Warning: Permanently added '10.128.15.193' (ED25519) to the list of known hosts.
2025/05/22 22:35:07 ignoring optional flag "sandboxArg"="0"
2025/05/22 22:35:08 parsed 1 programs
[ 115.026500][ T6244] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 118.395443][ T6274] chnl_net:caif_netlink_parms(): no params data found
[ 118.471039][ T6274] bridge0: port 1(bridge_slave_0) entered blocking state
[ 118.478946][ T6274] bridge0: port 1(bridge_slave_0) entered disabled state
[ 118.486339][ T6274] bridge_slave_0: entered allmulticast mode
[ 118.493626][ T6274] bridge_slave_0: entered promiscuous mode
[ 118.502273][ T6274] bridge0: port 2(bridge_slave_1) entered blocking state
[ 118.509581][ T6274] bridge0: port 2(bridge_slave_1) entered disabled state
[ 118.516879][ T6274] bridge_slave_1: entered allmulticast mode
[ 118.523983][ T6274] bridge_slave_1: entered promiscuous mode
[ 118.556370][ T6274] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 118.570965][ T6274] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 118.602730][ T6274] team0: Port device team_slave_0 added
[ 118.610569][ T6274] team0: Port device team_slave_1 added
[ 118.636332][ T6274] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 118.644005][ T6274] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 118.670219][ T6274] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 118.683104][ T6274] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 118.690131][ T6274] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 118.716936][ T6274] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 118.755314][ T6274] hsr_slave_0: entered promiscuous mode
[ 118.762472][ T6274] hsr_slave_1: entered promiscuous mode
[ 119.363683][ T6274] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 119.378244][ T6274] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 119.389410][ T6274] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 119.400499][ T6274] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 119.510275][ T6274] 8021q: adding VLAN 0 to HW filter on device bond0
[ 119.538460][ T6274] 8021q: adding VLAN 0 to HW filter on device team0
[ 119.554335][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 119.561552][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 119.592039][ T154] bridge0: port 2(bridge_slave_1) entered blocking state
[ 119.599345][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 119.849510][ T6274] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 119.904158][ T6274] veth0_vlan: entered promiscuous mode
[ 119.923988][ T6274] veth1_vlan: entered promiscuous mode
[ 119.966023][ T6274] veth0_macvtap: entered promiscuous mode
[ 119.981907][ T6274] veth1_macvtap: entered promiscuous mode
[ 120.006473][ T6274] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 120.023294][ T6274] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 120.038867][ T6274] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.049103][ T6274] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.060797][ T6274] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.070179][ T6274] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.268074][ T53] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 120.345298][ T53] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 120.432805][ T53] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 120.588929][ T53] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 122.468209][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.479071][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.518375][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.526263][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.697544][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 122.708525][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 122.718956][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 122.728251][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 122.737854][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 122.827640][ T53] bridge_slave_1: left allmulticast mode
[ 122.833337][ T53] bridge_slave_1: left promiscuous mode
[ 122.849381][ T53] bridge0: port 2(bridge_slave_1) entered disabled state
[ 122.862651][ T53] bridge_slave_0: left allmulticast mode
[ 122.869518][ T53] bridge_slave_0: left promiscuous mode
[ 122.875415][ T53] bridge0: port 1(bridge_slave_0) entered disabled state
[ 123.183523][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 123.202377][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 123.213745][ T53] bond0 (unregistering): Released all slaves
[ 123.328741][ T53] hsr_slave_0: left promiscuous mode
[ 123.336114][ T53] hsr_slave_1: left promiscuous mode
[ 123.348333][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 123.358158][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 123.377373][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 123.385142][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 123.455304][ T53] veth1_macvtap: left promiscuous mode
[ 123.466330][ T53] veth0_macvtap: left promiscuous mode
[ 123.476212][ T53] veth1_vlan: left promiscuous mode
[ 123.481635][ T53] veth0_vlan: left promiscuous mode
[ 123.939523][ T53] team0 (unregistering): Port device team_slave_1 removed
[ 123.968300][ T53] team0 (unregistering): Port device team_slave_0 removed
2025/05/22 22:35:22 executed programs: 0
[ 125.420495][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 125.429342][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 125.441303][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 125.454575][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 125.462391][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 125.852586][ T6468] chnl_net:caif_netlink_parms(): no params data found
[ 126.105614][ T6468] bridge0: port 1(bridge_slave_0) entered blocking state
[ 126.112908][ T6468] bridge0: port 1(bridge_slave_0) entered disabled state
[ 126.120653][ T6468] bridge_slave_0: entered allmulticast mode
[ 126.128340][ T6468] bridge_slave_0: entered promiscuous mode
[ 126.141774][ T6468] bridge0: port 2(bridge_slave_1) entered blocking state
[ 126.149163][ T6468] bridge0: port 2(bridge_slave_1) entered disabled state
[ 126.157815][ T6468] bridge_slave_1: entered allmulticast mode
[ 126.165497][ T6468] bridge_slave_1: entered promiscuous mode
[ 126.230795][ T6468] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 126.255335][ T6468] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 126.330947][ T6468] team0: Port device team_slave_0 added
[ 126.345250][ T6468] team0: Port device team_slave_1 added
[ 126.389883][ T6468] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 126.397889][ T6468] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 126.426410][ T6468] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 126.440606][ T6468] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 126.447887][ T6468] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 126.475687][ T6468] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 126.543932][ T6468] hsr_slave_0: entered promiscuous mode
[ 126.557773][ T6468] hsr_slave_1: entered promiscuous mode
[ 127.095305][ T6468] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 127.107003][ T6468] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 127.119763][ T6468] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 127.135215][ T6468] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 127.235412][ T6468] 8021q: adding VLAN 0 to HW filter on device bond0
[ 127.271644][ T6468] 8021q: adding VLAN 0 to HW filter on device team0
[ 127.285330][ T4036] bridge0: port 1(bridge_slave_0) entered blocking state
[ 127.292585][ T4036] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 127.321862][ T4036] bridge0: port 2(bridge_slave_1) entered blocking state
[ 127.329181][ T4036] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 127.577872][ T5128] Bluetooth: hci0: command tx timeout
[ 127.595988][ T6468] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 127.660436][ T6468] veth0_vlan: entered promiscuous mode
[ 127.675153][ T6468] veth1_vlan: entered promiscuous mode
[ 127.715385][ T6468] veth0_macvtap: entered promiscuous mode
[ 127.729819][ T6468] veth1_macvtap: entered promiscuous mode
[ 127.756389][ T6468] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 127.774985][ T6468] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 127.791760][ T6468] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 127.803495][ T6468] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 127.814651][ T6468] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 127.825087][ T6468] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 127.915956][ T4036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 127.924992][ T4036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 127.973151][ T4036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 127.982384][ T4036] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 128.082426][ T6549] BUG: Bad page state in process syz.0.15 pfn:6f0dd
[ 128.089332][ T6549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x700000000 pfn:0x6f0dd
[ 128.098893][ T6549] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 128.106198][ T6549] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 128.115423][ T6549] raw: 0000000700000000 0000000000000001 00000000ffffffff 0000000000000000
[ 128.124078][ T6549] page dumped because: page_pool leak
[ 128.129724][ T6549] page_owner tracks the page as allocated
[ 128.135635][ T6549] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6549, tgid 6548 (syz.0.15), ts 128082283298, free_ts 124674542042
[ 128.152733][ T6549] post_alloc_hook+0x1d8/0x230
[ 128.157670][ T6549] get_page_from_freelist+0x21c7/0x22a0
[ 128.163255][ T6549] __alloc_frozen_pages_noprof+0x181/0x370
[ 128.169183][ T6549] alloc_pages_bulk_noprof+0x560/0x710
[ 128.174670][ T6549] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 128.180683][ T6549] skb_pp_cow_data+0xaf4/0x12f0
[ 128.185656][ T6549] do_xdp_generic+0x51a/0xd20
[ 128.190409][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 128.196162][ T6549] __netif_receive_skb+0x72/0x380
[ 128.201253][ T6549] netif_receive_skb+0x1cb/0x790
[ 128.206296][ T6549] tun_rx_batched+0x1b9/0x730
[ 128.211123][ T6549] tun_get_user+0x2879/0x3c20
[ 128.215833][ T6549] tun_chr_write_iter+0x113/0x200
[ 128.221105][ T6549] vfs_write+0x54b/0xa90
[ 128.225398][ T6549] ksys_write+0x145/0x250
[ 128.229810][ T6549] do_syscall_64+0xf6/0x210
[ 128.234426][ T6549] page last free pid 6431 tgid 6431 stack trace:
[ 128.240951][ T6549] __free_frozen_pages+0xb05/0xcd0
[ 128.246088][ T6549] vfree+0x1a6/0x330
[ 128.250292][ T6549] kcov_close+0x28/0x50
[ 128.254471][ T6549] __fput+0x449/0xa70
[ 128.258509][ T6549] task_work_run+0x1d4/0x260
[ 128.263126][ T6549] do_exit+0x8d6/0x2550
[ 128.267336][ T6549] do_group_exit+0x21c/0x2d0
[ 128.271965][ T6549] get_signal+0x125e/0x1310
[ 128.276496][ T6549] arch_do_signal_or_restart+0x95/0x780
[ 128.282112][ T6549] syscall_exit_to_user_mode+0x8b/0x120
[ 128.287722][ T6549] do_syscall_64+0x103/0x210
[ 128.292346][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 128.298306][ T6549] Modules linked in:
[ 128.302261][ T6549] CPU: 0 UID: 0 PID: 6549 Comm: syz.0.15 Not tainted 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full)
[ 128.302287][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 128.302303][ T6549] Call Trace:
[ 128.302310][ T6549]
[ 128.302321][ T6549] dump_stack_lvl+0x189/0x250
[ 128.302349][ T6549] ? __pfx_dump_stack_lvl+0x10/0x10
[ 128.302370][ T6549] ? __pfx_print_modules+0x10/0x10
[ 128.302400][ T6549] bad_page+0x15e/0x1a0
[ 128.302422][ T6549] __free_frozen_pages+0xc77/0xcd0
[ 128.302447][ T6549] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 128.302488][ T6549] bpf_xdp_adjust_tail+0x1d6/0x220
[ 128.302520][ T6549] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 128.302543][ T6549] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 128.302598][ T6549] do_xdp_generic+0x76e/0xd20
[ 128.302631][ T6549] ? __pfx_do_xdp_generic+0x10/0x10
[ 128.302651][ T6549] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 128.302706][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 128.302743][ T6549] ? __pfx___up_read+0x10/0x10
[ 128.302761][ T6549] ? do_user_addr_fault+0xbc1/0x1390
[ 128.302791][ T6549] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 128.302823][ T6549] ? __lock_acquire+0xaac/0xd20
[ 128.302849][ T6549] ? netif_receive_skb+0x115/0x790
[ 128.302865][ T6549] ? netif_receive_skb+0x115/0x790
[ 128.302885][ T6549] __netif_receive_skb+0x72/0x380
[ 128.302901][ T6549] ? rep_movs_alternative+0x4a/0x90
[ 128.302921][ T6549] ? netif_receive_skb+0x115/0x790
[ 128.302936][ T6549] netif_receive_skb+0x1cb/0x790
[ 128.302952][ T6549] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 128.302973][ T6549] ? _copy_from_iter+0x24c/0x15a0
[ 128.302993][ T6549] ? __pfx_netif_receive_skb+0x10/0x10
[ 128.303009][ T6549] ? sock_alloc_send_pskb+0x875/0x990
[ 128.303032][ T6549] ? __pfx__copy_from_iter+0x10/0x10
[ 128.303050][ T6549] ? tun_rx_batched+0x160/0x730
[ 128.303075][ T6549] tun_rx_batched+0x1b9/0x730
[ 128.303103][ T6549] ? __pfx_tun_rx_batched+0x10/0x10
[ 128.303129][ T6549] ? tun_get_user+0x2444/0x3c20
[ 128.303159][ T6549] ? tun_get_user+0x2444/0x3c20
[ 128.303180][ T6549] ? tun_get_user+0x2444/0x3c20
[ 128.303200][ T6549] tun_get_user+0x2879/0x3c20
[ 128.303241][ T6549] ? preempt_schedule+0xae/0xc0
[ 128.303261][ T6549] ? __pfx_tun_get_user+0x10/0x10
[ 128.303279][ T6549] ? preempt_schedule_common+0x83/0xd0
[ 128.303298][ T6549] ? preempt_schedule+0xae/0xc0
[ 128.303315][ T6549] ? __pfx_preempt_schedule+0x10/0x10
