Warning: Permanently added '10.128.1.148' (ED25519) to the list of known hosts.
2025/08/03 02:07:14 ignoring optional flag "sandboxArg"="0"
2025/08/03 02:07:14 parsed 1 programs
[  138.071653][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  138.078339][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  141.276928][ T6289] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  145.589098][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  145.610221][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  145.651903][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  145.660161][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  146.494431][ T6329] chnl_net:caif_netlink_parms(): no params data found
[  146.572215][ T6329] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.579436][ T6329] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.586788][ T6329] bridge_slave_0: entered allmulticast mode
[  146.594243][ T6329] bridge_slave_0: entered promiscuous mode
[  146.603611][ T6329] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.611110][ T6329] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.618549][ T6329] bridge_slave_1: entered allmulticast mode
[  146.626165][ T6329] bridge_slave_1: entered promiscuous mode
[  146.659967][ T6329] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  146.672036][ T6329] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  146.707795][ T6329] team0: Port device team_slave_0 added
[  146.716903][ T6329] team0: Port device team_slave_1 added
[  146.749515][ T6329] batman_adv: batadv0: Adding interface: batadv_slave_0
[  146.757128][ T6329] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  146.783534][ T6329] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  146.795913][ T6329] batman_adv: batadv0: Adding interface: batadv_slave_1
[  146.802891][ T6329] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  146.829410][ T6329] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  146.884894][ T6329] hsr_slave_0: entered promiscuous mode
[  146.891950][ T6329] hsr_slave_1: entered promiscuous mode
[  147.605288][ T6329] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  147.621490][ T6329] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  147.634138][ T6329] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  147.647880][ T6329] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  147.770029][ T6329] 8021q: adding VLAN 0 to HW filter on device bond0
[  147.799743][ T6329] 8021q: adding VLAN 0 to HW filter on device team0
[  147.813717][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.820963][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  147.847208][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.854403][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.175192][ T6329] 8021q: adding VLAN 0 to HW filter on device batadv0
[  148.234671][ T6329] veth0_vlan: entered promiscuous mode
[  148.251444][ T6329] veth1_vlan: entered promiscuous mode
[  148.297688][ T6329] veth0_macvtap: entered promiscuous mode
[  148.310889][ T6329] veth1_macvtap: entered promiscuous mode
[  148.340325][ T6329] batman_adv: batadv0: Interface activated: batadv_slave_0
[  148.360029][ T6329] batman_adv: batadv0: Interface activated: batadv_slave_1
[  148.382206][   T59] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  148.401778][   T59] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  148.432335][   T59] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  148.454115][   T59] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  148.730898][  T154] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.858284][  T154] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.974806][  T154] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.031241][  T154] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.044805][ T5935] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  150.053686][ T5935] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  150.062594][ T5935] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  150.081479][ T5935] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  150.093689][ T5935] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/08/03 02:07:30 executed programs: 0
[  150.791289][ T5935] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  150.801173][ T5935] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  150.810941][ T5935] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  150.819917][ T5935] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  150.831140][ T5935] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  151.110186][ T6457] chnl_net:caif_netlink_parms(): no params data found
[  151.261493][ T6457] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.270321][ T6457] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.278581][ T6457] bridge_slave_0: entered allmulticast mode
[  151.291571][ T6457] bridge_slave_0: entered promiscuous mode
[  151.301767][ T6457] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.310771][ T6457] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.318182][ T6457] bridge_slave_1: entered allmulticast mode
[  151.328667][ T6457] bridge_slave_1: entered promiscuous mode
[  151.437381][ T6457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  151.480886][ T6457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  151.534292][  T154] bridge_slave_1: left allmulticast mode
[  151.540499][  T154] bridge_slave_1: left promiscuous mode
[  151.547671][  T154] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.559822][  T154] bridge_slave_0: left allmulticast mode
[  151.565528][  T154] bridge_slave_0: left promiscuous mode
[  151.571638][  T154] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.967245][  T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  151.983271][  T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  151.999589][  T154] bond0 (unregistering): Released all slaves
[  152.054649][ T6457] team0: Port device team_slave_0 added
[  152.078020][ T6457] team0: Port device team_slave_1 added
[  152.114693][  T154] hsr_slave_0: left promiscuous mode
[  152.123141][  T154] hsr_slave_1: left promiscuous mode
[  152.129846][  T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  152.139348][  T154] batman_adv: batadv0: Removing interface: batadv_slave_0
[  152.148485][  T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  152.159131][  T154] batman_adv: batadv0: Removing interface: batadv_slave_1
[  152.181928][  T154] veth1_macvtap: left promiscuous mode
[  152.187702][  T154] veth0_macvtap: left promiscuous mode
[  152.194025][  T154] veth1_vlan: left promiscuous mode
[  152.202079][  T154] veth0_vlan: left promiscuous mode
[  152.532714][  T154] team0 (unregistering): Port device team_slave_1 removed
[  152.563357][  T154] team0 (unregistering): Port device team_slave_0 removed
[  152.863746][ T6457] batman_adv: batadv0: Adding interface: batadv_slave_0
[  152.870983][ T6457] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  152.897576][ T5935] Bluetooth: hci0: command tx timeout
[  152.907541][ T6457] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  152.938993][ T6457] batman_adv: batadv0: Adding interface: batadv_slave_1
[  152.957365][ T6457] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  152.984125][ T6457] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  153.072755][ T6457] hsr_slave_0: entered promiscuous mode
[  153.080024][ T6457] hsr_slave_1: entered promiscuous mode
[  154.133991][ T6457] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  154.149478][ T6457] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  154.177206][ T6457] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  154.210187][ T6457] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  154.357494][ T6457] 8021q: adding VLAN 0 to HW filter on device bond0
[  154.384022][ T6457] 8021q: adding VLAN 0 to HW filter on device team0
[  154.400019][ T1008] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.407256][ T1008] bridge0: port 1(bridge_slave_0) entered forwarding state
[  154.423490][ T1008] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.430678][ T1008] bridge0: port 2(bridge_slave_1) entered forwarding state
[  154.735958][ T6457] 8021q: adding VLAN 0 to HW filter on device batadv0
[  154.797581][ T6457] veth0_vlan: entered promiscuous mode
[  154.813081][ T6457] veth1_vlan: entered promiscuous mode
[  154.856734][ T6457] veth0_macvtap: entered promiscuous mode
[  154.871329][ T6457] veth1_macvtap: entered promiscuous mode
[  154.900884][ T6457] batman_adv: batadv0: Interface activated: batadv_slave_0
[  154.921482][ T6457] batman_adv: batadv0: Interface activated: batadv_slave_1
[  154.942464][ T1008] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  154.959193][ T5935] Bluetooth: hci0: command tx timeout
[  154.961563][ T1008] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  154.990405][ T1008] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  155.023851][ T1008] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  155.090911][ T1008] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  155.116877][ T1008] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  155.159869][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  155.169637][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  155.260219][ T6556] BUG: Bad page state in process syz.0.15  pfn:746e7
[  155.267269][ T6556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880746e7ee0 pfn:0x746e7
[  155.277451][ T6556] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  155.284631][ T6556] raw: 00fff00000000000 dead000000000040 ffff8880216e8000 0000000000000000
[  155.293312][ T6556] raw: ffff8880746e7ee0 0000000000000001 00000000ffffffff 0000000000000000
[  155.301978][ T6556] page dumped because: page_pool leak
[  155.307432][ T6556] page_owner tracks the page as allocated
[  155.313426][ T6556] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6556, tgid 6555 (syz.0.15), ts 155260046514, free_ts 150745836087
[  155.330379][ T6556]  post_alloc_hook+0x240/0x2a0
[  155.335204][ T6556]  get_page_from_freelist+0x21d5/0x22b0
[  155.340894][ T6556]  __alloc_frozen_pages_noprof+0x181/0x370
[  155.346774][ T6556]  alloc_pages_bulk_noprof+0x560/0x710
[  155.352270][ T6556]  __page_pool_alloc_netmems_slow+0x127/0x740
[  155.358430][ T6556]  skb_pp_cow_data+0xb47/0x13e0
[  155.363325][ T6556]  do_xdp_generic+0x699/0x11a0
[  155.368174][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  155.373959][ T6556]  __netif_receive_skb+0x72/0x380
[  155.379091][ T6556]  netif_receive_skb+0x1cb/0x790
[  155.384078][ T6556]  tun_rx_batched+0x1b9/0x730
[  155.388863][ T6556]  tun_get_user+0x2aa2/0x3e20
[  155.393579][ T6556]  tun_chr_write_iter+0x113/0x200
[  155.398787][ T6556]  vfs_write+0x54b/0xa90
[  155.403080][ T6556]  ksys_write+0x145/0x250
[  155.407502][ T6556]  do_syscall_64+0xfa/0x3b0
[  155.412044][ T6556] page last free pid 6297 tgid 6297 stack trace:
[  155.418445][ T6556]  __free_frozen_pages+0xbb1/0xd20
[  155.423598][ T6556]  rcu_core+0xca8/0x1770
[  155.427942][ T6556]  handle_softirqs+0x286/0x870
[  155.432838][ T6556]  __irq_exit_rcu+0xca/0x1f0
[  155.437524][ T6556]  irq_exit_rcu+0x9/0x30
[  155.441824][ T6556]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  155.447567][ T6556]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  155.453682][ T6556] Modules linked in:
[  155.457726][ T6556] CPU: 0 UID: 0 PID: 6556 Comm: syz.0.15 Not tainted 6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  155.457755][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  155.457779][ T6556] Call Trace:
[  155.457793][ T6556]  <TASK>
[  155.457802][ T6556]  dump_stack_lvl+0x189/0x250
[  155.457844][ T6556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.457868][ T6556]  ? __pfx_print_modules+0x10/0x10
[  155.457899][ T6556]  ? ksys_write+0x145/0x250
[  155.457930][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.457965][ T6556]  bad_page+0x180/0x1c0
[  155.457996][ T6556]  __free_frozen_pages+0xcd1/0xd20
[  155.458029][ T6556]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  155.458079][ T6556]  bpf_xdp_adjust_tail+0x1d6/0x220
[  155.458111][ T6556]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  155.458137][ T6556]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  155.458201][ T6556]  do_xdp_generic+0x9f7/0x11a0
[  155.458246][ T6556]  ? __pfx_do_xdp_generic+0x10/0x10
[  155.458273][ T6556]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  155.458344][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  155.458383][ T6556]  ? __pfx___skb_flow_dissect+0x10/0x10
[  155.458406][ T6556]  ? __up_read+0x280/0x680
[  155.458431][ T6556]  ? __pfx___up_read+0x10/0x10
[  155.458454][ T6556]  ? do_user_addr_fault+0xbc1/0x1390
[  155.458497][ T6556]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  155.458537][ T6556]  ? irqentry_exit+0x74/0x90
[  155.458563][ T6556]  ? __lock_acquire+0xab9/0xd20
[  155.458600][ T6556]  ? netif_receive_skb+0x115/0x790
[  155.458633][ T6556]  ? netif_receive_skb+0x115/0x790
[  155.458680][ T6556]  __netif_receive_skb+0x72/0x380
[  155.458719][ T6556]  ? netif_receive_skb+0x115/0x790
[  155.458749][ T6556]  netif_receive_skb+0x1cb/0x790
[  155.458778][ T6556]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  155.458809][ T6556]  ? __pfx_netif_receive_skb+0x10/0x10
[  155.458839][ T6556]  ? __pfx__copy_from_iter+0x10/0x10
[  155.458863][ T6556]  ? sock_alloc_send_pskb+0x875/0x990
[  155.458894][ T6556]  ? tun_rx_batched+0x160/0x730
[  155.458922][ T6556]  tun_rx_batched+0x1b9/0x730
[  155.458946][ T6556]  ? __lock_acquire+0xab9/0xd20
[  155.458980][ T6556]  ? __pfx_tun_rx_batched+0x10/0x10
[  155.459009][ T6556]  ? tun_get_user+0x266c/0x3e20
[  155.459050][ T6556]  tun_get_user+0x2aa2/0x3e20
[  155.459082][ T6556]  ? rcu_is_watching+0x15/0xb0
[  155.459120][ T6556]  ? tun_get_user+0x266c/0x3e20
[  155.459153][ T6556]  ? __pfx_tun_get_user+0x10/0x10
[  155.459192][ T6556]  ? __lock_acquire+0xab9/0xd20
[  155.459234][ T6556]  ? ref_tracker_alloc+0x318/0x460
[  155.459253][ T6556]  ? __lock_acquire+0xab9/0xd20
