Warning: Permanently added '10.128.0.128' (ED25519) to the list of known hosts.
2024/12/22 23:30:13 ignoring optional flag "sandboxArg"="0"
2024/12/22 23:30:13 parsed 1 programs
[  105.219215][ T6279] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  108.583898][ T6319] chnl_net:caif_netlink_parms(): no params data found
[  108.636187][ T6319] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.643421][ T6319] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.650537][ T6319] bridge_slave_0: entered allmulticast mode
[  108.657607][ T6319] bridge_slave_0: entered promiscuous mode
[  108.665883][ T6319] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.673199][ T6319] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.680345][ T6319] bridge_slave_1: entered allmulticast mode
[  108.687408][ T6319] bridge_slave_1: entered promiscuous mode
[  108.712877][ T6319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.724595][ T6319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.755778][ T6319] team0: Port device team_slave_0 added
[  108.763638][ T6319] team0: Port device team_slave_1 added
[  108.780677][ T6319] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.787718][ T6319] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.813947][ T6319] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.825888][ T6319] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.832925][ T6319] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.858867][ T6319] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.887293][ T6319] hsr_slave_0: entered promiscuous mode
[  108.899650][ T6319] hsr_slave_1: entered promiscuous mode
[  109.403109][ T6319] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  109.418772][ T6319] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  109.428925][ T6319] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  109.440716][ T6319] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  109.471198][ T6319] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.478627][ T6319] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.486982][ T6319] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.494253][ T6319] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.558296][ T6319] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.575071][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.584466][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.603834][ T6319] 8021q: adding VLAN 0 to HW filter on device team0
[  109.617287][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.624490][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.636785][ T2206] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.643977][ T2206] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.829596][ T6319] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.868582][ T6319] veth0_vlan: entered promiscuous mode
[  109.880434][ T6319] veth1_vlan: entered promiscuous mode
[  109.914642][ T6319] veth0_macvtap: entered promiscuous mode
[  109.925262][ T6319] veth1_macvtap: entered promiscuous mode
[  109.943268][ T6319] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.960793][ T6319] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.975721][ T6319] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.985357][ T6319] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.995929][ T6319] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.006389][ T6319] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.157366][ T2206] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.197008][ T5880] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  110.207444][ T5880] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  110.216618][ T5880] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  110.225312][ T5880] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  110.240570][ T5880] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  110.248238][ T5880] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  110.273303][ T2206] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.354108][ T2206] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.477075][ T2206] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.895103][ T2930] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.912883][ T2930] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.937335][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.945876][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/12/22 23:30:24 executed programs: 0
[  112.525297][ T5880] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  112.563034][ T5880] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  112.572541][ T5880] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  112.581156][ T5880] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  112.590266][ T5880] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  112.598283][ T5880] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  112.797116][ T6498] chnl_net:caif_netlink_parms(): no params data found
[  112.899282][ T6498] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.907304][ T6498] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.915616][ T6498] bridge_slave_0: entered allmulticast mode
[  112.923662][ T6498] bridge_slave_0: entered promiscuous mode
[  112.932415][ T6498] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.939921][ T6498] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.947854][ T6498] bridge_slave_1: entered allmulticast mode
[  112.955529][ T6498] bridge_slave_1: entered promiscuous mode
[  112.985622][ T6498] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  112.997346][ T6498] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  113.030417][ T6498] team0: Port device team_slave_0 added
[  113.041279][ T6498] team0: Port device team_slave_1 added
[  113.074256][ T6498] batman_adv: batadv0: Adding interface: batadv_slave_0
[  113.081283][ T6498] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.110738][ T6498] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  113.124428][ T6498] batman_adv: batadv0: Adding interface: batadv_slave_1
[  113.132448][ T6498] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.158861][ T6498] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  113.208018][ T6498] hsr_slave_0: entered promiscuous mode
[  113.217349][ T6498] hsr_slave_1: entered promiscuous mode
[  113.229816][ T6498] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  113.245383][ T6498] Cannot create hsr debugfs directory
[  113.367526][ T2206] bridge_slave_1: left allmulticast mode
[  113.378245][ T2206] bridge_slave_1: left promiscuous mode
[  113.385318][ T2206] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.394333][ T2206] bridge_slave_0: left allmulticast mode
[  113.400030][ T2206] bridge_slave_0: left promiscuous mode
[  113.406166][ T2206] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.732627][ T2206] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  113.745260][ T2206] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  113.755759][ T2206] bond0 (unregistering): Released all slaves
[  113.858235][ T2206] hsr_slave_0: left promiscuous mode
[  113.864832][ T2206] hsr_slave_1: left promiscuous mode
[  113.871098][ T2206] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  113.879828][ T2206] batman_adv: batadv0: Removing interface: batadv_slave_0
[  113.893172][ T2206] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  113.900873][ T2206] batman_adv: batadv0: Removing interface: batadv_slave_1
[  113.922564][ T2206] veth1_macvtap: left promiscuous mode
[  113.928280][ T2206] veth0_macvtap: left promiscuous mode
[  113.935313][ T2206] veth1_vlan: left promiscuous mode
[  113.940807][ T2206] veth0_vlan: left promiscuous mode
[  114.264236][ T2206] team0 (unregistering): Port device team_slave_1 removed
[  114.294561][ T2206] team0 (unregistering): Port device team_slave_0 removed
[  114.622042][ T5880] Bluetooth: hci0: command tx timeout
[  115.175377][ T6498] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  115.188454][ T6498] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  115.210388][ T6498] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  115.227215][ T6498] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  115.487708][ T6498] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.509184][ T6498] 8021q: adding VLAN 0 to HW filter on device team0
[  115.526632][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.533915][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.603048][ T2994] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.610199][ T2994] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.973314][ T6498] 8021q: adding VLAN 0 to HW filter on device batadv0
[  116.009625][ T6498] veth0_vlan: entered promiscuous mode
[  116.024999][ T6498] veth1_vlan: entered promiscuous mode
[  116.059522][ T6498] veth0_macvtap: entered promiscuous mode
[  116.069191][ T6498] veth1_macvtap: entered promiscuous mode
[  116.092775][ T6498] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.106757][ T6498] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.120373][ T6498] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.130723][ T6498] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.143205][ T6498] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.152481][ T6498] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.232636][ T2206] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.240607][ T2206] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.274697][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.283116][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.366855][ T6625] BUG: Bad page state in process syz.0.15  pfn:63651
[  116.373812][ T6625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x63651
[  116.382788][ T6625] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  116.389972][ T6625] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  116.398741][ T6625] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  116.407410][ T6625] page dumped because: page_pool leak
[  116.412968][ T6625] page_owner tracks the page as allocated
[  116.418954][ T6625] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6625, tgid 6623 (syz.0.15), ts 116366752917, free_ts 112677199484
[  116.436275][ T6625]  post_alloc_hook+0x1f3/0x230
[  116.441102][ T6625]  get_page_from_freelist+0x3651/0x37a0
[  116.446757][ T6625]  __alloc_pages_noprof+0x292/0x710
[  116.452148][ T6625]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  116.457651][ T6625]  __page_pool_alloc_pages_slow+0x122/0x690
[  116.463642][ T6625]  page_pool_alloc_pages+0xd0/0x1c0
[  116.468884][ T6625]  skb_pp_cow_data+0xc43/0x1640
[  116.474031][ T6625]  do_xdp_generic+0x505/0xd30
[  116.478837][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  116.484652][ T6625]  __netif_receive_skb+0x12f/0x650
[  116.489795][ T6625]  netif_receive_skb+0x1e8/0x890
[  116.494831][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  116.499558][ T6625]  tun_get_user+0x30cc/0x48a0
[  116.504327][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  116.509385][ T6625]  vfs_write+0xaeb/0xd30
[  116.513729][ T6625]  ksys_write+0x18f/0x2b0
[  116.518628][ T6625] page last free pid 6482 tgid 6482 stack trace:
[  116.525126][ T6625]  free_unref_page+0xd2c/0x1000
[  116.530013][ T6625]  vfree+0x1c3/0x360
[  116.534000][ T6625]  kcov_close+0x28/0x50
[  116.538330][ T6625]  __fput+0x23c/0xa50
[  116.542399][ T6625]  task_work_run+0x24f/0x310
[  116.547202][ T6625]  do_exit+0xa2a/0x28e0
[  116.552594][ T6625]  do_group_exit+0x207/0x2c0
[  116.557326][ T6625]  get_signal+0x16b2/0x1750
[  116.561958][ T6625]  arch_do_signal_or_restart+0x96/0x860
[  116.567722][ T6625]  syscall_exit_to_user_mode+0xce/0x340
[  116.573541][ T6625]  do_syscall_64+0x100/0x230
[  116.578277][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.584274][ T6625] Modules linked in:
[  116.588234][ T6625] CPU: 0 UID: 0 PID: 6625 Comm: syz.0.15 Not tainted 6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  116.598332][ T6625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  116.608604][ T6625] Call Trace:
[  116.611910][ T6625]  <TASK>
[  116.614861][ T6625]  dump_stack_lvl+0x241/0x360
[  116.619587][ T6625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.625042][ T6625]  ? __pfx_print_modules+0x10/0x10
[  116.630209][ T6625]  bad_page+0x176/0x1d0
[  116.634407][ T6625]  free_unref_page+0xf9e/0x1000
[  116.639483][ T6625]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  116.645190][ T6625]  bpf_xdp_adjust_tail+0x1c3/0x200
[  116.650444][ T6625]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  116.656037][ T6625]  bpf_prog_run_generic_xdp+0x686/0x1510
[  116.662279][ T6625]  do_xdp_generic+0x757/0xd30
[  116.667252][ T6625]  ? __pfx_do_xdp_generic+0x10/0x10
[  116.672602][ T6625]  ? __skb_flow_dissect+0x4f1/0x7d00
[  116.678043][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  116.683919][ T6625]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  116.690036][ T6625]  ? mark_lock+0x9a/0x360
[  116.694412][ T6625]  ? __lock_acquire+0x1397/0x2100
[  116.699494][ T6625]  __netif_receive_skb+0x12f/0x650
[  116.704765][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  116.709824][ T6625]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  116.716117][ T6625]  ? __pfx___netif_receive_skb+0x10/0x10
[  116.721797][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  116.726779][ T6625]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  116.732592][ T6625]  ? read_tsc+0x9/0x20
[  116.736794][ T6625]  ? netif_receive_skb+0x131/0x890
[  116.742036][ T6625]  ? netif_receive_skb+0x131/0x890
[  116.747198][ T6625]  netif_receive_skb+0x1e8/0x890
[  116.752181][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  116.757182][ T6625]  ? __pfx_netif_receive_skb+0x10/0x10
[  116.762800][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  116.767737][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  116.772511][ T6625]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  116.778984][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  116.784053][ T6625]  ? __pfx_tun_rx_batched+0x10/0x10
[  116.789314][ T6625]  tun_get_user+0x30cc/0x48a0
[  116.794048][ T6625]  ? tun_get_user+0x2bba/0x48a0