[ 128.303334][ T6549] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 128.303352][ T6549] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 128.303374][ T6549] ? ref_tracker_alloc+0x318/0x460
[ 128.303395][ T6549] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 128.303418][ T6549] ? tun_get+0x1c/0x2f0
[ 128.303446][ T6549] ? tun_get+0x1c/0x2f0
[ 128.303466][ T6549] ? tun_get+0x1c/0x2f0
[ 128.303491][ T6549] tun_chr_write_iter+0x113/0x200
[ 128.303515][ T6549] vfs_write+0x54b/0xa90
[ 128.303540][ T6549] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 128.303563][ T6549] ? __pfx_vfs_write+0x10/0x10
[ 128.303595][ T6549] ? __fget_files+0x2a/0x420
[ 128.303620][ T6549] ksys_write+0x145/0x250
[ 128.303638][ T6549] ? rcu_is_watching+0x15/0xb0
[ 128.303657][ T6549] ? __pfx_ksys_write+0x10/0x10
[ 128.303681][ T6549] ? do_syscall_64+0xba/0x210
[ 128.303701][ T6549] do_syscall_64+0xf6/0x210
[ 128.303720][ T6549] ? clear_bhb_loop+0x60/0xb0
[ 128.303744][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 128.303758][ T6549] RIP: 0033:0x7ff56317e98f
[ 128.303771][ T6549] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 128.303784][ T6549] RSP: 002b:00007ff564035020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 128.303799][ T6549] RAX: ffffffffffffffda RBX: 00007ff563345fa0 RCX: 00007ff56317e98f
[ 128.303810][ T6549] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 128.303820][ T6549] RBP: 00007ff5631f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 128.303830][ T6549] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 128.303839][ T6549] R13: 0000000000000000 R14: 00007ff563345fa0 R15: 00007ffca324b8d8
[ 128.303864][ T6549]
[ 128.303870][ T6549] Disabling lock debugging due to kernel taint
[ 128.715757][ T6549] BUG: Bad page state in process syz.0.15 pfn:33310
[ 128.722496][ T6549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x33310
[ 128.732625][ T6549] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 128.740057][ T6549] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 128.748740][ T6549] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 128.757357][ T6549] page dumped because: page_pool leak
[ 128.762828][ T6549] page_owner tracks the page as allocated
[ 128.768599][ T6549] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6549, tgid 6548 (syz.0.15), ts 128082266028, free_ts 124674557223
[ 128.785777][ T6549] post_alloc_hook+0x1d8/0x230
[ 128.791125][ T6549] get_page_from_freelist+0x21c7/0x22a0
[ 128.796735][ T6549] __alloc_frozen_pages_noprof+0x181/0x370
[ 128.802662][ T6549] alloc_pages_bulk_noprof+0x560/0x710
[ 128.808182][ T6549] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 128.814100][ T6549] skb_pp_cow_data+0xaf4/0x12f0
[ 128.819278][ T6549] do_xdp_generic+0x51a/0xd20
[ 128.824152][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 128.830203][ T6549] __netif_receive_skb+0x72/0x380
[ 128.835252][ T6549] netif_receive_skb+0x1cb/0x790
[ 128.840245][ T6549] tun_rx_batched+0x1b9/0x730
[ 128.844940][ T6549] tun_get_user+0x2879/0x3c20
[ 128.849691][ T6549] tun_chr_write_iter+0x113/0x200
[ 128.854821][ T6549] vfs_write+0x54b/0xa90
[ 128.859117][ T6549] ksys_write+0x145/0x250
[ 128.863463][ T6549] do_syscall_64+0xf6/0x210
[ 128.868021][ T6549] page last free pid 6431 tgid 6431 stack trace:
[ 128.874399][ T6549] __free_frozen_pages+0xb05/0xcd0
[ 128.879572][ T6549] vfree+0x1a6/0x330
[ 128.883477][ T6549] kcov_close+0x28/0x50
[ 128.887691][ T6549] __fput+0x449/0xa70
[ 128.891787][ T6549] task_work_run+0x1d4/0x260
[ 128.896408][ T6549] do_exit+0x8d6/0x2550
[ 128.900633][ T6549] do_group_exit+0x21c/0x2d0
[ 128.905328][ T6549] get_signal+0x125e/0x1310
[ 128.909891][ T6549] arch_do_signal_or_restart+0x95/0x780
[ 128.915459][ T6549] syscall_exit_to_user_mode+0x8b/0x120
[ 128.921071][ T6549] do_syscall_64+0x103/0x210
[ 128.925677][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 128.931710][ T6549] Modules linked in:
[ 128.935628][ T6549] CPU: 0 UID: 0 PID: 6549 Comm: syz.0.15 Tainted: G B 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full)
[ 128.935653][ T6549] Tainted: [B]=BAD_PAGE
[ 128.935658][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 128.935668][ T6549] Call Trace:
[ 128.935674][ T6549]
[ 128.935681][ T6549] dump_stack_lvl+0x189/0x250
[ 128.935712][ T6549] ? __pfx_dump_stack_lvl+0x10/0x10
[ 128.935731][ T6549] ? __pfx_print_modules+0x10/0x10
[ 128.935749][ T6549] bad_page+0x15e/0x1a0
[ 128.935768][ T6549] __free_frozen_pages+0xc77/0xcd0
[ 128.935786][ T6549] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 128.935815][ T6549] bpf_xdp_adjust_tail+0x1d6/0x220
[ 128.935835][ T6549] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 128.935849][ T6549] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 128.935880][ T6549] do_xdp_generic+0x76e/0xd20
[ 128.935903][ T6549] ? __pfx_do_xdp_generic+0x10/0x10
[ 128.935922][ T6549] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 128.935953][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 128.935973][ T6549] ? __pfx___up_read+0x10/0x10
[ 128.935988][ T6549] ? do_user_addr_fault+0xbc1/0x1390
[ 128.936011][ T6549] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 128.936031][ T6549] ? __lock_acquire+0xaac/0xd20
[ 128.936052][ T6549] ? netif_receive_skb+0x115/0x790
[ 128.936067][ T6549] ? netif_receive_skb+0x115/0x790
[ 128.936081][ T6549] __netif_receive_skb+0x72/0x380
[ 128.936096][ T6549] ? rep_movs_alternative+0x4a/0x90
[ 128.936112][ T6549] ? netif_receive_skb+0x115/0x790
[ 128.936124][ T6549] netif_receive_skb+0x1cb/0x790
[ 128.936139][ T6549] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 128.936159][ T6549] ? _copy_from_iter+0x24c/0x15a0
[ 128.936176][ T6549] ? __pfx_netif_receive_skb+0x10/0x10
[ 128.936192][ T6549] ? sock_alloc_send_pskb+0x875/0x990
[ 128.936213][ T6549] ? __pfx__copy_from_iter+0x10/0x10
[ 128.936231][ T6549] ? tun_rx_batched+0x160/0x730
[ 128.936252][ T6549] tun_rx_batched+0x1b9/0x730
[ 128.936273][ T6549] ? __pfx_tun_rx_batched+0x10/0x10
[ 128.936294][ T6549] ? tun_get_user+0x2444/0x3c20
[ 128.936317][ T6549] ? tun_get_user+0x2444/0x3c20
[ 128.936337][ T6549] ? tun_get_user+0x2444/0x3c20
[ 128.936356][ T6549] tun_get_user+0x2879/0x3c20
[ 128.936383][ T6549] ? preempt_schedule+0xae/0xc0
[ 128.936400][ T6549] ? __pfx_tun_get_user+0x10/0x10
[ 128.936420][ T6549] ? preempt_schedule_common+0x83/0xd0
[ 128.936435][ T6549] ? preempt_schedule+0xae/0xc0
[ 128.936450][ T6549] ? __pfx_preempt_schedule+0x10/0x10
[ 128.936466][ T6549] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 128.936482][ T6549] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 128.936501][ T6549] ? ref_tracker_alloc+0x318/0x460
[ 128.936521][ T6549] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 128.936536][ T6549] ? tun_get+0x1c/0x2f0
[ 128.936554][ T6549] ? tun_get+0x1c/0x2f0
[ 128.936571][ T6549] ? tun_get+0x1c/0x2f0
[ 128.936589][ T6549] tun_chr_write_iter+0x113/0x200
[ 128.936607][ T6549] vfs_write+0x54b/0xa90
[ 128.936629][ T6549] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 128.936649][ T6549] ? __pfx_vfs_write+0x10/0x10
[ 128.936670][ T6549] ? __fget_files+0x2a/0x420
[ 128.936694][ T6549] ksys_write+0x145/0x250
[ 128.936711][ T6549] ? rcu_is_watching+0x15/0xb0
[ 128.936731][ T6549] ? __pfx_ksys_write+0x10/0x10
[ 128.936748][ T6549] ? do_syscall_64+0xba/0x210
[ 128.936768][ T6549] do_syscall_64+0xf6/0x210
[ 128.936782][ T6549] ? clear_bhb_loop+0x60/0xb0
[ 128.936797][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 128.936810][ T6549] RIP: 0033:0x7ff56317e98f
[ 128.936823][ T6549] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 128.936834][ T6549] RSP: 002b:00007ff564035020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 128.936849][ T6549] RAX: ffffffffffffffda RBX: 00007ff563345fa0 RCX: 00007ff56317e98f
[ 128.936858][ T6549] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 128.936866][ T6549] RBP: 00007ff5631f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 128.936873][ T6549] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 128.936882][ T6549] R13: 0000000000000000 R14: 00007ff563345fa0 R15: 00007ffca324b8d8
[ 128.936897][ T6549]
[ 129.346885][ T6549] BUG: Bad page state in process syz.0.15 pfn:117af
[ 129.353570][ T6549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x117af
[ 129.363724][ T6549] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 129.370990][ T6549] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 129.379738][ T6549] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 129.388966][ T6549] page dumped because: page_pool leak
[ 129.394346][ T6549] page_owner tracks the page as allocated
[ 129.400119][ T6549] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6549, tgid 6548 (syz.0.15), ts 128082248565, free_ts 124674572466
[ 129.417355][ T6549] post_alloc_hook+0x1d8/0x230
[ 129.422142][ T6549] get_page_from_freelist+0x21c7/0x22a0
[ 129.428019][ T6549] __alloc_frozen_pages_noprof+0x181/0x370
[ 129.433863][ T6549] alloc_pages_bulk_noprof+0x560/0x710
[ 129.439507][ T6549] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 129.445422][ T6549] skb_pp_cow_data+0xaf4/0x12f0
[ 129.450339][ T6549] do_xdp_generic+0x51a/0xd20
[ 129.455049][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 129.461133][ T6549] __netif_receive_skb+0x72/0x380
[ 129.466197][ T6549] netif_receive_skb+0x1cb/0x790
[ 129.471195][ T6549] tun_rx_batched+0x1b9/0x730
[ 129.475998][ T6549] tun_get_user+0x2879/0x3c20
[ 129.480768][ T6549] tun_chr_write_iter+0x113/0x200
[ 129.485815][ T6549] vfs_write+0x54b/0xa90
[ 129.490304][ T6549] ksys_write+0x145/0x250
[ 129.494663][ T6549] do_syscall_64+0xf6/0x210
[ 129.499232][ T6549] page last free pid 6431 tgid 6431 stack trace:
[ 129.505561][ T6549] __free_frozen_pages+0xb05/0xcd0
[ 129.511264][ T6549] vfree+0x1a6/0x330
[ 129.515519][ T6549] kcov_close+0x28/0x50
[ 129.519736][ T6549] __fput+0x449/0xa70
[ 129.523734][ T6549] task_work_run+0x1d4/0x260
[ 129.528394][ T6549] do_exit+0x8d6/0x2550
[ 129.532739][ T6549] do_group_exit+0x21c/0x2d0
[ 129.537511][ T6549] get_signal+0x125e/0x1310
[ 129.542043][ T6549] arch_do_signal_or_restart+0x95/0x780
[ 129.547666][ T6549] syscall_exit_to_user_mode+0x8b/0x120
[ 129.553317][ T6549] do_syscall_64+0x103/0x210
[ 129.558032][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.564124][ T6549] Modules linked in:
[ 129.568274][ T6549] CPU: 0 UID: 0 PID: 6549 Comm: syz.0.15 Tainted: G B 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full)
[ 129.568295][ T6549] Tainted: [B]=BAD_PAGE
[ 129.568300][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 129.568309][ T6549] Call Trace:
[ 129.568314][ T6549]
[ 129.568320][ T6549] dump_stack_lvl+0x189/0x250
[ 129.568346][ T6549] ? __pfx_dump_stack_lvl+0x10/0x10
[ 129.568362][ T6549] ? __pfx_print_modules+0x10/0x10
[ 129.568379][ T6549] bad_page+0x15e/0x1a0
[ 129.568397][ T6549] __free_frozen_pages+0xc77/0xcd0
[ 129.568414][ T6549] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 129.568440][ T6549] bpf_xdp_adjust_tail+0x1d6/0x220
[ 129.568459][ T6549] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 129.568473][ T6549] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 129.568508][ T6549] do_xdp_generic+0x76e/0xd20
[ 129.568534][ T6549] ? __pfx_do_xdp_generic+0x10/0x10
[ 129.568554][ T6549] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 129.568585][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 129.568605][ T6549] ? __pfx___up_read+0x10/0x10
[ 129.568622][ T6549] ? do_user_addr_fault+0xbc1/0x1390
[ 129.568645][ T6549] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 129.568675][ T6549] ? __lock_acquire+0xaac/0xd20
[ 129.568696][ T6549] ? netif_receive_skb+0x115/0x790
[ 129.568710][ T6549] ? netif_receive_skb+0x115/0x790
[ 129.568725][ T6549] __netif_receive_skb+0x72/0x380
[ 129.568740][ T6549] ? rep_movs_alternative+0x4a/0x90
[ 129.568756][ T6549] ? netif_receive_skb+0x115/0x790
[ 129.568769][ T6549] netif_receive_skb+0x1cb/0x790
[ 129.568784][ T6549] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 129.568804][ T6549] ? _copy_from_iter+0x24c/0x15a0
[ 129.568822][ T6549] ? __pfx_netif_receive_skb+0x10/0x10
[ 129.568836][ T6549] ? sock_alloc_send_pskb+0x875/0x990
[ 129.568857][ T6549] ? __pfx__copy_from_iter+0x10/0x10
[ 129.568874][ T6549] ? tun_rx_batched+0x160/0x730
[ 129.568895][ T6549] tun_rx_batched+0x1b9/0x730
[ 129.568918][ T6549] ? __pfx_tun_rx_batched+0x10/0x10
[ 129.568939][ T6549] ? tun_get_user+0x2444/0x3c20
[ 129.568961][ T6549] ? tun_get_user+0x2444/0x3c20
[ 129.568981][ T6549] ? tun_get_user+0x2444/0x3c20
[ 129.569001][ T6549] tun_get_user+0x2879/0x3c20
[ 129.569027][ T6549] ? preempt_schedule+0xae/0xc0
[ 129.569044][ T6549] ? __pfx_tun_get_user+0x10/0x10
[ 129.569062][ T6549] ? preempt_schedule_common+0x83/0xd0
[ 129.569079][ T6549] ? preempt_schedule+0xae/0xc0
[ 129.569094][ T6549] ? __pfx_preempt_schedule+0x10/0x10
[ 129.569110][ T6549] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 129.569127][ T6549] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 129.569144][ T6549] ? ref_tracker_alloc+0x318/0x460
[ 129.569161][ T6549] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 129.569179][ T6549] ? tun_get+0x1c/0x2f0
[ 129.569200][ T6549] ? tun_get+0x1c/0x2f0
[ 129.569219][ T6549] ? tun_get+0x1c/0x2f0
[ 129.569239][ T6549] tun_chr_write_iter+0x113/0x200
[ 129.569260][ T6549] vfs_write+0x54b/0xa90
[ 129.569281][ T6549] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 129.569301][ T6549] ? __pfx_vfs_write+0x10/0x10
[ 129.569323][ T6549] ? __fget_files+0x2a/0x420
[ 129.569340][ T6549] ksys_write+0x145/0x250
[ 129.569359][ T6549] ? rcu_is_watching+0x15/0xb0
[ 129.569379][ T6549] ? __pfx_ksys_write+0x10/0x10
[ 129.569399][ T6549] ? do_syscall_64+0xba/0x210
