Warning: Permanently added '10.128.1.244' (ED25519) to the list of known hosts.
2025/08/03 02:47:12 ignoring optional flag "sandboxArg"="0"
2025/08/03 02:47:13 parsed 1 programs
[  123.948785][ T6334] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  127.693570][ T1315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.704773][ T1315] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.753474][ T1315] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.763312][ T1315] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.998611][ T5171] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  128.007543][ T5171] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  128.015996][ T5171] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  128.025054][ T5171] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  128.032851][ T5171] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  128.913839][ T6393] chnl_net:caif_netlink_parms(): no params data found
[  129.059862][ T6393] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.067083][ T6393] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.074573][ T6393] bridge_slave_0: entered allmulticast mode
[  129.082418][ T6393] bridge_slave_0: entered promiscuous mode
[  129.090663][ T6393] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.098676][ T6393] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.106438][ T6393] bridge_slave_1: entered allmulticast mode
[  129.114134][ T6393] bridge_slave_1: entered promiscuous mode
[  129.154108][ T6393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  129.166411][ T6393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  129.195689][ T6393] team0: Port device team_slave_0 added
[  129.206149][ T6393] team0: Port device team_slave_1 added
[  129.232642][ T6393] batman_adv: batadv0: Adding interface: batadv_slave_0
[  129.239765][ T6393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  129.266719][ T6393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  129.278860][ T6393] batman_adv: batadv0: Adding interface: batadv_slave_1
[  129.285854][ T6393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  129.312008][ T6393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  129.353725][ T6393] hsr_slave_0: entered promiscuous mode
[  129.360076][ T6393] hsr_slave_1: entered promiscuous mode
[  129.961782][ T6393] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  129.975987][ T6393] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  129.987718][ T6393] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  130.000530][ T6393] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  130.119149][ T6393] 8021q: adding VLAN 0 to HW filter on device bond0
[  130.151116][ T6393] 8021q: adding VLAN 0 to HW filter on device team0
[  130.168333][ T1333] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.175557][ T1333] bridge0: port 1(bridge_slave_0) entered forwarding state
[  130.203671][ T1333] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.210934][ T1333] bridge0: port 2(bridge_slave_1) entered forwarding state
[  130.488270][ T6393] 8021q: adding VLAN 0 to HW filter on device batadv0
[  130.549405][ T6393] veth0_vlan: entered promiscuous mode
[  130.570080][ T6393] veth1_vlan: entered promiscuous mode
[  130.613981][ T6393] veth0_macvtap: entered promiscuous mode
[  130.626188][ T6393] veth1_macvtap: entered promiscuous mode
[  130.656059][ T6393] batman_adv: batadv0: Interface activated: batadv_slave_0
[  130.676083][ T6393] batman_adv: batadv0: Interface activated: batadv_slave_1
[  130.697006][ T1315] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  130.717482][ T1315] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  130.740306][ T1315] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  130.783276][ T1315] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  130.897997][   T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.995978][   T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.083316][   T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.196455][   T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/08/03 02:47:25 executed programs: 0
[  132.267407][ T5941] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  132.278732][ T5941] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  132.287896][ T5941] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  132.305071][ T5941] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  132.312963][ T5941] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  132.785096][ T6494] chnl_net:caif_netlink_parms(): no params data found
[  132.915704][ T6494] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.925997][ T6494] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.934845][ T6494] bridge_slave_0: entered allmulticast mode
[  132.943350][ T6494] bridge_slave_0: entered promiscuous mode
[  132.954769][ T6494] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.963495][ T6494] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.974685][ T6494] bridge_slave_1: entered allmulticast mode
[  132.978121][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  132.983186][ T6494] bridge_slave_1: entered promiscuous mode
[  132.987468][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  133.040866][ T6494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  133.056951][ T6494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  133.100941][ T6494] team0: Port device team_slave_0 added
[  133.110286][ T6494] team0: Port device team_slave_1 added
[  133.152645][ T6494] batman_adv: batadv0: Adding interface: batadv_slave_0
[  133.159695][ T6494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  133.188120][ T6494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  133.203497][ T6494] batman_adv: batadv0: Adding interface: batadv_slave_1
[  133.210617][ T6494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  133.239050][ T6494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  133.413920][ T6494] hsr_slave_0: entered promiscuous mode
[  133.420832][ T6494] hsr_slave_1: entered promiscuous mode
[  133.427855][ T6494] debugfs: 'hsr0' already exists in 'hsr'
[  133.434749][ T6494] Cannot create hsr debugfs directory
[  133.441029][   T49] bridge_slave_1: left allmulticast mode
[  133.447815][   T49] bridge_slave_1: left promiscuous mode
[  133.453949][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.466542][   T49] bridge_slave_0: left allmulticast mode
[  133.472741][   T49] bridge_slave_0: left promiscuous mode
[  133.478517][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.807028][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  133.818595][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  133.831163][   T49] bond0 (unregistering): Released all slaves
[  133.945056][   T49] hsr_slave_0: left promiscuous mode
[  133.953505][   T49] hsr_slave_1: left promiscuous mode
[  133.959550][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  133.968828][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  133.977003][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  133.984455][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  134.000177][   T49] veth1_macvtap: left promiscuous mode
[  134.006859][   T49] veth0_macvtap: left promiscuous mode
[  134.012783][   T49] veth1_vlan: left promiscuous mode
[  134.018084][   T49] veth0_vlan: left promiscuous mode
[  134.340812][   T49] team0 (unregistering): Port device team_slave_1 removed
[  134.372714][   T49] team0 (unregistering): Port device team_slave_0 removed
[  134.401507][ T5171] Bluetooth: hci0: command tx timeout
[  135.309772][ T6494] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  135.363570][ T6494] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  135.388827][ T6494] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  135.404841][ T6494] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  135.556221][ T6494] 8021q: adding VLAN 0 to HW filter on device bond0
[  135.577288][ T6494] 8021q: adding VLAN 0 to HW filter on device team0
[  135.591224][ T1333] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.598455][ T1333] bridge0: port 1(bridge_slave_0) entered forwarding state
[  135.618698][ T1333] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.625987][ T1333] bridge0: port 2(bridge_slave_1) entered forwarding state
[  135.902648][ T6494] 8021q: adding VLAN 0 to HW filter on device batadv0
[  135.963362][ T6494] veth0_vlan: entered promiscuous mode
[  135.980013][ T6494] veth1_vlan: entered promiscuous mode
[  136.026776][ T6494] veth0_macvtap: entered promiscuous mode
[  136.039190][ T6494] veth1_macvtap: entered promiscuous mode
[  136.068907][ T6494] batman_adv: batadv0: Interface activated: batadv_slave_0
[  136.089608][ T6494] batman_adv: batadv0: Interface activated: batadv_slave_1
[  136.112438][ T1315] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  136.129463][ T1315] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  136.148906][ T1315] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  136.180885][ T1315] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  136.245374][ T1333] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  136.258271][ T1333] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  136.299412][ T1333] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  136.309431][ T1333] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  136.385161][ T6595] BUG: Bad page state in process syz.0.15  pfn:58c9b
[  136.392060][ T6595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58c9b
[  136.401027][ T6595] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  136.408248][ T6595] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  136.417253][ T6595] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  136.425889][ T6595] page dumped because: page_pool leak
[  136.431407][ T6595] page_owner tracks the page as allocated
[  136.437435][ T6595] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6595, tgid 6592 (syz.0.15), ts 136384990049, free_ts 132688260011
[  136.454695][ T6595]  post_alloc_hook+0x240/0x2a0
[  136.459501][ T6595]  get_page_from_freelist+0x21d5/0x22b0
[  136.465204][ T6595]  __alloc_frozen_pages_noprof+0x181/0x370
[  136.471138][ T6595]  alloc_pages_bulk_noprof+0x560/0x710
[  136.477086][ T6595]  __page_pool_alloc_netmems_slow+0x127/0x740
[  136.483334][ T6595]  skb_pp_cow_data+0xb47/0x13e0
[  136.488311][ T6595]  do_xdp_generic+0x699/0x11a0
[  136.493507][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  136.499279][ T6595]  __netif_receive_skb+0x72/0x380
[  136.504631][ T6595]  netif_receive_skb+0x1cb/0x790
[  136.509596][ T6595]  tun_rx_batched+0x1b9/0x730
[  136.514345][ T6595]  tun_get_user+0x2aa2/0x3e20
[  136.519051][ T6595]  tun_chr_write_iter+0x113/0x200
[  136.524167][ T6595]  vfs_write+0x54b/0xa90
[  136.528607][ T6595]  ksys_write+0x145/0x250
[  136.533079][ T6595]  do_syscall_64+0xfa/0x3b0
[  136.537607][ T6595] page last free pid 6485 tgid 6485 stack trace:
[  136.543984][ T6595]  __free_frozen_pages+0xbb1/0xd20
[  136.549321][ T6595]  vfree+0x25a/0x400
[  136.553277][ T6595]  kcov_close+0x28/0x50
[  136.557563][ T6595]  __fput+0x449/0xa70
[  136.561687][ T6595]  task_work_run+0x1d4/0x260
[  136.566398][ T6595]  do_exit+0x6b5/0x2300
[  136.570720][ T6595]  do_group_exit+0x21c/0x2d0
[  136.575394][ T6595]  get_signal+0x125e/0x1310
[  136.579930][ T6595]  arch_do_signal_or_restart+0x9a/0x750
[  136.585548][ T6595]  exit_to_user_mode_loop+0x75/0x110
[  136.590946][ T6595]  do_syscall_64+0x2bd/0x3b0
[  136.595623][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.601571][ T6595] Modules linked in:
[  136.605613][ T6595] CPU: 1 UID: 0 PID: 6595 Comm: syz.0.15 Not tainted 6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  136.605640][ T6595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  136.605654][ T6595] Call Trace:
[  136.605664][ T6595]  <TASK>
[  136.605671][ T6595]  dump_stack_lvl+0x189/0x250
[  136.605697][ T6595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.605717][ T6595]  ? __pfx_print_modules+0x10/0x10
[  136.605744][ T6595]  ? ksys_write+0x145/0x250
[  136.605771][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.605800][ T6595]  bad_page+0x180/0x1c0
[  136.605826][ T6595]  __free_frozen_pages+0xcd1/0xd20
[  136.605855][ T6595]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  136.605893][ T6595]  bpf_xdp_adjust_tail+0x1d6/0x220
[  136.605917][ T6595]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  136.605939][ T6595]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  136.605993][ T6595]  do_xdp_generic+0x9f7/0x11a0
[  136.606031][ T6595]  ? __pfx_do_xdp_generic+0x10/0x10
[  136.606054][ T6595]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  136.606116][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  136.606148][ T6595]  ? __pfx___skb_flow_dissect+0x10/0x10
[  136.606168][ T6595]  ? __up_read+0x280/0x680
[  136.606190][ T6595]  ? __pfx___up_read+0x10/0x10
[  136.606210][ T6595]  ? do_user_addr_fault+0xbc1/0x1390
[  136.606242][ T6595]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  136.606275][ T6595]  ? irqentry_exit+0x74/0x90
[  136.606296][ T6595]  ? __lock_acquire+0xab9/0xd20
[  136.606326][ T6595]  ? netif_receive_skb+0x115/0x790
[  136.606352][ T6595]  ? netif_receive_skb+0x115/0x790
[  136.606381][ T6595]  __netif_receive_skb+0x72/0x380
[  136.606415][ T6595]  ? netif_receive_skb+0x115/0x790
[  136.606441][ T6595]  netif_receive_skb+0x1cb/0x790
[  136.606468][ T6595]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  136.606498][ T6595]  ? __pfx_netif_receive_skb+0x10/0x10
[  136.606524][ T6595]  ? __pfx__copy_from_iter+0x10/0x10
[  136.606545][ T6595]  ? sock_alloc_send_pskb+0x875/0x990
[  136.606573][ T6595]  ? tun_rx_batched+0x160/0x730
[  136.606597][ T6595]  tun_rx_batched+0x1b9/0x730
[  136.606619][ T6595]  ? __lock_acquire+0xab9/0xd20
[  136.606648][ T6595]  ? __pfx_tun_rx_batched+0x10/0x10
[  136.606674][ T6595]  ? tun_get_user+0x266c/0x3e20
[  136.606710][ T6595]  tun_get_user+0x2aa2/0x3e20
[  136.606737][ T6595]  ? rcu_is_watching+0x15/0xb0
[  136.606769][ T6595]  ? tun_get_user+0x266c/0x3e20
