Warning: Permanently added '[localhost]:24466' (ED25519) to the list of known hosts.
2025/07/05 20:16:48 ignoring optional flag "sandboxArg"="0"
2025/07/05 20:16:50 parsed 1 programs
[  126.270027][ T5638] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  132.265879][ T5686] chnl_net:caif_netlink_parms(): no params data found
[  132.329643][ T5686] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.332960][ T5686] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.337116][ T5686] bridge_slave_0: entered allmulticast mode
[  132.340948][ T5686] bridge_slave_0: entered promiscuous mode
[  132.345806][ T5686] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.348998][ T5686] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.352119][ T5686] bridge_slave_1: entered allmulticast mode
[  132.356969][ T5686] bridge_slave_1: entered promiscuous mode
[  132.380594][ T5686] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  132.388162][ T5686] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  132.411007][ T5686] team0: Port device team_slave_0 added
[  132.416727][ T5686] team0: Port device team_slave_1 added
[  132.438100][ T5686] batman_adv: batadv0: Adding interface: batadv_slave_0
[  132.441230][ T5686] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.453161][ T5686] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  132.460059][ T5686] batman_adv: batadv0: Adding interface: batadv_slave_1
[  132.463128][ T5686] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.475632][ T5686] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  132.508772][ T5686] hsr_slave_0: entered promiscuous mode
[  132.512007][ T5686] hsr_slave_1: entered promiscuous mode
[  133.192340][ T5686] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  133.213138][ T5686] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  133.228293][ T5686] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  133.237994][ T5686] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  133.391938][ T5686] 8021q: adding VLAN 0 to HW filter on device bond0
[  133.426348][ T5686] 8021q: adding VLAN 0 to HW filter on device team0
[  133.452334][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.455532][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[  133.468945][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.472117][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[  133.549342][ T5686] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  133.828080][ T5686] 8021q: adding VLAN 0 to HW filter on device batadv0
[  133.894231][ T5686] veth0_vlan: entered promiscuous mode
[  133.909468][ T5686] veth1_vlan: entered promiscuous mode
[  133.975829][ T5686] veth0_macvtap: entered promiscuous mode
[  133.989236][ T5686] veth1_macvtap: entered promiscuous mode
[  134.027128][ T5686] batman_adv: batadv0: Interface activated: batadv_slave_0
[  134.046526][ T5686] batman_adv: batadv0: Interface activated: batadv_slave_1
[  134.062482][ T5686] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  134.076606][ T5686] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  134.080414][ T5686] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  134.084310][ T5686] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  134.317342][ T5370] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  134.321275][ T5370] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  134.326463][ T5370] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  134.330564][ T5370] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  134.334675][ T5370] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  134.351846][ T1035] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.438333][ T1035] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.507377][ T1035] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.452974][ T1035] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.723570][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  136.730642][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  136.775717][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  136.779182][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.009813][ T1035] bridge_slave_1: left allmulticast mode
[  137.012464][ T1035] bridge_slave_1: left promiscuous mode
[  137.026172][ T1035] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.031717][ T1035] bridge_slave_0: left allmulticast mode
[  137.034261][ T1035] bridge_slave_0: left promiscuous mode
[  137.046073][ T1035] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.545521][ T1035] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  137.556319][ T1035] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  137.569284][ T1035] bond0 (unregistering): Released all slaves
[  137.669692][ T1035] hsr_slave_0: left promiscuous mode
[  137.672600][ T1035] hsr_slave_1: left promiscuous mode
[  137.680023][ T1035] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  137.683359][ T1035] batman_adv: batadv0: Removing interface: batadv_slave_0
[  137.707140][ T1035] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  137.710327][ T1035] batman_adv: batadv0: Removing interface: batadv_slave_1
[  137.730763][ T1035] veth1_macvtap: left promiscuous mode
[  137.733314][ T1035] veth0_macvtap: left promiscuous mode
[  137.745507][ T1035] veth1_vlan: left promiscuous mode
[  137.747896][ T1035] veth0_vlan: left promiscuous mode
[  137.889044][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  137.892035][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  138.071358][ T1035] team0 (unregistering): Port device team_slave_1 removed
[  138.091127][ T1035] team0 (unregistering): Port device team_slave_0 removed
2025/07/05 20:17:07 executed programs: 0
[  139.412995][ T4690] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  139.418733][ T4690] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  139.422360][ T4690] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  139.430820][ T4690] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  139.434528][ T4690] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  139.944413][ T5818] chnl_net:caif_netlink_parms(): no params data found
[  140.101261][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.105293][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.108526][ T5818] bridge_slave_0: entered allmulticast mode
[  140.125012][ T5818] bridge_slave_0: entered promiscuous mode
[  140.130338][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.133636][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.141567][ T5818] bridge_slave_1: entered allmulticast mode
[  140.157241][ T5818] bridge_slave_1: entered promiscuous mode
[  140.209041][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  140.222754][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  140.277249][ T5818] team0: Port device team_slave_0 added
[  140.282347][ T5818] team0: Port device team_slave_1 added
[  140.337939][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0
[  140.340973][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.371547][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  140.395176][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1
[  140.398107][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.420987][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  140.497069][ T5818] hsr_slave_0: entered promiscuous mode
[  140.500268][ T5818] hsr_slave_1: entered promiscuous mode
[  140.957489][ T5818] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  140.976106][ T5818] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  140.983235][ T5818] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  140.999468][ T5818] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  141.150026][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.188173][ T5818] 8021q: adding VLAN 0 to HW filter on device team0
[  141.199934][ T1041] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.203082][ T1041] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.226117][ T1039] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.229138][ T1039] bridge0: port 2(bridge_slave_1) entered forwarding state
[  141.488462][ T4690] Bluetooth: hci0: command tx timeout
[  141.550426][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0
[  141.624321][ T5818] veth0_vlan: entered promiscuous mode
[  141.646107][ T5818] veth1_vlan: entered promiscuous mode
[  141.689285][ T5818] veth0_macvtap: entered promiscuous mode
[  141.700059][ T5818] veth1_macvtap: entered promiscuous mode
[  141.738249][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0
[  141.744017][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1
[  141.771611][ T5818] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  141.782880][ T5818] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  141.796896][ T5818] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.800859][ T5818] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  141.920032][ T1039] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.923602][ T1039] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.987152][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.990501][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  142.109176][ T5876] BUG: Bad page state in process syz.0.16  pfn:4cdea
[  142.112194][ T5876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804cdeae00 pfn:0x4cdea
[  142.117604][ T5876] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  142.120852][ T5876] raw: 04fff00000000000 dead000000000040 ffff88801e8f0000 0000000000000000
[  142.124623][ T5876] raw: ffff88804cdeae00 3fffffffffffffff 00000000ffffffff 0000000000000000
[  142.128557][ T5876] page dumped because: page_pool leak
[  142.130953][ T5876] page_owner tracks the page as allocated
[  142.133579][ T5876] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5876, tgid 5875 (syz.0.16), ts 142109070078, free_ts 142106058401
