./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1673169357
<...>
Warning: Permanently added '10.128.0.135' (ED25519) to the list of known hosts.
execve("./syz-executor1673169357", ["./syz-executor1673169357"], 0x7ffc00d58030 /* 10 vars */) = 0
brk(NULL) = 0x55557f949000
brk(0x55557f949d00) = 0x55557f949d00
arch_prctl(ARCH_SET_FS, 0x55557f949380) = 0
set_tid_address(0x55557f949650) = 5819
set_robust_list(0x55557f949660, 24) = 0
rseq(0x55557f949ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1673169357", 4096) = 28
getrandom("\xcc\x14\x1f\x94\xf8\xc1\x2e\xb4", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55557f949d00
brk(0x55557f96ad00) = 0x55557f96ad00
brk(0x55557f96b000) = 0x55557f96b000
mprotect(0x7fa04c9e8000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5820 attached
, child_tidptr=0x55557f949650) = 5820
[pid 5820] set_robust_list(0x55557f949660, 24) = 0
[pid 5820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5820] getppid() = 0
[pid 5820] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid 5820] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid 5820] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid 5820] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid 5820] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid 5820] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid 5820] unshare(CLONE_NEWNS) = 0
[pid 5820] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid 5820] unshare(CLONE_NEWIPC) = 0
[pid 5820] unshare(CLONE_NEWCGROUP) = 0
[pid 5820] unshare(CLONE_NEWUTS) = 0
[pid 5820] unshare(CLONE_SYSVSEM) = 0
[pid 5820] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid 5820] write(3, "16777216", 8) = 8
[pid 5820] close(3) = 0
[pid 5820] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid 5820] write(3, "536870912", 9) = 9
[pid 5820] close(3) = 0
[pid 5820] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid 5820] write(3, "1024", 4) = 4
[pid 5820] close(3) = 0
[pid 5820] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid 5820] write(3, "8192", 4) = 4
[pid 5820] close(3) = 0
[pid 5820] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid 5820] write(3, "1024", 4) = 4
[pid 5820] close(3) = 0
[pid 5820] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid 5820] write(3, "1024", 4) = 4
[pid 5820] close(3) = 0
[pid 5820] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid 5820] write(3, "1024 1048576 500 1024", 21) = 21
[pid 5820] close(3) = 0
[pid 5820] getpid() = 1
[pid 5820] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 5820] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 5820] unshare(CLONE_NEWNET) = 0
[pid 5820] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid 5820] write(3, "0 65535", 7) = 7
[pid 5820] close(3) = 0
[pid 5820] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid 5820] dup2(3, 200) = 200
[pid 5820] close(3) = 0
[pid 5820] ioctl(200, TUNSETIFF, 0x7fff7ac12730) = 0
[pid 5820] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid 5820] write(3, "0", 1) = 1
[pid 5820] close(3) = 0
[pid 5820] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid 5820] write(3, "0", 1) = 1
[pid 5820] close(3) = 0
[pid 5820] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid 5820] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 5820] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 5820] close(4) = 0
[pid 5820] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid 5820] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5820] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 5820] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 5820] close(4) = 0
[pid 5820] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid 5820] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5820] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 5820] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 5820] close(4) = 0
[pid 5820] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid 5820] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5820] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 5820] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 5820] close(4) = 0
[pid 5820] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid 5820] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5820] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 5820] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 5820] close(4) = 0
[pid 5820] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid 5820] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5820] close(3) = 0
[pid 5820] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid 5820] write(3, "100000", 6) = 6
[pid 5820] close(3) = 0
[pid 5820] mkdir("./syz-tmp", 0777) = 0
[pid 5820] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid 5820] mkdir("./syz-tmp/newroot", 0777) = 0
[pid 5820] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid 5820] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid 5820] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid 5820] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid 5820] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid 5820] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid 5820] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid 5820] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid 5820] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid 5820] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid 5820] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid 5820] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid 5820] mkdir("./syz-tmp/pivot", 0777) = 0
[pid 5820] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid 5820] chdir("/") = 0
[pid 5820] umount2("./pivot", MNT_DETACH) = 0
[pid 5820] chroot("./newroot") = 0
[pid 5820] chdir("/") = 0
[pid 5820] mkdir("/dev/binderfs", 0777) = 0
[pid 5820] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid 5820] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5820] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5823 attached
<unfinished ...>
[pid 5823] set_robust_list(0x55557f949660, 24 <unfinished ...>
[pid 5820] <... clone resumed>, child_tidptr=0x55557f949650) = 2
[pid 5823] <... set_robust_list resumed>) = 0
[pid 5823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5823] setpgid(0, 0) = 0
[pid 5823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5823] write(3, "1000", 4) = 4
executing program
[pid 5823] close(3) = 0
[pid 5823] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid 5823] read(200, 0x7fff7ac122d0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid 5823] write(1, "executing program\n", 18) = 18
[pid 5823] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
[pid 5823] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=4, insns=0x20000400, license="", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_TEST_STATE_FREQ|0x20, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 4
[pid 5823] ioctl(3, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 5823] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=11, attach_type=BPF_XDP, flags=0x2}, ...}, 24) = 5
[ 62.274487][ T5823] BUG: Bad page state in process syz-executor167 pfn:75ee2
[ 62.281885][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75ee2
[ 62.290698][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 62.297884][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 62.306492][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 62.315126][ T5823] page dumped because: page_pool leak
[ 62.320544][ T5823] page_owner tracks the page as allocated
[ 62.326340][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274430155, free_ts 54932467684
[ 62.343735][ T5823] post_alloc_hook+0x1f3/0x230
[ 62.348581][ T5823] get_page_from_freelist+0x3651/0x37a0
[ 62.354123][ T5823] __alloc_pages_noprof+0x292/0x710
[ 62.359351][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 62.364821][ T5823] __page_pool_alloc_pages_slow+0x122/0x690
[ 62.370762][ T5823] page_pool_alloc_pages+0xd0/0x1c0
[ 62.375977][ T5823] skb_pp_cow_data+0xc43/0x1640
[ 62.380862][ T5823] do_xdp_generic+0x505/0xd30
[ 62.385547][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 62.391303][ T5823] __netif_receive_skb+0x12f/0x650
[ 62.396423][ T5823] netif_receive_skb+0x1e8/0x890
[ 62.401491][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 62.406186][ T5823] tun_get_user+0x30d6/0x4890
[ 62.410896][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 62.415943][ T5823] vfs_write+0xaeb/0xd30
[ 62.420231][ T5823] ksys_write+0x18f/0x2b0
[ 62.424572][ T5823] page last free pid 5810 tgid 5810 stack trace:
[ 62.430927][ T5823] free_unref_page+0xde3/0x1130
[ 62.435786][ T5823] __folio_put+0x2c7/0x440
[ 62.440250][ T5823] pipe_read+0x6ed/0x13e0
[ 62.444591][ T5823] vfs_read+0x991/0xb70
[ 62.448808][ T5823] ksys_read+0x18f/0x2b0
[ 62.453062][ T5823] do_syscall_64+0xf3/0x230
[ 62.457604][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 62.463517][ T5823] Modules linked in:
[ 62.467471][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 62.478584][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 62.488642][ T5823] Call Trace:
[ 62.491907][ T5823] <TASK>
[ 62.494821][ T5823] dump_stack_lvl+0x241/0x360
[ 62.499488][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10
[ 62.504673][ T5823] ? __pfx_print_modules+0x10/0x10
[ 62.509866][ T5823] bad_page+0x176/0x1d0
[ 62.514009][ T5823] free_unref_page+0x1048/0x1130
[ 62.518958][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 62.524582][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200
[ 62.529697][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 62.535147][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510
[ 62.540783][ T5823] do_xdp_generic+0x757/0xd30
[ 62.545450][ T5823] ? __pfx_do_xdp_generic+0x10/0x10
[ 62.550642][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00
[ 62.555922][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 62.561645][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 62.567727][ T5823] ? mark_lock+0x9a/0x360
[ 62.572050][ T5823] ? __lock_acquire+0x1397/0x2100
[ 62.577087][ T5823] __netif_receive_skb+0x12f/0x650
[ 62.582200][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 62.587215][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 62.593456][ T5823] ? __pfx___netif_receive_skb+0x10/0x10
[ 62.599089][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 62.603937][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 62.609653][ T5823] ? read_tsc+0x9/0x20
[ 62.613720][ T5823] ? netif_receive_skb+0x131/0x890
[ 62.618827][ T5823] ? netif_receive_skb+0x131/0x890
[ 62.623933][ T5823] netif_receive_skb+0x1e8/0x890
[ 62.628871][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 62.633720][ T5823] ? __pfx_netif_receive_skb+0x10/0x10
[ 62.639187][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 62.644053][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 62.648729][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 62.655058][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 62.660078][ T5823] ? __pfx_tun_rx_batched+0x10/0x10
[ 62.665288][ T5823] tun_get_user+0x30d6/0x4890
[ 62.669962][ T5823] ? tun_get_user+0x2bbe/0x4890
[ 62.674815][ T5823] ? __lock_acquire+0x1397/0x2100
[ 62.679843][ T5823] ? __pfx_tun_get_user+0x10/0x10
[ 62.684879][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 62.690331][ T5823] ? tun_get+0x1e/0x2f0
[ 62.694486][ T5823] ? __pfx_lock_release+0x10/0x10
[ 62.699513][ T5823] ? tun_get+0x1e/0x2f0
[ 62.703663][ T5823] ? tun_get+0x27d/0x2f0
[ 62.707902][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 62.713273][ T5823] vfs_write+0xaeb/0xd30
[ 62.717522][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 62.723150][ T5823] ? __pfx_vfs_write+0x10/0x10
[ 62.727917][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50
[ 62.733115][ T5823] ? ptrace_notify+0x279/0x380
[ 62.737880][ T5823] ksys_write+0x18f/0x2b0
[ 62.742212][ T5823] ? __pfx_ksys_write+0x10/0x10
[ 62.747064][ T5823] ? do_syscall_64+0x100/0x230
[ 62.751832][ T5823] do_syscall_64+0xf3/0x230
[ 62.756335][ T5823] ? clear_bhb_loop+0x35/0x90
[ 62.761007][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 62.766901][ T5823] RIP: 0033:0x7fa04c96edb0
[ 62.771312][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 62.791007][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 62.799421][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 62.807386][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 62.815347][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 62.823308][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de
[ 62.831274][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 62.839251][ T5823] </TASK>
[ 62.842378][ T5823] Disabling lock debugging due to kernel taint
[ 62.848580][ T5823] BUG: Bad page state in process syz-executor167 pfn:75ee1
[ 62.855863][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75ee1
[ 62.864699][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 62.871846][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 62.880460][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 62.889058][ T5823] page dumped because: page_pool leak
[ 62.894404][ T5823] page_owner tracks the page as allocated
[ 62.900134][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274423990, free_ts 54932458266
[ 62.917437][ T5823] post_alloc_hook+0x1f3/0x230
[ 62.922188][ T5823] get_page_from_freelist+0x3651/0x37a0
[ 62.927753][ T5823] __alloc_pages_noprof+0x292/0x710
[ 62.932974][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 62.938461][ T5823] __page_pool_alloc_pages_slow+0x122/0x690
[ 62.944365][ T5823] page_pool_alloc_pages+0xd0/0x1c0
[ 62.949599][ T5823] skb_pp_cow_data+0xc43/0x1640
[ 62.954448][ T5823] do_xdp_generic+0x505/0xd30
[ 62.959145][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 62.964869][ T5823] __netif_receive_skb+0x12f/0x650
[ 62.970001][ T5823] netif_receive_skb+0x1e8/0x890