[  136.606797][ T6595]  ? __pfx_tun_get_user+0x10/0x10
[  136.606823][ T6595]  ? __lock_acquire+0xab9/0xd20
[  136.606972][ T6595]  ? ref_tracker_alloc+0x318/0x460
[  136.606989][ T6595]  ? __lock_acquire+0xab9/0xd20
[  136.607016][ T6595]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  136.607042][ T6595]  ? tun_get+0x1c/0x2f0
[  136.607070][ T6595]  ? tun_get+0x1c/0x2f0
[  136.607090][ T6595]  ? tun_get+0x1c/0x2f0
[  136.607116][ T6595]  tun_chr_write_iter+0x113/0x200
[  136.607150][ T6595]  vfs_write+0x54b/0xa90
[  136.607185][ T6595]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  136.607208][ T6595]  ? __pfx_vfs_write+0x10/0x10
[  136.607248][ T6595]  ? __fget_files+0x2a/0x420
[  136.607279][ T6595]  ksys_write+0x145/0x250
[  136.607310][ T6595]  ? __pfx_ksys_write+0x10/0x10
[  136.607336][ T6595]  ? rcu_is_watching+0x15/0xb0
[  136.607371][ T6595]  ? do_syscall_64+0xbe/0x3b0
[  136.607395][ T6595]  do_syscall_64+0xfa/0x3b0
[  136.607413][ T6595]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.607443][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.607461][ T6595]  ? clear_bhb_loop+0x60/0xb0
[  136.607485][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.607504][ T6595] RIP: 0033:0x7fd5a577e98f
[  136.607522][ T6595] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  136.607538][ T6595] RSP: 002b:00007fd5a64fb020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  136.607559][ T6595] RAX: ffffffffffffffda RBX: 00007fd5a5945fa0 RCX: 00007fd5a577e98f
[  136.607573][ T6595] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  136.607587][ T6595] RBP: 00007fd5a57f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  136.607599][ T6595] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  136.607610][ T6595] R13: 0000000000000000 R14: 00007fd5a5945fa0 R15: 00007ffd57dd21b8
[  136.607641][ T6595]  </TASK>
[  136.607649][ T6595] Disabling lock debugging due to kernel taint
[  137.029589][ T6595] BUG: Bad page state in process syz.0.15  pfn:58c9c
[  137.036416][ T6595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58c9c
[  137.045416][ T6595] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  137.052603][ T6595] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  137.061315][ T6595] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  137.069937][ T6595] page dumped because: page_pool leak
[  137.075456][ T6595] page_owner tracks the page as allocated
[  137.081392][ T6595] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6595, tgid 6592 (syz.0.15), ts 136384974304, free_ts 132688275093
[  137.098381][ T6595]  post_alloc_hook+0x240/0x2a0
[  137.103200][ T6595]  get_page_from_freelist+0x21d5/0x22b0
[  137.109033][ T6595]  __alloc_frozen_pages_noprof+0x181/0x370
[  137.115077][ T6595]  alloc_pages_bulk_noprof+0x560/0x710
[  137.120559][ T6595]  __page_pool_alloc_netmems_slow+0x127/0x740
[  137.127063][ T6595]  skb_pp_cow_data+0xb47/0x13e0
[  137.132093][ T6595]  do_xdp_generic+0x699/0x11a0
[  137.137061][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  137.142869][ T6595]  __netif_receive_skb+0x72/0x380
[  137.148003][ T6595]  netif_receive_skb+0x1cb/0x790
[  137.153012][ T6595]  tun_rx_batched+0x1b9/0x730
[  137.157803][ T6595]  tun_get_user+0x2aa2/0x3e20
[  137.162638][ T6595]  tun_chr_write_iter+0x113/0x200
[  137.167870][ T6595]  vfs_write+0x54b/0xa90
[  137.172202][ T6595]  ksys_write+0x145/0x250
[  137.176550][ T6595]  do_syscall_64+0xfa/0x3b0
[  137.181089][ T6595] page last free pid 6485 tgid 6485 stack trace:
[  137.187654][ T6595]  __free_frozen_pages+0xbb1/0xd20
[  137.192999][ T6595]  vfree+0x25a/0x400
[  137.196930][ T6595]  kcov_close+0x28/0x50
[  137.201094][ T6595]  __fput+0x449/0xa70
[  137.205124][ T6595]  task_work_run+0x1d4/0x260
[  137.209851][ T6595]  do_exit+0x6b5/0x2300
[  137.214057][ T6595]  do_group_exit+0x21c/0x2d0
[  137.218655][ T6595]  get_signal+0x125e/0x1310
[  137.223215][ T6595]  arch_do_signal_or_restart+0x9a/0x750
[  137.229005][ T6595]  exit_to_user_mode_loop+0x75/0x110
[  137.234439][ T6595]  do_syscall_64+0x2bd/0x3b0
[  137.239129][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.245087][ T6595] Modules linked in:
[  137.249082][ T6595] CPU: 1 UID: 0 PID: 6595 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  137.249112][ T6595] Tainted: [B]=BAD_PAGE
[  137.249119][ T6595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  137.249131][ T6595] Call Trace:
[  137.249137][ T6595]  <TASK>
[  137.249145][ T6595]  dump_stack_lvl+0x189/0x250
[  137.249171][ T6595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  137.249191][ T6595]  ? __pfx_print_modules+0x10/0x10
[  137.249216][ T6595]  ? ksys_write+0x145/0x250
[  137.249242][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.249265][ T6595]  bad_page+0x180/0x1c0
[  137.249289][ T6595]  __free_frozen_pages+0xcd1/0xd20
[  137.249312][ T6595]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  137.249345][ T6595]  bpf_xdp_adjust_tail+0x1d6/0x220
[  137.249367][ T6595]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  137.249384][ T6595]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  137.249420][ T6595]  do_xdp_generic+0x9f7/0x11a0
[  137.249450][ T6595]  ? __pfx_do_xdp_generic+0x10/0x10
[  137.249474][ T6595]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  137.249508][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  137.249538][ T6595]  ? __pfx___skb_flow_dissect+0x10/0x10
[  137.249558][ T6595]  ? __up_read+0x280/0x680
[  137.249577][ T6595]  ? __pfx___up_read+0x10/0x10
[  137.249595][ T6595]  ? do_user_addr_fault+0xbc1/0x1390
[  137.249626][ T6595]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  137.249655][ T6595]  ? irqentry_exit+0x74/0x90
[  137.249674][ T6595]  ? __lock_acquire+0xab9/0xd20
[  137.249700][ T6595]  ? netif_receive_skb+0x115/0x790
[  137.249726][ T6595]  ? netif_receive_skb+0x115/0x790
[  137.249753][ T6595]  __netif_receive_skb+0x72/0x380
[  137.249782][ T6595]  ? netif_receive_skb+0x115/0x790
[  137.249806][ T6595]  netif_receive_skb+0x1cb/0x790
[  137.249832][ T6595]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  137.249858][ T6595]  ? __pfx_netif_receive_skb+0x10/0x10
[  137.249884][ T6595]  ? __pfx__copy_from_iter+0x10/0x10
[  137.249901][ T6595]  ? sock_alloc_send_pskb+0x875/0x990
[  137.249924][ T6595]  ? tun_rx_batched+0x160/0x730
[  137.249944][ T6595]  tun_rx_batched+0x1b9/0x730
[  137.249961][ T6595]  ? __lock_acquire+0xab9/0xd20
[  137.249982][ T6595]  ? __pfx_tun_rx_batched+0x10/0x10
[  137.250002][ T6595]  ? tun_get_user+0x266c/0x3e20
[  137.250032][ T6595]  tun_get_user+0x2aa2/0x3e20
[  137.250053][ T6595]  ? rcu_is_watching+0x15/0xb0
[  137.250080][ T6595]  ? tun_get_user+0x266c/0x3e20
[  137.250101][ T6595]  ? __pfx_tun_get_user+0x10/0x10
[  137.250122][ T6595]  ? __lock_acquire+0xab9/0xd20
[  137.250148][ T6595]  ? ref_tracker_alloc+0x318/0x460
[  137.250162][ T6595]  ? __lock_acquire+0xab9/0xd20
[  137.250185][ T6595]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  137.250203][ T6595]  ? tun_get+0x1c/0x2f0
[  137.250224][ T6595]  ? tun_get+0x1c/0x2f0
[  137.250243][ T6595]  ? tun_get+0x1c/0x2f0
[  137.250263][ T6595]  tun_chr_write_iter+0x113/0x200
[  137.250283][ T6595]  vfs_write+0x54b/0xa90
[  137.250310][ T6595]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  137.250330][ T6595]  ? __pfx_vfs_write+0x10/0x10
[  137.250360][ T6595]  ? __fget_files+0x2a/0x420
[  137.250382][ T6595]  ksys_write+0x145/0x250
[  137.250410][ T6595]  ? __pfx_ksys_write+0x10/0x10
[  137.250436][ T6595]  ? rcu_is_watching+0x15/0xb0
[  137.250464][ T6595]  ? do_syscall_64+0xbe/0x3b0
[  137.250484][ T6595]  do_syscall_64+0xfa/0x3b0
[  137.250500][ T6595]  ? lockdep_hardirqs_on+0x9c/0x150
[  137.250528][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.250546][ T6595]  ? clear_bhb_loop+0x60/0xb0
[  137.250566][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.250583][ T6595] RIP: 0033:0x7fd5a577e98f
[  137.250598][ T6595] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  137.250614][ T6595] RSP: 002b:00007fd5a64fb020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  137.250632][ T6595] RAX: ffffffffffffffda RBX: 00007fd5a5945fa0 RCX: 00007fd5a577e98f
[  137.250646][ T6595] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  137.250657][ T6595] RBP: 00007fd5a57f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  137.250668][ T6595] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  137.250678][ T6595] R13: 0000000000000000 R14: 00007fd5a5945fa0 R15: 00007ffd57dd21b8
[  137.250695][ T6595]  </TASK>
[  137.250704][ T6595] BUG: Bad page state in process syz.0.15  pfn:58c9d
[  137.677043][ T6595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58c9d
[  137.685831][ T6595] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  137.693055][ T6595] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  137.702036][ T6595] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  137.710715][ T6595] page dumped because: page_pool leak
[  137.716257][ T6595] page_owner tracks the page as allocated
[  137.722175][ T6595] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6595, tgid 6592 (syz.0.15), ts 136384957269, free_ts 132688289909
[  137.739497][ T6595]  post_alloc_hook+0x240/0x2a0
[  137.744502][ T6595]  get_page_from_freelist+0x21d5/0x22b0
[  137.750152][ T6595]  __alloc_frozen_pages_noprof+0x181/0x370
[  137.756056][ T6595]  alloc_pages_bulk_noprof+0x560/0x710
[  137.761930][ T6595]  __page_pool_alloc_netmems_slow+0x127/0x740
[  137.768107][ T6595]  skb_pp_cow_data+0xb47/0x13e0
[  137.773202][ T6595]  do_xdp_generic+0x699/0x11a0
[  137.778086][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  137.784033][ T6595]  __netif_receive_skb+0x72/0x380
[  137.789098][ T6595]  netif_receive_skb+0x1cb/0x790
[  137.794087][ T6595]  tun_rx_batched+0x1b9/0x730
[  137.799140][ T6595]  tun_get_user+0x2aa2/0x3e20
[  137.803838][ T6595]  tun_chr_write_iter+0x113/0x200
[  137.809319][ T6595]  vfs_write+0x54b/0xa90
[  137.813591][ T6595]  ksys_write+0x145/0x250
[  137.817954][ T6595]  do_syscall_64+0xfa/0x3b0
[  137.822487][ T6595] page last free pid 6485 tgid 6485 stack trace:
[  137.829184][ T6595]  __free_frozen_pages+0xbb1/0xd20
[  137.834504][ T6595]  vfree+0x25a/0x400
[  137.838533][ T6595]  kcov_close+0x28/0x50
[  137.842893][ T6595]  __fput+0x449/0xa70
[  137.847003][ T6595]  task_work_run+0x1d4/0x260
[  137.851635][ T6595]  do_exit+0x6b5/0x2300
[  137.855830][ T6595]  do_group_exit+0x21c/0x2d0
[  137.860584][ T6595]  get_signal+0x125e/0x1310
[  137.865234][ T6595]  arch_do_signal_or_restart+0x9a/0x750
[  137.871144][ T6595]  exit_to_user_mode_loop+0x75/0x110
[  137.876824][ T6595]  do_syscall_64+0x2bd/0x3b0
[  137.881557][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.887549][ T6595] Modules linked in:
[  137.891914][ T6595] CPU: 1 UID: 0 PID: 6595 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  137.891938][ T6595] Tainted: [B]=BAD_PAGE
[  137.891944][ T6595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  137.891953][ T6595] Call Trace:
[  137.891959][ T6595]  <TASK>
[  137.891966][ T6595]  dump_stack_lvl+0x189/0x250
[  137.891988][ T6595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  137.892005][ T6595]  ? __pfx_print_modules+0x10/0x10
[  137.892027][ T6595]  ? ksys_write+0x145/0x250
[  137.892052][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.892071][ T6595]  bad_page+0x180/0x1c0
[  137.892091][ T6595]  __free_frozen_pages+0xcd1/0xd20
[  137.892112][ T6595]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  137.892143][ T6595]  bpf_xdp_adjust_tail+0x1d6/0x220
[  137.892166][ T6595]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  137.892182][ T6595]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  137.892220][ T6595]  do_xdp_generic+0x9f7/0x11a0
[  137.892249][ T6595]  ? __pfx_do_xdp_generic+0x10/0x10
[  137.892271][ T6595]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  137.892303][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  137.892331][ T6595]  ? __pfx___skb_flow_dissect+0x10/0x10
[  137.892351][ T6595]  ? __up_read+0x280/0x680
[  137.892369][ T6595]  ? __pfx___up_read+0x10/0x10
[  137.892387][ T6595]  ? do_user_addr_fault+0xbc1/0x1390
[  137.892415][ T6595]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  137.892444][ T6595]  ? irqentry_exit+0x74/0x90
[  137.892462][ T6595]  ? __lock_acquire+0xab9/0xd20
[  137.892488][ T6595]  ? netif_receive_skb+0x115/0x790
[  137.892513][ T6595]  ? netif_receive_skb+0x115/0x790
[  137.892538][ T6595]  __netif_receive_skb+0x72/0x380
[  137.892566][ T6595]  ? netif_receive_skb+0x115/0x790
[  137.892590][ T6595]  netif_receive_skb+0x1cb/0x790
[  137.892615][ T6595]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  137.892642][ T6595]  ? __pfx_netif_receive_skb+0x10/0x10
[  137.892666][ T6595]  ? __pfx__copy_from_iter+0x10/0x10
[  137.892685][ T6595]  ? sock_alloc_send_pskb+0x875/0x990
[  137.892710][ T6595]  ? tun_rx_batched+0x160/0x730
[  137.892731][ T6595]  tun_rx_batched+0x1b9/0x730
[  137.892750][ T6595]  ? __lock_acquire+0xab9/0xd20
[  137.892784][ T6595]  ? __pfx_tun_rx_batched+0x10/0x10
[  137.892805][ T6595]  ? tun_get_user+0x266c/0x3e20
[  137.892830][ T6595]  tun_get_user+0x2aa2/0x3e20
[  137.892851][ T6595]  ? rcu_is_watching+0x15/0xb0
[  137.892879][ T6595]  ? tun_get_user+0x266c/0x3e20
[  137.892901][ T6595]  ? __pfx_tun_get_user+0x10/0x10
[  137.892922][ T6595]  ? __lock_acquire+0xab9/0xd20
[  137.892948][ T6595]  ? ref_tracker_alloc+0x318/0x460
[  137.892964][ T6595]  ? __lock_acquire+0xab9/0xd20
[  137.892987][ T6595]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  137.893006][ T6595]  ? tun_get+0x1c/0x2f0
[  137.893026][ T6595]  ? tun_get+0x1c/0x2f0
[  137.893044][ T6595]  ? tun_get+0x1c/0x2f0
[  137.893064][ T6595]  tun_chr_write_iter+0x113/0x200
[  137.893084][ T6595]  vfs_write+0x54b/0xa90
[  137.893112][ T6595]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  137.893131][ T6595]  ? __pfx_vfs_write+0x10/0x10
[  137.893156][ T6595]  ? __fget_files+0x2a/0x420
[  137.893177][ T6595]  ksys_write+0x145/0x250
[  137.893204][ T6595]  ? __pfx_ksys_write+0x10/0x10
[  137.893227][ T6595]  ? rcu_is_watching+0x15/0xb0