[  142.140876][ T5876]  post_alloc_hook+0x240/0x2a0
[  142.143167][ T5876]  get_page_from_freelist+0x21e4/0x22c0
[  142.145779][ T5876]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.148396][ T5876]  alloc_pages_bulk_noprof+0x560/0x710
[  142.150826][ T5876]  __page_pool_alloc_pages_slow+0x127/0x740
[  142.153516][ T5876]  page_pool_alloc_frag_netmem+0x421/0x9b0
[  142.156211][ T5876]  skb_pp_cow_data+0xb69/0x13e0
[  142.158290][ T5876]  do_xdp_generic+0x699/0x11a0
[  142.160539][ T5876]  tun_get_user+0x23fb/0x3ce0
[  142.162687][ T5876]  tun_chr_write_iter+0x113/0x200
[  142.165075][ T5876]  vfs_write+0x54b/0xa90
[  142.166908][ T5876]  ksys_write+0x145/0x250
[  142.168575][ T5876]  do_syscall_64+0xfa/0x3b0
[  142.173079][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.175854][ T5876] page last free pid 15 tgid 15 stack trace:
[  142.178339][ T5876]  __free_frozen_pages+0xc71/0xe70
[  142.180695][ T5876]  __tlb_remove_table+0x2d2/0x3b0
[  142.182962][ T5876]  tlb_remove_table_rcu+0x85/0x100
[  142.185480][ T5876]  rcu_core+0xca5/0x1710
[  142.187432][ T5876]  handle_softirqs+0x286/0x870
[  142.189497][ T5876]  run_ksoftirqd+0x9b/0x100
[  142.191473][ T5876]  smpboot_thread_fn+0x53f/0xa60
[  142.193696][ T5876]  kthread+0x70e/0x8a0
[  142.195317][ T5876]  ret_from_fork+0x3fc/0x770
[  142.197064][ T5876]  ret_from_fork_asm+0x1a/0x30
[  142.199046][ T5876] Modules linked in:
[  142.200800][ T5876] CPU: 0 UID: 0 PID: 5876 Comm: syz.0.16 Not tainted 6.16.0-rc4-syzkaller-ga79a588fc176 #0 PREEMPT(full) 
[  142.200814][ T5876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  142.200822][ T5876] Call Trace:
[  142.200829][ T5876]  <TASK>
[  142.200837][ T5876]  dump_stack_lvl+0x189/0x250
[  142.200855][ T5876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.200868][ T5876]  ? __pfx_print_modules+0x10/0x10
[  142.200893][ T5876]  bad_page+0x180/0x1c0
[  142.200907][ T5876]  __free_frozen_pages+0xe17/0xe70
[  142.200929][ T5876]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  142.200954][ T5876]  bpf_xdp_adjust_tail+0x1d6/0x220
[  142.200972][ T5876]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  142.200984][ T5876]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  142.201020][ T5876]  do_xdp_generic+0x9f7/0x11a0
[  142.201044][ T5876]  ? __pfx_do_xdp_generic+0x10/0x10
[  142.201068][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  142.201089][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  142.201103][ T5876]  tun_get_user+0x23fb/0x3ce0
[  142.201127][ T5876]  ? aa_file_perm+0x11f/0xed0
[  142.201139][ T5876]  ? __pfx_tun_get_user+0x10/0x10
[  142.201151][ T5876]  ? aa_file_perm+0x3e7/0xed0
[  142.201161][ T5876]  ? __pfx_preempt_schedule+0x10/0x10
[  142.201184][ T5876]  ? ref_tracker_alloc+0x318/0x460
[  142.201195][ T5876]  ? __lock_acquire+0xab9/0xd20
[  142.201208][ T5876]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  142.201223][ T5876]  ? tun_get+0x1c/0x2f0
[  142.201237][ T5876]  ? tun_get+0x1c/0x2f0
[  142.201248][ T5876]  ? tun_get+0x1c/0x2f0
[  142.201264][ T5876]  tun_chr_write_iter+0x113/0x200
[  142.201277][ T5876]  vfs_write+0x54b/0xa90
[  142.201295][ T5876]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  142.201307][ T5876]  ? __pfx_vfs_write+0x10/0x10
[  142.201326][ T5876]  ? __fget_files+0x2a/0x420
[  142.201347][ T5876]  ksys_write+0x145/0x250
[  142.201363][ T5876]  ? __pfx_ksys_write+0x10/0x10
[  142.201374][ T5876]  ? rcu_is_watching+0x15/0xb0
[  142.201390][ T5876]  ? do_syscall_64+0xbe/0x3b0
[  142.201405][ T5876]  do_syscall_64+0xfa/0x3b0
[  142.201416][ T5876]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.201426][ T5876]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.201437][ T5876]  ? clear_bhb_loop+0x60/0xb0
[  142.201452][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.201462][ T5876] RIP: 0033:0x7fe83e58bc1f
[  142.201474][ T5876] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  142.201483][ T5876] RSP: 002b:00007fe83f35f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  142.201496][ T5876] RAX: ffffffffffffffda RBX: 00007fe83e7a5fa0 RCX: 00007fe83e58bc1f
[  142.201503][ T5876] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  142.201509][ T5876] RBP: 00007fe83e60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  142.201516][ T5876] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  142.201522][ T5876] R13: 0000000000000000 R14: 00007fe83e7a5fa0 R15: 00007fffca44a098
[  142.201541][ T5876]  </TASK>
[  142.201546][ T5876] Disabling lock debugging due to kernel taint
[  142.333995][ T5876] BUG: Bad page state in process syz.0.16  pfn:47624
[  142.337029][ T5876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x47624
[  142.341328][ T5876] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  142.344169][ T5876] raw: 04fff00000000000 dead000000000040 ffff88801e8f0000 0000000000000000
[  142.347887][ T5876] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  142.351471][ T5876] page dumped because: page_pool leak
[  142.353872][ T5876] page_owner tracks the page as allocated
[  142.356450][ T5876] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5876, tgid 5875 (syz.0.16), ts 142109058141, free_ts 142106075891
[  142.363597][ T5876]  post_alloc_hook+0x240/0x2a0
[  142.365716][ T5876]  get_page_from_freelist+0x21e4/0x22c0
[  142.368085][ T5876]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.370567][ T5876]  alloc_pages_bulk_noprof+0x560/0x710
[  142.372920][ T5876]  __page_pool_alloc_pages_slow+0x127/0x740
[  142.375567][ T5876]  skb_pp_cow_data+0xb47/0x13e0
[  142.377708][ T5876]  do_xdp_generic+0x699/0x11a0
[  142.379756][ T5876]  tun_get_user+0x23fb/0x3ce0
[  142.381868][ T5876]  tun_chr_write_iter+0x113/0x200
[  142.384121][ T5876]  vfs_write+0x54b/0xa90
[  142.386099][ T5876]  ksys_write+0x145/0x250
[  142.388072][ T5876]  do_syscall_64+0xfa/0x3b0
[  142.390148][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.393209][ T5876] page last free pid 15 tgid 15 stack trace:
[  142.396383][ T5876]  __free_frozen_pages+0xc71/0xe70
[  142.398594][ T5876]  __tlb_remove_table+0x2d2/0x3b0
[  142.400821][ T5876]  tlb_remove_table_rcu+0x85/0x100
[  142.403131][ T5876]  rcu_core+0xca5/0x1710
[  142.405149][ T5876]  handle_softirqs+0x286/0x870
[  142.407231][ T5876]  run_ksoftirqd+0x9b/0x100
[  142.409224][ T5876]  smpboot_thread_fn+0x53f/0xa60
[  142.411264][ T5876]  kthread+0x70e/0x8a0
[  142.413030][ T5876]  ret_from_fork+0x3fc/0x770
[  142.415064][ T5876]  ret_from_fork_asm+0x1a/0x30
[  142.417251][ T5876] Modules linked in:
[  142.419018][ T5876] CPU: 0 UID: 0 PID: 5876 Comm: syz.0.16 Tainted: G    B               6.16.0-rc4-syzkaller-ga79a588fc176 #0 PREEMPT(full) 
[  142.419034][ T5876] Tainted: [B]=BAD_PAGE
[  142.419037][ T5876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  142.419044][ T5876] Call Trace:
[  142.419051][ T5876]  <TASK>
[  142.419057][ T5876]  dump_stack_lvl+0x189/0x250
[  142.419073][ T5876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.419085][ T5876]  ? __pfx_print_modules+0x10/0x10
[  142.419102][ T5876]  bad_page+0x180/0x1c0
[  142.419113][ T5876]  __free_frozen_pages+0xe17/0xe70
[  142.419128][ T5876]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  142.419147][ T5876]  bpf_xdp_adjust_tail+0x1d6/0x220
[  142.419159][ T5876]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  142.419168][ T5876]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  142.419190][ T5876]  do_xdp_generic+0x9f7/0x11a0
[  142.419207][ T5876]  ? __pfx_do_xdp_generic+0x10/0x10
[  142.419224][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  142.419238][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  142.419248][ T5876]  tun_get_user+0x23fb/0x3ce0
[  142.419261][ T5876]  ? aa_file_perm+0x11f/0xed0
[  142.419272][ T5876]  ? __pfx_tun_get_user+0x10/0x10
[  142.419282][ T5876]  ? aa_file_perm+0x3e7/0xed0
[  142.419291][ T5876]  ? __pfx_preempt_schedule+0x10/0x10
[  142.419308][ T5876]  ? ref_tracker_alloc+0x318/0x460
[  142.419317][ T5876]  ? __lock_acquire+0xab9/0xd20
[  142.419326][ T5876]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  142.419335][ T5876]  ? tun_get+0x1c/0x2f0
[  142.419345][ T5876]  ? tun_get+0x1c/0x2f0
[  142.419355][ T5876]  ? tun_get+0x1c/0x2f0
[  142.419365][ T5876]  tun_chr_write_iter+0x113/0x200
[  142.419376][ T5876]  vfs_write+0x54b/0xa90
[  142.419389][ T5876]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  142.419399][ T5876]  ? __pfx_vfs_write+0x10/0x10
[  142.419412][ T5876]  ? __fget_files+0x2a/0x420
[  142.419427][ T5876]  ksys_write+0x145/0x250
[  142.419439][ T5876]  ? __pfx_ksys_write+0x10/0x10
[  142.419449][ T5876]  ? rcu_is_watching+0x15/0xb0
[  142.419461][ T5876]  ? do_syscall_64+0xbe/0x3b0
[  142.419472][ T5876]  do_syscall_64+0xfa/0x3b0
[  142.419506][ T5876]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.419517][ T5876]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.419528][ T5876]  ? clear_bhb_loop+0x60/0xb0
[  142.419538][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.419549][ T5876] RIP: 0033:0x7fe83e58bc1f
[  142.419559][ T5876] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  142.419568][ T5876] RSP: 002b:00007fe83f35f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  142.419579][ T5876] RAX: ffffffffffffffda RBX: 00007fe83e7a5fa0 RCX: 00007fe83e58bc1f
[  142.419587][ T5876] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  142.419593][ T5876] RBP: 00007fe83e60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  142.419599][ T5876] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  142.419605][ T5876] R13: 0000000000000000 R14: 00007fe83e7a5fa0 R15: 00007fffca44a098
[  142.419615][ T5876]  </TASK>
[  142.419622][ T5876] BUG: Bad page state in process syz.0.16  pfn:4763e