[  155.459284][ T6556]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  155.459312][ T6556]  ? tun_get+0x1c/0x2f0
[  155.459344][ T6556]  ? tun_get+0x1c/0x2f0
[  155.459367][ T6556]  ? tun_get+0x1c/0x2f0
[  155.459397][ T6556]  tun_chr_write_iter+0x113/0x200
[  155.459425][ T6556]  vfs_write+0x54b/0xa90
[  155.459464][ T6556]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  155.459490][ T6556]  ? __pfx_vfs_write+0x10/0x10
[  155.459535][ T6556]  ? __fget_files+0x2a/0x420
[  155.459569][ T6556]  ksys_write+0x145/0x250
[  155.459633][ T6556]  ? __pfx_ksys_write+0x10/0x10
[  155.459671][ T6556]  ? rcu_is_watching+0x15/0xb0
[  155.459710][ T6556]  ? do_syscall_64+0xbe/0x3b0
[  155.459737][ T6556]  do_syscall_64+0xfa/0x3b0
[  155.459758][ T6556]  ? lockdep_hardirqs_on+0x9c/0x150
[  155.459791][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.459813][ T6556]  ? clear_bhb_loop+0x60/0xb0
[  155.459839][ T6556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.459860][ T6556] RIP: 0033:0x7f0893d7e98f
[  155.459879][ T6556] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  155.459897][ T6556] RSP: 002b:00007f0894aea020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  155.459919][ T6556] RAX: ffffffffffffffda RBX: 00007f0893f45fa0 RCX: 00007f0893d7e98f
[  155.459935][ T6556] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  155.459948][ T6556] RBP: 00007f0893df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  155.459961][ T6556] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  155.459974][ T6556] R13: 0000000000000000 R14: 00007f0893f45fa0 R15: 00007fffd069c568
[  155.460009][ T6556]  </TASK>
[  155.460017][ T6556] Disabling lock debugging due to kernel taint
[  155.879967][ T6556] BUG: Bad page state in process syz.0.15  pfn:5a79b
[  155.886719][ T6556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805a79bdc0 pfn:0x5a79b
[  155.896859][ T6556] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  155.904038][ T6556] raw: 00fff00000000000 dead000000000040 ffff8880216e8000 0000000000000000
[  155.912817][ T6556] raw: ffff88805a79bdc0 0000000000000001 00000000ffffffff 0000000000000000
[  155.921465][ T6556] page dumped because: page_pool leak
[  155.926908][ T6556] page_owner tracks the page as allocated
[  155.932652][ T6556] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6556, tgid 6555 (syz.0.15), ts 155260026844, free_ts 150745876690
[  155.949913][ T6556]  post_alloc_hook+0x240/0x2a0
[  155.954813][ T6556]  get_page_from_freelist+0x21d5/0x22b0
[  155.960548][ T6556]  __alloc_frozen_pages_noprof+0x181/0x370
[  155.966436][ T6556]  alloc_pages_bulk_noprof+0x560/0x710
[  155.971937][ T6556]  __page_pool_alloc_netmems_slow+0x127/0x740
[  155.978114][ T6556]  skb_pp_cow_data+0xb47/0x13e0
[  155.983002][ T6556]  do_xdp_generic+0x699/0x11a0
[  155.987950][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  155.993718][ T6556]  __netif_receive_skb+0x72/0x380
[  155.998832][ T6556]  netif_receive_skb+0x1cb/0x790
[  156.003817][ T6556]  tun_rx_batched+0x1b9/0x730
[  156.008591][ T6556]  tun_get_user+0x2aa2/0x3e20
[  156.013301][ T6556]  tun_chr_write_iter+0x113/0x200
[  156.018415][ T6556]  vfs_write+0x54b/0xa90
[  156.022707][ T6556]  ksys_write+0x145/0x250
[  156.027355][ T6556]  do_syscall_64+0xfa/0x3b0
[  156.031896][ T6556] page last free pid 6297 tgid 6297 stack trace:
[  156.038289][ T6556]  __free_frozen_pages+0xbb1/0xd20
[  156.043439][ T6556]  rcu_core+0xca8/0x1770
[  156.047873][ T6556]  handle_softirqs+0x286/0x870
[  156.052676][ T6556]  __irq_exit_rcu+0xca/0x1f0
[  156.057377][ T6556]  irq_exit_rcu+0x9/0x30
[  156.061677][ T6556]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  156.067688][ T6556]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  156.073712][ T6556] Modules linked in:
[  156.077837][ T6556] CPU: 0 UID: 0 PID: 6556 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  156.077870][ T6556] Tainted: [B]=BAD_PAGE
[  156.077877][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  156.077889][ T6556] Call Trace:
[  156.077897][ T6556]  <TASK>
[  156.077906][ T6556]  dump_stack_lvl+0x189/0x250
[  156.077930][ T6556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.077948][ T6556]  ? __pfx_print_modules+0x10/0x10
[  156.077971][ T6556]  ? ksys_write+0x145/0x250
[  156.077995][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.078016][ T6556]  bad_page+0x180/0x1c0
[  156.078039][ T6556]  __free_frozen_pages+0xcd1/0xd20
[  156.078059][ T6556]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  156.078090][ T6556]  bpf_xdp_adjust_tail+0x1d6/0x220
[  156.078109][ T6556]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  156.078123][ T6556]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  156.078159][ T6556]  do_xdp_generic+0x9f7/0x11a0
[  156.078186][ T6556]  ? __pfx_do_xdp_generic+0x10/0x10
[  156.078207][ T6556]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  156.078238][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  156.078265][ T6556]  ? __pfx___skb_flow_dissect+0x10/0x10
[  156.078283][ T6556]  ? __up_read+0x280/0x680
[  156.078301][ T6556]  ? __pfx___up_read+0x10/0x10
[  156.078316][ T6556]  ? do_user_addr_fault+0xbc1/0x1390
[  156.078344][ T6556]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  156.078372][ T6556]  ? irqentry_exit+0x74/0x90
[  156.078389][ T6556]  ? __lock_acquire+0xab9/0xd20
[  156.078413][ T6556]  ? netif_receive_skb+0x115/0x790
[  156.078436][ T6556]  ? netif_receive_skb+0x115/0x790
[  156.078475][ T6556]  __netif_receive_skb+0x72/0x380
[  156.078502][ T6556]  ? netif_receive_skb+0x115/0x790
[  156.078525][ T6556]  netif_receive_skb+0x1cb/0x790
[  156.078548][ T6556]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  156.078576][ T6556]  ? __pfx_netif_receive_skb+0x10/0x10
[  156.078599][ T6556]  ? __pfx__copy_from_iter+0x10/0x10
[  156.078616][ T6556]  ? sock_alloc_send_pskb+0x875/0x990
[  156.078639][ T6556]  ? tun_rx_batched+0x160/0x730
[  156.078659][ T6556]  tun_rx_batched+0x1b9/0x730
[  156.078677][ T6556]  ? __lock_acquire+0xab9/0xd20
[  156.078701][ T6556]  ? __pfx_tun_rx_batched+0x10/0x10
[  156.078720][ T6556]  ? tun_get_user+0x266c/0x3e20
[  156.078744][ T6556]  tun_get_user+0x2aa2/0x3e20
[  156.078765][ T6556]  ? rcu_is_watching+0x15/0xb0
[  156.078791][ T6556]  ? tun_get_user+0x266c/0x3e20
[  156.078822][ T6556]  ? __pfx_tun_get_user+0x10/0x10
[  156.078842][ T6556]  ? __lock_acquire+0xab9/0xd20
[  156.078868][ T6556]  ? ref_tracker_alloc+0x318/0x460
[  156.078882][ T6556]  ? __lock_acquire+0xab9/0xd20
[  156.078905][ T6556]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  156.078922][ T6556]  ? tun_get+0x1c/0x2f0
[  156.078941][ T6556]  ? tun_get+0x1c/0x2f0
[  156.078958][ T6556]  ? tun_get+0x1c/0x2f0
[  156.078978][ T6556]  tun_chr_write_iter+0x113/0x200
[  156.078997][ T6556]  vfs_write+0x54b/0xa90
[  156.079023][ T6556]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  156.079041][ T6556]  ? __pfx_vfs_write+0x10/0x10
[  156.079069][ T6556]  ? __fget_files+0x2a/0x420
[  156.079090][ T6556]  ksys_write+0x145/0x250
[  156.079115][ T6556]  ? __pfx_ksys_write+0x10/0x10
[  156.079138][ T6556]  ? rcu_is_watching+0x15/0xb0
[  156.079165][ T6556]  ? do_syscall_64+0xbe/0x3b0
[  156.079183][ T6556]  do_syscall_64+0xfa/0x3b0
[  156.079199][ T6556]  ? lockdep_hardirqs_on+0x9c/0x150
[  156.079224][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.079240][ T6556]  ? clear_bhb_loop+0x60/0xb0
[  156.079258][ T6556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.079274][ T6556] RIP: 0033:0x7f0893d7e98f
[  156.079288][ T6556] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  156.079302][ T6556] RSP: 002b:00007f0894aea020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  156.079319][ T6556] RAX: ffffffffffffffda RBX: 00007f0893f45fa0 RCX: 00007f0893d7e98f
[  156.079332][ T6556] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  156.079342][ T6556] RBP: 00007f0893df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  156.079352][ T6556] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  156.079362][ T6556] R13: 0000000000000000 R14: 00007f0893f45fa0 R15: 00007fffd069c568
[  156.079380][ T6556]  </TASK>
[  156.079393][ T6556] BUG: Bad page state in process syz.0.15  pfn:75002
[  156.503704][ T6556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888075002dc0 pfn:0x75002
[  156.513828][ T6556] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  156.521003][ T6556] raw: 00fff00000000000 dead000000000040 ffff8880216e8000 0000000000000000
[  156.529638][ T6556] raw: ffff888075002dc0 0000000000000001 00000000ffffffff 0000000000000000
[  156.538264][ T6556] page dumped because: page_pool leak
[  156.543653][ T6556] page_owner tracks the page as allocated
[  156.549406][ T6556] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6556, tgid 6555 (syz.0.15), ts 155260006504, free_ts 150745916915
[  156.566313][ T6556]  post_alloc_hook+0x240/0x2a0
[  156.571091][ T6556]  get_page_from_freelist+0x21d5/0x22b0
[  156.576688][ T6556]  __alloc_frozen_pages_noprof+0x181/0x370
[  156.582783][ T6556]  alloc_pages_bulk_noprof+0x560/0x710
[  156.588294][ T6556]  __page_pool_alloc_netmems_slow+0x127/0x740
[  156.594411][ T6556]  skb_pp_cow_data+0xb47/0x13e0
[  156.599320][ T6556]  do_xdp_generic+0x699/0x11a0
[  156.604113][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  156.609887][ T6556]  __netif_receive_skb+0x72/0x380
[  156.614940][ T6556]  netif_receive_skb+0x1cb/0x790
[  156.619949][ T6556]  tun_rx_batched+0x1b9/0x730
[  156.624668][ T6556]  tun_get_user+0x2aa2/0x3e20
[  156.629415][ T6556]  tun_chr_write_iter+0x113/0x200
[  156.634567][ T6556]  vfs_write+0x54b/0xa90
[  156.638882][ T6556]  ksys_write+0x145/0x250
[  156.643259][ T6556]  do_syscall_64+0xfa/0x3b0
[  156.647821][ T6556] page last free pid 6297 tgid 6297 stack trace:
[  156.654163][ T6556]  __free_frozen_pages+0xbb1/0xd20
[  156.659622][ T6556]  rcu_core+0xca8/0x1770
[  156.663955][ T6556]  handle_softirqs+0x286/0x870
[  156.668797][ T6556]  __irq_exit_rcu+0xca/0x1f0
[  156.673601][ T6556]  irq_exit_rcu+0x9/0x30
[  156.677969][ T6556]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  156.683821][ T6556]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  156.689981][ T6556] Modules linked in:
[  156.693908][ T6556] CPU: 0 UID: 0 PID: 6556 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  156.693933][ T6556] Tainted: [B]=BAD_PAGE
[  156.693938][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  156.693947][ T6556] Call Trace:
[  156.693953][ T6556]  <TASK>
[  156.693959][ T6556]  dump_stack_lvl+0x189/0x250
[  156.693981][ T6556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.693997][ T6556]  ? __pfx_print_modules+0x10/0x10
[  156.694018][ T6556]  ? ksys_write+0x145/0x250
[  156.694040][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.694059][ T6556]  bad_page+0x180/0x1c0
[  156.694080][ T6556]  __free_frozen_pages+0xcd1/0xd20
[  156.694099][ T6556]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  156.694126][ T6556]  bpf_xdp_adjust_tail+0x1d6/0x220
[  156.694144][ T6556]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  156.694157][ T6556]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  156.694190][ T6556]  do_xdp_generic+0x9f7/0x11a0
[  156.694214][ T6556]  ? __pfx_do_xdp_generic+0x10/0x10
[  156.694233][ T6556]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  156.694262][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  156.694287][ T6556]  ? __pfx___skb_flow_dissect+0x10/0x10
[  156.694304][ T6556]  ? __up_read+0x280/0x680
[  156.694320][ T6556]  ? __pfx___up_read+0x10/0x10
[  156.694334][ T6556]  ? do_user_addr_fault+0xbc1/0x1390
[  156.694359][ T6556]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  156.694384][ T6556]  ? irqentry_exit+0x74/0x90
[  156.694399][ T6556]  ? __lock_acquire+0xab9/0xd20
[  156.694421][ T6556]  ? netif_receive_skb+0x115/0x790
[  156.694442][ T6556]  ? netif_receive_skb+0x115/0x790
[  156.694464][ T6556]  __netif_receive_skb+0x72/0x380
[  156.694488][ T6556]  ? netif_receive_skb+0x115/0x790
[  156.694513][ T6556]  netif_receive_skb+0x1cb/0x790
[  156.694535][ T6556]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  156.694559][ T6556]  ? __pfx_netif_receive_skb+0x10/0x10
[  156.694580][ T6556]  ? __pfx__copy_from_iter+0x10/0x10
[  156.694596][ T6556]  ? sock_alloc_send_pskb+0x875/0x990
[  156.694617][ T6556]  ? tun_rx_batched+0x160/0x730
[  156.694635][ T6556]  tun_rx_batched+0x1b9/0x730
[  156.694651][ T6556]  ? __lock_acquire+0xab9/0xd20
[  156.694673][ T6556]  ? __pfx_tun_rx_batched+0x10/0x10
[  156.694691][ T6556]  ? tun_get_user+0x266c/0x3e20
[  156.694713][ T6556]  tun_get_user+0x2aa2/0x3e20
[  156.694731][ T6556]  ? rcu_is_watching+0x15/0xb0
[  156.694756][ T6556]  ? tun_get_user+0x266c/0x3e20
[  156.694775][ T6556]  ? __pfx_tun_get_user+0x10/0x10
[  156.694793][ T6556]  ? __lock_acquire+0xab9/0xd20
[  156.694817][ T6556]  ? ref_tracker_alloc+0x318/0x460
[  156.694830][ T6556]  ? __lock_acquire+0xab9/0xd20
[  156.694850][ T6556]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  156.694866][ T6556]  ? tun_get+0x1c/0x2f0
[  156.694884][ T6556]  ? tun_get+0x1c/0x2f0
[  156.694899][ T6556]  ? tun_get+0x1c/0x2f0
[  156.694916][ T6556]  tun_chr_write_iter+0x113/0x200
[  156.694933][ T6556]  vfs_write+0x54b/0xa90
[  156.694956][ T6556]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  156.694973][ T6556]  ? __pfx_vfs_write+0x10/0x10
[  156.694998][ T6556]  ? __fget_files+0x2a/0x420
[  156.695017][ T6556]  ksys_write+0x145/0x250
[  156.695040][ T6556]  ? __pfx_ksys_write+0x10/0x10
[  156.695061][ T6556]  ? rcu_is_watching+0x15/0xb0
[  156.695084][ T6556]  ? do_syscall_64+0xbe/0x3b0
[  156.695100][ T6556]  do_syscall_64+0xfa/0x3b0
[  156.695114][ T6556]  ? lockdep_hardirqs_on+0x9c/0x150
[  156.695137][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.695151][ T6556]  ? clear_bhb_loop+0x60/0xb0
[  156.695168][ T6556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.695182][ T6556] RIP: 0033:0x7f0893d7e98f