[ 62.974941][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 62.979667][ T5823] tun_get_user+0x30d6/0x4890
[ 62.984359][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 62.989425][ T5823] vfs_write+0xaeb/0xd30
[ 62.993678][ T5823] ksys_write+0x18f/0x2b0
[ 62.998030][ T5823] page last free pid 5810 tgid 5810 stack trace:
[ 63.004341][ T5823] free_unref_page+0xde3/0x1130
[ 63.009264][ T5823] __folio_put+0x2c7/0x440
[ 63.013693][ T5823] pipe_read+0x6ed/0x13e0
[ 63.018048][ T5823] vfs_read+0x991/0xb70
[ 63.022211][ T5823] ksys_read+0x18f/0x2b0
[ 63.026441][ T5823] do_syscall_64+0xf3/0x230
[ 63.030989][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 63.036919][ T5823] Modules linked in:
[ 63.040800][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 63.053369][ T5823] Tainted: [B]=BAD_PAGE
[ 63.057504][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 63.067553][ T5823] Call Trace:
[ 63.070819][ T5823] <TASK>
[ 63.073738][ T5823] dump_stack_lvl+0x241/0x360
[ 63.078409][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10
[ 63.083695][ T5823] ? __pfx_print_modules+0x10/0x10
[ 63.088792][ T5823] bad_page+0x176/0x1d0
[ 63.092934][ T5823] free_unref_page+0x1048/0x1130
[ 63.097864][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 63.103492][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200
[ 63.108602][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 63.114045][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510
[ 63.119679][ T5823] do_xdp_generic+0x757/0xd30
[ 63.124350][ T5823] ? __pfx_do_xdp_generic+0x10/0x10
[ 63.129541][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00
[ 63.134825][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 63.140543][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 63.146601][ T5823] ? mark_lock+0x9a/0x360
[ 63.150921][ T5823] ? __lock_acquire+0x1397/0x2100
[ 63.155942][ T5823] __netif_receive_skb+0x12f/0x650
[ 63.161044][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 63.166057][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 63.172287][ T5823] ? __pfx___netif_receive_skb+0x10/0x10
[ 63.177911][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 63.182751][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 63.188458][ T5823] ? read_tsc+0x9/0x20
[ 63.192521][ T5823] ? netif_receive_skb+0x131/0x890
[ 63.197624][ T5823] ? netif_receive_skb+0x131/0x890
[ 63.202723][ T5823] netif_receive_skb+0x1e8/0x890
[ 63.207653][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 63.212497][ T5823] ? __pfx_netif_receive_skb+0x10/0x10
[ 63.217955][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 63.222795][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 63.227462][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 63.233782][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 63.238792][ T5823] ? __pfx_tun_rx_batched+0x10/0x10
[ 63.243987][ T5823] tun_get_user+0x30d6/0x4890
[ 63.248656][ T5823] ? tun_get_user+0x2bbe/0x4890
[ 63.253508][ T5823] ? __lock_acquire+0x1397/0x2100
[ 63.258521][ T5823] ? __pfx_tun_get_user+0x10/0x10
[ 63.263537][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 63.268985][ T5823] ? tun_get+0x1e/0x2f0
[ 63.273130][ T5823] ? __pfx_lock_release+0x10/0x10
[ 63.278147][ T5823] ? tun_get+0x1e/0x2f0
[ 63.282293][ T5823] ? tun_get+0x27d/0x2f0
[ 63.286523][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 63.291541][ T5823] vfs_write+0xaeb/0xd30
[ 63.295785][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 63.301322][ T5823] ? __pfx_vfs_write+0x10/0x10
[ 63.306083][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50
[ 63.311273][ T5823] ? ptrace_notify+0x279/0x380
[ 63.316027][ T5823] ksys_write+0x18f/0x2b0
[ 63.320352][ T5823] ? __pfx_ksys_write+0x10/0x10
[ 63.325191][ T5823] ? do_syscall_64+0x100/0x230
[ 63.329947][ T5823] do_syscall_64+0xf3/0x230
[ 63.334441][ T5823] ? clear_bhb_loop+0x35/0x90
[ 63.339107][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 63.344991][ T5823] RIP: 0033:0x7fa04c96edb0
[ 63.349395][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 63.368989][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 63.377391][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 63.385347][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 63.393304][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 63.401262][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de
[ 63.409222][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 63.417186][ T5823] </TASK>
[ 63.420275][ T5823] BUG: Bad page state in process syz-executor167 pfn:75ee0
[ 63.427668][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75ee0
[ 63.436429][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 63.443586][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 63.452190][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 63.460790][ T5823] page dumped because: page_pool leak
[ 63.466185][ T5823] page_owner tracks the page as allocated
[ 63.471938][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274417695, free_ts 54932448591
[ 63.489231][ T5823] post_alloc_hook+0x1f3/0x230
[ 63.493979][ T5823] get_page_from_freelist+0x3651/0x37a0
[ 63.499562][ T5823] __alloc_pages_noprof+0x292/0x710
[ 63.504763][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 63.510238][ T5823] __page_pool_alloc_pages_slow+0x122/0x690
[ 63.516135][ T5823] page_pool_alloc_pages+0xd0/0x1c0
[ 63.521348][ T5823] skb_pp_cow_data+0xc43/0x1640
[ 63.526201][ T5823] do_xdp_generic+0x505/0xd30
[ 63.530895][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 63.536617][ T5823] __netif_receive_skb+0x12f/0x650
[ 63.541746][ T5823] netif_receive_skb+0x1e8/0x890
[ 63.546688][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 63.551381][ T5823] tun_get_user+0x30d6/0x4890
[ 63.556061][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 63.561110][ T5823] vfs_write+0xaeb/0xd30
[ 63.565366][ T5823] ksys_write+0x18f/0x2b0
[ 63.569732][ T5823] page last free pid 5810 tgid 5810 stack trace:
[ 63.576059][ T5823] free_unref_page+0xde3/0x1130
[ 63.580955][ T5823] __folio_put+0x2c7/0x440
[ 63.585376][ T5823] pipe_read+0x6ed/0x13e0
[ 63.589719][ T5823] vfs_read+0x991/0xb70
[ 63.593877][ T5823] ksys_read+0x18f/0x2b0
[ 63.598140][ T5823] do_syscall_64+0xf3/0x230
[ 63.602733][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 63.608703][ T5823] Modules linked in:
[ 63.612624][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 63.625199][ T5823] Tainted: [B]=BAD_PAGE
[ 63.629332][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 63.639369][ T5823] Call Trace:
[ 63.642637][ T5823] <TASK>
[ 63.645551][ T5823] dump_stack_lvl+0x241/0x360
[ 63.650216][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10
[ 63.655397][ T5823] ? __pfx_print_modules+0x10/0x10
[ 63.660503][ T5823] bad_page+0x176/0x1d0
[ 63.664641][ T5823] free_unref_page+0x1048/0x1130
[ 63.669586][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 63.675203][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200
[ 63.680301][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 63.685831][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510
[ 63.691485][ T5823] do_xdp_generic+0x757/0xd30
[ 63.696155][ T5823] ? __pfx_do_xdp_generic+0x10/0x10
[ 63.701351][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00
[ 63.706647][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 63.712369][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 63.718436][ T5823] ? mark_lock+0x9a/0x360
[ 63.722762][ T5823] ? __lock_acquire+0x1397/0x2100
[ 63.727783][ T5823] __netif_receive_skb+0x12f/0x650
[ 63.732894][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 63.737911][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 63.744163][ T5823] ? __pfx___netif_receive_skb+0x10/0x10
[ 63.749803][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 63.754651][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 63.760365][ T5823] ? read_tsc+0x9/0x20
[ 63.764433][ T5823] ? netif_receive_skb+0x131/0x890
[ 63.769554][ T5823] ? netif_receive_skb+0x131/0x890
[ 63.774662][ T5823] netif_receive_skb+0x1e8/0x890
[ 63.779598][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 63.784455][ T5823] ? __pfx_netif_receive_skb+0x10/0x10
[ 63.789907][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 63.794750][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 63.799418][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 63.805740][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 63.810754][ T5823] ? __pfx_tun_rx_batched+0x10/0x10
[ 63.815950][ T5823] tun_get_user+0x30d6/0x4890
[ 63.820618][ T5823] ? tun_get_user+0x2bbe/0x4890
[ 63.825488][ T5823] ? __lock_acquire+0x1397/0x2100
[ 63.830504][ T5823] ? __pfx_tun_get_user+0x10/0x10
[ 63.835524][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 63.840973][ T5823] ? tun_get+0x1e/0x2f0
[ 63.845120][ T5823] ? __pfx_lock_release+0x10/0x10
[ 63.850138][ T5823] ? tun_get+0x1e/0x2f0
[ 63.854282][ T5823] ? tun_get+0x27d/0x2f0
[ 63.858516][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 63.863576][ T5823] vfs_write+0xaeb/0xd30
[ 63.867835][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 63.873389][ T5823] ? __pfx_vfs_write+0x10/0x10
[ 63.878154][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50
[ 63.883347][ T5823] ? ptrace_notify+0x279/0x380
[ 63.888109][ T5823] ksys_write+0x18f/0x2b0
[ 63.892434][ T5823] ? __pfx_ksys_write+0x10/0x10
[ 63.897282][ T5823] ? do_syscall_64+0x100/0x230
[ 63.902042][ T5823] do_syscall_64+0xf3/0x230
[ 63.906536][ T5823] ? clear_bhb_loop+0x35/0x90
[ 63.911202][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 63.917086][ T5823] RIP: 0033:0x7fa04c96edb0
[ 63.921490][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 63.941102][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 63.949512][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 63.957479][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 63.965441][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 63.973404][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de
[ 63.981368][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 63.989336][ T5823] </TASK>
[ 63.992443][ T5823] BUG: Bad page state in process syz-executor167 pfn:7575f
[ 63.999769][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7575f
[ 64.008573][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 64.015700][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 64.024333][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 64.032960][ T5823] page dumped because: page_pool leak
[ 64.038345][ T5823] page_owner tracks the page as allocated
[ 64.044050][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274411640, free_ts 50813649747
[ 64.061359][ T5823] post_alloc_hook+0x1f3/0x230
[ 64.066140][ T5823] get_page_from_freelist+0x3651/0x37a0
[ 64.071742][ T5823] __alloc_pages_noprof+0x292/0x710
[ 64.076981][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 64.082466][ T5823] __page_pool_alloc_pages_slow+0x122/0x690
[ 64.088413][ T5823] page_pool_alloc_pages+0xd0/0x1c0
[ 64.093633][ T5823] skb_pp_cow_data+0xc43/0x1640
[ 64.098646][ T5823] do_xdp_generic+0x505/0xd30
[ 64.103336][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 64.109082][ T5823] __netif_receive_skb+0x12f/0x650
[ 64.114199][ T5823] netif_receive_skb+0x1e8/0x890
[ 64.119167][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 64.123847][ T5823] tun_get_user+0x30d6/0x4890
[ 64.128564][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 64.133603][ T5823] vfs_write+0xaeb/0xd30
[ 64.137979][ T5823] ksys_write+0x18f/0x2b0
[ 64.142323][ T5823] page last free pid 5672 tgid 5672 stack trace:
[ 64.148685][ T5823] free_unref_page+0xde3/0x1130
[ 64.153549][ T5823] __folio_put+0x2c7/0x440
[ 64.158002][ T5823] pipe_read+0x6ed/0x13e0
[ 64.162342][ T5823] vfs_read+0x991/0xb70
[ 64.166504][ T5823] ksys_read+0x18f/0x2b0
[ 64.170772][ T5823] do_syscall_64+0xf3/0x230
[ 64.175297][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 64.181239][ T5823] Modules linked in:
[ 64.185140][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 64.197706][ T5823] Tainted: [B]=BAD_PAGE
[ 64.201836][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 64.211872][ T5823] Call Trace:
[ 64.215134][ T5823] <TASK>
[ 64.218048][ T5823] dump_stack_lvl+0x241/0x360
[ 64.222708][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10
[ 64.227887][ T5823] ? __pfx_print_modules+0x10/0x10
[ 64.232979][ T5823] bad_page+0x176/0x1d0
[ 64.237123][ T5823] free_unref_page+0x1048/0x1130
[ 64.242046][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 64.247676][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200
[ 64.252782][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 64.258229][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510
[ 64.263872][ T5823] do_xdp_generic+0x757/0xd30
[ 64.268554][ T5823] ? __pfx_do_xdp_generic+0x10/0x10
[ 64.273735][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00
[ 64.279007][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 64.284719][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 64.290783][ T5823] ? mark_lock+0x9a/0x360
[ 64.295113][ T5823] ? __lock_acquire+0x1397/0x2100
[ 64.300135][ T5823] __netif_receive_skb+0x12f/0x650
[ 64.305241][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 64.310253][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 64.316491][ T5823] ? __pfx___netif_receive_skb+0x10/0x10
[ 64.322118][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 64.326961][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 64.332668][ T5823] ? read_tsc+0x9/0x20
[ 64.336729][ T5823] ? netif_receive_skb+0x131/0x890
[ 64.341833][ T5823] ? netif_receive_skb+0x131/0x890
[ 64.346934][ T5823] netif_receive_skb+0x1e8/0x890
[ 64.351864][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 64.356707][ T5823] ? __pfx_netif_receive_skb+0x10/0x10
[ 64.362163][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 64.367007][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 64.371675][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 64.377988][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 64.382997][ T5823] ? __pfx_tun_rx_batched+0x10/0x10
