program:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f0000000a80)=ANY=[], 0x0)

[   68.322166][ T5310] Bluetooth: hci0: command tx timeout
[   68.370632][ T5325] BUG: Bad page state in process syz.0.0  pfn:52f0c
[   68.377825][ T5325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52f0c
[   68.383740][ T5325] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   68.387299][ T5325] raw: 04fff00000000000 dead000000000040 ffff88801d5e9000 0000000000000000
[   68.390740][ T5325] raw: 0000000000000000 3fffffffffffffff 00000000ffffffff 0000000000000000
[   68.393997][ T5325] page dumped because: page_pool leak
[   68.396220][ T5325] page_owner tracks the page as allocated
[   68.398645][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5325, tgid 5324 (syz.0.0), ts 68370507365, free_ts 0
[   68.404771][ T5325]  post_alloc_hook+0x1f4/0x240
[   68.406958][ T5325]  get_page_from_freelist+0x365c/0x37a0
[   68.409275][ T5325]  __alloc_frozen_pages_noprof+0x292/0x710
[   68.411625][ T5325]  alloc_pages_bulk_noprof+0x847/0xae0
[   68.413703][ T5325]  __page_pool_alloc_pages_slow+0x11f/0x690
[   68.416213][ T5325]  page_pool_alloc_frag_netmem+0x59c/0x940
[   68.418545][ T5325]  skb_pp_cow_data+0xcea/0x1720
[   68.420617][ T5325]  do_xdp_generic+0x505/0xd30
[   68.422534][ T5325]  tun_get_user+0x2a4b/0x4860
[   68.424600][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   68.426612][ T5325]  vfs_write+0xacf/0xd10
[   68.428310][ T5325]  ksys_write+0x18f/0x2b0
[   68.430047][ T5325]  do_syscall_64+0xf3/0x230
[   68.431899][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.434402][ T5325] page_owner free stack trace missing
[   68.437074][ T5325] Modules linked in:
[   68.438750][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.14.0-syzkaller-00624-g2f2d52945852 #0
[   68.438767][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.438774][ T5325] Call Trace:
[   68.438781][ T5325]  <TASK>
[   68.438790][ T5325]  dump_stack_lvl+0x241/0x360
[   68.438806][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.438818][ T5325]  ? __pfx_print_modules+0x10/0x10
[   68.438841][ T5325]  bad_page+0x176/0x1d0
[   68.438857][ T5325]  free_frozen_pages+0x1082/0x10e0
[   68.438877][ T5325]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   68.438903][ T5325]  bpf_xdp_adjust_tail+0x1c6/0x210
[   68.438922][ T5325]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   68.438933][ T5325]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   68.438960][ T5325]  do_xdp_generic+0x757/0xd30
[   68.438970][ T5325]  ? __pfx_do_xdp_generic+0x10/0x10
[   68.438979][ T5325]  ? __local_bh_disable_ip+0x179/0x220
[   68.438995][ T5325]  ? __pfx_eth_type_trans+0x10/0x10
[   68.439012][ T5325]  ? tun_get_user+0x2914/0x4860
[   68.439029][ T5325]  tun_get_user+0x2a4b/0x4860
[   68.439054][ T5325]  ? __lock_acquire+0x1397/0x2100
[   68.439075][ T5325]  ? __pfx_tun_get_user+0x10/0x10
[   68.439102][ T5325]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   68.439119][ T5325]  ? tun_get+0x1e/0x2f0
[   68.439133][ T5325]  ? __pfx_lock_release+0x10/0x10
[   68.439186][ T5325]  ? tun_get+0x1e/0x2f0
[   68.439205][ T5325]  ? tun_get+0x27d/0x2f0
[   68.439222][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   68.439244][ T5325]  vfs_write+0xacf/0xd10
[   68.439259][ T5325]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   68.439282][ T5325]  ? __pfx_vfs_write+0x10/0x10
[   68.439295][ T5325]  ? __fget_files+0x2a/0x420
[   68.439315][ T5325]  ? __fget_files+0x2a/0x420
[   68.439336][ T5325]  ksys_write+0x18f/0x2b0
[   68.439349][ T5325]  ? __pfx_ksys_write+0x10/0x10
[   68.439368][ T5325]  ? exc_page_fault+0x590/0x8b0
[   68.439385][ T5325]  ? do_syscall_64+0xb6/0x230
[   68.439403][ T5325]  do_syscall_64+0xf3/0x230
[   68.439418][ T5325]  ? clear_bhb_loop+0x35/0x90
[   68.439437][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.439451][ T5325] RIP: 0033:0x7f6df9b8bc1f
[   68.439463][ T5325] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   68.439472][ T5325] RSP: 002b:00007f6dfaab6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   68.439484][ T5325] RAX: ffffffffffffffda RBX: 00007f6df9da5fa0 RCX: 00007f6df9b8bc1f
[   68.439492][ T5325] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   68.439501][ T5325] RBP: 00007f6df9c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   68.439506][ T5325] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   68.439513][ T5325] R13: 0000000000000000 R14: 00007f6df9da5fa0 R15: 00007ffeaa968ba8
[   68.439529][ T5325]  </TASK>
[   68.439534][ T5325] Disabling lock debugging due to kernel taint
[   68.553262][ T5325] BUG: Bad page state in process syz.0.0  pfn:52f0b
[   68.556060][ T5325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52f0b
[   68.559530][ T5325] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   68.562407][ T5325] raw: 04fff00000000000 dead000000000040 ffff88801d5e9000 0000000000000000
[   68.566035][ T5325] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   68.569561][ T5325] page dumped because: page_pool leak
[   68.571791][ T5325] page_owner tracks the page as allocated
[   68.574131][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5325, tgid 5324 (syz.0.0), ts 68370499752, free_ts 0
[   68.580365][ T5325]  post_alloc_hook+0x1f4/0x240
[   68.582117][ T5325]  get_page_from_freelist+0x365c/0x37a0
[   68.584361][ T5325]  __alloc_frozen_pages_noprof+0x292/0x710
[   68.586620][ T5325]  alloc_pages_bulk_noprof+0x847/0xae0
[   68.588594][ T5325]  __page_pool_alloc_pages_slow+0x11f/0x690
[   68.590764][ T5325]  skb_pp_cow_data+0xcc8/0x1720
[   68.592546][ T5325]  do_xdp_generic+0x505/0xd30
[   68.594344][ T5325]  tun_get_user+0x2a4b/0x4860
[   68.596243][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   68.598171][ T5325]  vfs_write+0xacf/0xd10
[   68.599855][ T5325]  ksys_write+0x18f/0x2b0
[   68.601530][ T5325]  do_syscall_64+0xf3/0x230
[   68.608513][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.611028][ T5325] page_owner free stack trace missing
[   68.613316][ T5325] Modules linked in:
[   68.614928][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   68.614947][ T5325] Tainted: [B]=BAD_PAGE
[   68.614985][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.614995][ T5325] Call Trace:
[   68.615084][ T5325]  <TASK>
[   68.615097][ T5325]  dump_stack_lvl+0x241/0x360
[   68.615114][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.615125][ T5325]  ? __pfx_print_modules+0x10/0x10
[   68.615145][ T5325]  bad_page+0x176/0x1d0
[   68.615181][ T5325]  free_frozen_pages+0x1082/0x10e0
[   68.615200][ T5325]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   68.615326][ T5325]  bpf_xdp_adjust_tail+0x1c6/0x210
[   68.615342][ T5325]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   68.615354][ T5325]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   68.615378][ T5325]  do_xdp_generic+0x757/0xd30
