Warning: Permanently added '10.128.0.69' (ED25519) to the list of known hosts.
2026/04/25 03:48:57 parsed 1 programs
[   88.001743][ T5846] cgroup: Unknown subsys name 'net'
[   88.114380][ T5846] cgroup: Unknown subsys name 'cpuset'
[   88.125697][ T5846] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   89.846748][ T5846] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   91.972372][   T24] cfg80211: failed to load regulatory.db
[   92.931096][ T5861] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   93.591331][ T5877] chnl_net:caif_netlink_parms(): no params data found
[   93.676682][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.684578][ T5877] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.691860][ T5877] bridge_slave_0: entered allmulticast mode
[   93.699065][ T5877] bridge_slave_0: entered promiscuous mode
[   93.744819][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.752325][ T5877] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.759532][ T5877] bridge_slave_1: entered allmulticast mode
[   93.767880][ T5877] bridge_slave_1: entered promiscuous mode
[   93.808788][ T5877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.821756][ T5877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.857735][ T5877] team0: Port device team_slave_0 added
[   93.865495][ T5877] team0: Port device team_slave_1 added
[   93.889610][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.898377][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   93.924321][ T5877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.936845][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.943854][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   93.970039][ T5877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.013349][ T5877] hsr_slave_0: entered promiscuous mode
[   94.019764][ T5877] hsr_slave_1: entered promiscuous mode
[   94.165817][ T5877] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   94.178251][ T5877] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   94.186171][ T5877] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   94.196140][ T5877] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   94.204569][ T5877] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   94.214914][ T5877] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   94.222972][ T5877] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   94.235977][ T5877] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   94.266177][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.273816][ T5877] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.281831][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.289048][ T5877] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.350050][ T5877] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.370718][ T1176] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.379865][ T1176] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.396274][ T5877] 8021q: adding VLAN 0 to HW filter on device team0
[   94.409233][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.416475][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.429798][ T1176] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.436949][ T1176] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.619143][ T5877] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.666885][ T5877] veth0_vlan: entered promiscuous mode
[   94.679151][ T5877] veth1_vlan: entered promiscuous mode
[   94.713413][ T5877] veth0_macvtap: entered promiscuous mode
[   94.724818][ T5877] veth1_macvtap: entered promiscuous mode
[   94.744389][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.759602][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.777934][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.788699][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.798909][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.809349][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.953147][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.043224][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.091701][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.102611][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.124458][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.159776][ T1176] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.167919][ T1176] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.203146][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.710059][   T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   96.722946][   T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   96.732144][   T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   96.741562][   T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   96.750056][   T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   97.238762][   T13] bridge_slave_1: left allmulticast mode
[   97.244574][   T13] bridge_slave_1: left promiscuous mode
[   97.252285][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.264703][   T13] bridge_slave_0: left allmulticast mode
[   97.271986][   T13] bridge_slave_0: left promiscuous mode
[   97.278406][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.421668][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   97.433764][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   97.444686][   T13] bond0 (unregistering): Released all slaves
[   97.553599][   T13] hsr_slave_0: left promiscuous mode
[   97.577252][   T13] hsr_slave_1: left promiscuous mode
[   97.598537][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   97.612186][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[   97.624143][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.631977][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[   97.659158][   T13] veth1_macvtap: left promiscuous mode
[   97.672002][   T13] veth0_macvtap: left promiscuous mode
[   97.683409][   T13] veth1_vlan: left promiscuous mode
[   97.699721][   T13] veth0_vlan: left promiscuous mode
[   98.304096][   T13] team0 (unregistering): Port device team_slave_1 removed
[   98.318447][   T13] team0 (unregistering): Port device team_slave_0 removed
[   98.424950][ T5507] 8021q: adding VLAN 0 to HW filter on device eth1
2026/04/25 03:49:11 executed programs: 0
[   99.531183][ T5162] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   99.541228][ T5162] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   99.549198][ T5162] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   99.558088][ T5162] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   99.566517][ T5162] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.758657][ T5507] 8021q: adding VLAN 0 to HW filter on device eth2
[  100.310534][ T5985] chnl_net:caif_netlink_parms(): no params data found
[  100.551391][ T5507] 8021q: adding VLAN 0 to HW filter on device eth3
[  100.560392][ T5985] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.567802][ T5985] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.575208][ T5985] bridge_slave_0: entered allmulticast mode
[  100.582608][ T5985] bridge_slave_0: entered promiscuous mode
[  100.593654][ T5985] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.600905][ T5985] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.608070][ T5985] bridge_slave_1: entered allmulticast mode
[  100.615563][ T5985] bridge_slave_1: entered promiscuous mode
[  100.648741][ T5985] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.666499][ T5985] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.710373][ T5985] team0: Port device team_slave_0 added
[  100.719353][ T5985] team0: Port device team_slave_1 added
[  100.794180][ T5985] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.810225][ T5985] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.838468][ T5985] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.854686][ T5985] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.862171][ T5985] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.892247][ T5985] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.994933][ T5985] hsr_slave_0: entered promiscuous mode
[  101.013929][ T5985] hsr_slave_1: entered promiscuous mode
[  101.652033][ T5162] Bluetooth: hci0: command tx timeout
