Warning: Permanently added '10.128.0.28' (ED25519) to the list of known hosts.
2024/12/22 22:45:29 ignoring optional flag "sandboxArg"="0"
2024/12/22 22:45:30 parsed 1 programs
[ 103.406903][ T6234] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 107.385814][ T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.394679][ T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.426795][ T3502] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.435737][ T3502] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.329397][ T6308] chnl_net:caif_netlink_parms(): no params data found
[ 108.384491][ T6308] bridge0: port 1(bridge_slave_0) entered blocking state
[ 108.392183][ T6308] bridge0: port 1(bridge_slave_0) entered disabled state
[ 108.399377][ T6308] bridge_slave_0: entered allmulticast mode
[ 108.406618][ T6308] bridge_slave_0: entered promiscuous mode
[ 108.415506][ T6308] bridge0: port 2(bridge_slave_1) entered blocking state
[ 108.422762][ T6308] bridge0: port 2(bridge_slave_1) entered disabled state
[ 108.429925][ T6308] bridge_slave_1: entered allmulticast mode
[ 108.437245][ T6308] bridge_slave_1: entered promiscuous mode
[ 108.464568][ T6308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 108.475697][ T6308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 108.498039][ T6308] team0: Port device team_slave_0 added
[ 108.507558][ T6308] team0: Port device team_slave_1 added
[ 108.539901][ T6308] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 108.546946][ T6308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 108.573373][ T6308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 108.585353][ T6308] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 108.592387][ T6308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 108.619354][ T6308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 108.661823][ T6308] hsr_slave_0: entered promiscuous mode
[ 108.668149][ T6308] hsr_slave_1: entered promiscuous mode
[ 109.171655][ T6308] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 109.188062][ T6308] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 109.197931][ T6308] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 109.209782][ T6308] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 109.287297][ T6308] 8021q: adding VLAN 0 to HW filter on device bond0
[ 109.322350][ T6308] 8021q: adding VLAN 0 to HW filter on device team0
[ 109.337921][ T137] bridge0: port 1(bridge_slave_0) entered blocking state
[ 109.345095][ T137] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 109.378167][ T137] bridge0: port 2(bridge_slave_1) entered blocking state
[ 109.385469][ T137] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 109.552199][ T6308] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 109.597816][ T6308] veth0_vlan: entered promiscuous mode
[ 109.609183][ T6308] veth1_vlan: entered promiscuous mode
[ 109.638203][ T6308] veth0_macvtap: entered promiscuous mode
[ 109.647757][ T6308] veth1_macvtap: entered promiscuous mode
[ 109.670964][ T6308] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 109.686419][ T6308] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 109.699714][ T6308] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.710463][ T6308] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.719514][ T6308] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.729585][ T6308] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.912284][ T80] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 109.932060][ T5133] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 109.941413][ T5133] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 109.952953][ T5133] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 109.961793][ T5133] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 109.969448][ T5133] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 109.978167][ T5133] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 109.997756][ T80] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 110.086941][ T80] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2024/12/22 22:45:40 executed programs: 0
[ 110.193104][ T80] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 110.224161][ T5873] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 110.237305][ T5873] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 110.245876][ T5873] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 110.262154][ T5873] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 110.273038][ T5873] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 110.290483][ T5873] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 110.476247][ T6383] chnl_net:caif_netlink_parms(): no params data found
[ 110.572529][ T6383] bridge0: port 1(bridge_slave_0) entered blocking state
[ 110.579762][ T6383] bridge0: port 1(bridge_slave_0) entered disabled state
[ 110.589761][ T6383] bridge_slave_0: entered allmulticast mode
[ 110.597721][ T6383] bridge_slave_0: entered promiscuous mode
[ 110.612293][ T6383] bridge0: port 2(bridge_slave_1) entered blocking state
[ 110.619505][ T6383] bridge0: port 2(bridge_slave_1) entered disabled state
[ 110.633040][ T6383] bridge_slave_1: entered allmulticast mode
[ 110.641596][ T6383] bridge_slave_1: entered promiscuous mode
[ 110.679442][ T6383] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 110.694906][ T6383] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 110.734287][ T6383] team0: Port device team_slave_0 added
[ 110.745732][ T6383] team0: Port device team_slave_1 added
[ 110.783672][ T6383] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 110.791354][ T6383] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 110.820792][ T6383] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 110.837001][ T6383] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 110.845306][ T6383] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 110.874836][ T6383] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 110.933275][ T6383] hsr_slave_0: entered promiscuous mode
[ 110.942746][ T6383] hsr_slave_1: entered promiscuous mode
[ 110.949093][ T6383] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 110.956836][ T6383] Cannot create hsr debugfs directory
[ 112.350228][ T5133] Bluetooth: hci1: command tx timeout
[ 112.916064][ T80] bridge_slave_1: left allmulticast mode
[ 112.923730][ T80] bridge_slave_1: left promiscuous mode
[ 112.929517][ T80] bridge0: port 2(bridge_slave_1) entered disabled state
[ 112.939479][ T80] bridge_slave_0: left allmulticast mode
[ 112.945753][ T80] bridge_slave_0: left promiscuous mode
[ 112.955483][ T80] bridge0: port 1(bridge_slave_0) entered disabled state
[ 113.289554][ T80] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 113.300136][ T80] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 113.310196][ T80] bond0 (unregistering): Released all slaves
[ 113.403897][ T80] hsr_slave_0: left promiscuous mode
[ 113.412147][ T80] hsr_slave_1: left promiscuous mode
[ 113.418607][ T80] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 113.426762][ T80] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 113.435122][ T80] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 113.444452][ T80] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 113.461181][ T80] veth1_macvtap: left promiscuous mode
[ 113.470206][ T80] veth0_macvtap: left promiscuous mode
[ 113.476057][ T80] veth1_vlan: left promiscuous mode
[ 113.482058][ T80] veth0_vlan: left promiscuous mode
[ 113.928157][ T80] team0 (unregistering): Port device team_slave_1 removed
[ 113.972654][ T80] team0 (unregistering): Port device team_slave_0 removed
[ 114.430298][ T5133] Bluetooth: hci1: command tx timeout
[ 114.614672][ T6383] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 114.641716][ T6383] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 114.654938][ T6383] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 114.666539][ T6383] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 114.807466][ T6383] 8021q: adding VLAN 0 to HW filter on device bond0
[ 114.838965][ T6383] 8021q: adding VLAN 0 to HW filter on device team0
[ 114.851549][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 114.858758][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 114.885795][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 114.893013][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 115.089545][ T6383] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 115.139614][ T6383] veth0_vlan: entered promiscuous mode
[ 115.153153][ T6383] veth1_vlan: entered promiscuous mode
[ 115.177503][ T6383] veth0_macvtap: entered promiscuous mode
[ 115.187327][ T6383] veth1_macvtap: entered promiscuous mode
[ 115.206903][ T6383] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 115.221770][ T6383] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 115.232107][ T6383] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.241260][ T6383] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.250810][ T6383] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.259551][ T6383] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.325582][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 115.336223][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 115.361700][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
2024/12/22 22:45:45 executed programs: 2
[ 115.371257][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 115.439249][ T6641] BUG: Bad page state in process syz.0.15 pfn:2a2f5
[ 115.446193][ T6641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x2a2f5
[ 115.455074][ T6641] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 115.462297][ T6641] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 115.470961][ T6641] raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000
[ 115.479625][ T6641] page dumped because: page_pool leak
[ 115.485076][ T6641] page_owner tracks the page as allocated
[ 115.491102][ T6641] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6641, tgid 6640 (syz.0.15), ts 115439143016, free_ts 107891537976
[ 115.508403][ T6641] post_alloc_hook+0x1f3/0x230
[ 115.513308][ T6641] get_page_from_freelist+0x3651/0x37a0
[ 115.518897][ T6641] __alloc_pages_noprof+0x292/0x710
[ 115.524357][ T6641] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 115.529867][ T6641] __page_pool_alloc_pages_slow+0x122/0x690
[ 115.536039][ T6641] page_pool_alloc_pages+0xd0/0x1c0
[ 115.541507][ T6641] skb_pp_cow_data+0xc43/0x1640
[ 115.546403][ T6641] do_xdp_generic+0x505/0xd30
[ 115.551150][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 115.556916][ T6641] __netif_receive_skb+0x12f/0x650
[ 115.562185][ T6641] netif_receive_skb+0x1e8/0x890
[ 115.567162][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 115.571999][ T6641] tun_get_user+0x30cc/0x48a0
[ 115.576787][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 115.581881][ T6641] vfs_write+0xaeb/0xd30
[ 115.586126][ T6641] ksys_write+0x18f/0x2b0
[ 115.590763][ T6641] page last free pid 6291 tgid 6291 stack trace:
[ 115.597110][ T6641] free_unref_page+0xd2c/0x1000
[ 115.602171][ T6641] vfree+0x1c3/0x360
[ 115.606353][ T6641] kcov_close+0x28/0x50
[ 115.610663][ T6641] __fput+0x23c/0xa50
[ 115.614768][ T6641] task_work_run+0x24f/0x310
[ 115.619432][ T6641] do_exit+0xa2a/0x28e0
[ 115.623702][ T6641] do_group_exit+0x207/0x2c0
[ 115.628333][ T6641] get_signal+0x16b2/0x1750
[ 115.632930][ T6641] arch_do_signal_or_restart+0x96/0x860
[ 115.638592][ T6641] syscall_exit_to_user_mode+0xce/0x340
[ 115.644219][ T6641] do_syscall_64+0x100/0x230
[ 115.648848][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.654895][ T6641] Modules linked in:
[ 115.658832][ T6641] CPU: 1 UID: 0 PID: 6641 Comm: syz.0.15 Not tainted 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 115.668820][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 115.678894][ T6641] Call Trace:
[ 115.682197][ T6641]
[ 115.685240][ T6641] dump_stack_lvl+0x241/0x360
[ 115.689947][ T6641] ? __pfx_dump_stack_lvl+0x10/0x10
[ 115.695336][ T6641] ? __pfx_print_modules+0x10/0x10
[ 115.700459][ T6641] bad_page+0x176/0x1d0
[ 115.704735][ T6641] free_unref_page+0xf9e/0x1000
[ 115.709596][ T6641] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 115.715239][ T6641] bpf_xdp_adjust_tail+0x1c3/0x200
[ 115.720716][ T6641] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 115.726187][ T6641] bpf_prog_run_generic_xdp+0x686/0x1510
[ 115.731876][ T6641] do_xdp_generic+0x757/0xd30
[ 115.736648][ T6641] ? __pfx_do_xdp_generic+0x10/0x10
[ 115.741851][ T6641] ? __skb_flow_dissect+0x4f1/0x7d00
[ 115.747149][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 115.753021][ T6641] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 115.759180][ T6641] ? mark_lock+0x9a/0x360
[ 115.763523][ T6641] ? __lock_acquire+0x1397/0x2100
[ 115.768570][ T6641] __netif_receive_skb+0x12f/0x650
[ 115.773686][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 115.778803][ T6641] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 115.785046][ T6641] ? __pfx___netif_receive_skb+0x10/0x10
[ 115.790683][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 115.795536][ T6641] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 115.801349][ T6641] ? read_tsc+0x9/0x20
[ 115.805507][ T6641] ? netif_receive_skb+0x131/0x890
[ 115.810704][ T6641] ? netif_receive_skb+0x131/0x890
[ 115.815823][ T6641] netif_receive_skb+0x1e8/0x890
[ 115.820767][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 115.825795][ T6641] ? __pfx_netif_receive_skb+0x10/0x10
[ 115.831273][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 115.836216][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 115.841082][ T6641] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 115.847607][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 115.852629][ T6641] ? __pfx_tun_rx_batched+0x10/0x10