[   68.615390][ T5325]  ? __pfx_do_xdp_generic+0x10/0x10
[   68.615402][ T5325]  ? __local_bh_disable_ip+0x179/0x220
[   68.615415][ T5325]  ? __pfx_eth_type_trans+0x10/0x10
[   68.615430][ T5325]  ? tun_get_user+0x2914/0x4860
[   68.615453][ T5325]  tun_get_user+0x2a4b/0x4860
[   68.615526][ T5325]  ? __lock_acquire+0x1397/0x2100
[   68.615548][ T5325]  ? __pfx_tun_get_user+0x10/0x10
[   68.615567][ T5325]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   68.615583][ T5325]  ? tun_get+0x1e/0x2f0
[   68.615597][ T5325]  ? __pfx_lock_release+0x10/0x10
[   68.615612][ T5325]  ? tun_get+0x1e/0x2f0
[   68.615627][ T5325]  ? tun_get+0x27d/0x2f0
[   68.615640][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   68.615656][ T5325]  vfs_write+0xacf/0xd10
[   68.615668][ T5325]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   68.615683][ T5325]  ? __pfx_vfs_write+0x10/0x10
[   68.615694][ T5325]  ? __fget_files+0x2a/0x420
[   68.615715][ T5325]  ? __fget_files+0x2a/0x420
[   68.615731][ T5325]  ksys_write+0x18f/0x2b0
[   68.615742][ T5325]  ? __pfx_ksys_write+0x10/0x10
[   68.615752][ T5325]  ? exc_page_fault+0x590/0x8b0
[   68.615765][ T5325]  ? do_syscall_64+0xb6/0x230
[   68.615781][ T5325]  do_syscall_64+0xf3/0x230
[   68.615795][ T5325]  ? clear_bhb_loop+0x35/0x90
[   68.615811][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.615828][ T5325] RIP: 0033:0x7f6df9b8bc1f
[   68.615845][ T5325] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   68.615856][ T5325] RSP: 002b:00007f6dfaab6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   68.615868][ T5325] RAX: ffffffffffffffda RBX: 00007f6df9da5fa0 RCX: 00007f6df9b8bc1f
[   68.615877][ T5325] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   68.615886][ T5325] RBP: 00007f6df9c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   68.615893][ T5325] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   68.615900][ T5325] R13: 0000000000000000 R14: 00007f6df9da5fa0 R15: 00007ffeaa968ba8
[   68.615911][ T5325]  </TASK>
[   68.615930][ T5325] BUG: Bad page state in process syz.0.0  pfn:52f0a
[   68.728835][ T5325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52f0a
[   68.731801][ T5325] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   68.734180][ T5325] raw: 04fff00000000000 dead000000000040 ffff88801d5e9000 0000000000000000
[   68.737180][ T5325] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   68.740177][ T5325] page dumped because: page_pool leak
[   68.742384][ T5325] page_owner tracks the page as allocated
[   68.744619][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5325, tgid 5324 (syz.0.0), ts 68370492745, free_ts 0
[   68.749961][ T5325]  post_alloc_hook+0x1f4/0x240
[   68.751498][ T5325]  get_page_from_freelist+0x365c/0x37a0
[   68.753575][ T5325]  __alloc_frozen_pages_noprof+0x292/0x710
[   68.755724][ T5325]  alloc_pages_bulk_noprof+0x847/0xae0
[   68.757729][ T5325]  __page_pool_alloc_pages_slow+0x11f/0x690
[   68.760098][ T5325]  skb_pp_cow_data+0xcc8/0x1720
[   68.762046][ T5325]  do_xdp_generic+0x505/0xd30
[   68.764153][ T5325]  tun_get_user+0x2a4b/0x4860
[   68.766128][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   68.768160][ T5325]  vfs_write+0xacf/0xd10
[   68.769945][ T5325]  ksys_write+0x18f/0x2b0
[   68.771731][ T5325]  do_syscall_64+0xf3/0x230
[   68.773734][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.776015][ T5325] page_owner free stack trace missing
[   68.778181][ T5325] Modules linked in:
[   68.779783][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   68.779800][ T5325] Tainted: [B]=BAD_PAGE
[   68.779804][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.779811][ T5325] Call Trace:
[   68.779818][ T5325]  <TASK>
[   68.779824][ T5325]  dump_stack_lvl+0x241/0x360
[   68.779840][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.779851][ T5325]  ? __pfx_print_modules+0x10/0x10
[   68.779873][ T5325]  bad_page+0x176/0x1d0
[   68.779888][ T5325]  free_frozen_pages+0x1082/0x10e0
[   68.779907][ T5325]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   68.779926][ T5325]  bpf_xdp_adjust_tail+0x1c6/0x210
[   68.779942][ T5325]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   68.779954][ T5325]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   68.779980][ T5325]  do_xdp_generic+0x757/0xd30
[   68.779991][ T5325]  ? __pfx_do_xdp_generic+0x10/0x10
[   68.780002][ T5325]  ? __local_bh_disable_ip+0x179/0x220
[   68.780015][ T5325]  ? __pfx_eth_type_trans+0x10/0x10
[   68.780029][ T5325]  ? tun_get_user+0x2914/0x4860
[   68.780045][ T5325]  tun_get_user+0x2a4b/0x4860
[   68.780064][ T5325]  ? __lock_acquire+0x1397/0x2100
[   68.780080][ T5325]  ? __pfx_tun_get_user+0x10/0x10
[   68.780100][ T5325]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   68.780116][ T5325]  ? tun_get+0x1e/0x2f0
[   68.780131][ T5325]  ? __pfx_lock_release+0x10/0x10
[   68.780151][ T5325]  ? tun_get+0x1e/0x2f0
[   68.780165][ T5325]  ? tun_get+0x27d/0x2f0
[   68.780175][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   68.780190][ T5325]  vfs_write+0xacf/0xd10
[   68.780203][ T5325]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   68.780217][ T5325]  ? __pfx_vfs_write+0x10/0x10
[   68.780227][ T5325]  ? __fget_files+0x2a/0x420
[   68.780243][ T5325]  ? __fget_files+0x2a/0x420
[   68.780258][ T5325]  ksys_write+0x18f/0x2b0
[   68.780268][ T5325]  ? __pfx_ksys_write+0x10/0x10
[   68.780278][ T5325]  ? exc_page_fault+0x590/0x8b0
[   68.780292][ T5325]  ? do_syscall_64+0xb6/0x230
[   68.780306][ T5325]  do_syscall_64+0xf3/0x230
[   68.780320][ T5325]  ? clear_bhb_loop+0x35/0x90
[   68.780338][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.780352][ T5325] RIP: 0033:0x7f6df9b8bc1f
[   68.780362][ T5325] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   68.780371][ T5325] RSP: 002b:00007f6dfaab6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   68.780383][ T5325] RAX: ffffffffffffffda RBX: 00007f6df9da5fa0 RCX: 00007f6df9b8bc1f
[   68.780392][ T5325] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   68.780399][ T5325] RBP: 00007f6df9c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   68.780406][ T5325] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   68.780412][ T5325] R13: 0000000000000000 R14: 00007f6df9da5fa0 R15: 00007ffeaa968ba8
[   68.780423][ T5325]  </TASK>
[   68.780432][ T5325] BUG: Bad page state in process syz.0.0  pfn:52f09
[   68.893385][ T5325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52f09
[   68.896784][ T5325] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   68.899629][ T5325] raw: 04fff00000000000 dead000000000040 ffff88801d5e9000 0000000000000000
[   68.903115][ T5325] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   68.906479][ T5325] page dumped because: page_pool leak