[ 129.569418][ T6549] do_syscall_64+0xf6/0x210
[ 129.569436][ T6549] ? clear_bhb_loop+0x60/0xb0
[ 129.569453][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.569467][ T6549] RIP: 0033:0x7ff56317e98f
[ 129.569480][ T6549] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 129.569493][ T6549] RSP: 002b:00007ff564035020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 129.569510][ T6549] RAX: ffffffffffffffda RBX: 00007ff563345fa0 RCX: 00007ff56317e98f
[ 129.569521][ T6549] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 129.569531][ T6549] RBP: 00007ff5631f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 129.569551][ T6549] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 129.569561][ T6549] R13: 0000000000000000 R14: 00007ff563345fa0 R15: 00007ffca324b8d8
[ 129.569579][ T6549]
[ 129.569589][ T6549] BUG: Bad page state in process syz.0.15 pfn:2978b
[ 129.656634][ T5128] Bluetooth: hci0: command tx timeout
[ 129.659709][ T6549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802978bc60 pfn:0x2978b
[ 130.001428][ T6549] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 130.008590][ T6549] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 130.017217][ T6549] raw: ffff88802978bc60 0000000000000001 00000000ffffffff 0000000000000000
[ 130.025788][ T6549] page dumped because: page_pool leak
[ 130.031290][ T6549] page_owner tracks the page as allocated
[ 130.037033][ T6549] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6549, tgid 6548 (syz.0.15), ts 128082231331, free_ts 124767626789
[ 130.054138][ T6549] post_alloc_hook+0x1d8/0x230
[ 130.058958][ T6549] get_page_from_freelist+0x21c7/0x22a0
[ 130.064677][ T6549] __alloc_frozen_pages_noprof+0x181/0x370
[ 130.070535][ T6549] alloc_pages_bulk_noprof+0x560/0x710
[ 130.076212][ T6549] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 130.082163][ T6549] skb_pp_cow_data+0xaf4/0x12f0
[ 130.087128][ T6549] do_xdp_generic+0x51a/0xd20
[ 130.091795][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 130.097535][ T6549] __netif_receive_skb+0x72/0x380
[ 130.102565][ T6549] netif_receive_skb+0x1cb/0x790
[ 130.107530][ T6549] tun_rx_batched+0x1b9/0x730
[ 130.112208][ T6549] tun_get_user+0x2879/0x3c20
[ 130.116910][ T6549] tun_chr_write_iter+0x113/0x200
[ 130.122093][ T6549] vfs_write+0x54b/0xa90
[ 130.126321][ T6549] ksys_write+0x145/0x250
[ 130.130675][ T6549] do_syscall_64+0xf6/0x210
[ 130.135189][ T6549] page last free pid 6431 tgid 6431 stack trace:
[ 130.141545][ T6549] __free_frozen_pages+0xb05/0xcd0
[ 130.146701][ T6549] vfree+0x1a6/0x330
[ 130.150595][ T6549] kcov_close+0x28/0x50
[ 130.154830][ T6549] __fput+0x449/0xa70
[ 130.158831][ T6549] task_work_run+0x1d4/0x260
[ 130.163603][ T6549] do_exit+0x8d6/0x2550
[ 130.167878][ T6549] do_group_exit+0x21c/0x2d0
[ 130.172471][ T6549] get_signal+0x125e/0x1310
[ 130.177001][ T6549] arch_do_signal_or_restart+0x95/0x780
[ 130.182565][ T6549] syscall_exit_to_user_mode+0x8b/0x120
[ 130.188148][ T6549] do_syscall_64+0x103/0x210
[ 130.192743][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.198659][ T6549] Modules linked in:
[ 130.202644][ T6549] CPU: 0 UID: 0 PID: 6549 Comm: syz.0.15 Tainted: G B 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full)
[ 130.202659][ T6549] Tainted: [B]=BAD_PAGE
[ 130.202662][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 130.202668][ T6549] Call Trace:
[ 130.202672][ T6549]
[ 130.202676][ T6549] dump_stack_lvl+0x189/0x250
[ 130.202695][ T6549] ? __pfx_dump_stack_lvl+0x10/0x10
[ 130.202711][ T6549] ? __pfx_print_modules+0x10/0x10
[ 130.202727][ T6549] bad_page+0x15e/0x1a0
[ 130.202745][ T6549] __free_frozen_pages+0xc77/0xcd0
[ 130.202760][ T6549] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 130.202787][ T6549] bpf_xdp_adjust_tail+0x1d6/0x220
[ 130.202805][ T6549] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 130.202816][ T6549] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 130.202836][ T6549] do_xdp_generic+0x76e/0xd20
[ 130.202851][ T6549] ? __pfx_do_xdp_generic+0x10/0x10
[ 130.202863][ T6549] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 130.202881][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 130.202892][ T6549] ? __pfx___up_read+0x10/0x10
[ 130.202901][ T6549] ? do_user_addr_fault+0xbc1/0x1390
[ 130.202917][ T6549] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 130.202928][ T6549] ? __lock_acquire+0xaac/0xd20
[ 130.202940][ T6549] ? netif_receive_skb+0x115/0x790
[ 130.202948][ T6549] ? netif_receive_skb+0x115/0x790
[ 130.202956][ T6549] __netif_receive_skb+0x72/0x380
[ 130.202965][ T6549] ? rep_movs_alternative+0x4a/0x90
[ 130.202974][ T6549] ? netif_receive_skb+0x115/0x790
[ 130.202981][ T6549] netif_receive_skb+0x1cb/0x790
[ 130.202989][ T6549] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 130.203002][ T6549] ? _copy_from_iter+0x24c/0x15a0
[ 130.203013][ T6549] ? __pfx_netif_receive_skb+0x10/0x10
[ 130.203027][ T6549] ? sock_alloc_send_pskb+0x875/0x990
[ 130.203040][ T6549] ? __pfx__copy_from_iter+0x10/0x10
[ 130.203050][ T6549] ? tun_rx_batched+0x160/0x730
[ 130.203064][ T6549] tun_rx_batched+0x1b9/0x730
[ 130.203077][ T6549] ? __pfx_tun_rx_batched+0x10/0x10
[ 130.203090][ T6549] ? tun_get_user+0x2444/0x3c20
[ 130.203104][ T6549] ? tun_get_user+0x2444/0x3c20
[ 130.203116][ T6549] ? tun_get_user+0x2444/0x3c20
[ 130.203127][ T6549] tun_get_user+0x2879/0x3c20
[ 130.203143][ T6549] ? preempt_schedule+0xae/0xc0
[ 130.203153][ T6549] ? __pfx_tun_get_user+0x10/0x10
[ 130.203164][ T6549] ? preempt_schedule_common+0x83/0xd0
[ 130.203173][ T6549] ? preempt_schedule+0xae/0xc0
[ 130.203182][ T6549] ? __pfx_preempt_schedule+0x10/0x10
[ 130.203191][ T6549] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 130.203201][ T6549] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 130.203211][ T6549] ? ref_tracker_alloc+0x318/0x460
[ 130.203221][ T6549] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 130.203232][ T6549] ? tun_get+0x1c/0x2f0
[ 130.203245][ T6549] ? tun_get+0x1c/0x2f0
[ 130.203256][ T6549] ? tun_get+0x1c/0x2f0
[ 130.203268][ T6549] tun_chr_write_iter+0x113/0x200
[ 130.203286][ T6549] vfs_write+0x54b/0xa90
[ 130.203299][ T6549] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 130.203311][ T6549] ? __pfx_vfs_write+0x10/0x10
[ 130.203325][ T6549] ? __fget_files+0x2a/0x420
[ 130.203334][ T6549] ksys_write+0x145/0x250
[ 130.203346][ T6549] ? rcu_is_watching+0x15/0xb0
[ 130.203359][ T6549] ? __pfx_ksys_write+0x10/0x10
[ 130.203371][ T6549] ? do_syscall_64+0xba/0x210
[ 130.203382][ T6549] do_syscall_64+0xf6/0x210
[ 130.203393][ T6549] ? clear_bhb_loop+0x60/0xb0
[ 130.203403][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.203412][ T6549] RIP: 0033:0x7ff56317e98f
[ 130.203421][ T6549] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 130.203428][ T6549] RSP: 002b:00007ff564035020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 130.203439][ T6549] RAX: ffffffffffffffda RBX: 00007ff563345fa0 RCX: 00007ff56317e98f
[ 130.203445][ T6549] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 130.203450][ T6549] RBP: 00007ff5631f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 130.203456][ T6549] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 130.203461][ T6549] R13: 0000000000000000 R14: 00007ff563345fa0 R15: 00007ffca324b8d8
[ 130.203470][ T6549]
[ 130.203478][ T6549] BUG: Bad page state in process syz.0.15 pfn:66229
[ 130.619033][ T6549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7fa7a6a48 pfn:0x66229
[ 130.628522][ T6549] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 130.635722][ T6549] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 130.644343][ T6549] raw: 00000007fa7a6a48 0000000000000001 00000000ffffffff 0000000000000000
[ 130.652947][ T6549] page dumped because: page_pool leak
[ 130.658332][ T6549] page_owner tracks the page as allocated
[ 130.664054][ T6549] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6549, tgid 6548 (syz.0.15), ts 128082213727, free_ts 124777380077
[ 130.681038][ T6549] post_alloc_hook+0x1d8/0x230
[ 130.685803][ T6549] get_page_from_freelist+0x21c7/0x22a0
[ 130.691458][ T6549] __alloc_frozen_pages_noprof+0x181/0x370
[ 130.697533][ T6549] alloc_pages_bulk_noprof+0x560/0x710
[ 130.702996][ T6549] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 130.709112][ T6549] skb_pp_cow_data+0xaf4/0x12f0
[ 130.713977][ T6549] do_xdp_generic+0x51a/0xd20
[ 130.718686][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 130.724408][ T6549] __netif_receive_skb+0x72/0x380
[ 130.729458][ T6549] netif_receive_skb+0x1cb/0x790
[ 130.734396][ T6549] tun_rx_batched+0x1b9/0x730
[ 130.739193][ T6549] tun_get_user+0x2879/0x3c20
[ 130.743880][ T6549] tun_chr_write_iter+0x113/0x200
[ 130.748938][ T6549] vfs_write+0x54b/0xa90
[ 130.753181][ T6549] ksys_write+0x145/0x250
[ 130.757549][ T6549] do_syscall_64+0xf6/0x210
[ 130.762054][ T6549] page last free pid 23 tgid 23 stack trace:
[ 130.768139][ T6549] __free_frozen_pages+0xb05/0xcd0
[ 130.773345][ T6549] __tlb_remove_table+0x2d2/0x3b0
[ 130.778398][ T6549] tlb_remove_table_rcu+0x85/0x100
[ 130.783514][ T6549] rcu_core+0xca5/0x1710
[ 130.787784][ T6549] handle_softirqs+0x283/0x870
[ 130.792638][ T6549] run_ksoftirqd+0x9b/0x100
[ 130.797176][ T6549] smpboot_thread_fn+0x53f/0xa60
[ 130.802206][ T6549] kthread+0x711/0x8a0
[ 130.806264][ T6549] ret_from_fork+0x4b/0x80
[ 130.810797][ T6549] ret_from_fork_asm+0x1a/0x30
[ 130.815747][ T6549] Modules linked in:
[ 130.819759][ T6549] CPU: 0 UID: 0 PID: 6549 Comm: syz.0.15 Tainted: G B 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full)
[ 130.819781][ T6549] Tainted: [B]=BAD_PAGE
[ 130.819785][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 130.819793][ T6549] Call Trace:
[ 130.819798][ T6549]
[ 130.819804][ T6549] dump_stack_lvl+0x189/0x250
[ 130.819827][ T6549] ? __pfx_dump_stack_lvl+0x10/0x10
[ 130.819842][ T6549] ? __pfx_print_modules+0x10/0x10
[ 130.819859][ T6549] bad_page+0x15e/0x1a0
[ 130.819880][ T6549] __free_frozen_pages+0xc77/0xcd0
[ 130.819899][ T6549] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 130.819930][ T6549] bpf_xdp_adjust_tail+0x1d6/0x220
[ 130.819952][ T6549] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 130.819965][ T6549] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 130.819998][ T6549] do_xdp_generic+0x76e/0xd20
[ 130.820023][ T6549] ? __pfx_do_xdp_generic+0x10/0x10
[ 130.820043][ T6549] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 130.820074][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 130.820095][ T6549] ? __pfx___up_read+0x10/0x10
[ 130.820107][ T6549] ? do_user_addr_fault+0xbc1/0x1390
[ 130.820130][ T6549] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 130.820150][ T6549] ? __lock_acquire+0xaac/0xd20
[ 130.820170][ T6549] ? netif_receive_skb+0x115/0x790
[ 130.820185][ T6549] ? netif_receive_skb+0x115/0x790
[ 130.820200][ T6549] __netif_receive_skb+0x72/0x380
[ 130.820216][ T6549] ? rep_movs_alternative+0x4a/0x90
[ 130.820231][ T6549] ? netif_receive_skb+0x115/0x790
[ 130.820243][ T6549] netif_receive_skb+0x1cb/0x790
[ 130.820256][ T6549] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 130.820274][ T6549] ? _copy_from_iter+0x24c/0x15a0
[ 130.820291][ T6549] ? __pfx_netif_receive_skb+0x10/0x10
[ 130.820316][ T6549] ? sock_alloc_send_pskb+0x875/0x990
[ 130.820337][ T6549] ? __pfx__copy_from_iter+0x10/0x10
[ 130.820354][ T6549] ? tun_rx_batched+0x160/0x730
[ 130.820376][ T6549] tun_rx_batched+0x1b9/0x730
[ 130.820399][ T6549] ? __pfx_tun_rx_batched+0x10/0x10
[ 130.820420][ T6549] ? tun_get_user+0x2444/0x3c20
[ 130.820443][ T6549] ? tun_get_user+0x2444/0x3c20
[ 130.820462][ T6549] ? tun_get_user+0x2444/0x3c20
[ 130.820481][ T6549] tun_get_user+0x2879/0x3c20
[ 130.820511][ T6549] ? preempt_schedule+0xae/0xc0
[ 130.820530][ T6549] ? __pfx_tun_get_user+0x10/0x10
[ 130.820547][ T6549] ? preempt_schedule_common+0x83/0xd0
[ 130.820565][ T6549] ? preempt_schedule+0xae/0xc0
[ 130.820580][ T6549] ? __pfx_preempt_schedule+0x10/0x10
[ 130.820597][ T6549] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 130.820619][ T6549] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 130.820638][ T6549] ? ref_tracker_alloc+0x318/0x460
[ 130.820660][ T6549] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 130.820679][ T6549] ? tun_get+0x1c/0x2f0
[ 130.820701][ T6549] ? tun_get+0x1c/0x2f0
[ 130.820724][ T6549] ? tun_get+0x1c/0x2f0
[ 130.820744][ T6549] tun_chr_write_iter+0x113/0x200
[ 130.820770][ T6549] vfs_write+0x54b/0xa90
[ 130.820795][ T6549] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 130.820815][ T6549] ? __pfx_vfs_write+0x10/0x10
[ 130.820838][ T6549] ? __fget_files+0x2a/0x420
[ 130.820855][ T6549] ksys_write+0x145/0x250
[ 130.820874][ T6549] ? rcu_is_watching+0x15/0xb0
[ 130.820896][ T6549] ? __pfx_ksys_write+0x10/0x10
[ 130.820915][ T6549] ? do_syscall_64+0xba/0x210
[ 130.820934][ T6549] do_syscall_64+0xf6/0x210
[ 130.820952][ T6549] ? clear_bhb_loop+0x60/0xb0
[ 130.820969][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.820983][ T6549] RIP: 0033:0x7ff56317e98f
[ 130.820997][ T6549] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 130.821010][ T6549] RSP: 002b:00007ff564035020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 130.821027][ T6549] RAX: ffffffffffffffda RBX: 00007ff563345fa0 RCX: 00007ff56317e98f
[ 130.821038][ T6549] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 130.821048][ T6549] RBP: 00007ff5631f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 130.821057][ T6549] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 130.821067][ T6549] R13: 0000000000000000 R14: 00007ff563345fa0 R15: 00007ffca324b8d8
[ 130.821083][ T6549]
[ 130.821093][ T6549] BUG: Bad page state in process syz.0.15 pfn:6622a
