Warning: Permanently added '10.128.1.68' (ED25519) to the list of known hosts.
2025/11/12 19:18:15 parsed 1 programs
[  124.797925][ T6175] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  127.955278][ T6192] chnl_net:caif_netlink_parms(): no params data found
[  128.033918][ T6192] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.041438][ T6192] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.048985][ T6192] bridge_slave_0: entered allmulticast mode
[  128.056300][ T6192] bridge_slave_0: entered promiscuous mode
[  128.064439][ T6192] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.071956][ T6192] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.079423][ T6192] bridge_slave_1: entered allmulticast mode
[  128.086430][ T6192] bridge_slave_1: entered promiscuous mode
[  128.123510][ T6192] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  128.136348][ T6192] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  128.174753][ T6192] team0: Port device team_slave_0 added
[  128.185601][ T6192] team0: Port device team_slave_1 added
[  128.211999][ T6192] batman_adv: batadv0: Adding interface: batadv_slave_0
[  128.219315][ T6192] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  128.248275][ T6192] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  128.261186][ T6192] batman_adv: batadv0: Adding interface: batadv_slave_1
[  128.268720][ T6192] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  128.296677][ T6192] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  128.338165][ T6192] hsr_slave_0: entered promiscuous mode
[  128.344682][ T6192] hsr_slave_1: entered promiscuous mode
[  128.845965][ T6192] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  128.863111][ T6192] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  128.875105][ T6192] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  128.887505][ T6192] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  128.935211][ T6192] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.943075][ T6192] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.950710][ T6192] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.958070][ T6192] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.975018][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.983590][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.063012][ T6192] 8021q: adding VLAN 0 to HW filter on device bond0
[  129.086864][ T6192] 8021q: adding VLAN 0 to HW filter on device team0
[  129.101772][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.109320][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  129.134814][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.142565][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  129.406672][ T6192] 8021q: adding VLAN 0 to HW filter on device batadv0
[  129.467361][ T6192] veth0_vlan: entered promiscuous mode
[  129.484384][ T6192] veth1_vlan: entered promiscuous mode
[  129.524782][ T6192] veth0_macvtap: entered promiscuous mode
[  129.537429][ T6192] veth1_macvtap: entered promiscuous mode
[  129.562643][ T6192] batman_adv: batadv0: Interface activated: batadv_slave_0
[  129.581393][ T6192] batman_adv: batadv0: Interface activated: batadv_slave_1
[  129.604326][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  129.617101][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  129.637342][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  129.656592][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  129.863028][ T1334] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  129.952277][ T1334] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.030747][ T1334] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.163912][ T1334] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.210050][ T5149] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  130.222648][ T5149] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  130.237120][ T5149] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  130.245747][ T5149] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  130.254175][ T5149] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  130.613489][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.636256][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.671025][ T3553] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.681454][ T3553] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.214353][ T1334] bridge_slave_1: left allmulticast mode
[  132.229654][ T1334] bridge_slave_1: left promiscuous mode
[  132.240077][ T1334] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.250615][ T1334] bridge_slave_0: left allmulticast mode
[  132.256559][ T1334] bridge_slave_0: left promiscuous mode
[  132.262985][ T1334] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.596059][ T1334] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  132.608727][ T1334] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  132.621292][ T1334] bond0 (unregistering): Released all slaves
[  132.770509][ T1334] hsr_slave_0: left promiscuous mode
[  132.786439][ T1334] hsr_slave_1: left promiscuous mode
[  132.800377][ T1334] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  132.808591][ T1334] batman_adv: batadv0: Removing interface: batadv_slave_0
[  132.820661][ T1334] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  132.832707][ T1334] batman_adv: batadv0: Removing interface: batadv_slave_1
[  132.857858][ T1334] veth1_macvtap: left promiscuous mode
[  132.864334][ T1334] veth0_macvtap: left promiscuous mode
[  132.870794][ T1334] veth1_vlan: left promiscuous mode
[  132.877012][ T1334] veth0_vlan: left promiscuous mode
[  133.112233][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  133.118938][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  133.392670][ T1334] team0 (unregistering): Port device team_slave_1 removed
[  133.436728][ T1334] team0 (unregistering): Port device team_slave_0 removed
2025/11/12 19:18:31 executed programs: 0
[  136.723994][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  136.733038][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  136.742370][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  136.752765][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  136.761361][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  137.026438][ T6464] chnl_net:caif_netlink_parms(): no params data found
[  137.140314][ T6464] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.147930][ T6464] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.155802][ T6464] bridge_slave_0: entered allmulticast mode
[  137.164497][ T6464] bridge_slave_0: entered promiscuous mode
[  137.175385][ T6464] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.183294][ T6464] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.191094][ T6464] bridge_slave_1: entered allmulticast mode
[  137.198900][ T6464] bridge_slave_1: entered promiscuous mode
[  137.242347][ T6464] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  137.255503][ T6464] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  137.301503][ T6464] team0: Port device team_slave_0 added
[  137.310934][ T6464] team0: Port device team_slave_1 added
[  137.354650][ T6464] batman_adv: batadv0: Adding interface: batadv_slave_0
[  137.361810][ T6464] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  137.393234][ T6464] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  137.410501][ T6464] batman_adv: batadv0: Adding interface: batadv_slave_1
[  137.418038][ T6464] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  137.446248][ T6464] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  137.516946][ T6464] hsr_slave_0: entered promiscuous mode
[  137.524037][ T6464] hsr_slave_1: entered promiscuous mode
[  138.006144][ T6464] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  138.017109][ T6464] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  138.029752][ T6464] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  138.041693][ T6464] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  138.145796][ T6464] 8021q: adding VLAN 0 to HW filter on device bond0
[  138.171375][ T6464] 8021q: adding VLAN 0 to HW filter on device team0
[  138.185574][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.193020][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.209030][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.216235][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.468575][ T6464] 8021q: adding VLAN 0 to HW filter on device batadv0
[  138.528413][ T6464] veth0_vlan: entered promiscuous mode
[  138.544279][ T6464] veth1_vlan: entered promiscuous mode
[  138.581397][ T6464] veth0_macvtap: entered promiscuous mode
[  138.594961][ T6464] veth1_macvtap: entered promiscuous mode
[  138.622507][ T6464] batman_adv: batadv0: Interface activated: batadv_slave_0
[  138.638780][ T6464] batman_adv: batadv0: Interface activated: batadv_slave_1
[  138.655778][ T3553] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  138.686275][ T3553] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  138.715524][ T3553] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  138.742028][ T3553] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  138.771539][ T3553] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  138.787419][ T3553] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  138.827182][ T1334] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  138.840306][ T1334] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  138.861371][   T52] Bluetooth: hci0: command tx timeout
[  138.914215][ T6539] BUG: Bad page state in process syz.0.17  pfn:334bc
[  138.921107][ T6539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x334bc
[  138.930384][ T6539] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  138.937819][ T6539] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[  138.946496][ T6539] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  138.955506][ T6539] page dumped because: page_pool leak
[  138.961056][ T6539] page_owner tracks the page as allocated
[  138.967040][ T6539] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6539, tgid 6538 (syz.0.17), ts 138914060060, free_ts 135854167329
[  138.984757][ T6539]  post_alloc_hook+0x240/0x2a0
[  138.989801][ T6539]  get_page_from_freelist+0x2365/0x2440
[  138.995463][ T6539]  __alloc_frozen_pages_noprof+0x181/0x370
[  139.001974][ T6539]  alloc_pages_bulk_noprof+0x560/0x710
[  139.007719][ T6539]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  139.013981][ T6539]  skb_pp_cow_data+0xb47/0x13e0
[  139.018858][ T6539]  do_xdp_generic+0x699/0x11a0
[  139.023794][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  139.029588][ T6539]  __netif_receive_skb+0x72/0x380
[  139.034750][ T6539]  netif_receive_skb+0x1cb/0x790
[  139.039970][ T6539]  tun_rx_batched+0x1b9/0x730
[  139.044755][ T6539]  tun_get_user+0x2b65/0x3e90
[  139.049527][ T6539]  tun_chr_write_iter+0x113/0x200
[  139.054685][ T6539]  vfs_write+0x5c9/0xb30
[  139.059273][ T6539]  ksys_write+0x145/0x250
[  139.063641][ T6539]  do_syscall_64+0xfa/0xfa0
[  139.068349][ T6539] page last free pid 6414 tgid 6414 stack trace:
[  139.074832][ T6539]  __free_frozen_pages+0xbc4/0xd30
[  139.080120][ T6539]  vfree+0x25a/0x400
[  139.084048][ T6539]  kcov_close+0x28/0x50
[  139.088212][ T6539]  __fput+0x44c/0xa70
[  139.092256][ T6539]  task_work_run+0x1d4/0x260
[  139.096970][ T6539]  do_exit+0x6b5/0x2300
[  139.101272][ T6539]  do_group_exit+0x21c/0x2d0
[  139.106323][ T6539]  get_signal+0x1285/0x1340
[  139.110936][ T6539]  arch_do_signal_or_restart+0xa0/0x790
[  139.116509][ T6539]  exit_to_user_mode_loop+0x72/0x130
[  139.122511][ T6539]  do_syscall_64+0x2bd/0xfa0
[  139.127129][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.133206][ T6539] Modules linked in:
[  139.137339][ T6539] CPU: 0 UID: 0 PID: 6539 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  139.137364][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  139.137382][ T6539] Call Trace:
[  139.137389][ T6539]  <TASK>
[  139.137396][ T6539]  dump_stack_lvl+0x189/0x250
[  139.137427][ T6539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.137449][ T6539]  ? __pfx_print_modules+0x10/0x10
[  139.137482][ T6539]  bad_page+0x180/0x1c0
[  139.137503][ T6539]  __free_frozen_pages+0xce2/0xd30
[  139.137537][ T6539]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  139.137578][ T6539]  bpf_xdp_adjust_tail+0x1d6/0x220
[  139.137603][ T6539]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  139.137627][ T6539]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  139.137677][ T6539]  do_xdp_generic+0x9f7/0x11a0
[  139.137710][ T6539]  ? __pfx_do_xdp_generic+0x10/0x10
[  139.137728][ T6539]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  139.137777][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  139.137808][ T6539]  ? __pfx___up_read+0x10/0x10
[  139.137828][ T6539]  ? do_user_addr_fault+0xbbc/0x1380
[  139.137853][ T6539]  ? do_user_addr_fault+0xc85/0x1380
[  139.137873][ T6539]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  139.137898][ T6539]  ? irqentry_exit+0x74/0x90
[  139.137914][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.137935][ T6539]  ? __lock_acquire+0xab9/0xd20
[  139.137965][ T6539]  ? netif_receive_skb+0x115/0x790
[  139.137986][ T6539]  ? netif_receive_skb+0x115/0x790
[  139.138012][ T6539]  __netif_receive_skb+0x72/0x380
[  139.138031][ T6539]  ? _copy_from_iter+0x24f/0x1790
[  139.138052][ T6539]  ? netif_receive_skb+0x115/0x790
[  139.138073][ T6539]  netif_receive_skb+0x1cb/0x790
[  139.138096][ T6539]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  139.138115][ T6539]  ? __pfx_netif_receive_skb+0x10/0x10
[  139.138135][ T6539]  ? __pfx__copy_from_iter+0x10/0x10
[  139.138150][ T6539]  ? sock_alloc_send_pskb+0x86b/0x980
[  139.138173][ T6539]  ? tun_rx_batched+0x160/0x730
