[   86.831139][ T3240] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:56965' (ED25519) to the list of known hosts.
2025/10/02 10:52:22 parsed 1 programs
[   93.307014][   T41] audit: type=1400 audit(1759402345.111:117): avc:  denied  { unlink } for  pid=6185 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   94.598708][ T6185] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   96.834433][   T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.837174][   T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.861512][   T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.864914][   T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.171719][ T6213] chnl_net:caif_netlink_parms(): no params data found
[   97.259899][ T6213] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.262243][ T6213] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.264561][ T6213] bridge_slave_0: entered allmulticast mode
[   97.267362][ T6213] bridge_slave_0: entered promiscuous mode
[   97.271022][ T6213] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.274129][ T6213] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.277829][ T6213] bridge_slave_1: entered allmulticast mode
[   97.280741][ T6213] bridge_slave_1: entered promiscuous mode
[   97.339345][ T6213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.345348][ T6213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.410939][ T6213] team0: Port device team_slave_0 added
[   97.414785][ T6213] team0: Port device team_slave_1 added
[   97.461584][ T6213] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.464319][ T6213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.474211][ T6213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.479532][ T6213] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.482587][ T6213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.491363][ T6213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.530418][ T6213] hsr_slave_0: entered promiscuous mode
[   97.532695][ T6213] hsr_slave_1: entered promiscuous mode
[   98.120879][ T6213] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   98.126496][ T6213] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   98.137610][ T6213] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   98.143399][ T6213] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   98.195296][ T6213] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.205363][ T6213] 8021q: adding VLAN 0 to HW filter on device team0
[   98.210759][   T71] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.213651][   T71] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.222421][  T167] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.224962][  T167] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.355016][ T6213] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.382549][ T6213] veth0_vlan: entered promiscuous mode
[   98.388192][ T6213] veth1_vlan: entered promiscuous mode
[   98.408546][ T6213] veth0_macvtap: entered promiscuous mode
[   98.412375][ T6213] veth1_macvtap: entered promiscuous mode
[   98.422085][ T6213] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.431946][ T6213] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.440041][   T71] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.443088][   T71] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.447787][   T71] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.451621][   T71] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.535791][   T56] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.626292][   T56] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.729059][   T56] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.794527][   T56] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.942112][   T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.946059][   T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.952737][   T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.959990][   T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.964050][   T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.854864][   T41] audit: type=1401 audit(1759402351.661:118): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/10/02 10:52:32 executed programs: 0
[  100.943517][   T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  100.947928][   T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  100.951288][   T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  100.955279][   T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  100.960413][   T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  101.106527][ T6356] chnl_net:caif_netlink_parms(): no params data found
[  101.209068][ T6356] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.212454][ T6356] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.215076][ T6356] bridge_slave_0: entered allmulticast mode
[  101.218331][ T6356] bridge_slave_0: entered promiscuous mode
[  101.221641][ T6356] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.224002][ T6356] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.226466][ T6356] bridge_slave_1: entered allmulticast mode
[  101.229695][ T6356] bridge_slave_1: entered promiscuous mode
[  101.271536][ T6356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.279308][ T6356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.334413][ T6356] team0: Port device team_slave_0 added
[  101.338681][ T6356] team0: Port device team_slave_1 added
[  101.372671][ T6356] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.375286][ T6356] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.386140][ T6356] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.398692][ T6356] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.401638][ T6356] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.412845][ T6356] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.481643][ T6356] hsr_slave_0: entered promiscuous mode
[  101.484764][ T6356] hsr_slave_1: entered promiscuous mode
[  101.487754][ T6356] debugfs: 'hsr0' already exists in 'hsr'
[  101.490143][ T6356] Cannot create hsr debugfs directory
[  101.869491][   T56] bridge_slave_1: left allmulticast mode
[  101.871606][   T56] bridge_slave_1: left promiscuous mode
[  101.873776][   T56] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.878936][   T56] bridge_slave_0: left allmulticast mode
[  101.880674][   T56] bridge_slave_0: left promiscuous mode
[  101.882435][   T56] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.132265][   T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  102.140250][   T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  102.145260][   T56] bond0 (unregistering): Released all slaves
[  102.293260][   T56] hsr_slave_0: left promiscuous mode
[  102.296653][   T56] hsr_slave_1: left promiscuous mode
[  102.299846][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.302766][   T56] batman_adv: batadv0: Removing interface: batadv_slave_0
[  102.306039][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  102.309054][   T56] batman_adv: batadv0: Removing interface: batadv_slave_1
[  102.329867][   T56] veth1_macvtap: left promiscuous mode
[  102.332599][   T56] veth0_macvtap: left promiscuous mode
[  102.335328][   T56] veth1_vlan: left promiscuous mode
[  102.338178][   T56] veth0_vlan: left promiscuous mode
[  102.886762][   T56] team0 (unregistering): Port device team_slave_1 removed
[  102.942754][   T56] team0 (unregistering): Port device team_slave_0 removed
[  102.998851][ T5300] Bluetooth: hci0: command tx timeout
[  103.819190][ T6356] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  103.827726][ T6356] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  103.838707][ T6356] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  103.846268][ T6356] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  103.923309][ T6356] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.939446][ T6356] 8021q: adding VLAN 0 to HW filter on device team0
[  103.946399][   T71] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.949889][   T71] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.961433][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.963937][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.439599][ T6356] 8021q: adding VLAN 0 to HW filter on device batadv0
[  104.520100][ T6356] veth0_vlan: entered promiscuous mode
[  104.526174][ T6356] veth1_vlan: entered promiscuous mode
[  104.540219][ T6356] veth0_macvtap: entered promiscuous mode
[  104.549684][ T6356] veth1_macvtap: entered promiscuous mode
[  104.561898][ T6356] batman_adv: batadv0: Interface activated: batadv_slave_0
[  104.568999][ T6356] batman_adv: batadv0: Interface activated: batadv_slave_1
[  104.580150][  T167] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  104.583892][  T167] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  104.590186][  T167] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  104.593228][  T167] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  104.640916][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.644517][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.660741][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.664066][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.691131][   T41] audit: type=1400 audit(1759402356.501:119): avc:  denied  { prog_load } for  pid=6403 comm="syz.0.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  104.701381][   T41] audit: type=1400 audit(1759402356.501:120): avc:  denied  { bpf } for  pid=6403 comm="syz.0.17" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  104.710741][   T41] audit: type=1400 audit(1759402356.501:121): avc:  denied  { perfmon } for  pid=6403 comm="syz.0.17" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  104.714320][ T6404] BUG: Bad page state in process syz.0.17  pfn:51b52
[  104.718412][   T41] audit: type=1400 audit(1759402356.501:122): avc:  denied  { prog_run } for  pid=6403 comm="syz.0.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  104.720646][ T6404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51b52
[  104.730652][   T41] audit: type=1400 audit(1759402356.531:123): avc:  denied  { read } for  pid=5332 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  104.733451][ T6404] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  104.740935][   T41] audit: type=1400 audit(1759402356.531:124): avc:  denied  { search } for  pid=5332 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  104.744429][ T6404] raw: 00fff00000000000 dead000000000040 ffff88802198b000 0000000000000000
[  104.752442][   T41] audit: type=1400 audit(1759402356.531:125): avc:  denied  { search } for  pid=5332 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  104.755893][ T6404] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  104.765126][   T41] audit: type=1400 audit(1759402356.531:126): avc:  denied  { add_name } for  pid=5332 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  104.770256][ T6404] page dumped because: page_pool leak
[  104.777691][   T41] audit: type=1400 audit(1759402356.531:127): avc:  denied  { create } for  pid=5332 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  104.779861][ T6404] page_owner tracks the page as allocated
[  104.789773][ T6404] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6404, tgid 6403 (syz.0.17), ts 104714212573, free_ts 99792761615
[  104.796937][ T6404]  post_alloc_hook+0x1c0/0x230
[  104.798482][ T6404]  get_page_from_freelist+0x132b/0x38e0
[  104.800425][ T6404]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  104.802591][ T6404]  alloc_pages_bulk_noprof+0x71c/0x1410
[  104.804479][ T6404]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  104.806592][ T6404]  page_pool_alloc_netmems+0xc4/0x190
[  104.808588][ T6404]  skb_pp_cow_data+0x7c0/0xff0
[  104.810567][ T6404]  skb_cow_data_for_xdp+0x88/0xb0
[  104.812569][ T6404]  do_xdp_generic+0x530/0x1320
[  104.814402][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  104.817262][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  104.819570][ T6404]  __netif_receive_skb+0x1d/0x160
[  104.821801][ T6404]  netif_receive_skb+0x137/0x7b0
[  104.823933][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  104.825728][ T6404]  tun_get_user+0x28bb/0x3cd0
[  104.827362][ T6404]  tun_chr_write_iter+0xdc/0x210
[  104.829019][ T6404] page last free pid 6320 tgid 6320 stack trace:
[  104.831246][ T6404]  __free_frozen_pages+0x7d5/0x10f0
[  104.833607][ T6404]  vfree+0x1fd/0xb50
[  104.835465][ T6404]  kcov_close+0x34/0x60
[  104.837223][ T6404]  __fput+0x402/0xb70
[  104.838562][ T6404]  task_work_run+0x14d/0x240
[  104.840100][ T6404]  do_exit+0x86f/0x2bf0
[  104.841478][ T6404]  do_group_exit+0xd3/0x2a0
[  104.842989][ T6404]  get_signal+0x2671/0x26d0
[  104.844528][ T6404]  arch_do_signal_or_restart+0x8f/0x7c0
[  104.846331][ T6404]  exit_to_user_mode_loop+0x7a/0x100
[  104.848159][ T6404]  do_syscall_64+0x419/0x4e0
[  104.849663][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.851641][ T6404] Modules linked in:
[  104.853361][ T6404] CPU: 0 UID: 0 PID: 6404 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  104.853386][ T6404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  104.853397][ T6404] Call Trace:
[  104.853406][ T6404]  <TASK>
[  104.853414][ T6404]  dump_stack_lvl+0x16c/0x1f0
[  104.853436][ T6404]  bad_page+0xcf/0x220
[  104.853449][ T6404]  ? __pfx_bad_page+0x10/0x10
[  104.853461][ T6404]  ? page_bad_reason+0x9d/0x1f0
[  104.853474][ T6404]  __free_frozen_pages+0x7f7/0x10f0
[  104.853492][ T6404]  ? kasan_quarantine_put+0x10a/0x240
[  104.853513][ T6404]  page_frag_free+0x27f/0x2e0
[  104.853525][ T6404]  __xdp_return+0x3ab/0xab0
[  104.853538][ T6404]  ? kfree_skbmem+0x1a4/0x1f0
[  104.853553][ T6404]  bpf_xdp_adjust_tail+0x887/0xcb0
[  104.853572][ T6404]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  104.853583][ T6404]  bpf_prog_run_generic_xdp+0x626/0x1530
[  104.853606][ T6404]  do_xdp_generic+0x8e6/0x1320
[  104.853623][ T6404]  ? __pfx_do_xdp_generic+0x10/0x10
[  104.853651][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  104.853670][ T6404]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  104.853690][ T6404]  ? __skb_flow_dissect+0x11b2/0x7d90
[  104.853705][ T6404]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  104.853725][ T6404]  ? __pfx___skb_flow_dissect+0x10/0x10
[  104.853738][ T6404]  ? do_user_addr_fault+0x829/0x1370
[  104.853756][ T6404]  ? do_user_addr_fault+0x843/0x1370
[  104.853772][ T6404]  ? __lock_acquire+0x62e/0x1ce0
[  104.853790][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  104.853805][ T6404]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  104.853822][ T6404]  ? lock_acquire+0x179/0x350
[  104.853838][ T6404]  __netif_receive_skb+0x1d/0x160
[  104.853854][ T6404]  netif_receive_skb+0x137/0x7b0
[  104.853868][ T6404]  ? __pfx_netif_receive_skb+0x10/0x10
[  104.853884][ T6404]  ? __pfx__copy_from_iter+0x10/0x10
[  104.853906][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  104.853928][ T6404]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  104.853950][ T6404]  ? tun_get_user+0x1df6/0x3cd0
[  104.853969][ T6404]  ? rcu_is_watching+0x12/0xc0
[  104.853990][ T6404]  tun_get_user+0x28bb/0x3cd0
[  104.854016][ T6404]  ? __pfx_tun_get_user+0x10/0x10
[  104.854037][ T6404]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  104.854060][ T6404]  ? find_held_lock+0x2b/0x80
[  104.854077][ T6404]  ? tun_get+0x191/0x370
[  104.854099][ T6404]  tun_chr_write_iter+0xdc/0x210
[  104.854120][ T6404]  vfs_write+0x7d3/0x11d0
[  104.854140][ T6404]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  104.854177][ T6404]  ? __pfx_vfs_write+0x10/0x10
[  104.854200][ T6404]  ? find_held_lock+0x2b/0x80
[  104.854241][ T6404]  ksys_write+0x12a/0x250
[  104.854269][ T6404]  ? __pfx_ksys_write+0x10/0x10
[  104.854300][ T6404]  do_syscall_64+0xcd/0x4e0
[  104.854320][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.854334][ T6404] RIP: 0033:0x7ff08ef8d65f
[  104.854345][ T6404] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  104.854357][ T6404] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  104.854370][ T6404] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  104.854378][ T6404] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  104.854385][ T6404] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  104.854392][ T6404] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  104.854399][ T6404] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  104.854414][ T6404]  </TASK>
[  104.854419][ T6404] Disabling lock debugging due to kernel taint
[  105.007962][ T6404] BUG: Bad page state in process syz.0.17  pfn:51b53
[  105.010329][ T6404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51b53
[  105.013456][ T6404] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  105.015984][ T6404] raw: 00fff00000000000 dead000000000040 ffff88802198b000 0000000000000000
[  105.019501][ T6404] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  105.023061][ T6404] page dumped because: page_pool leak
[  105.025021][ T6404] page_owner tracks the page as allocated
[  105.027295][ T6404] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6404, tgid 6403 (syz.0.17), ts 104714203859, free_ts 99792766565
[  105.033216][ T6404]  post_alloc_hook+0x1c0/0x230
[  105.035083][ T6404]  get_page_from_freelist+0x132b/0x38e0
[  105.037262][ T6404]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  105.040018][ T6404]  alloc_pages_bulk_noprof+0x71c/0x1410
[  105.042338][ T6404]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  105.044861][ T6404]  page_pool_alloc_netmems+0xc4/0x190
[  105.047057][ T6404]  skb_pp_cow_data+0x7c0/0xff0
[  105.049001][ T6404]  skb_cow_data_for_xdp+0x88/0xb0
[  105.051232][ T6404]  do_xdp_generic+0x530/0x1320
[  105.053515][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  105.056757][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  105.059624][ T6404]  __netif_receive_skb+0x1d/0x160
[  105.061898][ T6404]  netif_receive_skb+0x137/0x7b0
[  105.064088][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  105.066564][ T6404]  tun_get_user+0x28bb/0x3cd0
[  105.068902][ T6404]  tun_chr_write_iter+0xdc/0x210
[  105.071346][ T6404] page last free pid 6320 tgid 6320 stack trace:
[  105.074334][ T6404]  __free_frozen_pages+0x7d5/0x10f0
[  105.076710][ T6404]  vfree+0x1fd/0xb50
[  105.077049][ T5300] Bluetooth: hci0: command tx timeout
[  105.078386][ T6404]  kcov_close+0x34/0x60
[  105.082101][ T6404]  __fput+0x402/0xb70
[  105.083815][ T6404]  task_work_run+0x14d/0x240
[  105.085900][ T6404]  do_exit+0x86f/0x2bf0
[  105.087898][ T6404]  do_group_exit+0xd3/0x2a0
[  105.090067][ T6404]  get_signal+0x2671/0x26d0
[  105.092319][ T6404]  arch_do_signal_or_restart+0x8f/0x7c0
[  105.094663][ T6404]  exit_to_user_mode_loop+0x7a/0x100
[  105.096950][ T6404]  do_syscall_64+0x419/0x4e0
[  105.098940][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.101499][ T6404] Modules linked in:
[  105.103328][ T6404] CPU: 0 UID: 0 PID: 6404 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  105.103359][ T6404] Tainted: [B]=BAD_PAGE
[  105.103366][ T6404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  105.103379][ T6404] Call Trace:
[  105.103388][ T6404]  <TASK>
[  105.103397][ T6404]  dump_stack_lvl+0x16c/0x1f0
[  105.103455][ T6404]  bad_page+0xcf/0x220
[  105.103472][ T6404]  ? __pfx_bad_page+0x10/0x10
[  105.103491][ T6404]  ? page_bad_reason+0x9d/0x1f0
[  105.103510][ T6404]  __free_frozen_pages+0x7f7/0x10f0
[  105.103537][ T6404]  ? kasan_quarantine_put+0x10a/0x240
[  105.103568][ T6404]  page_frag_free+0x27f/0x2e0
[  105.103587][ T6404]  __xdp_return+0x3ab/0xab0
[  105.103606][ T6404]  ? kfree_skbmem+0x1a4/0x1f0
[  105.103628][ T6404]  bpf_xdp_adjust_tail+0x887/0xcb0
[  105.103654][ T6404]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  105.103671][ T6404]  bpf_prog_run_generic_xdp+0x626/0x1530
[  105.103702][ T6404]  do_xdp_generic+0x8e6/0x1320
[  105.103727][ T6404]  ? __pfx_do_xdp_generic+0x10/0x10
[  105.103761][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  105.103790][ T6404]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  105.103819][ T6404]  ? __skb_flow_dissect+0x11b2/0x7d90
[  105.103841][ T6404]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  105.103870][ T6404]  ? __pfx___skb_flow_dissect+0x10/0x10
[  105.103890][ T6404]  ? do_user_addr_fault+0x829/0x1370
[  105.103916][ T6404]  ? do_user_addr_fault+0x843/0x1370
[  105.103940][ T6404]  ? __lock_acquire+0x62e/0x1ce0
[  105.103964][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  105.103988][ T6404]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  105.104013][ T6404]  ? lock_acquire+0x179/0x350
[  105.104045][ T6404]  __netif_receive_skb+0x1d/0x160
[  105.104068][ T6404]  netif_receive_skb+0x137/0x7b0
[  105.104092][ T6404]  ? __pfx_netif_receive_skb+0x10/0x10
[  105.104116][ T6404]  ? __pfx__copy_from_iter+0x10/0x10
[  105.104145][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  105.104177][ T6404]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  105.104208][ T6404]  ? tun_get_user+0x1df6/0x3cd0
[  105.104237][ T6404]  ? rcu_is_watching+0x12/0xc0
[  105.104267][ T6404]  tun_get_user+0x28bb/0x3cd0
[  105.104302][ T6404]  ? __pfx_tun_get_user+0x10/0x10
[  105.104333][ T6404]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  105.104364][ T6404]  ? find_held_lock+0x2b/0x80
[  105.104391][ T6404]  ? tun_get+0x191/0x370
[  105.104421][ T6404]  tun_chr_write_iter+0xdc/0x210
[  105.104453][ T6404]  vfs_write+0x7d3/0x11d0
[  105.104483][ T6404]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  105.104515][ T6404]  ? __pfx_vfs_write+0x10/0x10
[  105.104542][ T6404]  ? find_held_lock+0x2b/0x80
[  105.104576][ T6404]  ksys_write+0x12a/0x250
[  105.104605][ T6404]  ? __pfx_ksys_write+0x10/0x10
[  105.104635][ T6404]  do_syscall_64+0xcd/0x4e0
[  105.104663][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.104683][ T6404] RIP: 0033:0x7ff08ef8d65f
[  105.104697][ T6404] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  105.104715][ T6404] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  105.104734][ T6404] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  105.104748][ T6404] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  105.104760][ T6404] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  105.104772][ T6404] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  105.104783][ T6404] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  105.104801][ T6404]  </TASK>