[  137.893255][ T6595]  ? do_syscall_64+0xbe/0x3b0
[  137.893275][ T6595]  do_syscall_64+0xfa/0x3b0
[  137.893290][ T6595]  ? lockdep_hardirqs_on+0x9c/0x150
[  137.893317][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.893336][ T6595]  ? clear_bhb_loop+0x60/0xb0
[  137.893357][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.893375][ T6595] RIP: 0033:0x7fd5a577e98f
[  137.893391][ T6595] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  137.893407][ T6595] RSP: 002b:00007fd5a64fb020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  137.893428][ T6595] RAX: ffffffffffffffda RBX: 00007fd5a5945fa0 RCX: 00007fd5a577e98f
[  137.893442][ T6595] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  137.893454][ T6595] RBP: 00007fd5a57f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  137.893466][ T6595] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  137.893477][ T6595] R13: 0000000000000000 R14: 00007fd5a5945fa0 R15: 00007ffd57dd21b8
[  137.893497][ T6595]  </TASK>
[  137.893508][ T6595] BUG: Bad page state in process syz.0.15  pfn:58c9e
[  138.326762][ T6595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58c9e
[  138.335641][ T6595] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  138.342879][ T6595] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  138.351680][ T6595] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  138.360542][ T6595] page dumped because: page_pool leak
[  138.365973][ T6595] page_owner tracks the page as allocated
[  138.371996][ T6595] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6595, tgid 6592 (syz.0.15), ts 136384941675, free_ts 132688304966
[  138.389431][ T6595]  post_alloc_hook+0x240/0x2a0
[  138.394511][ T6595]  get_page_from_freelist+0x21d5/0x22b0
[  138.400236][ T6595]  __alloc_frozen_pages_noprof+0x181/0x370
[  138.406270][ T6595]  alloc_pages_bulk_noprof+0x560/0x710
[  138.411786][ T6595]  __page_pool_alloc_netmems_slow+0x127/0x740
[  138.417899][ T6595]  skb_pp_cow_data+0xb47/0x13e0
[  138.422804][ T6595]  do_xdp_generic+0x699/0x11a0
[  138.427673][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  138.433635][ T6595]  __netif_receive_skb+0x72/0x380
[  138.438680][ T6595]  netif_receive_skb+0x1cb/0x790
[  138.443855][ T6595]  tun_rx_batched+0x1b9/0x730
[  138.448642][ T6595]  tun_get_user+0x2aa2/0x3e20
[  138.453450][ T6595]  tun_chr_write_iter+0x113/0x200
[  138.458497][ T6595]  vfs_write+0x54b/0xa90
[  138.462873][ T6595]  ksys_write+0x145/0x250
[  138.467326][ T6595]  do_syscall_64+0xfa/0x3b0
[  138.472084][ T6595] page last free pid 6485 tgid 6485 stack trace:
[  138.478419][ T6595]  __free_frozen_pages+0xbb1/0xd20
[  138.483705][ T6595]  vfree+0x25a/0x400
[  138.487723][ T6595]  kcov_close+0x28/0x50
[  138.492040][ T6595]  __fput+0x449/0xa70
[  138.496043][ T6595]  task_work_run+0x1d4/0x260
[  138.500726][ T6595]  do_exit+0x6b5/0x2300
[  138.505025][ T6595]  do_group_exit+0x21c/0x2d0
[  138.509642][ T6595]  get_signal+0x125e/0x1310
[  138.514184][ T6595]  arch_do_signal_or_restart+0x9a/0x750
[  138.519848][ T6595]  exit_to_user_mode_loop+0x75/0x110
[  138.525190][ T6595]  do_syscall_64+0x2bd/0x3b0
[  138.529821][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.535942][ T6595] Modules linked in:
[  138.539845][ T6595] CPU: 1 UID: 0 PID: 6595 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  138.539862][ T6595] Tainted: [B]=BAD_PAGE
[  138.539866][ T6595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  138.539872][ T6595] Call Trace:
[  138.539876][ T6595]  <TASK>
[  138.539881][ T6595]  dump_stack_lvl+0x189/0x250
[  138.539900][ T6595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  138.539910][ T6595]  ? __pfx_print_modules+0x10/0x10
[  138.539926][ T6595]  ? ksys_write+0x145/0x250
[  138.539940][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.539952][ T6595]  bad_page+0x180/0x1c0
[  138.539965][ T6595]  __free_frozen_pages+0xcd1/0xd20
[  138.539977][ T6595]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  138.539995][ T6595]  bpf_xdp_adjust_tail+0x1d6/0x220
[  138.540006][ T6595]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  138.540015][ T6595]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  138.540035][ T6595]  do_xdp_generic+0x9f7/0x11a0
[  138.540050][ T6595]  ? __pfx_do_xdp_generic+0x10/0x10
[  138.540062][ T6595]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  138.540079][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  138.540094][ T6595]  ? __pfx___skb_flow_dissect+0x10/0x10
[  138.540105][ T6595]  ? __up_read+0x280/0x680
[  138.540115][ T6595]  ? __pfx___up_read+0x10/0x10
[  138.540124][ T6595]  ? do_user_addr_fault+0xbc1/0x1390
[  138.540140][ T6595]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  138.540155][ T6595]  ? irqentry_exit+0x74/0x90
[  138.540164][ T6595]  ? __lock_acquire+0xab9/0xd20
[  138.540178][ T6595]  ? netif_receive_skb+0x115/0x790
[  138.540191][ T6595]  ? netif_receive_skb+0x115/0x790
[  138.540204][ T6595]  __netif_receive_skb+0x72/0x380
[  138.540219][ T6595]  ? netif_receive_skb+0x115/0x790
[  138.540232][ T6595]  netif_receive_skb+0x1cb/0x790
[  138.540245][ T6595]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  138.540259][ T6595]  ? __pfx_netif_receive_skb+0x10/0x10
[  138.540272][ T6595]  ? __pfx__copy_from_iter+0x10/0x10
[  138.540283][ T6595]  ? sock_alloc_send_pskb+0x875/0x990
[  138.540295][ T6595]  ? tun_rx_batched+0x160/0x730
[  138.540307][ T6595]  tun_rx_batched+0x1b9/0x730
[  138.540317][ T6595]  ? __lock_acquire+0xab9/0xd20
[  138.540330][ T6595]  ? __pfx_tun_rx_batched+0x10/0x10
[  138.540341][ T6595]  ? tun_get_user+0x266c/0x3e20
[  138.540354][ T6595]  tun_get_user+0x2aa2/0x3e20
[  138.540365][ T6595]  ? rcu_is_watching+0x15/0xb0
[  138.540385][ T6595]  ? tun_get_user+0x266c/0x3e20
[  138.540396][ T6595]  ? __pfx_tun_get_user+0x10/0x10
[  138.540407][ T6595]  ? __lock_acquire+0xab9/0xd20
[  138.540422][ T6595]  ? ref_tracker_alloc+0x318/0x460
[  138.540433][ T6595]  ? __lock_acquire+0xab9/0xd20
[  138.540445][ T6595]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  138.540455][ T6595]  ? tun_get+0x1c/0x2f0
[  138.540466][ T6595]  ? tun_get+0x1c/0x2f0
[  138.540475][ T6595]  ? tun_get+0x1c/0x2f0
[  138.540500][ T6595]  tun_chr_write_iter+0x113/0x200
[  138.540511][ T6595]  vfs_write+0x54b/0xa90
[  138.540525][ T6595]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  138.540536][ T6595]  ? __pfx_vfs_write+0x10/0x10
[  138.540551][ T6595]  ? __fget_files+0x2a/0x420
[  138.540563][ T6595]  ksys_write+0x145/0x250
[  138.540577][ T6595]  ? __pfx_ksys_write+0x10/0x10
[  138.540590][ T6595]  ? rcu_is_watching+0x15/0xb0
[  138.540604][ T6595]  ? do_syscall_64+0xbe/0x3b0
[  138.540615][ T6595]  do_syscall_64+0xfa/0x3b0
[  138.540624][ T6595]  ? lockdep_hardirqs_on+0x9c/0x150
[  138.540639][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.540652][ T6595]  ? clear_bhb_loop+0x60/0xb0
[  138.540663][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.540672][ T6595] RIP: 0033:0x7fd5a577e98f
[  138.540682][ T6595] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  138.540691][ T6595] RSP: 002b:00007fd5a64fb020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  138.540702][ T6595] RAX: ffffffffffffffda RBX: 00007fd5a5945fa0 RCX: 00007fd5a577e98f
[  138.540709][ T6595] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  138.540716][ T6595] RBP: 00007fd5a57f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  138.540722][ T6595] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  138.540728][ T6595] R13: 0000000000000000 R14: 00007fd5a5945fa0 R15: 00007ffd57dd21b8
[  138.540737][ T6595]  </TASK>
[  138.540745][ T6595] BUG: Bad page state in process syz.0.15  pfn:58c9f
[  138.966768][ T6595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58c9f
[  138.975825][ T6595] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  138.983066][ T6595] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  138.991773][ T6595] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  139.000545][ T6595] page dumped because: page_pool leak
[  139.006034][ T6595] page_owner tracks the page as allocated
[  139.011871][ T6595] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6595, tgid 6592 (syz.0.15), ts 136384913932, free_ts 132688319875
[  139.029367][ T6595]  post_alloc_hook+0x240/0x2a0
[  139.034199][ T6595]  get_page_from_freelist+0x21d5/0x22b0
[  139.040010][ T6595]  __alloc_frozen_pages_noprof+0x181/0x370
[  139.045848][ T6595]  alloc_pages_bulk_noprof+0x560/0x710
[  139.051347][ T6595]  __page_pool_alloc_netmems_slow+0x127/0x740
[  139.057727][ T6595]  skb_pp_cow_data+0xb47/0x13e0
[  139.062695][ T6595]  do_xdp_generic+0x699/0x11a0
[  139.067480][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  139.073230][ T6595]  __netif_receive_skb+0x72/0x380
[  139.078265][ T6595]  netif_receive_skb+0x1cb/0x790
[  139.083262][ T6595]  tun_rx_batched+0x1b9/0x730
[  139.088028][ T6595]  tun_get_user+0x2aa2/0x3e20
[  139.092896][ T6595]  tun_chr_write_iter+0x113/0x200
[  139.097939][ T6595]  vfs_write+0x54b/0xa90
[  139.102336][ T6595]  ksys_write+0x145/0x250
[  139.106686][ T6595]  do_syscall_64+0xfa/0x3b0
[  139.111304][ T6595] page last free pid 6485 tgid 6485 stack trace:
[  139.117718][ T6595]  __free_frozen_pages+0xbb1/0xd20
[  139.122876][ T6595]  vfree+0x25a/0x400
[  139.126786][ T6595]  kcov_close+0x28/0x50
[  139.131031][ T6595]  __fput+0x449/0xa70
[  139.135053][ T6595]  task_work_run+0x1d4/0x260
[  139.139780][ T6595]  do_exit+0x6b5/0x2300
[  139.143979][ T6595]  do_group_exit+0x21c/0x2d0
[  139.148692][ T6595]  get_signal+0x125e/0x1310
[  139.153329][ T6595]  arch_do_signal_or_restart+0x9a/0x750
[  139.158981][ T6595]  exit_to_user_mode_loop+0x75/0x110
[  139.164308][ T6595]  do_syscall_64+0x2bd/0x3b0
[  139.169079][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.175007][ T6595] Modules linked in:
[  139.178925][ T6595] CPU: 1 UID: 0 PID: 6595 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  139.178942][ T6595] Tainted: [B]=BAD_PAGE
[  139.178945][ T6595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  139.178952][ T6595] Call Trace:
[  139.178956][ T6595]  <TASK>
[  139.178961][ T6595]  dump_stack_lvl+0x189/0x250
[  139.178977][ T6595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.178987][ T6595]  ? __pfx_print_modules+0x10/0x10
[  139.179000][ T6595]  ? ksys_write+0x145/0x250
[  139.179014][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.179026][ T6595]  bad_page+0x180/0x1c0
[  139.179039][ T6595]  __free_frozen_pages+0xcd1/0xd20
[  139.179051][ T6595]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  139.179068][ T6595]  bpf_xdp_adjust_tail+0x1d6/0x220
[  139.179080][ T6595]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  139.179088][ T6595]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  139.179108][ T6595]  do_xdp_generic+0x9f7/0x11a0
[  139.179123][ T6595]  ? __pfx_do_xdp_generic+0x10/0x10
[  139.179135][ T6595]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  139.179152][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  139.179167][ T6595]  ? __pfx___skb_flow_dissect+0x10/0x10
[  139.179178][ T6595]  ? __up_read+0x280/0x680
[  139.179188][ T6595]  ? __pfx___up_read+0x10/0x10
[  139.179197][ T6595]  ? do_user_addr_fault+0xbc1/0x1390
[  139.179213][ T6595]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  139.179228][ T6595]  ? irqentry_exit+0x74/0x90
[  139.179237][ T6595]  ? __lock_acquire+0xab9/0xd20
[  139.179251][ T6595]  ? netif_receive_skb+0x115/0x790
[  139.179264][ T6595]  ? netif_receive_skb+0x115/0x790
[  139.179277][ T6595]  __netif_receive_skb+0x72/0x380
[  139.179292][ T6595]  ? netif_receive_skb+0x115/0x790
[  139.179305][ T6595]  netif_receive_skb+0x1cb/0x790
[  139.179318][ T6595]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  139.179332][ T6595]  ? __pfx_netif_receive_skb+0x10/0x10
[  139.179345][ T6595]  ? __pfx__copy_from_iter+0x10/0x10
[  139.179356][ T6595]  ? sock_alloc_send_pskb+0x875/0x990
[  139.179369][ T6595]  ? tun_rx_batched+0x160/0x730
[  139.179380][ T6595]  tun_rx_batched+0x1b9/0x730
[  139.179391][ T6595]  ? __lock_acquire+0xab9/0xd20
[  139.179403][ T6595]  ? __pfx_tun_rx_batched+0x10/0x10
[  139.179414][ T6595]  ? tun_get_user+0x266c/0x3e20
[  139.179427][ T6595]  tun_get_user+0x2aa2/0x3e20
[  139.179439][ T6595]  ? rcu_is_watching+0x15/0xb0
[  139.179454][ T6595]  ? tun_get_user+0x266c/0x3e20
[  139.179465][ T6595]  ? __pfx_tun_get_user+0x10/0x10
[  139.179477][ T6595]  ? __lock_acquire+0xab9/0xd20
[  139.179491][ T6595]  ? ref_tracker_alloc+0x318/0x460
[  139.179499][ T6595]  ? __lock_acquire+0xab9/0xd20
[  139.179512][ T6595]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  139.179521][ T6595]  ? tun_get+0x1c/0x2f0
[  139.179532][ T6595]  ? tun_get+0x1c/0x2f0
[  139.179542][ T6595]  ? tun_get+0x1c/0x2f0
[  139.179552][ T6595]  tun_chr_write_iter+0x113/0x200
[  139.179563][ T6595]  vfs_write+0x54b/0xa90
[  139.179577][ T6595]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  139.179588][ T6595]  ? __pfx_vfs_write+0x10/0x10
[  139.179603][ T6595]  ? __fget_files+0x2a/0x420
[  139.179614][ T6595]  ksys_write+0x145/0x250
[  139.179643][ T6595]  ? __pfx_ksys_write+0x10/0x10
[  139.179655][ T6595]  ? rcu_is_watching+0x15/0xb0
[  139.179670][ T6595]  ? do_syscall_64+0xbe/0x3b0
[  139.179680][ T6595]  do_syscall_64+0xfa/0x3b0
[  139.179689][ T6595]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.179704][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.179713][ T6595]  ? clear_bhb_loop+0x60/0xb0
[  139.179723][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.179732][ T6595] RIP: 0033:0x7fd5a577e98f
[  139.179742][ T6595] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  139.179750][ T6595] RSP: 002b:00007fd5a64fb020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  139.179762][ T6595] RAX: ffffffffffffffda RBX: 00007fd5a5945fa0 RCX: 00007fd5a577e98f
[  139.179769][ T6595] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  139.179776][ T6595] RBP: 00007fd5a57f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  139.179781][ T6595] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  139.179787][ T6595] R13: 0000000000000000 R14: 00007fd5a5945fa0 R15: 00007ffd57dd21b8