[ 115.857843][ T6641] tun_get_user+0x30cc/0x48a0
[ 115.862569][ T6641] ? tun_get_user+0x2bba/0x48a0
[ 115.867436][ T6641] ? __lock_acquire+0x1397/0x2100
[ 115.872563][ T6641] ? __pfx_tun_get_user+0x10/0x10
[ 115.877606][ T6641] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 115.883281][ T6641] ? tun_get+0x1e/0x2f0
[ 115.887437][ T6641] ? __pfx_lock_release+0x10/0x10
[ 115.892476][ T6641] ? tun_get+0x1e/0x2f0
[ 115.896635][ T6641] ? tun_get+0x27d/0x2f0
[ 115.900915][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 115.906031][ T6641] vfs_write+0xaeb/0xd30
[ 115.910416][ T6641] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 115.916124][ T6641] ? __pfx_vfs_write+0x10/0x10
[ 115.920913][ T6641] ? __fget_files+0x2a/0x410
[ 115.925547][ T6641] ? __fget_files+0x2a/0x410
[ 115.930319][ T6641] ksys_write+0x18f/0x2b0
[ 115.934661][ T6641] ? __pfx_ksys_write+0x10/0x10
[ 115.939537][ T6641] ? do_syscall_64+0x100/0x230
[ 115.944599][ T6641] ? do_syscall_64+0xb6/0x230
[ 115.949294][ T6641] do_syscall_64+0xf3/0x230
[ 115.953831][ T6641] ? clear_bhb_loop+0x35/0x90
[ 115.958538][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.964594][ T6641] RIP: 0033:0x7f750c57e98f
[ 115.969016][ T6641] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 115.988712][ T6641] RSP: 002b:00007f750d30a020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 115.997137][ T6641] RAX: ffffffffffffffda RBX: 00007f750c745fa0 RCX: 00007f750c57e98f
[ 116.005120][ T6641] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 116.013102][ T6641] RBP: 00007f750c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 116.021113][ T6641] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 116.029193][ T6641] R13: 0000000000000000 R14: 00007f750c745fa0 R15: 00007ffd45d39c38
[ 116.037274][ T6641]
[ 116.040387][ T6641] Disabling lock debugging due to kernel taint
[ 116.046558][ T6641] BUG: Bad page state in process syz.0.15 pfn:2a2f4
[ 116.053283][ T6641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802a2f4400 pfn:0x2a2f4
[ 116.063413][ T6641] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 116.070570][ T6641] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 116.079172][ T6641] raw: ffff88802a2f4400 0000000000000001 00000000ffffffff 0000000000000000
[ 116.087795][ T6641] page dumped because: page_pool leak
[ 116.093205][ T6641] page_owner tracks the page as allocated
[ 116.098946][ T6641] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6641, tgid 6640 (syz.0.15), ts 115439132034, free_ts 107891529921
[ 116.115953][ T6641] post_alloc_hook+0x1f3/0x230
[ 116.120887][ T6641] get_page_from_freelist+0x3651/0x37a0
[ 116.126443][ T6641] __alloc_pages_noprof+0x292/0x710
[ 116.131876][ T6641] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 116.137378][ T6641] __page_pool_alloc_pages_slow+0x122/0x690
[ 116.143587][ T6641] page_pool_alloc_pages+0xd0/0x1c0
[ 116.148820][ T6641] skb_pp_cow_data+0xc43/0x1640
[ 116.153742][ T6641] do_xdp_generic+0x505/0xd30
[ 116.158453][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 116.164232][ T6641] __netif_receive_skb+0x12f/0x650
[ 116.169453][ T6641] netif_receive_skb+0x1e8/0x890
[ 116.174444][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 116.179156][ T6641] tun_get_user+0x30cc/0x48a0
[ 116.183908][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 116.189039][ T6641] vfs_write+0xaeb/0xd30
[ 116.193328][ T6641] ksys_write+0x18f/0x2b0
[ 116.197677][ T6641] page last free pid 6291 tgid 6291 stack trace:
[ 116.204082][ T6641] free_unref_page+0xd2c/0x1000
[ 116.208953][ T6641] vfree+0x1c3/0x360
[ 116.212905][ T6641] kcov_close+0x28/0x50
[ 116.217072][ T6641] __fput+0x23c/0xa50
[ 116.221140][ T6641] task_work_run+0x24f/0x310
[ 116.225750][ T6641] do_exit+0xa2a/0x28e0
[ 116.230064][ T6641] do_group_exit+0x207/0x2c0
[ 116.234684][ T6641] get_signal+0x16b2/0x1750
[ 116.239230][ T6641] arch_do_signal_or_restart+0x96/0x860
[ 116.245027][ T6641] syscall_exit_to_user_mode+0xce/0x340
[ 116.250649][ T6641] do_syscall_64+0x100/0x230
[ 116.255556][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.261513][ T6641] Modules linked in:
[ 116.265429][ T6641] CPU: 1 UID: 0 PID: 6641 Comm: syz.0.15 Tainted: G B 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 116.276877][ T6641] Tainted: [B]=BAD_PAGE
[ 116.281111][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 116.291183][ T6641] Call Trace:
[ 116.294503][ T6641]
[ 116.297478][ T6641] dump_stack_lvl+0x241/0x360
[ 116.302268][ T6641] ? __pfx_dump_stack_lvl+0x10/0x10
[ 116.307516][ T6641] ? __pfx_print_modules+0x10/0x10
[ 116.312916][ T6641] bad_page+0x176/0x1d0
[ 116.317103][ T6641] free_unref_page+0xf9e/0x1000
[ 116.321988][ T6641] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 116.327669][ T6641] bpf_xdp_adjust_tail+0x1c3/0x200
[ 116.332887][ T6641] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 116.338347][ T6641] bpf_prog_run_generic_xdp+0x686/0x1510
[ 116.344092][ T6641] do_xdp_generic+0x757/0xd30
[ 116.348886][ T6641] ? __pfx_do_xdp_generic+0x10/0x10
[ 116.354102][ T6641] ? __skb_flow_dissect+0x4f1/0x7d00
[ 116.359450][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 116.365452][ T6641] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 116.371536][ T6641] ? mark_lock+0x9a/0x360
[ 116.375873][ T6641] ? __lock_acquire+0x1397/0x2100
[ 116.380901][ T6641] __netif_receive_skb+0x12f/0x650
[ 116.386009][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 116.391026][ T6641] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 116.397307][ T6641] ? __pfx___netif_receive_skb+0x10/0x10
[ 116.402935][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 116.407780][ T6641] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 116.413499][ T6641] ? read_tsc+0x9/0x20
[ 116.417636][ T6641] ? netif_receive_skb+0x131/0x890
[ 116.422915][ T6641] ? netif_receive_skb+0x131/0x890
[ 116.428019][ T6641] netif_receive_skb+0x1e8/0x890
[ 116.432950][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 116.437799][ T6641] ? __pfx_netif_receive_skb+0x10/0x10
[ 116.443262][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 116.448207][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 116.452881][ T6641] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 116.459379][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 116.464577][ T6641] ? __pfx_tun_rx_batched+0x10/0x10
[ 116.469891][ T6641] tun_get_user+0x30cc/0x48a0
[ 116.474679][ T6641] ? tun_get_user+0x2bba/0x48a0
[ 116.479531][ T6641] ? __lock_acquire+0x1397/0x2100
[ 116.484570][ T6641] ? __pfx_tun_get_user+0x10/0x10
[ 116.489630][ T6641] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 116.495107][ T6641] ? tun_get+0x1e/0x2f0
[ 116.499260][ T6641] ? __pfx_lock_release+0x10/0x10
[ 116.504280][ T6641] ? tun_get+0x1e/0x2f0
[ 116.508455][ T6641] ? tun_get+0x27d/0x2f0
[ 116.512701][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 116.517770][ T6641] vfs_write+0xaeb/0xd30
[ 116.522013][ T6641] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 116.527553][ T6641] ? __pfx_vfs_write+0x10/0x10
[ 116.532311][ T6641] ? __fget_files+0x2a/0x410
[ 116.536890][ T6641] ? __fget_files+0x2a/0x410
[ 116.541476][ T6641] ksys_write+0x18f/0x2b0
[ 116.545804][ T6641] ? __pfx_ksys_write+0x10/0x10
[ 116.550664][ T6641] ? do_syscall_64+0x100/0x230
[ 116.555441][ T6641] ? do_syscall_64+0xb6/0x230
[ 116.560125][ T6641] do_syscall_64+0xf3/0x230
[ 116.564633][ T6641] ? clear_bhb_loop+0x35/0x90
[ 116.569305][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.575196][ T6641] RIP: 0033:0x7f750c57e98f
[ 116.579635][ T6641] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 116.599614][ T6641] RSP: 002b:00007f750d30a020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 116.608170][ T6641] RAX: ffffffffffffffda RBX: 00007f750c745fa0 RCX: 00007f750c57e98f
[ 116.616314][ T6641] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 116.624375][ T6641] RBP: 00007f750c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 116.632338][ T6641] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 116.640312][ T6641] R13: 0000000000000000 R14: 00007f750c745fa0 R15: 00007ffd45d39c38
[ 116.648291][ T6641]
[ 116.651474][ T6641] BUG: Bad page state in process syz.0.15 pfn:11eb3
[ 116.658231][ T6641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x11eb3
[ 116.667217][ T6641] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 116.667583][ T5133] Bluetooth: hci1: command tx timeout
[ 116.674365][ T6641] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 116.674382][ T6641] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
[ 116.674392][ T6641] page dumped because: page_pool leak
[ 116.674400][ T6641] page_owner tracks the page as allocated
[ 116.674407][ T6641] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6641, tgid 6640 (syz.0.15), ts 115439121138, free_ts 107891596340
[ 116.674434][ T6641] post_alloc_hook+0x1f3/0x230
[ 116.674455][ T6641] get_page_from_freelist+0x3651/0x37a0
[ 116.735535][ T6641] __alloc_pages_noprof+0x292/0x710
[ 116.740799][ T6641] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 116.746270][ T6641] __page_pool_alloc_pages_slow+0x122/0x690
[ 116.752220][ T6641] page_pool_alloc_pages+0xd0/0x1c0
[ 116.757497][ T6641] skb_pp_cow_data+0xc43/0x1640
[ 116.762505][ T6641] do_xdp_generic+0x505/0xd30
[ 116.767243][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 116.773041][ T6641] __netif_receive_skb+0x12f/0x650
[ 116.778168][ T6641] netif_receive_skb+0x1e8/0x890
[ 116.783226][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 116.787915][ T6641] tun_get_user+0x30cc/0x48a0
[ 116.792627][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 116.797766][ T6641] vfs_write+0xaeb/0xd30
[ 116.802049][ T6641] ksys_write+0x18f/0x2b0
[ 116.806410][ T6641] page last free pid 6291 tgid 6291 stack trace:
[ 116.812873][ T6641] free_unref_page+0xd2c/0x1000
[ 116.817760][ T6641] vfree+0x1c3/0x360
[ 116.821724][ T6641] kcov_close+0x28/0x50
[ 116.825989][ T6641] __fput+0x23c/0xa50
[ 116.830121][ T6641] task_work_run+0x24f/0x310
[ 116.834799][ T6641] do_exit+0xa2a/0x28e0
[ 116.839147][ T6641] do_group_exit+0x207/0x2c0
[ 116.843871][ T6641] get_signal+0x16b2/0x1750
[ 116.848574][ T6641] arch_do_signal_or_restart+0x96/0x860
[ 116.854431][ T6641] syscall_exit_to_user_mode+0xce/0x340
[ 116.860046][ T6641] do_syscall_64+0x100/0x230
[ 116.864761][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.870906][ T6641] Modules linked in:
[ 116.874911][ T6641] CPU: 1 UID: 0 PID: 6641 Comm: syz.0.15 Tainted: G B 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 116.886377][ T6641] Tainted: [B]=BAD_PAGE
[ 116.890522][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 116.900767][ T6641] Call Trace:
[ 116.904114][ T6641]
[ 116.907069][ T6641] dump_stack_lvl+0x241/0x360
[ 116.912207][ T6641] ? __pfx_dump_stack_lvl+0x10/0x10
[ 116.917703][ T6641] ? __pfx_print_modules+0x10/0x10
[ 116.923101][ T6641] bad_page+0x176/0x1d0
[ 116.927411][ T6641] free_unref_page+0xf9e/0x1000
[ 116.932490][ T6641] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 116.938273][ T6641] bpf_xdp_adjust_tail+0x1c3/0x200
[ 116.943515][ T6641] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 116.949010][ T6641] bpf_prog_run_generic_xdp+0x686/0x1510
[ 116.954825][ T6641] do_xdp_generic+0x757/0xd30
[ 116.959605][ T6641] ? __pfx_do_xdp_generic+0x10/0x10
[ 116.964801][ T6641] ? __skb_flow_dissect+0x4f1/0x7d00
[ 116.970187][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 116.976006][ T6641] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 116.982075][ T6641] ? mark_lock+0x9a/0x360
[ 116.986410][ T6641] ? __lock_acquire+0x1397/0x2100
[ 116.991433][ T6641] __netif_receive_skb+0x12f/0x650
[ 116.996554][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 117.001575][ T6641] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 117.007813][ T6641] ? __pfx___netif_receive_skb+0x10/0x10
[ 117.013529][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 117.018373][ T6641] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 117.024088][ T6641] ? read_tsc+0x9/0x20
[ 117.028154][ T6641] ? netif_receive_skb+0x131/0x890
[ 117.033261][ T6641] ? netif_receive_skb+0x131/0x890
[ 117.038371][ T6641] netif_receive_skb+0x1e8/0x890
[ 117.043303][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 117.048150][ T6641] ? __pfx_netif_receive_skb+0x10/0x10
[ 117.053601][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 117.058443][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 117.063199][ T6641] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 117.069527][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 117.074546][ T6641] ? __pfx_tun_rx_batched+0x10/0x10
[ 117.079753][ T6641] tun_get_user+0x30cc/0x48a0
[ 117.084425][ T6641] ? tun_get_user+0x2bba/0x48a0
[ 117.089371][ T6641] ? __lock_acquire+0x1397/0x2100
[ 117.094392][ T6641] ? __pfx_tun_get_user+0x10/0x10
[ 117.099419][ T6641] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 117.104869][ T6641] ? tun_get+0x1e/0x2f0
[ 117.109019][ T6641] ? __pfx_lock_release+0x10/0x10
[ 117.114048][ T6641] ? tun_get+0x1e/0x2f0
[ 117.118196][ T6641] ? tun_get+0x27d/0x2f0
[ 117.122430][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 117.127470][ T6641] vfs_write+0xaeb/0xd30
[ 117.131800][ T6641] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 117.137692][ T6641] ? __pfx_vfs_write+0x10/0x10
[ 117.142622][ T6641] ? __fget_files+0x2a/0x410
[ 117.147206][ T6641] ? __fget_files+0x2a/0x410
[ 117.151789][ T6641] ksys_write+0x18f/0x2b0
[ 117.156148][ T6641] ? __pfx_ksys_write+0x10/0x10
[ 117.160994][ T6641] ? do_syscall_64+0x100/0x230
[ 117.165762][ T6641] ? do_syscall_64+0xb6/0x230
[ 117.170440][ T6641] do_syscall_64+0xf3/0x230
[ 117.174941][ T6641] ? clear_bhb_loop+0x35/0x90
[ 117.179612][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.185593][ T6641] RIP: 0033:0x7f750c57e98f