[  101.863132][ T5985] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  101.878266][ T5985] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  101.887902][ T5985] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  101.902287][ T5985] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  101.912229][ T5985] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  101.925896][ T5985] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  101.935196][ T5985] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  101.946486][ T5985] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  102.074597][ T5985] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.106790][ T5985] 8021q: adding VLAN 0 to HW filter on device team0
[  102.119840][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.127089][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.148410][ T1176] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.155644][ T1176] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.456138][ T5985] 8021q: adding VLAN 0 to HW filter on device batadv0
[  102.527781][ T5985] veth0_vlan: entered promiscuous mode
[  102.545833][ T5985] veth1_vlan: entered promiscuous mode
[  102.592503][ T5985] veth0_macvtap: entered promiscuous mode
[  102.604945][ T5985] veth1_macvtap: entered promiscuous mode
[  102.632213][ T5985] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.647930][ T5985] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.667743][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.694483][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.714877][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.724689][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.843187][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.865270][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.915237][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.923643][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.015338][ T6065] BUG: Bad page state in process syz.0.17  pfn:76fd8
[  103.022149][ T6065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888076fd8230 pfn:0x76fd8
[  103.032287][ T6065] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  103.039428][ T6065] page_type: f9(unknown)
[  103.043733][ T6065] raw: 00fff00000000000 0000000000000000 ffff888022efe000 0000000000000000
[  103.052410][ T6065] raw: ffff888076fd8230 3fffffffffffffff 00000000f9000000 0000000000000000
[  103.061051][ T6065] page dumped because: page_pool leak
[  103.066462][ T6065] page_owner tracks the page as allocated
[  103.072992][ T6065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6065, tgid 6065 (syz.0.17), ts 103015149728, free_ts 102522981959
[  103.089897][ T6065]  post_alloc_hook+0x231/0x280
[  103.094723][ T6065]  get_page_from_freelist+0x24ba/0x2540
[  103.100347][ T6065]  __alloc_frozen_pages_noprof+0x18d/0x380
[  103.106191][ T6065]  __alloc_pages_noprof+0x10/0x100
[  103.111684][ T6065]  alloc_pages_bulk_noprof+0x5ff/0x7c0
[  103.117181][ T6065]  __page_pool_alloc_netmems_slow+0x151/0x7b0
[  103.123362][ T6065]  page_pool_alloc_frag_netmem+0x421/0x9b0
[  103.129394][ T6065]  skb_pp_cow_data+0xcb7/0x19b0
[  103.134343][ T6065]  do_xdp_generic+0x76b/0x12e0
[  103.139191][ T6065]  tun_get_user+0x24ca/0x43e0
[  103.143974][ T6065]  tun_chr_write_iter+0x113/0x200
[  103.149047][ T6065]  vfs_write+0x61d/0xb90
[  103.153467][ T6065]  ksys_write+0x150/0x270
[  103.157834][ T6065]  do_syscall_64+0x15f/0xf80
[  103.162522][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.168453][ T6065] page last free pid 6042 tgid 6042 stack trace:
[  103.174843][ T6065]  __free_frozen_pages+0xbc7/0xd30
[  103.179987][ T6065]  __slab_free+0x274/0x2c0
[  103.184509][ T6065]  qlist_free_all+0x99/0x100
[  103.189140][ T6065]  kasan_quarantine_reduce+0x148/0x160
[  103.194764][ T6065]  __kasan_slab_alloc+0x22/0x80
[  103.199654][ T6065]  kmem_cache_alloc_noprof+0x2bc/0x650
[  103.205202][ T6065]  anon_vma_fork+0x83/0x570
[  103.209737][ T6065]  dup_mmap+0x991/0x1d90
[  103.214083][ T6065]  copy_mm+0x13b/0x4a0
[  103.218228][ T6065]  copy_process+0x1f1c/0x4450
[  103.223008][ T6065]  kernel_clone+0x284/0x8f0
[  103.227545][ T6065]  __x64_sys_clone+0x1b6/0x230
[  103.232401][ T6065]  do_syscall_64+0x15f/0xf80
[  103.237027][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.243006][ T6065] Modules linked in:
[  103.246937][ T6065] CPU: 0 UID: 0 PID: 6065 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  103.246961][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  103.246972][ T6065] Call Trace:
[  103.246980][ T6065]  <TASK>
[  103.246989][ T6065]  dump_stack_lvl+0xe8/0x150
[  103.247025][ T6065]  bad_page+0x17f/0x1c0
[  103.247049][ T6065]  bpf_xdp_frags_shrink_tail+0x4da/0x7d0
[  103.247097][ T6065]  bpf_xdp_adjust_tail+0x1d6/0x220
[  103.247126][ T6065]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  103.247148][ T6065]  bpf_prog_run_generic_xdp+0x603/0x1490
[  103.247205][ T6065]  do_xdp_generic+0xac5/0x12e0
[  103.247230][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  103.247271][ T6065]  ? __pfx_do_xdp_generic+0x10/0x10
[  103.247319][ T6065]  ? tun_get_user+0x2394/0x43e0
[  103.247367][ T6065]  ? tun_get_user+0x2394/0x43e0
[  103.247396][ T6065]  tun_get_user+0x24ca/0x43e0
[  103.247443][ T6065]  ? aa_file_perm+0x192/0x15e0
[  103.247471][ T6065]  ? aa_file_perm+0x50e/0x15e0
[  103.247493][ T6065]  ? __pfx_tun_get_user+0x10/0x10
[  103.247525][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  103.247570][ T6065]  ? ref_tracker_alloc+0x35c/0x4c0
[  103.247595][ T6065]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  103.247619][ T6065]  ? tun_get+0x1c/0x2f0
[  103.247648][ T6065]  ? tun_get+0x1c/0x2f0
[  103.247684][ T6065]  ? tun_get+0x1c/0x2f0
[  103.247712][ T6065]  ? tun_get+0x1c/0x2f0
[  103.247747][ T6065]  tun_chr_write_iter+0x113/0x200
[  103.247779][ T6065]  vfs_write+0x61d/0xb90
[  103.247815][ T6065]  ? __pfx_vfs_write+0x10/0x10
[  103.247842][ T6065]  ? __pfx_do_futex+0x10/0x10
[  103.247882][ T6065]  ksys_write+0x150/0x270
[  103.247910][ T6065]  ? __pfx_ksys_write+0x10/0x10
[  103.247944][ T6065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.247966][ T6065]  do_syscall_64+0x15f/0xf80
[  103.247993][ T6065]  ? trace_irq_disable+0x3b/0x140
[  103.248019][ T6065]  ? clear_bhb_loop+0x40/0x90
[  103.248045][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.248065][ T6065] RIP: 0033:0x7f52f975d60e
[  103.248084][ T6065] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  103.248100][ T6065] RSP: 002b:00007fff962ec3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  103.248122][ T6065] RAX: ffffffffffffffda RBX: 0000555576f02500 RCX: 00007f52f975d60e
[  103.248136][ T6065] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 00000000000000c8
[  103.248149][ T6065] RBP: 00007f52f9832d69 R08: 0000000000000000 R09: 0000000000000000
[  103.248161][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.248172][ T6065] R13: 00007f52f9a15fac R14: 00007f52f9a15fa0 R15: 00007f52f9a15fa0
[  103.248205][ T6065]  </TASK>
[  103.248213][ T6065] Disabling lock debugging due to kernel taint
[  103.518351][ T6065] BUG: Bad page state in process syz.0.17  pfn:76fd6
[  103.525118][ T6065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888076fd6318 pfn:0x76fd6
[  103.535502][ T6065] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  103.542694][ T6065] page_type: f9(unknown)
[  103.546961][ T6065] raw: 00fff00000000000 0000000000000000 ffff888022efe000 0000000000000000
[  103.555621][ T6065] raw: ffff888076fd6318 0000000000000001 00000000f9000000 0000000000000000
[  103.564292][ T6065] page dumped because: page_pool leak
[  103.569693][ T6065] page_owner tracks the page as allocated
[  103.575490][ T6065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6065, tgid 6065 (syz.0.17), ts 103015128899, free_ts 102570244849
[  103.592490][ T6065]  post_alloc_hook+0x231/0x280
[  103.597490][ T6065]  get_page_from_freelist+0x24ba/0x2540
[  103.603146][ T6065]  __alloc_frozen_pages_noprof+0x18d/0x380
[  103.609071][ T6065]  __alloc_pages_noprof+0x10/0x100
[  103.614288][ T6065]  alloc_pages_bulk_noprof+0x5ff/0x7c0
[  103.619969][ T6065]  __page_pool_alloc_netmems_slow+0x151/0x7b0
[  103.626121][ T6065]  skb_pp_cow_data+0xc91/0x19b0
[  103.631025][ T6065]  do_xdp_generic+0x76b/0x12e0
[  103.635820][ T6065]  tun_get_user+0x24ca/0x43e0
[  103.640568][ T6065]  tun_chr_write_iter+0x113/0x200
[  103.645625][ T6065]  vfs_write+0x61d/0xb90
[  103.649899][ T6065]  ksys_write+0x150/0x270
[  103.654306][ T6065]  do_syscall_64+0x15f/0xf80
[  103.658943][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.664930][ T6065] page last free pid 6056 tgid 6056 stack trace:
[  103.671316][ T6065]  __free_frozen_pages+0xbc7/0xd30
