program:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f0000000a80)=ANY=[], 0x0)

[   70.146958][ T4665] Bluetooth: hci0: command tx timeout
[   70.225088][ T5321] BUG: Bad page state in process syz.0.0  pfn:40985
[   70.227991][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x40985
[   70.231641][ T5321] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   70.234738][ T5321] raw: 04fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   70.238307][ T5321] raw: 0000000000000000 3fffffffffffffff 00000000ffffffff 0000000000000000
[   70.241852][ T5321] page dumped because: page_pool leak
[   70.244444][ T5321] page_owner tracks the page as allocated
[   70.246991][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 70225019252, free_ts 70215535095
[   70.253793][ T5321]  post_alloc_hook+0x1f4/0x240
[   70.255907][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   70.258284][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   70.260832][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   70.263078][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   70.265778][ T5321]  page_pool_alloc_frag_netmem+0x59c/0x940
[   70.268183][ T5321]  skb_pp_cow_data+0xcea/0x1720
[   70.270207][ T5321]  do_xdp_generic+0x505/0xd30
[   70.272194][ T5321]  tun_get_user+0x2a4b/0x4860
[   70.274372][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   70.276555][ T5321]  vfs_write+0xacf/0xd10
[   70.278361][ T5321]  ksys_write+0x18f/0x2b0
[   70.280188][ T5321]  do_syscall_64+0xf3/0x230
[   70.282115][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.284687][ T5321] page last free pid 5317 tgid 5317 stack trace:
[   70.287318][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   70.289345][ T5321]  __put_partials+0x160/0x1c0
[   70.291279][ T5321]  put_cpu_partial+0x17c/0x250
[   70.293249][ T5321]  __slab_free+0x290/0x380
[   70.295136][ T5321]  qlist_free_all+0x9a/0x140
[   70.296996][ T5321]  kasan_quarantine_reduce+0x14f/0x170
[   70.299169][ T5321]  __kasan_slab_alloc+0x23/0x80
[   70.301171][ T5321]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   70.303617][ T5321]  __alloc_skb+0x1c3/0x440
[   70.305487][ T5321]  mld_newpack+0x17c/0xc70
[   70.307302][ T5321]  add_grec+0x1492/0x19a0
[   70.309102][ T5321]  mld_send_initial_cr+0x228/0x4b0
[   70.311235][ T5321]  mld_dad_work+0x44/0x500
[   70.313152][ T5321]  process_scheduled_works+0xabe/0x18e0
[   70.315667][ T5321]  worker_thread+0x870/0xd30
[   70.317641][ T5321]  kthread+0x7a9/0x920
[   70.319576][ T5321] Modules linked in:
[   70.321109][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.14.0-syzkaller-00624-g2f2d52945852 #0
[   70.321127][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.321134][ T5321] Call Trace:
[   70.321142][ T5321]  <TASK>
[   70.321149][ T5321]  dump_stack_lvl+0x241/0x360
[   70.321166][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.321179][ T5321]  ? __pfx_print_modules+0x10/0x10
[   70.321203][ T5321]  bad_page+0x176/0x1d0
[   70.321216][ T5321]  free_frozen_pages+0x1082/0x10e0
[   70.321237][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   70.321262][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   70.321278][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   70.321288][ T5321]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   70.321320][ T5321]  do_xdp_generic+0x757/0xd30
[   70.321336][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   70.321352][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   70.321369][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   70.321388][ T5321]  ? tun_get_user+0x2914/0x4860
[   70.321407][ T5321]  tun_get_user+0x2a4b/0x4860
[   70.321431][ T5321]  ? __lock_acquire+0x1397/0x2100
[   70.321453][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   70.321480][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   70.321498][ T5321]  ? tun_get+0x1e/0x2f0
[   70.321513][ T5321]  ? __pfx_lock_release+0x10/0x10
[   70.321537][ T5321]  ? tun_get+0x1e/0x2f0
[   70.321554][ T5321]  ? tun_get+0x27d/0x2f0
[   70.321571][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   70.321591][ T5321]  vfs_write+0xacf/0xd10
[   70.321607][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   70.321626][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   70.321640][ T5321]  ? __fget_files+0x2a/0x420
[   70.321661][ T5321]  ? __fget_files+0x2a/0x420
[   70.321682][ T5321]  ksys_write+0x18f/0x2b0
[   70.321696][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   70.321708][ T5321]  ? exc_page_fault+0x590/0x8b0
[   70.321725][ T5321]  ? do_syscall_64+0xb6/0x230
[   70.321742][ T5321]  do_syscall_64+0xf3/0x230
[   70.321759][ T5321]  ? clear_bhb_loop+0x35/0x90
[   70.321778][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.321795][ T5321] RIP: 0033:0x7fe3b658bc1f
[   70.321809][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   70.321818][ T5321] RSP: 002b:00007fe3b7392000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   70.321832][ T5321] RAX: ffffffffffffffda RBX: 00007fe3b67a5fa0 RCX: 00007fe3b658bc1f
[   70.321839][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   70.321846][ T5321] RBP: 00007fe3b660e2a0 R08: 0000000000000000 R09: 0000000000000000
[   70.321853][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   70.321860][ T5321] R13: 0000000000000000 R14: 00007fe3b67a5fa0 R15: 00007ffd4b2fa3d8
[   70.321878][ T5321]  </TASK>
[   70.321883][ T5321] Disabling lock debugging due to kernel taint
[   70.436371][ T5321] BUG: Bad page state in process syz.0.0  pfn:40984
[   70.439055][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x40984
[   70.442590][ T5321] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   70.445630][ T5321] raw: 04fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   70.449046][ T5321] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   70.452435][ T5321] page dumped because: page_pool leak
[   70.454720][ T5321] page_owner tracks the page as allocated
[   70.457126][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 70225011629, free_ts 70215535095
[   70.463274][ T5321]  post_alloc_hook+0x1f4/0x240
[   70.465192][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   70.467208][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   70.469280][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   70.471250][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   70.473547][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   70.475295][ T5321]  do_xdp_generic+0x505/0xd30
[   70.477260][ T5321]  tun_get_user+0x2a4b/0x4860
[   70.479229][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   70.481314][ T5321]  vfs_write+0xacf/0xd10
[   70.482977][ T5321]  ksys_write+0x18f/0x2b0
[   70.484891][ T5321]  do_syscall_64+0xf3/0x230
[   70.486572][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.488767][ T5321] page last free pid 5317 tgid 5317 stack trace:
[   70.491029][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   70.492966][ T5321]  __put_partials+0x160/0x1c0
[   70.494745][ T5321]  put_cpu_partial+0x17c/0x250
[   70.496483][ T5321]  __slab_free+0x290/0x380
[   70.498004][ T5321]  qlist_free_all+0x9a/0x140
[   70.499779][ T5321]  kasan_quarantine_reduce+0x14f/0x170
[   70.501821][ T5321]  __kasan_slab_alloc+0x23/0x80
[   70.503666][ T5321]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   70.505867][ T5321]  __alloc_skb+0x1c3/0x440
[   70.507520][ T5321]  mld_newpack+0x17c/0xc70
[   70.509222][ T5321]  add_grec+0x1492/0x19a0
[   70.510865][ T5321]  mld_send_initial_cr+0x228/0x4b0
[   70.512805][ T5321]  mld_dad_work+0x44/0x500
[   70.514501][ T5321]  process_scheduled_works+0xabe/0x18e0
[   70.516630][ T5321]  worker_thread+0x870/0xd30
[   70.518545][ T5321]  kthread+0x7a9/0x920
[   70.520192][ T5321] Modules linked in:
[   70.521746][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   70.521765][ T5321] Tainted: [B]=BAD_PAGE
[   70.521769][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.521776][ T5321] Call Trace:
[   70.521783][ T5321]  <TASK>
[   70.521789][ T5321]  dump_stack_lvl+0x241/0x360
[   70.521804][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.521816][ T5321]  ? __pfx_print_modules+0x10/0x10
[   70.521833][ T5321]  bad_page+0x176/0x1d0
[   70.521848][ T5321]  free_frozen_pages+0x1082/0x10e0
[   70.521864][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   70.521884][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   70.521897][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   70.521907][ T5321]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   70.521928][ T5321]  do_xdp_generic+0x757/0xd30
[   70.521940][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   70.521951][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   70.521964][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   70.521977][ T5321]  ? tun_get_user+0x2914/0x4860
[   70.521992][ T5321]  tun_get_user+0x2a4b/0x4860
[   70.522010][ T5321]  ? __lock_acquire+0x1397/0x2100
[   70.522027][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   70.522046][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   70.522058][ T5321]  ? tun_get+0x1e/0x2f0
[   70.522072][ T5321]  ? __pfx_lock_release+0x10/0x10
[   70.522097][ T5321]  ? tun_get+0x1e/0x2f0
[   70.522112][ T5321]  ? tun_get+0x27d/0x2f0
[   70.522127][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   70.522145][ T5321]  vfs_write+0xacf/0xd10
[   70.522156][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   70.522174][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   70.522192][ T5321]  ? __fget_files+0x2a/0x420
[   70.522208][ T5321]  ? __fget_files+0x2a/0x420
[   70.522225][ T5321]  ksys_write+0x18f/0x2b0
[   70.522234][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   70.522244][ T5321]  ? exc_page_fault+0x590/0x8b0
[   70.522259][ T5321]  ? do_syscall_64+0xb6/0x230
[   70.522274][ T5321]  do_syscall_64+0xf3/0x230
[   70.522287][ T5321]  ? clear_bhb_loop+0x35/0x90
[   70.522301][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.522316][ T5321] RIP: 0033:0x7fe3b658bc1f
[   70.522326][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   70.522335][ T5321] RSP: 002b:00007fe3b7392000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   70.522347][ T5321] RAX: ffffffffffffffda RBX: 00007fe3b67a5fa0 RCX: 00007fe3b658bc1f
[   70.522355][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   70.522363][ T5321] RBP: 00007fe3b660e2a0 R08: 0000000000000000 R09: 0000000000000000
[   70.522371][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   70.522378][ T5321] R13: 0000000000000000 R14: 00007fe3b67a5fa0 R15: 00007ffd4b2fa3d8
[   70.522390][ T5321]  </TASK>
[   70.522400][ T5321] BUG: Bad page state in process syz.0.0  pfn:40983
[   70.637110][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x40983
[   70.640643][ T5321] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   70.643551][ T5321] raw: 04fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   70.646899][ T5321] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   70.650212][ T5321] page dumped because: page_pool leak
[   70.652267][ T5321] page_owner tracks the page as allocated
[   70.654544][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 70225004592, free_ts 70215535095
[   70.661043][ T5321]  post_alloc_hook+0x1f4/0x240
[   70.662913][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   70.665280][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   70.667598][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   70.669774][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   70.672215][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   70.674257][ T5321]  do_xdp_generic+0x505/0xd30
[   70.676116][ T5321]  tun_get_user+0x2a4b/0x4860
[   70.677903][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   70.679866][ T5321]  vfs_write+0xacf/0xd10
[   70.681646][ T5321]  ksys_write+0x18f/0x2b0
[   70.683498][ T5321]  do_syscall_64+0xf3/0x230
[   70.685484][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.687880][ T5321] page last free pid 5317 tgid 5317 stack trace:
[   70.690437][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   70.692484][ T5321]  __put_partials+0x160/0x1c0
[   70.694561][ T5321]  put_cpu_partial+0x17c/0x250
[   70.696630][ T5321]  __slab_free+0x290/0x380
[   70.698455][ T5321]  qlist_free_all+0x9a/0x140
[   70.700269][ T5321]  kasan_quarantine_reduce+0x14f/0x170
[   70.702473][ T5321]  __kasan_slab_alloc+0x23/0x80
[   70.704518][ T5321]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   70.706957][ T5321]  __alloc_skb+0x1c3/0x440
[   70.708779][ T5321]  mld_newpack+0x17c/0xc70
[   70.710626][ T5321]  add_grec+0x1492/0x19a0
[   70.712493][ T5321]  mld_send_initial_cr+0x228/0x4b0
[   70.714705][ T5321]  mld_dad_work+0x44/0x500
[   70.716594][ T5321]  process_scheduled_works+0xabe/0x18e0
[   70.718705][ T5321]  worker_thread+0x870/0xd30
[   70.720604][ T5321]  kthread+0x7a9/0x920
[   70.722295][ T5321] Modules linked in:
[   70.724200][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   70.724221][ T5321] Tainted: [B]=BAD_PAGE
[   70.724226][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.724235][ T5321] Call Trace:
[   70.724243][ T5321]  <TASK>
[   70.724249][ T5321]  dump_stack_lvl+0x241/0x360
[   70.724266][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.724279][ T5321]  ? __pfx_print_modules+0x10/0x10
[   70.724301][ T5321]  bad_page+0x176/0x1d0
[   70.724316][ T5321]  free_frozen_pages+0x1082/0x10e0
[   70.724339][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   70.724362][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   70.724380][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   70.724393][ T5321]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   70.724421][ T5321]  do_xdp_generic+0x757/0xd30
[   70.724434][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   70.724477][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   70.724498][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   70.724515][ T5321]  ? tun_get_user+0x2914/0x4860
[   70.724534][ T5321]  tun_get_user+0x2a4b/0x4860
[   70.724557][ T5321]  ? __lock_acquire+0x1397/0x2100
[   70.724575][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   70.724598][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   70.724615][ T5321]  ? tun_get+0x1e/0x2f0
[   70.724632][ T5321]  ? __pfx_lock_release+0x10/0x10
[   70.724654][ T5321]  ? tun_get+0x1e/0x2f0
[   70.724671][ T5321]  ? tun_get+0x27d/0x2f0
[   70.724688][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   70.724704][ T5321]  vfs_write+0xacf/0xd10
[   70.724717][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   70.724733][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   70.724747][ T5321]  ? __fget_files+0x2a/0x420
[   70.724763][ T5321]  ? __fget_files+0x2a/0x420
[   70.724779][ T5321]  ksys_write+0x18f/0x2b0
[   70.724790][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   70.724801][ T5321]  ? exc_page_fault+0x590/0x8b0
[   70.724816][ T5321]  ? do_syscall_64+0xb6/0x230
[   70.724830][ T5321]  do_syscall_64+0xf3/0x230
[   70.724854][ T5321]  ? clear_bhb_loop+0x35/0x90
[   70.724872][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.724888][ T5321] RIP: 0033:0x7fe3b658bc1f
[   70.724898][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   70.724908][ T5321] RSP: 002b:00007fe3b7392000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   70.724921][ T5321] RAX: ffffffffffffffda RBX: 00007fe3b67a5fa0 RCX: 00007fe3b658bc1f
[   70.724931][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   70.724938][ T5321] RBP: 00007fe3b660e2a0 R08: 0000000000000000 R09: 0000000000000000