[ 117.190088][ T6641] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 117.209769][ T6641] RSP: 002b:00007f750d30a020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 117.218207][ T6641] RAX: ffffffffffffffda RBX: 00007f750c745fa0 RCX: 00007f750c57e98f
[ 117.226312][ T6641] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 117.234315][ T6641] RBP: 00007f750c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 117.242714][ T6641] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 117.250854][ T6641] R13: 0000000000000000 R14: 00007f750c745fa0 R15: 00007ffd45d39c38
[ 117.258999][ T6641]
[ 117.262246][ T6641] BUG: Bad page state in process syz.0.15 pfn:11eb2
[ 117.268946][ T6641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888011eb3800 pfn:0x11eb2
[ 117.279063][ T6641] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 117.286300][ T6641] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 117.294928][ T6641] raw: ffff888011eb3800 0000000000000001 00000000ffffffff 0000000000000000
[ 117.303628][ T6641] page dumped because: page_pool leak
[ 117.309177][ T6641] page_owner tracks the page as allocated
[ 117.314929][ T6641] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6641, tgid 6640 (syz.0.15), ts 115439111449, free_ts 107891586731
[ 117.331997][ T6641] post_alloc_hook+0x1f3/0x230
[ 117.336797][ T6641] get_page_from_freelist+0x3651/0x37a0
[ 117.342440][ T6641] __alloc_pages_noprof+0x292/0x710
[ 117.347672][ T6641] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 117.353340][ T6641] __page_pool_alloc_pages_slow+0x122/0x690
[ 117.359290][ T6641] page_pool_alloc_pages+0xd0/0x1c0
[ 117.366130][ T6641] skb_pp_cow_data+0xc43/0x1640
[ 117.371061][ T6641] do_xdp_generic+0x505/0xd30
[ 117.375732][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 117.381593][ T6641] __netif_receive_skb+0x12f/0x650
[ 117.386720][ T6641] netif_receive_skb+0x1e8/0x890
[ 117.391714][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 117.396405][ T6641] tun_get_user+0x30cc/0x48a0
[ 117.401209][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 117.406250][ T6641] vfs_write+0xaeb/0xd30
[ 117.410892][ T6641] ksys_write+0x18f/0x2b0
[ 117.415245][ T6641] page last free pid 6291 tgid 6291 stack trace:
[ 117.421644][ T6641] free_unref_page+0xd2c/0x1000
[ 117.426535][ T6641] vfree+0x1c3/0x360
[ 117.430490][ T6641] kcov_close+0x28/0x50
[ 117.434719][ T6641] __fput+0x23c/0xa50
[ 117.438715][ T6641] task_work_run+0x24f/0x310
[ 117.443359][ T6641] do_exit+0xa2a/0x28e0
[ 117.447548][ T6641] do_group_exit+0x207/0x2c0
[ 117.452204][ T6641] get_signal+0x16b2/0x1750
[ 117.456732][ T6641] arch_do_signal_or_restart+0x96/0x860
[ 117.462372][ T6641] syscall_exit_to_user_mode+0xce/0x340
[ 117.468209][ T6641] do_syscall_64+0x100/0x230
[ 117.472882][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.478816][ T6641] Modules linked in:
[ 117.482776][ T6641] CPU: 1 UID: 0 PID: 6641 Comm: syz.0.15 Tainted: G B 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 117.494344][ T6641] Tainted: [B]=BAD_PAGE
[ 117.498573][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 117.508659][ T6641] Call Trace:
[ 117.511959][ T6641]
[ 117.514912][ T6641] dump_stack_lvl+0x241/0x360
[ 117.519614][ T6641] ? __pfx_dump_stack_lvl+0x10/0x10
[ 117.524833][ T6641] ? __pfx_print_modules+0x10/0x10
[ 117.529945][ T6641] bad_page+0x176/0x1d0
[ 117.534104][ T6641] free_unref_page+0xf9e/0x1000
[ 117.538955][ T6641] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 117.544590][ T6641] bpf_xdp_adjust_tail+0x1c3/0x200
[ 117.549726][ T6641] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 117.555291][ T6641] bpf_prog_run_generic_xdp+0x686/0x1510
[ 117.560934][ T6641] do_xdp_generic+0x757/0xd30
[ 117.565609][ T6641] ? __pfx_do_xdp_generic+0x10/0x10
[ 117.570812][ T6641] ? __skb_flow_dissect+0x4f1/0x7d00
[ 117.576133][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 117.582030][ T6641] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 117.588194][ T6641] ? mark_lock+0x9a/0x360
[ 117.592707][ T6641] ? __lock_acquire+0x1397/0x2100
[ 117.597741][ T6641] __netif_receive_skb+0x12f/0x650
[ 117.602936][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 117.608042][ T6641] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 117.614385][ T6641] ? __pfx___netif_receive_skb+0x10/0x10
[ 117.620063][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 117.624916][ T6641] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 117.630730][ T6641] ? read_tsc+0x9/0x20
[ 117.634822][ T6641] ? netif_receive_skb+0x131/0x890
[ 117.639970][ T6641] ? netif_receive_skb+0x131/0x890
[ 117.645261][ T6641] netif_receive_skb+0x1e8/0x890
[ 117.650200][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 117.655082][ T6641] ? __pfx_netif_receive_skb+0x10/0x10
[ 117.660538][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 117.665383][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 117.670139][ T6641] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 117.676459][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 117.681494][ T6641] ? __pfx_tun_rx_batched+0x10/0x10
[ 117.686956][ T6641] tun_get_user+0x30cc/0x48a0
[ 117.691646][ T6641] ? tun_get_user+0x2bba/0x48a0
[ 117.696497][ T6641] ? __lock_acquire+0x1397/0x2100
[ 117.701532][ T6641] ? __pfx_tun_get_user+0x10/0x10
[ 117.706575][ T6641] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 117.712032][ T6641] ? tun_get+0x1e/0x2f0
[ 117.716185][ T6641] ? __pfx_lock_release+0x10/0x10
[ 117.721210][ T6641] ? tun_get+0x1e/0x2f0
[ 117.725365][ T6641] ? tun_get+0x27d/0x2f0
[ 117.729687][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 117.734799][ T6641] vfs_write+0xaeb/0xd30
[ 117.739042][ T6641] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 117.744939][ T6641] ? __pfx_vfs_write+0x10/0x10
[ 117.749697][ T6641] ? __fget_files+0x2a/0x410
[ 117.754282][ T6641] ? __fget_files+0x2a/0x410
[ 117.758952][ T6641] ksys_write+0x18f/0x2b0
[ 117.763379][ T6641] ? __pfx_ksys_write+0x10/0x10
[ 117.768248][ T6641] ? do_syscall_64+0x100/0x230
[ 117.773299][ T6641] ? do_syscall_64+0xb6/0x230
[ 117.778070][ T6641] do_syscall_64+0xf3/0x230
[ 117.782836][ T6641] ? clear_bhb_loop+0x35/0x90
[ 117.787766][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.793761][ T6641] RIP: 0033:0x7f750c57e98f
[ 117.798179][ T6641] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 117.817876][ T6641] RSP: 002b:00007f750d30a020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 117.826306][ T6641] RAX: ffffffffffffffda RBX: 00007f750c745fa0 RCX: 00007f750c57e98f
[ 117.834456][ T6641] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 117.842518][ T6641] RBP: 00007f750c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 117.850482][ T6641] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 117.858528][ T6641] R13: 0000000000000000 R14: 00007f750c745fa0 R15: 00007ffd45d39c38
[ 117.866758][ T6641]
[ 117.869915][ T6641] BUG: Bad page state in process syz.0.15 pfn:11eb1
[ 117.876812][ T6641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x11eb1
[ 117.885883][ T6641] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 117.893053][ T6641] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 117.901684][ T6641] raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000
[ 117.910421][ T6641] page dumped because: page_pool leak
[ 117.915808][ T6641] page_owner tracks the page as allocated
[ 117.921763][ T6641] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6641, tgid 6640 (syz.0.15), ts 115439100801, free_ts 107891576260
[ 117.938731][ T6641] post_alloc_hook+0x1f3/0x230
[ 117.943555][ T6641] get_page_from_freelist+0x3651/0x37a0
[ 117.949239][ T6641] __alloc_pages_noprof+0x292/0x710
[ 117.954506][ T6641] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 117.960101][ T6641] __page_pool_alloc_pages_slow+0x122/0x690
[ 117.966067][ T6641] page_pool_alloc_pages+0xd0/0x1c0
[ 117.971342][ T6641] skb_pp_cow_data+0xc43/0x1640
[ 117.976230][ T6641] do_xdp_generic+0x505/0xd30
[ 117.981057][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 117.986802][ T6641] __netif_receive_skb+0x12f/0x650
[ 117.991973][ T6641] netif_receive_skb+0x1e8/0x890
[ 117.996933][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 118.001667][ T6641] tun_get_user+0x30cc/0x48a0
[ 118.006527][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 118.011601][ T6641] vfs_write+0xaeb/0xd30
[ 118.015864][ T6641] ksys_write+0x18f/0x2b0
[ 118.020240][ T6641] page last free pid 6291 tgid 6291 stack trace:
[ 118.026580][ T6641] free_unref_page+0xd2c/0x1000
[ 118.031504][ T6641] vfree+0x1c3/0x360
[ 118.035421][ T6641] kcov_close+0x28/0x50
[ 118.039584][ T6641] __fput+0x23c/0xa50
[ 118.043660][ T6641] task_work_run+0x24f/0x310
[ 118.048274][ T6641] do_exit+0xa2a/0x28e0
[ 118.052489][ T6641] do_group_exit+0x207/0x2c0
[ 118.057103][ T6641] get_signal+0x16b2/0x1750
[ 118.061668][ T6641] arch_do_signal_or_restart+0x96/0x860
[ 118.067234][ T6641] syscall_exit_to_user_mode+0xce/0x340
[ 118.072838][ T6641] do_syscall_64+0x100/0x230
[ 118.077456][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 118.083422][ T6641] Modules linked in:
[ 118.087438][ T6641] CPU: 1 UID: 0 PID: 6641 Comm: syz.0.15 Tainted: G B 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 118.099051][ T6641] Tainted: [B]=BAD_PAGE
[ 118.103224][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 118.114170][ T6641] Call Trace:
[ 118.117477][ T6641]
[ 118.120527][ T6641] dump_stack_lvl+0x241/0x360
[ 118.125242][ T6641] ? __pfx_dump_stack_lvl+0x10/0x10
[ 118.130471][ T6641] ? __pfx_print_modules+0x10/0x10
[ 118.135610][ T6641] bad_page+0x176/0x1d0
[ 118.139794][ T6641] free_unref_page+0xf9e/0x1000
[ 118.144679][ T6641] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 118.150342][ T6641] bpf_xdp_adjust_tail+0x1c3/0x200
[ 118.155539][ T6641] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 118.160990][ T6641] bpf_prog_run_generic_xdp+0x686/0x1510
[ 118.166711][ T6641] do_xdp_generic+0x757/0xd30
[ 118.171411][ T6641] ? __pfx_do_xdp_generic+0x10/0x10
[ 118.176610][ T6641] ? __skb_flow_dissect+0x4f1/0x7d00
[ 118.181892][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 118.187633][ T6641] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 118.193730][ T6641] ? mark_lock+0x9a/0x360
[ 118.198067][ T6641] ? __lock_acquire+0x1397/0x2100
[ 118.203087][ T6641] __netif_receive_skb+0x12f/0x650
[ 118.208199][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 118.213211][ T6641] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 118.219548][ T6641] ? __pfx___netif_receive_skb+0x10/0x10
[ 118.225197][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 118.230042][ T6641] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 118.235753][ T6641] ? read_tsc+0x9/0x20
[ 118.239901][ T6641] ? netif_receive_skb+0x131/0x890
[ 118.245036][ T6641] ? netif_receive_skb+0x131/0x890
[ 118.250168][ T6641] netif_receive_skb+0x1e8/0x890
[ 118.255106][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 118.259952][ T6641] ? __pfx_netif_receive_skb+0x10/0x10
[ 118.265407][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 118.270256][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 118.274926][ T6641] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 118.281298][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 118.286329][ T6641] ? __pfx_tun_rx_batched+0x10/0x10
[ 118.291527][ T6641] tun_get_user+0x30cc/0x48a0
[ 118.296204][ T6641] ? tun_get_user+0x2bba/0x48a0
[ 118.301139][ T6641] ? __lock_acquire+0x1397/0x2100
[ 118.306299][ T6641] ? __pfx_tun_get_user+0x10/0x10
[ 118.311502][ T6641] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 118.316998][ T6641] ? tun_get+0x1e/0x2f0
[ 118.321149][ T6641] ? __pfx_lock_release+0x10/0x10
[ 118.326183][ T6641] ? tun_get+0x1e/0x2f0
[ 118.330338][ T6641] ? tun_get+0x27d/0x2f0
[ 118.334678][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 118.339695][ T6641] vfs_write+0xaeb/0xd30
[ 118.344121][ T6641] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 118.349669][ T6641] ? __pfx_vfs_write+0x10/0x10
[ 118.354429][ T6641] ? __fget_files+0x2a/0x410
[ 118.359012][ T6641] ? __fget_files+0x2a/0x410
[ 118.363598][ T6641] ksys_write+0x18f/0x2b0
[ 118.367977][ T6641] ? __pfx_ksys_write+0x10/0x10
[ 118.372829][ T6641] ? do_syscall_64+0x100/0x230
[ 118.377597][ T6641] ? do_syscall_64+0xb6/0x230
[ 118.382270][ T6641] do_syscall_64+0xf3/0x230
[ 118.386780][ T6641] ? clear_bhb_loop+0x35/0x90
[ 118.391456][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 118.397462][ T6641] RIP: 0033:0x7f750c57e98f
[ 118.401877][ T6641] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 118.422438][ T6641] RSP: 002b:00007f750d30a020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 118.430859][ T6641] RAX: ffffffffffffffda RBX: 00007f750c745fa0 RCX: 00007f750c57e98f
[ 118.438824][ T6641] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 118.446911][ T6641] RBP: 00007f750c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 118.455144][ T6641] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 118.463663][ T6641] R13: 0000000000000000 R14: 00007f750c745fa0 R15: 00007ffd45d39c38
[ 118.471899][ T6641]
[ 118.475030][ T6641] BUG: Bad page state in process syz.0.15 pfn:11eb0
[ 118.481862][ T6641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888011eb3400 pfn:0x11eb0
[ 118.492299][ T6641] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 118.500382][ T6641] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 118.509514][ T6641] raw: ffff888011eb3400 0000000000000001 00000000ffffffff 0000000000000000
[ 118.518161][ T6641] page dumped because: page_pool leak
[ 118.523732][ T6641] page_owner tracks the page as allocated
[ 118.529662][ T6641] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6641, tgid 6640 (syz.0.15), ts 115439090899, free_ts 107891566304
[ 118.546954][ T6641] post_alloc_hook+0x1f3/0x230