[  116.798968][ T6625]  ? __lock_acquire+0x1397/0x2100
[  116.804047][ T6625]  ? __pfx_tun_get_user+0x10/0x10
[  116.809149][ T6625]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  116.814660][ T6625]  ? tun_get+0x1e/0x2f0
[  116.818863][ T6625]  ? __pfx_lock_release+0x10/0x10
[  116.824205][ T6625]  ? tun_get+0x1e/0x2f0
[  116.828496][ T6625]  ? tun_get+0x27d/0x2f0
[  116.832784][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  116.837947][ T6625]  vfs_write+0xaeb/0xd30
[  116.842243][ T6625]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  116.847834][ T6625]  ? __pfx_vfs_write+0x10/0x10
[  116.852646][ T6625]  ? __fget_files+0x2a/0x410
[  116.857278][ T6625]  ? __fget_files+0x2a/0x410
[  116.861916][ T6625]  ksys_write+0x18f/0x2b0
[  116.866404][ T6625]  ? __pfx_ksys_write+0x10/0x10
[  116.871482][ T6625]  ? do_syscall_64+0x100/0x230
[  116.876302][ T6625]  ? do_syscall_64+0xb6/0x230
[  116.881136][ T6625]  do_syscall_64+0xf3/0x230
[  116.886144][ T6625]  ? clear_bhb_loop+0x35/0x90
[  116.890972][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.897040][ T6625] RIP: 0033:0x7fcec0d7e98f
[  116.902224][ T6625] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  116.922134][ T6625] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  116.930940][ T6625] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  116.939073][ T6625] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  116.947276][ T6625] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  116.955296][ T6625] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  116.963399][ T6625] R13: 0000000000000000 R14: 00007fcec0f45fa0 R15: 00007fffa35fcab8
[  116.971508][ T6625]  </TASK>
[  116.974671][ T6625] Disabling lock debugging due to kernel taint
[  116.980847][ T6625] BUG: Bad page state in process syz.0.15  pfn:28635
[  116.987761][ T6625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888028635e88 pfn:0x28635
[  116.997922][ T6625] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  117.005112][ T6625] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  117.013764][ T6625] raw: ffff888028635e88 0000000000000001 00000000ffffffff 0000000000000000
[  117.022671][ T6625] page dumped because: page_pool leak
[  117.028136][ T6625] page_owner tracks the page as allocated
[  117.033945][ T6625] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6625, tgid 6623 (syz.0.15), ts 116366742005, free_ts 112677217290
[  117.051725][ T6625]  post_alloc_hook+0x1f3/0x230
[  117.056561][ T6625]  get_page_from_freelist+0x3651/0x37a0
[  117.062280][ T6625]  __alloc_pages_noprof+0x292/0x710
[  117.067515][ T6625]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  117.073143][ T6625]  __page_pool_alloc_pages_slow+0x122/0x690
[  117.079069][ T6625]  page_pool_alloc_pages+0xd0/0x1c0
[  117.084612][ T6625]  skb_pp_cow_data+0xc43/0x1640
[  117.089585][ T6625]  do_xdp_generic+0x505/0xd30
[  117.094345][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  117.100136][ T6625]  __netif_receive_skb+0x12f/0x650
[  117.105342][ T6625]  netif_receive_skb+0x1e8/0x890
[  117.110314][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  117.115262][ T6625]  tun_get_user+0x30cc/0x48a0
[  117.120065][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  117.125213][ T6625]  vfs_write+0xaeb/0xd30
[  117.129497][ T6625]  ksys_write+0x18f/0x2b0
[  117.133996][ T6625] page last free pid 6482 tgid 6482 stack trace:
[  117.140522][ T6625]  free_unref_page+0xd2c/0x1000
[  117.145617][ T6625]  vfree+0x1c3/0x360
[  117.149628][ T6625]  kcov_close+0x28/0x50
[  117.154044][ T6625]  __fput+0x23c/0xa50
[  117.158241][ T6625]  task_work_run+0x24f/0x310
[  117.162907][ T6625]  do_exit+0xa2a/0x28e0
[  117.167091][ T6625]  do_group_exit+0x207/0x2c0
[  117.171946][ T6625]  get_signal+0x16b2/0x1750
[  117.176482][ T6625]  arch_do_signal_or_restart+0x96/0x860
[  117.182283][ T6625]  syscall_exit_to_user_mode+0xce/0x340
[  117.187885][ T6625]  do_syscall_64+0x100/0x230
[  117.192554][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.198495][ T6625] Modules linked in:
[  117.202467][ T6625] CPU: 0 UID: 0 PID: 6625 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  117.214051][ T6625] Tainted: [B]=BAD_PAGE
[  117.218278][ T6625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  117.228325][ T6625] Call Trace:
[  117.231595][ T6625]  <TASK>
[  117.234520][ T6625]  dump_stack_lvl+0x241/0x360
[  117.239197][ T6625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.244412][ T6625]  ? __pfx_print_modules+0x10/0x10
[  117.249553][ T6625]  bad_page+0x176/0x1d0
[  117.253811][ T6625]  free_unref_page+0xf9e/0x1000
[  117.258660][ T6625]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  117.264382][ T6625]  bpf_xdp_adjust_tail+0x1c3/0x200
[  117.269579][ T6625]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  117.275090][ T6625]  bpf_prog_run_generic_xdp+0x686/0x1510
[  117.280755][ T6625]  do_xdp_generic+0x757/0xd30
[  117.285480][ T6625]  ? __pfx_do_xdp_generic+0x10/0x10
[  117.290695][ T6625]  ? __skb_flow_dissect+0x4f1/0x7d00
[  117.296002][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  117.301902][ T6625]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  117.307978][ T6625]  ? mark_lock+0x9a/0x360
[  117.312319][ T6625]  ? __lock_acquire+0x1397/0x2100
[  117.317388][ T6625]  __netif_receive_skb+0x12f/0x650
[  117.322930][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  117.327942][ T6625]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  117.334181][ T6625]  ? __pfx___netif_receive_skb+0x10/0x10
[  117.339820][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  117.344846][ T6625]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  117.350846][ T6625]  ? read_tsc+0x9/0x20
[  117.354936][ T6625]  ? netif_receive_skb+0x131/0x890
[  117.360138][ T6625]  ? netif_receive_skb+0x131/0x890
[  117.365339][ T6625]  netif_receive_skb+0x1e8/0x890
[  117.370344][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  117.375191][ T6625]  ? __pfx_netif_receive_skb+0x10/0x10
[  117.380647][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  117.385579][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  117.390259][ T6625]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  117.396668][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  117.401769][ T6625]  ? __pfx_tun_rx_batched+0x10/0x10
[  117.407057][ T6625]  tun_get_user+0x30cc/0x48a0
[  117.411868][ T6625]  ? tun_get_user+0x2bba/0x48a0
[  117.416739][ T6625]  ? __lock_acquire+0x1397/0x2100
[  117.421955][ T6625]  ? __pfx_tun_get_user+0x10/0x10
[  117.427077][ T6625]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  117.432709][ T6625]  ? tun_get+0x1e/0x2f0
[  117.436953][ T6625]  ? __pfx_lock_release+0x10/0x10
[  117.441988][ T6625]  ? tun_get+0x1e/0x2f0
[  117.446228][ T6625]  ? tun_get+0x27d/0x2f0
[  117.450497][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  117.455519][ T6625]  vfs_write+0xaeb/0xd30
[  117.459781][ T6625]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  117.465356][ T6625]  ? __pfx_vfs_write+0x10/0x10
[  117.470130][ T6625]  ? __fget_files+0x2a/0x410
[  117.475270][ T6625]  ? __fget_files+0x2a/0x410
[  117.479856][ T6625]  ksys_write+0x18f/0x2b0
[  117.484706][ T6625]  ? __pfx_ksys_write+0x10/0x10
[  117.489547][ T6625]  ? do_syscall_64+0x100/0x230
[  117.494312][ T6625]  ? do_syscall_64+0xb6/0x230
[  117.498985][ T6625]  do_syscall_64+0xf3/0x230
[  117.503658][ T6625]  ? clear_bhb_loop+0x35/0x90
[  117.508332][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.514222][ T6625] RIP: 0033:0x7fcec0d7e98f
[  117.518635][ T6625] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  117.538531][ T6625] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  117.547333][ T6625] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  117.555591][ T6625] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  117.563569][ T6625] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  117.571620][ T6625] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  117.579579][ T6625] R13: 0000000000000000 R14: 00007fcec0f45fa0 R15: 00007fffa35fcab8
[  117.587637][ T6625]  </TASK>
[  117.590844][ T6625] BUG: Bad page state in process syz.0.15  pfn:32ffc
[  117.597593][ T6625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888032ffce88 pfn:0x32ffc
[  117.607713][ T6625] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  117.614877][ T6625] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  117.623617][ T6625] raw: ffff888032ffce88 0000000000000001 00000000ffffffff 0000000000000000
[  117.632438][ T6625] page dumped because: page_pool leak
[  117.637838][ T6625] page_owner tracks the page as allocated
[  117.643798][ T6625] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6625, tgid 6623 (syz.0.15), ts 116366731599, free_ts 112677234647
[  117.660891][ T6625]  post_alloc_hook+0x1f3/0x230
[  117.665964][ T6625]  get_page_from_freelist+0x3651/0x37a0
[  117.671586][ T6625]  __alloc_pages_noprof+0x292/0x710
[  117.676819][ T6625]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  117.682355][ T6625]  __page_pool_alloc_pages_slow+0x122/0x690
[  117.688283][ T6625]  page_pool_alloc_pages+0xd0/0x1c0
[  117.693758][ T6625]  skb_pp_cow_data+0xc43/0x1640
[  117.698720][ T6625]  do_xdp_generic+0x505/0xd30
[  117.703641][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  117.709391][ T6625]  __netif_receive_skb+0x12f/0x650
[  117.714591][ T6625]  netif_receive_skb+0x1e8/0x890
[  117.719563][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  117.724323][ T6625]  tun_get_user+0x30cc/0x48a0
[  117.729025][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  117.734222][ T6625]  vfs_write+0xaeb/0xd30
[  117.738497][ T6625]  ksys_write+0x18f/0x2b0
[  117.742920][ T6625] page last free pid 6482 tgid 6482 stack trace:
[  117.749265][ T6625]  free_unref_page+0xd2c/0x1000
[  117.754230][ T6625]  vfree+0x1c3/0x360
[  117.758150][ T6625]  kcov_close+0x28/0x50
[  117.762435][ T6625]  __fput+0x23c/0xa50
[  117.766451][ T6625]  task_work_run+0x24f/0x310
[  117.771066][ T6625]  do_exit+0xa2a/0x28e0
[  117.775307][ T6625]  do_group_exit+0x207/0x2c0
[  117.780009][ T6625]  get_signal+0x16b2/0x1750
[  117.784765][ T6625]  arch_do_signal_or_restart+0x96/0x860
[  117.790355][ T6625]  syscall_exit_to_user_mode+0xce/0x340
[  117.795987][ T6625]  do_syscall_64+0x100/0x230
[  117.800605][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.806685][ T6625] Modules linked in:
[  117.810782][ T6625] CPU: 0 UID: 0 PID: 6625 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  117.822264][ T6625] Tainted: [B]=BAD_PAGE
[  117.826520][ T6625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  117.836783][ T6625] Call Trace:
[  117.840112][ T6625]  <TASK>
[  117.843090][ T6625]  dump_stack_lvl+0x241/0x360
[  117.847797][ T6625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.853031][ T6625]  ? __pfx_print_modules+0x10/0x10
[  117.858174][ T6625]  bad_page+0x176/0x1d0
[  117.862368][ T6625]  free_unref_page+0xf9e/0x1000
[  117.867249][ T6625]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  117.873293][ T6625]  bpf_xdp_adjust_tail+0x1c3/0x200
[  117.878452][ T6625]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  117.884021][ T6625]  bpf_prog_run_generic_xdp+0x686/0x1510
[  117.889708][ T6625]  do_xdp_generic+0x757/0xd30
[  117.894513][ T6625]  ? __pfx_do_xdp_generic+0x10/0x10
[  117.899753][ T6625]  ? __skb_flow_dissect+0x4f1/0x7d00
[  117.905071][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  117.910834][ T6625]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  117.917195][ T6625]  ? mark_lock+0x9a/0x360
[  117.921557][ T6625]  ? __lock_acquire+0x1397/0x2100
[  117.926623][ T6625]  __netif_receive_skb+0x12f/0x650
[  117.931771][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  117.936920][ T6625]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  117.943632][ T6625]  ? __pfx___netif_receive_skb+0x10/0x10
[  117.949371][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  117.954324][ T6625]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  117.960141][ T6625]  ? read_tsc+0x9/0x20
[  117.964299][ T6625]  ? netif_receive_skb+0x131/0x890
[  117.969681][ T6625]  ? netif_receive_skb+0x131/0x890
[  117.974796][ T6625]  netif_receive_skb+0x1e8/0x890
[  117.979748][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  117.984768][ T6625]  ? __pfx_netif_receive_skb+0x10/0x10
[  117.990303][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  117.995143][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  117.999992][ T6625]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  118.006578][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  118.011601][ T6625]  ? __pfx_tun_rx_batched+0x10/0x10
[  118.016811][ T6625]  tun_get_user+0x30cc/0x48a0
[  118.021480][ T6625]  ? tun_get_user+0x2bba/0x48a0
[  118.026409][ T6625]  ? __lock_acquire+0x1397/0x2100
[  118.031436][ T6625]  ? __pfx_tun_get_user+0x10/0x10
[  118.036450][ T6625]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  118.041919][ T6625]  ? tun_get+0x1e/0x2f0
[  118.046061][ T6625]  ? __pfx_lock_release+0x10/0x10
[  118.051279][ T6625]  ? tun_get+0x1e/0x2f0
[  118.055428][ T6625]  ? tun_get+0x27d/0x2f0
[  118.059657][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  118.064675][ T6625]  vfs_write+0xaeb/0xd30
[  118.068908][ T6625]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  118.074453][ T6625]  ? __pfx_vfs_write+0x10/0x10
[  118.079201][ T6625]  ? __fget_files+0x2a/0x410
[  118.083776][ T6625]  ? __fget_files+0x2a/0x410
[  118.088531][ T6625]  ksys_write+0x18f/0x2b0
[  118.092964][ T6625]  ? __pfx_ksys_write+0x10/0x10
[  118.097798][ T6625]  ? do_syscall_64+0x100/0x230
[  118.102571][ T6625]  ? do_syscall_64+0xb6/0x230
[  118.107253][ T6625]  do_syscall_64+0xf3/0x230
[  118.111746][ T6625]  ? clear_bhb_loop+0x35/0x90
[  118.116410][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.122298][ T6625] RIP: 0033:0x7fcec0d7e98f
[  118.126698][ T6625] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  118.146344][ T6625] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  118.154753][ T6625] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  118.162978][ T6625] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  118.172430][ T6625] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  118.180465][ T6625] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  118.188442][ T6625] R13: 0000000000000000 R14: 00007fcec0f45fa0 R15: 00007fffa35fcab8