[   68.908595][ T5325] page_owner tracks the page as allocated
[   68.910844][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5325, tgid 5324 (syz.0.0), ts 68370485234, free_ts 0
[   68.916920][ T5325]  post_alloc_hook+0x1f4/0x240
[   68.918833][ T5325]  get_page_from_freelist+0x365c/0x37a0
[   68.921007][ T5325]  __alloc_frozen_pages_noprof+0x292/0x710
[   68.923366][ T5325]  alloc_pages_bulk_noprof+0x847/0xae0
[   68.925467][ T5325]  __page_pool_alloc_pages_slow+0x11f/0x690
[   68.927948][ T5325]  skb_pp_cow_data+0xcc8/0x1720
[   68.929944][ T5325]  do_xdp_generic+0x505/0xd30
[   68.931901][ T5325]  tun_get_user+0x2a4b/0x4860
[   68.933918][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   68.935916][ T5325]  vfs_write+0xacf/0xd10
[   68.937584][ T5325]  ksys_write+0x18f/0x2b0
[   68.939217][ T5325]  do_syscall_64+0xf3/0x230
[   68.941131][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.943535][ T5325] page_owner free stack trace missing
[   68.945812][ T5325] Modules linked in:
[   68.947434][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   68.947453][ T5325] Tainted: [B]=BAD_PAGE
[   68.947457][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.947465][ T5325] Call Trace:
[   68.947471][ T5325]  <TASK>
[   68.947477][ T5325]  dump_stack_lvl+0x241/0x360
[   68.947495][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.947507][ T5325]  ? __pfx_print_modules+0x10/0x10
[   68.947526][ T5325]  bad_page+0x176/0x1d0
[   68.947539][ T5325]  free_frozen_pages+0x1082/0x10e0
[   68.947559][ T5325]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   68.947579][ T5325]  bpf_xdp_adjust_tail+0x1c6/0x210
[   68.947593][ T5325]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   68.947603][ T5325]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   68.947627][ T5325]  do_xdp_generic+0x757/0xd30
[   68.947639][ T5325]  ? __pfx_do_xdp_generic+0x10/0x10
[   68.947651][ T5325]  ? __local_bh_disable_ip+0x179/0x220
[   68.947664][ T5325]  ? __pfx_eth_type_trans+0x10/0x10
[   68.947677][ T5325]  ? tun_get_user+0x2914/0x4860
[   68.947693][ T5325]  tun_get_user+0x2a4b/0x4860
[   68.947713][ T5325]  ? __lock_acquire+0x1397/0x2100
[   68.947731][ T5325]  ? __pfx_tun_get_user+0x10/0x10
[   68.947750][ T5325]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   68.947765][ T5325]  ? tun_get+0x1e/0x2f0
[   68.947779][ T5325]  ? __pfx_lock_release+0x10/0x10
[   68.947797][ T5325]  ? tun_get+0x1e/0x2f0
[   68.947814][ T5325]  ? tun_get+0x27d/0x2f0
[   68.947829][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   68.947846][ T5325]  vfs_write+0xacf/0xd10
[   68.947859][ T5325]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   68.947881][ T5325]  ? __pfx_vfs_write+0x10/0x10
[   68.947893][ T5325]  ? __fget_files+0x2a/0x420
[   68.947909][ T5325]  ? __fget_files+0x2a/0x420
[   68.947926][ T5325]  ksys_write+0x18f/0x2b0
[   68.947937][ T5325]  ? __pfx_ksys_write+0x10/0x10
[   68.947947][ T5325]  ? exc_page_fault+0x590/0x8b0
[   68.947961][ T5325]  ? do_syscall_64+0xb6/0x230
[   68.947975][ T5325]  do_syscall_64+0xf3/0x230
[   68.947988][ T5325]  ? clear_bhb_loop+0x35/0x90
[   68.948004][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.948020][ T5325] RIP: 0033:0x7f6df9b8bc1f
[   68.948030][ T5325] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   68.948039][ T5325] RSP: 002b:00007f6dfaab6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   68.948052][ T5325] RAX: ffffffffffffffda RBX: 00007f6df9da5fa0 RCX: 00007f6df9b8bc1f
[   68.948060][ T5325] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   68.948068][ T5325] RBP: 00007f6df9c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   68.948075][ T5325] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   68.948082][ T5325] R13: 0000000000000000 R14: 00007f6df9da5fa0 R15: 00007ffeaa968ba8
[   68.948093][ T5325]  </TASK>
[   68.948101][ T5325] BUG: Bad page state in process syz.0.0  pfn:52f08
[   69.064424][ T5325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52f08
[   69.068071][ T5325] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   69.070909][ T5325] raw: 04fff00000000000 dead000000000040 ffff88801d5e9000 0000000000000000
[   69.074107][ T5325] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   69.077195][ T5325] page dumped because: page_pool leak
[   69.079138][ T5325] page_owner tracks the page as allocated
[   69.081201][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5325, tgid 5324 (syz.0.0), ts 68370477746, free_ts 0
[   69.087092][ T5325]  post_alloc_hook+0x1f4/0x240
[   69.088994][ T5325]  get_page_from_freelist+0x365c/0x37a0
[   69.091050][ T5325]  __alloc_frozen_pages_noprof+0x292/0x710
[   69.093271][ T5325]  alloc_pages_bulk_noprof+0x847/0xae0
[   69.095255][ T5325]  __page_pool_alloc_pages_slow+0x11f/0x690
[   69.097410][ T5325]  skb_pp_cow_data+0xcc8/0x1720
[   69.099196][ T5325]  do_xdp_generic+0x505/0xd30
[   69.100910][ T5325]  tun_get_user+0x2a4b/0x4860
[   69.102633][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   69.104546][ T5325]  vfs_write+0xacf/0xd10
[   69.106315][ T5325]  ksys_write+0x18f/0x2b0
[   69.108097][ T5325]  do_syscall_64+0xf3/0x230
[   69.109866][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.112210][ T5325] page_owner free stack trace missing
[   69.114330][ T5325] Modules linked in:
[   69.115915][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   69.115933][ T5325] Tainted: [B]=BAD_PAGE
[   69.115937][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.115945][ T5325] Call Trace:
[   69.115952][ T5325]  <TASK>
[   69.115959][ T5325]  dump_stack_lvl+0x241/0x360
[   69.115975][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.115986][ T5325]  ? __pfx_print_modules+0x10/0x10
[   69.116006][ T5325]  bad_page+0x176/0x1d0
[   69.116022][ T5325]  free_frozen_pages+0x1082/0x10e0
[   69.116039][ T5325]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   69.116060][ T5325]  bpf_xdp_adjust_tail+0x1c6/0x210
[   69.116075][ T5325]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   69.116085][ T5325]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   69.116108][ T5325]  do_xdp_generic+0x757/0xd30
[   69.116121][ T5325]  ? __pfx_do_xdp_generic+0x10/0x10
[   69.116134][ T5325]  ? __local_bh_disable_ip+0x179/0x220
[   69.116148][ T5325]  ? __pfx_eth_type_trans+0x10/0x10
[   69.116164][ T5325]  ? tun_get_user+0x2914/0x4860
[   69.116181][ T5325]  tun_get_user+0x2a4b/0x4860
[   69.116202][ T5325]  ? __lock_acquire+0x1397/0x2100
[   69.116218][ T5325]  ? __pfx_tun_get_user+0x10/0x10
[   69.116239][ T5325]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   69.116256][ T5325]  ? tun_get+0x1e/0x2f0
[   69.116271][ T5325]  ? __pfx_lock_release+0x10/0x10
[   69.116288][ T5325]  ? tun_get+0x1e/0x2f0
[   69.116304][ T5325]  ? tun_get+0x27d/0x2f0