[  139.138196][ T6539]  tun_rx_batched+0x1b9/0x730
[  139.138216][ T6539]  ? __lock_acquire+0xab9/0xd20
[  139.138236][ T6539]  ? __pfx_tun_rx_batched+0x10/0x10
[  139.138258][ T6539]  ? tun_get_user+0x272f/0x3e90
[  139.138289][ T6539]  tun_get_user+0x2b65/0x3e90
[  139.138322][ T6539]  ? tun_get_user+0x272f/0x3e90
[  139.138345][ T6539]  ? aa_file_perm+0x44d/0x1550
[  139.138361][ T6539]  ? __pfx_tun_get_user+0x10/0x10
[  139.138398][ T6539]  ? ref_tracker_alloc+0x318/0x460
[  139.138414][ T6539]  ? __lock_acquire+0xab9/0xd20
[  139.138432][ T6539]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  139.138454][ T6539]  ? tun_get+0x1c/0x2f0
[  139.138479][ T6539]  ? tun_get+0x1c/0x2f0
[  139.138497][ T6539]  ? tun_get+0x1c/0x2f0
[  139.138521][ T6539]  tun_chr_write_iter+0x113/0x200
[  139.138544][ T6539]  vfs_write+0x5c9/0xb30
[  139.138572][ T6539]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  139.138593][ T6539]  ? __pfx_vfs_write+0x10/0x10
[  139.138623][ T6539]  ? __fget_files+0x2a/0x420
[  139.138647][ T6539]  ksys_write+0x145/0x250
[  139.138672][ T6539]  ? __pfx_ksys_write+0x10/0x10
[  139.138697][ T6539]  ? do_syscall_64+0xbe/0xfa0
[  139.138717][ T6539]  do_syscall_64+0xfa/0xfa0
[  139.138731][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.138747][ T6539]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.138764][ T6539]  ? clear_bhb_loop+0x60/0xb0
[  139.138785][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.138801][ T6539] RIP: 0033:0x7f39ec18d97f
[  139.138816][ T6539] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  139.138830][ T6539] RSP: 002b:00007f39ecff9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  139.138848][ T6539] RAX: ffffffffffffffda RBX: 00007f39ec3e5fa0 RCX: 00007f39ec18d97f
[  139.138861][ T6539] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  139.138871][ T6539] RBP: 00007f39ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  139.138881][ T6539] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  139.138891][ T6539] R13: 00007f39ec3e6038 R14: 00007f39ec3e5fa0 R15: 00007fffd451fb58
[  139.138922][ T6539]  </TASK>
[  139.138929][ T6539] Disabling lock debugging due to kernel taint
[  139.552558][ T6539] BUG: Bad page state in process syz.0.17  pfn:334bd
[  139.559396][ T6539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x334bd
[  139.569701][ T6539] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  139.577008][ T6539] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[  139.585841][ T6539] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  139.595341][ T6539] page dumped because: page_pool leak
[  139.601018][ T6539] page_owner tracks the page as allocated
[  139.606922][ T6539] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6539, tgid 6538 (syz.0.17), ts 138914041700, free_ts 135854182586
[  139.624686][ T6539]  post_alloc_hook+0x240/0x2a0
[  139.629618][ T6539]  get_page_from_freelist+0x2365/0x2440
[  139.635533][ T6539]  __alloc_frozen_pages_noprof+0x181/0x370
[  139.641476][ T6539]  alloc_pages_bulk_noprof+0x560/0x710
[  139.647106][ T6539]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  139.654010][ T6539]  skb_pp_cow_data+0xb47/0x13e0
[  139.658961][ T6539]  do_xdp_generic+0x699/0x11a0
[  139.664157][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  139.670624][ T6539]  __netif_receive_skb+0x72/0x380
[  139.675754][ T6539]  netif_receive_skb+0x1cb/0x790
[  139.680952][ T6539]  tun_rx_batched+0x1b9/0x730
[  139.685831][ T6539]  tun_get_user+0x2b65/0x3e90
[  139.690781][ T6539]  tun_chr_write_iter+0x113/0x200
[  139.696183][ T6539]  vfs_write+0x5c9/0xb30
[  139.700857][ T6539]  ksys_write+0x145/0x250
[  139.705559][ T6539]  do_syscall_64+0xfa/0xfa0
[  139.710662][ T6539] page last free pid 6414 tgid 6414 stack trace:
[  139.718321][ T6539]  __free_frozen_pages+0xbc4/0xd30
[  139.723672][ T6539]  vfree+0x25a/0x400
[  139.728257][ T6539]  kcov_close+0x28/0x50
[  139.733183][ T6539]  __fput+0x44c/0xa70
[  139.737897][ T6539]  task_work_run+0x1d4/0x260
[  139.743070][ T6539]  do_exit+0x6b5/0x2300
[  139.747417][ T6539]  do_group_exit+0x21c/0x2d0
[  139.753119][ T6539]  get_signal+0x1285/0x1340
[  139.757900][ T6539]  arch_do_signal_or_restart+0xa0/0x790
[  139.763778][ T6539]  exit_to_user_mode_loop+0x72/0x130
[  139.769815][ T6539]  do_syscall_64+0x2bd/0xfa0
[  139.775013][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.781492][ T6539] Modules linked in:
[  139.785746][ T6539] CPU: 0 UID: 0 PID: 6539 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  139.785773][ T6539] Tainted: [B]=BAD_PAGE
[  139.785777][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  139.785787][ T6539] Call Trace:
[  139.785793][ T6539]  <TASK>
[  139.785799][ T6539]  dump_stack_lvl+0x189/0x250
[  139.785824][ T6539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.785843][ T6539]  ? __pfx_print_modules+0x10/0x10
[  139.785864][ T6539]  bad_page+0x180/0x1c0
[  139.785892][ T6539]  __free_frozen_pages+0xce2/0xd30
[  139.785918][ T6539]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  139.785947][ T6539]  bpf_xdp_adjust_tail+0x1d6/0x220
[  139.785966][ T6539]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  139.785979][ T6539]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  139.786008][ T6539]  do_xdp_generic+0x9f7/0x11a0
[  139.786032][ T6539]  ? __pfx_do_xdp_generic+0x10/0x10
[  139.786049][ T6539]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  139.786076][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  139.786100][ T6539]  ? __pfx___up_read+0x10/0x10
[  139.786118][ T6539]  ? do_user_addr_fault+0xbbc/0x1380
[  139.786137][ T6539]  ? do_user_addr_fault+0xc85/0x1380
[  139.786154][ T6539]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  139.786177][ T6539]  ? irqentry_exit+0x74/0x90
[  139.786193][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.786210][ T6539]  ? __lock_acquire+0xab9/0xd20
[  139.786228][ T6539]  ? netif_receive_skb+0x115/0x790
[  139.786248][ T6539]  ? netif_receive_skb+0x115/0x790
[  139.786270][ T6539]  __netif_receive_skb+0x72/0x380
[  139.786292][ T6539]  ? _copy_from_iter+0x24f/0x1790
[  139.786312][ T6539]  ? netif_receive_skb+0x115/0x790
[  139.786333][ T6539]  netif_receive_skb+0x1cb/0x790
[  139.786353][ T6539]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  139.786371][ T6539]  ? __pfx_netif_receive_skb+0x10/0x10
[  139.786392][ T6539]  ? __pfx__copy_from_iter+0x10/0x10
[  139.786407][ T6539]  ? sock_alloc_send_pskb+0x86b/0x980
[  139.786428][ T6539]  ? tun_rx_batched+0x160/0x730
[  139.786446][ T6539]  tun_rx_batched+0x1b9/0x730
[  139.786464][ T6539]  ? __lock_acquire+0xab9/0xd20
[  139.786479][ T6539]  ? __pfx_tun_rx_batched+0x10/0x10
[  139.786496][ T6539]  ? tun_get_user+0x272f/0x3e90
[  139.786517][ T6539]  tun_get_user+0x2b65/0x3e90
[  139.786537][ T6539]  ? tun_get_user+0x272f/0x3e90
[  139.786553][ T6539]  ? aa_file_perm+0x44d/0x1550
[  139.786567][ T6539]  ? __pfx_tun_get_user+0x10/0x10
[  139.786589][ T6539]  ? ref_tracker_alloc+0x318/0x460
[  139.786603][ T6539]  ? __lock_acquire+0xab9/0xd20
[  139.786617][ T6539]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  139.786633][ T6539]  ? tun_get+0x1c/0x2f0
[  139.786649][ T6539]  ? tun_get+0x1c/0x2f0
[  139.786662][ T6539]  ? tun_get+0x1c/0x2f0
[  139.786676][ T6539]  tun_chr_write_iter+0x113/0x200
[  139.786692][ T6539]  vfs_write+0x5c9/0xb30
[  139.786712][ T6539]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  139.786728][ T6539]  ? __pfx_vfs_write+0x10/0x10
[  139.786749][ T6539]  ? __fget_files+0x2a/0x420
[  139.786765][ T6539]  ksys_write+0x145/0x250
[  139.786783][ T6539]  ? __pfx_ksys_write+0x10/0x10
[  139.786803][ T6539]  ? do_syscall_64+0xbe/0xfa0
[  139.786817][ T6539]  do_syscall_64+0xfa/0xfa0
[  139.786829][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.786843][ T6539]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.786856][ T6539]  ? clear_bhb_loop+0x60/0xb0
[  139.786872][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.786897][ T6539] RIP: 0033:0x7f39ec18d97f
[  139.786911][ T6539] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  139.786923][ T6539] RSP: 002b:00007f39ecff9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  139.786939][ T6539] RAX: ffffffffffffffda RBX: 00007f39ec3e5fa0 RCX: 00007f39ec18d97f
[  139.786950][ T6539] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  139.786959][ T6539] RBP: 00007f39ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  139.786968][ T6539] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  139.786977][ T6539] R13: 00007f39ec3e6038 R14: 00007f39ec3e5fa0 R15: 00007fffd451fb58
[  139.786994][ T6539]  </TASK>
[  139.787004][ T6539] BUG: Bad page state in process syz.0.17  pfn:272ec
[  140.209997][ T6539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880272ec280 pfn:0x272ec
[  140.220189][ T6539] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  140.227841][ T6539] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[  140.236556][ T6539] raw: ffff8880272ec280 0000000000000001 00000000ffffffff 0000000000000000
[  140.245362][ T6539] page dumped because: page_pool leak
[  140.251257][ T6539] page_owner tracks the page as allocated
[  140.257063][ T6539] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6539, tgid 6538 (syz.0.17), ts 138914023300, free_ts 138789987759
[  140.274792][ T6539]  post_alloc_hook+0x240/0x2a0
[  140.280101][ T6539]  get_page_from_freelist+0x2365/0x2440
[  140.286261][ T6539]  __alloc_frozen_pages_noprof+0x181/0x370
[  140.292279][ T6539]  alloc_pages_bulk_noprof+0x560/0x710
[  140.297879][ T6539]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  140.304294][ T6539]  skb_pp_cow_data+0xb47/0x13e0
[  140.309585][ T6539]  do_xdp_generic+0x699/0x11a0
[  140.314552][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  140.320544][ T6539]  __netif_receive_skb+0x72/0x380
[  140.325763][ T6539]  netif_receive_skb+0x1cb/0x790
[  140.330747][ T6539]  tun_rx_batched+0x1b9/0x730
[  140.335430][ T6539]  tun_get_user+0x2b65/0x3e90
[  140.340326][ T6539]  tun_chr_write_iter+0x113/0x200
[  140.345473][ T6539]  vfs_write+0x5c9/0xb30
[  140.349755][ T6539]  ksys_write+0x145/0x250
[  140.354352][ T6539]  do_syscall_64+0xfa/0xfa0
[  140.359153][ T6539] page last free pid 15 tgid 15 stack trace:
[  140.365355][ T6539]  __free_frozen_pages+0xbc4/0xd30
[  140.371373][ T6539]  tlb_remove_table_rcu+0x85/0x100
[  140.376664][ T6539]  rcu_core+0xcab/0x1770
[  140.381120][ T6539]  handle_softirqs+0x286/0x870
[  140.385900][ T6539]  run_ksoftirqd+0x9b/0x100
[  140.390603][ T6539]  smpboot_thread_fn+0x542/0xa60
[  140.395813][ T6539]  kthread+0x711/0x8a0
[  140.400089][ T6539]  ret_from_fork+0x4bc/0x870
[  140.404774][ T6539]  ret_from_fork_asm+0x1a/0x30
[  140.409919][ T6539] Modules linked in:
[  140.414112][ T6539] CPU: 0 UID: 0 PID: 6539 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  140.414130][ T6539] Tainted: [B]=BAD_PAGE
[  140.414134][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  140.414140][ T6539] Call Trace:
[  140.414146][ T6539]  <TASK>
[  140.414152][ T6539]  dump_stack_lvl+0x189/0x250
[  140.414170][ T6539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.414182][ T6539]  ? __pfx_print_modules+0x10/0x10
[  140.414194][ T6539]  bad_page+0x180/0x1c0
[  140.414206][ T6539]  __free_frozen_pages+0xce2/0xd30
[  140.414230][ T6539]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  140.414247][ T6539]  bpf_xdp_adjust_tail+0x1d6/0x220
[  140.414259][ T6539]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  140.414267][ T6539]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  140.414285][ T6539]  do_xdp_generic+0x9f7/0x11a0
[  140.414298][ T6539]  ? __pfx_do_xdp_generic+0x10/0x10
[  140.414309][ T6539]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  140.414325][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  140.414339][ T6539]  ? __pfx___up_read+0x10/0x10
[  140.414351][ T6539]  ? do_user_addr_fault+0xbbc/0x1380
[  140.414362][ T6539]  ? do_user_addr_fault+0xc85/0x1380
[  140.414371][ T6539]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  140.414384][ T6539]  ? irqentry_exit+0x74/0x90
[  140.414393][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.414402][ T6539]  ? __lock_acquire+0xab9/0xd20
[  140.414412][ T6539]  ? netif_receive_skb+0x115/0x790
[  140.414423][ T6539]  ? netif_receive_skb+0x115/0x790
[  140.414435][ T6539]  __netif_receive_skb+0x72/0x380
[  140.414447][ T6539]  ? _copy_from_iter+0x24f/0x1790
[  140.414458][ T6539]  ? netif_receive_skb+0x115/0x790
[  140.414469][ T6539]  netif_receive_skb+0x1cb/0x790
[  140.414480][ T6539]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  140.414491][ T6539]  ? __pfx_netif_receive_skb+0x10/0x10
[  140.414502][ T6539]  ? __pfx__copy_from_iter+0x10/0x10
[  140.414511][ T6539]  ? sock_alloc_send_pskb+0x86b/0x980
[  140.414522][ T6539]  ? tun_rx_batched+0x160/0x730
[  140.414533][ T6539]  tun_rx_batched+0x1b9/0x730
[  140.414544][ T6539]  ? __lock_acquire+0xab9/0xd20
[  140.414553][ T6539]  ? __pfx_tun_rx_batched+0x10/0x10
[  140.414563][ T6539]  ? tun_get_user+0x272f/0x3e90
[  140.414578][ T6539]  tun_get_user+0x2b65/0x3e90
[  140.414591][ T6539]  ? tun_get_user+0x272f/0x3e90
[  140.414602][ T6539]  ? aa_file_perm+0x44d/0x1550
[  140.414610][ T6539]  ? __pfx_tun_get_user+0x10/0x10
[  140.414628][ T6539]  ? ref_tracker_alloc+0x318/0x460
[  140.414640][ T6539]  ? __lock_acquire+0xab9/0xd20
[  140.414649][ T6539]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  140.414658][ T6539]  ? tun_get+0x1c/0x2f0
[  140.414669][ T6539]  ? tun_get+0x1c/0x2f0
[  140.414678][ T6539]  ? tun_get+0x1c/0x2f0
[  140.414689][ T6539]  tun_chr_write_iter+0x113/0x200
[  140.414700][ T6539]  vfs_write+0x5c9/0xb30
[  140.414714][ T6539]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  140.414724][ T6539]  ? __pfx_vfs_write+0x10/0x10