[   70.724946][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   70.724952][ T5321] R13: 0000000000000000 R14: 00007fe3b67a5fa0 R15: 00007ffd4b2fa3d8
[   70.724963][ T5321]  </TASK>
[   70.724971][ T5321] BUG: Bad page state in process syz.0.0  pfn:40982
[   70.839344][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x40982
[   70.842875][ T5321] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   70.846002][ T5321] raw: 04fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   70.849480][ T5321] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   70.852889][ T5321] page dumped because: page_pool leak
[   70.855213][ T5321] page_owner tracks the page as allocated
[   70.857541][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 70224997169, free_ts 70215535095
[   70.864249][ T5321]  post_alloc_hook+0x1f4/0x240
[   70.866288][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   70.868494][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   70.870764][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   70.872911][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   70.875283][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   70.877174][ T5321]  do_xdp_generic+0x505/0xd30
[   70.878963][ T5321]  tun_get_user+0x2a4b/0x4860
[   70.880757][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   70.882680][ T5321]  vfs_write+0xacf/0xd10
[   70.884317][ T5321]  ksys_write+0x18f/0x2b0
[   70.886011][ T5321]  do_syscall_64+0xf3/0x230
[   70.887704][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.889926][ T5321] page last free pid 5317 tgid 5317 stack trace:
[   70.892579][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   70.894568][ T5321]  __put_partials+0x160/0x1c0
[   70.896384][ T5321]  put_cpu_partial+0x17c/0x250
[   70.898238][ T5321]  __slab_free+0x290/0x380
[   70.900075][ T5321]  qlist_free_all+0x9a/0x140
[   70.901910][ T5321]  kasan_quarantine_reduce+0x14f/0x170
[   70.904098][ T5321]  __kasan_slab_alloc+0x23/0x80
[   70.906221][ T5321]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   70.908610][ T5321]  __alloc_skb+0x1c3/0x440
[   70.910310][ T5321]  mld_newpack+0x17c/0xc70
[   70.912164][ T5321]  add_grec+0x1492/0x19a0
[   70.914015][ T5321]  mld_send_initial_cr+0x228/0x4b0
[   70.916069][ T5321]  mld_dad_work+0x44/0x500
[   70.917919][ T5321]  process_scheduled_works+0xabe/0x18e0
[   70.920185][ T5321]  worker_thread+0x870/0xd30
[   70.922067][ T5321]  kthread+0x7a9/0x920
[   70.923721][ T5321] Modules linked in:
[   70.925439][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   70.925459][ T5321] Tainted: [B]=BAD_PAGE
[   70.925464][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.925473][ T5321] Call Trace:
[   70.925480][ T5321]  <TASK>
[   70.925486][ T5321]  dump_stack_lvl+0x241/0x360
[   70.925501][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.925512][ T5321]  ? __pfx_print_modules+0x10/0x10
[   70.925531][ T5321]  bad_page+0x176/0x1d0
[   70.925545][ T5321]  free_frozen_pages+0x1082/0x10e0
[   70.925564][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   70.925582][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   70.925596][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   70.925605][ T5321]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   70.925631][ T5321]  do_xdp_generic+0x757/0xd30
[   70.925643][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   70.925656][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   70.925671][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   70.925685][ T5321]  ? tun_get_user+0x2914/0x4860
[   70.925700][ T5321]  tun_get_user+0x2a4b/0x4860
[   70.925718][ T5321]  ? __lock_acquire+0x1397/0x2100
[   70.925734][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   70.925752][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   70.925767][ T5321]  ? tun_get+0x1e/0x2f0
[   70.925781][ T5321]  ? __pfx_lock_release+0x10/0x10
[   70.925797][ T5321]  ? tun_get+0x1e/0x2f0
[   70.925811][ T5321]  ? tun_get+0x27d/0x2f0
[   70.925825][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   70.925840][ T5321]  vfs_write+0xacf/0xd10
[   70.925852][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   70.925875][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   70.925886][ T5321]  ? __fget_files+0x2a/0x420
[   70.925902][ T5321]  ? __fget_files+0x2a/0x420
[   70.925918][ T5321]  ksys_write+0x18f/0x2b0
[   70.925929][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   70.925938][ T5321]  ? exc_page_fault+0x590/0x8b0
[   70.925952][ T5321]  ? do_syscall_64+0xb6/0x230
[   70.925965][ T5321]  do_syscall_64+0xf3/0x230
[   70.925978][ T5321]  ? clear_bhb_loop+0x35/0x90
[   70.925995][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.926008][ T5321] RIP: 0033:0x7fe3b658bc1f
[   70.926018][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   70.926027][ T5321] RSP: 002b:00007fe3b7392000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   70.926039][ T5321] RAX: ffffffffffffffda RBX: 00007fe3b67a5fa0 RCX: 00007fe3b658bc1f
[   70.926047][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   70.926054][ T5321] RBP: 00007fe3b660e2a0 R08: 0000000000000000 R09: 0000000000000000
[   70.926060][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   70.926066][ T5321] R13: 0000000000000000 R14: 00007fe3b67a5fa0 R15: 00007ffd4b2fa3d8
[   70.926076][ T5321]  </TASK>
[   70.926084][ T5321] BUG: Bad page state in process syz.0.0  pfn:40981
[   71.039119][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x40981
[   71.042549][ T5321] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   71.045290][ T5321] raw: 04fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   71.048544][ T5321] raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
[   71.051865][ T5321] page dumped because: page_pool leak
[   71.054091][ T5321] page_owner tracks the page as allocated
[   71.056409][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 70224990287, free_ts 70215535095
[   71.062965][ T5321]  post_alloc_hook+0x1f4/0x240
[   71.065082][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   71.067325][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   71.069703][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   71.071747][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   71.074193][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   71.076281][ T5321]  do_xdp_generic+0x505/0xd30
[   71.078247][ T5321]  tun_get_user+0x2a4b/0x4860
[   71.080216][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   71.082321][ T5321]  vfs_write+0xacf/0xd10
[   71.084068][ T5321]  ksys_write+0x18f/0x2b0
[   71.085707][ T5321]  do_syscall_64+0xf3/0x230
[   71.087405][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.089589][ T5321] page last free pid 5317 tgid 5317 stack trace:
[   71.091991][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   71.094105][ T5321]  __put_partials+0x160/0x1c0
[   71.095912][ T5321]  put_cpu_partial+0x17c/0x250
[   71.097810][ T5321]  __slab_free+0x290/0x380
[   71.099618][ T5321]  qlist_free_all+0x9a/0x140
[   71.101492][ T5321]  kasan_quarantine_reduce+0x14f/0x170
[   71.103759][ T5321]  __kasan_slab_alloc+0x23/0x80
[   71.105765][ T5321]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   71.108267][ T5321]  __alloc_skb+0x1c3/0x440
[   71.110091][ T5321]  mld_newpack+0x17c/0xc70
[   71.111839][ T5321]  add_grec+0x1492/0x19a0
[   71.113673][ T5321]  mld_send_initial_cr+0x228/0x4b0
[   71.115794][ T5321]  mld_dad_work+0x44/0x500
[   71.117662][ T5321]  process_scheduled_works+0xabe/0x18e0
[   71.119938][ T5321]  worker_thread+0x870/0xd30
[   71.121844][ T5321]  kthread+0x7a9/0x920
[   71.123595][ T5321] Modules linked in:
[   71.125218][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   71.125239][ T5321] Tainted: [B]=BAD_PAGE