[  139.179797][ T6595]  </TASK>
[  139.179804][ T6595] BUG: Bad page state in process syz.0.15  pfn:58ca0
[  139.607240][ T6595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ca0
[  139.616041][ T6595] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  139.623185][ T6595] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  139.632058][ T6595] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  139.640675][ T6595] page dumped because: page_pool leak
[  139.646066][ T6595] page_owner tracks the page as allocated
[  139.651978][ T6595] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6595, tgid 6592 (syz.0.15), ts 136384897105, free_ts 132688334877
[  139.669456][ T6595]  post_alloc_hook+0x240/0x2a0
[  139.674281][ T6595]  get_page_from_freelist+0x21d5/0x22b0
[  139.679917][ T6595]  __alloc_frozen_pages_noprof+0x181/0x370
[  139.685769][ T6595]  alloc_pages_bulk_noprof+0x560/0x710
[  139.691289][ T6595]  __page_pool_alloc_netmems_slow+0x127/0x740
[  139.697368][ T6595]  skb_pp_cow_data+0xb47/0x13e0
[  139.702256][ T6595]  do_xdp_generic+0x699/0x11a0
[  139.707034][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  139.712874][ T6595]  __netif_receive_skb+0x72/0x380
[  139.717899][ T6595]  netif_receive_skb+0x1cb/0x790
[  139.723037][ T6595]  tun_rx_batched+0x1b9/0x730
[  139.728191][ T6595]  tun_get_user+0x2aa2/0x3e20
[  139.732906][ T6595]  tun_chr_write_iter+0x113/0x200
[  139.737952][ T6595]  vfs_write+0x54b/0xa90
[  139.742325][ T6595]  ksys_write+0x145/0x250
[  139.746848][ T6595]  do_syscall_64+0xfa/0x3b0
[  139.751674][ T6595] page last free pid 6485 tgid 6485 stack trace:
[  139.758120][ T6595]  __free_frozen_pages+0xbb1/0xd20
[  139.763262][ T6595]  vfree+0x25a/0x400
[  139.767166][ T6595]  kcov_close+0x28/0x50
[  139.771473][ T6595]  __fput+0x449/0xa70
[  139.775559][ T6595]  task_work_run+0x1d4/0x260
[  139.780160][ T6595]  do_exit+0x6b5/0x2300
[  139.784374][ T6595]  do_group_exit+0x21c/0x2d0
[  139.789317][ T6595]  get_signal+0x125e/0x1310
[  139.793941][ T6595]  arch_do_signal_or_restart+0x9a/0x750
[  139.799672][ T6595]  exit_to_user_mode_loop+0x75/0x110
[  139.804998][ T6595]  do_syscall_64+0x2bd/0x3b0
[  139.809591][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.815675][ T6595] Modules linked in:
[  139.819617][ T6595] CPU: 1 UID: 0 PID: 6595 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  139.819634][ T6595] Tainted: [B]=BAD_PAGE
[  139.819637][ T6595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  139.819643][ T6595] Call Trace:
[  139.819648][ T6595]  <TASK>
[  139.819652][ T6595]  dump_stack_lvl+0x189/0x250
[  139.819668][ T6595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.819678][ T6595]  ? __pfx_print_modules+0x10/0x10
[  139.819691][ T6595]  ? ksys_write+0x145/0x250
[  139.819705][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.819716][ T6595]  bad_page+0x180/0x1c0
[  139.819729][ T6595]  __free_frozen_pages+0xcd1/0xd20
[  139.819741][ T6595]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  139.819759][ T6595]  bpf_xdp_adjust_tail+0x1d6/0x220
[  139.819770][ T6595]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  139.819779][ T6595]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  139.819798][ T6595]  do_xdp_generic+0x9f7/0x11a0
[  139.819813][ T6595]  ? __pfx_do_xdp_generic+0x10/0x10
[  139.819825][ T6595]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  139.819843][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  139.819858][ T6595]  ? __pfx___skb_flow_dissect+0x10/0x10
[  139.819868][ T6595]  ? __up_read+0x280/0x680
[  139.819878][ T6595]  ? __pfx___up_read+0x10/0x10
[  139.819887][ T6595]  ? do_user_addr_fault+0xbc1/0x1390
[  139.819903][ T6595]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  139.819918][ T6595]  ? irqentry_exit+0x74/0x90
[  139.819928][ T6595]  ? __lock_acquire+0xab9/0xd20
[  139.819942][ T6595]  ? netif_receive_skb+0x115/0x790
[  139.819955][ T6595]  ? netif_receive_skb+0x115/0x790
[  139.819968][ T6595]  __netif_receive_skb+0x72/0x380
[  139.819983][ T6595]  ? netif_receive_skb+0x115/0x790
[  139.819995][ T6595]  netif_receive_skb+0x1cb/0x790
[  139.820008][ T6595]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  139.820023][ T6595]  ? __pfx_netif_receive_skb+0x10/0x10
[  139.820036][ T6595]  ? __pfx__copy_from_iter+0x10/0x10
[  139.820046][ T6595]  ? sock_alloc_send_pskb+0x875/0x990
[  139.820058][ T6595]  ? tun_rx_batched+0x160/0x730
[  139.820070][ T6595]  tun_rx_batched+0x1b9/0x730
[  139.820080][ T6595]  ? __lock_acquire+0xab9/0xd20
[  139.820093][ T6595]  ? __pfx_tun_rx_batched+0x10/0x10
[  139.820104][ T6595]  ? tun_get_user+0x266c/0x3e20
[  139.820116][ T6595]  tun_get_user+0x2aa2/0x3e20
[  139.820128][ T6595]  ? rcu_is_watching+0x15/0xb0
[  139.820143][ T6595]  ? tun_get_user+0x266c/0x3e20
[  139.820154][ T6595]  ? __pfx_tun_get_user+0x10/0x10
[  139.820166][ T6595]  ? __lock_acquire+0xab9/0xd20
[  139.820180][ T6595]  ? ref_tracker_alloc+0x318/0x460
[  139.820188][ T6595]  ? __lock_acquire+0xab9/0xd20
[  139.820200][ T6595]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  139.820210][ T6595]  ? tun_get+0x1c/0x2f0
[  139.820221][ T6595]  ? tun_get+0x1c/0x2f0
[  139.820231][ T6595]  ? tun_get+0x1c/0x2f0
[  139.820241][ T6595]  tun_chr_write_iter+0x113/0x200
[  139.820252][ T6595]  vfs_write+0x54b/0xa90
[  139.820266][ T6595]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  139.820276][ T6595]  ? __pfx_vfs_write+0x10/0x10
[  139.820292][ T6595]  ? __fget_files+0x2a/0x420
[  139.820303][ T6595]  ksys_write+0x145/0x250
[  139.820318][ T6595]  ? __pfx_ksys_write+0x10/0x10
[  139.820331][ T6595]  ? rcu_is_watching+0x15/0xb0
[  139.820345][ T6595]  ? do_syscall_64+0xbe/0x3b0
[  139.820356][ T6595]  do_syscall_64+0xfa/0x3b0
[  139.820380][ T6595]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.820396][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.820405][ T6595]  ? clear_bhb_loop+0x60/0xb0
[  139.820416][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.820425][ T6595] RIP: 0033:0x7fd5a577e98f
[  139.820435][ T6595] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  139.820443][ T6595] RSP: 002b:00007fd5a64fb020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  139.820455][ T6595] RAX: ffffffffffffffda RBX: 00007fd5a5945fa0 RCX: 00007fd5a577e98f
[  139.820463][ T6595] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  139.820469][ T6595] RBP: 00007fd5a57f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  139.820475][ T6595] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  139.820481][ T6595] R13: 0000000000000000 R14: 00007fd5a5945fa0 R15: 00007ffd57dd21b8
[  139.820491][ T6595]  </TASK>
[  139.820498][ T6595] BUG: Bad page state in process syz.0.15  pfn:58ca1
[  140.247373][ T6595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ca1
[  140.256248][ T6595] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  140.263624][ T6595] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  140.272479][ T6595] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  140.281359][ T6595] page dumped because: page_pool leak
[  140.286827][ T6595] page_owner tracks the page as allocated
[  140.292671][ T6595] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6595, tgid 6592 (syz.0.15), ts 136384880631, free_ts 132688350122
[  140.310162][ T6595]  post_alloc_hook+0x240/0x2a0
[  140.315055][ T6595]  get_page_from_freelist+0x21d5/0x22b0
[  140.320618][ T6595]  __alloc_frozen_pages_noprof+0x181/0x370
[  140.326571][ T6595]  alloc_pages_bulk_noprof+0x560/0x710
[  140.332091][ T6595]  __page_pool_alloc_netmems_slow+0x127/0x740
[  140.338251][ T6595]  skb_pp_cow_data+0xb47/0x13e0
[  140.343400][ T6595]  do_xdp_generic+0x699/0x11a0
[  140.348293][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  140.354071][ T6595]  __netif_receive_skb+0x72/0x380
[  140.359140][ T6595]  netif_receive_skb+0x1cb/0x790
[  140.364207][ T6595]  tun_rx_batched+0x1b9/0x730
[  140.369009][ T6595]  tun_get_user+0x2aa2/0x3e20
[  140.373838][ T6595]  tun_chr_write_iter+0x113/0x200
[  140.378958][ T6595]  vfs_write+0x54b/0xa90
[  140.383347][ T6595]  ksys_write+0x145/0x250
[  140.387785][ T6595]  do_syscall_64+0xfa/0x3b0
[  140.392422][ T6595] page last free pid 6485 tgid 6485 stack trace:
[  140.398811][ T6595]  __free_frozen_pages+0xbb1/0xd20
[  140.403982][ T6595]  vfree+0x25a/0x400
[  140.407981][ T6595]  kcov_close+0x28/0x50
[  140.412344][ T6595]  __fput+0x449/0xa70
[  140.416363][ T6595]  task_work_run+0x1d4/0x260
[  140.421124][ T6595]  do_exit+0x6b5/0x2300
[  140.425350][ T6595]  do_group_exit+0x21c/0x2d0
[  140.430035][ T6595]  get_signal+0x125e/0x1310
[  140.434664][ T6595]  arch_do_signal_or_restart+0x9a/0x750
[  140.440364][ T6595]  exit_to_user_mode_loop+0x75/0x110
[  140.445958][ T6595]  do_syscall_64+0x2bd/0x3b0
[  140.450596][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.456634][ T6595] Modules linked in:
[  140.460633][ T6595] CPU: 1 UID: 0 PID: 6595 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  140.460651][ T6595] Tainted: [B]=BAD_PAGE
[  140.460655][ T6595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  140.460661][ T6595] Call Trace:
[  140.460666][ T6595]  <TASK>
[  140.460670][ T6595]  dump_stack_lvl+0x189/0x250
[  140.460692][ T6595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.460702][ T6595]  ? __pfx_print_modules+0x10/0x10
[  140.460717][ T6595]  ? ksys_write+0x145/0x250
[  140.460732][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.460744][ T6595]  bad_page+0x180/0x1c0
[  140.460757][ T6595]  __free_frozen_pages+0xcd1/0xd20
[  140.460769][ T6595]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  140.460787][ T6595]  bpf_xdp_adjust_tail+0x1d6/0x220
[  140.460798][ T6595]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  140.460807][ T6595]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  140.460827][ T6595]  do_xdp_generic+0x9f7/0x11a0
[  140.460842][ T6595]  ? __pfx_do_xdp_generic+0x10/0x10
[  140.460854][ T6595]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  140.460871][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  140.460886][ T6595]  ? __pfx___skb_flow_dissect+0x10/0x10
[  140.460896][ T6595]  ? __up_read+0x280/0x680
[  140.460906][ T6595]  ? __pfx___up_read+0x10/0x10
[  140.460915][ T6595]  ? do_user_addr_fault+0xbc1/0x1390
[  140.460931][ T6595]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  140.460946][ T6595]  ? irqentry_exit+0x74/0x90
[  140.460956][ T6595]  ? __lock_acquire+0xab9/0xd20
[  140.460969][ T6595]  ? netif_receive_skb+0x115/0x790
[  140.460982][ T6595]  ? netif_receive_skb+0x115/0x790
[  140.460996][ T6595]  __netif_receive_skb+0x72/0x380
[  140.461010][ T6595]  ? netif_receive_skb+0x115/0x790
[  140.461023][ T6595]  netif_receive_skb+0x1cb/0x790
[  140.461036][ T6595]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  140.461051][ T6595]  ? __pfx_netif_receive_skb+0x10/0x10
[  140.461064][ T6595]  ? __pfx__copy_from_iter+0x10/0x10
[  140.461075][ T6595]  ? sock_alloc_send_pskb+0x875/0x990
[  140.461087][ T6595]  ? tun_rx_batched+0x160/0x730
[  140.461099][ T6595]  tun_rx_batched+0x1b9/0x730
[  140.461109][ T6595]  ? __lock_acquire+0xab9/0xd20
[  140.461122][ T6595]  ? __pfx_tun_rx_batched+0x10/0x10
[  140.461133][ T6595]  ? tun_get_user+0x266c/0x3e20
[  140.461146][ T6595]  tun_get_user+0x2aa2/0x3e20
[  140.461158][ T6595]  ? rcu_is_watching+0x15/0xb0
[  140.461173][ T6595]  ? tun_get_user+0x266c/0x3e20
[  140.461184][ T6595]  ? __pfx_tun_get_user+0x10/0x10
[  140.461195][ T6595]  ? __lock_acquire+0xab9/0xd20
[  140.461209][ T6595]  ? ref_tracker_alloc+0x318/0x460
[  140.461218][ T6595]  ? __lock_acquire+0xab9/0xd20
[  140.461230][ T6595]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  140.461244][ T6595]  ? tun_get+0x1c/0x2f0
[  140.461261][ T6595]  ? tun_get+0x1c/0x2f0
[  140.461275][ T6595]  ? tun_get+0x1c/0x2f0
[  140.461291][ T6595]  tun_chr_write_iter+0x113/0x200
[  140.461308][ T6595]  vfs_write+0x54b/0xa90
[  140.461331][ T6595]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  140.461348][ T6595]  ? __pfx_vfs_write+0x10/0x10
[  140.461373][ T6595]  ? __fget_files+0x2a/0x420
[  140.461392][ T6595]  ksys_write+0x145/0x250
[  140.461415][ T6595]  ? __pfx_ksys_write+0x10/0x10
[  140.461428][ T6595]  ? rcu_is_watching+0x15/0xb0
[  140.461442][ T6595]  ? do_syscall_64+0xbe/0x3b0
[  140.461453][ T6595]  do_syscall_64+0xfa/0x3b0
[  140.461462][ T6595]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.461482][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.461492][ T6595]  ? clear_bhb_loop+0x60/0xb0
[  140.461502][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.461512][ T6595] RIP: 0033:0x7fd5a577e98f
[  140.461522][ T6595] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  140.461530][ T6595] RSP: 002b:00007fd5a64fb020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  140.461542][ T6595] RAX: ffffffffffffffda RBX: 00007fd5a5945fa0 RCX: 00007fd5a577e98f
[  140.461549][ T6595] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  140.461555][ T6595] RBP: 00007fd5a57f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  140.461562][ T6595] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  140.461567][ T6595] R13: 0000000000000000 R14: 00007fd5a5945fa0 R15: 00007ffd57dd21b8
[  140.461577][ T6595]  </TASK>
[  140.879994][ T6595] BUG: Bad page state in process syz.0.15  pfn:58ca2
[  140.886791][ T6595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ca2
[  140.895679][ T6595] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  140.902906][ T6595] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  140.911535][ T6595] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  140.920119][ T6595] page dumped because: page_pool leak
[  140.925638][ T6595] page_owner tracks the page as allocated
[  140.931384][ T6595] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6595, tgid 6592 (syz.0.15), ts 136384864907, free_ts 132688365968
[  140.948722][ T6595]  post_alloc_hook+0x240/0x2a0
[  140.953877][ T6595]  get_page_from_freelist+0x21d5/0x22b0
[  140.959426][ T6595]  __alloc_frozen_pages_noprof+0x181/0x370