[  105.104814][ T6404] BUG: Bad page state in process syz.0.17  pfn:51b54
[  105.238487][ T6404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51b54
[  105.242046][ T6404] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  105.244457][ T6404] raw: 00fff00000000000 dead000000000040 ffff88802198b000 0000000000000000
[  105.247250][ T6404] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  105.249852][ T6404] page dumped because: page_pool leak
[  105.251592][ T6404] page_owner tracks the page as allocated
[  105.253564][ T6404] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6404, tgid 6403 (syz.0.17), ts 104714193936, free_ts 99792771768
[  105.261098][ T6404]  post_alloc_hook+0x1c0/0x230
[  105.263105][ T6404]  get_page_from_freelist+0x132b/0x38e0
[  105.265311][ T6404]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  105.267631][ T6404]  alloc_pages_bulk_noprof+0x71c/0x1410
[  105.269542][ T6404]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  105.271505][ T6404]  page_pool_alloc_netmems+0xc4/0x190
[  105.273610][ T6404]  skb_pp_cow_data+0x7c0/0xff0
[  105.275343][ T6404]  skb_cow_data_for_xdp+0x88/0xb0
[  105.277464][ T6404]  do_xdp_generic+0x530/0x1320
[  105.279781][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  105.282853][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  105.285423][ T6404]  __netif_receive_skb+0x1d/0x160
[  105.287187][ T6404]  netif_receive_skb+0x137/0x7b0
[  105.288867][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  105.290818][ T6404]  tun_get_user+0x28bb/0x3cd0
[  105.292913][ T6404]  tun_chr_write_iter+0xdc/0x210
[  105.295073][ T6404] page last free pid 6320 tgid 6320 stack trace:
[  105.297763][ T6404]  __free_frozen_pages+0x7d5/0x10f0
[  105.300020][ T6404]  vfree+0x1fd/0xb50
[  105.301701][ T6404]  kcov_close+0x34/0x60
[  105.303548][ T6404]  __fput+0x402/0xb70
[  105.305387][ T6404]  task_work_run+0x14d/0x240
[  105.307649][ T6404]  do_exit+0x86f/0x2bf0
[  105.309680][ T6404]  do_group_exit+0xd3/0x2a0
[  105.311674][ T6404]  get_signal+0x2671/0x26d0
[  105.313593][ T6404]  arch_do_signal_or_restart+0x8f/0x7c0
[  105.315854][ T6404]  exit_to_user_mode_loop+0x7a/0x100
[  105.318211][ T6404]  do_syscall_64+0x419/0x4e0
[  105.320493][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.323493][ T6404] Modules linked in:
[  105.325342][ T6404] CPU: 0 UID: 0 PID: 6404 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  105.325366][ T6404] Tainted: [B]=BAD_PAGE
[  105.325371][ T6404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  105.325381][ T6404] Call Trace:
[  105.325389][ T6404]  <TASK>
[  105.325396][ T6404]  dump_stack_lvl+0x16c/0x1f0
[  105.325425][ T6404]  bad_page+0xcf/0x220
[  105.325441][ T6404]  ? __pfx_bad_page+0x10/0x10
[  105.325457][ T6404]  ? page_bad_reason+0x9d/0x1f0
[  105.325472][ T6404]  __free_frozen_pages+0x7f7/0x10f0
[  105.325493][ T6404]  ? kasan_quarantine_put+0x10a/0x240
[  105.325518][ T6404]  page_frag_free+0x27f/0x2e0
[  105.325534][ T6404]  __xdp_return+0x3ab/0xab0
[  105.325550][ T6404]  ? kfree_skbmem+0x1a4/0x1f0
[  105.325567][ T6404]  bpf_xdp_adjust_tail+0x887/0xcb0
[  105.325593][ T6404]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  105.325607][ T6404]  bpf_prog_run_generic_xdp+0x626/0x1530
[  105.325632][ T6404]  do_xdp_generic+0x8e6/0x1320
[  105.325652][ T6404]  ? __pfx_do_xdp_generic+0x10/0x10
[  105.325679][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  105.325701][ T6404]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  105.325723][ T6404]  ? __skb_flow_dissect+0x11b2/0x7d90
[  105.325740][ T6404]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  105.325769][ T6404]  ? __pfx___skb_flow_dissect+0x10/0x10
[  105.325792][ T6404]  ? do_user_addr_fault+0x829/0x1370
[  105.325815][ T6404]  ? do_user_addr_fault+0x843/0x1370
[  105.325836][ T6404]  ? __lock_acquire+0x62e/0x1ce0
[  105.325857][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  105.325879][ T6404]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  105.325900][ T6404]  ? lock_acquire+0x179/0x350
[  105.325920][ T6404]  __netif_receive_skb+0x1d/0x160
[  105.325940][ T6404]  netif_receive_skb+0x137/0x7b0
[  105.325961][ T6404]  ? __pfx_netif_receive_skb+0x10/0x10
[  105.325981][ T6404]  ? __pfx__copy_from_iter+0x10/0x10
[  105.326005][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  105.326031][ T6404]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  105.326058][ T6404]  ? tun_get_user+0x1df6/0x3cd0
[  105.326083][ T6404]  ? rcu_is_watching+0x12/0xc0
[  105.326109][ T6404]  tun_get_user+0x28bb/0x3cd0
[  105.326140][ T6404]  ? __pfx_tun_get_user+0x10/0x10
[  105.326167][ T6404]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  105.326194][ T6404]  ? find_held_lock+0x2b/0x80
[  105.326217][ T6404]  ? tun_get+0x191/0x370
[  105.326243][ T6404]  tun_chr_write_iter+0xdc/0x210
[  105.326270][ T6404]  vfs_write+0x7d3/0x11d0
[  105.326296][ T6404]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  105.326324][ T6404]  ? __pfx_vfs_write+0x10/0x10
[  105.326348][ T6404]  ? find_held_lock+0x2b/0x80
[  105.326377][ T6404]  ksys_write+0x12a/0x250
[  105.326403][ T6404]  ? __pfx_ksys_write+0x10/0x10
[  105.326430][ T6404]  do_syscall_64+0xcd/0x4e0
[  105.326455][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.326472][ T6404] RIP: 0033:0x7ff08ef8d65f
[  105.326485][ T6404] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  105.326500][ T6404] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  105.326517][ T6404] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  105.326527][ T6404] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  105.326540][ T6404] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  105.326550][ T6404] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  105.326560][ T6404] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  105.326576][ T6404]  </TASK>
[  105.326587][ T6404] BUG: Bad page state in process syz.0.17  pfn:51b55
[  105.467130][ T6404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51b55
[  105.471013][ T6404] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  105.473929][ T6404] raw: 00fff00000000000 dead000000000040 ffff88802198b000 0000000000000000
[  105.478024][ T6404] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  105.482182][ T6404] page dumped because: page_pool leak
[  105.484481][ T6404] page_owner tracks the page as allocated
[  105.486517][ T6404] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6404, tgid 6403 (syz.0.17), ts 104714184375, free_ts 99792776952
[  105.492607][ T6404]  post_alloc_hook+0x1c0/0x230
[  105.494905][ T6404]  get_page_from_freelist+0x132b/0x38e0
[  105.498082][ T6404]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  105.500942][ T6404]  alloc_pages_bulk_noprof+0x71c/0x1410
[  105.503445][ T6404]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  105.505873][ T6404]  page_pool_alloc_netmems+0xc4/0x190
[  105.507645][ T6404]  skb_pp_cow_data+0x7c0/0xff0
[  105.509169][ T6404]  skb_cow_data_for_xdp+0x88/0xb0
[  105.510797][ T6404]  do_xdp_generic+0x530/0x1320
[  105.512625][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  105.515193][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  105.517441][ T6404]  __netif_receive_skb+0x1d/0x160
[  105.519456][ T6404]  netif_receive_skb+0x137/0x7b0
[  105.522877][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  105.525494][ T6404]  tun_get_user+0x28bb/0x3cd0
[  105.527648][ T6404]  tun_chr_write_iter+0xdc/0x210
[  105.529498][ T6404] page last free pid 6320 tgid 6320 stack trace:
[  105.531527][ T6404]  __free_frozen_pages+0x7d5/0x10f0
[  105.533339][ T6404]  vfree+0x1fd/0xb50
[  105.535166][ T6404]  kcov_close+0x34/0x60
[  105.537175][ T6404]  __fput+0x402/0xb70
[  105.539040][ T6404]  task_work_run+0x14d/0x240
[  105.540980][ T6404]  do_exit+0x86f/0x2bf0
[  105.542818][ T6404]  do_group_exit+0xd3/0x2a0
[  105.545268][ T6404]  get_signal+0x2671/0x26d0
[  105.548294][ T6404]  arch_do_signal_or_restart+0x8f/0x7c0
[  105.551239][ T6404]  exit_to_user_mode_loop+0x7a/0x100
[  105.553581][ T6404]  do_syscall_64+0x419/0x4e0
[  105.555715][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.558204][ T6404] Modules linked in:
[  105.559966][ T6404] CPU: 0 UID: 0 PID: 6404 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  105.559991][ T6404] Tainted: [B]=BAD_PAGE
[  105.559997][ T6404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  105.560007][ T6404] Call Trace:
[  105.560013][ T6404]  <TASK>
[  105.560020][ T6404]  dump_stack_lvl+0x16c/0x1f0
[  105.560048][ T6404]  bad_page+0xcf/0x220
[  105.560065][ T6404]  ? __pfx_bad_page+0x10/0x10
[  105.560080][ T6404]  ? page_bad_reason+0x9d/0x1f0
[  105.560096][ T6404]  __free_frozen_pages+0x7f7/0x10f0
[  105.560117][ T6404]  ? kasan_quarantine_put+0x10a/0x240
[  105.560149][ T6404]  page_frag_free+0x27f/0x2e0
[  105.560165][ T6404]  __xdp_return+0x3ab/0xab0
[  105.560182][ T6404]  ? kfree_skbmem+0x1a4/0x1f0
[  105.560200][ T6404]  bpf_xdp_adjust_tail+0x887/0xcb0
[  105.560222][ T6404]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  105.560236][ T6404]  bpf_prog_run_generic_xdp+0x626/0x1530
[  105.560261][ T6404]  do_xdp_generic+0x8e6/0x1320
[  105.560281][ T6404]  ? __pfx_do_xdp_generic+0x10/0x10
[  105.560309][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  105.560332][ T6404]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  105.560356][ T6404]  ? __skb_flow_dissect+0x11b2/0x7d90
[  105.560374][ T6404]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  105.560397][ T6404]  ? __pfx___skb_flow_dissect+0x10/0x10
[  105.560413][ T6404]  ? do_user_addr_fault+0x829/0x1370
[  105.560435][ T6404]  ? do_user_addr_fault+0x843/0x1370
[  105.560455][ T6404]  ? __lock_acquire+0x62e/0x1ce0
[  105.560476][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  105.560496][ T6404]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  105.560516][ T6404]  ? lock_acquire+0x179/0x350
[  105.560535][ T6404]  __netif_receive_skb+0x1d/0x160
[  105.560555][ T6404]  netif_receive_skb+0x137/0x7b0
[  105.560574][ T6404]  ? __pfx_netif_receive_skb+0x10/0x10
[  105.560594][ T6404]  ? __pfx__copy_from_iter+0x10/0x10
[  105.560617][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  105.560643][ T6404]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  105.560669][ T6404]  ? tun_get_user+0x1df6/0x3cd0
[  105.560693][ T6404]  ? rcu_is_watching+0x12/0xc0
[  105.560718][ T6404]  tun_get_user+0x28bb/0x3cd0
[  105.560746][ T6404]  ? __pfx_tun_get_user+0x10/0x10
[  105.560770][ T6404]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  105.560795][ T6404]  ? find_held_lock+0x2b/0x80
[  105.560818][ T6404]  ? tun_get+0x191/0x370
[  105.560842][ T6404]  tun_chr_write_iter+0xdc/0x210
[  105.560867][ T6404]  vfs_write+0x7d3/0x11d0
[  105.560893][ T6404]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  105.560919][ T6404]  ? __pfx_vfs_write+0x10/0x10
[  105.560941][ T6404]  ? find_held_lock+0x2b/0x80
[  105.560969][ T6404]  ksys_write+0x12a/0x250
[  105.560992][ T6404]  ? __pfx_ksys_write+0x10/0x10
[  105.561016][ T6404]  do_syscall_64+0xcd/0x4e0
[  105.561040][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.561056][ T6404] RIP: 0033:0x7ff08ef8d65f
[  105.561069][ T6404] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  105.561082][ T6404] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  105.561093][ T6404] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  105.561100][ T6404] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  105.561106][ T6404] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  105.561113][ T6404] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  105.561119][ T6404] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  105.561128][ T6404]  </TASK>
[  105.561136][ T6404] BUG: Bad page state in process syz.0.17  pfn:51b56
[  105.692231][ T6404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51b56
[  105.695887][ T6404] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  105.698828][ T6404] raw: 00fff00000000000 dead000000000040 ffff88802198b000 0000000000000000
[  105.701837][ T6404] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  105.705212][ T6404] page dumped because: page_pool leak
[  105.707740][ T6404] page_owner tracks the page as allocated
[  105.710179][ T6404] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6404, tgid 6403 (syz.0.17), ts 104714173775, free_ts 99792782526
[  105.717247][ T6404]  post_alloc_hook+0x1c0/0x230
[  105.719565][ T6404]  get_page_from_freelist+0x132b/0x38e0
[  105.721786][ T6404]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  105.724555][ T6404]  alloc_pages_bulk_noprof+0x71c/0x1410
[  105.727088][ T6404]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  105.729140][ T6404]  page_pool_alloc_netmems+0xc4/0x190
[  105.730952][ T6404]  skb_pp_cow_data+0x7c0/0xff0
[  105.732541][ T6404]  skb_cow_data_for_xdp+0x88/0xb0
[  105.734186][ T6404]  do_xdp_generic+0x530/0x1320
[  105.735722][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  105.737959][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  105.740396][ T6404]  __netif_receive_skb+0x1d/0x160
[  105.742850][ T6404]  netif_receive_skb+0x137/0x7b0
[  105.745524][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  105.748115][ T6404]  tun_get_user+0x28bb/0x3cd0
[  105.750115][ T6404]  tun_chr_write_iter+0xdc/0x210
[  105.752197][ T6404] page last free pid 6320 tgid 6320 stack trace:
[  105.754566][ T6404]  __free_frozen_pages+0x7d5/0x10f0
[  105.756781][ T6404]  vfree+0x1fd/0xb50
[  105.758747][ T6404]  kcov_close+0x34/0x60
[  105.761042][ T6404]  __fput+0x402/0xb70
[  105.762937][ T6404]  task_work_run+0x14d/0x240
[  105.764951][ T6404]  do_exit+0x86f/0x2bf0
[  105.766365][ T6404]  do_group_exit+0xd3/0x2a0
[  105.767907][ T6404]  get_signal+0x2671/0x26d0
[  105.769630][ T6404]  arch_do_signal_or_restart+0x8f/0x7c0
[  105.771993][ T6404]  exit_to_user_mode_loop+0x7a/0x100
[  105.774531][ T6404]  do_syscall_64+0x419/0x4e0
[  105.776950][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.779793][ T6404] Modules linked in:
[  105.781514][ T6404] CPU: 0 UID: 0 PID: 6404 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  105.781539][ T6404] Tainted: [B]=BAD_PAGE
[  105.781544][ T6404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  105.781555][ T6404] Call Trace:
[  105.781562][ T6404]  <TASK>
[  105.781569][ T6404]  dump_stack_lvl+0x16c/0x1f0
[  105.781596][ T6404]  bad_page+0xcf/0x220
[  105.781613][ T6404]  ? __pfx_bad_page+0x10/0x10
[  105.781629][ T6404]  ? page_bad_reason+0x9d/0x1f0
[  105.781645][ T6404]  __free_frozen_pages+0x7f7/0x10f0
[  105.781668][ T6404]  ? kasan_quarantine_put+0x10a/0x240
[  105.781693][ T6404]  page_frag_free+0x27f/0x2e0
[  105.781711][ T6404]  __xdp_return+0x3ab/0xab0
[  105.781729][ T6404]  ? kfree_skbmem+0x1a4/0x1f0
[  105.781748][ T6404]  bpf_xdp_adjust_tail+0x887/0xcb0
[  105.781769][ T6404]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  105.781782][ T6404]  bpf_prog_run_generic_xdp+0x626/0x1530
[  105.781807][ T6404]  do_xdp_generic+0x8e6/0x1320
[  105.781827][ T6404]  ? __pfx_do_xdp_generic+0x10/0x10
[  105.781855][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  105.781878][ T6404]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  105.781902][ T6404]  ? __skb_flow_dissect+0x11b2/0x7d90
[  105.781921][ T6404]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  105.781944][ T6404]  ? __pfx___skb_flow_dissect+0x10/0x10
[  105.781960][ T6404]  ? do_user_addr_fault+0x829/0x1370
[  105.781983][ T6404]  ? do_user_addr_fault+0x843/0x1370
[  105.782003][ T6404]  ? __lock_acquire+0x62e/0x1ce0
[  105.782023][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  105.782050][ T6404]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  105.782071][ T6404]  ? lock_acquire+0x179/0x350
[  105.782090][ T6404]  __netif_receive_skb+0x1d/0x160
[  105.782109][ T6404]  netif_receive_skb+0x137/0x7b0
[  105.782128][ T6404]  ? __pfx_netif_receive_skb+0x10/0x10
[  105.782148][ T6404]  ? __pfx__copy_from_iter+0x10/0x10
[  105.782172][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  105.782197][ T6404]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  105.782223][ T6404]  ? tun_get_user+0x1df6/0x3cd0
[  105.782247][ T6404]  ? rcu_is_watching+0x12/0xc0
[  105.782271][ T6404]  tun_get_user+0x28bb/0x3cd0
[  105.782300][ T6404]  ? __pfx_tun_get_user+0x10/0x10
[  105.782325][ T6404]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  105.782351][ T6404]  ? find_held_lock+0x2b/0x80
[  105.782374][ T6404]  ? tun_get+0x191/0x370
[  105.782399][ T6404]  tun_chr_write_iter+0xdc/0x210
[  105.782424][ T6404]  vfs_write+0x7d3/0x11d0
[  105.782450][ T6404]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  105.782476][ T6404]  ? __pfx_vfs_write+0x10/0x10
[  105.782498][ T6404]  ? find_held_lock+0x2b/0x80
[  105.782526][ T6404]  ksys_write+0x12a/0x250
[  105.782550][ T6404]  ? __pfx_ksys_write+0x10/0x10
[  105.782576][ T6404]  do_syscall_64+0xcd/0x4e0
[  105.782601][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.782619][ T6404] RIP: 0033:0x7ff08ef8d65f
[  105.782633][ T6404] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  105.782648][ T6404] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  105.782665][ T6404] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  105.782676][ T6404] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  105.782686][ T6404] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  105.782696][ T6404] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  105.782706][ T6404] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  105.782722][ T6404]  </TASK>
[  105.782732][ T6404] BUG: Bad page state in process syz.0.17  pfn:51b57
[  105.925688][ T6404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51b57
[  105.928796][ T6404] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  105.931527][ T6404] raw: 00fff00000000000 dead000000000040 ffff88802198b000 0000000000000000
[  105.934614][ T6404] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  105.938006][ T6404] page dumped because: page_pool leak
[  105.939900][ T6404] page_owner tracks the page as allocated
[  105.941747][ T6404] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6404, tgid 6403 (syz.0.17), ts 104714163862, free_ts 99792788406
[  105.947265][ T6404]  post_alloc_hook+0x1c0/0x230
[  105.948968][ T6404]  get_page_from_freelist+0x132b/0x38e0
[  105.951004][ T6404]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  105.953253][ T6404]  alloc_pages_bulk_noprof+0x71c/0x1410
[  105.955452][ T6404]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  105.957622][ T6404]  page_pool_alloc_netmems+0xc4/0x190
[  105.959448][ T6404]  skb_pp_cow_data+0x7c0/0xff0
[  105.960990][ T6404]  skb_cow_data_for_xdp+0x88/0xb0
[  105.962612][ T6404]  do_xdp_generic+0x530/0x1320
[  105.964138][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  105.966201][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  105.968404][ T6404]  __netif_receive_skb+0x1d/0x160
[  105.970250][ T6404]  netif_receive_skb+0x137/0x7b0
[  105.972484][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  105.974552][ T6404]  tun_get_user+0x28bb/0x3cd0
[  105.976626][ T6404]  tun_chr_write_iter+0xdc/0x210
[  105.978440][ T6404] page last free pid 6320 tgid 6320 stack trace:
[  105.980485][ T6404]  __free_frozen_pages+0x7d5/0x10f0
[  105.982192][ T6404]  vfree+0x1fd/0xb50
[  105.983459][ T6404]  kcov_close+0x34/0x60
[  105.984997][ T6404]  __fput+0x402/0xb70
[  105.986363][ T6404]  task_work_run+0x14d/0x240
[  105.988052][ T6404]  do_exit+0x86f/0x2bf0
[  105.989669][ T6404]  do_group_exit+0xd3/0x2a0
[  105.991249][ T6404]  get_signal+0x2671/0x26d0
[  105.992974][ T6404]  arch_do_signal_or_restart+0x8f/0x7c0
[  105.995465][ T6404]  exit_to_user_mode_loop+0x7a/0x100
[  105.997777][ T6404]  do_syscall_64+0x419/0x4e0
[  105.999884][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.002777][ T6404] Modules linked in:
[  106.005084][ T6404] CPU: 0 UID: 0 PID: 6404 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  106.005115][ T6404] Tainted: [B]=BAD_PAGE
[  106.005120][ T6404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  106.005130][ T6404] Call Trace:
[  106.005139][ T6404]  <TASK>
[  106.005148][ T6404]  dump_stack_lvl+0x16c/0x1f0
[  106.005180][ T6404]  bad_page+0xcf/0x220
[  106.005197][ T6404]  ? __pfx_bad_page+0x10/0x10
[  106.005211][ T6404]  ? page_bad_reason+0x9d/0x1f0
[  106.005223][ T6404]  __free_frozen_pages+0x7f7/0x10f0
[  106.005244][ T6404]  ? kasan_quarantine_put+0x10a/0x240
[  106.005372][ T6404]  page_frag_free+0x27f/0x2e0
[  106.005397][ T6404]  __xdp_return+0x3ab/0xab0
[  106.005418][ T6404]  ? kfree_skbmem+0x1a4/0x1f0
[  106.005441][ T6404]  bpf_xdp_adjust_tail+0x887/0xcb0
[  106.005468][ T6404]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  106.005487][ T6404]  bpf_prog_run_generic_xdp+0x626/0x1530
[  106.005520][ T6404]  do_xdp_generic+0x8e6/0x1320
[  106.005546][ T6404]  ? __pfx_do_xdp_generic+0x10/0x10
[  106.005580][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  106.005611][ T6404]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  106.005641][ T6404]  ? __skb_flow_dissect+0x11b2/0x7d90
[  106.005665][ T6404]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  106.005695][ T6404]  ? __pfx___skb_flow_dissect+0x10/0x10
[  106.005717][ T6404]  ? do_user_addr_fault+0x829/0x1370
[  106.005744][ T6404]  ? do_user_addr_fault+0x843/0x1370
[  106.005769][ T6404]  ? __lock_acquire+0x62e/0x1ce0
[  106.005795][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  106.005821][ T6404]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  106.005862][ T6404]  ? lock_acquire+0x179/0x350
[  106.005888][ T6404]  __netif_receive_skb+0x1d/0x160
[  106.005912][ T6404]  netif_receive_skb+0x137/0x7b0
[  106.005936][ T6404]  ? __pfx_netif_receive_skb+0x10/0x10
[  106.005960][ T6404]  ? __pfx__copy_from_iter+0x10/0x10
[  106.005991][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  106.006023][ T6404]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  106.006056][ T6404]  ? tun_get_user+0x1df6/0x3cd0
[  106.006087][ T6404]  ? rcu_is_watching+0x12/0xc0
[  106.006119][ T6404]  tun_get_user+0x28bb/0x3cd0
[  106.006156][ T6404]  ? __pfx_tun_get_user+0x10/0x10
[  106.006188][ T6404]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  106.006221][ T6404]  ? find_held_lock+0x2b/0x80