[  140.414738][ T6539]  ? __fget_files+0x2a/0x420
[  140.414748][ T6539]  ksys_write+0x145/0x250
[  140.414760][ T6539]  ? __pfx_ksys_write+0x10/0x10
[  140.414772][ T6539]  ? do_syscall_64+0xbe/0xfa0
[  140.414782][ T6539]  do_syscall_64+0xfa/0xfa0
[  140.414790][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.414798][ T6539]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.414807][ T6539]  ? clear_bhb_loop+0x60/0xb0
[  140.414821][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.414831][ T6539] RIP: 0033:0x7f39ec18d97f
[  140.414841][ T6539] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  140.414849][ T6539] RSP: 002b:00007f39ecff9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  140.414860][ T6539] RAX: ffffffffffffffda RBX: 00007f39ec3e5fa0 RCX: 00007f39ec18d97f
[  140.414867][ T6539] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  140.414873][ T6539] RBP: 00007f39ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  140.414879][ T6539] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  140.414884][ T6539] R13: 00007f39ec3e6038 R14: 00007f39ec3e5fa0 R15: 00007fffd451fb58
[  140.414894][ T6539]  </TASK>
[  140.414902][ T6539] BUG: Bad page state in process syz.0.17  pfn:78ff3
[  140.834929][ T6539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078ff3000 pfn:0x78ff3
[  140.845948][ T6539] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  140.853092][ T6539] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[  140.861805][ T6539] raw: ffff888078ff3000 0000000000000001 00000000ffffffff 0000000000000000
[  140.870659][ T6539] page dumped because: page_pool leak
[  140.876188][ T6539] page_owner tracks the page as allocated
[  140.882216][ T6539] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6539, tgid 6538 (syz.0.17), ts 138914005018, free_ts 138790013060
[  140.899608][ T6539]  post_alloc_hook+0x240/0x2a0
[  140.904739][ T6539]  get_page_from_freelist+0x2365/0x2440
[  140.910422][ T6539]  __alloc_frozen_pages_noprof+0x181/0x370
[  140.916294][ T6539]  alloc_pages_bulk_noprof+0x560/0x710
[  140.921997][ T6539]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  140.928189][ T6539]  skb_pp_cow_data+0xb47/0x13e0
[  140.933117][ T6539]  do_xdp_generic+0x699/0x11a0
[  140.938239][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  140.944224][ T6539]  __netif_receive_skb+0x72/0x380
[  140.949453][ T6539]  netif_receive_skb+0x1cb/0x790
[  140.954407][ T6539]  tun_rx_batched+0x1b9/0x730
[  140.959229][ T6539]  tun_get_user+0x2b65/0x3e90
[  140.964260][ T6539]  tun_chr_write_iter+0x113/0x200
[  140.969395][ T6539]  vfs_write+0x5c9/0xb30
[  140.973923][ T6539]  ksys_write+0x145/0x250
[  140.978241][ T6539]  do_syscall_64+0xfa/0xfa0
[  140.982880][ T6539] page last free pid 15 tgid 15 stack trace:
[  140.989025][ T6539]  __free_frozen_pages+0xbc4/0xd30
[  140.994346][ T6539]  tlb_remove_table_rcu+0x85/0x100
[  140.999480][ T6539]  rcu_core+0xcab/0x1770
[  141.003841][ T6539]  handle_softirqs+0x286/0x870
[  141.008616][ T6539]  run_ksoftirqd+0x9b/0x100
[  141.013312][ T6539]  smpboot_thread_fn+0x542/0xa60
[  141.018248][ T6539]  kthread+0x711/0x8a0
[  141.022451][ T6539]  ret_from_fork+0x4bc/0x870
[  141.027042][ T6539]  ret_from_fork_asm+0x1a/0x30
[  141.031978][ T6539] Modules linked in:
[  141.035991][ T6539] CPU: 0 UID: 0 PID: 6539 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  141.036008][ T6539] Tainted: [B]=BAD_PAGE
[  141.036011][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  141.036018][ T6539] Call Trace:
[  141.036023][ T6539]  <TASK>
[  141.036029][ T6539]  dump_stack_lvl+0x189/0x250
[  141.036047][ T6539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.036059][ T6539]  ? __pfx_print_modules+0x10/0x10
[  141.036071][ T6539]  bad_page+0x180/0x1c0
[  141.036083][ T6539]  __free_frozen_pages+0xce2/0xd30
[  141.036097][ T6539]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  141.036114][ T6539]  bpf_xdp_adjust_tail+0x1d6/0x220
[  141.036126][ T6539]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  141.036134][ T6539]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  141.036152][ T6539]  do_xdp_generic+0x9f7/0x11a0
[  141.036165][ T6539]  ? __pfx_do_xdp_generic+0x10/0x10
[  141.036176][ T6539]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  141.036192][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  141.036206][ T6539]  ? __pfx___up_read+0x10/0x10
[  141.036218][ T6539]  ? do_user_addr_fault+0xbbc/0x1380
[  141.036229][ T6539]  ? do_user_addr_fault+0xc85/0x1380
[  141.036238][ T6539]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  141.036251][ T6539]  ? irqentry_exit+0x74/0x90
[  141.036260][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.036269][ T6539]  ? __lock_acquire+0xab9/0xd20
[  141.036280][ T6539]  ? netif_receive_skb+0x115/0x790
[  141.036291][ T6539]  ? netif_receive_skb+0x115/0x790
[  141.036303][ T6539]  __netif_receive_skb+0x72/0x380
[  141.036315][ T6539]  ? _copy_from_iter+0x24f/0x1790
[  141.036326][ T6539]  ? netif_receive_skb+0x115/0x790
[  141.036336][ T6539]  netif_receive_skb+0x1cb/0x790
[  141.036348][ T6539]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  141.036358][ T6539]  ? __pfx_netif_receive_skb+0x10/0x10
[  141.036369][ T6539]  ? __pfx__copy_from_iter+0x10/0x10
[  141.036378][ T6539]  ? sock_alloc_send_pskb+0x86b/0x980
[  141.036389][ T6539]  ? tun_rx_batched+0x160/0x730
[  141.036401][ T6539]  tun_rx_batched+0x1b9/0x730
[  141.036411][ T6539]  ? __lock_acquire+0xab9/0xd20
[  141.036420][ T6539]  ? __pfx_tun_rx_batched+0x10/0x10
[  141.036431][ T6539]  ? tun_get_user+0x272f/0x3e90
[  141.036443][ T6539]  tun_get_user+0x2b65/0x3e90
[  141.036455][ T6539]  ? tun_get_user+0x272f/0x3e90
[  141.036466][ T6539]  ? aa_file_perm+0x44d/0x1550
[  141.036475][ T6539]  ? __pfx_tun_get_user+0x10/0x10
[  141.036488][ T6539]  ? ref_tracker_alloc+0x318/0x460
[  141.036497][ T6539]  ? __lock_acquire+0xab9/0xd20
[  141.036506][ T6539]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  141.036516][ T6539]  ? tun_get+0x1c/0x2f0
[  141.036526][ T6539]  ? tun_get+0x1c/0x2f0
[  141.036535][ T6539]  ? tun_get+0x1c/0x2f0
[  141.036546][ T6539]  tun_chr_write_iter+0x113/0x200
[  141.036556][ T6539]  vfs_write+0x5c9/0xb30
[  141.036570][ T6539]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  141.036580][ T6539]  ? __pfx_vfs_write+0x10/0x10
[  141.036593][ T6539]  ? __fget_files+0x2a/0x420
[  141.036603][ T6539]  ksys_write+0x145/0x250
[  141.036616][ T6539]  ? __pfx_ksys_write+0x10/0x10
[  141.036628][ T6539]  ? do_syscall_64+0xbe/0xfa0
[  141.036637][ T6539]  do_syscall_64+0xfa/0xfa0
[  141.036645][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.036653][ T6539]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.036662][ T6539]  ? clear_bhb_loop+0x60/0xb0
[  141.036677][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.036686][ T6539] RIP: 0033:0x7f39ec18d97f
[  141.036695][ T6539] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  141.036703][ T6539] RSP: 002b:00007f39ecff9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  141.036714][ T6539] RAX: ffffffffffffffda RBX: 00007f39ec3e5fa0 RCX: 00007f39ec18d97f
[  141.036721][ T6539] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  141.036727][ T6539] RBP: 00007f39ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  141.036733][ T6539] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  141.036738][ T6539] R13: 00007f39ec3e6038 R14: 00007f39ec3e5fa0 R15: 00007fffd451fb58
[  141.036748][ T6539]  </TASK>
[  141.036757][ T6539] BUG: Bad page state in process syz.0.17  pfn:3346a
[  141.455828][ T6539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3346a
[  141.465066][ T6539] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  141.472210][ T6539] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[  141.481361][ T6539] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  141.490578][ T6539] page dumped because: page_pool leak
[  141.496224][ T6539] page_owner tracks the page as allocated
[  141.502058][ T6539] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6539, tgid 6538 (syz.0.17), ts 138913987062, free_ts 138790035063
[  141.519368][ T6539]  post_alloc_hook+0x240/0x2a0
[  141.524222][ T6539]  get_page_from_freelist+0x2365/0x2440
[  141.529891][ T6539]  __alloc_frozen_pages_noprof+0x181/0x370
[  141.535948][ T6539]  alloc_pages_bulk_noprof+0x560/0x710
[  141.542183][ T6539]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  141.548335][ T6539]  skb_pp_cow_data+0xb47/0x13e0
[  141.553228][ T6539]  do_xdp_generic+0x699/0x11a0
[  141.558002][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  141.563905][ T6539]  __netif_receive_skb+0x72/0x380
[  141.569257][ T6539]  netif_receive_skb+0x1cb/0x790
[  141.574463][ T6539]  tun_rx_batched+0x1b9/0x730
[  141.579166][ T6539]  tun_get_user+0x2b65/0x3e90
[  141.583873][ T6539]  tun_chr_write_iter+0x113/0x200
[  141.588895][ T6539]  vfs_write+0x5c9/0xb30
[  141.593388][ T6539]  ksys_write+0x145/0x250
[  141.597895][ T6539]  do_syscall_64+0xfa/0xfa0
[  141.602640][ T6539] page last free pid 15 tgid 15 stack trace:
[  141.608791][ T6539]  __free_frozen_pages+0xbc4/0xd30
[  141.614134][ T6539]  tlb_remove_table_rcu+0x85/0x100
[  141.619358][ T6539]  rcu_core+0xcab/0x1770
[  141.623868][ T6539]  handle_softirqs+0x286/0x870
[  141.628633][ T6539]  run_ksoftirqd+0x9b/0x100
[  141.633702][ T6539]  smpboot_thread_fn+0x542/0xa60
[  141.638728][ T6539]  kthread+0x711/0x8a0
[  141.643428][ T6539]  ret_from_fork+0x4bc/0x870
[  141.648108][ T6539]  ret_from_fork_asm+0x1a/0x30
[  141.653053][ T6539] Modules linked in:
[  141.657433][ T6539] CPU: 0 UID: 0 PID: 6539 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  141.657534][ T6539] Tainted: [B]=BAD_PAGE
[  141.657538][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  141.657544][ T6539] Call Trace:
[  141.657549][ T6539]  <TASK>
[  141.657553][ T6539]  dump_stack_lvl+0x189/0x250
[  141.657571][ T6539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.657582][ T6539]  ? __pfx_print_modules+0x10/0x10
[  141.657595][ T6539]  bad_page+0x180/0x1c0
[  141.657606][ T6539]  __free_frozen_pages+0xce2/0xd30
[  141.657622][ T6539]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  141.657639][ T6539]  bpf_xdp_adjust_tail+0x1d6/0x220
[  141.657650][ T6539]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  141.657658][ T6539]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  141.657676][ T6539]  do_xdp_generic+0x9f7/0x11a0
[  141.657690][ T6539]  ? __pfx_do_xdp_generic+0x10/0x10
[  141.657700][ T6539]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  141.657716][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  141.657730][ T6539]  ? __pfx___up_read+0x10/0x10
[  141.657741][ T6539]  ? do_user_addr_fault+0xbbc/0x1380
[  141.657752][ T6539]  ? do_user_addr_fault+0xc85/0x1380
[  141.657761][ T6539]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  141.657774][ T6539]  ? irqentry_exit+0x74/0x90
[  141.657784][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.657793][ T6539]  ? __lock_acquire+0xab9/0xd20
[  141.657803][ T6539]  ? netif_receive_skb+0x115/0x790
[  141.657819][ T6539]  ? netif_receive_skb+0x115/0x790
[  141.657837][ T6539]  __netif_receive_skb+0x72/0x380
[  141.657855][ T6539]  ? _copy_from_iter+0x24f/0x1790
[  141.657872][ T6539]  ? netif_receive_skb+0x115/0x790
[  141.657887][ T6539]  netif_receive_skb+0x1cb/0x790
[  141.657905][ T6539]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  141.657921][ T6539]  ? __pfx_netif_receive_skb+0x10/0x10
[  141.657935][ T6539]  ? __pfx__copy_from_iter+0x10/0x10
[  141.657943][ T6539]  ? sock_alloc_send_pskb+0x86b/0x980
[  141.657955][ T6539]  ? tun_rx_batched+0x160/0x730
[  141.657966][ T6539]  tun_rx_batched+0x1b9/0x730
[  141.657977][ T6539]  ? __lock_acquire+0xab9/0xd20
[  141.657986][ T6539]  ? __pfx_tun_rx_batched+0x10/0x10
[  141.657997][ T6539]  ? tun_get_user+0x272f/0x3e90
[  141.658010][ T6539]  tun_get_user+0x2b65/0x3e90
[  141.658023][ T6539]  ? tun_get_user+0x272f/0x3e90
[  141.658033][ T6539]  ? aa_file_perm+0x44d/0x1550
[  141.658042][ T6539]  ? __pfx_tun_get_user+0x10/0x10
[  141.658056][ T6539]  ? ref_tracker_alloc+0x318/0x460
[  141.658065][ T6539]  ? __lock_acquire+0xab9/0xd20
[  141.658074][ T6539]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  141.658083][ T6539]  ? tun_get+0x1c/0x2f0
[  141.658094][ T6539]  ? tun_get+0x1c/0x2f0
[  141.658103][ T6539]  ? tun_get+0x1c/0x2f0
[  141.658113][ T6539]  tun_chr_write_iter+0x113/0x200
[  141.658124][ T6539]  vfs_write+0x5c9/0xb30
[  141.658138][ T6539]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  141.658148][ T6539]  ? __pfx_vfs_write+0x10/0x10
[  141.658165][ T6539]  ? __fget_files+0x2a/0x420
[  141.658177][ T6539]  ksys_write+0x145/0x250
[  141.658189][ T6539]  ? __pfx_ksys_write+0x10/0x10
[  141.658202][ T6539]  ? do_syscall_64+0xbe/0xfa0
[  141.658211][ T6539]  do_syscall_64+0xfa/0xfa0
[  141.658220][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.658228][ T6539]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.658237][ T6539]  ? clear_bhb_loop+0x60/0xb0
[  141.658247][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.658261][ T6539] RIP: 0033:0x7f39ec18d97f
[  141.658271][ T6539] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  141.658279][ T6539] RSP: 002b:00007f39ecff9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  141.658291][ T6539] RAX: ffffffffffffffda RBX: 00007f39ec3e5fa0 RCX: 00007f39ec18d97f
[  141.658298][ T6539] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  141.658303][ T6539] RBP: 00007f39ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  141.658309][ T6539] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  141.658315][ T6539] R13: 00007f39ec3e6038 R14: 00007f39ec3e5fa0 R15: 00007fffd451fb58