[  118.196413][ T6625]  </TASK>
[  118.199478][ T6625] BUG: Bad page state in process syz.0.15  pfn:31f6b
[  118.206372][ T6625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888031f6b780 pfn:0x31f6b
[  118.216539][ T6625] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  118.223733][ T6625] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  118.232463][ T6625] raw: ffff888031f6b780 0000000000000001 00000000ffffffff 0000000000000000
[  118.242593][ T6625] page dumped because: page_pool leak
[  118.248051][ T6625] page_owner tracks the page as allocated
[  118.253870][ T6625] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6625, tgid 6623 (syz.0.15), ts 116366721924, free_ts 112677243657
[  118.271283][ T6625]  post_alloc_hook+0x1f3/0x230
[  118.276232][ T6625]  get_page_from_freelist+0x3651/0x37a0
[  118.282085][ T6625]  __alloc_pages_noprof+0x292/0x710
[  118.287317][ T6625]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  118.293027][ T6625]  __page_pool_alloc_pages_slow+0x122/0x690
[  118.299047][ T6625]  page_pool_alloc_pages+0xd0/0x1c0
[  118.304480][ T6625]  skb_pp_cow_data+0xc43/0x1640
[  118.309721][ T6625]  do_xdp_generic+0x505/0xd30
[  118.314546][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  118.320309][ T6625]  __netif_receive_skb+0x12f/0x650
[  118.325582][ T6625]  netif_receive_skb+0x1e8/0x890
[  118.330538][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  118.335270][ T6625]  tun_get_user+0x30cc/0x48a0
[  118.339954][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  118.345174][ T6625]  vfs_write+0xaeb/0xd30
[  118.349442][ T6625]  ksys_write+0x18f/0x2b0
[  118.353828][ T6625] page last free pid 6482 tgid 6482 stack trace:
[  118.360213][ T6625]  free_unref_page+0xd2c/0x1000
[  118.365116][ T6625]  vfree+0x1c3/0x360
[  118.369283][ T6625]  kcov_close+0x28/0x50
[  118.373663][ T6625]  __fput+0x23c/0xa50
[  118.377690][ T6625]  task_work_run+0x24f/0x310
[  118.382400][ T6625]  do_exit+0xa2a/0x28e0
[  118.386574][ T6625]  do_group_exit+0x207/0x2c0
[  118.391171][ T6625]  get_signal+0x16b2/0x1750
[  118.395712][ T6625]  arch_do_signal_or_restart+0x96/0x860
[  118.401285][ T6625]  syscall_exit_to_user_mode+0xce/0x340
[  118.406874][ T6625]  do_syscall_64+0x100/0x230
[  118.411501][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.417687][ T6625] Modules linked in:
[  118.421639][ T6625] CPU: 0 UID: 0 PID: 6625 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  118.433108][ T6625] Tainted: [B]=BAD_PAGE
[  118.437261][ T6625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  118.447307][ T6625] Call Trace:
[  118.450572][ T6625]  <TASK>
[  118.453492][ T6625]  dump_stack_lvl+0x241/0x360
[  118.458192][ T6625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.463380][ T6625]  ? __pfx_print_modules+0x10/0x10
[  118.469009][ T6625]  bad_page+0x176/0x1d0
[  118.473170][ T6625]  free_unref_page+0xf9e/0x1000
[  118.478106][ T6625]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  118.483727][ T6625]  bpf_xdp_adjust_tail+0x1c3/0x200
[  118.488944][ T6625]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  118.494460][ T6625]  bpf_prog_run_generic_xdp+0x686/0x1510
[  118.500110][ T6625]  do_xdp_generic+0x757/0xd30
[  118.504867][ T6625]  ? __pfx_do_xdp_generic+0x10/0x10
[  118.510158][ T6625]  ? __skb_flow_dissect+0x4f1/0x7d00
[  118.515438][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  118.521334][ T6625]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  118.527397][ T6625]  ? mark_lock+0x9a/0x360
[  118.531748][ T6625]  ? __lock_acquire+0x1397/0x2100
[  118.537085][ T6625]  __netif_receive_skb+0x12f/0x650
[  118.542308][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  118.547337][ T6625]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  118.553586][ T6625]  ? __pfx___netif_receive_skb+0x10/0x10
[  118.559306][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  118.564590][ T6625]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  118.570300][ T6625]  ? read_tsc+0x9/0x20
[  118.574460][ T6625]  ? netif_receive_skb+0x131/0x890
[  118.579579][ T6625]  ? netif_receive_skb+0x131/0x890
[  118.584746][ T6625]  netif_receive_skb+0x1e8/0x890
[  118.589766][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  118.594615][ T6625]  ? __pfx_netif_receive_skb+0x10/0x10
[  118.600079][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  118.604928][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  118.609628][ T6625]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  118.615974][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  118.621040][ T6625]  ? __pfx_tun_rx_batched+0x10/0x10
[  118.626239][ T6625]  tun_get_user+0x30cc/0x48a0
[  118.630908][ T6625]  ? tun_get_user+0x2bba/0x48a0
[  118.635753][ T6625]  ? __lock_acquire+0x1397/0x2100
[  118.640872][ T6625]  ? __pfx_tun_get_user+0x10/0x10
[  118.645914][ T6625]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  118.651410][ T6625]  ? tun_get+0x1e/0x2f0
[  118.655562][ T6625]  ? __pfx_lock_release+0x10/0x10
[  118.660590][ T6625]  ? tun_get+0x1e/0x2f0
[  118.664826][ T6625]  ? tun_get+0x27d/0x2f0
[  118.669079][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  118.674106][ T6625]  vfs_write+0xaeb/0xd30
[  118.678356][ T6625]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  118.683936][ T6625]  ? __pfx_vfs_write+0x10/0x10
[  118.688706][ T6625]  ? __fget_files+0x2a/0x410
[  118.693297][ T6625]  ? __fget_files+0x2a/0x410
[  118.698033][ T6625]  ksys_write+0x18f/0x2b0
[  118.702367][ T6625]  ? __pfx_ksys_write+0x10/0x10
[  118.707215][ T6625]  ? do_syscall_64+0x100/0x230
[  118.711971][ T6625]  ? do_syscall_64+0xb6/0x230
[  118.716847][ T6625]  do_syscall_64+0xf3/0x230
[  118.721338][ T6625]  ? clear_bhb_loop+0x35/0x90
[  118.726015][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.731909][ T6625] RIP: 0033:0x7fcec0d7e98f
[  118.736321][ T6625] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  118.755927][ T6625] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  118.764440][ T6625] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  118.772507][ T6625] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  118.780634][ T6625] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  118.788614][ T6625] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  118.796701][ T6625] R13: 0000000000000000 R14: 00007fcec0f45fa0 R15: 00007fffa35fcab8
[  118.804672][ T6625]  </TASK>
[  118.807743][ T6625] BUG: Bad page state in process syz.0.15  pfn:336d0
[  118.814555][ T6625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880336d0e00 pfn:0x336d0
[  118.824776][ T6625] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  118.831919][ T6625] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  118.840620][ T6625] raw: ffff8880336d0e00 0000000000000001 00000000ffffffff 0000000000000000
[  118.849268][ T6625] page dumped because: page_pool leak
[  118.854688][ T6625] page_owner tracks the page as allocated
[  118.860393][ T6625] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6625, tgid 6623 (syz.0.15), ts 116366712027, free_ts 112677263116
[  118.877287][ T6625]  post_alloc_hook+0x1f3/0x230
[  118.882122][ T6625]  get_page_from_freelist+0x3651/0x37a0
[  118.887788][ T6625]  __alloc_pages_noprof+0x292/0x710
[  118.893029][ T6625]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  118.898603][ T6625]  __page_pool_alloc_pages_slow+0x122/0x690
[  118.904722][ T6625]  page_pool_alloc_pages+0xd0/0x1c0
[  118.909941][ T6625]  skb_pp_cow_data+0xc43/0x1640
[  118.914828][ T6625]  do_xdp_generic+0x505/0xd30
[  118.919530][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  118.925297][ T6625]  __netif_receive_skb+0x12f/0x650
[  118.930424][ T6625]  netif_receive_skb+0x1e8/0x890
[  118.935418][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  118.940111][ T6625]  tun_get_user+0x30cc/0x48a0
[  118.945238][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  118.950587][ T6625]  vfs_write+0xaeb/0xd30
[  118.954898][ T6625]  ksys_write+0x18f/0x2b0
[  118.959239][ T6625] page last free pid 6482 tgid 6482 stack trace:
[  118.965599][ T6625]  free_unref_page+0xd2c/0x1000
[  118.970473][ T6625]  vfree+0x1c3/0x360
[  118.974400][ T6625]  kcov_close+0x28/0x50
[  118.978561][ T6625]  __fput+0x23c/0xa50
[  118.982574][ T6625]  task_work_run+0x24f/0x310
[  118.987176][ T6625]  do_exit+0xa2a/0x28e0
[  118.991324][ T6625]  do_group_exit+0x207/0x2c0
[  118.995956][ T6625]  get_signal+0x16b2/0x1750
[  119.000575][ T6625]  arch_do_signal_or_restart+0x96/0x860
[  119.006198][ T6625]  syscall_exit_to_user_mode+0xce/0x340
[  119.011789][ T6625]  do_syscall_64+0x100/0x230
[  119.016375][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.022296][ T6625] Modules linked in:
[  119.026204][ T6625] CPU: 0 UID: 0 PID: 6625 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  119.037834][ T6625] Tainted: [B]=BAD_PAGE
[  119.041988][ T6625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  119.052051][ T6625] Call Trace:
[  119.055352][ T6625]  <TASK>
[  119.058282][ T6625]  dump_stack_lvl+0x241/0x360
[  119.063018][ T6625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.068213][ T6625]  ? __pfx_print_modules+0x10/0x10
[  119.073418][ T6625]  bad_page+0x176/0x1d0
[  119.077585][ T6625]  free_unref_page+0xf9e/0x1000
[  119.082429][ T6625]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  119.088057][ T6625]  bpf_xdp_adjust_tail+0x1c3/0x200
[  119.093162][ T6625]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  119.098611][ T6625]  bpf_prog_run_generic_xdp+0x686/0x1510
[  119.104238][ T6625]  do_xdp_generic+0x757/0xd30
[  119.108918][ T6625]  ? __pfx_do_xdp_generic+0x10/0x10
[  119.114110][ T6625]  ? __skb_flow_dissect+0x4f1/0x7d00
[  119.119493][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  119.125215][ T6625]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  119.131312][ T6625]  ? mark_lock+0x9a/0x360
[  119.135648][ T6625]  ? __lock_acquire+0x1397/0x2100
[  119.140680][ T6625]  __netif_receive_skb+0x12f/0x650
[  119.145789][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  119.150812][ T6625]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  119.157156][ T6625]  ? __pfx___netif_receive_skb+0x10/0x10
[  119.162838][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  119.167690][ T6625]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  119.173405][ T6625]  ? read_tsc+0x9/0x20
[  119.177463][ T6625]  ? netif_receive_skb+0x131/0x890
[  119.182574][ T6625]  ? netif_receive_skb+0x131/0x890
[  119.187677][ T6625]  netif_receive_skb+0x1e8/0x890
[  119.192637][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  119.197662][ T6625]  ? __pfx_netif_receive_skb+0x10/0x10
[  119.203317][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  119.208184][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  119.212866][ T6625]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  119.219188][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  119.224209][ T6625]  ? __pfx_tun_rx_batched+0x10/0x10
[  119.229419][ T6625]  tun_get_user+0x30cc/0x48a0
[  119.234088][ T6625]  ? tun_get_user+0x2bba/0x48a0
[  119.238938][ T6625]  ? __lock_acquire+0x1397/0x2100
[  119.243965][ T6625]  ? __pfx_tun_get_user+0x10/0x10
[  119.248980][ T6625]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  119.254429][ T6625]  ? tun_get+0x1e/0x2f0
[  119.258584][ T6625]  ? __pfx_lock_release+0x10/0x10
[  119.263617][ T6625]  ? tun_get+0x1e/0x2f0
[  119.267776][ T6625]  ? tun_get+0x27d/0x2f0
[  119.272018][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  119.277038][ T6625]  vfs_write+0xaeb/0xd30
[  119.281287][ T6625]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  119.286855][ T6625]  ? __pfx_vfs_write+0x10/0x10
[  119.291709][ T6625]  ? __fget_files+0x2a/0x410
[  119.296285][ T6625]  ? __fget_files+0x2a/0x410
[  119.300885][ T6625]  ksys_write+0x18f/0x2b0
[  119.305211][ T6625]  ? __pfx_ksys_write+0x10/0x10
[  119.310056][ T6625]  ? do_syscall_64+0x100/0x230
[  119.314919][ T6625]  ? do_syscall_64+0xb6/0x230
[  119.319601][ T6625]  do_syscall_64+0xf3/0x230
[  119.324532][ T6625]  ? clear_bhb_loop+0x35/0x90
[  119.329192][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.335078][ T6625] RIP: 0033:0x7fcec0d7e98f
[  119.339478][ T6625] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  119.359174][ T6625] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  119.367609][ T6625] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  119.375632][ T6625] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  119.383598][ T6625] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  119.391581][ T6625] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  119.399689][ T6625] R13: 0000000000000000 R14: 00007fcec0f45fa0 R15: 00007fffa35fcab8
[  119.407752][ T6625]  </TASK>
[  119.410935][ T6625] BUG: Bad page state in process syz.0.15  pfn:34c31
[  119.417870][ T6625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888034c31e88 pfn:0x34c31
[  119.428092][ T6625] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  119.435279][ T6625] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  119.444031][ T6625] raw: ffff888034c31e88 0000000000000001 00000000ffffffff 0000000000000000
[  119.452663][ T6625] page dumped because: page_pool leak
[  119.458043][ T6625] page_owner tracks the page as allocated
[  119.463809][ T6625] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6625, tgid 6623 (syz.0.15), ts 116366702044, free_ts 112677290884
[  119.480719][ T6625]  post_alloc_hook+0x1f3/0x230
[  119.485517][ T6625]  get_page_from_freelist+0x3651/0x37a0
[  119.491076][ T6625]  __alloc_pages_noprof+0x292/0x710
[  119.496325][ T6625]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  119.501910][ T6625]  __page_pool_alloc_pages_slow+0x122/0x690
[  119.507798][ T6625]  page_pool_alloc_pages+0xd0/0x1c0
[  119.513036][ T6625]  skb_pp_cow_data+0xc43/0x1640
[  119.517896][ T6625]  do_xdp_generic+0x505/0xd30
[  119.522632][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  119.528375][ T6625]  __netif_receive_skb+0x12f/0x650