[ 64.388193][ T5823] tun_get_user+0x30d6/0x4890
[ 64.392862][ T5823] ? tun_get_user+0x2bbe/0x4890
[ 64.397704][ T5823] ? __lock_acquire+0x1397/0x2100
[ 64.402717][ T5823] ? __pfx_tun_get_user+0x10/0x10
[ 64.407739][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 64.413184][ T5823] ? tun_get+0x1e/0x2f0
[ 64.417337][ T5823] ? __pfx_lock_release+0x10/0x10
[ 64.422354][ T5823] ? tun_get+0x1e/0x2f0
[ 64.426501][ T5823] ? tun_get+0x27d/0x2f0
[ 64.430736][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 64.435753][ T5823] vfs_write+0xaeb/0xd30
[ 64.439992][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 64.445531][ T5823] ? __pfx_vfs_write+0x10/0x10
[ 64.450297][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50
[ 64.455484][ T5823] ? ptrace_notify+0x279/0x380
[ 64.460238][ T5823] ksys_write+0x18f/0x2b0
[ 64.464559][ T5823] ? __pfx_ksys_write+0x10/0x10
[ 64.469418][ T5823] ? do_syscall_64+0x100/0x230
[ 64.474183][ T5823] do_syscall_64+0xf3/0x230
[ 64.478683][ T5823] ? clear_bhb_loop+0x35/0x90
[ 64.483348][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 64.489239][ T5823] RIP: 0033:0x7fa04c96edb0
[ 64.493645][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 64.513239][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 64.521643][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 64.529609][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 64.537571][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 64.545533][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de
[ 64.553495][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 64.561461][ T5823] </TASK>
[ 64.564526][ T5823] BUG: Bad page state in process syz-executor167 pfn:7575e
[ 64.571833][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7575e
[ 64.580623][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 64.587759][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 64.596344][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 64.604950][ T5823] page dumped because: page_pool leak
[ 64.610329][ T5823] page_owner tracks the page as allocated
[ 64.616132][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274405511, free_ts 50813624494
[ 64.633437][ T5823] post_alloc_hook+0x1f3/0x230
[ 64.638226][ T5823] get_page_from_freelist+0x3651/0x37a0
[ 64.643759][ T5823] __alloc_pages_noprof+0x292/0x710
[ 64.648970][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 64.654434][ T5823] __page_pool_alloc_pages_slow+0x122/0x690
[ 64.660394][ T5823] page_pool_alloc_pages+0xd0/0x1c0
[ 64.665618][ T5823] skb_pp_cow_data+0xc43/0x1640
[ 64.670490][ T5823] do_xdp_generic+0x505/0xd30
[ 64.675167][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 64.680906][ T5823] __netif_receive_skb+0x12f/0x650
[ 64.686023][ T5823] netif_receive_skb+0x1e8/0x890
[ 64.690984][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 64.695666][ T5823] tun_get_user+0x30d6/0x4890
[ 64.700363][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 64.705390][ T5823] vfs_write+0xaeb/0xd30
[ 64.709664][ T5823] ksys_write+0x18f/0x2b0
[ 64.714010][ T5823] page last free pid 5672 tgid 5672 stack trace:
[ 64.720373][ T5823] free_unref_page+0xde3/0x1130
[ 64.725239][ T5823] __folio_put+0x2c7/0x440
[ 64.729707][ T5823] pipe_read+0x6ed/0x13e0
[ 64.734046][ T5823] vfs_read+0x991/0xb70
[ 64.738222][ T5823] ksys_read+0x18f/0x2b0
[ 64.742468][ T5823] do_syscall_64+0xf3/0x230
[ 64.747007][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 64.752915][ T5823] Modules linked in:
[ 64.756847][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 64.769435][ T5823] Tainted: [B]=BAD_PAGE
[ 64.773659][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 64.783708][ T5823] Call Trace:
[ 64.786975][ T5823] <TASK>
[ 64.789890][ T5823] dump_stack_lvl+0x241/0x360
[ 64.794560][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10
[ 64.799746][ T5823] ? __pfx_print_modules+0x10/0x10
[ 64.804844][ T5823] bad_page+0x176/0x1d0
[ 64.808987][ T5823] free_unref_page+0x1048/0x1130
[ 64.813911][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 64.819534][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200
[ 64.824642][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 64.830342][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510
[ 64.835979][ T5823] do_xdp_generic+0x757/0xd30
[ 64.840680][ T5823] ? __pfx_do_xdp_generic+0x10/0x10
[ 64.845877][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00
[ 64.851157][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 64.856889][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 64.862998][ T5823] ? mark_lock+0x9a/0x360
[ 64.867330][ T5823] ? __lock_acquire+0x1397/0x2100
[ 64.872357][ T5823] __netif_receive_skb+0x12f/0x650
[ 64.877467][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 64.882485][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 64.888723][ T5823] ? __pfx___netif_receive_skb+0x10/0x10
[ 64.894350][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 64.899198][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 64.904914][ T5823] ? read_tsc+0x9/0x20
[ 64.908977][ T5823] ? netif_receive_skb+0x131/0x890
[ 64.914078][ T5823] ? netif_receive_skb+0x131/0x890
[ 64.919264][ T5823] netif_receive_skb+0x1e8/0x890
[ 64.924190][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 64.929037][ T5823] ? __pfx_netif_receive_skb+0x10/0x10
[ 64.934489][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 64.939345][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 64.944012][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 64.950331][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 64.955344][ T5823] ? __pfx_tun_rx_batched+0x10/0x10
[ 64.960536][ T5823] tun_get_user+0x30d6/0x4890
[ 64.965206][ T5823] ? tun_get_user+0x2bbe/0x4890
[ 64.970054][ T5823] ? __lock_acquire+0x1397/0x2100
[ 64.975070][ T5823] ? __pfx_tun_get_user+0x10/0x10
[ 64.980090][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 64.985537][ T5823] ? tun_get+0x1e/0x2f0
[ 64.989684][ T5823] ? __pfx_lock_release+0x10/0x10
[ 64.994698][ T5823] ? tun_get+0x1e/0x2f0
[ 64.998853][ T5823] ? tun_get+0x27d/0x2f0
[ 65.003087][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 65.008103][ T5823] vfs_write+0xaeb/0xd30
[ 65.012339][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 65.017882][ T5823] ? __pfx_vfs_write+0x10/0x10
[ 65.022646][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50
[ 65.027835][ T5823] ? ptrace_notify+0x279/0x380
[ 65.032591][ T5823] ksys_write+0x18f/0x2b0
[ 65.036915][ T5823] ? __pfx_ksys_write+0x10/0x10
[ 65.041757][ T5823] ? do_syscall_64+0x100/0x230
[ 65.046513][ T5823] do_syscall_64+0xf3/0x230
[ 65.051007][ T5823] ? clear_bhb_loop+0x35/0x90
[ 65.055673][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 65.061644][ T5823] RIP: 0033:0x7fa04c96edb0
[ 65.066047][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 65.085642][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 65.094046][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 65.102003][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 65.109960][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 65.117924][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de
[ 65.125880][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 65.133845][ T5823] </TASK>
[ 65.136932][ T5823] BUG: Bad page state in process syz-executor167 pfn:7575d
[ 65.144215][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7575d
[ 65.153003][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 65.160145][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 65.168746][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 65.177343][ T5823] page dumped because: page_pool leak
[ 65.182705][ T5823] page_owner tracks the page as allocated
[ 65.188436][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274399461, free_ts 50813614970
[ 65.205731][ T5823] post_alloc_hook+0x1f3/0x230
[ 65.210512][ T5823] get_page_from_freelist+0x3651/0x37a0
[ 65.216063][ T5823] __alloc_pages_noprof+0x292/0x710
[ 65.221280][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 65.226745][ T5823] __page_pool_alloc_pages_slow+0x122/0x690
[ 65.232694][ T5823] page_pool_alloc_pages+0xd0/0x1c0
[ 65.237928][ T5823] skb_pp_cow_data+0xc43/0x1640
[ 65.242766][ T5823] do_xdp_generic+0x505/0xd30
[ 65.247469][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 65.253193][ T5823] __netif_receive_skb+0x12f/0x650
[ 65.258334][ T5823] netif_receive_skb+0x1e8/0x890
[ 65.263281][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 65.267978][ T5823] tun_get_user+0x30d6/0x4890
[ 65.272661][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 65.277715][ T5823] vfs_write+0xaeb/0xd30
[ 65.281982][ T5823] ksys_write+0x18f/0x2b0
[ 65.286333][ T5823] page last free pid 5672 tgid 5672 stack trace:
[ 65.292673][ T5823] free_unref_page+0xde3/0x1130
[ 65.297547][ T5823] __folio_put+0x2c7/0x440
[ 65.301975][ T5823] pipe_read+0x6ed/0x13e0
[ 65.306298][ T5823] vfs_read+0x991/0xb70
[ 65.310493][ T5823] ksys_read+0x18f/0x2b0
[ 65.314742][ T5823] do_syscall_64+0xf3/0x230
[ 65.319268][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 65.325175][ T5823] Modules linked in:
[ 65.329100][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 65.341694][ T5823] Tainted: [B]=BAD_PAGE
[ 65.345840][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 65.355888][ T5823] Call Trace:
[ 65.359164][ T5823] <TASK>
[ 65.362084][ T5823] dump_stack_lvl+0x241/0x360
[ 65.366748][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10
[ 65.372017][ T5823] ? __pfx_print_modules+0x10/0x10
[ 65.377111][ T5823] bad_page+0x176/0x1d0
[ 65.381251][ T5823] free_unref_page+0x1048/0x1130
[ 65.386185][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 65.391814][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200
[ 65.396925][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 65.402401][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510
[ 65.408032][ T5823] do_xdp_generic+0x757/0xd30
[ 65.412703][ T5823] ? __pfx_do_xdp_generic+0x10/0x10
[ 65.417895][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00
[ 65.423177][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 65.428895][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 65.434953][ T5823] ? mark_lock+0x9a/0x360
[ 65.439276][ T5823] ? __lock_acquire+0x1397/0x2100
[ 65.444292][ T5823] __netif_receive_skb+0x12f/0x650
[ 65.449394][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 65.454405][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 65.460638][ T5823] ? __pfx___netif_receive_skb+0x10/0x10
[ 65.466264][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 65.471106][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 65.476811][ T5823] ? read_tsc+0x9/0x20
[ 65.480878][ T5823] ? netif_receive_skb+0x131/0x890
[ 65.485977][ T5823] ? netif_receive_skb+0x131/0x890
[ 65.491082][ T5823] netif_receive_skb+0x1e8/0x890
[ 65.496006][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 65.500853][ T5823] ? __pfx_netif_receive_skb+0x10/0x10
[ 65.506327][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 65.511182][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 65.515851][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 65.522169][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 65.527179][ T5823] ? __pfx_tun_rx_batched+0x10/0x10
[ 65.532376][ T5823] tun_get_user+0x30d6/0x4890
[ 65.537054][ T5823] ? tun_get_user+0x2bbe/0x4890
[ 65.541909][ T5823] ? __lock_acquire+0x1397/0x2100
[ 65.546935][ T5823] ? __pfx_tun_get_user+0x10/0x10
[ 65.551970][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 65.557421][ T5823] ? tun_get+0x1e/0x2f0
[ 65.561574][ T5823] ? __pfx_lock_release+0x10/0x10
[ 65.566613][ T5823] ? tun_get+0x1e/0x2f0
[ 65.570765][ T5823] ? tun_get+0x27d/0x2f0
[ 65.575000][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 65.580024][ T5823] vfs_write+0xaeb/0xd30
[ 65.584264][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 65.589808][ T5823] ? __pfx_vfs_write+0x10/0x10
[ 65.594569][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50
[ 65.599761][ T5823] ? ptrace_notify+0x279/0x380
[ 65.604523][ T5823] ksys_write+0x18f/0x2b0
[ 65.608846][ T5823] ? __pfx_ksys_write+0x10/0x10
[ 65.613691][ T5823] ? do_syscall_64+0x100/0x230
[ 65.618449][ T5823] do_syscall_64+0xf3/0x230
[ 65.622945][ T5823] ? clear_bhb_loop+0x35/0x90
[ 65.627608][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 65.633496][ T5823] RIP: 0033:0x7fa04c96edb0
[ 65.637902][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 65.657497][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 65.665899][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 65.673858][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 65.681816][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 65.689795][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de
[ 65.697754][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 65.705717][ T5823] </TASK>
[ 65.708782][ T5823] BUG: Bad page state in process syz-executor167 pfn:7575c
[ 65.716069][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7575c
[ 65.724872][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 65.732014][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 65.740615][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 65.749211][ T5823] page dumped because: page_pool leak
[ 65.754574][ T5823] page_owner tracks the page as allocated
[ 65.760339][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274393210, free_ts 50813604036
[ 65.777635][ T5823] post_alloc_hook+0x1f3/0x230
[ 65.782384][ T5823] get_page_from_freelist+0x3651/0x37a0
[ 65.787961][ T5823] __alloc_pages_noprof+0x292/0x710
[ 65.793171][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 65.798656][ T5823] __page_pool_alloc_pages_slow+0x122/0x690
[ 65.804563][ T5823] page_pool_alloc_pages+0xd0/0x1c0
[ 65.809786][ T5823] skb_pp_cow_data+0xc43/0x1640