[  141.658325][ T6539]  </TASK>
[  141.658332][ T6539] BUG: Bad page state in process syz.0.17  pfn:75367
[  142.082509][ T6539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888075367e10 pfn:0x75367
[  142.093705][ T6539] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  142.101737][ T6539] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[  142.110808][ T6539] raw: ffff888075367e10 0000000000000001 00000000ffffffff 0000000000000000
[  142.119591][ T6539] page dumped because: page_pool leak
[  142.125287][ T6539] page_owner tracks the page as allocated
[  142.131235][ T6539] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6539, tgid 6538 (syz.0.17), ts 138913970023, free_ts 138790046530
[  142.149040][ T6539]  post_alloc_hook+0x240/0x2a0
[  142.155271][ T6539]  get_page_from_freelist+0x2365/0x2440
[  142.161348][ T6539]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.167900][ T6539]  alloc_pages_bulk_noprof+0x560/0x710
[  142.173703][ T6539]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  142.180385][ T6539]  skb_pp_cow_data+0xb47/0x13e0
[  142.185500][ T6539]  do_xdp_generic+0x699/0x11a0
[  142.190317][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  142.196229][ T6539]  __netif_receive_skb+0x72/0x380
[  142.201673][ T6539]  netif_receive_skb+0x1cb/0x790
[  142.207164][ T6539]  tun_rx_batched+0x1b9/0x730
[  142.212020][ T6539]  tun_get_user+0x2b65/0x3e90
[  142.217406][ T6539]  tun_chr_write_iter+0x113/0x200
[  142.223203][ T6539]  vfs_write+0x5c9/0xb30
[  142.227732][ T6539]  ksys_write+0x145/0x250
[  142.232189][ T6539]  do_syscall_64+0xfa/0xfa0
[  142.237508][ T6539] page last free pid 15 tgid 15 stack trace:
[  142.244158][ T6539]  __free_frozen_pages+0xbc4/0xd30
[  142.250029][ T6539]  tlb_remove_table_rcu+0x85/0x100
[  142.255154][ T6539]  rcu_core+0xcab/0x1770
[  142.259484][ T6539]  handle_softirqs+0x286/0x870
[  142.264444][ T6539]  run_ksoftirqd+0x9b/0x100
[  142.269277][ T6539]  smpboot_thread_fn+0x542/0xa60
[  142.274527][ T6539]  kthread+0x711/0x8a0
[  142.279542][ T6539]  ret_from_fork+0x4bc/0x870
[  142.284801][ T6539]  ret_from_fork_asm+0x1a/0x30
[  142.289875][ T6539] Modules linked in:
[  142.293894][ T6539] CPU: 0 UID: 0 PID: 6539 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  142.293912][ T6539] Tainted: [B]=BAD_PAGE
[  142.293916][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  142.293923][ T6539] Call Trace:
[  142.293929][ T6539]  <TASK>
[  142.293935][ T6539]  dump_stack_lvl+0x189/0x250
[  142.293953][ T6539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.293965][ T6539]  ? __pfx_print_modules+0x10/0x10
[  142.293978][ T6539]  bad_page+0x180/0x1c0
[  142.293990][ T6539]  __free_frozen_pages+0xce2/0xd30
[  142.294004][ T6539]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  142.294021][ T6539]  bpf_xdp_adjust_tail+0x1d6/0x220
[  142.294033][ T6539]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  142.294041][ T6539]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  142.294060][ T6539]  do_xdp_generic+0x9f7/0x11a0
[  142.294073][ T6539]  ? __pfx_do_xdp_generic+0x10/0x10
[  142.294084][ T6539]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  142.294100][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  142.294114][ T6539]  ? __pfx___up_read+0x10/0x10
[  142.294127][ T6539]  ? do_user_addr_fault+0xbbc/0x1380
[  142.294137][ T6539]  ? do_user_addr_fault+0xc85/0x1380
[  142.294147][ T6539]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  142.294159][ T6539]  ? irqentry_exit+0x74/0x90
[  142.294168][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.294178][ T6539]  ? __lock_acquire+0xab9/0xd20
[  142.294188][ T6539]  ? netif_receive_skb+0x115/0x790
[  142.294199][ T6539]  ? netif_receive_skb+0x115/0x790
[  142.294211][ T6539]  __netif_receive_skb+0x72/0x380
[  142.294223][ T6539]  ? _copy_from_iter+0x24f/0x1790
[  142.294234][ T6539]  ? netif_receive_skb+0x115/0x790
[  142.294245][ T6539]  netif_receive_skb+0x1cb/0x790
[  142.294257][ T6539]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  142.294267][ T6539]  ? __pfx_netif_receive_skb+0x10/0x10
[  142.294278][ T6539]  ? __pfx__copy_from_iter+0x10/0x10
[  142.294287][ T6539]  ? sock_alloc_send_pskb+0x86b/0x980
[  142.294299][ T6539]  ? tun_rx_batched+0x160/0x730
[  142.294310][ T6539]  tun_rx_batched+0x1b9/0x730
[  142.294320][ T6539]  ? __lock_acquire+0xab9/0xd20
[  142.294329][ T6539]  ? __pfx_tun_rx_batched+0x10/0x10
[  142.294340][ T6539]  ? tun_get_user+0x272f/0x3e90
[  142.294353][ T6539]  tun_get_user+0x2b65/0x3e90
[  142.294374][ T6539]  ? tun_get_user+0x272f/0x3e90
[  142.294384][ T6539]  ? aa_file_perm+0x44d/0x1550
[  142.294393][ T6539]  ? __pfx_tun_get_user+0x10/0x10
[  142.294406][ T6539]  ? ref_tracker_alloc+0x318/0x460
[  142.294416][ T6539]  ? __lock_acquire+0xab9/0xd20
[  142.294424][ T6539]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  142.294434][ T6539]  ? tun_get+0x1c/0x2f0
[  142.294444][ T6539]  ? tun_get+0x1c/0x2f0
[  142.294453][ T6539]  ? tun_get+0x1c/0x2f0
[  142.294464][ T6539]  tun_chr_write_iter+0x113/0x200
[  142.294476][ T6539]  vfs_write+0x5c9/0xb30
[  142.294494][ T6539]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  142.294505][ T6539]  ? __pfx_vfs_write+0x10/0x10
[  142.294518][ T6539]  ? __fget_files+0x2a/0x420
[  142.294530][ T6539]  ksys_write+0x145/0x250
[  142.294542][ T6539]  ? __pfx_ksys_write+0x10/0x10
[  142.294555][ T6539]  ? do_syscall_64+0xbe/0xfa0
[  142.294564][ T6539]  do_syscall_64+0xfa/0xfa0
[  142.294573][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.294581][ T6539]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.294590][ T6539]  ? clear_bhb_loop+0x60/0xb0
[  142.294600][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.294609][ T6539] RIP: 0033:0x7f39ec18d97f
[  142.294619][ T6539] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  142.294627][ T6539] RSP: 002b:00007f39ecff9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  142.294638][ T6539] RAX: ffffffffffffffda RBX: 00007f39ec3e5fa0 RCX: 00007f39ec18d97f
[  142.294645][ T6539] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  142.294651][ T6539] RBP: 00007f39ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  142.294657][ T6539] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  142.294662][ T6539] R13: 00007f39ec3e6038 R14: 00007f39ec3e5fa0 R15: 00007fffd451fb58
[  142.294672][ T6539]  </TASK>
[  142.294681][ T6539] BUG: Bad page state in process syz.0.17  pfn:6ee43
[  142.719575][ T6539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806ee43b40 pfn:0x6ee43
[  142.730079][ T6539] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  142.737391][ T6539] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[  142.746485][ T6539] raw: ffff88806ee43b40 0000000000000001 00000000ffffffff 0000000000000000
[  142.755231][ T6539] page dumped because: page_pool leak
[  142.760939][ T6539] page_owner tracks the page as allocated
[  142.766769][ T6539] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6539, tgid 6538 (syz.0.17), ts 138913952504, free_ts 138790068791
[  142.784112][ T6539]  post_alloc_hook+0x240/0x2a0
[  142.788898][ T6539]  get_page_from_freelist+0x2365/0x2440
[  142.794793][ T6539]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.800840][ T6539]  alloc_pages_bulk_noprof+0x560/0x710
[  142.806652][ T6539]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  142.812870][ T6539]  skb_pp_cow_data+0xb47/0x13e0
[  142.817841][ T6539]  do_xdp_generic+0x699/0x11a0
[  142.823470][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  142.829417][ T6539]  __netif_receive_skb+0x72/0x380
[  142.834703][ T6539]  netif_receive_skb+0x1cb/0x790
[  142.840078][ T6539]  tun_rx_batched+0x1b9/0x730
[  142.844965][ T6539]  tun_get_user+0x2b65/0x3e90
[  142.849862][ T6539]  tun_chr_write_iter+0x113/0x200
[  142.854997][ T6539]  vfs_write+0x5c9/0xb30
[  142.859589][ T6539]  ksys_write+0x145/0x250
[  142.864023][ T6539]  do_syscall_64+0xfa/0xfa0
[  142.868619][ T6539] page last free pid 15 tgid 15 stack trace:
[  142.874747][ T6539]  __free_frozen_pages+0xbc4/0xd30
[  142.880078][ T6539]  tlb_remove_table_rcu+0x85/0x100
[  142.885376][ T6539]  rcu_core+0xcab/0x1770
[  142.889645][ T6539]  handle_softirqs+0x286/0x870
[  142.894984][ T6539]  run_ksoftirqd+0x9b/0x100
[  142.899638][ T6539]  smpboot_thread_fn+0x542/0xa60
[  142.904632][ T6539]  kthread+0x711/0x8a0
[  142.909001][ T6539]  ret_from_fork+0x4bc/0x870
[  142.913796][ T6539]  ret_from_fork_asm+0x1a/0x30
[  142.918737][ T6539] Modules linked in:
[  142.922884][ T6539] CPU: 0 UID: 0 PID: 6539 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  142.922907][ T6539] Tainted: [B]=BAD_PAGE
[  142.922912][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  142.922921][ T6539] Call Trace:
[  142.922931][ T6539]  <TASK>
[  142.922939][ T6539]  dump_stack_lvl+0x189/0x250
[  142.922965][ T6539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.922982][ T6539]  ? __pfx_print_modules+0x10/0x10
[  142.923000][ T6539]  bad_page+0x180/0x1c0
[  142.923016][ T6539]  __free_frozen_pages+0xce2/0xd30
[  142.923039][ T6539]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  142.923064][ T6539]  bpf_xdp_adjust_tail+0x1d6/0x220
[  142.923082][ T6539]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  142.923096][ T6539]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  142.923122][ T6539]  do_xdp_generic+0x9f7/0x11a0
[  142.923146][ T6539]  ? __pfx_do_xdp_generic+0x10/0x10
[  142.923164][ T6539]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  142.923194][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  142.923217][ T6539]  ? __pfx___up_read+0x10/0x10
[  142.923235][ T6539]  ? do_user_addr_fault+0xbbc/0x1380
[  142.923254][ T6539]  ? do_user_addr_fault+0xc85/0x1380
[  142.923272][ T6539]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  142.923293][ T6539]  ? irqentry_exit+0x74/0x90
[  142.923309][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.923327][ T6539]  ? __lock_acquire+0xab9/0xd20
[  142.923545][ T6539]  ? netif_receive_skb+0x115/0x790
[  142.923574][ T6539]  ? netif_receive_skb+0x115/0x790
[  142.923600][ T6539]  __netif_receive_skb+0x72/0x380
[  142.923623][ T6539]  ? _copy_from_iter+0x24f/0x1790
[  142.923643][ T6539]  ? netif_receive_skb+0x115/0x790
[  142.923756][ T6539]  netif_receive_skb+0x1cb/0x790
[  142.923775][ T6539]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  142.923791][ T6539]  ? __pfx_netif_receive_skb+0x10/0x10
[  142.923807][ T6539]  ? __pfx__copy_from_iter+0x10/0x10
[  142.923825][ T6539]  ? sock_alloc_send_pskb+0x86b/0x980
[  142.923846][ T6539]  ? tun_rx_batched+0x160/0x730
[  142.923869][ T6539]  tun_rx_batched+0x1b9/0x730
[  142.923886][ T6539]  ? __lock_acquire+0xab9/0xd20
[  142.923904][ T6539]  ? __pfx_tun_rx_batched+0x10/0x10
[  142.923921][ T6539]  ? tun_get_user+0x272f/0x3e90
[  142.923940][ T6539]  tun_get_user+0x2b65/0x3e90
[  142.923961][ T6539]  ? tun_get_user+0x272f/0x3e90
[  142.923977][ T6539]  ? aa_file_perm+0x44d/0x1550
[  142.923993][ T6539]  ? __pfx_tun_get_user+0x10/0x10
[  142.924018][ T6539]  ? ref_tracker_alloc+0x318/0x460
[  142.924033][ T6539]  ? __lock_acquire+0xab9/0xd20
[  142.924048][ T6539]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  142.924066][ T6539]  ? tun_get+0x1c/0x2f0
[  142.924086][ T6539]  ? tun_get+0x1c/0x2f0
[  142.924103][ T6539]  ? tun_get+0x1c/0x2f0
[  142.924121][ T6539]  tun_chr_write_iter+0x113/0x200
[  142.924141][ T6539]  vfs_write+0x5c9/0xb30
[  142.924165][ T6539]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  142.924183][ T6539]  ? __pfx_vfs_write+0x10/0x10
[  142.924206][ T6539]  ? __fget_files+0x2a/0x420
[  142.924239][ T6539]  ksys_write+0x145/0x250
[  142.924256][ T6539]  ? __pfx_ksys_write+0x10/0x10
[  142.924273][ T6539]  ? do_syscall_64+0xbe/0xfa0
[  142.924292][ T6539]  do_syscall_64+0xfa/0xfa0
[  142.924303][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.924315][ T6539]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.924328][ T6539]  ? clear_bhb_loop+0x60/0xb0
[  142.924345][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.924359][ T6539] RIP: 0033:0x7f39ec18d97f
[  142.924374][ T6539] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  142.924387][ T6539] RSP: 002b:00007f39ecff9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  142.924405][ T6539] RAX: ffffffffffffffda RBX: 00007f39ec3e5fa0 RCX: 00007f39ec18d97f
[  142.924417][ T6539] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  142.924428][ T6539] RBP: 00007f39ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  142.924438][ T6539] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  142.924448][ T6539] R13: 00007f39ec3e6038 R14: 00007f39ec3e5fa0 R15: 00007fffd451fb58
[  142.924467][ T6539]  </TASK>
[  142.924531][ T6539] BUG: Bad page state in process syz.0.17  pfn:6dbe8
[  143.350639][ T6539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x6dbe8
[  143.361222][ T6539] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  143.369597][ T6539] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[  143.378376][ T6539] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  143.387174][ T6539] page dumped because: page_pool leak
[  143.392670][ T6539] page_owner tracks the page as allocated
[  143.398550][ T6539] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6539, tgid 6538 (syz.0.17), ts 138913934042, free_ts 138790090396
[  143.416313][ T6539]  post_alloc_hook+0x240/0x2a0
[  143.421205][ T6539]  get_page_from_freelist+0x2365/0x2440
[  143.426858][ T6539]  __alloc_frozen_pages_noprof+0x181/0x370
[  143.433064][ T6539]  alloc_pages_bulk_noprof+0x560/0x710
[  143.438733][ T6539]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  143.445359][ T6539]  skb_pp_cow_data+0xb47/0x13e0
[  143.450901][ T6539]  do_xdp_generic+0x699/0x11a0
