Warning: Permanently added '10.128.0.34' (ED25519) to the list of known hosts.
2025/11/28 07:03:15 parsed 1 programs
[   93.334183][ T5834] cgroup: Unknown subsys name 'net'
[   93.459937][ T5834] cgroup: Unknown subsys name 'cpuset'
[   93.469546][ T5834] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   95.192652][ T5834] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   97.363451][  T855] cfg80211: failed to load regulatory.db
[   98.263332][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.272112][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.303040][   T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.311275][   T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.354620][ T5849] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   98.934827][ T5860] chnl_net:caif_netlink_parms(): no params data found
[   99.086814][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.094924][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.103362][ T5860] bridge_slave_0: entered allmulticast mode
[   99.111028][ T5860] bridge_slave_0: entered promiscuous mode
[   99.120658][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.128263][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.135563][ T5860] bridge_slave_1: entered allmulticast mode
[   99.143063][ T5860] bridge_slave_1: entered promiscuous mode
[   99.178352][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.191855][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.233079][ T5860] team0: Port device team_slave_0 added
[   99.242460][ T5860] team0: Port device team_slave_1 added
[   99.274702][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.281895][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   99.310435][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.327294][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.334464][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   99.361269][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.408061][ T5860] hsr_slave_0: entered promiscuous mode
[   99.414898][ T5860] hsr_slave_1: entered promiscuous mode
[   99.575299][ T5860] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.589474][ T5860] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.601139][ T5860] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.612015][ T5860] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.699064][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.720945][ T5860] 8021q: adding VLAN 0 to HW filter on device team0
[   99.734107][ T3532] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.741419][ T3532] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.760432][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.767738][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.964522][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.013639][ T5860] veth0_vlan: entered promiscuous mode
[  100.028261][ T5860] veth1_vlan: entered promiscuous mode
[  100.059931][ T5860] veth0_macvtap: entered promiscuous mode
[  100.070716][ T5860] veth1_macvtap: entered promiscuous mode
[  100.096425][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.111751][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.128858][   T57] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.140207][   T57] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.150380][   T57] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.161363][   T57] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.319359][   T57] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.371622][   T57] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.441925][   T57] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.512922][   T57] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.752883][ T5928] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  102.763837][ T5928] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  102.772839][ T5928] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.781373][ T5928] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.789563][ T5928] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  102.922852][   T57] bridge_slave_1: left allmulticast mode
[  102.929766][   T57] bridge_slave_1: left promiscuous mode
[  102.936367][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.958250][   T57] bridge_slave_0: left allmulticast mode
[  102.963936][   T57] bridge_slave_0: left promiscuous mode
[  102.969884][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.220515][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.232346][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  103.242905][   T57] bond0 (unregistering): Released all slaves
[  103.404080][   T57] hsr_slave_0: left promiscuous mode
[  103.420860][   T57] hsr_slave_1: left promiscuous mode
[  103.444928][   T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  103.465733][   T57] batman_adv: batadv0: Removing interface: batadv_slave_0
[  103.483519][   T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.498984][   T57] batman_adv: batadv0: Removing interface: batadv_slave_1
[  103.533749][   T57] veth1_macvtap: left promiscuous mode
[  103.555938][   T57] veth0_macvtap: left promiscuous mode
[  103.561814][   T57] veth1_vlan: left promiscuous mode
[  103.586458][   T57] veth0_vlan: left promiscuous mode
[  104.165558][   T57] team0 (unregistering): Port device team_slave_1 removed
[  104.193715][   T57] team0 (unregistering): Port device team_slave_0 removed
2025/11/28 07:03:31 executed programs: 0
[  106.042161][ T5151] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  106.051468][ T5151] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  106.061170][ T5151] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  106.070942][ T5151] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  106.079343][ T5151] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  106.601330][ T5973] chnl_net:caif_netlink_parms(): no params data found
[  106.811775][ T5973] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.823624][ T5973] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.841695][ T5973] bridge_slave_0: entered allmulticast mode
[  106.858059][ T5973] bridge_slave_0: entered promiscuous mode
[  106.869819][ T5973] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.880355][ T5973] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.888078][ T5973] bridge_slave_1: entered allmulticast mode
[  106.897897][ T5973] bridge_slave_1: entered promiscuous mode
[  106.994294][ T5973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.010787][ T5973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.053102][ T5973] team0: Port device team_slave_0 added
[  107.061847][ T5973] team0: Port device team_slave_1 added
[  107.098800][ T5973] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.105956][ T5973] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  107.132448][ T5973] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.145187][ T5973] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.152591][ T5973] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  107.179229][ T5973] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.292535][ T5973] hsr_slave_0: entered promiscuous mode
[  107.302601][ T5973] hsr_slave_1: entered promiscuous mode
[  107.887328][ T5973] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  107.899750][ T5973] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  107.911603][ T5973] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  107.924721][ T5973] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  108.045117][ T5973] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.073999][ T5973] 8021q: adding VLAN 0 to HW filter on device team0
[  108.089325][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.096590][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.115725][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.122929][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.167049][ T5928] Bluetooth: hci0: command tx timeout
[  108.417368][ T5973] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.482781][ T5973] veth0_vlan: entered promiscuous mode
[  108.501770][ T5973] veth1_vlan: entered promiscuous mode
[  108.543629][ T5973] veth0_macvtap: entered promiscuous mode
[  108.555520][ T5973] veth1_macvtap: entered promiscuous mode
