0x10/0x10
[  122.234128][ T6676]  ? __pfx_print_modules+0x10/0x10
[  122.234151][ T6676]  bad_page+0x176/0x1d0
[  122.234170][ T6676]  free_frozen_pages+0x1079/0x10e0
[  122.234190][ T6676]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  122.234211][ T6676]  bpf_xdp_adjust_tail+0x1c6/0x210
[  122.234231][ T6676]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  122.234243][ T6676]  bpf_prog_run_generic_xdp+0x686/0x1510
[  122.234272][ T6676]  do_xdp_generic+0x757/0xd30
[  122.234293][ T6676]  ? __pfx_do_xdp_generic+0x10/0x10
[  122.234311][ T6676]  ? rcu_is_watching+0x15/0xb0
[  122.234333][ T6676]  ? cgroup_rstat_updated+0x13b/0xc30
[  122.234353][ T6676]  __netif_receive_skb_core+0x1be5/0x4540
[  122.234380][ T6676]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  122.234402][ T6676]  ? __pfx___skb_flow_dissect+0x10/0x10
[  122.234418][ T6676]  ? rcu_is_watching+0x15/0xb0
[  122.234433][ T6676]  ? lock_release+0xbf/0xa30
[  122.234453][ T6676]  ? __pfx_count_memcg_event_mm+0x10/0x10
[  122.234472][ T6676]  ? __up_read+0x2c2/0x6b0
[  122.234490][ T6676]  ? rcu_is_watching+0x15/0xb0
[  122.234506][ T6676]  __netif_receive_skb+0x12f/0x650
[  122.234527][ T6676]  ? __pfx_lock_acquire+0x10/0x10
[  122.234546][ T6676]  ? __pfx___netif_receive_skb+0x10/0x10
[  122.234568][ T6676]  ? tun_rx_batched+0x160/0x8f0
[  122.234585][ T6676]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  122.234605][ T6676]  ? _copy_from_iter+0x161/0x1c40
[  122.234624][ T6676]  ? netif_receive_skb+0x131/0x890
[  122.234643][ T6676]  netif_receive_skb+0x1e8/0x890
[  122.234662][ T6676]  ? tun_rx_batched+0x160/0x8f0
[  122.234679][ T6676]  ? __pfx_netif_receive_skb+0x10/0x10
[  122.234697][ T6676]  ? __pfx_lock_release+0x10/0x10
[  122.234719][ T6676]  ? tun_rx_batched+0x160/0x8f0
[  122.234736][ T6676]  tun_rx_batched+0x1b7/0x8f0
[  122.234753][ T6676]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  122.234776][ T6676]  ? __pfx_lock_acquire+0x10/0x10
[  122.234795][ T6676]  ? rcu_is_watching+0x15/0xb0
[  122.234811][ T6676]  ? __pfx_tun_rx_batched+0x10/0x10
[  122.234836][ T6676]  tun_get_user+0x30cd/0x48a0
[  122.234852][ T6676]  ? tun_get_user+0x2bbb/0x48a0
[  122.234872][ T6676]  ? schedule+0x90/0x320
[  122.234892][ T6676]  ? schedule+0x90/0x320
[  122.234911][ T6676]  ? schedule+0x155/0x320
[  122.234929][ T6676]  ? futex_wait_queue+0x27/0x1e0
[  122.234950][ T6676]  ? futex_wait_queue+0x159/0x1e0
[  122.234976][ T6676]  ? __pfx_tun_get_user+0x10/0x10
[  122.234993][ T6676]  ? __futex_wait+0x287/0x320
[  122.235014][ T6676]  ? tun_get+0x1e/0x2f0
[  122.235028][ T6676]  ? rcu_is_watching+0x15/0xb0
[  122.235043][ T6676]  ? tun_get+0x1e/0x2f0
[  122.235058][ T6676]  ? lock_release+0xbf/0xa30
[  122.235078][ T6676]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  122.235091][ T6676]  ? __pfx_lock_release+0x10/0x10
[  122.235126][ T6676]  ? tun_get+0x1e/0x2f0
[  122.235141][ T6676]  ? tun_get+0x27d/0x2f0
[  122.235157][ T6676]  tun_chr_write_iter+0x10d/0x1f0
[  122.235174][ T6676]  vfs_write+0xacf/0xd10
[  122.235194][ T6676]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  122.235211][ T6676]  ? __pfx_vfs_write+0x10/0x10
[  122.235230][ T6676]  ? __fget_files+0x2a/0x410
[  122.235247][ T6676]  ? __fget_files+0x2a/0x410
[  122.235266][ T6676]  ksys_write+0x18f/0x2b0
[  122.235286][ T6676]  ? __pfx_ksys_write+0x10/0x10