[  103.676466][ T6065]  rcu_core+0x7cd/0x1070
[  103.680790][ T6065]  handle_softirqs+0x22a/0x840
[  103.685590][ T6065]  __irq_exit_rcu+0xca/0x220
[  103.690282][ T6065]  irq_exit_rcu+0x9/0x30
[  103.694649][ T6065]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  103.700367][ T6065]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  103.706377][ T6065] Modules linked in:
[  103.710449][ T6065] CPU: 0 UID: 0 PID: 6065 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  103.710480][ T6065] Tainted: [B]=BAD_PAGE
[  103.710486][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  103.710497][ T6065] Call Trace:
[  103.710504][ T6065]  <TASK>
[  103.710512][ T6065]  dump_stack_lvl+0xe8/0x150
[  103.710546][ T6065]  bad_page+0x17f/0x1c0
[  103.710568][ T6065]  bpf_xdp_frags_shrink_tail+0x4da/0x7d0
[  103.710596][ T6065]  bpf_xdp_adjust_tail+0x1d6/0x220
[  103.710617][ T6065]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  103.710635][ T6065]  bpf_prog_run_generic_xdp+0x603/0x1490
[  103.710669][ T6065]  do_xdp_generic+0xac5/0x12e0
[  103.710692][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  103.710724][ T6065]  ? __pfx_do_xdp_generic+0x10/0x10
[  103.710751][ T6065]  ? tun_get_user+0x2394/0x43e0
[  103.710785][ T6065]  ? tun_get_user+0x2394/0x43e0
[  103.710811][ T6065]  tun_get_user+0x24ca/0x43e0
[  103.710842][ T6065]  ? aa_file_perm+0x192/0x15e0
[  103.710864][ T6065]  ? aa_file_perm+0x50e/0x15e0
[  103.710884][ T6065]  ? __pfx_tun_get_user+0x10/0x10
[  103.710913][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  103.710947][ T6065]  ? ref_tracker_alloc+0x35c/0x4c0
[  103.710967][ T6065]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  103.710984][ T6065]  ? tun_get+0x1c/0x2f0
[  103.711009][ T6065]  ? tun_get+0x1c/0x2f0
[  103.711036][ T6065]  ? tun_get+0x1c/0x2f0
[  103.711062][ T6065]  ? tun_get+0x1c/0x2f0
[  103.711090][ T6065]  tun_chr_write_iter+0x113/0x200
[  103.711118][ T6065]  vfs_write+0x61d/0xb90
[  103.711144][ T6065]  ? __pfx_vfs_write+0x10/0x10
[  103.711166][ T6065]  ? __pfx_do_futex+0x10/0x10
[  103.711191][ T6065]  ksys_write+0x150/0x270
[  103.711214][ T6065]  ? __pfx_ksys_write+0x10/0x10
[  103.711250][ T6065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.711270][ T6065]  do_syscall_64+0x15f/0xf80
[  103.711295][ T6065]  ? trace_irq_disable+0x3b/0x140
[  103.711319][ T6065]  ? clear_bhb_loop+0x40/0x90
[  103.711340][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.711357][ T6065] RIP: 0033:0x7f52f975d60e
[  103.711374][ T6065] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  103.711390][ T6065] RSP: 002b:00007fff962ec3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  103.711412][ T6065] RAX: ffffffffffffffda RBX: 0000555576f02500 RCX: 00007f52f975d60e
[  103.711426][ T6065] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 00000000000000c8
[  103.711438][ T6065] RBP: 00007f52f9832d69 R08: 0000000000000000 R09: 0000000000000000
[  103.711450][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.711461][ T6065] R13: 00007f52f9a15fac R14: 00007f52f9a15fa0 R15: 00007f52f9a15fa0
[  103.711480][ T6065]  </TASK>
[  103.711490][ T6065] BUG: Bad page state in process syz.0.17  pfn:317db
[  103.730349][ T5162] Bluetooth: hci0: command tx timeout
[  103.736716][ T6065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880317db780 pfn:0x317db
[  104.003085][ T6065] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  104.010315][ T6065] page_type: f9(unknown)
[  104.014679][ T6065] raw: 00fff00000000000 0000000000000000 ffff888022efe000 0000000000000000
[  104.023352][ T6065] raw: ffff8880317db780 0000000000000001 00000000f9000000 0000000000000000
[  104.032008][ T6065] page dumped because: page_pool leak
[  104.037407][ T6065] page_owner tracks the page as allocated
[  104.043204][ T6065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6065, tgid 6065 (syz.0.17), ts 103015109663, free_ts 102570264891
[  104.060150][ T6065]  post_alloc_hook+0x231/0x280
[  104.064958][ T6065]  get_page_from_freelist+0x24ba/0x2540
[  104.070681][ T6065]  __alloc_frozen_pages_noprof+0x18d/0x380
[  104.076533][ T6065]  __alloc_pages_noprof+0x10/0x100
[  104.081722][ T6065]  alloc_pages_bulk_noprof+0x5ff/0x7c0
[  104.087314][ T6065]  __page_pool_alloc_netmems_slow+0x151/0x7b0
[  104.093492][ T6065]  skb_pp_cow_data+0xc91/0x19b0
[  104.098471][ T6065]  do_xdp_generic+0x76b/0x12e0
[  104.103322][ T6065]  tun_get_user+0x24ca/0x43e0
[  104.108044][ T6065]  tun_chr_write_iter+0x113/0x200
[  104.113287][ T6065]  vfs_write+0x61d/0xb90
[  104.117608][ T6065]  ksys_write+0x150/0x270
[  104.122109][ T6065]  do_syscall_64+0x15f/0xf80
[  104.126737][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.132727][ T6065] page last free pid 6056 tgid 6056 stack trace:
[  104.139106][ T6065]  __free_frozen_pages+0xbc7/0xd30
[  104.144321][ T6065]  rcu_core+0x7cd/0x1070
[  104.148604][ T6065]  handle_softirqs+0x22a/0x840
[  104.153460][ T6065]  __irq_exit_rcu+0xca/0x220
[  104.158084][ T6065]  irq_exit_rcu+0x9/0x30
[  104.162412][ T6065]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  104.168162][ T6065]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  104.174250][ T6065] Modules linked in:
[  104.178177][ T6065] CPU: 0 UID: 0 PID: 6065 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  104.178207][ T6065] Tainted: [B]=BAD_PAGE
[  104.178214][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  104.178234][ T6065] Call Trace:
[  104.178241][ T6065]  <TASK>
[  104.178248][ T6065]  dump_stack_lvl+0xe8/0x150
[  104.178283][ T6065]  bad_page+0x17f/0x1c0
[  104.178306][ T6065]  bpf_xdp_frags_shrink_tail+0x4da/0x7d0
[  104.178337][ T6065]  bpf_xdp_adjust_tail+0x1d6/0x220
[  104.178359][ T6065]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  104.178376][ T6065]  bpf_prog_run_generic_xdp+0x603/0x1490
[  104.178409][ T6065]  do_xdp_generic+0xac5/0x12e0
[  104.178431][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  104.178462][ T6065]  ? __pfx_do_xdp_generic+0x10/0x10
[  104.178489][ T6065]  ? tun_get_user+0x2394/0x43e0
[  104.178524][ T6065]  ? tun_get_user+0x2394/0x43e0
[  104.178551][ T6065]  tun_get_user+0x24ca/0x43e0
[  104.178586][ T6065]  ? aa_file_perm+0x192/0x15e0
[  104.178609][ T6065]  ? aa_file_perm+0x50e/0x15e0
[  104.178629][ T6065]  ? __pfx_tun_get_user+0x10/0x10
[  104.178659][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  104.178692][ T6065]  ? ref_tracker_alloc+0x35c/0x4c0
[  104.178714][ T6065]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  104.178735][ T6065]  ? tun_get+0x1c/0x2f0
[  104.178762][ T6065]  ? tun_get+0x1c/0x2f0
[  104.178792][ T6065]  ? tun_get+0x1c/0x2f0
[  104.178819][ T6065]  ? tun_get+0x1c/0x2f0
[  104.178847][ T6065]  tun_chr_write_iter+0x113/0x200
[  104.178876][ T6065]  vfs_write+0x61d/0xb90
[  104.178903][ T6065]  ? __pfx_vfs_write+0x10/0x10
[  104.178926][ T6065]  ? __pfx_do_futex+0x10/0x10
[  104.178952][ T6065]  ksys_write+0x150/0x270
[  104.178975][ T6065]  ? __pfx_ksys_write+0x10/0x10
[  104.179001][ T6065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.179021][ T6065]  do_syscall_64+0x15f/0xf80
[  104.179047][ T6065]  ? trace_irq_disable+0x3b/0x140
[  104.179072][ T6065]  ? clear_bhb_loop+0x40/0x90
[  104.179093][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.179112][ T6065] RIP: 0033:0x7f52f975d60e
[  104.179130][ T6065] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  104.179145][ T6065] RSP: 002b:00007fff962ec3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  104.179166][ T6065] RAX: ffffffffffffffda RBX: 0000555576f02500 RCX: 00007f52f975d60e
[  104.179180][ T6065] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 00000000000000c8
[  104.179191][ T6065] RBP: 00007f52f9832d69 R08: 0000000000000000 R09: 0000000000000000
[  104.179202][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  104.179214][ T6065] R13: 00007f52f9a15fac R14: 00007f52f9a15fa0 R15: 00007f52f9a15fa0
[  104.179244][ T6065]  </TASK>
[  104.179255][ T6065] BUG: Bad page state in process syz.0.17  pfn:34d61
[  104.455139][ T6065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888034d61c80 pfn:0x34d61
[  104.465252][ T6065] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  104.472415][ T6065] page_type: f9(unknown)
[  104.476682][ T6065] raw: 00fff00000000000 0000000000000000 ffff888022efe000 0000000000000000
[  104.485323][ T6065] raw: ffff888034d61c80 0000000000000001 00000000f9000000 0000000000000000
[  104.494208][ T6065] page dumped because: page_pool leak