[   71.125243][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.125251][ T5321] Call Trace:
[   71.125258][ T5321]  <TASK>
[   71.125265][ T5321]  dump_stack_lvl+0x241/0x360
[   71.125281][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.125293][ T5321]  ? __pfx_print_modules+0x10/0x10
[   71.125314][ T5321]  bad_page+0x176/0x1d0
[   71.125331][ T5321]  free_frozen_pages+0x1082/0x10e0
[   71.125351][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   71.125372][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   71.125388][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   71.125399][ T5321]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   71.125426][ T5321]  do_xdp_generic+0x757/0xd30
[   71.125439][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   71.125452][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   71.125468][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   71.125487][ T5321]  ? tun_get_user+0x2914/0x4860
[   71.125504][ T5321]  tun_get_user+0x2a4b/0x4860
[   71.125525][ T5321]  ? __lock_acquire+0x1397/0x2100
[   71.125544][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   71.125565][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   71.125581][ T5321]  ? tun_get+0x1e/0x2f0
[   71.125597][ T5321]  ? __pfx_lock_release+0x10/0x10
[   71.125616][ T5321]  ? tun_get+0x1e/0x2f0
[   71.125631][ T5321]  ? tun_get+0x27d/0x2f0
[   71.125648][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   71.125665][ T5321]  vfs_write+0xacf/0xd10
[   71.125678][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   71.125695][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   71.125707][ T5321]  ? __fget_files+0x2a/0x420
[   71.125724][ T5321]  ? __fget_files+0x2a/0x420
[   71.125740][ T5321]  ksys_write+0x18f/0x2b0
[   71.125752][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   71.125763][ T5321]  ? exc_page_fault+0x590/0x8b0
[   71.125778][ T5321]  ? do_syscall_64+0xb6/0x230
[   71.125794][ T5321]  do_syscall_64+0xf3/0x230
[   71.125809][ T5321]  ? clear_bhb_loop+0x35/0x90
[   71.125827][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.125842][ T5321] RIP: 0033:0x7fe3b658bc1f
[   71.125853][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   71.125863][ T5321] RSP: 002b:00007fe3b7392000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   71.125876][ T5321] RAX: ffffffffffffffda RBX: 00007fe3b67a5fa0 RCX: 00007fe3b658bc1f
[   71.125885][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   71.125894][ T5321] RBP: 00007fe3b660e2a0 R08: 0000000000000000 R09: 0000000000000000
[   71.125902][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   71.125910][ T5321] R13: 0000000000000000 R14: 00007fe3b67a5fa0 R15: 00007ffd4b2fa3d8
[   71.125923][ T5321]  </TASK>
[   71.125931][ T5321] BUG: Bad page state in process syz.0.0  pfn:40980
[   71.243394][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888040980000 pfn:0x40980
[   71.247614][ T5321] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   71.250470][ T5321] raw: 04fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   71.253945][ T5321] raw: ffff888040980000 0000000000000001 00000000ffffffff 0000000000000000
[   71.257299][ T5321] page dumped because: page_pool leak
[   71.259547][ T5321] page_owner tracks the page as allocated
[   71.261941][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 70224983480, free_ts 70215535095
[   71.268682][ T5321]  post_alloc_hook+0x1f4/0x240
[   71.270678][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   71.272996][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   71.275414][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   71.277687][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   71.280037][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   71.281907][ T5321]  do_xdp_generic+0x505/0xd30
[   71.283769][ T5321]  tun_get_user+0x2a4b/0x4860
[   71.285653][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   71.287549][ T5321]  vfs_write+0xacf/0xd10
[   71.289170][ T5321]  ksys_write+0x18f/0x2b0
[   71.290792][ T5321]  do_syscall_64+0xf3/0x230
[   71.292737][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.295291][ T5321] page last free pid 5317 tgid 5317 stack trace:
[   71.297953][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   71.300056][ T5321]  __put_partials+0x160/0x1c0
[   71.302021][ T5321]  put_cpu_partial+0x17c/0x250
[   71.304141][ T5321]  __slab_free+0x290/0x380
[   71.306005][ T5321]  qlist_free_all+0x9a/0x140
[   71.307925][ T5321]  kasan_quarantine_reduce+0x14f/0x170
[   71.310220][ T5321]  __kasan_slab_alloc+0x23/0x80
[   71.312318][ T5321]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   71.314891][ T5321]  __alloc_skb+0x1c3/0x440
[   71.316806][ T5321]  mld_newpack+0x17c/0xc70
[   71.318724][ T5321]  add_grec+0x1492/0x19a0
[   71.320580][ T5321]  mld_send_initial_cr+0x228/0x4b0
[   71.322749][ T5321]  mld_dad_work+0x44/0x500
[   71.324814][ T5321]  process_scheduled_works+0xabe/0x18e0
[   71.327026][ T5321]  worker_thread+0x870/0xd30
[   71.329009][ T5321]  kthread+0x7a9/0x920
[   71.330706][ T5321] Modules linked in:
[   71.332543][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   71.332565][ T5321] Tainted: [B]=BAD_PAGE
[   71.332570][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.332578][ T5321] Call Trace:
[   71.332586][ T5321]  <TASK>
[   71.332593][ T5321]  dump_stack_lvl+0x241/0x360
[   71.332611][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.332625][ T5321]  ? __pfx_print_modules+0x10/0x10
[   71.332646][ T5321]  bad_page+0x176/0x1d0
[   71.332662][ T5321]  free_frozen_pages+0x1082/0x10e0
[   71.332684][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   71.332706][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   71.332721][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   71.332732][ T5321]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   71.332758][ T5321]  do_xdp_generic+0x757/0xd30
[   71.332772][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   71.332787][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   71.332802][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   71.332817][ T5321]  ? tun_get_user+0x2914/0x4860
[   71.332836][ T5321]  tun_get_user+0x2a4b/0x4860
[   71.332854][ T5321]  ? __lock_acquire+0x1397/0x2100
[   71.332873][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   71.332893][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   71.332910][ T5321]  ? tun_get+0x1e/0x2f0
[   71.332926][ T5321]  ? __pfx_lock_release+0x10/0x10
[   71.332945][ T5321]  ? tun_get+0x1e/0x2f0
[   71.332960][ T5321]  ? tun_get+0x27d/0x2f0
[   71.332976][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   71.332994][ T5321]  vfs_write+0xacf/0xd10
[   71.333008][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   71.333026][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   71.333040][ T5321]  ? __fget_files+0x2a/0x420
[   71.333058][ T5321]  ? __fget_files+0x2a/0x420
[   71.333075][ T5321]  ksys_write+0x18f/0x2b0
[   71.333088][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   71.333109][ T5321]  ? exc_page_fault+0x590/0x8b0
[   71.333127][ T5321]  ? do_syscall_64+0xb6/0x230
[   71.333145][ T5321]  do_syscall_64+0xf3/0x230
[   71.333160][ T5321]  ? clear_bhb_loop+0x35/0x90
[   71.333180][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.333197][ T5321] RIP: 0033:0x7fe3b658bc1f
[   71.333209][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   71.333218][ T5321] RSP: 002b:00007fe3b7392000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   71.333233][ T5321] RAX: ffffffffffffffda RBX: 00007fe3b67a5fa0 RCX: 00007fe3b658bc1f
[   71.333241][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   71.333248][ T5321] RBP: 00007fe3b660e2a0 R08: 0000000000000000 R09: 0000000000000000