[  142.553281][ T5876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x4763e
[  142.557562][ T5876] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  142.560578][ T5876] raw: 04fff00000000000 dead000000000040 ffff88801e8f0000 0000000000000000
[  142.564244][ T5876] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  142.567970][ T5876] page dumped because: page_pool leak
[  142.570270][ T5876] page_owner tracks the page as allocated
[  142.572690][ T5876] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5876, tgid 5875 (syz.0.16), ts 142109047191, free_ts 142106092012
[  142.579769][ T5876]  post_alloc_hook+0x240/0x2a0
[  142.581921][ T5876]  get_page_from_freelist+0x21e4/0x22c0
[  142.584317][ T5876]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.586891][ T5876]  alloc_pages_bulk_noprof+0x560/0x710
[  142.589248][ T5876]  __page_pool_alloc_pages_slow+0x127/0x740
[  142.591811][ T5876]  skb_pp_cow_data+0xb47/0x13e0
[  142.594087][ T5876]  do_xdp_generic+0x699/0x11a0
[  142.596299][ T5876]  tun_get_user+0x23fb/0x3ce0
[  142.598323][ T5876]  tun_chr_write_iter+0x113/0x200
[  142.600699][ T5876]  vfs_write+0x54b/0xa90
[  142.602564][ T5876]  ksys_write+0x145/0x250
[  142.604572][ T5876]  do_syscall_64+0xfa/0x3b0
[  142.606605][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.609017][ T5876] page last free pid 15 tgid 15 stack trace:
[  142.611514][ T5876]  __free_frozen_pages+0xc71/0xe70
[  142.613642][ T5876]  __tlb_remove_table+0x2d2/0x3b0
[  142.615827][ T5876]  tlb_remove_table_rcu+0x85/0x100
[  142.617904][ T5876]  rcu_core+0xca5/0x1710
[  142.619719][ T5876]  handle_softirqs+0x286/0x870
[  142.621743][ T5876]  run_ksoftirqd+0x9b/0x100
[  142.623662][ T5876]  smpboot_thread_fn+0x53f/0xa60
[  142.625854][ T5876]  kthread+0x70e/0x8a0
[  142.627587][ T5876]  ret_from_fork+0x3fc/0x770
[  142.629527][ T5876]  ret_from_fork_asm+0x1a/0x30
[  142.631581][ T5876] Modules linked in:
[  142.633298][ T5876] CPU: 0 UID: 0 PID: 5876 Comm: syz.0.16 Tainted: G    B               6.16.0-rc4-syzkaller-ga79a588fc176 #0 PREEMPT(full) 
[  142.633313][ T5876] Tainted: [B]=BAD_PAGE
[  142.633317][ T5876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  142.633323][ T5876] Call Trace:
[  142.633329][ T5876]  <TASK>
[  142.633335][ T5876]  dump_stack_lvl+0x189/0x250
[  142.633349][ T5876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.633361][ T5876]  ? __pfx_print_modules+0x10/0x10
[  142.633375][ T5876]  bad_page+0x180/0x1c0
[  142.633386][ T5876]  __free_frozen_pages+0xe17/0xe70
[  142.633400][ T5876]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  142.633419][ T5876]  bpf_xdp_adjust_tail+0x1d6/0x220
[  142.633433][ T5876]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  142.633441][ T5876]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  142.633462][ T5876]  do_xdp_generic+0x9f7/0x11a0
[  142.633478][ T5876]  ? __pfx_do_xdp_generic+0x10/0x10
[  142.633495][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  142.633508][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  142.633518][ T5876]  tun_get_user+0x23fb/0x3ce0
[  142.633531][ T5876]  ? aa_file_perm+0x11f/0xed0
[  142.633541][ T5876]  ? __pfx_tun_get_user+0x10/0x10
[  142.633552][ T5876]  ? aa_file_perm+0x3e7/0xed0
[  142.633561][ T5876]  ? __pfx_preempt_schedule+0x10/0x10
[  142.633579][ T5876]  ? ref_tracker_alloc+0x318/0x460
[  142.633589][ T5876]  ? __lock_acquire+0xab9/0xd20
[  142.633599][ T5876]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  142.633609][ T5876]  ? tun_get+0x1c/0x2f0
[  142.633619][ T5876]  ? tun_get+0x1c/0x2f0
[  142.633628][ T5876]  ? tun_get+0x1c/0x2f0
[  142.633638][ T5876]  tun_chr_write_iter+0x113/0x200
[  142.633649][ T5876]  vfs_write+0x54b/0xa90
[  142.633660][ T5876]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  142.633671][ T5876]  ? __pfx_vfs_write+0x10/0x10
[  142.633683][ T5876]  ? __fget_files+0x2a/0x420
[  142.633698][ T5876]  ksys_write+0x145/0x250
[  142.633709][ T5876]  ? __pfx_ksys_write+0x10/0x10
[  142.633719][ T5876]  ? rcu_is_watching+0x15/0xb0
[  142.633731][ T5876]  ? do_syscall_64+0xbe/0x3b0
[  142.633743][ T5876]  do_syscall_64+0xfa/0x3b0
[  142.633752][ T5876]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.633761][ T5876]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.633771][ T5876]  ? clear_bhb_loop+0x60/0xb0
[  142.633781][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.633790][ T5876] RIP: 0033:0x7fe83e58bc1f
[  142.633800][ T5876] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  142.633808][ T5876] RSP: 002b:00007fe83f35f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  142.633820][ T5876] RAX: ffffffffffffffda RBX: 00007fe83e7a5fa0 RCX: 00007fe83e58bc1f
[  142.633827][ T5876] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  142.633833][ T5876] RBP: 00007fe83e60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  142.633838][ T5876] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  142.633843][ T5876] R13: 0000000000000000 R14: 00007fe83e7a5fa0 R15: 00007fffca44a098
[  142.633852][ T5876]  </TASK>
[  142.633860][ T5876] BUG: Bad page state in process syz.0.16  pfn:50c64
[  142.762258][ T5876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888050c64600 pfn:0x50c64
[  142.766543][ T5876] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  142.769605][ T5876] raw: 04fff00000000000 dead000000000040 ffff88801e8f0000 0000000000000000
[  142.773125][ T5876] raw: ffff888050c64600 0000000000000001 00000000ffffffff 0000000000000000
[  142.776802][ T5876] page dumped because: page_pool leak
[  142.779028][ T5876] page_owner tracks the page as allocated
[  142.781430][ T5876] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5876, tgid 5875 (syz.0.16), ts 142109036808, free_ts 142106100123
[  142.788346][ T5876]  post_alloc_hook+0x240/0x2a0
[  142.790369][ T5876]  get_page_from_freelist+0x21e4/0x22c0
[  142.792745][ T5876]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.795360][ T5876]  alloc_pages_bulk_noprof+0x560/0x710
[  142.797750][ T5876]  __page_pool_alloc_pages_slow+0x127/0x740
[  142.800280][ T5876]  skb_pp_cow_data+0xb47/0x13e0
[  142.802410][ T5876]  do_xdp_generic+0x699/0x11a0
[  142.804550][ T5876]  tun_get_user+0x23fb/0x3ce0
[  142.806683][ T5876]  tun_chr_write_iter+0x113/0x200
[  142.808811][ T5876]  vfs_write+0x54b/0xa90
[  142.810563][ T5876]  ksys_write+0x145/0x250
[  142.812349][ T5876]  do_syscall_64+0xfa/0x3b0
[  142.814303][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.816823][ T5876] page last free pid 15 tgid 15 stack trace:
[  142.819315][ T5876]  __free_frozen_pages+0xc71/0xe70
[  142.821506][ T5876]  __tlb_remove_table+0x2d2/0x3b0
[  142.823686][ T5876]  tlb_remove_table_rcu+0x85/0x100
[  142.826024][ T5876]  rcu_core+0xca5/0x1710
[  142.827848][ T5876]  handle_softirqs+0x286/0x870
[  142.829877][ T5876]  run_ksoftirqd+0x9b/0x100
[  142.831836][ T5876]  smpboot_thread_fn+0x53f/0xa60
[  142.833942][ T5876]  kthread+0x70e/0x8a0
[  142.835845][ T5876]  ret_from_fork+0x3fc/0x770
[  142.837820][ T5876]  ret_from_fork_asm+0x1a/0x30
[  142.839817][ T5876] Modules linked in:
[  142.841503][ T5876] CPU: 0 UID: 0 PID: 5876 Comm: syz.0.16 Tainted: G    B               6.16.0-rc4-syzkaller-ga79a588fc176 #0 PREEMPT(full) 
[  142.841518][ T5876] Tainted: [B]=BAD_PAGE
[  142.841522][ T5876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  142.841529][ T5876] Call Trace:
[  142.841536][ T5876]  <TASK>
[  142.841542][ T5876]  dump_stack_lvl+0x189/0x250
[  142.841558][ T5876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.841569][ T5876]  ? __pfx_print_modules+0x10/0x10
[  142.841586][ T5876]  bad_page+0x180/0x1c0
[  142.841598][ T5876]  __free_frozen_pages+0xe17/0xe70
[  142.841613][ T5876]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  142.841639][ T5876]  bpf_xdp_adjust_tail+0x1d6/0x220
[  142.841652][ T5876]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  142.841660][ T5876]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  142.841685][ T5876]  do_xdp_generic+0x9f7/0x11a0
[  142.841721][ T5876]  ? __pfx_do_xdp_generic+0x10/0x10
[  142.841739][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  142.841753][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  142.841763][ T5876]  tun_get_user+0x23fb/0x3ce0
[  142.841778][ T5876]  ? aa_file_perm+0x11f/0xed0
[  142.841788][ T5876]  ? __pfx_tun_get_user+0x10/0x10
[  142.841798][ T5876]  ? aa_file_perm+0x3e7/0xed0
[  142.841807][ T5876]  ? __pfx_preempt_schedule+0x10/0x10
[  142.841826][ T5876]  ? ref_tracker_alloc+0x318/0x460
[  142.841836][ T5876]  ? __lock_acquire+0xab9/0xd20
[  142.841847][ T5876]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  142.841857][ T5876]  ? tun_get+0x1c/0x2f0
[  142.841870][ T5876]  ? tun_get+0x1c/0x2f0
[  142.841881][ T5876]  ? tun_get+0x1c/0x2f0
[  142.841892][ T5876]  tun_chr_write_iter+0x113/0x200
[  142.841905][ T5876]  vfs_write+0x54b/0xa90
[  142.841920][ T5876]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  142.841931][ T5876]  ? __pfx_vfs_write+0x10/0x10
[  142.841945][ T5876]  ? __fget_files+0x2a/0x420
[  142.841962][ T5876]  ksys_write+0x145/0x250
[  142.841981][ T5876]  ? __pfx_ksys_write+0x10/0x10
[  142.841992][ T5876]  ? rcu_is_watching+0x15/0xb0
[  142.842006][ T5876]  ? do_syscall_64+0xbe/0x3b0
[  142.842019][ T5876]  do_syscall_64+0xfa/0x3b0
[  142.842029][ T5876]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.842039][ T5876]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.842050][ T5876]  ? clear_bhb_loop+0x60/0xb0
[  142.842062][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.842073][ T5876] RIP: 0033:0x7fe83e58bc1f
[  142.842085][ T5876] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  142.842094][ T5876] RSP: 002b:00007fe83f35f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  142.842106][ T5876] RAX: ffffffffffffffda RBX: 00007fe83e7a5fa0 RCX: 00007fe83e58bc1f