[  143.456106][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  143.462227][ T6539]  __netif_receive_skb+0x72/0x380
[  143.467491][ T6539]  netif_receive_skb+0x1cb/0x790
[  143.473099][ T6539]  tun_rx_batched+0x1b9/0x730
[  143.478479][ T6539]  tun_get_user+0x2b65/0x3e90
[  143.483674][ T6539]  tun_chr_write_iter+0x113/0x200
[  143.488718][ T6539]  vfs_write+0x5c9/0xb30
[  143.493205][ T6539]  ksys_write+0x145/0x250
[  143.497939][ T6539]  do_syscall_64+0xfa/0xfa0
[  143.502575][ T6539] page last free pid 15 tgid 15 stack trace:
[  143.508735][ T6539]  __free_frozen_pages+0xbc4/0xd30
[  143.514152][ T6539]  tlb_remove_table_rcu+0x85/0x100
[  143.519555][ T6539]  rcu_core+0xcab/0x1770
[  143.524355][ T6539]  handle_softirqs+0x286/0x870
[  143.529163][ T6539]  run_ksoftirqd+0x9b/0x100
[  143.534020][ T6539]  smpboot_thread_fn+0x542/0xa60
[  143.539868][ T6539]  kthread+0x711/0x8a0
[  143.544371][ T6539]  ret_from_fork+0x4bc/0x870
[  143.549336][ T6539]  ret_from_fork_asm+0x1a/0x30
[  143.554350][ T6539] Modules linked in:
[  143.558639][ T6539] CPU: 0 UID: 0 PID: 6539 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  143.558656][ T6539] Tainted: [B]=BAD_PAGE
[  143.558660][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  143.558666][ T6539] Call Trace:
[  143.558673][ T6539]  <TASK>
[  143.558678][ T6539]  dump_stack_lvl+0x189/0x250
[  143.558696][ T6539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.558708][ T6539]  ? __pfx_print_modules+0x10/0x10
[  143.558720][ T6539]  bad_page+0x180/0x1c0
[  143.558731][ T6539]  __free_frozen_pages+0xce2/0xd30
[  143.558746][ T6539]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  143.558762][ T6539]  bpf_xdp_adjust_tail+0x1d6/0x220
[  143.558774][ T6539]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  143.558782][ T6539]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  143.558800][ T6539]  do_xdp_generic+0x9f7/0x11a0
[  143.558814][ T6539]  ? __pfx_do_xdp_generic+0x10/0x10
[  143.558824][ T6539]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  143.558840][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  143.558855][ T6539]  ? __pfx___up_read+0x10/0x10
[  143.558867][ T6539]  ? do_user_addr_fault+0xbbc/0x1380
[  143.558878][ T6539]  ? do_user_addr_fault+0xc85/0x1380
[  143.558887][ T6539]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  143.558899][ T6539]  ? irqentry_exit+0x74/0x90
[  143.558908][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.558917][ T6539]  ? __lock_acquire+0xab9/0xd20
[  143.558933][ T6539]  ? netif_receive_skb+0x115/0x790
[  143.558944][ T6539]  ? netif_receive_skb+0x115/0x790
[  143.558956][ T6539]  __netif_receive_skb+0x72/0x380
[  143.558968][ T6539]  ? _copy_from_iter+0x24f/0x1790
[  143.558980][ T6539]  ? netif_receive_skb+0x115/0x790
[  143.558991][ T6539]  netif_receive_skb+0x1cb/0x790
[  143.559003][ T6539]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  143.559013][ T6539]  ? __pfx_netif_receive_skb+0x10/0x10
[  143.559025][ T6539]  ? __pfx__copy_from_iter+0x10/0x10
[  143.559033][ T6539]  ? sock_alloc_send_pskb+0x86b/0x980
[  143.559045][ T6539]  ? tun_rx_batched+0x160/0x730
[  143.559057][ T6539]  tun_rx_batched+0x1b9/0x730
[  143.559068][ T6539]  ? __lock_acquire+0xab9/0xd20
[  143.559084][ T6539]  ? __pfx_tun_rx_batched+0x10/0x10
[  143.559099][ T6539]  ? tun_get_user+0x272f/0x3e90
[  143.559120][ T6539]  tun_get_user+0x2b65/0x3e90
[  143.559138][ T6539]  ? tun_get_user+0x272f/0x3e90
[  143.559153][ T6539]  ? aa_file_perm+0x44d/0x1550
[  143.559166][ T6539]  ? __pfx_tun_get_user+0x10/0x10
[  143.559186][ T6539]  ? ref_tracker_alloc+0x318/0x460
[  143.559199][ T6539]  ? __lock_acquire+0xab9/0xd20
[  143.559211][ T6539]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  143.559237][ T6539]  ? tun_get+0x1c/0x2f0
[  143.559254][ T6539]  ? tun_get+0x1c/0x2f0
[  143.559268][ T6539]  ? tun_get+0x1c/0x2f0
[  143.559281][ T6539]  tun_chr_write_iter+0x113/0x200
[  143.559293][ T6539]  vfs_write+0x5c9/0xb30
[  143.559307][ T6539]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  143.559317][ T6539]  ? __pfx_vfs_write+0x10/0x10
[  143.559330][ T6539]  ? __fget_files+0x2a/0x420
[  143.559340][ T6539]  ksys_write+0x145/0x250
[  143.559352][ T6539]  ? __pfx_ksys_write+0x10/0x10
[  143.559364][ T6539]  ? do_syscall_64+0xbe/0xfa0
[  143.559374][ T6539]  do_syscall_64+0xfa/0xfa0
[  143.559382][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.559390][ T6539]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.559399][ T6539]  ? clear_bhb_loop+0x60/0xb0
[  143.559409][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.559418][ T6539] RIP: 0033:0x7f39ec18d97f
[  143.559428][ T6539] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  143.559436][ T6539] RSP: 002b:00007f39ecff9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  143.559447][ T6539] RAX: ffffffffffffffda RBX: 00007f39ec3e5fa0 RCX: 00007f39ec18d97f
[  143.559454][ T6539] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  143.559460][ T6539] RBP: 00007f39ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  143.559466][ T6539] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  143.559471][ T6539] R13: 00007f39ec3e6038 R14: 00007f39ec3e5fa0 R15: 00007fffd451fb58
[  143.559481][ T6539]  </TASK>
[  143.983367][ T6539] BUG: Bad page state in process syz.0.17  pfn:3346f
[  143.990364][ T6539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3346f
[  143.999961][ T6539] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  144.007345][ T6539] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[  144.016074][ T6539] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  144.024867][ T6539] page dumped because: page_pool leak
[  144.030359][ T6539] page_owner tracks the page as allocated
[  144.036085][ T6539] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6539, tgid 6538 (syz.0.17), ts 138913915396, free_ts 138790111984
[  144.053533][ T6539]  post_alloc_hook+0x240/0x2a0
[  144.058488][ T6539]  get_page_from_freelist+0x2365/0x2440
[  144.064178][ T6539]  __alloc_frozen_pages_noprof+0x181/0x370
[  144.070209][ T6539]  alloc_pages_bulk_noprof+0x560/0x710
[  144.075874][ T6539]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  144.082581][ T6539]  skb_pp_cow_data+0xb47/0x13e0
[  144.087533][ T6539]  do_xdp_generic+0x699/0x11a0
[  144.092618][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  144.098627][ T6539]  __netif_receive_skb+0x72/0x380
[  144.103984][ T6539]  netif_receive_skb+0x1cb/0x790
[  144.109022][ T6539]  tun_rx_batched+0x1b9/0x730
[  144.114140][ T6539]  tun_get_user+0x2b65/0x3e90
[  144.118926][ T6539]  tun_chr_write_iter+0x113/0x200
[  144.124099][ T6539]  vfs_write+0x5c9/0xb30
[  144.128697][ T6539]  ksys_write+0x145/0x250
[  144.133089][ T6539]  do_syscall_64+0xfa/0xfa0
[  144.137710][ T6539] page last free pid 15 tgid 15 stack trace:
[  144.143875][ T6539]  __free_frozen_pages+0xbc4/0xd30
[  144.149209][ T6539]  tlb_remove_table_rcu+0x85/0x100
[  144.154509][ T6539]  rcu_core+0xcab/0x1770
[  144.158740][ T6539]  handle_softirqs+0x286/0x870
[  144.164211][ T6539]  run_ksoftirqd+0x9b/0x100
[  144.168925][ T6539]  smpboot_thread_fn+0x542/0xa60
[  144.174215][ T6539]  kthread+0x711/0x8a0
[  144.178510][ T6539]  ret_from_fork+0x4bc/0x870
[  144.183163][ T6539]  ret_from_fork_asm+0x1a/0x30
[  144.187938][ T6539] Modules linked in:
[  144.192384][ T6539] CPU: 0 UID: 0 PID: 6539 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  144.192404][ T6539] Tainted: [B]=BAD_PAGE
[  144.192409][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  144.192416][ T6539] Call Trace:
[  144.192422][ T6539]  <TASK>
[  144.192428][ T6539]  dump_stack_lvl+0x189/0x250
[  144.192451][ T6539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.192468][ T6539]  ? __pfx_print_modules+0x10/0x10
[  144.192490][ T6539]  bad_page+0x180/0x1c0
[  144.192510][ T6539]  __free_frozen_pages+0xce2/0xd30
[  144.192537][ T6539]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  144.192564][ T6539]  bpf_xdp_adjust_tail+0x1d6/0x220
[  144.192581][ T6539]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  144.192594][ T6539]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  144.192622][ T6539]  do_xdp_generic+0x9f7/0x11a0
[  144.192643][ T6539]  ? __pfx_do_xdp_generic+0x10/0x10
[  144.192660][ T6539]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  144.192689][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  144.192714][ T6539]  ? __pfx___up_read+0x10/0x10
[  144.192735][ T6539]  ? do_user_addr_fault+0xbbc/0x1380
[  144.192754][ T6539]  ? do_user_addr_fault+0xc85/0x1380
[  144.192771][ T6539]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  144.192794][ T6539]  ? irqentry_exit+0x74/0x90
[  144.192810][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.192827][ T6539]  ? __lock_acquire+0xab9/0xd20
[  144.192845][ T6539]  ? netif_receive_skb+0x115/0x790
[  144.192866][ T6539]  ? netif_receive_skb+0x115/0x790
[  144.192888][ T6539]  __netif_receive_skb+0x72/0x380
[  144.192908][ T6539]  ? _copy_from_iter+0x24f/0x1790
[  144.192928][ T6539]  ? netif_receive_skb+0x115/0x790
[  144.192949][ T6539]  netif_receive_skb+0x1cb/0x790
[  144.192970][ T6539]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  144.192989][ T6539]  ? __pfx_netif_receive_skb+0x10/0x10
[  144.193010][ T6539]  ? __pfx__copy_from_iter+0x10/0x10
[  144.193026][ T6539]  ? sock_alloc_send_pskb+0x86b/0x980
[  144.193047][ T6539]  ? tun_rx_batched+0x160/0x730
[  144.193065][ T6539]  tun_rx_batched+0x1b9/0x730
[  144.193081][ T6539]  ? __lock_acquire+0xab9/0xd20
[  144.193096][ T6539]  ? __pfx_tun_rx_batched+0x10/0x10
[  144.193113][ T6539]  ? tun_get_user+0x272f/0x3e90
[  144.193148][ T6539]  tun_get_user+0x2b65/0x3e90
[  144.193171][ T6539]  ? tun_get_user+0x272f/0x3e90
[  144.193190][ T6539]  ? aa_file_perm+0x44d/0x1550
[  144.193221][ T6539]  ? __pfx_tun_get_user+0x10/0x10
[  144.193246][ T6539]  ? ref_tracker_alloc+0x318/0x460
[  144.193261][ T6539]  ? __lock_acquire+0xab9/0xd20
[  144.193277][ T6539]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  144.193294][ T6539]  ? tun_get+0x1c/0x2f0
[  144.193313][ T6539]  ? tun_get+0x1c/0x2f0
[  144.193329][ T6539]  ? tun_get+0x1c/0x2f0
[  144.193347][ T6539]  tun_chr_write_iter+0x113/0x200
[  144.193366][ T6539]  vfs_write+0x5c9/0xb30
[  144.193388][ T6539]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  144.193406][ T6539]  ? __pfx_vfs_write+0x10/0x10
[  144.193429][ T6539]  ? __fget_files+0x2a/0x420
[  144.193448][ T6539]  ksys_write+0x145/0x250
[  144.193469][ T6539]  ? __pfx_ksys_write+0x10/0x10
[  144.193490][ T6539]  ? do_syscall_64+0xbe/0xfa0
[  144.193507][ T6539]  do_syscall_64+0xfa/0xfa0
[  144.193520][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.193535][ T6539]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.193551][ T6539]  ? clear_bhb_loop+0x60/0xb0
[  144.193568][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.193584][ T6539] RIP: 0033:0x7f39ec18d97f
[  144.193598][ T6539] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  144.193611][ T6539] RSP: 002b:00007f39ecff9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  144.193629][ T6539] RAX: ffffffffffffffda RBX: 00007f39ec3e5fa0 RCX: 00007f39ec18d97f
[  144.193641][ T6539] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  144.193651][ T6539] RBP: 00007f39ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  144.193661][ T6539] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  144.193671][ T6539] R13: 00007f39ec3e6038 R14: 00007f39ec3e5fa0 R15: 00007fffd451fb58
[  144.193689][ T6539]  </TASK>
[  144.193700][ T6539] BUG: Bad page state in process syz.0.17  pfn:27e27
[  144.615185][ T6539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x27e27
[  144.625744][ T6539] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  144.633163][ T6539] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[  144.641788][ T6539] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  144.650912][ T6539] page dumped because: page_pool leak
[  144.656616][ T6539] page_owner tracks the page as allocated
[  144.662567][ T6539] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6539, tgid 6538 (syz.0.17), ts 138913896685, free_ts 138790133241
[  144.680065][ T6539]  post_alloc_hook+0x240/0x2a0
[  144.684935][ T6539]  get_page_from_freelist+0x2365/0x2440
[  144.690815][ T6539]  __alloc_frozen_pages_noprof+0x181/0x370
[  144.697000][ T6539]  alloc_pages_bulk_noprof+0x560/0x710
[  144.702592][ T6539]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  144.708787][ T6539]  skb_pp_cow_data+0xb47/0x13e0
[  144.713868][ T6539]  do_xdp_generic+0x699/0x11a0
[  144.718818][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  144.724854][ T6539]  __netif_receive_skb+0x72/0x380
[  144.730102][ T6539]  netif_receive_skb+0x1cb/0x790
[  144.735136][ T6539]  tun_rx_batched+0x1b9/0x730
[  144.740232][ T6539]  tun_get_user+0x2b65/0x3e90
[  144.744913][ T6539]  tun_chr_write_iter+0x113/0x200
[  144.750404][ T6539]  vfs_write+0x5c9/0xb30
[  144.754835][ T6539]  ksys_write+0x145/0x250
[  144.759208][ T6539]  do_syscall_64+0xfa/0xfa0
[  144.763786][ T6539] page last free pid 15 tgid 15 stack trace:
[  144.769980][ T6539]  __free_frozen_pages+0xbc4/0xd30
[  144.775200][ T6539]  tlb_remove_table_rcu+0x85/0x100
[  144.780347][ T6539]  rcu_core+0xcab/0x1770
[  144.784691][ T6539]  handle_softirqs+0x286/0x870
[  144.789492][ T6539]  run_ksoftirqd+0x9b/0x100
[  144.794000][ T6539]  smpboot_thread_fn+0x542/0xa60
[  144.798939][ T6539]  kthread+0x711/0x8a0
[  144.803055][ T6539]  ret_from_fork+0x4bc/0x870
[  144.807849][ T6539]  ret_from_fork_asm+0x1a/0x30
[  144.813044][ T6539] Modules linked in:
[  144.817068][ T6539] CPU: 0 UID: 0 PID: 6539 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  144.817089][ T6539] Tainted: [B]=BAD_PAGE