[  106.006249][ T6404]  ? tun_get+0x191/0x370
[  106.006281][ T6404]  tun_chr_write_iter+0xdc/0x210
[  106.006314][ T6404]  vfs_write+0x7d3/0x11d0
[  106.006344][ T6404]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  106.006379][ T6404]  ? __pfx_vfs_write+0x10/0x10
[  106.006407][ T6404]  ? find_held_lock+0x2b/0x80
[  106.006441][ T6404]  ksys_write+0x12a/0x250
[  106.006472][ T6404]  ? __pfx_ksys_write+0x10/0x10
[  106.006506][ T6404]  do_syscall_64+0xcd/0x4e0
[  106.006537][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.006561][ T6404] RIP: 0033:0x7ff08ef8d65f
[  106.006580][ T6404] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  106.006600][ T6404] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  106.006621][ T6404] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  106.006636][ T6404] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  106.006650][ T6404] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  106.006662][ T6404] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  106.006675][ T6404] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  106.006696][ T6404]  </TASK>
[  106.006712][ T6404] BUG: Bad page state in process syz.0.17  pfn:51b58
[  106.144954][ T6404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888051b5e000 pfn:0x51b58
[  106.149343][ T6404] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  106.151712][ T6404] raw: 00fff00000000000 dead000000000040 ffff88802198b000 0000000000000000
[  106.154970][ T6404] raw: ffff888051b5e000 0000000000000001 00000000ffffffff 0000000000000000
[  106.157764][ T6404] page dumped because: page_pool leak
[  106.159473][ T6404] page_owner tracks the page as allocated
[  106.161363][ T6404] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6404, tgid 6403 (syz.0.17), ts 104714156721, free_ts 99792793977
[  106.167151][ T6404]  post_alloc_hook+0x1c0/0x230
[  106.169055][ T6404]  get_page_from_freelist+0x132b/0x38e0
[  106.170957][ T6404]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  106.173108][ T6404]  alloc_pages_bulk_noprof+0x71c/0x1410
[  106.174891][ T6404]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  106.176963][ T6404]  page_pool_alloc_netmems+0xc4/0x190
[  106.178672][ T6404]  skb_pp_cow_data+0x7c0/0xff0
[  106.180252][ T6404]  skb_cow_data_for_xdp+0x88/0xb0
[  106.182051][ T6404]  do_xdp_generic+0x530/0x1320
[  106.183872][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  106.186587][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  106.189220][ T6404]  __netif_receive_skb+0x1d/0x160
[  106.191054][ T6404]  netif_receive_skb+0x137/0x7b0
[  106.192802][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  106.194713][ T6404]  tun_get_user+0x28bb/0x3cd0
[  106.196289][ T6404]  tun_chr_write_iter+0xdc/0x210
[  106.197982][ T6404] page last free pid 6320 tgid 6320 stack trace:
[  106.200077][ T6404]  __free_frozen_pages+0x7d5/0x10f0
[  106.201878][ T6404]  vfree+0x1fd/0xb50
[  106.203238][ T6404]  kcov_close+0x34/0x60
[  106.204675][ T6404]  __fput+0x402/0xb70
[  106.206027][ T6404]  task_work_run+0x14d/0x240
[  106.207747][ T6404]  do_exit+0x86f/0x2bf0
[  106.209206][ T6404]  do_group_exit+0xd3/0x2a0
[  106.210784][ T6404]  get_signal+0x2671/0x26d0
[  106.212333][ T6404]  arch_do_signal_or_restart+0x8f/0x7c0
[  106.214101][ T6404]  exit_to_user_mode_loop+0x7a/0x100
[  106.216253][ T6404]  do_syscall_64+0x419/0x4e0
[  106.217724][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.219637][ T6404] Modules linked in:
[  106.220971][ T6404] CPU: 0 UID: 0 PID: 6404 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  106.220994][ T6404] Tainted: [B]=BAD_PAGE
[  106.220998][ T6404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  106.221007][ T6404] Call Trace:
[  106.221012][ T6404]  <TASK>
[  106.221018][ T6404]  dump_stack_lvl+0x16c/0x1f0
[  106.221043][ T6404]  bad_page+0xcf/0x220
[  106.221056][ T6404]  ? __pfx_bad_page+0x10/0x10
[  106.221068][ T6404]  ? page_bad_reason+0x9d/0x1f0
[  106.221081][ T6404]  __free_frozen_pages+0x7f7/0x10f0
[  106.221099][ T6404]  ? kasan_quarantine_put+0x10a/0x240
[  106.221120][ T6404]  page_frag_free+0x27f/0x2e0
[  106.221132][ T6404]  __xdp_return+0x3ab/0xab0
[  106.221145][ T6404]  ? kfree_skbmem+0x1a4/0x1f0
[  106.221159][ T6404]  bpf_xdp_adjust_tail+0x887/0xcb0
[  106.221176][ T6404]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  106.221186][ T6404]  bpf_prog_run_generic_xdp+0x626/0x1530
[  106.221206][ T6404]  do_xdp_generic+0x8e6/0x1320
[  106.221222][ T6404]  ? __pfx_do_xdp_generic+0x10/0x10
[  106.221244][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  106.221262][ T6404]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  106.221281][ T6404]  ? __skb_flow_dissect+0x11b2/0x7d90
[  106.221296][ T6404]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  106.221314][ T6404]  ? __pfx___skb_flow_dissect+0x10/0x10
[  106.221327][ T6404]  ? do_user_addr_fault+0x829/0x1370
[  106.221345][ T6404]  ? do_user_addr_fault+0x843/0x1370
[  106.221360][ T6404]  ? __lock_acquire+0x62e/0x1ce0
[  106.221377][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  106.221393][ T6404]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  106.221409][ T6404]  ? lock_acquire+0x179/0x350
[  106.221424][ T6404]  __netif_receive_skb+0x1d/0x160
[  106.221439][ T6404]  netif_receive_skb+0x137/0x7b0
[  106.221454][ T6404]  ? __pfx_netif_receive_skb+0x10/0x10
[  106.221470][ T6404]  ? __pfx__copy_from_iter+0x10/0x10
[  106.221489][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  106.221510][ T6404]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  106.221531][ T6404]  ? tun_get_user+0x1df6/0x3cd0
[  106.221550][ T6404]  ? rcu_is_watching+0x12/0xc0
[  106.221570][ T6404]  tun_get_user+0x28bb/0x3cd0
[  106.221593][ T6404]  ? __pfx_tun_get_user+0x10/0x10
[  106.221613][ T6404]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  106.221634][ T6404]  ? find_held_lock+0x2b/0x80
[  106.221651][ T6404]  ? tun_get+0x191/0x370
[  106.221671][ T6404]  tun_chr_write_iter+0xdc/0x210
[  106.221693][ T6404]  vfs_write+0x7d3/0x11d0
[  106.221713][ T6404]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  106.221734][ T6404]  ? __pfx_vfs_write+0x10/0x10
[  106.221752][ T6404]  ? find_held_lock+0x2b/0x80
[  106.221774][ T6404]  ksys_write+0x12a/0x250
[  106.221798][ T6404]  ? __pfx_ksys_write+0x10/0x10
[  106.221820][ T6404]  do_syscall_64+0xcd/0x4e0
[  106.221840][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.221854][ T6404] RIP: 0033:0x7ff08ef8d65f
[  106.221865][ T6404] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  106.221878][ T6404] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  106.221892][ T6404] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  106.221901][ T6404] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  106.221909][ T6404] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  106.221917][ T6404] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  106.221925][ T6404] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  106.221937][ T6404]  </TASK>
[  106.221947][ T6404] BUG: Bad page state in process syz.0.17  pfn:51b59
[  106.368750][ T6404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffffffffffffff pfn:0x51b59
[  106.372874][ T6404] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  106.375895][ T6404] raw: 00fff00000000000 dead000000000040 ffff88802198b000 0000000000000000
[  106.379667][ T6404] raw: ffffffffffffffff 0000000000000001 00000000ffffffff 0000000000000000
[  106.383891][ T6404] page dumped because: page_pool leak
[  106.386666][ T6404] page_owner tracks the page as allocated
[  106.389293][ T6404] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6404, tgid 6403 (syz.0.17), ts 104714149884, free_ts 99792799926
[  106.396067][ T6404]  post_alloc_hook+0x1c0/0x230
[  106.398184][ T6404]  get_page_from_freelist+0x132b/0x38e0
[  106.400671][ T6404]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  106.403695][ T6404]  alloc_pages_bulk_noprof+0x71c/0x1410
[  106.406430][ T6404]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  106.409141][ T6404]  page_pool_alloc_netmems+0xc4/0x190
[  106.411082][ T6404]  skb_pp_cow_data+0x7c0/0xff0
[  106.412974][ T6404]  skb_cow_data_for_xdp+0x88/0xb0
[  106.415075][ T6404]  do_xdp_generic+0x530/0x1320
[  106.417215][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  106.420752][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  106.423883][ T6404]  __netif_receive_skb+0x1d/0x160
[  106.426101][ T6404]  netif_receive_skb+0x137/0x7b0
[  106.428217][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  106.430401][ T6404]  tun_get_user+0x28bb/0x3cd0
[  106.432352][ T6404]  tun_chr_write_iter+0xdc/0x210
[  106.434348][ T6404] page last free pid 6320 tgid 6320 stack trace:
[  106.436987][ T6404]  __free_frozen_pages+0x7d5/0x10f0
[  106.439232][ T6404]  vfree+0x1fd/0xb50
[  106.441053][ T6404]  kcov_close+0x34/0x60
[  106.442941][ T6404]  __fput+0x402/0xb70
[  106.444861][ T6404]  task_work_run+0x14d/0x240
[  106.447183][ T6404]  do_exit+0x86f/0x2bf0
[  106.448892][ T6404]  do_group_exit+0xd3/0x2a0
[  106.450700][ T6404]  get_signal+0x2671/0x26d0
[  106.452548][ T6404]  arch_do_signal_or_restart+0x8f/0x7c0
[  106.454408][ T6404]  exit_to_user_mode_loop+0x7a/0x100
[  106.456119][ T6404]  do_syscall_64+0x419/0x4e0
[  106.457723][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.459958][ T6404] Modules linked in:
[  106.461341][ T6404] CPU: 0 UID: 0 PID: 6404 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  106.461366][ T6404] Tainted: [B]=BAD_PAGE
[  106.461372][ T6404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  106.461384][ T6404] Call Trace:
[  106.461392][ T6404]  <TASK>
[  106.461399][ T6404]  dump_stack_lvl+0x16c/0x1f0
[  106.461420][ T6404]  bad_page+0xcf/0x220
[  106.461431][ T6404]  ? __pfx_bad_page+0x10/0x10
[  106.461441][ T6404]  ? page_bad_reason+0x9d/0x1f0
[  106.461450][ T6404]  __free_frozen_pages+0x7f7/0x10f0
[  106.461465][ T6404]  ? kasan_quarantine_put+0x10a/0x240
[  106.461481][ T6404]  page_frag_free+0x27f/0x2e0
[  106.461491][ T6404]  __xdp_return+0x3ab/0xab0
[  106.461502][ T6404]  ? kfree_skbmem+0x1a4/0x1f0
[  106.461514][ T6404]  bpf_xdp_adjust_tail+0x887/0xcb0
[  106.461527][ T6404]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  106.461536][ T6404]  bpf_prog_run_generic_xdp+0x626/0x1530
[  106.461552][ T6404]  do_xdp_generic+0x8e6/0x1320
[  106.461565][ T6404]  ? __pfx_do_xdp_generic+0x10/0x10
[  106.461582][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  106.461603][ T6404]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  106.461624][ T6404]  ? __skb_flow_dissect+0x11b2/0x7d90
[  106.461641][ T6404]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  106.461663][ T6404]  ? __pfx___skb_flow_dissect+0x10/0x10
[  106.461679][ T6404]  ? do_user_addr_fault+0x829/0x1370
[  106.461699][ T6404]  ? do_user_addr_fault+0x843/0x1370
[  106.461719][ T6404]  ? __lock_acquire+0x62e/0x1ce0
[  106.461736][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  106.461749][ T6404]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  106.461763][ T6404]  ? lock_acquire+0x179/0x350
[  106.461780][ T6404]  __netif_receive_skb+0x1d/0x160
[  106.461793][ T6404]  netif_receive_skb+0x137/0x7b0
[  106.461805][ T6404]  ? __pfx_netif_receive_skb+0x10/0x10
[  106.461818][ T6404]  ? __pfx__copy_from_iter+0x10/0x10
[  106.461833][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  106.461851][ T6404]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  106.461868][ T6404]  ? tun_get_user+0x1df6/0x3cd0
[  106.461884][ T6404]  ? rcu_is_watching+0x12/0xc0
[  106.461900][ T6404]  tun_get_user+0x28bb/0x3cd0
[  106.461918][ T6404]  ? __pfx_tun_get_user+0x10/0x10
[  106.461935][ T6404]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  106.461952][ T6404]  ? find_held_lock+0x2b/0x80
[  106.461966][ T6404]  ? tun_get+0x191/0x370
[  106.461982][ T6404]  tun_chr_write_iter+0xdc/0x210
[  106.461999][ T6404]  vfs_write+0x7d3/0x11d0
[  106.462015][ T6404]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  106.462034][ T6404]  ? __pfx_vfs_write+0x10/0x10
[  106.462049][ T6404]  ? find_held_lock+0x2b/0x80
[  106.462066][ T6404]  ksys_write+0x12a/0x250
[  106.462081][ T6404]  ? __pfx_ksys_write+0x10/0x10
[  106.462099][ T6404]  do_syscall_64+0xcd/0x4e0
[  106.462115][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.462127][ T6404] RIP: 0033:0x7ff08ef8d65f
[  106.462136][ T6404] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  106.462147][ T6404] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  106.462157][ T6404] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  106.462164][ T6404] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  106.462170][ T6404] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  106.462176][ T6404] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  106.462182][ T6404] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  106.462191][ T6404]  </TASK>
[  106.462199][ T6404] BUG: Bad page state in process syz.0.17  pfn:51b5a
[  106.610283][ T6404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51b5a
[  106.613852][ T6404] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  106.617289][ T6404] raw: 00fff00000000000 dead000000000040 ffff88802198b000 0000000000000000
[  106.620995][ T6404] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  106.624391][ T6404] page dumped because: page_pool leak
[  106.626587][ T6404] page_owner tracks the page as allocated
[  106.629276][ T6404] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6404, tgid 6403 (syz.0.17), ts 104714143147, free_ts 99792806036
[  106.636919][ T6404]  post_alloc_hook+0x1c0/0x230
[  106.639072][ T6404]  get_page_from_freelist+0x132b/0x38e0
[  106.641401][ T6404]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  106.643834][ T6404]  alloc_pages_bulk_noprof+0x71c/0x1410
[  106.646250][ T6404]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  106.649690][ T6404]  page_pool_alloc_netmems+0xc4/0x190
[  106.652452][ T6404]  skb_pp_cow_data+0x7c0/0xff0
[  106.654561][ T6404]  skb_cow_data_for_xdp+0x88/0xb0
[  106.656582][ T6404]  do_xdp_generic+0x530/0x1320
[  106.658599][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  106.661369][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  106.663785][ T6404]  __netif_receive_skb+0x1d/0x160
[  106.665815][ T6404]  netif_receive_skb+0x137/0x7b0
[  106.667920][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  106.670147][ T6404]  tun_get_user+0x28bb/0x3cd0
[  106.672159][ T6404]  tun_chr_write_iter+0xdc/0x210
[  106.674056][ T6404] page last free pid 6320 tgid 6320 stack trace:
[  106.676750][ T6404]  __free_frozen_pages+0x7d5/0x10f0
[  106.679138][ T6404]  vfree+0x1fd/0xb50
[  106.680900][ T6404]  kcov_close+0x34/0x60
[  106.682727][ T6404]  __fput+0x402/0xb70
[  106.684476][ T6404]  task_work_run+0x14d/0x240
[  106.686350][ T6404]  do_exit+0x86f/0x2bf0
[  106.688167][ T6404]  do_group_exit+0xd3/0x2a0
[  106.690065][ T6404]  get_signal+0x2671/0x26d0
[  106.692179][ T6404]  arch_do_signal_or_restart+0x8f/0x7c0
[  106.695049][ T6404]  exit_to_user_mode_loop+0x7a/0x100
[  106.697742][ T6404]  do_syscall_64+0x419/0x4e0
[  106.699659][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.702030][ T6404] Modules linked in:
[  106.703525][ T6404] CPU: 0 UID: 0 PID: 6404 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  106.703552][ T6404] Tainted: [B]=BAD_PAGE
[  106.703558][ T6404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  106.703567][ T6404] Call Trace:
[  106.703575][ T6404]  <TASK>
[  106.703583][ T6404]  dump_stack_lvl+0x16c/0x1f0
[  106.703609][ T6404]  bad_page+0xcf/0x220
[  106.703625][ T6404]  ? __pfx_bad_page+0x10/0x10
[  106.703640][ T6404]  ? page_bad_reason+0x9d/0x1f0
[  106.703655][ T6404]  __free_frozen_pages+0x7f7/0x10f0
[  106.703676][ T6404]  ? kasan_quarantine_put+0x10a/0x240
[  106.703699][ T6404]  page_frag_free+0x27f/0x2e0
[  106.703715][ T6404]  __xdp_return+0x3ab/0xab0
[  106.703729][ T6404]  ? kfree_skbmem+0x1a4/0x1f0
[  106.703746][ T6404]  bpf_xdp_adjust_tail+0x887/0xcb0
[  106.703766][ T6404]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  106.703779][ T6404]  bpf_prog_run_generic_xdp+0x626/0x1530
[  106.703802][ T6404]  do_xdp_generic+0x8e6/0x1320
[  106.703822][ T6404]  ? __pfx_do_xdp_generic+0x10/0x10
[  106.703849][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  106.703871][ T6404]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  106.703893][ T6404]  ? __skb_flow_dissect+0x11b2/0x7d90
[  106.703910][ T6404]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  106.703933][ T6404]  ? __pfx___skb_flow_dissect+0x10/0x10
[  106.703949][ T6404]  ? do_user_addr_fault+0x829/0x1370
[  106.703969][ T6404]  ? do_user_addr_fault+0x843/0x1370
[  106.703988][ T6404]  ? __lock_acquire+0x62e/0x1ce0
[  106.704007][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  106.704032][ T6404]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  106.704051][ T6404]  ? lock_acquire+0x179/0x350
[  106.704069][ T6404]  __netif_receive_skb+0x1d/0x160
[  106.704087][ T6404]  netif_receive_skb+0x137/0x7b0
[  106.704104][ T6404]  ? __pfx_netif_receive_skb+0x10/0x10
[  106.704123][ T6404]  ? __pfx__copy_from_iter+0x10/0x10
[  106.704146][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  106.704170][ T6404]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  106.704195][ T6404]  ? tun_get_user+0x1df6/0x3cd0
[  106.704218][ T6404]  ? rcu_is_watching+0x12/0xc0
[  106.704241][ T6404]  tun_get_user+0x28bb/0x3cd0
[  106.704269][ T6404]  ? __pfx_tun_get_user+0x10/0x10
[  106.704293][ T6404]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  106.704318][ T6404]  ? find_held_lock+0x2b/0x80
[  106.704339][ T6404]  ? tun_get+0x191/0x370
[  106.704362][ T6404]  tun_chr_write_iter+0xdc/0x210
[  106.704386][ T6404]  vfs_write+0x7d3/0x11d0
[  106.704409][ T6404]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  106.704434][ T6404]  ? __pfx_vfs_write+0x10/0x10
[  106.704455][ T6404]  ? find_held_lock+0x2b/0x80
[  106.704482][ T6404]  ksys_write+0x12a/0x250
[  106.704503][ T6404]  ? __pfx_ksys_write+0x10/0x10
[  106.704529][ T6404]  do_syscall_64+0xcd/0x4e0
[  106.704552][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.704569][ T6404] RIP: 0033:0x7ff08ef8d65f
[  106.704584][ T6404] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  106.704599][ T6404] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  106.704614][ T6404] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  106.704624][ T6404] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  106.704635][ T6404] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  106.704644][ T6404] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  106.704653][ T6404] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  106.704668][ T6404]  </TASK>
[  106.704678][ T6404] BUG: Bad page state in process syz.0.17  pfn:51b5b
[  106.850370][ T6404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51b5b
[  106.853317][ T6404] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  106.856100][ T6404] raw: 00fff00000000000 dead000000000040 ffff88802198b000 0000000000000000
[  106.860518][ T6404] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  106.864421][ T6404] page dumped because: page_pool leak
[  106.866567][ T6404] page_owner tracks the page as allocated
[  106.868985][ T6404] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6404, tgid 6403 (syz.0.17), ts 104714136368, free_ts 99792811473
[  106.876187][ T6404]  post_alloc_hook+0x1c0/0x230
[  106.878357][ T6404]  get_page_from_freelist+0x132b/0x38e0
[  106.880812][ T6404]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  106.883320][ T6404]  alloc_pages_bulk_noprof+0x71c/0x1410
[  106.885463][ T6404]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  106.888658][ T6404]  page_pool_alloc_netmems+0xc4/0x190
[  106.891082][ T6404]  skb_pp_cow_data+0x7c0/0xff0
[  106.893896][ T6404]  skb_cow_data_for_xdp+0x88/0xb0
[  106.897155][ T6404]  do_xdp_generic+0x530/0x1320
[  106.899234][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  106.902036][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  106.904366][ T6404]  __netif_receive_skb+0x1d/0x160
[  106.906416][ T6404]  netif_receive_skb+0x137/0x7b0
[  106.908905][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  106.911352][ T6404]  tun_get_user+0x28bb/0x3cd0
[  106.913874][ T6404]  tun_chr_write_iter+0xdc/0x210
[  106.915907][ T6404] page last free pid 6320 tgid 6320 stack trace:
[  106.918570][ T6404]  __free_frozen_pages+0x7d5/0x10f0
[  106.920480][ T6404]  vfree+0x1fd/0xb50
[  106.921688][ T6404]  kcov_close+0x34/0x60
[  106.923057][ T6404]  __fput+0x402/0xb70
[  106.924457][ T6404]  task_work_run+0x14d/0x240
[  106.926035][ T6404]  do_exit+0x86f/0x2bf0
[  106.927536][ T6404]  do_group_exit+0xd3/0x2a0
[  106.929279][ T6404]  get_signal+0x2671/0x26d0
[  106.931450][ T6404]  arch_do_signal_or_restart+0x8f/0x7c0
[  106.933888][ T6404]  exit_to_user_mode_loop+0x7a/0x100
[  106.936411][ T6404]  do_syscall_64+0x419/0x4e0
[  106.938658][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.940856][ T6404] Modules linked in:
[  106.942488][ T6404] CPU: 0 UID: 0 PID: 6404 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  106.942514][ T6404] Tainted: [B]=BAD_PAGE
[  106.942520][ T6404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  106.942530][ T6404] Call Trace:
[  106.942537][ T6404]  <TASK>
[  106.942545][ T6404]  dump_stack_lvl+0x16c/0x1f0
[  106.942574][ T6404]  bad_page+0xcf/0x220
[  106.942591][ T6404]  ? __pfx_bad_page+0x10/0x10
[  106.942607][ T6404]  ? page_bad_reason+0x9d/0x1f0
[  106.942622][ T6404]  __free_frozen_pages+0x7f7/0x10f0
[  106.942643][ T6404]  ? kasan_quarantine_put+0x10a/0x240
[  106.942668][ T6404]  page_frag_free+0x27f/0x2e0
[  106.942682][ T6404]  __xdp_return+0x3ab/0xab0
[  106.942698][ T6404]  ? kfree_skbmem+0x1a4/0x1f0
[  106.942714][ T6404]  bpf_xdp_adjust_tail+0x887/0xcb0
[  106.942736][ T6404]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  106.942750][ T6404]  bpf_prog_run_generic_xdp+0x626/0x1530
[  106.942776][ T6404]  do_xdp_generic+0x8e6/0x1320
[  106.942796][ T6404]  ? __pfx_do_xdp_generic+0x10/0x10
[  106.942823][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  106.942845][ T6404]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  106.942870][ T6404]  ? __skb_flow_dissect+0x11b2/0x7d90