[   69.116321][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   69.116337][ T5325]  vfs_write+0xacf/0xd10
[   69.116348][ T5325]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   69.116364][ T5325]  ? __pfx_vfs_write+0x10/0x10
[   69.116376][ T5325]  ? __fget_files+0x2a/0x420
[   69.116392][ T5325]  ? __fget_files+0x2a/0x420
[   69.116407][ T5325]  ksys_write+0x18f/0x2b0
[   69.116418][ T5325]  ? __pfx_ksys_write+0x10/0x10
[   69.116430][ T5325]  ? exc_page_fault+0x590/0x8b0
[   69.116445][ T5325]  ? do_syscall_64+0xb6/0x230
[   69.116459][ T5325]  do_syscall_64+0xf3/0x230
[   69.116473][ T5325]  ? clear_bhb_loop+0x35/0x90
[   69.116489][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.116506][ T5325] RIP: 0033:0x7f6df9b8bc1f
[   69.116517][ T5325] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   69.116526][ T5325] RSP: 002b:00007f6dfaab6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   69.116538][ T5325] RAX: ffffffffffffffda RBX: 00007f6df9da5fa0 RCX: 00007f6df9b8bc1f
[   69.116545][ T5325] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   69.116552][ T5325] RBP: 00007f6df9c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.116559][ T5325] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   69.116566][ T5325] R13: 0000000000000000 R14: 00007f6df9da5fa0 R15: 00007ffeaa968ba8
[   69.116577][ T5325]  </TASK>
[   69.116587][ T5325] BUG: Bad page state in process syz.0.0  pfn:52f07
[   69.231102][ T5325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52f07
[   69.234645][ T5325] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   69.237535][ T5325] raw: 04fff00000000000 dead000000000040 ffff88801d5e9000 0000000000000000
[   69.240982][ T5325] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   69.244316][ T5325] page dumped because: page_pool leak
[   69.246427][ T5325] page_owner tracks the page as allocated
[   69.248658][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5325, tgid 5324 (syz.0.0), ts 68370471106, free_ts 0
[   69.254657][ T5325]  post_alloc_hook+0x1f4/0x240
[   69.256638][ T5325]  get_page_from_freelist+0x365c/0x37a0
[   69.258837][ T5325]  __alloc_frozen_pages_noprof+0x292/0x710
[   69.261109][ T5325]  alloc_pages_bulk_noprof+0x847/0xae0
[   69.263291][ T5325]  __page_pool_alloc_pages_slow+0x11f/0x690
[   69.265580][ T5325]  skb_pp_cow_data+0xcc8/0x1720
[   69.267525][ T5325]  do_xdp_generic+0x505/0xd30
[   69.269338][ T5325]  tun_get_user+0x2a4b/0x4860
[   69.271238][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   69.273295][ T5325]  vfs_write+0xacf/0xd10
[   69.275023][ T5325]  ksys_write+0x18f/0x2b0
[   69.276758][ T5325]  do_syscall_64+0xf3/0x230
[   69.278625][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.281087][ T5325] page_owner free stack trace missing
[   69.283353][ T5325] Modules linked in:
[   69.284963][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   69.284982][ T5325] Tainted: [B]=BAD_PAGE
[   69.284993][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.285001][ T5325] Call Trace:
[   69.285061][ T5325]  <TASK>
[   69.285092][ T5325]  dump_stack_lvl+0x241/0x360
[   69.285110][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.285123][ T5325]  ? __pfx_print_modules+0x10/0x10
[   69.285145][ T5325]  bad_page+0x176/0x1d0
[   69.285160][ T5325]  free_frozen_pages+0x1082/0x10e0
[   69.285181][ T5325]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   69.285224][ T5325]  bpf_xdp_adjust_tail+0x1c6/0x210
[   69.285240][ T5325]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   69.285251][ T5325]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   69.285278][ T5325]  do_xdp_generic+0x757/0xd30
[   69.285290][ T5325]  ? __pfx_do_xdp_generic+0x10/0x10
[   69.285303][ T5325]  ? __local_bh_disable_ip+0x179/0x220
[   69.285318][ T5325]  ? __pfx_eth_type_trans+0x10/0x10
[   69.285333][ T5325]  ? tun_get_user+0x2914/0x4860
[   69.285350][ T5325]  tun_get_user+0x2a4b/0x4860
[   69.285382][ T5325]  ? __lock_acquire+0x1397/0x2100
[   69.285401][ T5325]  ? __pfx_tun_get_user+0x10/0x10
[   69.285423][ T5325]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   69.285438][ T5325]  ? tun_get+0x1e/0x2f0
[   69.285454][ T5325]  ? __pfx_lock_release+0x10/0x10
[   69.285473][ T5325]  ? tun_get+0x1e/0x2f0
[   69.285487][ T5325]  ? tun_get+0x27d/0x2f0
[   69.285503][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   69.285521][ T5325]  vfs_write+0xacf/0xd10
[   69.285534][ T5325]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   69.285549][ T5325]  ? __pfx_vfs_write+0x10/0x10
[   69.285560][ T5325]  ? __fget_files+0x2a/0x420
[   69.285576][ T5325]  ? __fget_files+0x2a/0x420
[   69.285591][ T5325]  ksys_write+0x18f/0x2b0
[   69.285603][ T5325]  ? __pfx_ksys_write+0x10/0x10
[   69.285615][ T5325]  ? exc_page_fault+0x590/0x8b0
[   69.285629][ T5325]  ? do_syscall_64+0xb6/0x230
[   69.285642][ T5325]  do_syscall_64+0xf3/0x230
[   69.285657][ T5325]  ? clear_bhb_loop+0x35/0x90
[   69.285682][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.285697][ T5325] RIP: 0033:0x7f6df9b8bc1f
[   69.285715][ T5325] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   69.285726][ T5325] RSP: 002b:00007f6dfaab6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   69.285738][ T5325] RAX: ffffffffffffffda RBX: 00007f6df9da5fa0 RCX: 00007f6df9b8bc1f
[   69.285746][ T5325] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   69.285753][ T5325] RBP: 00007f6df9c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.285761][ T5325] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   69.285769][ T5325] R13: 0000000000000000 R14: 00007f6df9da5fa0 R15: 00007ffeaa968ba8
[   69.285780][ T5325]  </TASK>
[   69.285822][ T5325] BUG: Bad page state in process syz.0.0  pfn:52f06
[   69.398025][ T5325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52f06
[   69.401213][ T5325] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   69.403952][ T5325] raw: 04fff00000000000 dead000000000040 ffff88801d5e9000 0000000000000000
[   69.407233][ T5325] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   69.410652][ T5325] page dumped because: page_pool leak
[   69.412902][ T5325] page_owner tracks the page as allocated
[   69.415200][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5325, tgid 5324 (syz.0.0), ts 68370464130, free_ts 0
[   69.421404][ T5325]  post_alloc_hook+0x1f4/0x240
[   69.423420][ T5325]  get_page_from_freelist+0x365c/0x37a0
[   69.425639][ T5325]  __alloc_frozen_pages_noprof+0x292/0x710
[   69.427978][ T5325]  alloc_pages_bulk_noprof+0x847/0xae0
[   69.430085][ T5325]  __page_pool_alloc_pages_slow+0x11f/0x690
[   69.432377][ T5325]  skb_pp_cow_data+0xcc8/0x1720
[   69.434399][ T5325]  do_xdp_generic+0x505/0xd30
[   69.436284][ T5325]  tun_get_user+0x2a4b/0x4860
[   69.438201][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   69.440269][ T5325]  vfs_write+0xacf/0xd10
