BUG: memory leak
unreferenced object 0xffff8881189dc500 (size 224):
  comm "syz-executor.0", pid 6784, jiffies 4294955661 (age 9.240s)
  hex dump (first 32 bytes):
    00 c6 9d 18 81 88 ff ff a0 74 9b 13 81 88 ff ff  .........t......
    00 c0 45 13 81 88 ff ff 00 00 00 00 00 00 00 00  ..E.............
  backtrace:
    [<00000000d5184981>] __build_skb+0x1f/0x100 net/core/skbuff.c:311
    [<000000003e867734>] __napi_alloc_skb+0xe5/0x140 net/core/skbuff.c:523
    [<0000000076c845fd>] napi_alloc_skb include/linux/skbuff.h:2856 [inline]
    [<0000000076c845fd>] napi_get_frags net/core/dev.c:6053 [inline]
    [<0000000076c845fd>] napi_get_frags+0x3a/0x70 net/core/dev.c:6048
    [<00000000139a9d2e>] tun_napi_alloc_frags drivers/net/tun.c:1425 [inline]
    [<00000000139a9d2e>] tun_get_user+0xa43/0x1660 drivers/net/tun.c:1789
    [<00000000f7c75d13>] tun_chr_write_iter+0x66/0xa0 drivers/net/tun.c:1986
    [<000000005ca281be>] call_write_iter include/linux/fs.h:1882 [inline]
    [<000000005ca281be>] new_sync_write+0x173/0x210 fs/read_write.c:503
    [<00000000b58d783d>] __kernel_write+0x140/0x1f0 fs/read_write.c:530
    [<000000008f3907eb>] write_pipe_buf+0x61/0x80 fs/splice.c:799
    [<00000000203a18ab>] splice_from_pipe_feed fs/splice.c:502 [inline]
    [<00000000203a18ab>] __splice_from_pipe+0x154/0x290 fs/splice.c:626
    [<0000000009117d2e>] splice_from_pipe fs/splice.c:661 [inline]
    [<0000000009117d2e>] default_file_splice_write fs/splice.c:811 [inline]
    [<0000000009117d2e>] do_splice_from fs/splice.c:847 [inline]
    [<0000000009117d2e>] do_splice+0x772/0x8d0 fs/splice.c:1144
    [<000000009fb1c059>] __do_sys_splice fs/splice.c:1419 [inline]
    [<000000009fb1c059>] __se_sys_splice fs/splice.c:1401 [inline]
    [<000000009fb1c059>] __x64_sys_splice+0xaa/0x110 fs/splice.c:1401
    [<0000000028c36b09>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000005fc33dd>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff8881189dc600 (size 224):
  comm "syz-executor.0", pid 6784, jiffies 4294955661 (age 9.240s)
  hex dump (first 32 bytes):
    00 c7 9d 18 81 88 ff ff 00 c5 9d 18 81 88 ff ff  ................
    00 c0 45 13 81 88 ff ff 00 00 00 00 00 00 00 00  ..E.............
  backtrace:
    [<00000000d5184981>] __build_skb+0x1f/0x100 net/core/skbuff.c:311
    [<000000003e867734>] __napi_alloc_skb+0xe5/0x140 net/core/skbuff.c:523
    [<0000000076c845fd>] napi_alloc_skb include/linux/skbuff.h:2856 [inline]
    [<0000000076c845fd>] napi_get_frags net/core/dev.c:6053 [inline]
    [<0000000076c845fd>] napi_get_frags+0x3a/0x70 net/core/dev.c:6048
    [<00000000139a9d2e>] tun_napi_alloc_frags drivers/net/tun.c:1425 [inline]
    [<00000000139a9d2e>] tun_get_user+0xa43/0x1660 drivers/net/tun.c:1789
    [<00000000f7c75d13>] tun_chr_write_iter+0x66/0xa0 drivers/net/tun.c:1986
    [<000000005ca281be>] call_write_iter include/linux/fs.h:1882 [inline]
    [<000000005ca281be>] new_sync_write+0x173/0x210 fs/read_write.c:503
    [<00000000b58d783d>] __kernel_write+0x140/0x1f0 fs/read_write.c:530
    [<000000008f3907eb>] write_pipe_buf+0x61/0x80 fs/splice.c:799
    [<00000000203a18ab>] splice_from_pipe_feed fs/splice.c:502 [inline]
    [<00000000203a18ab>] __splice_from_pipe+0x154/0x290 fs/splice.c:626
    [<0000000009117d2e>] splice_from_pipe fs/splice.c:661 [inline]
    [<0000000009117d2e>] default_file_splice_write fs/splice.c:811 [inline]
    [<0000000009117d2e>] do_splice_from fs/splice.c:847 [inline]
    [<0000000009117d2e>] do_splice+0x772/0x8d0 fs/splice.c:1144
    [<000000009fb1c059>] __do_sys_splice fs/splice.c:1419 [inline]
    [<000000009fb1c059>] __se_sys_splice fs/splice.c:1401 [inline]
    [<000000009fb1c059>] __x64_sys_splice+0xaa/0x110 fs/splice.c:1401
    [<0000000028c36b09>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000005fc33dd>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff8881189dc700 (size 224):
  comm "syz-executor.0", pid 6784, jiffies 4294955661 (age 9.240s)
  hex dump (first 32 bytes):
    00 c8 9d 18 81 88 ff ff 00 c6 9d 18 81 88 ff ff  ................