[   71.333255][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   71.333262][ T5321] R13: 0000000000000000 R14: 00007fe3b67a5fa0 R15: 00007ffd4b2fa3d8
[   71.333280][ T5321]  </TASK>
[   71.333289][ T5321] BUG: Bad page state in process syz.0.0  pfn:36d6f
[   71.451424][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36d6f
[   71.455093][ T5321] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   71.458080][ T5321] raw: 04fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   71.461544][ T5321] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   71.465074][ T5321] page dumped because: page_pool leak
[   71.467421][ T5321] page_owner tracks the page as allocated
[   71.469882][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 70224976581, free_ts 70215635013
[   71.476771][ T5321]  post_alloc_hook+0x1f4/0x240
[   71.478744][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   71.481147][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   71.483740][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   71.486169][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   71.488632][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   71.490626][ T5321]  do_xdp_generic+0x505/0xd30
[   71.492591][ T5321]  tun_get_user+0x2a4b/0x4860
[   71.494633][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   71.496795][ T5321]  vfs_write+0xacf/0xd10
[   71.498679][ T5321]  ksys_write+0x18f/0x2b0
[   71.500564][ T5321]  do_syscall_64+0xf3/0x230
[   71.502421][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.504934][ T5321] page last free pid 5317 tgid 5317 stack trace:
[   71.507512][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   71.509629][ T5321]  __slab_free+0x2c2/0x380
[   71.511549][ T5321]  qlist_free_all+0x9a/0x140
[   71.513677][ T5321]  kasan_quarantine_reduce+0x14f/0x170
[   71.516038][ T5321]  __kasan_slab_alloc+0x23/0x80
[   71.518149][ T5321]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   71.520686][ T5321]  __alloc_skb+0x1c3/0x440
[   71.522601][ T5321]  mld_newpack+0x17c/0xc70
[   71.524648][ T5321]  add_grec+0x1492/0x19a0
[   71.526480][ T5321]  mld_send_initial_cr+0x228/0x4b0
[   71.528540][ T5321]  mld_dad_work+0x44/0x500
[   71.530341][ T5321]  process_scheduled_works+0xabe/0x18e0
[   71.532703][ T5321]  worker_thread+0x870/0xd30
[   71.534791][ T5321]  kthread+0x7a9/0x920
[   71.536614][ T5321]  ret_from_fork+0x4b/0x80
[   71.538533][ T5321]  ret_from_fork_asm+0x1a/0x30
[   71.540588][ T5321] Modules linked in:
[   71.542260][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   71.542278][ T5321] Tainted: [B]=BAD_PAGE
[   71.542283][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.542290][ T5321] Call Trace:
[   71.542298][ T5321]  <TASK>
[   71.542304][ T5321]  dump_stack_lvl+0x241/0x360
[   71.542321][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.542333][ T5321]  ? __pfx_print_modules+0x10/0x10
[   71.542353][ T5321]  bad_page+0x176/0x1d0
[   71.542369][ T5321]  free_frozen_pages+0x1082/0x10e0
[   71.542389][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   71.542410][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   71.542426][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   71.542438][ T5321]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   71.542464][ T5321]  do_xdp_generic+0x757/0xd30
[   71.542477][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   71.542491][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   71.542507][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   71.542522][ T5321]  ? tun_get_user+0x2914/0x4860
[   71.542540][ T5321]  tun_get_user+0x2a4b/0x4860
[   71.542561][ T5321]  ? __lock_acquire+0x1397/0x2100
[   71.542580][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   71.542602][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   71.542618][ T5321]  ? tun_get+0x1e/0x2f0
[   71.542634][ T5321]  ? __pfx_lock_release+0x10/0x10
[   71.542654][ T5321]  ? tun_get+0x1e/0x2f0
[   71.542670][ T5321]  ? tun_get+0x27d/0x2f0
[   71.542687][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   71.542704][ T5321]  vfs_write+0xacf/0xd10
[   71.542717][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   71.542734][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   71.542746][ T5321]  ? __fget_files+0x2a/0x420
[   71.542763][ T5321]  ? __fget_files+0x2a/0x420
[   71.542781][ T5321]  ksys_write+0x18f/0x2b0
[   71.542793][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   71.542804][ T5321]  ? exc_page_fault+0x590/0x8b0
[   71.542822][ T5321]  ? do_syscall_64+0xb6/0x230
[   71.542838][ T5321]  do_syscall_64+0xf3/0x230
[   71.542852][ T5321]  ? clear_bhb_loop+0x35/0x90
[   71.542869][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.542885][ T5321] RIP: 0033:0x7fe3b658bc1f
[   71.542896][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   71.542906][ T5321] RSP: 002b:00007fe3b7392000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   71.542919][ T5321] RAX: ffffffffffffffda RBX: 00007fe3b67a5fa0 RCX: 00007fe3b658bc1f
[   71.542928][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   71.542936][ T5321] RBP: 00007fe3b660e2a0 R08: 0000000000000000 R09: 0000000000000000
[   71.542943][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   71.542950][ T5321] R13: 0000000000000000 R14: 00007fe3b67a5fa0 R15: 00007ffd4b2fa3d8
[   71.542962][ T5321]  </TASK>
[   71.542970][ T5321] BUG: Bad page state in process syz.0.0  pfn:36d6e
[   71.661241][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36d6e
[   71.664744][ T5321] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   71.667662][ T5321] raw: 04fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   71.671054][ T5321] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   71.674539][ T5321] page dumped because: page_pool leak
[   71.676664][ T5321] page_owner tracks the page as allocated
[   71.678859][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 70224969609, free_ts 70215635013
[   71.685246][ T5321]  post_alloc_hook+0x1f4/0x240
[   71.687109][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   71.689275][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   71.691511][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   71.693788][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   71.696115][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   71.698030][ T5321]  do_xdp_generic+0x505/0xd30
[   71.699867][ T5321]  tun_get_user+0x2a4b/0x4860
[   71.701749][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   71.703800][ T5321]  vfs_write+0xacf/0xd10
[   71.705470][ T5321]  ksys_write+0x18f/0x2b0
[   71.707159][ T5321]  do_syscall_64+0xf3/0x230
[   71.708998][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.711288][ T5321] page last free pid 5317 tgid 5317 stack trace:
[   71.713817][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   71.715762][ T5321]  __slab_free+0x2c2/0x380
[   71.717500][ T5321]  qlist_free_all+0x9a/0x140
[   71.719284][ T5321]  kasan_quarantine_reduce+0x14f/0x170
[   71.721391][ T5321]  __kasan_slab_alloc+0x23/0x80
[   71.723306][ T5321]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   71.725629][ T5321]  __alloc_skb+0x1c3/0x440
[   71.727356][ T5321]  mld_newpack+0x17c/0xc70
[   71.729084][ T5321]  add_grec+0x1492/0x19a0
[   71.730770][ T5321]  mld_send_initial_cr+0x228/0x4b0
[   71.732776][ T5321]  mld_dad_work+0x44/0x500
[   71.734513][ T5321]  process_scheduled_works+0xabe/0x18e0
[   71.736692][ T5321]  worker_thread+0x870/0xd30
[   71.738489][ T5321]  kthread+0x7a9/0x920
[   71.740064][ T5321]  ret_from_fork+0x4b/0x80
[   71.741796][ T5321]  ret_from_fork_asm+0x1a/0x30
[   71.743725][ T5321] Modules linked in:
[   71.745262][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   71.745278][ T5321] Tainted: [B]=BAD_PAGE
[   71.745283][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.745290][ T5321] Call Trace:
[   71.745295][ T5321]  <TASK>
[   71.745301][ T5321]  dump_stack_lvl+0x241/0x360
[   71.745315][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.745326][ T5321]  ? __pfx_print_modules+0x10/0x10
[   71.745344][ T5321]  bad_page+0x176/0x1d0
[   71.745357][ T5321]  free_frozen_pages+0x1082/0x10e0
[   71.745375][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   71.745395][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   71.745409][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   71.745419][ T5321]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   71.745442][ T5321]  do_xdp_generic+0x757/0xd30
[   71.745454][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   71.745466][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   71.745480][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   71.745495][ T5321]  ? tun_get_user+0x2914/0x4860
[   71.745511][ T5321]  tun_get_user+0x2a4b/0x4860
[   71.745530][ T5321]  ? __lock_acquire+0x1397/0x2100
[   71.745547][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   71.745565][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   71.745580][ T5321]  ? tun_get+0x1e/0x2f0
[   71.745594][ T5321]  ? __pfx_lock_release+0x10/0x10
[   71.745612][ T5321]  ? tun_get+0x1e/0x2f0
[   71.745625][ T5321]  ? tun_get+0x27d/0x2f0
[   71.745640][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   71.745656][ T5321]  vfs_write+0xacf/0xd10
[   71.745668][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   71.745683][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   71.745694][ T5321]  ? __fget_files+0x2a/0x420
[   71.745709][ T5321]  ? __fget_files+0x2a/0x420
[   71.745724][ T5321]  ksys_write+0x18f/0x2b0
[   71.745735][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   71.745745][ T5321]  ? exc_page_fault+0x590/0x8b0
[   71.745758][ T5321]  ? do_syscall_64+0xb6/0x230
[   71.745772][ T5321]  do_syscall_64+0xf3/0x230
[   71.745785][ T5321]  ? clear_bhb_loop+0x35/0x90
[   71.745801][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.745816][ T5321] RIP: 0033:0x7fe3b658bc1f
[   71.745826][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   71.745834][ T5321] RSP: 002b:00007fe3b7392000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   71.745846][ T5321] RAX: ffffffffffffffda RBX: 00007fe3b67a5fa0 RCX: 00007fe3b658bc1f
[   71.745853][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   71.745860][ T5321] RBP: 00007fe3b660e2a0 R08: 0000000000000000 R09: 0000000000000000
[   71.745866][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   71.745872][ T5321] R13: 0000000000000000 R14: 00007fe3b67a5fa0 R15: 00007ffd4b2fa3d8
[   71.745883][ T5321]  </TASK>
[   71.745891][ T5321] BUG: Bad page state in process syz.0.0  pfn:36d6d
[   71.858633][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36d6d
[   71.862066][ T5321] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   71.864842][ T5321] raw: 04fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   71.867894][ T5321] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   71.871034][ T5321] page dumped because: page_pool leak
[   71.873050][ T5321] page_owner tracks the page as allocated
[   71.875263][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 70224962364, free_ts 70215635013
[   71.881645][ T5321]  post_alloc_hook+0x1f4/0x240
[   71.883745][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   71.885960][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   71.888133][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   71.890187][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   71.892433][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   71.894363][ T5321]  do_xdp_generic+0x505/0xd30
[   71.896119][ T5321]  tun_get_user+0x2a4b/0x4860
[   71.897913][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   71.899808][ T5321]  vfs_write+0xacf/0xd10
[   71.901613][ T5321]  ksys_write+0x18f/0x2b0
[   71.903504][ T5321]  do_syscall_64+0xf3/0x230
[   71.905428][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.907872][ T5321] page last free pid 5317 tgid 5317 stack trace:
[   71.910431][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   71.912566][ T5321]  __slab_free+0x2c2/0x380
[   71.914491][ T5321]  qlist_free_all+0x9a/0x140
[   71.916398][ T5321]  kasan_quarantine_reduce+0x14f/0x170
[   71.918551][ T5321]  __kasan_slab_alloc+0x23/0x80
[   71.920587][ T5321]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   71.922952][ T5321]  __alloc_skb+0x1c3/0x440
[   71.924919][ T5321]  mld_newpack+0x17c/0xc70
[   71.926778][ T5321]  add_grec+0x1492/0x19a0
[   71.928594][ T5321]  mld_send_initial_cr+0x228/0x4b0
[   71.930653][ T5321]  mld_dad_work+0x44/0x500
[   71.932466][ T5321]  process_scheduled_works+0xabe/0x18e0
[   71.934537][ T5321]  worker_thread+0x870/0xd30
[   71.936195][ T5321]  kthread+0x7a9/0x920
[   71.937708][ T5321]  ret_from_fork+0x4b/0x80
[   71.939351][ T5321]  ret_from_fork_asm+0x1a/0x30
[   71.941042][ T5321] Modules linked in:
[   71.942455][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   71.942473][ T5321] Tainted: [B]=BAD_PAGE
[   71.942477][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.942483][ T5321] Call Trace:
[   71.942490][ T5321]  <TASK>
[   71.942495][ T5321]  dump_stack_lvl+0x241/0x360
[   71.942510][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.942520][ T5321]  ? __pfx_print_modules+0x10/0x10
[   71.942537][ T5321]  bad_page+0x176/0x1d0
[   71.942551][ T5321]  free_frozen_pages+0x1082/0x10e0
[   71.942569][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   71.942588][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   71.942601][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   71.942611][ T5321]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   71.942633][ T5321]  do_xdp_generic+0x757/0xd30
[   71.942644][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   71.942656][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   71.942669][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   71.942682][ T5321]  ? tun_get_user+0x2914/0x4860
[   71.942699][ T5321]  tun_get_user+0x2a4b/0x4860
[   71.942716][ T5321]  ? __lock_acquire+0x1397/0x2100
[   71.942734][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   71.942753][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   71.942773][ T5321]  ? tun_get+0x1e/0x2f0
[   71.942788][ T5321]  ? __pfx_lock_release+0x10/0x10
[   71.942806][ T5321]  ? tun_get+0x1e/0x2f0
[   71.942820][ T5321]  ? tun_get+0x27d/0x2f0
[   71.942834][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   71.942851][ T5321]  vfs_write+0xacf/0xd10
[   71.942863][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   71.942877][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   71.942888][ T5321]  ? __fget_files+0x2a/0x420
[   71.942902][ T5321]  ? __fget_files+0x2a/0x420
[   71.942917][ T5321]  ksys_write+0x18f/0x2b0
[   71.942928][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   71.942938][ T5321]  ? exc_page_fault+0x590/0x8b0
[   71.942952][ T5321]  ? do_syscall_64+0xb6/0x230
[   71.942965][ T5321]  do_syscall_64+0xf3/0x230
[   71.942979][ T5321]  ? clear_bhb_loop+0x35/0x90
[   71.942994][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.943009][ T5321] RIP: 0033:0x7fe3b658bc1f
[   71.943019][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   71.943034][ T5321] RSP: 002b:00007fe3b7392000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   71.943047][ T5321] RAX: ffffffffffffffda RBX: 00007fe3b67a5fa0 RCX: 00007fe3b658bc1f
[   71.943054][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   71.943060][ T5321] RBP: 00007fe3b660e2a0 R08: 0000000000000000 R09: 0000000000000000
[   71.943065][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   71.943069][ T5321] R13: 0000000000000000 R14: 00007fe3b67a5fa0 R15: 00007ffd4b2fa3d8