[ 65.814638][ T5823] do_xdp_generic+0x505/0xd30
[ 65.819338][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 65.825061][ T5823] __netif_receive_skb+0x12f/0x650
[ 65.830187][ T5823] netif_receive_skb+0x1e8/0x890
[ 65.835130][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 65.839824][ T5823] tun_get_user+0x30d6/0x4890
[ 65.844505][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 65.849560][ T5823] vfs_write+0xaeb/0xd30
[ 65.853815][ T5823] ksys_write+0x18f/0x2b0
[ 65.858203][ T5823] page last free pid 5672 tgid 5672 stack trace:
[ 65.864540][ T5823] free_unref_page+0xde3/0x1130
[ 65.869444][ T5823] __folio_put+0x2c7/0x440
[ 65.873876][ T5823] pipe_read+0x6ed/0x13e0
[ 65.878230][ T5823] vfs_read+0x991/0xb70
[ 65.882396][ T5823] ksys_read+0x18f/0x2b0
[ 65.886639][ T5823] do_syscall_64+0xf3/0x230
[ 65.891164][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 65.897101][ T5823] Modules linked in:
[ 65.900982][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 65.913550][ T5823] Tainted: [B]=BAD_PAGE
[ 65.917680][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 65.927740][ T5823] Call Trace:
[ 65.931002][ T5823] <TASK>
[ 65.933915][ T5823] dump_stack_lvl+0x241/0x360
[ 65.938582][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10
[ 65.943761][ T5823] ? __pfx_print_modules+0x10/0x10
[ 65.948857][ T5823] bad_page+0x176/0x1d0
[ 65.952991][ T5823] free_unref_page+0x1048/0x1130
[ 65.957914][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 65.963532][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200
[ 65.968629][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 65.974066][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510
[ 65.979703][ T5823] do_xdp_generic+0x757/0xd30
[ 65.984380][ T5823] ? __pfx_do_xdp_generic+0x10/0x10
[ 65.989572][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00
[ 65.994862][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 66.000581][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 66.006633][ T5823] ? mark_lock+0x9a/0x360
[ 66.010951][ T5823] ? __lock_acquire+0x1397/0x2100
[ 66.015975][ T5823] __netif_receive_skb+0x12f/0x650
[ 66.021085][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 66.026097][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 66.032418][ T5823] ? __pfx___netif_receive_skb+0x10/0x10
[ 66.038045][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 66.042906][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 66.048646][ T5823] ? read_tsc+0x9/0x20
[ 66.052723][ T5823] ? netif_receive_skb+0x131/0x890
[ 66.057830][ T5823] ? netif_receive_skb+0x131/0x890
[ 66.062939][ T5823] netif_receive_skb+0x1e8/0x890
[ 66.067875][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 66.072727][ T5823] ? __pfx_netif_receive_skb+0x10/0x10
[ 66.078188][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 66.083034][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 66.087709][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 66.094029][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 66.099040][ T5823] ? __pfx_tun_rx_batched+0x10/0x10
[ 66.104235][ T5823] tun_get_user+0x30d6/0x4890
[ 66.108904][ T5823] ? tun_get_user+0x2bbe/0x4890
[ 66.113747][ T5823] ? __lock_acquire+0x1397/0x2100
[ 66.118761][ T5823] ? __pfx_tun_get_user+0x10/0x10
[ 66.123778][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 66.129229][ T5823] ? tun_get+0x1e/0x2f0
[ 66.133375][ T5823] ? __pfx_lock_release+0x10/0x10
[ 66.138395][ T5823] ? tun_get+0x1e/0x2f0
[ 66.142549][ T5823] ? tun_get+0x27d/0x2f0
[ 66.146782][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 66.151801][ T5823] vfs_write+0xaeb/0xd30
[ 66.156037][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 66.161572][ T5823] ? __pfx_vfs_write+0x10/0x10
[ 66.166330][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50
[ 66.171521][ T5823] ? ptrace_notify+0x279/0x380
[ 66.176382][ T5823] ksys_write+0x18f/0x2b0
[ 66.180704][ T5823] ? __pfx_ksys_write+0x10/0x10
[ 66.185549][ T5823] ? do_syscall_64+0x100/0x230
[ 66.190309][ T5823] do_syscall_64+0xf3/0x230
[ 66.194805][ T5823] ? clear_bhb_loop+0x35/0x90
[ 66.199477][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 66.205365][ T5823] RIP: 0033:0x7fa04c96edb0
[ 66.209770][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 66.229449][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 66.237860][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 66.245818][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 66.253776][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 66.261822][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de
[ 66.269782][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 66.277751][ T5823] </TASK>
[ 66.280821][ T5823] BUG: Bad page state in process syz-executor167 pfn:2c057
[ 66.288128][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c057
[ 66.296927][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 66.304062][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 66.312680][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 66.321281][ T5823] page dumped because: page_pool leak
[ 66.326630][ T5823] page_owner tracks the page as allocated
[ 66.332360][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274387049, free_ts 55571351288
[ 66.349659][ T5823] post_alloc_hook+0x1f3/0x230
[ 66.354412][ T5823] get_page_from_freelist+0x3651/0x37a0
[ 66.360065][ T5823] __alloc_pages_noprof+0x292/0x710
[ 66.365293][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 66.370770][ T5823] __page_pool_alloc_pages_slow+0x122/0x690
[ 66.376669][ T5823] page_pool_alloc_pages+0xd0/0x1c0
[ 66.381916][ T5823] skb_pp_cow_data+0xc43/0x1640
[ 66.386772][ T5823] do_xdp_generic+0x505/0xd30
[ 66.391500][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 66.397241][ T5823] __netif_receive_skb+0x12f/0x650
[ 66.402361][ T5823] netif_receive_skb+0x1e8/0x890
[ 66.407314][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 66.411994][ T5823] tun_get_user+0x30d6/0x4890
[ 66.416654][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 66.421705][ T5823] vfs_write+0xaeb/0xd30
[ 66.425967][ T5823] ksys_write+0x18f/0x2b0
[ 66.430330][ T5823] page last free pid 5813 tgid 5813 stack trace:
[ 66.436659][ T5823] free_unref_page+0xde3/0x1130
[ 66.441537][ T5823] __slab_free+0x31b/0x3d0
[ 66.445959][ T5823] qlist_free_all+0x9a/0x140
[ 66.450586][ T5823] kasan_quarantine_reduce+0x14f/0x170
[ 66.456049][ T5823] __kasan_slab_alloc+0x23/0x80
[ 66.460922][ T5823] kmem_cache_alloc_noprof+0x1d9/0x380
[ 66.466383][ T5823] getname_flags+0xb7/0x540
[ 66.470906][ T5823] do_sys_openat2+0xd2/0x1d0
[ 66.475498][ T5823] __x64_sys_openat+0x247/0x2a0
[ 66.480368][ T5823] do_syscall_64+0xf3/0x230
[ 66.484875][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 66.490789][ T5823] Modules linked in:
[ 66.494684][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 66.507248][ T5823] Tainted: [B]=BAD_PAGE
[ 66.511382][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 66.521421][ T5823] Call Trace:
[ 66.524682][ T5823] <TASK>
[ 66.527598][ T5823] dump_stack_lvl+0x241/0x360
[ 66.532288][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10
[ 66.537474][ T5823] ? __pfx_print_modules+0x10/0x10
[ 66.542569][ T5823] bad_page+0x176/0x1d0
[ 66.546704][ T5823] free_unref_page+0x1048/0x1130
[ 66.551633][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 66.557261][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200
[ 66.562367][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 66.567812][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510
[ 66.573446][ T5823] do_xdp_generic+0x757/0xd30
[ 66.578112][ T5823] ? __pfx_do_xdp_generic+0x10/0x10
[ 66.583306][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00
[ 66.588585][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 66.594304][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 66.600363][ T5823] ? mark_lock+0x9a/0x360
[ 66.604684][ T5823] ? __lock_acquire+0x1397/0x2100
[ 66.609706][ T5823] __netif_receive_skb+0x12f/0x650
[ 66.614815][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 66.619828][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 66.626062][ T5823] ? __pfx___netif_receive_skb+0x10/0x10
[ 66.631687][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 66.636529][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 66.642238][ T5823] ? read_tsc+0x9/0x20
[ 66.646384][ T5823] ? netif_receive_skb+0x131/0x890
[ 66.651487][ T5823] ? netif_receive_skb+0x131/0x890
[ 66.656588][ T5823] netif_receive_skb+0x1e8/0x890
[ 66.661514][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 66.666352][ T5823] ? __pfx_netif_receive_skb+0x10/0x10
[ 66.671801][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 66.676640][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 66.681327][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 66.687664][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 66.692698][ T5823] ? __pfx_tun_rx_batched+0x10/0x10
[ 66.697910][ T5823] tun_get_user+0x30d6/0x4890
[ 66.702585][ T5823] ? tun_get_user+0x2bbe/0x4890
[ 66.707440][ T5823] ? __lock_acquire+0x1397/0x2100
[ 66.712471][ T5823] ? __pfx_tun_get_user+0x10/0x10
[ 66.717493][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 66.722943][ T5823] ? tun_get+0x1e/0x2f0
[ 66.727090][ T5823] ? __pfx_lock_release+0x10/0x10
[ 66.732106][ T5823] ? tun_get+0x1e/0x2f0
[ 66.736250][ T5823] ? tun_get+0x27d/0x2f0
[ 66.740490][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 66.745509][ T5823] vfs_write+0xaeb/0xd30
[ 66.749747][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 66.755292][ T5823] ? __pfx_vfs_write+0x10/0x10
[ 66.760053][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50
[ 66.765241][ T5823] ? ptrace_notify+0x279/0x380
[ 66.770000][ T5823] ksys_write+0x18f/0x2b0
[ 66.774322][ T5823] ? __pfx_ksys_write+0x10/0x10
[ 66.779168][ T5823] ? do_syscall_64+0x100/0x230
[ 66.783926][ T5823] do_syscall_64+0xf3/0x230
[ 66.788424][ T5823] ? clear_bhb_loop+0x35/0x90
[ 66.793085][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 66.798977][ T5823] RIP: 0033:0x7fa04c96edb0
[ 66.803381][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 66.822992][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 66.831410][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 66.839370][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 66.847332][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 66.855294][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de
[ 66.863259][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 66.871263][ T5823] </TASK>
[ 66.874354][ T5823] BUG: Bad page state in process syz-executor167 pfn:2c056
[ 66.881691][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c056
[ 66.890480][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 66.897623][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 66.906206][ T5823] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 66.914818][ T5823] page dumped because: page_pool leak
[ 66.920199][ T5823] page_owner tracks the page as allocated
[ 66.925898][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274380727, free_ts 55571351288
[ 66.943202][ T5823] post_alloc_hook+0x1f3/0x230
[ 66.947989][ T5823] get_page_from_freelist+0x3651/0x37a0
[ 66.953523][ T5823] __alloc_pages_noprof+0x292/0x710
[ 66.958742][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 66.964205][ T5823] __page_pool_alloc_pages_slow+0x122/0x690
[ 66.970120][ T5823] page_pool_alloc_pages+0xd0/0x1c0
[ 66.975324][ T5823] skb_pp_cow_data+0xc43/0x1640
[ 66.980193][ T5823] do_xdp_generic+0x505/0xd30
[ 66.984871][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 66.990620][ T5823] __netif_receive_skb+0x12f/0x650
[ 66.995734][ T5823] netif_receive_skb+0x1e8/0x890
[ 67.000708][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 67.005391][ T5823] tun_get_user+0x30d6/0x4890
[ 67.010102][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 67.015161][ T5823] vfs_write+0xaeb/0xd30
[ 67.019448][ T5823] ksys_write+0x18f/0x2b0
[ 67.023788][ T5823] page last free pid 5813 tgid 5813 stack trace:
[ 67.030147][ T5823] free_unref_page+0xde3/0x1130
[ 67.035008][ T5823] __slab_free+0x31b/0x3d0
[ 67.039460][ T5823] qlist_free_all+0x9a/0x140
[ 67.044055][ T5823] kasan_quarantine_reduce+0x14f/0x170
[ 67.049540][ T5823] __kasan_slab_alloc+0x23/0x80
[ 67.054396][ T5823] kmem_cache_alloc_noprof+0x1d9/0x380
[ 67.059880][ T5823] getname_flags+0xb7/0x540
[ 67.064495][ T5823] do_sys_openat2+0xd2/0x1d0
[ 67.069190][ T5823] __x64_sys_openat+0x247/0x2a0
[ 67.074043][ T5823] do_syscall_64+0xf3/0x230
[ 67.078583][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 67.084507][ T5823] Modules linked in:
[ 67.088425][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 67.101016][ T5823] Tainted: [B]=BAD_PAGE
[ 67.105144][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 67.115198][ T5823] Call Trace:
[ 67.118464][ T5823] <TASK>
[ 67.121384][ T5823] dump_stack_lvl+0x241/0x360
[ 67.126044][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10
[ 67.131250][ T5823] ? __pfx_print_modules+0x10/0x10
[ 67.136344][ T5823] bad_page+0x176/0x1d0
[ 67.140482][ T5823] free_unref_page+0x1048/0x1130
[ 67.145404][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 67.151035][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200
[ 67.156147][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 67.161593][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510
[ 67.167226][ T5823] do_xdp_generic+0x757/0xd30
[ 67.171895][ T5823] ? __pfx_do_xdp_generic+0x10/0x10
[ 67.177094][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00
[ 67.182375][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 67.188098][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 67.194158][ T5823] ? mark_lock+0x9a/0x360
[ 67.198476][ T5823] ? __lock_acquire+0x1397/0x2100
[ 67.203495][ T5823] __netif_receive_skb+0x12f/0x650