[  108.585344][ T5973] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.603484][ T5973] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.622801][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.644563][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.654493][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.671979][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.749309][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.761915][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.808317][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.816540][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.910477][ T6045] BUG: Bad page state in process syz.0.17  pfn:78972
[  108.917318][ T6045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078972dc0 pfn:0x78972
[  108.927601][ T6045] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  108.934787][ T6045] raw: 00fff00000000000 dead000000000040 ffff8880216fb000 0000000000000000
[  108.943645][ T6045] raw: ffff888078972dc0 3fffffffffffffff 00000000ffffffff 0000000000000000
[  108.952464][ T6045] page dumped because: page_pool leak
[  108.957933][ T6045] page_owner tracks the page as allocated
[  108.963883][ T6045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6045, tgid 6045 (syz.0.17), ts 108910279458, free_ts 107316268733
[  108.980899][ T6045]  post_alloc_hook+0x234/0x290
[  108.985774][ T6045]  get_page_from_freelist+0x2365/0x2440
[  108.991447][ T6045]  __alloc_frozen_pages_noprof+0x181/0x370
[  108.997374][ T6045]  alloc_pages_bulk_noprof+0x560/0x710
[  109.002883][ T6045]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  109.009075][ T6045]  page_pool_alloc_frag_netmem+0x421/0x9b0
[  109.014967][ T6045]  skb_pp_cow_data+0xb69/0x13e0
[  109.019932][ T6045]  do_xdp_generic+0x699/0x11a0
[  109.024744][ T6045]  tun_get_user+0x2527/0x3e90
[  109.029523][ T6045]  tun_chr_write_iter+0x113/0x200
[  109.034610][ T6045]  vfs_write+0x5c9/0xb30
[  109.039062][ T6045]  ksys_write+0x145/0x250
[  109.043455][ T6045]  do_syscall_64+0xfa/0xfa0
[  109.048103][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.054136][ T6045] page last free pid 5996 tgid 5996 stack trace:
[  109.060578][ T6045]  __free_frozen_pages+0xbc4/0xd30
[  109.065777][ T6045]  rcu_core+0xcab/0x1770
[  109.070091][ T6045]  handle_softirqs+0x286/0x870
[  109.074914][ T6045]  __irq_exit_rcu+0xca/0x1f0
[  109.079608][ T6045]  irq_exit_rcu+0x9/0x30
[  109.083902][ T6045]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  109.089643][ T6045]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  109.095711][ T6045] Modules linked in:
[  109.099667][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  109.099694][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  109.099714][ T6045] Call Trace:
[  109.099723][ T6045]  <TASK>
[  109.099732][ T6045]  dump_stack_lvl+0x189/0x250
[  109.099768][ T6045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  109.099796][ T6045]  ? __pfx_print_modules+0x10/0x10
[  109.099833][ T6045]  bad_page+0x180/0x1c0
[  109.099859][ T6045]  __free_frozen_pages+0xce2/0xd30
[  109.099911][ T6045]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  109.099961][ T6045]  bpf_xdp_adjust_tail+0x1d6/0x220
[  109.099989][ T6045]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  109.100013][ T6045]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  109.100071][ T6045]  do_xdp_generic+0x9f7/0x11a0
[  109.100112][ T6045]  ? __pfx_do_xdp_generic+0x10/0x10
[  109.100151][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  109.100184][ T6045]  ? tun_vnet_hdr_tnl_to_skb+0xed/0x830
[  109.100216][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  109.100242][ T6045]  tun_get_user+0x2527/0x3e90
[  109.100287][ T6045]  ? aa_file_perm+0x44d/0x1550
[  109.100307][ T6045]  ? __pfx_tun_get_user+0x10/0x10
[  109.100337][ T6045]  ? __lock_acquire+0xab9/0xd20
[  109.100371][ T6045]  ? ref_tracker_alloc+0x318/0x460
[  109.100391][ T6045]  ? __lock_acquire+0xab9/0xd20
[  109.100413][ T6045]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  109.100439][ T6045]  ? tun_get+0x1c/0x2f0
[  109.100468][ T6045]  ? tun_get+0x1c/0x2f0
[  109.100491][ T6045]  ? tun_get+0x1c/0x2f0
[  109.100518][ T6045]  tun_chr_write_iter+0x113/0x200
[  109.100546][ T6045]  vfs_write+0x5c9/0xb30
[  109.100580][ T6045]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  109.100604][ T6045]  ? __pfx_vfs_write+0x10/0x10
[  109.100635][ T6045]  ? __pfx_do_futex+0x10/0x10
[  109.100681][ T6045]  ksys_write+0x145/0x250
[  109.100712][ T6045]  ? __pfx_ksys_write+0x10/0x10
[  109.100745][ T6045]  ? do_syscall_64+0xbe/0xfa0
[  109.100782][ T6045]  do_syscall_64+0xfa/0xfa0
[  109.100812][ T6045]  ? lockdep_hardirqs_on+0x9c/0x150
[  109.100843][ T6045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.100864][ T6045]  ? clear_bhb_loop+0x60/0xb0
[  109.100898][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.100919][ T6045] RIP: 0033:0x7fef94d8e1ff
[  109.100938][ T6045] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  109.100956][ T6045] RSP: 002b:00007ffe32374fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  109.100979][ T6045] RAX: ffffffffffffffda RBX: 00007fef94fe5fa0 RCX: 00007fef94d8e1ff
[  109.100994][ T6045] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  109.101008][ T6045] RBP: 00007fef94e13f91 R08: 0000000000000000 R09: 0000000000000000
[  109.101021][ T6045] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  109.101033][ T6045] R13: 00007fef94fe5fa0 R14: 00007fef94fe5fa0 R15: 0000000000000003
[  109.101067][ T6045]  </TASK>
[  109.101076][ T6045] Disabling lock debugging due to kernel taint
[  109.394973][ T6045] BUG: Bad page state in process syz.0.17  pfn:77752
[  109.401860][ T6045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888077752000 pfn:0x77752
[  109.412035][ T6045] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  109.419276][ T6045] raw: 00fff00000000000 dead000000000040 ffff8880216fb000 0000000000000000
[  109.428088][ T6045] raw: ffff888077752000 0000000000000001 00000000ffffffff 0000000000000000
[  109.436745][ T6045] page dumped because: page_pool leak
[  109.442152][ T6045] page_owner tracks the page as allocated
[  109.447942][ T6045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6045, tgid 6045 (syz.0.17), ts 108910259575, free_ts 107316288210
[  109.464896][ T6045]  post_alloc_hook+0x234/0x290
[  109.469755][ T6045]  get_page_from_freelist+0x2365/0x2440
[  109.475360][ T6045]  __alloc_frozen_pages_noprof+0x181/0x370
[  109.481264][ T6045]  alloc_pages_bulk_noprof+0x560/0x710
[  109.486804][ T6045]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  109.493036][ T6045]  skb_pp_cow_data+0xb47/0x13e0
[  109.497968][ T6045]  do_xdp_generic+0x699/0x11a0
[  109.502776][ T6045]  tun_get_user+0x2527/0x3e90
[  109.507547][ T6045]  tun_chr_write_iter+0x113/0x200
[  109.512636][ T6045]  vfs_write+0x5c9/0xb30
[  109.516973][ T6045]  ksys_write+0x145/0x250
[  109.521358][ T6045]  do_syscall_64+0xfa/0xfa0
[  109.525976][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.531923][ T6045] page last free pid 5996 tgid 5996 stack trace:
[  109.538687][ T6045]  __free_frozen_pages+0xbc4/0xd30
[  109.543947][ T6045]  rcu_core+0xcab/0x1770
[  109.548286][ T6045]  handle_softirqs+0x286/0x870
[  109.553113][ T6045]  __irq_exit_rcu+0xca/0x1f0
[  109.557793][ T6045]  irq_exit_rcu+0x9/0x30
[  109.562169][ T6045]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  109.567911][ T6045]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  109.573955][ T6045] Modules linked in:
[  109.577947][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  109.577983][ T6045] Tainted: [B]=BAD_PAGE
[  109.577990][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  109.578003][ T6045] Call Trace:
[  109.578011][ T6045]  <TASK>
[  109.578018][ T6045]  dump_stack_lvl+0x189/0x250
[  109.578053][ T6045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  109.578082][ T6045]  ? __pfx_print_modules+0x10/0x10
[  109.578110][ T6045]  bad_page+0x180/0x1c0
[  109.578142][ T6045]  __free_frozen_pages+0xce2/0xd30
[  109.578175][ T6045]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  109.578210][ T6045]  bpf_xdp_adjust_tail+0x1d6/0x220
[  109.578232][ T6045]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  109.578248][ T6045]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  109.578287][ T6045]  do_xdp_generic+0x9f7/0x11a0
[  109.578320][ T6045]  ? __pfx_do_xdp_generic+0x10/0x10
[  109.578352][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  109.578379][ T6045]  ? tun_vnet_hdr_tnl_to_skb+0xed/0x830
[  109.578408][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  109.578433][ T6045]  tun_get_user+0x2527/0x3e90
[  109.578468][ T6045]  ? aa_file_perm+0x44d/0x1550
[  109.578488][ T6045]  ? __pfx_tun_get_user+0x10/0x10