[ 118.551870][ T6641] get_page_from_freelist+0x3651/0x37a0
[ 118.557543][ T6641] __alloc_pages_noprof+0x292/0x710
[ 118.563349][ T6641] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 118.568840][ T6641] __page_pool_alloc_pages_slow+0x122/0x690
[ 118.574935][ T6641] page_pool_alloc_pages+0xd0/0x1c0
[ 118.580476][ T6641] skb_pp_cow_data+0xc43/0x1640
[ 118.585538][ T6641] do_xdp_generic+0x505/0xd30
[ 118.590318][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 118.596166][ T6641] __netif_receive_skb+0x12f/0x650
[ 118.601426][ T6641] netif_receive_skb+0x1e8/0x890
[ 118.606739][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 118.611914][ T6641] tun_get_user+0x30cc/0x48a0
[ 118.616626][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 118.621896][ T6641] vfs_write+0xaeb/0xd30
[ 118.626266][ T6641] ksys_write+0x18f/0x2b0
[ 118.630746][ T6641] page last free pid 6291 tgid 6291 stack trace:
[ 118.637179][ T6641] free_unref_page+0xd2c/0x1000
[ 118.642099][ T6641] vfree+0x1c3/0x360
[ 118.646363][ T6641] kcov_close+0x28/0x50
[ 118.650575][ T6641] __fput+0x23c/0xa50
[ 118.654585][ T6641] task_work_run+0x24f/0x310
[ 118.659293][ T6641] do_exit+0xa2a/0x28e0
[ 118.663578][ T6641] do_group_exit+0x207/0x2c0
[ 118.668268][ T6641] get_signal+0x16b2/0x1750
[ 118.672816][ T6641] arch_do_signal_or_restart+0x96/0x860
[ 118.678385][ T6641] syscall_exit_to_user_mode+0xce/0x340
[ 118.684063][ T6641] do_syscall_64+0x100/0x230
[ 118.689201][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 118.695360][ T6641] Modules linked in:
[ 118.699316][ T6641] CPU: 1 UID: 0 PID: 6641 Comm: syz.0.15 Tainted: G B 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 118.711015][ T6641] Tainted: [B]=BAD_PAGE
[ 118.715351][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 118.725633][ T6641] Call Trace:
[ 118.729032][ T6641]
[ 118.732500][ T6641] dump_stack_lvl+0x241/0x360
[ 118.737442][ T6641] ? __pfx_dump_stack_lvl+0x10/0x10
[ 118.742639][ T6641] ? __pfx_print_modules+0x10/0x10
[ 118.748266][ T6641] bad_page+0x176/0x1d0
[ 118.750147][ T5133] Bluetooth: hci1: command tx timeout
[ 118.752406][ T6641] free_unref_page+0xf9e/0x1000
[ 118.763048][ T6641] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 118.768787][ T6641] bpf_xdp_adjust_tail+0x1c3/0x200
[ 118.773923][ T6641] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 118.779385][ T6641] bpf_prog_run_generic_xdp+0x686/0x1510
[ 118.785122][ T6641] do_xdp_generic+0x757/0xd30
[ 118.789833][ T6641] ? __pfx_do_xdp_generic+0x10/0x10
[ 118.795077][ T6641] ? __skb_flow_dissect+0x4f1/0x7d00
[ 118.800435][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 118.806235][ T6641] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 118.812309][ T6641] ? mark_lock+0x9a/0x360
[ 118.816645][ T6641] ? __lock_acquire+0x1397/0x2100
[ 118.821770][ T6641] __netif_receive_skb+0x12f/0x650
[ 118.826919][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 118.832022][ T6641] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 118.838371][ T6641] ? __pfx___netif_receive_skb+0x10/0x10
[ 118.844036][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 118.848942][ T6641] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 118.854666][ T6641] ? read_tsc+0x9/0x20
[ 118.858769][ T6641] ? netif_receive_skb+0x131/0x890
[ 118.864263][ T6641] ? netif_receive_skb+0x131/0x890
[ 118.869554][ T6641] netif_receive_skb+0x1e8/0x890
[ 118.874583][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 118.880491][ T6641] ? __pfx_netif_receive_skb+0x10/0x10
[ 118.887677][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 118.892563][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 118.898130][ T6641] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 118.904558][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 118.909854][ T6641] ? __pfx_tun_rx_batched+0x10/0x10
[ 118.915326][ T6641] tun_get_user+0x30cc/0x48a0
[ 118.920618][ T6641] ? tun_get_user+0x2bba/0x48a0
[ 118.926030][ T6641] ? __lock_acquire+0x1397/0x2100
[ 118.931535][ T6641] ? __pfx_tun_get_user+0x10/0x10
[ 118.937033][ T6641] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 118.942762][ T6641] ? tun_get+0x1e/0x2f0
[ 118.947157][ T6641] ? __pfx_lock_release+0x10/0x10
[ 118.952382][ T6641] ? tun_get+0x1e/0x2f0
[ 118.956543][ T6641] ? tun_get+0x27d/0x2f0
[ 118.961040][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 118.966334][ T6641] vfs_write+0xaeb/0xd30
[ 118.970590][ T6641] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 118.976133][ T6641] ? __pfx_vfs_write+0x10/0x10
[ 118.980933][ T6641] ? __fget_files+0x2a/0x410
[ 118.986125][ T6641] ? __fget_files+0x2a/0x410
[ 118.990714][ T6641] ksys_write+0x18f/0x2b0
[ 118.995036][ T6641] ? __pfx_ksys_write+0x10/0x10
[ 118.999882][ T6641] ? do_syscall_64+0x100/0x230
[ 119.004827][ T6641] ? do_syscall_64+0xb6/0x230
[ 119.009595][ T6641] do_syscall_64+0xf3/0x230
[ 119.014301][ T6641] ? clear_bhb_loop+0x35/0x90
[ 119.019261][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.025237][ T6641] RIP: 0033:0x7f750c57e98f
[ 119.029641][ T6641] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 119.050758][ T6641] RSP: 002b:00007f750d30a020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 119.059183][ T6641] RAX: ffffffffffffffda RBX: 00007f750c745fa0 RCX: 00007f750c57e98f
[ 119.067320][ T6641] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 119.075297][ T6641] RBP: 00007f750c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 119.083293][ T6641] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 119.091439][ T6641] R13: 0000000000000000 R14: 00007f750c745fa0 R15: 00007ffd45d39c38
[ 119.099679][ T6641]
[ 119.102750][ T6641] BUG: Bad page state in process syz.0.15 pfn:2453b
[ 119.109443][ T6641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x2453b
[ 119.118240][ T6641] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 119.125404][ T6641] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 119.134013][ T6641] raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
[ 119.142628][ T6641] page dumped because: page_pool leak
[ 119.148002][ T6641] page_owner tracks the page as allocated
[ 119.153766][ T6641] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6641, tgid 6640 (syz.0.15), ts 115439081146, free_ts 107891635444
[ 119.170661][ T6641] post_alloc_hook+0x1f3/0x230
[ 119.175441][ T6641] get_page_from_freelist+0x3651/0x37a0
[ 119.181030][ T6641] __alloc_pages_noprof+0x292/0x710
[ 119.186260][ T6641] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 119.191984][ T6641] __page_pool_alloc_pages_slow+0x122/0x690
[ 119.197995][ T6641] page_pool_alloc_pages+0xd0/0x1c0
[ 119.203268][ T6641] skb_pp_cow_data+0xc43/0x1640
[ 119.208651][ T6641] do_xdp_generic+0x505/0xd30
[ 119.213374][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 119.219403][ T6641] __netif_receive_skb+0x12f/0x650
[ 119.224857][ T6641] netif_receive_skb+0x1e8/0x890
[ 119.229844][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 119.234595][ T6641] tun_get_user+0x30cc/0x48a0
[ 119.239288][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 119.244372][ T6641] vfs_write+0xaeb/0xd30
[ 119.248800][ T6641] ksys_write+0x18f/0x2b0
[ 119.253212][ T6641] page last free pid 6291 tgid 6291 stack trace:
[ 119.259899][ T6641] free_unref_page+0xd2c/0x1000
[ 119.264837][ T6641] vfree+0x1c3/0x360
[ 119.268757][ T6641] kcov_close+0x28/0x50
[ 119.272981][ T6641] __fput+0x23c/0xa50
[ 119.276988][ T6641] task_work_run+0x24f/0x310
[ 119.281621][ T6641] do_exit+0xa2a/0x28e0
[ 119.285785][ T6641] do_group_exit+0x207/0x2c0
[ 119.290405][ T6641] get_signal+0x16b2/0x1750
[ 119.294967][ T6641] arch_do_signal_or_restart+0x96/0x860
[ 119.300585][ T6641] syscall_exit_to_user_mode+0xce/0x340
[ 119.306187][ T6641] do_syscall_64+0x100/0x230
[ 119.310831][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.316759][ T6641] Modules linked in:
[ 119.320712][ T6641] CPU: 1 UID: 0 PID: 6641 Comm: syz.0.15 Tainted: G B 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 119.333191][ T6641] Tainted: [B]=BAD_PAGE
[ 119.337337][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 119.347571][ T6641] Call Trace:
[ 119.350855][ T6641]
[ 119.353902][ T6641] dump_stack_lvl+0x241/0x360
[ 119.358852][ T6641] ? __pfx_dump_stack_lvl+0x10/0x10
[ 119.364088][ T6641] ? __pfx_print_modules+0x10/0x10
[ 119.369216][ T6641] bad_page+0x176/0x1d0
[ 119.373385][ T6641] free_unref_page+0xf9e/0x1000
[ 119.378241][ T6641] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 119.384409][ T6641] bpf_xdp_adjust_tail+0x1c3/0x200
[ 119.389566][ T6641] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 119.395238][ T6641] bpf_prog_run_generic_xdp+0x686/0x1510
[ 119.400883][ T6641] do_xdp_generic+0x757/0xd30
[ 119.405590][ T6641] ? __pfx_do_xdp_generic+0x10/0x10
[ 119.410786][ T6641] ? __skb_flow_dissect+0x4f1/0x7d00
[ 119.416074][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 119.421917][ T6641] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 119.428356][ T6641] ? mark_lock+0x9a/0x360
[ 119.432959][ T6641] ? __lock_acquire+0x1397/0x2100
[ 119.437994][ T6641] __netif_receive_skb+0x12f/0x650
[ 119.443105][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 119.448137][ T6641] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 119.454382][ T6641] ? __pfx___netif_receive_skb+0x10/0x10
[ 119.460046][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 119.464895][ T6641] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 119.470622][ T6641] ? read_tsc+0x9/0x20
[ 119.474690][ T6641] ? netif_receive_skb+0x131/0x890
[ 119.479798][ T6641] ? netif_receive_skb+0x131/0x890
[ 119.484945][ T6641] netif_receive_skb+0x1e8/0x890
[ 119.489890][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 119.494848][ T6641] ? __pfx_netif_receive_skb+0x10/0x10
[ 119.500507][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 119.505363][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 119.510041][ T6641] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 119.516538][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 119.521563][ T6641] ? __pfx_tun_rx_batched+0x10/0x10
[ 119.526765][ T6641] tun_get_user+0x30cc/0x48a0
[ 119.531622][ T6641] ? tun_get_user+0x2bba/0x48a0
[ 119.536487][ T6641] ? __lock_acquire+0x1397/0x2100
[ 119.541521][ T6641] ? __pfx_tun_get_user+0x10/0x10
[ 119.546557][ T6641] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 119.552135][ T6641] ? tun_get+0x1e/0x2f0
[ 119.556381][ T6641] ? __pfx_lock_release+0x10/0x10
[ 119.561496][ T6641] ? tun_get+0x1e/0x2f0
[ 119.565652][ T6641] ? tun_get+0x27d/0x2f0
[ 119.569983][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 119.575009][ T6641] vfs_write+0xaeb/0xd30
[ 119.579246][ T6641] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 119.585149][ T6641] ? __pfx_vfs_write+0x10/0x10
[ 119.589911][ T6641] ? __fget_files+0x2a/0x410
[ 119.594493][ T6641] ? __fget_files+0x2a/0x410
[ 119.599085][ T6641] ksys_write+0x18f/0x2b0
[ 119.603431][ T6641] ? __pfx_ksys_write+0x10/0x10
[ 119.608360][ T6641] ? do_syscall_64+0x100/0x230
[ 119.613225][ T6641] ? do_syscall_64+0xb6/0x230
[ 119.617904][ T6641] do_syscall_64+0xf3/0x230
[ 119.622608][ T6641] ? clear_bhb_loop+0x35/0x90
[ 119.627330][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.633244][ T6641] RIP: 0033:0x7f750c57e98f
[ 119.637685][ T6641] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 119.657838][ T6641] RSP: 002b:00007f750d30a020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 119.666343][ T6641] RAX: ffffffffffffffda RBX: 00007f750c745fa0 RCX: 00007f750c57e98f
[ 119.675004][ T6641] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 119.682974][ T6641] RBP: 00007f750c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 119.691076][ T6641] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 119.699162][ T6641] R13: 0000000000000000 R14: 00007f750c745fa0 R15: 00007ffd45d39c38
[ 119.707152][ T6641]
[ 119.710316][ T6641] BUG: Bad page state in process syz.0.15 pfn:2453a
[ 119.717004][ T6641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802453be00 pfn:0x2453a
[ 119.727222][ T6641] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 119.734416][ T6641] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 119.743073][ T6641] raw: ffff88802453be00 0000000000000001 00000000ffffffff 0000000000000000
[ 119.751868][ T6641] page dumped because: page_pool leak
[ 119.757423][ T6641] page_owner tracks the page as allocated
[ 119.763176][ T6641] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6641, tgid 6640 (syz.0.15), ts 115439071442, free_ts 107891626152
[ 119.780423][ T6641] post_alloc_hook+0x1f3/0x230
[ 119.785273][ T6641] get_page_from_freelist+0x3651/0x37a0
[ 119.791031][ T6641] __alloc_pages_noprof+0x292/0x710
[ 119.796252][ T6641] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 119.801869][ T6641] __page_pool_alloc_pages_slow+0x122/0x690
[ 119.807780][ T6641] page_pool_alloc_pages+0xd0/0x1c0
[ 119.813034][ T6641] skb_pp_cow_data+0xc43/0x1640
[ 119.817911][ T6641] do_xdp_generic+0x505/0xd30
[ 119.822631][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 119.828362][ T6641] __netif_receive_skb+0x12f/0x650
[ 119.833520][ T6641] netif_receive_skb+0x1e8/0x890
[ 119.838474][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 119.843270][ T6641] tun_get_user+0x30cc/0x48a0
[ 119.847963][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 119.853053][ T6641] vfs_write+0xaeb/0xd30
[ 119.857311][ T6641] ksys_write+0x18f/0x2b0
[ 119.862194][ T6641] page last free pid 6291 tgid 6291 stack trace:
[ 119.868608][ T6641] free_unref_page+0xd2c/0x1000
[ 119.873612][ T6641] vfree+0x1c3/0x360
[ 119.877605][ T6641] kcov_close+0x28/0x50
[ 119.881866][ T6641] __fput+0x23c/0xa50
[ 119.885890][ T6641] task_work_run+0x24f/0x310
[ 119.890607][ T6641] do_exit+0xa2a/0x28e0
[ 119.894964][ T6641] do_group_exit+0x207/0x2c0