[ 67.208597][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 67.213608][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 67.219840][ T5823] ? __pfx___netif_receive_skb+0x10/0x10
[ 67.225463][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 67.230308][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 67.236014][ T5823] ? read_tsc+0x9/0x20
[ 67.240074][ T5823] ? netif_receive_skb+0x131/0x890
[ 67.245179][ T5823] ? netif_receive_skb+0x131/0x890
[ 67.250279][ T5823] netif_receive_skb+0x1e8/0x890
[ 67.255207][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 67.260049][ T5823] ? __pfx_netif_receive_skb+0x10/0x10
[ 67.265508][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 67.270349][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 67.275018][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 67.281353][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 67.286364][ T5823] ? __pfx_tun_rx_batched+0x10/0x10
[ 67.291582][ T5823] tun_get_user+0x30d6/0x4890
[ 67.296248][ T5823] ? tun_get_user+0x2bbe/0x4890
[ 67.301097][ T5823] ? __lock_acquire+0x1397/0x2100
[ 67.306123][ T5823] ? __pfx_tun_get_user+0x10/0x10
[ 67.311143][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 67.316589][ T5823] ? tun_get+0x1e/0x2f0
[ 67.320734][ T5823] ? __pfx_lock_release+0x10/0x10
[ 67.325758][ T5823] ? tun_get+0x1e/0x2f0
[ 67.329904][ T5823] ? tun_get+0x27d/0x2f0
[ 67.334139][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 67.339155][ T5823] vfs_write+0xaeb/0xd30
[ 67.343389][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 67.348926][ T5823] ? __pfx_vfs_write+0x10/0x10
[ 67.353685][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50
[ 67.358875][ T5823] ? ptrace_notify+0x279/0x380
[ 67.363631][ T5823] ksys_write+0x18f/0x2b0
[ 67.367954][ T5823] ? __pfx_ksys_write+0x10/0x10
[ 67.372794][ T5823] ? do_syscall_64+0x100/0x230
[ 67.377555][ T5823] do_syscall_64+0xf3/0x230
[ 67.382050][ T5823] ? clear_bhb_loop+0x35/0x90
[ 67.386721][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 67.392606][ T5823] RIP: 0033:0x7fa04c96edb0
[ 67.397009][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 67.416601][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 67.425001][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 67.432959][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[pid 5823] write(200, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 73152 <unfinished ...>
[pid 5820] kill(-2, SIGKILL) = 0
[pid 5820] kill(2, SIGKILL) = 0
[ 67.440919][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 67.448879][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de
[ 67.456836][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 67.464799][ T5823] </TASK>
[ 67.467865][ T5823] BUG: Bad page state in process syz-executor167 pfn:2c055
[ 67.475151][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x2c055
[ 67.483941][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 67.491094][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 67.499698][ T5823] raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000
[ 67.508302][ T5823] page dumped because: page_pool leak
[ 67.513679][ T5823] page_owner tracks the page as allocated
[ 67.519411][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274374532, free_ts 55571351288
[ 67.536703][ T5823] post_alloc_hook+0x1f3/0x230
[ 67.541493][ T5823] get_page_from_freelist+0x3651/0x37a0
[ 67.547060][ T5823] __alloc_pages_noprof+0x292/0x710
[ 67.552267][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 67.557740][ T5823] __page_pool_alloc_pages_slow+0x122/0x690
[ 67.563644][ T5823] page_pool_alloc_pages+0xd0/0x1c0
[ 67.568865][ T5823] skb_pp_cow_data+0xc43/0x1640
[ 67.573716][ T5823] do_xdp_generic+0x505/0xd30
[ 67.578409][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 67.584129][ T5823] __netif_receive_skb+0x12f/0x650
[ 67.589257][ T5823] netif_receive_skb+0x1e8/0x890
[ 67.594196][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 67.598890][ T5823] tun_get_user+0x30d6/0x4890
[ 67.603569][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 67.608606][ T5823] vfs_write+0xaeb/0xd30
[ 67.612853][ T5823] ksys_write+0x18f/0x2b0
[ 67.617201][ T5823] page last free pid 5813 tgid 5813 stack trace:
[ 67.623522][ T5823] free_unref_page+0xde3/0x1130
[ 67.628846][ T5823] __slab_free+0x31b/0x3d0
[ 67.633269][ T5823] qlist_free_all+0x9a/0x140
[ 67.637895][ T5823] kasan_quarantine_reduce+0x14f/0x170
[ 67.643370][ T5823] __kasan_slab_alloc+0x23/0x80
[ 67.648255][ T5823] kmem_cache_alloc_noprof+0x1d9/0x380
[ 67.653716][ T5823] getname_flags+0xb7/0x540
[ 67.658232][ T5823] do_sys_openat2+0xd2/0x1d0
[ 67.662822][ T5823] __x64_sys_openat+0x247/0x2a0
[ 67.667687][ T5823] do_syscall_64+0xf3/0x230
[ 67.672206][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 67.678119][ T5823] Modules linked in:
[ 67.682019][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 67.694589][ T5823] Tainted: [B]=BAD_PAGE
[ 67.698808][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 67.708841][ T5823] Call Trace:
[ 67.712101][ T5823] <TASK>
[ 67.715012][ T5823] dump_stack_lvl+0x241/0x360
[ 67.719684][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10
[ 67.724868][ T5823] ? __pfx_print_modules+0x10/0x10
[ 67.729983][ T5823] bad_page+0x176/0x1d0
[ 67.734120][ T5823] free_unref_page+0x1048/0x1130
[ 67.739060][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 67.744693][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200
[ 67.749794][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 67.755230][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510
[ 67.760854][ T5823] do_xdp_generic+0x757/0xd30
[ 67.765513][ T5823] ? __pfx_do_xdp_generic+0x10/0x10
[ 67.770708][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00
[ 67.775986][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 67.781698][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 67.787756][ T5823] ? mark_lock+0x9a/0x360
[ 67.792083][ T5823] ? __lock_acquire+0x1397/0x2100
[ 67.797108][ T5823] __netif_receive_skb+0x12f/0x650
[ 67.802218][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 67.807234][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 67.813469][ T5823] ? __pfx___netif_receive_skb+0x10/0x10
[ 67.819102][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 67.823953][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 67.829664][ T5823] ? read_tsc+0x9/0x20
[ 67.833760][ T5823] ? netif_receive_skb+0x131/0x890
[ 67.838878][ T5823] ? netif_receive_skb+0x131/0x890
[ 67.843990][ T5823] netif_receive_skb+0x1e8/0x890
[ 67.848943][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 67.853796][ T5823] ? __pfx_netif_receive_skb+0x10/0x10
[ 67.859342][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 67.864191][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 67.868868][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 67.875193][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 67.880211][ T5823] ? __pfx_tun_rx_batched+0x10/0x10
[ 67.885415][ T5823] tun_get_user+0x30d6/0x4890
[ 67.890091][ T5823] ? tun_get_user+0x2bbe/0x4890
[ 67.894935][ T5823] ? __lock_acquire+0x1397/0x2100
[ 67.899948][ T5823] ? __pfx_tun_get_user+0x10/0x10
[ 67.904966][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 67.910415][ T5823] ? tun_get+0x1e/0x2f0
[ 67.914565][ T5823] ? __pfx_lock_release+0x10/0x10
[ 67.919582][ T5823] ? tun_get+0x1e/0x2f0
[ 67.923725][ T5823] ? tun_get+0x27d/0x2f0
[ 67.927961][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 67.932975][ T5823] vfs_write+0xaeb/0xd30
[ 67.937221][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 67.942763][ T5823] ? __pfx_vfs_write+0x10/0x10
[ 67.947529][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50
[ 67.952715][ T5823] ? ptrace_notify+0x279/0x380
[ 67.957471][ T5823] ksys_write+0x18f/0x2b0
[ 67.961820][ T5823] ? __pfx_ksys_write+0x10/0x10
[ 67.966660][ T5823] ? do_syscall_64+0x100/0x230
[ 67.971417][ T5823] do_syscall_64+0xf3/0x230
[ 67.975911][ T5823] ? clear_bhb_loop+0x35/0x90
[ 67.980574][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 67.986459][ T5823] RIP: 0033:0x7fa04c96edb0
[ 67.990859][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 68.010449][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 68.018855][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 68.026912][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 68.034879][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 68.042843][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de
[ 68.050811][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 68.058782][ T5823] </TASK>
[ 68.061854][ T5823] BUG: Bad page state in process syz-executor167 pfn:2c054
[ 68.069160][ T5823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802c055800 pfn:0x2c054
[ 68.079251][ T5823] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 68.086371][ T5823] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 68.094979][ T5823] raw: ffff88802c055800 0000000000000001 00000000ffffffff 0000000000000000
[ 68.103579][ T5823] page dumped because: page_pool leak
[ 68.108954][ T5823] page_owner tracks the page as allocated
[ 68.114662][ T5823] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor167), ts 62274368222, free_ts 55571351288
[ 68.131957][ T5823] post_alloc_hook+0x1f3/0x230
[ 68.136724][ T5823] get_page_from_freelist+0x3651/0x37a0
[ 68.142297][ T5823] __alloc_pages_noprof+0x292/0x710
[ 68.147541][ T5823] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 68.152993][ T5823] __page_pool_alloc_pages_slow+0x122/0x690
[ 68.158911][ T5823] page_pool_alloc_pages+0xd0/0x1c0
[ 68.164113][ T5823] skb_pp_cow_data+0xc43/0x1640
[ 68.168982][ T5823] do_xdp_generic+0x505/0xd30
[ 68.173671][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 68.179418][ T5823] __netif_receive_skb+0x12f/0x650
[ 68.184531][ T5823] netif_receive_skb+0x1e8/0x890
[ 68.189491][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 68.194195][ T5823] tun_get_user+0x30d6/0x4890
[ 68.198891][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 68.203919][ T5823] vfs_write+0xaeb/0xd30
[ 68.208191][ T5823] ksys_write+0x18f/0x2b0
[ 68.212532][ T5823] page last free pid 5813 tgid 5813 stack trace:
[ 68.218874][ T5823] free_unref_page+0xde3/0x1130
[ 68.223734][ T5823] __slab_free+0x31b/0x3d0
[ 68.228183][ T5823] qlist_free_all+0x9a/0x140
[ 68.232779][ T5823] kasan_quarantine_reduce+0x14f/0x170
[ 68.238255][ T5823] __kasan_slab_alloc+0x23/0x80
[ 68.243113][ T5823] kmem_cache_alloc_noprof+0x1d9/0x380
[ 68.248587][ T5823] getname_flags+0xb7/0x540
[ 68.253091][ T5823] do_sys_openat2+0xd2/0x1d0
[ 68.257692][ T5823] __x64_sys_openat+0x247/0x2a0
[ 68.262545][ T5823] do_syscall_64+0xf3/0x230
[ 68.267070][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.272969][ T5823] Modules linked in:
[ 68.276883][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 68.289467][ T5823] Tainted: [B]=BAD_PAGE
[ 68.293600][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 68.303635][ T5823] Call Trace:
[ 68.306897][ T5823] <TASK>
[ 68.309815][ T5823] dump_stack_lvl+0x241/0x360
[ 68.314501][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10
[ 68.319685][ T5823] ? __pfx_print_modules+0x10/0x10
[ 68.324780][ T5823] bad_page+0x176/0x1d0
[ 68.328918][ T5823] free_unref_page+0x1048/0x1130
[ 68.333867][ T5823] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 68.339491][ T5823] bpf_xdp_adjust_tail+0x1c3/0x200
[ 68.344601][ T5823] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 68.350046][ T5823] bpf_prog_run_generic_xdp+0x686/0x1510
[ 68.355682][ T5823] do_xdp_generic+0x757/0xd30
[ 68.360351][ T5823] ? __pfx_do_xdp_generic+0x10/0x10
[ 68.365541][ T5823] ? __skb_flow_dissect+0x4f1/0x7d00
[ 68.370822][ T5823] __netif_receive_skb_core+0x1ce9/0x4690
[ 68.376541][ T5823] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 68.382602][ T5823] ? mark_lock+0x9a/0x360
[ 68.386923][ T5823] ? __lock_acquire+0x1397/0x2100
[ 68.391947][ T5823] __netif_receive_skb+0x12f/0x650
[ 68.397051][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 68.402062][ T5823] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 68.408295][ T5823] ? __pfx___netif_receive_skb+0x10/0x10
[ 68.413918][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 68.418763][ T5823] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 68.424563][ T5823] ? read_tsc+0x9/0x20
[ 68.428625][ T5823] ? netif_receive_skb+0x131/0x890
[ 68.433731][ T5823] ? netif_receive_skb+0x131/0x890
[ 68.438834][ T5823] netif_receive_skb+0x1e8/0x890
[ 68.443762][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 68.448777][ T5823] ? __pfx_netif_receive_skb+0x10/0x10
[ 68.454230][ T5823] ? tun_rx_batched+0x160/0x8f0
[ 68.459074][ T5823] tun_rx_batched+0x1b7/0x8f0
[ 68.463744][ T5823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 68.470063][ T5823] ? __pfx_lock_acquire+0x10/0x10
[ 68.475074][ T5823] ? __pfx_tun_rx_batched+0x10/0x10
[ 68.480269][ T5823] tun_get_user+0x30d6/0x4890
[ 68.484938][ T5823] ? tun_get_user+0x2bbe/0x4890
[ 68.489787][ T5823] ? __lock_acquire+0x1397/0x2100
[ 68.494825][ T5823] ? __pfx_tun_get_user+0x10/0x10
[ 68.499848][ T5823] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 68.505299][ T5823] ? tun_get+0x1e/0x2f0
[ 68.509447][ T5823] ? __pfx_lock_release+0x10/0x10
[ 68.514465][ T5823] ? tun_get+0x1e/0x2f0
[ 68.518613][ T5823] ? tun_get+0x27d/0x2f0
[ 68.522849][ T5823] tun_chr_write_iter+0x10d/0x1f0
[ 68.528299][ T5823] vfs_write+0xaeb/0xd30
[ 68.532552][ T5823] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 68.538098][ T5823] ? __pfx_vfs_write+0x10/0x10
[ 68.542856][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50
[ 68.548044][ T5823] ? ptrace_notify+0x279/0x380
[ 68.552802][ T5823] ksys_write+0x18f/0x2b0
[ 68.557125][ T5823] ? __pfx_ksys_write+0x10/0x10
[ 68.561965][ T5823] ? do_syscall_64+0x100/0x230
[ 68.566728][ T5823] do_syscall_64+0xf3/0x230
[ 68.571222][ T5823] ? clear_bhb_loop+0x35/0x90
[ 68.575885][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.581770][ T5823] RIP: 0033:0x7fa04c96edb0
[pid 5823] <... write resumed>) = ?