[  106.942891][ T6404]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  106.942915][ T6404]  ? __pfx___skb_flow_dissect+0x10/0x10
[  106.942940][ T6404]  ? do_user_addr_fault+0x829/0x1370
[  106.942965][ T6404]  ? do_user_addr_fault+0x843/0x1370
[  106.942983][ T6404]  ? __lock_acquire+0x62e/0x1ce0
[  106.943005][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  106.943024][ T6404]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  106.943042][ T6404]  ? lock_acquire+0x179/0x350
[  106.943058][ T6404]  __netif_receive_skb+0x1d/0x160
[  106.943075][ T6404]  netif_receive_skb+0x137/0x7b0
[  106.943091][ T6404]  ? __pfx_netif_receive_skb+0x10/0x10
[  106.943107][ T6404]  ? __pfx__copy_from_iter+0x10/0x10
[  106.943129][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  106.943154][ T6404]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  106.943271][ T6404]  ? tun_get_user+0x1df6/0x3cd0
[  106.943312][ T6404]  ? rcu_is_watching+0x12/0xc0
[  106.943343][ T6404]  tun_get_user+0x28bb/0x3cd0
[  106.943374][ T6404]  ? __pfx_tun_get_user+0x10/0x10
[  106.943462][ T6404]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  106.943491][ T6404]  ? find_held_lock+0x2b/0x80
[  106.943517][ T6404]  ? tun_get+0x191/0x370
[  106.943542][ T6404]  tun_chr_write_iter+0xdc/0x210
[  106.943570][ T6404]  vfs_write+0x7d3/0x11d0
[  106.943598][ T6404]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  106.943623][ T6404]  ? __pfx_vfs_write+0x10/0x10
[  106.943644][ T6404]  ? find_held_lock+0x2b/0x80
[  106.943671][ T6404]  ksys_write+0x12a/0x250
[  106.943694][ T6404]  ? __pfx_ksys_write+0x10/0x10
[  106.943719][ T6404]  do_syscall_64+0xcd/0x4e0
[  106.943745][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.943763][ T6404] RIP: 0033:0x7ff08ef8d65f
[  106.943786][ T6404] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  106.943802][ T6404] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  106.943819][ T6404] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  106.943830][ T6404] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  106.943841][ T6404] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  106.943850][ T6404] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  106.943861][ T6404] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  106.943877][ T6404]  </TASK>
[  106.943892][ T6404] BUG: Bad page state in process syz.0.17  pfn:51b5c
[  107.099651][ T6404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51b5c
[  107.103190][ T6404] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  107.106040][ T6404] raw: 00fff00000000000 dead000000000040 ffff88802198b000 0000000000000000
[  107.109215][ T6404] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  107.112451][ T6404] page dumped because: page_pool leak
[  107.114625][ T6404] page_owner tracks the page as allocated
[  107.116712][ T6404] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6404, tgid 6403 (syz.0.17), ts 104714129578, free_ts 99792817769
[  107.122659][ T6404]  post_alloc_hook+0x1c0/0x230
[  107.124624][ T6404]  get_page_from_freelist+0x132b/0x38e0
[  107.126960][ T6404]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  107.129191][ T6404]  alloc_pages_bulk_noprof+0x71c/0x1410
[  107.131541][ T6404]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  107.134261][ T6404]  page_pool_alloc_netmems+0xc4/0x190
[  107.136641][ T6404]  skb_pp_cow_data+0x7c0/0xff0
[  107.140032][ T6404]  skb_cow_data_for_xdp+0x88/0xb0
[  107.143019][ T6404]  do_xdp_generic+0x530/0x1320
[  107.145085][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  107.146991][ T5300] Bluetooth: hci0: command tx timeout
[  107.148151][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  107.148186][ T6404]  __netif_receive_skb+0x1d/0x160
[  107.148203][ T6404]  netif_receive_skb+0x137/0x7b0
[  107.148219][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  107.148240][ T6404]  tun_get_user+0x28bb/0x3cd0
[  107.148262][ T6404]  tun_chr_write_iter+0xdc/0x210
[  107.148285][ T6404] page last free pid 6320 tgid 6320 stack trace:
[  107.148297][ T6404]  __free_frozen_pages+0x7d5/0x10f0
[  107.148319][ T6404]  vfree+0x1fd/0xb50
[  107.148336][ T6404]  kcov_close+0x34/0x60
[  107.172813][ T6404]  __fput+0x402/0xb70
[  107.174476][ T6404]  task_work_run+0x14d/0x240
[  107.176353][ T6404]  do_exit+0x86f/0x2bf0
[  107.178088][ T6404]  do_group_exit+0xd3/0x2a0
[  107.180213][ T6404]  get_signal+0x2671/0x26d0
[  107.182518][ T6404]  arch_do_signal_or_restart+0x8f/0x7c0
[  107.185431][ T6404]  exit_to_user_mode_loop+0x7a/0x100
[  107.187962][ T6404]  do_syscall_64+0x419/0x4e0
[  107.189728][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.191873][ T6404] Modules linked in:
[  107.193132][ T6404] CPU: 0 UID: 0 PID: 6404 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  107.193158][ T6404] Tainted: [B]=BAD_PAGE
[  107.193164][ T6404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  107.193174][ T6404] Call Trace:
[  107.193182][ T6404]  <TASK>
[  107.193191][ T6404]  dump_stack_lvl+0x16c/0x1f0
[  107.193220][ T6404]  bad_page+0xcf/0x220
[  107.193237][ T6404]  ? __pfx_bad_page+0x10/0x10
[  107.193253][ T6404]  ? page_bad_reason+0x9d/0x1f0
[  107.193269][ T6404]  __free_frozen_pages+0x7f7/0x10f0
[  107.193292][ T6404]  ? kasan_quarantine_put+0x10a/0x240
[  107.193317][ T6404]  page_frag_free+0x27f/0x2e0
[  107.193333][ T6404]  __xdp_return+0x3ab/0xab0
[  107.193349][ T6404]  ? kfree_skbmem+0x1a4/0x1f0
[  107.193367][ T6404]  bpf_xdp_adjust_tail+0x887/0xcb0
[  107.193388][ T6404]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  107.193403][ T6404]  bpf_prog_run_generic_xdp+0x626/0x1530
[  107.193428][ T6404]  do_xdp_generic+0x8e6/0x1320
[  107.193446][ T6404]  ? __pfx_do_xdp_generic+0x10/0x10
[  107.193473][ T6404]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  107.193496][ T6404]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  107.193520][ T6404]  ? __skb_flow_dissect+0x11b2/0x7d90
[  107.193538][ T6404]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  107.193562][ T6404]  ? __pfx___skb_flow_dissect+0x10/0x10
[  107.193579][ T6404]  ? do_user_addr_fault+0x829/0x1370
[  107.193602][ T6404]  ? do_user_addr_fault+0x843/0x1370
[  107.193621][ T6404]  ? __lock_acquire+0x62e/0x1ce0
[  107.193642][ T6404]  __netif_receive_skb_one_core+0xb0/0x1e0
[  107.193662][ T6404]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  107.193682][ T6404]  ? lock_acquire+0x179/0x350
[  107.193702][ T6404]  __netif_receive_skb+0x1d/0x160
[  107.193721][ T6404]  netif_receive_skb+0x137/0x7b0
[  107.193740][ T6404]  ? __pfx_netif_receive_skb+0x10/0x10
[  107.193759][ T6404]  ? __pfx__copy_from_iter+0x10/0x10
[  107.193784][ T6404]  tun_rx_batched.isra.0+0x3ee/0x740
[  107.193810][ T6404]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  107.193842][ T6404]  ? tun_get_user+0x1df6/0x3cd0
[  107.193866][ T6404]  ? rcu_is_watching+0x12/0xc0
[  107.193891][ T6404]  tun_get_user+0x28bb/0x3cd0
[  107.193919][ T6404]  ? __pfx_tun_get_user+0x10/0x10
[  107.193944][ T6404]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  107.193971][ T6404]  ? find_held_lock+0x2b/0x80
[  107.193993][ T6404]  ? tun_get+0x191/0x370
[  107.194018][ T6404]  tun_chr_write_iter+0xdc/0x210
[  107.194044][ T6404]  vfs_write+0x7d3/0x11d0
[  107.194066][ T6404]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  107.194089][ T6404]  ? __pfx_vfs_write+0x10/0x10
[  107.194109][ T6404]  ? find_held_lock+0x2b/0x80
[  107.194133][ T6404]  ksys_write+0x12a/0x250
[  107.194155][ T6404]  ? __pfx_ksys_write+0x10/0x10
[  107.194181][ T6404]  do_syscall_64+0xcd/0x4e0
[  107.194205][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.194222][ T6404] RIP: 0033:0x7ff08ef8d65f
[  107.194235][ T6404] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  107.194250][ T6404] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  107.194266][ T6404] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  107.194276][ T6404] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  107.194286][ T6404] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  107.194295][ T6404] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  107.194305][ T6404] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  107.194409][ T6404]  </TASK>
2025/10/02 10:52:39 executed programs: 3
[  107.353356][ T6408] BUG: Bad page state in process syz.0.18  pfn:522e9
[  107.356360][ T6408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x522e9
[  107.359970][ T6408] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  107.362521][ T6408] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  107.365941][ T6408] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  107.370066][ T6408] page dumped because: page_pool leak
[  107.372599][ T6408] page_owner tracks the page as allocated
[  107.375274][ T6408] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6408, tgid 6407 (syz.0.18), ts 107353294350, free_ts 104427319020
[  107.382011][ T6408]  post_alloc_hook+0x1c0/0x230
[  107.383967][ T6408]  get_page_from_freelist+0x132b/0x38e0
[  107.386237][ T6408]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  107.388941][ T6408]  alloc_pages_bulk_noprof+0x71c/0x1410
[  107.391831][ T6408]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  107.395170][ T6408]  page_pool_alloc_netmems+0xc4/0x190
[  107.397712][ T6408]  skb_pp_cow_data+0x7c0/0xff0
[  107.399733][ T6408]  skb_cow_data_for_xdp+0x88/0xb0
[  107.401943][ T6408]  do_xdp_generic+0x530/0x1320
[  107.404071][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  107.406815][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  107.408985][ T6408]  __netif_receive_skb+0x1d/0x160
[  107.410600][ T6408]  netif_receive_skb+0x137/0x7b0
[  107.412540][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  107.415173][ T6408]  tun_get_user+0x28bb/0x3cd0
[  107.418227][ T6408]  tun_chr_write_iter+0xdc/0x210
[  107.420405][ T6408] page last free pid 18 tgid 18 stack trace:
[  107.422308][ T6408]  __free_frozen_pages+0x7d5/0x10f0
[  107.424190][ T6408]  tlb_remove_table_rcu+0x116/0x1a0
[  107.426031][ T6408]  rcu_core+0x79c/0x1530
[  107.427896][ T6408]  handle_softirqs+0x216/0x8e0
[  107.429971][ T6408]  __irq_exit_rcu+0x109/0x170
[  107.431831][ T6408]  irq_exit_rcu+0x9/0x30
[  107.433565][ T6408]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  107.435774][ T6408]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  107.438101][ T6408] Modules linked in:
[  107.439446][ T6408] CPU: 2 UID: 0 PID: 6408 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  107.439464][ T6408] Tainted: [B]=BAD_PAGE
[  107.439468][ T6408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  107.439475][ T6408] Call Trace:
[  107.439479][ T6408]  <TASK>
[  107.439483][ T6408]  dump_stack_lvl+0x16c/0x1f0
[  107.439504][ T6408]  bad_page+0xcf/0x220
[  107.439515][ T6408]  ? __pfx_bad_page+0x10/0x10
[  107.439525][ T6408]  ? page_bad_reason+0x9d/0x1f0
[  107.439535][ T6408]  __free_frozen_pages+0x7f7/0x10f0
[  107.439551][ T6408]  ? rcu_is_watching+0x12/0xc0
[  107.439568][ T6408]  page_frag_free+0x27f/0x2e0
[  107.439579][ T6408]  __xdp_return+0x3ab/0xab0
[  107.439590][ T6408]  ? kfree_skbmem+0x1a4/0x1f0
[  107.439602][ T6408]  bpf_xdp_adjust_tail+0x887/0xcb0
[  107.439616][ T6408]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  107.439625][ T6408]  bpf_prog_run_generic_xdp+0x626/0x1530
[  107.439643][ T6408]  do_xdp_generic+0x8e6/0x1320
[  107.439656][ T6408]  ? lock_release+0x201/0x2f0
[  107.439667][ T6408]  ? __pfx_do_xdp_generic+0x10/0x10
[  107.439684][ T6408]  ? mt_find+0x3ef/0xa30
[  107.439703][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  107.439718][ T6408]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  107.439735][ T6408]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  107.439752][ T6408]  ? __skb_flow_dissect+0x11b2/0x7d90
[  107.439764][ T6408]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  107.439779][ T6408]  ? handle_mm_fault+0x200/0xd10
[  107.439795][ T6408]  ? __pfx___skb_flow_dissect+0x10/0x10
[  107.439806][ T6408]  ? lock_release+0x201/0x2f0
[  107.439818][ T6408]  ? do_user_addr_fault+0x843/0x1370
[  107.439838][ T6408]  ? rcu_is_watching+0x12/0xc0
[  107.439854][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  107.439868][ T6408]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  107.439883][ T6408]  ? lock_acquire+0x2cd/0x350
[  107.439896][ T6408]  __netif_receive_skb+0x1d/0x160
[  107.439909][ T6408]  netif_receive_skb+0x137/0x7b0
[  107.439922][ T6408]  ? __pfx_netif_receive_skb+0x10/0x10
[  107.439936][ T6408]  ? __pfx__copy_from_iter+0x10/0x10
[  107.439953][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  107.439971][ T6408]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  107.439988][ T6408]  ? lock_acquire+0x2cd/0x350
[  107.439999][ T6408]  ? tun_get_user+0x1df6/0x3cd0
[  107.440016][ T6408]  ? rcu_is_watching+0x12/0xc0
[  107.440033][ T6408]  tun_get_user+0x28bb/0x3cd0
[  107.440053][ T6408]  ? __pfx_tun_get_user+0x10/0x10
[  107.440072][ T6408]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  107.440092][ T6408]  ? tun_get+0x191/0x370
[  107.440107][ T6408]  ? rcu_is_watching+0x12/0xc0
[  107.440123][ T6408]  ? lock_release+0x201/0x2f0
[  107.440135][ T6408]  tun_chr_write_iter+0xdc/0x210
[  107.440153][ T6408]  vfs_write+0x7d3/0x11d0
[  107.440172][ T6408]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  107.440190][ T6408]  ? __pfx_vfs_write+0x10/0x10
[  107.440207][ T6408]  ? lock_release+0x201/0x2f0
[  107.440221][ T6408]  ksys_write+0x12a/0x250
[  107.440238][ T6408]  ? __pfx_ksys_write+0x10/0x10
[  107.440256][ T6408]  do_syscall_64+0xcd/0x4e0
[  107.440274][ T6408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.440286][ T6408] RIP: 0033:0x7ff08ef8d65f
[  107.440295][ T6408] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  107.440307][ T6408] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  107.440318][ T6408] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  107.440326][ T6408] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  107.440333][ T6408] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  107.440340][ T6408] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  107.440346][ T6408] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  107.440357][ T6408]  </TASK>
[  107.440365][ T6408] BUG: Bad page state in process syz.0.18  pfn:522e3
[  107.575003][ T6408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x522e3
[  107.578570][ T6408] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  107.580848][ T6408] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  107.583558][ T6408] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  107.586093][ T6408] page dumped because: page_pool leak
[  107.588235][ T6408] page_owner tracks the page as allocated
[  107.590184][ T6408] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6408, tgid 6407 (syz.0.18), ts 107353288384, free_ts 104427339598
[  107.596686][ T6408]  post_alloc_hook+0x1c0/0x230
[  107.598576][ T6408]  get_page_from_freelist+0x132b/0x38e0
[  107.600503][ T6408]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  107.602374][ T6408]  alloc_pages_bulk_noprof+0x71c/0x1410
[  107.604080][ T6408]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  107.605892][ T6408]  page_pool_alloc_netmems+0xc4/0x190
[  107.607641][ T6408]  skb_pp_cow_data+0x7c0/0xff0
[  107.609139][ T6408]  skb_cow_data_for_xdp+0x88/0xb0
[  107.610669][ T6408]  do_xdp_generic+0x530/0x1320
[  107.612175][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  107.614486][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  107.616719][ T6408]  __netif_receive_skb+0x1d/0x160
[  107.619254][ T6408]  netif_receive_skb+0x137/0x7b0
[  107.621126][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  107.623338][ T6408]  tun_get_user+0x28bb/0x3cd0
[  107.624855][ T6408]  tun_chr_write_iter+0xdc/0x210
[  107.626455][ T6408] page last free pid 18 tgid 18 stack trace:
[  107.628384][ T6408]  __free_frozen_pages+0x7d5/0x10f0
[  107.630017][ T6408]  tlb_remove_table_rcu+0x116/0x1a0
[  107.632029][ T6408]  rcu_core+0x79c/0x1530
[  107.633595][ T6408]  handle_softirqs+0x216/0x8e0
[  107.635320][ T6408]  __irq_exit_rcu+0x109/0x170
[  107.637124][ T6408]  irq_exit_rcu+0x9/0x30
[  107.638609][ T6408]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  107.640647][ T6408]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  107.643186][ T6408] Modules linked in:
[  107.644757][ T6408] CPU: 2 UID: 0 PID: 6408 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  107.644789][ T6408] Tainted: [B]=BAD_PAGE
[  107.644795][ T6408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  107.644815][ T6408] Call Trace:
[  107.644825][ T6408]  <TASK>
[  107.644834][ T6408]  dump_stack_lvl+0x16c/0x1f0
[  107.644871][ T6408]  bad_page+0xcf/0x220
[  107.644894][ T6408]  ? __pfx_bad_page+0x10/0x10
[  107.644912][ T6408]  ? page_bad_reason+0x9d/0x1f0
[  107.644928][ T6408]  __free_frozen_pages+0x7f7/0x10f0
[  107.644955][ T6408]  ? rcu_is_watching+0x12/0xc0
[  107.644979][ T6408]  page_frag_free+0x27f/0x2e0
[  107.644998][ T6408]  __xdp_return+0x3ab/0xab0
[  107.645016][ T6408]  ? kfree_skbmem+0x1a4/0x1f0
[  107.645036][ T6408]  bpf_xdp_adjust_tail+0x887/0xcb0
[  107.645061][ T6408]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  107.645073][ T6408]  bpf_prog_run_generic_xdp+0x626/0x1530
[  107.645097][ T6408]  do_xdp_generic+0x8e6/0x1320
[  107.645114][ T6408]  ? lock_release+0x201/0x2f0
[  107.645128][ T6408]  ? __pfx_do_xdp_generic+0x10/0x10
[  107.645149][ T6408]  ? mt_find+0x3ef/0xa30
[  107.645171][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  107.645190][ T6408]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  107.645212][ T6408]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  107.645232][ T6408]  ? __skb_flow_dissect+0x11b2/0x7d90
[  107.645247][ T6408]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  107.645264][ T6408]  ? handle_mm_fault+0x200/0xd10
[  107.645284][ T6408]  ? __pfx___skb_flow_dissect+0x10/0x10
[  107.645298][ T6408]  ? lock_release+0x201/0x2f0
[  107.645312][ T6408]  ? do_user_addr_fault+0x843/0x1370
[  107.645331][ T6408]  ? rcu_is_watching+0x12/0xc0
[  107.645351][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  107.645368][ T6408]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  107.645387][ T6408]  ? lock_acquire+0x2cd/0x350
[  107.645402][ T6408]  __netif_receive_skb+0x1d/0x160
[  107.645418][ T6408]  netif_receive_skb+0x137/0x7b0
[  107.645434][ T6408]  ? __pfx_netif_receive_skb+0x10/0x10
[  107.645450][ T6408]  ? __pfx__copy_from_iter+0x10/0x10
[  107.645471][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  107.645494][ T6408]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  107.645515][ T6408]  ? lock_acquire+0x2cd/0x350
[  107.645530][ T6408]  ? tun_get_user+0x1df6/0x3cd0
[  107.645560][ T6408]  ? rcu_is_watching+0x12/0xc0
[  107.645590][ T6408]  tun_get_user+0x28bb/0x3cd0
[  107.645634][ T6408]  ? __pfx_tun_get_user+0x10/0x10
[  107.645666][ T6408]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  107.645699][ T6408]  ? tun_get+0x191/0x370
[  107.645726][ T6408]  ? rcu_is_watching+0x12/0xc0
[  107.645754][ T6408]  ? lock_release+0x201/0x2f0
[  107.645777][ T6408]  tun_chr_write_iter+0xdc/0x210
[  107.645805][ T6408]  vfs_write+0x7d3/0x11d0
[  107.645826][ T6408]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  107.645850][ T6408]  ? __pfx_vfs_write+0x10/0x10
[  107.645870][ T6408]  ? lock_release+0x201/0x2f0
[  107.645887][ T6408]  ksys_write+0x12a/0x250
[  107.645908][ T6408]  ? __pfx_ksys_write+0x10/0x10
[  107.645931][ T6408]  do_syscall_64+0xcd/0x4e0
[  107.645952][ T6408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.645967][ T6408] RIP: 0033:0x7ff08ef8d65f
[  107.645979][ T6408] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  107.645993][ T6408] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  107.646007][ T6408] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  107.646016][ T6408] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  107.646024][ T6408] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  107.646032][ T6408] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  107.646041][ T6408] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  107.646056][ T6408]  </TASK>
[  107.646065][ T6408] BUG: Bad page state in process syz.0.18  pfn:281e0
[  107.788694][ T6408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x281e0
[  107.792640][ T6408] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  107.795567][ T6408] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  107.798980][ T6408] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  107.801663][ T6408] page dumped because: page_pool leak
[  107.803345][ T6408] page_owner tracks the page as allocated
[  107.805170][ T6408] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6408, tgid 6407 (syz.0.18), ts 107353282008, free_ts 104427362213
[  107.810527][ T6408]  post_alloc_hook+0x1c0/0x230
[  107.812234][ T6408]  get_page_from_freelist+0x132b/0x38e0
[  107.814166][ T6408]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  107.816080][ T6408]  alloc_pages_bulk_noprof+0x71c/0x1410
[  107.817799][ T6408]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  107.819651][ T6408]  page_pool_alloc_netmems+0xc4/0x190
[  107.821274][ T6408]  skb_pp_cow_data+0x7c0/0xff0
[  107.822805][ T6408]  skb_cow_data_for_xdp+0x88/0xb0
[  107.824417][ T6408]  do_xdp_generic+0x530/0x1320
[  107.825955][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  107.828534][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  107.831144][ T6408]  __netif_receive_skb+0x1d/0x160
[  107.833236][ T6408]  netif_receive_skb+0x137/0x7b0
[  107.835261][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  107.837423][ T6408]  tun_get_user+0x28bb/0x3cd0
[  107.839361][ T6408]  tun_chr_write_iter+0xdc/0x210
[  107.841406][ T6408] page last free pid 18 tgid 18 stack trace:
[  107.843903][ T6408]  __free_frozen_pages+0x7d5/0x10f0
[  107.846242][ T6408]  tlb_remove_table_rcu+0x116/0x1a0
[  107.849207][ T6408]  rcu_core+0x79c/0x1530
[  107.851479][ T6408]  handle_softirqs+0x216/0x8e0
[  107.853532][ T6408]  __irq_exit_rcu+0x109/0x170
[  107.855552][ T6408]  irq_exit_rcu+0x9/0x30
[  107.857108][ T6408]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  107.859401][ T6408]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  107.861841][ T6408] Modules linked in:
[  107.863477][ T6408] CPU: 2 UID: 0 PID: 6408 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  107.863502][ T6408] Tainted: [B]=BAD_PAGE
[  107.863507][ T6408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  107.863517][ T6408] Call Trace:
[  107.863526][ T6408]  <TASK>
[  107.863534][ T6408]  dump_stack_lvl+0x16c/0x1f0
[  107.863560][ T6408]  bad_page+0xcf/0x220
[  107.863576][ T6408]  ? __pfx_bad_page+0x10/0x10
[  107.863591][ T6408]  ? page_bad_reason+0x9d/0x1f0
[  107.863605][ T6408]  __free_frozen_pages+0x7f7/0x10f0
[  107.863625][ T6408]  ? rcu_is_watching+0x12/0xc0
[  107.863648][ T6408]  page_frag_free+0x27f/0x2e0
[  107.863663][ T6408]  __xdp_return+0x3ab/0xab0
[  107.863678][ T6408]  ? kfree_skbmem+0x1a4/0x1f0
[  107.863695][ T6408]  bpf_xdp_adjust_tail+0x887/0xcb0
[  107.863715][ T6408]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  107.863729][ T6408]  bpf_prog_run_generic_xdp+0x626/0x1530
[  107.863754][ T6408]  do_xdp_generic+0x8e6/0x1320
[  107.863771][ T6408]  ? lock_release+0x201/0x2f0
[  107.863794][ T6408]  ? __pfx_do_xdp_generic+0x10/0x10
[  107.863819][ T6408]  ? mt_find+0x3ef/0xa30
[  107.863843][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  107.863863][ T6408]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  107.863886][ T6408]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  107.863909][ T6408]  ? __skb_flow_dissect+0x11b2/0x7d90
[  107.863926][ T6408]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  107.863944][ T6408]  ? handle_mm_fault+0x200/0xd10
[  107.863967][ T6408]  ? __pfx___skb_flow_dissect+0x10/0x10
[  107.863982][ T6408]  ? lock_release+0x201/0x2f0
[  107.863999][ T6408]  ? do_user_addr_fault+0x843/0x1370
[  107.864019][ T6408]  ? rcu_is_watching+0x12/0xc0
[  107.864041][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  107.864060][ T6408]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  107.864080][ T6408]  ? lock_acquire+0x2cd/0x350
[  107.864098][ T6408]  __netif_receive_skb+0x1d/0x160
[  107.864115][ T6408]  netif_receive_skb+0x137/0x7b0
[  107.864133][ T6408]  ? __pfx_netif_receive_skb+0x10/0x10
[  107.864152][ T6408]  ? __pfx__copy_from_iter+0x10/0x10
[  107.864174][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  107.864197][ T6408]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  107.864221][ T6408]  ? lock_acquire+0x2cd/0x350
[  107.864235][ T6408]  ? tun_get_user+0x1df6/0x3cd0
[  107.864257][ T6408]  ? rcu_is_watching+0x12/0xc0
[  107.864279][ T6408]  tun_get_user+0x28bb/0x3cd0
[  107.864305][ T6408]  ? __pfx_tun_get_user+0x10/0x10
[  107.864329][ T6408]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  107.864355][ T6408]  ? tun_get+0x191/0x370
[  107.864375][ T6408]  ? rcu_is_watching+0x12/0xc0
[  107.864396][ T6408]  ? lock_release+0x201/0x2f0
[  107.864413][ T6408]  tun_chr_write_iter+0xdc/0x210
[  107.864437][ T6408]  vfs_write+0x7d3/0x11d0
[  107.864461][ T6408]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  107.864485][ T6408]  ? __pfx_vfs_write+0x10/0x10
[  107.864508][ T6408]  ? lock_release+0x201/0x2f0
[  107.864527][ T6408]  ksys_write+0x12a/0x250
[  107.864549][ T6408]  ? __pfx_ksys_write+0x10/0x10
[  107.864573][ T6408]  do_syscall_64+0xcd/0x4e0
[  107.864597][ T6408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.864614][ T6408] RIP: 0033:0x7ff08ef8d65f
[  107.864627][ T6408] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  107.864643][ T6408] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  107.864659][ T6408] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  107.864670][ T6408] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  107.864680][ T6408] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  107.864689][ T6408] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  107.864698][ T6408] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  107.864714][ T6408]  </TASK>
[  107.864725][ T6408] BUG: Bad page state in process syz.0.18  pfn:522ea
[  108.009966][ T6408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x522ea
[  108.013512][ T6408] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  108.016295][ T6408] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  108.020129][ T6408] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  108.024032][ T6408] page dumped because: page_pool leak
[  108.026008][ T6408] page_owner tracks the page as allocated
[  108.027842][ T6408] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6408, tgid 6407 (syz.0.18), ts 107353275313, free_ts 104427374002
[  108.033505][ T6408]  post_alloc_hook+0x1c0/0x230
[  108.035682][ T6408]  get_page_from_freelist+0x132b/0x38e0
[  108.038217][ T6408]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  108.040825][ T6408]  alloc_pages_bulk_noprof+0x71c/0x1410
[  108.042871][ T6408]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  108.044704][ T6408]  page_pool_alloc_netmems+0xc4/0x190
[  108.046357][ T6408]  skb_pp_cow_data+0x7c0/0xff0
[  108.048092][ T6408]  skb_cow_data_for_xdp+0x88/0xb0
[  108.049608][ T6408]  do_xdp_generic+0x530/0x1320
[  108.051102][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  108.053980][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  108.056368][ T6408]  __netif_receive_skb+0x1d/0x160
[  108.058201][ T6408]  netif_receive_skb+0x137/0x7b0
[  108.059813][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  108.061945][ T6408]  tun_get_user+0x28bb/0x3cd0
[  108.063860][ T6408]  tun_chr_write_iter+0xdc/0x210
[  108.065863][ T6408] page last free pid 18 tgid 18 stack trace:
[  108.068476][ T6408]  __free_frozen_pages+0x7d5/0x10f0
[  108.070944][ T6408]  tlb_remove_table_rcu+0x116/0x1a0
[  108.073771][ T6408]  rcu_core+0x79c/0x1530
[  108.075565][ T6408]  handle_softirqs+0x216/0x8e0
[  108.077676][ T6408]  __irq_exit_rcu+0x109/0x170
[  108.079708][ T6408]  irq_exit_rcu+0x9/0x30
[  108.081603][ T6408]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  108.083854][ T6408]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  108.086107][ T6408] Modules linked in:
[  108.087371][ T6408] CPU: 2 UID: 0 PID: 6408 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  108.087411][ T6408] Tainted: [B]=BAD_PAGE
[  108.087416][ T6408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  108.087427][ T6408] Call Trace:
[  108.087434][ T6408]  <TASK>
[  108.087441][ T6408]  dump_stack_lvl+0x16c/0x1f0
[  108.087462][ T6408]  bad_page+0xcf/0x220
[  108.087473][ T6408]  ? __pfx_bad_page+0x10/0x10
[  108.087483][ T6408]  ? page_bad_reason+0x9d/0x1f0
[  108.087493][ T6408]  __free_frozen_pages+0x7f7/0x10f0
[  108.087507][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.087524][ T6408]  page_frag_free+0x27f/0x2e0
[  108.087534][ T6408]  __xdp_return+0x3ab/0xab0
[  108.087545][ T6408]  ? kfree_skbmem+0x1a4/0x1f0
[  108.087556][ T6408]  bpf_xdp_adjust_tail+0x887/0xcb0
[  108.087569][ T6408]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  108.087578][ T6408]  bpf_prog_run_generic_xdp+0x626/0x1530
[  108.087594][ T6408]  do_xdp_generic+0x8e6/0x1320
[  108.087607][ T6408]  ? lock_release+0x201/0x2f0
[  108.087618][ T6408]  ? __pfx_do_xdp_generic+0x10/0x10
[  108.087634][ T6408]  ? mt_find+0x3ef/0xa30
[  108.087651][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  108.087666][ T6408]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  108.087682][ T6408]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  108.087698][ T6408]  ? __skb_flow_dissect+0x11b2/0x7d90
[  108.087710][ T6408]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  108.087724][ T6408]  ? handle_mm_fault+0x200/0xd10
[  108.087740][ T6408]  ? __pfx___skb_flow_dissect+0x10/0x10
[  108.087750][ T6408]  ? lock_release+0x201/0x2f0
[  108.087761][ T6408]  ? do_user_addr_fault+0x843/0x1370
[  108.087777][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.087797][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  108.087810][ T6408]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  108.087825][ T6408]  ? lock_acquire+0x2cd/0x350
[  108.087836][ T6408]  __netif_receive_skb+0x1d/0x160
[  108.087848][ T6408]  netif_receive_skb+0x137/0x7b0
[  108.087861][ T6408]  ? __pfx_netif_receive_skb+0x10/0x10
[  108.087874][ T6408]  ? __pfx__copy_from_iter+0x10/0x10
[  108.087890][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  108.087908][ T6408]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  108.087925][ T6408]  ? lock_acquire+0x2cd/0x350
[  108.087935][ T6408]  ? tun_get_user+0x1df6/0x3cd0
[  108.087951][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.087967][ T6408]  tun_get_user+0x28bb/0x3cd0
[  108.087986][ T6408]  ? __pfx_tun_get_user+0x10/0x10
[  108.088003][ T6408]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  108.088021][ T6408]  ? tun_get+0x191/0x370
[  108.088035][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.088050][ T6408]  ? lock_release+0x201/0x2f0
[  108.088061][ T6408]  tun_chr_write_iter+0xdc/0x210
[  108.088079][ T6408]  vfs_write+0x7d3/0x11d0
[  108.088096][ T6408]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  108.088113][ T6408]  ? __pfx_vfs_write+0x10/0x10
[  108.088129][ T6408]  ? lock_release+0x201/0x2f0
[  108.088143][ T6408]  ksys_write+0x12a/0x250
[  108.088158][ T6408]  ? __pfx_ksys_write+0x10/0x10
[  108.088177][ T6408]  do_syscall_64+0xcd/0x4e0
[  108.088193][ T6408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.088204][ T6408] RIP: 0033:0x7ff08ef8d65f
[  108.088213][ T6408] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  108.088224][ T6408] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  108.088235][ T6408] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  108.088242][ T6408] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  108.088249][ T6408] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  108.088256][ T6408] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  108.088262][ T6408] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  108.088272][ T6408]  </TASK>
[  108.088279][ T6408] BUG: Bad page state in process syz.0.18  pfn:522e4
[  108.245180][ T6408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x522e4
[  108.249142][ T6408] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  108.252286][ T6408] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  108.256226][ T6408] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  108.259793][ T6408] page dumped because: page_pool leak
[  108.261729][ T6408] page_owner tracks the page as allocated
[  108.263690][ T6408] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6408, tgid 6407 (syz.0.18), ts 107353269150, free_ts 104427397177
[  108.270879][ T6408]  post_alloc_hook+0x1c0/0x230
[  108.272996][ T6408]  get_page_from_freelist+0x132b/0x38e0
[  108.275311][ T6408]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  108.277708][ T6408]  alloc_pages_bulk_noprof+0x71c/0x1410
[  108.279810][ T6408]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  108.282049][ T6408]  page_pool_alloc_netmems+0xc4/0x190
[  108.284414][ T6408]  skb_pp_cow_data+0x7c0/0xff0
[  108.286480][ T6408]  skb_cow_data_for_xdp+0x88/0xb0
[  108.288970][ T6408]  do_xdp_generic+0x530/0x1320
[  108.291284][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  108.293861][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  108.296105][ T6408]  __netif_receive_skb+0x1d/0x160
[  108.298130][ T6408]  netif_receive_skb+0x137/0x7b0
[  108.300032][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  108.301987][ T6408]  tun_get_user+0x28bb/0x3cd0
[  108.304166][ T6408]  tun_chr_write_iter+0xdc/0x210
[  108.306696][ T6408] page last free pid 18 tgid 18 stack trace:
[  108.309345][ T6408]  __free_frozen_pages+0x7d5/0x10f0
[  108.311491][ T6408]  tlb_remove_table_rcu+0x116/0x1a0
[  108.313666][ T6408]  rcu_core+0x79c/0x1530
[  108.315523][ T6408]  handle_softirqs+0x216/0x8e0
[  108.317421][ T6408]  __irq_exit_rcu+0x109/0x170
[  108.319102][ T6408]  irq_exit_rcu+0x9/0x30
[  108.320540][ T6408]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  108.322654][ T6408]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  108.325483][ T6408] Modules linked in:
[  108.327449][ T6408] CPU: 2 UID: 0 PID: 6408 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  108.327485][ T6408] Tainted: [B]=BAD_PAGE
[  108.327493][ T6408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  108.327507][ T6408] Call Trace:
[  108.327517][ T6408]  <TASK>
[  108.327527][ T6408]  dump_stack_lvl+0x16c/0x1f0
[  108.327564][ T6408]  bad_page+0xcf/0x220
[  108.327586][ T6408]  ? __pfx_bad_page+0x10/0x10
[  108.327609][ T6408]  ? page_bad_reason+0x9d/0x1f0
[  108.327631][ T6408]  __free_frozen_pages+0x7f7/0x10f0
[  108.327661][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.327696][ T6408]  page_frag_free+0x27f/0x2e0
[  108.327717][ T6408]  __xdp_return+0x3ab/0xab0
[  108.327739][ T6408]  ? kfree_skbmem+0x1a4/0x1f0
[  108.327770][ T6408]  bpf_xdp_adjust_tail+0x887/0xcb0
[  108.327813][ T6408]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  108.327832][ T6408]  bpf_prog_run_generic_xdp+0x626/0x1530
[  108.327867][ T6408]  do_xdp_generic+0x8e6/0x1320
[  108.327892][ T6408]  ? lock_release+0x201/0x2f0
[  108.327914][ T6408]  ? __pfx_do_xdp_generic+0x10/0x10
[  108.327950][ T6408]  ? mt_find+0x3ef/0xa30
[  108.327985][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  108.328015][ T6408]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  108.328050][ T6408]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  108.328083][ T6408]  ? __skb_flow_dissect+0x11b2/0x7d90
[  108.328107][ T6408]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  108.328136][ T6408]  ? handle_mm_fault+0x200/0xd10
[  108.328169][ T6408]  ? __pfx___skb_flow_dissect+0x10/0x10
[  108.328192][ T6408]  ? lock_release+0x201/0x2f0
[  108.328216][ T6408]  ? do_user_addr_fault+0x843/0x1370
[  108.328245][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.328278][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  108.328305][ T6408]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  108.328336][ T6408]  ? lock_acquire+0x2cd/0x350
[  108.328361][ T6408]  __netif_receive_skb+0x1d/0x160
[  108.328387][ T6408]  netif_receive_skb+0x137/0x7b0
[  108.328413][ T6408]  ? __pfx_netif_receive_skb+0x10/0x10
[  108.328440][ T6408]  ? __pfx__copy_from_iter+0x10/0x10
[  108.328472][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  108.328517][ T6408]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  108.328554][ T6408]  ? lock_acquire+0x2cd/0x350
[  108.328575][ T6408]  ? tun_get_user+0x1df6/0x3cd0
[  108.328608][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.328642][ T6408]  tun_get_user+0x28bb/0x3cd0
[  108.328681][ T6408]  ? __pfx_tun_get_user+0x10/0x10
[  108.328716][ T6408]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  108.328752][ T6408]  ? tun_get+0x191/0x370
[  108.328781][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.328818][ T6408]  ? lock_release+0x201/0x2f0
[  108.328844][ T6408]  tun_chr_write_iter+0xdc/0x210
[  108.328880][ T6408]  vfs_write+0x7d3/0x11d0
[  108.328915][ T6408]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  108.329033][ T6408]  ? __pfx_vfs_write+0x10/0x10
[  108.329069][ T6408]  ? lock_release+0x201/0x2f0
[  108.329093][ T6408]  ksys_write+0x12a/0x250
[  108.329117][ T6408]  ? __pfx_ksys_write+0x10/0x10
[  108.329143][ T6408]  do_syscall_64+0xcd/0x4e0
[  108.329270][ T6408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.329373][ T6408] RIP: 0033:0x7ff08ef8d65f
[  108.329389][ T6408] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  108.329406][ T6408] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  108.329423][ T6408] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  108.329435][ T6408] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  108.329445][ T6408] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  108.329454][ T6408] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  108.329461][ T6408] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  108.329471][ T6408]  </TASK>
[  108.329482][ T6408] BUG: Bad page state in process syz.0.18  pfn:522e5
[  108.471142][ T6408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x522e5
[  108.474595][ T6408] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  108.477711][ T6408] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  108.481254][ T6408] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  108.484876][ T6408] page dumped because: page_pool leak
[  108.487403][ T6408] page_owner tracks the page as allocated
[  108.490003][ T6408] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6408, tgid 6407 (syz.0.18), ts 107353263138, free_ts 104427440719
[  108.496953][ T6408]  post_alloc_hook+0x1c0/0x230
[  108.498866][ T6408]  get_page_from_freelist+0x132b/0x38e0
[  108.501076][ T6408]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  108.503492][ T6408]  alloc_pages_bulk_noprof+0x71c/0x1410
[  108.505681][ T6408]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  108.509478][ T6408]  page_pool_alloc_netmems+0xc4/0x190
[  108.512428][ T6408]  skb_pp_cow_data+0x7c0/0xff0
[  108.514714][ T6408]  skb_cow_data_for_xdp+0x88/0xb0
[  108.516974][ T6408]  do_xdp_generic+0x530/0x1320
[  108.518805][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  108.521425][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  108.523691][ T6408]  __netif_receive_skb+0x1d/0x160
[  108.525620][ T6408]  netif_receive_skb+0x137/0x7b0
[  108.527635][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  108.529530][ T6408]  tun_get_user+0x28bb/0x3cd0
[  108.531049][ T6408]  tun_chr_write_iter+0xdc/0x210
[  108.533170][ T6408] page last free pid 18 tgid 18 stack trace:
[  108.535701][ T6408]  __free_frozen_pages+0x7d5/0x10f0
[  108.538059][ T6408]  tlb_remove_table_rcu+0x116/0x1a0
[  108.540584][ T6408]  rcu_core+0x79c/0x1530
[  108.542113][ T6408]  handle_softirqs+0x216/0x8e0
[  108.543881][ T6408]  __irq_exit_rcu+0x109/0x170
[  108.545460][ T6408]  irq_exit_rcu+0x9/0x30
[  108.546770][ T6408]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  108.548650][ T6408]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  108.550537][ T6408] Modules linked in:
[  108.551931][ T6408] CPU: 2 UID: 0 PID: 6408 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  108.551953][ T6408] Tainted: [B]=BAD_PAGE
[  108.551958][ T6408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  108.551965][ T6408] Call Trace:
[  108.551970][ T6408]  <TASK>
[  108.551977][ T6408]  dump_stack_lvl+0x16c/0x1f0
[  108.551998][ T6408]  bad_page+0xcf/0x220
[  108.552011][ T6408]  ? __pfx_bad_page+0x10/0x10
[  108.552022][ T6408]  ? page_bad_reason+0x9d/0x1f0
[  108.552035][ T6408]  __free_frozen_pages+0x7f7/0x10f0
[  108.552052][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.552072][ T6408]  page_frag_free+0x27f/0x2e0
[  108.552089][ T6408]  __xdp_return+0x3ab/0xab0
[  108.552101][ T6408]  ? kfree_skbmem+0x1a4/0x1f0
[  108.552116][ T6408]  bpf_xdp_adjust_tail+0x887/0xcb0
[  108.552133][ T6408]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  108.552144][ T6408]  bpf_prog_run_generic_xdp+0x626/0x1530
[  108.552164][ T6408]  do_xdp_generic+0x8e6/0x1320
[  108.552179][ T6408]  ? lock_release+0x201/0x2f0
[  108.552192][ T6408]  ? __pfx_do_xdp_generic+0x10/0x10
[  108.552211][ T6408]  ? mt_find+0x3ef/0xa30
[  108.552233][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  108.552250][ T6408]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  108.552270][ T6408]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  108.552289][ T6408]  ? __skb_flow_dissect+0x11b2/0x7d90
[  108.552304][ T6408]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  108.552320][ T6408]  ? handle_mm_fault+0x200/0xd10
[  108.552339][ T6408]  ? __pfx___skb_flow_dissect+0x10/0x10
[  108.552352][ T6408]  ? lock_release+0x201/0x2f0
[  108.552365][ T6408]  ? do_user_addr_fault+0x843/0x1370
[  108.552383][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.552402][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  108.552417][ T6408]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  108.552435][ T6408]  ? lock_acquire+0x2cd/0x350
[  108.552449][ T6408]  __netif_receive_skb+0x1d/0x160
[  108.552464][ T6408]  netif_receive_skb+0x137/0x7b0
[  108.552478][ T6408]  ? __pfx_netif_receive_skb+0x10/0x10
[  108.552494][ T6408]  ? __pfx__copy_from_iter+0x10/0x10
[  108.552513][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  108.552534][ T6408]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  108.552554][ T6408]  ? lock_acquire+0x2cd/0x350
[  108.552567][ T6408]  ? tun_get_user+0x1df6/0x3cd0
[  108.552586][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.552605][ T6408]  tun_get_user+0x28bb/0x3cd0
[  108.552628][ T6408]  ? __pfx_tun_get_user+0x10/0x10
[  108.552648][ T6408]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  108.552669][ T6408]  ? tun_get+0x191/0x370
[  108.552687][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.552705][ T6408]  ? lock_release+0x201/0x2f0
[  108.552719][ T6408]  tun_chr_write_iter+0xdc/0x210
[  108.552740][ T6408]  vfs_write+0x7d3/0x11d0
[  108.552759][ T6408]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  108.552780][ T6408]  ? __pfx_vfs_write+0x10/0x10
[  108.552800][ T6408]  ? lock_release+0x201/0x2f0
[  108.552816][ T6408]  ksys_write+0x12a/0x250
[  108.552836][ T6408]  ? __pfx_ksys_write+0x10/0x10
[  108.552858][ T6408]  do_syscall_64+0xcd/0x4e0
[  108.552878][ T6408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.552891][ T6408] RIP: 0033:0x7ff08ef8d65f
[  108.552902][ T6408] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  108.552916][ T6408] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  108.552929][ T6408] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  108.552937][ T6408] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  108.552945][ T6408] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  108.552953][ T6408] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  108.552961][ T6408] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  108.552973][ T6408]  </TASK>
[  108.552982][ T6408] BUG: Bad page state in process syz.0.18  pfn:522e6
[  108.694302][ T6408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x522e6
[  108.697730][ T6408] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  108.700612][ T6408] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  108.705215][ T6408] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  108.709123][ T6408] page dumped because: page_pool leak