[  119.533525][ T6625]  netif_receive_skb+0x1e8/0x890
[  119.538480][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  119.543218][ T6625]  tun_get_user+0x30cc/0x48a0
[  119.548003][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  119.553075][ T6625]  vfs_write+0xaeb/0xd30
[  119.557338][ T6625]  ksys_write+0x18f/0x2b0
[  119.561733][ T6625] page last free pid 6482 tgid 6482 stack trace:
[  119.568065][ T6625]  free_unref_page+0xd2c/0x1000
[  119.572961][ T6625]  vfree+0x1c3/0x360
[  119.576871][ T6625]  kcov_close+0x28/0x50
[  119.581013][ T6625]  __fput+0x23c/0xa50
[  119.585029][ T6625]  task_work_run+0x24f/0x310
[  119.589625][ T6625]  do_exit+0xa2a/0x28e0
[  119.593810][ T6625]  do_group_exit+0x207/0x2c0
[  119.598404][ T6625]  get_signal+0x16b2/0x1750
[  119.602938][ T6625]  arch_do_signal_or_restart+0x96/0x860
[  119.608499][ T6625]  syscall_exit_to_user_mode+0xce/0x340
[  119.614155][ T6625]  do_syscall_64+0x100/0x230
[  119.618766][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.624712][ T6625] Modules linked in:
[  119.628634][ T6625] CPU: 0 UID: 0 PID: 6625 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  119.640102][ T6625] Tainted: [B]=BAD_PAGE
[  119.644504][ T6625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  119.654549][ T6625] Call Trace:
[  119.657816][ T6625]  <TASK>
[  119.660820][ T6625]  dump_stack_lvl+0x241/0x360
[  119.665517][ T6625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.670711][ T6625]  ? __pfx_print_modules+0x10/0x10
[  119.675810][ T6625]  bad_page+0x176/0x1d0
[  119.679965][ T6625]  free_unref_page+0xf9e/0x1000
[  119.684803][ T6625]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  119.690425][ T6625]  bpf_xdp_adjust_tail+0x1c3/0x200
[  119.695562][ T6625]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  119.701038][ T6625]  bpf_prog_run_generic_xdp+0x686/0x1510
[  119.706682][ T6625]  do_xdp_generic+0x757/0xd30
[  119.711383][ T6625]  ? __pfx_do_xdp_generic+0x10/0x10
[  119.716597][ T6625]  ? __skb_flow_dissect+0x4f1/0x7d00
[  119.721891][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  119.727609][ T6625]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  119.733692][ T6625]  ? mark_lock+0x9a/0x360
[  119.738107][ T6625]  ? __lock_acquire+0x1397/0x2100
[  119.743136][ T6625]  __netif_receive_skb+0x12f/0x650
[  119.748256][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  119.753271][ T6625]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  119.759603][ T6625]  ? __pfx___netif_receive_skb+0x10/0x10
[  119.765242][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  119.770097][ T6625]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  119.775809][ T6625]  ? read_tsc+0x9/0x20
[  119.780014][ T6625]  ? netif_receive_skb+0x131/0x890
[  119.785215][ T6625]  ? netif_receive_skb+0x131/0x890
[  119.790316][ T6625]  netif_receive_skb+0x1e8/0x890
[  119.795243][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  119.800080][ T6625]  ? __pfx_netif_receive_skb+0x10/0x10
[  119.805525][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  119.810359][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  119.815081][ T6625]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  119.821423][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  119.826468][ T6625]  ? __pfx_tun_rx_batched+0x10/0x10
[  119.831673][ T6625]  tun_get_user+0x30cc/0x48a0
[  119.836364][ T6625]  ? tun_get_user+0x2bba/0x48a0
[  119.841227][ T6625]  ? __lock_acquire+0x1397/0x2100
[  119.846247][ T6625]  ? __pfx_tun_get_user+0x10/0x10
[  119.851273][ T6625]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  119.856761][ T6625]  ? tun_get+0x1e/0x2f0
[  119.860994][ T6625]  ? __pfx_lock_release+0x10/0x10
[  119.866023][ T6625]  ? tun_get+0x1e/0x2f0
[  119.870163][ T6625]  ? tun_get+0x27d/0x2f0
[  119.874397][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  119.879412][ T6625]  vfs_write+0xaeb/0xd30
[  119.883652][ T6625]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  119.889191][ T6625]  ? __pfx_vfs_write+0x10/0x10
[  119.893964][ T6625]  ? __fget_files+0x2a/0x410
[  119.898553][ T6625]  ? __fget_files+0x2a/0x410
[  119.903149][ T6625]  ksys_write+0x18f/0x2b0
[  119.907480][ T6625]  ? __pfx_ksys_write+0x10/0x10
[  119.912411][ T6625]  ? do_syscall_64+0x100/0x230
[  119.917203][ T6625]  ? do_syscall_64+0xb6/0x230
[  119.921988][ T6625]  do_syscall_64+0xf3/0x230
[  119.926624][ T6625]  ? clear_bhb_loop+0x35/0x90
[  119.931412][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.937332][ T6625] RIP: 0033:0x7fcec0d7e98f
[  119.941762][ T6625] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  119.961379][ T6625] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  119.969793][ T6625] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  119.978065][ T6625] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  119.986126][ T6625] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  119.994109][ T6625] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  120.002062][ T6625] R13: 0000000000000000 R14: 00007fcec0f45fa0 R15: 00007fffa35fcab8
[  120.010040][ T6625]  </TASK>
[  120.013150][ T6625] BUG: Bad page state in process syz.0.15  pfn:2f290
[  120.019910][ T6625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802f290e88 pfn:0x2f290
[  120.030042][ T6625] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  120.037194][ T6625] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  120.045887][ T6625] raw: ffff88802f290e88 0000000000000001 00000000ffffffff 0000000000000000
[  120.054514][ T6625] page dumped because: page_pool leak
[  120.059869][ T6625] page_owner tracks the page as allocated
[  120.065647][ T6625] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6625, tgid 6623 (syz.0.15), ts 116366691543, free_ts 112677299730
[  120.082537][ T6625]  post_alloc_hook+0x1f3/0x230
[  120.087383][ T6625]  get_page_from_freelist+0x3651/0x37a0
[  120.092956][ T6625]  __alloc_pages_noprof+0x292/0x710
[  120.098162][ T6625]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  120.103655][ T6625]  __page_pool_alloc_pages_slow+0x122/0x690
[  120.109652][ T6625]  page_pool_alloc_pages+0xd0/0x1c0
[  120.114893][ T6625]  skb_pp_cow_data+0xc43/0x1640
[  120.119752][ T6625]  do_xdp_generic+0x505/0xd30
[  120.124473][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  120.130205][ T6625]  __netif_receive_skb+0x12f/0x650
[  120.135439][ T6625]  netif_receive_skb+0x1e8/0x890
[  120.140489][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  120.145210][ T6625]  tun_get_user+0x30cc/0x48a0
[  120.149918][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  120.154978][ T6625]  vfs_write+0xaeb/0xd30
[  120.159245][ T6625]  ksys_write+0x18f/0x2b0
[  120.163604][ T6625] page last free pid 6482 tgid 6482 stack trace:
[  120.169937][ T6625]  free_unref_page+0xd2c/0x1000
[  120.174825][ T6625]  vfree+0x1c3/0x360
[  120.178733][ T6625]  kcov_close+0x28/0x50
[  120.182937][ T6625]  __fput+0x23c/0xa50
[  120.186935][ T6625]  task_work_run+0x24f/0x310
[  120.191549][ T6625]  do_exit+0xa2a/0x28e0
[  120.195705][ T6625]  do_group_exit+0x207/0x2c0
[  120.200314][ T6625]  get_signal+0x16b2/0x1750
[  120.204879][ T6625]  arch_do_signal_or_restart+0x96/0x860
[  120.210534][ T6625]  syscall_exit_to_user_mode+0xce/0x340
[  120.216133][ T6625]  do_syscall_64+0x100/0x230
[  120.220732][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.226663][ T6625] Modules linked in:
[  120.230561][ T6625] CPU: 0 UID: 0 PID: 6625 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  120.242094][ T6625] Tainted: [B]=BAD_PAGE
[  120.246233][ T6625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  120.256280][ T6625] Call Trace:
[  120.259547][ T6625]  <TASK>
[  120.262475][ T6625]  dump_stack_lvl+0x241/0x360
[  120.267154][ T6625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.272358][ T6625]  ? __pfx_print_modules+0x10/0x10
[  120.277456][ T6625]  bad_page+0x176/0x1d0
[  120.281614][ T6625]  free_unref_page+0xf9e/0x1000
[  120.286827][ T6625]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  120.292511][ T6625]  bpf_xdp_adjust_tail+0x1c3/0x200
[  120.297643][ T6625]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  120.303094][ T6625]  bpf_prog_run_generic_xdp+0x686/0x1510
[  120.308802][ T6625]  do_xdp_generic+0x757/0xd30
[  120.313465][ T6625]  ? __pfx_do_xdp_generic+0x10/0x10
[  120.318913][ T6625]  ? __skb_flow_dissect+0x4f1/0x7d00
[  120.324211][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  120.329928][ T6625]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  120.335990][ T6625]  ? mark_lock+0x9a/0x360
[  120.340311][ T6625]  ? __lock_acquire+0x1397/0x2100
[  120.345322][ T6625]  __netif_receive_skb+0x12f/0x650
[  120.350421][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  120.355429][ T6625]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  120.361658][ T6625]  ? __pfx___netif_receive_skb+0x10/0x10
[  120.367302][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  120.372167][ T6625]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  120.377868][ T6625]  ? read_tsc+0x9/0x20
[  120.382108][ T6625]  ? netif_receive_skb+0x131/0x890
[  120.387229][ T6625]  ? netif_receive_skb+0x131/0x890
[  120.392337][ T6625]  netif_receive_skb+0x1e8/0x890
[  120.397276][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  120.402120][ T6625]  ? __pfx_netif_receive_skb+0x10/0x10
[  120.407594][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  120.412444][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  120.417201][ T6625]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  120.423522][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  120.428531][ T6625]  ? __pfx_tun_rx_batched+0x10/0x10
[  120.433728][ T6625]  tun_get_user+0x30cc/0x48a0
[  120.438395][ T6625]  ? tun_get_user+0x2bba/0x48a0
[  120.443240][ T6625]  ? __lock_acquire+0x1397/0x2100
[  120.448248][ T6625]  ? __pfx_tun_get_user+0x10/0x10
[  120.453267][ T6625]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  120.458713][ T6625]  ? tun_get+0x1e/0x2f0
[  120.462874][ T6625]  ? __pfx_lock_release+0x10/0x10
[  120.467904][ T6625]  ? tun_get+0x1e/0x2f0
[  120.472071][ T6625]  ? tun_get+0x27d/0x2f0
[  120.476308][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  120.481317][ T6625]  vfs_write+0xaeb/0xd30
[  120.485557][ T6625]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  120.491110][ T6625]  ? __pfx_vfs_write+0x10/0x10
[  120.495869][ T6625]  ? __fget_files+0x2a/0x410
[  120.500446][ T6625]  ? __fget_files+0x2a/0x410
[  120.505131][ T6625]  ksys_write+0x18f/0x2b0
[  120.509447][ T6625]  ? __pfx_ksys_write+0x10/0x10
[  120.514279][ T6625]  ? do_syscall_64+0x100/0x230
[  120.519077][ T6625]  ? do_syscall_64+0xb6/0x230
[  120.523741][ T6625]  do_syscall_64+0xf3/0x230
[  120.528317][ T6625]  ? clear_bhb_loop+0x35/0x90
[  120.532988][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.538872][ T6625] RIP: 0033:0x7fcec0d7e98f
[  120.543280][ T6625] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  120.562964][ T6625] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  120.571369][ T6625] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  120.579351][ T6625] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  120.587324][ T6625] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  120.595462][ T6625] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  120.603463][ T6625] R13: 0000000000000000 R14: 00007fcec0f45fa0 R15: 00007fffa35fcab8
[  120.611432][ T6625]  </TASK>
[  120.614497][ T6625] BUG: Bad page state in process syz.0.15  pfn:2f1ae
[  120.621255][ T6625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802f1aec80 pfn:0x2f1ae
[  120.631447][ T6625] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  120.638652][ T6625] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  120.647380][ T6625] raw: ffff88802f1aec80 0000000000000001 00000000ffffffff 0000000000000000
[  120.656020][ T6625] page dumped because: page_pool leak
[  120.661417][ T6625] page_owner tracks the page as allocated
[  120.667139][ T6625] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6625, tgid 6623 (syz.0.15), ts 116366681712, free_ts 112677308263
[  120.684130][ T6625]  post_alloc_hook+0x1f3/0x230
[  120.688907][ T6625]  get_page_from_freelist+0x3651/0x37a0
[  120.694493][ T6625]  __alloc_pages_noprof+0x292/0x710
[  120.699707][ T6625]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  120.705210][ T6625]  __page_pool_alloc_pages_slow+0x122/0x690
[  120.711121][ T6625]  page_pool_alloc_pages+0xd0/0x1c0
[  120.716386][ T6625]  skb_pp_cow_data+0xc43/0x1640
[  120.721243][ T6625]  do_xdp_generic+0x505/0xd30
[  120.725948][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  120.731698][ T6625]  __netif_receive_skb+0x12f/0x650
[  120.736801][ T6625]  netif_receive_skb+0x1e8/0x890
[  120.741766][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  120.746455][ T6625]  tun_get_user+0x30cc/0x48a0
[  120.751120][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  120.756265][ T6625]  vfs_write+0xaeb/0xd30
[  120.760511][ T6625]  ksys_write+0x18f/0x2b0
[  120.764868][ T6625] page last free pid 6482 tgid 6482 stack trace:
[  120.771285][ T6625]  free_unref_page+0xd2c/0x1000
[  120.776199][ T6625]  vfree+0x1c3/0x360
[  120.780106][ T6625]  kcov_close+0x28/0x50
[  120.784290][ T6625]  __fput+0x23c/0xa50
[  120.788365][ T6625]  task_work_run+0x24f/0x310
[  120.793103][ T6625]  do_exit+0xa2a/0x28e0
[  120.797284][ T6625]  do_group_exit+0x207/0x2c0
[  120.801903][ T6625]  get_signal+0x16b2/0x1750
[  120.806424][ T6625]  arch_do_signal_or_restart+0x96/0x860
[  120.812006][ T6625]  syscall_exit_to_user_mode+0xce/0x340
[  120.817596][ T6625]  do_syscall_64+0x100/0x230
[  120.822229][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.828138][ T6625] Modules linked in:
[  120.832061][ T6625] CPU: 0 UID: 0 PID: 6625 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  120.843521][ T6625] Tainted: [B]=BAD_PAGE
[  120.847652][ T6625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  120.857689][ T6625] Call Trace:
[  120.860963][ T6625]  <TASK>
[  120.863886][ T6625]  dump_stack_lvl+0x241/0x360
[  120.868556][ T6625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.873753][ T6625]  ? __pfx_print_modules+0x10/0x10