[ 68.586173][ T5823] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 68.605765][ T5823] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 68.614169][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 68.622129][ T5823] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 68.630086][ T5823] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 68.638044][ T5823] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 00007fa04c9bd0de
[pid 5823] +++ killed by SIGKILL +++
[pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=223 /* 2.23 s */} ---
[pid 5820] restart_syscall(<... resuming interrupted kill ...>) = 0
[pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5824 attached
, child_tidptr=0x55557f949650) = 3
[pid 5824] set_robust_list(0x55557f949660, 24) = 0
[pid 5824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5824] setpgid(0, 0) = 0
[ 68.646007][ T5823] R13: 0000000000000000 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 68.653977][ T5823] </TASK>
[pid 5824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5824] write(3, "1000", 4) = 4
[pid 5824] close(3) = 0
[pid 5824] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid 5824] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid 5824] read(200, 0x7fff7ac122d0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid 5824] write(1, "executing program\n", 18executing program
) = 18
[pid 5824] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
[pid 5824] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=4, insns=0x20000400, license="", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_TEST_STATE_FREQ|0x20, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 4
[pid 5824] ioctl(3, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 5824] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=11, attach_type=BPF_XDP, flags=0x2}, ...}, 24) = 5
[ 68.719216][ T5824] BUG: Bad page state in process syz-executor167 pfn:74dd5
[ 68.726896][ T5824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x74dd5
[ 68.735659][ T5824] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 68.742793][ T5824] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 68.751390][ T5824] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 68.759990][ T5824] page dumped because: page_pool leak
[ 68.765352][ T5824] page_owner tracks the page as allocated
[ 68.771087][ T5824] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5824, tgid 5824 (syz-executor167), ts 68719180054, free_ts 55623697353
[ 68.788379][ T5824] post_alloc_hook+0x1f3/0x230
[ 68.793168][ T5824] get_page_from_freelist+0x3651/0x37a0
[ 68.798759][ T5824] __alloc_pages_noprof+0x292/0x710
[ 68.804041][ T5824] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 68.809547][ T5824] __page_pool_alloc_pages_slow+0x122/0x690
[ 68.815434][ T5824] page_pool_alloc_pages+0xd0/0x1c0
[ 68.820637][ T5824] skb_pp_cow_data+0xc43/0x1640
[ 68.825473][ T5824] do_xdp_generic+0x505/0xd30
[ 68.830160][ T5824] __netif_receive_skb_core+0x1ce9/0x4690
[ 68.835900][ T5824] __netif_receive_skb+0x12f/0x650
[ 68.841031][ T5824] netif_receive_skb+0x1e8/0x890
[ 68.845971][ T5824] tun_rx_batched+0x1b7/0x8f0
[ 68.850667][ T5824] tun_get_user+0x30d6/0x4890
[ 68.855351][ T5824] tun_chr_write_iter+0x10d/0x1f0
[ 68.860391][ T5824] vfs_write+0xaeb/0xd30
[ 68.864637][ T5824] ksys_write+0x18f/0x2b0
[ 68.868985][ T5824] page last free pid 5813 tgid 5813 stack trace:
[ 68.875308][ T5824] free_unref_page+0xde3/0x1130
[ 68.880181][ T5824] tlb_finish_mmu+0x11f/0x200
[ 68.884864][ T5824] vms_clear_ptes+0x437/0x530
[ 68.889551][ T5824] vms_complete_munmap_vmas+0x210/0x8f0
[ 68.895096][ T5824] do_vmi_align_munmap+0x5ef/0x6f0
[ 68.900213][ T5824] do_vmi_munmap+0x24e/0x2d0
[ 68.904802][ T5824] __vm_munmap+0x24c/0x480
[ 68.909243][ T5824] __x64_sys_munmap+0x60/0x70
[ 68.913933][ T5824] do_syscall_64+0xf3/0x230
[ 68.918460][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.924365][ T5824] Modules linked in:
[ 68.928293][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 68.940876][ T5824] Tainted: [B]=BAD_PAGE
[ 68.945002][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 68.955038][ T5824] Call Trace:
[ 68.958302][ T5824] <TASK>
[ 68.961219][ T5824] dump_stack_lvl+0x241/0x360
[ 68.965883][ T5824] ? __pfx_dump_stack_lvl+0x10/0x10
[ 68.971067][ T5824] ? __pfx_print_modules+0x10/0x10
[ 68.976173][ T5824] bad_page+0x176/0x1d0
[ 68.980311][ T5824] free_unref_page+0x1048/0x1130
[ 68.985247][ T5824] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 68.990876][ T5824] bpf_xdp_adjust_tail+0x1c3/0x200
[ 68.995990][ T5824] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 69.001430][ T5824] bpf_prog_run_generic_xdp+0x686/0x1510
[ 69.007057][ T5824] do_xdp_generic+0x757/0xd30
[ 69.011721][ T5824] ? __pfx_do_xdp_generic+0x10/0x10
[ 69.016904][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.021658][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.026403][ T5824] ? count_memcg_event_mm+0x94/0x420
[ 69.031680][ T5824] __netif_receive_skb_core+0x1ce9/0x4690
[ 69.037402][ T5824] ? handle_mm_fault+0x173f/0x1ad0
[ 69.042510][ T5824] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 69.048575][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.053329][ T5824] ? lock_release+0xbf/0xa30
[ 69.057910][ T5824] ? __pfx_lock_acquire+0x10/0x10
[ 69.062951][ T5824] ? __up_read+0x2c2/0x6b0
[ 69.067365][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.072121][ T5824] __netif_receive_skb+0x12f/0x650
[ 69.077224][ T5824] ? __pfx_lock_acquire+0x10/0x10
[ 69.082239][ T5824] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 69.088471][ T5824] ? __pfx___netif_receive_skb+0x10/0x10
[ 69.094103][ T5824] ? tun_rx_batched+0x160/0x8f0
[ 69.098951][ T5824] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 69.104659][ T5824] ? read_tsc+0x9/0x20
[ 69.108720][ T5824] ? ktime_get_with_offset+0x249/0x290
[ 69.114170][ T5824] ? netif_receive_skb+0x131/0x890
[ 69.119272][ T5824] netif_receive_skb+0x1e8/0x890
[ 69.124198][ T5824] ? tun_rx_batched+0x160/0x8f0
[ 69.129041][ T5824] ? __pfx_netif_receive_skb+0x10/0x10
[ 69.134492][ T5824] ? skb_set_owner_w+0x246/0x380
[ 69.139419][ T5824] ? __pfx_lock_release+0x10/0x10
[ 69.144433][ T5824] ? tun_rx_batched+0x160/0x8f0
[ 69.149275][ T5824] tun_rx_batched+0x1b7/0x8f0
[ 69.153949][ T5824] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 69.160269][ T5824] ? __pfx_lock_acquire+0x10/0x10
[ 69.165281][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.170036][ T5824] ? __pfx_tun_rx_batched+0x10/0x10
[ 69.175233][ T5824] tun_get_user+0x30d6/0x4890
[ 69.179904][ T5824] ? tun_get_user+0x2bbe/0x4890
[ 69.184758][ T5824] ? do_raw_spin_unlock+0x13c/0x8b0
[ 69.189951][ T5824] ? __pfx_tun_get_user+0x10/0x10
[ 69.194969][ T5824] ? tun_get+0x1e/0x2f0
[ 69.199113][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.203871][ T5824] ? tun_get+0x1e/0x2f0
[ 69.208021][ T5824] ? lock_release+0xbf/0xa30
[ 69.212599][ T5824] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 69.218044][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.222796][ T5824] ? __pfx_lock_release+0x10/0x10
[ 69.227811][ T5824] ? do_raw_spin_lock+0x14f/0x370
[ 69.232828][ T5824] ? tun_get+0x1e/0x2f0
[ 69.236974][ T5824] ? tun_get+0x27d/0x2f0
[ 69.241208][ T5824] tun_chr_write_iter+0x10d/0x1f0
[ 69.246225][ T5824] vfs_write+0xaeb/0xd30
[ 69.250463][ T5824] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 69.256000][ T5824] ? __pfx_vfs_write+0x10/0x10
[ 69.260755][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.265599][ T5824] ? _raw_spin_unlock_irq+0x2e/0x50
[ 69.270789][ T5824] ? ptrace_notify+0x279/0x380
[ 69.275545][ T5824] ksys_write+0x18f/0x2b0
[ 69.279867][ T5824] ? __pfx_ksys_write+0x10/0x10
[ 69.284706][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.289463][ T5824] do_syscall_64+0xf3/0x230
[ 69.293959][ T5824] ? clear_bhb_loop+0x35/0x90
[ 69.298622][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.304510][ T5824] RIP: 0033:0x7fa04c96edb0
[ 69.308913][ T5824] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 69.328881][ T5824] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 69.337304][ T5824] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 69.345270][ T5824] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 69.353236][ T5824] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 69.361201][ T5824] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 000000000000f313
[ 69.369169][ T5824] R13: 00007fff7ac126e4 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 69.377146][ T5824] </TASK>
[ 69.380209][ T5824] BUG: Bad page state in process syz-executor167 pfn:74dd4
[ 69.387512][ T5824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x74dd4
[ 69.396277][ T5824] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 69.403427][ T5824] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 69.412030][ T5824] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 69.420620][ T5824] page dumped because: page_pool leak
[ 69.425982][ T5824] page_owner tracks the page as allocated
[ 69.431711][ T5824] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5824, tgid 5824 (syz-executor167), ts 68719174649, free_ts 55622085975
[ 69.449003][ T5824] post_alloc_hook+0x1f3/0x230
[ 69.453756][ T5824] get_page_from_freelist+0x3651/0x37a0
[ 69.459332][ T5824] __alloc_pages_noprof+0x292/0x710
[ 69.464545][ T5824] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 69.470032][ T5824] __page_pool_alloc_pages_slow+0x122/0x690
[ 69.475939][ T5824] page_pool_alloc_pages+0xd0/0x1c0
[ 69.481180][ T5824] skb_pp_cow_data+0xc43/0x1640
[ 69.486035][ T5824] do_xdp_generic+0x505/0xd30
[ 69.490752][ T5824] __netif_receive_skb_core+0x1ce9/0x4690
[ 69.496478][ T5824] __netif_receive_skb+0x12f/0x650
[ 69.501628][ T5824] netif_receive_skb+0x1e8/0x890
[ 69.506581][ T5824] tun_rx_batched+0x1b7/0x8f0
[ 69.511315][ T5824] tun_get_user+0x30d6/0x4890
[ 69.516017][ T5824] tun_chr_write_iter+0x10d/0x1f0
[ 69.521095][ T5824] vfs_write+0xaeb/0xd30
[ 69.525355][ T5824] ksys_write+0x18f/0x2b0
[ 69.529722][ T5824] page last free pid 5813 tgid 5813 stack trace:
[ 69.536035][ T5824] free_unref_page+0xde3/0x1130
[ 69.540908][ T5824] __folio_put+0x2c7/0x440
[ 69.545330][ T5824] pipe_read+0x6ed/0x13e0
[ 69.549683][ T5824] vfs_read+0x991/0xb70
[ 69.553843][ T5824] ksys_read+0x18f/0x2b0
[ 69.558117][ T5824] do_syscall_64+0xf3/0x230
[ 69.562625][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.568544][ T5824] Modules linked in:
[ 69.572441][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 69.585007][ T5824] Tainted: [B]=BAD_PAGE
[ 69.589149][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 69.599189][ T5824] Call Trace:
[ 69.602450][ T5824] <TASK>
[ 69.605362][ T5824] dump_stack_lvl+0x241/0x360
[ 69.610028][ T5824] ? __pfx_dump_stack_lvl+0x10/0x10
[ 69.615209][ T5824] ? __pfx_print_modules+0x10/0x10
[ 69.620306][ T5824] bad_page+0x176/0x1d0
[ 69.624445][ T5824] free_unref_page+0x1048/0x1130
[ 69.629373][ T5824] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 69.635000][ T5824] bpf_xdp_adjust_tail+0x1c3/0x200
[ 69.640112][ T5824] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 69.645563][ T5824] bpf_prog_run_generic_xdp+0x686/0x1510
[ 69.651228][ T5824] do_xdp_generic+0x757/0xd30
[ 69.655912][ T5824] ? __pfx_do_xdp_generic+0x10/0x10
[ 69.661103][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.665871][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.670628][ T5824] ? count_memcg_event_mm+0x94/0x420
[ 69.675907][ T5824] __netif_receive_skb_core+0x1ce9/0x4690
[ 69.681626][ T5824] ? handle_mm_fault+0x173f/0x1ad0
[ 69.686771][ T5824] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 69.692844][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.697628][ T5824] ? lock_release+0xbf/0xa30
[ 69.702220][ T5824] ? __pfx_lock_acquire+0x10/0x10
[ 69.707241][ T5824] ? __up_read+0x2c2/0x6b0
[ 69.711659][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.716422][ T5824] __netif_receive_skb+0x12f/0x650
[ 69.721531][ T5824] ? __pfx_lock_acquire+0x10/0x10
[ 69.726554][ T5824] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 69.732792][ T5824] ? __pfx___netif_receive_skb+0x10/0x10
[ 69.738594][ T5824] ? tun_rx_batched+0x160/0x8f0
[ 69.743439][ T5824] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 69.749151][ T5824] ? read_tsc+0x9/0x20
[ 69.753216][ T5824] ? ktime_get_with_offset+0x249/0x290
[ 69.758673][ T5824] ? netif_receive_skb+0x131/0x890
[ 69.763774][ T5824] netif_receive_skb+0x1e8/0x890
[ 69.768704][ T5824] ? tun_rx_batched+0x160/0x8f0