[  104.499591][ T6065] page_owner tracks the page as allocated
[  104.505327][ T6065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6065, tgid 6065 (syz.0.17), ts 103015090451, free_ts 102570314787
[  104.522206][ T6065]  post_alloc_hook+0x231/0x280
[  104.526971][ T6065]  get_page_from_freelist+0x24ba/0x2540
[  104.532574][ T6065]  __alloc_frozen_pages_noprof+0x18d/0x380
[  104.538434][ T6065]  __alloc_pages_noprof+0x10/0x100
[  104.543585][ T6065]  alloc_pages_bulk_noprof+0x5ff/0x7c0
[  104.549074][ T6065]  __page_pool_alloc_netmems_slow+0x151/0x7b0
[  104.555221][ T6065]  skb_pp_cow_data+0xc91/0x19b0
[  104.560205][ T6065]  do_xdp_generic+0x76b/0x12e0
[  104.564988][ T6065]  tun_get_user+0x24ca/0x43e0
[  104.569680][ T6065]  tun_chr_write_iter+0x113/0x200
[  104.574733][ T6065]  vfs_write+0x61d/0xb90
[  104.579083][ T6065]  ksys_write+0x150/0x270
[  104.583439][ T6065]  do_syscall_64+0x15f/0xf80
[  104.588149][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.594161][ T6065] page last free pid 6056 tgid 6056 stack trace:
[  104.600538][ T6065]  __free_frozen_pages+0xbc7/0xd30
[  104.605768][ T6065]  rcu_core+0x7cd/0x1070
[  104.610026][ T6065]  handle_softirqs+0x22a/0x840
[  104.614842][ T6065]  __irq_exit_rcu+0xca/0x220
[  104.619468][ T6065]  irq_exit_rcu+0x9/0x30
[  104.623782][ T6065]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  104.629526][ T6065]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  104.635645][ T6065] Modules linked in:
[  104.639572][ T6065] CPU: 0 UID: 0 PID: 6065 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  104.639594][ T6065] Tainted: [B]=BAD_PAGE
[  104.639598][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  104.639606][ T6065] Call Trace:
[  104.639613][ T6065]  <TASK>
[  104.639618][ T6065]  dump_stack_lvl+0xe8/0x150
[  104.639641][ T6065]  bad_page+0x17f/0x1c0
[  104.639655][ T6065]  bpf_xdp_frags_shrink_tail+0x4da/0x7d0
[  104.639684][ T6065]  bpf_xdp_adjust_tail+0x1d6/0x220
[  104.639705][ T6065]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  104.639722][ T6065]  bpf_prog_run_generic_xdp+0x603/0x1490
[  104.639754][ T6065]  do_xdp_generic+0xac5/0x12e0
[  104.639777][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  104.639808][ T6065]  ? __pfx_do_xdp_generic+0x10/0x10
[  104.639824][ T6065]  ? tun_get_user+0x2394/0x43e0
[  104.639845][ T6065]  ? tun_get_user+0x2394/0x43e0
[  104.639860][ T6065]  tun_get_user+0x24ca/0x43e0
[  104.639880][ T6065]  ? aa_file_perm+0x192/0x15e0
[  104.639894][ T6065]  ? aa_file_perm+0x50e/0x15e0
[  104.639905][ T6065]  ? __pfx_tun_get_user+0x10/0x10
[  104.639922][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  104.639941][ T6065]  ? ref_tracker_alloc+0x35c/0x4c0
[  104.639954][ T6065]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  104.639966][ T6065]  ? tun_get+0x1c/0x2f0
[  104.639982][ T6065]  ? tun_get+0x1c/0x2f0
[  104.639999][ T6065]  ? tun_get+0x1c/0x2f0
[  104.640015][ T6065]  ? tun_get+0x1c/0x2f0
[  104.640032][ T6065]  tun_chr_write_iter+0x113/0x200
[  104.640049][ T6065]  vfs_write+0x61d/0xb90
[  104.640065][ T6065]  ? __pfx_vfs_write+0x10/0x10
[  104.640078][ T6065]  ? __pfx_do_futex+0x10/0x10
[  104.640093][ T6065]  ksys_write+0x150/0x270
[  104.640107][ T6065]  ? __pfx_ksys_write+0x10/0x10
[  104.640132][ T6065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.640151][ T6065]  do_syscall_64+0x15f/0xf80
[  104.640176][ T6065]  ? trace_irq_disable+0x3b/0x140
[  104.640199][ T6065]  ? clear_bhb_loop+0x40/0x90
[  104.640221][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.640239][ T6065] RIP: 0033:0x7f52f975d60e
[  104.640255][ T6065] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  104.640271][ T6065] RSP: 002b:00007fff962ec3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  104.640303][ T6065] RAX: ffffffffffffffda RBX: 0000555576f02500 RCX: 00007f52f975d60e
[  104.640317][ T6065] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 00000000000000c8
[  104.640330][ T6065] RBP: 00007f52f9832d69 R08: 0000000000000000 R09: 0000000000000000
[  104.640337][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  104.640344][ T6065] R13: 00007f52f9a15fac R14: 00007f52f9a15fa0 R15: 00007f52f9a15fa0
[  104.640357][ T6065]  </TASK>
[  104.908030][ T6065] BUG: Bad page state in process syz.0.17  pfn:777fd
[  104.914769][ T6065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880777fd8c0 pfn:0x777fd
[  104.924886][ T6065] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  104.932067][ T6065] page_type: f9(unknown)
[  104.936425][ T6065] raw: 00fff00000000000 0000000000000000 ffff888022efe000 0000000000000000
[  104.945072][ T6065] raw: ffff8880777fd8c0 0000000000000001 00000000f9000000 0000000000000000
[  104.953686][ T6065] page dumped because: page_pool leak
[  104.959067][ T6065] page_owner tracks the page as allocated
[  104.964815][ T6065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6065, tgid 6065 (syz.0.17), ts 103015071471, free_ts 102570334575
[  104.981696][ T6065]  post_alloc_hook+0x231/0x280
[  104.986639][ T6065]  get_page_from_freelist+0x24ba/0x2540
[  104.992305][ T6065]  __alloc_frozen_pages_noprof+0x18d/0x380
[  104.998137][ T6065]  __alloc_pages_noprof+0x10/0x100
[  105.003278][ T6065]  alloc_pages_bulk_noprof+0x5ff/0x7c0
[  105.008871][ T6065]  __page_pool_alloc_netmems_slow+0x151/0x7b0
[  105.015084][ T6065]  skb_pp_cow_data+0xc91/0x19b0
[  105.019957][ T6065]  do_xdp_generic+0x76b/0x12e0
[  105.024755][ T6065]  tun_get_user+0x24ca/0x43e0
[  105.029544][ T6065]  tun_chr_write_iter+0x113/0x200
[  105.034655][ T6065]  vfs_write+0x61d/0xb90
[  105.038916][ T6065]  ksys_write+0x150/0x270
[  105.043271][ T6065]  do_syscall_64+0x15f/0xf80
[  105.047891][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.053822][ T6065] page last free pid 6056 tgid 6056 stack trace:
[  105.060189][ T6065]  __free_frozen_pages+0xbc7/0xd30
[  105.065334][ T6065]  rcu_core+0x7cd/0x1070
[  105.069605][ T6065]  handle_softirqs+0x22a/0x840
[  105.074416][ T6065]  __irq_exit_rcu+0xca/0x220
[  105.079030][ T6065]  irq_exit_rcu+0x9/0x30
[  105.083325][ T6065]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  105.088987][ T6065]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  105.095009][ T6065] Modules linked in:
[  105.098937][ T6065] CPU: 0 UID: 0 PID: 6065 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  105.098956][ T6065] Tainted: [B]=BAD_PAGE
[  105.098960][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  105.098968][ T6065] Call Trace:
[  105.098972][ T6065]  <TASK>
[  105.098977][ T6065]  dump_stack_lvl+0xe8/0x150
[  105.098998][ T6065]  bad_page+0x17f/0x1c0
[  105.099011][ T6065]  bpf_xdp_frags_shrink_tail+0x4da/0x7d0
[  105.099031][ T6065]  bpf_xdp_adjust_tail+0x1d6/0x220
[  105.099045][ T6065]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  105.099056][ T6065]  bpf_prog_run_generic_xdp+0x603/0x1490
[  105.099076][ T6065]  do_xdp_generic+0xac5/0x12e0
[  105.099090][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  105.099110][ T6065]  ? __pfx_do_xdp_generic+0x10/0x10
[  105.099126][ T6065]  ? tun_get_user+0x2394/0x43e0
[  105.099147][ T6065]  ? tun_get_user+0x2394/0x43e0
[  105.099163][ T6065]  tun_get_user+0x24ca/0x43e0
[  105.099183][ T6065]  ? aa_file_perm+0x192/0x15e0
[  105.099197][ T6065]  ? aa_file_perm+0x50e/0x15e0
[  105.099208][ T6065]  ? __pfx_tun_get_user+0x10/0x10
[  105.099226][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  105.099245][ T6065]  ? ref_tracker_alloc+0x35c/0x4c0
[  105.099258][ T6065]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  105.099270][ T6065]  ? tun_get+0x1c/0x2f0
[  105.099286][ T6065]  ? tun_get+0x1c/0x2f0
[  105.099303][ T6065]  ? tun_get+0x1c/0x2f0
[  105.099325][ T6065]  ? tun_get+0x1c/0x2f0
[  105.099342][ T6065]  tun_chr_write_iter+0x113/0x200
[  105.099360][ T6065]  vfs_write+0x61d/0xb90
[  105.099375][ T6065]  ? __pfx_vfs_write+0x10/0x10
[  105.099389][ T6065]  ? __pfx_do_futex+0x10/0x10
[  105.099404][ T6065]  ksys_write+0x150/0x270
[  105.099418][ T6065]  ? __pfx_ksys_write+0x10/0x10
[  105.099433][ T6065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.099445][ T6065]  do_syscall_64+0x15f/0xf80
[  105.099461][ T6065]  ? trace_irq_disable+0x3b/0x140
[  105.099476][ T6065]  ? clear_bhb_loop+0x40/0x90
[  105.099488][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.099501][ T6065] RIP: 0033:0x7f52f975d60e
[  105.099513][ T6065] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  105.099523][ T6065] RSP: 002b:00007fff962ec3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  105.099537][ T6065] RAX: ffffffffffffffda RBX: 0000555576f02500 RCX: 00007f52f975d60e