    00 c0 45 13 81 88 ff ff 00 00 00 00 00 00 00 00  ..E.............
  backtrace:
    [<00000000d5184981>] __build_skb+0x1f/0x100 net/core/skbuff.c:311
    [<000000003e867734>] __napi_alloc_skb+0xe5/0x140 net/core/skbuff.c:523
    [<0000000076c845fd>] napi_alloc_skb include/linux/skbuff.h:2856 [inline]
    [<0000000076c845fd>] napi_get_frags net/core/dev.c:6053 [inline]
    [<0000000076c845fd>] napi_get_frags+0x3a/0x70 net/core/dev.c:6048
    [<00000000139a9d2e>] tun_napi_alloc_frags drivers/net/tun.c:1425 [inline]
    [<00000000139a9d2e>] tun_get_user+0xa43/0x1660 drivers/net/tun.c:1789
    [<00000000f7c75d13>] tun_chr_write_iter+0x66/0xa0 drivers/net/tun.c:1986
    [<000000005ca281be>] call_write_iter include/linux/fs.h:1882 [inline]
    [<000000005ca281be>] new_sync_write+0x173/0x210 fs/read_write.c:503
    [<00000000b58d783d>] __kernel_write+0x140/0x1f0 fs/read_write.c:530
    [<000000008f3907eb>] write_pipe_buf+0x61/0x80 fs/splice.c:799
    [<00000000203a18ab>] splice_from_pipe_feed fs/splice.c:502 [inline]
    [<00000000203a18ab>] __splice_from_pipe+0x154/0x290 fs/splice.c:626
    [<0000000009117d2e>] splice_from_pipe fs/splice.c:661 [inline]
    [<0000000009117d2e>] default_file_splice_write fs/splice.c:811 [inline]
    [<0000000009117d2e>] do_splice_from fs/splice.c:847 [inline]
    [<0000000009117d2e>] do_splice+0x772/0x8d0 fs/splice.c:1144
    [<000000009fb1c059>] __do_sys_splice fs/splice.c:1419 [inline]
    [<000000009fb1c059>] __se_sys_splice fs/splice.c:1401 [inline]
    [<000000009fb1c059>] __x64_sys_splice+0xaa/0x110 fs/splice.c:1401
    [<0000000028c36b09>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000005fc33dd>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff8881189dc800 (size 224):
  comm "syz-executor.0", pid 6784, jiffies 4294955661 (age 9.240s)
  hex dump (first 32 bytes):
    00 c9 9d 18 81 88 ff ff 00 c7 9d 18 81 88 ff ff  ................
    00 c0 45 13 81 88 ff ff 00 00 00 00 00 00 00 00  ..E.............
  backtrace:
    [<00000000d5184981>] __build_skb+0x1f/0x100 net/core/skbuff.c:311
    [<000000003e867734>] __napi_alloc_skb+0xe5/0x140 net/core/skbuff.c:523
    [<0000000076c845fd>] napi_alloc_skb include/linux/skbuff.h:2856 [inline]
    [<0000000076c845fd>] napi_get_frags net/core/dev.c:6053 [inline]
    [<0000000076c845fd>] napi_get_frags+0x3a/0x70 net/core/dev.c:6048
    [<00000000139a9d2e>] tun_napi_alloc_frags drivers/net/tun.c:1425 [inline]
    [<00000000139a9d2e>] tun_get_user+0xa43/0x1660 drivers/net/tun.c:1789
    [<00000000f7c75d13>] tun_chr_write_iter+0x66/0xa0 drivers/net/tun.c:1986
    [<000000005ca281be>] call_write_iter include/linux/fs.h:1882 [inline]
    [<000000005ca281be>] new_sync_write+0x173/0x210 fs/read_write.c:503
    [<00000000b58d783d>] __kernel_write+0x140/0x1f0 fs/read_write.c:530
    [<000000008f3907eb>] write_pipe_buf+0x61/0x80 fs/splice.c:799
    [<00000000203a18ab>] splice_from_pipe_feed fs/splice.c:502 [inline]
    [<00000000203a18ab>] __splice_from_pipe+0x154/0x290 fs/splice.c:626
    [<0000000009117d2e>] splice_from_pipe fs/splice.c:661 [inline]
    [<0000000009117d2e>] default_file_splice_write fs/splice.c:811 [inline]
    [<0000000009117d2e>] do_splice_from fs/splice.c:847 [inline]
    [<0000000009117d2e>] do_splice+0x772/0x8d0 fs/splice.c:1144
    [<000000009fb1c059>] __do_sys_splice fs/splice.c:1419 [inline]
    [<000000009fb1c059>] __se_sys_splice fs/splice.c:1401 [inline]
    [<000000009fb1c059>] __x64_sys_splice+0xaa/0x110 fs/splice.c:1401
    [<0000000028c36b09>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000005fc33dd>] entry_SYSCALL_64_after_hwframe+0x44/0xa9