[ 119.899544][ T6641] get_signal+0x16b2/0x1750
[ 119.904478][ T6641] arch_do_signal_or_restart+0x96/0x860
[ 119.910257][ T6641] syscall_exit_to_user_mode+0xce/0x340
[ 119.916076][ T6641] do_syscall_64+0x100/0x230
[ 119.920744][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.926892][ T6641] Modules linked in:
[ 119.930839][ T6641] CPU: 1 UID: 0 PID: 6641 Comm: syz.0.15 Tainted: G B 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 119.942420][ T6641] Tainted: [B]=BAD_PAGE
[ 119.946557][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 119.956619][ T6641] Call Trace:
[ 119.959894][ T6641]
[ 119.962927][ T6641] dump_stack_lvl+0x241/0x360
[ 119.967608][ T6641] ? __pfx_dump_stack_lvl+0x10/0x10
[ 119.972818][ T6641] ? __pfx_print_modules+0x10/0x10
[ 119.978114][ T6641] bad_page+0x176/0x1d0
[ 119.982284][ T6641] free_unref_page+0xf9e/0x1000
[ 119.987252][ T6641] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 119.992909][ T6641] bpf_xdp_adjust_tail+0x1c3/0x200
[ 119.998151][ T6641] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 120.003736][ T6641] bpf_prog_run_generic_xdp+0x686/0x1510
[ 120.009474][ T6641] do_xdp_generic+0x757/0xd30
[ 120.027177][ T6641] ? __pfx_do_xdp_generic+0x10/0x10
[ 120.032386][ T6641] ? __skb_flow_dissect+0x4f1/0x7d00
[ 120.037696][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 120.043512][ T6641] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 120.049579][ T6641] ? mark_lock+0x9a/0x360
[ 120.054104][ T6641] ? __lock_acquire+0x1397/0x2100
[ 120.059250][ T6641] __netif_receive_skb+0x12f/0x650
[ 120.064385][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 120.069409][ T6641] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 120.075913][ T6641] ? __pfx___netif_receive_skb+0x10/0x10
[ 120.081659][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 120.086863][ T6641] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 120.092754][ T6641] ? read_tsc+0x9/0x20
[ 120.097010][ T6641] ? netif_receive_skb+0x131/0x890
[ 120.102124][ T6641] ? netif_receive_skb+0x131/0x890
[ 120.107425][ T6641] netif_receive_skb+0x1e8/0x890
[ 120.112390][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 120.117510][ T6641] ? __pfx_netif_receive_skb+0x10/0x10
[ 120.122980][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 120.128125][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 120.132995][ T6641] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 120.139439][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 120.144924][ T6641] ? __pfx_tun_rx_batched+0x10/0x10
[ 120.150499][ T6641] tun_get_user+0x30cc/0x48a0
[ 120.155213][ T6641] ? tun_get_user+0x2bba/0x48a0
[ 120.160346][ T6641] ? __lock_acquire+0x1397/0x2100
[ 120.165384][ T6641] ? __pfx_tun_get_user+0x10/0x10
[ 120.170534][ T6641] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 120.176547][ T6641] ? tun_get+0x1e/0x2f0
[ 120.181008][ T6641] ? __pfx_lock_release+0x10/0x10
[ 120.186245][ T6641] ? tun_get+0x1e/0x2f0
[ 120.190419][ T6641] ? tun_get+0x27d/0x2f0
[ 120.194728][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 120.199754][ T6641] vfs_write+0xaeb/0xd30
[ 120.204016][ T6641] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 120.209575][ T6641] ? __pfx_vfs_write+0x10/0x10
[ 120.214369][ T6641] ? __fget_files+0x2a/0x410
[ 120.219042][ T6641] ? __fget_files+0x2a/0x410
[ 120.223625][ T6641] ksys_write+0x18f/0x2b0
[ 120.227954][ T6641] ? __pfx_ksys_write+0x10/0x10
[ 120.232969][ T6641] ? do_syscall_64+0x100/0x230
[ 120.237729][ T6641] ? do_syscall_64+0xb6/0x230
[ 120.242405][ T6641] do_syscall_64+0xf3/0x230
[ 120.246910][ T6641] ? clear_bhb_loop+0x35/0x90
[ 120.251693][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 120.257695][ T6641] RIP: 0033:0x7f750c57e98f
[ 120.262110][ T6641] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 120.281834][ T6641] RSP: 002b:00007f750d30a020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 120.290362][ T6641] RAX: ffffffffffffffda RBX: 00007f750c745fa0 RCX: 00007f750c57e98f
[ 120.298506][ T6641] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 120.306593][ T6641] RBP: 00007f750c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 120.314559][ T6641] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 120.322526][ T6641] R13: 0000000000000000 R14: 00007f750c745fa0 R15: 00007ffd45d39c38
[ 120.330601][ T6641]
[ 120.333677][ T6641] BUG: Bad page state in process syz.0.15 pfn:24539
[ 120.340399][ T6641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x24539
[ 120.349559][ T6641] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 120.357107][ T6641] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 120.365759][ T6641] raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000
[ 120.375082][ T6641] page dumped because: page_pool leak
[ 120.380771][ T6641] page_owner tracks the page as allocated
[ 120.386938][ T6641] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6641, tgid 6640 (syz.0.15), ts 115439060827, free_ts 107891616507
[ 120.404315][ T6641] post_alloc_hook+0x1f3/0x230
[ 120.409401][ T6641] get_page_from_freelist+0x3651/0x37a0
[ 120.415005][ T6641] __alloc_pages_noprof+0x292/0x710
[ 120.420258][ T6641] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 120.425724][ T6641] __page_pool_alloc_pages_slow+0x122/0x690
[ 120.431684][ T6641] page_pool_alloc_pages+0xd0/0x1c0
[ 120.437006][ T6641] skb_pp_cow_data+0xc43/0x1640
[ 120.441932][ T6641] do_xdp_generic+0x505/0xd30
[ 120.446639][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 120.452423][ T6641] __netif_receive_skb+0x12f/0x650
[ 120.457807][ T6641] netif_receive_skb+0x1e8/0x890
[ 120.463155][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 120.467878][ T6641] tun_get_user+0x30cc/0x48a0
[ 120.472713][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 120.478036][ T6641] vfs_write+0xaeb/0xd30
[ 120.482326][ T6641] ksys_write+0x18f/0x2b0
[ 120.486763][ T6641] page last free pid 6291 tgid 6291 stack trace:
[ 120.493177][ T6641] free_unref_page+0xd2c/0x1000
[ 120.498309][ T6641] vfree+0x1c3/0x360
[ 120.502527][ T6641] kcov_close+0x28/0x50
[ 120.506810][ T6641] __fput+0x23c/0xa50
[ 120.511124][ T6641] task_work_run+0x24f/0x310
[ 120.515748][ T6641] do_exit+0xa2a/0x28e0
[ 120.519915][ T6641] do_group_exit+0x207/0x2c0
[ 120.524553][ T6641] get_signal+0x16b2/0x1750
[ 120.529203][ T6641] arch_do_signal_or_restart+0x96/0x860
[ 120.535193][ T6641] syscall_exit_to_user_mode+0xce/0x340
[ 120.541063][ T6641] do_syscall_64+0x100/0x230
[ 120.546305][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 120.552960][ T6641] Modules linked in:
[ 120.557244][ T6641] CPU: 1 UID: 0 PID: 6641 Comm: syz.0.15 Tainted: G B 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 120.569154][ T6641] Tainted: [B]=BAD_PAGE
[ 120.573795][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 120.584559][ T6641] Call Trace:
[ 120.587921][ T6641]
[ 120.590851][ T6641] dump_stack_lvl+0x241/0x360
[ 120.595733][ T6641] ? __pfx_dump_stack_lvl+0x10/0x10
[ 120.600974][ T6641] ? __pfx_print_modules+0x10/0x10
[ 120.606457][ T6641] bad_page+0x176/0x1d0
[ 120.611002][ T6641] free_unref_page+0xf9e/0x1000
[ 120.616482][ T6641] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 120.622218][ T6641] bpf_xdp_adjust_tail+0x1c3/0x200
[ 120.627520][ T6641] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 120.633094][ T6641] bpf_prog_run_generic_xdp+0x686/0x1510
[ 120.639423][ T6641] do_xdp_generic+0x757/0xd30
[ 120.644276][ T6641] ? __pfx_do_xdp_generic+0x10/0x10
[ 120.650171][ T6641] ? __skb_flow_dissect+0x4f1/0x7d00
[ 120.655463][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 120.661283][ T6641] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 120.667437][ T6641] ? mark_lock+0x9a/0x360
[ 120.671763][ T6641] ? __lock_acquire+0x1397/0x2100
[ 120.676797][ T6641] __netif_receive_skb+0x12f/0x650
[ 120.681938][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 120.687234][ T6641] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 120.693561][ T6641] ? __pfx___netif_receive_skb+0x10/0x10
[ 120.699195][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 120.704059][ T6641] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 120.712061][ T6641] ? read_tsc+0x9/0x20
[ 120.716181][ T6641] ? netif_receive_skb+0x131/0x890
[ 120.721298][ T6641] ? netif_receive_skb+0x131/0x890
[ 120.726491][ T6641] netif_receive_skb+0x1e8/0x890
[ 120.731684][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 120.736765][ T6641] ? __pfx_netif_receive_skb+0x10/0x10
[ 120.742616][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 120.747473][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 120.752146][ T6641] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 120.758470][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 120.763488][ T6641] ? __pfx_tun_rx_batched+0x10/0x10
[ 120.768690][ T6641] tun_get_user+0x30cc/0x48a0
[ 120.773391][ T6641] ? tun_get_user+0x2bba/0x48a0
[ 120.778416][ T6641] ? __lock_acquire+0x1397/0x2100
[ 120.783439][ T6641] ? __pfx_tun_get_user+0x10/0x10
[ 120.788559][ T6641] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 120.794017][ T6641] ? tun_get+0x1e/0x2f0
[ 120.798168][ T6641] ? __pfx_lock_release+0x10/0x10
[ 120.803303][ T6641] ? tun_get+0x1e/0x2f0
[ 120.807571][ T6641] ? tun_get+0x27d/0x2f0
[ 120.812001][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 120.817209][ T6641] vfs_write+0xaeb/0xd30
[ 120.821538][ T6641] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 120.827089][ T6641] ? __pfx_vfs_write+0x10/0x10
[ 120.831953][ T6641] ? __fget_files+0x2a/0x410
[ 120.836566][ T6641] ? __fget_files+0x2a/0x410
[ 120.841255][ T6641] ksys_write+0x18f/0x2b0
[ 120.845591][ T6641] ? __pfx_ksys_write+0x10/0x10
[ 120.850523][ T6641] ? do_syscall_64+0x100/0x230
[ 120.855308][ T6641] ? do_syscall_64+0xb6/0x230
[ 120.859982][ T6641] do_syscall_64+0xf3/0x230
[ 120.864497][ T6641] ? clear_bhb_loop+0x35/0x90
[ 120.869448][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 120.875800][ T6641] RIP: 0033:0x7f750c57e98f
[ 120.880509][ T6641] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 120.901342][ T6641] RSP: 002b:00007f750d30a020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 120.910163][ T6641] RAX: ffffffffffffffda RBX: 00007f750c745fa0 RCX: 00007f750c57e98f
[ 120.918290][ T6641] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 120.926369][ T6641] RBP: 00007f750c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 120.934347][ T6641] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 120.942488][ T6641] R13: 0000000000000000 R14: 00007f750c745fa0 R15: 00007ffd45d39c38
[ 120.950461][ T6641]
[ 120.953558][ T6641] BUG: Bad page state in process syz.0.15 pfn:2faf8
[ 120.960278][ T6641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802faf8e88 pfn:0x2faf8
[ 120.970739][ T6641] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 120.978137][ T6641] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 120.986769][ T6641] raw: ffff88802faf8e88 0000000000000001 00000000ffffffff 0000000000000000
[ 120.995390][ T6641] page dumped because: page_pool leak
[ 121.000891][ T6641] page_owner tracks the page as allocated
[ 121.006807][ T6641] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6641, tgid 6640 (syz.0.15), ts 115439051596, free_ts 115433316352
[ 121.023923][ T6641] post_alloc_hook+0x1f3/0x230
[ 121.028738][ T6641] get_page_from_freelist+0x3651/0x37a0
[ 121.034456][ T6641] __alloc_pages_noprof+0x292/0x710
[ 121.039777][ T6641] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 121.045414][ T6641] __page_pool_alloc_pages_slow+0x122/0x690
[ 121.051374][ T6641] page_pool_alloc_pages+0xd0/0x1c0
[ 121.056679][ T6641] skb_pp_cow_data+0xc43/0x1640
[ 121.061580][ T6641] do_xdp_generic+0x505/0xd30
[ 121.066292][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 121.072084][ T6641] __netif_receive_skb+0x12f/0x650
[ 121.077243][ T6641] netif_receive_skb+0x1e8/0x890
[ 121.082234][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 121.086936][ T6641] tun_get_user+0x30cc/0x48a0
[ 121.091739][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 121.096783][ T6641] vfs_write+0xaeb/0xd30
[ 121.101074][ T6641] ksys_write+0x18f/0x2b0
[ 121.105863][ T6641] page last free pid 6639 tgid 6639 stack trace:
[ 121.112309][ T6641] free_unref_folios+0xe23/0x1890
[ 121.117446][ T6641] folios_put_refs+0x76c/0x860
[ 121.122272][ T6641] free_pages_and_swap_cache+0x5c8/0x690
[ 121.128117][ T6641] tlb_flush_mmu+0x3a3/0x680
[ 121.132801][ T6641] tlb_finish_mmu+0xd4/0x200
[ 121.137429][ T6641] exit_mmap+0x496/0xc20
[ 121.141720][ T6641] __mmput+0x115/0x3b0
[ 121.145893][ T6641] exit_mm+0x220/0x310
[ 121.150145][ T6641] do_exit+0x9ad/0x28e0
[ 121.154312][ T6641] do_group_exit+0x207/0x2c0
[ 121.158898][ T6641] __x64_sys_exit_group+0x3f/0x40
[ 121.163970][ T6641] x64_sys_call+0x26a8/0x26b0
[ 121.168751][ T6641] do_syscall_64+0xf3/0x230
[ 121.173311][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.179231][ T6641] Modules linked in:
[ 121.183253][ T6641] CPU: 1 UID: 0 PID: 6641 Comm: syz.0.15 Tainted: G B 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 121.194811][ T6641] Tainted: [B]=BAD_PAGE
[ 121.199204][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 121.209358][ T6641] Call Trace:
[ 121.212675][ T6641]
[ 121.215615][ T6641] dump_stack_lvl+0x241/0x360
[ 121.220323][ T6641] ? __pfx_dump_stack_lvl+0x10/0x10
[ 121.225960][ T6641] ? __pfx_print_modules+0x10/0x10
[ 121.231157][ T6641] bad_page+0x176/0x1d0
[ 121.235405][ T6641] free_unref_page+0xf9e/0x1000
[ 121.240270][ T6641] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 121.245918][ T6641] bpf_xdp_adjust_tail+0x1c3/0x200
[ 121.251063][ T6641] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 121.256529][ T6641] bpf_prog_run_generic_xdp+0x686/0x1510
[ 121.262344][ T6641] do_xdp_generic+0x757/0xd30
[ 121.267196][ T6641] ? __pfx_do_xdp_generic+0x10/0x10