[  120.878858][ T6625]  bad_page+0x176/0x1d0
[  120.883075][ T6625]  free_unref_page+0xf9e/0x1000
[  120.887929][ T6625]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  120.893590][ T6625]  bpf_xdp_adjust_tail+0x1c3/0x200
[  120.898704][ T6625]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  120.904177][ T6625]  bpf_prog_run_generic_xdp+0x686/0x1510
[  120.909923][ T6625]  do_xdp_generic+0x757/0xd30
[  120.914615][ T6625]  ? __pfx_do_xdp_generic+0x10/0x10
[  120.919842][ T6625]  ? __skb_flow_dissect+0x4f1/0x7d00
[  120.925257][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  120.930992][ T6625]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  120.937176][ T6625]  ? mark_lock+0x9a/0x360
[  120.941500][ T6625]  ? __lock_acquire+0x1397/0x2100
[  120.946793][ T6625]  __netif_receive_skb+0x12f/0x650
[  120.951996][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  120.957007][ T6625]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  120.963270][ T6625]  ? __pfx___netif_receive_skb+0x10/0x10
[  120.968912][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  120.973767][ T6625]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  120.979475][ T6625]  ? read_tsc+0x9/0x20
[  120.983539][ T6625]  ? netif_receive_skb+0x131/0x890
[  120.988692][ T6625]  ? netif_receive_skb+0x131/0x890
[  120.993810][ T6625]  netif_receive_skb+0x1e8/0x890
[  120.998752][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  121.003600][ T6625]  ? __pfx_netif_receive_skb+0x10/0x10
[  121.009060][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  121.013904][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  121.018574][ T6625]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  121.024889][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  121.029926][ T6625]  ? __pfx_tun_rx_batched+0x10/0x10
[  121.035139][ T6625]  tun_get_user+0x30cc/0x48a0
[  121.039851][ T6625]  ? tun_get_user+0x2bba/0x48a0
[  121.044710][ T6625]  ? __lock_acquire+0x1397/0x2100
[  121.049729][ T6625]  ? __pfx_tun_get_user+0x10/0x10
[  121.054753][ T6625]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  121.060221][ T6625]  ? tun_get+0x1e/0x2f0
[  121.064377][ T6625]  ? __pfx_lock_release+0x10/0x10
[  121.069392][ T6625]  ? tun_get+0x1e/0x2f0
[  121.073556][ T6625]  ? tun_get+0x27d/0x2f0
[  121.077785][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  121.082801][ T6625]  vfs_write+0xaeb/0xd30
[  121.087092][ T6625]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  121.092633][ T6625]  ? __pfx_vfs_write+0x10/0x10
[  121.097395][ T6625]  ? __fget_files+0x2a/0x410
[  121.101975][ T6625]  ? __fget_files+0x2a/0x410
[  121.106552][ T6625]  ksys_write+0x18f/0x2b0
[  121.110866][ T6625]  ? __pfx_ksys_write+0x10/0x10
[  121.115700][ T6625]  ? do_syscall_64+0x100/0x230
[  121.120464][ T6625]  ? do_syscall_64+0xb6/0x230
[  121.125142][ T6625]  do_syscall_64+0xf3/0x230
[  121.129631][ T6625]  ? clear_bhb_loop+0x35/0x90
[  121.134397][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.140300][ T6625] RIP: 0033:0x7fcec0d7e98f
[  121.144713][ T6625] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  121.164415][ T6625] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  121.172829][ T6625] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  121.180794][ T6625] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  121.188839][ T6625] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  121.196808][ T6625] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  121.204780][ T6625] R13: 0000000000000000 R14: 00007fcec0f45fa0 R15: 00007fffa35fcab8
[  121.212744][ T6625]  </TASK>
[  121.215808][ T6625] BUG: Bad page state in process syz.0.15  pfn:7cdfa
[  121.222514][ T6625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807cdfa280 pfn:0x7cdfa
[  121.232861][ T6625] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  121.239976][ T6625] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  121.248608][ T6625] raw: ffff88807cdfa280 0000000000000001 00000000ffffffff 0000000000000000
[  121.257238][ T6625] page dumped because: page_pool leak
[  121.262635][ T6625] page_owner tracks the page as allocated
[  121.268375][ T6625] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6625, tgid 6623 (syz.0.15), ts 116366671466, free_ts 112677317236
[  121.285272][ T6625]  post_alloc_hook+0x1f3/0x230
[  121.290076][ T6625]  get_page_from_freelist+0x3651/0x37a0
[  121.295670][ T6625]  __alloc_pages_noprof+0x292/0x710
[  121.300982][ T6625]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  121.306510][ T6625]  __page_pool_alloc_pages_slow+0x122/0x690
[  121.312456][ T6625]  page_pool_alloc_pages+0xd0/0x1c0
[  121.317651][ T6625]  skb_pp_cow_data+0xc43/0x1640
[  121.322622][ T6625]  do_xdp_generic+0x505/0xd30
[  121.327314][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  121.333177][ T6625]  __netif_receive_skb+0x12f/0x650
[  121.338317][ T6625]  netif_receive_skb+0x1e8/0x890
[  121.343289][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  121.348005][ T6625]  tun_get_user+0x30cc/0x48a0
[  121.352712][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  121.357762][ T6625]  vfs_write+0xaeb/0xd30
[  121.362133][ T6625]  ksys_write+0x18f/0x2b0
[  121.366464][ T6625] page last free pid 6482 tgid 6482 stack trace:
[  121.372808][ T6625]  free_unref_page+0xd2c/0x1000
[  121.377671][ T6625]  vfree+0x1c3/0x360
[  121.381605][ T6625]  kcov_close+0x28/0x50
[  121.385775][ T6625]  __fput+0x23c/0xa50
[  121.389823][ T6625]  task_work_run+0x24f/0x310
[  121.394562][ T6625]  do_exit+0xa2a/0x28e0
[  121.398815][ T6625]  do_group_exit+0x207/0x2c0
[  121.403889][ T6625]  get_signal+0x16b2/0x1750
[  121.408404][ T6625]  arch_do_signal_or_restart+0x96/0x860
[  121.413988][ T6625]  syscall_exit_to_user_mode+0xce/0x340
[  121.419564][ T6625]  do_syscall_64+0x100/0x230
[  121.424196][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.430103][ T6625] Modules linked in:
[  121.434035][ T6625] CPU: 0 UID: 0 PID: 6625 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  121.445503][ T6625] Tainted: [B]=BAD_PAGE
[  121.449647][ T6625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  121.459708][ T6625] Call Trace:
[  121.463058][ T6625]  <TASK>
[  121.465976][ T6625]  dump_stack_lvl+0x241/0x360
[  121.470735][ T6625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.475919][ T6625]  ? __pfx_print_modules+0x10/0x10
[  121.481014][ T6625]  bad_page+0x176/0x1d0
[  121.485170][ T6625]  free_unref_page+0xf9e/0x1000
[  121.490020][ T6625]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  121.495640][ T6625]  bpf_xdp_adjust_tail+0x1c3/0x200
[  121.500737][ T6625]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  121.506175][ T6625]  bpf_prog_run_generic_xdp+0x686/0x1510
[  121.511813][ T6625]  do_xdp_generic+0x757/0xd30
[  121.516504][ T6625]  ? __pfx_do_xdp_generic+0x10/0x10
[  121.521697][ T6625]  ? __skb_flow_dissect+0x4f1/0x7d00
[  121.526976][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  121.532706][ T6625]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  121.538761][ T6625]  ? mark_lock+0x9a/0x360
[  121.543087][ T6625]  ? __lock_acquire+0x1397/0x2100
[  121.548246][ T6625]  __netif_receive_skb+0x12f/0x650
[  121.553457][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  121.558473][ T6625]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  121.564725][ T6625]  ? __pfx___netif_receive_skb+0x10/0x10
[  121.570351][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  121.575456][ T6625]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  121.581160][ T6625]  ? read_tsc+0x9/0x20
[  121.585218][ T6625]  ? netif_receive_skb+0x131/0x890
[  121.590323][ T6625]  ? netif_receive_skb+0x131/0x890
[  121.595419][ T6625]  netif_receive_skb+0x1e8/0x890
[  121.600344][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  121.605180][ T6625]  ? __pfx_netif_receive_skb+0x10/0x10
[  121.610682][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  121.615526][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  121.620279][ T6625]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  121.626602][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  121.631616][ T6625]  ? __pfx_tun_rx_batched+0x10/0x10
[  121.636814][ T6625]  tun_get_user+0x30cc/0x48a0
[  121.641477][ T6625]  ? tun_get_user+0x2bba/0x48a0
[  121.646317][ T6625]  ? __lock_acquire+0x1397/0x2100
[  121.651336][ T6625]  ? __pfx_tun_get_user+0x10/0x10
[  121.656375][ T6625]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  121.661822][ T6625]  ? tun_get+0x1e/0x2f0
[  121.665974][ T6625]  ? __pfx_lock_release+0x10/0x10
[  121.670982][ T6625]  ? tun_get+0x1e/0x2f0
[  121.675142][ T6625]  ? tun_get+0x27d/0x2f0
[  121.679476][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  121.684522][ T6625]  vfs_write+0xaeb/0xd30
[  121.688763][ T6625]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  121.694348][ T6625]  ? __pfx_vfs_write+0x10/0x10
[  121.699453][ T6625]  ? __fget_files+0x2a/0x410
[  121.704035][ T6625]  ? __fget_files+0x2a/0x410
[  121.708636][ T6625]  ksys_write+0x18f/0x2b0
[  121.712985][ T6625]  ? __pfx_ksys_write+0x10/0x10
[  121.717847][ T6625]  ? do_syscall_64+0x100/0x230
[  121.722623][ T6625]  ? do_syscall_64+0xb6/0x230
[  121.727296][ T6625]  do_syscall_64+0xf3/0x230
[  121.731791][ T6625]  ? clear_bhb_loop+0x35/0x90
[  121.736553][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.742441][ T6625] RIP: 0033:0x7fcec0d7e98f
[  121.746844][ T6625] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  121.766445][ T6625] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  121.774851][ T6625] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  121.782818][ T6625] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  121.790808][ T6625] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  121.799033][ T6625] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  121.806988][ T6625] R13: 0000000000000000 R14: 00007fcec0f45fa0 R15: 00007fffa35fcab8
[  121.814969][ T6625]  </TASK>
[  121.818042][ T6625] BUG: Bad page state in process syz.0.15  pfn:2828f
[  121.824843][ T6625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802828f780 pfn:0x2828f
[  121.835069][ T6625] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  121.842248][ T6625] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  121.850841][ T6625] raw: ffff88802828f780 0000000000000001 00000000ffffffff 0000000000000000
[  121.859447][ T6625] page dumped because: page_pool leak
[  121.864843][ T6625] page_owner tracks the page as allocated
[  121.870572][ T6625] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6625, tgid 6623 (syz.0.15), ts 116366661508, free_ts 112677326398
[  121.887535][ T6625]  post_alloc_hook+0x1f3/0x230
[  121.892349][ T6625]  get_page_from_freelist+0x3651/0x37a0
[  121.897890][ T6625]  __alloc_pages_noprof+0x292/0x710
[  121.903105][ T6625]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  121.908645][ T6625]  __page_pool_alloc_pages_slow+0x122/0x690
[  121.914787][ T6625]  page_pool_alloc_pages+0xd0/0x1c0
[  121.920327][ T6625]  skb_pp_cow_data+0xc43/0x1640
[  121.925259][ T6625]  do_xdp_generic+0x505/0xd30
[  121.930007][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  121.935809][ T6625]  __netif_receive_skb+0x12f/0x650
[  121.940936][ T6625]  netif_receive_skb+0x1e8/0x890
[  121.945988][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  121.950779][ T6625]  tun_get_user+0x30cc/0x48a0
[  121.955505][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  121.960567][ T6625]  vfs_write+0xaeb/0xd30
[  121.964919][ T6625]  ksys_write+0x18f/0x2b0
[  121.969277][ T6625] page last free pid 6482 tgid 6482 stack trace:
[  121.975654][ T6625]  free_unref_page+0xd2c/0x1000
[  121.980548][ T6625]  vfree+0x1c3/0x360
[  121.984848][ T6625]  kcov_close+0x28/0x50
[  121.989041][ T6625]  __fput+0x23c/0xa50
[  121.993058][ T6625]  task_work_run+0x24f/0x310
[  121.997673][ T6625]  do_exit+0xa2a/0x28e0
[  122.001867][ T6625]  do_group_exit+0x207/0x2c0
[  122.006495][ T6625]  get_signal+0x16b2/0x1750
[  122.011014][ T6625]  arch_do_signal_or_restart+0x96/0x860
[  122.016680][ T6625]  syscall_exit_to_user_mode+0xce/0x340
[  122.022353][ T6625]  do_syscall_64+0x100/0x230
[  122.026957][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.032967][ T6625] Modules linked in:
[  122.036883][ T6625] CPU: 0 UID: 0 PID: 6625 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  122.048331][ T6625] Tainted: [B]=BAD_PAGE
[  122.052473][ T6625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  122.062516][ T6625] Call Trace:
[  122.065839][ T6625]  <TASK>
[  122.068809][ T6625]  dump_stack_lvl+0x241/0x360
[  122.073476][ T6625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  122.078673][ T6625]  ? __pfx_print_modules+0x10/0x10
[  122.083809][ T6625]  bad_page+0x176/0x1d0
[  122.087981][ T6625]  free_unref_page+0xf9e/0x1000
[  122.092848][ T6625]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  122.098511][ T6625]  bpf_xdp_adjust_tail+0x1c3/0x200
[  122.103623][ T6625]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  122.109080][ T6625]  bpf_prog_run_generic_xdp+0x686/0x1510
[  122.114800][ T6625]  do_xdp_generic+0x757/0xd30
[  122.119467][ T6625]  ? __pfx_do_xdp_generic+0x10/0x10
[  122.124838][ T6625]  ? __skb_flow_dissect+0x4f1/0x7d00
[  122.130129][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  122.135850][ T6625]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  122.142004][ T6625]  ? mark_lock+0x9a/0x360
[  122.146381][ T6625]  ? __lock_acquire+0x1397/0x2100
[  122.151421][ T6625]  __netif_receive_skb+0x12f/0x650
[  122.156538][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  122.161560][ T6625]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  122.167811][ T6625]  ? __pfx___netif_receive_skb+0x10/0x10
[  122.173452][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  122.178292][ T6625]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  122.184088][ T6625]  ? read_tsc+0x9/0x20
[  122.188146][ T6625]  ? netif_receive_skb+0x131/0x890
[  122.193246][ T6625]  ? netif_receive_skb+0x131/0x890
[  122.198364][ T6625]  netif_receive_skb+0x1e8/0x890
[  122.203390][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  122.208236][ T6625]  ? __pfx_netif_receive_skb+0x10/0x10