[  156.695195][ T6556] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  156.695207][ T6556] RSP: 002b:00007f0894aea020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  156.695223][ T6556] RAX: ffffffffffffffda RBX: 00007f0893f45fa0 RCX: 00007f0893d7e98f
[  156.695234][ T6556] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  156.695244][ T6556] RBP: 00007f0893df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  156.695253][ T6556] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  156.695262][ T6556] R13: 0000000000000000 R14: 00007f0893f45fa0 R15: 00007fffd069c568
[  156.695278][ T6556]  </TASK>
[  156.695288][ T6556] BUG: Bad page state in process syz.0.15  pfn:28522
[  157.025771][ T5935] Bluetooth: hci0: command tx timeout
[  157.030372][ T6556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888028522780 pfn:0x28522
[  157.030398][ T6556] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  157.141974][ T6556] raw: 00fff00000000000 dead000000000040 ffff8880216e8000 0000000000000000
[  157.150606][ T6556] raw: ffff888028522780 0000000000000001 00000000ffffffff 0000000000000000
[  157.159230][ T6556] page dumped because: page_pool leak
[  157.164599][ T6556] page_owner tracks the page as allocated
[  157.170359][ T6556] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6556, tgid 6555 (syz.0.15), ts 155259986650, free_ts 150747802178
[  157.187255][ T6556]  post_alloc_hook+0x240/0x2a0
[  157.192032][ T6556]  get_page_from_freelist+0x21d5/0x22b0
[  157.197629][ T6556]  __alloc_frozen_pages_noprof+0x181/0x370
[  157.203526][ T6556]  alloc_pages_bulk_noprof+0x560/0x710
[  157.209045][ T6556]  __page_pool_alloc_netmems_slow+0x127/0x740
[  157.215706][ T6556]  skb_pp_cow_data+0xb47/0x13e0
[  157.220585][ T6556]  do_xdp_generic+0x699/0x11a0
[  157.225357][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  157.231159][ T6556]  __netif_receive_skb+0x72/0x380
[  157.236241][ T6556]  netif_receive_skb+0x1cb/0x790
[  157.241203][ T6556]  tun_rx_batched+0x1b9/0x730
[  157.245932][ T6556]  tun_get_user+0x2aa2/0x3e20
[  157.250745][ T6556]  tun_chr_write_iter+0x113/0x200
[  157.255827][ T6556]  vfs_write+0x54b/0xa90
[  157.260103][ T6556]  ksys_write+0x145/0x250
[  157.264533][ T6556]  do_syscall_64+0xfa/0x3b0
[  157.269173][ T6556] page last free pid 15 tgid 15 stack trace:
[  157.275182][ T6556]  __free_frozen_pages+0xbb1/0xd20
[  157.280461][ T6556]  rcu_core+0xca8/0x1770
[  157.284774][ T6556]  handle_softirqs+0x286/0x870
[  157.289595][ T6556]  run_ksoftirqd+0x9b/0x100
[  157.294132][ T6556]  smpboot_thread_fn+0x53f/0xa60
[  157.299171][ T6556]  kthread+0x70e/0x8a0
[  157.303282][ T6556]  ret_from_fork+0x3f9/0x770
[  157.307935][ T6556]  ret_from_fork_asm+0x1a/0x30
[  157.312732][ T6556] Modules linked in:
[  157.316696][ T6556] CPU: 0 UID: 0 PID: 6556 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  157.316727][ T6556] Tainted: [B]=BAD_PAGE
[  157.316734][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  157.316744][ T6556] Call Trace:
[  157.316750][ T6556]  <TASK>
[  157.316757][ T6556]  dump_stack_lvl+0x189/0x250
[  157.316782][ T6556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  157.316803][ T6556]  ? __pfx_print_modules+0x10/0x10
[  157.316829][ T6556]  ? ksys_write+0x145/0x250
[  157.316857][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.316881][ T6556]  bad_page+0x180/0x1c0
[  157.316908][ T6556]  __free_frozen_pages+0xcd1/0xd20
[  157.316933][ T6556]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  157.316972][ T6556]  bpf_xdp_adjust_tail+0x1d6/0x220
[  157.316997][ T6556]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  157.317015][ T6556]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  157.317059][ T6556]  do_xdp_generic+0x9f7/0x11a0
[  157.317093][ T6556]  ? __pfx_do_xdp_generic+0x10/0x10
[  157.317119][ T6556]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  157.317159][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  157.317193][ T6556]  ? __pfx___skb_flow_dissect+0x10/0x10
[  157.317215][ T6556]  ? __up_read+0x280/0x680
[  157.317237][ T6556]  ? __pfx___up_read+0x10/0x10
[  157.317257][ T6556]  ? do_user_addr_fault+0xbc1/0x1390
[  157.317291][ T6556]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  157.317325][ T6556]  ? irqentry_exit+0x74/0x90
[  157.317346][ T6556]  ? __lock_acquire+0xab9/0xd20
[  157.317376][ T6556]  ? netif_receive_skb+0x115/0x790
[  157.317405][ T6556]  ? netif_receive_skb+0x115/0x790
[  157.317436][ T6556]  __netif_receive_skb+0x72/0x380
[  157.317480][ T6556]  ? netif_receive_skb+0x115/0x790
[  157.317508][ T6556]  netif_receive_skb+0x1cb/0x790
[  157.317537][ T6556]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  157.317569][ T6556]  ? __pfx_netif_receive_skb+0x10/0x10
[  157.317598][ T6556]  ? __pfx__copy_from_iter+0x10/0x10
[  157.317620][ T6556]  ? sock_alloc_send_pskb+0x875/0x990
[  157.317648][ T6556]  ? tun_rx_batched+0x160/0x730
[  157.317673][ T6556]  tun_rx_batched+0x1b9/0x730
[  157.317696][ T6556]  ? __lock_acquire+0xab9/0xd20
[  157.317725][ T6556]  ? __pfx_tun_rx_batched+0x10/0x10
[  157.317750][ T6556]  ? tun_get_user+0x266c/0x3e20
[  157.317779][ T6556]  tun_get_user+0x2aa2/0x3e20
[  157.317805][ T6556]  ? rcu_is_watching+0x15/0xb0
[  157.317838][ T6556]  ? tun_get_user+0x266c/0x3e20
[  157.317864][ T6556]  ? __pfx_tun_get_user+0x10/0x10
[  157.317890][ T6556]  ? __lock_acquire+0xab9/0xd20
[  157.317922][ T6556]  ? ref_tracker_alloc+0x318/0x460
[  157.317940][ T6556]  ? __lock_acquire+0xab9/0xd20
[  157.317976][ T6556]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  157.317998][ T6556]  ? tun_get+0x1c/0x2f0
[  157.318022][ T6556]  ? tun_get+0x1c/0x2f0
[  157.318044][ T6556]  ? tun_get+0x1c/0x2f0
[  157.318067][ T6556]  tun_chr_write_iter+0x113/0x200
[  157.318091][ T6556]  vfs_write+0x54b/0xa90
[  157.318124][ T6556]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  157.318165][ T6556]  ? __pfx_vfs_write+0x10/0x10
[  157.318202][ T6556]  ? __fget_files+0x2a/0x420
[  157.318229][ T6556]  ksys_write+0x145/0x250
[  157.318262][ T6556]  ? __pfx_ksys_write+0x10/0x10
[  157.318292][ T6556]  ? rcu_is_watching+0x15/0xb0
[  157.318326][ T6556]  ? do_syscall_64+0xbe/0x3b0
[  157.318348][ T6556]  do_syscall_64+0xfa/0x3b0
[  157.318368][ T6556]  ? lockdep_hardirqs_on+0x9c/0x150
[  157.318400][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.318421][ T6556]  ? clear_bhb_loop+0x60/0xb0
[  157.318444][ T6556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.318472][ T6556] RIP: 0033:0x7f0893d7e98f
[  157.318490][ T6556] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  157.318508][ T6556] RSP: 002b:00007f0894aea020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  157.318530][ T6556] RAX: ffffffffffffffda RBX: 00007f0893f45fa0 RCX: 00007f0893d7e98f
[  157.318546][ T6556] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  157.318559][ T6556] RBP: 00007f0893df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  157.318573][ T6556] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  157.318586][ T6556] R13: 0000000000000000 R14: 00007f0893f45fa0 R15: 00007fffd069c568
[  157.318609][ T6556]  </TASK>
[  157.318621][ T6556] BUG: Bad page state in process syz.0.15  pfn:27da0
[  157.742777][ T6556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888027da08c0 pfn:0x27da0
[  157.753098][ T6556] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  157.760288][ T6556] raw: 00fff00000000000 dead000000000040 ffff8880216e8000 0000000000000000
[  157.768944][ T6556] raw: ffff888027da08c0 0000000000000001 00000000ffffffff 0000000000000000
[  157.777596][ T6556] page dumped because: page_pool leak
[  157.783057][ T6556] page_owner tracks the page as allocated
[  157.788909][ T6556] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6556, tgid 6555 (syz.0.15), ts 155259966158, free_ts 150747828043
[  157.805807][ T6556]  post_alloc_hook+0x240/0x2a0
[  157.810610][ T6556]  get_page_from_freelist+0x21d5/0x22b0
[  157.816292][ T6556]  __alloc_frozen_pages_noprof+0x181/0x370
[  157.822129][ T6556]  alloc_pages_bulk_noprof+0x560/0x710
[  157.827679][ T6556]  __page_pool_alloc_netmems_slow+0x127/0x740
[  157.833793][ T6556]  skb_pp_cow_data+0xb47/0x13e0
[  157.838707][ T6556]  do_xdp_generic+0x699/0x11a0
[  157.843527][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  157.849319][ T6556]  __netif_receive_skb+0x72/0x380
[  157.854400][ T6556]  netif_receive_skb+0x1cb/0x790
[  157.859479][ T6556]  tun_rx_batched+0x1b9/0x730
[  157.864186][ T6556]  tun_get_user+0x2aa2/0x3e20
[  157.869031][ T6556]  tun_chr_write_iter+0x113/0x200
[  157.874083][ T6556]  vfs_write+0x54b/0xa90
[  157.878389][ T6556]  ksys_write+0x145/0x250
[  157.882847][ T6556]  do_syscall_64+0xfa/0x3b0
[  157.887409][ T6556] page last free pid 15 tgid 15 stack trace:
[  157.893406][ T6556]  __free_frozen_pages+0xbb1/0xd20
[  157.898574][ T6556]  rcu_core+0xca8/0x1770
[  157.902854][ T6556]  handle_softirqs+0x286/0x870
[  157.907686][ T6556]  run_ksoftirqd+0x9b/0x100
[  157.912227][ T6556]  smpboot_thread_fn+0x53f/0xa60
[  157.917391][ T6556]  kthread+0x70e/0x8a0
[  157.921501][ T6556]  ret_from_fork+0x3f9/0x770
[  157.926261][ T6556]  ret_from_fork_asm+0x1a/0x30
[  157.931167][ T6556] Modules linked in:
[  157.935071][ T6556] CPU: 0 UID: 0 PID: 6556 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  157.935093][ T6556] Tainted: [B]=BAD_PAGE
[  157.935099][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  157.935108][ T6556] Call Trace:
[  157.935114][ T6556]  <TASK>
[  157.935121][ T6556]  dump_stack_lvl+0x189/0x250
[  157.935142][ T6556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  157.935158][ T6556]  ? __pfx_print_modules+0x10/0x10
[  157.935178][ T6556]  ? ksys_write+0x145/0x250
[  157.935200][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.935219][ T6556]  bad_page+0x180/0x1c0
[  157.935240][ T6556]  __free_frozen_pages+0xcd1/0xd20
[  157.935258][ T6556]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  157.935286][ T6556]  bpf_xdp_adjust_tail+0x1d6/0x220
[  157.935304][ T6556]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  157.935317][ T6556]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  157.935350][ T6556]  do_xdp_generic+0x9f7/0x11a0
[  157.935374][ T6556]  ? __pfx_do_xdp_generic+0x10/0x10
[  157.935393][ T6556]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  157.935423][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  157.935447][ T6556]  ? __pfx___skb_flow_dissect+0x10/0x10
[  157.935463][ T6556]  ? __up_read+0x280/0x680
[  157.935479][ T6556]  ? __pfx___up_read+0x10/0x10
[  157.935493][ T6556]  ? do_user_addr_fault+0xbc1/0x1390
[  157.935519][ T6556]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  157.935544][ T6556]  ? irqentry_exit+0x74/0x90
[  157.935565][ T6556]  ? __lock_acquire+0xab9/0xd20
[  157.935597][ T6556]  ? netif_receive_skb+0x115/0x790
[  157.935624][ T6556]  ? netif_receive_skb+0x115/0x790
[  157.935653][ T6556]  __netif_receive_skb+0x72/0x380
[  157.935686][ T6556]  ? netif_receive_skb+0x115/0x790
[  157.935725][ T6556]  netif_receive_skb+0x1cb/0x790
[  157.935755][ T6556]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  157.935787][ T6556]  ? __pfx_netif_receive_skb+0x10/0x10
[  157.935817][ T6556]  ? __pfx__copy_from_iter+0x10/0x10
[  157.935839][ T6556]  ? sock_alloc_send_pskb+0x875/0x990
[  157.935868][ T6556]  ? tun_rx_batched+0x160/0x730
[  157.935893][ T6556]  tun_rx_batched+0x1b9/0x730
[  157.935916][ T6556]  ? __lock_acquire+0xab9/0xd20
[  157.935945][ T6556]  ? __pfx_tun_rx_batched+0x10/0x10
[  157.935970][ T6556]  ? tun_get_user+0x266c/0x3e20
[  157.935999][ T6556]  tun_get_user+0x2aa2/0x3e20
[  157.936022][ T6556]  ? rcu_is_watching+0x15/0xb0
[  157.936046][ T6556]  ? tun_get_user+0x266c/0x3e20
[  157.936065][ T6556]  ? __pfx_tun_get_user+0x10/0x10
[  157.936083][ T6556]  ? __lock_acquire+0xab9/0xd20
[  157.936107][ T6556]  ? ref_tracker_alloc+0x318/0x460
[  157.936120][ T6556]  ? __lock_acquire+0xab9/0xd20
[  157.936140][ T6556]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  157.936155][ T6556]  ? tun_get+0x1c/0x2f0
[  157.936173][ T6556]  ? tun_get+0x1c/0x2f0
[  157.936188][ T6556]  ? tun_get+0x1c/0x2f0
[  157.936205][ T6556]  tun_chr_write_iter+0x113/0x200
[  157.936223][ T6556]  vfs_write+0x54b/0xa90
[  157.936246][ T6556]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  157.936263][ T6556]  ? __pfx_vfs_write+0x10/0x10
[  157.936288][ T6556]  ? __fget_files+0x2a/0x420
[  157.936307][ T6556]  ksys_write+0x145/0x250
[  157.936331][ T6556]  ? __pfx_ksys_write+0x10/0x10
[  157.936352][ T6556]  ? rcu_is_watching+0x15/0xb0
[  157.936376][ T6556]  ? do_syscall_64+0xbe/0x3b0
[  157.936393][ T6556]  do_syscall_64+0xfa/0x3b0
[  157.936408][ T6556]  ? lockdep_hardirqs_on+0x9c/0x150
[  157.936431][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.936445][ T6556]  ? clear_bhb_loop+0x60/0xb0
[  157.936462][ T6556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.936476][ T6556] RIP: 0033:0x7f0893d7e98f
[  157.936489][ T6556] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  157.936502][ T6556] RSP: 002b:00007f0894aea020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  157.936518][ T6556] RAX: ffffffffffffffda RBX: 00007f0893f45fa0 RCX: 00007f0893d7e98f
[  157.936529][ T6556] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  157.936538][ T6556] RBP: 00007f0893df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  157.936547][ T6556] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  157.936556][ T6556] R13: 0000000000000000 R14: 00007f0893f45fa0 R15: 00007fffd069c568
[  157.936572][ T6556]  </TASK>
[  158.352119][ T6556] BUG: Bad page state in process syz.0.15  pfn:70f22
[  158.358852][ T6556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888070f22ee0 pfn:0x70f22
[  158.368984][ T6556] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  158.376185][ T6556] raw: 00fff00000000000 dead000000000040 ffff8880216e8000 0000000000000000
[  158.384929][ T6556] raw: ffff888070f22ee0 0000000000000001 00000000ffffffff 0000000000000000
[  158.393577][ T6556] page dumped because: page_pool leak
[  158.398992][ T6556] page_owner tracks the page as allocated