[   69.441973][ T5325]  ksys_write+0x18f/0x2b0
[   69.443776][ T5325]  do_syscall_64+0xf3/0x230
[   69.445621][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.447982][ T5325] page_owner free stack trace missing
[   69.450134][ T5325] Modules linked in:
[   69.451659][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   69.451683][ T5325] Tainted: [B]=BAD_PAGE
[   69.451688][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.451694][ T5325] Call Trace:
[   69.451702][ T5325]  <TASK>
[   69.451713][ T5325]  dump_stack_lvl+0x241/0x360
[   69.451729][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.451741][ T5325]  ? __pfx_print_modules+0x10/0x10
[   69.451760][ T5325]  bad_page+0x176/0x1d0
[   69.451775][ T5325]  free_frozen_pages+0x1082/0x10e0
[   69.451793][ T5325]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   69.451813][ T5325]  bpf_xdp_adjust_tail+0x1c6/0x210
[   69.451828][ T5325]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   69.451840][ T5325]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   69.451864][ T5325]  do_xdp_generic+0x757/0xd30
[   69.451877][ T5325]  ? __pfx_do_xdp_generic+0x10/0x10
[   69.451890][ T5325]  ? __local_bh_disable_ip+0x179/0x220
[   69.451905][ T5325]  ? __pfx_eth_type_trans+0x10/0x10
[   69.451920][ T5325]  ? tun_get_user+0x2914/0x4860
[   69.451937][ T5325]  tun_get_user+0x2a4b/0x4860
[   69.451955][ T5325]  ? __lock_acquire+0x1397/0x2100
[   69.451973][ T5325]  ? __pfx_tun_get_user+0x10/0x10
[   69.451993][ T5325]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   69.452007][ T5325]  ? tun_get+0x1e/0x2f0
[   69.452023][ T5325]  ? __pfx_lock_release+0x10/0x10
[   69.452042][ T5325]  ? tun_get+0x1e/0x2f0
[   69.452056][ T5325]  ? tun_get+0x27d/0x2f0
[   69.452071][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   69.452088][ T5325]  vfs_write+0xacf/0xd10
[   69.452100][ T5325]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   69.452115][ T5325]  ? __pfx_vfs_write+0x10/0x10
[   69.452126][ T5325]  ? __fget_files+0x2a/0x420
[   69.452143][ T5325]  ? __fget_files+0x2a/0x420
[   69.452159][ T5325]  ksys_write+0x18f/0x2b0
[   69.452170][ T5325]  ? __pfx_ksys_write+0x10/0x10
[   69.452181][ T5325]  ? exc_page_fault+0x590/0x8b0
[   69.452196][ T5325]  ? do_syscall_64+0xb6/0x230
[   69.452210][ T5325]  do_syscall_64+0xf3/0x230
[   69.452223][ T5325]  ? clear_bhb_loop+0x35/0x90
[   69.452241][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.452257][ T5325] RIP: 0033:0x7f6df9b8bc1f
[   69.452268][ T5325] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   69.452278][ T5325] RSP: 002b:00007f6dfaab6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   69.452291][ T5325] RAX: ffffffffffffffda RBX: 00007f6df9da5fa0 RCX: 00007f6df9b8bc1f
[   69.452300][ T5325] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   69.452307][ T5325] RBP: 00007f6df9c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.452314][ T5325] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   69.452320][ T5325] R13: 0000000000000000 R14: 00007f6df9da5fa0 R15: 00007ffeaa968ba8
[   69.452332][ T5325]  </TASK>
[   69.452340][ T5325] BUG: Bad page state in process syz.0.0  pfn:52f05
[   69.566698][ T5325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52f05
[   69.570150][ T5325] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   69.573522][ T5325] raw: 04fff00000000000 dead000000000040 ffff88801d5e9000 0000000000000000
[   69.576635][ T5325] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   69.579674][ T5325] page dumped because: page_pool leak
[   69.582382][ T5325] page_owner tracks the page as allocated
[   69.584774][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5325, tgid 5324 (syz.0.0), ts 68370456895, free_ts 0
[   69.590891][ T5325]  post_alloc_hook+0x1f4/0x240
[   69.592668][ T5325]  get_page_from_freelist+0x365c/0x37a0
[   69.594729][ T5325]  __alloc_frozen_pages_noprof+0x292/0x710
[   69.596738][ T5325]  alloc_pages_bulk_noprof+0x847/0xae0
[   69.598736][ T5325]  __page_pool_alloc_pages_slow+0x11f/0x690
[   69.600988][ T5325]  skb_pp_cow_data+0xcc8/0x1720
[   69.602972][ T5325]  do_xdp_generic+0x505/0xd30
[   69.604907][ T5325]  tun_get_user+0x2a4b/0x4860
[   69.606844][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   69.608897][ T5325]  vfs_write+0xacf/0xd10
[   69.610600][ T5325]  ksys_write+0x18f/0x2b0
[   69.612354][ T5325]  do_syscall_64+0xf3/0x230
[   69.614248][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.616561][ T5325] page_owner free stack trace missing
[   69.618700][ T5325] Modules linked in:
[   69.620331][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   69.620351][ T5325] Tainted: [B]=BAD_PAGE
[   69.620362][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.620370][ T5325] Call Trace:
[   69.620401][ T5325]  <TASK>
[   69.620413][ T5325]  dump_stack_lvl+0x241/0x360
[   69.620430][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.620443][ T5325]  ? __pfx_print_modules+0x10/0x10
[   69.620463][ T5325]  bad_page+0x176/0x1d0
[   69.620477][ T5325]  free_frozen_pages+0x1082/0x10e0
[   69.620497][ T5325]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   69.620538][ T5325]  bpf_xdp_adjust_tail+0x1c6/0x210
[   69.620554][ T5325]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   69.620566][ T5325]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   69.620592][ T5325]  do_xdp_generic+0x757/0xd30
[   69.620606][ T5325]  ? __pfx_do_xdp_generic+0x10/0x10
[   69.620619][ T5325]  ? __local_bh_disable_ip+0x179/0x220
[   69.620634][ T5325]  ? __pfx_eth_type_trans+0x10/0x10
[   69.620648][ T5325]  ? tun_get_user+0x2914/0x4860
[   69.620674][ T5325]  tun_get_user+0x2a4b/0x4860
[   69.620706][ T5325]  ? __lock_acquire+0x1397/0x2100
[   69.620726][ T5325]  ? __pfx_tun_get_user+0x10/0x10
[   69.620750][ T5325]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   69.620768][ T5325]  ? tun_get+0x1e/0x2f0
[   69.620785][ T5325]  ? __pfx_lock_release+0x10/0x10
[   69.620805][ T5325]  ? tun_get+0x1e/0x2f0
[   69.620820][ T5325]  ? tun_get+0x27d/0x2f0
[   69.620836][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   69.620853][ T5325]  vfs_write+0xacf/0xd10
[   69.620865][ T5325]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   69.620881][ T5325]  ? __pfx_vfs_write+0x10/0x10
[   69.620893][ T5325]  ? __fget_files+0x2a/0x420
[   69.620908][ T5325]  ? __fget_files+0x2a/0x420
[   69.620923][ T5325]  ksys_write+0x18f/0x2b0
[   69.620934][ T5325]  ? __pfx_ksys_write+0x10/0x10
[   69.620945][ T5325]  ? exc_page_fault+0x590/0x8b0
[   69.620960][ T5325]  ? do_syscall_64+0xb6/0x230
[   69.620973][ T5325]  do_syscall_64+0xf3/0x230
[   69.620988][ T5325]  ? clear_bhb_loop+0x35/0x90
[   69.621007][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.621026][ T5325] RIP: 0033:0x7f6df9b8bc1f