[  140.965270][ T6595]  alloc_pages_bulk_noprof+0x560/0x710
[  140.970758][ T6595]  __page_pool_alloc_netmems_slow+0x127/0x740
[  140.976877][ T6595]  skb_pp_cow_data+0xb47/0x13e0
[  140.981792][ T6595]  do_xdp_generic+0x699/0x11a0
[  140.986580][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  140.992351][ T6595]  __netif_receive_skb+0x72/0x380
[  140.997393][ T6595]  netif_receive_skb+0x1cb/0x790
[  141.002488][ T6595]  tun_rx_batched+0x1b9/0x730
[  141.007260][ T6595]  tun_get_user+0x2aa2/0x3e20
[  141.011975][ T6595]  tun_chr_write_iter+0x113/0x200
[  141.017021][ T6595]  vfs_write+0x54b/0xa90
[  141.021296][ T6595]  ksys_write+0x145/0x250
[  141.025634][ T6595]  do_syscall_64+0xfa/0x3b0
[  141.030218][ T6595] page last free pid 6485 tgid 6485 stack trace:
[  141.036613][ T6595]  __free_frozen_pages+0xbb1/0xd20
[  141.041863][ T6595]  vfree+0x25a/0x400
[  141.045843][ T6595]  kcov_close+0x28/0x50
[  141.050073][ T6595]  __fput+0x449/0xa70
[  141.054091][ T6595]  task_work_run+0x1d4/0x260
[  141.058695][ T6595]  do_exit+0x6b5/0x2300
[  141.063076][ T6595]  do_group_exit+0x21c/0x2d0
[  141.067678][ T6595]  get_signal+0x125e/0x1310
[  141.072212][ T6595]  arch_do_signal_or_restart+0x9a/0x750
[  141.077852][ T6595]  exit_to_user_mode_loop+0x75/0x110
[  141.083233][ T6595]  do_syscall_64+0x2bd/0x3b0
[  141.087833][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.093762][ T6595] Modules linked in:
[  141.097815][ T6595] CPU: 1 UID: 0 PID: 6595 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  141.097834][ T6595] Tainted: [B]=BAD_PAGE
[  141.097838][ T6595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  141.097845][ T6595] Call Trace:
[  141.097851][ T6595]  <TASK>
[  141.097856][ T6595]  dump_stack_lvl+0x189/0x250
[  141.097873][ T6595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.097883][ T6595]  ? __pfx_print_modules+0x10/0x10
[  141.097896][ T6595]  ? ksys_write+0x145/0x250
[  141.097910][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.097922][ T6595]  bad_page+0x180/0x1c0
[  141.097936][ T6595]  __free_frozen_pages+0xcd1/0xd20
[  141.097948][ T6595]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  141.097971][ T6595]  bpf_xdp_adjust_tail+0x1d6/0x220
[  141.097985][ T6595]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  141.097994][ T6595]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  141.098014][ T6595]  do_xdp_generic+0x9f7/0x11a0
[  141.098029][ T6595]  ? __pfx_do_xdp_generic+0x10/0x10
[  141.098041][ T6595]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  141.098058][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  141.098079][ T6595]  ? __pfx___skb_flow_dissect+0x10/0x10
[  141.098089][ T6595]  ? __up_read+0x280/0x680
[  141.098099][ T6595]  ? __pfx___up_read+0x10/0x10
[  141.098108][ T6595]  ? do_user_addr_fault+0xbc1/0x1390
[  141.098125][ T6595]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  141.098140][ T6595]  ? irqentry_exit+0x74/0x90
[  141.098149][ T6595]  ? __lock_acquire+0xab9/0xd20
[  141.098163][ T6595]  ? netif_receive_skb+0x115/0x790
[  141.098176][ T6595]  ? netif_receive_skb+0x115/0x790
[  141.098190][ T6595]  __netif_receive_skb+0x72/0x380
[  141.098205][ T6595]  ? netif_receive_skb+0x115/0x790
[  141.098217][ T6595]  netif_receive_skb+0x1cb/0x790
[  141.098235][ T6595]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  141.098252][ T6595]  ? __pfx_netif_receive_skb+0x10/0x10
[  141.098265][ T6595]  ? __pfx__copy_from_iter+0x10/0x10
[  141.098276][ T6595]  ? sock_alloc_send_pskb+0x875/0x990
[  141.098289][ T6595]  ? tun_rx_batched+0x160/0x730
[  141.098301][ T6595]  tun_rx_batched+0x1b9/0x730
[  141.098311][ T6595]  ? __lock_acquire+0xab9/0xd20
[  141.098324][ T6595]  ? __pfx_tun_rx_batched+0x10/0x10
[  141.098335][ T6595]  ? tun_get_user+0x266c/0x3e20
[  141.098348][ T6595]  tun_get_user+0x2aa2/0x3e20
[  141.098360][ T6595]  ? rcu_is_watching+0x15/0xb0
[  141.098375][ T6595]  ? tun_get_user+0x266c/0x3e20
[  141.098386][ T6595]  ? __pfx_tun_get_user+0x10/0x10
[  141.098459][ T6595]  ? __lock_acquire+0xab9/0xd20
[  141.098474][ T6595]  ? ref_tracker_alloc+0x318/0x460
[  141.098483][ T6595]  ? __lock_acquire+0xab9/0xd20
[  141.098495][ T6595]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  141.098505][ T6595]  ? tun_get+0x1c/0x2f0
[  141.098516][ T6595]  ? tun_get+0x1c/0x2f0
[  141.098525][ T6595]  ? tun_get+0x1c/0x2f0
[  141.098535][ T6595]  tun_chr_write_iter+0x113/0x200
[  141.098546][ T6595]  vfs_write+0x54b/0xa90
[  141.098561][ T6595]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  141.098571][ T6595]  ? __pfx_vfs_write+0x10/0x10
[  141.098586][ T6595]  ? __fget_files+0x2a/0x420
[  141.098598][ T6595]  ksys_write+0x145/0x250
[  141.098612][ T6595]  ? __pfx_ksys_write+0x10/0x10
[  141.098625][ T6595]  ? rcu_is_watching+0x15/0xb0
[  141.098639][ T6595]  ? do_syscall_64+0xbe/0x3b0
[  141.098652][ T6595]  do_syscall_64+0xfa/0x3b0
[  141.098662][ T6595]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.098676][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.098685][ T6595]  ? clear_bhb_loop+0x60/0xb0
[  141.098696][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.098705][ T6595] RIP: 0033:0x7fd5a577e98f
[  141.098716][ T6595] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  141.098724][ T6595] RSP: 002b:00007fd5a64fb020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  141.098735][ T6595] RAX: ffffffffffffffda RBX: 00007fd5a5945fa0 RCX: 00007fd5a577e98f
[  141.098743][ T6595] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  141.098749][ T6595] RBP: 00007fd5a57f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  141.098755][ T6595] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  141.098761][ T6595] R13: 0000000000000000 R14: 00007fd5a5945fa0 R15: 00007ffd57dd21b8
[  141.098771][ T6595]  </TASK>
[  141.098779][ T6595] BUG: Bad page state in process syz.0.15  pfn:58ca3
[  141.527816][ T6595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ca3
[  141.536694][ T6595] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  141.543953][ T6595] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  141.552675][ T6595] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  141.561418][ T6595] page dumped because: page_pool leak
[  141.566798][ T6595] page_owner tracks the page as allocated
[  141.572810][ T6595] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6595, tgid 6592 (syz.0.15), ts 136384845846, free_ts 132688380925
[  141.589941][ T6595]  post_alloc_hook+0x240/0x2a0
[  141.594846][ T6595]  get_page_from_freelist+0x21d5/0x22b0
[  141.600666][ T6595]  __alloc_frozen_pages_noprof+0x181/0x370
[  141.606513][ T6595]  alloc_pages_bulk_noprof+0x560/0x710
[  141.612090][ T6595]  __page_pool_alloc_netmems_slow+0x127/0x740
[  141.618239][ T6595]  skb_pp_cow_data+0xb47/0x13e0
[  141.623212][ T6595]  do_xdp_generic+0x699/0x11a0
[  141.628009][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  141.633758][ T6595]  __netif_receive_skb+0x72/0x380
[  141.638790][ T6595]  netif_receive_skb+0x1cb/0x790
[  141.643956][ T6595]  tun_rx_batched+0x1b9/0x730
[  141.648659][ T6595]  tun_get_user+0x2aa2/0x3e20
[  141.653498][ T6595]  tun_chr_write_iter+0x113/0x200
[  141.658614][ T6595]  vfs_write+0x54b/0xa90
[  141.663283][ T6595]  ksys_write+0x145/0x250
[  141.667710][ T6595]  do_syscall_64+0xfa/0x3b0
[  141.672234][ T6595] page last free pid 6485 tgid 6485 stack trace:
[  141.678694][ T6595]  __free_frozen_pages+0xbb1/0xd20
[  141.683949][ T6595]  vfree+0x25a/0x400
[  141.687881][ T6595]  kcov_close+0x28/0x50
[  141.692060][ T6595]  __fput+0x449/0xa70
[  141.696149][ T6595]  task_work_run+0x1d4/0x260
[  141.701086][ T6595]  do_exit+0x6b5/0x2300
[  141.705559][ T6595]  do_group_exit+0x21c/0x2d0
[  141.710205][ T6595]  get_signal+0x125e/0x1310
[  141.714769][ T6595]  arch_do_signal_or_restart+0x9a/0x750
[  141.720382][ T6595]  exit_to_user_mode_loop+0x75/0x110
[  141.725721][ T6595]  do_syscall_64+0x2bd/0x3b0
[  141.730480][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.736420][ T6595] Modules linked in:
[  141.740964][ T6595] CPU: 1 UID: 0 PID: 6595 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  141.740982][ T6595] Tainted: [B]=BAD_PAGE
[  141.740986][ T6595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  141.740993][ T6595] Call Trace:
[  141.740998][ T6595]  <TASK>
[  141.741004][ T6595]  dump_stack_lvl+0x189/0x250
[  141.741019][ T6595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.741030][ T6595]  ? __pfx_print_modules+0x10/0x10
[  141.741043][ T6595]  ? ksys_write+0x145/0x250
[  141.741058][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.741069][ T6595]  bad_page+0x180/0x1c0
[  141.741082][ T6595]  __free_frozen_pages+0xcd1/0xd20
[  141.741101][ T6595]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  141.741119][ T6595]  bpf_xdp_adjust_tail+0x1d6/0x220
[  141.741130][ T6595]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  141.741139][ T6595]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  141.741159][ T6595]  do_xdp_generic+0x9f7/0x11a0
[  141.741174][ T6595]  ? __pfx_do_xdp_generic+0x10/0x10
[  141.741186][ T6595]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  141.741207][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  141.741223][ T6595]  ? __pfx___skb_flow_dissect+0x10/0x10
[  141.741238][ T6595]  ? __up_read+0x280/0x680
[  141.741259][ T6595]  ? __pfx___up_read+0x10/0x10
[  141.741273][ T6595]  ? do_user_addr_fault+0xbc1/0x1390
[  141.741299][ T6595]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  141.741322][ T6595]  ? irqentry_exit+0x74/0x90
[  141.741419][ T6595]  ? __lock_acquire+0xab9/0xd20
[  141.741444][ T6595]  ? netif_receive_skb+0x115/0x790
[  141.741459][ T6595]  ? netif_receive_skb+0x115/0x790
[  141.741472][ T6595]  __netif_receive_skb+0x72/0x380
[  141.741488][ T6595]  ? netif_receive_skb+0x115/0x790
[  141.741501][ T6595]  netif_receive_skb+0x1cb/0x790
[  141.741517][ T6595]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  141.741532][ T6595]  ? __pfx_netif_receive_skb+0x10/0x10
[  141.741545][ T6595]  ? __pfx__copy_from_iter+0x10/0x10
[  141.741562][ T6595]  ? sock_alloc_send_pskb+0x875/0x990
[  141.741575][ T6595]  ? tun_rx_batched+0x160/0x730
[  141.741587][ T6595]  tun_rx_batched+0x1b9/0x730
[  141.741597][ T6595]  ? __lock_acquire+0xab9/0xd20
[  141.741610][ T6595]  ? __pfx_tun_rx_batched+0x10/0x10
[  141.741621][ T6595]  ? tun_get_user+0x266c/0x3e20
[  141.741634][ T6595]  tun_get_user+0x2aa2/0x3e20
[  141.741645][ T6595]  ? rcu_is_watching+0x15/0xb0
[  141.741661][ T6595]  ? tun_get_user+0x266c/0x3e20
[  141.741672][ T6595]  ? __pfx_tun_get_user+0x10/0x10
[  141.741683][ T6595]  ? __lock_acquire+0xab9/0xd20
[  141.741698][ T6595]  ? ref_tracker_alloc+0x318/0x460
[  141.741707][ T6595]  ? __lock_acquire+0xab9/0xd20
[  141.741719][ T6595]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  141.741729][ T6595]  ? tun_get+0x1c/0x2f0
[  141.741740][ T6595]  ? tun_get+0x1c/0x2f0
[  141.741749][ T6595]  ? tun_get+0x1c/0x2f0
[  141.741759][ T6595]  tun_chr_write_iter+0x113/0x200
[  141.741770][ T6595]  vfs_write+0x54b/0xa90
[  141.741786][ T6595]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  141.741796][ T6595]  ? __pfx_vfs_write+0x10/0x10
[  141.741811][ T6595]  ? __fget_files+0x2a/0x420
[  141.741823][ T6595]  ksys_write+0x145/0x250
[  141.741837][ T6595]  ? __pfx_ksys_write+0x10/0x10
[  141.741849][ T6595]  ? rcu_is_watching+0x15/0xb0
[  141.741864][ T6595]  ? do_syscall_64+0xbe/0x3b0
[  141.741875][ T6595]  do_syscall_64+0xfa/0x3b0
[  141.741884][ T6595]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.741899][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.741908][ T6595]  ? clear_bhb_loop+0x60/0xb0
[  141.741919][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.741928][ T6595] RIP: 0033:0x7fd5a577e98f
[  141.741938][ T6595] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  141.741947][ T6595] RSP: 002b:00007fd5a64fb020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  141.741958][ T6595] RAX: ffffffffffffffda RBX: 00007fd5a5945fa0 RCX: 00007fd5a577e98f
[  141.741966][ T6595] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  141.741972][ T6595] RBP: 00007fd5a57f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  141.741978][ T6595] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  141.741984][ T6595] R13: 0000000000000000 R14: 00007fd5a5945fa0 R15: 00007ffd57dd21b8
[  141.741994][ T6595]  </TASK>
[  142.160244][ T6595] BUG: Bad page state in process syz.0.15  pfn:58ca4
[  142.167234][ T6595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ca4
[  142.176368][ T6595] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  142.183603][ T6595] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  142.192412][ T6595] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  142.201076][ T6595] page dumped because: page_pool leak
[  142.206565][ T6595] page_owner tracks the page as allocated
[  142.212399][ T6595] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6595, tgid 6592 (syz.0.15), ts 136384828381, free_ts 132688395610
[  142.229461][ T6595]  post_alloc_hook+0x240/0x2a0
[  142.234719][ T6595]  get_page_from_freelist+0x21d5/0x22b0
[  142.240363][ T6595]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.246220][ T6595]  alloc_pages_bulk_noprof+0x560/0x710
[  142.251724][ T6595]  __page_pool_alloc_netmems_slow+0x127/0x740
[  142.257978][ T6595]  skb_pp_cow_data+0xb47/0x13e0
[  142.262948][ T6595]  do_xdp_generic+0x699/0x11a0
[  142.267715][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  142.273504][ T6595]  __netif_receive_skb+0x72/0x380
[  142.278737][ T6595]  netif_receive_skb+0x1cb/0x790
[  142.283724][ T6595]  tun_rx_batched+0x1b9/0x730
[  142.288505][ T6595]  tun_get_user+0x2aa2/0x3e20
[  142.293307][ T6595]  tun_chr_write_iter+0x113/0x200
[  142.298450][ T6595]  vfs_write+0x54b/0xa90
[  142.302737][ T6595]  ksys_write+0x145/0x250
[  142.307066][ T6595]  do_syscall_64+0xfa/0x3b0
[  142.311640][ T6595] page last free pid 6485 tgid 6485 stack trace:
[  142.318152][ T6595]  __free_frozen_pages+0xbb1/0xd20
[  142.323292][ T6595]  vfree+0x25a/0x400
[  142.327258][ T6595]  kcov_close+0x28/0x50