[  158.404718][ T6556] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6556, tgid 6555 (syz.0.15), ts 155259946073, free_ts 150747951919
[  158.421648][ T6556]  post_alloc_hook+0x240/0x2a0
[  158.426478][ T6556]  get_page_from_freelist+0x21d5/0x22b0
[  158.432165][ T6556]  __alloc_frozen_pages_noprof+0x181/0x370
[  158.438024][ T6556]  alloc_pages_bulk_noprof+0x560/0x710
[  158.443509][ T6556]  __page_pool_alloc_netmems_slow+0x127/0x740
[  158.449640][ T6556]  skb_pp_cow_data+0xb47/0x13e0
[  158.454518][ T6556]  do_xdp_generic+0x699/0x11a0
[  158.459350][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  158.465123][ T6556]  __netif_receive_skb+0x72/0x380
[  158.470243][ T6556]  netif_receive_skb+0x1cb/0x790
[  158.475231][ T6556]  tun_rx_batched+0x1b9/0x730
[  158.479974][ T6556]  tun_get_user+0x2aa2/0x3e20
[  158.484677][ T6556]  tun_chr_write_iter+0x113/0x200
[  158.489750][ T6556]  vfs_write+0x54b/0xa90
[  158.494020][ T6556]  ksys_write+0x145/0x250
[  158.498419][ T6556]  do_syscall_64+0xfa/0x3b0
[  158.502964][ T6556] page last free pid 15 tgid 15 stack trace:
[  158.508991][ T6556]  __free_frozen_pages+0xbb1/0xd20
[  158.514131][ T6556]  rcu_core+0xca8/0x1770
[  158.518444][ T6556]  handle_softirqs+0x286/0x870
[  158.523341][ T6556]  run_ksoftirqd+0x9b/0x100
[  158.527902][ T6556]  smpboot_thread_fn+0x53f/0xa60
[  158.532962][ T6556]  kthread+0x70e/0x8a0
[  158.537271][ T6556]  ret_from_fork+0x3f9/0x770
[  158.542021][ T6556]  ret_from_fork_asm+0x1a/0x30
[  158.546866][ T6556] Modules linked in:
[  158.550789][ T6556] CPU: 0 UID: 0 PID: 6556 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  158.550812][ T6556] Tainted: [B]=BAD_PAGE
[  158.550818][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  158.550827][ T6556] Call Trace:
[  158.550833][ T6556]  <TASK>
[  158.550839][ T6556]  dump_stack_lvl+0x189/0x250
[  158.550861][ T6556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.550877][ T6556]  ? __pfx_print_modules+0x10/0x10
[  158.550898][ T6556]  ? ksys_write+0x145/0x250
[  158.550920][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.550938][ T6556]  bad_page+0x180/0x1c0
[  158.550959][ T6556]  __free_frozen_pages+0xcd1/0xd20
[  158.550978][ T6556]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  158.551005][ T6556]  bpf_xdp_adjust_tail+0x1d6/0x220
[  158.551023][ T6556]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  158.551036][ T6556]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  158.551068][ T6556]  do_xdp_generic+0x9f7/0x11a0
[  158.551093][ T6556]  ? __pfx_do_xdp_generic+0x10/0x10
[  158.551112][ T6556]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  158.551141][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  158.551165][ T6556]  ? __pfx___skb_flow_dissect+0x10/0x10
[  158.551182][ T6556]  ? __up_read+0x280/0x680
[  158.551197][ T6556]  ? __pfx___up_read+0x10/0x10
[  158.551212][ T6556]  ? do_user_addr_fault+0xbc1/0x1390
[  158.551237][ T6556]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  158.551262][ T6556]  ? irqentry_exit+0x74/0x90
[  158.551277][ T6556]  ? __lock_acquire+0xab9/0xd20
[  158.551299][ T6556]  ? netif_receive_skb+0x115/0x790
[  158.551320][ T6556]  ? netif_receive_skb+0x115/0x790
[  158.551342][ T6556]  __netif_receive_skb+0x72/0x380
[  158.551372][ T6556]  ? netif_receive_skb+0x115/0x790
[  158.551393][ T6556]  netif_receive_skb+0x1cb/0x790
[  158.551414][ T6556]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  158.551437][ T6556]  ? __pfx_netif_receive_skb+0x10/0x10
[  158.551459][ T6556]  ? __pfx__copy_from_iter+0x10/0x10
[  158.551475][ T6556]  ? sock_alloc_send_pskb+0x875/0x990
[  158.551495][ T6556]  ? tun_rx_batched+0x160/0x730
[  158.551514][ T6556]  tun_rx_batched+0x1b9/0x730
[  158.551530][ T6556]  ? __lock_acquire+0xab9/0xd20
[  158.551551][ T6556]  ? __pfx_tun_rx_batched+0x10/0x10
[  158.551570][ T6556]  ? tun_get_user+0x266c/0x3e20
[  158.551591][ T6556]  tun_get_user+0x2aa2/0x3e20
[  158.551610][ T6556]  ? rcu_is_watching+0x15/0xb0
[  158.551634][ T6556]  ? tun_get_user+0x266c/0x3e20
[  158.551653][ T6556]  ? __pfx_tun_get_user+0x10/0x10
[  158.551672][ T6556]  ? __lock_acquire+0xab9/0xd20
[  158.551695][ T6556]  ? ref_tracker_alloc+0x318/0x460
[  158.551708][ T6556]  ? __lock_acquire+0xab9/0xd20
[  158.551728][ T6556]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  158.551744][ T6556]  ? tun_get+0x1c/0x2f0
[  158.551761][ T6556]  ? tun_get+0x1c/0x2f0
[  158.551776][ T6556]  ? tun_get+0x1c/0x2f0
[  158.551793][ T6556]  tun_chr_write_iter+0x113/0x200
[  158.551811][ T6556]  vfs_write+0x54b/0xa90
[  158.551834][ T6556]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  158.551850][ T6556]  ? __pfx_vfs_write+0x10/0x10
[  158.551876][ T6556]  ? __fget_files+0x2a/0x420
[  158.551894][ T6556]  ksys_write+0x145/0x250
[  158.551917][ T6556]  ? __pfx_ksys_write+0x10/0x10
[  158.551938][ T6556]  ? rcu_is_watching+0x15/0xb0
[  158.551962][ T6556]  ? do_syscall_64+0xbe/0x3b0
[  158.551978][ T6556]  do_syscall_64+0xfa/0x3b0
[  158.551991][ T6556]  ? lockdep_hardirqs_on+0x9c/0x150
[  158.552014][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.552029][ T6556]  ? clear_bhb_loop+0x60/0xb0
[  158.552045][ T6556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.552060][ T6556] RIP: 0033:0x7f0893d7e98f
[  158.552073][ T6556] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  158.552085][ T6556] RSP: 002b:00007f0894aea020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  158.552101][ T6556] RAX: ffffffffffffffda RBX: 00007f0893f45fa0 RCX: 00007f0893d7e98f
[  158.552112][ T6556] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  158.552122][ T6556] RBP: 00007f0893df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  158.552131][ T6556] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  158.552140][ T6556] R13: 0000000000000000 R14: 00007f0893f45fa0 R15: 00007fffd069c568
[  158.552156][ T6556]  </TASK>
[  158.552165][ T6556] BUG: Bad page state in process syz.0.15  pfn:33ed5
[  158.976562][ T6556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888033ed5ee0 pfn:0x33ed5
[  158.986734][ T6556] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  158.993883][ T6556] raw: 00fff00000000000 dead000000000040 ffff8880216e8000 0000000000000000
[  159.002535][ T6556] raw: ffff888033ed5ee0 0000000000000001 00000000ffffffff 0000000000000000
[  159.011165][ T6556] page dumped because: page_pool leak
[  159.016573][ T6556] page_owner tracks the page as allocated
[  159.022303][ T6556] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6556, tgid 6555 (syz.0.15), ts 155259926259, free_ts 150747980814
[  159.039198][ T6556]  post_alloc_hook+0x240/0x2a0
[  159.044074][ T6556]  get_page_from_freelist+0x21d5/0x22b0
[  159.049679][ T6556]  __alloc_frozen_pages_noprof+0x181/0x370
[  159.055516][ T6556]  alloc_pages_bulk_noprof+0x560/0x710
[  159.061055][ T6556]  __page_pool_alloc_netmems_slow+0x127/0x740
[  159.067342][ T6556]  skb_pp_cow_data+0xb47/0x13e0
[  159.072214][ T6556]  do_xdp_generic+0x699/0x11a0
[  159.077053][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  159.082803][ T6556]  __netif_receive_skb+0x72/0x380
[  159.087948][ T6556]  netif_receive_skb+0x1cb/0x790
[  159.092927][ T6556]  tun_rx_batched+0x1b9/0x730
[  159.097659][ T6556]  tun_get_user+0x2aa2/0x3e20
[  159.102404][ T6556]  tun_chr_write_iter+0x113/0x200
[  159.107488][ T6556]  vfs_write+0x54b/0xa90
[  159.111766][ T6556]  ksys_write+0x145/0x250
[  159.115718][ T5935] Bluetooth: hci0: command tx timeout
[  159.116175][ T6556]  do_syscall_64+0xfa/0x3b0
[  159.126118][ T6556] page last free pid 15 tgid 15 stack trace:
[  159.132096][ T6556]  __free_frozen_pages+0xbb1/0xd20
[  159.137247][ T6556]  rcu_core+0xca8/0x1770
[  159.141524][ T6556]  handle_softirqs+0x286/0x870
[  159.146434][ T6556]  run_ksoftirqd+0x9b/0x100
[  159.150959][ T6556]  smpboot_thread_fn+0x53f/0xa60
[  159.155992][ T6556]  kthread+0x70e/0x8a0
[  159.160181][ T6556]  ret_from_fork+0x3f9/0x770
[  159.164797][ T6556]  ret_from_fork_asm+0x1a/0x30
[  159.169654][ T6556] Modules linked in:
[  159.173587][ T6556] CPU: 0 UID: 0 PID: 6556 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  159.173611][ T6556] Tainted: [B]=BAD_PAGE
[  159.173616][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  159.173625][ T6556] Call Trace:
[  159.173632][ T6556]  <TASK>
[  159.173638][ T6556]  dump_stack_lvl+0x189/0x250
[  159.173660][ T6556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.173676][ T6556]  ? __pfx_print_modules+0x10/0x10
[  159.173697][ T6556]  ? ksys_write+0x145/0x250
[  159.173719][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.173737][ T6556]  bad_page+0x180/0x1c0
[  159.173758][ T6556]  __free_frozen_pages+0xcd1/0xd20
[  159.173777][ T6556]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  159.173811][ T6556]  bpf_xdp_adjust_tail+0x1d6/0x220
[  159.173830][ T6556]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  159.173843][ T6556]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  159.173876][ T6556]  do_xdp_generic+0x9f7/0x11a0
[  159.173960][ T6556]  ? __pfx_do_xdp_generic+0x10/0x10
[  159.173980][ T6556]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  159.174009][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  159.174034][ T6556]  ? __pfx___skb_flow_dissect+0x10/0x10
[  159.174051][ T6556]  ? __up_read+0x280/0x680
[  159.174067][ T6556]  ? __pfx___up_read+0x10/0x10
[  159.174083][ T6556]  ? do_user_addr_fault+0xbc1/0x1390
[  159.174109][ T6556]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  159.174134][ T6556]  ? irqentry_exit+0x74/0x90
[  159.174149][ T6556]  ? __lock_acquire+0xab9/0xd20
[  159.174171][ T6556]  ? netif_receive_skb+0x115/0x790
[  159.174192][ T6556]  ? netif_receive_skb+0x115/0x790
[  159.174214][ T6556]  __netif_receive_skb+0x72/0x380
[  159.174239][ T6556]  ? netif_receive_skb+0x115/0x790
[  159.174259][ T6556]  netif_receive_skb+0x1cb/0x790
[  159.174280][ T6556]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  159.174304][ T6556]  ? __pfx_netif_receive_skb+0x10/0x10
[  159.174352][ T6556]  ? __pfx__copy_from_iter+0x10/0x10
[  159.174369][ T6556]  ? sock_alloc_send_pskb+0x875/0x990
[  159.174390][ T6556]  ? tun_rx_batched+0x160/0x730
[  159.174408][ T6556]  tun_rx_batched+0x1b9/0x730
[  159.174424][ T6556]  ? __lock_acquire+0xab9/0xd20
[  159.174445][ T6556]  ? __pfx_tun_rx_batched+0x10/0x10
[  159.174465][ T6556]  ? tun_get_user+0x266c/0x3e20
[  159.174487][ T6556]  tun_get_user+0x2aa2/0x3e20
[  159.174506][ T6556]  ? rcu_is_watching+0x15/0xb0
[  159.174530][ T6556]  ? tun_get_user+0x266c/0x3e20
[  159.174550][ T6556]  ? __pfx_tun_get_user+0x10/0x10
[  159.174572][ T6556]  ? __lock_acquire+0xab9/0xd20
[  159.174599][ T6556]  ? ref_tracker_alloc+0x318/0x460
[  159.174612][ T6556]  ? __lock_acquire+0xab9/0xd20
[  159.174632][ T6556]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  159.174648][ T6556]  ? tun_get+0x1c/0x2f0
[  159.174665][ T6556]  ? tun_get+0x1c/0x2f0
[  159.174681][ T6556]  ? tun_get+0x1c/0x2f0
[  159.174699][ T6556]  tun_chr_write_iter+0x113/0x200
[  159.174716][ T6556]  vfs_write+0x54b/0xa90
[  159.174740][ T6556]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  159.174757][ T6556]  ? __pfx_vfs_write+0x10/0x10
[  159.174783][ T6556]  ? __fget_files+0x2a/0x420
[  159.174801][ T6556]  ksys_write+0x145/0x250
[  159.174825][ T6556]  ? __pfx_ksys_write+0x10/0x10
[  159.174846][ T6556]  ? rcu_is_watching+0x15/0xb0
[  159.174870][ T6556]  ? do_syscall_64+0xbe/0x3b0
[  159.174886][ T6556]  do_syscall_64+0xfa/0x3b0
[  159.174900][ T6556]  ? lockdep_hardirqs_on+0x9c/0x150
[  159.174926][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.174941][ T6556]  ? clear_bhb_loop+0x60/0xb0
[  159.174957][ T6556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.174973][ T6556] RIP: 0033:0x7f0893d7e98f
[  159.174987][ T6556] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  159.175000][ T6556] RSP: 002b:00007f0894aea020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  159.175016][ T6556] RAX: ffffffffffffffda RBX: 00007f0893f45fa0 RCX: 00007f0893d7e98f
[  159.175028][ T6556] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  159.175037][ T6556] RBP: 00007f0893df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  159.175046][ T6556] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  159.175055][ T6556] R13: 0000000000000000 R14: 00007f0893f45fa0 R15: 00007fffd069c568
[  159.175072][ T6556]  </TASK>
[  159.175083][ T6556] BUG: Bad page state in process syz.0.15  pfn:314b2
[  159.598272][ T6556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880314b2dd0 pfn:0x314b2
[  159.608414][ T6556] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  159.615776][ T6556] raw: 00fff00000000000 dead000000000040 ffff8880216e8000 0000000000000000
[  159.624383][ T6556] raw: ffff8880314b2dd0 0000000000000001 00000000ffffffff 0000000000000000
[  159.633045][ T6556] page dumped because: page_pool leak
[  159.638503][ T6556] page_owner tracks the page as allocated
[  159.644225][ T6556] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6556, tgid 6555 (syz.0.15), ts 155259906701, free_ts 150748005054
[  159.661410][ T6556]  post_alloc_hook+0x240/0x2a0
[  159.666318][ T6556]  get_page_from_freelist+0x21d5/0x22b0
[  159.671895][ T6556]  __alloc_frozen_pages_noprof+0x181/0x370
[  159.677757][ T6556]  alloc_pages_bulk_noprof+0x560/0x710
[  159.683241][ T6556]  __page_pool_alloc_netmems_slow+0x127/0x740
[  159.689494][ T6556]  skb_pp_cow_data+0xb47/0x13e0
[  159.694457][ T6556]  do_xdp_generic+0x699/0x11a0
[  159.699294][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  159.705050][ T6556]  __netif_receive_skb+0x72/0x380
[  159.710138][ T6556]  netif_receive_skb+0x1cb/0x790
[  159.715191][ T6556]  tun_rx_batched+0x1b9/0x730
[  159.720018][ T6556]  tun_get_user+0x2aa2/0x3e20
[  159.724720][ T6556]  tun_chr_write_iter+0x113/0x200
[  159.729807][ T6556]  vfs_write+0x54b/0xa90
[  159.734091][ T6556]  ksys_write+0x145/0x250
[  159.738486][ T6556]  do_syscall_64+0xfa/0x3b0
[  159.743015][ T6556] page last free pid 15 tgid 15 stack trace:
[  159.749060][ T6556]  __free_frozen_pages+0xbb1/0xd20
[  159.754201][ T6556]  rcu_core+0xca8/0x1770