[   69.621074][ T5325] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   69.621085][ T5325] RSP: 002b:00007f6dfaab6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   69.621100][ T5325] RAX: ffffffffffffffda RBX: 00007f6df9da5fa0 RCX: 00007f6df9b8bc1f
[   69.621109][ T5325] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   69.621117][ T5325] RBP: 00007f6df9c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.621125][ T5325] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   69.621133][ T5325] R13: 0000000000000000 R14: 00007f6df9da5fa0 R15: 00007ffeaa968ba8
[   69.621147][ T5325]  </TASK>
[   69.621167][ T5325] BUG: Bad page state in process syz.0.0  pfn:52f04
[   69.733291][ T5325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52f04
[   69.736743][ T5325] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   69.739632][ T5325] raw: 04fff00000000000 dead000000000040 ffff88801d5e9000 0000000000000000
[   69.743089][ T5325] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   69.746494][ T5325] page dumped because: page_pool leak
[   69.748667][ T5325] page_owner tracks the page as allocated
[   69.751000][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5325, tgid 5324 (syz.0.0), ts 68370448979, free_ts 0
[   69.757364][ T5325]  post_alloc_hook+0x1f4/0x240
[   69.759358][ T5325]  get_page_from_freelist+0x365c/0x37a0
[   69.761614][ T5325]  __alloc_frozen_pages_noprof+0x292/0x710
[   69.764085][ T5325]  alloc_pages_bulk_noprof+0x847/0xae0
[   69.766404][ T5325]  __page_pool_alloc_pages_slow+0x11f/0x690
[   69.768855][ T5325]  skb_pp_cow_data+0xcc8/0x1720
[   69.770865][ T5325]  do_xdp_generic+0x505/0xd30
[   69.772892][ T5325]  tun_get_user+0x2a4b/0x4860
[   69.774834][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   69.776868][ T5325]  vfs_write+0xacf/0xd10
[   69.778600][ T5325]  ksys_write+0x18f/0x2b0
[   69.780370][ T5325]  do_syscall_64+0xf3/0x230
[   69.782214][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.784616][ T5325] page_owner free stack trace missing
[   69.786853][ T5325] Modules linked in:
[   69.788494][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   69.788512][ T5325] Tainted: [B]=BAD_PAGE
[   69.788516][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.788524][ T5325] Call Trace:
[   69.788531][ T5325]  <TASK>
[   69.788537][ T5325]  dump_stack_lvl+0x241/0x360
[   69.788553][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.788565][ T5325]  ? __pfx_print_modules+0x10/0x10
[   69.788584][ T5325]  bad_page+0x176/0x1d0
[   69.788599][ T5325]  free_frozen_pages+0x1082/0x10e0
[   69.788618][ T5325]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   69.788639][ T5325]  bpf_xdp_adjust_tail+0x1c6/0x210
[   69.788653][ T5325]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   69.788664][ T5325]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   69.788689][ T5325]  do_xdp_generic+0x757/0xd30
[   69.788701][ T5325]  ? __pfx_do_xdp_generic+0x10/0x10
[   69.788715][ T5325]  ? __local_bh_disable_ip+0x179/0x220
[   69.788730][ T5325]  ? __pfx_eth_type_trans+0x10/0x10
[   69.788743][ T5325]  ? tun_get_user+0x2914/0x4860
[   69.788761][ T5325]  tun_get_user+0x2a4b/0x4860
[   69.788781][ T5325]  ? __lock_acquire+0x1397/0x2100
[   69.788798][ T5325]  ? __pfx_tun_get_user+0x10/0x10
[   69.788819][ T5325]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   69.788836][ T5325]  ? tun_get+0x1e/0x2f0
[   69.788850][ T5325]  ? __pfx_lock_release+0x10/0x10
[   69.788875][ T5325]  ? tun_get+0x1e/0x2f0
[   69.788890][ T5325]  ? tun_get+0x27d/0x2f0
[   69.788905][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   69.788923][ T5325]  vfs_write+0xacf/0xd10
[   69.788936][ T5325]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   69.788953][ T5325]  ? __pfx_vfs_write+0x10/0x10
[   69.788965][ T5325]  ? __fget_files+0x2a/0x420
[   69.788982][ T5325]  ? __fget_files+0x2a/0x420
[   69.788999][ T5325]  ksys_write+0x18f/0x2b0
[   69.789011][ T5325]  ? __pfx_ksys_write+0x10/0x10
[   69.789023][ T5325]  ? exc_page_fault+0x590/0x8b0
[   69.789039][ T5325]  ? do_syscall_64+0xb6/0x230
[   69.789054][ T5325]  do_syscall_64+0xf3/0x230
[   69.789069][ T5325]  ? clear_bhb_loop+0x35/0x90
[   69.789086][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.789100][ T5325] RIP: 0033:0x7f6df9b8bc1f
[   69.789112][ T5325] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   69.789122][ T5325] RSP: 002b:00007f6dfaab6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   69.789134][ T5325] RAX: ffffffffffffffda RBX: 00007f6df9da5fa0 RCX: 00007f6df9b8bc1f
[   69.789142][ T5325] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   69.789149][ T5325] RBP: 00007f6df9c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.789157][ T5325] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   69.789163][ T5325] R13: 0000000000000000 R14: 00007f6df9da5fa0 R15: 00007ffeaa968ba8
[   69.789175][ T5325]  </TASK>
[   69.789184][ T5325] BUG: Bad page state in process syz.0.0  pfn:45c4b
[   69.904584][ T5325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x45c4b
[   69.908180][ T5325] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   69.910946][ T5325] raw: 04fff00000000000 dead000000000040 ffff88801d5e9000 0000000000000000
[   69.914227][ T5325] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   69.917563][ T5325] page dumped because: page_pool leak
[   69.919703][ T5325] page_owner tracks the page as allocated
[   69.921867][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5325, tgid 5324 (syz.0.0), ts 68370441761, free_ts 66823904665
[   69.927993][ T5325]  post_alloc_hook+0x1f4/0x240
[   69.929845][ T5325]  get_page_from_freelist+0x365c/0x37a0
[   69.931941][ T5325]  __alloc_frozen_pages_noprof+0x292/0x710
[   69.934010][ T5325]  alloc_pages_bulk_noprof+0x847/0xae0
[   69.936069][ T5325]  __page_pool_alloc_pages_slow+0x11f/0x690
[   69.938399][ T5325]  skb_pp_cow_data+0xcc8/0x1720
[   69.940326][ T5325]  do_xdp_generic+0x505/0xd30
[   69.942135][ T5325]  tun_get_user+0x2a4b/0x4860
[   69.944069][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   69.946040][ T5325]  vfs_write+0xacf/0xd10
[   69.947707][ T5325]  ksys_write+0x18f/0x2b0
[   69.949390][ T5325]  do_syscall_64+0xf3/0x230
[   69.951126][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.953458][ T5325] page last free pid 5307 tgid 5307 stack trace:
[   69.955706][ T5325]  free_frozen_pages+0xe0d/0x10e0
[   69.957484][ T5325]  stack_depot_save_flags+0x7c6/0x940
[   69.959358][ T5325]  kasan_save_track+0x51/0x80
[   69.961026][ T5325]  kasan_save_free_info+0x40/0x50
[   69.962964][ T5325]  __kasan_slab_free+0x59/0x70
[   69.964774][ T5325]  kmem_cache_free+0x195/0x410
[   69.966605][ T5325]  alloc_vmap_area+0x1629/0x2400
[   69.968621][ T5325]  __get_vm_area_node+0x1c8/0x2d0
[   69.970577][ T5325]  __vmalloc_node_range_noprof+0x344/0x1380