[ 131.236377][ T6549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x700000000 pfn:0x6622a
[ 131.245867][ T6549] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 131.253022][ T6549] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 131.261811][ T6549] raw: 0000000700000000 0000000000000001 00000000ffffffff 0000000000000000
[ 131.270418][ T6549] page dumped because: page_pool leak
[ 131.275790][ T6549] page_owner tracks the page as allocated
[ 131.281622][ T6549] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6549, tgid 6548 (syz.0.15), ts 128082196322, free_ts 124777402915
[ 131.298496][ T6549] post_alloc_hook+0x1d8/0x230
[ 131.303253][ T6549] get_page_from_freelist+0x21c7/0x22a0
[ 131.308823][ T6549] __alloc_frozen_pages_noprof+0x181/0x370
[ 131.314656][ T6549] alloc_pages_bulk_noprof+0x560/0x710
[ 131.320160][ T6549] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 131.326058][ T6549] skb_pp_cow_data+0xaf4/0x12f0
[ 131.331023][ T6549] do_xdp_generic+0x51a/0xd20
[ 131.335706][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 131.341537][ T6549] __netif_receive_skb+0x72/0x380
[ 131.346601][ T6549] netif_receive_skb+0x1cb/0x790
[ 131.351534][ T6549] tun_rx_batched+0x1b9/0x730
[ 131.356198][ T6549] tun_get_user+0x2879/0x3c20
[ 131.360905][ T6549] tun_chr_write_iter+0x113/0x200
[ 131.365929][ T6549] vfs_write+0x54b/0xa90
[ 131.370192][ T6549] ksys_write+0x145/0x250
[ 131.374530][ T6549] do_syscall_64+0xf6/0x210
[ 131.379071][ T6549] page last free pid 23 tgid 23 stack trace:
[ 131.385044][ T6549] __free_frozen_pages+0xb05/0xcd0
[ 131.390283][ T6549] __tlb_remove_table+0x2d2/0x3b0
[ 131.395317][ T6549] tlb_remove_table_rcu+0x85/0x100
[ 131.400633][ T6549] rcu_core+0xca5/0x1710
[ 131.405095][ T6549] handle_softirqs+0x283/0x870
[ 131.409893][ T6549] run_ksoftirqd+0x9b/0x100
[ 131.414570][ T6549] smpboot_thread_fn+0x53f/0xa60
[ 131.419540][ T6549] kthread+0x711/0x8a0
[ 131.423614][ T6549] ret_from_fork+0x4b/0x80
[ 131.428048][ T6549] ret_from_fork_asm+0x1a/0x30
[ 131.432811][ T6549] Modules linked in:
[ 131.436734][ T6549] CPU: 0 UID: 0 PID: 6549 Comm: syz.0.15 Tainted: G B 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full)
[ 131.436756][ T6549] Tainted: [B]=BAD_PAGE
[ 131.436760][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 131.436769][ T6549] Call Trace:
[ 131.436774][ T6549]
[ 131.436780][ T6549] dump_stack_lvl+0x189/0x250
[ 131.436803][ T6549] ? __pfx_dump_stack_lvl+0x10/0x10
[ 131.436821][ T6549] ? __pfx_print_modules+0x10/0x10
[ 131.436839][ T6549] bad_page+0x15e/0x1a0
[ 131.436858][ T6549] __free_frozen_pages+0xc77/0xcd0
[ 131.436877][ T6549] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 131.436907][ T6549] bpf_xdp_adjust_tail+0x1d6/0x220
[ 131.436929][ T6549] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 131.436943][ T6549] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 131.436976][ T6549] do_xdp_generic+0x76e/0xd20
[ 131.437000][ T6549] ? __pfx_do_xdp_generic+0x10/0x10
[ 131.437020][ T6549] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 131.437051][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 131.437072][ T6549] ? __pfx___up_read+0x10/0x10
[ 131.437087][ T6549] ? do_user_addr_fault+0xbc1/0x1390
[ 131.437112][ T6549] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 131.437133][ T6549] ? __lock_acquire+0xaac/0xd20
[ 131.437154][ T6549] ? netif_receive_skb+0x115/0x790
[ 131.437168][ T6549] ? netif_receive_skb+0x115/0x790
[ 131.437183][ T6549] __netif_receive_skb+0x72/0x380
[ 131.437198][ T6549] ? rep_movs_alternative+0x4a/0x90
[ 131.437213][ T6549] ? netif_receive_skb+0x115/0x790
[ 131.437227][ T6549] netif_receive_skb+0x1cb/0x790
[ 131.437301][ T6549] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 131.437321][ T6549] ? _copy_from_iter+0x24c/0x15a0
[ 131.437337][ T6549] ? __pfx_netif_receive_skb+0x10/0x10
[ 131.437351][ T6549] ? sock_alloc_send_pskb+0x875/0x990
[ 131.437372][ T6549] ? __pfx__copy_from_iter+0x10/0x10
[ 131.437389][ T6549] ? tun_rx_batched+0x160/0x730
[ 131.437409][ T6549] tun_rx_batched+0x1b9/0x730
[ 131.437432][ T6549] ? __pfx_tun_rx_batched+0x10/0x10
[ 131.437453][ T6549] ? tun_get_user+0x2444/0x3c20
[ 131.437476][ T6549] ? tun_get_user+0x2444/0x3c20
[ 131.437492][ T6549] ? tun_get_user+0x2444/0x3c20
[ 131.437506][ T6549] tun_get_user+0x2879/0x3c20
[ 131.437530][ T6549] ? preempt_schedule+0xae/0xc0
[ 131.437548][ T6549] ? __pfx_tun_get_user+0x10/0x10
[ 131.437567][ T6549] ? preempt_schedule_common+0x83/0xd0
[ 131.437585][ T6549] ? preempt_schedule+0xae/0xc0
[ 131.437601][ T6549] ? __pfx_preempt_schedule+0x10/0x10
[ 131.437618][ T6549] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 131.437635][ T6549] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 131.437653][ T6549] ? ref_tracker_alloc+0x318/0x460
[ 131.437671][ T6549] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 131.437689][ T6549] ? tun_get+0x1c/0x2f0
[ 131.437709][ T6549] ? tun_get+0x1c/0x2f0
[ 131.437727][ T6549] ? tun_get+0x1c/0x2f0
[ 131.437748][ T6549] tun_chr_write_iter+0x113/0x200
[ 131.437770][ T6549] vfs_write+0x54b/0xa90
[ 131.437792][ T6549] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 131.437812][ T6549] ? __pfx_vfs_write+0x10/0x10
[ 131.437835][ T6549] ? __fget_files+0x2a/0x420
[ 131.437852][ T6549] ksys_write+0x145/0x250
[ 131.437871][ T6549] ? rcu_is_watching+0x15/0xb0
[ 131.437892][ T6549] ? __pfx_ksys_write+0x10/0x10
[ 131.437914][ T6549] ? do_syscall_64+0xba/0x210
[ 131.437933][ T6549] do_syscall_64+0xf6/0x210
[ 131.437950][ T6549] ? clear_bhb_loop+0x60/0xb0
[ 131.437968][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.437982][ T6549] RIP: 0033:0x7ff56317e98f
[ 131.437996][ T6549] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 131.438008][ T6549] RSP: 002b:00007ff564035020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 131.438025][ T6549] RAX: ffffffffffffffda RBX: 00007ff563345fa0 RCX: 00007ff56317e98f
[ 131.438036][ T6549] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 131.438045][ T6549] RBP: 00007ff5631f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 131.438055][ T6549] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 131.438064][ T6549] R13: 0000000000000000 R14: 00007ff563345fa0 R15: 00007ffca324b8d8
[ 131.438081][ T6549]
[ 131.438091][ T6549] BUG: Bad page state in process syz.0.15 pfn:79d6e
[ 131.736716][ T5128] Bluetooth: hci0: command tx timeout
[ 131.737044][ T6549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888079d6efc0 pfn:0x79d6e
[ 131.869694][ T6549] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 131.877109][ T6549] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 131.885795][ T6549] raw: ffff888079d6efc0 0000000000000001 00000000ffffffff 0000000000000000
[ 131.894500][ T6549] page dumped because: page_pool leak
[ 131.899949][ T6549] page_owner tracks the page as allocated
[ 131.905918][ T6549] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6549, tgid 6548 (syz.0.15), ts 128082178830, free_ts 124777416504
[ 131.922795][ T6549] post_alloc_hook+0x1d8/0x230
[ 131.927713][ T6549] get_page_from_freelist+0x21c7/0x22a0
[ 131.933341][ T6549] __alloc_frozen_pages_noprof+0x181/0x370
[ 131.939174][ T6549] alloc_pages_bulk_noprof+0x560/0x710
[ 131.944633][ T6549] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 131.950664][ T6549] skb_pp_cow_data+0xaf4/0x12f0
[ 131.955537][ T6549] do_xdp_generic+0x51a/0xd20
[ 131.960244][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 131.965965][ T6549] __netif_receive_skb+0x72/0x380
[ 131.971017][ T6549] netif_receive_skb+0x1cb/0x790
[ 131.975958][ T6549] tun_rx_batched+0x1b9/0x730
[ 131.980673][ T6549] tun_get_user+0x2879/0x3c20
[ 131.985352][ T6549] tun_chr_write_iter+0x113/0x200
[ 131.990405][ T6549] vfs_write+0x54b/0xa90
[ 131.994743][ T6549] ksys_write+0x145/0x250
[ 131.999091][ T6549] do_syscall_64+0xf6/0x210
[ 132.003604][ T6549] page last free pid 23 tgid 23 stack trace:
[ 132.009608][ T6549] __free_frozen_pages+0xb05/0xcd0
[ 132.014729][ T6549] __tlb_remove_table+0x2d2/0x3b0
[ 132.019772][ T6549] tlb_remove_table_rcu+0x85/0x100
[ 132.024886][ T6549] rcu_core+0xca5/0x1710
[ 132.029271][ T6549] handle_softirqs+0x283/0x870
[ 132.034036][ T6549] run_ksoftirqd+0x9b/0x100
[ 132.038563][ T6549] smpboot_thread_fn+0x53f/0xa60
[ 132.043616][ T6549] kthread+0x711/0x8a0
[ 132.047735][ T6549] ret_from_fork+0x4b/0x80
[ 132.052337][ T6549] ret_from_fork_asm+0x1a/0x30
[ 132.057146][ T6549] Modules linked in:
[ 132.061143][ T6549] CPU: 0 UID: 0 PID: 6549 Comm: syz.0.15 Tainted: G B 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full)
[ 132.061158][ T6549] Tainted: [B]=BAD_PAGE
[ 132.061161][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 132.061167][ T6549] Call Trace:
[ 132.061171][ T6549]
[ 132.061175][ T6549] dump_stack_lvl+0x189/0x250
[ 132.061192][ T6549] ? __pfx_dump_stack_lvl+0x10/0x10
[ 132.061205][ T6549] ? __pfx_print_modules+0x10/0x10
[ 132.061215][ T6549] bad_page+0x15e/0x1a0
[ 132.061228][ T6549] __free_frozen_pages+0xc77/0xcd0
[ 132.061239][ T6549] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 132.061257][ T6549] bpf_xdp_adjust_tail+0x1d6/0x220
[ 132.061269][ T6549] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 132.061277][ T6549] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 132.061297][ T6549] do_xdp_generic+0x76e/0xd20
[ 132.061312][ T6549] ? __pfx_do_xdp_generic+0x10/0x10
[ 132.061324][ T6549] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 132.061342][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 132.061353][ T6549] ? __pfx___up_read+0x10/0x10
[ 132.061363][ T6549] ? do_user_addr_fault+0xbc1/0x1390
[ 132.061378][ T6549] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 132.061389][ T6549] ? __lock_acquire+0xaac/0xd20
[ 132.061401][ T6549] ? netif_receive_skb+0x115/0x790
[ 132.061409][ T6549] ? netif_receive_skb+0x115/0x790
[ 132.061424][ T6549] __netif_receive_skb+0x72/0x380
[ 132.061433][ T6549] ? rep_movs_alternative+0x4a/0x90
[ 132.061442][ T6549] ? netif_receive_skb+0x115/0x790
[ 132.061449][ T6549] netif_receive_skb+0x1cb/0x790
[ 132.061458][ T6549] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 132.061471][ T6549] ? _copy_from_iter+0x24c/0x15a0
[ 132.061481][ T6549] ? __pfx_netif_receive_skb+0x10/0x10
[ 132.061489][ T6549] ? sock_alloc_send_pskb+0x875/0x990
[ 132.061503][ T6549] ? __pfx__copy_from_iter+0x10/0x10
[ 132.061513][ T6549] ? tun_rx_batched+0x160/0x730
[ 132.061527][ T6549] tun_rx_batched+0x1b9/0x730
[ 132.061540][ T6549] ? __pfx_tun_rx_batched+0x10/0x10
[ 132.061553][ T6549] ? tun_get_user+0x2444/0x3c20
[ 132.061566][ T6549] ? tun_get_user+0x2444/0x3c20
[ 132.061578][ T6549] ? tun_get_user+0x2444/0x3c20
[ 132.061590][ T6549] tun_get_user+0x2879/0x3c20
[ 132.061606][ T6549] ? preempt_schedule+0xae/0xc0
[ 132.061616][ T6549] ? __pfx_tun_get_user+0x10/0x10
[ 132.061627][ T6549] ? preempt_schedule_common+0x83/0xd0
[ 132.061637][ T6549] ? preempt_schedule+0xae/0xc0
[ 132.061645][ T6549] ? __pfx_preempt_schedule+0x10/0x10
[ 132.061654][ T6549] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 132.061665][ T6549] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 132.061675][ T6549] ? ref_tracker_alloc+0x318/0x460
[ 132.061685][ T6549] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 132.061695][ T6549] ? tun_get+0x1c/0x2f0
[ 132.061708][ T6549] ? tun_get+0x1c/0x2f0
[ 132.061719][ T6549] ? tun_get+0x1c/0x2f0
[ 132.061731][ T6549] tun_chr_write_iter+0x113/0x200
[ 132.061744][ T6549] vfs_write+0x54b/0xa90
[ 132.061757][ T6549] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 132.061769][ T6549] ? __pfx_vfs_write+0x10/0x10
[ 132.061782][ T6549] ? __fget_files+0x2a/0x420
[ 132.061792][ T6549] ksys_write+0x145/0x250
[ 132.061803][ T6549] ? rcu_is_watching+0x15/0xb0
[ 132.061817][ T6549] ? __pfx_ksys_write+0x10/0x10
[ 132.061829][ T6549] ? do_syscall_64+0xba/0x210
[ 132.061841][ T6549] do_syscall_64+0xf6/0x210
[ 132.061851][ T6549] ? clear_bhb_loop+0x60/0xb0
[ 132.061862][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.061870][ T6549] RIP: 0033:0x7ff56317e98f
[ 132.061878][ T6549] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 132.061886][ T6549] RSP: 002b:00007ff564035020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 132.061897][ T6549] RAX: ffffffffffffffda RBX: 00007ff563345fa0 RCX: 00007ff56317e98f
[ 132.061903][ T6549] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 132.061909][ T6549] RBP: 00007ff5631f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 132.061914][ T6549] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 132.061919][ T6549] R13: 0000000000000000 R14: 00007ff563345fa0 R15: 00007ffca324b8d8
[ 132.061928][ T6549]
[ 132.061935][ T6549] BUG: Bad page state in process syz.0.15 pfn:5fcbb
[ 132.476696][ T6549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5fcbb
[ 132.485627][ T6549] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 132.492905][ T6549] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 132.501606][ T6549] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 132.510299][ T6549] page dumped because: page_pool leak
[ 132.515755][ T6549] page_owner tracks the page as allocated
[ 132.521502][ T6549] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6549, tgid 6548 (syz.0.15), ts 128082161126, free_ts 124777475868
[ 132.538813][ T6549] post_alloc_hook+0x1d8/0x230
[ 132.543560][ T6549] get_page_from_freelist+0x21c7/0x22a0
[ 132.549122][ T6549] __alloc_frozen_pages_noprof+0x181/0x370
[ 132.554938][ T6549] alloc_pages_bulk_noprof+0x560/0x710
[ 132.560422][ T6549] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 132.566412][ T6549] skb_pp_cow_data+0xaf4/0x12f0
[ 132.571288][ T6549] do_xdp_generic+0x51a/0xd20
[ 132.575974][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 132.581717][ T6549] __netif_receive_skb+0x72/0x380