[  122.235304][ T6676]  ? rcu_is_watching+0x15/0xb0
[  122.235320][ T6676]  ? rcu_is_watching+0x15/0xb0
[  122.235336][ T6676]  do_syscall_64+0xf3/0x230
[  122.235352][ T6676]  ? clear_bhb_loop+0x35/0x90
[  122.235374][ T6676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.235395][ T6676] RIP: 0033:0x7f415157e98f
[  122.235409][ T6676] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  122.235421][ T6676] RSP: 002b:00007f41522b4020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  122.235438][ T6676] RAX: ffffffffffffffda RBX: 00007f4151745fa0 RCX: 00007f415157e98f
[  122.235449][ T6676] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  122.235459][ T6676] RBP: 00007f41515f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  122.235468][ T6676] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  122.235478][ T6676] R13: 0000000000000000 R14: 00007f4151745fa0 R15: 00007fff451d8b48
[  122.235494][ T6676]  </TASK>
[  122.235504][ T6676] BUG: Bad page state in process syz.0.16  pfn:25eaf
[  122.661132][ T5132] Bluetooth: hci0: command tx timeout
[  122.663350][ T6676] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25eaf
[  122.703139][ T6676] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  122.710259][ T6676] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  122.718886][ T6676] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  122.727510][ T6676] page dumped because: page_pool leak
[  122.732942][ T6676] page_owner tracks the page as allocated
[  122.738710][ T6676] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6676, tgid 6675 (syz.0.16), ts 120655668430, free_ts 113793280265
[  122.755688][ T6676]  post_alloc_hook+0x1f4/0x240
[  122.760568][ T6676]  get_page_from_freelist+0x3651/0x37a0
[  122.766192][ T6676]  __alloc_frozen_pages_noprof+0x292/0x710
[  122.772153][ T6676]  alloc_pages_bulk_noprof+0x847/0xae0
[  122.777622][ T6676]  __page_pool_alloc_pages_slow+0x11f/0x690
[  122.783659][ T6676]  skb_pp_cow_data+0xcc8/0x1720
[  122.788961][ T6676]  do_xdp_generic+0x505/0xd30
[  122.793681][ T6676]  __netif_receive_skb_core+0x1be5/0x4540
[  122.799433][ T6676]  __netif_receive_skb+0x12f/0x650
[  122.804595][ T6676]  netif_receive_skb+0x1e8/0x890
[  122.809632][ T6676]  tun_rx_batched+0x1b7/0x8f0
[  122.814367][ T6676]  tun_get_user+0x30cd/0x48a0
[  122.819098][ T6676]  tun_chr_write_iter+0x10d/0x1f0
[  122.824319][ T6676]  vfs_write+0xacf/0xd10
[  122.828586][ T6676]  ksys_write+0x18f/0x2b0
[  122.832941][ T6676]  do_syscall_64+0xf3/0x230
[  122.837447][ T6676] page last free pid 17 tgid 17 stack trace:
[  122.843453][ T6676]  free_frozen_pages+0xe04/0x10e0
[  122.848506][ T6676]  __tlb_remove_table+0x33c/0x420
[  122.853664][ T6676]  tlb_remove_table_rcu+0x76/0xf0
[  122.858698][ T6676]  rcu_core+0xaaa/0x17a0
[  122.862975][ T6676]  handle_softirqs+0x2d4/0x9b0
[  122.867750][ T6676]  run_ksoftirqd+0xca/0x130
[  122.872294][ T6676]  smpboot_thread_fn+0x544/0xa30
[  122.877256][ T6676]  kthread+0x7a9/0x920
[  122.881354][ T6676]  ret_from_fork+0x4b/0x80
[  122.885780][ T6676]  ret_from_fork_asm+0x1a/0x30
[  122.890545][ T6676] Modules linked in:
[  122.894561][ T6676] CPU: 0 UID: 0 PID: 6676 Comm: syz.0.16 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  122.894582][ T6676] Tainted: [B]=BAD_PAGE