[  109.578514][ T6045]  ? __lock_acquire+0xab9/0xd20
[  109.578541][ T6045]  ? ref_tracker_alloc+0x318/0x460
[  109.578559][ T6045]  ? __lock_acquire+0xab9/0xd20
[  109.578579][ T6045]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  109.578602][ T6045]  ? tun_get+0x1c/0x2f0
[  109.578628][ T6045]  ? tun_get+0x1c/0x2f0
[  109.578651][ T6045]  ? tun_get+0x1c/0x2f0
[  109.578677][ T6045]  tun_chr_write_iter+0x113/0x200
[  109.578703][ T6045]  vfs_write+0x5c9/0xb30
[  109.578734][ T6045]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  109.578759][ T6045]  ? __pfx_vfs_write+0x10/0x10
[  109.578789][ T6045]  ? __pfx_do_futex+0x10/0x10
[  109.578827][ T6045]  ksys_write+0x145/0x250
[  109.578857][ T6045]  ? __pfx_ksys_write+0x10/0x10
[  109.578887][ T6045]  ? do_syscall_64+0xbe/0xfa0
[  109.578922][ T6045]  do_syscall_64+0xfa/0xfa0
[  109.578951][ T6045]  ? lockdep_hardirqs_on+0x9c/0x150
[  109.578982][ T6045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.579003][ T6045]  ? clear_bhb_loop+0x60/0xb0
[  109.579026][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.579046][ T6045] RIP: 0033:0x7fef94d8e1ff
[  109.579064][ T6045] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  109.579082][ T6045] RSP: 002b:00007ffe32374fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  109.579105][ T6045] RAX: ffffffffffffffda RBX: 00007fef94fe5fa0 RCX: 00007fef94d8e1ff
[  109.579129][ T6045] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  109.579143][ T6045] RBP: 00007fef94e13f91 R08: 0000000000000000 R09: 0000000000000000
[  109.579156][ T6045] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  109.579169][ T6045] R13: 00007fef94fe5fa0 R14: 00007fef94fe5fa0 R15: 0000000000000003
[  109.579192][ T6045]  </TASK>
[  109.579205][ T6045] BUG: Bad page state in process syz.0.17  pfn:777b1
[  109.883073][ T6045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880777b1000 pfn:0x777b1
[  109.893546][ T6045] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  109.900757][ T6045] raw: 00fff00000000000 dead000000000040 ffff8880216fb000 0000000000000000
[  109.909509][ T6045] raw: ffff8880777b1000 0000000000000001 00000000ffffffff 0000000000000000
[  109.918152][ T6045] page dumped because: page_pool leak
[  109.923638][ T6045] page_owner tracks the page as allocated
[  109.929502][ T6045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6045, tgid 6045 (syz.0.17), ts 108910240332, free_ts 107316307885
[  109.946585][ T6045]  post_alloc_hook+0x234/0x290
[  109.951369][ T6045]  get_page_from_freelist+0x2365/0x2440
[  109.957076][ T6045]  __alloc_frozen_pages_noprof+0x181/0x370
[  109.962932][ T6045]  alloc_pages_bulk_noprof+0x560/0x710
[  109.968484][ T6045]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  109.974687][ T6045]  skb_pp_cow_data+0xb47/0x13e0
[  109.979627][ T6045]  do_xdp_generic+0x699/0x11a0
[  109.984435][ T6045]  tun_get_user+0x2527/0x3e90
[  109.989357][ T6045]  tun_chr_write_iter+0x113/0x200
[  109.994537][ T6045]  vfs_write+0x5c9/0xb30
[  109.998962][ T6045]  ksys_write+0x145/0x250
[  110.003352][ T6045]  do_syscall_64+0xfa/0xfa0
[  110.008137][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.014159][ T6045] page last free pid 5996 tgid 5996 stack trace:
[  110.021068][ T6045]  __free_frozen_pages+0xbc4/0xd30
[  110.026272][ T6045]  rcu_core+0xcab/0x1770
[  110.030762][ T6045]  handle_softirqs+0x286/0x870
[  110.035709][ T6045]  __irq_exit_rcu+0xca/0x1f0
[  110.040333][ T6045]  irq_exit_rcu+0x9/0x30
[  110.044591][ T6045]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  110.050380][ T6045]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  110.056517][ T6045] Modules linked in:
[  110.060518][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  110.060541][ T6045] Tainted: [B]=BAD_PAGE
[  110.060547][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  110.060555][ T6045] Call Trace:
[  110.060563][ T6045]  <TASK>
[  110.060570][ T6045]  dump_stack_lvl+0x189/0x250
[  110.060595][ T6045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.060616][ T6045]  ? __pfx_print_modules+0x10/0x10
[  110.060637][ T6045]  bad_page+0x180/0x1c0
[  110.060655][ T6045]  __free_frozen_pages+0xce2/0xd30
[  110.060682][ T6045]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  110.060709][ T6045]  bpf_xdp_adjust_tail+0x1d6/0x220
[  110.060726][ T6045]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  110.060739][ T6045]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  110.060771][ T6045]  do_xdp_generic+0x9f7/0x11a0
[  110.060802][ T6045]  ? __pfx_do_xdp_generic+0x10/0x10
[  110.060831][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  110.060856][ T6045]  ? tun_vnet_hdr_tnl_to_skb+0xed/0x830
[  110.060882][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  110.060906][ T6045]  tun_get_user+0x2527/0x3e90
[  110.060939][ T6045]  ? aa_file_perm+0x44d/0x1550
[  110.060953][ T6045]  ? __pfx_tun_get_user+0x10/0x10
[  110.060972][ T6045]  ? __lock_acquire+0xab9/0xd20
[  110.060991][ T6045]  ? ref_tracker_alloc+0x318/0x460
[  110.061005][ T6045]  ? __lock_acquire+0xab9/0xd20
[  110.061019][ T6045]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  110.061035][ T6045]  ? tun_get+0x1c/0x2f0
[  110.061053][ T6045]  ? tun_get+0x1c/0x2f0
[  110.061087][ T6045]  ? tun_get+0x1c/0x2f0
[  110.061105][ T6045]  tun_chr_write_iter+0x113/0x200
[  110.061124][ T6045]  vfs_write+0x5c9/0xb30
[  110.061147][ T6045]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  110.061164][ T6045]  ? __pfx_vfs_write+0x10/0x10
[  110.061185][ T6045]  ? __pfx_do_futex+0x10/0x10
[  110.061213][ T6045]  ksys_write+0x145/0x250
[  110.061234][ T6045]  ? __pfx_ksys_write+0x10/0x10
[  110.061256][ T6045]  ? do_syscall_64+0xbe/0xfa0
[  110.061280][ T6045]  do_syscall_64+0xfa/0xfa0
[  110.061301][ T6045]  ? lockdep_hardirqs_on+0x9c/0x150
[  110.061323][ T6045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.061337][ T6045]  ? clear_bhb_loop+0x60/0xb0
[  110.061354][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.061368][ T6045] RIP: 0033:0x7fef94d8e1ff
[  110.061382][ T6045] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  110.061394][ T6045] RSP: 002b:00007ffe32374fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  110.061410][ T6045] RAX: ffffffffffffffda RBX: 00007fef94fe5fa0 RCX: 00007fef94d8e1ff
[  110.061421][ T6045] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  110.061430][ T6045] RBP: 00007fef94e13f91 R08: 0000000000000000 R09: 0000000000000000
[  110.061439][ T6045] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  110.061448][ T6045] R13: 00007fef94fe5fa0 R14: 00007fef94fe5fa0 R15: 0000000000000003
[  110.061465][ T6045]  </TASK>
[  110.061475][ T6045] BUG: Bad page state in process syz.0.17  pfn:77733
[  110.245993][ T5928] Bluetooth: hci0: command tx timeout
[  110.247312][ T6045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888077733dc0 pfn:0x77733
[  110.377702][ T6045] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  110.384835][ T6045] raw: 00fff00000000000 dead000000000040 ffff8880216fb000 0000000000000000
[  110.393489][ T6045] raw: ffff888077733dc0 0000000000000001 00000000ffffffff 0000000000000000
[  110.402139][ T6045] page dumped because: page_pool leak
[  110.407647][ T6045] page_owner tracks the page as allocated
[  110.413392][ T6045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6045, tgid 6045 (syz.0.17), ts 108910221030, free_ts 107405763941
[  110.430297][ T6045]  post_alloc_hook+0x234/0x290
[  110.435105][ T6045]  get_page_from_freelist+0x2365/0x2440
[  110.440725][ T6045]  __alloc_frozen_pages_noprof+0x181/0x370
[  110.446808][ T6045]  alloc_pages_bulk_noprof+0x560/0x710
[  110.452315][ T6045]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  110.458465][ T6045]  skb_pp_cow_data+0xb47/0x13e0
[  110.463360][ T6045]  do_xdp_generic+0x699/0x11a0
[  110.468195][ T6045]  tun_get_user+0x2527/0x3e90
[  110.472917][ T6045]  tun_chr_write_iter+0x113/0x200
[  110.478002][ T6045]  vfs_write+0x5c9/0xb30
[  110.482381][ T6045]  ksys_write+0x145/0x250
[  110.486989][ T6045]  do_syscall_64+0xfa/0xfa0
[  110.491546][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.497611][ T6045] page last free pid 5999 tgid 5999 stack trace:
[  110.504070][ T6045]  __free_frozen_pages+0xbc4/0xd30
[  110.509248][ T6045]  rcu_core+0xcab/0x1770
[  110.513527][ T6045]  handle_softirqs+0x286/0x870
[  110.518368][ T6045]  __irq_exit_rcu+0xca/0x1f0
[  110.523176][ T6045]  irq_exit_rcu+0x9/0x30