[  142.842114][ T5876] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  142.842121][ T5876] RBP: 00007fe83e60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  142.842128][ T5876] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  142.842135][ T5876] R13: 0000000000000000 R14: 00007fe83e7a5fa0 R15: 00007fffca44a098
[  142.842146][ T5876]  </TASK>
[  142.842155][ T5876] BUG: Bad page state in process syz.0.16  pfn:404ae
[  142.969498][ T5876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x404ae
[  142.973579][ T5876] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  142.976577][ T5876] raw: 04fff00000000000 dead000000000040 ffff88801e8f0000 0000000000000000
[  142.980523][ T5876] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  142.984108][ T5876] page dumped because: page_pool leak
[  142.986282][ T5876] page_owner tracks the page as allocated
[  142.988558][ T5876] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5876, tgid 5875 (syz.0.16), ts 142109026857, free_ts 142106116391
[  142.995615][ T5876]  post_alloc_hook+0x240/0x2a0
[  142.997775][ T5876]  get_page_from_freelist+0x21e4/0x22c0
[  143.000154][ T5876]  __alloc_frozen_pages_noprof+0x181/0x370
[  143.002659][ T5876]  alloc_pages_bulk_noprof+0x560/0x710
[  143.004985][ T5876]  __page_pool_alloc_pages_slow+0x127/0x740
[  143.007380][ T5876]  skb_pp_cow_data+0xb47/0x13e0
[  143.009433][ T5876]  do_xdp_generic+0x699/0x11a0
[  143.011462][ T5876]  tun_get_user+0x23fb/0x3ce0
[  143.013469][ T5876]  tun_chr_write_iter+0x113/0x200
[  143.015681][ T5876]  vfs_write+0x54b/0xa90
[  143.017446][ T5876]  ksys_write+0x145/0x250
[  143.019215][ T5876]  do_syscall_64+0xfa/0x3b0
[  143.021156][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.023504][ T5876] page last free pid 15 tgid 15 stack trace:
[  143.026105][ T5876]  __free_frozen_pages+0xc71/0xe70
[  143.028323][ T5876]  __tlb_remove_table+0x2d2/0x3b0
[  143.030404][ T5876]  tlb_remove_table_rcu+0x85/0x100
[  143.032544][ T5876]  rcu_core+0xca5/0x1710
[  143.034366][ T5876]  handle_softirqs+0x286/0x870
[  143.036453][ T5876]  run_ksoftirqd+0x9b/0x100
[  143.038395][ T5876]  smpboot_thread_fn+0x53f/0xa60
[  143.040496][ T5876]  kthread+0x70e/0x8a0
[  143.042233][ T5876]  ret_from_fork+0x3fc/0x770
[  143.044195][ T5876]  ret_from_fork_asm+0x1a/0x30
[  143.046272][ T5876] Modules linked in:
[  143.047981][ T5876] CPU: 0 UID: 0 PID: 5876 Comm: syz.0.16 Tainted: G    B               6.16.0-rc4-syzkaller-ga79a588fc176 #0 PREEMPT(full) 
[  143.047999][ T5876] Tainted: [B]=BAD_PAGE
[  143.048002][ T5876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  143.048008][ T5876] Call Trace:
[  143.048015][ T5876]  <TASK>
[  143.048023][ T5876]  dump_stack_lvl+0x189/0x250
[  143.048037][ T5876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.048049][ T5876]  ? __pfx_print_modules+0x10/0x10
[  143.048067][ T5876]  bad_page+0x180/0x1c0
[  143.048078][ T5876]  __free_frozen_pages+0xe17/0xe70
[  143.048095][ T5876]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  143.048112][ T5876]  bpf_xdp_adjust_tail+0x1d6/0x220
[  143.048128][ T5876]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  143.048137][ T5876]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  143.048160][ T5876]  do_xdp_generic+0x9f7/0x11a0
[  143.048176][ T5876]  ? __pfx_do_xdp_generic+0x10/0x10
[  143.048193][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  143.048207][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  143.048219][ T5876]  tun_get_user+0x23fb/0x3ce0
[  143.048233][ T5876]  ? aa_file_perm+0x11f/0xed0
[  143.048243][ T5876]  ? __pfx_tun_get_user+0x10/0x10
[  143.048255][ T5876]  ? aa_file_perm+0x3e7/0xed0
[  143.048262][ T5876]  ? __pfx_preempt_schedule+0x10/0x10
[  143.048279][ T5876]  ? ref_tracker_alloc+0x318/0x460
[  143.048290][ T5876]  ? __lock_acquire+0xab9/0xd20
[  143.048300][ T5876]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  143.048310][ T5876]  ? tun_get+0x1c/0x2f0
[  143.048322][ T5876]  ? tun_get+0x1c/0x2f0
[  143.048331][ T5876]  ? tun_get+0x1c/0x2f0
[  143.048341][ T5876]  tun_chr_write_iter+0x113/0x200
[  143.048354][ T5876]  vfs_write+0x54b/0xa90
[  143.048366][ T5876]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  143.048377][ T5876]  ? __pfx_vfs_write+0x10/0x10
[  143.048390][ T5876]  ? __fget_files+0x2a/0x420
[  143.048404][ T5876]  ksys_write+0x145/0x250
[  143.048417][ T5876]  ? __pfx_ksys_write+0x10/0x10
[  143.048427][ T5876]  ? rcu_is_watching+0x15/0xb0
[  143.048439][ T5876]  ? do_syscall_64+0xbe/0x3b0
[  143.048452][ T5876]  do_syscall_64+0xfa/0x3b0
[  143.048461][ T5876]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.048469][ T5876]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.048480][ T5876]  ? clear_bhb_loop+0x60/0xb0
[  143.048490][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.048499][ T5876] RIP: 0033:0x7fe83e58bc1f
[  143.048508][ T5876] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  143.048518][ T5876] RSP: 002b:00007fe83f35f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  143.048528][ T5876] RAX: ffffffffffffffda RBX: 00007fe83e7a5fa0 RCX: 00007fe83e58bc1f
[  143.048535][ T5876] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  143.048541][ T5876] RBP: 00007fe83e60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  143.048549][ T5876] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  143.048554][ T5876] R13: 0000000000000000 R14: 00007fe83e7a5fa0 R15: 00007fffca44a098
[  143.048564][ T5876]  </TASK>
[  143.048571][ T5876] BUG: Bad page state in process syz.0.16  pfn:59cc6
[  143.173963][ T5876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888059cc6500 pfn:0x59cc6
[  143.178095][ T5876] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  143.181072][ T5876] raw: 04fff00000000000 dead000000000040 ffff88801e8f0000 0000000000000000
[  143.184570][ T5876] raw: ffff888059cc6500 0000000000000001 00000000ffffffff 0000000000000000
[  143.188184][ T5876] page dumped because: page_pool leak
[  143.190374][ T5876] page_owner tracks the page as allocated
[  143.192699][ T5876] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5876, tgid 5875 (syz.0.16), ts 142109014928, free_ts 142106132371
[  143.199424][ T5876]  post_alloc_hook+0x240/0x2a0
[  143.201415][ T5876]  get_page_from_freelist+0x21e4/0x22c0
[  143.205080][ T5876]  __alloc_frozen_pages_noprof+0x181/0x370
[  143.208156][ T5876]  alloc_pages_bulk_noprof+0x560/0x710
[  143.210863][ T5876]  __page_pool_alloc_pages_slow+0x127/0x740
[  143.213339][ T5876]  skb_pp_cow_data+0xb47/0x13e0
[  143.215575][ T5876]  do_xdp_generic+0x699/0x11a0
[  143.217665][ T5876]  tun_get_user+0x23fb/0x3ce0
[  143.219568][ T5876]  tun_chr_write_iter+0x113/0x200
[  143.221547][ T5876]  vfs_write+0x54b/0xa90
[  143.223333][ T5876]  ksys_write+0x145/0x250
[  143.225264][ T5876]  do_syscall_64+0xfa/0x3b0
[  143.227120][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.229592][ T5876] page last free pid 15 tgid 15 stack trace:
[  143.232094][ T5876]  __free_frozen_pages+0xc71/0xe70
[  143.234197][ T5876]  __tlb_remove_table+0x2d2/0x3b0
[  143.236414][ T5876]  tlb_remove_table_rcu+0x85/0x100
[  143.238515][ T5876]  rcu_core+0xca5/0x1710
[  143.240303][ T5876]  handle_softirqs+0x286/0x870
[  143.242283][ T5876]  run_ksoftirqd+0x9b/0x100
[  143.244216][ T5876]  smpboot_thread_fn+0x53f/0xa60
[  143.246341][ T5876]  kthread+0x70e/0x8a0
[  143.247956][ T5876]  ret_from_fork+0x3fc/0x770
[  143.249852][ T5876]  ret_from_fork_asm+0x1a/0x30
[  143.252138][ T5876] Modules linked in:
[  143.253828][ T5876] CPU: 0 UID: 0 PID: 5876 Comm: syz.0.16 Tainted: G    B               6.16.0-rc4-syzkaller-ga79a588fc176 #0 PREEMPT(full) 
[  143.253844][ T5876] Tainted: [B]=BAD_PAGE
[  143.253848][ T5876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  143.253854][ T5876] Call Trace:
[  143.253862][ T5876]  <TASK>
[  143.253867][ T5876]  dump_stack_lvl+0x189/0x250
[  143.253883][ T5876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.253894][ T5876]  ? __pfx_print_modules+0x10/0x10
[  143.253907][ T5876]  bad_page+0x180/0x1c0
[  143.253915][ T5876]  __free_frozen_pages+0xe17/0xe70
[  143.253925][ T5876]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  143.253937][ T5876]  bpf_xdp_adjust_tail+0x1d6/0x220
[  143.253945][ T5876]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  143.253951][ T5876]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  143.253968][ T5876]  do_xdp_generic+0x9f7/0x11a0
[  143.253983][ T5876]  ? __pfx_do_xdp_generic+0x10/0x10
[  143.253998][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  143.254018][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  143.254028][ T5876]  tun_get_user+0x23fb/0x3ce0
[  143.254042][ T5876]  ? aa_file_perm+0x11f/0xed0
[  143.254052][ T5876]  ? __pfx_tun_get_user+0x10/0x10
[  143.254061][ T5876]  ? aa_file_perm+0x3e7/0xed0
[  143.254070][ T5876]  ? __pfx_preempt_schedule+0x10/0x10
[  143.254087][ T5876]  ? ref_tracker_alloc+0x318/0x460
[  143.254096][ T5876]  ? __lock_acquire+0xab9/0xd20
[  143.254107][ T5876]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  143.254116][ T5876]  ? tun_get+0x1c/0x2f0
[  143.254128][ T5876]  ? tun_get+0x1c/0x2f0
[  143.254137][ T5876]  ? tun_get+0x1c/0x2f0
[  143.254147][ T5876]  tun_chr_write_iter+0x113/0x200
[  143.254158][ T5876]  vfs_write+0x54b/0xa90
[  143.254170][ T5876]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  143.254180][ T5876]  ? __pfx_vfs_write+0x10/0x10
[  143.254193][ T5876]  ? __fget_files+0x2a/0x420
[  143.254208][ T5876]  ksys_write+0x145/0x250
[  143.254221][ T5876]  ? __pfx_ksys_write+0x10/0x10
[  143.254231][ T5876]  ? rcu_is_watching+0x15/0xb0
[  143.254243][ T5876]  ? do_syscall_64+0xbe/0x3b0
[  143.254256][ T5876]  do_syscall_64+0xfa/0x3b0