[  142.331443][ T6595]  __fput+0x449/0xa70
[  142.335433][ T6595]  task_work_run+0x1d4/0x260
[  142.340103][ T6595]  do_exit+0x6b5/0x2300
[  142.344419][ T6595]  do_group_exit+0x21c/0x2d0
[  142.349020][ T6595]  get_signal+0x125e/0x1310
[  142.353754][ T6595]  arch_do_signal_or_restart+0x9a/0x750
[  142.359323][ T6595]  exit_to_user_mode_loop+0x75/0x110
[  142.364939][ T6595]  do_syscall_64+0x2bd/0x3b0
[  142.369761][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.375872][ T6595] Modules linked in:
[  142.379789][ T6595] CPU: 1 UID: 0 PID: 6595 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  142.379807][ T6595] Tainted: [B]=BAD_PAGE
[  142.379811][ T6595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  142.379817][ T6595] Call Trace:
[  142.379822][ T6595]  <TASK>
[  142.379826][ T6595]  dump_stack_lvl+0x189/0x250
[  142.379842][ T6595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.379852][ T6595]  ? __pfx_print_modules+0x10/0x10
[  142.379866][ T6595]  ? ksys_write+0x145/0x250
[  142.379880][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.379891][ T6595]  bad_page+0x180/0x1c0
[  142.379904][ T6595]  __free_frozen_pages+0xcd1/0xd20
[  142.379916][ T6595]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  142.379934][ T6595]  bpf_xdp_adjust_tail+0x1d6/0x220
[  142.379945][ T6595]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  142.379954][ T6595]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  142.379973][ T6595]  do_xdp_generic+0x9f7/0x11a0
[  142.379989][ T6595]  ? __pfx_do_xdp_generic+0x10/0x10
[  142.380000][ T6595]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  142.380017][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  142.380032][ T6595]  ? __pfx___skb_flow_dissect+0x10/0x10
[  142.380042][ T6595]  ? __up_read+0x280/0x680
[  142.380053][ T6595]  ? __pfx___up_read+0x10/0x10
[  142.380062][ T6595]  ? do_user_addr_fault+0xbc1/0x1390
[  142.380078][ T6595]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  142.380093][ T6595]  ? irqentry_exit+0x74/0x90
[  142.380102][ T6595]  ? __lock_acquire+0xab9/0xd20
[  142.380128][ T6595]  ? netif_receive_skb+0x115/0x790
[  142.380141][ T6595]  ? netif_receive_skb+0x115/0x790
[  142.380155][ T6595]  __netif_receive_skb+0x72/0x380
[  142.380170][ T6595]  ? netif_receive_skb+0x115/0x790
[  142.380182][ T6595]  netif_receive_skb+0x1cb/0x790
[  142.380195][ T6595]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  142.380215][ T6595]  ? __pfx_netif_receive_skb+0x10/0x10
[  142.380228][ T6595]  ? __pfx__copy_from_iter+0x10/0x10
[  142.380238][ T6595]  ? sock_alloc_send_pskb+0x875/0x990
[  142.380251][ T6595]  ? tun_rx_batched+0x160/0x730
[  142.380263][ T6595]  tun_rx_batched+0x1b9/0x730
[  142.380279][ T6595]  ? __lock_acquire+0xab9/0xd20
[  142.380292][ T6595]  ? __pfx_tun_rx_batched+0x10/0x10
[  142.380303][ T6595]  ? tun_get_user+0x266c/0x3e20
[  142.380316][ T6595]  tun_get_user+0x2aa2/0x3e20
[  142.380327][ T6595]  ? rcu_is_watching+0x15/0xb0
[  142.380343][ T6595]  ? tun_get_user+0x266c/0x3e20
[  142.380354][ T6595]  ? __pfx_tun_get_user+0x10/0x10
[  142.380365][ T6595]  ? __lock_acquire+0xab9/0xd20
[  142.380383][ T6595]  ? ref_tracker_alloc+0x318/0x460
[  142.380392][ T6595]  ? __lock_acquire+0xab9/0xd20
[  142.380404][ T6595]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  142.380414][ T6595]  ? tun_get+0x1c/0x2f0
[  142.380425][ T6595]  ? tun_get+0x1c/0x2f0
[  142.380434][ T6595]  ? tun_get+0x1c/0x2f0
[  142.380445][ T6595]  tun_chr_write_iter+0x113/0x200
[  142.380456][ T6595]  vfs_write+0x54b/0xa90
[  142.380470][ T6595]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  142.380480][ T6595]  ? __pfx_vfs_write+0x10/0x10
[  142.380495][ T6595]  ? __fget_files+0x2a/0x420
[  142.380507][ T6595]  ksys_write+0x145/0x250
[  142.380524][ T6595]  ? __pfx_ksys_write+0x10/0x10
[  142.380537][ T6595]  ? rcu_is_watching+0x15/0xb0
[  142.380551][ T6595]  ? do_syscall_64+0xbe/0x3b0
[  142.380562][ T6595]  do_syscall_64+0xfa/0x3b0
[  142.380570][ T6595]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.380584][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.380593][ T6595]  ? clear_bhb_loop+0x60/0xb0
[  142.380604][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.380613][ T6595] RIP: 0033:0x7fd5a577e98f
[  142.380623][ T6595] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  142.380631][ T6595] RSP: 002b:00007fd5a64fb020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  142.380643][ T6595] RAX: ffffffffffffffda RBX: 00007fd5a5945fa0 RCX: 00007fd5a577e98f
[  142.380650][ T6595] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  142.380656][ T6595] RBP: 00007fd5a57f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  142.380662][ T6595] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  142.380668][ T6595] R13: 0000000000000000 R14: 00007fd5a5945fa0 R15: 00007ffd57dd21b8
[  142.380678][ T6595]  </TASK>
[  142.380686][ T6595] BUG: Bad page state in process syz.0.15  pfn:58ca5
[  142.808656][ T6595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ca5
[  142.817659][ T6595] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  142.824827][ T6595] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  142.833814][ T6595] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  142.842518][ T6595] page dumped because: page_pool leak
[  142.848097][ T6595] page_owner tracks the page as allocated
[  142.854120][ T6595] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6595, tgid 6592 (syz.0.15), ts 136384807798, free_ts 132688410366
[  142.871661][ T6595]  post_alloc_hook+0x240/0x2a0
[  142.876692][ T6595]  get_page_from_freelist+0x21d5/0x22b0
[  142.882480][ T6595]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.888398][ T6595]  alloc_pages_bulk_noprof+0x560/0x710
[  142.894000][ T6595]  __page_pool_alloc_netmems_slow+0x127/0x740
[  142.900292][ T6595]  skb_pp_cow_data+0xb47/0x13e0
[  142.905346][ T6595]  do_xdp_generic+0x699/0x11a0
[  142.910219][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  142.916080][ T6595]  __netif_receive_skb+0x72/0x380
[  142.921126][ T6595]  netif_receive_skb+0x1cb/0x790
[  142.926106][ T6595]  tun_rx_batched+0x1b9/0x730
[  142.930827][ T6595]  tun_get_user+0x2aa2/0x3e20
[  142.935571][ T6595]  tun_chr_write_iter+0x113/0x200
[  142.940728][ T6595]  vfs_write+0x54b/0xa90
[  142.945031][ T6595]  ksys_write+0x145/0x250
[  142.949491][ T6595]  do_syscall_64+0xfa/0x3b0
[  142.954178][ T6595] page last free pid 6485 tgid 6485 stack trace:
[  142.960525][ T6595]  __free_frozen_pages+0xbb1/0xd20
[  142.965700][ T6595]  vfree+0x25a/0x400
[  142.969728][ T6595]  kcov_close+0x28/0x50
[  142.974014][ T6595]  __fput+0x449/0xa70
[  142.978017][ T6595]  task_work_run+0x1d4/0x260
[  142.982818][ T6595]  do_exit+0x6b5/0x2300
[  142.987085][ T6595]  do_group_exit+0x21c/0x2d0
[  142.991981][ T6595]  get_signal+0x125e/0x1310
[  142.996587][ T6595]  arch_do_signal_or_restart+0x9a/0x750
[  143.002240][ T6595]  exit_to_user_mode_loop+0x75/0x110
[  143.007545][ T6595]  do_syscall_64+0x2bd/0x3b0
[  143.012169][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.018440][ T6595] Modules linked in:
[  143.022368][ T6595] CPU: 1 UID: 0 PID: 6595 Comm: syz.0.15 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  143.022394][ T6595] Tainted: [B]=BAD_PAGE
[  143.022399][ T6595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  143.022408][ T6595] Call Trace:
[  143.022414][ T6595]  <TASK>
[  143.022420][ T6595]  dump_stack_lvl+0x189/0x250
[  143.022443][ T6595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.022460][ T6595]  ? __pfx_print_modules+0x10/0x10
[  143.022481][ T6595]  ? ksys_write+0x145/0x250
[  143.022512][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.022533][ T6595]  bad_page+0x180/0x1c0
[  143.022558][ T6595]  __free_frozen_pages+0xcd1/0xd20
[  143.022581][ T6595]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
2025/08/03 02:47:36 executed programs: 3
[  143.022614][ T6595]  bpf_xdp_adjust_tail+0x1d6/0x220
[  143.022636][ T6595]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  143.022653][ T6595]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  143.022688][ T6595]  do_xdp_generic+0x9f7/0x11a0
[  143.022717][ T6595]  ? __pfx_do_xdp_generic+0x10/0x10
[  143.022739][ T6595]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  143.022772][ T6595]  __netif_receive_skb_core+0x17f9/0x4020
[  143.022801][ T6595]  ? __pfx___skb_flow_dissect+0x10/0x10
[  143.022820][ T6595]  ? __up_read+0x280/0x680
[  143.022839][ T6595]  ? __pfx___up_read+0x10/0x10
[  143.022856][ T6595]  ? do_user_addr_fault+0xbc1/0x1390
[  143.022885][ T6595]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  143.022914][ T6595]  ? irqentry_exit+0x74/0x90
[  143.022931][ T6595]  ? __lock_acquire+0xab9/0xd20
[  143.022957][ T6595]  ? netif_receive_skb+0x115/0x790
[  143.022982][ T6595]  ? netif_receive_skb+0x115/0x790
[  143.023007][ T6595]  __netif_receive_skb+0x72/0x380
[  143.023035][ T6595]  ? netif_receive_skb+0x115/0x790
[  143.023059][ T6595]  netif_receive_skb+0x1cb/0x790
[  143.023081][ T6595]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  143.023107][ T6595]  ? __pfx_netif_receive_skb+0x10/0x10
[  143.023132][ T6595]  ? __pfx__copy_from_iter+0x10/0x10
[  143.023151][ T6595]  ? sock_alloc_send_pskb+0x875/0x990
[  143.023174][ T6595]  ? tun_rx_batched+0x160/0x730
[  143.023196][ T6595]  tun_rx_batched+0x1b9/0x730
[  143.023216][ T6595]  ? __lock_acquire+0xab9/0xd20
[  143.023240][ T6595]  ? __pfx_tun_rx_batched+0x10/0x10
[  143.023260][ T6595]  ? tun_get_user+0x266c/0x3e20
[  143.023285][ T6595]  tun_get_user+0x2aa2/0x3e20
[  143.023307][ T6595]  ? rcu_is_watching+0x15/0xb0
[  143.023334][ T6595]  ? tun_get_user+0x266c/0x3e20
[  143.023357][ T6595]  ? __pfx_tun_get_user+0x10/0x10
[  143.023378][ T6595]  ? __lock_acquire+0xab9/0xd20
[  143.023405][ T6595]  ? ref_tracker_alloc+0x318/0x460
[  143.023421][ T6595]  ? __lock_acquire+0xab9/0xd20
[  143.023444][ T6595]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  143.023463][ T6595]  ? tun_get+0x1c/0x2f0
[  143.023484][ T6595]  ? tun_get+0x1c/0x2f0
[  143.023510][ T6595]  ? tun_get+0x1c/0x2f0
[  143.023530][ T6595]  tun_chr_write_iter+0x113/0x200
[  143.023551][ T6595]  vfs_write+0x54b/0xa90
[  143.023578][ T6595]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  143.023598][ T6595]  ? __pfx_vfs_write+0x10/0x10
[  143.023627][ T6595]  ? __fget_files+0x2a/0x420
[  143.023649][ T6595]  ksys_write+0x145/0x250
[  143.023676][ T6595]  ? __pfx_ksys_write+0x10/0x10
[  143.023699][ T6595]  ? rcu_is_watching+0x15/0xb0
[  143.023728][ T6595]  ? do_syscall_64+0xbe/0x3b0
[  143.023749][ T6595]  do_syscall_64+0xfa/0x3b0
[  143.023766][ T6595]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.023795][ T6595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.023814][ T6595]  ? clear_bhb_loop+0x60/0xb0
[  143.023832][ T6595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.023850][ T6595] RIP: 0033:0x7fd5a577e98f
[  143.023866][ T6595] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  143.023881][ T6595] RSP: 002b:00007fd5a64fb020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  143.023900][ T6595] RAX: ffffffffffffffda RBX: 00007fd5a5945fa0 RCX: 00007fd5a577e98f
[  143.023914][ T6595] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  143.023925][ T6595] RBP: 00007fd5a57f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  143.023935][ T6595] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  143.023947][ T6595] R13: 0000000000000000 R14: 00007fd5a5945fa0 R15: 00007ffd57dd21b8
[  143.023966][ T6595]  </TASK>
[  143.046306][ T5171] Bluetooth: hci0: command tx timeout
[  143.165456][ T6637] BUG: Bad page state in process syz.0.16  pfn:31a31
[  143.479447][ T6637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31a31
[  143.488461][ T6637] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  143.495624][ T6637] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  143.504355][ T6637] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  143.512974][ T6637] page dumped because: page_pool leak
[  143.518350][ T6637] page_owner tracks the page as allocated
[  143.524117][ T6637] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6637, tgid 6632 (syz.0.16), ts 143165378557, free_ts 132685765886
[  143.541434][ T6637]  post_alloc_hook+0x240/0x2a0
[  143.546307][ T6637]  get_page_from_freelist+0x21d5/0x22b0
[  143.552000][ T6637]  __alloc_frozen_pages_noprof+0x181/0x370
[  143.557826][ T6637]  alloc_pages_bulk_noprof+0x560/0x710
[  143.563536][ T6637]  __page_pool_alloc_netmems_slow+0x127/0x740
[  143.569627][ T6637]  skb_pp_cow_data+0xb47/0x13e0
[  143.574609][ T6637]  do_xdp_generic+0x699/0x11a0
[  143.579395][ T6637]  __netif_receive_skb_core+0x17f9/0x4020
[  143.585196][ T6637]  __netif_receive_skb+0x72/0x380
[  143.590346][ T6637]  netif_receive_skb+0x1cb/0x790
[  143.595377][ T6637]  tun_rx_batched+0x1b9/0x730
[  143.600077][ T6637]  tun_get_user+0x2aa2/0x3e20
[  143.604811][ T6637]  tun_chr_write_iter+0x113/0x200
[  143.609859][ T6637]  vfs_write+0x54b/0xa90
[  143.614169][ T6637]  ksys_write+0x145/0x250
[  143.618528][ T6637]  do_syscall_64+0xfa/0x3b0
[  143.623180][ T6637] page last free pid 6485 tgid 6485 stack trace:
[  143.629512][ T6637]  __free_frozen_pages+0xbb1/0xd20
[  143.634682][ T6637]  vfree+0x25a/0x400
[  143.638603][ T6637]  kcov_close+0x28/0x50
[  143.642866][ T6637]  __fput+0x449/0xa70
[  143.646856][ T6637]  task_work_run+0x1d4/0x260
[  143.651502][ T6637]  do_exit+0x6b5/0x2300
[  143.655753][ T6637]  do_group_exit+0x21c/0x2d0
[  143.660364][ T6637]  get_signal+0x125e/0x1310
[  143.664942][ T6637]  arch_do_signal_or_restart+0x9a/0x750
[  143.670775][ T6637]  exit_to_user_mode_loop+0x75/0x110
[  143.676211][ T6637]  do_syscall_64+0x2bd/0x3b0
[  143.680821][ T6637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.686782][ T6637] Modules linked in:
[  143.690693][ T6637] CPU: 1 UID: 0 PID: 6637 Comm: syz.0.16 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  143.690723][ T6637] Tainted: [B]=BAD_PAGE
[  143.690729][ T6637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  143.690741][ T6637] Call Trace:
[  143.690748][ T6637]  <TASK>