[  144.817092][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  144.817098][ T6539] Call Trace:
[  144.817103][ T6539]  <TASK>
[  144.817107][ T6539]  dump_stack_lvl+0x189/0x250
[  144.817126][ T6539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.817137][ T6539]  ? __pfx_print_modules+0x10/0x10
[  144.817150][ T6539]  bad_page+0x180/0x1c0
[  144.817161][ T6539]  __free_frozen_pages+0xce2/0xd30
[  144.817176][ T6539]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  144.817193][ T6539]  bpf_xdp_adjust_tail+0x1d6/0x220
[  144.817204][ T6539]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  144.817213][ T6539]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  144.817230][ T6539]  do_xdp_generic+0x9f7/0x11a0
[  144.817244][ T6539]  ? __pfx_do_xdp_generic+0x10/0x10
[  144.817254][ T6539]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  144.817270][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  144.817285][ T6539]  ? __pfx___up_read+0x10/0x10
[  144.817297][ T6539]  ? do_user_addr_fault+0xbbc/0x1380
[  144.817307][ T6539]  ? do_user_addr_fault+0xc85/0x1380
[  144.817316][ T6539]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  144.817329][ T6539]  ? irqentry_exit+0x74/0x90
[  144.817338][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.817348][ T6539]  ? __lock_acquire+0xab9/0xd20
[  144.817358][ T6539]  ? netif_receive_skb+0x115/0x790
[  144.817369][ T6539]  ? netif_receive_skb+0x115/0x790
[  144.817381][ T6539]  __netif_receive_skb+0x72/0x380
[  144.817393][ T6539]  ? _copy_from_iter+0x24f/0x1790
[  144.817404][ T6539]  ? netif_receive_skb+0x115/0x790
[  144.817415][ T6539]  netif_receive_skb+0x1cb/0x790
[  144.817427][ T6539]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  144.817437][ T6539]  ? __pfx_netif_receive_skb+0x10/0x10
[  144.817448][ T6539]  ? __pfx__copy_from_iter+0x10/0x10
[  144.817457][ T6539]  ? sock_alloc_send_pskb+0x86b/0x980
[  144.817468][ T6539]  ? tun_rx_batched+0x160/0x730
[  144.817480][ T6539]  tun_rx_batched+0x1b9/0x730
[  144.817490][ T6539]  ? __lock_acquire+0xab9/0xd20
[  144.817499][ T6539]  ? __pfx_tun_rx_batched+0x10/0x10
[  144.817510][ T6539]  ? tun_get_user+0x272f/0x3e90
[  144.817522][ T6539]  tun_get_user+0x2b65/0x3e90
[  144.817535][ T6539]  ? tun_get_user+0x272f/0x3e90
[  144.817545][ T6539]  ? aa_file_perm+0x44d/0x1550
[  144.817554][ T6539]  ? __pfx_tun_get_user+0x10/0x10
[  144.817568][ T6539]  ? ref_tracker_alloc+0x318/0x460
[  144.817577][ T6539]  ? __lock_acquire+0xab9/0xd20
[  144.817586][ T6539]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  144.817595][ T6539]  ? tun_get+0x1c/0x2f0
[  144.817606][ T6539]  ? tun_get+0x1c/0x2f0
[  144.817615][ T6539]  ? tun_get+0x1c/0x2f0
[  144.817625][ T6539]  tun_chr_write_iter+0x113/0x200
[  144.817636][ T6539]  vfs_write+0x5c9/0xb30
[  144.817649][ T6539]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  144.817659][ T6539]  ? __pfx_vfs_write+0x10/0x10
[  144.817672][ T6539]  ? __fget_files+0x2a/0x420
[  144.817683][ T6539]  ksys_write+0x145/0x250
[  144.817695][ T6539]  ? __pfx_ksys_write+0x10/0x10
[  144.817707][ T6539]  ? do_syscall_64+0xbe/0xfa0
[  144.817716][ T6539]  do_syscall_64+0xfa/0xfa0
[  144.817724][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.817732][ T6539]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.817741][ T6539]  ? clear_bhb_loop+0x60/0xb0
[  144.817751][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.817760][ T6539] RIP: 0033:0x7f39ec18d97f
[  144.817769][ T6539] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  144.817777][ T6539] RSP: 002b:00007f39ecff9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  144.817789][ T6539] RAX: ffffffffffffffda RBX: 00007f39ec3e5fa0 RCX: 00007f39ec18d97f
[  144.817797][ T6539] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  144.817803][ T6539] RBP: 00007f39ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  144.817809][ T6539] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  144.817815][ T6539] R13: 00007f39ec3e6038 R14: 00007f39ec3e5fa0 R15: 00007fffd451fb58
[  144.817824][ T6539]  </TASK>
[  144.817831][ T6539] BUG: Bad page state in process syz.0.17  pfn:75938
[  145.243478][ T6539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75938
[  145.252366][ T6539] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  145.259784][ T6539] raw: 00fff00000000000 dead000000000040 ffff888021688000 0000000000000000
[  145.268371][ T6539] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  145.277380][ T6539] page dumped because: page_pool leak
[  145.283405][ T6539] page_owner tracks the page as allocated
[  145.289328][ T6539] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6539, tgid 6538 (syz.0.17), ts 138913878567, free_ts 138790154736
[  145.306294][ T6539]  post_alloc_hook+0x240/0x2a0
[  145.311255][ T6539]  get_page_from_freelist+0x2365/0x2440
[  145.316970][ T6539]  __alloc_frozen_pages_noprof+0x181/0x370
[  145.322895][ T6539]  alloc_pages_bulk_noprof+0x560/0x710
[  145.328353][ T6539]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  145.334537][ T6539]  skb_pp_cow_data+0xb47/0x13e0
[  145.339911][ T6539]  do_xdp_generic+0x699/0x11a0
[  145.344855][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  145.351128][ T6539]  __netif_receive_skb+0x72/0x380
[  145.356171][ T6539]  netif_receive_skb+0x1cb/0x790
[  145.361378][ T6539]  tun_rx_batched+0x1b9/0x730
[  145.366256][ T6539]  tun_get_user+0x2b65/0x3e90
[  145.371221][ T6539]  tun_chr_write_iter+0x113/0x200
[  145.376610][ T6539]  vfs_write+0x5c9/0xb30
[  145.380996][ T6539]  ksys_write+0x145/0x250
[  145.385430][ T6539]  do_syscall_64+0xfa/0xfa0
[  145.390046][ T6539] page last free pid 15 tgid 15 stack trace:
[  145.396386][ T6539]  __free_frozen_pages+0xbc4/0xd30
[  145.402106][ T6539]  tlb_remove_table_rcu+0x85/0x100
[  145.407281][ T6539]  rcu_core+0xcab/0x1770
[  145.411598][ T6539]  handle_softirqs+0x286/0x870
[  145.416725][ T6539]  run_ksoftirqd+0x9b/0x100
[  145.421878][ T6539]  smpboot_thread_fn+0x542/0xa60
[  145.427180][ T6539]  kthread+0x711/0x8a0
[  145.431450][ T6539]  ret_from_fork+0x4bc/0x870
[  145.436165][ T6539]  ret_from_fork_asm+0x1a/0x30
[  145.440982][ T6539] Modules linked in:
[  145.444898][ T6539] CPU: 0 UID: 0 PID: 6539 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  145.444914][ T6539] Tainted: [B]=BAD_PAGE
[  145.444918][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  145.444924][ T6539] Call Trace:
[  145.444929][ T6539]  <TASK>
[  145.444934][ T6539]  dump_stack_lvl+0x189/0x250
[  145.444952][ T6539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.444963][ T6539]  ? __pfx_print_modules+0x10/0x10
[  145.444976][ T6539]  bad_page+0x180/0x1c0
[  145.444987][ T6539]  __free_frozen_pages+0xce2/0xd30
[  145.445002][ T6539]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  145.445118][ T6539]  bpf_xdp_adjust_tail+0x1d6/0x220
[  145.445130][ T6539]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  145.445139][ T6539]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  145.445157][ T6539]  do_xdp_generic+0x9f7/0x11a0
[  145.445170][ T6539]  ? __pfx_do_xdp_generic+0x10/0x10
[  145.445181][ T6539]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  145.445201][ T6539]  __netif_receive_skb_core+0x10d3/0x3060
[  145.445216][ T6539]  ? __pfx___up_read+0x10/0x10
[  145.445228][ T6539]  ? do_user_addr_fault+0xbbc/0x1380
[  145.445238][ T6539]  ? do_user_addr_fault+0xc85/0x1380
[  145.445247][ T6539]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  145.445260][ T6539]  ? irqentry_exit+0x74/0x90
[  145.445269][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  145.445279][ T6539]  ? __lock_acquire+0xab9/0xd20
[  145.445289][ T6539]  ? netif_receive_skb+0x115/0x790
[  145.445301][ T6539]  ? netif_receive_skb+0x115/0x790
[  145.445313][ T6539]  __netif_receive_skb+0x72/0x380
[  145.445325][ T6539]  ? _copy_from_iter+0x24f/0x1790
[  145.445336][ T6539]  ? netif_receive_skb+0x115/0x790
[  145.445346][ T6539]  netif_receive_skb+0x1cb/0x790
[  145.445358][ T6539]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  145.445368][ T6539]  ? __pfx_netif_receive_skb+0x10/0x10
[  145.445379][ T6539]  ? __pfx__copy_from_iter+0x10/0x10
[  145.445388][ T6539]  ? sock_alloc_send_pskb+0x86b/0x980
[  145.445399][ T6539]  ? tun_rx_batched+0x160/0x730
[  145.445411][ T6539]  tun_rx_batched+0x1b9/0x730
[  145.445421][ T6539]  ? __lock_acquire+0xab9/0xd20
[  145.445430][ T6539]  ? __pfx_tun_rx_batched+0x10/0x10
[  145.445441][ T6539]  ? tun_get_user+0x272f/0x3e90
[  145.445454][ T6539]  tun_get_user+0x2b65/0x3e90
[  145.445467][ T6539]  ? tun_get_user+0x272f/0x3e90
[  145.445478][ T6539]  ? aa_file_perm+0x44d/0x1550
[  145.445486][ T6539]  ? __pfx_tun_get_user+0x10/0x10
[  145.445500][ T6539]  ? ref_tracker_alloc+0x318/0x460
[  145.445509][ T6539]  ? __lock_acquire+0xab9/0xd20
[  145.445517][ T6539]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  145.445527][ T6539]  ? tun_get+0x1c/0x2f0
[  145.445537][ T6539]  ? tun_get+0x1c/0x2f0
[  145.445547][ T6539]  ? tun_get+0x1c/0x2f0
[  145.445557][ T6539]  tun_chr_write_iter+0x113/0x200
[  145.445568][ T6539]  vfs_write+0x5c9/0xb30
[  145.445581][ T6539]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  145.445592][ T6539]  ? __pfx_vfs_write+0x10/0x10
[  145.445605][ T6539]  ? __fget_files+0x2a/0x420
[  145.445615][ T6539]  ksys_write+0x145/0x250
[  145.445627][ T6539]  ? __pfx_ksys_write+0x10/0x10
[  145.445639][ T6539]  ? do_syscall_64+0xbe/0xfa0
[  145.445648][ T6539]  do_syscall_64+0xfa/0xfa0
[  145.445657][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  145.445665][ T6539]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.445674][ T6539]  ? clear_bhb_loop+0x60/0xb0
[  145.445684][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.445693][ T6539] RIP: 0033:0x7f39ec18d97f
[  145.445703][ T6539] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  145.445710][ T6539] RSP: 002b:00007f39ecff9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  145.445721][ T6539] RAX: ffffffffffffffda RBX: 00007f39ec3e5fa0 RCX: 00007f39ec18d97f
[  145.445728][ T6539] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  145.445734][ T6539] RBP: 00007f39ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  145.445740][ T6539] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  145.445745][ T6539] R13: 00007f39ec3e6038 R14: 00007f39ec3e5fa0 R15: 00007fffd451fb58
[  145.445755][ T6539]  </TASK>
[  145.863771][   T52] Bluetooth: hci0: command tx timeout
[  145.900751][ T6571] BUG: Bad page state in process syz.0.18  pfn:75b20
[  145.907730][ T6571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75b20
[  145.917504][ T6571] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  145.924910][ T6571] raw: 00fff00000000000 dead000000000040 ffff88802168b000 0000000000000000
[  145.933533][ T6571] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  145.942442][ T6571] page dumped because: page_pool leak
[  145.947812][ T6571] page_owner tracks the page as allocated
[  145.953570][ T6571] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6571, tgid 6570 (syz.0.18), ts 145900673303, free_ts 134799010487
[  145.970983][ T6571]  post_alloc_hook+0x240/0x2a0
[  145.975857][ T6571]  get_page_from_freelist+0x2365/0x2440
[  145.981613][ T6571]  __alloc_frozen_pages_noprof+0x181/0x370
[  145.987693][ T6571]  alloc_pages_bulk_noprof+0x560/0x710
[  145.993479][ T6571]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  145.999582][ T6571]  skb_pp_cow_data+0xb47/0x13e0
[  146.004615][ T6571]  do_xdp_generic+0x699/0x11a0
[  146.009496][ T6571]  __netif_receive_skb_core+0x10d3/0x3060
[  146.015496][ T6571]  __netif_receive_skb+0x72/0x380
[  146.020572][ T6571]  netif_receive_skb+0x1cb/0x790
[  146.025533][ T6571]  tun_rx_batched+0x1b9/0x730
[  146.030524][ T6571]  tun_get_user+0x2b65/0x3e90
[  146.035306][ T6571]  tun_chr_write_iter+0x113/0x200
[  146.040815][ T6571]  vfs_write+0x5c9/0xb30
[  146.045169][ T6571]  ksys_write+0x145/0x250
[  146.049844][ T6571]  do_syscall_64+0xfa/0xfa0
[  146.054622][ T6571] page last free pid 6395 tgid 6395 stack trace:
[  146.061214][ T6571]  __free_frozen_pages+0xbc4/0xd30
[  146.066540][ T6571]  vfree+0x25a/0x400
[  146.070538][ T6571]  kcov_close+0x28/0x50
[  146.074878][ T6571]  __fput+0x44c/0xa70
[  146.079041][ T6571]  task_work_run+0x1d4/0x260
[  146.083685][ T6571]  do_exit+0x6b5/0x2300
[  146.087846][ T6571]  do_group_exit+0x21c/0x2d0
[  146.092625][ T6571]  get_signal+0x1285/0x1340
[  146.097519][ T6571]  arch_do_signal_or_restart+0xa0/0x790
[  146.103298][ T6571]  exit_to_user_mode_loop+0x72/0x130
[  146.108762][ T6571]  do_syscall_64+0x2bd/0xfa0
[  146.113500][ T6571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.119685][ T6571] Modules linked in:
[  146.123753][ T6571] CPU: 1 UID: 0 PID: 6571 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  146.123768][ T6571] Tainted: [B]=BAD_PAGE
[  146.123772][ T6571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  146.123778][ T6571] Call Trace:
[  146.123784][ T6571]  <TASK>
[  146.123789][ T6571]  dump_stack_lvl+0x189/0x250
[  146.123806][ T6571]  ? __pfx_dump_stack_lvl+0x10/0x10
[  146.123818][ T6571]  ? __pfx_print_modules+0x10/0x10
[  146.123830][ T6571]  bad_page+0x180/0x1c0
[  146.123842][ T6571]  __free_frozen_pages+0xce2/0xd30
[  146.123857][ T6571]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  146.123874][ T6571]  bpf_xdp_adjust_tail+0x1d6/0x220
[  146.123885][ T6571]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  146.123894][ T6571]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  146.123925][ T6571]  ? lock_release+0x4b/0x3e0
[  146.123936][ T6571]  do_xdp_generic+0x9f7/0x11a0
[  146.123950][ T6571]  ? __pfx_do_xdp_generic+0x10/0x10
[  146.123960][ T6571]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  146.123977][ T6571]  __netif_receive_skb_core+0x10d3/0x3060