[  108.711253][ T6408] page_owner tracks the page as allocated
[  108.713541][ T6408] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6408, tgid 6407 (syz.0.18), ts 107353257015, free_ts 104427464088
[  108.719962][ T6408]  post_alloc_hook+0x1c0/0x230
[  108.722058][ T6408]  get_page_from_freelist+0x132b/0x38e0
[  108.724444][ T6408]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  108.727141][ T6408]  alloc_pages_bulk_noprof+0x71c/0x1410
[  108.729621][ T6408]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  108.732047][ T6408]  page_pool_alloc_netmems+0xc4/0x190
[  108.733795][ T6408]  skb_pp_cow_data+0x7c0/0xff0
[  108.735198][ T6408]  skb_cow_data_for_xdp+0x88/0xb0
[  108.736691][ T6408]  do_xdp_generic+0x530/0x1320
[  108.738244][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  108.740611][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  108.742929][ T6408]  __netif_receive_skb+0x1d/0x160
[  108.744937][ T6408]  netif_receive_skb+0x137/0x7b0
[  108.747201][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  108.749867][ T6408]  tun_get_user+0x28bb/0x3cd0
[  108.751357][ T6408]  tun_chr_write_iter+0xdc/0x210
[  108.753222][ T6408] page last free pid 18 tgid 18 stack trace:
[  108.755416][ T6408]  __free_frozen_pages+0x7d5/0x10f0
[  108.757128][ T6408]  tlb_remove_table_rcu+0x116/0x1a0
[  108.759031][ T6408]  rcu_core+0x79c/0x1530
[  108.760777][ T6408]  handle_softirqs+0x216/0x8e0
[  108.762851][ T6408]  __irq_exit_rcu+0x109/0x170
[  108.764847][ T6408]  irq_exit_rcu+0x9/0x30
[  108.766946][ T6408]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  108.769303][ T6408]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  108.771684][ T6408] Modules linked in:
[  108.773414][ T6408] CPU: 2 UID: 0 PID: 6408 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  108.773441][ T6408] Tainted: [B]=BAD_PAGE
[  108.773448][ T6408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  108.773459][ T6408] Call Trace:
[  108.773468][ T6408]  <TASK>
[  108.773477][ T6408]  dump_stack_lvl+0x16c/0x1f0
[  108.773505][ T6408]  bad_page+0xcf/0x220
[  108.773523][ T6408]  ? __pfx_bad_page+0x10/0x10
[  108.773539][ T6408]  ? page_bad_reason+0x9d/0x1f0
[  108.773556][ T6408]  __free_frozen_pages+0x7f7/0x10f0
[  108.773577][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.773603][ T6408]  page_frag_free+0x27f/0x2e0
[  108.773619][ T6408]  __xdp_return+0x3ab/0xab0
[  108.773636][ T6408]  ? kfree_skbmem+0x1a4/0x1f0
[  108.773654][ T6408]  bpf_xdp_adjust_tail+0x887/0xcb0
[  108.773676][ T6408]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  108.773690][ T6408]  bpf_prog_run_generic_xdp+0x626/0x1530
[  108.773717][ T6408]  do_xdp_generic+0x8e6/0x1320
[  108.773737][ T6408]  ? lock_release+0x201/0x2f0
[  108.773755][ T6408]  ? __pfx_do_xdp_generic+0x10/0x10
[  108.773781][ T6408]  ? mt_find+0x3ef/0xa30
[  108.773808][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  108.773830][ T6408]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  108.773856][ T6408]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  108.773887][ T6408]  ? __skb_flow_dissect+0x11b2/0x7d90
[  108.773907][ T6408]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  108.773927][ T6408]  ? handle_mm_fault+0x200/0xd10
[  108.773951][ T6408]  ? __pfx___skb_flow_dissect+0x10/0x10
[  108.773968][ T6408]  ? lock_release+0x201/0x2f0
[  108.773987][ T6408]  ? do_user_addr_fault+0x843/0x1370
[  108.774009][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.774034][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  108.774055][ T6408]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  108.774077][ T6408]  ? lock_acquire+0x2cd/0x350
[  108.774096][ T6408]  __netif_receive_skb+0x1d/0x160
[  108.774115][ T6408]  netif_receive_skb+0x137/0x7b0
[  108.774134][ T6408]  ? __pfx_netif_receive_skb+0x10/0x10
[  108.774155][ T6408]  ? __pfx__copy_from_iter+0x10/0x10
[  108.774181][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  108.774208][ T6408]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  108.774234][ T6408]  ? lock_acquire+0x2cd/0x350
[  108.774251][ T6408]  ? tun_get_user+0x1df6/0x3cd0
[  108.774275][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.774299][ T6408]  tun_get_user+0x28bb/0x3cd0
[  108.774329][ T6408]  ? __pfx_tun_get_user+0x10/0x10
[  108.774356][ T6408]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  108.774382][ T6408]  ? tun_get+0x191/0x370
[  108.774403][ T6408]  ? rcu_is_watching+0x12/0xc0
[  108.774426][ T6408]  ? lock_release+0x201/0x2f0
[  108.774445][ T6408]  tun_chr_write_iter+0xdc/0x210
[  108.774472][ T6408]  vfs_write+0x7d3/0x11d0
[  108.774498][ T6408]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  108.774525][ T6408]  ? __pfx_vfs_write+0x10/0x10
[  108.774551][ T6408]  ? lock_release+0x201/0x2f0
[  108.774573][ T6408]  ksys_write+0x12a/0x250
[  108.774596][ T6408]  ? __pfx_ksys_write+0x10/0x10
[  108.774624][ T6408]  do_syscall_64+0xcd/0x4e0
[  108.774649][ T6408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.774668][ T6408] RIP: 0033:0x7ff08ef8d65f
[  108.774683][ T6408] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  108.774700][ T6408] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  108.774717][ T6408] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  108.774729][ T6408] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  108.774740][ T6408] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  108.774751][ T6408] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  108.774761][ T6408] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  108.774778][ T6408]  </TASK>
[  108.774789][ T6408] BUG: Bad page state in process syz.0.18  pfn:522e7
[  108.932522][ T6408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x522e7
[  108.935236][ T6408] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  108.937847][ T6408] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  108.940975][ T6408] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  108.943649][ T6408] page dumped because: page_pool leak
[  108.945354][ T6408] page_owner tracks the page as allocated
[  108.947290][ T6408] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6408, tgid 6407 (syz.0.18), ts 107353250376, free_ts 104427486595
[  108.952591][ T6408]  post_alloc_hook+0x1c0/0x230
[  108.954401][ T6408]  get_page_from_freelist+0x132b/0x38e0
[  108.956698][ T6408]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  108.959079][ T6408]  alloc_pages_bulk_noprof+0x71c/0x1410
[  108.961253][ T6408]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  108.963717][ T6408]  page_pool_alloc_netmems+0xc4/0x190
[  108.965753][ T6408]  skb_pp_cow_data+0x7c0/0xff0
[  108.967753][ T6408]  skb_cow_data_for_xdp+0x88/0xb0
[  108.969510][ T6408]  do_xdp_generic+0x530/0x1320
[  108.971014][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  108.973190][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  108.975076][ T6408]  __netif_receive_skb+0x1d/0x160
[  108.977108][ T6408]  netif_receive_skb+0x137/0x7b0
[  108.979166][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  108.981290][ T6408]  tun_get_user+0x28bb/0x3cd0
[  108.983711][ T6408]  tun_chr_write_iter+0xdc/0x210
[  108.985785][ T6408] page last free pid 18 tgid 18 stack trace:
[  108.988385][ T6408]  __free_frozen_pages+0x7d5/0x10f0
[  108.990719][ T6408]  tlb_remove_table_rcu+0x116/0x1a0
[  108.992868][ T6408]  rcu_core+0x79c/0x1530
[  108.994811][ T6408]  handle_softirqs+0x216/0x8e0
[  108.997202][ T6408]  __irq_exit_rcu+0x109/0x170
[  108.999475][ T6408]  irq_exit_rcu+0x9/0x30
[  109.001269][ T6408]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  109.003611][ T6408]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  109.006213][ T6408] Modules linked in:
[  109.007640][ T6408] CPU: 2 UID: 0 PID: 6408 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  109.007658][ T6408] Tainted: [B]=BAD_PAGE
[  109.007661][ T6408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  109.007668][ T6408] Call Trace:
[  109.007672][ T6408]  <TASK>
[  109.007677][ T6408]  dump_stack_lvl+0x16c/0x1f0
[  109.007696][ T6408]  bad_page+0xcf/0x220
[  109.007707][ T6408]  ? __pfx_bad_page+0x10/0x10
[  109.007717][ T6408]  ? page_bad_reason+0x9d/0x1f0
[  109.007727][ T6408]  __free_frozen_pages+0x7f7/0x10f0
[  109.007742][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.007759][ T6408]  page_frag_free+0x27f/0x2e0
[  109.007769][ T6408]  __xdp_return+0x3ab/0xab0
[  109.007780][ T6408]  ? kfree_skbmem+0x1a4/0x1f0
[  109.007792][ T6408]  bpf_xdp_adjust_tail+0x887/0xcb0
[  109.007805][ T6408]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  109.007814][ T6408]  bpf_prog_run_generic_xdp+0x626/0x1530
[  109.007831][ T6408]  do_xdp_generic+0x8e6/0x1320
[  109.007844][ T6408]  ? lock_release+0x201/0x2f0
[  109.007855][ T6408]  ? __pfx_do_xdp_generic+0x10/0x10
[  109.007875][ T6408]  ? mt_find+0x3ef/0xa30
[  109.007893][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  109.007908][ T6408]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  109.007924][ T6408]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  109.007940][ T6408]  ? __skb_flow_dissect+0x11b2/0x7d90
[  109.007952][ T6408]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  109.007966][ T6408]  ? handle_mm_fault+0x200/0xd10
[  109.007981][ T6408]  ? __pfx___skb_flow_dissect+0x10/0x10
[  109.007992][ T6408]  ? lock_release+0x201/0x2f0
[  109.008003][ T6408]  ? do_user_addr_fault+0x843/0x1370
[  109.008018][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.008033][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  109.008046][ T6408]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  109.008061][ T6408]  ? lock_acquire+0x2cd/0x350
[  109.008072][ T6408]  __netif_receive_skb+0x1d/0x160
[  109.008085][ T6408]  netif_receive_skb+0x137/0x7b0
[  109.008097][ T6408]  ? __pfx_netif_receive_skb+0x10/0x10
[  109.008110][ T6408]  ? __pfx__copy_from_iter+0x10/0x10
[  109.008128][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  109.008145][ T6408]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  109.008161][ T6408]  ? lock_acquire+0x2cd/0x350
[  109.008171][ T6408]  ? tun_get_user+0x1df6/0x3cd0
[  109.008187][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.008203][ T6408]  tun_get_user+0x28bb/0x3cd0
[  109.008222][ T6408]  ? __pfx_tun_get_user+0x10/0x10
[  109.008239][ T6408]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  109.008256][ T6408]  ? tun_get+0x191/0x370
[  109.008271][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.008286][ T6408]  ? lock_release+0x201/0x2f0
[  109.008297][ T6408]  tun_chr_write_iter+0xdc/0x210
[  109.008314][ T6408]  vfs_write+0x7d3/0x11d0
[  109.008332][ T6408]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  109.008349][ T6408]  ? __pfx_vfs_write+0x10/0x10
[  109.008365][ T6408]  ? lock_release+0x201/0x2f0
[  109.008378][ T6408]  ksys_write+0x12a/0x250
[  109.008394][ T6408]  ? __pfx_ksys_write+0x10/0x10
[  109.008412][ T6408]  do_syscall_64+0xcd/0x4e0
[  109.008428][ T6408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.008439][ T6408] RIP: 0033:0x7ff08ef8d65f
[  109.008449][ T6408] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  109.008460][ T6408] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  109.008470][ T6408] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  109.008477][ T6408] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  109.008483][ T6408] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  109.008490][ T6408] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  109.008496][ T6408] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  109.008506][ T6408]  </TASK>
[  109.008513][ T6408] BUG: Bad page state in process syz.0.18  pfn:522ec
[  109.155675][ T6408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x522ec
[  109.158558][ T6408] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  109.161063][ T6408] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  109.164592][ T6408] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  109.168366][ T6408] page dumped because: page_pool leak
[  109.170120][ T6408] page_owner tracks the page as allocated
[  109.171908][ T6408] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6408, tgid 6407 (syz.0.18), ts 107353243970, free_ts 104427507959
[  109.177559][ T6408]  post_alloc_hook+0x1c0/0x230
[  109.179213][ T6408]  get_page_from_freelist+0x132b/0x38e0
[  109.180916][ T6408]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  109.182770][ T6408]  alloc_pages_bulk_noprof+0x71c/0x1410
[  109.184472][ T6408]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  109.186363][ T6408]  page_pool_alloc_netmems+0xc4/0x190
[  109.188360][ T6408]  skb_pp_cow_data+0x7c0/0xff0
[  109.190422][ T6408]  skb_cow_data_for_xdp+0x88/0xb0
[  109.192426][ T6408]  do_xdp_generic+0x530/0x1320
[  109.194522][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  109.197582][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  109.199493][ T6408]  __netif_receive_skb+0x1d/0x160
[  109.201205][ T6408]  netif_receive_skb+0x137/0x7b0
[  109.203088][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  109.204732][ T6408]  tun_get_user+0x28bb/0x3cd0
[  109.206391][ T6408]  tun_chr_write_iter+0xdc/0x210
[  109.208470][ T6408] page last free pid 18 tgid 18 stack trace:
[  109.210761][ T6408]  __free_frozen_pages+0x7d5/0x10f0
[  109.213032][ T6408]  tlb_remove_table_rcu+0x116/0x1a0
[  109.215160][ T6408]  rcu_core+0x79c/0x1530
[  109.216942][ T6408]  handle_softirqs+0x216/0x8e0
[  109.218913][ T6408]  __irq_exit_rcu+0x109/0x170
[  109.220842][ T6408]  irq_exit_rcu+0x9/0x30
[  109.222529][ T6408]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  109.224983][ T6408]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  109.227446][ T5300] Bluetooth: hci0: command tx timeout
[  109.227748][ T6408] Modules linked in:
[  109.231798][ T6408] CPU: 2 UID: 0 PID: 6408 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  109.231840][ T6408] Tainted: [B]=BAD_PAGE
[  109.231847][ T6408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  109.231857][ T6408] Call Trace:
[  109.231866][ T6408]  <TASK>
[  109.231876][ T6408]  dump_stack_lvl+0x16c/0x1f0
[  109.231910][ T6408]  bad_page+0xcf/0x220
[  109.231928][ T6408]  ? __pfx_bad_page+0x10/0x10
[  109.231944][ T6408]  ? page_bad_reason+0x9d/0x1f0
[  109.231961][ T6408]  __free_frozen_pages+0x7f7/0x10f0
[  109.231981][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.232006][ T6408]  page_frag_free+0x27f/0x2e0
[  109.232022][ T6408]  __xdp_return+0x3ab/0xab0
[  109.232039][ T6408]  ? kfree_skbmem+0x1a4/0x1f0
[  109.232058][ T6408]  bpf_xdp_adjust_tail+0x887/0xcb0
[  109.232079][ T6408]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  109.232095][ T6408]  bpf_prog_run_generic_xdp+0x626/0x1530
[  109.232118][ T6408]  do_xdp_generic+0x8e6/0x1320
[  109.232135][ T6408]  ? lock_release+0x201/0x2f0
[  109.232153][ T6408]  ? __pfx_do_xdp_generic+0x10/0x10
[  109.232178][ T6408]  ? mt_find+0x3ef/0xa30
[  109.232204][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  109.232224][ T6408]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  109.232259][ T6408]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  109.232284][ T6408]  ? __skb_flow_dissect+0x11b2/0x7d90
[  109.232302][ T6408]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  109.232323][ T6408]  ? handle_mm_fault+0x200/0xd10
[  109.232348][ T6408]  ? __pfx___skb_flow_dissect+0x10/0x10
[  109.232363][ T6408]  ? lock_release+0x201/0x2f0
[  109.232381][ T6408]  ? do_user_addr_fault+0x843/0x1370
[  109.232405][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.232427][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  109.232447][ T6408]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  109.232469][ T6408]  ? lock_acquire+0x2cd/0x350
[  109.232486][ T6408]  __netif_receive_skb+0x1d/0x160
[  109.232506][ T6408]  netif_receive_skb+0x137/0x7b0
[  109.232526][ T6408]  ? __pfx_netif_receive_skb+0x10/0x10
[  109.232544][ T6408]  ? __pfx__copy_from_iter+0x10/0x10
[  109.232569][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  109.232595][ T6408]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  109.232620][ T6408]  ? lock_acquire+0x2cd/0x350
[  109.232636][ T6408]  ? tun_get_user+0x1df6/0x3cd0
[  109.232658][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.232682][ T6408]  tun_get_user+0x28bb/0x3cd0
[  109.232711][ T6408]  ? __pfx_tun_get_user+0x10/0x10
[  109.232733][ T6408]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  109.232760][ T6408]  ? tun_get+0x191/0x370
[  109.232781][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.232803][ T6408]  ? lock_release+0x201/0x2f0
[  109.232821][ T6408]  tun_chr_write_iter+0xdc/0x210
[  109.232846][ T6408]  vfs_write+0x7d3/0x11d0
[  109.232872][ T6408]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  109.232898][ T6408]  ? __pfx_vfs_write+0x10/0x10
[  109.232921][ T6408]  ? lock_release+0x201/0x2f0
[  109.232941][ T6408]  ksys_write+0x12a/0x250
[  109.232964][ T6408]  ? __pfx_ksys_write+0x10/0x10
[  109.232989][ T6408]  do_syscall_64+0xcd/0x4e0
[  109.233015][ T6408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.233031][ T6408] RIP: 0033:0x7ff08ef8d65f
[  109.233047][ T6408] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  109.233063][ T6408] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  109.233081][ T6408] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  109.233091][ T6408] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  109.233101][ T6408] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  109.233124][ T6408] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  109.233135][ T6408] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  109.233150][ T6408]  </TASK>
[  109.233181][ T6408] BUG: Bad page state in process syz.0.18  pfn:522ed
[  109.393492][ T6408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x522ed
[  109.396152][ T6408] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  109.399255][ T6408] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  109.403723][ T6408] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  109.407083][ T6408] page dumped because: page_pool leak
[  109.409077][ T6408] page_owner tracks the page as allocated
[  109.411173][ T6408] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6408, tgid 6407 (syz.0.18), ts 107353238162, free_ts 104427529432
[  109.417416][ T6408]  post_alloc_hook+0x1c0/0x230
[  109.419155][ T6408]  get_page_from_freelist+0x132b/0x38e0
[  109.421190][ T6408]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  109.423463][ T6408]  alloc_pages_bulk_noprof+0x71c/0x1410
[  109.425600][ T6408]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  109.427826][ T6408]  page_pool_alloc_netmems+0xc4/0x190
[  109.429833][ T6408]  skb_pp_cow_data+0x7c0/0xff0
[  109.431713][ T6408]  skb_cow_data_for_xdp+0x88/0xb0
[  109.433764][ T6408]  do_xdp_generic+0x530/0x1320
[  109.435948][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  109.438838][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  109.441554][ T6408]  __netif_receive_skb+0x1d/0x160
[  109.443926][ T6408]  netif_receive_skb+0x137/0x7b0
[  109.446307][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  109.448248][ T6408]  tun_get_user+0x28bb/0x3cd0
[  109.450054][ T6408]  tun_chr_write_iter+0xdc/0x210
[  109.451971][ T6408] page last free pid 18 tgid 18 stack trace:
[  109.454157][ T6408]  __free_frozen_pages+0x7d5/0x10f0
[  109.455879][ T6408]  tlb_remove_table_rcu+0x116/0x1a0
[  109.457840][ T6408]  rcu_core+0x79c/0x1530
[  109.459341][ T6408]  handle_softirqs+0x216/0x8e0
[  109.461185][ T6408]  __irq_exit_rcu+0x109/0x170
[  109.463047][ T6408]  irq_exit_rcu+0x9/0x30
[  109.464679][ T6408]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  109.467417][ T6408]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  109.470014][ T6408] Modules linked in:
[  109.471213][ T6408] CPU: 2 UID: 0 PID: 6408 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  109.471231][ T6408] Tainted: [B]=BAD_PAGE
[  109.471234][ T6408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  109.471241][ T6408] Call Trace:
[  109.471247][ T6408]  <TASK>
[  109.471252][ T6408]  dump_stack_lvl+0x16c/0x1f0
[  109.471271][ T6408]  bad_page+0xcf/0x220
[  109.471282][ T6408]  ? __pfx_bad_page+0x10/0x10
[  109.471292][ T6408]  ? page_bad_reason+0x9d/0x1f0
[  109.471302][ T6408]  __free_frozen_pages+0x7f7/0x10f0
[  109.471316][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.471333][ T6408]  page_frag_free+0x27f/0x2e0
[  109.471344][ T6408]  __xdp_return+0x3ab/0xab0
[  109.471355][ T6408]  ? kfree_skbmem+0x1a4/0x1f0
[  109.471390][ T6408]  bpf_xdp_adjust_tail+0x887/0xcb0
[  109.471411][ T6408]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  109.471420][ T6408]  bpf_prog_run_generic_xdp+0x626/0x1530
[  109.471437][ T6408]  do_xdp_generic+0x8e6/0x1320
[  109.471449][ T6408]  ? lock_release+0x201/0x2f0
[  109.471460][ T6408]  ? __pfx_do_xdp_generic+0x10/0x10
[  109.471476][ T6408]  ? mt_find+0x3ef/0xa30
[  109.471494][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  109.471508][ T6408]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  109.471525][ T6408]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  109.471541][ T6408]  ? __skb_flow_dissect+0x11b2/0x7d90
[  109.471557][ T6408]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  109.471570][ T6408]  ? handle_mm_fault+0x200/0xd10
[  109.471586][ T6408]  ? __pfx___skb_flow_dissect+0x10/0x10
[  109.471596][ T6408]  ? lock_release+0x201/0x2f0
[  109.471608][ T6408]  ? do_user_addr_fault+0x843/0x1370
[  109.471622][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.471638][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  109.471651][ T6408]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  109.471665][ T6408]  ? lock_acquire+0x2cd/0x350
[  109.471677][ T6408]  __netif_receive_skb+0x1d/0x160
[  109.471689][ T6408]  netif_receive_skb+0x137/0x7b0
[  109.471701][ T6408]  ? __pfx_netif_receive_skb+0x10/0x10
[  109.471714][ T6408]  ? __pfx__copy_from_iter+0x10/0x10
[  109.471731][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  109.471748][ T6408]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  109.471765][ T6408]  ? lock_acquire+0x2cd/0x350
[  109.471775][ T6408]  ? tun_get_user+0x1df6/0x3cd0