[  122.213862][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  122.218700][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  122.223371][ T6625]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  122.229702][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  122.234724][ T6625]  ? __pfx_tun_rx_batched+0x10/0x10
[  122.239932][ T6625]  tun_get_user+0x30cc/0x48a0
[  122.244601][ T6625]  ? tun_get_user+0x2bba/0x48a0
[  122.249445][ T6625]  ? __lock_acquire+0x1397/0x2100
[  122.254484][ T6625]  ? __pfx_tun_get_user+0x10/0x10
[  122.259590][ T6625]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  122.265124][ T6625]  ? tun_get+0x1e/0x2f0
[  122.269272][ T6625]  ? __pfx_lock_release+0x10/0x10
[  122.274316][ T6625]  ? tun_get+0x1e/0x2f0
[  122.278474][ T6625]  ? tun_get+0x27d/0x2f0
[  122.282745][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  122.287786][ T6625]  vfs_write+0xaeb/0xd30
[  122.292042][ T6625]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  122.297948][ T6625]  ? __pfx_vfs_write+0x10/0x10
[  122.302816][ T6625]  ? __fget_files+0x2a/0x410
[  122.307417][ T6625]  ? __fget_files+0x2a/0x410
[  122.311991][ T6625]  ksys_write+0x18f/0x2b0
[  122.316310][ T6625]  ? __pfx_ksys_write+0x10/0x10
[  122.321779][ T6625]  ? do_syscall_64+0x100/0x230
[  122.326546][ T6625]  ? do_syscall_64+0xb6/0x230
[  122.331241][ T6625]  do_syscall_64+0xf3/0x230
[  122.335751][ T6625]  ? clear_bhb_loop+0x35/0x90
[  122.340433][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.346327][ T6625] RIP: 0033:0x7fcec0d7e98f
[  122.350907][ T6625] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  122.370499][ T6625] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  122.378984][ T6625] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  122.386939][ T6625] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  122.394986][ T6625] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  122.402944][ T6625] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  122.410899][ T6625] R13: 0000000000000000 R14: 00007fcec0f45fa0 R15: 00007fffa35fcab8
[  122.418856][ T6625]  </TASK>
[  122.421913][ T6625] BUG: Bad page state in process syz.0.15  pfn:63657
[  122.428582][ T6625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x63657
[  122.437428][ T6625] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  122.444585][ T6625] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  122.453234][ T6625] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  122.462228][ T6625] page dumped because: page_pool leak
[  122.467607][ T6625] page_owner tracks the page as allocated
[  122.473380][ T6625] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6625, tgid 6623 (syz.0.15), ts 116366650983, free_ts 112677335510
[  122.490268][ T6625]  post_alloc_hook+0x1f3/0x230
[  122.495061][ T6625]  get_page_from_freelist+0x3651/0x37a0
[  122.500620][ T6625]  __alloc_pages_noprof+0x292/0x710
[  122.506320][ T6625]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  122.511909][ T6625]  __page_pool_alloc_pages_slow+0x122/0x690
[  122.517796][ T6625]  page_pool_alloc_pages+0xd0/0x1c0
[  122.523066][ T6625]  skb_pp_cow_data+0xc43/0x1640
[  122.527939][ T6625]  do_xdp_generic+0x505/0xd30
[  122.532794][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  122.538536][ T6625]  __netif_receive_skb+0x12f/0x650
[  122.543713][ T6625]  netif_receive_skb+0x1e8/0x890
[  122.548671][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  122.553556][ T6625]  tun_get_user+0x30cc/0x48a0
[  122.558351][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  122.563611][ T6625]  vfs_write+0xaeb/0xd30
[  122.567961][ T6625]  ksys_write+0x18f/0x2b0
[  122.572326][ T6625] page last free pid 6482 tgid 6482 stack trace:
[  122.579087][ T6625]  free_unref_page+0xd2c/0x1000
[  122.584026][ T6625]  vfree+0x1c3/0x360
[  122.587937][ T6625]  kcov_close+0x28/0x50
[  122.592134][ T6625]  __fput+0x23c/0xa50
[  122.596124][ T6625]  task_work_run+0x24f/0x310
[  122.600703][ T6625]  do_exit+0xa2a/0x28e0
[  122.604894][ T6625]  do_group_exit+0x207/0x2c0
[  122.609491][ T6625]  get_signal+0x16b2/0x1750
[  122.614034][ T6625]  arch_do_signal_or_restart+0x96/0x860
[  122.619590][ T6625]  syscall_exit_to_user_mode+0xce/0x340
[  122.625692][ T6625]  do_syscall_64+0x100/0x230
[  122.630293][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.636229][ T6625] Modules linked in:
[  122.640284][ T6625] CPU: 0 UID: 0 PID: 6625 Comm: syz.0.15 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  122.651755][ T6625] Tainted: [B]=BAD_PAGE
[  122.655885][ T6625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  122.665925][ T6625] Call Trace:
[  122.669185][ T6625]  <TASK>
[  122.672113][ T6625]  dump_stack_lvl+0x241/0x360
[  122.676785][ T6625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  122.682238][ T6625]  ? __pfx_print_modules+0x10/0x10
[  122.687337][ T6625]  bad_page+0x176/0x1d0
[  122.691485][ T6625]  free_unref_page+0xf9e/0x1000
[  122.696341][ T6625]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  122.701973][ T6625]  bpf_xdp_adjust_tail+0x1c3/0x200
[  122.707433][ T6625]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  122.712891][ T6625]  bpf_prog_run_generic_xdp+0x686/0x1510
[  122.718512][ T6625]  do_xdp_generic+0x757/0xd30
[  122.723172][ T6625]  ? __pfx_do_xdp_generic+0x10/0x10
[  122.728356][ T6625]  ? __skb_flow_dissect+0x4f1/0x7d00
[  122.733629][ T6625]  __netif_receive_skb_core+0x1ce9/0x4690
[  122.739371][ T6625]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  122.745495][ T6625]  ? mark_lock+0x9a/0x360
[  122.749813][ T6625]  ? __lock_acquire+0x1397/0x2100
[  122.754824][ T6625]  __netif_receive_skb+0x12f/0x650
[  122.760107][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  122.765112][ T6625]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  122.771342][ T6625]  ? __pfx___netif_receive_skb+0x10/0x10
[  122.776968][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  122.781886][ T6625]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  122.787603][ T6625]  ? read_tsc+0x9/0x20
[  122.791660][ T6625]  ? netif_receive_skb+0x131/0x890
[  122.796767][ T6625]  ? netif_receive_skb+0x131/0x890
[  122.801867][ T6625]  netif_receive_skb+0x1e8/0x890
[  122.806831][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  122.811772][ T6625]  ? __pfx_netif_receive_skb+0x10/0x10
[  122.817304][ T6625]  ? tun_rx_batched+0x160/0x8f0
[  122.822137][ T6625]  tun_rx_batched+0x1b7/0x8f0
[  122.826802][ T6625]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  122.833134][ T6625]  ? __pfx_lock_acquire+0x10/0x10
[  122.838142][ T6625]  ? __pfx_tun_rx_batched+0x10/0x10
[  122.843339][ T6625]  tun_get_user+0x30cc/0x48a0
[  122.848015][ T6625]  ? tun_get_user+0x2bba/0x48a0
[  122.853220][ T6625]  ? __lock_acquire+0x1397/0x2100
[  122.858248][ T6625]  ? __pfx_tun_get_user+0x10/0x10
[  122.863265][ T6625]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  122.868733][ T6625]  ? tun_get+0x1e/0x2f0
[  122.872904][ T6625]  ? __pfx_lock_release+0x10/0x10
[  122.877924][ T6625]  ? tun_get+0x1e/0x2f0
[  122.882098][ T6625]  ? tun_get+0x27d/0x2f0
[  122.886377][ T6625]  tun_chr_write_iter+0x10d/0x1f0
[  122.891419][ T6625]  vfs_write+0xaeb/0xd30
[  122.895683][ T6625]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  122.901241][ T6625]  ? __pfx_vfs_write+0x10/0x10
[  122.906019][ T6625]  ? __fget_files+0x2a/0x410
[  122.910633][ T6625]  ? __fget_files+0x2a/0x410
[  122.915218][ T6625]  ksys_write+0x18f/0x2b0
[  122.920059][ T6625]  ? __pfx_ksys_write+0x10/0x10
[  122.924903][ T6625]  ? do_syscall_64+0x100/0x230
[  122.929759][ T6625]  ? do_syscall_64+0xb6/0x230
[  122.934504][ T6625]  do_syscall_64+0xf3/0x230
[  122.939019][ T6625]  ? clear_bhb_loop+0x35/0x90
[  122.943704][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.949714][ T6625] RIP: 0033:0x7fcec0d7e98f
[  122.954118][ T6625] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  122.973735][ T6625] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  122.982148][ T6625] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  122.990113][ T6625] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  122.998077][ T6625] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  123.006039][ T6625] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  123.013998][ T6625] R13: 0000000000000000 R14: 00007fcec0f45fa0 R15: 00007fffa35fcab8
[  123.021960][ T6625]  </TASK>
[  123.028310][ T5880] Bluetooth: hci0: command tx timeout
[  123.149107][ T6687] BUG: Bad page state in process syz.0.16  pfn:26cb1
[  123.155887][ T6687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26cb1
[  123.164722][ T6687] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  123.171905][ T6687] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  123.180515][ T6687] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  123.189164][ T6687] page dumped because: page_pool leak
[  123.194593][ T6687] page_owner tracks the page as allocated
[  123.200452][ T6687] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6687, tgid 6686 (syz.0.16), ts 123149044901, free_ts 123061484825
[  123.217546][ T6687]  post_alloc_hook+0x1f3/0x230
[  123.222377][ T6687]  get_page_from_freelist+0x3651/0x37a0
[  123.227955][ T6687]  __alloc_pages_noprof+0x292/0x710
[  123.233230][ T6687]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  123.238806][ T6687]  __page_pool_alloc_pages_slow+0x122/0x690
[  123.244800][ T6687]  page_pool_alloc_pages+0xd0/0x1c0
[  123.250084][ T6687]  skb_pp_cow_data+0xc43/0x1640
[  123.255018][ T6687]  do_xdp_generic+0x505/0xd30
[  123.259735][ T6687]  __netif_receive_skb_core+0x1ce9/0x4690
[  123.265527][ T6687]  __netif_receive_skb+0x12f/0x650
[  123.270689][ T6687]  netif_receive_skb+0x1e8/0x890
[  123.275703][ T6687]  tun_rx_batched+0x1b7/0x8f0
[  123.280409][ T6687]  tun_get_user+0x30cc/0x48a0
[  123.285156][ T6687]  tun_chr_write_iter+0x10d/0x1f0
[  123.290206][ T6687]  vfs_write+0xaeb/0xd30
[  123.294524][ T6687]  ksys_write+0x18f/0x2b0
[  123.298879][ T6687] page last free pid 5835 tgid 5835 stack trace:
[  123.305358][ T6687]  free_unref_page+0xd2c/0x1000
[  123.310241][ T6687]  vfree+0x1c3/0x360
[  123.314211][ T6687]  delayed_vfree_work+0x56/0x80
[  123.319129][ T6687]  process_scheduled_works+0xa66/0x1840
[  123.324927][ T6687]  worker_thread+0x870/0xd30
[  123.329669][ T6687]  kthread+0x2f0/0x390
[  123.333818][ T6687]  ret_from_fork+0x4b/0x80
[  123.338257][ T6687]  ret_from_fork_asm+0x1a/0x30
[  123.343101][ T6687] Modules linked in:
[  123.347024][ T6687] CPU: 0 UID: 0 PID: 6687 Comm: syz.0.16 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  123.358506][ T6687] Tainted: [B]=BAD_PAGE
[  123.362677][ T6687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  123.372749][ T6687] Call Trace:
[  123.376048][ T6687]  <TASK>
[  123.379001][ T6687]  dump_stack_lvl+0x241/0x360
[  123.383722][ T6687]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.389037][ T6687]  ? __pfx_print_modules+0x10/0x10
[  123.394179][ T6687]  bad_page+0x176/0x1d0
[  123.398367][ T6687]  free_unref_page+0xf9e/0x1000
[  123.403245][ T6687]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  123.408904][ T6687]  bpf_xdp_adjust_tail+0x1c3/0x200
[  123.414040][ T6687]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  123.419632][ T6687]  bpf_prog_run_generic_xdp+0x686/0x1510
[  123.425308][ T6687]  do_xdp_generic+0x757/0xd30
[  123.430019][ T6687]  ? __pfx_do_xdp_generic+0x10/0x10
[  123.435242][ T6687]  ? rcu_is_watching+0x15/0xb0
[  123.440045][ T6687]  ? rcu_is_watching+0x15/0xb0
[  123.444877][ T6687]  ? count_memcg_event_mm+0x94/0x420
[  123.450190][ T6687]  __netif_receive_skb_core+0x1ce9/0x4690
[  123.455967][ T6687]  ? handle_mm_fault+0x173f/0x1ad0
[  123.461148][ T6687]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  123.467248][ T6687]  ? rcu_is_watching+0x15/0xb0
[  123.472046][ T6687]  ? lock_release+0xbf/0xa30
[  123.476665][ T6687]  ? __pfx_lock_acquire+0x10/0x10
[  123.481716][ T6687]  ? __up_read+0x2c2/0x6b0
[  123.486164][ T6687]  ? rcu_is_watching+0x15/0xb0
[  123.490959][ T6687]  __netif_receive_skb+0x12f/0x650
[  123.496128][ T6687]  ? __pfx_lock_acquire+0x10/0x10
[  123.501183][ T6687]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  123.507456][ T6687]  ? __pfx___netif_receive_skb+0x10/0x10
[  123.513122][ T6687]  ? tun_rx_batched+0x160/0x8f0
[  123.518031][ T6687]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  123.523787][ T6687]  ? read_tsc+0x9/0x20
[  123.527890][ T6687]  ? ktime_get_with_offset+0x249/0x290
[  123.533379][ T6687]  ? netif_receive_skb+0x131/0x890
[  123.538524][ T6687]  netif_receive_skb+0x1e8/0x890
[  123.543495][ T6687]  ? tun_rx_batched+0x160/0x8f0
[  123.548377][ T6687]  ? __pfx_netif_receive_skb+0x10/0x10
[  123.553866][ T6687]  ? skb_set_owner_w+0x246/0x380
[  123.558847][ T6687]  ? tun_rx_batched+0x160/0x8f0
[  123.563727][ T6687]  tun_rx_batched+0x1b7/0x8f0
[  123.568434][ T6687]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  123.574790][ T6687]  ? __pfx_lock_acquire+0x10/0x10
[  123.579839][ T6687]  ? rcu_is_watching+0x15/0xb0
[  123.584630][ T6687]  ? __pfx_tun_rx_batched+0x10/0x10
[  123.589865][ T6687]  tun_get_user+0x30cc/0x48a0
[  123.594619][ T6687]  ? tun_get_user+0x2bba/0x48a0
[  123.599503][ T6687]  ? preempt_schedule_thunk+0x1a/0x30
[  123.604929][ T6687]  ? __pfx_tun_get_user+0x10/0x10
[  123.609987][ T6687]  ? try_to_wake_up+0x9c3/0x1470
[  123.614953][ T6687]  ? tun_get+0x1e/0x2f0
[  123.619137][ T6687]  ? rcu_is_watching+0x15/0xb0
[  123.623932][ T6687]  ? tun_get+0x1e/0x2f0
[  123.628111][ T6687]  ? lock_release+0xbf/0xa30
[  123.632731][ T6687]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  123.638228][ T6687]  ? __pfx_lock_release+0x10/0x10
[  123.643285][ T6687]  ? futex_wake+0x523/0x5c0
[  123.647902][ T6687]  ? tun_get+0x1e/0x2f0
[  123.652089][ T6687]  ? tun_get+0x27d/0x2f0
[  123.656364][ T6687]  tun_chr_write_iter+0x10d/0x1f0
[  123.661423][ T6687]  vfs_write+0xaeb/0xd30
[  123.665883][ T6687]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  123.671456][ T6687]  ? __pfx_vfs_write+0x10/0x10
[  123.676252][ T6687]  ? __fget_files+0x2a/0x410
[  123.680876][ T6687]  ? __fget_files+0x2a/0x410