[  146.123996][ T6571]  ? __pfx___up_read+0x10/0x10
[  146.124009][ T6571]  ? do_user_addr_fault+0xc85/0x1380
[  146.124019][ T6571]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  146.124032][ T6571]  ? rcu_is_watching+0x15/0xb0
[  146.124043][ T6571]  ? irqentry_exit+0x74/0x90
[  146.124052][ T6571]  ? exc_page_fault+0xab/0x100
[  146.124061][ T6571]  ? netif_receive_skb+0x115/0x790
[  146.124072][ T6571]  ? rcu_is_watching+0x15/0xb0
[  146.124082][ T6571]  ? lock_acquire+0x5f/0x360
[  146.124096][ T6571]  __netif_receive_skb+0x72/0x380
[  146.124116][ T6571]  ? _copy_from_iter+0x24f/0x1790
[  146.124135][ T6571]  ? netif_receive_skb+0x115/0x790
[  146.124151][ T6571]  netif_receive_skb+0x1cb/0x790
[  146.124163][ T6571]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  146.124173][ T6571]  ? __pfx_netif_receive_skb+0x10/0x10
[  146.124185][ T6571]  ? __pfx__copy_from_iter+0x10/0x10
[  146.124193][ T6571]  ? sock_alloc_send_pskb+0x86b/0x980
[  146.124205][ T6571]  ? tun_rx_batched+0x160/0x730
[  146.124216][ T6571]  tun_rx_batched+0x1b9/0x730
[  146.124226][ T6571]  ? skb_header_pointer+0x8e/0x120
[  146.124240][ T6571]  ? __pfx_tun_rx_batched+0x10/0x10
[  146.124251][ T6571]  ? tun_get_user+0x272f/0x3e90
[  146.124261][ T6571]  ? rcu_is_watching+0x15/0xb0
[  146.124270][ T6571]  ? lock_acquire+0x5f/0x360
[  146.124278][ T6571]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  146.124290][ T6571]  tun_get_user+0x2b65/0x3e90
[  146.124301][ T6571]  ? rcu_is_watching+0x15/0xb0
[  146.124311][ T6571]  ? lock_release+0x4b/0x3e0
[  146.124319][ T6571]  ? tun_get_user+0x272f/0x3e90
[  146.124330][ T6571]  ? aa_file_perm+0x44d/0x1550
[  146.124338][ T6571]  ? __pfx_tun_get_user+0x10/0x10
[  146.124350][ T6571]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  146.124363][ T6571]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  146.124377][ T6571]  ? ref_tracker_alloc+0x318/0x460
[  146.124386][ T6571]  ? rcu_is_watching+0x15/0xb0
[  146.124396][ T6571]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  146.124403][ T6571]  ? lock_release+0x4b/0x3e0
[  146.124412][ T6571]  ? tun_get+0x1c/0x2f0
[  146.124421][ T6571]  ? tun_get+0x1c/0x2f0
[  146.124431][ T6571]  ? rcu_is_watching+0x15/0xb0
[  146.124439][ T6571]  ? tun_get+0x1c/0x2f0
[  146.124449][ T6571]  ? lock_release+0x4b/0x3e0
[  146.124456][ T6571]  ? common_file_perm+0x1b5/0x230
[  146.124469][ T6571]  ? tun_get+0x1c/0x2f0
[  146.124480][ T6571]  tun_chr_write_iter+0x113/0x200
[  146.124491][ T6571]  vfs_write+0x5c9/0xb30
[  146.124504][ T6571]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  146.124515][ T6571]  ? __pfx_vfs_write+0x10/0x10
[  146.124528][ T6571]  ? __fget_files+0x2a/0x420
[  146.124538][ T6571]  ksys_write+0x145/0x250
[  146.124550][ T6571]  ? __pfx_ksys_write+0x10/0x10
[  146.124562][ T6571]  ? rcu_is_watching+0x15/0xb0
[  146.124572][ T6571]  do_syscall_64+0xfa/0xfa0
[  146.124582][ T6571]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.124591][ T6571]  ? clear_bhb_loop+0x60/0xb0
[  146.124601][ T6571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.124610][ T6571] RIP: 0033:0x7f39ec18d97f
[  146.124618][ T6571] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  146.124626][ T6571] RSP: 002b:00007f39ecff9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  146.124638][ T6571] RAX: ffffffffffffffda RBX: 00007f39ec3e5fa0 RCX: 00007f39ec18d97f
[  146.124644][ T6571] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  146.124650][ T6571] RBP: 00007f39ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  146.124656][ T6571] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  146.124661][ T6571] R13: 00007f39ec3e6038 R14: 00007f39ec3e5fa0 R15: 00007fffd451fb58
[  146.124671][ T6571]  </TASK>
[  146.124679][ T6571] BUG: Bad page state in process syz.0.18  pfn:7bdee
[  146.610875][ T6571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807bdeec30 pfn:0x7bdee
[  146.621744][ T6571] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  146.629043][ T6571] raw: 00fff00000000000 dead000000000040 ffff88802168b000 0000000000000000
[  146.637719][ T6571] raw: ffff88807bdeec30 0000000000000001 00000000ffffffff 0000000000000000
[  146.646418][ T6571] page dumped because: page_pool leak
[  146.651856][ T6571] page_owner tracks the page as allocated
[  146.657987][ T6571] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6571, tgid 6570 (syz.0.18), ts 145900661437, free_ts 134799024918
[  146.675286][ T6571]  post_alloc_hook+0x240/0x2a0
[  146.680285][ T6571]  get_page_from_freelist+0x2365/0x2440
[  146.686189][ T6571]  __alloc_frozen_pages_noprof+0x181/0x370
[  146.692026][ T6571]  alloc_pages_bulk_noprof+0x560/0x710
[  146.697602][ T6571]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  146.703783][ T6571]  skb_pp_cow_data+0xb47/0x13e0
[  146.708807][ T6571]  do_xdp_generic+0x699/0x11a0
[  146.713678][ T6571]  __netif_receive_skb_core+0x10d3/0x3060
[  146.719874][ T6571]  __netif_receive_skb+0x72/0x380
[  146.725393][ T6571]  netif_receive_skb+0x1cb/0x790
[  146.730469][ T6571]  tun_rx_batched+0x1b9/0x730
[  146.735407][ T6571]  tun_get_user+0x2b65/0x3e90
[  146.740331][ T6571]  tun_chr_write_iter+0x113/0x200
[  146.745819][ T6571]  vfs_write+0x5c9/0xb30
[  146.750296][ T6571]  ksys_write+0x145/0x250
[  146.754824][ T6571]  do_syscall_64+0xfa/0xfa0
[  146.759565][ T6571] page last free pid 6395 tgid 6395 stack trace:
[  146.766241][ T6571]  __free_frozen_pages+0xbc4/0xd30
[  146.771505][ T6571]  vfree+0x25a/0x400
[  146.775526][ T6571]  kcov_close+0x28/0x50
[  146.779883][ T6571]  __fput+0x44c/0xa70
[  146.783872][ T6571]  task_work_run+0x1d4/0x260
[  146.788558][ T6571]  do_exit+0x6b5/0x2300
[  146.792955][ T6571]  do_group_exit+0x21c/0x2d0
[  146.797810][ T6571]  get_signal+0x1285/0x1340
[  146.802522][ T6571]  arch_do_signal_or_restart+0xa0/0x790
[  146.808248][ T6571]  exit_to_user_mode_loop+0x72/0x130
[  146.814000][ T6571]  do_syscall_64+0x2bd/0xfa0
[  146.818952][ T6571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.825230][ T6571] Modules linked in:
[  146.829161][ T6571] CPU: 1 UID: 0 PID: 6571 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  146.829177][ T6571] Tainted: [B]=BAD_PAGE
[  146.829181][ T6571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  146.829187][ T6571] Call Trace:
[  146.829192][ T6571]  <TASK>
[  146.829196][ T6571]  dump_stack_lvl+0x189/0x250
[  146.829213][ T6571]  ? __pfx_dump_stack_lvl+0x10/0x10
[  146.829225][ T6571]  ? __pfx_print_modules+0x10/0x10
[  146.829238][ T6571]  bad_page+0x180/0x1c0
[  146.829250][ T6571]  __free_frozen_pages+0xce2/0xd30
[  146.829264][ T6571]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  146.829281][ T6571]  bpf_xdp_adjust_tail+0x1d6/0x220
[  146.829292][ T6571]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  146.829301][ T6571]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  146.829317][ T6571]  ? lock_release+0x4b/0x3e0
[  146.829327][ T6571]  do_xdp_generic+0x9f7/0x11a0
[  146.829341][ T6571]  ? __pfx_do_xdp_generic+0x10/0x10
[  146.829351][ T6571]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  146.829368][ T6571]  __netif_receive_skb_core+0x10d3/0x3060
[  146.829382][ T6571]  ? __pfx___up_read+0x10/0x10
[  146.829396][ T6571]  ? do_user_addr_fault+0xc85/0x1380
[  146.829406][ T6571]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  146.829419][ T6571]  ? rcu_is_watching+0x15/0xb0
[  146.829430][ T6571]  ? irqentry_exit+0x74/0x90
[  146.829438][ T6571]  ? exc_page_fault+0xab/0x100
[  146.829448][ T6571]  ? netif_receive_skb+0x115/0x790
[  146.829459][ T6571]  ? rcu_is_watching+0x15/0xb0
[  146.829468][ T6571]  ? lock_acquire+0x5f/0x360
[  146.829477][ T6571]  __netif_receive_skb+0x72/0x380
[  146.829489][ T6571]  ? _copy_from_iter+0x24f/0x1790
[  146.829499][ T6571]  ? netif_receive_skb+0x115/0x790
[  146.829510][ T6571]  netif_receive_skb+0x1cb/0x790
[  146.829522][ T6571]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  146.829532][ T6571]  ? __pfx_netif_receive_skb+0x10/0x10
[  146.829544][ T6571]  ? __pfx__copy_from_iter+0x10/0x10
[  146.829553][ T6571]  ? sock_alloc_send_pskb+0x86b/0x980
[  146.829564][ T6571]  ? tun_rx_batched+0x160/0x730
[  146.829576][ T6571]  tun_rx_batched+0x1b9/0x730
[  146.829586][ T6571]  ? skb_header_pointer+0x8e/0x120
[  146.829598][ T6571]  ? __pfx_tun_rx_batched+0x10/0x10
[  146.829608][ T6571]  ? tun_get_user+0x272f/0x3e90
[  146.829618][ T6571]  ? rcu_is_watching+0x15/0xb0
[  146.829628][ T6571]  ? lock_acquire+0x5f/0x360
[  146.829635][ T6571]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  146.829647][ T6571]  tun_get_user+0x2b65/0x3e90
[  146.829658][ T6571]  ? rcu_is_watching+0x15/0xb0
[  146.829668][ T6571]  ? lock_release+0x4b/0x3e0
[  146.829676][ T6571]  ? tun_get_user+0x272f/0x3e90
[  146.829687][ T6571]  ? aa_file_perm+0x44d/0x1550
[  146.829696][ T6571]  ? __pfx_tun_get_user+0x10/0x10
[  146.829708][ T6571]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  146.829721][ T6571]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  146.829734][ T6571]  ? ref_tracker_alloc+0x318/0x460
[  146.829743][ T6571]  ? rcu_is_watching+0x15/0xb0
[  146.829753][ T6571]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  146.829761][ T6571]  ? lock_release+0x4b/0x3e0
[  146.829769][ T6571]  ? tun_get+0x1c/0x2f0
[  146.829779][ T6571]  ? tun_get+0x1c/0x2f0
[  146.829788][ T6571]  ? rcu_is_watching+0x15/0xb0
[  146.829797][ T6571]  ? tun_get+0x1c/0x2f0
[  146.829806][ T6571]  ? lock_release+0x4b/0x3e0
[  146.829814][ T6571]  ? common_file_perm+0x1b5/0x230
[  146.829827][ T6571]  ? tun_get+0x1c/0x2f0
[  146.829838][ T6571]  tun_chr_write_iter+0x113/0x200
[  146.829849][ T6571]  vfs_write+0x5c9/0xb30
[  146.829862][ T6571]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  146.829872][ T6571]  ? __pfx_vfs_write+0x10/0x10
[  146.829885][ T6571]  ? __fget_files+0x2a/0x420
[  146.829895][ T6571]  ksys_write+0x145/0x250
[  146.829907][ T6571]  ? __pfx_ksys_write+0x10/0x10
[  146.829925][ T6571]  ? rcu_is_watching+0x15/0xb0
[  146.829935][ T6571]  do_syscall_64+0xfa/0xfa0
[  146.829945][ T6571]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.829954][ T6571]  ? clear_bhb_loop+0x60/0xb0
[  146.829963][ T6571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.829972][ T6571] RIP: 0033:0x7f39ec18d97f
[  146.829981][ T6571] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  146.829989][ T6571] RSP: 002b:00007f39ecff9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  146.830000][ T6571] RAX: ffffffffffffffda RBX: 00007f39ec3e5fa0 RCX: 00007f39ec18d97f
[  146.830007][ T6571] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  146.830013][ T6571] RBP: 00007f39ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  146.830019][ T6571] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  146.830024][ T6571] R13: 00007f39ec3e6038 R14: 00007f39ec3e5fa0 R15: 00007fffd451fb58
[  146.830034][ T6571]  </TASK>
[  146.830041][ T6571] BUG: Bad page state in process syz.0.18  pfn:7cd99
[  147.312321][ T6571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807cd99000 pfn:0x7cd99
[  147.322444][ T6571] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  147.329771][ T6571] raw: 00fff00000000000 dead000000000040 ffff88802168b000 0000000000000000
[  147.338778][ T6571] raw: ffff88807cd99000 0000000000000001 00000000ffffffff 0000000000000000
[  147.347839][ T6571] page dumped because: page_pool leak
[  147.353235][ T6571] page_owner tracks the page as allocated
[  147.359239][ T6571] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6571, tgid 6570 (syz.0.18), ts 145900649455, free_ts 134799039422
[  147.376888][ T6571]  post_alloc_hook+0x240/0x2a0
[  147.381965][ T6571]  get_page_from_freelist+0x2365/0x2440
[  147.387528][ T6571]  __alloc_frozen_pages_noprof+0x181/0x370
[  147.393534][ T6571]  alloc_pages_bulk_noprof+0x560/0x710
[  147.399011][ T6571]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  147.405199][ T6571]  skb_pp_cow_data+0xb47/0x13e0
[  147.410536][ T6571]  do_xdp_generic+0x699/0x11a0
[  147.415480][ T6571]  __netif_receive_skb_core+0x10d3/0x3060
[  147.421396][ T6571]  __netif_receive_skb+0x72/0x380
[  147.426604][ T6571]  netif_receive_skb+0x1cb/0x790
[  147.431589][ T6571]  tun_rx_batched+0x1b9/0x730
[  147.436434][ T6571]  tun_get_user+0x2b65/0x3e90
[  147.441316][ T6571]  tun_chr_write_iter+0x113/0x200
[  147.446466][ T6571]  vfs_write+0x5c9/0xb30
[  147.450736][ T6571]  ksys_write+0x145/0x250
[  147.455151][ T6571]  do_syscall_64+0xfa/0xfa0
[  147.459935][ T6571] page last free pid 6395 tgid 6395 stack trace:
[  147.466429][ T6571]  __free_frozen_pages+0xbc4/0xd30
[  147.471738][ T6571]  vfree+0x25a/0x400
[  147.475731][ T6571]  kcov_close+0x28/0x50
[  147.480078][ T6571]  __fput+0x44c/0xa70
[  147.484308][ T6571]  task_work_run+0x1d4/0x260
[  147.489394][ T6571]  do_exit+0x6b5/0x2300
[  147.493670][ T6571]  do_group_exit+0x21c/0x2d0
[  147.498260][ T6571]  get_signal+0x1285/0x1340
[  147.502795][ T6571]  arch_do_signal_or_restart+0xa0/0x790
[  147.508539][ T6571]  exit_to_user_mode_loop+0x72/0x130
[  147.514192][ T6571]  do_syscall_64+0x2bd/0xfa0
[  147.518882][ T6571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.524801][ T6571] Modules linked in:
[  147.528706][ T6571] CPU: 1 UID: 0 PID: 6571 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  147.528722][ T6571] Tainted: [B]=BAD_PAGE
[  147.528725][ T6571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  147.528731][ T6571] Call Trace:
[  147.528735][ T6571]  <TASK>
[  147.528739][ T6571]  dump_stack_lvl+0x189/0x250
[  147.528756][ T6571]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.528768][ T6571]  ? __pfx_print_modules+0x10/0x10
[  147.528781][ T6571]  bad_page+0x180/0x1c0
[  147.528793][ T6571]  __free_frozen_pages+0xce2/0xd30