[  109.471795][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.471810][ T6408]  tun_get_user+0x28bb/0x3cd0
[  109.471830][ T6408]  ? __pfx_tun_get_user+0x10/0x10
[  109.471847][ T6408]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  109.471864][ T6408]  ? tun_get+0x191/0x370
[  109.471878][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.471893][ T6408]  ? lock_release+0x201/0x2f0
[  109.471904][ T6408]  tun_chr_write_iter+0xdc/0x210
[  109.471921][ T6408]  vfs_write+0x7d3/0x11d0
[  109.471938][ T6408]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  109.471956][ T6408]  ? __pfx_vfs_write+0x10/0x10
[  109.471971][ T6408]  ? lock_release+0x201/0x2f0
[  109.471985][ T6408]  ksys_write+0x12a/0x250
[  109.472000][ T6408]  ? __pfx_ksys_write+0x10/0x10
[  109.472018][ T6408]  do_syscall_64+0xcd/0x4e0
[  109.472034][ T6408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.472047][ T6408] RIP: 0033:0x7ff08ef8d65f
[  109.472056][ T6408] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  109.472067][ T6408] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  109.472078][ T6408] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  109.472085][ T6408] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  109.472091][ T6408] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  109.472098][ T6408] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  109.472104][ T6408] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  109.472114][ T6408]  </TASK>
[  109.472122][ T6408] BUG: Bad page state in process syz.0.18  pfn:522f2
[  109.611684][ T6408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x522f2
[  109.614995][ T6408] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  109.617913][ T6408] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  109.621169][ T6408] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  109.624516][ T6408] page dumped because: page_pool leak
[  109.627195][ T6408] page_owner tracks the page as allocated
[  109.629519][ T6408] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6408, tgid 6407 (syz.0.18), ts 107353231592, free_ts 104427540225
[  109.634997][ T6408]  post_alloc_hook+0x1c0/0x230
[  109.637005][ T6408]  get_page_from_freelist+0x132b/0x38e0
[  109.639208][ T6408]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  109.641602][ T6408]  alloc_pages_bulk_noprof+0x71c/0x1410
[  109.643896][ T6408]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  109.646576][ T6408]  page_pool_alloc_netmems+0xc4/0x190
[  109.649173][ T6408]  skb_pp_cow_data+0x7c0/0xff0
[  109.651152][ T6408]  skb_cow_data_for_xdp+0x88/0xb0
[  109.652840][ T6408]  do_xdp_generic+0x530/0x1320
[  109.654298][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  109.656366][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  109.658174][ T6408]  __netif_receive_skb+0x1d/0x160
[  109.660176][ T6408]  netif_receive_skb+0x137/0x7b0
[  109.662140][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  109.664519][ T6408]  tun_get_user+0x28bb/0x3cd0
[  109.667017][ T6408]  tun_chr_write_iter+0xdc/0x210
[  109.669047][ T6408] page last free pid 18 tgid 18 stack trace:
[  109.670872][ T6408]  __free_frozen_pages+0x7d5/0x10f0
[  109.672645][ T6408]  tlb_remove_table_rcu+0x116/0x1a0
[  109.674207][ T6408]  rcu_core+0x79c/0x1530
[  109.675679][ T6408]  handle_softirqs+0x216/0x8e0
[  109.677245][ T6408]  __irq_exit_rcu+0x109/0x170
[  109.679044][ T6408]  irq_exit_rcu+0x9/0x30
[  109.680609][ T6408]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  109.682554][ T6408]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  109.684929][ T6408] Modules linked in:
[  109.686385][ T6408] CPU: 2 UID: 0 PID: 6408 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  109.686408][ T6408] Tainted: [B]=BAD_PAGE
[  109.686412][ T6408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  109.686421][ T6408] Call Trace:
[  109.686427][ T6408]  <TASK>
[  109.686434][ T6408]  dump_stack_lvl+0x16c/0x1f0
[  109.686456][ T6408]  bad_page+0xcf/0x220
[  109.686470][ T6408]  ? __pfx_bad_page+0x10/0x10
[  109.686483][ T6408]  ? page_bad_reason+0x9d/0x1f0
[  109.686496][ T6408]  __free_frozen_pages+0x7f7/0x10f0
[  109.686515][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.686536][ T6408]  page_frag_free+0x27f/0x2e0
[  109.686549][ T6408]  __xdp_return+0x3ab/0xab0
[  109.686563][ T6408]  ? kfree_skbmem+0x1a4/0x1f0
[  109.686578][ T6408]  bpf_xdp_adjust_tail+0x887/0xcb0
[  109.686595][ T6408]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  109.686607][ T6408]  bpf_prog_run_generic_xdp+0x626/0x1530
[  109.686628][ T6408]  do_xdp_generic+0x8e6/0x1320
[  109.686645][ T6408]  ? lock_release+0x201/0x2f0
[  109.686660][ T6408]  ? __pfx_do_xdp_generic+0x10/0x10
[  109.686681][ T6408]  ? mt_find+0x3ef/0xa30
[  109.686704][ T6408]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  109.686722][ T6408]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  109.686744][ T6408]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  109.686764][ T6408]  ? __skb_flow_dissect+0x11b2/0x7d90
[  109.686779][ T6408]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  109.686797][ T6408]  ? handle_mm_fault+0x200/0xd10
[  109.686830][ T6408]  ? __pfx___skb_flow_dissect+0x10/0x10
[  109.686848][ T6408]  ? lock_release+0x201/0x2f0
[  109.686862][ T6408]  ? do_user_addr_fault+0x843/0x1370
[  109.686881][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.686901][ T6408]  __netif_receive_skb_one_core+0xb0/0x1e0
[  109.686918][ T6408]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  109.686937][ T6408]  ? lock_acquire+0x2cd/0x350
[  109.686952][ T6408]  __netif_receive_skb+0x1d/0x160
[  109.686968][ T6408]  netif_receive_skb+0x137/0x7b0
[  109.686984][ T6408]  ? __pfx_netif_receive_skb+0x10/0x10
[  109.687001][ T6408]  ? __pfx__copy_from_iter+0x10/0x10
[  109.687021][ T6408]  tun_rx_batched.isra.0+0x3ee/0x740
[  109.687047][ T6408]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  109.687069][ T6408]  ? lock_acquire+0x2cd/0x350
[  109.687082][ T6408]  ? tun_get_user+0x1df6/0x3cd0
[  109.687103][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.687123][ T6408]  tun_get_user+0x28bb/0x3cd0
[  109.687148][ T6408]  ? __pfx_tun_get_user+0x10/0x10
[  109.687170][ T6408]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  109.687193][ T6408]  ? tun_get+0x191/0x370
[  109.687211][ T6408]  ? rcu_is_watching+0x12/0xc0
[  109.687230][ T6408]  ? lock_release+0x201/0x2f0
[  109.687245][ T6408]  tun_chr_write_iter+0xdc/0x210
[  109.687267][ T6408]  vfs_write+0x7d3/0x11d0
[  109.687289][ T6408]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  109.687312][ T6408]  ? __pfx_vfs_write+0x10/0x10
[  109.687332][ T6408]  ? lock_release+0x201/0x2f0
[  109.687349][ T6408]  ksys_write+0x12a/0x250
[  109.687391][ T6408]  ? __pfx_ksys_write+0x10/0x10
[  109.687414][ T6408]  do_syscall_64+0xcd/0x4e0
[  109.687436][ T6408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.687450][ T6408] RIP: 0033:0x7ff08ef8d65f
[  109.687462][ T6408] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  109.687476][ T6408] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  109.687491][ T6408] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  109.687501][ T6408] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  109.687509][ T6408] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  109.687518][ T6408] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  109.687526][ T6408] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  109.687540][ T6408]  </TASK>
[  109.834749][ T6411] BUG: Bad page state in process syz.0.19  pfn:522d3
[  109.837118][ T6411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x522d3
[  109.840516][ T6411] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  109.843272][ T6411] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  109.846095][ T6411] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  109.848934][ T6411] page dumped because: page_pool leak
[  109.850614][ T6411] page_owner tracks the page as allocated
[  109.852800][ T6411] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6411, tgid 6410 (syz.0.19), ts 109834707781, free_ts 100400530647
[  109.859462][ T6411]  post_alloc_hook+0x1c0/0x230
[  109.861685][ T6411]  get_page_from_freelist+0x132b/0x38e0
[  109.864117][ T6411]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  109.865957][ T6411]  alloc_pages_bulk_noprof+0x71c/0x1410
[  109.867670][ T6411]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  109.869637][ T6411]  page_pool_alloc_netmems+0xc4/0x190
[  109.871476][ T6411]  skb_pp_cow_data+0x7c0/0xff0
[  109.873354][ T6411]  skb_cow_data_for_xdp+0x88/0xb0
[  109.875328][ T6411]  do_xdp_generic+0x530/0x1320
[  109.877355][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  109.880061][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  109.882907][ T6411]  __netif_receive_skb+0x1d/0x160
[  109.885920][ T6411]  netif_receive_skb+0x137/0x7b0
[  109.888459][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  109.890888][ T6411]  tun_get_user+0x28bb/0x3cd0
[  109.892823][ T6411]  tun_chr_write_iter+0xdc/0x210
[  109.894806][ T6411] page last free pid 6337 tgid 6337 stack trace:
[  109.897398][ T6411]  __free_frozen_pages+0x7d5/0x10f0
[  109.899555][ T6411]  vfree+0x1fd/0xb50
[  109.901181][ T6411]  kcov_close+0x34/0x60
[  109.902897][ T6411]  __fput+0x402/0xb70
[  109.904535][ T6411]  task_work_run+0x14d/0x240
[  109.906474][ T6411]  do_exit+0x86f/0x2bf0
[  109.908783][ T6411]  do_group_exit+0xd3/0x2a0
[  109.912080][ T6411]  get_signal+0x2671/0x26d0
[  109.914655][ T6411]  arch_do_signal_or_restart+0x8f/0x7c0
[  109.917228][ T6411]  exit_to_user_mode_loop+0x7a/0x100
[  109.919212][ T6411]  do_syscall_64+0x419/0x4e0
[  109.920949][ T6411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.923272][ T6411] Modules linked in:
[  109.924817][ T6411] CPU: 2 UID: 0 PID: 6411 Comm: syz.0.19 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  109.924842][ T6411] Tainted: [B]=BAD_PAGE
[  109.924848][ T6411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  109.924858][ T6411] Call Trace:
[  109.924867][ T6411]  <TASK>
[  109.924875][ T6411]  dump_stack_lvl+0x16c/0x1f0
[  109.924902][ T6411]  bad_page+0xcf/0x220
[  109.924920][ T6411]  ? __pfx_bad_page+0x10/0x10
[  109.924934][ T6411]  ? page_bad_reason+0x9d/0x1f0
[  109.924951][ T6411]  __free_frozen_pages+0x7f7/0x10f0
[  109.924972][ T6411]  ? rcu_is_watching+0x12/0xc0
[  109.924997][ T6411]  page_frag_free+0x27f/0x2e0
[  109.925012][ T6411]  __xdp_return+0x3ab/0xab0
[  109.925029][ T6411]  ? kfree_skbmem+0x1a4/0x1f0
[  109.925053][ T6411]  bpf_xdp_adjust_tail+0x887/0xcb0
[  109.925074][ T6411]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  109.925089][ T6411]  bpf_prog_run_generic_xdp+0x626/0x1530
[  109.925113][ T6411]  do_xdp_generic+0x8e6/0x1320
[  109.925132][ T6411]  ? lock_release+0x201/0x2f0
[  109.925149][ T6411]  ? __pfx_do_xdp_generic+0x10/0x10
[  109.925175][ T6411]  ? mt_find+0x3ef/0xa30
[  109.925200][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  109.925221][ T6411]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  109.925246][ T6411]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  109.925270][ T6411]  ? __skb_flow_dissect+0x11b2/0x7d90
[  109.925288][ T6411]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  109.925307][ T6411]  ? handle_mm_fault+0x200/0xd10
[  109.925331][ T6411]  ? __pfx___skb_flow_dissect+0x10/0x10
[  109.925348][ T6411]  ? lock_release+0x201/0x2f0
[  109.925365][ T6411]  ? do_user_addr_fault+0x843/0x1370
[  109.925387][ T6411]  ? rcu_is_watching+0x12/0xc0
[  109.925410][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  109.925431][ T6411]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  109.925451][ T6411]  ? lock_acquire+0x2cd/0x350
[  109.925470][ T6411]  __netif_receive_skb+0x1d/0x160
[  109.925489][ T6411]  netif_receive_skb+0x137/0x7b0
[  109.925506][ T6411]  ? __pfx_netif_receive_skb+0x10/0x10
[  109.925527][ T6411]  ? __pfx__copy_from_iter+0x10/0x10
[  109.925550][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  109.925575][ T6411]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  109.925600][ T6411]  ? lock_acquire+0x2cd/0x350
[  109.925616][ T6411]  ? tun_get_user+0x1df6/0x3cd0
[  109.925644][ T6411]  ? rcu_is_watching+0x12/0xc0
[  109.925668][ T6411]  tun_get_user+0x28bb/0x3cd0
[  109.925695][ T6411]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  109.925719][ T6411]  ? __pfx_tun_get_user+0x10/0x10
[  109.925742][ T6411]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  109.925768][ T6411]  ? tun_get+0x191/0x370
[  109.925789][ T6411]  ? rcu_is_watching+0x12/0xc0
[  109.925810][ T6411]  ? lock_release+0x201/0x2f0
[  109.925828][ T6411]  tun_chr_write_iter+0xdc/0x210
[  109.925854][ T6411]  vfs_write+0x7d3/0x11d0
[  109.925879][ T6411]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  109.925906][ T6411]  ? __pfx_vfs_write+0x10/0x10
[  109.925927][ T6411]  ? lock_release+0x201/0x2f0
[  109.925949][ T6411]  ksys_write+0x12a/0x250
[  109.925973][ T6411]  ? __pfx_ksys_write+0x10/0x10
[  109.925998][ T6411]  do_syscall_64+0xcd/0x4e0
[  109.926024][ T6411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.926047][ T6411] RIP: 0033:0x7ff08ef8d65f
[  109.926060][ T6411] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  109.926076][ T6411] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  109.926092][ T6411] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  109.926102][ T6411] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  109.926113][ T6411] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  109.926123][ T6411] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  109.926133][ T6411] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  109.926149][ T6411]  </TASK>
[  109.926159][ T6411] BUG: Bad page state in process syz.0.19  pfn:53787
[  110.075737][ T6411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x53787
[  110.078430][ T6411] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  110.081065][ T6411] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  110.085378][ T6411] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  110.088799][ T6411] page dumped because: page_pool leak
[  110.090523][ T6411] page_owner tracks the page as allocated
[  110.092924][ T6411] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6411, tgid 6410 (syz.0.19), ts 109834703632, free_ts 104401224431
[  110.099069][ T6411]  post_alloc_hook+0x1c0/0x230
[  110.100662][ T6411]  get_page_from_freelist+0x132b/0x38e0
[  110.102874][ T6411]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  110.105222][ T6411]  alloc_pages_bulk_noprof+0x71c/0x1410
[  110.107493][ T6411]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  110.110087][ T6411]  page_pool_alloc_netmems+0xc4/0x190
[  110.111745][ T6411]  skb_pp_cow_data+0x7c0/0xff0
[  110.113298][ T6411]  skb_cow_data_for_xdp+0x88/0xb0
[  110.114908][ T6411]  do_xdp_generic+0x530/0x1320
[  110.116584][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  110.118735][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  110.120628][ T6411]  __netif_receive_skb+0x1d/0x160
[  110.122237][ T6411]  netif_receive_skb+0x137/0x7b0
[  110.123856][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  110.125911][ T6411]  tun_get_user+0x28bb/0x3cd0
[  110.128183][ T6411]  tun_chr_write_iter+0xdc/0x210
[  110.130472][ T6411] page last free pid 6400 tgid 6400 stack trace:
[  110.132724][ T6411]  __free_frozen_pages+0x7d5/0x10f0
[  110.134479][ T6411]  tlb_remove_table_rcu+0x116/0x1a0
[  110.136249][ T6411]  rcu_core+0x79c/0x1530
[  110.137917][ T6411]  handle_softirqs+0x216/0x8e0
[  110.139597][ T6411]  __irq_exit_rcu+0x109/0x170
[  110.141077][ T6411]  irq_exit_rcu+0x9/0x30
[  110.142390][ T6411]  sysvec_call_function_single+0xa4/0xc0
[  110.144384][ T6411]  asm_sysvec_call_function_single+0x1a/0x20
[  110.146328][ T6411] Modules linked in:
[  110.147807][ T6411] CPU: 2 UID: 0 PID: 6411 Comm: syz.0.19 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  110.147828][ T6411] Tainted: [B]=BAD_PAGE
[  110.147832][ T6411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  110.147840][ T6411] Call Trace:
[  110.147847][ T6411]  <TASK>
[  110.147854][ T6411]  dump_stack_lvl+0x16c/0x1f0
[  110.147876][ T6411]  bad_page+0xcf/0x220
[  110.147888][ T6411]  ? __pfx_bad_page+0x10/0x10
[  110.147898][ T6411]  ? page_bad_reason+0x9d/0x1f0
[  110.147908][ T6411]  __free_frozen_pages+0x7f7/0x10f0
[  110.147923][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.147941][ T6411]  page_frag_free+0x27f/0x2e0
[  110.147952][ T6411]  __xdp_return+0x3ab/0xab0
[  110.147964][ T6411]  ? kfree_skbmem+0x1a4/0x1f0
[  110.147976][ T6411]  bpf_xdp_adjust_tail+0x887/0xcb0
[  110.147991][ T6411]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  110.148001][ T6411]  bpf_prog_run_generic_xdp+0x626/0x1530
[  110.148019][ T6411]  do_xdp_generic+0x8e6/0x1320
[  110.148031][ T6411]  ? lock_release+0x201/0x2f0
[  110.148044][ T6411]  ? __pfx_do_xdp_generic+0x10/0x10
[  110.148060][ T6411]  ? mt_find+0x3ef/0xa30
[  110.148078][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  110.148093][ T6411]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  110.148110][ T6411]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  110.148127][ T6411]  ? __skb_flow_dissect+0x11b2/0x7d90
[  110.148139][ T6411]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  110.148153][ T6411]  ? handle_mm_fault+0x200/0xd10
[  110.148169][ T6411]  ? __pfx___skb_flow_dissect+0x10/0x10
[  110.148180][ T6411]  ? lock_release+0x201/0x2f0
[  110.148191][ T6411]  ? do_user_addr_fault+0x843/0x1370
[  110.148207][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.148223][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  110.148243][ T6411]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  110.148257][ T6411]  ? lock_acquire+0x2cd/0x350
[  110.148268][ T6411]  __netif_receive_skb+0x1d/0x160
[  110.148281][ T6411]  netif_receive_skb+0x137/0x7b0
[  110.148294][ T6411]  ? __pfx_netif_receive_skb+0x10/0x10
[  110.148306][ T6411]  ? __pfx__copy_from_iter+0x10/0x10
[  110.148324][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  110.148343][ T6411]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  110.148360][ T6411]  ? lock_acquire+0x2cd/0x350
[  110.148371][ T6411]  ? tun_get_user+0x1df6/0x3cd0
[  110.148387][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.148403][ T6411]  tun_get_user+0x28bb/0x3cd0
[  110.148422][ T6411]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  110.148439][ T6411]  ? __pfx_tun_get_user+0x10/0x10
[  110.148456][ T6411]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  110.148475][ T6411]  ? tun_get+0x191/0x370
[  110.148489][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.148504][ T6411]  ? lock_release+0x201/0x2f0
[  110.148517][ T6411]  tun_chr_write_iter+0xdc/0x210
[  110.148534][ T6411]  vfs_write+0x7d3/0x11d0
[  110.148552][ T6411]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  110.148570][ T6411]  ? __pfx_vfs_write+0x10/0x10
[  110.148586][ T6411]  ? lock_release+0x201/0x2f0
[  110.148600][ T6411]  ksys_write+0x12a/0x250
[  110.148615][ T6411]  ? __pfx_ksys_write+0x10/0x10
[  110.148633][ T6411]  do_syscall_64+0xcd/0x4e0
[  110.148650][ T6411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.148663][ T6411] RIP: 0033:0x7ff08ef8d65f
[  110.148673][ T6411] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  110.148684][ T6411] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  110.148695][ T6411] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  110.148703][ T6411] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  110.148710][ T6411] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  110.148716][ T6411] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  110.148722][ T6411] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  110.148732][ T6411]  </TASK>
[  110.148740][ T6411] BUG: Bad page state in process syz.0.19  pfn:53786
[  110.298836][ T6411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x53786
[  110.301985][ T6411] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  110.305149][ T6411] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  110.308606][ T6411] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  110.311686][ T6411] page dumped because: page_pool leak
[  110.313656][ T6411] page_owner tracks the page as allocated
[  110.315761][ T6411] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6411, tgid 6410 (syz.0.19), ts 109834699597, free_ts 104401250522
[  110.322243][ T6411]  post_alloc_hook+0x1c0/0x230
[  110.323980][ T6411]  get_page_from_freelist+0x132b/0x38e0
[  110.325795][ T6411]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  110.328414][ T6411]  alloc_pages_bulk_noprof+0x71c/0x1410
[  110.330547][ T6411]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  110.332515][ T6411]  page_pool_alloc_netmems+0xc4/0x190
[  110.334931][ T6411]  skb_pp_cow_data+0x7c0/0xff0
[  110.337141][ T6411]  skb_cow_data_for_xdp+0x88/0xb0
[  110.340207][ T6411]  do_xdp_generic+0x530/0x1320
[  110.343074][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  110.345798][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  110.347761][ T6411]  __netif_receive_skb+0x1d/0x160
[  110.349389][ T6411]  netif_receive_skb+0x137/0x7b0
[  110.351058][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  110.352674][ T6411]  tun_get_user+0x28bb/0x3cd0
[  110.354095][ T6411]  tun_chr_write_iter+0xdc/0x210
[  110.355720][ T6411] page last free pid 6400 tgid 6400 stack trace:
[  110.358183][ T6411]  __free_frozen_pages+0x7d5/0x10f0
[  110.360074][ T6411]  tlb_remove_table_rcu+0x116/0x1a0
[  110.361610][ T6411]  rcu_core+0x79c/0x1530
[  110.362970][ T6411]  handle_softirqs+0x216/0x8e0
[  110.364713][ T6411]  __irq_exit_rcu+0x109/0x170
[  110.366716][ T6411]  irq_exit_rcu+0x9/0x30
[  110.368933][ T6411]  sysvec_call_function_single+0xa4/0xc0
[  110.372637][ T6411]  asm_sysvec_call_function_single+0x1a/0x20
[  110.375511][ T6411] Modules linked in:
[  110.377374][ T6411] CPU: 2 UID: 0 PID: 6411 Comm: syz.0.19 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  110.377407][ T6411] Tainted: [B]=BAD_PAGE
[  110.377413][ T6411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  110.377425][ T6411] Call Trace:
[  110.377431][ T6411]  <TASK>
[  110.377439][ T6411]  dump_stack_lvl+0x16c/0x1f0
[  110.377469][ T6411]  bad_page+0xcf/0x220
[  110.377487][ T6411]  ? __pfx_bad_page+0x10/0x10
