last executing test programs: 1.607341574s ago: executing program 3 (id=175): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000002500)) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8983, 0x0) 1.433079789s ago: executing program 3 (id=178): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmmsg(r0, &(0x7f00000016c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4851) 1.318953017s ago: executing program 2 (id=180): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x64, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x5}]}, 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) 1.245323892s ago: executing program 3 (id=182): r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback={0x0, 0xffffffffffffff84}}, 0x1c) 1.183069498s ago: executing program 0 (id=183): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000040), 0x37) listen(r0, 0xfffffbff) setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, 0x0, 0x0) 1.181255429s ago: executing program 1 (id=184): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000400000002"], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r0, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) 1.089672577s ago: executing program 4 (id=185): r0 = socket(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000240)={0x4}, 0xc) 1.089535758s ago: executing program 3 (id=186): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x4, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003140)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="874f", 0x2}], 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="1400000000000000290000003e000000000000000000000014"], 0x30}}], 0x1, 0x40014) 1.068466752s ago: executing program 2 (id=187): r0 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4) sendmmsg(r0, &(0x7f0000001500)=[{{&(0x7f0000000100)=@l2tp6={0xa, 0x500, 0x4000000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}, {{&(0x7f0000000240)=@l2tp6={0xa, 0x0, 0x7080000, @ipv4={'\x00', '\xff\xff', @empty}, 0x7, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB], 0xf0}}], 0x2, 0x880) 972.034385ms ago: executing program 1 (id=188): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x2) ioctl$PPPIOCSNPMODE(r0, 0x4008744b, &(0x7f0000000180)={0x21, 0x1}) 921.785284ms ago: executing program 4 (id=189): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)=@newqdisc={0x94, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0x3}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xd, 0x5, 0x0, 0xd, 0x10, 0x2, 0x4, 0x2, 0xd, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x0, 0xb, 0x8, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xf, 0x40, 0xfffc, 0x3, 0x1]}}]}}, @TCA_RATE={0x6, 0x5, {0x1, 0xff}}]}, 0x94}, 0x1, 0x0, 0x0, 0x400dc}, 0x24000080) 921.615591ms ago: executing program 0 (id=190): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18a6598f20fffab2"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001e00)={'syz_tun\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x2a}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000000)=ANY=[], 0x0) 921.53436ms ago: executing program 3 (id=191): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmsg$inet(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x1) 852.473574ms ago: executing program 2 (id=192): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xf, &(0x7f00000001c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0xb460}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000500)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@mpls_uc={0x8847, {[], @ipv4=@gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x67, 0x0, 0x4, 0x2f, 0x0, @private=0xa010100, @dev={0xac, 0x14, 0x14, 0x3f}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x1}, {}, {0x8, 0x88be, 0x0, {{0x9, 0x1, 0x5, 0x3, 0x0, 0x3, 0x3, 0x8}, 0x1, {0xfffffffd}}}, {0x8, 0x22eb, 0x2, {{0x4, 0x2, 0xf1, 0x3, 0x1, 0x1, 0x2, 0x80}, 0x2, {0x3, 0x4, 0x1, 0x3, 0x1, 0x0, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}}, 0x0) 772.659215ms ago: executing program 3 (id=193): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0) bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300) recvmmsg(r0, 0x0, 0x0, 0x45833af92e4b39ff, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x1fffffd, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x7, 0xa}, {0x0, 0xf}}}, 0x24}}, 0x0) 688.582801ms ago: executing program 0 (id=194): r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockname$packet(0xffffffffffffffff, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x44}}, 0x0) 688.392102ms ago: executing program 1 (id=195): sendmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="f8000000000000000b01000003000000b38ad0fa5344f86392a8a624588a9ebd811192cbcbc48c43148a7cc729a98cdc74f191ae2cd62d2652d78d6acf62b5eb8f161c8b04b3b2b547119b38e2badd726674a4693c080fe5c3496137c986cb152d529c9225c772f2f854bf5ab89e259312dacf6b9debd2bf43be3dc19840f0c35b2d960ac50a9f2bcf98156f76700462166d7eb6416b2a7510be974b3f7a06c8927e28a62f708cce515c9c922c8c0c8daf4646e725d7282571b819097b58963d71992c2938f34c3516c547423d99a2f90f3a146a044cb732f4f4a0305c9d37fcb667e5e900000000000028000000000000000000000000080000c133a12a91872b3730467c92a3a5050f02b82b7e452f3e6b500000000000000012010000ff030000ae15b1a3e016bb782adb738fa764d4487026530ac6f50e3b31ec875a38f17bac40e87117dbd6ba47cf721b216e5b8cb28d424f1b5ed9793f5167332a0000000038000000000000000a010000630a0000fa08ab919987305c8ad63785f4a4bc84cb79f70a5d7698a3f59e1f0dbbe9b9f8ed970000001000000000000000130100000900000010000000000000001001000004000000000000000000000000000000000077874cf6e18bde0f1a4f9cd71371465fa0f4f73d8d253601dad8e0a53409cf"], 0x1c8}, 0x4000c010) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000005000000fd0900008400000005010000", @ANYRES32, @ANYBLOB="000000000007000006", @ANYRES32=0x0, @ANYRES32], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r0}, 0x38) unshare(0x24020400) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f00000002c0), 0x6c, r0}, 0x38) 662.517225ms ago: executing program 4 (id=196): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfe}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x86}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r1, 0x2000012, 0xe, 0x0, &(0x7f0000000240)="7300ed768ebee099583037ff9fd3", 0x0, 0xdb7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xd}, 0x50) 626.134338ms ago: executing program 2 (id=197): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f00000004c0)='m', 0x1}], 0x1}, 0x41) recvmsg(r0, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001) close(0x3) 493.107778ms ago: executing program 0 (id=198): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x200, 0xfffffffd}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) bind$tipc(r2, &(0x7f0000000140)=@name={0x1e, 0x2, 0x2, {{0x42, 0x2}}}, 0x10) sendmsg$tipc(r0, &(0x7f00000000c0)={&(0x7f0000000140)=@name={0x1e, 0x2, 0x2, {{0x42, 0x4}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2004c0d0}, 0x4000044) 418.563845ms ago: executing program 1 (id=199): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000680)={0x14, 0x1, 0x4, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x8000) 402.283503ms ago: executing program 2 (id=200): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000008c0)=@ipv6_deladdrlabel={0x38, 0x49, 0x1, 0x70bd2d, 0x25dfdbfc, {0xa, 0x0, 0x10, 0x0, 0x0, 0x9}, [@IFAL_LABEL={0x8, 0x2, 0xb}, @IFAL_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 345.140058ms ago: executing program 4 (id=201): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x10}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 345.009961ms ago: executing program 0 (id=202): syz_emit_ethernet(0x66, &(0x7f0000000280)={@local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f81fcb", 0x30, 0x3a, 0x0, @private0, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "4aa1d3", 0x0, 0x0, 0x0, @private1, @ipv4={'\x00', '\xff\xff', @loopback}}}}}}}}, 0x0) 248.560266ms ago: executing program 1 (id=203): openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cgroup.kill\x00', 0x275a, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000001000000a003000005"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1800, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000640)={r0, &(0x7f0000000080), &(0x7f0000000540)=""/240}, 0x20) 198.019041ms ago: executing program 2 (id=204): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x70, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffff639c}, @CTA_NAT_SRC={0xc, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0xc}}]}]}, 0x70}}, 0x0) 153.446513ms ago: executing program 4 (id=205): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x1, 0x5}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000002002300850000007d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc) 153.295315ms ago: executing program 0 (id=206): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2, 0x25, 0x4, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000400)=ANY=[], 0x0) 10.501954ms ago: executing program 1 (id=207): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000fdfeffff000000000400000085000000360000001801000020646c3c00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000000850000001700000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000580)={r0, r2, 0x25, 0x4, @val=@tracing={0x0, 0x5}}, 0x20) syz_emit_ethernet(0x76, &(0x7f0000000580)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "d3ffff", 0x40, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x502, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @remote, [@hopopts={0x3a}, @srh={0xc, 0x0, 0x4, 0x0, 0x9, 0x20, 0x2}]}}}}}}}, 0x0) 0s ago: executing program 4 (id=208): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0xb1, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x3}, 0x50) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="850000002e00000084000000000000009500000000000000"], &(0x7f0000000180)='GPL\x00'}, 0x48) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4) close(0x3) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.212' (ED25519) to the list of known hosts. [ 84.332020][ T5807] cgroup: Unknown subsys name 'net' [ 84.429935][ T5807] cgroup: Unknown subsys name 'cpuset' [ 84.439511][ T5807] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.098252][ T5807] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.299878][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.313759][ T5830] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.321981][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.332557][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.341703][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.350177][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.358456][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.358498][ T5836] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.374276][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.376683][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.384394][ T5836] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.392885][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.403282][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.404721][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.423588][ T5838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.426137][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.449839][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.457329][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.458809][ T5836] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.472259][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.477311][ T5832] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.483320][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.491465][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.496568][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.514675][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.102965][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 89.208482][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 89.309417][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 89.394747][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 89.425786][ T5820] chnl_net:caif_netlink_parms(): no params data found [ 89.509097][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.517093][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.524357][ T5825] bridge_slave_0: entered allmulticast mode [ 89.531843][ T5825] bridge_slave_0: entered promiscuous mode [ 89.585497][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.592939][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.600353][ T5825] bridge_slave_1: entered allmulticast mode [ 89.607793][ T5825] bridge_slave_1: entered promiscuous mode [ 89.639311][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.646613][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.653852][ T5829] bridge_slave_0: entered allmulticast mode [ 89.661727][ T5829] bridge_slave_0: entered promiscuous mode [ 89.706225][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.713454][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.721024][ T5829] bridge_slave_1: entered allmulticast mode [ 89.728477][ T5829] bridge_slave_1: entered promiscuous mode [ 89.798305][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.808224][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.815485][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.822821][ T5828] bridge_slave_0: entered allmulticast mode [ 89.830274][ T5828] bridge_slave_0: entered promiscuous mode [ 89.845980][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.853182][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.860689][ T5828] bridge_slave_1: entered allmulticast mode [ 89.868311][ T5828] bridge_slave_1: entered promiscuous mode [ 89.888289][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.899898][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.942341][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.949758][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.957102][ T5823] bridge_slave_0: entered allmulticast mode [ 89.964352][ T5823] bridge_slave_0: entered promiscuous mode [ 89.974944][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.045152][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.052565][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.060276][ T5820] bridge_slave_0: entered allmulticast mode [ 90.067873][ T5820] bridge_slave_0: entered promiscuous mode [ 90.075239][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.082928][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.090535][ T5823] bridge_slave_1: entered allmulticast mode [ 90.098177][ T5823] bridge_slave_1: entered promiscuous mode [ 90.109576][ T5829] team0: Port device team_slave_0 added [ 90.117811][ T5825] team0: Port device team_slave_0 added [ 90.125443][ T5829] team0: Port device team_slave_1 added [ 90.139525][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.149195][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.157940][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.165217][ T5820] bridge_slave_1: entered allmulticast mode [ 90.174596][ T5820] bridge_slave_1: entered promiscuous mode [ 90.208612][ T5825] team0: Port device team_slave_1 added [ 90.226915][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.271307][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.278443][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.304770][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.333789][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.340835][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.366993][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.391577][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.424988][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.432104][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.458444][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.476740][ T5827] Bluetooth: hci0: command tx timeout [ 90.486136][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.497999][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.509549][ T5828] team0: Port device team_slave_0 added [ 90.527568][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.534570][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.560893][ T5827] Bluetooth: hci1: command tx timeout [ 90.561208][ T5824] Bluetooth: hci2: command tx timeout [ 90.569070][ T5827] Bluetooth: hci3: command tx timeout [ 90.572430][ T5824] Bluetooth: hci4: command tx timeout [ 90.584177][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.598434][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.609634][ T5828] team0: Port device team_slave_1 added [ 90.668711][ T5823] team0: Port device team_slave_0 added [ 90.677590][ T5823] team0: Port device team_slave_1 added [ 90.719858][ T5820] team0: Port device team_slave_0 added [ 90.726224][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.733212][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.759597][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.800784][ T5829] hsr_slave_0: entered promiscuous mode [ 90.807563][ T5829] hsr_slave_1: entered promiscuous mode [ 90.816740][ T5820] team0: Port device team_slave_1 added [ 90.823068][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.830526][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.856652][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.909731][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.917007][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.943338][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.961518][ T5825] hsr_slave_0: entered promiscuous mode [ 90.968252][ T5825] hsr_slave_1: entered promiscuous mode [ 90.974432][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 90.980418][ T5825] Cannot create hsr debugfs directory [ 90.998878][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.005934][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.032309][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.044320][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.051497][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.077861][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.126717][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.133701][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.159989][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.308782][ T5828] hsr_slave_0: entered promiscuous mode [ 91.315137][ T5828] hsr_slave_1: entered promiscuous mode [ 91.321567][ T5828] debugfs: 'hsr0' already exists in 'hsr' [ 91.327455][ T5828] Cannot create hsr debugfs directory [ 91.353272][ T5823] hsr_slave_0: entered promiscuous mode [ 91.361839][ T5823] hsr_slave_1: entered promiscuous mode [ 91.368563][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 91.374314][ T5823] Cannot create hsr debugfs directory [ 91.387922][ T5820] hsr_slave_0: entered promiscuous mode [ 91.394732][ T5820] hsr_slave_1: entered promiscuous mode [ 91.402659][ T5820] debugfs: 'hsr0' already exists in 'hsr' [ 91.409317][ T5820] Cannot create hsr debugfs directory [ 91.977640][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.994744][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.006852][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.034258][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.137068][ T5825] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.150460][ T5825] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.179990][ T5825] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.212210][ T5825] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.289694][ T5823] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.325804][ T5823] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.347882][ T5823] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.375851][ T5823] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.470444][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.488422][ T5828] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.528288][ T5828] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.540626][ T5828] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.550968][ T5828] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.559050][ T5827] Bluetooth: hci0: command tx timeout [ 92.619165][ T5820] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.630984][ T5820] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.638075][ T5827] Bluetooth: hci3: command tx timeout [ 92.638083][ T5824] Bluetooth: hci2: command tx timeout [ 92.648394][ T5824] Bluetooth: hci4: command tx timeout [ 92.649548][ T5832] Bluetooth: hci1: command tx timeout [ 92.664318][ T5820] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.693574][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.701412][ T5820] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.752142][ T1335] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.759490][ T1335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.794082][ T1335] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.801306][ T1335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.866529][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.938517][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.983963][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.002508][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.023033][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.050399][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.064891][ T1335] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.072155][ T1335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.109595][ T1335] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.116832][ T1335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.130528][ T1335] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.137769][ T1335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.150323][ T1335] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.157520][ T1335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.172623][ T1335] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.179839][ T1335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.212841][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.220065][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.297440][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.399886][ T5820] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.430519][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.437797][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.468506][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.475744][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.494336][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.746923][ T5829] veth0_vlan: entered promiscuous mode [ 93.783003][ T5829] veth1_vlan: entered promiscuous mode [ 93.915113][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.963602][ T5829] veth0_macvtap: entered promiscuous mode [ 94.038629][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.057901][ T5829] veth1_macvtap: entered promiscuous mode [ 94.090031][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.140826][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.195023][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.238631][ T5828] veth0_vlan: entered promiscuous mode [ 94.261913][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.302489][ T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.313095][ T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.330775][ T5828] veth1_vlan: entered promiscuous mode [ 94.344759][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.358207][ T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.417529][ T5820] veth0_vlan: entered promiscuous mode [ 94.449105][ T5825] veth0_vlan: entered promiscuous mode [ 94.473157][ T5820] veth1_vlan: entered promiscuous mode [ 94.492925][ T5825] veth1_vlan: entered promiscuous mode [ 94.582914][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.602008][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.639522][ T5827] Bluetooth: hci0: command tx timeout [ 94.665303][ T5823] veth0_vlan: entered promiscuous mode [ 94.677359][ T5828] veth0_macvtap: entered promiscuous mode [ 94.692457][ T5820] veth0_macvtap: entered promiscuous mode [ 94.702267][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.710882][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.721643][ T5823] veth1_vlan: entered promiscuous mode [ 94.728426][ T5827] Bluetooth: hci3: command tx timeout [ 94.733876][ T5827] Bluetooth: hci1: command tx timeout [ 94.736954][ T5832] Bluetooth: hci4: command tx timeout [ 94.739973][ T5827] Bluetooth: hci2: command tx timeout [ 94.757506][ T5828] veth1_macvtap: entered promiscuous mode [ 94.765407][ T5820] veth1_macvtap: entered promiscuous mode [ 94.821417][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.834232][ T5825] veth0_macvtap: entered promiscuous mode [ 94.846858][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.870630][ T5825] veth1_macvtap: entered promiscuous mode [ 94.888054][ T5829] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 94.907043][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.922310][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.962825][ T58] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.976446][ T58] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.986155][ T58] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.030974][ T5823] veth0_macvtap: entered promiscuous mode [ 95.050770][ T58] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.060328][ T58] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.082308][ T5946] netlink: 'syz.0.1': attribute type 25 has an invalid length. [ 95.090296][ T5946] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1'. [ 95.103615][ T58] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.113573][ T58] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.135022][ T5946] Zero length message leads to an empty skb [ 95.140071][ T5823] veth1_macvtap: entered promiscuous mode [ 95.151157][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.162215][ T58] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.176861][ T58] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.191867][ T58] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.205475][ T5946] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1'. [ 95.231811][ T58] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.260624][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.270895][ T58] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.298445][ T5946] netlink: 'syz.0.1': attribute type 11 has an invalid length. [ 95.327997][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.379699][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.427480][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.442335][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.457679][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.486051][ T2973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.509193][ T2973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.537736][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.603828][ T2973] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.621681][ T2973] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.627151][ T1335] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.639049][ T58] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.649255][ T58] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.658779][ T1335] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.718187][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.727338][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.807331][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.815209][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.855447][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.882999][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.949934][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.958738][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.050374][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.105067][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.160158][ T5965] IPVS: set_ctl: invalid protocol: 92 224.0.0.1:20003 [ 96.226818][ T1319] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.260539][ T1319] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.348294][ T5969] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2'. [ 96.712361][ T5986] netlink: 192 bytes leftover after parsing attributes in process `syz.1.12'. [ 96.723110][ T5827] Bluetooth: hci0: command tx timeout [ 96.765276][ T5985] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 96.780262][ T5985] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 96.790041][ T5985] gretap1: entered promiscuous mode [ 96.795394][ T5985] gretap1: entered allmulticast mode [ 96.801669][ T5827] Bluetooth: hci2: command tx timeout [ 96.808156][ T5832] Bluetooth: hci4: command tx timeout [ 96.808835][ T5827] Bluetooth: hci3: command tx timeout [ 96.813889][ T5824] Bluetooth: hci1: command tx timeout [ 97.001570][ T5993] Bluetooth: MGMT ver 1.23 [ 97.049608][ T796] cfg80211: failed to load regulatory.db [ 97.172725][ T5995] netlink: 'syz.0.16': attribute type 2 has an invalid length. [ 97.215723][ T5995] netlink: 'syz.0.16': attribute type 1 has an invalid length. [ 97.376372][ T6004] xt_CT: You must specify a L4 protocol and not use inversions on it [ 97.706885][ T6014] netlink: 'syz.0.25': attribute type 1 has an invalid length. [ 97.743957][ T6014] netlink: 'syz.0.25': attribute type 2 has an invalid length. [ 98.146164][ T6035] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 98.889708][ T6067] netlink: 8 bytes leftover after parsing attributes in process `syz.4.48'. [ 99.360154][ T6088] netlink: 'syz.0.58': attribute type 1 has an invalid length. [ 99.388494][ T6088] netlink: 'syz.0.58': attribute type 2 has an invalid length. [ 99.415721][ T6088] netlink: 28 bytes leftover after parsing attributes in process `syz.0.58'. [ 99.540249][ T6092] syzkaller0: entered promiscuous mode [ 99.571278][ T6092] syzkaller0: entered allmulticast mode [ 100.094399][ T6120] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 100.303421][ T6128] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 100.334234][ T6128] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.343458][ T6128] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.415896][ T6130] netlink: 8 bytes leftover after parsing attributes in process `syz.1.78'. [ 100.789266][ T24] hid-generic 0005:0006:5508.0001: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa [ 101.242995][ T6166] netlink: 28 bytes leftover after parsing attributes in process `syz.2.95'. [ 101.737075][ T6183] veth1_macvtap: left promiscuous mode [ 103.110203][ T6244] lo: entered promiscuous mode [ 103.132733][ T6243] lo: left promiscuous mode [ 103.287659][ T6252] IPv6: NLM_F_CREATE should be specified when creating new route [ 103.326025][ T6252] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 103.333563][ T6252] IPv6: NLM_F_CREATE should be set when creating new route [ 103.629982][ T6265] Driver unsupported XDP return value 0 on prog (id 17) dev N/A, expect packet loss! [ 103.858481][ T6270] tipc: Started in network mode [ 103.864365][ T6270] tipc: Node identity e0000002, cluster identity 4711 [ 103.885980][ T6270] tipc: Enabling of bearer rejected, failed to enable media [ 104.179880][ T6282] tun0: tun_chr_ioctl cmd 1074025677 [ 104.185501][ T6282] tun0: linktype set to 817 [ 104.504637][ T6296] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 104.512172][ T6296] IPv6: NLM_F_CREATE should be set when creating new route [ 105.220027][ T6330] xt_hashlimit: size too large, truncated to 1048576 [ 106.394006][ T6386] netlink: 4 bytes leftover after parsing attributes in process `syz.3.193'. [ 107.007644][ T6409] BUG: Bad page state in process syz.0.206 pfn:76246 [ 107.014514][ T6409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888076246780 pfn:0x76246 [ 107.024667][ T6409] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 107.031917][ T6409] raw: 00fff00000000000 dead000000000040 ffff88801c295000 0000000000000000 [ 107.040642][ T6409] raw: ffff888076246780 3fffffffffffffff 00000000ffffffff 0000000000000000 [ 107.049301][ T6409] page dumped because: page_pool leak [ 107.054745][ T6409] page_owner tracks the page as allocated [ 107.060794][ T6409] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6409, tgid 6408 (syz.0.206), ts 107007522960, free_ts 106991859143 [ 107.077901][ T6409] post_alloc_hook+0x228/0x280 [ 107.082748][ T6409] get_page_from_freelist+0x24dc/0x2580 [ 107.088393][ T6409] __alloc_frozen_pages_noprof+0x18d/0x380 [ 107.094302][ T6409] alloc_pages_bulk_noprof+0x558/0x700 [ 107.099864][ T6409] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 107.106030][ T6409] page_pool_alloc_frag_netmem+0x421/0x9b0 [ 107.111917][ T6409] skb_pp_cow_data+0xc43/0x1680 [ 107.116903][ T6409] do_xdp_generic+0x76b/0x12e0 [ 107.121728][ T6409] tun_get_user+0x247d/0x3dd0 [ 107.126494][ T6409] tun_chr_write_iter+0x113/0x200 [ 107.131661][ T6409] vfs_write+0x61d/0xb90 [ 107.135992][ T6409] ksys_write+0x150/0x270 [ 107.140371][ T6409] do_syscall_64+0x14d/0xf80 [ 107.145024][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.151070][ T6409] page last free pid 6403 tgid 6403 stack trace: [ 107.157556][ T6409] __free_frozen_pages+0xbf8/0xd70 [ 107.162812][ T6409] tlb_finish_mmu+0x144/0x230 [ 107.167578][ T6409] exit_mmap+0x451/0xb30 [ 107.171869][ T6409] __mmput+0x118/0x430 [ 107.176168][ T6409] exit_mm+0x168/0x220 [ 107.180302][ T6409] do_exit+0x62e/0x2310 [ 107.184514][ T6409] do_group_exit+0x21b/0x2d0 [ 107.189272][ T6409] __x64_sys_exit_group+0x3f/0x40 [ 107.194439][ T6409] x64_sys_call+0x221a/0x2240 [ 107.199213][ T6409] do_syscall_64+0x14d/0xf80 [ 107.203855][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.210071][ T6409] Modules linked in: [ 107.214124][ T6409] CPU: 0 UID: 0 PID: 6409 Comm: syz.0.206 Not tainted syzkaller #0 PREEMPT(full) [ 107.214156][ T6409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 107.214177][ T6409] Call Trace: [ 107.214185][ T6409] [ 107.214195][ T6409] dump_stack_lvl+0xe8/0x150 [ 107.214229][ T6409] bad_page+0x17f/0x1c0 [ 107.214254][ T6409] __free_frozen_pages+0xd28/0xd70 [ 107.214293][ T6409] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 107.214345][ T6409] bpf_xdp_adjust_tail+0x1d6/0x220 [ 107.214377][ T6409] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 107.214402][ T6409] bpf_prog_run_generic_xdp+0x603/0x1490 [ 107.214462][ T6409] do_xdp_generic+0xac5/0x12e0 [ 107.214492][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 107.214526][ T6409] ? __pfx_do_xdp_generic+0x10/0x10 [ 107.214569][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 107.214616][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 107.214645][ T6409] tun_get_user+0x247d/0x3dd0 [ 107.214689][ T6409] ? aa_file_perm+0x12d/0x1630 [ 107.214726][ T6409] ? aa_file_perm+0x440/0x1630 [ 107.214756][ T6409] ? __pfx_tun_get_user+0x10/0x10 [ 107.214788][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 107.214815][ T6409] ? __pfx___futex_wait+0x10/0x10 [ 107.214848][ T6409] ? ref_tracker_alloc+0x363/0x4d0 [ 107.214882][ T6409] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 107.214915][ T6409] ? tun_get+0x1c/0x2f0 [ 107.214952][ T6409] ? tun_get+0x1c/0x2f0 [ 107.214987][ T6409] ? tun_get+0x1c/0x2f0 [ 107.215016][ T6409] ? tun_get+0x1c/0x2f0 [ 107.215051][ T6409] tun_chr_write_iter+0x113/0x200 [ 107.215084][ T6409] vfs_write+0x61d/0xb90 [ 107.215119][ T6409] ? __pfx_vfs_write+0x10/0x10 [ 107.215156][ T6409] ? __fget_files+0x2a/0x420 [ 107.215187][ T6409] ksys_write+0x150/0x270 [ 107.215215][ T6409] ? __pfx_ksys_write+0x10/0x10 [ 107.215253][ T6409] do_syscall_64+0x14d/0xf80 [ 107.215281][ T6409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.215300][ T6409] ? trace_irq_disable+0x37/0x100 [ 107.215323][ T6409] ? clear_bhb_loop+0x40/0x90 [ 107.215348][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.215368][ T6409] RIP: 0033:0x7f163695c84e [ 107.215386][ T6409] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 107.215404][ T6409] RSP: 002b:00007f16378f5fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 107.215426][ T6409] RAX: ffffffffffffffda RBX: 00007f16378f66c0 RCX: 00007f163695c84e [ 107.215441][ T6409] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 107.215454][ T6409] RBP: 00007f1636a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 107.215467][ T6409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 107.215479][ T6409] R13: 00007f1636c16038 R14: 00007f1636c15fa0 R15: 00007ffdf79a6228 [ 107.215514][ T6409] [ 107.215522][ T6409] Disabling lock debugging due to kernel taint [ 107.496523][ T6409] BUG: Bad page state in process syz.0.206 pfn:7884c [ 107.503417][ T6409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807884c930 pfn:0x7884c [ 107.513930][ T6409] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 107.521224][ T6409] raw: 00fff00000000000 dead000000000040 ffff88801c295000 0000000000000000 [ 107.530156][ T6409] raw: ffff88807884c930 0000000000000001 00000000ffffffff 0000000000000000 [ 107.538798][ T6409] page dumped because: page_pool leak [ 107.544297][ T6409] page_owner tracks the page as allocated [ 107.550104][ T6409] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6409, tgid 6408 (syz.0.206), ts 107007504986, free_ts 106991874146 [ 107.567108][ T6409] post_alloc_hook+0x228/0x280 [ 107.571943][ T6409] get_page_from_freelist+0x24dc/0x2580 [ 107.577589][ T6409] __alloc_frozen_pages_noprof+0x18d/0x380 [ 107.583546][ T6409] alloc_pages_bulk_noprof+0x558/0x700 [ 107.589100][ T6409] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 107.595229][ T6409] skb_pp_cow_data+0xc21/0x1680 [ 107.600174][ T6409] do_xdp_generic+0x76b/0x12e0 [ 107.605048][ T6409] tun_get_user+0x247d/0x3dd0 [ 107.609908][ T6409] tun_chr_write_iter+0x113/0x200 [ 107.614994][ T6409] vfs_write+0x61d/0xb90 [ 107.619319][ T6409] ksys_write+0x150/0x270 [ 107.623702][ T6409] do_syscall_64+0x14d/0xf80 [ 107.628419][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.634363][ T6409] page last free pid 6403 tgid 6403 stack trace: [ 107.640753][ T6409] __free_frozen_pages+0xbf8/0xd70 [ 107.646030][ T6409] tlb_finish_mmu+0x144/0x230 [ 107.650938][ T6409] exit_mmap+0x451/0xb30 [ 107.655229][ T6409] __mmput+0x118/0x430 [ 107.659384][ T6409] exit_mm+0x168/0x220 [ 107.663507][ T6409] do_exit+0x62e/0x2310 [ 107.667752][ T6409] do_group_exit+0x21b/0x2d0 [ 107.672401][ T6409] __x64_sys_exit_group+0x3f/0x40 [ 107.677509][ T6409] x64_sys_call+0x221a/0x2240 [ 107.682328][ T6409] do_syscall_64+0x14d/0xf80 [ 107.687032][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.693062][ T6409] Modules linked in: [ 107.697047][ T6409] CPU: 0 UID: 0 PID: 6409 Comm: syz.0.206 Tainted: G B syzkaller #0 PREEMPT(full) [ 107.697083][ T6409] Tainted: [B]=BAD_PAGE [ 107.697091][ T6409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 107.697104][ T6409] Call Trace: [ 107.697112][ T6409] [ 107.697121][ T6409] dump_stack_lvl+0xe8/0x150 [ 107.697154][ T6409] bad_page+0x17f/0x1c0 [ 107.697177][ T6409] __free_frozen_pages+0xd28/0xd70 [ 107.697208][ T6409] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 107.697248][ T6409] bpf_xdp_adjust_tail+0x1d6/0x220 [ 107.697276][ T6409] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 107.697295][ T6409] bpf_prog_run_generic_xdp+0x603/0x1490 [ 107.697341][ T6409] do_xdp_generic+0xac5/0x12e0 [ 107.697369][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 107.697397][ T6409] ? __pfx_do_xdp_generic+0x10/0x10 [ 107.697431][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 107.697471][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 107.697500][ T6409] tun_get_user+0x247d/0x3dd0 [ 107.697537][ T6409] ? aa_file_perm+0x12d/0x1630 [ 107.697571][ T6409] ? aa_file_perm+0x440/0x1630 [ 107.697603][ T6409] ? __pfx_tun_get_user+0x10/0x10 [ 107.697634][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 107.697658][ T6409] ? __pfx___futex_wait+0x10/0x10 [ 107.697687][ T6409] ? ref_tracker_alloc+0x363/0x4d0 [ 107.697720][ T6409] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 107.697751][ T6409] ? tun_get+0x1c/0x2f0 [ 107.697780][ T6409] ? tun_get+0x1c/0x2f0 [ 107.697811][ T6409] ? tun_get+0x1c/0x2f0 [ 107.697839][ T6409] ? tun_get+0x1c/0x2f0 [ 107.697878][ T6409] tun_chr_write_iter+0x113/0x200 [ 107.697909][ T6409] vfs_write+0x61d/0xb90 [ 107.697940][ T6409] ? __pfx_vfs_write+0x10/0x10 [ 107.697969][ T6409] ? __fget_files+0x2a/0x420 [ 107.697994][ T6409] ksys_write+0x150/0x270 [ 107.698021][ T6409] ? __pfx_ksys_write+0x10/0x10 [ 107.698052][ T6409] do_syscall_64+0x14d/0xf80 [ 107.698081][ T6409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.698101][ T6409] ? trace_irq_disable+0x37/0x100 [ 107.698126][ T6409] ? clear_bhb_loop+0x40/0x90 [ 107.698149][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.698169][ T6409] RIP: 0033:0x7f163695c84e [ 107.698187][ T6409] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 107.698204][ T6409] RSP: 002b:00007f16378f5fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 107.698227][ T6409] RAX: ffffffffffffffda RBX: 00007f16378f66c0 RCX: 00007f163695c84e [ 107.698242][ T6409] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 107.698256][ T6409] RBP: 00007f1636a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 107.698269][ T6409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 107.698281][ T6409] R13: 00007f1636c16038 R14: 00007f1636c15fa0 R15: 00007ffdf79a6228 [ 107.698306][ T6409] [ 107.698318][ T6409] BUG: Bad page state in process syz.0.206 pfn:7624c [ 107.985847][ T6409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807624c500 pfn:0x7624c [ 107.996033][ T6409] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 108.003199][ T6409] raw: 00fff00000000000 dead000000000040 ffff88801c295000 0000000000000000 [ 108.011881][ T6409] raw: ffff88807624c500 0000000000000001 00000000ffffffff 0000000000000000 [ 108.020529][ T6409] page dumped because: page_pool leak [ 108.025981][ T6409] page_owner tracks the page as allocated [ 108.031732][ T6409] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6409, tgid 6408 (syz.0.206), ts 107007449650, free_ts 106991941760 [ 108.048783][ T6409] post_alloc_hook+0x228/0x280 [ 108.053669][ T6409] get_page_from_freelist+0x24dc/0x2580 [ 108.059509][ T6409] __alloc_frozen_pages_noprof+0x18d/0x380 [ 108.065385][ T6409] alloc_pages_bulk_noprof+0x558/0x700 [ 108.071000][ T6409] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 108.077244][ T6409] skb_pp_cow_data+0xc21/0x1680 [ 108.082231][ T6409] do_xdp_generic+0x76b/0x12e0 [ 108.087099][ T6409] tun_get_user+0x247d/0x3dd0 [ 108.091846][ T6409] tun_chr_write_iter+0x113/0x200 [ 108.096985][ T6409] vfs_write+0x61d/0xb90 [ 108.101327][ T6409] ksys_write+0x150/0x270 [ 108.105745][ T6409] do_syscall_64+0x14d/0xf80 [ 108.110407][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.116628][ T6409] page last free pid 6403 tgid 6403 stack trace: [ 108.122991][ T6409] __free_frozen_pages+0xbf8/0xd70 [ 108.128212][ T6409] tlb_finish_mmu+0x144/0x230 [ 108.132937][ T6409] exit_mmap+0x451/0xb30 [ 108.137278][ T6409] __mmput+0x118/0x430 [ 108.141397][ T6409] exit_mm+0x168/0x220 [ 108.145519][ T6409] do_exit+0x62e/0x2310 [ 108.149787][ T6409] do_group_exit+0x21b/0x2d0 [ 108.154430][ T6409] __x64_sys_exit_group+0x3f/0x40 [ 108.159559][ T6409] x64_sys_call+0x221a/0x2240 [ 108.164461][ T6409] do_syscall_64+0x14d/0xf80 [ 108.169222][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.175172][ T6409] Modules linked in: [ 108.179250][ T6409] CPU: 0 UID: 0 PID: 6409 Comm: syz.0.206 Tainted: G B syzkaller #0 PREEMPT(full) [ 108.179283][ T6409] Tainted: [B]=BAD_PAGE [ 108.179290][ T6409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 108.179301][ T6409] Call Trace: [ 108.179308][ T6409] [ 108.179315][ T6409] dump_stack_lvl+0xe8/0x150 [ 108.179345][ T6409] bad_page+0x17f/0x1c0 [ 108.179366][ T6409] __free_frozen_pages+0xd28/0xd70 [ 108.179398][ T6409] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 108.179438][ T6409] bpf_xdp_adjust_tail+0x1d6/0x220 [ 108.179467][ T6409] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 108.179486][ T6409] bpf_prog_run_generic_xdp+0x603/0x1490 [ 108.179532][ T6409] do_xdp_generic+0xac5/0x12e0 [ 108.179561][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 108.179589][ T6409] ? __pfx_do_xdp_generic+0x10/0x10 [ 108.179625][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 108.179663][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 108.179692][ T6409] tun_get_user+0x247d/0x3dd0 [ 108.179727][ T6409] ? aa_file_perm+0x12d/0x1630 [ 108.179761][ T6409] ? aa_file_perm+0x440/0x1630 [ 108.179791][ T6409] ? __pfx_tun_get_user+0x10/0x10 [ 108.179822][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 108.179846][ T6409] ? __pfx___futex_wait+0x10/0x10 [ 108.179875][ T6409] ? ref_tracker_alloc+0x363/0x4d0 [ 108.179908][ T6409] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 108.179940][ T6409] ? tun_get+0x1c/0x2f0 [ 108.179967][ T6409] ? tun_get+0x1c/0x2f0 [ 108.179998][ T6409] ? tun_get+0x1c/0x2f0 [ 108.180026][ T6409] ? tun_get+0x1c/0x2f0 [ 108.180071][ T6409] tun_chr_write_iter+0x113/0x200 [ 108.180103][ T6409] vfs_write+0x61d/0xb90 [ 108.180133][ T6409] ? __pfx_vfs_write+0x10/0x10 [ 108.180169][ T6409] ? __fget_files+0x2a/0x420 [ 108.180195][ T6409] ksys_write+0x150/0x270 [ 108.180221][ T6409] ? __pfx_ksys_write+0x10/0x10 [ 108.180252][ T6409] do_syscall_64+0x14d/0xf80 [ 108.180279][ T6409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.180300][ T6409] ? trace_irq_disable+0x37/0x100 [ 108.180325][ T6409] ? clear_bhb_loop+0x40/0x90 [ 108.180348][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.180368][ T6409] RIP: 0033:0x7f163695c84e [ 108.180387][ T6409] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 108.180404][ T6409] RSP: 002b:00007f16378f5fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 108.180427][ T6409] RAX: ffffffffffffffda RBX: 00007f16378f66c0 RCX: 00007f163695c84e [ 108.180442][ T6409] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 108.180456][ T6409] RBP: 00007f1636a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 108.180469][ T6409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 108.180481][ T6409] R13: 00007f1636c16038 R14: 00007f1636c15fa0 R15: 00007ffdf79a6228 [ 108.180506][ T6409] [ 108.180518][ T6409] BUG: Bad page state in process syz.0.206 pfn:33153 [ 108.467592][ T6409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888033153e00 pfn:0x33153 [ 108.477748][ T6409] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 108.484917][ T6409] raw: 00fff00000000000 dead000000000040 ffff88801c295000 0000000000000000 [ 108.493596][ T6409] raw: ffff888033153e00 0000000000000001 00000000ffffffff 0000000000000000 [ 108.502246][ T6409] page dumped because: page_pool leak [ 108.507698][ T6409] page_owner tracks the page as allocated [ 108.513446][ T6409] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6409, tgid 6408 (syz.0.206), ts 107007437504, free_ts 106995266707 [ 108.530469][ T6409] post_alloc_hook+0x228/0x280 [ 108.535286][ T6409] get_page_from_freelist+0x24dc/0x2580 [ 108.541010][ T6409] __alloc_frozen_pages_noprof+0x18d/0x380 [ 108.546994][ T6409] alloc_pages_bulk_noprof+0x558/0x700 [ 108.552525][ T6409] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 108.554563][ T6428] syz.2.214 uses obsolete (PF_INET,SOCK_PACKET) [ 108.558689][ T6409] skb_pp_cow_data+0xc21/0x1680 [ 108.558718][ T6409] do_xdp_generic+0x76b/0x12e0 [ 108.558746][ T6409] tun_get_user+0x247d/0x3dd0 [ 108.558775][ T6409] tun_chr_write_iter+0x113/0x200 [ 108.558800][ T6409] vfs_write+0x61d/0xb90 [ 108.558822][ T6409] ksys_write+0x150/0x270 [ 108.558843][ T6409] do_syscall_64+0x14d/0xf80 [ 108.558868][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.558887][ T6409] page last free pid 5820 tgid 5820 stack trace: [ 108.558900][ T6409] __free_frozen_pages+0xbf8/0xd70 [ 108.558925][ T6409] __kasan_populate_vmalloc+0x137/0x1d0 [ 108.558949][ T6409] alloc_vmap_area+0xdbc/0x14a0 [ 108.558971][ T6409] __get_vm_area_node+0x1f8/0x300 [ 108.558994][ T6409] __vmalloc_node_range_noprof+0x372/0x1730 [ 108.559020][ T6409] vzalloc_noprof+0xb2/0xe0 [ 108.559044][ T6409] alloc_counters+0x64/0x5d0 [ 108.559062][ T6409] do_ipt_get_ctl+0xada/0x1240 [ 108.559085][ T6409] nf_getsockopt+0x26e/0x290 [ 108.559111][ T6409] ip_getsockopt+0x19e/0x230 [ 108.559140][ T6409] do_sock_getsockopt+0x2d3/0x3f0 [ 108.559163][ T6409] __x64_sys_getsockopt+0x1a4/0x240 [ 108.559186][ T6409] do_syscall_64+0x14d/0xf80 [ 108.559210][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.559231][ T6409] Modules linked in: [ 108.559253][ T6409] CPU: 0 UID: 0 PID: 6409 Comm: syz.0.206 Tainted: G B syzkaller #0 PREEMPT(full) [ 108.559280][ T6409] Tainted: [B]=BAD_PAGE [ 108.559288][ T6409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 108.559300][ T6409] Call Trace: [ 108.559308][ T6409] [ 108.559316][ T6409] dump_stack_lvl+0xe8/0x150 [ 108.559344][ T6409] bad_page+0x17f/0x1c0 [ 108.559370][ T6409] __free_frozen_pages+0xd28/0xd70 [ 108.559401][ T6409] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 108.559440][ T6409] bpf_xdp_adjust_tail+0x1d6/0x220 [ 108.559467][ T6409] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 108.559485][ T6409] bpf_prog_run_generic_xdp+0x603/0x1490 [ 108.559530][ T6409] do_xdp_generic+0xac5/0x12e0 [ 108.559559][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 108.559585][ T6409] ? __pfx_do_xdp_generic+0x10/0x10 [ 108.559620][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 108.559656][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 108.559683][ T6409] tun_get_user+0x247d/0x3dd0 [ 108.559719][ T6409] ? aa_file_perm+0x12d/0x1630 [ 108.559752][ T6409] ? aa_file_perm+0x440/0x1630 [ 108.559781][ T6409] ? __pfx_tun_get_user+0x10/0x10 [ 108.559811][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 108.559835][ T6409] ? __pfx___futex_wait+0x10/0x10 [ 108.559864][ T6409] ? ref_tracker_alloc+0x363/0x4d0 [ 108.559896][ T6409] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 108.559926][ T6409] ? tun_get+0x1c/0x2f0 [ 108.559954][ T6409] ? tun_get+0x1c/0x2f0 [ 108.559982][ T6409] ? tun_get+0x1c/0x2f0 [ 108.560009][ T6409] ? tun_get+0x1c/0x2f0 [ 108.560038][ T6409] tun_chr_write_iter+0x113/0x200 [ 108.560074][ T6409] vfs_write+0x61d/0xb90 [ 108.560103][ T6409] ? __pfx_vfs_write+0x10/0x10 [ 108.560131][ T6409] ? __fget_files+0x2a/0x420 [ 108.560156][ T6409] ksys_write+0x150/0x270 [ 108.560182][ T6409] ? __pfx_ksys_write+0x10/0x10 [ 108.560212][ T6409] do_syscall_64+0x14d/0xf80 [ 108.560238][ T6409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.560258][ T6409] ? trace_irq_disable+0x37/0x100 [ 108.560281][ T6409] ? clear_bhb_loop+0x40/0x90 [ 108.560303][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.560322][ T6409] RIP: 0033:0x7f163695c84e [ 108.560339][ T6409] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 108.560356][ T6409] RSP: 002b:00007f16378f5fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 108.560377][ T6409] RAX: ffffffffffffffda RBX: 00007f16378f66c0 RCX: 00007f163695c84e [ 108.560392][ T6409] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 108.560405][ T6409] RBP: 00007f1636a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 108.560418][ T6409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 108.560429][ T6409] R13: 00007f1636c16038 R14: 00007f1636c15fa0 R15: 00007ffdf79a6228 [ 108.560454][ T6409] [ 108.560466][ T6409] BUG: Bad page state in process syz.0.206 pfn:73be2 [ 108.560482][ T6409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x73be2 [ 108.560503][ T6409] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 108.560529][ T6409] raw: 00fff00000000000 dead000000000040 ffff88801c295000 0000000000000000 [ 108.560547][ T6409] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 108.560559][ T6409] page dumped because: page_pool leak [ 108.560570][ T6409] page_owner tracks the page as allocated [ 108.560578][ T6409] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6409, tgid 6408 (syz.0.206), ts 107007425699, free_ts 106995284635 [ 108.560610][ T6409] post_alloc_hook+0x228/0x280 [ 108.560635][ T6409] get_page_from_freelist+0x24dc/0x2580 [ 108.560664][ T6409] __alloc_frozen_pages_noprof+0x18d/0x380 [ 108.560692][ T6409] alloc_pages_bulk_noprof+0x558/0x700 [ 108.560720][ T6409] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 108.560747][ T6409] skb_pp_cow_data+0xc21/0x1680 [ 108.560769][ T6409] do_xdp_generic+0x76b/0x12e0 [ 108.560798][ T6409] tun_get_user+0x247d/0x3dd0 [ 108.560824][ T6409] tun_chr_write_iter+0x113/0x200 [ 108.560851][ T6409] vfs_write+0x61d/0xb90 [ 108.560872][ T6409] ksys_write+0x150/0x270 [ 108.560894][ T6409] do_syscall_64+0x14d/0xf80 [ 109.097149][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.103077][ T6409] page last free pid 5820 tgid 5820 stack trace: [ 109.109474][ T6409] __free_frozen_pages+0xbf8/0xd70 [ 109.114722][ T6409] __kasan_populate_vmalloc+0x1b2/0x1d0 [ 109.120432][ T6409] alloc_vmap_area+0xdbc/0x14a0 [ 109.125322][ T6409] __get_vm_area_node+0x1f8/0x300 [ 109.130430][ T6409] __vmalloc_node_range_noprof+0x372/0x1730 [ 109.136384][ T6409] vzalloc_noprof+0xb2/0xe0 [ 109.140919][ T6409] alloc_counters+0x64/0x5d0 [ 109.145522][ T6409] do_ipt_get_ctl+0xada/0x1240 [ 109.150371][ T6409] nf_getsockopt+0x26e/0x290 [ 109.154986][ T6409] ip_getsockopt+0x19e/0x230 [ 109.159668][ T6409] do_sock_getsockopt+0x2d3/0x3f0 [ 109.164831][ T6409] __x64_sys_getsockopt+0x1a4/0x240 [ 109.170218][ T6409] do_syscall_64+0x14d/0xf80 [ 109.174872][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.180937][ T6409] Modules linked in: [ 109.184897][ T6409] CPU: 0 UID: 0 PID: 6409 Comm: syz.0.206 Tainted: G B syzkaller #0 PREEMPT(full) [ 109.184921][ T6409] Tainted: [B]=BAD_PAGE [ 109.184926][ T6409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 109.184957][ T6409] Call Trace: [ 109.184965][ T6409] [ 109.184974][ T6409] dump_stack_lvl+0xe8/0x150 [ 109.185004][ T6409] bad_page+0x17f/0x1c0 [ 109.185032][ T6409] __free_frozen_pages+0xd28/0xd70 [ 109.185075][ T6409] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 109.185181][ T6409] bpf_xdp_adjust_tail+0x1d6/0x220 [ 109.185211][ T6409] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 109.185229][ T6409] bpf_prog_run_generic_xdp+0x603/0x1490 [ 109.185274][ T6409] do_xdp_generic+0xac5/0x12e0 [ 109.185306][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 109.185326][ T6409] ? __pfx_do_xdp_generic+0x10/0x10 [ 109.185352][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 109.185381][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 109.185402][ T6409] tun_get_user+0x247d/0x3dd0 [ 109.185428][ T6409] ? aa_file_perm+0x12d/0x1630 [ 109.185453][ T6409] ? aa_file_perm+0x440/0x1630 [ 109.185475][ T6409] ? __pfx_tun_get_user+0x10/0x10 [ 109.185497][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 109.185514][ T6409] ? __pfx___futex_wait+0x10/0x10 [ 109.185535][ T6409] ? ref_tracker_alloc+0x363/0x4d0 [ 109.185586][ T6409] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 109.185617][ T6409] ? tun_get+0x1c/0x2f0 [ 109.185643][ T6409] ? tun_get+0x1c/0x2f0 [ 109.185673][ T6409] ? tun_get+0x1c/0x2f0 [ 109.185706][ T6409] ? tun_get+0x1c/0x2f0 [ 109.185729][ T6409] tun_chr_write_iter+0x113/0x200 [ 109.185752][ T6409] vfs_write+0x61d/0xb90 [ 109.185774][ T6409] ? __pfx_vfs_write+0x10/0x10 [ 109.185795][ T6409] ? __fget_files+0x2a/0x420 [ 109.185813][ T6409] ksys_write+0x150/0x270 [ 109.185839][ T6409] ? __pfx_ksys_write+0x10/0x10 [ 109.185861][ T6409] do_syscall_64+0x14d/0xf80 [ 109.185882][ T6409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.185897][ T6409] ? trace_irq_disable+0x37/0x100 [ 109.185915][ T6409] ? clear_bhb_loop+0x40/0x90 [ 109.185932][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.185946][ T6409] RIP: 0033:0x7f163695c84e [ 109.185960][ T6409] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 109.185990][ T6409] RSP: 002b:00007f16378f5fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 109.186007][ T6409] RAX: ffffffffffffffda RBX: 00007f16378f66c0 RCX: 00007f163695c84e [ 109.186018][ T6409] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 109.186028][ T6409] RBP: 00007f1636a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 109.186037][ T6409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.186046][ T6409] R13: 00007f1636c16038 R14: 00007f1636c15fa0 R15: 00007ffdf79a6228 [ 109.186063][ T6409] [ 109.465425][ T6409] BUG: Bad page state in process syz.0.206 pfn:578b8 [ 109.472353][ T6409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880578b8200 pfn:0x578b8 [ 109.482579][ T6409] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 109.489781][ T6409] raw: 00fff00000000000 dead000000000040 ffff88801c295000 0000000000000000 [ 109.498913][ T6409] raw: ffff8880578b8200 0000000000000001 00000000ffffffff 0000000000000000 [ 109.507742][ T6409] page dumped because: page_pool leak [ 109.513143][ T6409] page_owner tracks the page as allocated [ 109.518924][ T6409] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6409, tgid 6408 (syz.0.206), ts 107007413835, free_ts 106995426920 [ 109.535912][ T6409] post_alloc_hook+0x228/0x280 [ 109.540694][ T6409] get_page_from_freelist+0x24dc/0x2580 [ 109.546299][ T6409] __alloc_frozen_pages_noprof+0x18d/0x380 [ 109.552143][ T6409] alloc_pages_bulk_noprof+0x558/0x700 [ 109.557675][ T6409] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 109.563812][ T6409] skb_pp_cow_data+0xc21/0x1680 [ 109.568756][ T6409] do_xdp_generic+0x76b/0x12e0 [ 109.573566][ T6409] tun_get_user+0x247d/0x3dd0 [ 109.578326][ T6409] tun_chr_write_iter+0x113/0x200 [ 109.583393][ T6409] vfs_write+0x61d/0xb90 [ 109.587700][ T6409] ksys_write+0x150/0x270 [ 109.592088][ T6409] do_syscall_64+0x14d/0xf80 [ 109.596843][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.602790][ T6409] page last free pid 5820 tgid 5820 stack trace: [ 109.609303][ T6409] __free_frozen_pages+0xbf8/0xd70 [ 109.614461][ T6409] __slab_free+0x263/0x2b0 [ 109.618951][ T6409] qlist_free_all+0x97/0x100 [ 109.623582][ T6409] kasan_quarantine_reduce+0x148/0x160 [ 109.629157][ T6409] __kasan_slab_alloc+0x22/0x80 [ 109.634051][ T6409] __kmalloc_node_noprof+0x498/0x7c0 [ 109.639492][ T6409] __vmalloc_node_range_noprof+0x5d5/0x1730 [ 109.645427][ T6409] vzalloc_noprof+0xb2/0xe0 [ 109.650013][ T6409] alloc_counters+0x64/0x5d0 [ 109.654734][ T6409] do_ipt_get_ctl+0xada/0x1240 [ 109.659562][ T6409] nf_getsockopt+0x26e/0x290 [ 109.664187][ T6409] ip_getsockopt+0x19e/0x230 [ 109.668852][ T6409] do_sock_getsockopt+0x2d3/0x3f0 [ 109.673914][ T6409] __x64_sys_getsockopt+0x1a4/0x240 [ 109.679179][ T6409] do_syscall_64+0x14d/0xf80 [ 109.683809][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.689773][ T6409] Modules linked in: [ 109.693714][ T6409] CPU: 0 UID: 0 PID: 6409 Comm: syz.0.206 Tainted: G B syzkaller #0 PREEMPT(full) [ 109.693737][ T6409] Tainted: [B]=BAD_PAGE [ 109.693743][ T6409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 109.693752][ T6409] Call Trace: [ 109.693758][ T6409] [ 109.693764][ T6409] dump_stack_lvl+0xe8/0x150 [ 109.693788][ T6409] bad_page+0x17f/0x1c0 [ 109.693805][ T6409] __free_frozen_pages+0xd28/0xd70 [ 109.693829][ T6409] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 109.693867][ T6409] bpf_xdp_adjust_tail+0x1d6/0x220 [ 109.693888][ T6409] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 109.693901][ T6409] bpf_prog_run_generic_xdp+0x603/0x1490 [ 109.693935][ T6409] do_xdp_generic+0xac5/0x12e0 [ 109.693958][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 109.693978][ T6409] ? __pfx_do_xdp_generic+0x10/0x10 [ 109.694004][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 109.694032][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 109.694053][ T6409] tun_get_user+0x247d/0x3dd0 [ 109.694079][ T6409] ? aa_file_perm+0x12d/0x1630 [ 109.694104][ T6409] ? aa_file_perm+0x440/0x1630 [ 109.694127][ T6409] ? __pfx_tun_get_user+0x10/0x10 [ 109.694149][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 109.694166][ T6409] ? __pfx___futex_wait+0x10/0x10 [ 109.694187][ T6409] ? ref_tracker_alloc+0x363/0x4d0 [ 109.694212][ T6409] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 109.694235][ T6409] ? tun_get+0x1c/0x2f0 [ 109.694255][ T6409] ? tun_get+0x1c/0x2f0 [ 109.694278][ T6409] ? tun_get+0x1c/0x2f0 [ 109.694316][ T6409] ? tun_get+0x1c/0x2f0 [ 109.694347][ T6409] tun_chr_write_iter+0x113/0x200 [ 109.694370][ T6409] vfs_write+0x61d/0xb90 [ 109.694392][ T6409] ? __pfx_vfs_write+0x10/0x10 [ 109.694413][ T6409] ? __fget_files+0x2a/0x420 [ 109.694431][ T6409] ksys_write+0x150/0x270 [ 109.694450][ T6409] ? __pfx_ksys_write+0x10/0x10 [ 109.694472][ T6409] do_syscall_64+0x14d/0xf80 [ 109.694493][ T6409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.694508][ T6409] ? trace_irq_disable+0x37/0x100 [ 109.694526][ T6409] ? clear_bhb_loop+0x40/0x90 [ 109.694543][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.694558][ T6409] RIP: 0033:0x7f163695c84e [ 109.694571][ T6409] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 109.694584][ T6409] RSP: 002b:00007f16378f5fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 109.694599][ T6409] RAX: ffffffffffffffda RBX: 00007f16378f66c0 RCX: 00007f163695c84e [ 109.694610][ T6409] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 109.694620][ T6409] RBP: 00007f1636a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 109.694630][ T6409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.694638][ T6409] R13: 00007f1636c16038 R14: 00007f1636c15fa0 R15: 00007ffdf79a6228 [ 109.694656][ T6409] [ 109.694665][ T6409] BUG: Bad page state in process syz.0.206 pfn:7e7b8 [ 109.980897][ T6409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807e7b8000 pfn:0x7e7b8 [ 109.991026][ T6409] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 109.998211][ T6409] raw: 00fff00000000000 dead000000000040 ffff88801c295000 0000000000000000 [ 110.006926][ T6409] raw: ffff88807e7b8000 0000000000000001 00000000ffffffff 0000000000000000 [ 110.015592][ T6409] page dumped because: page_pool leak [ 110.021011][ T6409] page_owner tracks the page as allocated [ 110.026789][ T6409] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6409, tgid 6408 (syz.0.206), ts 107007401973, free_ts 106998648146 [ 110.043910][ T6409] post_alloc_hook+0x228/0x280 [ 110.048779][ T6409] get_page_from_freelist+0x24dc/0x2580 [ 110.054396][ T6409] __alloc_frozen_pages_noprof+0x18d/0x380 [ 110.060310][ T6409] alloc_pages_bulk_noprof+0x558/0x700 [ 110.065848][ T6409] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 110.072053][ T6409] skb_pp_cow_data+0xc21/0x1680 [ 110.076982][ T6409] do_xdp_generic+0x76b/0x12e0 [ 110.081814][ T6409] tun_get_user+0x247d/0x3dd0 [ 110.086764][ T6409] tun_chr_write_iter+0x113/0x200 [ 110.091828][ T6409] vfs_write+0x61d/0xb90 [ 110.096169][ T6409] ksys_write+0x150/0x270 [ 110.100554][ T6409] do_syscall_64+0x14d/0xf80 [ 110.105208][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.111196][ T6409] page last free pid 6406 tgid 6406 stack trace: [ 110.117603][ T6409] __free_frozen_pages+0xbf8/0xd70 [ 110.122759][ T6409] tlb_finish_mmu+0x144/0x230 [ 110.127584][ T6409] exit_mmap+0x451/0xb30 [ 110.131866][ T6409] __mmput+0x118/0x430 [ 110.136082][ T6409] exit_mm+0x168/0x220 [ 110.140211][ T6409] do_exit+0x62e/0x2310 [ 110.144379][ T6409] do_group_exit+0x21b/0x2d0 [ 110.149122][ T6409] __x64_sys_exit_group+0x3f/0x40 [ 110.154197][ T6409] x64_sys_call+0x221a/0x2240 [ 110.159139][ T6409] do_syscall_64+0x14d/0xf80 [ 110.163770][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.169752][ T6409] Modules linked in: [ 110.173821][ T6409] CPU: 0 UID: 0 PID: 6409 Comm: syz.0.206 Tainted: G B syzkaller #0 PREEMPT(full) [ 110.173844][ T6409] Tainted: [B]=BAD_PAGE [ 110.173850][ T6409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 110.173859][ T6409] Call Trace: [ 110.173865][ T6409] [ 110.173871][ T6409] dump_stack_lvl+0xe8/0x150 [ 110.173896][ T6409] bad_page+0x17f/0x1c0 [ 110.173913][ T6409] __free_frozen_pages+0xd28/0xd70 [ 110.173942][ T6409] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 110.173973][ T6409] bpf_xdp_adjust_tail+0x1d6/0x220 [ 110.173993][ T6409] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 110.174007][ T6409] bpf_prog_run_generic_xdp+0x603/0x1490 [ 110.174040][ T6409] do_xdp_generic+0xac5/0x12e0 [ 110.174062][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 110.174082][ T6409] ? __pfx_do_xdp_generic+0x10/0x10 [ 110.174108][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 110.174136][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 110.174157][ T6409] tun_get_user+0x247d/0x3dd0 [ 110.174183][ T6409] ? aa_file_perm+0x12d/0x1630 [ 110.174208][ T6409] ? aa_file_perm+0x440/0x1630 [ 110.174230][ T6409] ? __pfx_tun_get_user+0x10/0x10 [ 110.174252][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 110.174269][ T6409] ? __pfx___futex_wait+0x10/0x10 [ 110.174290][ T6409] ? ref_tracker_alloc+0x363/0x4d0 [ 110.174314][ T6409] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 110.174337][ T6409] ? tun_get+0x1c/0x2f0 [ 110.174358][ T6409] ? tun_get+0x1c/0x2f0 [ 110.174381][ T6409] ? tun_get+0x1c/0x2f0 [ 110.174401][ T6409] ? tun_get+0x1c/0x2f0 [ 110.174422][ T6409] tun_chr_write_iter+0x113/0x200 [ 110.174445][ T6409] vfs_write+0x61d/0xb90 [ 110.174466][ T6409] ? __pfx_vfs_write+0x10/0x10 [ 110.174488][ T6409] ? __fget_files+0x2a/0x420 [ 110.174506][ T6409] ksys_write+0x150/0x270 [ 110.174524][ T6409] ? __pfx_ksys_write+0x10/0x10 [ 110.174550][ T6409] do_syscall_64+0x14d/0xf80 [ 110.174571][ T6409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.174619][ T6409] ? trace_irq_disable+0x37/0x100 [ 110.174637][ T6409] ? clear_bhb_loop+0x40/0x90 [ 110.174654][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.174669][ T6409] RIP: 0033:0x7f163695c84e [ 110.174682][ T6409] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 110.174696][ T6409] RSP: 002b:00007f16378f5fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 110.174712][ T6409] RAX: ffffffffffffffda RBX: 00007f16378f66c0 RCX: 00007f163695c84e [ 110.174723][ T6409] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 110.174733][ T6409] RBP: 00007f1636a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 110.174742][ T6409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.174751][ T6409] R13: 00007f1636c16038 R14: 00007f1636c15fa0 R15: 00007ffdf79a6228 [ 110.174769][ T6409] [ 110.174778][ T6409] BUG: Bad page state in process syz.0.206 pfn:7d937 [ 110.461033][ T6409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807d937000 pfn:0x7d937 [ 110.471267][ T6409] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 110.478457][ T6409] raw: 00fff00000000000 dead000000000040 ffff88801c295000 0000000000000000 [ 110.487126][ T6409] raw: ffff88807d937000 0000000000000001 00000000ffffffff 0000000000000000 [ 110.495786][ T6409] page dumped because: page_pool leak [ 110.501164][ T6409] page_owner tracks the page as allocated [ 110.507047][ T6409] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6409, tgid 6408 (syz.0.206), ts 107007389808, free_ts 106998663885 [ 110.524052][ T6409] post_alloc_hook+0x228/0x280 [ 110.528898][ T6409] get_page_from_freelist+0x24dc/0x2580 [ 110.534503][ T6409] __alloc_frozen_pages_noprof+0x18d/0x380 [ 110.540434][ T6409] alloc_pages_bulk_noprof+0x558/0x700 [ 110.545967][ T6409] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 110.552294][ T6409] skb_pp_cow_data+0xc21/0x1680 [ 110.557256][ T6409] do_xdp_generic+0x76b/0x12e0 [ 110.562097][ T6409] tun_get_user+0x247d/0x3dd0 [ 110.566870][ T6409] tun_chr_write_iter+0x113/0x200 [ 110.571942][ T6409] vfs_write+0x61d/0xb90 [ 110.576260][ T6409] ksys_write+0x150/0x270 [ 110.580644][ T6409] do_syscall_64+0x14d/0xf80 [ 110.585263][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.591236][ T6409] page last free pid 6406 tgid 6406 stack trace: [ 110.597615][ T6409] __free_frozen_pages+0xbf8/0xd70 [ 110.602747][ T6409] tlb_finish_mmu+0x144/0x230 [ 110.607598][ T6409] exit_mmap+0x451/0xb30 [ 110.611882][ T6409] __mmput+0x118/0x430 [ 110.616048][ T6409] exit_mm+0x168/0x220 [ 110.620157][ T6409] do_exit+0x62e/0x2310 [ 110.624427][ T6409] do_group_exit+0x21b/0x2d0 [ 110.629198][ T6409] __x64_sys_exit_group+0x3f/0x40 [ 110.634282][ T6409] x64_sys_call+0x221a/0x2240 [ 110.639058][ T6409] do_syscall_64+0x14d/0xf80 [ 110.643696][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.649688][ T6409] Modules linked in: [ 110.653814][ T6409] CPU: 0 UID: 0 PID: 6409 Comm: syz.0.206 Tainted: G B syzkaller #0 PREEMPT(full) [ 110.653844][ T6409] Tainted: [B]=BAD_PAGE [ 110.653851][ T6409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 110.653862][ T6409] Call Trace: [ 110.653871][ T6409] [ 110.653879][ T6409] dump_stack_lvl+0xe8/0x150 [ 110.653909][ T6409] bad_page+0x17f/0x1c0 [ 110.653931][ T6409] __free_frozen_pages+0xd28/0xd70 [ 110.653964][ T6409] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 110.653995][ T6409] bpf_xdp_adjust_tail+0x1d6/0x220 [ 110.654015][ T6409] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 110.654028][ T6409] bpf_prog_run_generic_xdp+0x603/0x1490 [ 110.654063][ T6409] do_xdp_generic+0xac5/0x12e0 [ 110.654084][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 110.654104][ T6409] ? __pfx_do_xdp_generic+0x10/0x10 [ 110.654130][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 110.654158][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 110.654179][ T6409] tun_get_user+0x247d/0x3dd0 [ 110.654205][ T6409] ? aa_file_perm+0x12d/0x1630 [ 110.654230][ T6409] ? aa_file_perm+0x440/0x1630 [ 110.654252][ T6409] ? __pfx_tun_get_user+0x10/0x10 [ 110.654274][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 110.654291][ T6409] ? __pfx___futex_wait+0x10/0x10 [ 110.654312][ T6409] ? ref_tracker_alloc+0x363/0x4d0 [ 110.654336][ T6409] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 110.654359][ T6409] ? tun_get+0x1c/0x2f0 [ 110.654379][ T6409] ? tun_get+0x1c/0x2f0 [ 110.654402][ T6409] ? tun_get+0x1c/0x2f0 [ 110.654422][ T6409] ? tun_get+0x1c/0x2f0 [ 110.654444][ T6409] tun_chr_write_iter+0x113/0x200 [ 110.654466][ T6409] vfs_write+0x61d/0xb90 [ 110.654487][ T6409] ? __pfx_vfs_write+0x10/0x10 [ 110.654509][ T6409] ? __fget_files+0x2a/0x420 [ 110.654526][ T6409] ksys_write+0x150/0x270 [ 110.654545][ T6409] ? __pfx_ksys_write+0x10/0x10 [ 110.654567][ T6409] do_syscall_64+0x14d/0xf80 [ 110.654588][ T6409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.654602][ T6409] ? trace_irq_disable+0x37/0x100 [ 110.654620][ T6409] ? clear_bhb_loop+0x40/0x90 [ 110.654642][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.654657][ T6409] RIP: 0033:0x7f163695c84e [ 110.654670][ T6409] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 110.654683][ T6409] RSP: 002b:00007f16378f5fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 110.654699][ T6409] RAX: ffffffffffffffda RBX: 00007f16378f66c0 RCX: 00007f163695c84e [ 110.654710][ T6409] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 110.654720][ T6409] RBP: 00007f1636a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 110.654729][ T6409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.654738][ T6409] R13: 00007f1636c16038 R14: 00007f1636c15fa0 R15: 00007ffdf79a6228 [ 110.654756][ T6409] [ 110.654765][ T6409] BUG: Bad page state in process syz.0.206 pfn:57cc0 [ 110.940258][ T6409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888057cc0a00 pfn:0x57cc0 [ 110.950395][ T6409] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 110.957577][ T6409] raw: 00fff00000000000 dead000000000040 ffff88801c295000 0000000000000000 [ 110.966223][ T6409] raw: ffff888057cc0a00 0000000000000001 00000000ffffffff 0000000000000000 [ 110.974958][ T6409] page dumped because: page_pool leak [ 110.980532][ T6409] page_owner tracks the page as allocated [ 110.986349][ T6409] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6409, tgid 6408 (syz.0.206), ts 107007377983, free_ts 106998679528 [ 111.003430][ T6409] post_alloc_hook+0x228/0x280 [ 111.008261][ T6409] get_page_from_freelist+0x24dc/0x2580 [ 111.013836][ T6409] __alloc_frozen_pages_noprof+0x18d/0x380 [ 111.019718][ T6409] alloc_pages_bulk_noprof+0x558/0x700 [ 111.025237][ T6409] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 111.031459][ T6409] skb_pp_cow_data+0xc21/0x1680 [ 111.036383][ T6409] do_xdp_generic+0x76b/0x12e0 [ 111.041199][ T6409] tun_get_user+0x247d/0x3dd0 [ 111.045947][ T6409] tun_chr_write_iter+0x113/0x200 [ 111.051020][ T6409] vfs_write+0x61d/0xb90 [ 111.055293][ T6409] ksys_write+0x150/0x270 [ 111.059883][ T6409] do_syscall_64+0x14d/0xf80 [ 111.064675][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.070736][ T6409] page last free pid 6406 tgid 6406 stack trace: [ 111.077106][ T6409] __free_frozen_pages+0xbf8/0xd70 [ 111.082237][ T6409] tlb_finish_mmu+0x144/0x230 [ 111.087017][ T6409] exit_mmap+0x451/0xb30 [ 111.091295][ T6409] __mmput+0x118/0x430 [ 111.095372][ T6409] exit_mm+0x168/0x220 [ 111.099520][ T6409] do_exit+0x62e/0x2310 [ 111.103802][ T6409] do_group_exit+0x21b/0x2d0 [ 111.108592][ T6409] __x64_sys_exit_group+0x3f/0x40 [ 111.113759][ T6409] x64_sys_call+0x221a/0x2240 [ 111.118542][ T6409] do_syscall_64+0x14d/0xf80 [ 111.123194][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.129184][ T6409] Modules linked in: [ 111.133121][ T6409] CPU: 0 UID: 0 PID: 6409 Comm: syz.0.206 Tainted: G B syzkaller #0 PREEMPT(full) [ 111.133145][ T6409] Tainted: [B]=BAD_PAGE [ 111.133151][ T6409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 111.133162][ T6409] Call Trace: [ 111.133168][ T6409] [ 111.133174][ T6409] dump_stack_lvl+0xe8/0x150 [ 111.133199][ T6409] bad_page+0x17f/0x1c0 [ 111.133216][ T6409] __free_frozen_pages+0xd28/0xd70 [ 111.133240][ T6409] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 111.133272][ T6409] bpf_xdp_adjust_tail+0x1d6/0x220 [ 111.133294][ T6409] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 111.133309][ T6409] bpf_prog_run_generic_xdp+0x603/0x1490 [ 111.133350][ T6409] do_xdp_generic+0xac5/0x12e0 [ 111.133372][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 111.133392][ T6409] ? __pfx_do_xdp_generic+0x10/0x10 [ 111.133418][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 111.133446][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 111.133466][ T6409] tun_get_user+0x247d/0x3dd0 [ 111.133492][ T6409] ? aa_file_perm+0x12d/0x1630 [ 111.133518][ T6409] ? aa_file_perm+0x440/0x1630 [ 111.133540][ T6409] ? __pfx_tun_get_user+0x10/0x10 [ 111.133562][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 111.133578][ T6409] ? __pfx___futex_wait+0x10/0x10 [ 111.133600][ T6409] ? ref_tracker_alloc+0x363/0x4d0 [ 111.133732][ T6409] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 111.133767][ T6409] ? tun_get+0x1c/0x2f0 [ 111.133789][ T6409] ? tun_get+0x1c/0x2f0 [ 111.133812][ T6409] ? tun_get+0x1c/0x2f0 [ 111.133832][ T6409] ? tun_get+0x1c/0x2f0 [ 111.133860][ T6409] tun_chr_write_iter+0x113/0x200 [ 111.133884][ T6409] vfs_write+0x61d/0xb90 [ 111.133906][ T6409] ? __pfx_vfs_write+0x10/0x10 [ 111.133929][ T6409] ? __fget_files+0x2a/0x420 [ 111.133950][ T6409] ksys_write+0x150/0x270 [ 111.133969][ T6409] ? __pfx_ksys_write+0x10/0x10 [ 111.133994][ T6409] do_syscall_64+0x14d/0xf80 [ 111.134015][ T6409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.134031][ T6409] ? trace_irq_disable+0x37/0x100 [ 111.134050][ T6409] ? clear_bhb_loop+0x40/0x90 [ 111.134067][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.134083][ T6409] RIP: 0033:0x7f163695c84e [ 111.134097][ T6409] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 111.134110][ T6409] RSP: 002b:00007f16378f5fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 111.134126][ T6409] RAX: ffffffffffffffda RBX: 00007f16378f66c0 RCX: 00007f163695c84e [ 111.134138][ T6409] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 111.134148][ T6409] RBP: 00007f1636a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 111.134158][ T6409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.134167][ T6409] R13: 00007f1636c16038 R14: 00007f1636c15fa0 R15: 00007ffdf79a6228 [ 111.134185][ T6409] [ 111.134196][ T6409] BUG: Bad page state in process syz.0.206 pfn:78ed9 [ 111.420427][ T6409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x78ed9 [ 111.430557][ T6409] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 111.437827][ T6409] raw: 00fff00000000000 dead000000000040 ffff88801c295000 0000000000000000 [ 111.446481][ T6409] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 111.455086][ T6409] page dumped because: page_pool leak [ 111.460532][ T6409] page_owner tracks the page as allocated [ 111.466317][ T6409] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6409, tgid 6408 (syz.0.206), ts 107007365988, free_ts 106998694903 [ 111.483461][ T6409] post_alloc_hook+0x228/0x280 [ 111.488388][ T6409] get_page_from_freelist+0x24dc/0x2580 [ 111.494006][ T6409] __alloc_frozen_pages_noprof+0x18d/0x380 [ 111.499929][ T6409] alloc_pages_bulk_noprof+0x558/0x700 [ 111.505440][ T6409] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 111.511628][ T6409] skb_pp_cow_data+0xc21/0x1680 [ 111.516565][ T6409] do_xdp_generic+0x76b/0x12e0 [ 111.521355][ T6409] tun_get_user+0x247d/0x3dd0 [ 111.526192][ T6409] tun_chr_write_iter+0x113/0x200 [ 111.531487][ T6409] vfs_write+0x61d/0xb90 [ 111.535819][ T6409] ksys_write+0x150/0x270 [ 111.540198][ T6409] do_syscall_64+0x14d/0xf80 [ 111.544841][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.550859][ T6409] page last free pid 6406 tgid 6406 stack trace: [ 111.557249][ T6409] __free_frozen_pages+0xbf8/0xd70 [ 111.562420][ T6409] tlb_finish_mmu+0x144/0x230 [ 111.567245][ T6409] exit_mmap+0x451/0xb30 [ 111.571544][ T6409] __mmput+0x118/0x430 [ 111.575715][ T6409] exit_mm+0x168/0x220 [ 111.579841][ T6409] do_exit+0x62e/0x2310 [ 111.584051][ T6409] do_group_exit+0x21b/0x2d0 [ 111.588832][ T6409] __x64_sys_exit_group+0x3f/0x40 [ 111.593926][ T6409] x64_sys_call+0x221a/0x2240 [ 111.598737][ T6409] do_syscall_64+0x14d/0xf80 [ 111.603401][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.609366][ T6409] Modules linked in: [ 111.613302][ T6409] CPU: 0 UID: 0 PID: 6409 Comm: syz.0.206 Tainted: G B syzkaller #0 PREEMPT(full) [ 111.613332][ T6409] Tainted: [B]=BAD_PAGE [ 111.613340][ T6409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 111.613351][ T6409] Call Trace: [ 111.613359][ T6409] [ 111.613367][ T6409] dump_stack_lvl+0xe8/0x150 [ 111.613397][ T6409] bad_page+0x17f/0x1c0 [ 111.613420][ T6409] __free_frozen_pages+0xd28/0xd70 [ 111.613452][ T6409] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 111.613493][ T6409] bpf_xdp_adjust_tail+0x1d6/0x220 [ 111.613519][ T6409] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 111.613537][ T6409] bpf_prog_run_generic_xdp+0x603/0x1490 [ 111.613582][ T6409] do_xdp_generic+0xac5/0x12e0 [ 111.613611][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 111.613638][ T6409] ? __pfx_do_xdp_generic+0x10/0x10 [ 111.613674][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 111.613712][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 111.613742][ T6409] tun_get_user+0x247d/0x3dd0 [ 111.613776][ T6409] ? aa_file_perm+0x12d/0x1630 [ 111.613807][ T6409] ? aa_file_perm+0x440/0x1630 [ 111.613837][ T6409] ? __pfx_tun_get_user+0x10/0x10 [ 111.613868][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 111.613900][ T6409] ? __pfx___futex_wait+0x10/0x10 [ 111.613928][ T6409] ? ref_tracker_alloc+0x363/0x4d0 [ 111.613961][ T6409] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 111.613992][ T6409] ? tun_get+0x1c/0x2f0 [ 111.614019][ T6409] ? tun_get+0x1c/0x2f0 [ 111.614049][ T6409] ? tun_get+0x1c/0x2f0 [ 111.614076][ T6409] ? tun_get+0x1c/0x2f0 [ 111.614106][ T6409] tun_chr_write_iter+0x113/0x200 [ 111.614136][ T6409] vfs_write+0x61d/0xb90 [ 111.614165][ T6409] ? __pfx_vfs_write+0x10/0x10 [ 111.614194][ T6409] ? __fget_files+0x2a/0x420 [ 111.614219][ T6409] ksys_write+0x150/0x270 [ 111.614244][ T6409] ? __pfx_ksys_write+0x10/0x10 [ 111.614274][ T6409] do_syscall_64+0x14d/0xf80 [ 111.614301][ T6409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.614322][ T6409] ? trace_irq_disable+0x37/0x100 [ 111.614339][ T6409] ? clear_bhb_loop+0x40/0x90 [ 111.614356][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.614370][ T6409] RIP: 0033:0x7f163695c84e [ 111.614384][ T6409] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 111.614396][ T6409] RSP: 002b:00007f16378f5fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 111.614412][ T6409] RAX: ffffffffffffffda RBX: 00007f16378f66c0 RCX: 00007f163695c84e [ 111.614423][ T6409] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 111.614433][ T6409] RBP: 00007f1636a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 111.614442][ T6409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.614451][ T6409] R13: 00007f1636c16038 R14: 00007f1636c15fa0 R15: 00007ffdf79a6228 [ 111.614469][ T6409] [ 111.614478][ T6409] BUG: Bad page state in process syz.0.206 pfn:76111 [ 111.900450][ T6409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x76111 [ 111.910614][ T6409] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 111.917784][ T6409] raw: 00fff00000000000 dead000000000040 ffff88801c295000 0000000000000000 [ 111.926529][ T6409] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000 [ 111.935134][ T6409] page dumped because: page_pool leak [ 111.940587][ T6409] page_owner tracks the page as allocated [ 111.946367][ T6409] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6409, tgid 6408 (syz.0.206), ts 107007354201, free_ts 106998710059 [ 111.963669][ T6409] post_alloc_hook+0x228/0x280 [ 111.968521][ T6409] get_page_from_freelist+0x24dc/0x2580 [ 111.974107][ T6409] __alloc_frozen_pages_noprof+0x18d/0x380 [ 111.979999][ T6409] alloc_pages_bulk_noprof+0x558/0x700 [ 111.985510][ T6409] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 111.991688][ T6409] skb_pp_cow_data+0xc21/0x1680 [ 111.996635][ T6409] do_xdp_generic+0x76b/0x12e0 [ 112.001474][ T6409] tun_get_user+0x247d/0x3dd0 [ 112.006225][ T6409] tun_chr_write_iter+0x113/0x200 [ 112.011309][ T6409] vfs_write+0x61d/0xb90 [ 112.015708][ T6409] ksys_write+0x150/0x270 [ 112.020152][ T6409] do_syscall_64+0x14d/0xf80 [ 112.024798][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.030794][ T6409] page last free pid 6406 tgid 6406 stack trace: [ 112.037179][ T6409] __free_frozen_pages+0xbf8/0xd70 [ 112.042308][ T6409] tlb_finish_mmu+0x144/0x230 [ 112.047056][ T6409] exit_mmap+0x451/0xb30 [ 112.051349][ T6409] __mmput+0x118/0x430 [ 112.055466][ T6409] exit_mm+0x168/0x220 [ 112.059616][ T6409] do_exit+0x62e/0x2310 [ 112.063868][ T6409] do_group_exit+0x21b/0x2d0 [ 112.068581][ T6409] __x64_sys_exit_group+0x3f/0x40 [ 112.073650][ T6409] x64_sys_call+0x221a/0x2240 [ 112.078441][ T6409] do_syscall_64+0x14d/0xf80 [ 112.083070][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.089042][ T6409] Modules linked in: [ 112.093086][ T6409] CPU: 0 UID: 0 PID: 6409 Comm: syz.0.206 Tainted: G B syzkaller #0 PREEMPT(full) [ 112.093108][ T6409] Tainted: [B]=BAD_PAGE [ 112.093113][ T6409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 112.093123][ T6409] Call Trace: [ 112.093128][ T6409] [ 112.093135][ T6409] dump_stack_lvl+0xe8/0x150 [ 112.093158][ T6409] bad_page+0x17f/0x1c0 [ 112.093174][ T6409] __free_frozen_pages+0xd28/0xd70 [ 112.093197][ T6409] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 112.093228][ T6409] bpf_xdp_adjust_tail+0x1d6/0x220 [ 112.093248][ T6409] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 112.093261][ T6409] bpf_prog_run_generic_xdp+0x603/0x1490 [ 112.093301][ T6409] do_xdp_generic+0xac5/0x12e0 [ 112.093322][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 112.093342][ T6409] ? __pfx_do_xdp_generic+0x10/0x10 [ 112.093368][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 112.093396][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 112.093417][ T6409] tun_get_user+0x247d/0x3dd0 [ 112.093443][ T6409] ? aa_file_perm+0x12d/0x1630 [ 112.093468][ T6409] ? aa_file_perm+0x440/0x1630 [ 112.093490][ T6409] ? __pfx_tun_get_user+0x10/0x10 [ 112.093512][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 112.093529][ T6409] ? __pfx___futex_wait+0x10/0x10 [ 112.093550][ T6409] ? ref_tracker_alloc+0x363/0x4d0 [ 112.093574][ T6409] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 112.093597][ T6409] ? tun_get+0x1c/0x2f0 [ 112.093618][ T6409] ? tun_get+0x1c/0x2f0 [ 112.093640][ T6409] ? tun_get+0x1c/0x2f0 [ 112.093660][ T6409] ? tun_get+0x1c/0x2f0 [ 112.093682][ T6409] tun_chr_write_iter+0x113/0x200 [ 112.093704][ T6409] vfs_write+0x61d/0xb90 [ 112.093725][ T6409] ? __pfx_vfs_write+0x10/0x10 [ 112.093747][ T6409] ? __fget_files+0x2a/0x420 [ 112.093765][ T6409] ksys_write+0x150/0x270 [ 112.093783][ T6409] ? __pfx_ksys_write+0x10/0x10 [ 112.093805][ T6409] do_syscall_64+0x14d/0xf80 [ 112.093826][ T6409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.093845][ T6409] ? trace_irq_disable+0x37/0x100 [ 112.093873][ T6409] ? clear_bhb_loop+0x40/0x90 [ 112.093890][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.093905][ T6409] RIP: 0033:0x7f163695c84e [ 112.093918][ T6409] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 112.093931][ T6409] RSP: 002b:00007f16378f5fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 112.093947][ T6409] RAX: ffffffffffffffda RBX: 00007f16378f66c0 RCX: 00007f163695c84e [ 112.093958][ T6409] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 112.093968][ T6409] RBP: 00007f1636a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 112.093977][ T6409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.093986][ T6409] R13: 00007f1636c16038 R14: 00007f1636c15fa0 R15: 00007ffdf79a6228 [ 112.094003][ T6409] [ 112.094012][ T6409] BUG: Bad page state in process syz.0.206 pfn:2b553 [ 112.381909][ T6409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802b553000 pfn:0x2b553 [ 112.392103][ T6409] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 112.399287][ T6409] raw: 00fff00000000000 dead000000000040 ffff88801c295000 0000000000000000 [ 112.407936][ T6409] raw: ffff88802b553000 0000000000000001 00000000ffffffff 0000000000000000 [ 112.416608][ T6409] page dumped because: page_pool leak [ 112.422053][ T6409] page_owner tracks the page as allocated [ 112.427879][ T6409] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6409, tgid 6408 (syz.0.206), ts 107007342350, free_ts 106998725219 [ 112.444896][ T6409] post_alloc_hook+0x228/0x280 [ 112.449757][ T6409] get_page_from_freelist+0x24dc/0x2580 [ 112.455371][ T6409] __alloc_frozen_pages_noprof+0x18d/0x380 [ 112.461335][ T6409] alloc_pages_bulk_noprof+0x558/0x700 [ 112.466952][ T6409] __page_pool_alloc_netmems_slow+0x14c/0x710 [ 112.473049][ T6409] skb_pp_cow_data+0xc21/0x1680 [ 112.477974][ T6409] do_xdp_generic+0x76b/0x12e0 [ 112.482780][ T6409] tun_get_user+0x247d/0x3dd0 [ 112.487632][ T6409] tun_chr_write_iter+0x113/0x200 [ 112.492827][ T6409] vfs_write+0x61d/0xb90 [ 112.497147][ T6409] ksys_write+0x150/0x270 [ 112.501530][ T6409] do_syscall_64+0x14d/0xf80 [ 112.506479][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.512493][ T6409] page last free pid 6406 tgid 6406 stack trace: [ 112.519057][ T6409] __free_frozen_pages+0xbf8/0xd70 [ 112.524207][ T6409] tlb_finish_mmu+0x144/0x230 [ 112.528962][ T6409] exit_mmap+0x451/0xb30 [ 112.533237][ T6409] __mmput+0x118/0x430 [ 112.537403][ T6409] exit_mm+0x168/0x220 [ 112.541545][ T6409] do_exit+0x62e/0x2310 [ 112.545776][ T6409] do_group_exit+0x21b/0x2d0 [ 112.550416][ T6409] __x64_sys_exit_group+0x3f/0x40 [ 112.555464][ T6409] x64_sys_call+0x221a/0x2240 [ 112.560238][ T6409] do_syscall_64+0x14d/0xf80 [ 112.564889][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.570981][ T6409] Modules linked in: [ 112.574931][ T6409] CPU: 0 UID: 0 PID: 6409 Comm: syz.0.206 Tainted: G B syzkaller #0 PREEMPT(full) [ 112.574955][ T6409] Tainted: [B]=BAD_PAGE [ 112.574961][ T6409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 112.574970][ T6409] Call Trace: [ 112.574976][ T6409] [ 112.574983][ T6409] dump_stack_lvl+0xe8/0x150 [ 112.575007][ T6409] bad_page+0x17f/0x1c0 [ 112.575024][ T6409] __free_frozen_pages+0xd28/0xd70 [ 112.575048][ T6409] bpf_xdp_frags_shrink_tail+0x4f7/0x7f0 [ 112.575079][ T6409] bpf_xdp_adjust_tail+0x1d6/0x220 [ 112.575099][ T6409] bpf_prog_5d7dc57dfd7f985a+0x1e/0x24 [ 112.575113][ T6409] bpf_prog_run_generic_xdp+0x603/0x1490 [ 112.575146][ T6409] do_xdp_generic+0xac5/0x12e0 [ 112.575168][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 112.575188][ T6409] ? __pfx_do_xdp_generic+0x10/0x10 [ 112.575214][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 112.575242][ T6409] ? tun_get_user+0x2354/0x3dd0 [ 112.575263][ T6409] tun_get_user+0x247d/0x3dd0 [ 112.575290][ T6409] ? aa_file_perm+0x12d/0x1630 [ 112.575332][ T6409] ? aa_file_perm+0x440/0x1630 [ 112.575355][ T6409] ? __pfx_tun_get_user+0x10/0x10 [ 112.575377][ T6409] ? __lock_acquire+0x6b5/0x2cf0 [ 112.575393][ T6409] ? __pfx___futex_wait+0x10/0x10 [ 112.575415][ T6409] ? ref_tracker_alloc+0x363/0x4d0 [ 112.575439][ T6409] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 112.575462][ T6409] ? tun_get+0x1c/0x2f0 [ 112.575488][ T6409] ? tun_get+0x1c/0x2f0 [ 112.575510][ T6409] ? tun_get+0x1c/0x2f0 [ 112.575530][ T6409] ? tun_get+0x1c/0x2f0 [ 112.575590][ T6409] tun_chr_write_iter+0x113/0x200 [ 112.575619][ T6409] vfs_write+0x61d/0xb90 [ 112.575647][ T6409] ? __pfx_vfs_write+0x10/0x10 [ 112.575674][ T6409] ? __fget_files+0x2a/0x420 [ 112.575700][ T6409] ksys_write+0x150/0x270 [ 112.575719][ T6409] ? __pfx_ksys_write+0x10/0x10 [ 112.575741][ T6409] do_syscall_64+0x14d/0xf80 [ 112.575767][ T6409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.575783][ T6409] ? trace_irq_disable+0x37/0x100 [ 112.575801][ T6409] ? clear_bhb_loop+0x40/0x90 [ 112.575818][ T6409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.575832][ T6409] RIP: 0033:0x7f163695c84e [ 112.575846][ T6409] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 112.575859][ T6409] RSP: 002b:00007f16378f5fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 112.575875][ T6409] RAX: ffffffffffffffda RBX: 00007f16378f66c0 RCX: 00007f163695c84e [ 112.575886][ T6409] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8 [ 112.575896][ T6409] RBP: 00007f1636a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 112.575905][ T6409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.575914][ T6409] R13: 00007f1636c16038 R14: 00007f1636c15fa0 R15: 00007ffdf79a6228 [ 112.575932][ T6409]