[  147.528808][ T6571]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  147.528825][ T6571]  bpf_xdp_adjust_tail+0x1d6/0x220
[  147.528836][ T6571]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  147.528844][ T6571]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  147.528860][ T6571]  ? lock_release+0x4b/0x3e0
[  147.528871][ T6571]  do_xdp_generic+0x9f7/0x11a0
[  147.528884][ T6571]  ? __pfx_do_xdp_generic+0x10/0x10
[  147.528895][ T6571]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  147.528911][ T6571]  __netif_receive_skb_core+0x10d3/0x3060
[  147.528925][ T6571]  ? __pfx___up_read+0x10/0x10
[  147.528938][ T6571]  ? do_user_addr_fault+0xc85/0x1380
[  147.528948][ T6571]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  147.528961][ T6571]  ? rcu_is_watching+0x15/0xb0
[  147.528972][ T6571]  ? irqentry_exit+0x74/0x90
[  147.528981][ T6571]  ? exc_page_fault+0xab/0x100
[  147.528990][ T6571]  ? netif_receive_skb+0x115/0x790
[  147.529001][ T6571]  ? rcu_is_watching+0x15/0xb0
[  147.529011][ T6571]  ? lock_acquire+0x5f/0x360
[  147.529020][ T6571]  __netif_receive_skb+0x72/0x380
[  147.529031][ T6571]  ? _copy_from_iter+0x24f/0x1790
[  147.529043][ T6571]  ? netif_receive_skb+0x115/0x790
[  147.529054][ T6571]  netif_receive_skb+0x1cb/0x790
[  147.529065][ T6571]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  147.529086][ T6571]  ? __pfx_netif_receive_skb+0x10/0x10
[  147.529121][ T6571]  ? __pfx__copy_from_iter+0x10/0x10
[  147.529135][ T6571]  ? sock_alloc_send_pskb+0x86b/0x980
[  147.529154][ T6571]  ? tun_rx_batched+0x160/0x730
[  147.529166][ T6571]  tun_rx_batched+0x1b9/0x730
[  147.529177][ T6571]  ? skb_header_pointer+0x8e/0x120
[  147.529189][ T6571]  ? __pfx_tun_rx_batched+0x10/0x10
[  147.529200][ T6571]  ? tun_get_user+0x272f/0x3e90
[  147.529209][ T6571]  ? rcu_is_watching+0x15/0xb0
[  147.529219][ T6571]  ? lock_acquire+0x5f/0x360
[  147.529227][ T6571]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  147.529238][ T6571]  tun_get_user+0x2b65/0x3e90
[  147.529250][ T6571]  ? rcu_is_watching+0x15/0xb0
[  147.529259][ T6571]  ? lock_release+0x4b/0x3e0
[  147.529267][ T6571]  ? tun_get_user+0x272f/0x3e90
[  147.529278][ T6571]  ? aa_file_perm+0x44d/0x1550
[  147.529287][ T6571]  ? __pfx_tun_get_user+0x10/0x10
[  147.529299][ T6571]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  147.529312][ T6571]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  147.529325][ T6571]  ? ref_tracker_alloc+0x318/0x460
[  147.529334][ T6571]  ? rcu_is_watching+0x15/0xb0
[  147.529344][ T6571]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  147.529352][ T6571]  ? lock_release+0x4b/0x3e0
[  147.529360][ T6571]  ? tun_get+0x1c/0x2f0
[  147.529370][ T6571]  ? tun_get+0x1c/0x2f0
[  147.529379][ T6571]  ? rcu_is_watching+0x15/0xb0
[  147.529388][ T6571]  ? tun_get+0x1c/0x2f0
[  147.529397][ T6571]  ? lock_release+0x4b/0x3e0
[  147.529405][ T6571]  ? common_file_perm+0x1b5/0x230
[  147.529418][ T6571]  ? tun_get+0x1c/0x2f0
[  147.529429][ T6571]  tun_chr_write_iter+0x113/0x200
[  147.529440][ T6571]  vfs_write+0x5c9/0xb30
[  147.529454][ T6571]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  147.529464][ T6571]  ? __pfx_vfs_write+0x10/0x10
[  147.529478][ T6571]  ? __fget_files+0x2a/0x420
[  147.529488][ T6571]  ksys_write+0x145/0x250
[  147.529500][ T6571]  ? __pfx_ksys_write+0x10/0x10
[  147.529512][ T6571]  ? rcu_is_watching+0x15/0xb0
[  147.529522][ T6571]  do_syscall_64+0xfa/0xfa0
[  147.529532][ T6571]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.529541][ T6571]  ? clear_bhb_loop+0x60/0xb0
[  147.529550][ T6571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.529559][ T6571] RIP: 0033:0x7f39ec18d97f
[  147.529569][ T6571] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  147.529576][ T6571] RSP: 002b:00007f39ecff9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  147.529587][ T6571] RAX: ffffffffffffffda RBX: 00007f39ec3e5fa0 RCX: 00007f39ec18d97f
[  147.529594][ T6571] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  147.529600][ T6571] RBP: 00007f39ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  147.529606][ T6571] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  147.529611][ T6571] R13: 00007f39ec3e6038 R14: 00007f39ec3e5fa0 R15: 00007fffd451fb58
[  147.529621][ T6571]  </TASK>
[  147.999292][ T6571] BUG: Bad page state in process syz.0.18  pfn:5b69c
[  148.006139][ T6571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x5b69c
[  148.016951][ T6571] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  148.024530][ T6571] raw: 00fff00000000000 dead000000000040 ffff88802168b000 0000000000000000
[  148.033490][ T6571] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  148.042540][ T6571] page dumped because: page_pool leak
[  148.048414][ T6571] page_owner tracks the page as allocated
[  148.054712][ T6571] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6571, tgid 6570 (syz.0.18), ts 145900637740, free_ts 134799069135
[  148.071860][ T6571]  post_alloc_hook+0x240/0x2a0
[  148.076808][ T6571]  get_page_from_freelist+0x2365/0x2440
[  148.082509][ T6571]  __alloc_frozen_pages_noprof+0x181/0x370
[  148.088965][ T6571]  alloc_pages_bulk_noprof+0x560/0x710
[  148.094538][ T6571]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  148.100753][ T6571]  skb_pp_cow_data+0xb47/0x13e0
[  148.105841][ T6571]  do_xdp_generic+0x699/0x11a0
[  148.110754][ T6571]  __netif_receive_skb_core+0x10d3/0x3060
[  148.116495][ T6571]  __netif_receive_skb+0x72/0x380
[  148.121657][ T6571]  netif_receive_skb+0x1cb/0x790
[  148.126785][ T6571]  tun_rx_batched+0x1b9/0x730
[  148.131928][ T6571]  tun_get_user+0x2b65/0x3e90
[  148.137401][ T6571]  tun_chr_write_iter+0x113/0x200
[  148.143007][ T6571]  vfs_write+0x5c9/0xb30
[  148.147518][ T6571]  ksys_write+0x145/0x250
[  148.152643][ T6571]  do_syscall_64+0xfa/0xfa0
[  148.157544][ T6571] page last free pid 6395 tgid 6395 stack trace:
[  148.164454][ T6571]  __free_frozen_pages+0xbc4/0xd30
[  148.170410][ T6571]  vfree+0x25a/0x400
[  148.174928][ T6571]  kcov_close+0x28/0x50
[  148.179293][ T6571]  __fput+0x44c/0xa70
[  148.184222][ T6571]  task_work_run+0x1d4/0x260
[  148.188987][ T6571]  do_exit+0x6b5/0x2300
[  148.193785][ T6571]  do_group_exit+0x21c/0x2d0
[  148.198414][ T6571]  get_signal+0x1285/0x1340
[  148.203076][ T6571]  arch_do_signal_or_restart+0xa0/0x790
[  148.209187][ T6571]  exit_to_user_mode_loop+0x72/0x130
[  148.214996][ T6571]  do_syscall_64+0x2bd/0xfa0
[  148.220633][ T6571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.227276][ T6571] Modules linked in:
[  148.231323][ T6571] CPU: 1 UID: 0 PID: 6571 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  148.231345][ T6571] Tainted: [B]=BAD_PAGE
[  148.231350][ T6571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  148.231360][ T6571] Call Trace:
[  148.231369][ T6571]  <TASK>
[  148.231377][ T6571]  dump_stack_lvl+0x189/0x250
[  148.231402][ T6571]  ? __pfx_dump_stack_lvl+0x10/0x10
[  148.231418][ T6571]  ? __pfx_print_modules+0x10/0x10
[  148.231436][ T6571]  bad_page+0x180/0x1c0
[  148.231452][ T6571]  __free_frozen_pages+0xce2/0xd30
[  148.231475][ T6571]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  148.231501][ T6571]  bpf_xdp_adjust_tail+0x1d6/0x220
[  148.231520][ T6571]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  148.231534][ T6571]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  148.231563][ T6571]  ? lock_release+0x4b/0x3e0
[  148.231581][ T6571]  do_xdp_generic+0x9f7/0x11a0
[  148.231605][ T6571]  ? __pfx_do_xdp_generic+0x10/0x10
[  148.231623][ T6571]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  148.231651][ T6571]  __netif_receive_skb_core+0x10d3/0x3060
[  148.231676][ T6571]  ? __pfx___up_read+0x10/0x10
[  148.231700][ T6571]  ? do_user_addr_fault+0xc85/0x1380
[  148.231719][ T6571]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  148.231755][ T6571]  ? rcu_is_watching+0x15/0xb0
[  148.231776][ T6571]  ? irqentry_exit+0x74/0x90
[  148.231791][ T6571]  ? exc_page_fault+0xab/0x100
[  148.231810][ T6571]  ? netif_receive_skb+0x115/0x790
[  148.231829][ T6571]  ? rcu_is_watching+0x15/0xb0
[  148.231847][ T6571]  ? lock_acquire+0x5f/0x360
[  148.231863][ T6571]  __netif_receive_skb+0x72/0x380
[  148.231884][ T6571]  ? _copy_from_iter+0x24f/0x1790
[  148.231904][ T6571]  ? netif_receive_skb+0x115/0x790
[  148.231924][ T6571]  netif_receive_skb+0x1cb/0x790
[  148.231944][ T6571]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  148.231960][ T6571]  ? __pfx_netif_receive_skb+0x10/0x10
[  148.231976][ T6571]  ? __pfx__copy_from_iter+0x10/0x10
[  148.231990][ T6571]  ? sock_alloc_send_pskb+0x86b/0x980
[  148.232008][ T6571]  ? tun_rx_batched+0x160/0x730
[  148.232025][ T6571]  tun_rx_batched+0x1b9/0x730
[  148.232043][ T6571]  ? skb_header_pointer+0x8e/0x120
[  148.232064][ T6571]  ? __pfx_tun_rx_batched+0x10/0x10
[  148.232083][ T6571]  ? tun_get_user+0x272f/0x3e90
[  148.232100][ T6571]  ? rcu_is_watching+0x15/0xb0
[  148.232118][ T6571]  ? lock_acquire+0x5f/0x360
[  148.232132][ T6571]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  148.232154][ T6571]  tun_get_user+0x2b65/0x3e90
[  148.232174][ T6571]  ? rcu_is_watching+0x15/0xb0
[  148.232192][ T6571]  ? lock_release+0x4b/0x3e0
[  148.232207][ T6571]  ? tun_get_user+0x272f/0x3e90
[  148.232227][ T6571]  ? aa_file_perm+0x44d/0x1550
[  148.232241][ T6571]  ? __pfx_tun_get_user+0x10/0x10
[  148.232262][ T6571]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  148.232285][ T6571]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  148.232309][ T6571]  ? ref_tracker_alloc+0x318/0x460
[  148.232325][ T6571]  ? rcu_is_watching+0x15/0xb0
[  148.232341][ T6571]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  148.232355][ T6571]  ? lock_release+0x4b/0x3e0
[  148.232370][ T6571]  ? tun_get+0x1c/0x2f0
[  148.232387][ T6571]  ? tun_get+0x1c/0x2f0
[  148.232404][ T6571]  ? rcu_is_watching+0x15/0xb0
[  148.232420][ T6571]  ? tun_get+0x1c/0x2f0
[  148.232437][ T6571]  ? lock_release+0x4b/0x3e0
[  148.232451][ T6571]  ? common_file_perm+0x1b5/0x230
[  148.232473][ T6571]  ? tun_get+0x1c/0x2f0
[  148.232491][ T6571]  tun_chr_write_iter+0x113/0x200
[  148.232511][ T6571]  vfs_write+0x5c9/0xb30
[  148.232533][ T6571]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  148.232551][ T6571]  ? __pfx_vfs_write+0x10/0x10
[  148.232575][ T6571]  ? __fget_files+0x2a/0x420
[  148.232593][ T6571]  ksys_write+0x145/0x250
[  148.232614][ T6571]  ? __pfx_ksys_write+0x10/0x10
[  148.232636][ T6571]  ? rcu_is_watching+0x15/0xb0
[  148.232654][ T6571]  do_syscall_64+0xfa/0xfa0
[  148.232671][ T6571]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.232687][ T6571]  ? clear_bhb_loop+0x60/0xb0
[  148.232704][ T6571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.232720][ T6571] RIP: 0033:0x7f39ec18d97f
[  148.232743][ T6571] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  148.232756][ T6571] RSP: 002b:00007f39ecff9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  148.232774][ T6571] RAX: ffffffffffffffda RBX: 00007f39ec3e5fa0 RCX: 00007f39ec18d97f
[  148.232786][ T6571] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  148.232797][ T6571] RBP: 00007f39ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  148.232807][ T6571] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  148.232817][ T6571] R13: 00007f39ec3e6038 R14: 00007f39ec3e5fa0 R15: 00007fffd451fb58
[  148.232836][ T6571]  </TASK>
[  148.232847][ T6571] BUG: Bad page state in process syz.0.18  pfn:2e2bc
[  148.721318][ T6571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2e2bc
[  148.730639][ T6571] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  148.738121][ T6571] raw: 00fff00000000000 dead000000000040 ffff88802168b000 0000000000000000
[  148.747833][ T6571] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  148.757550][ T6571] page dumped because: page_pool leak
[  148.763312][ T6571] page_owner tracks the page as allocated
[  148.769757][ T6571] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6571, tgid 6570 (syz.0.18), ts 145900625870, free_ts 134808659520
[  148.787259][ T6571]  post_alloc_hook+0x240/0x2a0
[  148.792147][ T6571]  get_page_from_freelist+0x2365/0x2440
[  148.797855][ T6571]  __alloc_frozen_pages_noprof+0x181/0x370
[  148.803957][ T6571]  alloc_pages_bulk_noprof+0x560/0x710
[  148.809633][ T6571]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  148.816570][ T6571]  skb_pp_cow_data+0xb47/0x13e0
[  148.822276][ T6571]  do_xdp_generic+0x699/0x11a0
[  148.828050][ T6571]  __netif_receive_skb_core+0x10d3/0x3060
[  148.834373][ T6571]  __netif_receive_skb+0x72/0x380
[  148.839728][ T6571]  netif_receive_skb+0x1cb/0x790
[  148.845055][ T6571]  tun_rx_batched+0x1b9/0x730
[  148.850313][ T6571]  tun_get_user+0x2b65/0x3e90
[  148.855111][ T6571]  tun_chr_write_iter+0x113/0x200
[  148.860383][ T6571]  vfs_write+0x5c9/0xb30
[  148.864658][ T6571]  ksys_write+0x145/0x250
[  148.869277][ T6571]  do_syscall_64+0xfa/0xfa0
[  148.873802][ T6571] page last free pid 6395 tgid 6395 stack trace:
[  148.880374][ T6571]  __free_frozen_pages+0xbc4/0xd30
[  148.885684][ T6571]  vfree+0x25a/0x400
[  148.889886][ T6571]  kcov_close+0x28/0x50
[  148.894152][ T6571]  __fput+0x44c/0xa70
[  148.898489][ T6571]  task_work_run+0x1d4/0x260
[  148.903307][ T6571]  do_exit+0x6b5/0x2300
[  148.907573][ T6571]  do_group_exit+0x21c/0x2d0
[  148.912571][ T6571]  get_signal+0x1285/0x1340
[  148.918011][ T6571]  arch_do_signal_or_restart+0xa0/0x790
[  148.923898][ T6571]  exit_to_user_mode_loop+0x72/0x130
[  148.930037][ T6571]  do_syscall_64+0x2bd/0xfa0
[  148.934716][ T6571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.940903][ T6571] Modules linked in:
[  148.944812][ T6571] CPU: 1 UID: 0 PID: 6571 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  148.944828][ T6571] Tainted: [B]=BAD_PAGE