[  159.758510][ T6556]  handle_softirqs+0x286/0x870
[  159.763351][ T6556]  run_ksoftirqd+0x9b/0x100
[  159.767899][ T6556]  smpboot_thread_fn+0x53f/0xa60
[  159.772973][ T6556]  kthread+0x70e/0x8a0
[  159.777100][ T6556]  ret_from_fork+0x3f9/0x770
[  159.781810][ T6556]  ret_from_fork_asm+0x1a/0x30
[  159.786627][ T6556] Modules linked in:
[  159.790547][ T6556] CPU: 0 UID: 0 PID: 6556 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  159.790569][ T6556] Tainted: [B]=BAD_PAGE
[  159.790575][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  159.790584][ T6556] Call Trace:
[  159.790590][ T6556]  <TASK>
[  159.790596][ T6556]  dump_stack_lvl+0x189/0x250
[  159.790617][ T6556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.790633][ T6556]  ? __pfx_print_modules+0x10/0x10
[  159.790654][ T6556]  ? ksys_write+0x145/0x250
[  159.790676][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.790695][ T6556]  bad_page+0x180/0x1c0
[  159.790716][ T6556]  __free_frozen_pages+0xcd1/0xd20
[  159.790735][ T6556]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  159.790763][ T6556]  bpf_xdp_adjust_tail+0x1d6/0x220
[  159.790781][ T6556]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  159.790794][ T6556]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  159.790826][ T6556]  do_xdp_generic+0x9f7/0x11a0
[  159.790851][ T6556]  ? __pfx_do_xdp_generic+0x10/0x10
[  159.790870][ T6556]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  159.790899][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  159.790923][ T6556]  ? __pfx___skb_flow_dissect+0x10/0x10
[  159.790940][ T6556]  ? __up_read+0x280/0x680
[  159.790955][ T6556]  ? __pfx___up_read+0x10/0x10
[  159.790970][ T6556]  ? do_user_addr_fault+0xbc1/0x1390
[  159.790996][ T6556]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  159.791020][ T6556]  ? irqentry_exit+0x74/0x90
[  159.791035][ T6556]  ? __lock_acquire+0xab9/0xd20
[  159.791057][ T6556]  ? netif_receive_skb+0x115/0x790
[  159.791078][ T6556]  ? netif_receive_skb+0x115/0x790
[  159.791100][ T6556]  __netif_receive_skb+0x72/0x380
[  159.791124][ T6556]  ? netif_receive_skb+0x115/0x790
[  159.791145][ T6556]  netif_receive_skb+0x1cb/0x790
[  159.791166][ T6556]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  159.791189][ T6556]  ? __pfx_netif_receive_skb+0x10/0x10
[  159.791210][ T6556]  ? __pfx__copy_from_iter+0x10/0x10
[  159.791226][ T6556]  ? sock_alloc_send_pskb+0x875/0x990
[  159.791246][ T6556]  ? tun_rx_batched+0x160/0x730
[  159.791264][ T6556]  tun_rx_batched+0x1b9/0x730
[  159.791281][ T6556]  ? __lock_acquire+0xab9/0xd20
[  159.791309][ T6556]  ? __pfx_tun_rx_batched+0x10/0x10
[  159.791327][ T6556]  ? tun_get_user+0x266c/0x3e20
[  159.791348][ T6556]  tun_get_user+0x2aa2/0x3e20
[  159.791367][ T6556]  ? rcu_is_watching+0x15/0xb0
[  159.791391][ T6556]  ? tun_get_user+0x266c/0x3e20
[  159.791410][ T6556]  ? __pfx_tun_get_user+0x10/0x10
[  159.791428][ T6556]  ? __lock_acquire+0xab9/0xd20
[  159.791452][ T6556]  ? ref_tracker_alloc+0x318/0x460
[  159.791465][ T6556]  ? __lock_acquire+0xab9/0xd20
[  159.791485][ T6556]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  159.791500][ T6556]  ? tun_get+0x1c/0x2f0
[  159.791518][ T6556]  ? tun_get+0x1c/0x2f0
[  159.791533][ T6556]  ? tun_get+0x1c/0x2f0
[  159.791550][ T6556]  tun_chr_write_iter+0x113/0x200
[  159.791567][ T6556]  vfs_write+0x54b/0xa90
[  159.791591][ T6556]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  159.791607][ T6556]  ? __pfx_vfs_write+0x10/0x10
[  159.791633][ T6556]  ? __fget_files+0x2a/0x420
[  159.791652][ T6556]  ksys_write+0x145/0x250
[  159.791675][ T6556]  ? __pfx_ksys_write+0x10/0x10
[  159.791696][ T6556]  ? rcu_is_watching+0x15/0xb0
[  159.791720][ T6556]  ? do_syscall_64+0xbe/0x3b0
[  159.791736][ T6556]  do_syscall_64+0xfa/0x3b0
[  159.791750][ T6556]  ? lockdep_hardirqs_on+0x9c/0x150
[  159.791773][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.791787][ T6556]  ? clear_bhb_loop+0x60/0xb0
[  159.791804][ T6556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.791818][ T6556] RIP: 0033:0x7f0893d7e98f
[  159.791831][ T6556] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  159.791844][ T6556] RSP: 002b:00007f0894aea020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  159.791860][ T6556] RAX: ffffffffffffffda RBX: 00007f0893f45fa0 RCX: 00007f0893d7e98f
[  159.791871][ T6556] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  159.791880][ T6556] RBP: 00007f0893df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  159.791889][ T6556] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  159.791898][ T6556] R13: 0000000000000000 R14: 00007f0893f45fa0 R15: 00007fffd069c568
[  159.791914][ T6556]  </TASK>
[  159.791924][ T6556] BUG: Bad page state in process syz.0.15  pfn:75a03
[  160.215731][ T6556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888075a03b40 pfn:0x75a03
[  160.226077][ T6556] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  160.233411][ T6556] raw: 00fff00000000000 dead000000000040 ffff8880216e8000 0000000000000000
[  160.242166][ T6556] raw: ffff888075a03b40 0000000000000001 00000000ffffffff 0000000000000000
[  160.250807][ T6556] page dumped because: page_pool leak
[  160.256299][ T6556] page_owner tracks the page as allocated
[  160.262029][ T6556] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6556, tgid 6555 (syz.0.15), ts 155259886423, free_ts 155188140269
[  160.279027][ T6556]  post_alloc_hook+0x240/0x2a0
[  160.283825][ T6556]  get_page_from_freelist+0x21d5/0x22b0
[  160.289444][ T6556]  __alloc_frozen_pages_noprof+0x181/0x370
[  160.295286][ T6556]  alloc_pages_bulk_noprof+0x560/0x710
[  160.300820][ T6556]  __page_pool_alloc_netmems_slow+0x127/0x740
[  160.306956][ T6556]  skb_pp_cow_data+0xb47/0x13e0
[  160.311816][ T6556]  do_xdp_generic+0x699/0x11a0
[  160.316741][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  160.322516][ T6556]  __netif_receive_skb+0x72/0x380
[  160.327604][ T6556]  netif_receive_skb+0x1cb/0x790
[  160.332576][ T6556]  tun_rx_batched+0x1b9/0x730
[  160.337304][ T6556]  tun_get_user+0x2aa2/0x3e20
[  160.342005][ T6556]  tun_chr_write_iter+0x113/0x200
[  160.347074][ T6556]  vfs_write+0x54b/0xa90
[  160.351344][ T6556]  ksys_write+0x145/0x250
[  160.355728][ T6556]  do_syscall_64+0xfa/0x3b0
[  160.360262][ T6556] page last free pid 59 tgid 59 stack trace:
[  160.366304][ T6556]  __free_frozen_pages+0xbb1/0xd20
[  160.371458][ T6556]  __slab_free+0x303/0x3c0
[  160.375923][ T6556]  qlist_free_all+0x97/0x140
[  160.380543][ T6556]  kasan_quarantine_reduce+0x148/0x160
[  160.386066][ T6556]  __kasan_slab_alloc+0x22/0x80
[  160.390949][ T6556]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  160.396808][ T6556]  __d_alloc+0x36/0x7a0
[  160.400990][ T6556]  d_alloc_parallel+0xe5/0x15e0
[  160.405889][ T6556]  __lookup_slow+0x116/0x3d0
[  160.410504][ T6556]  simple_start_creating+0xfd/0x1e0
[  160.415768][ T6556]  start_creating+0x10f/0x180
[  160.420498][ T6556]  __debugfs_create_file+0x79/0x4f0
[  160.425768][ T6556]  debugfs_create_file_short+0x3f/0x60
[  160.431295][ T6556]  ieee80211_sta_debugfs_add+0x1ba/0x850
[  160.436993][ T6556]  sta_info_insert_rcu+0xfac/0x1940
[  160.442268][ T6556]  ieee80211_ibss_finish_sta+0x293/0x380
[  160.447958][ T6556] Modules linked in:
[  160.451892][ T6556] CPU: 0 UID: 0 PID: 6556 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  160.451916][ T6556] Tainted: [B]=BAD_PAGE
[  160.451921][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  160.451930][ T6556] Call Trace:
[  160.451938][ T6556]  <TASK>
[  160.451945][ T6556]  dump_stack_lvl+0x189/0x250
[  160.451967][ T6556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  160.451983][ T6556]  ? __pfx_print_modules+0x10/0x10
[  160.452004][ T6556]  ? ksys_write+0x145/0x250
[  160.452026][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.452045][ T6556]  bad_page+0x180/0x1c0
[  160.452065][ T6556]  __free_frozen_pages+0xcd1/0xd20
[  160.452084][ T6556]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  160.452112][ T6556]  bpf_xdp_adjust_tail+0x1d6/0x220
[  160.452130][ T6556]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  160.452143][ T6556]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  160.452175][ T6556]  do_xdp_generic+0x9f7/0x11a0
[  160.452205][ T6556]  ? __pfx_do_xdp_generic+0x10/0x10
[  160.452224][ T6556]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  160.452253][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  160.452278][ T6556]  ? __pfx___skb_flow_dissect+0x10/0x10
[  160.452294][ T6556]  ? __up_read+0x280/0x680
[  160.452310][ T6556]  ? __pfx___up_read+0x10/0x10
[  160.452324][ T6556]  ? do_user_addr_fault+0xbc1/0x1390
[  160.452350][ T6556]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  160.452375][ T6556]  ? irqentry_exit+0x74/0x90
[  160.452389][ T6556]  ? __lock_acquire+0xab9/0xd20
[  160.452411][ T6556]  ? netif_receive_skb+0x115/0x790
[  160.452433][ T6556]  ? netif_receive_skb+0x115/0x790
[  160.452454][ T6556]  __netif_receive_skb+0x72/0x380
[  160.452479][ T6556]  ? netif_receive_skb+0x115/0x790
[  160.452499][ T6556]  netif_receive_skb+0x1cb/0x790
[  160.452520][ T6556]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  160.452547][ T6556]  ? __pfx_netif_receive_skb+0x10/0x10
[  160.452569][ T6556]  ? __pfx__copy_from_iter+0x10/0x10
[  160.452585][ T6556]  ? sock_alloc_send_pskb+0x875/0x990
[  160.452605][ T6556]  ? tun_rx_batched+0x160/0x730
[  160.452623][ T6556]  tun_rx_batched+0x1b9/0x730
[  160.452639][ T6556]  ? __lock_acquire+0xab9/0xd20
[  160.452665][ T6556]  ? __pfx_tun_rx_batched+0x10/0x10
[  160.452683][ T6556]  ? tun_get_user+0x266c/0x3e20
[  160.452704][ T6556]  tun_get_user+0x2aa2/0x3e20
[  160.452723][ T6556]  ? rcu_is_watching+0x15/0xb0
[  160.452747][ T6556]  ? tun_get_user+0x266c/0x3e20
[  160.452766][ T6556]  ? __pfx_tun_get_user+0x10/0x10
[  160.452784][ T6556]  ? __lock_acquire+0xab9/0xd20
[  160.452808][ T6556]  ? ref_tracker_alloc+0x318/0x460
[  160.452821][ T6556]  ? __lock_acquire+0xab9/0xd20
[  160.452841][ T6556]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  160.452857][ T6556]  ? tun_get+0x1c/0x2f0
[  160.452874][ T6556]  ? tun_get+0x1c/0x2f0
[  160.452890][ T6556]  ? tun_get+0x1c/0x2f0
[  160.452907][ T6556]  tun_chr_write_iter+0x113/0x200
[  160.452924][ T6556]  vfs_write+0x54b/0xa90
[  160.452947][ T6556]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  160.452964][ T6556]  ? __pfx_vfs_write+0x10/0x10
[  160.452989][ T6556]  ? __fget_files+0x2a/0x420
[  160.453008][ T6556]  ksys_write+0x145/0x250
[  160.453031][ T6556]  ? __pfx_ksys_write+0x10/0x10
[  160.453052][ T6556]  ? rcu_is_watching+0x15/0xb0
[  160.453076][ T6556]  ? do_syscall_64+0xbe/0x3b0
[  160.453092][ T6556]  do_syscall_64+0xfa/0x3b0
[  160.453106][ T6556]  ? lockdep_hardirqs_on+0x9c/0x150
[  160.453129][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.453143][ T6556]  ? clear_bhb_loop+0x60/0xb0
[  160.453160][ T6556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.453175][ T6556] RIP: 0033:0x7f0893d7e98f
[  160.453194][ T6556] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  160.453206][ T6556] RSP: 002b:00007f0894aea020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  160.453223][ T6556] RAX: ffffffffffffffda RBX: 00007f0893f45fa0 RCX: 00007f0893d7e98f
[  160.453234][ T6556] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  160.453243][ T6556] RBP: 00007f0893df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  160.453253][ T6556] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  160.453261][ T6556] R13: 0000000000000000 R14: 00007f0893f45fa0 R15: 00007fffd069c568
[  160.453277][ T6556]  </TASK>
[  160.453287][ T6556] BUG: Bad page state in process syz.0.15  pfn:7470b
[  160.876445][ T6556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807470b000 pfn:0x7470b
[  160.886556][ T6556] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  160.893698][ T6556] raw: 00fff00000000000 dead000000000040 ffff8880216e8000 0000000000000000
[  160.902368][ T6556] raw: ffff88807470b000 0000000000000001 00000000ffffffff 0000000000000000
[  160.911132][ T6556] page dumped because: page_pool leak
[  160.916544][ T6556] page_owner tracks the page as allocated
[  160.922359][ T6556] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6556, tgid 6555 (syz.0.15), ts 155259866627, free_ts 155193278115
[  160.939283][ T6556]  post_alloc_hook+0x240/0x2a0
[  160.944075][ T6556]  get_page_from_freelist+0x21d5/0x22b0
[  160.949685][ T6556]  __alloc_frozen_pages_noprof+0x181/0x370
[  160.955517][ T6556]  alloc_pages_bulk_noprof+0x560/0x710
[  160.961034][ T6556]  __page_pool_alloc_netmems_slow+0x127/0x740
[  160.967178][ T6556]  skb_pp_cow_data+0xb47/0x13e0
[  160.972139][ T6556]  do_xdp_generic+0x699/0x11a0
[  160.976950][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  160.982789][ T6556]  __netif_receive_skb+0x72/0x380
[  160.987871][ T6556]  netif_receive_skb+0x1cb/0x790
[  160.992835][ T6556]  tun_rx_batched+0x1b9/0x730
[  160.997593][ T6556]  tun_get_user+0x2aa2/0x3e20
[  161.002290][ T6556]  tun_chr_write_iter+0x113/0x200
[  161.007368][ T6556]  vfs_write+0x54b/0xa90
[  161.011643][ T6556]  ksys_write+0x145/0x250
[  161.016021][ T6556]  do_syscall_64+0xfa/0x3b0
[  161.020546][ T6556] page last free pid 6457 tgid 6457 stack trace:
[  161.026993][ T6556]  __free_frozen_pages+0xbb1/0xd20
[  161.032127][ T6556]  __put_partials+0x156/0x1a0
[  161.036843][ T6556]  put_cpu_partial+0x17c/0x250
[  161.041624][ T6556]  __slab_free+0x2d5/0x3c0
[  161.046090][ T6556]  qlist_free_all+0x97/0x140
[  161.050713][ T6556]  kasan_quarantine_reduce+0x148/0x160
[  161.056245][ T6556]  __kasan_slab_alloc+0x22/0x80
[  161.061177][ T6556]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  161.066725][ T6556]  getname_kernel+0x5a/0x2f0
[  161.071351][ T6556]  kern_path+0x1d/0x50
[  161.075431][ T6556]  do_loopback+0xea/0x430
[  161.079823][ T6556]  __se_sys_mount+0x317/0x410
[  161.084540][ T6556]  do_syscall_64+0xfa/0x3b0
[  161.089131][ T6556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.095083][ T6556] Modules linked in:
[  161.099222][ T6556] CPU: 0 UID: 0 PID: 6556 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  161.099254][ T6556] Tainted: [B]=BAD_PAGE
[  161.099262][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  161.099275][ T6556] Call Trace:
[  161.099283][ T6556]  <TASK>
[  161.099292][ T6556]  dump_stack_lvl+0x189/0x250
[  161.099322][ T6556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.099346][ T6556]  ? __pfx_print_modules+0x10/0x10
[  161.099377][ T6556]  ? ksys_write+0x145/0x250
[  161.099412][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.099442][ T6556]  bad_page+0x180/0x1c0
[  161.099475][ T6556]  __free_frozen_pages+0xcd1/0xd20
[  161.099506][ T6556]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  161.099550][ T6556]  bpf_xdp_adjust_tail+0x1d6/0x220
[  161.099579][ T6556]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  161.099601][ T6556]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  161.099648][ T6556]  do_xdp_generic+0x9f7/0x11a0
[  161.099686][ T6556]  ? __pfx_do_xdp_generic+0x10/0x10
[  161.099716][ T6556]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  161.099762][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  161.099802][ T6556]  ? __pfx___skb_flow_dissect+0x10/0x10
[  161.099828][ T6556]  ? __up_read+0x280/0x680
[  161.099853][ T6556]  ? __pfx___up_read+0x10/0x10
[  161.099876][ T6556]  ? do_user_addr_fault+0xbc1/0x1390
[  161.099916][ T6556]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  161.099956][ T6556]  ? irqentry_exit+0x74/0x90
[  161.099979][ T6556]  ? __lock_acquire+0xab9/0xd20
[  161.100014][ T6556]  ? netif_receive_skb+0x115/0x790
[  161.100048][ T6556]  ? netif_receive_skb+0x115/0x790
[  161.100084][ T6556]  __netif_receive_skb+0x72/0x380
[  161.100139][ T6556]  ? netif_receive_skb+0x115/0x790
[  161.100173][ T6556]  netif_receive_skb+0x1cb/0x790
[  161.100206][ T6556]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  161.100244][ T6556]  ? __pfx_netif_receive_skb+0x10/0x10
[  161.100278][ T6556]  ? __pfx__copy_from_iter+0x10/0x10
[  161.100304][ T6556]  ? sock_alloc_send_pskb+0x875/0x990
[  161.100337][ T6556]  ? tun_rx_batched+0x160/0x730
[  161.100366][ T6556]  tun_rx_batched+0x1b9/0x730
[  161.100393][ T6556]  ? __lock_acquire+0xab9/0xd20
[  161.100427][ T6556]  ? __pfx_tun_rx_batched+0x10/0x10
[  161.100456][ T6556]  ? tun_get_user+0x266c/0x3e20
[  161.100491][ T6556]  tun_get_user+0x2aa2/0x3e20
[  161.100521][ T6556]  ? rcu_is_watching+0x15/0xb0
[  161.100559][ T6556]  ? tun_get_user+0x266c/0x3e20
[  161.100589][ T6556]  ? __pfx_tun_get_user+0x10/0x10
[  161.100619][ T6556]  ? __lock_acquire+0xab9/0xd20
[  161.100656][ T6556]  ? ref_tracker_alloc+0x318/0x460
[  161.100677][ T6556]  ? __lock_acquire+0xab9/0xd20
[  161.100709][ T6556]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  161.100735][ T6556]  ? tun_get+0x1c/0x2f0
[  161.100763][ T6556]  ? tun_get+0x1c/0x2f0
[  161.100788][ T6556]  ? tun_get+0x1c/0x2f0
[  161.100815][ T6556]  tun_chr_write_iter+0x113/0x200
[  161.100844][ T6556]  vfs_write+0x54b/0xa90
[  161.100881][ T6556]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  161.100908][ T6556]  ? __pfx_vfs_write+0x10/0x10
[  161.100948][ T6556]  ? __fget_files+0x2a/0x420
[  161.100977][ T6556]  ksys_write+0x145/0x250
[  161.101013][ T6556]  ? __pfx_ksys_write+0x10/0x10
[  161.101047][ T6556]  ? rcu_is_watching+0x15/0xb0
[  161.101085][ T6556]  ? do_syscall_64+0xbe/0x3b0
[  161.101121][ T6556]  do_syscall_64+0xfa/0x3b0
[  161.101144][ T6556]  ? lockdep_hardirqs_on+0x9c/0x150
[  161.101181][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.101204][ T6556]  ? clear_bhb_loop+0x60/0xb0
[  161.101231][ T6556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.101254][ T6556] RIP: 0033:0x7f0893d7e98f
[  161.101282][ T6556] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  161.101302][ T6556] RSP: 002b:00007f0894aea020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  161.101327][ T6556] RAX: ffffffffffffffda RBX: 00007f0893f45fa0 RCX: 00007f0893d7e98f
[  161.101345][ T6556] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  161.101360][ T6556] RBP: 00007f0893df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  161.101375][ T6556] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  161.101389][ T6556] R13: 0000000000000000 R14: 00007f0893f45fa0 R15: 00007fffd069c568
[  161.101415][ T6556]  </TASK>
[  161.101429][ T6556] BUG: Bad page state in process syz.0.15  pfn:7470c
[  161.524643][ T6556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807470c000 pfn:0x7470c
[  161.534869][ T6556] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  161.542178][ T6556] raw: 00fff00000000000 dead000000000040 ffff8880216e8000 0000000000000000
[  161.551203][ T6556] raw: ffff88807470c000 0000000000000001 00000000ffffffff 0000000000000000
[  161.559977][ T6556] page dumped because: page_pool leak
[  161.565375][ T6556] page_owner tracks the page as allocated
[  161.571171][ T6556] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6556, tgid 6555 (syz.0.15), ts 155259846928, free_ts 155193296194
[  161.588333][ T6556]  post_alloc_hook+0x240/0x2a0
[  161.593208][ T6556]  get_page_from_freelist+0x21d5/0x22b0
[  161.598897][ T6556]  __alloc_frozen_pages_noprof+0x181/0x370
[  161.604740][ T6556]  alloc_pages_bulk_noprof+0x560/0x710
[  161.610346][ T6556]  __page_pool_alloc_netmems_slow+0x127/0x740
[  161.616475][ T6556]  skb_pp_cow_data+0xb47/0x13e0
[  161.621356][ T6556]  do_xdp_generic+0x699/0x11a0
[  161.626201][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  161.631963][ T6556]  __netif_receive_skb+0x72/0x380
[  161.637045][ T6556]  netif_receive_skb+0x1cb/0x790
[  161.642041][ T6556]  tun_rx_batched+0x1b9/0x730
[  161.646829][ T6556]  tun_get_user+0x2aa2/0x3e20
[  161.651545][ T6556]  tun_chr_write_iter+0x113/0x200
[  161.656620][ T6556]  vfs_write+0x54b/0xa90
[  161.660907][ T6556]  ksys_write+0x145/0x250
[  161.665334][ T6556]  do_syscall_64+0xfa/0x3b0
[  161.669898][ T6556] page last free pid 6457 tgid 6457 stack trace:
[  161.676265][ T6556]  __free_frozen_pages+0xbb1/0xd20
[  161.681389][ T6556]  __put_partials+0x156/0x1a0
[  161.686117][ T6556]  put_cpu_partial+0x17c/0x250
[  161.691079][ T6556]  __slab_free+0x2d5/0x3c0
[  161.695675][ T6556]  qlist_free_all+0x97/0x140
[  161.700471][ T6556]  kasan_quarantine_reduce+0x148/0x160
[  161.706128][ T6556]  __kasan_slab_alloc+0x22/0x80
[  161.711025][ T6556]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  161.716550][ T6556]  getname_kernel+0x5a/0x2f0
[  161.721177][ T6556]  kern_path+0x1d/0x50
[  161.725251][ T6556]  do_loopback+0xea/0x430
[  161.729634][ T6556]  __se_sys_mount+0x317/0x410
[  161.734426][ T6556]  do_syscall_64+0xfa/0x3b0
[  161.738981][ T6556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.744922][ T6556] Modules linked in:
[  161.748961][ T6556] CPU: 0 UID: 0 PID: 6556 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  161.748992][ T6556] Tainted: [B]=BAD_PAGE
[  161.748999][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  161.749010][ T6556] Call Trace:
[  161.749016][ T6556]  <TASK>
[  161.749024][ T6556]  dump_stack_lvl+0x189/0x250
[  161.749051][ T6556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.749073][ T6556]  ? __pfx_print_modules+0x10/0x10
[  161.749168][ T6556]  ? ksys_write+0x145/0x250
[  161.749200][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.749227][ T6556]  bad_page+0x180/0x1c0
[  161.749253][ T6556]  __free_frozen_pages+0xcd1/0xd20
[  161.749278][ T6556]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  161.749317][ T6556]  bpf_xdp_adjust_tail+0x1d6/0x220
[  161.749342][ T6556]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  161.749360][ T6556]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  161.749405][ T6556]  do_xdp_generic+0x9f7/0x11a0
[  161.749440][ T6556]  ? __pfx_do_xdp_generic+0x10/0x10
[  161.749468][ T6556]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  161.749509][ T6556]  __netif_receive_skb_core+0x17f9/0x4020
[  161.749544][ T6556]  ? __pfx___skb_flow_dissect+0x10/0x10
[  161.749567][ T6556]  ? __up_read+0x280/0x680
[  161.749590][ T6556]  ? __pfx___up_read+0x10/0x10
[  161.749611][ T6556]  ? do_user_addr_fault+0xbc1/0x1390
[  161.749646][ T6556]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  161.749682][ T6556]  ? irqentry_exit+0x74/0x90
[  161.749703][ T6556]  ? __lock_acquire+0xab9/0xd20
[  161.749734][ T6556]  ? netif_receive_skb+0x115/0x790
[  161.749764][ T6556]  ? netif_receive_skb+0x115/0x790
[  161.749796][ T6556]  __netif_receive_skb+0x72/0x380
[  161.749830][ T6556]  ? netif_receive_skb+0x115/0x790
[  161.749866][ T6556]  netif_receive_skb+0x1cb/0x790
[  161.749896][ T6556]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  161.749929][ T6556]  ? __pfx_netif_receive_skb+0x10/0x10
[  161.749959][ T6556]  ? __pfx__copy_from_iter+0x10/0x10
[  161.749982][ T6556]  ? sock_alloc_send_pskb+0x875/0x990
[  161.750012][ T6556]  ? tun_rx_batched+0x160/0x730
[  161.750038][ T6556]  tun_rx_batched+0x1b9/0x730
[  161.750062][ T6556]  ? __lock_acquire+0xab9/0xd20
[  161.750100][ T6556]  ? __pfx_tun_rx_batched+0x10/0x10
[  161.750126][ T6556]  ? tun_get_user+0x266c/0x3e20
[  161.750157][ T6556]  tun_get_user+0x2aa2/0x3e20
[  161.750184][ T6556]  ? rcu_is_watching+0x15/0xb0
[  161.750218][ T6556]  ? tun_get_user+0x266c/0x3e20
[  161.750245][ T6556]  ? __pfx_tun_get_user+0x10/0x10
[  161.750272][ T6556]  ? __lock_acquire+0xab9/0xd20
[  161.750305][ T6556]  ? ref_tracker_alloc+0x318/0x460
[  161.750324][ T6556]  ? __lock_acquire+0xab9/0xd20
[  161.750352][ T6556]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  161.750375][ T6556]  ? tun_get+0x1c/0x2f0
[  161.750400][ T6556]  ? tun_get+0x1c/0x2f0
[  161.750422][ T6556]  ? tun_get+0x1c/0x2f0
[  161.750447][ T6556]  tun_chr_write_iter+0x113/0x200
[  161.750472][ T6556]  vfs_write+0x54b/0xa90
[  161.750506][ T6556]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  161.750530][ T6556]  ? __pfx_vfs_write+0x10/0x10
[  161.750566][ T6556]  ? __fget_files+0x2a/0x420
[  161.750593][ T6556]  ksys_write+0x145/0x250
[  161.750625][ T6556]  ? __pfx_ksys_write+0x10/0x10
[  161.750655][ T6556]  ? rcu_is_watching+0x15/0xb0
[  161.750688][ T6556]  ? do_syscall_64+0xbe/0x3b0
[  161.750711][ T6556]  do_syscall_64+0xfa/0x3b0
[  161.750731][ T6556]  ? lockdep_hardirqs_on+0x9c/0x150
[  161.750764][ T6556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.750785][ T6556]  ? clear_bhb_loop+0x60/0xb0
[  161.750808][ T6556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.750829][ T6556] RIP: 0033:0x7f0893d7e98f
[  161.750847][ T6556] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  161.750865][ T6556] RSP: 002b:00007f0894aea020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  161.750887][ T6556] RAX: ffffffffffffffda RBX: 00007f0893f45fa0 RCX: 00007f0893d7e98f
[  161.750903][ T6556] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  161.750917][ T6556] RBP: 00007f0893df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  161.750930][ T6556] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  161.750943][ T6556] R13: 0000000000000000 R14: 00007f0893f45fa0 R15: 00007fffd069c568
[  161.750966][ T6556]  </TASK>
2025/08/03 02:07:41 executed programs: 3
[  162.326969][ T6593] BUG: Bad page state in process syz.0.16  pfn:5bb70
[  162.333844][ T6593] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5bb70
[  162.342743][ T6593] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  162.349937][ T6593] raw: 00fff00000000000 dead000000000040 ffff8880216eb000 0000000000000000
[  162.358622][ T6593] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  162.367279][ T6593] page dumped because: page_pool leak
[  162.372677][ T6593] page_owner tracks the page as allocated
[  162.378476][ T6593] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6593, tgid 6588 (syz.0.16), ts 162326881018, free_ts 162317160782
[  162.395390][ T6593]  post_alloc_hook+0x240/0x2a0
[  162.400243][ T6593]  get_page_from_freelist+0x21d5/0x22b0
[  162.405848][ T6593]  __alloc_frozen_pages_noprof+0x181/0x370
[  162.411706][ T6593]  alloc_pages_bulk_noprof+0x560/0x710
[  162.417241][ T6593]  __page_pool_alloc_netmems_slow+0x127/0x740
[  162.423345][ T6593]  skb_pp_cow_data+0xb47/0x13e0
[  162.428278][ T6593]  do_xdp_generic+0x699/0x11a0
[  162.433076][ T6593]  __netif_receive_skb_core+0x17f9/0x4020
[  162.438897][ T6593]  __netif_receive_skb+0x72/0x380
[  162.443986][ T6593]  netif_receive_skb+0x1cb/0x790
[  162.449033][ T6593]  tun_rx_batched+0x1b9/0x730
[  162.453743][ T6593]  tun_get_user+0x2aa2/0x3e20
[  162.458508][ T6593]  tun_chr_write_iter+0x113/0x200
[  162.463563][ T6593]  vfs_write+0x54b/0xa90
[  162.467887][ T6593]  ksys_write+0x145/0x250
[  162.472352][ T6593]  do_syscall_64+0xfa/0x3b0
[  162.476950][ T6593] page last free pid 43 tgid 43 stack trace:
[  162.482948][ T6593]  __free_frozen_pages+0xbb1/0xd20
[  162.488210][ T6593]  vfree+0x25a/0x400
[  162.492154][ T6593]  delayed_vfree_work+0x55/0x80
[  162.497094][ T6593]  process_scheduled_works+0xae1/0x17b0
[  162.502691][ T6593]  worker_thread+0x8a0/0xda0
[  162.507372][ T6593]  kthread+0x70e/0x8a0
[  162.511474][ T6593]  ret_from_fork+0x3f9/0x770
[  162.516340][ T6593]  ret_from_fork_asm+0x1a/0x30
[  162.521412][ T6593] Modules linked in:
[  162.525431][ T6593] CPU: 1 UID: 0 PID: 6593 Comm: syz.0.16 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  162.525461][ T6593] Tainted: [B]=BAD_PAGE
[  162.525468][ T6593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  162.525481][ T6593] Call Trace:
[  162.525488][ T6593]  <TASK>
[  162.525496][ T6593]  dump_stack_lvl+0x189/0x250
[  162.525527][ T6593]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.525550][ T6593]  ? __pfx_print_modules+0x10/0x10
[  162.525582][ T6593]  ? ksys_write+0x145/0x250
[  162.525613][ T6593]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.525637][ T6593]  bad_page+0x180/0x1c0
[  162.525665][ T6593]  __free_frozen_pages+0xcd1/0xd20
[  162.525692][ T6593]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  162.525729][ T6593]  bpf_xdp_adjust_tail+0x1d6/0x220