[  110.527771][ T6045]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  110.533539][ T6045]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  110.539711][ T6045] Modules linked in:
[  110.543662][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  110.543685][ T6045] Tainted: [B]=BAD_PAGE
[  110.543690][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  110.543699][ T6045] Call Trace:
[  110.543705][ T6045]  <TASK>
[  110.543711][ T6045]  dump_stack_lvl+0x189/0x250
[  110.543737][ T6045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.543757][ T6045]  ? __pfx_print_modules+0x10/0x10
[  110.543778][ T6045]  bad_page+0x180/0x1c0
[  110.543796][ T6045]  __free_frozen_pages+0xce2/0xd30
[  110.543822][ T6045]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  110.543849][ T6045]  bpf_xdp_adjust_tail+0x1d6/0x220
[  110.543866][ T6045]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  110.543879][ T6045]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  110.543909][ T6045]  do_xdp_generic+0x9f7/0x11a0
[  110.543932][ T6045]  ? __pfx_do_xdp_generic+0x10/0x10
[  110.543955][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  110.543975][ T6045]  ? tun_vnet_hdr_tnl_to_skb+0xed/0x830
[  110.544005][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  110.544023][ T6045]  tun_get_user+0x2527/0x3e90
[  110.544048][ T6045]  ? aa_file_perm+0x44d/0x1550
[  110.544063][ T6045]  ? __pfx_tun_get_user+0x10/0x10
[  110.544081][ T6045]  ? __lock_acquire+0xab9/0xd20
[  110.544101][ T6045]  ? ref_tracker_alloc+0x318/0x460
[  110.544115][ T6045]  ? __lock_acquire+0xab9/0xd20
[  110.544129][ T6045]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  110.544146][ T6045]  ? tun_get+0x1c/0x2f0
[  110.544164][ T6045]  ? tun_get+0x1c/0x2f0
[  110.544180][ T6045]  ? tun_get+0x1c/0x2f0
[  110.544198][ T6045]  tun_chr_write_iter+0x113/0x200
[  110.544217][ T6045]  vfs_write+0x5c9/0xb30
[  110.544240][ T6045]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  110.544257][ T6045]  ? __pfx_vfs_write+0x10/0x10
[  110.544278][ T6045]  ? __pfx_do_futex+0x10/0x10
[  110.544306][ T6045]  ksys_write+0x145/0x250
[  110.544327][ T6045]  ? __pfx_ksys_write+0x10/0x10
[  110.544348][ T6045]  ? do_syscall_64+0xbe/0xfa0
[  110.544372][ T6045]  do_syscall_64+0xfa/0xfa0
[  110.544393][ T6045]  ? lockdep_hardirqs_on+0x9c/0x150
[  110.544415][ T6045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.544429][ T6045]  ? clear_bhb_loop+0x60/0xb0
[  110.544445][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.544458][ T6045] RIP: 0033:0x7fef94d8e1ff
[  110.544472][ T6045] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  110.544485][ T6045] RSP: 002b:00007ffe32374fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  110.544501][ T6045] RAX: ffffffffffffffda RBX: 00007fef94fe5fa0 RCX: 00007fef94d8e1ff
[  110.544512][ T6045] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  110.544522][ T6045] RBP: 00007fef94e13f91 R08: 0000000000000000 R09: 0000000000000000
[  110.544530][ T6045] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  110.544539][ T6045] R13: 00007fef94fe5fa0 R14: 00007fef94fe5fa0 R15: 0000000000000003
[  110.544570][ T6045]  </TASK>
[  110.544580][ T6045] BUG: Bad page state in process syz.0.17  pfn:7773f
[  110.843522][ T6045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807773f280 pfn:0x7773f
[  110.854057][ T6045] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  110.861437][ T6045] raw: 00fff00000000000 dead000000000040 ffff8880216fb000 0000000000000000
[  110.870273][ T6045] raw: ffff88807773f280 0000000000000001 00000000ffffffff 0000000000000000
[  110.878967][ T6045] page dumped because: page_pool leak
[  110.884534][ T6045] page_owner tracks the page as allocated
[  110.890336][ T6045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6045, tgid 6045 (syz.0.17), ts 108910202582, free_ts 107405877493
[  110.907362][ T6045]  post_alloc_hook+0x234/0x290
[  110.912151][ T6045]  get_page_from_freelist+0x2365/0x2440
[  110.917839][ T6045]  __alloc_frozen_pages_noprof+0x181/0x370
[  110.923773][ T6045]  alloc_pages_bulk_noprof+0x560/0x710
[  110.929326][ T6045]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  110.935448][ T6045]  skb_pp_cow_data+0xb47/0x13e0
[  110.940385][ T6045]  do_xdp_generic+0x699/0x11a0
[  110.945189][ T6045]  tun_get_user+0x2527/0x3e90
[  110.949938][ T6045]  tun_chr_write_iter+0x113/0x200
[  110.955063][ T6045]  vfs_write+0x5c9/0xb30
[  110.959377][ T6045]  ksys_write+0x145/0x250
[  110.963792][ T6045]  do_syscall_64+0xfa/0xfa0
[  110.968363][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.974300][ T6045] page last free pid 5999 tgid 5999 stack trace:
[  110.980719][ T6045]  __free_frozen_pages+0xbc4/0xd30
[  110.985928][ T6045]  rcu_core+0xcab/0x1770
[  110.990178][ T6045]  handle_softirqs+0x286/0x870
[  110.995032][ T6045]  __irq_exit_rcu+0xca/0x1f0
[  110.999677][ T6045]  irq_exit_rcu+0x9/0x30
[  111.003955][ T6045]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  111.009756][ T6045]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  111.016138][ T6045] Modules linked in:
[  111.020051][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  111.020072][ T6045] Tainted: [B]=BAD_PAGE
[  111.020077][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  111.020086][ T6045] Call Trace:
[  111.020093][ T6045]  <TASK>
[  111.020100][ T6045]  dump_stack_lvl+0x189/0x250
[  111.020126][ T6045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.020146][ T6045]  ? __pfx_print_modules+0x10/0x10
[  111.020166][ T6045]  bad_page+0x180/0x1c0
[  111.020184][ T6045]  __free_frozen_pages+0xce2/0xd30
[  111.020209][ T6045]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  111.020236][ T6045]  bpf_xdp_adjust_tail+0x1d6/0x220
[  111.020252][ T6045]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  111.020265][ T6045]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  111.020295][ T6045]  do_xdp_generic+0x9f7/0x11a0
[  111.020318][ T6045]  ? __pfx_do_xdp_generic+0x10/0x10
[  111.020341][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  111.020361][ T6045]  ? tun_vnet_hdr_tnl_to_skb+0xed/0x830
[  111.020381][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  111.020399][ T6045]  tun_get_user+0x2527/0x3e90
[  111.020423][ T6045]  ? aa_file_perm+0x44d/0x1550
[  111.020437][ T6045]  ? __pfx_tun_get_user+0x10/0x10
[  111.020456][ T6045]  ? __lock_acquire+0xab9/0xd20
[  111.020475][ T6045]  ? ref_tracker_alloc+0x318/0x460
[  111.020490][ T6045]  ? __lock_acquire+0xab9/0xd20
[  111.020504][ T6045]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  111.020519][ T6045]  ? tun_get+0x1c/0x2f0
[  111.020538][ T6045]  ? tun_get+0x1c/0x2f0
[  111.020554][ T6045]  ? tun_get+0x1c/0x2f0
[  111.020572][ T6045]  tun_chr_write_iter+0x113/0x200
[  111.020591][ T6045]  vfs_write+0x5c9/0xb30
[  111.020613][ T6045]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  111.020630][ T6045]  ? __pfx_vfs_write+0x10/0x10
[  111.020651][ T6045]  ? __pfx_do_futex+0x10/0x10
[  111.020678][ T6045]  ksys_write+0x145/0x250
[  111.020699][ T6045]  ? __pfx_ksys_write+0x10/0x10
[  111.020721][ T6045]  ? do_syscall_64+0xbe/0xfa0
[  111.020749][ T6045]  do_syscall_64+0xfa/0xfa0
[  111.020770][ T6045]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.020792][ T6045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.020806][ T6045]  ? clear_bhb_loop+0x60/0xb0
[  111.020822][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.020841][ T6045] RIP: 0033:0x7fef94d8e1ff
[  111.020854][ T6045] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  111.020866][ T6045] RSP: 002b:00007ffe32374fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  111.020882][ T6045] RAX: ffffffffffffffda RBX: 00007fef94fe5fa0 RCX: 00007fef94d8e1ff
[  111.020893][ T6045] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  111.020902][ T6045] RBP: 00007fef94e13f91 R08: 0000000000000000 R09: 0000000000000000
[  111.020911][ T6045] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  111.020920][ T6045] R13: 00007fef94fe5fa0 R14: 00007fef94fe5fa0 R15: 0000000000000003
[  111.020940][ T6045]  </TASK>
[  111.020949][ T6045] BUG: Bad page state in process syz.0.17  pfn:77666
[  111.320890][ T6045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880776668c0 pfn:0x77666
[  111.331780][ T6045] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  111.339236][ T6045] raw: 00fff00000000000 dead000000000040 ffff8880216fb000 0000000000000000
[  111.348366][ T6045] raw: ffff8880776668c0 0000000000000001 00000000ffffffff 0000000000000000
[  111.357125][ T6045] page dumped because: page_pool leak
[  111.362607][ T6045] page_owner tracks the page as allocated