[  143.254266][ T5876]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.254275][ T5876]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.254285][ T5876]  ? clear_bhb_loop+0x60/0xb0
[  143.254296][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.254306][ T5876] RIP: 0033:0x7fe83e58bc1f
[  143.254317][ T5876] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  143.254324][ T5876] RSP: 002b:00007fe83f35f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  143.254336][ T5876] RAX: ffffffffffffffda RBX: 00007fe83e7a5fa0 RCX: 00007fe83e58bc1f
[  143.254343][ T5876] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  143.254349][ T5876] RBP: 00007fe83e60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  143.254355][ T5876] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  143.254360][ T5876] R13: 0000000000000000 R14: 00007fe83e7a5fa0 R15: 00007fffca44a098
[  143.254370][ T5876]  </TASK>
[  143.254378][ T5876] BUG: Bad page state in process syz.0.16  pfn:44723
[  143.380940][ T5876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x44723
[  143.385170][ T5876] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  143.388148][ T5876] raw: 04fff00000000000 dead000000000040 ffff88801e8f0000 0000000000000000
[  143.391607][ T5876] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  143.395175][ T5876] page dumped because: page_pool leak
[  143.397394][ T5876] page_owner tracks the page as allocated
[  143.399715][ T5876] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5876, tgid 5875 (syz.0.16), ts 142109002436, free_ts 142106157439
[  143.406482][ T5876]  post_alloc_hook+0x240/0x2a0
[  143.408488][ T5876]  get_page_from_freelist+0x21e4/0x22c0
[  143.410774][ T5876]  __alloc_frozen_pages_noprof+0x181/0x370
[  143.413153][ T5876]  alloc_pages_bulk_noprof+0x560/0x710
[  143.415517][ T5876]  __page_pool_alloc_pages_slow+0x127/0x740
[  143.417947][ T5876]  skb_pp_cow_data+0xb47/0x13e0
[  143.419990][ T5876]  do_xdp_generic+0x699/0x11a0
[  143.421966][ T5876]  tun_get_user+0x23fb/0x3ce0
[  143.423968][ T5876]  tun_chr_write_iter+0x113/0x200
[  143.426140][ T5876]  vfs_write+0x54b/0xa90
[  143.427958][ T5876]  ksys_write+0x145/0x250
[  143.429731][ T5876]  do_syscall_64+0xfa/0x3b0
[  143.431675][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.434175][ T5876] page last free pid 15 tgid 15 stack trace:
[  143.436746][ T5876]  __free_frozen_pages+0xc71/0xe70
[  143.438890][ T5876]  __tlb_remove_table+0x2d2/0x3b0
[  143.441054][ T5876]  tlb_remove_table_rcu+0x85/0x100
[  143.443142][ T5876]  rcu_core+0xca5/0x1710
[  143.444993][ T5876]  handle_softirqs+0x286/0x870
[  143.446946][ T5876]  run_ksoftirqd+0x9b/0x100
[  143.448875][ T5876]  smpboot_thread_fn+0x53f/0xa60
[  143.450944][ T5876]  kthread+0x70e/0x8a0
[  143.452646][ T5876]  ret_from_fork+0x3fc/0x770
[  143.454680][ T5876]  ret_from_fork_asm+0x1a/0x30
[  143.456779][ T5876] Modules linked in:
[  143.458364][ T5876] CPU: 0 UID: 0 PID: 5876 Comm: syz.0.16 Tainted: G    B               6.16.0-rc4-syzkaller-ga79a588fc176 #0 PREEMPT(full) 
[  143.458377][ T5876] Tainted: [B]=BAD_PAGE
[  143.458381][ T5876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  143.458387][ T5876] Call Trace:
[  143.458394][ T5876]  <TASK>
[  143.458399][ T5876]  dump_stack_lvl+0x189/0x250
[  143.458415][ T5876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.458423][ T5876]  ? __pfx_print_modules+0x10/0x10
[  143.458433][ T5876]  bad_page+0x180/0x1c0
[  143.458441][ T5876]  __free_frozen_pages+0xe17/0xe70
[  143.458451][ T5876]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  143.458464][ T5876]  bpf_xdp_adjust_tail+0x1d6/0x220
[  143.458476][ T5876]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  143.458485][ T5876]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  143.458506][ T5876]  do_xdp_generic+0x9f7/0x11a0
[  143.458516][ T5876]  ? __pfx_do_xdp_generic+0x10/0x10
[  143.458526][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  143.458535][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  143.458541][ T5876]  tun_get_user+0x23fb/0x3ce0
[  143.458550][ T5876]  ? aa_file_perm+0x11f/0xed0
[  143.458557][ T5876]  ? __pfx_tun_get_user+0x10/0x10
[  143.458563][ T5876]  ? aa_file_perm+0x3e7/0xed0
[  143.458571][ T5876]  ? __pfx_preempt_schedule+0x10/0x10
[  143.458587][ T5876]  ? ref_tracker_alloc+0x318/0x460
[  143.458596][ T5876]  ? __lock_acquire+0xab9/0xd20
[  143.458607][ T5876]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  143.458617][ T5876]  ? tun_get+0x1c/0x2f0
[  143.458624][ T5876]  ? tun_get+0x1c/0x2f0
[  143.458630][ T5876]  ? tun_get+0x1c/0x2f0
[  143.458636][ T5876]  tun_chr_write_iter+0x113/0x200
[  143.458643][ T5876]  vfs_write+0x54b/0xa90
[  143.458651][ T5876]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  143.458657][ T5876]  ? __pfx_vfs_write+0x10/0x10
[  143.458667][ T5876]  ? __fget_files+0x2a/0x420
[  143.458680][ T5876]  ksys_write+0x145/0x250
[  143.458691][ T5876]  ? __pfx_ksys_write+0x10/0x10
[  143.458701][ T5876]  ? rcu_is_watching+0x15/0xb0
[  143.458713][ T5876]  ? do_syscall_64+0xbe/0x3b0
[  143.458723][ T5876]  do_syscall_64+0xfa/0x3b0
[  143.458732][ T5876]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.458741][ T5876]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.458751][ T5876]  ? clear_bhb_loop+0x60/0xb0
[  143.458761][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.458771][ T5876] RIP: 0033:0x7fe83e58bc1f
[  143.458781][ T5876] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  143.458787][ T5876] RSP: 002b:00007fe83f35f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  143.458798][ T5876] RAX: ffffffffffffffda RBX: 00007fe83e7a5fa0 RCX: 00007fe83e58bc1f
[  143.458804][ T5876] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  143.458810][ T5876] RBP: 00007fe83e60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  143.458816][ T5876] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  143.458822][ T5876] R13: 0000000000000000 R14: 00007fe83e7a5fa0 R15: 00007fffca44a098
[  143.458833][ T5876]  </TASK>
[  143.458841][ T5876] BUG: Bad page state in process syz.0.16  pfn:446b0
[  143.585182][ T5876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x446b0
[  143.589393][ T5876] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  143.592409][ T5876] raw: 04fff00000000000 dead000000000040 ffff88801e8f0000 0000000000000000
[  143.596245][ T5876] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  143.599795][ T5876] page dumped because: page_pool leak
[  143.602037][ T5876] page_owner tracks the page as allocated
[  143.604561][ T5876] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5876, tgid 5875 (syz.0.16), ts 142108990308, free_ts 142106173099
[  143.611314][ T5876]  post_alloc_hook+0x240/0x2a0
[  143.613371][ T5876]  get_page_from_freelist+0x21e4/0x22c0
[  143.615983][ T5876]  __alloc_frozen_pages_noprof+0x181/0x370
[  143.618454][ T5876]  alloc_pages_bulk_noprof+0x560/0x710
[  143.620773][ T5876]  __page_pool_alloc_pages_slow+0x127/0x740
[  143.623345][ T5876]  skb_pp_cow_data+0xb47/0x13e0
[  143.625510][ T5876]  do_xdp_generic+0x699/0x11a0
[  143.627597][ T5876]  tun_get_user+0x23fb/0x3ce0
[  143.629674][ T5876]  tun_chr_write_iter+0x113/0x200
[  143.631906][ T5876]  vfs_write+0x54b/0xa90
[  143.633768][ T5876]  ksys_write+0x145/0x250
[  143.635746][ T5876]  do_syscall_64+0xfa/0x3b0
[  143.637718][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.640206][ T5876] page last free pid 15 tgid 15 stack trace:
[  143.642699][ T5876]  __free_frozen_pages+0xc71/0xe70
[  143.644946][ T5876]  __tlb_remove_table+0x2d2/0x3b0
[  143.646999][ T5876]  tlb_remove_table_rcu+0x85/0x100
[  143.649018][ T5876]  rcu_core+0xca5/0x1710
[  143.650674][ T5876]  handle_softirqs+0x286/0x870
[  143.652568][ T5876]  run_ksoftirqd+0x9b/0x100
[  143.654411][ T5876]  smpboot_thread_fn+0x53f/0xa60
[  143.656492][ T5876]  kthread+0x70e/0x8a0
[  143.658167][ T5876]  ret_from_fork+0x3fc/0x770
[  143.660083][ T5876]  ret_from_fork_asm+0x1a/0x30
[  143.662109][ T5876] Modules linked in:
[  143.663787][ T5876] CPU: 0 UID: 0 PID: 5876 Comm: syz.0.16 Tainted: G    B               6.16.0-rc4-syzkaller-ga79a588fc176 #0 PREEMPT(full) 
[  143.663804][ T5876] Tainted: [B]=BAD_PAGE
[  143.663807][ T5876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  143.663814][ T5876] Call Trace:
[  143.663825][ T5876]  <TASK>
[  143.663831][ T5876]  dump_stack_lvl+0x189/0x250
[  143.663849][ T5876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.663860][ T5876]  ? __pfx_print_modules+0x10/0x10
[  143.663877][ T5876]  bad_page+0x180/0x1c0
[  143.663892][ T5876]  __free_frozen_pages+0xe17/0xe70
[  143.663908][ T5876]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  143.663925][ T5876]  bpf_xdp_adjust_tail+0x1d6/0x220
[  143.663939][ T5876]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  143.663947][ T5876]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  143.663973][ T5876]  do_xdp_generic+0x9f7/0x11a0
[  143.663996][ T5876]  ? __pfx_do_xdp_generic+0x10/0x10
[  143.664011][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  143.664024][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  143.664034][ T5876]  tun_get_user+0x23fb/0x3ce0
[  143.664047][ T5876]  ? aa_file_perm+0x11f/0xed0
[  143.664057][ T5876]  ? __pfx_tun_get_user+0x10/0x10
[  143.664068][ T5876]  ? aa_file_perm+0x3e7/0xed0
[  143.664077][ T5876]  ? __pfx_preempt_schedule+0x10/0x10
[  143.664094][ T5876]  ? ref_tracker_alloc+0x318/0x460
[  143.664103][ T5876]  ? __lock_acquire+0xab9/0xd20
[  143.664112][ T5876]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  143.664121][ T5876]  ? tun_get+0x1c/0x2f0
[  143.664131][ T5876]  ? tun_get+0x1c/0x2f0
[  143.664139][ T5876]  ? tun_get+0x1c/0x2f0
[  143.664148][ T5876]  tun_chr_write_iter+0x113/0x200
[  143.664161][ T5876]  vfs_write+0x54b/0xa90
[  143.664174][ T5876]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  143.664184][ T5876]  ? __pfx_vfs_write+0x10/0x10