[   71.943075][ T5321]  </TASK>
[   71.943083][ T5321] BUG: Bad page state in process syz.0.0  pfn:36d6c
[   72.055654][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36d6c
[   72.059050][ T5321] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   72.061964][ T5321] raw: 04fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   72.065462][ T5321] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   72.069021][ T5321] page dumped because: page_pool leak
[   72.071123][ T5321] page_owner tracks the page as allocated
[   72.073301][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 70224954704, free_ts 70215635013
[   72.079321][ T5321]  post_alloc_hook+0x1f4/0x240
[   72.081109][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   72.083123][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   72.085501][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   72.087614][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   72.089967][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   72.091903][ T5321]  do_xdp_generic+0x505/0xd30
[   72.093922][ T5321]  tun_get_user+0x2a4b/0x4860
[   72.095857][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   72.097961][ T5321]  vfs_write+0xacf/0xd10
[   72.099649][ T5321]  ksys_write+0x18f/0x2b0
[   72.101388][ T5321]  do_syscall_64+0xf3/0x230
[   72.103279][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.105814][ T5321] page last free pid 5317 tgid 5317 stack trace:
[   72.108317][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   72.110344][ T5321]  __slab_free+0x2c2/0x380
[   72.112171][ T5321]  qlist_free_all+0x9a/0x140
[   72.114163][ T5321]  kasan_quarantine_reduce+0x14f/0x170
[   72.116392][ T5321]  __kasan_slab_alloc+0x23/0x80
[   72.118387][ T5321]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   72.120782][ T5321]  __alloc_skb+0x1c3/0x440
[   72.122589][ T5321]  mld_newpack+0x17c/0xc70
[   72.124535][ T5321]  add_grec+0x1492/0x19a0
[   72.126339][ T5321]  mld_send_initial_cr+0x228/0x4b0
[   72.128352][ T5321]  mld_dad_work+0x44/0x500
[   72.130205][ T5321]  process_scheduled_works+0xabe/0x18e0
[   72.132391][ T5321]  worker_thread+0x870/0xd30
[   72.134253][ T5321]  kthread+0x7a9/0x920
[   72.135802][ T5321]  ret_from_fork+0x4b/0x80
[   72.137524][ T5321]  ret_from_fork_asm+0x1a/0x30
[   72.139311][ T5321] Modules linked in:
[   72.140779][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   72.140796][ T5321] Tainted: [B]=BAD_PAGE
[   72.140800][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.140806][ T5321] Call Trace:
[   72.140813][ T5321]  <TASK>
[   72.140819][ T5321]  dump_stack_lvl+0x241/0x360
[   72.140833][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.140844][ T5321]  ? __pfx_print_modules+0x10/0x10
[   72.140861][ T5321]  bad_page+0x176/0x1d0
[   72.140875][ T5321]  free_frozen_pages+0x1082/0x10e0
[   72.140894][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   72.140914][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   72.140928][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   72.140938][ T5321]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   72.140964][ T5321]  do_xdp_generic+0x757/0xd30
[   72.140975][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   72.140988][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   72.141003][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   72.141017][ T5321]  ? tun_get_user+0x2914/0x4860
[   72.141041][ T5321]  tun_get_user+0x2a4b/0x4860
[   72.141061][ T5321]  ? __lock_acquire+0x1397/0x2100
[   72.141079][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   72.141099][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   72.141114][ T5321]  ? tun_get+0x1e/0x2f0
[   72.141130][ T5321]  ? __pfx_lock_release+0x10/0x10
[   72.141148][ T5321]  ? tun_get+0x1e/0x2f0
[   72.141163][ T5321]  ? tun_get+0x27d/0x2f0
[   72.141179][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   72.141195][ T5321]  vfs_write+0xacf/0xd10
[   72.141208][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   72.141222][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   72.141233][ T5321]  ? __fget_files+0x2a/0x420
[   72.141247][ T5321]  ? __fget_files+0x2a/0x420
[   72.141262][ T5321]  ksys_write+0x18f/0x2b0
[   72.141273][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   72.141284][ T5321]  ? exc_page_fault+0x590/0x8b0
[   72.141299][ T5321]  ? do_syscall_64+0xb6/0x230
[   72.141313][ T5321]  do_syscall_64+0xf3/0x230
[   72.141327][ T5321]  ? clear_bhb_loop+0x35/0x90
[   72.141344][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.141359][ T5321] RIP: 0033:0x7fe3b658bc1f
[   72.141371][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   72.141381][ T5321] RSP: 002b:00007fe3b7392000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   72.141395][ T5321] RAX: ffffffffffffffda RBX: 00007fe3b67a5fa0 RCX: 00007fe3b658bc1f
[   72.141403][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   72.141410][ T5321] RBP: 00007fe3b660e2a0 R08: 0000000000000000 R09: 0000000000000000
[   72.141416][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   72.141422][ T5321] R13: 0000000000000000 R14: 00007fe3b67a5fa0 R15: 00007ffd4b2fa3d8
[   72.141434][ T5321]  </TASK>
[   72.141442][ T5321] BUG: Bad page state in process syz.0.0  pfn:36d6b
[   72.255880][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36d6b
[   72.259308][ T5321] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   72.262094][ T5321] raw: 04fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   72.265566][ T5321] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   72.268890][ T5321] page dumped because: page_pool leak
[   72.270834][ T5321] page_owner tracks the page as allocated
[   72.272943][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 70224947515, free_ts 70215635013
[   72.278888][ T5321]  post_alloc_hook+0x1f4/0x240
[   72.280660][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   72.282682][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   72.285194][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   72.287446][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   72.289871][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   72.291872][ T5321]  do_xdp_generic+0x505/0xd30
[   72.294066][ T5321]  tun_get_user+0x2a4b/0x4860
[   72.296029][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   72.298117][ T5321]  vfs_write+0xacf/0xd10
[   72.299827][ T5321]  ksys_write+0x18f/0x2b0
[   72.301599][ T5321]  do_syscall_64+0xf3/0x230
[   72.303484][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.305931][ T5321] page last free pid 5317 tgid 5317 stack trace:
[   72.308251][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   72.310301][ T5321]  __slab_free+0x2c2/0x380
[   72.312119][ T5321]  qlist_free_all+0x9a/0x140
[   72.314045][ T5321]  kasan_quarantine_reduce+0x14f/0x170
[   72.316310][ T5321]  __kasan_slab_alloc+0x23/0x80
[   72.318263][ T5321]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   72.320539][ T5321]  __alloc_skb+0x1c3/0x440
[   72.322307][ T5321]  mld_newpack+0x17c/0xc70
[   72.324231][ T5321]  add_grec+0x1492/0x19a0
[   72.326002][ T5321]  mld_send_initial_cr+0x228/0x4b0
[   72.327989][ T5321]  mld_dad_work+0x44/0x500
[   72.329757][ T5321]  process_scheduled_works+0xabe/0x18e0
[   72.331985][ T5321]  worker_thread+0x870/0xd30
[   72.333968][ T5321]  kthread+0x7a9/0x920
[   72.335708][ T5321]  ret_from_fork+0x4b/0x80
[   72.337533][ T5321]  ret_from_fork_asm+0x1a/0x30
[   72.339473][ T5321] Modules linked in:
[   72.341093][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   72.341111][ T5321] Tainted: [B]=BAD_PAGE
[   72.341115][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.341122][ T5321] Call Trace:
[   72.341129][ T5321]  <TASK>
[   72.341134][ T5321]  dump_stack_lvl+0x241/0x360