[  105.099546][ T6065] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 00000000000000c8
[  105.099553][ T6065] RBP: 00007f52f9832d69 R08: 0000000000000000 R09: 0000000000000000
[  105.099560][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  105.099567][ T6065] R13: 00007f52f9a15fac R14: 00007f52f9a15fa0 R15: 00007f52f9a15fa0
[  105.099580][ T6065]  </TASK>
[  105.099587][ T6065] BUG: Bad page state in process syz.0.17  pfn:777f0
[  105.374878][ T6065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880777f0280 pfn:0x777f0
[  105.385004][ T6065] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  105.392157][ T6065] page_type: f9(unknown)
[  105.396398][ T6065] raw: 00fff00000000000 0000000000000000 ffff888022efe000 0000000000000000
[  105.405012][ T6065] raw: ffff8880777f0280 0000000000000001 00000000f9000000 0000000000000000
[  105.413639][ T6065] page dumped because: page_pool leak
[  105.419004][ T6065] page_owner tracks the page as allocated
[  105.424744][ T6065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6065, tgid 6065 (syz.0.17), ts 103015051750, free_ts 102570353957
[  105.441625][ T6065]  post_alloc_hook+0x231/0x280
[  105.446396][ T6065]  get_page_from_freelist+0x24ba/0x2540
[  105.451975][ T6065]  __alloc_frozen_pages_noprof+0x18d/0x380
[  105.457801][ T6065]  __alloc_pages_noprof+0x10/0x100
[  105.462940][ T6065]  alloc_pages_bulk_noprof+0x5ff/0x7c0
[  105.468428][ T6065]  __page_pool_alloc_netmems_slow+0x151/0x7b0
[  105.474668][ T6065]  skb_pp_cow_data+0xc91/0x19b0
[  105.479546][ T6065]  do_xdp_generic+0x76b/0x12e0
[  105.484360][ T6065]  tun_get_user+0x24ca/0x43e0
[  105.489071][ T6065]  tun_chr_write_iter+0x113/0x200
[  105.494174][ T6065]  vfs_write+0x61d/0xb90
[  105.498466][ T6065]  ksys_write+0x150/0x270
[  105.502956][ T6065]  do_syscall_64+0x15f/0xf80
[  105.507581][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.513516][ T6065] page last free pid 6056 tgid 6056 stack trace:
[  105.519974][ T6065]  __free_frozen_pages+0xbc7/0xd30
[  105.525254][ T6065]  rcu_core+0x7cd/0x1070
[  105.529564][ T6065]  handle_softirqs+0x22a/0x840
[  105.534468][ T6065]  __irq_exit_rcu+0xca/0x220
[  105.539168][ T6065]  irq_exit_rcu+0x9/0x30
[  105.543490][ T6065]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  105.549141][ T6065]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  105.555233][ T6065] Modules linked in:
[  105.559156][ T6065] CPU: 0 UID: 0 PID: 6065 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  105.559174][ T6065] Tainted: [B]=BAD_PAGE
[  105.559178][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  105.559186][ T6065] Call Trace:
[  105.559191][ T6065]  <TASK>
[  105.559195][ T6065]  dump_stack_lvl+0xe8/0x150
[  105.559217][ T6065]  bad_page+0x17f/0x1c0
[  105.559230][ T6065]  bpf_xdp_frags_shrink_tail+0x4da/0x7d0
[  105.559250][ T6065]  bpf_xdp_adjust_tail+0x1d6/0x220
[  105.559269][ T6065]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  105.559280][ T6065]  bpf_prog_run_generic_xdp+0x603/0x1490
[  105.559301][ T6065]  do_xdp_generic+0xac5/0x12e0
[  105.559315][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  105.559335][ T6065]  ? __pfx_do_xdp_generic+0x10/0x10
[  105.559351][ T6065]  ? tun_get_user+0x2394/0x43e0
[  105.559372][ T6065]  ? tun_get_user+0x2394/0x43e0
[  105.559388][ T6065]  tun_get_user+0x24ca/0x43e0
[  105.559408][ T6065]  ? aa_file_perm+0x192/0x15e0
[  105.559421][ T6065]  ? aa_file_perm+0x50e/0x15e0
[  105.559433][ T6065]  ? __pfx_tun_get_user+0x10/0x10
[  105.559450][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  105.559469][ T6065]  ? ref_tracker_alloc+0x35c/0x4c0
[  105.559482][ T6065]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  105.559494][ T6065]  ? tun_get+0x1c/0x2f0
[  105.559510][ T6065]  ? tun_get+0x1c/0x2f0
[  105.559527][ T6065]  ? tun_get+0x1c/0x2f0
[  105.559543][ T6065]  ? tun_get+0x1c/0x2f0
[  105.559560][ T6065]  tun_chr_write_iter+0x113/0x200
[  105.559577][ T6065]  vfs_write+0x61d/0xb90
[  105.559593][ T6065]  ? __pfx_vfs_write+0x10/0x10
[  105.559607][ T6065]  ? __pfx_do_futex+0x10/0x10
[  105.559622][ T6065]  ksys_write+0x150/0x270
[  105.559636][ T6065]  ? __pfx_ksys_write+0x10/0x10
[  105.559651][ T6065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.559663][ T6065]  do_syscall_64+0x15f/0xf80
[  105.559679][ T6065]  ? trace_irq_disable+0x3b/0x140
[  105.559694][ T6065]  ? clear_bhb_loop+0x40/0x90
[  105.559707][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.559718][ T6065] RIP: 0033:0x7f52f975d60e
[  105.559729][ T6065] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  105.559739][ T6065] RSP: 002b:00007fff962ec3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  105.559753][ T6065] RAX: ffffffffffffffda RBX: 0000555576f02500 RCX: 00007f52f975d60e
[  105.559762][ T6065] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 00000000000000c8
[  105.559770][ T6065] RBP: 00007f52f9832d69 R08: 0000000000000000 R09: 0000000000000000
[  105.559777][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  105.559784][ T6065] R13: 00007f52f9a15fac R14: 00007f52f9a15fa0 R15: 00007f52f9a15fa0
[  105.559796][ T6065]  </TASK>
[  105.559804][ T6065] BUG: Bad page state in process syz.0.17  pfn:76fdb
[  105.816369][ T5162] Bluetooth: hci0: command tx timeout
[  105.839616][ T6065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888076fdb280 pfn:0x76fdb
[  105.849723][ T6065] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  105.856889][ T6065] page_type: f9(unknown)
[  105.861167][ T6065] raw: 00fff00000000000 0000000000000000 ffff888022efe000 0000000000000000
[  105.869770][ T6065] raw: ffff888076fdb280 0000000000000001 00000000f9000000 0000000000000000
[  105.878384][ T6065] page dumped because: page_pool leak
[  105.883778][ T6065] page_owner tracks the page as allocated
[  105.889486][ T6065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6065, tgid 6065 (syz.0.17), ts 103015032126, free_ts 102570393231
[  105.906396][ T6065]  post_alloc_hook+0x231/0x280
[  105.911344][ T6065]  get_page_from_freelist+0x24ba/0x2540
[  105.916897][ T6065]  __alloc_frozen_pages_noprof+0x18d/0x380
[  105.922737][ T6065]  __alloc_pages_noprof+0x10/0x100
[  105.927970][ T6065]  alloc_pages_bulk_noprof+0x5ff/0x7c0
[  105.933543][ T6065]  __page_pool_alloc_netmems_slow+0x151/0x7b0
[  105.939638][ T6065]  skb_pp_cow_data+0xc91/0x19b0
[  105.944533][ T6065]  do_xdp_generic+0x76b/0x12e0
[  105.949586][ T6065]  tun_get_user+0x24ca/0x43e0
[  105.954320][ T6065]  tun_chr_write_iter+0x113/0x200
[  105.959370][ T6065]  vfs_write+0x61d/0xb90
[  105.963654][ T6065]  ksys_write+0x150/0x270
[  105.968005][ T6065]  do_syscall_64+0x15f/0xf80
[  105.972626][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.978630][ T6065] page last free pid 6056 tgid 6056 stack trace:
[  105.985081][ T6065]  __free_frozen_pages+0xbc7/0xd30
[  105.990237][ T6065]  rcu_core+0x7cd/0x1070
[  105.994486][ T6065]  handle_softirqs+0x22a/0x840
[  105.999248][ T6065]  __irq_exit_rcu+0xca/0x220
[  106.003903][ T6065]  irq_exit_rcu+0x9/0x30
[  106.008176][ T6065]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  106.013839][ T6065]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  106.019840][ T6065] Modules linked in:
[  106.023782][ T6065] CPU: 0 UID: 0 PID: 6065 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  106.023810][ T6065] Tainted: [B]=BAD_PAGE
[  106.023817][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  106.023828][ T6065] Call Trace:
[  106.023835][ T6065]  <TASK>
[  106.023843][ T6065]  dump_stack_lvl+0xe8/0x150
[  106.023874][ T6065]  bad_page+0x17f/0x1c0
[  106.023896][ T6065]  bpf_xdp_frags_shrink_tail+0x4da/0x7d0
[  106.023929][ T6065]  bpf_xdp_adjust_tail+0x1d6/0x220
[  106.023952][ T6065]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  106.023970][ T6065]  bpf_prog_run_generic_xdp+0x603/0x1490
[  106.024007][ T6065]  do_xdp_generic+0xac5/0x12e0
[  106.024030][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  106.024063][ T6065]  ? __pfx_do_xdp_generic+0x10/0x10
[  106.024090][ T6065]  ? tun_get_user+0x2394/0x43e0
[  106.024125][ T6065]  ? tun_get_user+0x2394/0x43e0
[  106.024152][ T6065]  tun_get_user+0x24ca/0x43e0
[  106.024193][ T6065]  ? aa_file_perm+0x192/0x15e0
[  106.024217][ T6065]  ? aa_file_perm+0x50e/0x15e0
[  106.024236][ T6065]  ? __pfx_tun_get_user+0x10/0x10