[  143.690755][ T6637]  dump_stack_lvl+0x189/0x250
[  143.690781][ T6637]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.690801][ T6637]  ? __pfx_print_modules+0x10/0x10
[  143.690826][ T6637]  ? ksys_write+0x145/0x250
[  143.690852][ T6637]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.690876][ T6637]  bad_page+0x180/0x1c0
[  143.690901][ T6637]  __free_frozen_pages+0xcd1/0xd20
[  143.690923][ T6637]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  143.690954][ T6637]  bpf_xdp_adjust_tail+0x1d6/0x220
[  143.690976][ T6637]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  143.690992][ T6637]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  143.691030][ T6637]  do_xdp_generic+0x9f7/0x11a0
[  143.691060][ T6637]  ? __pfx_do_xdp_generic+0x10/0x10
[  143.691084][ T6637]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  143.691119][ T6637]  __netif_receive_skb_core+0x17f9/0x4020
[  143.691156][ T6637]  ? __pfx___skb_flow_dissect+0x10/0x10
[  143.691176][ T6637]  ? __up_read+0x280/0x680
[  143.691194][ T6637]  ? __pfx___up_read+0x10/0x10
[  143.691211][ T6637]  ? lock_release+0x4b/0x3e0
[  143.691245][ T6637]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  143.691270][ T6637]  ? rcu_is_watching+0x15/0xb0
[  143.691296][ T6637]  ? irqentry_exit+0x74/0x90
[  143.691310][ T6637]  ? exc_page_fault+0x9f/0xf0
[  143.691339][ T6637]  ? netif_receive_skb+0x115/0x790
[  143.691363][ T6637]  ? rcu_is_watching+0x15/0xb0
[  143.691389][ T6637]  ? lock_acquire+0x5f/0x360
[  143.691413][ T6637]  __netif_receive_skb+0x72/0x380
[  143.691441][ T6637]  ? netif_receive_skb+0x115/0x790
[  143.691466][ T6637]  netif_receive_skb+0x1cb/0x790
[  143.691488][ T6637]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  143.691514][ T6637]  ? __pfx_netif_receive_skb+0x10/0x10
[  143.691536][ T6637]  ? __pfx__copy_from_iter+0x10/0x10
[  143.691554][ T6637]  ? sock_alloc_send_pskb+0x875/0x990
[  143.691577][ T6637]  ? tun_rx_batched+0x160/0x730
[  143.691597][ T6637]  tun_rx_batched+0x1b9/0x730
[  143.691616][ T6637]  ? skb_header_pointer+0x8e/0x120
[  143.691637][ T6637]  ? __pfx_tun_rx_batched+0x10/0x10
[  143.691657][ T6637]  ? tun_get_user+0x266c/0x3e20
[  143.691673][ T6637]  ? rcu_is_watching+0x15/0xb0
[  143.691699][ T6637]  ? lock_acquire+0x5f/0x360
[  143.691721][ T6637]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  143.691749][ T6637]  tun_get_user+0x2aa2/0x3e20
[  143.691770][ T6637]  ? __pfx_css_rstat_updated+0x10/0x10
[  143.691797][ T6637]  ? tun_get_user+0x266c/0x3e20
[  143.691817][ T6637]  ? __pfx_tun_get_user+0x10/0x10
[  143.691834][ T6637]  ? __folio_batch_add_and_move+0x20a/0xd20
[  143.691860][ T6637]  ? pfn_valid+0xba/0x490
[  143.691873][ T6637]  ? rcu_is_watching+0x15/0xb0
[  143.691897][ T6637]  ? page_table_check_set+0x18d/0x730
[  143.691923][ T6637]  ? rcu_is_watching+0x15/0xb0
[  143.691951][ T6637]  ? ref_tracker_alloc+0x318/0x460
[  143.691968][ T6637]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  143.691984][ T6637]  ? tun_get+0x1c/0x2f0
[  143.692002][ T6637]  ? tun_get+0x1c/0x2f0
[  143.692019][ T6637]  ? rcu_is_watching+0x15/0xb0
[  143.692042][ T6637]  ? tun_get+0x1c/0x2f0
[  143.692059][ T6637]  ? lock_release+0x4b/0x3e0
[  143.692097][ T6637]  ? tun_get+0x1c/0x2f0
[  143.692116][ T6637]  tun_chr_write_iter+0x113/0x200
[  143.692143][ T6637]  vfs_write+0x54b/0xa90
[  143.692170][ T6637]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  143.692190][ T6637]  ? __pfx_vfs_write+0x10/0x10
[  143.692220][ T6637]  ? __fget_files+0x2a/0x420
[  143.692242][ T6637]  ksys_write+0x145/0x250
[  143.692269][ T6637]  ? __pfx_ksys_write+0x10/0x10
[  143.692294][ T6637]  ? rcu_is_watching+0x15/0xb0
[  143.692321][ T6637]  do_syscall_64+0xfa/0x3b0
[  143.692339][ T6637]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.692355][ T6637]  ? clear_bhb_loop+0x60/0xb0
[  143.692373][ T6637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.692389][ T6637] RIP: 0033:0x7fd5a577e98f
[  143.692404][ T6637] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  143.692418][ T6637] RSP: 002b:00007fd5a64da020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  143.692438][ T6637] RAX: ffffffffffffffda RBX: 00007fd5a5946080 RCX: 00007fd5a577e98f
[  143.692452][ T6637] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  143.692463][ T6637] RBP: 00007fd5a57f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  143.692472][ T6637] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  143.692484][ T6637] R13: 0000000000000001 R14: 00007fd5a5946080 R15: 00007ffd57dd21b8
[  143.692502][ T6637]  </TASK>
[  144.156607][ T6637] BUG: Bad page state in process syz.0.16  pfn:28832
[  144.163336][ T6637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880288328c0 pfn:0x28832
[  144.173439][ T6637] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  144.180752][ T6637] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  144.189556][ T6637] raw: ffff8880288328c0 0000000000000001 00000000ffffffff 0000000000000000
[  144.198171][ T6637] page dumped because: page_pool leak
[  144.203701][ T6637] page_owner tracks the page as allocated
[  144.209421][ T6637] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6637, tgid 6632 (syz.0.16), ts 143165368005, free_ts 132685780879
[  144.226482][ T6637]  post_alloc_hook+0x240/0x2a0
[  144.231367][ T6637]  get_page_from_freelist+0x21d5/0x22b0
[  144.236997][ T6637]  __alloc_frozen_pages_noprof+0x181/0x370
[  144.242867][ T6637]  alloc_pages_bulk_noprof+0x560/0x710
[  144.248344][ T6637]  __page_pool_alloc_netmems_slow+0x127/0x740
[  144.254492][ T6637]  skb_pp_cow_data+0xb47/0x13e0
[  144.259356][ T6637]  do_xdp_generic+0x699/0x11a0
[  144.264191][ T6637]  __netif_receive_skb_core+0x17f9/0x4020
[  144.269938][ T6637]  __netif_receive_skb+0x72/0x380
[  144.275034][ T6637]  netif_receive_skb+0x1cb/0x790
[  144.279999][ T6637]  tun_rx_batched+0x1b9/0x730
[  144.284749][ T6637]  tun_get_user+0x2aa2/0x3e20
[  144.289532][ T6637]  tun_chr_write_iter+0x113/0x200
[  144.294637][ T6637]  vfs_write+0x54b/0xa90
[  144.298908][ T6637]  ksys_write+0x145/0x250
[  144.303326][ T6637]  do_syscall_64+0xfa/0x3b0
[  144.308015][ T6637] page last free pid 6485 tgid 6485 stack trace:
[  144.314655][ T6637]  __free_frozen_pages+0xbb1/0xd20
[  144.319778][ T6637]  vfree+0x25a/0x400
[  144.323833][ T6637]  kcov_close+0x28/0x50
[  144.328013][ T6637]  __fput+0x449/0xa70
[  144.332067][ T6637]  task_work_run+0x1d4/0x260
[  144.336673][ T6637]  do_exit+0x6b5/0x2300
[  144.340859][ T6637]  do_group_exit+0x21c/0x2d0
[  144.345690][ T6637]  get_signal+0x125e/0x1310
[  144.350400][ T6637]  arch_do_signal_or_restart+0x9a/0x750
[  144.356107][ T6637]  exit_to_user_mode_loop+0x75/0x110
[  144.361454][ T6637]  do_syscall_64+0x2bd/0x3b0
[  144.366330][ T6637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.372291][ T6637] Modules linked in:
[  144.376206][ T6637] CPU: 1 UID: 0 PID: 6637 Comm: syz.0.16 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  144.376236][ T6637] Tainted: [B]=BAD_PAGE
[  144.376243][ T6637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  144.376255][ T6637] Call Trace:
[  144.376261][ T6637]  <TASK>
[  144.376268][ T6637]  dump_stack_lvl+0x189/0x250
[  144.376295][ T6637]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.376315][ T6637]  ? __pfx_print_modules+0x10/0x10
[  144.376340][ T6637]  ? ksys_write+0x145/0x250
[  144.376424][ T6637]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.376446][ T6637]  bad_page+0x180/0x1c0
[  144.376471][ T6637]  __free_frozen_pages+0xcd1/0xd20
[  144.376492][ T6637]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  144.376525][ T6637]  bpf_xdp_adjust_tail+0x1d6/0x220
[  144.376545][ T6637]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  144.376560][ T6637]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  144.376597][ T6637]  do_xdp_generic+0x9f7/0x11a0
[  144.376626][ T6637]  ? __pfx_do_xdp_generic+0x10/0x10
[  144.376647][ T6637]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  144.376680][ T6637]  __netif_receive_skb_core+0x17f9/0x4020
[  144.376708][ T6637]  ? __pfx___skb_flow_dissect+0x10/0x10
[  144.376728][ T6637]  ? __up_read+0x280/0x680
[  144.376746][ T6637]  ? __pfx___up_read+0x10/0x10
[  144.376762][ T6637]  ? lock_release+0x4b/0x3e0
[  144.376790][ T6637]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  144.376817][ T6637]  ? rcu_is_watching+0x15/0xb0
[  144.376845][ T6637]  ? irqentry_exit+0x74/0x90
[  144.376861][ T6637]  ? exc_page_fault+0x9f/0xf0
[  144.376891][ T6637]  ? netif_receive_skb+0x115/0x790
[  144.376914][ T6637]  ? rcu_is_watching+0x15/0xb0
[  144.376940][ T6637]  ? lock_acquire+0x5f/0x360
[  144.376965][ T6637]  __netif_receive_skb+0x72/0x380
[  144.376994][ T6637]  ? netif_receive_skb+0x115/0x790
[  144.377020][ T6637]  netif_receive_skb+0x1cb/0x790
[  144.377044][ T6637]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  144.377072][ T6637]  ? __pfx_netif_receive_skb+0x10/0x10
[  144.377098][ T6637]  ? __pfx__copy_from_iter+0x10/0x10
[  144.377116][ T6637]  ? sock_alloc_send_pskb+0x875/0x990
[  144.377140][ T6637]  ? tun_rx_batched+0x160/0x730
[  144.377163][ T6637]  tun_rx_batched+0x1b9/0x730
[  144.377182][ T6637]  ? skb_header_pointer+0x8e/0x120
[  144.377205][ T6637]  ? __pfx_tun_rx_batched+0x10/0x10
[  144.377227][ T6637]  ? tun_get_user+0x266c/0x3e20
[  144.377246][ T6637]  ? rcu_is_watching+0x15/0xb0
[  144.377272][ T6637]  ? lock_acquire+0x5f/0x360
[  144.377295][ T6637]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  144.377327][ T6637]  tun_get_user+0x2aa2/0x3e20
[  144.377351][ T6637]  ? __pfx_css_rstat_updated+0x10/0x10
[  144.377389][ T6637]  ? tun_get_user+0x266c/0x3e20
[  144.377412][ T6637]  ? __pfx_tun_get_user+0x10/0x10
[  144.377432][ T6637]  ? __folio_batch_add_and_move+0x20a/0xd20
[  144.377460][ T6637]  ? pfn_valid+0xba/0x490
[  144.377476][ T6637]  ? rcu_is_watching+0x15/0xb0
[  144.377503][ T6637]  ? page_table_check_set+0x18d/0x730
[  144.377531][ T6637]  ? rcu_is_watching+0x15/0xb0
[  144.377560][ T6637]  ? ref_tracker_alloc+0x318/0x460
[  144.377579][ T6637]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  144.377597][ T6637]  ? tun_get+0x1c/0x2f0
[  144.377617][ T6637]  ? tun_get+0x1c/0x2f0
[  144.377636][ T6637]  ? rcu_is_watching+0x15/0xb0
[  144.377662][ T6637]  ? tun_get+0x1c/0x2f0
[  144.377679][ T6637]  ? lock_release+0x4b/0x3e0
[  144.377708][ T6637]  ? tun_get+0x1c/0x2f0
[  144.377728][ T6637]  tun_chr_write_iter+0x113/0x200
[  144.377749][ T6637]  vfs_write+0x54b/0xa90
[  144.377777][ T6637]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  144.377795][ T6637]  ? __pfx_vfs_write+0x10/0x10
[  144.377823][ T6637]  ? __fget_files+0x2a/0x420
[  144.377845][ T6637]  ksys_write+0x145/0x250
[  144.377871][ T6637]  ? __pfx_ksys_write+0x10/0x10
[  144.377898][ T6637]  ? rcu_is_watching+0x15/0xb0
[  144.377924][ T6637]  do_syscall_64+0xfa/0x3b0
[  144.377948][ T6637]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.377965][ T6637]  ? clear_bhb_loop+0x60/0xb0
[  144.377985][ T6637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.378002][ T6637] RIP: 0033:0x7fd5a577e98f
[  144.378019][ T6637] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  144.378035][ T6637] RSP: 002b:00007fd5a64da020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  144.378055][ T6637] RAX: ffffffffffffffda RBX: 00007fd5a5946080 RCX: 00007fd5a577e98f
[  144.378069][ T6637] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  144.378080][ T6637] RBP: 00007fd5a57f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  144.378092][ T6637] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  144.378104][ T6637] R13: 0000000000000001 R14: 00007fd5a5946080 R15: 00007ffd57dd21b8
[  144.378122][ T6637]  </TASK>
[  144.378133][ T6637] BUG: Bad page state in process syz.0.16  pfn:28833
[  144.848171][ T6637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28833
[  144.857088][ T6637] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  144.864556][ T6637] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  144.873577][ T6637] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  144.882201][ T6637] page dumped because: page_pool leak
[  144.887575][ T6637] page_owner tracks the page as allocated
[  144.893350][ T6637] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6637, tgid 6632 (syz.0.16), ts 143165357259, free_ts 132685795886
[  144.910405][ T6637]  post_alloc_hook+0x240/0x2a0
[  144.915222][ T6637]  get_page_from_freelist+0x21d5/0x22b0
[  144.920881][ T6637]  __alloc_frozen_pages_noprof+0x181/0x370
[  144.926722][ T6637]  alloc_pages_bulk_noprof+0x560/0x710
[  144.932319][ T6637]  __page_pool_alloc_netmems_slow+0x127/0x740
[  144.938403][ T6637]  skb_pp_cow_data+0xb47/0x13e0
[  144.943274][ T6637]  do_xdp_generic+0x699/0x11a0
[  144.948130][ T6637]  __netif_receive_skb_core+0x17f9/0x4020
[  144.953881][ T6637]  __netif_receive_skb+0x72/0x380
[  144.958914][ T6637]  netif_receive_skb+0x1cb/0x790
[  144.963882][ T6637]  tun_rx_batched+0x1b9/0x730
[  144.968563][ T6637]  tun_get_user+0x2aa2/0x3e20
[  144.973407][ T6637]  tun_chr_write_iter+0x113/0x200
[  144.978548][ T6637]  vfs_write+0x54b/0xa90
[  144.982820][ T6637]  ksys_write+0x145/0x250
[  144.987282][ T6637]  do_syscall_64+0xfa/0x3b0
[  144.991814][ T6637] page last free pid 6485 tgid 6485 stack trace:
[  144.998147][ T6637]  __free_frozen_pages+0xbb1/0xd20
[  145.003376][ T6637]  vfree+0x25a/0x400
[  145.007387][ T6637]  kcov_close+0x28/0x50
[  145.011752][ T6637]  __fput+0x449/0xa70
[  145.015756][ T6637]  task_work_run+0x1d4/0x260
[  145.020337][ T6637]  do_exit+0x6b5/0x2300
[  145.024564][ T6637]  do_group_exit+0x21c/0x2d0
[  145.029167][ T6637]  get_signal+0x125e/0x1310
[  145.033700][ T6637]  arch_do_signal_or_restart+0x9a/0x750
[  145.039616][ T6637]  exit_to_user_mode_loop+0x75/0x110
[  145.045052][ T6637]  do_syscall_64+0x2bd/0x3b0
[  145.049664][ T6637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.055607][ T6637] Modules linked in:
[  145.059778][ T6637] CPU: 1 UID: 0 PID: 6637 Comm: syz.0.16 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  145.059795][ T6637] Tainted: [B]=BAD_PAGE