[   72.341150][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.341161][ T5321]  ? __pfx_print_modules+0x10/0x10
[   72.341180][ T5321]  bad_page+0x176/0x1d0
[   72.341193][ T5321]  free_frozen_pages+0x1082/0x10e0
[   72.341213][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   72.341235][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   72.341249][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   72.341260][ T5321]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   72.341285][ T5321]  do_xdp_generic+0x757/0xd30
[   72.341298][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   72.341311][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   72.341325][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   72.341339][ T5321]  ? tun_get_user+0x2914/0x4860
[   72.341357][ T5321]  tun_get_user+0x2a4b/0x4860
[   72.341377][ T5321]  ? __lock_acquire+0x1397/0x2100
[   72.341394][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   72.341414][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   72.341431][ T5321]  ? tun_get+0x1e/0x2f0
[   72.341447][ T5321]  ? __pfx_lock_release+0x10/0x10
[   72.341468][ T5321]  ? tun_get+0x1e/0x2f0
[   72.341484][ T5321]  ? tun_get+0x27d/0x2f0
[   72.341500][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   72.341516][ T5321]  vfs_write+0xacf/0xd10
[   72.341528][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   72.341545][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   72.341557][ T5321]  ? __fget_files+0x2a/0x420
[   72.341573][ T5321]  ? __fget_files+0x2a/0x420
[   72.341588][ T5321]  ksys_write+0x18f/0x2b0
[   72.341600][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   72.341611][ T5321]  ? exc_page_fault+0x590/0x8b0
[   72.341627][ T5321]  ? do_syscall_64+0xb6/0x230
[   72.341642][ T5321]  do_syscall_64+0xf3/0x230
[   72.341654][ T5321]  ? clear_bhb_loop+0x35/0x90
[   72.341671][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.341687][ T5321] RIP: 0033:0x7fe3b658bc1f
[   72.341697][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   72.341705][ T5321] RSP: 002b:00007fe3b7392000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   72.341718][ T5321] RAX: ffffffffffffffda RBX: 00007fe3b67a5fa0 RCX: 00007fe3b658bc1f
[   72.341726][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   72.341734][ T5321] RBP: 00007fe3b660e2a0 R08: 0000000000000000 R09: 0000000000000000
[   72.341741][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   72.341748][ T5321] R13: 0000000000000000 R14: 00007fe3b67a5fa0 R15: 00007ffd4b2fa3d8
[   72.341759][ T5321]  </TASK>
[   72.341767][ T5321] BUG: Bad page state in process syz.0.0  pfn:36d6a
[   72.457283][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36d6a
[   72.460758][ T5321] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   72.463707][ T5321] raw: 04fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   72.467149][ T5321] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   72.470590][ T5321] page dumped because: page_pool leak
[   72.472734][ T5321] page_owner tracks the page as allocated
[   72.475117][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 70224940144, free_ts 70215635013
[   72.481541][ T5321]  post_alloc_hook+0x1f4/0x240
[   72.483606][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   72.485902][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   72.488295][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   72.490428][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   72.492684][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   72.494635][ T5321]  do_xdp_generic+0x505/0xd30
[   72.496525][ T5321]  tun_get_user+0x2a4b/0x4860
[   72.498409][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   72.500411][ T5321]  vfs_write+0xacf/0xd10
[   72.502165][ T5321]  ksys_write+0x18f/0x2b0
[   72.503823][ T5321]  do_syscall_64+0xf3/0x230
[   72.505593][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.507946][ T5321] page last free pid 5317 tgid 5317 stack trace:
[   72.510321][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   72.512266][ T5321]  __slab_free+0x2c2/0x380
[   72.513833][ T5321]  qlist_free_all+0x9a/0x140
[   72.515627][ T5321]  kasan_quarantine_reduce+0x14f/0x170
[   72.517741][ T5321]  __kasan_slab_alloc+0x23/0x80
[   72.519690][ T5321]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   72.522116][ T5321]  __alloc_skb+0x1c3/0x440
[   72.523964][ T5321]  mld_newpack+0x17c/0xc70
[   72.525706][ T5321]  add_grec+0x1492/0x19a0
[   72.527396][ T5321]  mld_send_initial_cr+0x228/0x4b0
[   72.529473][ T5321]  mld_dad_work+0x44/0x500
[   72.531316][ T5321]  process_scheduled_works+0xabe/0x18e0
[   72.533821][ T5321]  worker_thread+0x870/0xd30
[   72.535517][ T5321]  kthread+0x7a9/0x920
[   72.537136][ T5321]  ret_from_fork+0x4b/0x80
[   72.538917][ T5321]  ret_from_fork_asm+0x1a/0x30
[   72.540779][ T5321] Modules linked in:
[   72.542503][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   72.542523][ T5321] Tainted: [B]=BAD_PAGE
[   72.542528][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.542535][ T5321] Call Trace:
[   72.542543][ T5321]  <TASK>
[   72.542549][ T5321]  dump_stack_lvl+0x241/0x360
[   72.542564][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.542575][ T5321]  ? __pfx_print_modules+0x10/0x10
[   72.542595][ T5321]  bad_page+0x176/0x1d0
[   72.542609][ T5321]  free_frozen_pages+0x1082/0x10e0
[   72.542628][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   72.542648][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   72.542663][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   72.542682][ T5321]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   72.542711][ T5321]  do_xdp_generic+0x757/0xd30
[   72.542724][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   72.542736][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   72.542756][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   72.542772][ T5321]  ? tun_get_user+0x2914/0x4860
[   72.542791][ T5321]  tun_get_user+0x2a4b/0x4860
[   72.542810][ T5321]  ? __lock_acquire+0x1397/0x2100
[   72.542838][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   72.542859][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   72.542876][ T5321]  ? tun_get+0x1e/0x2f0
[   72.542892][ T5321]  ? __pfx_lock_release+0x10/0x10
[   72.542911][ T5321]  ? tun_get+0x1e/0x2f0
[   72.542924][ T5321]  ? tun_get+0x27d/0x2f0
[   72.542938][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   72.542954][ T5321]  vfs_write+0xacf/0xd10
[   72.542965][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   72.542981][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   72.542999][ T5321]  ? __fget_files+0x2a/0x420
[   72.543015][ T5321]  ? __fget_files+0x2a/0x420
[   72.543031][ T5321]  ksys_write+0x18f/0x2b0
[   72.543043][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   72.543054][ T5321]  ? exc_page_fault+0x590/0x8b0
[   72.543068][ T5321]  ? do_syscall_64+0xb6/0x230
[   72.543083][ T5321]  do_syscall_64+0xf3/0x230
[   72.543097][ T5321]  ? clear_bhb_loop+0x35/0x90
[   72.543115][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.543131][ T5321] RIP: 0033:0x7fe3b658bc1f
[   72.543142][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   72.543151][ T5321] RSP: 002b:00007fe3b7392000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   72.543164][ T5321] RAX: ffffffffffffffda RBX: 00007fe3b67a5fa0 RCX: 00007fe3b658bc1f
[   72.543172][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   72.543179][ T5321] RBP: 00007fe3b660e2a0 R08: 0000000000000000 R09: 0000000000000000
[   72.543185][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   72.543192][ T5321] R13: 0000000000000000 R14: 00007fe3b67a5fa0 R15: 00007ffd4b2fa3d8
[   72.543203][ T5321]  </TASK>
[   72.673619][ T4665] Bluetooth: hci0: command tx timeout