[ 121.272406][ T6641] ? __skb_flow_dissect+0x4f1/0x7d00
[ 121.277714][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 121.283464][ T6641] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 121.289561][ T6641] ? mark_lock+0x9a/0x360
[ 121.293937][ T6641] ? __lock_acquire+0x1397/0x2100
[ 121.299078][ T6641] __netif_receive_skb+0x12f/0x650
[ 121.304289][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 121.309306][ T6641] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 121.315634][ T6641] ? __pfx___netif_receive_skb+0x10/0x10
[ 121.321280][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 121.326130][ T6641] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 121.331940][ T6641] ? read_tsc+0x9/0x20
[ 121.336011][ T6641] ? netif_receive_skb+0x131/0x890
[ 121.341120][ T6641] ? netif_receive_skb+0x131/0x890
[ 121.346312][ T6641] netif_receive_skb+0x1e8/0x890
[ 121.351825][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 121.356704][ T6641] ? __pfx_netif_receive_skb+0x10/0x10
[ 121.362161][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 121.367007][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 121.371681][ T6641] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 121.378006][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 121.383108][ T6641] ? __pfx_tun_rx_batched+0x10/0x10
[ 121.388316][ T6641] tun_get_user+0x30cc/0x48a0
[ 121.393078][ T6641] ? tun_get_user+0x2bba/0x48a0
[ 121.397931][ T6641] ? __lock_acquire+0x1397/0x2100
[ 121.402950][ T6641] ? __pfx_tun_get_user+0x10/0x10
[ 121.407975][ T6641] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 121.413567][ T6641] ? tun_get+0x1e/0x2f0
[ 121.417721][ T6641] ? __pfx_lock_release+0x10/0x10
[ 121.422985][ T6641] ? tun_get+0x1e/0x2f0
[ 121.427347][ T6641] ? tun_get+0x27d/0x2f0
[ 121.431612][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 121.436641][ T6641] vfs_write+0xaeb/0xd30
[ 121.440896][ T6641] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 121.446476][ T6641] ? __pfx_vfs_write+0x10/0x10
[ 121.451338][ T6641] ? __fget_files+0x2a/0x410
[ 121.456110][ T6641] ? __fget_files+0x2a/0x410
[ 121.460782][ T6641] ksys_write+0x18f/0x2b0
[ 121.465111][ T6641] ? __pfx_ksys_write+0x10/0x10
[ 121.469973][ T6641] ? do_syscall_64+0x100/0x230
[ 121.474749][ T6641] ? do_syscall_64+0xb6/0x230
[ 121.479434][ T6641] do_syscall_64+0xf3/0x230
[ 121.483945][ T6641] ? clear_bhb_loop+0x35/0x90
[ 121.488701][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.494882][ T6641] RIP: 0033:0x7f750c57e98f
[ 121.499322][ T6641] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 121.518923][ T6641] RSP: 002b:00007f750d30a020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 121.527341][ T6641] RAX: ffffffffffffffda RBX: 00007f750c745fa0 RCX: 00007f750c57e98f
[ 121.535323][ T6641] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 121.543382][ T6641] RBP: 00007f750c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 121.551433][ T6641] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 121.559399][ T6641] R13: 0000000000000000 R14: 00007f750c745fa0 R15: 00007ffd45d39c38
[ 121.567458][ T6641]
[ 121.570540][ T6641] BUG: Bad page state in process syz.0.15 pfn:3464a
[ 121.577232][ T6641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803464af00 pfn:0x3464a
[ 121.587392][ T6641] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 121.594589][ T6641] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 121.603393][ T6641] raw: ffff88803464af00 0000000000000001 00000000ffffffff 0000000000000000
[ 121.612445][ T6641] page dumped because: page_pool leak
[ 121.617872][ T6641] page_owner tracks the page as allocated
[ 121.623630][ T6641] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6641, tgid 6640 (syz.0.15), ts 115439042612, free_ts 115433321295
[ 121.640989][ T6641] post_alloc_hook+0x1f3/0x230
[ 121.645762][ T6641] get_page_from_freelist+0x3651/0x37a0
[ 121.651366][ T6641] __alloc_pages_noprof+0x292/0x710
[ 121.656765][ T6641] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 121.662273][ T6641] __page_pool_alloc_pages_slow+0x122/0x690
[ 121.668212][ T6641] page_pool_alloc_pages+0xd0/0x1c0
[ 121.673480][ T6641] skb_pp_cow_data+0xc43/0x1640
[ 121.678348][ T6641] do_xdp_generic+0x505/0xd30
[ 121.683086][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 121.688922][ T6641] __netif_receive_skb+0x12f/0x650
[ 121.694169][ T6641] netif_receive_skb+0x1e8/0x890
[ 121.699155][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 121.703892][ T6641] tun_get_user+0x30cc/0x48a0
[ 121.708679][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 121.713964][ T6641] vfs_write+0xaeb/0xd30
[ 121.718239][ T6641] ksys_write+0x18f/0x2b0
[ 121.722624][ T6641] page last free pid 6639 tgid 6639 stack trace:
[ 121.728966][ T6641] free_unref_folios+0xe23/0x1890
[ 121.734160][ T6641] folios_put_refs+0x76c/0x860
[ 121.738943][ T6641] free_pages_and_swap_cache+0x5c8/0x690
[ 121.744602][ T6641] tlb_flush_mmu+0x3a3/0x680
[ 121.749224][ T6641] tlb_finish_mmu+0xd4/0x200
[ 121.753861][ T6641] exit_mmap+0x496/0xc20
[ 121.758122][ T6641] __mmput+0x115/0x3b0
[ 121.762214][ T6641] exit_mm+0x220/0x310
[ 121.766292][ T6641] do_exit+0x9ad/0x28e0
[ 121.770476][ T6641] do_group_exit+0x207/0x2c0
[ 121.775089][ T6641] __x64_sys_exit_group+0x3f/0x40
[ 121.780143][ T6641] x64_sys_call+0x26a8/0x26b0
[ 121.784936][ T6641] do_syscall_64+0xf3/0x230
[ 121.789552][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.795563][ T6641] Modules linked in:
[ 121.799561][ T6641] CPU: 1 UID: 0 PID: 6641 Comm: syz.0.15 Tainted: G B 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 121.811265][ T6641] Tainted: [B]=BAD_PAGE
[ 121.815426][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 121.825667][ T6641] Call Trace:
[ 121.828947][ T6641]
[ 121.832046][ T6641] dump_stack_lvl+0x241/0x360
[ 121.836729][ T6641] ? __pfx_dump_stack_lvl+0x10/0x10
[ 121.842014][ T6641] ? __pfx_print_modules+0x10/0x10
[ 121.847120][ T6641] bad_page+0x176/0x1d0
[ 121.851270][ T6641] free_unref_page+0xf9e/0x1000
[ 121.856118][ T6641] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 121.861850][ T6641] bpf_xdp_adjust_tail+0x1c3/0x200
[ 121.866974][ T6641] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 121.872454][ T6641] bpf_prog_run_generic_xdp+0x686/0x1510
[ 121.878265][ T6641] do_xdp_generic+0x757/0xd30
[ 121.882938][ T6641] ? __pfx_do_xdp_generic+0x10/0x10
[ 121.888132][ T6641] ? __skb_flow_dissect+0x4f1/0x7d00
[ 121.893426][ T6641] __netif_receive_skb_core+0x1ce9/0x4690
[ 121.899414][ T6641] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 121.905478][ T6641] ? mark_lock+0x9a/0x360
[ 121.909805][ T6641] ? __lock_acquire+0x1397/0x2100
[ 121.914917][ T6641] __netif_receive_skb+0x12f/0x650
[ 121.920031][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 121.925044][ T6641] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 121.931283][ T6641] ? __pfx___netif_receive_skb+0x10/0x10
[ 121.936923][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 121.941772][ T6641] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 121.947515][ T6641] ? read_tsc+0x9/0x20
[ 121.951582][ T6641] ? netif_receive_skb+0x131/0x890
[ 121.956808][ T6641] ? netif_receive_skb+0x131/0x890
[ 121.961930][ T6641] netif_receive_skb+0x1e8/0x890
[ 121.967081][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 121.971943][ T6641] ? __pfx_netif_receive_skb+0x10/0x10
[ 121.977593][ T6641] ? tun_rx_batched+0x160/0x8f0
[ 121.982476][ T6641] tun_rx_batched+0x1b7/0x8f0
[ 121.987148][ T6641] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 121.993472][ T6641] ? __pfx_lock_acquire+0x10/0x10
[ 121.998646][ T6641] ? __pfx_tun_rx_batched+0x10/0x10
[ 122.003842][ T6641] tun_get_user+0x30cc/0x48a0
[ 122.008601][ T6641] ? tun_get_user+0x2bba/0x48a0
[ 122.013455][ T6641] ? __lock_acquire+0x1397/0x2100
[ 122.018469][ T6641] ? __pfx_tun_get_user+0x10/0x10
[ 122.023582][ T6641] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 122.029037][ T6641] ? tun_get+0x1e/0x2f0
[ 122.033188][ T6641] ? __pfx_lock_release+0x10/0x10
[ 122.038216][ T6641] ? tun_get+0x1e/0x2f0
[ 122.042374][ T6641] ? tun_get+0x27d/0x2f0
[ 122.046613][ T6641] tun_chr_write_iter+0x10d/0x1f0
[ 122.051634][ T6641] vfs_write+0xaeb/0xd30
[ 122.055886][ T6641] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 122.061435][ T6641] ? __pfx_vfs_write+0x10/0x10
[ 122.066283][ T6641] ? __fget_files+0x2a/0x410
[ 122.070862][ T6641] ? __fget_files+0x2a/0x410
[ 122.075446][ T6641] ksys_write+0x18f/0x2b0
[ 122.079771][ T6641] ? __pfx_ksys_write+0x10/0x10
[ 122.084725][ T6641] ? do_syscall_64+0x100/0x230
[ 122.089587][ T6641] ? do_syscall_64+0xb6/0x230
[ 122.094306][ T6641] do_syscall_64+0xf3/0x230
[ 122.098975][ T6641] ? clear_bhb_loop+0x35/0x90
[ 122.103671][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 122.109571][ T6641] RIP: 0033:0x7f750c57e98f
[ 122.114246][ T6641] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 122.133948][ T6641] RSP: 002b:00007f750d30a020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 122.142631][ T6641] RAX: ffffffffffffffda RBX: 00007f750c745fa0 RCX: 00007f750c57e98f
[ 122.150863][ T6641] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 122.158827][ T6641] RBP: 00007f750c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 122.166790][ T6641] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 122.174925][ T6641] R13: 0000000000000000 R14: 00007f750c745fa0 R15: 00007ffd45d39c38
[ 122.182905][ T6641]
2024/12/22 22:45:52 executed programs: 3
[ 122.323126][ T6685] BUG: Bad page state in process syz.0.16 pfn:78155
[ 122.330278][ T6685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078155870 pfn:0x78155
[ 122.340527][ T6685] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 122.347849][ T6685] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 122.356577][ T6685] raw: ffff888078155870 0000000000000001 00000000ffffffff 0000000000000000
[ 122.365384][ T6685] page dumped because: page_pool leak
[ 122.370919][ T6685] page_owner tracks the page as allocated
[ 122.376798][ T6685] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6685, tgid 6683 (syz.0.16), ts 122323062220, free_ts 122311272848
[ 122.393979][ T6685] post_alloc_hook+0x1f3/0x230
[ 122.398959][ T6685] get_page_from_freelist+0x3651/0x37a0
[ 122.404854][ T6685] __alloc_pages_noprof+0x292/0x710
[ 122.410227][ T6685] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 122.416023][ T6685] __page_pool_alloc_pages_slow+0x122/0x690
[ 122.421993][ T6685] page_pool_alloc_pages+0xd0/0x1c0
[ 122.427324][ T6685] skb_pp_cow_data+0xc43/0x1640
[ 122.432253][ T6685] do_xdp_generic+0x505/0xd30
[ 122.437146][ T6685] __netif_receive_skb_core+0x1ce9/0x4690
[ 122.442925][ T6685] __netif_receive_skb+0x12f/0x650
[ 122.448178][ T6685] netif_receive_skb+0x1e8/0x890
[ 122.453284][ T6685] tun_rx_batched+0x1b7/0x8f0
[ 122.458022][ T6685] tun_get_user+0x30cc/0x48a0
[ 122.462952][ T6685] tun_chr_write_iter+0x10d/0x1f0
[ 122.468092][ T6685] vfs_write+0xaeb/0xd30
[ 122.472718][ T6685] ksys_write+0x18f/0x2b0
[ 122.477262][ T6685] page last free pid 6237 tgid 6229 stack trace:
[ 122.483911][ T6685] free_unref_page+0xd2c/0x1000
[ 122.488796][ T6685] __put_partials+0x160/0x1c0
[ 122.493686][ T6685] put_cpu_partial+0x17c/0x250
[ 122.498864][ T6685] __slab_free+0x290/0x380
[ 122.503607][ T6685] qlist_free_all+0x9a/0x140
[ 122.508273][ T6685] kasan_quarantine_reduce+0x14f/0x170
[ 122.513881][ T6685] __kasan_slab_alloc+0x23/0x80
[ 122.518752][ T6685] kmem_cache_alloc_node_noprof+0x1d9/0x380
[ 122.524696][ T6685] __alloc_skb+0x1c3/0x440
[ 122.529132][ T6685] tcp_stream_alloc_skb+0x3d/0x310
[ 122.534303][ T6685] tcp_sendmsg_locked+0xd96/0x4f30
[ 122.540042][ T6685] tcp_sendmsg+0x30/0x50
[ 122.544403][ T6685] __sock_sendmsg+0xef/0x270
[ 122.549264][ T6685] sock_write_iter+0x2d7/0x3f0
[ 122.554160][ T6685] vfs_write+0xaeb/0xd30
[ 122.558428][ T6685] ksys_write+0x18f/0x2b0
[ 122.562817][ T6685] Modules linked in:
[ 122.566740][ T6685] CPU: 1 UID: 0 PID: 6685 Comm: syz.0.16 Tainted: G B 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 122.578304][ T6685] Tainted: [B]=BAD_PAGE
[ 122.582638][ T6685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 122.592779][ T6685] Call Trace:
[ 122.596056][ T6685]
[ 122.599010][ T6685] dump_stack_lvl+0x241/0x360
[ 122.603689][ T6685] ? __pfx_dump_stack_lvl+0x10/0x10
[ 122.608887][ T6685] ? __pfx_print_modules+0x10/0x10
[ 122.613997][ T6685] bad_page+0x176/0x1d0
[ 122.618145][ T6685] free_unref_page+0xf9e/0x1000
[ 122.623250][ T6685] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 122.628911][ T6685] bpf_xdp_adjust_tail+0x1c3/0x200
[ 122.634432][ T6685] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 122.639996][ T6685] bpf_prog_run_generic_xdp+0x686/0x1510
[ 122.645686][ T6685] do_xdp_generic+0x757/0xd30
[ 122.650461][ T6685] ? __pfx_do_xdp_generic+0x10/0x10
[ 122.655668][ T6685] ? rcu_is_watching+0x15/0xb0
[ 122.660459][ T6685] ? rcu_is_watching+0x15/0xb0
[ 122.665221][ T6685] ? count_memcg_event_mm+0x94/0x420
[ 122.670517][ T6685] __netif_receive_skb_core+0x1ce9/0x4690
[ 122.676246][ T6685] ? handle_mm_fault+0x173f/0x1ad0
[ 122.681724][ T6685] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 122.687795][ T6685] ? rcu_is_watching+0x15/0xb0
[ 122.692556][ T6685] ? lock_release+0xbf/0xa30
[ 122.697153][ T6685] ? __pfx_lock_acquire+0x10/0x10
[ 122.702180][ T6685] ? __up_read+0x2c2/0x6b0
[ 122.706592][ T6685] ? rcu_is_watching+0x15/0xb0
[ 122.711355][ T6685] __netif_receive_skb+0x12f/0x650
[ 122.716552][ T6685] ? __pfx_lock_acquire+0x10/0x10
[ 122.721578][ T6685] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 122.727831][ T6685] ? __pfx___netif_receive_skb+0x10/0x10
[ 122.733529][ T6685] ? tun_rx_batched+0x160/0x8f0
[ 122.738373][ T6685] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 122.744380][ T6685] ? read_tsc+0x9/0x20