[  143.664198][ T5876]  ? __fget_files+0x2a/0x420
[  143.664213][ T5876]  ksys_write+0x145/0x250
[  143.664223][ T5876]  ? __pfx_ksys_write+0x10/0x10
[  143.664233][ T5876]  ? rcu_is_watching+0x15/0xb0
[  143.664246][ T5876]  ? do_syscall_64+0xbe/0x3b0
[  143.664257][ T5876]  do_syscall_64+0xfa/0x3b0
[  143.664266][ T5876]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.664275][ T5876]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.664284][ T5876]  ? clear_bhb_loop+0x60/0xb0
[  143.664294][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.664304][ T5876] RIP: 0033:0x7fe83e58bc1f
[  143.664314][ T5876] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  143.664323][ T5876] RSP: 002b:00007fe83f35f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  143.664335][ T5876] RAX: ffffffffffffffda RBX: 00007fe83e7a5fa0 RCX: 00007fe83e58bc1f
[  143.664342][ T5876] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  143.664349][ T5876] RBP: 00007fe83e60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  143.664355][ T5876] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  143.664360][ T5876] R13: 0000000000000000 R14: 00007fe83e7a5fa0 R15: 00007fffca44a098
[  143.664369][ T5876]  </TASK>
[  143.664376][ T5876] BUG: Bad page state in process syz.0.16  pfn:330ad
[  143.791610][ T5876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x330ad
[  143.795843][ T5876] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  143.798861][ T5876] raw: 04fff00000000000 dead000000000040 ffff88801e8f0000 0000000000000000
[  143.802449][ T5876] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  143.806272][ T5876] page dumped because: page_pool leak
[  143.808535][ T5876] page_owner tracks the page as allocated
[  143.810893][ T5876] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5876, tgid 5875 (syz.0.16), ts 142108980431, free_ts 142106188920
[  143.818065][ T5876]  post_alloc_hook+0x240/0x2a0
[  143.820078][ T5876]  get_page_from_freelist+0x21e4/0x22c0
[  143.822436][ T5876]  __alloc_frozen_pages_noprof+0x181/0x370
[  143.824988][ T5876]  alloc_pages_bulk_noprof+0x560/0x710
[  143.827376][ T5876]  __page_pool_alloc_pages_slow+0x127/0x740
[  143.829806][ T5876]  skb_pp_cow_data+0xb47/0x13e0
[  143.831872][ T5876]  do_xdp_generic+0x699/0x11a0
[  143.833859][ T5876]  tun_get_user+0x23fb/0x3ce0
[  143.835961][ T5876]  tun_chr_write_iter+0x113/0x200
[  143.838112][ T5876]  vfs_write+0x54b/0xa90
[  143.839872][ T5876]  ksys_write+0x145/0x250
[  143.841683][ T5876]  do_syscall_64+0xfa/0x3b0
[  143.843641][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.846185][ T5876] page last free pid 15 tgid 15 stack trace:
[  143.848668][ T5876]  __free_frozen_pages+0xc71/0xe70
[  143.850794][ T5876]  __tlb_remove_table+0x2d2/0x3b0
[  143.852927][ T5876]  tlb_remove_table_rcu+0x85/0x100
[  143.855243][ T5876]  rcu_core+0xca5/0x1710
[  143.857051][ T5876]  handle_softirqs+0x286/0x870
[  143.859026][ T5876]  run_ksoftirqd+0x9b/0x100
[  143.860919][ T5876]  smpboot_thread_fn+0x53f/0xa60
[  143.863843][ T5876]  kthread+0x70e/0x8a0
[  143.865664][ T5876]  ret_from_fork+0x3fc/0x770
[  143.867704][ T5876]  ret_from_fork_asm+0x1a/0x30
[  143.869707][ T5876] Modules linked in:
[  143.871342][ T5876] CPU: 0 UID: 0 PID: 5876 Comm: syz.0.16 Tainted: G    B               6.16.0-rc4-syzkaller-ga79a588fc176 #0 PREEMPT(full) 
[  143.871359][ T5876] Tainted: [B]=BAD_PAGE
[  143.871363][ T5876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  143.871369][ T5876] Call Trace:
[  143.871377][ T5876]  <TASK>
[  143.871383][ T5876]  dump_stack_lvl+0x189/0x250
[  143.871398][ T5876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.871409][ T5876]  ? __pfx_print_modules+0x10/0x10
[  143.871425][ T5876]  bad_page+0x180/0x1c0
[  143.871437][ T5876]  __free_frozen_pages+0xe17/0xe70
[  143.871452][ T5876]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  143.871490][ T5876]  bpf_xdp_adjust_tail+0x1d6/0x220
[  143.871506][ T5876]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  143.871515][ T5876]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  143.871537][ T5876]  do_xdp_generic+0x9f7/0x11a0
[  143.871552][ T5876]  ? __pfx_do_xdp_generic+0x10/0x10
[  143.871569][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  143.871582][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  143.871591][ T5876]  tun_get_user+0x23fb/0x3ce0
[  143.871605][ T5876]  ? aa_file_perm+0x11f/0xed0
[  143.871615][ T5876]  ? __pfx_tun_get_user+0x10/0x10
[  143.871626][ T5876]  ? aa_file_perm+0x3e7/0xed0
[  143.871634][ T5876]  ? __pfx_preempt_schedule+0x10/0x10
[  143.871650][ T5876]  ? ref_tracker_alloc+0x318/0x460
[  143.871659][ T5876]  ? __lock_acquire+0xab9/0xd20
[  143.871670][ T5876]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  143.871680][ T5876]  ? tun_get+0x1c/0x2f0
[  143.871690][ T5876]  ? tun_get+0x1c/0x2f0
[  143.871700][ T5876]  ? tun_get+0x1c/0x2f0
[  143.871710][ T5876]  tun_chr_write_iter+0x113/0x200
[  143.871721][ T5876]  vfs_write+0x54b/0xa90
[  143.871733][ T5876]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  143.871751][ T5876]  ? __pfx_vfs_write+0x10/0x10
[  143.871763][ T5876]  ? __fget_files+0x2a/0x420
[  143.871777][ T5876]  ksys_write+0x145/0x250
[  143.871789][ T5876]  ? __pfx_ksys_write+0x10/0x10
[  143.871797][ T5876]  ? rcu_is_watching+0x15/0xb0
[  143.871808][ T5876]  ? do_syscall_64+0xbe/0x3b0
[  143.871817][ T5876]  do_syscall_64+0xfa/0x3b0
[  143.871825][ T5876]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.871833][ T5876]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.871843][ T5876]  ? clear_bhb_loop+0x60/0xb0
[  143.871854][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.871864][ T5876] RIP: 0033:0x7fe83e58bc1f
[  143.871873][ T5876] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  143.871881][ T5876] RSP: 002b:00007fe83f35f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  143.871892][ T5876] RAX: ffffffffffffffda RBX: 00007fe83e7a5fa0 RCX: 00007fe83e58bc1f
[  143.871900][ T5876] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  143.871906][ T5876] RBP: 00007fe83e60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  143.871912][ T5876] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  143.871918][ T5876] R13: 0000000000000000 R14: 00007fe83e7a5fa0 R15: 00007fffca44a098
[  143.871928][ T5876]  </TASK>
[  143.871936][ T5876] BUG: Bad page state in process syz.0.16  pfn:4cd16
[  143.998211][ T5876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804cd16200 pfn:0x4cd16
[  144.002270][ T5876] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  144.005327][ T5876] raw: 04fff00000000000 dead000000000040 ffff88801e8f0000 0000000000000000
[  144.008861][ T5876] raw: ffff88804cd16200 0000000000000001 00000000ffffffff 0000000000000000
[  144.012297][ T5876] page dumped because: page_pool leak
[  144.014510][ T5876] page_owner tracks the page as allocated
[  144.016996][ T5876] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5876, tgid 5875 (syz.0.16), ts 142108970311, free_ts 142106204370
[  144.023802][ T5876]  post_alloc_hook+0x240/0x2a0
[  144.025917][ T5876]  get_page_from_freelist+0x21e4/0x22c0
[  144.028219][ T5876]  __alloc_frozen_pages_noprof+0x181/0x370
[  144.030609][ T5876]  alloc_pages_bulk_noprof+0x560/0x710
[  144.032859][ T5876]  __page_pool_alloc_pages_slow+0x127/0x740
[  144.035546][ T5876]  skb_pp_cow_data+0xb47/0x13e0
[  144.037611][ T5876]  do_xdp_generic+0x699/0x11a0
[  144.039701][ T5876]  tun_get_user+0x23fb/0x3ce0
[  144.041711][ T5876]  tun_chr_write_iter+0x113/0x200
[  144.043973][ T5876]  vfs_write+0x54b/0xa90
[  144.045852][ T5876]  ksys_write+0x145/0x250
[  144.047594][ T5876]  do_syscall_64+0xfa/0x3b0
[  144.049438][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.051915][ T5876] page last free pid 15 tgid 15 stack trace:
[  144.054414][ T5876]  __free_frozen_pages+0xc71/0xe70
[  144.056653][ T5876]  __tlb_remove_table+0x2d2/0x3b0
[  144.058767][ T5876]  tlb_remove_table_rcu+0x85/0x100
[  144.060903][ T5876]  rcu_core+0xca5/0x1710
[  144.062686][ T5876]  handle_softirqs+0x286/0x870
[  144.064931][ T5876]  run_ksoftirqd+0x9b/0x100
[  144.066855][ T5876]  smpboot_thread_fn+0x53f/0xa60
[  144.069051][ T5876]  kthread+0x70e/0x8a0
[  144.070768][ T5876]  ret_from_fork+0x3fc/0x770
[  144.072730][ T5876]  ret_from_fork_asm+0x1a/0x30
[  144.074758][ T5876] Modules linked in:
[  144.076503][ T5876] CPU: 0 UID: 0 PID: 5876 Comm: syz.0.16 Tainted: G    B               6.16.0-rc4-syzkaller-ga79a588fc176 #0 PREEMPT(full) 
[  144.076518][ T5876] Tainted: [B]=BAD_PAGE
[  144.076522][ T5876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  144.076528][ T5876] Call Trace:
[  144.076534][ T5876]  <TASK>
[  144.076540][ T5876]  dump_stack_lvl+0x189/0x250
[  144.076555][ T5876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.076566][ T5876]  ? __pfx_print_modules+0x10/0x10
[  144.076580][ T5876]  bad_page+0x180/0x1c0
[  144.076592][ T5876]  __free_frozen_pages+0xe17/0xe70
[  144.076606][ T5876]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  144.076624][ T5876]  bpf_xdp_adjust_tail+0x1d6/0x220
[  144.076637][ T5876]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  144.076647][ T5876]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  144.076670][ T5876]  do_xdp_generic+0x9f7/0x11a0
[  144.076694][ T5876]  ? __pfx_do_xdp_generic+0x10/0x10
[  144.076709][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  144.076723][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  144.076734][ T5876]  tun_get_user+0x23fb/0x3ce0
[  144.076748][ T5876]  ? aa_file_perm+0x11f/0xed0
[  144.076758][ T5876]  ? __pfx_tun_get_user+0x10/0x10
[  144.076768][ T5876]  ? aa_file_perm+0x3e7/0xed0
[  144.076776][ T5876]  ? __pfx_preempt_schedule+0x10/0x10
[  144.076795][ T5876]  ? ref_tracker_alloc+0x318/0x460