[ 132.586786][ T6549] netif_receive_skb+0x1cb/0x790
[ 132.591845][ T6549] tun_rx_batched+0x1b9/0x730
[ 132.596556][ T6549] tun_get_user+0x2879/0x3c20
[ 132.601238][ T6549] tun_chr_write_iter+0x113/0x200
[ 132.606249][ T6549] vfs_write+0x54b/0xa90
[ 132.610512][ T6549] ksys_write+0x145/0x250
[ 132.614853][ T6549] do_syscall_64+0xf6/0x210
[ 132.619381][ T6549] page last free pid 23 tgid 23 stack trace:
[ 132.625370][ T6549] __free_frozen_pages+0xb05/0xcd0
[ 132.630599][ T6549] __tlb_remove_table+0x2d2/0x3b0
[ 132.635630][ T6549] tlb_remove_table_rcu+0x85/0x100
[ 132.640768][ T6549] rcu_core+0xca5/0x1710
[ 132.645099][ T6549] handle_softirqs+0x283/0x870
[ 132.649895][ T6549] run_ksoftirqd+0x9b/0x100
[ 132.654570][ T6549] smpboot_thread_fn+0x53f/0xa60
[ 132.659539][ T6549] kthread+0x711/0x8a0
[ 132.663616][ T6549] ret_from_fork+0x4b/0x80
[ 132.668043][ T6549] ret_from_fork_asm+0x1a/0x30
[ 132.672822][ T6549] Modules linked in:
[ 132.676736][ T6549] CPU: 0 UID: 0 PID: 6549 Comm: syz.0.15 Tainted: G B 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full)
[ 132.676758][ T6549] Tainted: [B]=BAD_PAGE
[ 132.676764][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 132.676772][ T6549] Call Trace:
[ 132.676778][ T6549]
[ 132.676784][ T6549] dump_stack_lvl+0x189/0x250
[ 132.676806][ T6549] ? __pfx_dump_stack_lvl+0x10/0x10
[ 132.676824][ T6549] ? __pfx_print_modules+0x10/0x10
[ 132.676842][ T6549] bad_page+0x15e/0x1a0
[ 132.676862][ T6549] __free_frozen_pages+0xc77/0xcd0
[ 132.676881][ T6549] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 132.676911][ T6549] bpf_xdp_adjust_tail+0x1d6/0x220
[ 132.676932][ T6549] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 132.676946][ T6549] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 132.676978][ T6549] do_xdp_generic+0x76e/0xd20
[ 132.677003][ T6549] ? __pfx_do_xdp_generic+0x10/0x10
[ 132.677022][ T6549] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 132.677062][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 132.677083][ T6549] ? __pfx___up_read+0x10/0x10
[ 132.677098][ T6549] ? do_user_addr_fault+0xbc1/0x1390
[ 132.677123][ T6549] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 132.677143][ T6549] ? __lock_acquire+0xaac/0xd20
[ 132.677164][ T6549] ? netif_receive_skb+0x115/0x790
[ 132.677179][ T6549] ? netif_receive_skb+0x115/0x790
[ 132.677194][ T6549] __netif_receive_skb+0x72/0x380
[ 132.677209][ T6549] ? rep_movs_alternative+0x4a/0x90
[ 132.677224][ T6549] ? netif_receive_skb+0x115/0x790
[ 132.677238][ T6549] netif_receive_skb+0x1cb/0x790
[ 132.677252][ T6549] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 132.677272][ T6549] ? _copy_from_iter+0x24c/0x15a0
[ 132.677290][ T6549] ? __pfx_netif_receive_skb+0x10/0x10
[ 132.677305][ T6549] ? sock_alloc_send_pskb+0x875/0x990
[ 132.677321][ T6549] ? __pfx__copy_from_iter+0x10/0x10
[ 132.677334][ T6549] ? tun_rx_batched+0x160/0x730
[ 132.677352][ T6549] tun_rx_batched+0x1b9/0x730
[ 132.677374][ T6549] ? __pfx_tun_rx_batched+0x10/0x10
[ 132.677392][ T6549] ? tun_get_user+0x2444/0x3c20
[ 132.677412][ T6549] ? tun_get_user+0x2444/0x3c20
[ 132.677431][ T6549] ? tun_get_user+0x2444/0x3c20
[ 132.677450][ T6549] tun_get_user+0x2879/0x3c20
[ 132.677477][ T6549] ? preempt_schedule+0xae/0xc0
[ 132.677494][ T6549] ? __pfx_tun_get_user+0x10/0x10
[ 132.677512][ T6549] ? preempt_schedule_common+0x83/0xd0
[ 132.677529][ T6549] ? preempt_schedule+0xae/0xc0
[ 132.677544][ T6549] ? __pfx_preempt_schedule+0x10/0x10
[ 132.677560][ T6549] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 132.677577][ T6549] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 132.677596][ T6549] ? ref_tracker_alloc+0x318/0x460
[ 132.677614][ T6549] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 132.677633][ T6549] ? tun_get+0x1c/0x2f0
[ 132.677655][ T6549] ? tun_get+0x1c/0x2f0
[ 132.677674][ T6549] ? tun_get+0x1c/0x2f0
[ 132.677695][ T6549] tun_chr_write_iter+0x113/0x200
[ 132.677716][ T6549] vfs_write+0x54b/0xa90
[ 132.677737][ T6549] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 132.677757][ T6549] ? __pfx_vfs_write+0x10/0x10
[ 132.677780][ T6549] ? __fget_files+0x2a/0x420
[ 132.677798][ T6549] ksys_write+0x145/0x250
[ 132.677816][ T6549] ? rcu_is_watching+0x15/0xb0
[ 132.677836][ T6549] ? __pfx_ksys_write+0x10/0x10
[ 132.677857][ T6549] ? do_syscall_64+0xba/0x210
[ 132.677876][ T6549] do_syscall_64+0xf6/0x210
[ 132.677894][ T6549] ? clear_bhb_loop+0x60/0xb0
[ 132.677912][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.677927][ T6549] RIP: 0033:0x7ff56317e98f
[ 132.677941][ T6549] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 132.677954][ T6549] RSP: 002b:00007ff564035020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 132.677971][ T6549] RAX: ffffffffffffffda RBX: 00007ff563345fa0 RCX: 00007ff56317e98f
[ 132.677982][ T6549] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 132.677992][ T6549] RBP: 00007ff5631f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 132.678002][ T6549] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 132.678011][ T6549] R13: 0000000000000000 R14: 00007ff563345fa0 R15: 00007ffca324b8d8
[ 132.678028][ T6549]
[ 132.678037][ T6549] BUG: Bad page state in process syz.0.15 pfn:79d6a
[ 133.093513][ T6549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888079d6a310 pfn:0x79d6a
[ 133.103622][ T6549] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 133.110853][ T6549] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 133.119472][ T6549] raw: ffff888079d6a310 0000000000000001 00000000ffffffff 0000000000000000
[ 133.128174][ T6549] page dumped because: page_pool leak
[ 133.133548][ T6549] page_owner tracks the page as allocated
[ 133.139302][ T6549] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6549, tgid 6548 (syz.0.15), ts 128082143433, free_ts 124785625355
[ 133.156380][ T6549] post_alloc_hook+0x1d8/0x230
[ 133.161323][ T6549] get_page_from_freelist+0x21c7/0x22a0
[ 133.166918][ T6549] __alloc_frozen_pages_noprof+0x181/0x370
[ 133.172711][ T6549] alloc_pages_bulk_noprof+0x560/0x710
[ 133.178462][ T6549] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 133.184629][ T6549] skb_pp_cow_data+0xaf4/0x12f0
[ 133.189519][ T6549] do_xdp_generic+0x51a/0xd20
[ 133.194213][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 133.199967][ T6549] __netif_receive_skb+0x72/0x380
[ 133.205120][ T6549] netif_receive_skb+0x1cb/0x790
[ 133.210114][ T6549] tun_rx_batched+0x1b9/0x730
[ 133.214873][ T6549] tun_get_user+0x2879/0x3c20
[ 133.219614][ T6549] tun_chr_write_iter+0x113/0x200
[ 133.224646][ T6549] vfs_write+0x54b/0xa90
[ 133.228923][ T6549] ksys_write+0x145/0x250
[ 133.233268][ T6549] do_syscall_64+0xf6/0x210
[ 133.237816][ T6549] page last free pid 6431 tgid 6431 stack trace:
[ 133.244150][ T6549] __free_frozen_pages+0xb05/0xcd0
[ 133.249303][ T6549] vfree+0x1a6/0x330
[ 133.253215][ T6549] vfree+0x29e/0x330
[ 133.257144][ T6549] kcov_close+0x28/0x50
[ 133.261433][ T6549] __fput+0x449/0xa70
[ 133.265466][ T6549] task_work_run+0x1d4/0x260
[ 133.270121][ T6549] do_exit+0x8d6/0x2550
[ 133.274282][ T6549] do_group_exit+0x21c/0x2d0
[ 133.279127][ T6549] get_signal+0x125e/0x1310
[ 133.283665][ T6549] arch_do_signal_or_restart+0x95/0x780
[ 133.289267][ T6549] syscall_exit_to_user_mode+0x8b/0x120
[ 133.294824][ T6549] do_syscall_64+0x103/0x210
[ 133.299442][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.305433][ T6549] Modules linked in:
[ 133.309424][ T6549] CPU: 0 UID: 0 PID: 6549 Comm: syz.0.15 Tainted: G B 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full)
[ 133.309446][ T6549] Tainted: [B]=BAD_PAGE
[ 133.309452][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 133.309459][ T6549] Call Trace:
[ 133.309465][ T6549]
[ 133.309470][ T6549] dump_stack_lvl+0x189/0x250
[ 133.309492][ T6549] ? __pfx_dump_stack_lvl+0x10/0x10
[ 133.309509][ T6549] ? __pfx_print_modules+0x10/0x10
[ 133.309525][ T6549] bad_page+0x15e/0x1a0
[ 133.309544][ T6549] __free_frozen_pages+0xc77/0xcd0
[ 133.309562][ T6549] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 133.309592][ T6549] bpf_xdp_adjust_tail+0x1d6/0x220
[ 133.309612][ T6549] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 133.309627][ T6549] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 133.309661][ T6549] do_xdp_generic+0x76e/0xd20
[ 133.309685][ T6549] ? __pfx_do_xdp_generic+0x10/0x10
[ 133.309704][ T6549] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 133.309732][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 133.309753][ T6549] ? __pfx___up_read+0x10/0x10
[ 133.309768][ T6549] ? do_user_addr_fault+0xbc1/0x1390
[ 133.309793][ T6549] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 133.309813][ T6549] ? __lock_acquire+0xaac/0xd20
[ 133.309835][ T6549] ? netif_receive_skb+0x115/0x790
[ 133.309846][ T6549] ? netif_receive_skb+0x115/0x790
[ 133.309859][ T6549] __netif_receive_skb+0x72/0x380
[ 133.309874][ T6549] ? rep_movs_alternative+0x4a/0x90
[ 133.309890][ T6549] ? netif_receive_skb+0x115/0x790
[ 133.309904][ T6549] netif_receive_skb+0x1cb/0x790
[ 133.309918][ T6549] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 133.309939][ T6549] ? _copy_from_iter+0x24c/0x15a0
[ 133.309956][ T6549] ? __pfx_netif_receive_skb+0x10/0x10
[ 133.309978][ T6549] ? sock_alloc_send_pskb+0x875/0x990
[ 133.309996][ T6549] ? __pfx__copy_from_iter+0x10/0x10
[ 133.310011][ T6549] ? tun_rx_batched+0x160/0x730
[ 133.310029][ T6549] tun_rx_batched+0x1b9/0x730
[ 133.310051][ T6549] ? __pfx_tun_rx_batched+0x10/0x10
[ 133.310072][ T6549] ? tun_get_user+0x2444/0x3c20
[ 133.310095][ T6549] ? tun_get_user+0x2444/0x3c20
[ 133.310115][ T6549] ? tun_get_user+0x2444/0x3c20
[ 133.310134][ T6549] tun_get_user+0x2879/0x3c20
[ 133.310161][ T6549] ? preempt_schedule+0xae/0xc0
[ 133.310179][ T6549] ? __pfx_tun_get_user+0x10/0x10
[ 133.310197][ T6549] ? preempt_schedule_common+0x83/0xd0
[ 133.310214][ T6549] ? preempt_schedule+0xae/0xc0
[ 133.310228][ T6549] ? __pfx_preempt_schedule+0x10/0x10
[ 133.310245][ T6549] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 133.310260][ T6549] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 133.310278][ T6549] ? ref_tracker_alloc+0x318/0x460
[ 133.310295][ T6549] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 133.310312][ T6549] ? tun_get+0x1c/0x2f0
[ 133.310332][ T6549] ? tun_get+0x1c/0x2f0
[ 133.310350][ T6549] ? tun_get+0x1c/0x2f0
[ 133.310371][ T6549] tun_chr_write_iter+0x113/0x200
[ 133.310391][ T6549] vfs_write+0x54b/0xa90
[ 133.310413][ T6549] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 133.310433][ T6549] ? __pfx_vfs_write+0x10/0x10
[ 133.310456][ T6549] ? __fget_files+0x2a/0x420
[ 133.310473][ T6549] ksys_write+0x145/0x250
[ 133.310491][ T6549] ? rcu_is_watching+0x15/0xb0
[ 133.310513][ T6549] ? __pfx_ksys_write+0x10/0x10
[ 133.310533][ T6549] ? do_syscall_64+0xba/0x210
[ 133.310553][ T6549] do_syscall_64+0xf6/0x210
[ 133.310572][ T6549] ? clear_bhb_loop+0x60/0xb0
[ 133.310590][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.310605][ T6549] RIP: 0033:0x7ff56317e98f
[ 133.310619][ T6549] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 133.310633][ T6549] RSP: 002b:00007ff564035020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 133.310651][ T6549] RAX: ffffffffffffffda RBX: 00007ff563345fa0 RCX: 00007ff56317e98f
[ 133.310663][ T6549] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 133.310673][ T6549] RBP: 00007ff5631f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 133.310683][ T6549] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 133.310692][ T6549] R13: 0000000000000000 R14: 00007ff563345fa0 R15: 00007ffca324b8d8
[ 133.310708][ T6549]
[ 133.310718][ T6549] BUG: Bad page state in process syz.0.15 pfn:31d1d
[ 133.728667][ T6549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888031d1de00 pfn:0x31d1d
[ 133.738760][ T6549] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 133.745964][ T6549] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 133.754823][ T6549] raw: ffff888031d1de00 0000000000000001 00000000ffffffff 0000000000000000
[ 133.763435][ T6549] page dumped because: page_pool leak
[ 133.768827][ T6549] page_owner tracks the page as allocated
[ 133.774540][ T6549] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6549, tgid 6548 (syz.0.15), ts 128082125947, free_ts 124785642107
[ 133.791692][ T6549] post_alloc_hook+0x1d8/0x230
[ 133.796674][ T6549] get_page_from_freelist+0x21c7/0x22a0
[ 133.802212][ T6549] __alloc_frozen_pages_noprof+0x181/0x370
[ 133.808042][ T6549] alloc_pages_bulk_noprof+0x560/0x710
[ 133.813590][ T6549] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 133.817220][ T5128] Bluetooth: hci0: command tx timeout
[ 133.819513][ T6549] skb_pp_cow_data+0xaf4/0x12f0
[ 133.829680][ T6549] do_xdp_generic+0x51a/0xd20
[ 133.834428][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 133.840157][ T6549] __netif_receive_skb+0x72/0x380
[ 133.845182][ T6549] netif_receive_skb+0x1cb/0x790
[ 133.850150][ T6549] tun_rx_batched+0x1b9/0x730
[ 133.854832][ T6549] tun_get_user+0x2879/0x3c20
[ 133.859535][ T6549] tun_chr_write_iter+0x113/0x200
[ 133.864559][ T6549] vfs_write+0x54b/0xa90
[ 133.868829][ T6549] ksys_write+0x145/0x250
[ 133.873256][ T6549] do_syscall_64+0xf6/0x210
[ 133.877792][ T6549] page last free pid 6431 tgid 6431 stack trace:
[ 133.884217][ T6549] __free_frozen_pages+0xb05/0xcd0
[ 133.889394][ T6549] vfree+0x1a6/0x330
[ 133.893332][ T6549] vfree+0x29e/0x330
[ 133.897557][ T6549] kcov_close+0x28/0x50
[ 133.901908][ T6549] __fput+0x449/0xa70
[ 133.906069][ T6549] task_work_run+0x1d4/0x260
[ 133.911047][ T6549] do_exit+0x8d6/0x2550
[ 133.915434][ T6549] do_group_exit+0x21c/0x2d0
[ 133.920255][ T6549] get_signal+0x125e/0x1310