[ 122.748612][ T6685] ? ktime_get_with_offset+0x249/0x290
[ 122.754082][ T6685] ? netif_receive_skb+0x131/0x890
[ 122.759313][ T6685] netif_receive_skb+0x1e8/0x890
[ 122.764346][ T6685] ? tun_rx_batched+0x160/0x8f0
[ 122.769195][ T6685] ? __pfx_netif_receive_skb+0x10/0x10
[ 122.774663][ T6685] ? skb_set_owner_w+0x246/0x380
[ 122.779701][ T6685] ? tun_rx_batched+0x160/0x8f0
[ 122.784637][ T6685] tun_rx_batched+0x1b7/0x8f0
[ 122.789312][ T6685] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 122.795634][ T6685] ? __pfx_lock_acquire+0x10/0x10
[ 122.800647][ T6685] ? rcu_is_watching+0x15/0xb0
[ 122.805417][ T6685] ? __pfx_tun_rx_batched+0x10/0x10
[ 122.810691][ T6685] tun_get_user+0x30cc/0x48a0
[ 122.815397][ T6685] ? tun_get_user+0x2bba/0x48a0
[ 122.820266][ T6685] ? preempt_schedule_thunk+0x1a/0x30
[ 122.825658][ T6685] ? __pfx_tun_get_user+0x10/0x10
[ 122.830689][ T6685] ? try_to_wake_up+0x9c3/0x1470
[ 122.835717][ T6685] ? tun_get+0x1e/0x2f0
[ 122.839872][ T6685] ? rcu_is_watching+0x15/0xb0
[ 122.844628][ T6685] ? tun_get+0x1e/0x2f0
[ 122.848895][ T6685] ? lock_release+0xbf/0xa30
[ 122.853527][ T6685] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 122.858983][ T6685] ? __pfx_lock_release+0x10/0x10
[ 122.864021][ T6685] ? futex_wake+0x523/0x5c0
[ 122.868538][ T6685] ? tun_get+0x1e/0x2f0
[ 122.872702][ T6685] ? tun_get+0x27d/0x2f0
[ 122.877203][ T6685] tun_chr_write_iter+0x10d/0x1f0
[ 122.882239][ T6685] vfs_write+0xaeb/0xd30
[ 122.886480][ T6685] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 122.892130][ T6685] ? __pfx_vfs_write+0x10/0x10
[ 122.896891][ T6685] ? __fget_files+0x2a/0x410
[ 122.901586][ T6685] ? __fget_files+0x2a/0x410
[ 122.906266][ T6685] ksys_write+0x18f/0x2b0
[ 122.910793][ T6685] ? __pfx_ksys_write+0x10/0x10
[ 122.915718][ T6685] ? rcu_is_watching+0x15/0xb0
[ 122.920539][ T6685] ? rcu_is_watching+0x15/0xb0
[ 122.925323][ T6685] do_syscall_64+0xf3/0x230
[ 122.929836][ T6685] ? clear_bhb_loop+0x35/0x90
[ 122.934599][ T6685] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 122.940771][ T6685] RIP: 0033:0x7f750c57e98f
[ 122.945245][ T6685] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 122.965194][ T6685] RSP: 002b:00007f750d30a020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 122.973615][ T6685] RAX: ffffffffffffffda RBX: 00007f750c745fa0 RCX: 00007f750c57e98f
[ 122.981584][ T6685] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 122.989546][ T6685] RBP: 00007f750c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 122.997510][ T6685] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 123.005571][ T6685] R13: 0000000000000000 R14: 00007f750c745fa0 R15: 00007ffd45d39c38
[ 123.013545][ T6685]
[ 123.016601][ T6685] BUG: Bad page state in process syz.0.16 pfn:3528d
[ 123.023307][ T6685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803528df00 pfn:0x3528d
[ 123.033398][ T6685] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 123.040566][ T6685] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 123.049225][ T6685] raw: ffff88803528df00 0000000000000001 00000000ffffffff 0000000000000000
[ 123.057854][ T6685] page dumped because: page_pool leak
[ 123.063253][ T6685] page_owner tracks the page as allocated
[ 123.068976][ T6685] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6685, tgid 6683 (syz.0.16), ts 122323053028, free_ts 122311281558
[ 123.085865][ T6685] post_alloc_hook+0x1f3/0x230
[ 123.090661][ T6685] get_page_from_freelist+0x3651/0x37a0
[ 123.096238][ T6685] __alloc_pages_noprof+0x292/0x710
[ 123.101581][ T6685] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 123.107161][ T6685] __page_pool_alloc_pages_slow+0x122/0x690
[ 123.113180][ T6685] page_pool_alloc_pages+0xd0/0x1c0
[ 123.118710][ T6685] skb_pp_cow_data+0xc43/0x1640
[ 123.123686][ T6685] do_xdp_generic+0x505/0xd30
[ 123.128412][ T6685] __netif_receive_skb_core+0x1ce9/0x4690
[ 123.134274][ T6685] __netif_receive_skb+0x12f/0x650
[ 123.139492][ T6685] netif_receive_skb+0x1e8/0x890
[ 123.144471][ T6685] tun_rx_batched+0x1b7/0x8f0
[ 123.149189][ T6685] tun_get_user+0x30cc/0x48a0
[ 123.153927][ T6685] tun_chr_write_iter+0x10d/0x1f0
[ 123.159189][ T6685] vfs_write+0xaeb/0xd30
[ 123.164448][ T6685] ksys_write+0x18f/0x2b0
[ 123.168800][ T6685] page last free pid 6237 tgid 6229 stack trace:
[ 123.175157][ T6685] free_unref_page+0xd2c/0x1000
[ 123.180149][ T6685] __put_partials+0x160/0x1c0
[ 123.184847][ T6685] put_cpu_partial+0x17c/0x250
[ 123.189598][ T6685] __slab_free+0x290/0x380
[ 123.194087][ T6685] qlist_free_all+0x9a/0x140
[ 123.198784][ T6685] kasan_quarantine_reduce+0x14f/0x170
[ 123.204295][ T6685] __kasan_slab_alloc+0x23/0x80
[ 123.209159][ T6685] kmem_cache_alloc_node_noprof+0x1d9/0x380
[ 123.215273][ T6685] __alloc_skb+0x1c3/0x440
[ 123.219875][ T6685] tcp_stream_alloc_skb+0x3d/0x310
[ 123.225142][ T6685] tcp_sendmsg_locked+0xd96/0x4f30
[ 123.230422][ T6685] tcp_sendmsg+0x30/0x50
[ 123.234779][ T6685] __sock_sendmsg+0xef/0x270
[ 123.239533][ T6685] sock_write_iter+0x2d7/0x3f0
[ 123.244520][ T6685] vfs_write+0xaeb/0xd30
[ 123.248866][ T6685] ksys_write+0x18f/0x2b0
[ 123.253225][ T6685] Modules linked in:
[ 123.257238][ T6685] CPU: 1 UID: 0 PID: 6685 Comm: syz.0.16 Tainted: G B 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 123.268688][ T6685] Tainted: [B]=BAD_PAGE
[ 123.272833][ T6685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 123.282966][ T6685] Call Trace:
[ 123.286235][ T6685]
[ 123.289246][ T6685] dump_stack_lvl+0x241/0x360
[ 123.294204][ T6685] ? __pfx_dump_stack_lvl+0x10/0x10
[ 123.299427][ T6685] ? __pfx_print_modules+0x10/0x10
[ 123.304802][ T6685] bad_page+0x176/0x1d0
[ 123.308956][ T6685] free_unref_page+0xf9e/0x1000
[ 123.313804][ T6685] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 123.319516][ T6685] bpf_xdp_adjust_tail+0x1c3/0x200
[ 123.324624][ T6685] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 123.330281][ T6685] bpf_prog_run_generic_xdp+0x686/0x1510
[ 123.336011][ T6685] do_xdp_generic+0x757/0xd30
[ 123.340820][ T6685] ? __pfx_do_xdp_generic+0x10/0x10
[ 123.346547][ T6685] ? rcu_is_watching+0x15/0xb0
[ 123.351512][ T6685] ? rcu_is_watching+0x15/0xb0
[ 123.356396][ T6685] ? count_memcg_event_mm+0x94/0x420
[ 123.361678][ T6685] __netif_receive_skb_core+0x1ce9/0x4690
[ 123.367513][ T6685] ? handle_mm_fault+0x173f/0x1ad0
[ 123.372640][ T6685] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 123.378708][ T6685] ? rcu_is_watching+0x15/0xb0
[ 123.383490][ T6685] ? lock_release+0xbf/0xa30
[ 123.388164][ T6685] ? __pfx_lock_acquire+0x10/0x10
[ 123.393173][ T6685] ? __up_read+0x2c2/0x6b0
[ 123.397589][ T6685] ? rcu_is_watching+0x15/0xb0
[ 123.402353][ T6685] __netif_receive_skb+0x12f/0x650
[ 123.407459][ T6685] ? __pfx_lock_acquire+0x10/0x10
[ 123.412495][ T6685] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 123.418735][ T6685] ? __pfx___netif_receive_skb+0x10/0x10
[ 123.424371][ T6685] ? tun_rx_batched+0x160/0x8f0
[ 123.429211][ T6685] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 123.434919][ T6685] ? read_tsc+0x9/0x20
[ 123.438980][ T6685] ? ktime_get_with_offset+0x249/0x290
[ 123.444530][ T6685] ? netif_receive_skb+0x131/0x890
[ 123.449667][ T6685] netif_receive_skb+0x1e8/0x890
[ 123.454844][ T6685] ? tun_rx_batched+0x160/0x8f0
[ 123.459800][ T6685] ? __pfx_netif_receive_skb+0x10/0x10
[ 123.465273][ T6685] ? skb_set_owner_w+0x246/0x380
[ 123.470211][ T6685] ? tun_rx_batched+0x160/0x8f0
[ 123.475080][ T6685] tun_rx_batched+0x1b7/0x8f0
[ 123.479764][ T6685] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 123.486097][ T6685] ? __pfx_lock_acquire+0x10/0x10
[ 123.491140][ T6685] ? rcu_is_watching+0x15/0xb0
[ 123.495894][ T6685] ? __pfx_tun_rx_batched+0x10/0x10
[ 123.501088][ T6685] tun_get_user+0x30cc/0x48a0
[ 123.505772][ T6685] ? tun_get_user+0x2bba/0x48a0
[ 123.510645][ T6685] ? preempt_schedule_thunk+0x1a/0x30
[ 123.516012][ T6685] ? __pfx_tun_get_user+0x10/0x10
[ 123.521038][ T6685] ? try_to_wake_up+0x9c3/0x1470
[ 123.525983][ T6685] ? tun_get+0x1e/0x2f0
[ 123.530124][ T6685] ? rcu_is_watching+0x15/0xb0
[ 123.534870][ T6685] ? tun_get+0x1e/0x2f0
[ 123.539031][ T6685] ? lock_release+0xbf/0xa30
[ 123.543647][ T6685] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 123.549242][ T6685] ? __pfx_lock_release+0x10/0x10
[ 123.554373][ T6685] ? futex_wake+0x523/0x5c0
[ 123.558878][ T6685] ? tun_get+0x1e/0x2f0
[ 123.563033][ T6685] ? tun_get+0x27d/0x2f0
[ 123.567371][ T6685] tun_chr_write_iter+0x10d/0x1f0
[ 123.572672][ T6685] vfs_write+0xaeb/0xd30
[ 123.576936][ T6685] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 123.582654][ T6685] ? __pfx_vfs_write+0x10/0x10
[ 123.587599][ T6685] ? __fget_files+0x2a/0x410
[ 123.592184][ T6685] ? __fget_files+0x2a/0x410
[ 123.597026][ T6685] ksys_write+0x18f/0x2b0
[ 123.601465][ T6685] ? __pfx_ksys_write+0x10/0x10
[ 123.606444][ T6685] ? rcu_is_watching+0x15/0xb0
[ 123.611722][ T6685] ? rcu_is_watching+0x15/0xb0
[ 123.616759][ T6685] do_syscall_64+0xf3/0x230
[ 123.621282][ T6685] ? clear_bhb_loop+0x35/0x90
[ 123.625968][ T6685] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 123.631878][ T6685] RIP: 0033:0x7f750c57e98f
[ 123.636319][ T6685] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 123.656300][ T6685] RSP: 002b:00007f750d30a020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 123.664907][ T6685] RAX: ffffffffffffffda RBX: 00007f750c745fa0 RCX: 00007f750c57e98f
[ 123.672880][ T6685] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 123.680859][ T6685] RBP: 00007f750c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 123.689025][ T6685] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 123.697101][ T6685] R13: 0000000000000000 R14: 00007f750c745fa0 R15: 00007ffd45d39c38
[ 123.705645][ T6685]
[ 123.708841][ T6685] BUG: Bad page state in process syz.0.16 pfn:1243e
[ 123.716298][ T6685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801243e780 pfn:0x1243e
[ 123.726870][ T6685] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 123.734297][ T6685] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 123.743209][ T6685] raw: ffff88801243e780 0000000000000001 00000000ffffffff 0000000000000000
[ 123.752131][ T6685] page dumped because: page_pool leak
[ 123.757528][ T6685] page_owner tracks the page as allocated
[ 123.763750][ T6685] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6685, tgid 6683 (syz.0.16), ts 122323043779, free_ts 122311289131
[ 123.780664][ T6685] post_alloc_hook+0x1f3/0x230
[ 123.785456][ T6685] get_page_from_freelist+0x3651/0x37a0
[ 123.791043][ T6685] __alloc_pages_noprof+0x292/0x710
[ 123.796305][ T6685] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 123.801804][ T6685] __page_pool_alloc_pages_slow+0x122/0x690
[ 123.807715][ T6685] page_pool_alloc_pages+0xd0/0x1c0
[ 123.812958][ T6685] skb_pp_cow_data+0xc43/0x1640
[ 123.817844][ T6685] do_xdp_generic+0x505/0xd30
[ 123.822581][ T6685] __netif_receive_skb_core+0x1ce9/0x4690
[ 123.828343][ T6685] __netif_receive_skb+0x12f/0x650
[ 123.833701][ T6685] netif_receive_skb+0x1e8/0x890
[ 123.838746][ T6685] tun_rx_batched+0x1b7/0x8f0
[ 123.843638][ T6685] tun_get_user+0x30cc/0x48a0
[ 123.848353][ T6685] tun_chr_write_iter+0x10d/0x1f0
[ 123.853423][ T6685] vfs_write+0xaeb/0xd30
[ 123.857773][ T6685] ksys_write+0x18f/0x2b0
[ 123.862134][ T6685] page last free pid 6237 tgid 6229 stack trace:
[ 123.868565][ T6685] free_unref_page+0xd2c/0x1000
[ 123.873516][ T6685] __put_partials+0x160/0x1c0
[ 123.878202][ T6685] put_cpu_partial+0x17c/0x250
[ 123.883022][ T6685] __slab_free+0x290/0x380
[ 123.887541][ T6685] qlist_free_all+0x9a/0x140
[ 123.892167][ T6685] kasan_quarantine_reduce+0x14f/0x170
[ 123.897642][ T6685] __kasan_slab_alloc+0x23/0x80
[ 123.902653][ T6685] kmem_cache_alloc_node_noprof+0x1d9/0x380
[ 123.908684][ T6685] __alloc_skb+0x1c3/0x440
[ 123.913242][ T6685] tcp_stream_alloc_skb+0x3d/0x310
[ 123.918989][ T6685] tcp_sendmsg_locked+0xd96/0x4f30
[ 123.924176][ T6685] tcp_sendmsg+0x30/0x50
[ 123.928450][ T6685] __sock_sendmsg+0xef/0x270
[ 123.933214][ T6685] sock_write_iter+0x2d7/0x3f0
[ 123.938112][ T6685] vfs_write+0xaeb/0xd30
[ 123.942403][ T6685] ksys_write+0x18f/0x2b0
[ 123.946935][ T6685] Modules linked in:
[ 123.950872][ T6685] CPU: 1 UID: 0 PID: 6685 Comm: syz.0.16 Tainted: G B 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 123.962633][ T6685] Tainted: [B]=BAD_PAGE
[ 123.967135][ T6685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 123.977559][ T6685] Call Trace:
[ 123.980863][ T6685]
[ 123.983941][ T6685] dump_stack_lvl+0x241/0x360
[ 123.988742][ T6685] ? __pfx_dump_stack_lvl+0x10/0x10
[ 123.994054][ T6685] ? __pfx_print_modules+0x10/0x10
[ 123.999380][ T6685] bad_page+0x176/0x1d0
[ 124.003698][ T6685] free_unref_page+0xf9e/0x1000
[ 124.008575][ T6685] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 124.014224][ T6685] bpf_xdp_adjust_tail+0x1c3/0x200
[ 124.019335][ T6685] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 124.024790][ T6685] bpf_prog_run_generic_xdp+0x686/0x1510
[ 124.030505][ T6685] do_xdp_generic+0x757/0xd30
[ 124.035277][ T6685] ? __pfx_do_xdp_generic+0x10/0x10
[ 124.040668][ T6685] ? rcu_is_watching+0x15/0xb0
[ 124.053758][ T6685] ? rcu_is_watching+0x15/0xb0
[ 124.058563][ T6685] ? count_memcg_event_mm+0x94/0x420
[ 124.063878][ T6685] __netif_receive_skb_core+0x1ce9/0x4690
[ 124.069609][ T6685] ? handle_mm_fault+0x173f/0x1ad0
[ 124.074725][ T6685] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 124.080797][ T6685] ? rcu_is_watching+0x15/0xb0
[ 124.085637][ T6685] ? lock_release+0xbf/0xa30
[ 124.090246][ T6685] ? __pfx_lock_acquire+0x10/0x10
[ 124.095277][ T6685] ? __up_read+0x2c2/0x6b0
[ 124.099707][ T6685] ? rcu_is_watching+0x15/0xb0
[ 124.104479][ T6685] __netif_receive_skb+0x12f/0x650
[ 124.109592][ T6685] ? __pfx_lock_acquire+0x10/0x10
[ 124.114615][ T6685] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 124.120858][ T6685] ? __pfx___netif_receive_skb+0x10/0x10