[  144.076806][ T5876]  ? __lock_acquire+0xab9/0xd20
[  144.076816][ T5876]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  144.076827][ T5876]  ? tun_get+0x1c/0x2f0
[  144.076838][ T5876]  ? tun_get+0x1c/0x2f0
[  144.076848][ T5876]  ? tun_get+0x1c/0x2f0
[  144.076857][ T5876]  tun_chr_write_iter+0x113/0x200
[  144.076867][ T5876]  vfs_write+0x54b/0xa90
[  144.076882][ T5876]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  144.076892][ T5876]  ? __pfx_vfs_write+0x10/0x10
[  144.076905][ T5876]  ? __fget_files+0x2a/0x420
[  144.076922][ T5876]  ksys_write+0x145/0x250
[  144.076934][ T5876]  ? __pfx_ksys_write+0x10/0x10
[  144.076943][ T5876]  ? rcu_is_watching+0x15/0xb0
[  144.076956][ T5876]  ? do_syscall_64+0xbe/0x3b0
[  144.076967][ T5876]  do_syscall_64+0xfa/0x3b0
[  144.076977][ T5876]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.076984][ T5876]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.076994][ T5876]  ? clear_bhb_loop+0x60/0xb0
[  144.077004][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.077014][ T5876] RIP: 0033:0x7fe83e58bc1f
[  144.077024][ T5876] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  144.077031][ T5876] RSP: 002b:00007fe83f35f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  144.077043][ T5876] RAX: ffffffffffffffda RBX: 00007fe83e7a5fa0 RCX: 00007fe83e58bc1f
[  144.077049][ T5876] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  144.077055][ T5876] RBP: 00007fe83e60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  144.077063][ T5876] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  144.077069][ T5876] R13: 0000000000000000 R14: 00007fe83e7a5fa0 R15: 00007fffca44a098
[  144.077079][ T5876]  </TASK>
[  144.077087][ T5876] BUG: Bad page state in process syz.0.16  pfn:3fd23
[  144.207044][ T5876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x3fd23
[  144.211187][ T5876] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  144.214126][ T5876] raw: 04fff00000000000 dead000000000040 ffff88801e8f0000 0000000000000000
[  144.217733][ T5876] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  144.221191][ T5876] page dumped because: page_pool leak
[  144.223422][ T5876] page_owner tracks the page as allocated
[  144.225936][ T5876] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5876, tgid 5875 (syz.0.16), ts 142108958786, free_ts 142106219495
[  144.232607][ T5876]  post_alloc_hook+0x240/0x2a0
[  144.234618][ T5876]  get_page_from_freelist+0x21e4/0x22c0
[  144.237022][ T5876]  __alloc_frozen_pages_noprof+0x181/0x370
[  144.239398][ T5876]  alloc_pages_bulk_noprof+0x560/0x710
[  144.241677][ T5876]  __page_pool_alloc_pages_slow+0x127/0x740
[  144.244167][ T5876]  skb_pp_cow_data+0xb47/0x13e0
[  144.246279][ T5876]  do_xdp_generic+0x699/0x11a0
[  144.248302][ T5876]  tun_get_user+0x23fb/0x3ce0
[  144.250290][ T5876]  tun_chr_write_iter+0x113/0x200
[  144.252381][ T5876]  vfs_write+0x54b/0xa90
[  144.254184][ T5876]  ksys_write+0x145/0x250
[  144.256080][ T5876]  do_syscall_64+0xfa/0x3b0
[  144.258003][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.260442][ T5876] page last free pid 15 tgid 15 stack trace:
[  144.262909][ T5876]  __free_frozen_pages+0xc71/0xe70
[  144.265158][ T5876]  __tlb_remove_table+0x2d2/0x3b0
[  144.267194][ T5876]  tlb_remove_table_rcu+0x85/0x100
[  144.269314][ T5876]  rcu_core+0xca5/0x1710
[  144.271073][ T5876]  handle_softirqs+0x286/0x870
[  144.273069][ T5876]  run_ksoftirqd+0x9b/0x100
[  144.275115][ T5876]  smpboot_thread_fn+0x53f/0xa60
[  144.277692][ T5876]  kthread+0x70e/0x8a0
[  144.279552][ T5876]  ret_from_fork+0x3fc/0x770
[  144.281505][ T5876]  ret_from_fork_asm+0x1a/0x30
[  144.283724][ T5876] Modules linked in:
[  144.285431][ T5876] CPU: 0 UID: 0 PID: 5876 Comm: syz.0.16 Tainted: G    B               6.16.0-rc4-syzkaller-ga79a588fc176 #0 PREEMPT(full) 
[  144.285445][ T5876] Tainted: [B]=BAD_PAGE
[  144.285449][ T5876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  144.285456][ T5876] Call Trace:
[  144.285462][ T5876]  <TASK>
[  144.285468][ T5876]  dump_stack_lvl+0x189/0x250
[  144.285483][ T5876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.285495][ T5876]  ? __pfx_print_modules+0x10/0x10
[  144.285511][ T5876]  bad_page+0x180/0x1c0
[  144.285522][ T5876]  __free_frozen_pages+0xe17/0xe70
[  144.285537][ T5876]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  144.285556][ T5876]  bpf_xdp_adjust_tail+0x1d6/0x220
[  144.285567][ T5876]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  144.285576][ T5876]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  144.285599][ T5876]  do_xdp_generic+0x9f7/0x11a0
[  144.285615][ T5876]  ? __pfx_do_xdp_generic+0x10/0x10
[  144.285631][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  144.285644][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  144.285655][ T5876]  tun_get_user+0x23fb/0x3ce0
[  144.285669][ T5876]  ? aa_file_perm+0x11f/0xed0
[  144.285679][ T5876]  ? __pfx_tun_get_user+0x10/0x10
[  144.285689][ T5876]  ? aa_file_perm+0x3e7/0xed0
[  144.285697][ T5876]  ? __pfx_preempt_schedule+0x10/0x10
[  144.285714][ T5876]  ? ref_tracker_alloc+0x318/0x460
[  144.285724][ T5876]  ? __lock_acquire+0xab9/0xd20
[  144.285734][ T5876]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  144.285744][ T5876]  ? tun_get+0x1c/0x2f0
[  144.285753][ T5876]  ? tun_get+0x1c/0x2f0
[  144.285762][ T5876]  ? tun_get+0x1c/0x2f0
[  144.285772][ T5876]  tun_chr_write_iter+0x113/0x200
[  144.285792][ T5876]  vfs_write+0x54b/0xa90
[  144.285804][ T5876]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  144.285814][ T5876]  ? __pfx_vfs_write+0x10/0x10
[  144.285826][ T5876]  ? __fget_files+0x2a/0x420
[  144.285841][ T5876]  ksys_write+0x145/0x250
[  144.285853][ T5876]  ? __pfx_ksys_write+0x10/0x10
[  144.285862][ T5876]  ? rcu_is_watching+0x15/0xb0
[  144.285874][ T5876]  ? do_syscall_64+0xbe/0x3b0
[  144.285886][ T5876]  do_syscall_64+0xfa/0x3b0
[  144.285895][ T5876]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.285904][ T5876]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.285914][ T5876]  ? clear_bhb_loop+0x60/0xb0
[  144.285924][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.285934][ T5876] RIP: 0033:0x7fe83e58bc1f
[  144.285944][ T5876] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  144.285953][ T5876] RSP: 002b:00007fe83f35f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  144.285964][ T5876] RAX: ffffffffffffffda RBX: 00007fe83e7a5fa0 RCX: 00007fe83e58bc1f
[  144.285971][ T5876] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  144.285978][ T5876] RBP: 00007fe83e60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  144.285983][ T5876] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  144.285989][ T5876] R13: 0000000000000000 R14: 00007fe83e7a5fa0 R15: 00007fffca44a098
[  144.286000][ T5876]  </TASK>
[  144.286008][ T5876] BUG: Bad page state in process syz.0.16  pfn:4cdc0
[  144.412639][ T5876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804cdc0400 pfn:0x4cdc0
[  144.417100][ T5876] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  144.420258][ T5876] raw: 04fff00000000000 dead000000000040 ffff88801e8f0000 0000000000000000
[  144.423749][ T5876] raw: ffff88804cdc0400 0000000000000001 00000000ffffffff 0000000000000000
[  144.427324][ T5876] page dumped because: page_pool leak
[  144.429530][ T5876] page_owner tracks the page as allocated
[  144.431884][ T5876] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5876, tgid 5875 (syz.0.16), ts 142108948956, free_ts 142106229240
[  144.438760][ T5876]  post_alloc_hook+0x240/0x2a0
[  144.440835][ T5876]  get_page_from_freelist+0x21e4/0x22c0
[  144.443290][ T5876]  __alloc_frozen_pages_noprof+0x181/0x370
[  144.445823][ T5876]  alloc_pages_bulk_noprof+0x560/0x710
[  144.448189][ T5876]  __page_pool_alloc_pages_slow+0x127/0x740
[  144.450608][ T5876]  skb_pp_cow_data+0xb47/0x13e0
[  144.452675][ T5876]  do_xdp_generic+0x699/0x11a0
[  144.454732][ T5876]  tun_get_user+0x23fb/0x3ce0
[  144.456917][ T5876]  tun_chr_write_iter+0x113/0x200
[  144.458943][ T5876]  vfs_write+0x54b/0xa90
[  144.460758][ T5876]  ksys_write+0x145/0x250
[  144.462927][ T5876]  do_syscall_64+0xfa/0x3b0
[  144.465485][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.468759][ T5876] page last free pid 15 tgid 15 stack trace:
[  144.471423][ T5876]  __free_frozen_pages+0xc71/0xe70
[  144.473573][ T5876]  __tlb_remove_table+0x2d2/0x3b0
[  144.475751][ T5876]  tlb_remove_table_rcu+0x85/0x100
[  144.477926][ T5876]  rcu_core+0xca5/0x1710
[  144.479660][ T5876]  handle_softirqs+0x286/0x870
[  144.481713][ T5876]  run_ksoftirqd+0x9b/0x100
[  144.483785][ T5876]  smpboot_thread_fn+0x53f/0xa60
[  144.485931][ T5876]  kthread+0x70e/0x8a0
[  144.487679][ T5876]  ret_from_fork+0x3fc/0x770
[  144.489540][ T5876]  ret_from_fork_asm+0x1a/0x30
[  144.491585][ T5876] Modules linked in:
[  144.493263][ T5876] CPU: 0 UID: 0 PID: 5876 Comm: syz.0.16 Tainted: G    B               6.16.0-rc4-syzkaller-ga79a588fc176 #0 PREEMPT(full) 
[  144.493280][ T5876] Tainted: [B]=BAD_PAGE
[  144.493284][ T5876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  144.493290][ T5876] Call Trace:
[  144.493298][ T5876]  <TASK>
[  144.493303][ T5876]  dump_stack_lvl+0x189/0x250
[  144.493318][ T5876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.493330][ T5876]  ? __pfx_print_modules+0x10/0x10
[  144.493346][ T5876]  bad_page+0x180/0x1c0
[  144.493357][ T5876]  __free_frozen_pages+0xe17/0xe70
[  144.493373][ T5876]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  144.493393][ T5876]  bpf_xdp_adjust_tail+0x1d6/0x220
[  144.493406][ T5876]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  144.493415][ T5876]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  144.493433][ T5876]  do_xdp_generic+0x9f7/0x11a0
[  144.493444][ T5876]  ? __pfx_do_xdp_generic+0x10/0x10