[  123.685505][ T6687]  ksys_write+0x18f/0x2b0
[  123.689862][ T6687]  ? __pfx_ksys_write+0x10/0x10
[  123.694766][ T6687]  ? rcu_is_watching+0x15/0xb0
[  123.699574][ T6687]  ? rcu_is_watching+0x15/0xb0
[  123.704363][ T6687]  do_syscall_64+0xf3/0x230
[  123.708897][ T6687]  ? clear_bhb_loop+0x35/0x90
[  123.713647][ T6687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.719588][ T6687] RIP: 0033:0x7fcec0d7e98f
[  123.724030][ T6687] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  123.743662][ T6687] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  123.752104][ T6687] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  123.760092][ T6687] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  123.768149][ T6687] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  123.776113][ T6687] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  123.784076][ T6687] R13: 0000000000000000 R14: 00007fcec0f45fa0 R15: 00007fffa35fcab8
[  123.792045][ T6687]  </TASK>
[  123.795105][ T6687] BUG: Bad page state in process syz.0.16  pfn:24a9b
[  123.801812][ T6687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888024a9bf50 pfn:0x24a9b
[  123.811918][ T6687] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  123.819477][ T6687] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  123.828110][ T6687] raw: ffff888024a9bf50 0000000000000001 00000000ffffffff 0000000000000000
[  123.836818][ T6687] page dumped because: page_pool leak
[  123.842219][ T6687] page_owner tracks the page as allocated
[  123.848112][ T6687] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6687, tgid 6686 (syz.0.16), ts 123149036065, free_ts 123061503120
[  123.865017][ T6687]  post_alloc_hook+0x1f3/0x230
[  123.869793][ T6687]  get_page_from_freelist+0x3651/0x37a0
[  123.875393][ T6687]  __alloc_pages_noprof+0x292/0x710
[  123.880616][ T6687]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  123.886177][ T6687]  __page_pool_alloc_pages_slow+0x122/0x690
[  123.892145][ T6687]  page_pool_alloc_pages+0xd0/0x1c0
[  123.897354][ T6687]  skb_pp_cow_data+0xc43/0x1640
[  123.902235][ T6687]  do_xdp_generic+0x505/0xd30
[  123.906970][ T6687]  __netif_receive_skb_core+0x1ce9/0x4690
[  123.912742][ T6687]  __netif_receive_skb+0x12f/0x650
[  123.917878][ T6687]  netif_receive_skb+0x1e8/0x890
[  123.922878][ T6687]  tun_rx_batched+0x1b7/0x8f0
[  123.927580][ T6687]  tun_get_user+0x30cc/0x48a0
[  123.932305][ T6687]  tun_chr_write_iter+0x10d/0x1f0
[  123.937355][ T6687]  vfs_write+0xaeb/0xd30
[  123.941647][ T6687]  ksys_write+0x18f/0x2b0
[  123.945997][ T6687] page last free pid 5835 tgid 5835 stack trace:
[  123.952470][ T6687]  free_unref_page+0xd2c/0x1000
[  123.957339][ T6687]  vfree+0x1c3/0x360
[  123.961255][ T6687]  delayed_vfree_work+0x56/0x80
[  123.966141][ T6687]  process_scheduled_works+0xa66/0x1840
[  123.971771][ T6687]  worker_thread+0x870/0xd30
[  123.976373][ T6687]  kthread+0x2f0/0x390
[  123.980466][ T6687]  ret_from_fork+0x4b/0x80
[  123.984935][ T6687]  ret_from_fork_asm+0x1a/0x30
[  123.989723][ T6687] Modules linked in:
[  123.993671][ T6687] CPU: 0 UID: 0 PID: 6687 Comm: syz.0.16 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  124.005123][ T6687] Tainted: [B]=BAD_PAGE
[  124.009296][ T6687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  124.019337][ T6687] Call Trace:
[  124.022609][ T6687]  <TASK>
[  124.025526][ T6687]  dump_stack_lvl+0x241/0x360
[  124.030195][ T6687]  ? __pfx_dump_stack_lvl+0x10/0x10
[  124.035376][ T6687]  ? __pfx_print_modules+0x10/0x10
[  124.040480][ T6687]  bad_page+0x176/0x1d0
[  124.044631][ T6687]  free_unref_page+0xf9e/0x1000
[  124.049473][ T6687]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  124.055097][ T6687]  bpf_xdp_adjust_tail+0x1c3/0x200
[  124.060201][ T6687]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  124.065732][ T6687]  bpf_prog_run_generic_xdp+0x686/0x1510
[  124.071374][ T6687]  do_xdp_generic+0x757/0xd30
[  124.076066][ T6687]  ? __pfx_do_xdp_generic+0x10/0x10
[  124.081360][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.086249][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.091122][ T6687]  ? count_memcg_event_mm+0x94/0x420
[  124.096423][ T6687]  __netif_receive_skb_core+0x1ce9/0x4690
[  124.102164][ T6687]  ? handle_mm_fault+0x173f/0x1ad0
[  124.107293][ T6687]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  124.113356][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.118111][ T6687]  ? lock_release+0xbf/0xa30
[  124.122689][ T6687]  ? __pfx_lock_acquire+0x10/0x10
[  124.127705][ T6687]  ? __up_read+0x2c2/0x6b0
[  124.132110][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.136865][ T6687]  __netif_receive_skb+0x12f/0x650
[  124.141997][ T6687]  ? __pfx_lock_acquire+0x10/0x10
[  124.147027][ T6687]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  124.153290][ T6687]  ? __pfx___netif_receive_skb+0x10/0x10
[  124.158937][ T6687]  ? tun_rx_batched+0x160/0x8f0
[  124.163894][ T6687]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  124.169612][ T6687]  ? read_tsc+0x9/0x20
[  124.173685][ T6687]  ? ktime_get_with_offset+0x249/0x290
[  124.179141][ T6687]  ? netif_receive_skb+0x131/0x890
[  124.184262][ T6687]  netif_receive_skb+0x1e8/0x890
[  124.189195][ T6687]  ? tun_rx_batched+0x160/0x8f0
[  124.194033][ T6687]  ? __pfx_netif_receive_skb+0x10/0x10
[  124.199480][ T6687]  ? skb_set_owner_w+0x246/0x380
[  124.204420][ T6687]  ? tun_rx_batched+0x160/0x8f0
[  124.209262][ T6687]  tun_rx_batched+0x1b7/0x8f0
[  124.214025][ T6687]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  124.220347][ T6687]  ? __pfx_lock_acquire+0x10/0x10
[  124.225355][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.230106][ T6687]  ? __pfx_tun_rx_batched+0x10/0x10
[  124.235304][ T6687]  tun_get_user+0x30cc/0x48a0
[  124.240015][ T6687]  ? tun_get_user+0x2bba/0x48a0
[  124.244866][ T6687]  ? preempt_schedule_thunk+0x1a/0x30
[  124.250221][ T6687]  ? __pfx_tun_get_user+0x10/0x10
[  124.255243][ T6687]  ? try_to_wake_up+0x9c3/0x1470
[  124.260195][ T6687]  ? tun_get+0x1e/0x2f0
[  124.264423][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.269172][ T6687]  ? tun_get+0x1e/0x2f0
[  124.273309][ T6687]  ? lock_release+0xbf/0xa30
[  124.277884][ T6687]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  124.283330][ T6687]  ? __pfx_lock_release+0x10/0x10
[  124.288426][ T6687]  ? futex_wake+0x523/0x5c0
[  124.293018][ T6687]  ? tun_get+0x1e/0x2f0
[  124.297157][ T6687]  ? tun_get+0x27d/0x2f0
[  124.301415][ T6687]  tun_chr_write_iter+0x10d/0x1f0
[  124.306440][ T6687]  vfs_write+0xaeb/0xd30
[  124.310722][ T6687]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  124.316258][ T6687]  ? __pfx_vfs_write+0x10/0x10
[  124.321008][ T6687]  ? __fget_files+0x2a/0x410
[  124.325602][ T6687]  ? __fget_files+0x2a/0x410
[  124.330187][ T6687]  ksys_write+0x18f/0x2b0
[  124.334510][ T6687]  ? __pfx_ksys_write+0x10/0x10
[  124.339342][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.344096][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.348895][ T6687]  do_syscall_64+0xf3/0x230
[  124.353412][ T6687]  ? clear_bhb_loop+0x35/0x90
[  124.358110][ T6687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.364016][ T6687] RIP: 0033:0x7fcec0d7e98f
[  124.368422][ T6687] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  124.388042][ T6687] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  124.396448][ T6687] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  124.404413][ T6687] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  124.412374][ T6687] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  124.420348][ T6687] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  124.428324][ T6687] R13: 0000000000000000 R14: 00007fcec0f45fa0 R15: 00007fffa35fcab8
[  124.436374][ T6687]  </TASK>
[  124.439540][ T6687] BUG: Bad page state in process syz.0.16  pfn:22f37
[  124.446259][ T6687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22f37
[  124.455057][ T6687] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  124.462216][ T6687] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  124.470820][ T6687] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  124.479452][ T6687] page dumped because: page_pool leak
[  124.484860][ T6687] page_owner tracks the page as allocated
[  124.490566][ T6687] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6687, tgid 6686 (syz.0.16), ts 123149027984, free_ts 123061513056
[  124.507448][ T6687]  post_alloc_hook+0x1f3/0x230
[  124.512257][ T6687]  get_page_from_freelist+0x3651/0x37a0
[  124.517858][ T6687]  __alloc_pages_noprof+0x292/0x710
[  124.523092][ T6687]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  124.528666][ T6687]  __page_pool_alloc_pages_slow+0x122/0x690
[  124.534609][ T6687]  page_pool_alloc_pages+0xd0/0x1c0
[  124.539838][ T6687]  skb_pp_cow_data+0xc43/0x1640
[  124.544808][ T6687]  do_xdp_generic+0x505/0xd30
[  124.549489][ T6687]  __netif_receive_skb_core+0x1ce9/0x4690
[  124.555247][ T6687]  __netif_receive_skb+0x12f/0x650
[  124.560368][ T6687]  netif_receive_skb+0x1e8/0x890
[  124.565345][ T6687]  tun_rx_batched+0x1b7/0x8f0
[  124.570057][ T6687]  tun_get_user+0x30cc/0x48a0
[  124.574771][ T6687]  tun_chr_write_iter+0x10d/0x1f0
[  124.579832][ T6687]  vfs_write+0xaeb/0xd30
[  124.584305][ T6687]  ksys_write+0x18f/0x2b0
[  124.588665][ T6687] page last free pid 5835 tgid 5835 stack trace:
[  124.595018][ T6687]  free_unref_page+0xd2c/0x1000
[  124.599875][ T6687]  vfree+0x1c3/0x360
[  124.603843][ T6687]  delayed_vfree_work+0x56/0x80
[  124.608698][ T6687]  process_scheduled_works+0xa66/0x1840
[  124.614295][ T6687]  worker_thread+0x870/0xd30
[  124.618915][ T6687]  kthread+0x2f0/0x390
[  124.623033][ T6687]  ret_from_fork+0x4b/0x80
[  124.627453][ T6687]  ret_from_fork_asm+0x1a/0x30
[  124.632265][ T6687] Modules linked in:
[  124.636200][ T6687] CPU: 0 UID: 0 PID: 6687 Comm: syz.0.16 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  124.647733][ T6687] Tainted: [B]=BAD_PAGE
[  124.651887][ T6687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  124.662103][ T6687] Call Trace:
[  124.665372][ T6687]  <TASK>
[  124.668287][ T6687]  dump_stack_lvl+0x241/0x360
[  124.672950][ T6687]  ? __pfx_dump_stack_lvl+0x10/0x10
[  124.678132][ T6687]  ? __pfx_print_modules+0x10/0x10
[  124.683230][ T6687]  bad_page+0x176/0x1d0
[  124.687377][ T6687]  free_unref_page+0xf9e/0x1000
[  124.692218][ T6687]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  124.697837][ T6687]  bpf_xdp_adjust_tail+0x1c3/0x200
[  124.702936][ T6687]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  124.708389][ T6687]  bpf_prog_run_generic_xdp+0x686/0x1510
[  124.714036][ T6687]  do_xdp_generic+0x757/0xd30
[  124.718713][ T6687]  ? __pfx_do_xdp_generic+0x10/0x10
[  124.723904][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.728672][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.733430][ T6687]  ? count_memcg_event_mm+0x94/0x420
[  124.738717][ T6687]  __netif_receive_skb_core+0x1ce9/0x4690
[  124.744540][ T6687]  ? handle_mm_fault+0x173f/0x1ad0
[  124.749645][ T6687]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  124.755713][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.760467][ T6687]  ? lock_release+0xbf/0xa30
[  124.765044][ T6687]  ? __pfx_lock_acquire+0x10/0x10
[  124.770082][ T6687]  ? __up_read+0x2c2/0x6b0
[  124.774674][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.779453][ T6687]  __netif_receive_skb+0x12f/0x650
[  124.784558][ T6687]  ? __pfx_lock_acquire+0x10/0x10
[  124.789655][ T6687]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  124.795963][ T6687]  ? __pfx___netif_receive_skb+0x10/0x10
[  124.801634][ T6687]  ? tun_rx_batched+0x160/0x8f0
[  124.806517][ T6687]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  124.812231][ T6687]  ? read_tsc+0x9/0x20
[  124.816317][ T6687]  ? ktime_get_with_offset+0x249/0x290
[  124.821806][ T6687]  ? netif_receive_skb+0x131/0x890
[  124.826920][ T6687]  netif_receive_skb+0x1e8/0x890
[  124.831848][ T6687]  ? tun_rx_batched+0x160/0x8f0
[  124.836714][ T6687]  ? __pfx_netif_receive_skb+0x10/0x10
[  124.842185][ T6687]  ? skb_set_owner_w+0x246/0x380
[  124.847128][ T6687]  ? tun_rx_batched+0x160/0x8f0
[  124.851992][ T6687]  tun_rx_batched+0x1b7/0x8f0
[  124.856661][ T6687]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  124.863474][ T6687]  ? __pfx_lock_acquire+0x10/0x10
[  124.868538][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.873299][ T6687]  ? __pfx_tun_rx_batched+0x10/0x10
[  124.878494][ T6687]  tun_get_user+0x30cc/0x48a0
[  124.883169][ T6687]  ? tun_get_user+0x2bba/0x48a0
[  124.888035][ T6687]  ? preempt_schedule_thunk+0x1a/0x30
[  124.893428][ T6687]  ? __pfx_tun_get_user+0x10/0x10
[  124.898560][ T6687]  ? try_to_wake_up+0x9c3/0x1470
[  124.903779][ T6687]  ? tun_get+0x1e/0x2f0
[  124.907960][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.912760][ T6687]  ? tun_get+0x1e/0x2f0
[  124.916949][ T6687]  ? lock_release+0xbf/0xa30
[  124.921631][ T6687]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  124.927107][ T6687]  ? __pfx_lock_release+0x10/0x10
[  124.932320][ T6687]  ? futex_wake+0x523/0x5c0
[  124.937001][ T6687]  ? tun_get+0x1e/0x2f0
[  124.941160][ T6687]  ? tun_get+0x27d/0x2f0
[  124.945398][ T6687]  tun_chr_write_iter+0x10d/0x1f0
[  124.950481][ T6687]  vfs_write+0xaeb/0xd30
[  124.954718][ T6687]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  124.960283][ T6687]  ? __pfx_vfs_write+0x10/0x10
[  124.965041][ T6687]  ? __fget_files+0x2a/0x410
[  124.969621][ T6687]  ? __fget_files+0x2a/0x410
[  124.974198][ T6687]  ksys_write+0x18f/0x2b0
[  124.978516][ T6687]  ? __pfx_ksys_write+0x10/0x10
[  124.983557][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.988307][ T6687]  ? rcu_is_watching+0x15/0xb0
[  124.993079][ T6687]  do_syscall_64+0xf3/0x230
[  124.997571][ T6687]  ? clear_bhb_loop+0x35/0x90
[  125.002233][ T6687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.008115][ T6687] RIP: 0033:0x7fcec0d7e98f
[  125.012563][ T6687] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  125.032244][ T6687] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  125.040819][ T6687] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  125.048787][ T6687] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  125.056751][ T6687] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  125.064807][ T6687] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  125.072779][ T6687] R13: 0000000000000000 R14: 00007fcec0f45fa0 R15: 00007fffa35fcab8