[  111.368421][ T6045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6045, tgid 6045 (syz.0.17), ts 108910123866, free_ts 107405916830
[  111.385857][ T6045]  post_alloc_hook+0x234/0x290
[  111.390657][ T6045]  get_page_from_freelist+0x2365/0x2440
[  111.396282][ T6045]  __alloc_frozen_pages_noprof+0x181/0x370
[  111.402133][ T6045]  alloc_pages_bulk_noprof+0x560/0x710
[  111.407804][ T6045]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  111.414121][ T6045]  skb_pp_cow_data+0xb47/0x13e0
[  111.419137][ T6045]  do_xdp_generic+0x699/0x11a0
[  111.424036][ T6045]  tun_get_user+0x2527/0x3e90
[  111.428896][ T6045]  tun_chr_write_iter+0x113/0x200
[  111.434129][ T6045]  vfs_write+0x5c9/0xb30
[  111.438449][ T6045]  ksys_write+0x145/0x250
[  111.442919][ T6045]  do_syscall_64+0xfa/0xfa0
[  111.447503][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.453436][ T6045] page last free pid 5999 tgid 5999 stack trace:
[  111.459908][ T6045]  __free_frozen_pages+0xbc4/0xd30
[  111.465112][ T6045]  rcu_core+0xcab/0x1770
[  111.469446][ T6045]  handle_softirqs+0x286/0x870
[  111.474336][ T6045]  __irq_exit_rcu+0xca/0x1f0
[  111.479083][ T6045]  irq_exit_rcu+0x9/0x30
[  111.483360][ T6045]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  111.489853][ T6045]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  111.496069][ T6045] Modules linked in:
[  111.499997][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  111.500018][ T6045] Tainted: [B]=BAD_PAGE
[  111.500023][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  111.500032][ T6045] Call Trace:
[  111.500039][ T6045]  <TASK>
[  111.500047][ T6045]  dump_stack_lvl+0x189/0x250
[  111.500072][ T6045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.500093][ T6045]  ? __pfx_print_modules+0x10/0x10
[  111.500113][ T6045]  bad_page+0x180/0x1c0
[  111.500131][ T6045]  __free_frozen_pages+0xce2/0xd30
[  111.500157][ T6045]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  111.500184][ T6045]  bpf_xdp_adjust_tail+0x1d6/0x220
[  111.500200][ T6045]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  111.500213][ T6045]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  111.500243][ T6045]  do_xdp_generic+0x9f7/0x11a0
[  111.500266][ T6045]  ? __pfx_do_xdp_generic+0x10/0x10
[  111.500289][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  111.500309][ T6045]  ? tun_vnet_hdr_tnl_to_skb+0xed/0x830
[  111.500329][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  111.500346][ T6045]  tun_get_user+0x2527/0x3e90
[  111.500371][ T6045]  ? aa_file_perm+0x44d/0x1550
[  111.500385][ T6045]  ? __pfx_tun_get_user+0x10/0x10
[  111.500404][ T6045]  ? __lock_acquire+0xab9/0xd20
[  111.500423][ T6045]  ? ref_tracker_alloc+0x318/0x460
[  111.500436][ T6045]  ? __lock_acquire+0xab9/0xd20
[  111.500450][ T6045]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  111.500466][ T6045]  ? tun_get+0x1c/0x2f0
[  111.500485][ T6045]  ? tun_get+0x1c/0x2f0
[  111.500501][ T6045]  ? tun_get+0x1c/0x2f0
[  111.500519][ T6045]  tun_chr_write_iter+0x113/0x200
[  111.500537][ T6045]  vfs_write+0x5c9/0xb30
[  111.500560][ T6045]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  111.500577][ T6045]  ? __pfx_vfs_write+0x10/0x10
[  111.500598][ T6045]  ? __pfx_do_futex+0x10/0x10
[  111.500625][ T6045]  ksys_write+0x145/0x250
[  111.500646][ T6045]  ? __pfx_ksys_write+0x10/0x10
[  111.500666][ T6045]  ? do_syscall_64+0xbe/0xfa0
[  111.500694][ T6045]  do_syscall_64+0xfa/0xfa0
[  111.500716][ T6045]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.500737][ T6045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.500751][ T6045]  ? clear_bhb_loop+0x60/0xb0
[  111.500767][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.500782][ T6045] RIP: 0033:0x7fef94d8e1ff
[  111.500795][ T6045] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  111.500807][ T6045] RSP: 002b:00007ffe32374fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  111.500822][ T6045] RAX: ffffffffffffffda RBX: 00007fef94fe5fa0 RCX: 00007fef94d8e1ff
[  111.500833][ T6045] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  111.500843][ T6045] RBP: 00007fef94e13f91 R08: 0000000000000000 R09: 0000000000000000
[  111.500852][ T6045] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  111.500861][ T6045] R13: 00007fef94fe5fa0 R14: 00007fef94fe5fa0 R15: 0000000000000003
[  111.500877][ T6045]  </TASK>
[  111.500886][ T6045] BUG: Bad page state in process syz.0.17  pfn:7768a
[  111.800536][ T6045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x7768a
[  111.810924][ T6045] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  111.818108][ T6045] raw: 00fff00000000000 dead000000000040 ffff8880216fb000 0000000000000000
[  111.826919][ T6045] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  111.835525][ T6045] page dumped because: page_pool leak
[  111.841057][ T6045] page_owner tracks the page as allocated
[  111.847000][ T6045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6045, tgid 6045 (syz.0.17), ts 108910104644, free_ts 107446316303
[  111.864129][ T6045]  post_alloc_hook+0x234/0x290
[  111.868983][ T6045]  get_page_from_freelist+0x2365/0x2440
[  111.874619][ T6045]  __alloc_frozen_pages_noprof+0x181/0x370
[  111.880498][ T6045]  alloc_pages_bulk_noprof+0x560/0x710
[  111.886206][ T6045]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  111.892502][ T6045]  skb_pp_cow_data+0xb47/0x13e0
[  111.897433][ T6045]  do_xdp_generic+0x699/0x11a0
[  111.902248][ T6045]  tun_get_user+0x2527/0x3e90
[  111.907053][ T6045]  tun_chr_write_iter+0x113/0x200
[  111.912122][ T6045]  vfs_write+0x5c9/0xb30
[  111.916668][ T6045]  ksys_write+0x145/0x250
[  111.921076][ T6045]  do_syscall_64+0xfa/0xfa0
[  111.925606][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.931655][ T6045] page last free pid 23 tgid 23 stack trace:
[  111.938092][ T6045]  __free_frozen_pages+0xbc4/0xd30
[  111.943332][ T6045]  tlb_remove_table_rcu+0x85/0x100
[  111.948497][ T6045]  rcu_core+0xcab/0x1770
[  111.952765][ T6045]  handle_softirqs+0x286/0x870
[  111.957589][ T6045]  run_ksoftirqd+0x9b/0x100
[  111.962133][ T6045]  smpboot_thread_fn+0x542/0xa60
[  111.967155][ T6045]  kthread+0x711/0x8a0
[  111.971266][ T6045]  ret_from_fork+0x4bc/0x870
[  111.976010][ T6045]  ret_from_fork_asm+0x1a/0x30
[  111.980939][ T6045] Modules linked in:
[  111.984852][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  111.984874][ T6045] Tainted: [B]=BAD_PAGE
[  111.984880][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  111.984889][ T6045] Call Trace:
[  111.984897][ T6045]  <TASK>
[  111.984903][ T6045]  dump_stack_lvl+0x189/0x250
[  111.984928][ T6045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.984949][ T6045]  ? __pfx_print_modules+0x10/0x10
[  111.984969][ T6045]  bad_page+0x180/0x1c0
[  111.984987][ T6045]  __free_frozen_pages+0xce2/0xd30
[  111.985013][ T6045]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  111.985040][ T6045]  bpf_xdp_adjust_tail+0x1d6/0x220
[  111.985057][ T6045]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  111.985069][ T6045]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  111.985098][ T6045]  do_xdp_generic+0x9f7/0x11a0
[  111.985120][ T6045]  ? __pfx_do_xdp_generic+0x10/0x10
[  111.985143][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  111.985162][ T6045]  ? tun_vnet_hdr_tnl_to_skb+0xed/0x830
[  111.985182][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  111.985199][ T6045]  tun_get_user+0x2527/0x3e90
[  111.985226][ T6045]  ? aa_file_perm+0x44d/0x1550
[  111.985246][ T6045]  ? __pfx_tun_get_user+0x10/0x10
[  111.985273][ T6045]  ? __lock_acquire+0xab9/0xd20
[  111.985300][ T6045]  ? ref_tracker_alloc+0x318/0x460
[  111.985314][ T6045]  ? __lock_acquire+0xab9/0xd20
[  111.985328][ T6045]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  111.985344][ T6045]  ? tun_get+0x1c/0x2f0
[  111.985362][ T6045]  ? tun_get+0x1c/0x2f0
[  111.985378][ T6045]  ? tun_get+0x1c/0x2f0
[  111.985396][ T6045]  tun_chr_write_iter+0x113/0x200
[  111.985415][ T6045]  vfs_write+0x5c9/0xb30
[  111.985437][ T6045]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  111.985455][ T6045]  ? __pfx_vfs_write+0x10/0x10
[  111.985476][ T6045]  ? __pfx_do_futex+0x10/0x10
[  111.985503][ T6045]  ksys_write+0x145/0x250
[  111.985524][ T6045]  ? __pfx_ksys_write+0x10/0x10
[  111.985562][ T6045]  ? do_syscall_64+0xbe/0xfa0
[  111.985586][ T6045]  do_syscall_64+0xfa/0xfa0
[  111.985607][ T6045]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.985643][ T6045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.985663][ T6045]  ? clear_bhb_loop+0x60/0xb0