[  122.894588][ T6676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  122.894597][ T6676] Call Trace:
[  122.894606][ T6676]  <TASK>
[  122.894614][ T6676]  dump_stack_lvl+0x241/0x360
[  122.894634][ T6676]  ? __pfx_dump_stack_lvl+0x10/0x10
[  122.894646][ T6676]  ? __pfx_print_modules+0x10/0x10
[  122.894666][ T6676]  bad_page+0x176/0x1d0
[  122.894686][ T6676]  free_frozen_pages+0x1079/0x10e0
[  122.894705][ T6676]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  122.894725][ T6676]  bpf_xdp_adjust_tail+0x1c6/0x210
[  122.894747][ T6676]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  122.894759][ T6676]  bpf_prog_run_generic_xdp+0x686/0x1510
[  122.894784][ T6676]  do_xdp_generic+0x757/0xd30
[  122.894805][ T6676]  ? __pfx_do_xdp_generic+0x10/0x10
[  122.894822][ T6676]  ? rcu_is_watching+0x15/0xb0
[  122.894845][ T6676]  ? cgroup_rstat_updated+0x13b/0xc30
[  122.894864][ T6676]  __netif_receive_skb_core+0x1be5/0x4540
[  122.894896][ T6676]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  122.894919][ T6676]  ? __pfx___skb_flow_dissect+0x10/0x10
[  122.894935][ T6676]  ? rcu_is_watching+0x15/0xb0
[  122.894950][ T6676]  ? lock_release+0xbf/0xa30
[  122.894969][ T6676]  ? __pfx_count_memcg_event_mm+0x10/0x10
[  122.894989][ T6676]  ? __up_read+0x2c2/0x6b0
[  122.895006][ T6676]  ? rcu_is_watching+0x15/0xb0
[  122.895022][ T6676]  __netif_receive_skb+0x12f/0x650
[  122.895053][ T6676]  ? __pfx_lock_acquire+0x10/0x10
[  122.895074][ T6676]  ? __pfx___netif_receive_skb+0x10/0x10
[  122.895095][ T6676]  ? tun_rx_batched+0x160/0x8f0
[  122.895112][ T6676]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  122.895132][ T6676]  ? _copy_from_iter+0x161/0x1c40
[  122.895151][ T6676]  ? netif_receive_skb+0x131/0x890
[  122.895170][ T6676]  netif_receive_skb+0x1e8/0x890
[  122.895187][ T6676]  ? tun_rx_batched+0x160/0x8f0
[  122.895202][ T6676]  ? __pfx_netif_receive_skb+0x10/0x10
[  122.895220][ T6676]  ? __pfx_lock_release+0x10/0x10
[  122.895242][ T6676]  ? tun_rx_batched+0x160/0x8f0
[  122.895258][ T6676]  tun_rx_batched+0x1b7/0x8f0
[  122.895275][ T6676]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  122.895295][ T6676]  ? __pfx_lock_acquire+0x10/0x10
[  122.895314][ T6676]  ? rcu_is_watching+0x15/0xb0
[  122.895329][ T6676]  ? __pfx_tun_rx_batched+0x10/0x10
[  122.895354][ T6676]  tun_get_user+0x30cd/0x48a0
[  122.895372][ T6676]  ? tun_get_user+0x2bbb/0x48a0
[  122.895393][ T6676]  ? schedule+0x90/0x320
[  122.895414][ T6676]  ? schedule+0x90/0x320
[  122.895432][ T6676]  ? schedule+0x155/0x320
[  122.895450][ T6676]  ? futex_wait_queue+0x27/0x1e0
[  122.895470][ T6676]  ? futex_wait_queue+0x159/0x1e0
[  122.895491][ T6676]  ? __pfx_tun_get_user+0x10/0x10
[  122.895507][ T6676]  ? __futex_wait+0x287/0x320
[  122.895528][ T6676]  ? tun_get+0x1e/0x2f0
[  122.895541][ T6676]  ? rcu_is_watching+0x15/0xb0
[  122.895555][ T6676]  ? tun_get+0x1e/0x2f0
[  122.895570][ T6676]  ? lock_release+0xbf/0xa30
[  122.895590][ T6676]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  122.895606][ T6676]  ? __pfx_lock_release+0x10/0x10
[  122.895630][ T6676]  ? tun_get+0x1e/0x2f0
[  122.895642][ T6676]  ? tun_get+0x27d/0x2f0
[  122.895658][ T6676]  tun_chr_write_iter+0x10d/0x1f0
[  122.895675][ T6676]  vfs_write+0xacf/0xd10
[  122.895696][ T6676]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  122.895713][ T6676]  ? __pfx_vfs_write+0x10/0x10