[ 69.773553][ T5824] ? __pfx_netif_receive_skb+0x10/0x10
[ 69.779003][ T5824] ? skb_set_owner_w+0x246/0x380
[ 69.783931][ T5824] ? __pfx_lock_release+0x10/0x10
[ 69.788946][ T5824] ? tun_rx_batched+0x160/0x8f0
[ 69.793789][ T5824] tun_rx_batched+0x1b7/0x8f0
[ 69.798458][ T5824] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 69.804775][ T5824] ? __pfx_lock_acquire+0x10/0x10
[ 69.809789][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.814547][ T5824] ? __pfx_tun_rx_batched+0x10/0x10
[ 69.819744][ T5824] tun_get_user+0x30d6/0x4890
[ 69.824413][ T5824] ? tun_get_user+0x2bbe/0x4890
[ 69.829260][ T5824] ? do_raw_spin_unlock+0x13c/0x8b0
[ 69.834452][ T5824] ? __pfx_tun_get_user+0x10/0x10
[ 69.839473][ T5824] ? tun_get+0x1e/0x2f0
[ 69.843620][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.848376][ T5824] ? tun_get+0x1e/0x2f0
[ 69.852528][ T5824] ? lock_release+0xbf/0xa30
[ 69.857107][ T5824] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 69.862557][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.867317][ T5824] ? __pfx_lock_release+0x10/0x10
[ 69.872337][ T5824] ? do_raw_spin_lock+0x14f/0x370
[ 69.877356][ T5824] ? tun_get+0x1e/0x2f0
[ 69.881504][ T5824] ? tun_get+0x27d/0x2f0
[ 69.885738][ T5824] tun_chr_write_iter+0x10d/0x1f0
[ 69.890757][ T5824] vfs_write+0xaeb/0xd30
[ 69.894994][ T5824] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 69.900533][ T5824] ? __pfx_vfs_write+0x10/0x10
[ 69.905293][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.910049][ T5824] ? _raw_spin_unlock_irq+0x2e/0x50
[ 69.915237][ T5824] ? ptrace_notify+0x279/0x380
[ 69.920084][ T5824] ksys_write+0x18f/0x2b0
[ 69.924415][ T5824] ? __pfx_ksys_write+0x10/0x10
[ 69.929258][ T5824] ? rcu_is_watching+0x15/0xb0
[ 69.934020][ T5824] do_syscall_64+0xf3/0x230
[ 69.938517][ T5824] ? clear_bhb_loop+0x35/0x90
[ 69.943181][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.949070][ T5824] RIP: 0033:0x7fa04c96edb0
[ 69.953473][ T5824] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 69.973068][ T5824] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 69.981471][ T5824] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 69.989432][ T5824] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 69.997389][ T5824] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 70.005346][ T5824] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 000000000000f313
[ 70.013319][ T5824] R13: 00007fff7ac126e4 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 70.021303][ T5824] </TASK>
[ 70.024484][ T5824] BUG: Bad page state in process syz-executor167 pfn:756d9
[ 70.032326][ T5824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x756d9
[ 70.041128][ T5824] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 70.048358][ T5824] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 70.056972][ T5824] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 70.065553][ T5824] page dumped because: page_pool leak
[ 70.070938][ T5824] page_owner tracks the page as allocated
[ 70.076647][ T5824] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5824, tgid 5824 (syz-executor167), ts 68719169302, free_ts 55625467940
[ 70.093943][ T5824] post_alloc_hook+0x1f3/0x230
[ 70.098729][ T5824] get_page_from_freelist+0x3651/0x37a0
[ 70.104263][ T5824] __alloc_pages_noprof+0x292/0x710
[ 70.109474][ T5824] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 70.114939][ T5824] __page_pool_alloc_pages_slow+0x122/0x690
[ 70.120848][ T5824] page_pool_alloc_pages+0xd0/0x1c0
[ 70.126058][ T5824] skb_pp_cow_data+0xc43/0x1640
[ 70.130918][ T5824] do_xdp_generic+0x505/0xd30
[ 70.135598][ T5824] __netif_receive_skb_core+0x1ce9/0x4690
[ 70.141330][ T5824] __netif_receive_skb+0x12f/0x650
[ 70.146443][ T5824] netif_receive_skb+0x1e8/0x890
[ 70.151416][ T5824] tun_rx_batched+0x1b7/0x8f0
[ 70.156135][ T5824] tun_get_user+0x30d6/0x4890
[ 70.160839][ T5824] tun_chr_write_iter+0x10d/0x1f0
[ 70.165869][ T5824] vfs_write+0xaeb/0xd30
[ 70.170138][ T5824] ksys_write+0x18f/0x2b0
[ 70.174480][ T5824] page last free pid 5813 tgid 5813 stack trace:
[ 70.180816][ T5824] free_unref_page+0xde3/0x1130
[ 70.185654][ T5824] __folio_put+0x2c7/0x440
[ 70.190081][ T5824] pipe_read+0x6ed/0x13e0
[ 70.194434][ T5824] vfs_read+0x991/0xb70
[ 70.198605][ T5824] ksys_read+0x18f/0x2b0
[ 70.202852][ T5824] do_syscall_64+0xf3/0x230
[ 70.207376][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.213274][ T5824] Modules linked in:
[ 70.217181][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 70.229869][ T5824] Tainted: [B]=BAD_PAGE
[ 70.233997][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 70.244037][ T5824] Call Trace:
[ 70.247313][ T5824] <TASK>
[ 70.250241][ T5824] dump_stack_lvl+0x241/0x360
[ 70.254906][ T5824] ? __pfx_dump_stack_lvl+0x10/0x10
[ 70.260089][ T5824] ? __pfx_print_modules+0x10/0x10
[ 70.265184][ T5824] bad_page+0x176/0x1d0
[ 70.269321][ T5824] free_unref_page+0x1048/0x1130
[ 70.274241][ T5824] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 70.279862][ T5824] bpf_xdp_adjust_tail+0x1c3/0x200
[ 70.284967][ T5824] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 70.290411][ T5824] bpf_prog_run_generic_xdp+0x686/0x1510
[ 70.296049][ T5824] do_xdp_generic+0x757/0xd30
[ 70.300805][ T5824] ? __pfx_do_xdp_generic+0x10/0x10
[ 70.305990][ T5824] ? rcu_is_watching+0x15/0xb0
[ 70.310758][ T5824] ? rcu_is_watching+0x15/0xb0
[ 70.315533][ T5824] ? count_memcg_event_mm+0x94/0x420
[ 70.320815][ T5824] __netif_receive_skb_core+0x1ce9/0x4690
[ 70.326533][ T5824] ? handle_mm_fault+0x173f/0x1ad0
[ 70.331675][ T5824] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 70.337735][ T5824] ? rcu_is_watching+0x15/0xb0
[ 70.342490][ T5824] ? lock_release+0xbf/0xa30
[ 70.347065][ T5824] ? __pfx_lock_acquire+0x10/0x10
[ 70.352076][ T5824] ? __up_read+0x2c2/0x6b0
[ 70.356483][ T5824] ? rcu_is_watching+0x15/0xb0
[ 70.361235][ T5824] __netif_receive_skb+0x12f/0x650
[ 70.366337][ T5824] ? __pfx_lock_acquire+0x10/0x10
[ 70.371349][ T5824] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 70.377586][ T5824] ? __pfx___netif_receive_skb+0x10/0x10
[ 70.383208][ T5824] ? tun_rx_batched+0x160/0x8f0
[ 70.388053][ T5824] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 70.393761][ T5824] ? read_tsc+0x9/0x20
[ 70.397853][ T5824] ? ktime_get_with_offset+0x249/0x290
[ 70.403306][ T5824] ? netif_receive_skb+0x131/0x890
[ 70.408408][ T5824] netif_receive_skb+0x1e8/0x890
[ 70.413335][ T5824] ? tun_rx_batched+0x160/0x8f0
[ 70.418178][ T5824] ? __pfx_netif_receive_skb+0x10/0x10
[ 70.423627][ T5824] ? skb_set_owner_w+0x246/0x380
[ 70.428551][ T5824] ? __pfx_lock_release+0x10/0x10
[ 70.433562][ T5824] ? tun_rx_batched+0x160/0x8f0
[ 70.438402][ T5824] tun_rx_batched+0x1b7/0x8f0
[ 70.443078][ T5824] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 70.449398][ T5824] ? __pfx_lock_acquire+0x10/0x10
[ 70.454410][ T5824] ? rcu_is_watching+0x15/0xb0
[ 70.459167][ T5824] ? __pfx_tun_rx_batched+0x10/0x10
[ 70.464360][ T5824] tun_get_user+0x30d6/0x4890
[ 70.469028][ T5824] ? tun_get_user+0x2bbe/0x4890
[ 70.473873][ T5824] ? do_raw_spin_unlock+0x13c/0x8b0
[ 70.479070][ T5824] ? __pfx_tun_get_user+0x10/0x10
[ 70.484094][ T5824] ? tun_get+0x1e/0x2f0
[ 70.488238][ T5824] ? rcu_is_watching+0x15/0xb0
[ 70.492989][ T5824] ? tun_get+0x1e/0x2f0
[ 70.497137][ T5824] ? lock_release+0xbf/0xa30
[ 70.501712][ T5824] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 70.507158][ T5824] ? rcu_is_watching+0x15/0xb0
[ 70.511913][ T5824] ? __pfx_lock_release+0x10/0x10
[ 70.516926][ T5824] ? do_raw_spin_lock+0x14f/0x370
[ 70.521944][ T5824] ? tun_get+0x1e/0x2f0
[ 70.526086][ T5824] ? tun_get+0x27d/0x2f0
[ 70.530321][ T5824] tun_chr_write_iter+0x10d/0x1f0
[ 70.535337][ T5824] vfs_write+0xaeb/0xd30
[ 70.539574][ T5824] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 70.545109][ T5824] ? __pfx_vfs_write+0x10/0x10
[ 70.549865][ T5824] ? rcu_is_watching+0x15/0xb0
[ 70.554624][ T5824] ? _raw_spin_unlock_irq+0x2e/0x50
[ 70.559813][ T5824] ? ptrace_notify+0x279/0x380
[ 70.564568][ T5824] ksys_write+0x18f/0x2b0
[ 70.568901][ T5824] ? __pfx_ksys_write+0x10/0x10
[ 70.573741][ T5824] ? rcu_is_watching+0x15/0xb0
[ 70.578502][ T5824] do_syscall_64+0xf3/0x230
[ 70.583088][ T5824] ? clear_bhb_loop+0x35/0x90
[ 70.587758][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.593641][ T5824] RIP: 0033:0x7fa04c96edb0
[ 70.598043][ T5824] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 70.617636][ T5824] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 70.626039][ T5824] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 70.633997][ T5824] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 70.641954][ T5824] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 70.649913][ T5824] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 000000000000f313
[ 70.657870][ T5824] R13: 00007fff7ac126e4 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 70.665835][ T5824] </TASK>
[ 70.668896][ T5824] BUG: Bad page state in process syz-executor167 pfn:756d8
[ 70.676183][ T5824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x756d8
[ 70.684975][ T5824] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 70.692131][ T5824] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 70.700725][ T5824] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[ 70.709322][ T5824] page dumped because: page_pool leak
[ 70.714715][ T5824] page_owner tracks the page as allocated
[ 70.720463][ T5824] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5824, tgid 5824 (syz-executor167), ts 68719163803, free_ts 55613348068
[ 70.737766][ T5824] post_alloc_hook+0x1f3/0x230
[ 70.742518][ T5824] get_page_from_freelist+0x3651/0x37a0
[ 70.748078][ T5824] __alloc_pages_noprof+0x292/0x710
[ 70.753282][ T5824] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 70.758767][ T5824] __page_pool_alloc_pages_slow+0x122/0x690
[ 70.764681][ T5824] page_pool_alloc_pages+0xd0/0x1c0
[ 70.769900][ T5824] skb_pp_cow_data+0xc43/0x1640
[ 70.774760][ T5824] do_xdp_generic+0x505/0xd30
[ 70.779459][ T5824] __netif_receive_skb_core+0x1ce9/0x4690
[ 70.785184][ T5824] __netif_receive_skb+0x12f/0x650
[ 70.790311][ T5824] netif_receive_skb+0x1e8/0x890
[ 70.795249][ T5824] tun_rx_batched+0x1b7/0x8f0
[ 70.800039][ T5824] tun_get_user+0x30d6/0x4890
[ 70.804728][ T5824] tun_chr_write_iter+0x10d/0x1f0
[ 70.809809][ T5824] vfs_write+0xaeb/0xd30
[ 70.814063][ T5824] ksys_write+0x18f/0x2b0
[ 70.818428][ T5824] page last free pid 5813 tgid 5813 stack trace:
[ 70.824770][ T5824] free_unref_page+0xde3/0x1130
[ 70.829639][ T5824] __folio_put+0x2c7/0x440
[ 70.834060][ T5824] pipe_read+0x6ed/0x13e0
[ 70.838400][ T5824] vfs_read+0x991/0xb70
[ 70.842559][ T5824] ksys_read+0x18f/0x2b0
[ 70.846823][ T5824] do_syscall_64+0xf3/0x230
[ 70.851336][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.857277][ T5824] Modules linked in:
[ 70.861181][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 70.873755][ T5824] Tainted: [B]=BAD_PAGE
[ 70.877887][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 70.887922][ T5824] Call Trace:
[ 70.891187][ T5824] <TASK>
[ 70.894103][ T5824] dump_stack_lvl+0x241/0x360
[ 70.898772][ T5824] ? __pfx_dump_stack_lvl+0x10/0x10
[ 70.903957][ T5824] ? __pfx_print_modules+0x10/0x10
[ 70.909060][ T5824] bad_page+0x176/0x1d0
[ 70.913459][ T5824] free_unref_page+0x1048/0x1130
[ 70.918389][ T5824] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 70.924022][ T5824] bpf_xdp_adjust_tail+0x1c3/0x200
[ 70.929130][ T5824] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 70.934573][ T5824] bpf_prog_run_generic_xdp+0x686/0x1510
[ 70.940211][ T5824] do_xdp_generic+0x757/0xd30
[ 70.944883][ T5824] ? __pfx_do_xdp_generic+0x10/0x10
[ 70.950071][ T5824] ? rcu_is_watching+0x15/0xb0
[ 70.954835][ T5824] ? rcu_is_watching+0x15/0xb0
[ 70.959590][ T5824] ? count_memcg_event_mm+0x94/0x420
[ 70.964866][ T5824] __netif_receive_skb_core+0x1ce9/0x4690
[ 70.970580][ T5824] ? handle_mm_fault+0x173f/0x1ad0
[ 70.975685][ T5824] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 70.981766][ T5824] ? rcu_is_watching+0x15/0xb0
[ 70.986522][ T5824] ? lock_release+0xbf/0xa30
[ 70.991101][ T5824] ? __pfx_lock_acquire+0x10/0x10
[ 70.996113][ T5824] ? __up_read+0x2c2/0x6b0
[ 71.000521][ T5824] ? rcu_is_watching+0x15/0xb0
[ 71.005274][ T5824] __netif_receive_skb+0x12f/0x650
[ 71.010378][ T5824] ? __pfx_lock_acquire+0x10/0x10
[ 71.015389][ T5824] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 71.021625][ T5824] ? __pfx___netif_receive_skb+0x10/0x10
[ 71.027250][ T5824] ? tun_rx_batched+0x160/0x8f0