[ 133.924769][ T6549] arch_do_signal_or_restart+0x95/0x780
[ 133.930355][ T6549] syscall_exit_to_user_mode+0x8b/0x120
[ 133.935905][ T6549] do_syscall_64+0x103/0x210
[ 133.940521][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.946434][ T6549] Modules linked in:
[ 133.950361][ T6549] CPU: 0 UID: 0 PID: 6549 Comm: syz.0.15 Tainted: G B 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full)
[ 133.950385][ T6549] Tainted: [B]=BAD_PAGE
[ 133.950389][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 133.950397][ T6549] Call Trace:
[ 133.950403][ T6549]
[ 133.950408][ T6549] dump_stack_lvl+0x189/0x250
[ 133.950430][ T6549] ? __pfx_dump_stack_lvl+0x10/0x10
[ 133.950447][ T6549] ? __pfx_print_modules+0x10/0x10
[ 133.950465][ T6549] bad_page+0x15e/0x1a0
[ 133.950486][ T6549] __free_frozen_pages+0xc77/0xcd0
[ 133.950506][ T6549] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 133.950536][ T6549] bpf_xdp_adjust_tail+0x1d6/0x220
[ 133.950556][ T6549] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 133.950569][ T6549] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 133.950599][ T6549] do_xdp_generic+0x76e/0xd20
[ 133.950624][ T6549] ? __pfx_do_xdp_generic+0x10/0x10
[ 133.950644][ T6549] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 133.950674][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 133.950695][ T6549] ? __pfx___up_read+0x10/0x10
[ 133.950711][ T6549] ? do_user_addr_fault+0xbc1/0x1390
[ 133.950735][ T6549] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 133.950756][ T6549] ? __lock_acquire+0xaac/0xd20
[ 133.950777][ T6549] ? netif_receive_skb+0x115/0x790
[ 133.950791][ T6549] ? netif_receive_skb+0x115/0x790
[ 133.950807][ T6549] __netif_receive_skb+0x72/0x380
[ 133.950821][ T6549] ? rep_movs_alternative+0x4a/0x90
[ 133.950835][ T6549] ? netif_receive_skb+0x115/0x790
[ 133.950847][ T6549] netif_receive_skb+0x1cb/0x790
[ 133.950860][ T6549] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 133.950879][ T6549] ? _copy_from_iter+0x24c/0x15a0
[ 133.950897][ T6549] ? __pfx_netif_receive_skb+0x10/0x10
[ 133.950911][ T6549] ? sock_alloc_send_pskb+0x875/0x990
[ 133.950933][ T6549] ? __pfx__copy_from_iter+0x10/0x10
[ 133.950950][ T6549] ? tun_rx_batched+0x160/0x730
[ 133.950981][ T6549] tun_rx_batched+0x1b9/0x730
[ 133.951004][ T6549] ? __pfx_tun_rx_batched+0x10/0x10
[ 133.951025][ T6549] ? tun_get_user+0x2444/0x3c20
[ 133.951048][ T6549] ? tun_get_user+0x2444/0x3c20
[ 133.951067][ T6549] ? tun_get_user+0x2444/0x3c20
[ 133.951086][ T6549] tun_get_user+0x2879/0x3c20
[ 133.951112][ T6549] ? preempt_schedule+0xae/0xc0
[ 133.951129][ T6549] ? __pfx_tun_get_user+0x10/0x10
[ 133.951148][ T6549] ? preempt_schedule_common+0x83/0xd0
[ 133.951165][ T6549] ? preempt_schedule+0xae/0xc0
[ 133.951182][ T6549] ? __pfx_preempt_schedule+0x10/0x10
[ 133.951199][ T6549] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 133.951214][ T6549] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 133.951233][ T6549] ? ref_tracker_alloc+0x318/0x460
[ 133.951252][ T6549] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 133.951270][ T6549] ? tun_get+0x1c/0x2f0
[ 133.951290][ T6549] ? tun_get+0x1c/0x2f0
[ 133.951309][ T6549] ? tun_get+0x1c/0x2f0
[ 133.951329][ T6549] tun_chr_write_iter+0x113/0x200
[ 133.951349][ T6549] vfs_write+0x54b/0xa90
[ 133.951371][ T6549] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 133.951391][ T6549] ? __pfx_vfs_write+0x10/0x10
[ 133.951412][ T6549] ? __fget_files+0x2a/0x420
[ 133.951429][ T6549] ksys_write+0x145/0x250
[ 133.951449][ T6549] ? rcu_is_watching+0x15/0xb0
[ 133.951469][ T6549] ? __pfx_ksys_write+0x10/0x10
[ 133.951489][ T6549] ? do_syscall_64+0xba/0x210
[ 133.951509][ T6549] do_syscall_64+0xf6/0x210
[ 133.951526][ T6549] ? clear_bhb_loop+0x60/0xb0
[ 133.951543][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.951558][ T6549] RIP: 0033:0x7ff56317e98f
[ 133.951572][ T6549] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 133.951584][ T6549] RSP: 002b:00007ff564035020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 133.951601][ T6549] RAX: ffffffffffffffda RBX: 00007ff563345fa0 RCX: 00007ff56317e98f
[ 133.951612][ T6549] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 133.951622][ T6549] RBP: 00007ff5631f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 133.951632][ T6549] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 133.951641][ T6549] R13: 0000000000000000 R14: 00007ff563345fa0 R15: 00007ffca324b8d8
[ 133.951656][ T6549]
[ 133.951666][ T6549] BUG: Bad page state in process syz.0.15 pfn:11001
[ 134.368494][ T6549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888011001dc0 pfn:0x11001
[ 134.378591][ T6549] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 134.385883][ T6549] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 134.394533][ T6549] raw: ffff888011001dc0 0000000000000001 00000000ffffffff 0000000000000000
[ 134.403152][ T6549] page dumped because: page_pool leak
[ 134.408566][ T6549] page_owner tracks the page as allocated
[ 134.414277][ T6549] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6549, tgid 6548 (syz.0.15), ts 128082108787, free_ts 124786718946
[ 134.431250][ T6549] post_alloc_hook+0x1d8/0x230
[ 134.436065][ T6549] get_page_from_freelist+0x21c7/0x22a0
[ 134.441672][ T6549] __alloc_frozen_pages_noprof+0x181/0x370
[ 134.447503][ T6549] alloc_pages_bulk_noprof+0x560/0x710
[ 134.452956][ T6549] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 134.459056][ T6549] skb_pp_cow_data+0xaf4/0x12f0
[ 134.463917][ T6549] do_xdp_generic+0x51a/0xd20
[ 134.468712][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 134.474432][ T6549] __netif_receive_skb+0x72/0x380
[ 134.479920][ T6549] netif_receive_skb+0x1cb/0x790
[ 134.484870][ T6549] tun_rx_batched+0x1b9/0x730
[ 134.489670][ T6549] tun_get_user+0x2879/0x3c20
[ 134.494374][ T6549] tun_chr_write_iter+0x113/0x200
[ 134.499422][ T6549] vfs_write+0x54b/0xa90
[ 134.503684][ T6549] ksys_write+0x145/0x250
[ 134.508036][ T6549] do_syscall_64+0xf6/0x210
[ 134.512541][ T6549] page last free pid 6431 tgid 6431 stack trace:
[ 134.518881][ T6549] __free_frozen_pages+0xb05/0xcd0
[ 134.524009][ T6549] __tlb_remove_table+0x2d2/0x3b0
[ 134.529151][ T6549] tlb_remove_table_rcu+0x85/0x100
[ 134.534360][ T6549] rcu_core+0xca5/0x1710
[ 134.538715][ T6549] handle_softirqs+0x283/0x870
[ 134.543570][ T6549] __irq_exit_rcu+0xca/0x1f0
[ 134.548193][ T6549] irq_exit_rcu+0x9/0x30
[ 134.552456][ T6549] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 134.558132][ T6549] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 134.564126][ T6549] Modules linked in:
[ 134.568060][ T6549] CPU: 0 UID: 0 PID: 6549 Comm: syz.0.15 Tainted: G B 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full)
[ 134.568083][ T6549] Tainted: [B]=BAD_PAGE
[ 134.568087][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 134.568094][ T6549] Call Trace:
[ 134.568105][ T6549]
[ 134.568110][ T6549] dump_stack_lvl+0x189/0x250
[ 134.568134][ T6549] ? __pfx_dump_stack_lvl+0x10/0x10
[ 134.568150][ T6549] ? __pfx_print_modules+0x10/0x10
[ 134.568168][ T6549] bad_page+0x15e/0x1a0
[ 134.568188][ T6549] __free_frozen_pages+0xc77/0xcd0
[ 134.568208][ T6549] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 134.568238][ T6549] bpf_xdp_adjust_tail+0x1d6/0x220
[ 134.568257][ T6549] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 134.568270][ T6549] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 134.568303][ T6549] do_xdp_generic+0x76e/0xd20
[ 134.568328][ T6549] ? __pfx_do_xdp_generic+0x10/0x10
[ 134.568347][ T6549] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 134.568379][ T6549] __netif_receive_skb_core+0x1823/0x4180
[ 134.568400][ T6549] ? __pfx___up_read+0x10/0x10
[ 134.568415][ T6549] ? do_user_addr_fault+0xbc1/0x1390
[ 134.568437][ T6549] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 134.568457][ T6549] ? __lock_acquire+0xaac/0xd20
[ 134.568478][ T6549] ? netif_receive_skb+0x115/0x790
[ 134.568492][ T6549] ? netif_receive_skb+0x115/0x790
2025/05/22 22:35:32 executed programs: 3
[ 134.568507][ T6549] __netif_receive_skb+0x72/0x380
[ 134.568523][ T6549] ? rep_movs_alternative+0x4a/0x90
[ 134.568539][ T6549] ? netif_receive_skb+0x115/0x790
[ 134.568551][ T6549] netif_receive_skb+0x1cb/0x790
[ 134.568563][ T6549] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 134.568583][ T6549] ? _copy_from_iter+0x24c/0x15a0
[ 134.568598][ T6549] ? __pfx_netif_receive_skb+0x10/0x10
[ 134.568613][ T6549] ? sock_alloc_send_pskb+0x875/0x990
[ 134.568635][ T6549] ? __pfx__copy_from_iter+0x10/0x10
[ 134.568652][ T6549] ? tun_rx_batched+0x160/0x730
[ 134.568673][ T6549] tun_rx_batched+0x1b9/0x730
[ 134.568696][ T6549] ? __pfx_tun_rx_batched+0x10/0x10
[ 134.568717][ T6549] ? tun_get_user+0x2444/0x3c20
[ 134.568740][ T6549] ? tun_get_user+0x2444/0x3c20
[ 134.568759][ T6549] ? tun_get_user+0x2444/0x3c20
[ 134.568779][ T6549] tun_get_user+0x2879/0x3c20
[ 134.568805][ T6549] ? preempt_schedule+0xae/0xc0
[ 134.568822][ T6549] ? __pfx_tun_get_user+0x10/0x10
[ 134.568840][ T6549] ? preempt_schedule_common+0x83/0xd0
[ 134.568855][ T6549] ? preempt_schedule+0xae/0xc0
[ 134.568870][ T6549] ? __pfx_preempt_schedule+0x10/0x10
[ 134.568887][ T6549] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 134.568904][ T6549] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 134.568923][ T6549] ? ref_tracker_alloc+0x318/0x460
[ 134.568941][ T6549] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 134.568960][ T6549] ? tun_get+0x1c/0x2f0
[ 134.568982][ T6549] ? tun_get+0x1c/0x2f0
[ 134.569001][ T6549] ? tun_get+0x1c/0x2f0
[ 134.569021][ T6549] tun_chr_write_iter+0x113/0x200
[ 134.569042][ T6549] vfs_write+0x54b/0xa90
[ 134.569063][ T6549] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 134.569083][ T6549] ? __pfx_vfs_write+0x10/0x10
[ 134.569114][ T6549] ? __fget_files+0x2a/0x420
[ 134.569131][ T6549] ksys_write+0x145/0x250
[ 134.569149][ T6549] ? rcu_is_watching+0x15/0xb0
[ 134.569171][ T6549] ? __pfx_ksys_write+0x10/0x10
[ 134.569191][ T6549] ? do_syscall_64+0xba/0x210
[ 134.569210][ T6549] do_syscall_64+0xf6/0x210
[ 134.569228][ T6549] ? clear_bhb_loop+0x60/0xb0
[ 134.569246][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.569260][ T6549] RIP: 0033:0x7ff56317e98f
[ 134.569274][ T6549] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 134.569286][ T6549] RSP: 002b:00007ff564035020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 134.569303][ T6549] RAX: ffffffffffffffda RBX: 00007ff563345fa0 RCX: 00007ff56317e98f
[ 134.569314][ T6549] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 134.569324][ T6549] RBP: 00007ff5631f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 134.569334][ T6549] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 134.569344][ T6549] R13: 0000000000000000 R14: 00007ff563345fa0 R15: 00007ffca324b8d8
[ 134.569360][ T6549]
[ 134.589907][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 135.131103][ T6634] BUG: Bad page state in process syz.0.16 pfn:32c10
[ 135.137861][ T6634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888032c10000 pfn:0x32c10
[ 135.148155][ T6634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 135.155287][ T6634] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 135.163917][ T6634] raw: ffff888032c10000 0000000000000001 00000000ffffffff 0000000000000000
[ 135.172635][ T6634] page dumped because: page_pool leak
[ 135.178069][ T6634] page_owner tracks the page as allocated
[ 135.183949][ T6634] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6634, tgid 6614 (syz.0.16), ts 135131018188, free_ts 135122391345
[ 135.201028][ T6634] post_alloc_hook+0x1d8/0x230
[ 135.206065][ T6634] get_page_from_freelist+0x21c7/0x22a0
[ 135.211650][ T6634] __alloc_frozen_pages_noprof+0x181/0x370
[ 135.217489][ T6634] alloc_pages_bulk_noprof+0x560/0x710
[ 135.218318][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 135.222947][ T6634] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 135.235143][ T6634] skb_pp_cow_data+0xaf4/0x12f0
[ 135.240047][ T6634] do_xdp_generic+0x51a/0xd20
[ 135.244792][ T6634] __netif_receive_skb_core+0x1823/0x4180
[ 135.250668][ T6634] __netif_receive_skb+0x72/0x380
[ 135.255712][ T6634] netif_receive_skb+0x1cb/0x790
[ 135.260798][ T6634] tun_rx_batched+0x1b9/0x730
[ 135.265676][ T6634] tun_get_user+0x2879/0x3c20
[ 135.270411][ T6634] tun_chr_write_iter+0x113/0x200
[ 135.275459][ T6634] vfs_write+0x54b/0xa90
[ 135.279753][ T6634] ksys_write+0x145/0x250
[ 135.284108][ T6634] do_syscall_64+0xf6/0x210
[ 135.288750][ T6634] page last free pid 5150 tgid 5150 stack trace:
[ 135.295100][ T6634] __free_frozen_pages+0xb05/0xcd0
[ 135.300267][ T6634] __tlb_remove_table+0x2d2/0x3b0
[ 135.305325][ T6634] tlb_remove_table_rcu+0x85/0x100
[ 135.310492][ T6634] rcu_core+0xca5/0x1710
[ 135.314769][ T6634] handle_softirqs+0x283/0x870
[ 135.319603][ T6634] do_softirq+0xec/0x180
[ 135.324221][ T6634] __local_bh_enable_ip+0x17d/0x1c0
[ 135.329472][ T6634] kernel_fpu_end+0xd2/0x120
[ 135.334170][ T6634] crc32c_arch+0x71/0x240
[ 135.338834][ T6634] jbd2_journal_commit_transaction+0x1b02/0x5960
[ 135.345281][ T6634] kjournald2+0x3cf/0x750
[ 135.349682][ T6634] kthread+0x711/0x8a0
[ 135.353774][ T6634] ret_from_fork+0x4b/0x80
[ 135.358259][ T6634] ret_from_fork_asm+0x1a/0x30
[ 135.363661][ T6634] Modules linked in:
[ 135.367698][ T6634] CPU: 0 UID: 0 PID: 6634 Comm: syz.0.16 Tainted: G B 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full)
[ 135.367725][ T6634] Tainted: [B]=BAD_PAGE
[ 135.367730][ T6634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 135.367739][ T6634] Call Trace:
[ 135.367744][ T6634]
[ 135.367750][ T6634] dump_stack_lvl+0x189/0x250
[ 135.367772][ T6634] ? __pfx_dump_stack_lvl+0x10/0x10