[  144.493454][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  144.493463][ T5876]  ? tun_get_user+0x22c6/0x3ce0
[  144.493469][ T5876]  tun_get_user+0x23fb/0x3ce0
[  144.493478][ T5876]  ? aa_file_perm+0x11f/0xed0
[  144.493484][ T5876]  ? __pfx_tun_get_user+0x10/0x10
[  144.493491][ T5876]  ? aa_file_perm+0x3e7/0xed0
[  144.493496][ T5876]  ? __pfx_preempt_schedule+0x10/0x10
[  144.493507][ T5876]  ? ref_tracker_alloc+0x318/0x460
[  144.493513][ T5876]  ? __lock_acquire+0xab9/0xd20
[  144.493520][ T5876]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  144.493526][ T5876]  ? tun_get+0x1c/0x2f0
[  144.493533][ T5876]  ? tun_get+0x1c/0x2f0
[  144.493538][ T5876]  ? tun_get+0x1c/0x2f0
[  144.493545][ T5876]  tun_chr_write_iter+0x113/0x200
[  144.493552][ T5876]  vfs_write+0x54b/0xa90
[  144.493561][ T5876]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  144.493567][ T5876]  ? __pfx_vfs_write+0x10/0x10
[  144.493575][ T5876]  ? __fget_files+0x2a/0x420
[  144.493584][ T5876]  ksys_write+0x145/0x250
[  144.493592][ T5876]  ? __pfx_ksys_write+0x10/0x10
[  144.493601][ T5876]  ? rcu_is_watching+0x15/0xb0
[  144.493612][ T5876]  ? do_syscall_64+0xbe/0x3b0
[  144.493623][ T5876]  do_syscall_64+0xfa/0x3b0
[  144.493633][ T5876]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.493641][ T5876]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.493648][ T5876]  ? clear_bhb_loop+0x60/0xb0
[  144.493658][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.493668][ T5876] RIP: 0033:0x7fe83e58bc1f
[  144.493678][ T5876] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  144.493687][ T5876] RSP: 002b:00007fe83f35f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  144.493698][ T5876] RAX: ffffffffffffffda RBX: 00007fe83e7a5fa0 RCX: 00007fe83e58bc1f
[  144.493703][ T5876] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  144.493709][ T5876] RBP: 00007fe83e60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  144.493715][ T5876] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  144.493721][ T5876] R13: 0000000000000000 R14: 00007fe83e7a5fa0 R15: 00007fffca44a098
[  144.493730][ T5876]  </TASK>
[  144.651236][ T4690] Bluetooth: hci0: command tx timeout
[  144.893968][ T5886] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804cdeae00 pfn:0x4cdea
[  144.898150][ T5886] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  144.901143][ T5886] raw: 04fff00000000000 dead000000000040 ffff88801e8f0000 0000000000000000
[  144.904654][ T5886] raw: ffff88804cdeae00 3fffffffffffffff 00000000ffffffff 0000000000000000
[  144.908174][ T5886] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[  144.911290][ T5886] page_owner tracks the page as allocated
[  144.913555][ T5886] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5876, tgid 5875 (syz.0.16), ts 142109070078, free_ts 142106058401
[  144.920432][ T5886]  post_alloc_hook+0x240/0x2a0
[  144.922399][ T5886]  get_page_from_freelist+0x21e4/0x22c0
[  144.924764][ T5886]  __alloc_frozen_pages_noprof+0x181/0x370
[  144.927273][ T5886]  alloc_pages_bulk_noprof+0x560/0x710
[  144.929552][ T5886]  __page_pool_alloc_pages_slow+0x127/0x740
[  144.931989][ T5886]  page_pool_alloc_frag_netmem+0x421/0x9b0
[  144.934637][ T5886]  skb_pp_cow_data+0xb69/0x13e0
[  144.937194][ T5886]  do_xdp_generic+0x699/0x11a0
[  144.939211][ T5886]  tun_get_user+0x23fb/0x3ce0
[  144.941309][ T5886]  tun_chr_write_iter+0x113/0x200
[  144.943431][ T5886]  vfs_write+0x54b/0xa90
[  144.945319][ T5886]  ksys_write+0x145/0x250
[  144.947113][ T5886]  do_syscall_64+0xfa/0x3b0
[  144.949018][ T5886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.951427][ T5886] page last free pid 15 tgid 15 stack trace:
[  144.953983][ T5886]  __free_frozen_pages+0xc71/0xe70
[  144.956239][ T5886]  __tlb_remove_table+0x2d2/0x3b0
[  144.958450][ T5886]  tlb_remove_table_rcu+0x85/0x100
[  144.960635][ T5886]  rcu_core+0xca5/0x1710
[  144.962453][ T5886]  handle_softirqs+0x286/0x870
[  144.964552][ T5886]  run_ksoftirqd+0x9b/0x100
[  144.966584][ T5886]  smpboot_thread_fn+0x53f/0xa60
[  144.968694][ T5886]  kthread+0x70e/0x8a0
[  144.970415][ T5886]  ret_from_fork+0x3fc/0x770
[  144.972406][ T5886]  ret_from_fork_asm+0x1a/0x30
[  144.974566][ T5886] ------------[ cut here ]------------
[  144.977006][ T5886] kernel BUG at ./include/linux/mm.h:1034!
[  144.979501][ T5886] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[  144.982226][ T5886] CPU: 0 UID: 0 PID: 5886 Comm: syz.0.17 Tainted: G    B               6.16.0-rc4-syzkaller-ga79a588fc176 #0 PREEMPT(full) 
[  144.987542][ T5886] Tainted: [B]=BAD_PAGE
[  144.989318][ T5886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  144.993841][ T5886] RIP: 0010:page_frag_free+0x182/0x240
[  144.996132][ T5886] Code: 38 c1 0f 8c 64 ff ff ff 4c 89 f7 e8 78 05 0c 00 e9 57 ff ff ff e8 ce 82 a8 ff 48 89 df 48 c7 c6 00 c8 96 8b e8 af 28 f0 ff 90 <0f> 0b f3 0f 1e fa 48 89 de 48 81 e6 ff 0f 00 00 31 ff e8 87 87 a8
[  145.004117][ T5886] RSP: 0018:ffffc9000cc5f4b8 EFLAGS: 00010246
[  145.006696][ T5886] RAX: de488e929bf02400 RBX: ffffea0001337a80 RCX: de488e929bf02400
[  145.009615][ T5886] RDX: 0000000000000000 RSI: ffffffff8be29660 RDI: ffff888032e30000
[  145.012791][ T5886] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[  145.015974][ T5886] R10: dffffc0000000000 R11: fffffbfff1bfa9fc R12: dffffc0000000000
[  145.019143][ T5886] R13: dffffc0000000000 R14: ffffea0001337ab4 R15: dead000000000040
[  145.022450][ T5886] FS:  00007fe83f35f6c0(0000) GS:ffff88808d21c000(0000) knlGS:0000000000000000
[  145.026120][ T5886] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  145.028792][ T5886] CR2: 0000200000010000 CR3: 0000000050a6a000 CR4: 0000000000352ef0
[  145.032143][ T5886] Call Trace:
[  145.033598][ T5886]  <TASK>
[  145.034787][ T5886]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  145.037199][ T5886]  bpf_xdp_adjust_tail+0x1d6/0x220
[  145.039374][ T5886]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  145.041636][ T5886]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  145.044324][ T5886]  do_xdp_generic+0x9f7/0x11a0
[  145.046306][ T5886]  ? __pfx_do_xdp_generic+0x10/0x10
[  145.048447][ T5886]  ? __pfx_eth_type_trans+0x10/0x10
[  145.050577][ T5886]  ? tun_get_user+0x22c6/0x3ce0
[  145.052771][ T5886]  ? tun_get_user+0x22c6/0x3ce0
[  145.055026][ T5886]  tun_get_user+0x23fb/0x3ce0
[  145.057048][ T5886]  ? aa_file_perm+0x11f/0xed0
[  145.059082][ T5886]  ? rcu_is_watching+0x15/0xb0
[  145.061160][ T5886]  ? lock_release+0x4b/0x3e0
[  145.063039][ T5886]  ? __pfx_tun_get_user+0x10/0x10
[  145.065095][ T5886]  ? aa_file_perm+0x3e7/0xed0
[  145.067031][ T5886]  ? __pfx_preempt_schedule+0x10/0x10
[  145.069274][ T5886]  ? ref_tracker_alloc+0x318/0x460
[  145.071396][ T5886]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  145.073576][ T5886]  ? futex_private_hash_put+0x23a/0x290
[  145.076163][ T5886]  ? tun_get+0x1c/0x2f0
[  145.078167][ T5886]  ? tun_get+0x1c/0x2f0
[  145.080229][ T5886]  ? rcu_is_watching+0x15/0xb0
[  145.082224][ T5886]  ? tun_get+0x1c/0x2f0
[  145.084049][ T5886]  ? lock_release+0x4b/0x3e0
[  145.085946][ T5886]  ? tun_get+0x1c/0x2f0
[  145.087675][ T5886]  tun_chr_write_iter+0x113/0x200
[  145.089677][ T5886]  vfs_write+0x54b/0xa90
[  145.091442][ T5886]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  145.093723][ T5886]  ? __pfx_vfs_write+0x10/0x10
[  145.095756][ T5886]  ? __fget_files+0x2a/0x420
[  145.097616][ T5886]  ksys_write+0x145/0x250
[  145.099349][ T5886]  ? __pfx_ksys_write+0x10/0x10
[  145.101353][ T5886]  ? rcu_is_watching+0x15/0xb0
[  145.103368][ T5886]  ? rcu_is_watching+0x15/0xb0
[  145.105491][ T5886]  do_syscall_64+0xfa/0x3b0
[  145.107688][ T5886]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.110238][ T5886]  ? clear_bhb_loop+0x60/0xb0
[  145.112246][ T5886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.114868][ T5886] RIP: 0033:0x7fe83e58bc1f
[  145.116748][ T5886] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  145.125236][ T5886] RSP: 002b:00007fe83f35f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  145.128754][ T5886] RAX: ffffffffffffffda RBX: 00007fe83e7a5fa0 RCX: 00007fe83e58bc1f
[  145.132078][ T5886] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  145.135250][ T5886] RBP: 00007fe83e60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  145.138482][ T5886] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  145.141604][ T5886] R13: 0000000000000000 R14: 00007fe83e7a5fa0 R15: 00007fffca44a098
[  145.144736][ T5886]  </TASK>
[  145.145950][ T5886] Modules linked in:
[  145.147607][ T5886] ---[ end trace 0000000000000000 ]---
[  145.149747][ T5886] RIP: 0010:page_frag_free+0x182/0x240
[  145.151906][ T5886] Code: 38 c1 0f 8c 64 ff ff ff 4c 89 f7 e8 78 05 0c 00 e9 57 ff ff ff e8 ce 82 a8 ff 48 89 df 48 c7 c6 00 c8 96 8b e8 af 28 f0 ff 90 <0f> 0b f3 0f 1e fa 48 89 de 48 81 e6 ff 0f 00 00 31 ff e8 87 87 a8
[  145.158938][ T5886] RSP: 0018:ffffc9000cc5f4b8 EFLAGS: 00010246
[  145.161462][ T5886] RAX: de488e929bf02400 RBX: ffffea0001337a80 RCX: de488e929bf02400
[  145.164686][ T5886] RDX: 0000000000000000 RSI: ffffffff8be29660 RDI: ffff888032e30000
[  145.168006][ T5886] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[  145.171343][ T5886] R10: dffffc0000000000 R11: fffffbfff1bfa9fc R12: dffffc0000000000
[  145.174595][ T5886] R13: dffffc0000000000 R14: ffffea0001337ab4 R15: dead000000000040
[  145.178336][ T5886] FS:  00007fe83f35f6c0(0000) GS:ffff88808d21c000(0000) knlGS:0000000000000000
[  145.183744][ T5886] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  145.186620][ T5886] CR2: 0000200000010000 CR3: 0000000050a6a000 CR4: 0000000000352ef0
[  145.190073][ T5886] Kernel panic - not syncing: Fatal exception in interrupt
[  145.193353][ T5886] Kernel Offset: disabled
[  145.195207][ T5886] Rebooting in 86400 seconds..