[  162.525753][ T6593]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  162.525771][ T6593]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  162.525812][ T6593]  do_xdp_generic+0x9f7/0x11a0
[  162.525844][ T6593]  ? __pfx_do_xdp_generic+0x10/0x10
[  162.525867][ T6593]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  162.525907][ T6593]  __netif_receive_skb_core+0x17f9/0x4020
[  162.525940][ T6593]  ? __pfx___skb_flow_dissect+0x10/0x10
[  162.525961][ T6593]  ? __up_read+0x280/0x680
[  162.525983][ T6593]  ? __pfx___up_read+0x10/0x10
[  162.526001][ T6593]  ? lock_release+0x4b/0x3e0
[  162.526046][ T6593]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  162.526082][ T6593]  ? rcu_is_watching+0x15/0xb0
[  162.526116][ T6593]  ? irqentry_exit+0x74/0x90
[  162.526134][ T6593]  ? exc_page_fault+0x9f/0xf0
[  162.526169][ T6593]  ? netif_receive_skb+0x115/0x790
[  162.526196][ T6593]  ? rcu_is_watching+0x15/0xb0
[  162.526227][ T6593]  ? lock_acquire+0x5f/0x360
[  162.526256][ T6593]  __netif_receive_skb+0x72/0x380
[  162.526290][ T6593]  ? netif_receive_skb+0x115/0x790
[  162.526326][ T6593]  netif_receive_skb+0x1cb/0x790
[  162.526356][ T6593]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  162.526389][ T6593]  ? __pfx_netif_receive_skb+0x10/0x10
[  162.526419][ T6593]  ? __pfx__copy_from_iter+0x10/0x10
[  162.526448][ T6593]  ? sock_alloc_send_pskb+0x875/0x990
[  162.526477][ T6593]  ? tun_rx_batched+0x160/0x730
[  162.526503][ T6593]  tun_rx_batched+0x1b9/0x730
[  162.526526][ T6593]  ? skb_header_pointer+0x8e/0x120
[  162.526553][ T6593]  ? __pfx_tun_rx_batched+0x10/0x10
[  162.526576][ T6593]  ? tun_get_user+0x266c/0x3e20
[  162.526598][ T6593]  ? rcu_is_watching+0x15/0xb0
[  162.526629][ T6593]  ? lock_acquire+0x5f/0x360
[  162.526656][ T6593]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  162.526694][ T6593]  tun_get_user+0x2aa2/0x3e20
[  162.526721][ T6593]  ? __pfx_css_rstat_updated+0x10/0x10
[  162.526756][ T6593]  ? tun_get_user+0x266c/0x3e20
[  162.526782][ T6593]  ? __pfx_tun_get_user+0x10/0x10
[  162.526805][ T6593]  ? __folio_batch_add_and_move+0x20a/0xd20
[  162.526839][ T6593]  ? pfn_valid+0xba/0x490
[  162.526856][ T6593]  ? rcu_is_watching+0x15/0xb0
[  162.526888][ T6593]  ? page_table_check_set+0x18d/0x730
[  162.526918][ T6593]  ? rcu_is_watching+0x15/0xb0
[  162.526950][ T6593]  ? ref_tracker_alloc+0x318/0x460
[  162.526970][ T6593]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  162.526989][ T6593]  ? tun_get+0x1c/0x2f0
[  162.527010][ T6593]  ? tun_get+0x1c/0x2f0
[  162.527043][ T6593]  ? rcu_is_watching+0x15/0xb0
[  162.527072][ T6593]  ? tun_get+0x1c/0x2f0
[  162.527093][ T6593]  ? lock_release+0x4b/0x3e0
[  162.527122][ T6593]  ? tun_get+0x1c/0x2f0
[  162.527146][ T6593]  tun_chr_write_iter+0x113/0x200
[  162.527170][ T6593]  vfs_write+0x54b/0xa90
[  162.527204][ T6593]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  162.527226][ T6593]  ? __pfx_vfs_write+0x10/0x10
[  162.527261][ T6593]  ? __fget_files+0x2a/0x420
[  162.527287][ T6593]  ksys_write+0x145/0x250
[  162.527319][ T6593]  ? __pfx_ksys_write+0x10/0x10
[  162.527351][ T6593]  ? rcu_is_watching+0x15/0xb0
[  162.527384][ T6593]  do_syscall_64+0xfa/0x3b0
[  162.527406][ T6593]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.527426][ T6593]  ? clear_bhb_loop+0x60/0xb0
[  162.527449][ T6593]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.527468][ T6593] RIP: 0033:0x7f0893d7e98f
[  162.527485][ T6593] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  162.527503][ T6593] RSP: 002b:00007f0894ac9020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  162.527526][ T6593] RAX: ffffffffffffffda RBX: 00007f0893f46080 RCX: 00007f0893d7e98f
[  162.527541][ T6593] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  162.527554][ T6593] RBP: 00007f0893df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  162.527567][ T6593] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  162.527580][ T6593] R13: 0000000000000001 R14: 00007f0893f46080 R15: 00007fffd069c568
[  162.527604][ T6593]  </TASK>
[  162.987120][ T6593] BUG: Bad page state in process syz.0.16  pfn:5bb71
[  162.993821][ T6593] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5bb71
[  163.002637][ T6593] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  163.009930][ T6593] raw: 00fff00000000000 dead000000000040 ffff8880216eb000 0000000000000000
[  163.018579][ T6593] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  163.027232][ T6593] page dumped because: page_pool leak
[  163.032627][ T6593] page_owner tracks the page as allocated
[  163.038434][ T6593] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6593, tgid 6588 (syz.0.16), ts 162326868451, free_ts 162317168781
[  163.055350][ T6593]  post_alloc_hook+0x240/0x2a0
[  163.060190][ T6593]  get_page_from_freelist+0x21d5/0x22b0
[  163.065810][ T6593]  __alloc_frozen_pages_noprof+0x181/0x370
[  163.071663][ T6593]  alloc_pages_bulk_noprof+0x560/0x710
[  163.077220][ T6593]  __page_pool_alloc_netmems_slow+0x127/0x740
[  163.083358][ T6593]  skb_pp_cow_data+0xb47/0x13e0
[  163.088342][ T6593]  do_xdp_generic+0x699/0x11a0
[  163.093172][ T6593]  __netif_receive_skb_core+0x17f9/0x4020
[  163.099233][ T6593]  __netif_receive_skb+0x72/0x380
[  163.104314][ T6593]  netif_receive_skb+0x1cb/0x790
[  163.109512][ T6593]  tun_rx_batched+0x1b9/0x730
[  163.114233][ T6593]  tun_get_user+0x2aa2/0x3e20
[  163.118999][ T6593]  tun_chr_write_iter+0x113/0x200
[  163.124056][ T6593]  vfs_write+0x54b/0xa90
[  163.128368][ T6593]  ksys_write+0x145/0x250
[  163.132745][ T6593]  do_syscall_64+0xfa/0x3b0
[  163.137325][ T6593] page last free pid 43 tgid 43 stack trace:
[  163.143361][ T6593]  __free_frozen_pages+0xbb1/0xd20
[  163.148646][ T6593]  vfree+0x25a/0x400
[  163.152586][ T6593]  delayed_vfree_work+0x55/0x80
[  163.157607][ T6593]  process_scheduled_works+0xae1/0x17b0
[  163.163234][ T6593]  worker_thread+0x8a0/0xda0
[  163.167919][ T6593]  kthread+0x70e/0x8a0
[  163.172030][ T6593]  ret_from_fork+0x3f9/0x770
[  163.176723][ T6593]  ret_from_fork_asm+0x1a/0x30
[  163.181522][ T6593] Modules linked in:
[  163.185451][ T6593] CPU: 1 UID: 0 PID: 6593 Comm: syz.0.16 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  163.185482][ T6593] Tainted: [B]=BAD_PAGE
[  163.185489][ T6593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  163.185502][ T6593] Call Trace:
[  163.185509][ T6593]  <TASK>
[  163.185518][ T6593]  dump_stack_lvl+0x189/0x250
[  163.185544][ T6593]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.185569][ T6593]  ? __pfx_print_modules+0x10/0x10
[  163.185596][ T6593]  ? ksys_write+0x145/0x250
[  163.185625][ T6593]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.185650][ T6593]  bad_page+0x180/0x1c0
[  163.185677][ T6593]  __free_frozen_pages+0xcd1/0xd20
[  163.185703][ T6593]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  163.185740][ T6593]  bpf_xdp_adjust_tail+0x1d6/0x220
[  163.185765][ T6593]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  163.185782][ T6593]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  163.185826][ T6593]  do_xdp_generic+0x9f7/0x11a0
[  163.185858][ T6593]  ? __pfx_do_xdp_generic+0x10/0x10
[  163.185883][ T6593]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  163.185922][ T6593]  __netif_receive_skb_core+0x17f9/0x4020
[  163.185956][ T6593]  ? __pfx___skb_flow_dissect+0x10/0x10
[  163.185979][ T6593]  ? __up_read+0x280/0x680
[  163.185999][ T6593]  ? __pfx___up_read+0x10/0x10
[  163.186017][ T6593]  ? lock_release+0x4b/0x3e0
[  163.186050][ T6593]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  163.186084][ T6593]  ? rcu_is_watching+0x15/0xb0
[  163.186116][ T6593]  ? irqentry_exit+0x74/0x90
[  163.186134][ T6593]  ? exc_page_fault+0x9f/0xf0
[  163.186169][ T6593]  ? netif_receive_skb+0x115/0x790
[  163.186196][ T6593]  ? rcu_is_watching+0x15/0xb0
[  163.186227][ T6593]  ? lock_acquire+0x5f/0x360
[  163.186264][ T6593]  __netif_receive_skb+0x72/0x380
[  163.186297][ T6593]  ? netif_receive_skb+0x115/0x790
[  163.186327][ T6593]  netif_receive_skb+0x1cb/0x790
[  163.186356][ T6593]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  163.186389][ T6593]  ? __pfx_netif_receive_skb+0x10/0x10
[  163.186419][ T6593]  ? __pfx__copy_from_iter+0x10/0x10
[  163.186442][ T6593]  ? sock_alloc_send_pskb+0x875/0x990
[  163.186471][ T6593]  ? tun_rx_batched+0x160/0x730
[  163.186496][ T6593]  tun_rx_batched+0x1b9/0x730
[  163.186520][ T6593]  ? skb_header_pointer+0x8e/0x120
[  163.186547][ T6593]  ? __pfx_tun_rx_batched+0x10/0x10
[  163.186571][ T6593]  ? tun_get_user+0x266c/0x3e20
[  163.186593][ T6593]  ? rcu_is_watching+0x15/0xb0
[  163.186625][ T6593]  ? lock_acquire+0x5f/0x360
[  163.186652][ T6593]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  163.186690][ T6593]  tun_get_user+0x2aa2/0x3e20
[  163.186717][ T6593]  ? __pfx_css_rstat_updated+0x10/0x10
[  163.186752][ T6593]  ? tun_get_user+0x266c/0x3e20
[  163.186779][ T6593]  ? __pfx_tun_get_user+0x10/0x10
[  163.186803][ T6593]  ? __folio_batch_add_and_move+0x20a/0xd20
[  163.186837][ T6593]  ? pfn_valid+0xba/0x490
[  163.186854][ T6593]  ? rcu_is_watching+0x15/0xb0
[  163.186886][ T6593]  ? page_table_check_set+0x18d/0x730
[  163.186918][ T6593]  ? rcu_is_watching+0x15/0xb0
[  163.186953][ T6593]  ? ref_tracker_alloc+0x318/0x460
[  163.186974][ T6593]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  163.186996][ T6593]  ? tun_get+0x1c/0x2f0
[  163.187017][ T6593]  ? tun_get+0x1c/0x2f0
[  163.187039][ T6593]  ? rcu_is_watching+0x15/0xb0
[  163.187069][ T6593]  ? tun_get+0x1c/0x2f0
[  163.187091][ T6593]  ? lock_release+0x4b/0x3e0
[  163.187120][ T6593]  ? tun_get+0x1c/0x2f0
[  163.187145][ T6593]  tun_chr_write_iter+0x113/0x200
[  163.187170][ T6593]  vfs_write+0x54b/0xa90
[  163.187203][ T6593]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  163.187227][ T6593]  ? __pfx_vfs_write+0x10/0x10
[  163.187270][ T6593]  ? __fget_files+0x2a/0x420
[  163.187298][ T6593]  ksys_write+0x145/0x250
[  163.187330][ T6593]  ? __pfx_ksys_write+0x10/0x10
[  163.187364][ T6593]  ? rcu_is_watching+0x15/0xb0
[  163.187397][ T6593]  do_syscall_64+0xfa/0x3b0
[  163.187419][ T6593]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.187439][ T6593]  ? clear_bhb_loop+0x60/0xb0
[  163.187463][ T6593]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.187484][ T6593] RIP: 0033:0x7f0893d7e98f
[  163.187503][ T6593] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  163.187521][ T6593] RSP: 002b:00007f0894ac9020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  163.187543][ T6593] RAX: ffffffffffffffda RBX: 00007f0893f46080 RCX: 00007f0893d7e98f
[  163.187559][ T6593] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  163.187572][ T6593] RBP: 00007f0893df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  163.187586][ T6593] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  163.187598][ T6593] R13: 0000000000000001 R14: 00007f0893f46080 R15: 00007fffd069c568
[  163.187622][ T6593]  </TASK>
[  163.647114][ T6593] BUG: Bad page state in process syz.0.16  pfn:7519c
[  163.653825][ T6593] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807519cdc0 pfn:0x7519c
[  163.664150][ T6593] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  163.671322][ T6593] raw: 00fff00000000000 dead000000000040 ffff8880216eb000 0000000000000000
[  163.680149][ T6593] raw: ffff88807519cdc0 0000000000000001 00000000ffffffff 0000000000000000
[  163.688864][ T6593] page dumped because: page_pool leak
[  163.694265][ T6593] page_owner tracks the page as allocated
[  163.700026][ T6593] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6593, tgid 6588 (syz.0.16), ts 162326855894, free_ts 162317201624
[  163.716929][ T6593]  post_alloc_hook+0x240/0x2a0
[  163.721712][ T6593]  get_page_from_freelist+0x21d5/0x22b0
[  163.727305][ T6593]  __alloc_frozen_pages_noprof+0x181/0x370
[  163.733143][ T6593]  alloc_pages_bulk_noprof+0x560/0x710
[  163.738647][ T6593]  __page_pool_alloc_netmems_slow+0x127/0x740
[  163.744748][ T6593]  skb_pp_cow_data+0xb47/0x13e0
[  163.749651][ T6593]  do_xdp_generic+0x699/0x11a0
[  163.754451][ T6593]  __netif_receive_skb_core+0x17f9/0x4020
[  163.760232][ T6593]  __netif_receive_skb+0x72/0x380
[  163.765312][ T6593]  netif_receive_skb+0x1cb/0x790
[  163.770301][ T6593]  tun_rx_batched+0x1b9/0x730
[  163.775008][ T6593]  tun_get_user+0x2aa2/0x3e20
[  163.779725][ T6593]  tun_chr_write_iter+0x113/0x200
[  163.784861][ T6593]  vfs_write+0x54b/0xa90
[  163.789181][ T6593]  ksys_write+0x145/0x250
[  163.793549][ T6593]  do_syscall_64+0xfa/0x3b0
[  163.798093][ T6593] page last free pid 43 tgid 43 stack trace:
[  163.804088][ T6593]  __free_frozen_pages+0xbb1/0xd20
[  163.809261][ T6593]  vfree+0x25a/0x400
[  163.813191][ T6593]  delayed_vfree_work+0x55/0x80
[  163.818124][ T6593]  process_scheduled_works+0xae1/0x17b0
[  163.823726][ T6593]  worker_thread+0x8a0/0xda0
[  163.828374][ T6593]  kthread+0x70e/0x8a0
[  163.832471][ T6593]  ret_from_fork+0x3f9/0x770
[  163.837105][ T6593]  ret_from_fork_asm+0x1a/0x30
[  163.841901][ T6593] Modules linked in:
[  163.845839][ T6593] CPU: 1 UID: 0 PID: 6593 Comm: syz.0.16 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  163.845870][ T6593] Tainted: [B]=BAD_PAGE
[  163.845877][ T6593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  163.845895][ T6593] Call Trace:
[  163.845903][ T6593]  <TASK>
[  163.845911][ T6593]  dump_stack_lvl+0x189/0x250
[  163.845938][ T6593]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.845961][ T6593]  ? __pfx_print_modules+0x10/0x10
[  163.845988][ T6593]  ? ksys_write+0x145/0x250
[  163.846019][ T6593]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.846046][ T6593]  bad_page+0x180/0x1c0
[  163.846076][ T6593]  __free_frozen_pages+0xcd1/0xd20
[  163.846104][ T6593]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  163.846143][ T6593]  bpf_xdp_adjust_tail+0x1d6/0x220
[  163.846168][ T6593]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  163.846186][ T6593]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  163.846239][ T6593]  do_xdp_generic+0x9f7/0x11a0
[  163.846272][ T6593]  ? __pfx_do_xdp_generic+0x10/0x10