[ 71.032114][ T5824] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 71.037840][ T5824] ? read_tsc+0x9/0x20
[ 71.041999][ T5824] ? ktime_get_with_offset+0x249/0x290
[ 71.047460][ T5824] ? netif_receive_skb+0x131/0x890
[ 71.052570][ T5824] netif_receive_skb+0x1e8/0x890
[ 71.057507][ T5824] ? tun_rx_batched+0x160/0x8f0
[ 71.062353][ T5824] ? __pfx_netif_receive_skb+0x10/0x10
[ 71.067822][ T5824] ? skb_set_owner_w+0x246/0x380
[ 71.072766][ T5824] ? __pfx_lock_release+0x10/0x10
[ 71.077794][ T5824] ? tun_rx_batched+0x160/0x8f0
[ 71.082653][ T5824] tun_rx_batched+0x1b7/0x8f0
[ 71.087338][ T5824] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 71.093660][ T5824] ? __pfx_lock_acquire+0x10/0x10
[ 71.098676][ T5824] ? rcu_is_watching+0x15/0xb0
[ 71.103438][ T5824] ? __pfx_tun_rx_batched+0x10/0x10
[ 71.108631][ T5824] tun_get_user+0x30d6/0x4890
[ 71.113299][ T5824] ? tun_get_user+0x2bbe/0x4890
[ 71.118144][ T5824] ? do_raw_spin_unlock+0x13c/0x8b0
[ 71.123339][ T5824] ? __pfx_tun_get_user+0x10/0x10
[ 71.128356][ T5824] ? tun_get+0x1e/0x2f0
[ 71.132502][ T5824] ? rcu_is_watching+0x15/0xb0
[ 71.137256][ T5824] ? tun_get+0x1e/0x2f0
[ 71.141406][ T5824] ? lock_release+0xbf/0xa30
[ 71.146010][ T5824] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 71.151458][ T5824] ? rcu_is_watching+0x15/0xb0
[ 71.156213][ T5824] ? __pfx_lock_release+0x10/0x10
[ 71.161227][ T5824] ? do_raw_spin_lock+0x14f/0x370
[ 71.166243][ T5824] ? tun_get+0x1e/0x2f0
[ 71.170390][ T5824] ? tun_get+0x27d/0x2f0
[ 71.174624][ T5824] tun_chr_write_iter+0x10d/0x1f0
[ 71.179640][ T5824] vfs_write+0xaeb/0xd30
[ 71.183875][ T5824] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 71.189414][ T5824] ? __pfx_vfs_write+0x10/0x10
[ 71.194175][ T5824] ? rcu_is_watching+0x15/0xb0
[ 71.198931][ T5824] ? _raw_spin_unlock_irq+0x2e/0x50
[ 71.204120][ T5824] ? ptrace_notify+0x279/0x380
[ 71.208876][ T5824] ksys_write+0x18f/0x2b0
[ 71.213196][ T5824] ? __pfx_ksys_write+0x10/0x10
[ 71.218038][ T5824] ? rcu_is_watching+0x15/0xb0
[ 71.222795][ T5824] do_syscall_64+0xf3/0x230
[ 71.227292][ T5824] ? clear_bhb_loop+0x35/0x90
[ 71.231957][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.237851][ T5824] RIP: 0033:0x7fa04c96edb0
[ 71.242254][ T5824] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 71.262397][ T5824] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 71.270800][ T5824] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 71.278762][ T5824] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 71.286719][ T5824] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 71.294691][ T5824] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 000000000000f313
[ 71.302649][ T5824] R13: 00007fff7ac126e4 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 71.310618][ T5824] </TASK>
[ 71.313687][ T5824] BUG: Bad page state in process syz-executor167 pfn:28649
[ 71.320989][ T5824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x28649
[ 71.329769][ T5824] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 71.336914][ T5824] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 71.345501][ T5824] raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000
[ 71.354106][ T5824] page dumped because: page_pool leak
[ 71.359482][ T5824] page_owner tracks the page as allocated
[ 71.365171][ T5824] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5824, tgid 5824 (syz-executor167), ts 68719158669, free_ts 55633107404
[ 71.382473][ T5824] post_alloc_hook+0x1f3/0x230
[ 71.387266][ T5824] get_page_from_freelist+0x3651/0x37a0
[ 71.392798][ T5824] __alloc_pages_noprof+0x292/0x710
[ 71.398029][ T5824] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 71.403493][ T5824] __page_pool_alloc_pages_slow+0x122/0x690
[ 71.409404][ T5824] page_pool_alloc_pages+0xd0/0x1c0
[ 71.414608][ T5824] skb_pp_cow_data+0xc43/0x1640
[ 71.419469][ T5824] do_xdp_generic+0x505/0xd30
[ 71.424145][ T5824] __netif_receive_skb_core+0x1ce9/0x4690
[ 71.429875][ T5824] __netif_receive_skb+0x12f/0x650
[ 71.434990][ T5824] netif_receive_skb+0x1e8/0x890
[ 71.439941][ T5824] tun_rx_batched+0x1b7/0x8f0
[ 71.444618][ T5824] tun_get_user+0x30d6/0x4890
[ 71.449304][ T5824] tun_chr_write_iter+0x10d/0x1f0
[ 71.454328][ T5824] vfs_write+0xaeb/0xd30
[ 71.458593][ T5824] ksys_write+0x18f/0x2b0
[ 71.462939][ T5824] page last free pid 5813 tgid 5813 stack trace:
[ 71.469286][ T5824] free_unref_page+0xde3/0x1130
[ 71.474152][ T5824] tlb_finish_mmu+0x11f/0x200
[ 71.478857][ T5824] vms_clear_ptes+0x437/0x530
[ 71.483533][ T5824] vms_complete_munmap_vmas+0x210/0x8f0
[ 71.489111][ T5824] do_vmi_align_munmap+0x5ef/0x6f0
[ 71.494218][ T5824] do_vmi_munmap+0x24e/0x2d0
[ 71.498820][ T5824] __vm_munmap+0x24c/0x480
[ 71.503237][ T5824] __x64_sys_munmap+0x60/0x70
[ 71.507927][ T5824] do_syscall_64+0xf3/0x230
[ 71.512452][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.518361][ T5824] Modules linked in:
[ 71.522256][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 71.534820][ T5824] Tainted: [B]=BAD_PAGE
[ 71.538950][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 71.548988][ T5824] Call Trace:
[ 71.552252][ T5824] <TASK>
[ 71.555179][ T5824] dump_stack_lvl+0x241/0x360
[ 71.559855][ T5824] ? __pfx_dump_stack_lvl+0x10/0x10
[ 71.565041][ T5824] ? __pfx_print_modules+0x10/0x10
[ 71.570135][ T5824] bad_page+0x176/0x1d0
[ 71.574273][ T5824] free_unref_page+0x1048/0x1130
[ 71.579204][ T5824] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 71.584834][ T5824] bpf_xdp_adjust_tail+0x1c3/0x200
[ 71.589941][ T5824] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 71.595385][ T5824] bpf_prog_run_generic_xdp+0x686/0x1510
[ 71.601016][ T5824] do_xdp_generic+0x757/0xd30
[ 71.605686][ T5824] ? __pfx_do_xdp_generic+0x10/0x10
[ 71.610873][ T5824] ? rcu_is_watching+0x15/0xb0
[ 71.615634][ T5824] ? rcu_is_watching+0x15/0xb0
[ 71.620394][ T5824] ? count_memcg_event_mm+0x94/0x420
[ 71.625675][ T5824] __netif_receive_skb_core+0x1ce9/0x4690
[ 71.631394][ T5824] ? handle_mm_fault+0x173f/0x1ad0
[ 71.636498][ T5824] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 71.642561][ T5824] ? rcu_is_watching+0x15/0xb0
[ 71.647316][ T5824] ? lock_release+0xbf/0xa30
[ 71.651897][ T5824] ? __pfx_lock_acquire+0x10/0x10
[ 71.656910][ T5824] ? __up_read+0x2c2/0x6b0
[ 71.661328][ T5824] ? rcu_is_watching+0x15/0xb0
[ 71.666081][ T5824] __netif_receive_skb+0x12f/0x650
[ 71.671184][ T5824] ? __pfx_lock_acquire+0x10/0x10
[ 71.676196][ T5824] ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 71.682426][ T5824] ? __pfx___netif_receive_skb+0x10/0x10
[ 71.688060][ T5824] ? tun_rx_batched+0x160/0x8f0
[ 71.692925][ T5824] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 71.698646][ T5824] ? read_tsc+0x9/0x20
[ 71.702705][ T5824] ? ktime_get_with_offset+0x249/0x290
[ 71.708157][ T5824] ? netif_receive_skb+0x131/0x890
[ 71.713261][ T5824] netif_receive_skb+0x1e8/0x890
[ 71.718197][ T5824] ? tun_rx_batched+0x160/0x8f0
[ 71.723037][ T5824] ? __pfx_netif_receive_skb+0x10/0x10
[ 71.728487][ T5824] ? skb_set_owner_w+0x246/0x380
[ 71.733417][ T5824] ? __pfx_lock_release+0x10/0x10
[ 71.738431][ T5824] ? tun_rx_batched+0x160/0x8f0
[ 71.743274][ T5824] tun_rx_batched+0x1b7/0x8f0
[ 71.747943][ T5824] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 71.754265][ T5824] ? __pfx_lock_acquire+0x10/0x10
[ 71.759347][ T5824] ? rcu_is_watching+0x15/0xb0
[ 71.764103][ T5824] ? __pfx_tun_rx_batched+0x10/0x10
[ 71.769297][ T5824] tun_get_user+0x30d6/0x4890
[ 71.773963][ T5824] ? tun_get_user+0x2bbe/0x4890
[ 71.778807][ T5824] ? do_raw_spin_unlock+0x13c/0x8b0
[ 71.783994][ T5824] ? __pfx_tun_get_user+0x10/0x10
[ 71.789013][ T5824] ? tun_get+0x1e/0x2f0
[ 71.793159][ T5824] ? rcu_is_watching+0x15/0xb0
[ 71.797911][ T5824] ? tun_get+0x1e/0x2f0
[ 71.802057][ T5824] ? lock_release+0xbf/0xa30
[ 71.806635][ T5824] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 71.812080][ T5824] ? rcu_is_watching+0x15/0xb0
[ 71.816838][ T5824] ? __pfx_lock_release+0x10/0x10
[ 71.821851][ T5824] ? do_raw_spin_lock+0x14f/0x370
[ 71.826869][ T5824] ? tun_get+0x1e/0x2f0
[ 71.831016][ T5824] ? tun_get+0x27d/0x2f0
[ 71.835247][ T5824] tun_chr_write_iter+0x10d/0x1f0
[ 71.840265][ T5824] vfs_write+0xaeb/0xd30
[ 71.844503][ T5824] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 71.850036][ T5824] ? __pfx_vfs_write+0x10/0x10
[ 71.854794][ T5824] ? rcu_is_watching+0x15/0xb0
[ 71.859550][ T5824] ? _raw_spin_unlock_irq+0x2e/0x50
[ 71.864740][ T5824] ? ptrace_notify+0x279/0x380
[ 71.869495][ T5824] ksys_write+0x18f/0x2b0
[ 71.873815][ T5824] ? __pfx_ksys_write+0x10/0x10
[ 71.878659][ T5824] ? rcu_is_watching+0x15/0xb0
[ 71.883417][ T5824] do_syscall_64+0xf3/0x230
[ 71.887913][ T5824] ? clear_bhb_loop+0x35/0x90
[ 71.892580][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.898468][ T5824] RIP: 0033:0x7fa04c96edb0
[ 71.902870][ T5824] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d f1 e2 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ 71.922464][ T5824] RSP: 002b:00007fff7ac126c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 71.930870][ T5824] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa04c96edb0
[ 71.938830][ T5824] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[ 71.946806][ T5824] RBP: 0000000000000000 R08: 00007fff7ac127f8 R09: 00007fff7ac127f8
[ 71.954767][ T5824] R10: 00007fff7ac127f8 R11: 0000000000000202 R12: 000000000000f313
[ 71.962724][ T5824] R13: 00007fff7ac126e4 R14: 00007fff7ac12700 R15: 00007fff7ac126f0
[ 71.970690][ T5824] </TASK>
[ 71.973750][ T5824] BUG: Bad page state in process syz-executor167 pfn:28648
[ 71.981050][ T5824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888028648800 pfn:0x28648
[ 71.991160][ T5824] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 71.998307][ T5824] raw: 00fff00000000000 dead000000000040 ffff888021ac0000 0000000000000000
[ 72.006922][ T5824] raw: ffff888028648800 0000000000000001 00000000ffffffff 0000000000000000
[ 72.015490][ T5824] page dumped because: page_pool leak
[ 72.020869][ T5824] page_owner tracks the page as allocated
[ 72.026577][ T5824] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5824, tgid 5824 (syz-executor167), ts 68719153343, free_ts 55625474421
[ 72.043873][ T5824] post_alloc_hook+0x1f3/0x230
[ 72.048661][ T5824] get_page_from_freelist+0x3651/0x37a0
[ 72.054202][ T5824] __alloc_pages_noprof+0x292/0x710
[ 72.059413][ T5824] alloc_pages_bulk_noprof+0x70b/0xcc0
[ 72.064881][ T5824] __page_pool_alloc_pages_slow+0x122/0x690
[ 72.070812][ T5824] page_pool_alloc_pages+0xd0/0x1c0
[ 72.076019][ T5824] skb_pp_cow_data+0xc43/0x1640
[ 72.080877][ T5824] do_xdp_generic+0x505/0xd30
[ 72.085553][ T5824] __netif_receive_skb_core+0x1ce9/0x4690
[ 72.091284][ T5824] __netif_receive_skb+0x12f/0x650
[ 72.096399][ T5824] netif_receive_skb+0x1e8/0x890
[ 72.101351][ T5824] tun_rx_batched+0x1b7/0x8f0
[ 72.106028][ T5824] tun_get_user+0x30d6/0x4890
[ 72.110726][ T5824] tun_chr_write_iter+0x10d/0x1f0
[ 72.115756][ T5824] vfs_write+0xaeb/0xd30
[ 72.120033][ T5824] ksys_write+0x18f/0x2b0
[ 72.124370][ T5824] page last free pid 5813 tgid 5813 stack trace:
[ 72.130717][ T5824] free_unref_page+0xde3/0x1130
[ 72.135566][ T5824] __folio_put+0x2c7/0x440
[ 72.140003][ T5824] pipe_read+0x6ed/0x13e0
[ 72.144337][ T5824] vfs_read+0x991/0xb70
[ 72.148506][ T5824] ksys_read+0x18f/0x2b0
[ 72.152751][ T5824] do_syscall_64+0xf3/0x230
[ 72.157269][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.163164][ T5824] Modules linked in:
[ 72.167088][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor167 Tainted: G B 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[ 72.179667][ T5824] Tainted: [B]=BAD_PAGE
[ 72.183797][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 72.193831][ T5824] Call Trace:
[ 72.197093][ T5824] <TASK>
[ 72.200010][ T5824] dump_stack_lvl+0x241/0x360
[ 72.204670][ T5824] ? __pfx_dump_stack_lvl+0x10/0x10
[ 72.209854][ T5824] ? __pfx_print_modules+0x10/0x10
[ 72.214953][ T5824] bad_page+0x176/0x1d0
[ 72.219092][ T5824] free_unref_page+0x1048/0x1130
[ 72.224017][ T5824] bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[ 72.229638][ T5824] bpf_xdp_adjust_tail+0x1c3/0x200
[ 72.234736][ T5824] bpf_prog_f476d5219b92964a+0x1e/0x20
[ 72.240177][ T5824] bpf_prog_run_generic_xdp+0x686/0x1510
[ 72.245813][ T5824] do_xdp_generic+0x757/0xd30
[ 72.250484][ T5824] ? __pfx_do_xdp_generic+0x10/0x10
[ 72.255670][ T5824] ? rcu_is_watching+0x15/0xb0
[ 72.260431][ T5824] ? rcu_is_watching+0x15/0xb0
[ 72.265188][ T5824] ? count_memcg_event_mm+0x94/0x420
[ 72.270465][ T5824] __netif_receive_skb_core+0x1ce9/0x4690
[ 72.276184][ T5824] ? handle_mm_fault+0x173f/0x1ad0