[  122.895732][ T6676]  ? __fget_files+0x2a/0x410
[  122.895749][ T6676]  ? __fget_files+0x2a/0x410
[  122.895768][ T6676]  ksys_write+0x18f/0x2b0
[  122.895788][ T6676]  ? __pfx_ksys_write+0x10/0x10
[  122.895806][ T6676]  ? rcu_is_watching+0x15/0xb0
[  122.895822][ T6676]  ? rcu_is_watching+0x15/0xb0
[  122.895838][ T6676]  do_syscall_64+0xf3/0x230
[  122.895853][ T6676]  ? clear_bhb_loop+0x35/0x90
[  122.895878][ T6676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.895899][ T6676] RIP: 0033:0x7f415157e98f
[  122.895913][ T6676] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  122.895927][ T6676] RSP: 002b:00007f41522b4020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  122.895944][ T6676] RAX: ffffffffffffffda RBX: 00007f4151745fa0 RCX: 00007f415157e98f
[  122.895956][ T6676] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  122.895967][ T6676] RBP: 00007f41515f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  122.895977][ T6676] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  122.895988][ T6676] R13: 0000000000000000 R14: 00007f4151745fa0 R15: 00007fff451d8b48
[  122.896005][ T6676]  </TASK>
[  122.896015][ T6676] BUG: Bad page state in process syz.0.16  pfn:25eae
[  123.353552][ T6676] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25eae
[  123.362380][ T6676] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  123.369598][ T6676] raw: 00fff00000000000 dead000000000040 ffff888022ad8000 0000000000000000
[  123.378269][ T6676] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  123.387175][ T6676] page dumped because: page_pool leak
[  123.392960][ T6676] page_owner tracks the page as allocated
[  123.398693][ T6676] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6676, tgid 6675 (syz.0.16), ts 120655659599, free_ts 113784144435
[  123.415756][ T6676]  post_alloc_hook+0x1f4/0x240
[  123.420537][ T6676]  get_page_from_freelist+0x3651/0x37a0
[  123.426151][ T6676]  __alloc_frozen_pages_noprof+0x292/0x710
[  123.432017][ T6676]  alloc_pages_bulk_noprof+0x847/0xae0
[  123.437506][ T6676]  __page_pool_alloc_pages_slow+0x11f/0x690
[  123.443916][ T6676]  skb_pp_cow_data+0xcc8/0x1720
[  123.448875][ T6676]  do_xdp_generic+0x505/0xd30
[  123.453626][ T6676]  __netif_receive_skb_core+0x1be5/0x4540
[  123.459479][ T6676]  __netif_receive_skb+0x12f/0x650
[  123.464919][ T6676]  netif_receive_skb+0x1e8/0x890
[  123.470847][ T6676]  tun_rx_batched+0x1b7/0x8f0
[  123.475662][ T6676]  tun_get_user+0x30cd/0x48a0
[  123.480411][ T6676]  tun_chr_write_iter+0x10d/0x1f0
[  123.485511][ T6676]  vfs_write+0xacf/0xd10
[  123.489892][ T6676]  ksys_write+0x18f/0x2b0
[  123.494441][ T6676]  do_syscall_64+0xf3/0x230
[  123.498953][ T6676] page last free pid 6375 tgid 6375 stack trace:
[  123.505443][ T6676]  free_frozen_pages+0xe04/0x10e0
[  123.510554][ T6676]  rcu_core+0xaaa/0x17a0
[  123.514907][ T6676]  handle_softirqs+0x2d4/0x9b0
[  123.519727][ T6676]  do_softirq+0x11b/0x1e0
[  123.524232][ T6676]  __local_bh_enable_ip+0x1bb/0x200
[  123.529976][ T6676]  __dev_queue_xmit+0x1775/0x3f50
[  123.535148][ T6676]  __netlink_deliver_tap+0x561/0x7f0
[  123.540541][ T6676]  netlink_deliver_tap+0x19d/0x1b0
[  123.545748][ T6676]  netlink_sendskb+0x68/0x140
[  123.550451][ T6676]  netlink_unicast+0x39d/0x990
[  123.555297][ T6676]  netlink_rcv_skb+0x294/0x480