[  163.846299][ T6593]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  163.846341][ T6593]  __netif_receive_skb_core+0x17f9/0x4020
[  163.846376][ T6593]  ? __pfx___skb_flow_dissect+0x10/0x10
[  163.846400][ T6593]  ? __up_read+0x280/0x680
[  163.846422][ T6593]  ? __pfx___up_read+0x10/0x10
[  163.846441][ T6593]  ? lock_release+0x4b/0x3e0
[  163.846475][ T6593]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  163.846511][ T6593]  ? rcu_is_watching+0x15/0xb0
[  163.846545][ T6593]  ? irqentry_exit+0x74/0x90
[  163.846563][ T6593]  ? exc_page_fault+0x9f/0xf0
[  163.846598][ T6593]  ? netif_receive_skb+0x115/0x790
[  163.846627][ T6593]  ? rcu_is_watching+0x15/0xb0
[  163.846658][ T6593]  ? lock_acquire+0x5f/0x360
[  163.846686][ T6593]  __netif_receive_skb+0x72/0x380
[  163.846721][ T6593]  ? netif_receive_skb+0x115/0x790
[  163.846751][ T6593]  netif_receive_skb+0x1cb/0x790
[  163.846781][ T6593]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  163.846815][ T6593]  ? __pfx_netif_receive_skb+0x10/0x10
[  163.846845][ T6593]  ? __pfx__copy_from_iter+0x10/0x10
[  163.846868][ T6593]  ? sock_alloc_send_pskb+0x875/0x990
[  163.846907][ T6593]  ? tun_rx_batched+0x160/0x730
[  163.846933][ T6593]  tun_rx_batched+0x1b9/0x730
[  163.846956][ T6593]  ? skb_header_pointer+0x8e/0x120
[  163.846984][ T6593]  ? __pfx_tun_rx_batched+0x10/0x10
[  163.847008][ T6593]  ? tun_get_user+0x266c/0x3e20
[  163.847031][ T6593]  ? rcu_is_watching+0x15/0xb0
[  163.847062][ T6593]  ? lock_acquire+0x5f/0x360
[  163.847089][ T6593]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  163.847128][ T6593]  tun_get_user+0x2aa2/0x3e20
[  163.847155][ T6593]  ? __pfx_css_rstat_updated+0x10/0x10
[  163.847190][ T6593]  ? tun_get_user+0x266c/0x3e20
[  163.847217][ T6593]  ? __pfx_tun_get_user+0x10/0x10
[  163.847241][ T6593]  ? __folio_batch_add_and_move+0x20a/0xd20
[  163.847277][ T6593]  ? pfn_valid+0xba/0x490
[  163.847299][ T6593]  ? rcu_is_watching+0x15/0xb0
[  163.847331][ T6593]  ? page_table_check_set+0x18d/0x730
[  163.847363][ T6593]  ? rcu_is_watching+0x15/0xb0
[  163.847398][ T6593]  ? ref_tracker_alloc+0x318/0x460
[  163.847420][ T6593]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  163.847441][ T6593]  ? tun_get+0x1c/0x2f0
[  163.847463][ T6593]  ? tun_get+0x1c/0x2f0
[  163.847485][ T6593]  ? rcu_is_watching+0x15/0xb0
[  163.847515][ T6593]  ? tun_get+0x1c/0x2f0
[  163.847536][ T6593]  ? lock_release+0x4b/0x3e0
[  163.847566][ T6593]  ? tun_get+0x1c/0x2f0
[  163.847590][ T6593]  tun_chr_write_iter+0x113/0x200
[  163.847616][ T6593]  vfs_write+0x54b/0xa90
[  163.847649][ T6593]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  163.847672][ T6593]  ? __pfx_vfs_write+0x10/0x10
[  163.847708][ T6593]  ? __fget_files+0x2a/0x420
[  163.847735][ T6593]  ksys_write+0x145/0x250
[  163.847768][ T6593]  ? __pfx_ksys_write+0x10/0x10
[  163.847802][ T6593]  ? rcu_is_watching+0x15/0xb0
[  163.847835][ T6593]  do_syscall_64+0xfa/0x3b0
[  163.847857][ T6593]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.847878][ T6593]  ? clear_bhb_loop+0x60/0xb0
[  163.847910][ T6593]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.847931][ T6593] RIP: 0033:0x7f0893d7e98f
[  163.847949][ T6593] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  163.847966][ T6593] RSP: 002b:00007f0894ac9020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  163.847988][ T6593] RAX: ffffffffffffffda RBX: 00007f0893f46080 RCX: 00007f0893d7e98f
[  163.848004][ T6593] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  163.848017][ T6593] RBP: 00007f0893df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  163.848031][ T6593] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  163.848043][ T6593] R13: 0000000000000001 R14: 00007f0893f46080 R15: 00007fffd069c568
[  163.848067][ T6593]  </TASK>
[  163.848079][ T6593] BUG: Bad page state in process syz.0.16  pfn:757a5
[  164.314190][ T6593] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880757a58c0 pfn:0x757a5
[  164.324307][ T6593] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  164.331476][ T6593] raw: 00fff00000000000 dead000000000040 ffff8880216eb000 0000000000000000
[  164.340100][ T6593] raw: ffff8880757a58c0 0000000000000001 00000000ffffffff 0000000000000000
[  164.348721][ T6593] page dumped because: page_pool leak
[  164.354093][ T6593] page_owner tracks the page as allocated
[  164.359847][ T6593] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6593, tgid 6588 (syz.0.16), ts 162326843420, free_ts 162317209411
[  164.376838][ T6593]  post_alloc_hook+0x240/0x2a0
[  164.381619][ T6593]  get_page_from_freelist+0x21d5/0x22b0
[  164.387296][ T6593]  __alloc_frozen_pages_noprof+0x181/0x370
[  164.393133][ T6593]  alloc_pages_bulk_noprof+0x560/0x710
[  164.398640][ T6593]  __page_pool_alloc_netmems_slow+0x127/0x740
[  164.404750][ T6593]  skb_pp_cow_data+0xb47/0x13e0
[  164.409654][ T6593]  do_xdp_generic+0x699/0x11a0
[  164.414454][ T6593]  __netif_receive_skb_core+0x17f9/0x4020
[  164.420335][ T6593]  __netif_receive_skb+0x72/0x380
[  164.425949][ T6593]  netif_receive_skb+0x1cb/0x790
[  164.431012][ T6593]  tun_rx_batched+0x1b9/0x730
[  164.435735][ T6593]  tun_get_user+0x2aa2/0x3e20
[  164.440505][ T6593]  tun_chr_write_iter+0x113/0x200
[  164.445536][ T6593]  vfs_write+0x54b/0xa90
[  164.449876][ T6593]  ksys_write+0x145/0x250
[  164.454247][ T6593]  do_syscall_64+0xfa/0x3b0
[  164.458818][ T6593] page last free pid 43 tgid 43 stack trace:
[  164.464809][ T6593]  __free_frozen_pages+0xbb1/0xd20
[  164.469966][ T6593]  vfree+0x25a/0x400
[  164.473906][ T6593]  delayed_vfree_work+0x55/0x80
[  164.478793][ T6593]  process_scheduled_works+0xae1/0x17b0
[  164.484466][ T6593]  worker_thread+0x8a0/0xda0
[  164.489120][ T6593]  kthread+0x70e/0x8a0
[  164.493210][ T6593]  ret_from_fork+0x3f9/0x770
[  164.497867][ T6593]  ret_from_fork_asm+0x1a/0x30
[  164.502680][ T6593] Modules linked in:
[  164.506638][ T6593] CPU: 1 UID: 0 PID: 6593 Comm: syz.0.16 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  164.506671][ T6593] Tainted: [B]=BAD_PAGE
[  164.506677][ T6593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  164.506688][ T6593] Call Trace:
[  164.506697][ T6593]  <TASK>
[  164.506705][ T6593]  dump_stack_lvl+0x189/0x250
[  164.506733][ T6593]  ? __pfx_dump_stack_lvl+0x10/0x10
[  164.506755][ T6593]  ? __pfx_print_modules+0x10/0x10
[  164.506784][ T6593]  ? ksys_write+0x145/0x250
[  164.506824][ T6593]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.506852][ T6593]  bad_page+0x180/0x1c0
[  164.506881][ T6593]  __free_frozen_pages+0xcd1/0xd20
[  164.506909][ T6593]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  164.506948][ T6593]  bpf_xdp_adjust_tail+0x1d6/0x220
[  164.506974][ T6593]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  164.506993][ T6593]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  164.507040][ T6593]  do_xdp_generic+0x9f7/0x11a0
[  164.507076][ T6593]  ? __pfx_do_xdp_generic+0x10/0x10
[  164.507104][ T6593]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  164.507146][ T6593]  __netif_receive_skb_core+0x17f9/0x4020
[  164.507181][ T6593]  ? __pfx___skb_flow_dissect+0x10/0x10
[  164.507216][ T6593]  ? __up_read+0x280/0x680
[  164.507240][ T6593]  ? __pfx___up_read+0x10/0x10
[  164.507259][ T6593]  ? lock_release+0x4b/0x3e0
[  164.507293][ T6593]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  164.507328][ T6593]  ? rcu_is_watching+0x15/0xb0
[  164.507363][ T6593]  ? irqentry_exit+0x74/0x90
[  164.507381][ T6593]  ? exc_page_fault+0x9f/0xf0
[  164.507413][ T6593]  ? netif_receive_skb+0x115/0x790
[  164.507442][ T6593]  ? rcu_is_watching+0x15/0xb0
[  164.507473][ T6593]  ? lock_acquire+0x5f/0x360
[  164.507502][ T6593]  __netif_receive_skb+0x72/0x380
[  164.507537][ T6593]  ? netif_receive_skb+0x115/0x790
[  164.507567][ T6593]  netif_receive_skb+0x1cb/0x790
[  164.507597][ T6593]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  164.507630][ T6593]  ? __pfx_netif_receive_skb+0x10/0x10
[  164.507660][ T6593]  ? __pfx__copy_from_iter+0x10/0x10
[  164.507684][ T6593]  ? sock_alloc_send_pskb+0x875/0x990
[  164.507712][ T6593]  ? tun_rx_batched+0x160/0x730
[  164.507738][ T6593]  tun_rx_batched+0x1b9/0x730
[  164.507761][ T6593]  ? skb_header_pointer+0x8e/0x120
[  164.507789][ T6593]  ? __pfx_tun_rx_batched+0x10/0x10
[  164.507821][ T6593]  ? tun_get_user+0x266c/0x3e20
[  164.507844][ T6593]  ? rcu_is_watching+0x15/0xb0
[  164.507876][ T6593]  ? lock_acquire+0x5f/0x360
[  164.507904][ T6593]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  164.507943][ T6593]  tun_get_user+0x2aa2/0x3e20
[  164.507971][ T6593]  ? __pfx_css_rstat_updated+0x10/0x10
[  164.508005][ T6593]  ? tun_get_user+0x266c/0x3e20
[  164.508033][ T6593]  ? __pfx_tun_get_user+0x10/0x10
[  164.508056][ T6593]  ? __folio_batch_add_and_move+0x20a/0xd20
[  164.508090][ T6593]  ? pfn_valid+0xba/0x490
[  164.508107][ T6593]  ? rcu_is_watching+0x15/0xb0
[  164.508138][ T6593]  ? page_table_check_set+0x18d/0x730
[  164.508169][ T6593]  ? rcu_is_watching+0x15/0xb0
[  164.508204][ T6593]  ? ref_tracker_alloc+0x318/0x460
[  164.508225][ T6593]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  164.508246][ T6593]  ? tun_get+0x1c/0x2f0
[  164.508268][ T6593]  ? tun_get+0x1c/0x2f0
[  164.508290][ T6593]  ? rcu_is_watching+0x15/0xb0
[  164.508320][ T6593]  ? tun_get+0x1c/0x2f0
[  164.508342][ T6593]  ? lock_release+0x4b/0x3e0
[  164.508371][ T6593]  ? tun_get+0x1c/0x2f0
[  164.508397][ T6593]  tun_chr_write_iter+0x113/0x200
[  164.508422][ T6593]  vfs_write+0x54b/0xa90
[  164.508456][ T6593]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  164.508480][ T6593]  ? __pfx_vfs_write+0x10/0x10
[  164.508516][ T6593]  ? __fget_files+0x2a/0x420
[  164.508543][ T6593]  ksys_write+0x145/0x250
[  164.508584][ T6593]  ? __pfx_ksys_write+0x10/0x10
[  164.508618][ T6593]  ? rcu_is_watching+0x15/0xb0
[  164.508652][ T6593]  do_syscall_64+0xfa/0x3b0
[  164.508674][ T6593]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.508695][ T6593]  ? clear_bhb_loop+0x60/0xb0
[  164.508719][ T6593]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.508740][ T6593] RIP: 0033:0x7f0893d7e98f
[  164.508757][ T6593] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  164.508775][ T6593] RSP: 002b:00007f0894ac9020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  164.508797][ T6593] RAX: ffffffffffffffda RBX: 00007f0893f46080 RCX: 00007f0893d7e98f
[  164.508825][ T6593] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  164.508840][ T6593] RBP: 00007f0893df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  164.508853][ T6593] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  164.508865][ T6593] R13: 0000000000000001 R14: 00007f0893f46080 R15: 00007fffd069c568
[  164.508889][ T6593]  </TASK>
[  164.508901][ T6593] BUG: Bad page state in process syz.0.16  pfn:757ec
[  164.976118][ T6593] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880757ec990 pfn:0x757ec
[  164.986311][ T6593] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  164.993456][ T6593] raw: 00fff00000000000 dead000000000040 ffff8880216eb000 0000000000000000
[  165.002176][ T6593] raw: ffff8880757ec990 0000000000000001 00000000ffffffff 0000000000000000
[  165.010882][ T6593] page dumped because: page_pool leak
[  165.016288][ T6593] page_owner tracks the page as allocated
[  165.022116][ T6593] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6593, tgid 6588 (syz.0.16), ts 162326831820, free_ts 162317216332
[  165.039100][ T6593]  post_alloc_hook+0x240/0x2a0
[  165.043900][ T6593]  get_page_from_freelist+0x21d5/0x22b0
[  165.049613][ T6593]  __alloc_frozen_pages_noprof+0x181/0x370
[  165.055451][ T6593]  alloc_pages_bulk_noprof+0x560/0x710
[  165.060960][ T6593]  __page_pool_alloc_netmems_slow+0x127/0x740
[  165.067106][ T6593]  skb_pp_cow_data+0xb47/0x13e0
[  165.071981][ T6593]  do_xdp_generic+0x699/0x11a0
[  165.076795][ T6593]  __netif_receive_skb_core+0x17f9/0x4020
[  165.082560][ T6593]  __netif_receive_skb+0x72/0x380
[  165.087755][ T6593]  netif_receive_skb+0x1cb/0x790
[  165.092830][ T6593]  tun_rx_batched+0x1b9/0x730
[  165.097568][ T6593]  tun_get_user+0x2aa2/0x3e20
[  165.102278][ T6593]  tun_chr_write_iter+0x113/0x200
[  165.107369][ T6593]  vfs_write+0x54b/0xa90
[  165.111658][ T6593]  ksys_write+0x145/0x250
[  165.116053][ T6593]  do_syscall_64+0xfa/0x3b0
[  165.120592][ T6593] page last free pid 43 tgid 43 stack trace:
[  165.126707][ T6593]  __free_frozen_pages+0xbb1/0xd20
[  165.131908][ T6593]  vfree+0x25a/0x400
[  165.135878][ T6593]  delayed_vfree_work+0x55/0x80
[  165.140761][ T6593]  process_scheduled_works+0xae1/0x17b0
[  165.146360][ T6593]  worker_thread+0x8a0/0xda0
[  165.151041][ T6593]  kthread+0x70e/0x8a0
[  165.155128][ T6593]  ret_from_fork+0x3f9/0x770
[  165.159784][ T6593]  ret_from_fork_asm+0x1a/0x30
[  165.164584][ T6593] Modules linked in:
[  165.168598][ T6593] CPU: 1 UID: 0 PID: 6593 Comm: syz.0.16 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  165.168630][ T6593] Tainted: [B]=BAD_PAGE
[  165.168637][ T6593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  165.168649][ T6593] Call Trace:
[  165.168655][ T6593]  <TASK>
[  165.168663][ T6593]  dump_stack_lvl+0x189/0x250
[  165.168691][ T6593]  ? __pfx_dump_stack_lvl+0x10/0x10
[  165.168712][ T6593]  ? __pfx_print_modules+0x10/0x10
[  165.168739][ T6593]  ? ksys_write+0x145/0x250
[  165.168766][ T6593]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.168788][ T6593]  bad_page+0x180/0x1c0
[  165.168813][ T6593]  __free_frozen_pages+0xcd1/0xd20
[  165.168838][ T6593]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  165.168876][ T6593]  bpf_xdp_adjust_tail+0x1d6/0x220
[  165.168904][ T6593]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  165.168924][ T6593]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  165.168973][ T6593]  do_xdp_generic+0x9f7/0x11a0
[  165.169029][ T6593]  ? __pfx_do_xdp_generic+0x10/0x10
[  165.169057][ T6593]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  165.169100][ T6593]  __netif_receive_skb_core+0x17f9/0x4020
[  165.169136][ T6593]  ? __pfx___skb_flow_dissect+0x10/0x10