[  111.985684][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.985704][ T6045] RIP: 0033:0x7fef94d8e1ff
[  111.985719][ T6045] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  111.985731][ T6045] RSP: 002b:00007ffe32374fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  111.985747][ T6045] RAX: ffffffffffffffda RBX: 00007fef94fe5fa0 RCX: 00007fef94d8e1ff
[  111.985758][ T6045] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  111.985767][ T6045] RBP: 00007fef94e13f91 R08: 0000000000000000 R09: 0000000000000000
[  111.985776][ T6045] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  111.985785][ T6045] R13: 00007fef94fe5fa0 R14: 00007fef94fe5fa0 R15: 0000000000000003
[  111.985801][ T6045]  </TASK>
[  112.278203][ T6045] BUG: Bad page state in process syz.0.17  pfn:7642a
[  112.284991][ T6045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807642a000 pfn:0x7642a
[  112.295339][ T6045] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  112.303165][ T6045] raw: 00fff00000000000 dead000000000040 ffff8880216fb000 0000000000000000
[  112.311872][ T6045] raw: ffff88807642a000 0000000000000001 00000000ffffffff 0000000000000000
[  112.320956][ T6045] page dumped because: page_pool leak
[  112.325813][ T5928] Bluetooth: hci0: command tx timeout
[  112.326368][ T6045] page_owner tracks the page as allocated
[  112.337871][ T6045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6045, tgid 6045 (syz.0.17), ts 108910085001, free_ts 107446340790
[  112.356048][ T6045]  post_alloc_hook+0x234/0x290
[  112.361056][ T6045]  get_page_from_freelist+0x2365/0x2440
[  112.366888][ T6045]  __alloc_frozen_pages_noprof+0x181/0x370
[  112.372966][ T6045]  alloc_pages_bulk_noprof+0x560/0x710
[  112.378863][ T6045]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  112.385523][ T6045]  skb_pp_cow_data+0xb47/0x13e0
[  112.390689][ T6045]  do_xdp_generic+0x699/0x11a0
[  112.395513][ T6045]  tun_get_user+0x2527/0x3e90
[  112.400307][ T6045]  tun_chr_write_iter+0x113/0x200
[  112.405564][ T6045]  vfs_write+0x5c9/0xb30
[  112.410008][ T6045]  ksys_write+0x145/0x250
[  112.414487][ T6045]  do_syscall_64+0xfa/0xfa0
[  112.419161][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.425096][ T6045] page last free pid 23 tgid 23 stack trace:
[  112.431259][ T6045]  __free_frozen_pages+0xbc4/0xd30
[  112.436535][ T6045]  tlb_remove_table_rcu+0x85/0x100
[  112.441920][ T6045]  rcu_core+0xcab/0x1770
[  112.446212][ T6045]  handle_softirqs+0x286/0x870
[  112.451089][ T6045]  run_ksoftirqd+0x9b/0x100
[  112.455812][ T6045]  smpboot_thread_fn+0x542/0xa60
[  112.460968][ T6045]  kthread+0x711/0x8a0
[  112.465105][ T6045]  ret_from_fork+0x4bc/0x870
[  112.469877][ T6045]  ret_from_fork_asm+0x1a/0x30
[  112.474994][ T6045] Modules linked in:
[  112.479089][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  112.479121][ T6045] Tainted: [B]=BAD_PAGE
[  112.479129][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  112.479141][ T6045] Call Trace:
[  112.479152][ T6045]  <TASK>
[  112.479163][ T6045]  dump_stack_lvl+0x189/0x250
[  112.479199][ T6045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.479225][ T6045]  ? __pfx_print_modules+0x10/0x10
[  112.479250][ T6045]  bad_page+0x180/0x1c0
[  112.479273][ T6045]  __free_frozen_pages+0xce2/0xd30
[  112.479307][ T6045]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  112.479345][ T6045]  bpf_xdp_adjust_tail+0x1d6/0x220
[  112.479367][ T6045]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  112.479384][ T6045]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  112.479425][ T6045]  do_xdp_generic+0x9f7/0x11a0
[  112.479458][ T6045]  ? __pfx_do_xdp_generic+0x10/0x10
[  112.479491][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  112.479519][ T6045]  ? tun_vnet_hdr_tnl_to_skb+0xed/0x830
[  112.479546][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  112.479623][ T6045]  tun_get_user+0x2527/0x3e90
[  112.479659][ T6045]  ? aa_file_perm+0x44d/0x1550
[  112.479680][ T6045]  ? __pfx_tun_get_user+0x10/0x10
[  112.479708][ T6045]  ? __lock_acquire+0xab9/0xd20
[  112.479735][ T6045]  ? ref_tracker_alloc+0x318/0x460
[  112.479755][ T6045]  ? __lock_acquire+0xab9/0xd20
[  112.479776][ T6045]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  112.479799][ T6045]  ? tun_get+0x1c/0x2f0
[  112.479826][ T6045]  ? tun_get+0x1c/0x2f0
[  112.479849][ T6045]  ? tun_get+0x1c/0x2f0
[  112.479873][ T6045]  tun_chr_write_iter+0x113/0x200
[  112.479897][ T6045]  vfs_write+0x5c9/0xb30
[  112.479927][ T6045]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  112.479953][ T6045]  ? __pfx_vfs_write+0x10/0x10
[  112.479983][ T6045]  ? __pfx_do_futex+0x10/0x10
[  112.480023][ T6045]  ksys_write+0x145/0x250
[  112.480053][ T6045]  ? __pfx_ksys_write+0x10/0x10
[  112.480084][ T6045]  ? do_syscall_64+0xbe/0xfa0
[  112.480118][ T6045]  do_syscall_64+0xfa/0xfa0
[  112.480147][ T6045]  ? lockdep_hardirqs_on+0x9c/0x150
[  112.480178][ T6045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.480198][ T6045]  ? clear_bhb_loop+0x60/0xb0
[  112.480222][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.480242][ T6045] RIP: 0033:0x7fef94d8e1ff
[  112.480261][ T6045] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  112.480279][ T6045] RSP: 002b:00007ffe32374fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  112.480301][ T6045] RAX: ffffffffffffffda RBX: 00007fef94fe5fa0 RCX: 00007fef94d8e1ff
[  112.480318][ T6045] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  112.480331][ T6045] RBP: 00007fef94e13f91 R08: 0000000000000000 R09: 0000000000000000
[  112.480345][ T6045] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  112.480357][ T6045] R13: 00007fef94fe5fa0 R14: 00007fef94fe5fa0 R15: 0000000000000003
[  112.480381][ T6045]  </TASK>
[  112.480393][ T6045] BUG: Bad page state in process syz.0.17  pfn:777d8
[  112.784667][ T6045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x777d8
[  112.795074][ T6045] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  112.802379][ T6045] raw: 00fff00000000000 dead000000000040 ffff8880216fb000 0000000000000000
[  112.811173][ T6045] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  112.820017][ T6045] page dumped because: page_pool leak
[  112.825397][ T6045] page_owner tracks the page as allocated
[  112.831386][ T6045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6045, tgid 6045 (syz.0.17), ts 108910065924, free_ts 107446365525
[  112.848892][ T6045]  post_alloc_hook+0x234/0x290
[  112.853716][ T6045]  get_page_from_freelist+0x2365/0x2440
[  112.859349][ T6045]  __alloc_frozen_pages_noprof+0x181/0x370
[  112.865191][ T6045]  alloc_pages_bulk_noprof+0x560/0x710
[  112.870794][ T6045]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  112.876961][ T6045]  skb_pp_cow_data+0xb47/0x13e0
[  112.882095][ T6045]  do_xdp_generic+0x699/0x11a0
[  112.887274][ T6045]  tun_get_user+0x2527/0x3e90
[  112.892083][ T6045]  tun_chr_write_iter+0x113/0x200
[  112.897199][ T6045]  vfs_write+0x5c9/0xb30
[  112.901836][ T6045]  ksys_write+0x145/0x250
[  112.906246][ T6045]  do_syscall_64+0xfa/0xfa0
[  112.910983][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.916957][ T6045] page last free pid 23 tgid 23 stack trace:
[  112.923147][ T6045]  __free_frozen_pages+0xbc4/0xd30
[  112.928436][ T6045]  tlb_remove_table_rcu+0x85/0x100
[  112.933624][ T6045]  rcu_core+0xcab/0x1770
[  112.937944][ T6045]  handle_softirqs+0x286/0x870
[  112.942841][ T6045]  run_ksoftirqd+0x9b/0x100
[  112.947649][ T6045]  smpboot_thread_fn+0x542/0xa60
[  112.952639][ T6045]  kthread+0x711/0x8a0
[  112.956788][ T6045]  ret_from_fork+0x4bc/0x870
[  112.961423][ T6045]  ret_from_fork_asm+0x1a/0x30
[  112.966353][ T6045] Modules linked in:
[  112.970456][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  112.970480][ T6045] Tainted: [B]=BAD_PAGE
[  112.970485][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  112.970494][ T6045] Call Trace:
[  112.970500][ T6045]  <TASK>
[  112.970506][ T6045]  dump_stack_lvl+0x189/0x250
[  112.970532][ T6045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.970591][ T6045]  ? __pfx_print_modules+0x10/0x10
[  112.970612][ T6045]  bad_page+0x180/0x1c0
[  112.970630][ T6045]  __free_frozen_pages+0xce2/0xd30
[  112.970656][ T6045]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  112.970683][ T6045]  bpf_xdp_adjust_tail+0x1d6/0x220
[  112.970699][ T6045]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  112.970712][ T6045]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  112.970742][ T6045]  do_xdp_generic+0x9f7/0x11a0