[  123.560076][ T6676]  genl_rcv+0x28/0x40
[  123.564116][ T6676]  netlink_unicast+0x7f6/0x990
[  123.568901][ T6676]  netlink_sendmsg+0x8de/0xcb0
[  123.573704][ T6676]  __sock_sendmsg+0x221/0x270
[  123.578393][ T6676]  __sys_sendto+0x363/0x4c0
[  123.582935][ T6676] Modules linked in:
[  123.586838][ T6676] CPU: 0 UID: 0 PID: 6676 Comm: syz.0.16 Tainted: G    B              6.14.0-rc6-syzkaller-gb7f94fcf5546 #0
[  123.586854][ T6676] Tainted: [B]=BAD_PAGE
[  123.586857][ T6676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  123.586864][ T6676] Call Trace:
[  123.586869][ T6676]  <TASK>
[  123.586874][ T6676]  dump_stack_lvl+0x241/0x360
[  123.586889][ T6676]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.586898][ T6676]  ? __pfx_print_modules+0x10/0x10
[  123.586913][ T6676]  bad_page+0x176/0x1d0
[  123.586926][ T6676]  free_frozen_pages+0x1079/0x10e0
[  123.586945][ T6676]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[  123.586959][ T6676]  bpf_xdp_adjust_tail+0x1c6/0x210
[  123.586974][ T6676]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  123.586982][ T6676]  bpf_prog_run_generic_xdp+0x686/0x1510
[  123.586999][ T6676]  do_xdp_generic+0x757/0xd30
[  123.587011][ T6676]  ? __pfx_do_xdp_generic+0x10/0x10
[  123.587021][ T6676]  ? rcu_is_watching+0x15/0xb0
[  123.587035][ T6676]  ? cgroup_rstat_updated+0x13b/0xc30
[  123.587046][ T6676]  __netif_receive_skb_core+0x1be5/0x4540
[  123.587069][ T6676]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  123.587083][ T6676]  ? __pfx___skb_flow_dissect+0x10/0x10
[  123.587092][ T6676]  ? rcu_is_watching+0x15/0xb0
[  123.587101][ T6676]  ? lock_release+0xbf/0xa30
[  123.587113][ T6676]  ? __pfx_count_memcg_event_mm+0x10/0x10
[  123.587128][ T6676]  ? __up_read+0x2c2/0x6b0
[  123.587138][ T6676]  ? rcu_is_watching+0x15/0xb0
[  123.587147][ T6676]  __netif_receive_skb+0x12f/0x650
[  123.587159][ T6676]  ? __pfx_lock_acquire+0x10/0x10
[  123.587170][ T6676]  ? __pfx___netif_receive_skb+0x10/0x10
[  123.587182][ T6676]  ? tun_rx_batched+0x160/0x8f0
[  123.587197][ T6676]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  123.587209][ T6676]  ? _copy_from_iter+0x161/0x1c40
[  123.587221][ T6676]  ? netif_receive_skb+0x131/0x890
[  123.587232][ T6676]  netif_receive_skb+0x1e8/0x890
[  123.587243][ T6676]  ? tun_rx_batched+0x160/0x8f0
[  123.587252][ T6676]  ? __pfx_netif_receive_skb+0x10/0x10
[  123.587263][ T6676]  ? __pfx_lock_release+0x10/0x10
[  123.587276][ T6676]  ? tun_rx_batched+0x160/0x8f0
[  123.587285][ T6676]  tun_rx_batched+0x1b7/0x8f0
[  123.587295][ T6676]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  123.587307][ T6676]  ? __pfx_lock_acquire+0x10/0x10
[  123.587318][ T6676]  ? rcu_is_watching+0x15/0xb0
[  123.587326][ T6676]  ? __pfx_tun_rx_batched+0x10/0x10
[  123.587339][ T6676]  tun_get_user+0x30cd/0x48a0
[  123.587349][ T6676]  ? tun_get_user+0x2bbb/0x48a0
[  123.587360][ T6676]  ? schedule+0x90/0x320
[  123.587372][ T6676]  ? schedule+0x90/0x320
[  123.587382][ T6676]  ? schedule+0x155/0x320
[  123.587393][ T6676]  ? futex_wait_queue+0x27/0x1e0
[  123.587405][ T6676]  ? futex_wait_queue+0x159/0x1e0
[  123.587417][ T6676]  ? __pfx_tun_get_user+0x10/0x10
[  123.587426][ T6676]  ? __futex_wait+0x287/0x320
[  123.587439][ T6676]  ? tun_get+0x1e/0x2f0
[  123.587447][ T6676]  ? rcu_is_watching+0x15/0xb0