[   69.972947][ T5325]  vzalloc_noprof+0x79/0x90
[   69.974728][ T5325]  alloc_counters+0xd7/0x770
[   69.976553][ T5325]  do_ip6t_get_ctl+0xf1c/0x18d0
[   69.978434][ T5325]  nf_getsockopt+0x299/0x2c0
[   69.980238][ T5325]  ipv6_getsockopt+0x23e/0x360
[   69.982078][ T5325]  tcp_getsockopt+0x163/0x1c0
[   69.983995][ T5325]  do_sock_getsockopt+0x38e/0x740
[   69.985947][ T5325] Modules linked in:
[   69.987491][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   69.987508][ T5325] Tainted: [B]=BAD_PAGE
[   69.987511][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.987518][ T5325] Call Trace:
[   69.987524][ T5325]  <TASK>
[   69.987530][ T5325]  dump_stack_lvl+0x241/0x360
[   69.987544][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.987554][ T5325]  ? __pfx_print_modules+0x10/0x10
[   69.987572][ T5325]  bad_page+0x176/0x1d0
[   69.987584][ T5325]  free_frozen_pages+0x1082/0x10e0
[   69.987606][ T5325]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   69.987625][ T5325]  bpf_xdp_adjust_tail+0x1c6/0x210
[   69.987639][ T5325]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   69.987649][ T5325]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   69.987672][ T5325]  do_xdp_generic+0x757/0xd30
[   69.987684][ T5325]  ? __pfx_do_xdp_generic+0x10/0x10
[   69.987695][ T5325]  ? __local_bh_disable_ip+0x179/0x220
[   69.987710][ T5325]  ? __pfx_eth_type_trans+0x10/0x10
[   69.987724][ T5325]  ? tun_get_user+0x2914/0x4860
[   69.987740][ T5325]  tun_get_user+0x2a4b/0x4860
[   69.987759][ T5325]  ? __lock_acquire+0x1397/0x2100
[   69.987776][ T5325]  ? __pfx_tun_get_user+0x10/0x10
[   69.987795][ T5325]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   69.987809][ T5325]  ? tun_get+0x1e/0x2f0
[   69.987823][ T5325]  ? __pfx_lock_release+0x10/0x10
[   69.987841][ T5325]  ? tun_get+0x1e/0x2f0
[   69.987861][ T5325]  ? tun_get+0x27d/0x2f0
[   69.987876][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   69.987892][ T5325]  vfs_write+0xacf/0xd10
[   69.987904][ T5325]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   69.987919][ T5325]  ? __pfx_vfs_write+0x10/0x10
[   69.987930][ T5325]  ? __fget_files+0x2a/0x420
[   69.987945][ T5325]  ? __fget_files+0x2a/0x420
[   69.987960][ T5325]  ksys_write+0x18f/0x2b0
[   69.987971][ T5325]  ? __pfx_ksys_write+0x10/0x10
[   69.987981][ T5325]  ? exc_page_fault+0x590/0x8b0
[   69.987995][ T5325]  ? do_syscall_64+0xb6/0x230
[   69.988009][ T5325]  do_syscall_64+0xf3/0x230
[   69.988022][ T5325]  ? clear_bhb_loop+0x35/0x90
[   69.988037][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.988052][ T5325] RIP: 0033:0x7f6df9b8bc1f
[   69.988061][ T5325] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   69.988070][ T5325] RSP: 002b:00007f6dfaab6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   69.988081][ T5325] RAX: ffffffffffffffda RBX: 00007f6df9da5fa0 RCX: 00007f6df9b8bc1f
[   69.988089][ T5325] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   69.988096][ T5325] RBP: 00007f6df9c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.988102][ T5325] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   69.988108][ T5325] R13: 0000000000000000 R14: 00007f6df9da5fa0 R15: 00007ffeaa968ba8
[   69.988119][ T5325]  </TASK>
[   69.988128][ T5325] BUG: Bad page state in process syz.0.0  pfn:45c4a
[   70.100925][ T5325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x45c4a
[   70.104291][ T5325] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   70.107206][ T5325] raw: 04fff00000000000 dead000000000040 ffff88801d5e9000 0000000000000000
[   70.110575][ T5325] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[   70.114111][ T5325] page dumped because: page_pool leak
[   70.116362][ T5325] page_owner tracks the page as allocated
[   70.118620][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5325, tgid 5324 (syz.0.0), ts 68370433959, free_ts 66823904665
[   70.125148][ T5325]  post_alloc_hook+0x1f4/0x240
[   70.127034][ T5325]  get_page_from_freelist+0x365c/0x37a0
[   70.129138][ T5325]  __alloc_frozen_pages_noprof+0x292/0x710
[   70.131439][ T5325]  alloc_pages_bulk_noprof+0x847/0xae0
[   70.133640][ T5325]  __page_pool_alloc_pages_slow+0x11f/0x690
[   70.135946][ T5325]  skb_pp_cow_data+0xcc8/0x1720
[   70.137752][ T5325]  do_xdp_generic+0x505/0xd30
[   70.139428][ T5325]  tun_get_user+0x2a4b/0x4860
[   70.141154][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   70.143092][ T5325]  vfs_write+0xacf/0xd10
[   70.144654][ T5325]  ksys_write+0x18f/0x2b0
[   70.146252][ T5325]  do_syscall_64+0xf3/0x230
[   70.147889][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.150098][ T5325] page last free pid 5307 tgid 5307 stack trace:
[   70.152429][ T5325]  free_frozen_pages+0xe0d/0x10e0
[   70.154337][ T5325]  stack_depot_save_flags+0x7c6/0x940
[   70.156165][ T5325]  kasan_save_track+0x51/0x80
[   70.157980][ T5325]  kasan_save_free_info+0x40/0x50
[   70.160009][ T5325]  __kasan_slab_free+0x59/0x70
[   70.162050][ T5325]  kmem_cache_free+0x195/0x410
[   70.164110][ T5325]  alloc_vmap_area+0x1629/0x2400
[   70.166097][ T5325]  __get_vm_area_node+0x1c8/0x2d0
[   70.168115][ T5325]  __vmalloc_node_range_noprof+0x344/0x1380
[   70.170513][ T5325]  vzalloc_noprof+0x79/0x90
[   70.172346][ T5325]  alloc_counters+0xd7/0x770
[   70.174263][ T5325]  do_ip6t_get_ctl+0xf1c/0x18d0
[   70.176285][ T5325]  nf_getsockopt+0x299/0x2c0
[   70.178144][ T5325]  ipv6_getsockopt+0x23e/0x360
[   70.180021][ T5325]  tcp_getsockopt+0x163/0x1c0
[   70.181833][ T5325]  do_sock_getsockopt+0x38e/0x740
[   70.183935][ T5325] Modules linked in:
[   70.185569][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   70.185587][ T5325] Tainted: [B]=BAD_PAGE
[   70.185599][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.185606][ T5325] Call Trace:
[   70.185638][ T5325]  <TASK>
[   70.185650][ T5325]  dump_stack_lvl+0x241/0x360
[   70.185665][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.185676][ T5325]  ? __pfx_print_modules+0x10/0x10
[   70.185694][ T5325]  bad_page+0x176/0x1d0
[   70.185708][ T5325]  free_frozen_pages+0x1082/0x10e0
[   70.185726][ T5325]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   70.185767][ T5325]  bpf_xdp_adjust_tail+0x1c6/0x210
[   70.185781][ T5325]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   70.185790][ T5325]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   70.185815][ T5325]  do_xdp_generic+0x757/0xd30
[   70.185826][ T5325]  ? __pfx_do_xdp_generic+0x10/0x10
[   70.185842][ T5325]  ? __local_bh_disable_ip+0x179/0x220
[   70.185855][ T5325]  ? __pfx_eth_type_trans+0x10/0x10
[   70.185868][ T5325]  ? tun_get_user+0x2914/0x4860
[   70.185885][ T5325]  tun_get_user+0x2a4b/0x4860
[   70.185914][ T5325]  ? __lock_acquire+0x1397/0x2100
[   70.185931][ T5325]  ? __pfx_tun_get_user+0x10/0x10