[  112.970765][ T6045]  ? __pfx_do_xdp_generic+0x10/0x10
[  112.970788][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  112.970809][ T6045]  ? tun_vnet_hdr_tnl_to_skb+0xed/0x830
[  112.970829][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  112.970847][ T6045]  tun_get_user+0x2527/0x3e90
[  112.970871][ T6045]  ? aa_file_perm+0x44d/0x1550
[  112.970885][ T6045]  ? __pfx_tun_get_user+0x10/0x10
[  112.970904][ T6045]  ? __lock_acquire+0xab9/0xd20
[  112.970923][ T6045]  ? ref_tracker_alloc+0x318/0x460
[  112.970936][ T6045]  ? __lock_acquire+0xab9/0xd20
[  112.970949][ T6045]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  112.970965][ T6045]  ? tun_get+0x1c/0x2f0
[  112.970983][ T6045]  ? tun_get+0x1c/0x2f0
[  112.970998][ T6045]  ? tun_get+0x1c/0x2f0
[  112.971016][ T6045]  tun_chr_write_iter+0x113/0x200
[  112.971034][ T6045]  vfs_write+0x5c9/0xb30
[  112.971056][ T6045]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  112.971073][ T6045]  ? __pfx_vfs_write+0x10/0x10
[  112.971093][ T6045]  ? __pfx_do_futex+0x10/0x10
[  112.971119][ T6045]  ksys_write+0x145/0x250
[  112.971140][ T6045]  ? __pfx_ksys_write+0x10/0x10
[  112.971161][ T6045]  ? do_syscall_64+0xbe/0xfa0
[  112.971184][ T6045]  do_syscall_64+0xfa/0xfa0
[  112.971204][ T6045]  ? lockdep_hardirqs_on+0x9c/0x150
[  112.971225][ T6045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.971239][ T6045]  ? clear_bhb_loop+0x60/0xb0
[  112.971255][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.971268][ T6045] RIP: 0033:0x7fef94d8e1ff
[  112.971281][ T6045] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  112.971294][ T6045] RSP: 002b:00007ffe32374fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  112.971310][ T6045] RAX: ffffffffffffffda RBX: 00007fef94fe5fa0 RCX: 00007fef94d8e1ff
[  112.971321][ T6045] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  112.971330][ T6045] RBP: 00007fef94e13f91 R08: 0000000000000000 R09: 0000000000000000
[  112.971339][ T6045] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  112.971348][ T6045] R13: 00007fef94fe5fa0 R14: 00007fef94fe5fa0 R15: 0000000000000003
[  112.971364][ T6045]  </TASK>
[  112.971373][ T6045] BUG: Bad page state in process syz.0.17  pfn:7767e
[  113.272423][ T6045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807767ee00 pfn:0x7767e
[  113.282584][ T6045] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  113.289871][ T6045] raw: 00fff00000000000 dead000000000040 ffff8880216fb000 0000000000000000
[  113.298561][ T6045] raw: ffff88807767ee00 0000000000000001 00000000ffffffff 0000000000000000
[  113.310854][ T6045] page dumped because: page_pool leak
[  113.316773][ T6045] page_owner tracks the page as allocated
[  113.322549][ T6045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6045, tgid 6045 (syz.0.17), ts 108910046773, free_ts 107446379161
[  113.339809][ T6045]  post_alloc_hook+0x234/0x290
[  113.344714][ T6045]  get_page_from_freelist+0x2365/0x2440
[  113.350518][ T6045]  __alloc_frozen_pages_noprof+0x181/0x370
[  113.356402][ T6045]  alloc_pages_bulk_noprof+0x560/0x710
[  113.362021][ T6045]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  113.368413][ T6045]  skb_pp_cow_data+0xb47/0x13e0
[  113.374030][ T6045]  do_xdp_generic+0x699/0x11a0
[  113.378962][ T6045]  tun_get_user+0x2527/0x3e90
[  113.383686][ T6045]  tun_chr_write_iter+0x113/0x200
[  113.388834][ T6045]  vfs_write+0x5c9/0xb30
[  113.393212][ T6045]  ksys_write+0x145/0x250
[  113.397659][ T6045]  do_syscall_64+0xfa/0xfa0
[  113.402210][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.408209][ T6045] page last free pid 23 tgid 23 stack trace:
[  113.414232][ T6045]  __free_frozen_pages+0xbc4/0xd30
[  113.419440][ T6045]  tlb_remove_table_rcu+0x85/0x100
[  113.424848][ T6045]  rcu_core+0xcab/0x1770
[  113.429173][ T6045]  handle_softirqs+0x286/0x870
[  113.434155][ T6045]  run_ksoftirqd+0x9b/0x100
[  113.438793][ T6045]  smpboot_thread_fn+0x542/0xa60
[  113.444266][ T6045]  kthread+0x711/0x8a0
[  113.448655][ T6045]  ret_from_fork+0x4bc/0x870
[  113.453463][ T6045]  ret_from_fork_asm+0x1a/0x30
[  113.458306][ T6045] Modules linked in:
[  113.462244][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  113.462268][ T6045] Tainted: [B]=BAD_PAGE
[  113.462273][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  113.462283][ T6045] Call Trace:
[  113.462289][ T6045]  <TASK>
[  113.462295][ T6045]  dump_stack_lvl+0x189/0x250
[  113.462320][ T6045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  113.462341][ T6045]  ? __pfx_print_modules+0x10/0x10
[  113.462366][ T6045]  bad_page+0x180/0x1c0
[  113.462385][ T6045]  __free_frozen_pages+0xce2/0xd30
[  113.462410][ T6045]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  113.462437][ T6045]  bpf_xdp_adjust_tail+0x1d6/0x220
[  113.462454][ T6045]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  113.462467][ T6045]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  113.462501][ T6045]  do_xdp_generic+0x9f7/0x11a0
[  113.462525][ T6045]  ? __pfx_do_xdp_generic+0x10/0x10
[  113.462548][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  113.462568][ T6045]  ? tun_vnet_hdr_tnl_to_skb+0xed/0x830
[  113.462588][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  113.462606][ T6045]  tun_get_user+0x2527/0x3e90
[  113.462631][ T6045]  ? aa_file_perm+0x44d/0x1550
[  113.462645][ T6045]  ? __pfx_tun_get_user+0x10/0x10
[  113.462664][ T6045]  ? __lock_acquire+0xab9/0xd20
[  113.462683][ T6045]  ? ref_tracker_alloc+0x318/0x460
[  113.462696][ T6045]  ? __lock_acquire+0xab9/0xd20
[  113.462710][ T6045]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  113.462727][ T6045]  ? tun_get+0x1c/0x2f0
[  113.462745][ T6045]  ? tun_get+0x1c/0x2f0
[  113.462761][ T6045]  ? tun_get+0x1c/0x2f0
[  113.462779][ T6045]  tun_chr_write_iter+0x113/0x200
[  113.462798][ T6045]  vfs_write+0x5c9/0xb30
[  113.462820][ T6045]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  113.462838][ T6045]  ? __pfx_vfs_write+0x10/0x10
[  113.462859][ T6045]  ? __pfx_do_futex+0x10/0x10
[  113.462886][ T6045]  ksys_write+0x145/0x250
[  113.462908][ T6045]  ? __pfx_ksys_write+0x10/0x10
[  113.462929][ T6045]  ? do_syscall_64+0xbe/0xfa0
[  113.462953][ T6045]  do_syscall_64+0xfa/0xfa0
[  113.462974][ T6045]  ? lockdep_hardirqs_on+0x9c/0x150
[  113.462995][ T6045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.463009][ T6045]  ? clear_bhb_loop+0x60/0xb0
[  113.463024][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.463038][ T6045] RIP: 0033:0x7fef94d8e1ff
[  113.463051][ T6045] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  113.463064][ T6045] RSP: 002b:00007ffe32374fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  113.463080][ T6045] RAX: ffffffffffffffda RBX: 00007fef94fe5fa0 RCX: 00007fef94d8e1ff
[  113.463091][ T6045] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  113.463101][ T6045] RBP: 00007fef94e13f91 R08: 0000000000000000 R09: 0000000000000000
[  113.463110][ T6045] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  113.463119][ T6045] R13: 00007fef94fe5fa0 R14: 00007fef94fe5fa0 R15: 0000000000000003
[  113.463135][ T6045]  </TASK>
[  113.463144][ T6045] BUG: Bad page state in process syz.0.17  pfn:757ba
[  113.763133][ T6045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x757ba
[  113.771983][ T6045] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  113.779195][ T6045] raw: 00fff00000000000 dead000000000040 ffff8880216fb000 0000000000000000
[  113.787891][ T6045] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  113.796545][ T6045] page dumped because: page_pool leak
[  113.802072][ T6045] page_owner tracks the page as allocated
[  113.807953][ T6045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6045, tgid 6045 (syz.0.17), ts 108910027603, free_ts 107446403931
[  113.824995][ T6045]  post_alloc_hook+0x234/0x290
[  113.830118][ T6045]  get_page_from_freelist+0x2365/0x2440
[  113.835762][ T6045]  __alloc_frozen_pages_noprof+0x181/0x370
[  113.841798][ T6045]  alloc_pages_bulk_noprof+0x560/0x710
[  113.847528][ T6045]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  113.853819][ T6045]  skb_pp_cow_data+0xb47/0x13e0
[  113.858824][ T6045]  do_xdp_generic+0x699/0x11a0
[  113.863837][ T6045]  tun_get_user+0x2527/0x3e90
[  113.868712][ T6045]  tun_chr_write_iter+0x113/0x200
[  113.873784][ T6045]  vfs_write+0x5c9/0xb30
[  113.878123][ T6045]  ksys_write+0x145/0x250
[  113.882541][ T6045]  do_syscall_64+0xfa/0xfa0
[  113.887152][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.893086][ T6045] page last free pid 23 tgid 23 stack trace:
[  113.899236][ T6045]  __free_frozen_pages+0xbc4/0xd30
[  113.904406][ T6045]  tlb_remove_table_rcu+0x85/0x100
[  113.909625][ T6045]  rcu_core+0xcab/0x1770
[  113.913908][ T6045]  handle_softirqs+0x286/0x870
[  113.918779][ T6045]  run_ksoftirqd+0x9b/0x100
[  113.923328][ T6045]  smpboot_thread_fn+0x542/0xa60
[  113.928475][ T6045]  kthread+0x711/0x8a0
[  113.932594][ T6045]  ret_from_fork+0x4bc/0x870
[  113.937276][ T6045]  ret_from_fork_asm+0x1a/0x30
[  113.942069][ T6045] Modules linked in:
[  113.946099][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  113.946128][ T6045] Tainted: [B]=BAD_PAGE
[  113.946135][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  113.946148][ T6045] Call Trace:
[  113.946157][ T6045]  <TASK>
[  113.946167][ T6045]  dump_stack_lvl+0x189/0x250
[  113.946199][ T6045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  113.946225][ T6045]  ? __pfx_print_modules+0x10/0x10
[  113.946252][ T6045]  bad_page+0x180/0x1c0
[  113.946276][ T6045]  __free_frozen_pages+0xce2/0xd30
[  113.946323][ T6045]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  113.946361][ T6045]  bpf_xdp_adjust_tail+0x1d6/0x220
[  113.946384][ T6045]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  113.946398][ T6045]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  113.946432][ T6045]  do_xdp_generic+0x9f7/0x11a0
[  113.946461][ T6045]  ? __pfx_do_xdp_generic+0x10/0x10
[  113.946494][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  113.946519][ T6045]  ? tun_vnet_hdr_tnl_to_skb+0xed/0x830
[  113.946547][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  113.946573][ T6045]  tun_get_user+0x2527/0x3e90
[  113.946609][ T6045]  ? aa_file_perm+0x44d/0x1550
[  113.946675][ T6045]  ? __pfx_tun_get_user+0x10/0x10
[  113.946703][ T6045]  ? __lock_acquire+0xab9/0xd20
[  113.946730][ T6045]  ? ref_tracker_alloc+0x318/0x460
[  113.946750][ T6045]  ? __lock_acquire+0xab9/0xd20
[  113.946770][ T6045]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  113.946794][ T6045]  ? tun_get+0x1c/0x2f0
[  113.946820][ T6045]  ? tun_get+0x1c/0x2f0
[  113.946843][ T6045]  ? tun_get+0x1c/0x2f0
[  113.946869][ T6045]  tun_chr_write_iter+0x113/0x200
[  113.946895][ T6045]  vfs_write+0x5c9/0xb30
[  113.946927][ T6045]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  113.946952][ T6045]  ? __pfx_vfs_write+0x10/0x10
[  113.946982][ T6045]  ? __pfx_do_futex+0x10/0x10
[  113.947021][ T6045]  ksys_write+0x145/0x250
[  113.947052][ T6045]  ? __pfx_ksys_write+0x10/0x10
[  113.947084][ T6045]  ? do_syscall_64+0xbe/0xfa0
[  113.947117][ T6045]  do_syscall_64+0xfa/0xfa0
[  113.947147][ T6045]  ? lockdep_hardirqs_on+0x9c/0x150
[  113.947178][ T6045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.947198][ T6045]  ? clear_bhb_loop+0x60/0xb0
[  113.947222][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.947242][ T6045] RIP: 0033:0x7fef94d8e1ff
[  113.947261][ T6045] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  113.947279][ T6045] RSP: 002b:00007ffe32374fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  113.947301][ T6045] RAX: ffffffffffffffda RBX: 00007fef94fe5fa0 RCX: 00007fef94d8e1ff
[  113.947317][ T6045] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  113.947331][ T6045] RBP: 00007fef94e13f91 R08: 0000000000000000 R09: 0000000000000000
[  113.947344][ T6045] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  113.947356][ T6045] R13: 00007fef94fe5fa0 R14: 00007fef94fe5fa0 R15: 0000000000000003
[  113.947380][ T6045]  </TASK>
[  113.947394][ T6045] BUG: Bad page state in process syz.0.17  pfn:7767c
[  114.249147][ T6045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807767c000 pfn:0x7767c
[  114.259483][ T6045] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  114.266689][ T6045] raw: 00fff00000000000 dead000000000040 ffff8880216fb000 0000000000000000
[  114.275385][ T6045] raw: ffff88807767c000 0000000000000001 00000000ffffffff 0000000000000000
[  114.284241][ T6045] page dumped because: page_pool leak
[  114.290042][ T6045] page_owner tracks the page as allocated
[  114.295816][ T6045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6045, tgid 6045 (syz.0.17), ts 108910008255, free_ts 107446428479
[  114.312902][ T6045]  post_alloc_hook+0x234/0x290
[  114.317825][ T6045]  get_page_from_freelist+0x2365/0x2440
[  114.323430][ T6045]  __alloc_frozen_pages_noprof+0x181/0x370
[  114.329495][ T6045]  alloc_pages_bulk_noprof+0x560/0x710
[  114.335006][ T6045]  __page_pool_alloc_netmems_slow+0x14c/0x710
[  114.341235][ T6045]  skb_pp_cow_data+0xb47/0x13e0
[  114.346227][ T6045]  do_xdp_generic+0x699/0x11a0
[  114.351182][ T6045]  tun_get_user+0x2527/0x3e90
[  114.355916][ T6045]  tun_chr_write_iter+0x113/0x200
[  114.361665][ T6045]  vfs_write+0x5c9/0xb30
[  114.366116][ T6045]  ksys_write+0x145/0x250
[  114.370488][ T6045]  do_syscall_64+0xfa/0xfa0
[  114.375102][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.381053][ T6045] page last free pid 23 tgid 23 stack trace:
[  114.387076][ T6045]  __free_frozen_pages+0xbc4/0xd30
[  114.392205][ T6045]  tlb_remove_table_rcu+0x85/0x100
[  114.397372][ T6045]  rcu_core+0xcab/0x1770
[  114.401770][ T6045]  handle_softirqs+0x286/0x870
[  114.406733][ T5928] Bluetooth: hci0: command tx timeout
[  114.412150][ T6045]  run_ksoftirqd+0x9b/0x100
[  114.416722][ T6045]  smpboot_thread_fn+0x542/0xa60
[  114.421690][ T6045]  kthread+0x711/0x8a0
[  114.425906][ T6045]  ret_from_fork+0x4bc/0x870
[  114.430521][ T6045]  ret_from_fork_asm+0x1a/0x30
[  114.435556][ T6045] Modules linked in:
[  114.439631][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  114.439666][ T6045] Tainted: [B]=BAD_PAGE
[  114.439674][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  114.439686][ T6045] Call Trace:
[  114.439693][ T6045]  <TASK>
[  114.439701][ T6045]  dump_stack_lvl+0x189/0x250
[  114.439731][ T6045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.439757][ T6045]  ? __pfx_print_modules+0x10/0x10
[  114.439784][ T6045]  bad_page+0x180/0x1c0
[  114.439809][ T6045]  __free_frozen_pages+0xce2/0xd30
[  114.439844][ T6045]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  114.439879][ T6045]  bpf_xdp_adjust_tail+0x1d6/0x220
[  114.439903][ T6045]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  114.439921][ T6045]  bpf_prog_run_generic_xdp+0x606/0x13d0
[  114.439963][ T6045]  do_xdp_generic+0x9f7/0x11a0
[  114.439997][ T6045]  ? __pfx_do_xdp_generic+0x10/0x10
[  114.440029][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  114.440058][ T6045]  ? tun_vnet_hdr_tnl_to_skb+0xed/0x830
[  114.440088][ T6045]  ? tun_get_user+0x23f3/0x3e90
[  114.440131][ T6045]  tun_get_user+0x2527/0x3e90
[  114.440166][ T6045]  ? aa_file_perm+0x44d/0x1550
[  114.440185][ T6045]  ? __pfx_tun_get_user+0x10/0x10
[  114.440213][ T6045]  ? __lock_acquire+0xab9/0xd20
[  114.440240][ T6045]  ? ref_tracker_alloc+0x318/0x460
[  114.440259][ T6045]  ? __lock_acquire+0xab9/0xd20
[  114.440280][ T6045]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  114.440303][ T6045]  ? tun_get+0x1c/0x2f0
[  114.440330][ T6045]  ? tun_get+0x1c/0x2f0
[  114.440354][ T6045]  ? tun_get+0x1c/0x2f0
[  114.440380][ T6045]  tun_chr_write_iter+0x113/0x200
[  114.440407][ T6045]  vfs_write+0x5c9/0xb30
[  114.440442][ T6045]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  114.440467][ T6045]  ? __pfx_vfs_write+0x10/0x10
[  114.440496][ T6045]  ? __pfx_do_futex+0x10/0x10
[  114.440536][ T6045]  ksys_write+0x145/0x250
[  114.440567][ T6045]  ? __pfx_ksys_write+0x10/0x10
[  114.440598][ T6045]  ? do_syscall_64+0xbe/0xfa0
[  114.440632][ T6045]  do_syscall_64+0xfa/0xfa0
[  114.440748][ T6045]  ? lockdep_hardirqs_on+0x9c/0x150
[  114.440782][ T6045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.440802][ T6045]  ? clear_bhb_loop+0x60/0xb0
[  114.440825][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.440845][ T6045] RIP: 0033:0x7fef94d8e1ff
[  114.440869][ T6045] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  114.440887][ T6045] RSP: 002b:00007ffe32374fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  114.440911][ T6045] RAX: ffffffffffffffda RBX: 00007fef94fe5fa0 RCX: 00007fef94d8e1ff
[  114.440927][ T6045] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[  114.440942][ T6045] RBP: 00007fef94e13f91 R08: 0000000000000000 R09: 0000000000000000
[  114.440955][ T6045] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  114.440968][ T6045] R13: 00007fef94fe5fa0 R14: 00007fef94fe5fa0 R15: 0000000000000003
[  114.440994][ T6045]  </TASK>