[  145.059798][ T6637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  145.059805][ T6637] Call Trace:
[  145.059810][ T6637]  <TASK>
[  145.059815][ T6637]  dump_stack_lvl+0x189/0x250
[  145.059832][ T6637]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.059857][ T6637]  ? __pfx_print_modules+0x10/0x10
[  145.059870][ T6637]  ? ksys_write+0x145/0x250
[  145.059884][ T6637]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.059896][ T6637]  bad_page+0x180/0x1c0
[  145.059909][ T6637]  __free_frozen_pages+0xcd1/0xd20
[  145.059921][ T6637]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  145.059938][ T6637]  bpf_xdp_adjust_tail+0x1d6/0x220
[  145.059950][ T6637]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  145.059959][ T6637]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  145.059979][ T6637]  do_xdp_generic+0x9f7/0x11a0
[  145.059994][ T6637]  ? __pfx_do_xdp_generic+0x10/0x10
[  145.060006][ T6637]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  145.060024][ T6637]  __netif_receive_skb_core+0x17f9/0x4020
[  145.060039][ T6637]  ? __pfx___skb_flow_dissect+0x10/0x10
[  145.060056][ T6637]  ? __up_read+0x280/0x680
[  145.060067][ T6637]  ? __pfx___up_read+0x10/0x10
[  145.060075][ T6637]  ? lock_release+0x4b/0x3e0
[  145.060090][ T6637]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  145.060105][ T6637]  ? rcu_is_watching+0x15/0xb0
[  145.060120][ T6637]  ? irqentry_exit+0x74/0x90
[  145.060128][ T6637]  ? exc_page_fault+0x9f/0xf0
[  145.060143][ T6637]  ? netif_receive_skb+0x115/0x790
[  145.060155][ T6637]  ? rcu_is_watching+0x15/0xb0
[  145.060169][ T6637]  ? lock_acquire+0x5f/0x360
[  145.060181][ T6637]  __netif_receive_skb+0x72/0x380
[  145.060196][ T6637]  ? netif_receive_skb+0x115/0x790
[  145.060209][ T6637]  netif_receive_skb+0x1cb/0x790
[  145.060222][ T6637]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  145.060237][ T6637]  ? __pfx_netif_receive_skb+0x10/0x10
[  145.060250][ T6637]  ? __pfx__copy_from_iter+0x10/0x10
[  145.060260][ T6637]  ? sock_alloc_send_pskb+0x875/0x990
[  145.060273][ T6637]  ? tun_rx_batched+0x160/0x730
[  145.060284][ T6637]  tun_rx_batched+0x1b9/0x730
[  145.060297][ T6637]  ? skb_header_pointer+0x8e/0x120
[  145.060309][ T6637]  ? __pfx_tun_rx_batched+0x10/0x10
[  145.060320][ T6637]  ? tun_get_user+0x266c/0x3e20
[  145.060329][ T6637]  ? rcu_is_watching+0x15/0xb0
[  145.060343][ T6637]  ? lock_acquire+0x5f/0x360
[  145.060355][ T6637]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  145.060371][ T6637]  tun_get_user+0x2aa2/0x3e20
[  145.060385][ T6637]  ? __pfx_css_rstat_updated+0x10/0x10
[  145.060400][ T6637]  ? tun_get_user+0x266c/0x3e20
[  145.060412][ T6637]  ? __pfx_tun_get_user+0x10/0x10
[  145.060422][ T6637]  ? __folio_batch_add_and_move+0x20a/0xd20
[  145.060437][ T6637]  ? pfn_valid+0xba/0x490
[  145.060445][ T6637]  ? rcu_is_watching+0x15/0xb0
[  145.060459][ T6637]  ? page_table_check_set+0x18d/0x730
[  145.060473][ T6637]  ? rcu_is_watching+0x15/0xb0
[  145.060487][ T6637]  ? ref_tracker_alloc+0x318/0x460
[  145.060497][ T6637]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  145.060506][ T6637]  ? tun_get+0x1c/0x2f0
[  145.060516][ T6637]  ? tun_get+0x1c/0x2f0
[  145.060526][ T6637]  ? rcu_is_watching+0x15/0xb0
[  145.060538][ T6637]  ? tun_get+0x1c/0x2f0
[  145.060548][ T6637]  ? lock_release+0x4b/0x3e0
[  145.060561][ T6637]  ? tun_get+0x1c/0x2f0
[  145.060571][ T6637]  tun_chr_write_iter+0x113/0x200
[  145.060582][ T6637]  vfs_write+0x54b/0xa90
[  145.060596][ T6637]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  145.060607][ T6637]  ? __pfx_vfs_write+0x10/0x10
[  145.060622][ T6637]  ? __fget_files+0x2a/0x420
[  145.060634][ T6637]  ksys_write+0x145/0x250
[  145.060648][ T6637]  ? __pfx_ksys_write+0x10/0x10
[  145.060662][ T6637]  ? rcu_is_watching+0x15/0xb0
[  145.060676][ T6637]  do_syscall_64+0xfa/0x3b0
[  145.060686][ T6637]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.060696][ T6637]  ? clear_bhb_loop+0x60/0xb0
[  145.060706][ T6637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.060716][ T6637] RIP: 0033:0x7fd5a577e98f
[  145.060725][ T6637] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  145.060733][ T6637] RSP: 002b:00007fd5a64da020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  145.060745][ T6637] RAX: ffffffffffffffda RBX: 00007fd5a5946080 RCX: 00007fd5a577e98f
[  145.060753][ T6637] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  145.060759][ T6637] RBP: 00007fd5a57f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  145.060765][ T6637] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  145.060771][ T6637] R13: 0000000000000001 R14: 00007fd5a5946080 R15: 00007ffd57dd21b8
[  145.060781][ T6637]  </TASK>
[  145.060789][ T6637] BUG: Bad page state in process syz.0.16  pfn:30d54
[  145.201477][ T5171] Bluetooth: hci0: command tx timeout
[  145.204210][ T6637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888030d548c0 pfn:0x30d54
[  145.547789][ T6637] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  145.555083][ T6637] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  145.563793][ T6637] raw: ffff888030d548c0 0000000000000001 00000000ffffffff 0000000000000000
[  145.572507][ T6637] page dumped because: page_pool leak
[  145.578000][ T6637] page_owner tracks the page as allocated
[  145.583956][ T6637] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6637, tgid 6632 (syz.0.16), ts 143165346319, free_ts 132685810959
[  145.601281][ T6637]  post_alloc_hook+0x240/0x2a0
[  145.606140][ T6637]  get_page_from_freelist+0x21d5/0x22b0
[  145.611778][ T6637]  __alloc_frozen_pages_noprof+0x181/0x370
[  145.617603][ T6637]  alloc_pages_bulk_noprof+0x560/0x710
[  145.623178][ T6637]  __page_pool_alloc_netmems_slow+0x127/0x740
[  145.629258][ T6637]  skb_pp_cow_data+0xb47/0x13e0
[  145.634227][ T6637]  do_xdp_generic+0x699/0x11a0
[  145.639090][ T6637]  __netif_receive_skb_core+0x17f9/0x4020
[  145.644868][ T6637]  __netif_receive_skb+0x72/0x380
[  145.649902][ T6637]  netif_receive_skb+0x1cb/0x790
[  145.655096][ T6637]  tun_rx_batched+0x1b9/0x730
[  145.659863][ T6637]  tun_get_user+0x2aa2/0x3e20
[  145.664575][ T6637]  tun_chr_write_iter+0x113/0x200
[  145.669694][ T6637]  vfs_write+0x54b/0xa90
[  145.674078][ T6637]  ksys_write+0x145/0x250
[  145.678457][ T6637]  do_syscall_64+0xfa/0x3b0
[  145.683027][ T6637] page last free pid 6485 tgid 6485 stack trace:
[  145.689439][ T6637]  __free_frozen_pages+0xbb1/0xd20
[  145.694617][ T6637]  vfree+0x25a/0x400
[  145.698526][ T6637]  kcov_close+0x28/0x50
[  145.702724][ T6637]  __fput+0x449/0xa70
[  145.706747][ T6637]  task_work_run+0x1d4/0x260
[  145.711376][ T6637]  do_exit+0x6b5/0x2300
[  145.715537][ T6637]  do_group_exit+0x21c/0x2d0
[  145.720260][ T6637]  get_signal+0x125e/0x1310
[  145.724914][ T6637]  arch_do_signal_or_restart+0x9a/0x750
[  145.730528][ T6637]  exit_to_user_mode_loop+0x75/0x110
[  145.735889][ T6637]  do_syscall_64+0x2bd/0x3b0
[  145.740525][ T6637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.746466][ T6637] Modules linked in:
[  145.750373][ T6637] CPU: 1 UID: 0 PID: 6637 Comm: syz.0.16 Tainted: G    B               6.16.0-syzkaller-g186f3edfdd41 #0 PREEMPT(full) 
[  145.750395][ T6637] Tainted: [B]=BAD_PAGE
[  145.750399][ T6637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  145.750406][ T6637] Call Trace:
[  145.750411][ T6637]  <TASK>
[  145.750416][ T6637]  dump_stack_lvl+0x189/0x250
[  145.750432][ T6637]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.750442][ T6637]  ? __pfx_print_modules+0x10/0x10
[  145.750456][ T6637]  ? ksys_write+0x145/0x250
[  145.750470][ T6637]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.750482][ T6637]  bad_page+0x180/0x1c0
[  145.750495][ T6637]  __free_frozen_pages+0xcd1/0xd20
[  145.750507][ T6637]  bpf_xdp_frags_shrink_tail+0x3a5/0x750
[  145.750525][ T6637]  bpf_xdp_adjust_tail+0x1d6/0x220
[  145.750536][ T6637]  bpf_prog_f476d5219b92964a+0x1e/0x24
[  145.750545][ T6637]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  145.750566][ T6637]  do_xdp_generic+0x9f7/0x11a0
[  145.750581][ T6637]  ? __pfx_do_xdp_generic+0x10/0x10
[  145.750593][ T6637]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  145.750611][ T6637]  __netif_receive_skb_core+0x17f9/0x4020
[  145.750626][ T6637]  ? __pfx___skb_flow_dissect+0x10/0x10
[  145.750636][ T6637]  ? __up_read+0x280/0x680
[  145.750647][ T6637]  ? __pfx___up_read+0x10/0x10
[  145.750655][ T6637]  ? lock_release+0x4b/0x3e0
[  145.750670][ T6637]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  145.750685][ T6637]  ? rcu_is_watching+0x15/0xb0
[  145.750700][ T6637]  ? irqentry_exit+0x74/0x90
[  145.750709][ T6637]  ? exc_page_fault+0x9f/0xf0
[  145.750724][ T6637]  ? netif_receive_skb+0x115/0x790
[  145.750737][ T6637]  ? rcu_is_watching+0x15/0xb0
[  145.750750][ T6637]  ? lock_acquire+0x5f/0x360
[  145.750762][ T6637]  __netif_receive_skb+0x72/0x380
[  145.750778][ T6637]  ? netif_receive_skb+0x115/0x790
[  145.750790][ T6637]  netif_receive_skb+0x1cb/0x790
[  145.750804][ T6637]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  145.750819][ T6637]  ? __pfx_netif_receive_skb+0x10/0x10
[  145.750832][ T6637]  ? __pfx__copy_from_iter+0x10/0x10
[  145.750843][ T6637]  ? sock_alloc_send_pskb+0x875/0x990
[  145.750856][ T6637]  ? tun_rx_batched+0x160/0x730
[  145.750867][ T6637]  tun_rx_batched+0x1b9/0x730
[  145.750877][ T6637]  ? skb_header_pointer+0x8e/0x120
[  145.750890][ T6637]  ? __pfx_tun_rx_batched+0x10/0x10
[  145.750901][ T6637]  ? tun_get_user+0x266c/0x3e20
[  145.750910][ T6637]  ? rcu_is_watching+0x15/0xb0
[  145.750924][ T6637]  ? lock_acquire+0x5f/0x360
[  145.750936][ T6637]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  145.750952][ T6637]  tun_get_user+0x2aa2/0x3e20
[  145.750990][ T6637]  ? __pfx_css_rstat_updated+0x10/0x10
[  145.751012][ T6637]  ? tun_get_user+0x266c/0x3e20
[  145.751023][ T6637]  ? __pfx_tun_get_user+0x10/0x10
[  145.751033][ T6637]  ? __folio_batch_add_and_move+0x20a/0xd20
[  145.751049][ T6637]  ? pfn_valid+0xba/0x490
[  145.751057][ T6637]  ? rcu_is_watching+0x15/0xb0
[  145.751071][ T6637]  ? page_table_check_set+0x18d/0x730
[  145.751085][ T6637]  ? rcu_is_watching+0x15/0xb0
[  145.751100][ T6637]  ? ref_tracker_alloc+0x318/0x460
[  145.751110][ T6637]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  145.751119][ T6637]  ? tun_get+0x1c/0x2f0
[  145.751129][ T6637]  ? tun_get+0x1c/0x2f0
[  145.751138][ T6637]  ? rcu_is_watching+0x15/0xb0
[  145.751151][ T6637]  ? tun_get+0x1c/0x2f0
[  145.751161][ T6637]  ? lock_release+0x4b/0x3e0
[  145.751173][ T6637]  ? tun_get+0x1c/0x2f0
[  145.751184][ T6637]  tun_chr_write_iter+0x113/0x200
[  145.751195][ T6637]  vfs_write+0x54b/0xa90
[  145.751210][ T6637]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  145.751222][ T6637]  ? __pfx_vfs_write+0x10/0x10
[  145.751238][ T6637]  ? __fget_files+0x2a/0x420
[  145.751260][ T6637]  ksys_write+0x145/0x250
[  145.751283][ T6637]  ? __pfx_ksys_write+0x10/0x10
[  145.751307][ T6637]  ? rcu_is_watching+0x15/0xb0
[  145.751329][ T6637]  do_syscall_64+0xfa/0x3b0
[  145.751340][ T6637]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.751350][ T6637]  ? clear_bhb_loop+0x60/0xb0
[  145.751360][ T6637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.751370][ T6637] RIP: 0033:0x7fd5a577e98f
[  145.751379][ T6637] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  145.751387][ T6637] RSP: 002b:00007fd5a64da020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  145.751399][ T6637] RAX: ffffffffffffffda RBX: 00007fd5a5946080 RCX: 00007fd5a577e98f
[  145.751406][ T6637] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  145.751413][ T6637] RBP: 00007fd5a57f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  145.751419][ T6637] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  145.751425][ T6637] R13: 0000000000000001 R14: 00007fd5a5946080 R15: 00007ffd57dd21b8
[  145.751434][ T6637]  </TASK>
[  146.214284][ T6637] BUG: Bad page state in process syz.0.16  pfn:30d55
[  146.221058][ T6637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888030d55ee0 pfn:0x30d55
[  146.231163][ T6637] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  146.238446][ T6637] raw: 00fff00000000000 dead000000000040 ffff888021ec6000 0000000000000000
[  146.247587][ T6637] raw: ffff888030d55ee0 0000000000000001 00000000ffffffff 0000000000000000
[  146.256565][ T6637] page dumped because: page_pool leak
[  146.262041][ T6637] page_owner tracks the page as allocated
[  146.267766][ T6637] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6637, tgid 6632 (syz.0.16), ts 143165335224, free_ts 132685826263
[  146.285040][ T6637]  post_alloc_hook+0x240/0x2a0
[  146.290139][ T6637]  get_page_from_freelist+0x21d5/0x22b0
[  146.296209][ T6637]  __alloc_frozen_pages_noprof+0x181/0x370
[  146.302450][ T6637]  alloc_pages_bulk_noprof+0x560/0x710
[  146.307993][ T6637]  __page_pool_alloc_netmems_slow+0x127/0x740
[  146.314472][ T6637]  skb_pp_cow_data+0xb47/0x13e0
[  146.319337][ T6637]  do_xdp_generic+0x699/0x11a0
[  146.324419][ T6637]  __netif_receive_skb_core+0x17f9/0x4020
[  146.330430][ T6637]  __netif_receive_skb+0x72/0x380
[  146.335515][ T6637]  netif_receive_skb+0x1cb/0x790
[  146.340467][ T6637]  tun_rx_batched+0x1b9/0x730
[  146.345174][ T6637]  tun_get_user+0x2aa2/0x3e20
[  146.349962][ T6637]  tun_chr_write_iter+0x113/0x200
[  146.355049][ T6637]  vfs_write+0x54b/0xa90
[  146.359311][ T6637]  ksys_write+0x145/0x250
[  146.363777][ T6637]  do_syscall_64+0xfa/0x3b0
[  146.368291][ T6637] page last free pid 6485 tgid 6485 stack trace:
[  146.374914][ T6637]  __free_frozen_pages+0xbb1/0xd20
[  146.380136][ T6637]  vfree+0x25a/0x400
[  146.384082][ T6637]  kcov_close+0x28/0x50
[  146.388244][ T6637]  __fput+0x449/0xa70
[  146.392247][ T6637]  task_work_run+0x1d4/0x260
[  146.397475][ T6637]  do_exit+0x6b5/0x2300
[  146.401701][ T6637]  do_group_exit+0x21c/0x2d0
[  146.406307][ T6637]  get_signal+0x125e/0x1310
[  146.410809][ T6637]  arch_do_signal_or_restart+0x9a/0x750
[  146.416398][ T6637]  exit_to_user_mode_loop+0x75/0x110
[  146.421983][ T6637]  do_syscall_64+0x2bd/0x3b0