[  106.024299][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  106.024332][ T6065]  ? ref_tracker_alloc+0x35c/0x4c0
[  106.024354][ T6065]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  106.024375][ T6065]  ? tun_get+0x1c/0x2f0
[  106.024400][ T6065]  ? tun_get+0x1c/0x2f0
[  106.024427][ T6065]  ? tun_get+0x1c/0x2f0
[  106.024453][ T6065]  ? tun_get+0x1c/0x2f0
[  106.024481][ T6065]  tun_chr_write_iter+0x113/0x200
[  106.024509][ T6065]  vfs_write+0x61d/0xb90
[  106.024535][ T6065]  ? __pfx_vfs_write+0x10/0x10
[  106.024558][ T6065]  ? __pfx_do_futex+0x10/0x10
[  106.024583][ T6065]  ksys_write+0x150/0x270
[  106.024608][ T6065]  ? __pfx_ksys_write+0x10/0x10
[  106.024632][ T6065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.024652][ T6065]  do_syscall_64+0x15f/0xf80
[  106.024677][ T6065]  ? trace_irq_disable+0x3b/0x140
[  106.024701][ T6065]  ? clear_bhb_loop+0x40/0x90
[  106.024721][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.024740][ T6065] RIP: 0033:0x7f52f975d60e
[  106.024758][ T6065] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  106.024774][ T6065] RSP: 002b:00007fff962ec3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  106.024795][ T6065] RAX: ffffffffffffffda RBX: 0000555576f02500 RCX: 00007f52f975d60e
[  106.024809][ T6065] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 00000000000000c8
[  106.024821][ T6065] RBP: 00007f52f9832d69 R08: 0000000000000000 R09: 0000000000000000
[  106.024834][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  106.024845][ T6065] R13: 00007f52f9a15fac R14: 00007f52f9a15fa0 R15: 00007f52f9a15fa0
[  106.024865][ T6065]  </TASK>
[  106.024876][ T6065] BUG: Bad page state in process syz.0.17  pfn:777f6
[  106.299315][ T6065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880777f6000 pfn:0x777f6
[  106.309497][ T6065] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  106.316656][ T6065] page_type: f9(unknown)
[  106.320927][ T6065] raw: 00fff00000000000 0000000000000000 ffff888022efe000 0000000000000000
[  106.329523][ T6065] raw: ffff8880777f6000 0000000000000001 00000000f9000000 0000000000000000
[  106.338163][ T6065] page dumped because: page_pool leak
[  106.343566][ T6065] page_owner tracks the page as allocated
[  106.349275][ T6065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6065, tgid 6065 (syz.0.17), ts 103015011544, free_ts 102570434837
[  106.366177][ T6065]  post_alloc_hook+0x231/0x280
[  106.370996][ T6065]  get_page_from_freelist+0x24ba/0x2540
[  106.376781][ T6065]  __alloc_frozen_pages_noprof+0x18d/0x380
[  106.382677][ T6065]  __alloc_pages_noprof+0x10/0x100
[  106.387823][ T6065]  alloc_pages_bulk_noprof+0x5ff/0x7c0
[  106.393325][ T6065]  __page_pool_alloc_netmems_slow+0x151/0x7b0
[  106.399394][ T6065]  skb_pp_cow_data+0xc91/0x19b0
[  106.404278][ T6065]  do_xdp_generic+0x76b/0x12e0
[  106.409072][ T6065]  tun_get_user+0x24ca/0x43e0
[  106.413804][ T6065]  tun_chr_write_iter+0x113/0x200
[  106.418876][ T6065]  vfs_write+0x61d/0xb90
[  106.423156][ T6065]  ksys_write+0x150/0x270
[  106.427515][ T6065]  do_syscall_64+0x15f/0xf80
[  106.432133][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.438040][ T6065] page last free pid 6056 tgid 6056 stack trace:
[  106.444389][ T6065]  __free_frozen_pages+0xbc7/0xd30
[  106.449520][ T6065]  rcu_core+0x7cd/0x1070
[  106.453795][ T6065]  handle_softirqs+0x22a/0x840
[  106.458583][ T6065]  __irq_exit_rcu+0xca/0x220
[  106.463206][ T6065]  irq_exit_rcu+0x9/0x30
[  106.467471][ T6065]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  106.473134][ T6065]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  106.479134][ T6065] Modules linked in:
[  106.483081][ T6065] CPU: 0 UID: 0 PID: 6065 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  106.483120][ T6065] Tainted: [B]=BAD_PAGE
[  106.483127][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  106.483138][ T6065] Call Trace:
[  106.483145][ T6065]  <TASK>
[  106.483153][ T6065]  dump_stack_lvl+0xe8/0x150
[  106.483185][ T6065]  bad_page+0x17f/0x1c0
[  106.483208][ T6065]  bpf_xdp_frags_shrink_tail+0x4da/0x7d0
[  106.483241][ T6065]  bpf_xdp_adjust_tail+0x1d6/0x220
[  106.483264][ T6065]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  106.483282][ T6065]  bpf_prog_run_generic_xdp+0x603/0x1490
[  106.483332][ T6065]  do_xdp_generic+0xac5/0x12e0
[  106.483354][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  106.483387][ T6065]  ? __pfx_do_xdp_generic+0x10/0x10
[  106.483414][ T6065]  ? tun_get_user+0x2394/0x43e0
[  106.483449][ T6065]  ? tun_get_user+0x2394/0x43e0
[  106.483476][ T6065]  tun_get_user+0x24ca/0x43e0
[  106.483509][ T6065]  ? aa_file_perm+0x192/0x15e0
[  106.483532][ T6065]  ? aa_file_perm+0x50e/0x15e0
[  106.483551][ T6065]  ? __pfx_tun_get_user+0x10/0x10
[  106.483579][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  106.483611][ T6065]  ? ref_tracker_alloc+0x35c/0x4c0
[  106.483633][ T6065]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  106.483653][ T6065]  ? tun_get+0x1c/0x2f0
[  106.483679][ T6065]  ? tun_get+0x1c/0x2f0
[  106.483708][ T6065]  ? tun_get+0x1c/0x2f0
[  106.483733][ T6065]  ? tun_get+0x1c/0x2f0
[  106.483761][ T6065]  tun_chr_write_iter+0x113/0x200
[  106.483789][ T6065]  vfs_write+0x61d/0xb90
[  106.483815][ T6065]  ? __pfx_vfs_write+0x10/0x10
[  106.483839][ T6065]  ? __pfx_do_futex+0x10/0x10
[  106.483864][ T6065]  ksys_write+0x150/0x270
[  106.483888][ T6065]  ? __pfx_ksys_write+0x10/0x10
[  106.483914][ T6065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.483934][ T6065]  do_syscall_64+0x15f/0xf80
[  106.483959][ T6065]  ? trace_irq_disable+0x3b/0x140
[  106.483984][ T6065]  ? clear_bhb_loop+0x40/0x90
[  106.484005][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.484023][ T6065] RIP: 0033:0x7f52f975d60e
[  106.484041][ T6065] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  106.484057][ T6065] RSP: 002b:00007fff962ec3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  106.484079][ T6065] RAX: ffffffffffffffda RBX: 0000555576f02500 RCX: 00007f52f975d60e
[  106.484094][ T6065] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 00000000000000c8
[  106.484106][ T6065] RBP: 00007f52f9832d69 R08: 0000000000000000 R09: 0000000000000000
[  106.484119][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  106.484131][ T6065] R13: 00007f52f9a15fac R14: 00007f52f9a15fa0 R15: 00007f52f9a15fa0
[  106.484151][ T6065]  </TASK>
[  106.484162][ T6065] BUG: Bad page state in process syz.0.17  pfn:775ae
[  106.758788][ T6065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880775aeb58 pfn:0x775ae
[  106.768874][ T6065] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  106.776019][ T6065] page_type: f9(unknown)
[  106.780378][ T6065] raw: 00fff00000000000 0000000000000000 ffff888022efe000 0000000000000000
[  106.788981][ T6065] raw: ffff8880775aeb58 0000000000000001 00000000f9000000 0000000000000000
[  106.797613][ T6065] page dumped because: page_pool leak
[  106.803022][ T6065] page_owner tracks the page as allocated
[  106.808747][ T6065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6065, tgid 6065 (syz.0.17), ts 103014992170, free_ts 102570454563
[  106.825650][ T6065]  post_alloc_hook+0x231/0x280
[  106.830449][ T6065]  get_page_from_freelist+0x24ba/0x2540
[  106.836084][ T6065]  __alloc_frozen_pages_noprof+0x18d/0x380
[  106.842102][ T6065]  __alloc_pages_noprof+0x10/0x100
[  106.847259][ T6065]  alloc_pages_bulk_noprof+0x5ff/0x7c0
[  106.852755][ T6065]  __page_pool_alloc_netmems_slow+0x151/0x7b0
[  106.858862][ T6065]  skb_pp_cow_data+0xc91/0x19b0
[  106.863788][ T6065]  do_xdp_generic+0x76b/0x12e0
[  106.868591][ T6065]  tun_get_user+0x24ca/0x43e0
[  106.873335][ T6065]  tun_chr_write_iter+0x113/0x200
[  106.878397][ T6065]  vfs_write+0x61d/0xb90
[  106.882858][ T6065]  ksys_write+0x150/0x270
[  106.887244][ T6065]  do_syscall_64+0x15f/0xf80
[  106.892002][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.897926][ T6065] page last free pid 6056 tgid 6056 stack trace:
[  106.904318][ T6065]  __free_frozen_pages+0xbc7/0xd30
[  106.909460][ T6065]  rcu_core+0x7cd/0x1070
[  106.913747][ T6065]  handle_softirqs+0x22a/0x840
[  106.918536][ T6065]  __irq_exit_rcu+0xca/0x220
[  106.923307][ T6065]  irq_exit_rcu+0x9/0x30
[  106.927577][ T6065]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  106.933359][ T6065]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  106.939393][ T6065] Modules linked in:
[  106.943367][ T6065] CPU: 0 UID: 0 PID: 6065 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  106.943394][ T6065] Tainted: [B]=BAD_PAGE