[   70.185949][ T5325]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   70.185975][ T5325]  ? tun_get+0x1e/0x2f0
[   70.185990][ T5325]  ? __pfx_lock_release+0x10/0x10
[   70.186007][ T5325]  ? tun_get+0x1e/0x2f0
[   70.186021][ T5325]  ? tun_get+0x27d/0x2f0
[   70.186035][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   70.186051][ T5325]  vfs_write+0xacf/0xd10
[   70.186063][ T5325]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   70.186078][ T5325]  ? __pfx_vfs_write+0x10/0x10
[   70.186093][ T5325]  ? __fget_files+0x2a/0x420
[   70.186108][ T5325]  ? __fget_files+0x2a/0x420
[   70.186128][ T5325]  ksys_write+0x18f/0x2b0
[   70.186138][ T5325]  ? __pfx_ksys_write+0x10/0x10
[   70.186148][ T5325]  ? exc_page_fault+0x590/0x8b0
[   70.186161][ T5325]  ? do_syscall_64+0xb6/0x230
[   70.186175][ T5325]  do_syscall_64+0xf3/0x230
[   70.186189][ T5325]  ? clear_bhb_loop+0x35/0x90
[   70.186205][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.186219][ T5325] RIP: 0033:0x7f6df9b8bc1f
[   70.186302][ T5325] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   70.186313][ T5325] RSP: 002b:00007f6dfaab6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   70.186325][ T5325] RAX: ffffffffffffffda RBX: 00007f6df9da5fa0 RCX: 00007f6df9b8bc1f
[   70.186333][ T5325] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   70.186340][ T5325] RBP: 00007f6df9c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   70.186346][ T5325] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   70.186352][ T5325] R13: 0000000000000000 R14: 00007f6df9da5fa0 R15: 00007ffeaa968ba8
[   70.186362][ T5325]  </TASK>
[   70.186384][ T5325] BUG: Bad page state in process syz.0.0  pfn:40bdb
[   70.298093][ T5325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888040bdb3e0 pfn:0x40bdb
[   70.302070][ T5325] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   70.304940][ T5325] raw: 04fff00000000000 dead000000000040 ffff88801d5e9000 0000000000000000
[   70.308260][ T5325] raw: ffff888040bdb3e0 0000000000000001 00000000ffffffff 0000000000000000
[   70.311758][ T5325] page dumped because: page_pool leak
[   70.313995][ T5325] page_owner tracks the page as allocated
[   70.316277][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5325, tgid 5324 (syz.0.0), ts 68370426513, free_ts 66502789670
[   70.322904][ T5325]  post_alloc_hook+0x1f4/0x240
[   70.325023][ T5325]  get_page_from_freelist+0x365c/0x37a0
[   70.327560][ T5325]  __alloc_frozen_pages_noprof+0x292/0x710
[   70.330197][ T5325]  alloc_pages_bulk_noprof+0x847/0xae0
[   70.332437][ T5325]  __page_pool_alloc_pages_slow+0x11f/0x690
[   70.334893][ T5325]  skb_pp_cow_data+0xcc8/0x1720
[   70.336769][ T5325]  do_xdp_generic+0x505/0xd30
[   70.338562][ T5325]  tun_get_user+0x2a4b/0x4860
[   70.340423][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   70.342412][ T5325]  vfs_write+0xacf/0xd10
[   70.344246][ T5325]  ksys_write+0x18f/0x2b0
[   70.346078][ T5325]  do_syscall_64+0xf3/0x230
[   70.347994][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.350384][ T5325] page last free pid 5307 tgid 5307 stack trace:
[   70.353000][ T5325]  free_frozen_pages+0xe0d/0x10e0
[   70.355063][ T5325]  __put_partials+0x160/0x1c0
[   70.357027][ T5325]  put_cpu_partial+0x17c/0x250
[   70.358948][ T5325]  __slab_free+0x290/0x380
[   70.360748][ T5325]  qlist_free_all+0x9a/0x140
[   70.362636][ T5325]  kasan_quarantine_reduce+0x14f/0x170
[   70.364962][ T5325]  __kasan_slab_alloc+0x23/0x80
[   70.367030][ T5325]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   70.369337][ T5325]  __alloc_skb+0x1c3/0x440
[   70.371115][ T5325]  netlink_sendmsg+0x623/0xca0
[   70.373043][ T5325]  __sock_sendmsg+0x221/0x270
[   70.374951][ T5325]  __sys_sendto+0x363/0x4c0
[   70.376764][ T5325]  __x64_sys_sendto+0xde/0x100
[   70.378682][ T5325]  do_syscall_64+0xf3/0x230
[   70.380580][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.383119][ T5325] Modules linked in:
[   70.384805][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   70.384822][ T5325] Tainted: [B]=BAD_PAGE
[   70.384826][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.384833][ T5325] Call Trace:
[   70.384839][ T5325]  <TASK>
[   70.384844][ T5325]  dump_stack_lvl+0x241/0x360
[   70.384858][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.384867][ T5325]  ? __pfx_print_modules+0x10/0x10
[   70.384884][ T5325]  bad_page+0x176/0x1d0
[   70.384897][ T5325]  free_frozen_pages+0x1082/0x10e0
[   70.384914][ T5325]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   70.384932][ T5325]  bpf_xdp_adjust_tail+0x1c6/0x210
[   70.384947][ T5325]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   70.384963][ T5325]  bpf_prog_run_generic_xdp+0x12af/0x1510
[   70.384985][ T5325]  do_xdp_generic+0x757/0xd30
[   70.384997][ T5325]  ? __pfx_do_xdp_generic+0x10/0x10
[   70.385009][ T5325]  ? __local_bh_disable_ip+0x179/0x220
[   70.385023][ T5325]  ? __pfx_eth_type_trans+0x10/0x10
[   70.385036][ T5325]  ? tun_get_user+0x2914/0x4860
[   70.385053][ T5325]  tun_get_user+0x2a4b/0x4860
[   70.385071][ T5325]  ? __lock_acquire+0x1397/0x2100
[   70.385089][ T5325]  ? __pfx_tun_get_user+0x10/0x10
[   70.385109][ T5325]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   70.385123][ T5325]  ? tun_get+0x1e/0x2f0
[   70.385137][ T5325]  ? __pfx_lock_release+0x10/0x10
[   70.385154][ T5325]  ? tun_get+0x1e/0x2f0
[   70.385168][ T5325]  ? tun_get+0x27d/0x2f0
[   70.385183][ T5325]  tun_chr_write_iter+0x10d/0x1f0
[   70.385199][ T5325]  vfs_write+0xacf/0xd10
[   70.385211][ T5325]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   70.385225][ T5325]  ? __pfx_vfs_write+0x10/0x10
[   70.385236][ T5325]  ? __fget_files+0x2a/0x420
[   70.385251][ T5325]  ? __fget_files+0x2a/0x420
[   70.385266][ T5325]  ksys_write+0x18f/0x2b0
[   70.385278][ T5325]  ? __pfx_ksys_write+0x10/0x10
[   70.385288][ T5325]  ? exc_page_fault+0x590/0x8b0
[   70.385301][ T5325]  ? do_syscall_64+0xb6/0x230
[   70.385315][ T5325]  do_syscall_64+0xf3/0x230
[   70.385329][ T5325]  ? clear_bhb_loop+0x35/0x90
[   70.385344][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.385359][ T5325] RIP: 0033:0x7f6df9b8bc1f
[   70.385369][ T5325] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   70.385378][ T5325] RSP: 002b:00007f6dfaab6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   70.385389][ T5325] RAX: ffffffffffffffda RBX: 00007f6df9da5fa0 RCX: 00007f6df9b8bc1f
[   70.385396][ T5325] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   70.385403][ T5325] RBP: 00007f6df9c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   70.385409][ T5325] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   70.385416][ T5325] R13: 0000000000000000 R14: 00007f6df9da5fa0 R15: 00007ffeaa968ba8
[   70.385426][ T5325]  </TASK>
[   70.523285][ T5310] Bluetooth: hci0: command tx timeout