[ 124.126506][ T6685] ? tun_rx_batched+0x160/0x8f0
[ 124.131363][ T6685] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 124.137204][ T6685] ? read_tsc+0x9/0x20
[ 124.141379][ T6685] ? ktime_get_with_offset+0x249/0x290
[ 124.147737][ T6685] ? netif_receive_skb+0x131/0x890
[ 124.153022][ T6685] netif_receive_skb+0x1e8/0x890
[ 124.157953][ T6685] ? tun_rx_batched+0x160/0x8f0
[ 124.162810][ T6685] ? __pfx_netif_receive_skb+0x10/0x10
[ 124.168290][ T6685] ? skb_set_owner_w+0x246/0x380
[ 124.173328][ T6685] ? tun_rx_batched+0x160/0x8f0
[ 124.178197][ T6685] tun_rx_batched+0x1b7/0x8f0
[ 124.182897][ T6685] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 124.189416][ T6685] ? __pfx_lock_acquire+0x10/0x10
[ 124.194438][ T6685] ? rcu_is_watching+0x15/0xb0
[ 124.199195][ T6685] ? __pfx_tun_rx_batched+0x10/0x10
[ 124.204485][ T6685] tun_get_user+0x30cc/0x48a0
[ 124.209155][ T6685] ? tun_get_user+0x2bba/0x48a0
[ 124.214090][ T6685] ? preempt_schedule_thunk+0x1a/0x30
[ 124.219540][ T6685] ? __pfx_tun_get_user+0x10/0x10
[ 124.224553][ T6685] ? try_to_wake_up+0x9c3/0x1470
[ 124.229586][ T6685] ? tun_get+0x1e/0x2f0
[ 124.233774][ T6685] ? rcu_is_watching+0x15/0xb0
[ 124.238601][ T6685] ? tun_get+0x1e/0x2f0
[ 124.242772][ T6685] ? lock_release+0xbf/0xa30
[ 124.247515][ T6685] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 124.252976][ T6685] ? __pfx_lock_release+0x10/0x10
[ 124.257996][ T6685] ? futex_wake+0x523/0x5c0
[ 124.262494][ T6685] ? tun_get+0x1e/0x2f0
[ 124.266637][ T6685] ? tun_get+0x27d/0x2f0
[ 124.271042][ T6685] tun_chr_write_iter+0x10d/0x1f0
[ 124.276073][ T6685] vfs_write+0xaeb/0xd30
[ 124.280310][ T6685] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 124.285842][ T6685] ? __pfx_vfs_write+0x10/0x10
[ 124.290609][ T6685] ? __fget_files+0x2a/0x410
[ 124.295216][ T6685] ? __fget_files+0x2a/0x410
[ 124.299809][ T6685] ksys_write+0x18f/0x2b0
[ 124.304138][ T6685] ? __pfx_ksys_write+0x10/0x10
[ 124.309014][ T6685] ? rcu_is_watching+0x15/0xb0
[ 124.313780][ T6685] ? rcu_is_watching+0x15/0xb0
[ 124.318535][ T6685] do_syscall_64+0xf3/0x230
[ 124.323034][ T6685] ? clear_bhb_loop+0x35/0x90
[ 124.327700][ T6685] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 124.333770][ T6685] RIP: 0033:0x7f750c57e98f
[ 124.338255][ T6685] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 124.358662][ T6685] RSP: 002b:00007f750d30a020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 124.367073][ T6685] RAX: ffffffffffffffda RBX: 00007f750c745fa0 RCX: 00007f750c57e98f
[ 124.375065][ T6685] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 124.383031][ T6685] RBP: 00007f750c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 124.391086][ T6685] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 124.399091][ T6685] R13: 0000000000000000 R14: 00007f750c745fa0 R15: 00007ffd45d39c38
[ 124.407094][ T6685]
[ 124.410148][ T6685] BUG: Bad page state in process syz.0.16 pfn:333e1
[ 124.416958][ T6685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880333e1960 pfn:0x333e1
[ 124.427085][ T6685] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 124.434277][ T6685] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 124.442936][ T6685] raw: ffff8880333e1960 0000000000000001 00000000ffffffff 0000000000000000
[ 124.451728][ T6685] page dumped because: page_pool leak
[ 124.457102][ T6685] page_owner tracks the page as allocated
[ 124.463112][ T6685] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6685, tgid 6683 (syz.0.16), ts 122323034367, free_ts 122311296492
[ 124.480190][ T6685] post_alloc_hook+0x1f3/0x230
[ 124.484966][ T6685] get_page_from_freelist+0x3651/0x37a0
[ 124.490541][ T6685] __alloc_pages_noprof+0x292/0x710
[ 124.495760][ T6685] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 124.501330][ T6685] __page_pool_alloc_pages_slow+0x122/0x690
[ 124.507246][ T6685] page_pool_alloc_pages+0xd0/0x1c0
[ 124.512503][ T6685] skb_pp_cow_data+0xc43/0x1640
[ 124.517370][ T6685] do_xdp_generic+0x505/0xd30
[ 124.522290][ T6685] __netif_receive_skb_core+0x1ce9/0x4690
[ 124.528198][ T6685] __netif_receive_skb+0x12f/0x650
[ 124.533547][ T6685] netif_receive_skb+0x1e8/0x890
[ 124.538503][ T6685] tun_rx_batched+0x1b7/0x8f0
[ 124.543216][ T6685] tun_get_user+0x30cc/0x48a0
[ 124.547910][ T6685] tun_chr_write_iter+0x10d/0x1f0
[ 124.553243][ T6685] vfs_write+0xaeb/0xd30
[ 124.558071][ T6685] ksys_write+0x18f/0x2b0
[ 124.562445][ T6685] page last free pid 6237 tgid 6229 stack trace:
[ 124.568782][ T6685] free_unref_page+0xd2c/0x1000
[ 124.573673][ T6685] __put_partials+0x160/0x1c0
[ 124.578396][ T6685] put_cpu_partial+0x17c/0x250
[ 124.583197][ T6685] __slab_free+0x290/0x380
[ 124.587733][ T6685] qlist_free_all+0x9a/0x140
[ 124.592419][ T6685] kasan_quarantine_reduce+0x14f/0x170
[ 124.597903][ T6685] __kasan_slab_alloc+0x23/0x80
[ 124.602796][ T6685] kmem_cache_alloc_node_noprof+0x1d9/0x380
[ 124.608885][ T6685] __alloc_skb+0x1c3/0x440
[ 124.613342][ T6685] tcp_stream_alloc_skb+0x3d/0x310
[ 124.618630][ T6685] tcp_sendmsg_locked+0xd96/0x4f30
[ 124.623791][ T6685] tcp_sendmsg+0x30/0x50
[ 124.628304][ T6685] __sock_sendmsg+0xef/0x270
[ 124.633401][ T6685] sock_write_iter+0x2d7/0x3f0
[ 124.638244][ T6685] vfs_write+0xaeb/0xd30
[ 124.642602][ T6685] ksys_write+0x18f/0x2b0
[ 124.646947][ T6685] Modules linked in:
[ 124.650873][ T6685] CPU: 1 UID: 0 PID: 6685 Comm: syz.0.16 Tainted: G B 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 124.662334][ T6685] Tainted: [B]=BAD_PAGE
[ 124.666471][ T6685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 124.676537][ T6685] Call Trace:
[ 124.680106][ T6685]
[ 124.683043][ T6685] dump_stack_lvl+0x241/0x360
[ 124.687722][ T6685] ? __pfx_dump_stack_lvl+0x10/0x10
[ 124.692917][ T6685] ? __pfx_print_modules+0x10/0x10
[ 124.698037][ T6685] bad_page+0x176/0x1d0
[ 124.702258][ T6685] free_unref_page+0xf9e/0x1000
[ 124.707130][ T6685] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 124.712971][ T6685] bpf_xdp_adjust_tail+0x1c3/0x200
[ 124.718317][ T6685] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 124.723781][ T6685] bpf_prog_run_generic_xdp+0x686/0x1510
[ 124.729592][ T6685] do_xdp_generic+0x757/0xd30
[ 124.734325][ T6685] ? __pfx_do_xdp_generic+0x10/0x10
[ 124.739703][ T6685] ? rcu_is_watching+0x15/0xb0
[ 124.744659][ T6685] ? rcu_is_watching+0x15/0xb0
[ 124.749459][ T6685] ? count_memcg_event_mm+0x94/0x420
[ 124.754853][ T6685] __netif_receive_skb_core+0x1ce9/0x4690
[ 124.760584][ T6685] ? handle_mm_fault+0x173f/0x1ad0
[ 124.765710][ T6685] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 124.771784][ T6685] ? rcu_is_watching+0x15/0xb0
[ 124.776548][ T6685] ? lock_release+0xbf/0xa30
[ 124.781133][ T6685] ? __pfx_lock_acquire+0x10/0x10
[ 124.786173][ T6685] ? __up_read+0x2c2/0x6b0
[ 124.790594][ T6685] ? rcu_is_watching+0x15/0xb0
[ 124.795351][ T6685] __netif_receive_skb+0x12f/0x650
[ 124.800478][ T6685] ? __pfx_lock_acquire+0x10/0x10
[ 124.805542][ T6685] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 124.811810][ T6685] ? __pfx___netif_receive_skb+0x10/0x10
[ 124.817444][ T6685] ? tun_rx_batched+0x160/0x8f0
[ 124.822295][ T6685] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 124.828015][ T6685] ? read_tsc+0x9/0x20
[ 124.832277][ T6685] ? ktime_get_with_offset+0x249/0x290
[ 124.837836][ T6685] ? netif_receive_skb+0x131/0x890
[ 124.842955][ T6685] netif_receive_skb+0x1e8/0x890
[ 124.847889][ T6685] ? tun_rx_batched+0x160/0x8f0
[ 124.852732][ T6685] ? __pfx_netif_receive_skb+0x10/0x10
[ 124.858182][ T6685] ? skb_set_owner_w+0x246/0x380
[ 124.863112][ T6685] ? tun_rx_batched+0x160/0x8f0
[ 124.867986][ T6685] tun_rx_batched+0x1b7/0x8f0
[ 124.872676][ T6685] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 124.879098][ T6685] ? __pfx_lock_acquire+0x10/0x10
[ 124.884114][ T6685] ? rcu_is_watching+0x15/0xb0
[ 124.888868][ T6685] ? __pfx_tun_rx_batched+0x10/0x10
[ 124.894169][ T6685] tun_get_user+0x30cc/0x48a0
[ 124.898881][ T6685] ? tun_get_user+0x2bba/0x48a0
[ 124.903772][ T6685] ? preempt_schedule_thunk+0x1a/0x30
[ 124.909231][ T6685] ? __pfx_tun_get_user+0x10/0x10
[ 124.914299][ T6685] ? try_to_wake_up+0x9c3/0x1470
[ 124.919359][ T6685] ? tun_get+0x1e/0x2f0
[ 124.923517][ T6685] ? rcu_is_watching+0x15/0xb0
[ 124.928337][ T6685] ? tun_get+0x1e/0x2f0
[ 124.932494][ T6685] ? lock_release+0xbf/0xa30
[ 124.937163][ T6685] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 124.942715][ T6685] ? __pfx_lock_release+0x10/0x10
[ 124.947727][ T6685] ? futex_wake+0x523/0x5c0
[ 124.952220][ T6685] ? tun_get+0x1e/0x2f0
[ 124.956366][ T6685] ? tun_get+0x27d/0x2f0
[ 124.960622][ T6685] tun_chr_write_iter+0x10d/0x1f0
[ 124.965811][ T6685] vfs_write+0xaeb/0xd30
[ 124.970060][ T6685] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 124.975597][ T6685] ? __pfx_vfs_write+0x10/0x10
[ 124.980366][ T6685] ? __fget_files+0x2a/0x410
[ 124.984959][ T6685] ? __fget_files+0x2a/0x410
[ 124.989579][ T6685] ksys_write+0x18f/0x2b0
[ 124.993922][ T6685] ? __pfx_ksys_write+0x10/0x10
[ 124.998949][ T6685] ? rcu_is_watching+0x15/0xb0
[ 125.003712][ T6685] ? rcu_is_watching+0x15/0xb0
[ 125.008474][ T6685] do_syscall_64+0xf3/0x230
[ 125.012983][ T6685] ? clear_bhb_loop+0x35/0x90
[ 125.017655][ T6685] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 125.023656][ T6685] RIP: 0033:0x7f750c57e98f
[ 125.028073][ T6685] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 125.048177][ T6685] RSP: 002b:00007f750d30a020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 125.056680][ T6685] RAX: ffffffffffffffda RBX: 00007f750c745fa0 RCX: 00007f750c57e98f
[ 125.064942][ T6685] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 125.072922][ T6685] RBP: 00007f750c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 125.081064][ T6685] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[ 125.089088][ T6685] R13: 0000000000000000 R14: 00007f750c745fa0 R15: 00007ffd45d39c38
[ 125.097276][ T6685]
[ 125.100331][ T6685] BUG: Bad page state in process syz.0.16 pfn:32c3e
[ 125.107012][ T6685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888032c3ef00 pfn:0x32c3e
[ 125.117210][ T6685] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 125.124411][ T6685] raw: 00fff00000000000 dead000000000040 ffff8880212ba000 0000000000000000
[ 125.133251][ T6685] raw: ffff888032c3ef00 0000000000000001 00000000ffffffff 0000000000000000
[ 125.142345][ T6685] page dumped because: page_pool leak
[ 125.147790][ T6685] page_owner tracks the page as allocated
[ 125.153817][ T6685] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6685, tgid 6683 (syz.0.16), ts 122323024932, free_ts 122319238718
[ 125.171234][ T6685] post_alloc_hook+0x1f3/0x230
[ 125.176111][ T6685] get_page_from_freelist+0x3651/0x37a0
[ 125.181701][ T6685] __alloc_pages_noprof+0x292/0x710
[ 125.186915][ T6685] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 125.192415][ T6685] __page_pool_alloc_pages_slow+0x122/0x690
[ 125.198323][ T6685] page_pool_alloc_pages+0xd0/0x1c0
[ 125.203556][ T6685] skb_pp_cow_data+0xc43/0x1640
[ 125.208438][ T6685] do_xdp_generic+0x505/0xd30
[ 125.213240][ T6685] __netif_receive_skb_core+0x1ce9/0x4690
[ 125.218981][ T6685] __netif_receive_skb+0x12f/0x650
[ 125.224127][ T6685] netif_receive_skb+0x1e8/0x890
[ 125.229083][ T6685] tun_rx_batched+0x1b7/0x8f0
[ 125.234058][ T6685] tun_get_user+0x30cc/0x48a0
[ 125.238747][ T6685] tun_chr_write_iter+0x10d/0x1f0
[ 125.243825][ T6685] vfs_write+0xaeb/0xd30
[ 125.248295][ T6685] ksys_write+0x18f/0x2b0
[ 125.252657][ T6685] page last free pid 6685 tgid 6683 stack trace:
[ 125.258995][ T6685] free_unref_page+0xd2c/0x1000
[ 125.263947][ T6685] vfree+0x1c3/0x360
[ 125.267865][ T6685] bpf_prog_calc_tag+0x663/0x900
[ 125.273000][ T6685] resolve_pseudo_ldimm64+0xe0/0x1240
[ 125.278399][ T6685] bpf_check+0x7c07/0x1fc90
[ 125.282935][ T6685] bpf_prog_load+0x1667/0x20f0
[ 125.287902][ T6685] __sys_bpf+0x4ee/0x810
[ 125.292268][ T6685] __x64_sys_bpf+0x7c/0x90
[ 125.296711][ T6685] do_syscall_64+0xf3/0x230
[ 125.301356][ T6685] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 125.307282][ T6685] Modules linked in:
[ 125.311278][ T6685] CPU: 1 UID: 0 PID: 6685 Comm: syz.0.16 Tainted: G B 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[ 125.323114][ T6685] Tainted: [B]=BAD_PAGE
[ 125.327258][ T6685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 125.337397][ T6685] Call Trace:
[ 125.340756][ T6685]
[ 125.343709][ T6685] dump_stack_lvl+0x241/0x360
[ 125.348490][ T6685] ? __pfx_dump_stack_lvl+0x10/0x10
[ 125.353692][ T6685] ? __pfx_print_modules+0x10/0x10
[ 125.358804][ T6685] bad_page+0x176/0x1d0
[ 125.362977][ T6685] free_unref_page+0xf9e/0x1000
[ 125.367864][ T6685] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 125.373696][ T6685] bpf_xdp_adjust_tail+0x1c3/0x200
[ 125.378817][ T6685] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 125.384285][ T6685] bpf_prog_run_generic_xdp+0x686/0x1510
[ 125.389948][ T6685] do_xdp_generic+0x757/0xd30
[ 125.394649][ T6685] ? __pfx_do_xdp_generic+0x10/0x10
[ 125.399940][ T6685] ? rcu_is_watching+0x15/0xb0
[ 125.404736][ T6685] ? rcu_is_watching+0x15/0xb0
[ 125.409541][ T6685] ? count_memcg_event_mm+0x94/0x420
[ 125.414841][ T6685] __netif_receive_skb_core+0x1ce9/0x4690
[ 125.420565][ T6685] ? handle_mm_fault+0x173f/0x1ad0
[ 125.425780][ T6685] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 125.431840][ T6685] ? rcu_is_watching+0x15/0xb0
[ 125.436888][ T6685] ? lock_release+0xbf/0xa30
[ 125.441468][ T6685] ? __pfx_lock_acquire+0x10/0x10
[ 125.446595][ T6685] ? __up_read+0x2c2/0x6b0
[ 125.451029][ T6685] ? rcu_is_watching+0x15/0xb0
[ 125.455789][ T6685] __netif_receive_skb+0x12f/0x650
[ 125.460901][ T6685] ? __pfx_lock_acquire+0x10/0x10
[ 125.465921][ T6685] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 125.472266][ T6685] ? __pfx___netif_receive_skb+0x10/0x10
[ 125.477906][ T6685] ? tun_rx_batched+0x160/0x8f0