[  106.943399][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  106.943409][ T6065] Call Trace:
[  106.943416][ T6065]  <TASK>
[  106.943423][ T6065]  dump_stack_lvl+0xe8/0x150
[  106.943456][ T6065]  bad_page+0x17f/0x1c0
[  106.943477][ T6065]  bpf_xdp_frags_shrink_tail+0x4da/0x7d0
[  106.943507][ T6065]  bpf_xdp_adjust_tail+0x1d6/0x220
[  106.943527][ T6065]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  106.943545][ T6065]  bpf_prog_run_generic_xdp+0x603/0x1490
[  106.943581][ T6065]  do_xdp_generic+0xac5/0x12e0
[  106.943604][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  106.943638][ T6065]  ? __pfx_do_xdp_generic+0x10/0x10
[  106.943666][ T6065]  ? tun_get_user+0x2394/0x43e0
[  106.943700][ T6065]  ? tun_get_user+0x2394/0x43e0
[  106.943728][ T6065]  tun_get_user+0x24ca/0x43e0
[  106.943762][ T6065]  ? aa_file_perm+0x192/0x15e0
[  106.943785][ T6065]  ? aa_file_perm+0x50e/0x15e0
[  106.943805][ T6065]  ? __pfx_tun_get_user+0x10/0x10
[  106.943833][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  106.943866][ T6065]  ? ref_tracker_alloc+0x35c/0x4c0
[  106.943888][ T6065]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  106.943908][ T6065]  ? tun_get+0x1c/0x2f0
[  106.943935][ T6065]  ? tun_get+0x1c/0x2f0
[  106.943964][ T6065]  ? tun_get+0x1c/0x2f0
[  106.943990][ T6065]  ? tun_get+0x1c/0x2f0
[  106.944017][ T6065]  tun_chr_write_iter+0x113/0x200
[  106.944046][ T6065]  vfs_write+0x61d/0xb90
[  106.944071][ T6065]  ? __pfx_vfs_write+0x10/0x10
[  106.944094][ T6065]  ? __pfx_do_futex+0x10/0x10
[  106.944121][ T6065]  ksys_write+0x150/0x270
[  106.944143][ T6065]  ? __pfx_ksys_write+0x10/0x10
[  106.944167][ T6065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.944185][ T6065]  do_syscall_64+0x15f/0xf80
[  106.944210][ T6065]  ? trace_irq_disable+0x3b/0x140
[  106.944236][ T6065]  ? clear_bhb_loop+0x40/0x90
[  106.944256][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.944285][ T6065] RIP: 0033:0x7f52f975d60e
[  106.944303][ T6065] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  106.944318][ T6065] RSP: 002b:00007fff962ec3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  106.944339][ T6065] RAX: ffffffffffffffda RBX: 0000555576f02500 RCX: 00007f52f975d60e
[  106.944353][ T6065] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 00000000000000c8
[  106.944366][ T6065] RBP: 00007f52f9832d69 R08: 0000000000000000 R09: 0000000000000000
[  106.944378][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  106.944389][ T6065] R13: 00007f52f9a15fac R14: 00007f52f9a15fa0 R15: 00007f52f9a15fa0
[  106.944409][ T6065]  </TASK>
[  106.944420][ T6065] BUG: Bad page state in process syz.0.17  pfn:76c10
[  107.218753][ T6065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888076c10000 pfn:0x76c10
[  107.228878][ T6065] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  107.236032][ T6065] page_type: f9(unknown)
[  107.240341][ T6065] raw: 00fff00000000000 0000000000000000 ffff888022efe000 0000000000000000
[  107.248933][ T6065] raw: ffff888076c10000 0000000000000001 00000000f9000000 0000000000000000
[  107.257547][ T6065] page dumped because: page_pool leak
[  107.262962][ T6065] page_owner tracks the page as allocated
[  107.268669][ T6065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6065, tgid 6065 (syz.0.17), ts 103014972281, free_ts 102570474620
[  107.285529][ T6065]  post_alloc_hook+0x231/0x280
[  107.290333][ T6065]  get_page_from_freelist+0x24ba/0x2540
[  107.295880][ T6065]  __alloc_frozen_pages_noprof+0x18d/0x380
[  107.301707][ T6065]  __alloc_pages_noprof+0x10/0x100
[  107.306838][ T6065]  alloc_pages_bulk_noprof+0x5ff/0x7c0
[  107.312333][ T6065]  __page_pool_alloc_netmems_slow+0x151/0x7b0
[  107.318438][ T6065]  skb_pp_cow_data+0xc91/0x19b0
[  107.323342][ T6065]  do_xdp_generic+0x76b/0x12e0
[  107.328138][ T6065]  tun_get_user+0x24ca/0x43e0
[  107.332884][ T6065]  tun_chr_write_iter+0x113/0x200
[  107.337945][ T6065]  vfs_write+0x61d/0xb90
[  107.342318][ T6065]  ksys_write+0x150/0x270
[  107.346673][ T6065]  do_syscall_64+0x15f/0xf80
[  107.351419][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.357336][ T6065] page last free pid 6056 tgid 6056 stack trace:
[  107.363730][ T6065]  __free_frozen_pages+0xbc7/0xd30
[  107.368974][ T6065]  rcu_core+0x7cd/0x1070
[  107.373371][ T6065]  handle_softirqs+0x22a/0x840
[  107.378223][ T6065]  __irq_exit_rcu+0xca/0x220
[  107.383099][ T6065]  irq_exit_rcu+0x9/0x30
[  107.387430][ T6065]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  107.393105][ T6065]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  107.399115][ T6065] Modules linked in:
[  107.403075][ T6065] CPU: 0 UID: 0 PID: 6065 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  107.403123][ T6065] Tainted: [B]=BAD_PAGE
[  107.403130][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  107.403140][ T6065] Call Trace:
[  107.403146][ T6065]  <TASK>
[  107.403153][ T6065]  dump_stack_lvl+0xe8/0x150
[  107.403186][ T6065]  bad_page+0x17f/0x1c0
[  107.403207][ T6065]  bpf_xdp_frags_shrink_tail+0x4da/0x7d0
[  107.403271][ T6065]  bpf_xdp_adjust_tail+0x1d6/0x220
[  107.403293][ T6065]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  107.403311][ T6065]  bpf_prog_run_generic_xdp+0x603/0x1490
[  107.403348][ T6065]  do_xdp_generic+0xac5/0x12e0
[  107.403371][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  107.403404][ T6065]  ? __pfx_do_xdp_generic+0x10/0x10
[  107.403431][ T6065]  ? tun_get_user+0x2394/0x43e0
[  107.403465][ T6065]  ? tun_get_user+0x2394/0x43e0
[  107.403491][ T6065]  tun_get_user+0x24ca/0x43e0
[  107.403523][ T6065]  ? aa_file_perm+0x192/0x15e0
[  107.403545][ T6065]  ? aa_file_perm+0x50e/0x15e0
[  107.403565][ T6065]  ? __pfx_tun_get_user+0x10/0x10
[  107.403593][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  107.403625][ T6065]  ? ref_tracker_alloc+0x35c/0x4c0
[  107.403647][ T6065]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  107.403667][ T6065]  ? tun_get+0x1c/0x2f0
[  107.403693][ T6065]  ? tun_get+0x1c/0x2f0
[  107.403721][ T6065]  ? tun_get+0x1c/0x2f0
[  107.403747][ T6065]  ? tun_get+0x1c/0x2f0
[  107.403774][ T6065]  tun_chr_write_iter+0x113/0x200
[  107.403803][ T6065]  vfs_write+0x61d/0xb90
[  107.403829][ T6065]  ? __pfx_vfs_write+0x10/0x10
[  107.403851][ T6065]  ? __pfx_do_futex+0x10/0x10
[  107.403877][ T6065]  ksys_write+0x150/0x270
[  107.403901][ T6065]  ? __pfx_ksys_write+0x10/0x10
[  107.403925][ T6065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.403945][ T6065]  do_syscall_64+0x15f/0xf80
[  107.403971][ T6065]  ? trace_irq_disable+0x3b/0x140
[  107.403994][ T6065]  ? clear_bhb_loop+0x40/0x90
[  107.404015][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.404034][ T6065] RIP: 0033:0x7f52f975d60e
[  107.404052][ T6065] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  107.404068][ T6065] RSP: 002b:00007fff962ec3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  107.404089][ T6065] RAX: ffffffffffffffda RBX: 0000555576f02500 RCX: 00007f52f975d60e
[  107.404104][ T6065] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 00000000000000c8
[  107.404116][ T6065] RBP: 00007f52f9832d69 R08: 0000000000000000 R09: 0000000000000000
[  107.404128][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  107.404139][ T6065] R13: 00007f52f9a15fac R14: 00007f52f9a15fa0 R15: 00007f52f9a15fa0
[  107.404159][ T6065]  </TASK>
[  107.404170][ T6065] BUG: Bad page state in process syz.0.17  pfn:760e1
[  107.680523][ T6065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880760e1000 pfn:0x760e1
[  107.690713][ T6065] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  107.697927][ T6065] page_type: f9(unknown)
[  107.702229][ T6065] raw: 00fff00000000000 0000000000000000 ffff888022efe000 0000000000000000
[  107.710883][ T6065] raw: ffff8880760e1000 0000000000000001 00000000f9000000 0000000000000000
[  107.719456][ T6065] page dumped because: page_pool leak
[  107.724851][ T6065] page_owner tracks the page as allocated
[  107.730617][ T6065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6065, tgid 6065 (syz.0.17), ts 103014952731, free_ts 103000185037
[  107.747557][ T6065]  post_alloc_hook+0x231/0x280
[  107.752436][ T6065]  get_page_from_freelist+0x24ba/0x2540
[  107.757985][ T6065]  __alloc_frozen_pages_noprof+0x18d/0x380
[  107.763821][ T6065]  __alloc_pages_noprof+0x10/0x100
[  107.769039][ T6065]  alloc_pages_bulk_noprof+0x5ff/0x7c0
[  107.774531][ T6065]  __page_pool_alloc_netmems_slow+0x151/0x7b0