[  125.080771][ T6687]  </TASK>
[  125.083919][ T6687] BUG: Bad page state in process syz.0.16  pfn:30048
[  125.090600][ T6687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888030048e70 pfn:0x30048
[  125.100708][ T6687] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  125.107893][ T6687] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  125.116542][ T6687] raw: ffff888030048e70 0000000000000001 00000000ffffffff 0000000000000000
[  125.125165][ T6687] page dumped because: page_pool leak
[  125.130628][ T6687] page_owner tracks the page as allocated
[  125.136404][ T6687] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6687, tgid 6686 (syz.0.16), ts 123149019976, free_ts 123075177607
[  125.153479][ T6687]  post_alloc_hook+0x1f3/0x230
[  125.158325][ T6687]  get_page_from_freelist+0x3651/0x37a0
[  125.163902][ T6687]  __alloc_pages_noprof+0x292/0x710
[  125.169112][ T6687]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  125.174612][ T6687]  __page_pool_alloc_pages_slow+0x122/0x690
[  125.180607][ T6687]  page_pool_alloc_pages+0xd0/0x1c0
[  125.185852][ T6687]  skb_pp_cow_data+0xc43/0x1640
[  125.190747][ T6687]  do_xdp_generic+0x505/0xd30
[  125.195581][ T6687]  __netif_receive_skb_core+0x1ce9/0x4690
[  125.201321][ T6687]  __netif_receive_skb+0x12f/0x650
[  125.206569][ T6687]  netif_receive_skb+0x1e8/0x890
[  125.211557][ T6687]  tun_rx_batched+0x1b7/0x8f0
[  125.216257][ T6687]  tun_get_user+0x30cc/0x48a0
[  125.221279][ T6687]  tun_chr_write_iter+0x10d/0x1f0
[  125.226401][ T6687]  vfs_write+0xaeb/0xd30
[  125.230724][ T6687]  ksys_write+0x18f/0x2b0
[  125.235104][ T6687] page last free pid 5491 tgid 5491 stack trace:
[  125.241556][ T6687]  free_unref_page+0xd2c/0x1000
[  125.246410][ T6687]  __slab_free+0x2c2/0x380
[  125.250820][ T6687]  qlist_free_all+0x9a/0x140
[  125.255446][ T6687]  kasan_quarantine_reduce+0x14f/0x170
[  125.261088][ T6687]  __kasan_slab_alloc+0x23/0x80
[  125.266014][ T6687]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  125.271963][ T6687]  __alloc_skb+0x1c3/0x440
[  125.276480][ T6687]  netlink_sendmsg+0x638/0xcb0
[  125.281266][ T6687]  __sock_sendmsg+0x221/0x270
[  125.285988][ T6687]  ____sys_sendmsg+0x52a/0x7e0
[  125.290776][ T6687]  __sys_sendmsg+0x269/0x350
[  125.295418][ T6687]  do_syscall_64+0xf3/0x230
[  125.300025][ T6687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.306040][ T6687] Modules linked in:
[  125.309953][ T6687] CPU: 0 UID: 0 PID: 6687 Comm: syz.0.16 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  125.321428][ T6687] Tainted: [B]=BAD_PAGE
[  125.325653][ T6687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  125.335889][ T6687] Call Trace:
[  125.339159][ T6687]  <TASK>
[  125.342079][ T6687]  dump_stack_lvl+0x241/0x360
[  125.346847][ T6687]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.352037][ T6687]  ? __pfx_print_modules+0x10/0x10
[  125.357139][ T6687]  bad_page+0x176/0x1d0
[  125.361292][ T6687]  free_unref_page+0xf9e/0x1000
[  125.366145][ T6687]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  125.371767][ T6687]  bpf_xdp_adjust_tail+0x1c3/0x200
[  125.376889][ T6687]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  125.382327][ T6687]  bpf_prog_run_generic_xdp+0x686/0x1510
[  125.387956][ T6687]  do_xdp_generic+0x757/0xd30
[  125.392625][ T6687]  ? __pfx_do_xdp_generic+0x10/0x10
[  125.397821][ T6687]  ? rcu_is_watching+0x15/0xb0
[  125.402581][ T6687]  ? rcu_is_watching+0x15/0xb0
[  125.407337][ T6687]  ? count_memcg_event_mm+0x94/0x420
[  125.412610][ T6687]  __netif_receive_skb_core+0x1ce9/0x4690
[  125.418328][ T6687]  ? handle_mm_fault+0x173f/0x1ad0
[  125.423632][ T6687]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  125.429703][ T6687]  ? rcu_is_watching+0x15/0xb0
[  125.434456][ T6687]  ? lock_release+0xbf/0xa30
[  125.439036][ T6687]  ? __pfx_lock_acquire+0x10/0x10
[  125.444046][ T6687]  ? __up_read+0x2c2/0x6b0
[  125.448456][ T6687]  ? rcu_is_watching+0x15/0xb0
[  125.453208][ T6687]  __netif_receive_skb+0x12f/0x650
[  125.458315][ T6687]  ? __pfx_lock_acquire+0x10/0x10
[  125.463334][ T6687]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  125.469609][ T6687]  ? __pfx___netif_receive_skb+0x10/0x10
[  125.475237][ T6687]  ? tun_rx_batched+0x160/0x8f0
[  125.480076][ T6687]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  125.485782][ T6687]  ? read_tsc+0x9/0x20
[  125.489852][ T6687]  ? ktime_get_with_offset+0x249/0x290
[  125.495394][ T6687]  ? netif_receive_skb+0x131/0x890
[  125.500515][ T6687]  netif_receive_skb+0x1e8/0x890
[  125.505450][ T6687]  ? tun_rx_batched+0x160/0x8f0
[  125.510295][ T6687]  ? __pfx_netif_receive_skb+0x10/0x10
[  125.515836][ T6687]  ? skb_set_owner_w+0x246/0x380
[  125.520856][ T6687]  ? tun_rx_batched+0x160/0x8f0
[  125.525719][ T6687]  tun_rx_batched+0x1b7/0x8f0
[  125.530400][ T6687]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  125.536904][ T6687]  ? __pfx_lock_acquire+0x10/0x10
[  125.541953][ T6687]  ? rcu_is_watching+0x15/0xb0
[  125.546712][ T6687]  ? __pfx_tun_rx_batched+0x10/0x10
[  125.551909][ T6687]  tun_get_user+0x30cc/0x48a0
[  125.556573][ T6687]  ? tun_get_user+0x2bba/0x48a0
[  125.561429][ T6687]  ? preempt_schedule_thunk+0x1a/0x30
[  125.566798][ T6687]  ? __pfx_tun_get_user+0x10/0x10
[  125.571814][ T6687]  ? try_to_wake_up+0x9c3/0x1470
[  125.576744][ T6687]  ? tun_get+0x1e/0x2f0
[  125.580886][ T6687]  ? rcu_is_watching+0x15/0xb0
[  125.585641][ T6687]  ? tun_get+0x1e/0x2f0
[  125.589785][ T6687]  ? lock_release+0xbf/0xa30
[  125.594365][ T6687]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  125.599851][ T6687]  ? __pfx_lock_release+0x10/0x10
[  125.604866][ T6687]  ? futex_wake+0x523/0x5c0
[  125.609378][ T6687]  ? tun_get+0x1e/0x2f0
[  125.613531][ T6687]  ? tun_get+0x27d/0x2f0
[  125.617804][ T6687]  tun_chr_write_iter+0x10d/0x1f0
[  125.622864][ T6687]  vfs_write+0xaeb/0xd30
[  125.627128][ T6687]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  125.632691][ T6687]  ? __pfx_vfs_write+0x10/0x10
[  125.637444][ T6687]  ? __fget_files+0x2a/0x410
[  125.642030][ T6687]  ? __fget_files+0x2a/0x410
[  125.646612][ T6687]  ksys_write+0x18f/0x2b0
[  125.650939][ T6687]  ? __pfx_ksys_write+0x10/0x10
[  125.655783][ T6687]  ? rcu_is_watching+0x15/0xb0
[  125.660557][ T6687]  ? rcu_is_watching+0x15/0xb0
[  125.665317][ T6687]  do_syscall_64+0xf3/0x230
[  125.669821][ T6687]  ? clear_bhb_loop+0x35/0x90
[  125.674611][ T6687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.680522][ T6687] RIP: 0033:0x7fcec0d7e98f
[  125.684929][ T6687] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  125.704717][ T6687] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  125.713137][ T6687] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  125.721106][ T6687] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  125.729060][ T6687] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  125.737028][ T6687] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  125.744987][ T6687] R13: 0000000000000000 R14: 00007fcec0f45fa0 R15: 00007fffa35fcab8
[  125.752951][ T6687]  </TASK>
[  125.756006][ T6687] BUG: Bad page state in process syz.0.16  pfn:5b6a0
[  125.762706][ T6687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805b6a08b8 pfn:0x5b6a0
[  125.772833][ T6687] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  125.779955][ T6687] raw: 00fff00000000000 dead000000000040 ffff888022288000 0000000000000000
[  125.788924][ T6687] raw: ffff88805b6a08b8 0000000000000001 00000000ffffffff 0000000000000000
[  125.797636][ T6687] page dumped because: page_pool leak
[  125.803049][ T6687] page_owner tracks the page as allocated
[  125.808876][ T6687] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6687, tgid 6686 (syz.0.16), ts 123149012401, free_ts 123075207559
[  125.825884][ T6687]  post_alloc_hook+0x1f3/0x230
[  125.830859][ T6687]  get_page_from_freelist+0x3651/0x37a0
[  125.836475][ T6687]  __alloc_pages_noprof+0x292/0x710
[  125.841938][ T6687]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  125.847560][ T6687]  __page_pool_alloc_pages_slow+0x122/0x690
[  125.853647][ T6687]  page_pool_alloc_pages+0xd0/0x1c0
[  125.858888][ T6687]  skb_pp_cow_data+0xc43/0x1640
[  125.863819][ T6687]  do_xdp_generic+0x505/0xd30
[  125.868617][ T6687]  __netif_receive_skb_core+0x1ce9/0x4690
[  125.874394][ T6687]  __netif_receive_skb+0x12f/0x650
[  125.879553][ T6687]  netif_receive_skb+0x1e8/0x890
[  125.884572][ T6687]  tun_rx_batched+0x1b7/0x8f0
[  125.889374][ T6687]  tun_get_user+0x30cc/0x48a0
[  125.894199][ T6687]  tun_chr_write_iter+0x10d/0x1f0
[  125.899356][ T6687]  vfs_write+0xaeb/0xd30
[  125.903858][ T6687]  ksys_write+0x18f/0x2b0
[  125.908237][ T6687] page last free pid 5491 tgid 5491 stack trace:
[  125.914693][ T6687]  free_unref_page+0xd2c/0x1000
[  125.919574][ T6687]  __slab_free+0x2c2/0x380
[  125.924057][ T6687]  qlist_free_all+0x9a/0x140
[  125.928670][ T6687]  kasan_quarantine_reduce+0x14f/0x170
[  125.934310][ T6687]  __kasan_slab_alloc+0x23/0x80
[  125.939205][ T6687]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  125.945156][ T6687]  __alloc_skb+0x1c3/0x440
[  125.949597][ T6687]  netlink_sendmsg+0x638/0xcb0
[  125.954437][ T6687]  __sock_sendmsg+0x221/0x270
[  125.959158][ T6687]  ____sys_sendmsg+0x52a/0x7e0
[  125.963968][ T6687]  __sys_sendmsg+0x269/0x350
[  125.968570][ T6687]  do_syscall_64+0xf3/0x230
[  125.973116][ T6687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.979040][ T6687] Modules linked in:
[  125.982975][ T6687] CPU: 0 UID: 0 PID: 6687 Comm: syz.0.16 Tainted: G    B              6.13.0-rc4-syzkaller-g4bbf9020becb #0
[  125.994445][ T6687] Tainted: [B]=BAD_PAGE
[  125.998700][ T6687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  126.009115][ T6687] Call Trace:
[  126.012457][ T6687]  <TASK>
[  126.015405][ T6687]  dump_stack_lvl+0x241/0x360
[  126.020103][ T6687]  ? __pfx_dump_stack_lvl+0x10/0x10
[  126.025574][ T6687]  ? __pfx_print_modules+0x10/0x10
[  126.030801][ T6687]  bad_page+0x176/0x1d0
[  126.034976][ T6687]  free_unref_page+0xf9e/0x1000
[  126.039864][ T6687]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  126.045592][ T6687]  bpf_xdp_adjust_tail+0x1c3/0x200
[  126.050901][ T6687]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  126.056543][ T6687]  bpf_prog_run_generic_xdp+0x686/0x1510
[  126.062202][ T6687]  do_xdp_generic+0x757/0xd30
[  126.066917][ T6687]  ? __pfx_do_xdp_generic+0x10/0x10
[  126.072123][ T6687]  ? rcu_is_watching+0x15/0xb0
[  126.076899][ T6687]  ? rcu_is_watching+0x15/0xb0
[  126.081686][ T6687]  ? count_memcg_event_mm+0x94/0x420
[  126.086976][ T6687]  __netif_receive_skb_core+0x1ce9/0x4690
[  126.092900][ T6687]  ? handle_mm_fault+0x173f/0x1ad0
[  126.098028][ T6687]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  126.104234][ T6687]  ? rcu_is_watching+0x15/0xb0
[  126.109037][ T6687]  ? lock_release+0xbf/0xa30
[  126.113670][ T6687]  ? __pfx_lock_acquire+0x10/0x10
[  126.118795][ T6687]  ? __up_read+0x2c2/0x6b0
[  126.123454][ T6687]  ? rcu_is_watching+0x15/0xb0
[  126.128238][ T6687]  __netif_receive_skb+0x12f/0x650
[  126.133354][ T6687]  ? __pfx_lock_acquire+0x10/0x10
[  126.138380][ T6687]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  126.144621][ T6687]  ? __pfx___netif_receive_skb+0x10/0x10
[  126.150305][ T6687]  ? tun_rx_batched+0x160/0x8f0
[  126.155163][ T6687]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  126.160891][ T6687]  ? read_tsc+0x9/0x20
[  126.164977][ T6687]  ? ktime_get_with_offset+0x249/0x290
[  126.170436][ T6687]  ? netif_receive_skb+0x131/0x890
[  126.175545][ T6687]  netif_receive_skb+0x1e8/0x890
[  126.180480][ T6687]  ? tun_rx_batched+0x160/0x8f0
[  126.185414][ T6687]  ? __pfx_netif_receive_skb+0x10/0x10
[  126.190895][ T6687]  ? skb_set_owner_w+0x246/0x380
[  126.195958][ T6687]  ? tun_rx_batched+0x160/0x8f0
[  126.200819][ T6687]  tun_rx_batched+0x1b7/0x8f0
[  126.205512][ T6687]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  126.212017][ T6687]  ? __pfx_lock_acquire+0x10/0x10
[  126.217039][ T6687]  ? rcu_is_watching+0x15/0xb0
[  126.221808][ T6687]  ? __pfx_tun_rx_batched+0x10/0x10
[  126.227041][ T6687]  tun_get_user+0x30cc/0x48a0
[  126.231729][ T6687]  ? tun_get_user+0x2bba/0x48a0
[  126.236608][ T6687]  ? preempt_schedule_thunk+0x1a/0x30
[  126.242081][ T6687]  ? __pfx_tun_get_user+0x10/0x10
[  126.247131][ T6687]  ? try_to_wake_up+0x9c3/0x1470
[  126.252125][ T6687]  ? tun_get+0x1e/0x2f0
[  126.256290][ T6687]  ? rcu_is_watching+0x15/0xb0
[  126.261065][ T6687]  ? tun_get+0x1e/0x2f0
[  126.265324][ T6687]  ? lock_release+0xbf/0xa30
[  126.269958][ T6687]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  126.275505][ T6687]  ? __pfx_lock_release+0x10/0x10
[  126.280645][ T6687]  ? futex_wake+0x523/0x5c0
[  126.285221][ T6687]  ? tun_get+0x1e/0x2f0
[  126.289487][ T6687]  ? tun_get+0x27d/0x2f0
[  126.293732][ T6687]  tun_chr_write_iter+0x10d/0x1f0
[  126.298782][ T6687]  vfs_write+0xaeb/0xd30
[  126.303034][ T6687]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  126.308659][ T6687]  ? __pfx_vfs_write+0x10/0x10
[  126.313422][ T6687]  ? __fget_files+0x2a/0x410
[  126.318001][ T6687]  ? __fget_files+0x2a/0x410
[  126.322669][ T6687]  ksys_write+0x18f/0x2b0
[  126.327001][ T6687]  ? __pfx_ksys_write+0x10/0x10
[  126.331842][ T6687]  ? rcu_is_watching+0x15/0xb0
[  126.336612][ T6687]  ? rcu_is_watching+0x15/0xb0
[  126.341382][ T6687]  do_syscall_64+0xf3/0x230
[  126.345895][ T6687]  ? clear_bhb_loop+0x35/0x90
[  126.350582][ T6687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.356584][ T6687] RIP: 0033:0x7fcec0d7e98f
[  126.361011][ T6687] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  126.380709][ T6687] RSP: 002b:00007fcec1c47020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  126.389278][ T6687] RAX: ffffffffffffffda RBX: 00007fcec0f45fa0 RCX: 00007fcec0d7e98f
[  126.397265][ T6687] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  126.405340][ T6687] RBP: 00007fcec0df3cc8 R08: 0000000000000000 R09: 0000000000000000