[ 135.367790][ T6634] ? __pfx_print_modules+0x10/0x10
[ 135.367806][ T6634] bad_page+0x15e/0x1a0
[ 135.367825][ T6634] __free_frozen_pages+0xc77/0xcd0
[ 135.367845][ T6634] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 135.367872][ T6634] bpf_xdp_adjust_tail+0x1d6/0x220
[ 135.367894][ T6634] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 135.367907][ T6634] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 135.367942][ T6634] do_xdp_generic+0x76e/0xd20
[ 135.367972][ T6634] ? __pfx_do_xdp_generic+0x10/0x10
[ 135.367991][ T6634] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 135.368022][ T6634] __netif_receive_skb_core+0x1823/0x4180
[ 135.368043][ T6634] ? __pfx___up_read+0x10/0x10
[ 135.368057][ T6634] ? lock_release+0x4b/0x3e0
[ 135.368079][ T6634] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 135.368097][ T6634] ? rcu_is_watching+0x15/0xb0
[ 135.368128][ T6634] ? irqentry_exit+0x74/0x90
[ 135.368144][ T6634] ? exc_page_fault+0x91/0x110
[ 135.368162][ T6634] ? netif_receive_skb+0x115/0x790
[ 135.368175][ T6634] ? rcu_is_watching+0x15/0xb0
[ 135.368194][ T6634] ? lock_acquire+0x5f/0x360
[ 135.368212][ T6634] __netif_receive_skb+0x72/0x380
[ 135.368227][ T6634] ? rep_movs_alternative+0x4a/0x90
[ 135.368243][ T6634] ? netif_receive_skb+0x115/0x790
[ 135.368256][ T6634] netif_receive_skb+0x1cb/0x790
[ 135.368271][ T6634] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 135.368291][ T6634] ? _copy_from_iter+0x24c/0x15a0
[ 135.368309][ T6634] ? __pfx_netif_receive_skb+0x10/0x10
[ 135.368324][ T6634] ? sock_alloc_send_pskb+0x875/0x990
[ 135.368345][ T6634] ? __pfx__copy_from_iter+0x10/0x10
[ 135.368362][ T6634] ? tun_rx_batched+0x160/0x730
[ 135.368383][ T6634] tun_rx_batched+0x1b9/0x730
[ 135.368403][ T6634] ? skb_header_pointer+0x8e/0x120
[ 135.368424][ T6634] ? __pfx_tun_rx_batched+0x10/0x10
[ 135.368444][ T6634] ? tun_get_user+0x2444/0x3c20
[ 135.368463][ T6634] ? rcu_is_watching+0x15/0xb0
[ 135.368483][ T6634] ? lock_acquire+0x5f/0x360
[ 135.368500][ T6634] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 135.368525][ T6634] ? tun_get_user+0x2444/0x3c20
[ 135.368544][ T6634] tun_get_user+0x2879/0x3c20
[ 135.368571][ T6634] ? preempt_schedule+0xae/0xc0
[ 135.368599][ T6634] ? __pfx_tun_get_user+0x10/0x10
[ 135.368621][ T6634] ? preempt_schedule_common+0x83/0xd0
[ 135.368638][ T6634] ? preempt_schedule+0xae/0xc0
[ 135.368653][ T6634] ? __pfx_preempt_schedule+0x10/0x10
[ 135.368669][ T6634] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 135.368686][ T6634] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 135.368704][ T6634] ? ref_tracker_alloc+0x318/0x460
[ 135.368721][ T6634] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 135.368738][ T6634] ? tun_get+0x1c/0x2f0
[ 135.368756][ T6634] ? tun_get+0x1c/0x2f0
[ 135.368774][ T6634] ? rcu_is_watching+0x15/0xb0
[ 135.368793][ T6634] ? tun_get+0x1c/0x2f0
[ 135.368812][ T6634] ? lock_release+0x4b/0x3e0
[ 135.368830][ T6634] ? futex_wake+0x458/0x500
[ 135.368848][ T6634] ? tun_get+0x1c/0x2f0
[ 135.368869][ T6634] tun_chr_write_iter+0x113/0x200
[ 135.368890][ T6634] vfs_write+0x54b/0xa90
[ 135.368913][ T6634] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 135.368940][ T6634] ? __pfx_vfs_write+0x10/0x10
[ 135.368963][ T6634] ? __fget_files+0x2a/0x420
[ 135.368981][ T6634] ksys_write+0x145/0x250
[ 135.369000][ T6634] ? rcu_is_watching+0x15/0xb0
[ 135.369021][ T6634] ? __pfx_ksys_write+0x10/0x10
[ 135.369042][ T6634] ? rcu_is_watching+0x15/0xb0
[ 135.369064][ T6634] do_syscall_64+0xf6/0x210
[ 135.369087][ T6634] ? clear_bhb_loop+0x60/0xb0
[ 135.369111][ T6634] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.369127][ T6634] RIP: 0033:0x7ff56317e98f
[ 135.369140][ T6634] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 135.369154][ T6634] RSP: 002b:00007ff564035020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 135.369171][ T6634] RAX: ffffffffffffffda RBX: 00007ff563345fa0 RCX: 00007ff56317e98f
[ 135.369183][ T6634] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 135.369193][ T6634] RBP: 00007ff5631f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 135.369203][ T6634] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 135.369212][ T6634] R13: 0000000000000000 R14: 00007ff563345fa0 R15: 00007ffca324b8d8
[ 135.369230][ T6634]
[ 135.369239][ T6634] BUG: Bad page state in process syz.0.16 pfn:2fcdf
[ 135.835028][ T6634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffffff00000000 pfn:0x2fcdf
[ 135.845233][ T6634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 135.852397][ T6634] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 135.861119][ T6634] raw: ffffffff00000000 0000000000000001 00000000ffffffff 0000000000000000
[ 135.869763][ T6634] page dumped because: page_pool leak
[ 135.875146][ T6634] page_owner tracks the page as allocated
[ 135.880921][ T6634] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6634, tgid 6614 (syz.0.16), ts 135131007328, free_ts 135122407920
[ 135.897897][ T6634] post_alloc_hook+0x1d8/0x230
[ 135.902876][ T6634] get_page_from_freelist+0x21c7/0x22a0
[ 135.908572][ T6634] __alloc_frozen_pages_noprof+0x181/0x370
[ 135.914398][ T6634] alloc_pages_bulk_noprof+0x560/0x710
[ 135.919925][ T6634] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 135.925930][ T6634] skb_pp_cow_data+0xaf4/0x12f0
[ 135.930866][ T6634] do_xdp_generic+0x51a/0xd20
[ 135.935565][ T6634] __netif_receive_skb_core+0x1823/0x4180
[ 135.941346][ T6634] __netif_receive_skb+0x72/0x380
[ 135.946391][ T6634] netif_receive_skb+0x1cb/0x790
[ 135.951397][ T6634] tun_rx_batched+0x1b9/0x730
[ 135.956107][ T6634] tun_get_user+0x2879/0x3c20
[ 135.960935][ T6634] tun_chr_write_iter+0x113/0x200
[ 135.966017][ T6634] vfs_write+0x54b/0xa90
[ 135.970297][ T6634] ksys_write+0x145/0x250
[ 135.974645][ T6634] do_syscall_64+0xf6/0x210
[ 135.979228][ T6634] page last free pid 5150 tgid 5150 stack trace:
[ 135.985573][ T6634] __free_frozen_pages+0xb05/0xcd0
[ 135.990867][ T6634] __tlb_remove_table+0x2d2/0x3b0
[ 135.995911][ T6634] tlb_remove_table_rcu+0x85/0x100
[ 136.001099][ T6634] rcu_core+0xca5/0x1710
[ 136.005362][ T6634] handle_softirqs+0x283/0x870
[ 136.010279][ T6634] do_softirq+0xec/0x180
[ 136.014540][ T6634] __local_bh_enable_ip+0x17d/0x1c0
[ 136.019804][ T6634] kernel_fpu_end+0xd2/0x120
[ 136.024411][ T6634] crc32c_arch+0x71/0x240
[ 136.028843][ T6634] jbd2_journal_commit_transaction+0x1b02/0x5960
[ 136.035206][ T6634] kjournald2+0x3cf/0x750
[ 136.039614][ T6634] kthread+0x711/0x8a0
[ 136.043698][ T6634] ret_from_fork+0x4b/0x80
[ 136.048175][ T6634] ret_from_fork_asm+0x1a/0x30
[ 136.052958][ T6634] Modules linked in:
[ 136.056922][ T6634] CPU: 0 UID: 0 PID: 6634 Comm: syz.0.16 Tainted: G B 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full)
[ 136.056948][ T6634] Tainted: [B]=BAD_PAGE
[ 136.056953][ T6634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 136.056962][ T6634] Call Trace:
[ 136.056968][ T6634]
[ 136.056975][ T6634] dump_stack_lvl+0x189/0x250
[ 136.056998][ T6634] ? __pfx_dump_stack_lvl+0x10/0x10
[ 136.057017][ T6634] ? __pfx_print_modules+0x10/0x10
[ 136.057037][ T6634] bad_page+0x15e/0x1a0
[ 136.057058][ T6634] __free_frozen_pages+0xc77/0xcd0
[ 136.057076][ T6634] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 136.057101][ T6634] bpf_xdp_adjust_tail+0x1d6/0x220
[ 136.057119][ T6634] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 136.057130][ T6634] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 136.057162][ T6634] do_xdp_generic+0x76e/0xd20
[ 136.057184][ T6634] ? __pfx_do_xdp_generic+0x10/0x10
[ 136.057202][ T6634] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 136.057235][ T6634] __netif_receive_skb_core+0x1823/0x4180
[ 136.057256][ T6634] ? __pfx___up_read+0x10/0x10
[ 136.057270][ T6634] ? lock_release+0x4b/0x3e0
[ 136.057291][ T6634] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 136.057309][ T6634] ? rcu_is_watching+0x15/0xb0
[ 136.057331][ T6634] ? irqentry_exit+0x74/0x90
[ 136.057347][ T6634] ? exc_page_fault+0x91/0x110
[ 136.057365][ T6634] ? netif_receive_skb+0x115/0x790
[ 136.057378][ T6634] ? rcu_is_watching+0x15/0xb0
[ 136.057398][ T6634] ? lock_acquire+0x5f/0x360
[ 136.057417][ T6634] __netif_receive_skb+0x72/0x380
[ 136.057432][ T6634] ? rep_movs_alternative+0x4a/0x90
[ 136.057448][ T6634] ? netif_receive_skb+0x115/0x790
[ 136.057461][ T6634] netif_receive_skb+0x1cb/0x790
[ 136.057475][ T6634] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 136.057496][ T6634] ? _copy_from_iter+0x24c/0x15a0
[ 136.057514][ T6634] ? __pfx_netif_receive_skb+0x10/0x10
[ 136.057528][ T6634] ? sock_alloc_send_pskb+0x875/0x990
[ 136.057550][ T6634] ? __pfx__copy_from_iter+0x10/0x10
[ 136.057567][ T6634] ? tun_rx_batched+0x160/0x730
[ 136.057588][ T6634] tun_rx_batched+0x1b9/0x730
[ 136.057607][ T6634] ? skb_header_pointer+0x8e/0x120
[ 136.057629][ T6634] ? __pfx_tun_rx_batched+0x10/0x10
[ 136.057649][ T6634] ? tun_get_user+0x2444/0x3c20
[ 136.057668][ T6634] ? rcu_is_watching+0x15/0xb0
[ 136.057687][ T6634] ? lock_acquire+0x5f/0x360
[ 136.057705][ T6634] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 136.057741][ T6634] ? tun_get_user+0x2444/0x3c20
[ 136.057757][ T6634] tun_get_user+0x2879/0x3c20
[ 136.057781][ T6634] ? preempt_schedule+0xae/0xc0
[ 136.057797][ T6634] ? __pfx_tun_get_user+0x10/0x10
[ 136.057815][ T6634] ? preempt_schedule_common+0x83/0xd0
[ 136.057832][ T6634] ? preempt_schedule+0xae/0xc0
[ 136.057848][ T6634] ? __pfx_preempt_schedule+0x10/0x10
[ 136.057865][ T6634] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 136.057882][ T6634] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 136.057901][ T6634] ? ref_tracker_alloc+0x318/0x460
[ 136.057920][ T6634] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 136.057938][ T6634] ? tun_get+0x1c/0x2f0
[ 136.057956][ T6634] ? tun_get+0x1c/0x2f0
[ 136.057974][ T6634] ? rcu_is_watching+0x15/0xb0
[ 136.057992][ T6634] ? tun_get+0x1c/0x2f0
[ 136.058010][ T6634] ? lock_release+0x4b/0x3e0
[ 136.058028][ T6634] ? futex_wake+0x458/0x500
[ 136.058046][ T6634] ? tun_get+0x1c/0x2f0
[ 136.058067][ T6634] tun_chr_write_iter+0x113/0x200
[ 136.058087][ T6634] vfs_write+0x54b/0xa90
[ 136.058109][ T6634] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 136.058129][ T6634] ? __pfx_vfs_write+0x10/0x10
[ 136.058151][ T6634] ? __fget_files+0x2a/0x420
[ 136.058169][ T6634] ksys_write+0x145/0x250
[ 136.058187][ T6634] ? rcu_is_watching+0x15/0xb0
[ 136.058207][ T6634] ? __pfx_ksys_write+0x10/0x10
[ 136.058227][ T6634] ? rcu_is_watching+0x15/0xb0
[ 136.058249][ T6634] do_syscall_64+0xf6/0x210
[ 136.058267][ T6634] ? clear_bhb_loop+0x60/0xb0
[ 136.058284][ T6634] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.058298][ T6634] RIP: 0033:0x7ff56317e98f
[ 136.058312][ T6634] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 136.058325][ T6634] RSP: 002b:00007ff564035020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 136.058342][ T6634] RAX: ffffffffffffffda RBX: 00007ff563345fa0 RCX: 00007ff56317e98f
[ 136.058353][ T6634] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 136.058361][ T6634] RBP: 00007ff5631f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 136.058370][ T6634] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 136.058379][ T6634] R13: 0000000000000000 R14: 00007ff563345fa0 R15: 00007ffca324b8d8
[ 136.058396][ T6634]
[ 136.058405][ T6634] BUG: Bad page state in process syz.0.16 pfn:77758
[ 136.522545][ T6634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888077758a00 pfn:0x77758
[ 136.532629][ T6634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 136.539873][ T6634] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 136.548573][ T6634] raw: ffff888077758a00 0000000000000001 00000000ffffffff 0000000000000000
[ 136.557264][ T6634] page dumped because: page_pool leak
[ 136.562807][ T6634] page_owner tracks the page as allocated
[ 136.568541][ T6634] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6634, tgid 6614 (syz.0.16), ts 135130996713, free_ts 135127887033
[ 136.585548][ T6634] post_alloc_hook+0x1d8/0x230
[ 136.590416][ T6634] get_page_from_freelist+0x21c7/0x22a0
[ 136.596169][ T6634] __alloc_frozen_pages_noprof+0x181/0x370
[ 136.602011][ T6634] alloc_pages_bulk_noprof+0x560/0x710
[ 136.607521][ T6634] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 136.613591][ T6634] skb_pp_cow_data+0xaf4/0x12f0
[ 136.618656][ T6634] do_xdp_generic+0x51a/0xd20
[ 136.623526][ T6634] __netif_receive_skb_core+0x1823/0x4180
[ 136.629278][ T6634] __netif_receive_skb+0x72/0x380
[ 136.634308][ T6634] netif_receive_skb+0x1cb/0x790
[ 136.639276][ T6634] tun_rx_batched+0x1b9/0x730
[ 136.643956][ T6634] tun_get_user+0x2879/0x3c20
[ 136.648648][ T6634] tun_chr_write_iter+0x113/0x200
[ 136.653678][ T6634] vfs_write+0x54b/0xa90
[ 136.658143][ T6634] ksys_write+0x145/0x250
[ 136.662478][ T6634] do_syscall_64+0xf6/0x210
[ 136.667015][ T6634] page last free pid 6614 tgid 6614 stack trace:
[ 136.673335][ T6634] __free_frozen_pages+0xb05/0xcd0
[ 136.678468][ T6634] __tlb_remove_table+0x2d2/0x3b0
[ 136.683509][ T6634] tlb_remove_table_rcu+0x85/0x100
[ 136.688799][ T6634] rcu_core+0xca5/0x1710
[ 136.693051][ T6634] handle_softirqs+0x283/0x870
[ 136.697841][ T6634] do_softirq+0xec/0x180
[ 136.702170][ T6634] __local_bh_enable_ip+0x17d/0x1c0
[ 136.707388][ T6634] fpu_clone+0x431/0xae0
[ 136.711627][ T6634] copy_thread+0x3e3/0x990
[ 136.716035][ T6634] copy_process+0x187b/0x3b80
[ 136.720738][ T6634] kernel_clone+0x224/0x7f0
[ 136.725277][ T6634] __se_sys_clone3+0x256/0x2d0
[ 136.730106][ T6634] do_syscall_64+0xf6/0x210
[ 136.734615][ T6634] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.740808][ T6634] Modules linked in:
[ 136.744717][ T6634] CPU: 0 UID: 0 PID: 6634 Comm: syz.0.16 Tainted: G B 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full)
[ 136.744733][ T6634] Tainted: [B]=BAD_PAGE
[ 136.744736][ T6634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 136.744743][ T6634] Call Trace:
[ 136.744749][ T6634]
[ 136.744753][ T6634] dump_stack_lvl+0x189/0x250
[ 136.744770][ T6634] ? __pfx_dump_stack_lvl+0x10/0x10
[ 136.744781][ T6634] ? __pfx_print_modules+0x10/0x10
[ 136.744792][ T6634] bad_page+0x15e/0x1a0
[ 136.744805][ T6634] __free_frozen_pages+0xc77/0xcd0
[ 136.744818][ T6634] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 136.744836][ T6634] bpf_xdp_adjust_tail+0x1d6/0x220
[ 136.744848][ T6634] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 136.744856][ T6634] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 136.744877][ T6634] do_xdp_generic+0x76e/0xd20
[ 136.744891][ T6634] ? __pfx_do_xdp_generic+0x10/0x10
[ 136.744904][ T6634] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 136.744922][ T6634] __netif_receive_skb_core+0x1823/0x4180
[ 136.744933][ T6634] ? __pfx___up_read+0x10/0x10
[ 136.744942][ T6634] ? lock_release+0x4b/0x3e0
[ 136.744955][ T6634] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 136.744965][ T6634] ? rcu_is_watching+0x15/0xb0
[ 136.744979][ T6634] ? irqentry_exit+0x74/0x90
[ 136.744989][ T6634] ? exc_page_fault+0x91/0x110
[ 136.744999][ T6634] ? netif_receive_skb+0x115/0x790
[ 136.745007][ T6634] ? rcu_is_watching+0x15/0xb0
[ 136.745018][ T6634] ? lock_acquire+0x5f/0x360
[ 136.745030][ T6634] __netif_receive_skb+0x72/0x380
[ 136.745039][ T6634] ? rep_movs_alternative+0x4a/0x90
[ 136.745047][ T6634] ? netif_receive_skb+0x115/0x790
[ 136.745055][ T6634] netif_receive_skb+0x1cb/0x790
[ 136.745063][ T6634] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 136.745076][ T6634] ? _copy_from_iter+0x24c/0x15a0
[ 136.745087][ T6634] ? __pfx_netif_receive_skb+0x10/0x10
[ 136.745095][ T6634] ? sock_alloc_send_pskb+0x875/0x990
[ 136.745108][ T6634] ? __pfx__copy_from_iter+0x10/0x10
[ 136.745118][ T6634] ? tun_rx_batched+0x160/0x730
[ 136.745131][ T6634] tun_rx_batched+0x1b9/0x730
[ 136.745144][ T6634] ? skb_header_pointer+0x8e/0x120
[ 136.745156][ T6634] ? __pfx_tun_rx_batched+0x10/0x10
[ 136.745168][ T6634] ? tun_get_user+0x2444/0x3c20
[ 136.745180][ T6634] ? rcu_is_watching+0x15/0xb0
[ 136.745192][ T6634] ? lock_acquire+0x5f/0x360
[ 136.745203][ T6634] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 136.745217][ T6634] ? tun_get_user+0x2444/0x3c20
[ 136.745229][ T6634] tun_get_user+0x2879/0x3c20
[ 136.745245][ T6634] ? preempt_schedule+0xae/0xc0
[ 136.745254][ T6634] ? __pfx_tun_get_user+0x10/0x10
[ 136.745265][ T6634] ? preempt_schedule_common+0x83/0xd0
[ 136.745275][ T6634] ? preempt_schedule+0xae/0xc0
[ 136.745283][ T6634] ? __pfx_preempt_schedule+0x10/0x10
[ 136.745293][ T6634] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 136.745302][ T6634] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 136.745312][ T6634] ? ref_tracker_alloc+0x318/0x460
[ 136.745322][ T6634] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 136.745332][ T6634] ? tun_get+0x1c/0x2f0
[ 136.745343][ T6634] ? tun_get+0x1c/0x2f0
[ 136.745354][ T6634] ? rcu_is_watching+0x15/0xb0
[ 136.745366][ T6634] ? tun_get+0x1c/0x2f0
[ 136.745377][ T6634] ? lock_release+0x4b/0x3e0
[ 136.745387][ T6634] ? futex_wake+0x458/0x500
[ 136.745398][ T6634] ? tun_get+0x1c/0x2f0
[ 136.745411][ T6634] tun_chr_write_iter+0x113/0x200
[ 136.745423][ T6634] vfs_write+0x54b/0xa90
[ 136.745437][ T6634] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 136.745448][ T6634] ? __pfx_vfs_write+0x10/0x10
[ 136.745462][ T6634] ? __fget_files+0x2a/0x420
[ 136.745471][ T6634] ksys_write+0x145/0x250
[ 136.745483][ T6634] ? rcu_is_watching+0x15/0xb0
[ 136.745495][ T6634] ? __pfx_ksys_write+0x10/0x10
[ 136.745507][ T6634] ? rcu_is_watching+0x15/0xb0
[ 136.745520][ T6634] do_syscall_64+0xf6/0x210
[ 136.745531][ T6634] ? clear_bhb_loop+0x60/0xb0
[ 136.745541][ T6634] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.745549][ T6634] RIP: 0033:0x7ff56317e98f
[ 136.745558][ T6634] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 136.745565][ T6634] RSP: 002b:00007ff564035020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 136.745575][ T6634] RAX: ffffffffffffffda RBX: 00007ff563345fa0 RCX: 00007ff56317e98f
[ 136.745582][ T6634] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 136.745587][ T6634] RBP: 00007ff5631f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 136.745593][ T6634] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 136.745598][ T6634] R13: 0000000000000000 R14: 00007ff563345fa0 R15: 00007ffca324b8d8
[ 136.745607][ T6634]
[ 136.745614][ T6634] BUG: Bad page state in process syz.0.16 pfn:79128
[ 137.208325][ T6634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x79128
[ 137.218432][ T6634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 137.225726][ T6634] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 137.234384][ T6634] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 137.243172][ T6634] page dumped because: page_pool leak
[ 137.248564][ T6634] page_owner tracks the page as allocated
[ 137.254277][ T6634] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6634, tgid 6614 (syz.0.16), ts 135130985505, free_ts 135127905229
[ 137.271267][ T6634] post_alloc_hook+0x1d8/0x230
[ 137.276051][ T6634] get_page_from_freelist+0x21c7/0x22a0
[ 137.281631][ T6634] __alloc_frozen_pages_noprof+0x181/0x370
[ 137.287492][ T6634] alloc_pages_bulk_noprof+0x560/0x710
[ 137.293118][ T6634] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 137.299124][ T6634] skb_pp_cow_data+0xaf4/0x12f0
[ 137.303981][ T6634] do_xdp_generic+0x51a/0xd20
[ 137.308699][ T6634] __netif_receive_skb_core+0x1823/0x4180
[ 137.314538][ T6634] __netif_receive_skb+0x72/0x380
[ 137.319853][ T6634] netif_receive_skb+0x1cb/0x790
[ 137.324819][ T6634] tun_rx_batched+0x1b9/0x730
[ 137.329530][ T6634] tun_get_user+0x2879/0x3c20
[ 137.334218][ T6634] tun_chr_write_iter+0x113/0x200
[ 137.340060][ T6634] vfs_write+0x54b/0xa90
[ 137.344308][ T6634] ksys_write+0x145/0x250
[ 137.348666][ T6634] do_syscall_64+0xf6/0x210
[ 137.353183][ T6634] page last free pid 6614 tgid 6614 stack trace:
[ 137.359531][ T6634] __free_frozen_pages+0xb05/0xcd0
[ 137.364682][ T6634] __tlb_remove_table+0x2d2/0x3b0
[ 137.369742][ T6634] tlb_remove_table_rcu+0x85/0x100
[ 137.375040][ T6634] rcu_core+0xca5/0x1710
[ 137.379321][ T6634] handle_softirqs+0x283/0x870
[ 137.384106][ T6634] do_softirq+0xec/0x180
[ 137.388718][ T6634] __local_bh_enable_ip+0x17d/0x1c0
[ 137.394071][ T6634] fpu_clone+0x431/0xae0
[ 137.398441][ T6634] copy_thread+0x3e3/0x990
[ 137.402958][ T6634] copy_process+0x187b/0x3b80
[ 137.407730][ T6634] kernel_clone+0x224/0x7f0
[ 137.412241][ T6634] __se_sys_clone3+0x256/0x2d0
[ 137.417043][ T6634] do_syscall_64+0xf6/0x210
[ 137.421554][ T6634] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 137.427497][ T6634] Modules linked in:
[ 137.431400][ T6634] CPU: 0 UID: 0 PID: 6634 Comm: syz.0.16 Tainted: G B 6.15.0-rc7-syzkaller-ga11a72229881 #0 PREEMPT(full)
[ 137.431415][ T6634] Tainted: [B]=BAD_PAGE
[ 137.431418][ T6634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 137.431424][ T6634] Call Trace:
[ 137.431428][ T6634]
[ 137.431432][ T6634] dump_stack_lvl+0x189/0x250
[ 137.431449][ T6634] ? __pfx_dump_stack_lvl+0x10/0x10
[ 137.431460][ T6634] ? __pfx_print_modules+0x10/0x10
[ 137.431472][ T6634] bad_page+0x15e/0x1a0
[ 137.431485][ T6634] __free_frozen_pages+0xc77/0xcd0
[ 137.431496][ T6634] bpf_xdp_frags_shrink_tail+0x3a5/0x750
[ 137.431514][ T6634] bpf_xdp_adjust_tail+0x1d6/0x220
[ 137.431525][ T6634] bpf_prog_f476d5219b92964a+0x1e/0x24
[ 137.431533][ T6634] bpf_prog_run_generic_xdp+0x64b/0x14c0
[ 137.431553][ T6634] do_xdp_generic+0x76e/0xd20
[ 137.431568][ T6634] ? __pfx_do_xdp_generic+0x10/0x10
[ 137.431580][ T6634] ? __skb_flow_dissect+0x5ef8/0x68b0
[ 137.431599][ T6634] __netif_receive_skb_core+0x1823/0x4180
[ 137.431610][ T6634] ? __pfx___up_read+0x10/0x10
[ 137.431619][ T6634] ? lock_release+0x4b/0x3e0
[ 137.431638][ T6634] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 137.431648][ T6634] ? rcu_is_watching+0x15/0xb0
[ 137.431662][ T6634] ? irqentry_exit+0x74/0x90
[ 137.431672][ T6634] ? exc_page_fault+0x91/0x110
[ 137.431682][ T6634] ? netif_receive_skb+0x115/0x790
[ 137.431690][ T6634] ? rcu_is_watching+0x15/0xb0
[ 137.431702][ T6634] ? lock_acquire+0x5f/0x360
[ 137.431713][ T6634] __netif_receive_skb+0x72/0x380
[ 137.431722][ T6634] ? rep_movs_alternative+0x4a/0x90
[ 137.431730][ T6634] ? netif_receive_skb+0x115/0x790
[ 137.431738][ T6634] netif_receive_skb+0x1cb/0x790
[ 137.431746][ T6634] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 137.431760][ T6634] ? _copy_from_iter+0x24c/0x15a0
[ 137.431770][ T6634] ? __pfx_netif_receive_skb+0x10/0x10
[ 137.431778][ T6634] ? sock_alloc_send_pskb+0x875/0x990
[ 137.431797][ T6634] ? __pfx__copy_from_iter+0x10/0x10
[ 137.431807][ T6634] ? tun_rx_batched+0x160/0x730
[ 137.431820][ T6634] tun_rx_batched+0x1b9/0x730
[ 137.431832][ T6634] ? skb_header_pointer+0x8e/0x120
[ 137.431845][ T6634] ? __pfx_tun_rx_batched+0x10/0x10
[ 137.431857][ T6634] ? tun_get_user+0x2444/0x3c20
[ 137.431868][ T6634] ? rcu_is_watching+0x15/0xb0
[ 137.431883][ T6634] ? lock_acquire+0x5f/0x360
[ 137.431894][ T6634] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 137.431908][ T6634] ? tun_get_user+0x2444/0x3c20
[ 137.431920][ T6634] tun_get_user+0x2879/0x3c20
[ 137.431935][ T6634] ? preempt_schedule+0xae/0xc0
[ 137.431945][ T6634] ? __pfx_tun_get_user+0x10/0x10
[ 137.431956][ T6634] ? preempt_schedule_common+0x83/0xd0
[ 137.431966][ T6634] ? preempt_schedule+0xae/0xc0
[ 137.431974][ T6634] ? __pfx_preempt_schedule+0x10/0x10
[ 137.431984][ T6634] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 137.431993][ T6634] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 137.432003][ T6634] ? ref_tracker_alloc+0x318/0x460
[ 137.432014][ T6634] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 137.432023][ T6634] ? tun_get+0x1c/0x2f0
[ 137.432035][ T6634] ? tun_get+0x1c/0x2f0
[ 137.432046][ T6634] ? rcu_is_watching+0x15/0xb0
[ 137.432058][ T6634] ? tun_get+0x1c/0x2f0
[ 137.432069][ T6634] ? lock_release+0x4b/0x3e0
[ 137.432079][ T6634] ? futex_wake+0x458/0x500
[ 137.432090][ T6634] ? tun_get+0x1c/0x2f0
[ 137.432102][ T6634] tun_chr_write_iter+0x113/0x200
[ 137.432115][ T6634] vfs_write+0x54b/0xa90
[ 137.432129][ T6634] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 137.432141][ T6634] ? __pfx_vfs_write+0x10/0x10
[ 137.432154][ T6634] ? __fget_files+0x2a/0x420
[ 137.432164][ T6634] ksys_write+0x145/0x250
[ 137.432176][ T6634] ? rcu_is_watching+0x15/0xb0
[ 137.432189][ T6634] ? __pfx_ksys_write+0x10/0x10
[ 137.432201][ T6634] ? rcu_is_watching+0x15/0xb0
[ 137.432213][ T6634] do_syscall_64+0xf6/0x210
[ 137.432225][ T6634] ? clear_bhb_loop+0x60/0xb0
[ 137.432235][ T6634] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 137.432243][ T6634] RIP: 0033:0x7ff56317e98f
[ 137.432252][ T6634] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 137.432259][ T6634] RSP: 002b:00007ff564035020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 137.432269][ T6634] RAX: ffffffffffffffda RBX: 00007ff563345fa0 RCX: 00007ff56317e98f
[ 137.432275][ T6634] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 137.432281][ T6634] RBP: 00007ff5631f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 137.432286][ T6634] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 137.432292][ T6634] R13: 0000000000000000 R14: 00007ff563345fa0 R15: 00007ffca324b8d8
[ 137.432301][ T6634]
[ 137.432308][ T6634] BUG: Bad page state in process syz.0.16 pfn:33178
[ 137.894988][ T6634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888033178000 pfn:0x33178
[ 137.905299][ T6634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 137.912618][ T6634] raw: 00fff00000000000 dead000000000040 ffff888021ad4000 0000000000000000
[ 137.921261][ T6634] raw: ffff888033178000 0000000000000001 00000000ffffffff 0000000000000000
[ 137.929974][ T6634] page dumped because: page_pool leak
[ 137.935353][ T6634] page_owner tracks the page as allocated
[ 137.941209][ T6634] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6634, tgid 6614 (syz.0.16), ts 135130974003, free_ts 135127922427
[ 137.958375][ T6634] post_alloc_hook+0x1d8/0x230
[ 137.963148][ T6634] get_page_from_freelist+0x21c7/0x22a0
[ 137.968774][ T6634] __alloc_frozen_pages_noprof+0x181/0x370
[ 137.974618][ T6634] alloc_pages_bulk_noprof+0x560/0x710
[ 137.980126][ T6634] __page_pool_alloc_pages_slow+0x127/0x6c0
[ 137.986047][ T6634] skb_pp_cow_data+0xaf4/0x12f0
[ 137.990929][ T6634] do_xdp_generic+0x51a/0xd20
[ 137.995625][ T6634] __netif_receive_skb_core+0x1823/0x4180
[ 138.001387][ T6634] __netif_receive_skb+0x72/0x380
[ 138.006412][ T6634] netif_receive_skb+0x1cb/0x790
[ 138.011377][ T6634] tun_rx_batched+0x1b9/0x730
[ 138.016065][ T6634] tun_get_user+0x2879/0x3c20
[ 138.020800][ T6634] tun_chr_write_iter+0x113/0x200
[ 138.025833][ T6634] vfs_write+0x54b/0xa90
[ 138.030104][ T6634] ksys_write+0x145/0x250
[ 138.034605][ T6634] do_syscall_64+0xf6/0x210
[ 138.039252][ T6634] page last free pid 6614 tgid 6614 stack trace:
[ 138.045593][ T6634] __free_frozen_pages+0xb05/0xcd0
[ 138.050832][ T6634] __tlb_remove_table+0x2d2/0x3b0
[ 138.055975][ T6634] tlb_remove_table_rcu+0x85/0x100
[ 138.061230][ T6634] rcu_core+0xca5/0x1710
[ 138.065494][ T6634] handle_softirqs+0x283/0x870
[ 138.070346][ T6634] do_softirq+0xec/0x180
[ 138.074678][ T6634] __local_bh_enable_ip+0x17d/0x1c0
[ 138.080009][ T6634] fpu_clone+0x431/0xae0
[ 138.084317][ T6634] copy_thread+0x3e3/0x990
[ 138.088780][ T6634] copy_process+0x187b/0x3b80