[  107.780654][ T6065]  skb_pp_cow_data+0xc91/0x19b0
[  107.785529][ T6065]  do_xdp_generic+0x76b/0x12e0
[  107.790337][ T6065]  tun_get_user+0x24ca/0x43e0
[  107.795050][ T6065]  tun_chr_write_iter+0x113/0x200
[  107.800154][ T6065]  vfs_write+0x61d/0xb90
[  107.804427][ T6065]  ksys_write+0x150/0x270
[  107.808768][ T6065]  do_syscall_64+0x15f/0xf80
[  107.813396][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.819337][ T6065] page last free pid 6065 tgid 6065 stack trace:
[  107.825979][ T6065]  __free_frozen_pages+0xbc7/0xd30
[  107.831257][ T6065]  rcu_core+0x7cd/0x1070
[  107.835665][ T6065]  handle_softirqs+0x22a/0x840
[  107.840633][ T6065]  __irq_exit_rcu+0xca/0x220
[  107.845250][ T6065]  irq_exit_rcu+0x9/0x30
[  107.849517][ T6065]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  107.855196][ T6065]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  107.861227][ T6065] Modules linked in:
[  107.865163][ T6065] CPU: 0 UID: 0 PID: 6065 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  107.865181][ T6065] Tainted: [B]=BAD_PAGE
[  107.865186][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  107.865193][ T6065] Call Trace:
[  107.865198][ T6065]  <TASK>
[  107.865203][ T6065]  dump_stack_lvl+0xe8/0x150
[  107.865224][ T6065]  bad_page+0x17f/0x1c0
[  107.865238][ T6065]  bpf_xdp_frags_shrink_tail+0x4da/0x7d0
[  107.865258][ T6065]  bpf_xdp_adjust_tail+0x1d6/0x220
[  107.865272][ T6065]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  107.865290][ T6065]  bpf_prog_run_generic_xdp+0x603/0x1490
[  107.865311][ T6065]  do_xdp_generic+0xac5/0x12e0
[  107.865325][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  107.865345][ T6065]  ? __pfx_do_xdp_generic+0x10/0x10
[  107.865361][ T6065]  ? tun_get_user+0x2394/0x43e0
[  107.865382][ T6065]  ? tun_get_user+0x2394/0x43e0
[  107.865399][ T6065]  tun_get_user+0x24ca/0x43e0
[  107.865419][ T6065]  ? aa_file_perm+0x192/0x15e0
[  107.865432][ T6065]  ? aa_file_perm+0x50e/0x15e0
[  107.865444][ T6065]  ? __pfx_tun_get_user+0x10/0x10
[  107.865461][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  107.865481][ T6065]  ? ref_tracker_alloc+0x35c/0x4c0
[  107.865493][ T6065]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  107.865505][ T6065]  ? tun_get+0x1c/0x2f0
[  107.865522][ T6065]  ? tun_get+0x1c/0x2f0
[  107.865539][ T6065]  ? tun_get+0x1c/0x2f0
[  107.865554][ T6065]  ? tun_get+0x1c/0x2f0
[  107.865571][ T6065]  tun_chr_write_iter+0x113/0x200
[  107.865588][ T6065]  vfs_write+0x61d/0xb90
[  107.865604][ T6065]  ? __pfx_vfs_write+0x10/0x10
[  107.865618][ T6065]  ? __pfx_do_futex+0x10/0x10
[  107.865633][ T6065]  ksys_write+0x150/0x270
[  107.865647][ T6065]  ? __pfx_ksys_write+0x10/0x10
[  107.865662][ T6065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.865674][ T6065]  do_syscall_64+0x15f/0xf80
[  107.865691][ T6065]  ? trace_irq_disable+0x3b/0x140
[  107.865706][ T6065]  ? clear_bhb_loop+0x40/0x90
[  107.865718][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.865730][ T6065] RIP: 0033:0x7f52f975d60e
[  107.865741][ T6065] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  107.865751][ T6065] RSP: 002b:00007fff962ec3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  107.865765][ T6065] RAX: ffffffffffffffda RBX: 0000555576f02500 RCX: 00007f52f975d60e
[  107.865773][ T6065] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 00000000000000c8
[  107.865781][ T6065] RBP: 00007f52f9832d69 R08: 0000000000000000 R09: 0000000000000000
[  107.865788][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  107.865796][ T6065] R13: 00007f52f9a15fac R14: 00007f52f9a15fa0 R15: 00007f52f9a15fa0
[  107.865808][ T6065]  </TASK>
[  107.865816][ T6065] BUG: Bad page state in process syz.0.17  pfn:76119
[  107.890767][ T5162] Bluetooth: hci0: command tx timeout
[  108.146291][ T6065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888076119c80 pfn:0x76119
[  108.156394][ T6065] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  108.163542][ T6065] page_type: f9(unknown)
[  108.167781][ T6065] raw: 00fff00000000000 0000000000000000 ffff888022efe000 0000000000000000
[  108.176478][ T6065] raw: ffff888076119c80 0000000000000001 00000000f9000000 0000000000000000
[  108.185375][ T6065] page dumped because: page_pool leak
[  108.190783][ T6065] page_owner tracks the page as allocated
[  108.196509][ T6065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6065, tgid 6065 (syz.0.17), ts 103014933056, free_ts 103000300922
[  108.213392][ T6065]  post_alloc_hook+0x231/0x280
[  108.218199][ T6065]  get_page_from_freelist+0x24ba/0x2540
[  108.223825][ T6065]  __alloc_frozen_pages_noprof+0x18d/0x380
[  108.229659][ T6065]  __alloc_pages_noprof+0x10/0x100
[  108.234836][ T6065]  alloc_pages_bulk_noprof+0x5ff/0x7c0
[  108.240443][ T6065]  __page_pool_alloc_netmems_slow+0x151/0x7b0
[  108.246528][ T6065]  skb_pp_cow_data+0xc91/0x19b0
[  108.251490][ T6065]  do_xdp_generic+0x76b/0x12e0
[  108.256270][ T6065]  tun_get_user+0x24ca/0x43e0
[  108.261069][ T6065]  tun_chr_write_iter+0x113/0x200
[  108.266140][ T6065]  vfs_write+0x61d/0xb90
[  108.270413][ T6065]  ksys_write+0x150/0x270
[  108.274776][ T6065]  do_syscall_64+0x15f/0xf80
[  108.279376][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.285324][ T6065] page last free pid 6065 tgid 6065 stack trace:
[  108.291775][ T6065]  __free_frozen_pages+0xbc7/0xd30
[  108.296977][ T6065]  rcu_core+0x7cd/0x1070
[  108.301271][ T6065]  handle_softirqs+0x22a/0x840
[  108.306056][ T6065]  __irq_exit_rcu+0xca/0x220
[  108.310695][ T6065]  irq_exit_rcu+0x9/0x30
[  108.314959][ T6065]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  108.320615][ T6065]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  108.326624][ T6065] Modules linked in:
[  108.330553][ T6065] CPU: 0 UID: 0 PID: 6065 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  108.330581][ T6065] Tainted: [B]=BAD_PAGE
[  108.330587][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  108.330599][ T6065] Call Trace:
[  108.330606][ T6065]  <TASK>
[  108.330614][ T6065]  dump_stack_lvl+0xe8/0x150
[  108.330645][ T6065]  bad_page+0x17f/0x1c0
[  108.330666][ T6065]  bpf_xdp_frags_shrink_tail+0x4da/0x7d0
[  108.330699][ T6065]  bpf_xdp_adjust_tail+0x1d6/0x220
[  108.330722][ T6065]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  108.330740][ T6065]  bpf_prog_run_generic_xdp+0x603/0x1490
[  108.330777][ T6065]  do_xdp_generic+0xac5/0x12e0
[  108.330800][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  108.330833][ T6065]  ? __pfx_do_xdp_generic+0x10/0x10
[  108.330860][ T6065]  ? tun_get_user+0x2394/0x43e0
[  108.330893][ T6065]  ? tun_get_user+0x2394/0x43e0
[  108.330920][ T6065]  tun_get_user+0x24ca/0x43e0
[  108.330953][ T6065]  ? aa_file_perm+0x192/0x15e0
[  108.330976][ T6065]  ? aa_file_perm+0x50e/0x15e0
[  108.330996][ T6065]  ? __pfx_tun_get_user+0x10/0x10
[  108.331024][ T6065]  ? __lock_acquire+0x6b5/0x2cf0
[  108.331057][ T6065]  ? ref_tracker_alloc+0x35c/0x4c0
[  108.331079][ T6065]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  108.331099][ T6065]  ? tun_get+0x1c/0x2f0
[  108.331125][ T6065]  ? tun_get+0x1c/0x2f0
[  108.331154][ T6065]  ? tun_get+0x1c/0x2f0
[  108.331180][ T6065]  ? tun_get+0x1c/0x2f0
[  108.331208][ T6065]  tun_chr_write_iter+0x113/0x200
[  108.331237][ T6065]  vfs_write+0x61d/0xb90
[  108.331272][ T6065]  ? __pfx_vfs_write+0x10/0x10
[  108.331296][ T6065]  ? __pfx_do_futex+0x10/0x10
[  108.331320][ T6065]  ksys_write+0x150/0x270
[  108.331344][ T6065]  ? __pfx_ksys_write+0x10/0x10
[  108.331369][ T6065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.331389][ T6065]  do_syscall_64+0x15f/0xf80
[  108.331413][ T6065]  ? trace_irq_disable+0x3b/0x140
[  108.331438][ T6065]  ? clear_bhb_loop+0x40/0x90
[  108.331459][ T6065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.331477][ T6065] RIP: 0033:0x7f52f975d60e
[  108.331495][ T6065] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  108.331511][ T6065] RSP: 002b:00007fff962ec3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  108.331532][ T6065] RAX: ffffffffffffffda RBX: 0000555576f02500 RCX: 00007f52f975d60e
[  108.331546][ T6065] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 00000000000000c8
[  108.331559][ T6065] RBP: 00007f52f9832d69 R08: 0000000000000000 R09: 0000000000000000
[  108.331570][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  108.331581][ T6065] R13: 00007f52f9a15fac R14: 00007f52f9a15fa0 R15: 00007f52f9a15fa0
[  108.331602][ T6065]  </TASK>