[  110.377504][ T6411]  ? page_bad_reason+0x9d/0x1f0
[  110.377521][ T6411]  __free_frozen_pages+0x7f7/0x10f0
[  110.377544][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.377571][ T6411]  page_frag_free+0x27f/0x2e0
[  110.377587][ T6411]  __xdp_return+0x3ab/0xab0
[  110.377604][ T6411]  ? kfree_skbmem+0x1a4/0x1f0
[  110.377623][ T6411]  bpf_xdp_adjust_tail+0x887/0xcb0
[  110.377644][ T6411]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  110.377656][ T6411]  bpf_prog_run_generic_xdp+0x626/0x1530
[  110.377684][ T6411]  do_xdp_generic+0x8e6/0x1320
[  110.377703][ T6411]  ? lock_release+0x201/0x2f0
[  110.377721][ T6411]  ? __pfx_do_xdp_generic+0x10/0x10
[  110.377747][ T6411]  ? mt_find+0x3ef/0xa30
[  110.377775][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  110.377798][ T6411]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  110.377822][ T6411]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  110.377845][ T6411]  ? __skb_flow_dissect+0x11b2/0x7d90
[  110.377863][ T6411]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  110.377883][ T6411]  ? handle_mm_fault+0x200/0xd10
[  110.377907][ T6411]  ? __pfx___skb_flow_dissect+0x10/0x10
[  110.377924][ T6411]  ? lock_release+0x201/0x2f0
[  110.377943][ T6411]  ? do_user_addr_fault+0x843/0x1370
[  110.377965][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.377991][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  110.378011][ T6411]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  110.378033][ T6411]  ? lock_acquire+0x2cd/0x350
[  110.378052][ T6411]  __netif_receive_skb+0x1d/0x160
[  110.378071][ T6411]  netif_receive_skb+0x137/0x7b0
[  110.378091][ T6411]  ? __pfx_netif_receive_skb+0x10/0x10
[  110.378119][ T6411]  ? __pfx__copy_from_iter+0x10/0x10
[  110.378145][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  110.378171][ T6411]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  110.378197][ T6411]  ? lock_acquire+0x2cd/0x350
[  110.378213][ T6411]  ? tun_get_user+0x1df6/0x3cd0
[  110.378237][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.378262][ T6411]  tun_get_user+0x28bb/0x3cd0
[  110.378293][ T6411]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  110.378318][ T6411]  ? __pfx_tun_get_user+0x10/0x10
[  110.378345][ T6411]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  110.378374][ T6411]  ? tun_get+0x191/0x370
[  110.378395][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.378418][ T6411]  ? lock_release+0x201/0x2f0
[  110.378438][ T6411]  tun_chr_write_iter+0xdc/0x210
[  110.378465][ T6411]  vfs_write+0x7d3/0x11d0
[  110.378491][ T6411]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  110.378518][ T6411]  ? __pfx_vfs_write+0x10/0x10
[  110.378544][ T6411]  ? lock_release+0x201/0x2f0
[  110.378566][ T6411]  ksys_write+0x12a/0x250
[  110.378591][ T6411]  ? __pfx_ksys_write+0x10/0x10
[  110.378619][ T6411]  do_syscall_64+0xcd/0x4e0
[  110.378645][ T6411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.378664][ T6411] RIP: 0033:0x7ff08ef8d65f
[  110.378679][ T6411] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  110.378697][ T6411] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  110.378715][ T6411] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  110.378727][ T6411] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  110.378767][ T6411] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  110.378778][ T6411] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  110.378789][ T6411] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  110.378807][ T6411]  </TASK>
[  110.378819][ T6411] BUG: Bad page state in process syz.0.19  pfn:522f3
[  110.531440][ T6411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x522f3
[  110.535088][ T6411] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  110.538524][ T6411] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  110.542033][ T6411] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  110.544856][ T6411] page dumped because: page_pool leak
[  110.547500][ T6411] page_owner tracks the page as allocated
[  110.549864][ T6411] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6411, tgid 6410 (syz.0.19), ts 109834695483, free_ts 104401275438
[  110.556962][ T6411]  post_alloc_hook+0x1c0/0x230
[  110.558878][ T6411]  get_page_from_freelist+0x132b/0x38e0
[  110.560838][ T6411]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  110.563472][ T6411]  alloc_pages_bulk_noprof+0x71c/0x1410
[  110.565771][ T6411]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  110.567904][ T6411]  page_pool_alloc_netmems+0xc4/0x190
[  110.569715][ T6411]  skb_pp_cow_data+0x7c0/0xff0
[  110.571573][ T6411]  skb_cow_data_for_xdp+0x88/0xb0
[  110.573299][ T6411]  do_xdp_generic+0x530/0x1320
[  110.574714][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  110.577396][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  110.579815][ T6411]  __netif_receive_skb+0x1d/0x160
[  110.581667][ T6411]  netif_receive_skb+0x137/0x7b0
[  110.583956][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  110.586382][ T6411]  tun_get_user+0x28bb/0x3cd0
[  110.587895][ T6411]  tun_chr_write_iter+0xdc/0x210
[  110.589466][ T6411] page last free pid 6400 tgid 6400 stack trace:
[  110.591886][ T6411]  __free_frozen_pages+0x7d5/0x10f0
[  110.593971][ T6411]  tlb_remove_table_rcu+0x116/0x1a0
[  110.595671][ T6411]  rcu_core+0x79c/0x1530
[  110.597036][ T6411]  handle_softirqs+0x216/0x8e0
[  110.598974][ T6411]  __irq_exit_rcu+0x109/0x170
[  110.600665][ T6411]  irq_exit_rcu+0x9/0x30
[  110.601976][ T6411]  sysvec_call_function_single+0xa4/0xc0
[  110.603917][ T6411]  asm_sysvec_call_function_single+0x1a/0x20
[  110.606058][ T6411] Modules linked in:
[  110.607289][ T6411] CPU: 2 UID: 0 PID: 6411 Comm: syz.0.19 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  110.607307][ T6411] Tainted: [B]=BAD_PAGE
[  110.607310][ T6411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  110.607317][ T6411] Call Trace:
[  110.607322][ T6411]  <TASK>
[  110.607327][ T6411]  dump_stack_lvl+0x16c/0x1f0
[  110.607346][ T6411]  bad_page+0xcf/0x220
[  110.607378][ T6411]  ? __pfx_bad_page+0x10/0x10
[  110.607394][ T6411]  ? page_bad_reason+0x9d/0x1f0
[  110.607404][ T6411]  __free_frozen_pages+0x7f7/0x10f0
[  110.607418][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.607434][ T6411]  page_frag_free+0x27f/0x2e0
[  110.607445][ T6411]  __xdp_return+0x3ab/0xab0
[  110.607455][ T6411]  ? kfree_skbmem+0x1a4/0x1f0
[  110.607467][ T6411]  bpf_xdp_adjust_tail+0x887/0xcb0
[  110.607480][ T6411]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  110.607489][ T6411]  bpf_prog_run_generic_xdp+0x626/0x1530
[  110.607506][ T6411]  do_xdp_generic+0x8e6/0x1320
[  110.607519][ T6411]  ? lock_release+0x201/0x2f0
[  110.607530][ T6411]  ? __pfx_do_xdp_generic+0x10/0x10
[  110.607546][ T6411]  ? mt_find+0x3ef/0xa30
[  110.607564][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  110.607578][ T6411]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  110.607595][ T6411]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  110.607611][ T6411]  ? __skb_flow_dissect+0x11b2/0x7d90
[  110.607622][ T6411]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  110.607636][ T6411]  ? handle_mm_fault+0x200/0xd10
[  110.607651][ T6411]  ? __pfx___skb_flow_dissect+0x10/0x10
[  110.607662][ T6411]  ? lock_release+0x201/0x2f0
[  110.607673][ T6411]  ? do_user_addr_fault+0x843/0x1370
[  110.607687][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.607703][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  110.607716][ T6411]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  110.607730][ T6411]  ? lock_acquire+0x2cd/0x350
[  110.607742][ T6411]  __netif_receive_skb+0x1d/0x160
[  110.607761][ T6411]  netif_receive_skb+0x137/0x7b0
[  110.607773][ T6411]  ? __pfx_netif_receive_skb+0x10/0x10
[  110.607786][ T6411]  ? __pfx__copy_from_iter+0x10/0x10
[  110.607802][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  110.607819][ T6411]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  110.607836][ T6411]  ? lock_acquire+0x2cd/0x350
[  110.607846][ T6411]  ? tun_get_user+0x1df6/0x3cd0
[  110.607862][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.607877][ T6411]  tun_get_user+0x28bb/0x3cd0
[  110.607896][ T6411]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  110.607912][ T6411]  ? __pfx_tun_get_user+0x10/0x10
[  110.607929][ T6411]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  110.607946][ T6411]  ? tun_get+0x191/0x370
[  110.607960][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.607975][ T6411]  ? lock_release+0x201/0x2f0
[  110.607986][ T6411]  tun_chr_write_iter+0xdc/0x210
[  110.608005][ T6411]  vfs_write+0x7d3/0x11d0
[  110.608021][ T6411]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  110.608039][ T6411]  ? __pfx_vfs_write+0x10/0x10
[  110.608055][ T6411]  ? lock_release+0x201/0x2f0
[  110.608068][ T6411]  ksys_write+0x12a/0x250
[  110.608084][ T6411]  ? __pfx_ksys_write+0x10/0x10
[  110.608101][ T6411]  do_syscall_64+0xcd/0x4e0
[  110.608117][ T6411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.608129][ T6411] RIP: 0033:0x7ff08ef8d65f
[  110.608137][ T6411] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  110.608149][ T6411] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  110.608159][ T6411] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  110.608166][ T6411] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  110.608173][ T6411] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  110.608179][ T6411] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  110.608186][ T6411] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  110.608196][ T6411]  </TASK>
[  110.608204][ T6411] BUG: Bad page state in process syz.0.19  pfn:5362d
[  110.756892][ T6411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x5362d
[  110.760476][ T6411] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  110.762895][ T6411] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  110.765591][ T6411] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  110.768786][ T6411] page dumped because: page_pool leak
[  110.770686][ T6411] page_owner tracks the page as allocated
[  110.772580][ T6411] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6411, tgid 6410 (syz.0.19), ts 109834691190, free_ts 104401299842
[  110.780071][ T6411]  post_alloc_hook+0x1c0/0x230
[  110.782318][ T6411]  get_page_from_freelist+0x132b/0x38e0
[  110.784542][ T6411]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  110.787010][ T6411]  alloc_pages_bulk_noprof+0x71c/0x1410
[  110.789442][ T6411]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  110.792250][ T6411]  page_pool_alloc_netmems+0xc4/0x190
[  110.794384][ T6411]  skb_pp_cow_data+0x7c0/0xff0
[  110.796683][ T6411]  skb_cow_data_for_xdp+0x88/0xb0
[  110.799297][ T6411]  do_xdp_generic+0x530/0x1320
[  110.801312][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  110.804222][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  110.806618][ T6411]  __netif_receive_skb+0x1d/0x160
[  110.808535][ T6411]  netif_receive_skb+0x137/0x7b0
[  110.810126][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  110.811872][ T6411]  tun_get_user+0x28bb/0x3cd0
[  110.813331][ T6411]  tun_chr_write_iter+0xdc/0x210
[  110.814821][ T6411] page last free pid 6400 tgid 6400 stack trace:
[  110.816715][ T6411]  __free_frozen_pages+0x7d5/0x10f0
[  110.818516][ T6411]  tlb_remove_table_rcu+0x116/0x1a0
[  110.820307][ T6411]  rcu_core+0x79c/0x1530
[  110.821824][ T6411]  handle_softirqs+0x216/0x8e0
[  110.823821][ T6411]  __irq_exit_rcu+0x109/0x170
[  110.825515][ T6411]  irq_exit_rcu+0x9/0x30
[  110.827597][ T6411]  sysvec_call_function_single+0xa4/0xc0
[  110.830300][ T6411]  asm_sysvec_call_function_single+0x1a/0x20
[  110.832959][ T6411] Modules linked in:
[  110.834678][ T6411] CPU: 2 UID: 0 PID: 6411 Comm: syz.0.19 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  110.834704][ T6411] Tainted: [B]=BAD_PAGE
[  110.834710][ T6411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  110.834720][ T6411] Call Trace:
[  110.834727][ T6411]  <TASK>
[  110.834734][ T6411]  dump_stack_lvl+0x16c/0x1f0
[  110.834762][ T6411]  bad_page+0xcf/0x220
[  110.834778][ T6411]  ? __pfx_bad_page+0x10/0x10
[  110.834792][ T6411]  ? page_bad_reason+0x9d/0x1f0
[  110.834807][ T6411]  __free_frozen_pages+0x7f7/0x10f0
[  110.834828][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.834851][ T6411]  page_frag_free+0x27f/0x2e0
[  110.834866][ T6411]  __xdp_return+0x3ab/0xab0
[  110.834882][ T6411]  ? kfree_skbmem+0x1a4/0x1f0
[  110.834900][ T6411]  bpf_xdp_adjust_tail+0x887/0xcb0
[  110.834922][ T6411]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  110.834938][ T6411]  bpf_prog_run_generic_xdp+0x626/0x1530
[  110.834964][ T6411]  do_xdp_generic+0x8e6/0x1320
[  110.834984][ T6411]  ? lock_release+0x201/0x2f0
[  110.835001][ T6411]  ? __pfx_do_xdp_generic+0x10/0x10
[  110.835028][ T6411]  ? mt_find+0x3ef/0xa30
[  110.835054][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  110.835076][ T6411]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  110.835109][ T6411]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  110.835134][ T6411]  ? __skb_flow_dissect+0x11b2/0x7d90
[  110.835151][ T6411]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  110.835170][ T6411]  ? handle_mm_fault+0x200/0xd10
[  110.835195][ T6411]  ? __pfx___skb_flow_dissect+0x10/0x10
[  110.835210][ T6411]  ? lock_release+0x201/0x2f0
[  110.835229][ T6411]  ? do_user_addr_fault+0x843/0x1370
[  110.835252][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.835273][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  110.835415][ T6411]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  110.835440][ T6411]  ? lock_acquire+0x2cd/0x350
[  110.835462][ T6411]  __netif_receive_skb+0x1d/0x160
[  110.835482][ T6411]  netif_receive_skb+0x137/0x7b0
[  110.835501][ T6411]  ? __pfx_netif_receive_skb+0x10/0x10
[  110.835521][ T6411]  ? __pfx__copy_from_iter+0x10/0x10
[  110.835547][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  110.835574][ T6411]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  110.835604][ T6411]  ? lock_acquire+0x2cd/0x350
[  110.835620][ T6411]  ? tun_get_user+0x1df6/0x3cd0
[  110.835644][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.835670][ T6411]  tun_get_user+0x28bb/0x3cd0
[  110.835700][ T6411]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  110.835726][ T6411]  ? __pfx_tun_get_user+0x10/0x10
[  110.835752][ T6411]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  110.835780][ T6411]  ? tun_get+0x191/0x370
[  110.835801][ T6411]  ? rcu_is_watching+0x12/0xc0
[  110.835824][ T6411]  ? lock_release+0x201/0x2f0
[  110.835843][ T6411]  tun_chr_write_iter+0xdc/0x210
[  110.835869][ T6411]  vfs_write+0x7d3/0x11d0
[  110.835896][ T6411]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  110.835923][ T6411]  ? __pfx_vfs_write+0x10/0x10
[  110.835948][ T6411]  ? lock_release+0x201/0x2f0
[  110.835968][ T6411]  ksys_write+0x12a/0x250
[  110.835990][ T6411]  ? __pfx_ksys_write+0x10/0x10
[  110.836017][ T6411]  do_syscall_64+0xcd/0x4e0
[  110.836043][ T6411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.836063][ T6411] RIP: 0033:0x7ff08ef8d65f
[  110.836080][ T6411] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  110.836097][ T6411] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  110.836115][ T6411] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  110.836127][ T6411] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  110.836139][ T6411] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  110.836150][ T6411] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  110.836160][ T6411] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  110.836177][ T6411]  </TASK>
[  110.836192][ T6411] BUG: Bad page state in process syz.0.19  pfn:53785
[  110.997822][ T6411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x53785
[  111.001199][ T6411] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  111.004190][ T6411] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  111.008641][ T6411] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  111.012686][ T6411] page dumped because: page_pool leak
[  111.014853][ T6411] page_owner tracks the page as allocated
[  111.017309][ T6411] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6411, tgid 6410 (syz.0.19), ts 109834686822, free_ts 104401310964
[  111.023838][ T6411]  post_alloc_hook+0x1c0/0x230
[  111.025933][ T6411]  get_page_from_freelist+0x132b/0x38e0
[  111.028610][ T6411]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  111.031668][ T6411]  alloc_pages_bulk_noprof+0x71c/0x1410
[  111.034079][ T6411]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  111.036392][ T6411]  page_pool_alloc_netmems+0xc4/0x190
[  111.038606][ T6411]  skb_pp_cow_data+0x7c0/0xff0
[  111.040159][ T6411]  skb_cow_data_for_xdp+0x88/0xb0
[  111.042167][ T6411]  do_xdp_generic+0x530/0x1320
[  111.044145][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  111.047309][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  111.049912][ T6411]  __netif_receive_skb+0x1d/0x160
[  111.052775][ T6411]  netif_receive_skb+0x137/0x7b0
[  111.055534][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  111.057923][ T6411]  tun_get_user+0x28bb/0x3cd0
[  111.059751][ T6411]  tun_chr_write_iter+0xdc/0x210
[  111.061573][ T6411] page last free pid 6400 tgid 6400 stack trace:
[  111.063545][ T6411]  __free_frozen_pages+0x7d5/0x10f0
[  111.065093][ T6411]  tlb_remove_table_rcu+0x116/0x1a0
[  111.066614][ T6411]  rcu_core+0x79c/0x1530
[  111.068048][ T6411]  handle_softirqs+0x216/0x8e0
[  111.069581][ T6411]  __irq_exit_rcu+0x109/0x170
[  111.071043][ T6411]  irq_exit_rcu+0x9/0x30
[  111.072697][ T6411]  sysvec_call_function_single+0xa4/0xc0
[  111.074982][ T6411]  asm_sysvec_call_function_single+0x1a/0x20
[  111.077617][ T6411] Modules linked in:
[  111.079319][ T6411] CPU: 2 UID: 0 PID: 6411 Comm: syz.0.19 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  111.079347][ T6411] Tainted: [B]=BAD_PAGE
[  111.079374][ T6411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  111.079386][ T6411] Call Trace:
[  111.079396][ T6411]  <TASK>
[  111.079404][ T6411]  dump_stack_lvl+0x16c/0x1f0
[  111.079431][ T6411]  bad_page+0xcf/0x220
[  111.079448][ T6411]  ? __pfx_bad_page+0x10/0x10
[  111.079464][ T6411]  ? page_bad_reason+0x9d/0x1f0
[  111.079481][ T6411]  __free_frozen_pages+0x7f7/0x10f0
[  111.079503][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.079529][ T6411]  page_frag_free+0x27f/0x2e0
[  111.079544][ T6411]  __xdp_return+0x3ab/0xab0
[  111.079561][ T6411]  ? kfree_skbmem+0x1a4/0x1f0
[  111.079580][ T6411]  bpf_xdp_adjust_tail+0x887/0xcb0
[  111.079601][ T6411]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  111.079616][ T6411]  bpf_prog_run_generic_xdp+0x626/0x1530
[  111.079642][ T6411]  do_xdp_generic+0x8e6/0x1320
[  111.079662][ T6411]  ? lock_release+0x201/0x2f0
[  111.079678][ T6411]  ? __pfx_do_xdp_generic+0x10/0x10
[  111.079706][ T6411]  ? mt_find+0x3ef/0xa30
[  111.079733][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  111.079756][ T6411]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  111.079781][ T6411]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  111.079808][ T6411]  ? __skb_flow_dissect+0x11b2/0x7d90
[  111.079827][ T6411]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  111.079848][ T6411]  ? handle_mm_fault+0x200/0xd10
[  111.079871][ T6411]  ? __pfx___skb_flow_dissect+0x10/0x10
[  111.079887][ T6411]  ? lock_release+0x201/0x2f0
[  111.079903][ T6411]  ? do_user_addr_fault+0x843/0x1370
[  111.079923][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.079946][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  111.079966][ T6411]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  111.079988][ T6411]  ? lock_acquire+0x2cd/0x350
[  111.080006][ T6411]  __netif_receive_skb+0x1d/0x160
[  111.080034][ T6411]  netif_receive_skb+0x137/0x7b0
[  111.080053][ T6411]  ? __pfx_netif_receive_skb+0x10/0x10
[  111.080072][ T6411]  ? __pfx__copy_from_iter+0x10/0x10
[  111.080097][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  111.080123][ T6411]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  111.080148][ T6411]  ? lock_acquire+0x2cd/0x350
[  111.080165][ T6411]  ? tun_get_user+0x1df6/0x3cd0
[  111.080189][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.080214][ T6411]  tun_get_user+0x28bb/0x3cd0
[  111.080242][ T6411]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  111.080267][ T6411]  ? __pfx_tun_get_user+0x10/0x10
[  111.080292][ T6411]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  111.080320][ T6411]  ? tun_get+0x191/0x370
[  111.080341][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.080363][ T6411]  ? lock_release+0x201/0x2f0
[  111.080382][ T6411]  tun_chr_write_iter+0xdc/0x210
[  111.080409][ T6411]  vfs_write+0x7d3/0x11d0
[  111.080434][ T6411]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  111.080461][ T6411]  ? __pfx_vfs_write+0x10/0x10
[  111.080485][ T6411]  ? lock_release+0x201/0x2f0
[  111.080507][ T6411]  ksys_write+0x12a/0x250
[  111.080531][ T6411]  ? __pfx_ksys_write+0x10/0x10
[  111.080558][ T6411]  do_syscall_64+0xcd/0x4e0
[  111.080583][ T6411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.080601][ T6411] RIP: 0033:0x7ff08ef8d65f
[  111.080615][ T6411] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  111.080631][ T6411] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  111.080649][ T6411] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  111.080661][ T6411] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  111.080672][ T6411] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  111.080683][ T6411] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  111.080694][ T6411] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  111.080711][ T6411]  </TASK>
[  111.080721][ T6411] BUG: Bad page state in process syz.0.19  pfn:5378b
[  111.233286][ T6411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5378b
[  111.236675][ T6411] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  111.239508][ T6411] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  111.242910][ T6411] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  111.246442][ T6411] page dumped because: page_pool leak
[  111.248922][ T6411] page_owner tracks the page as allocated
[  111.251309][ T6411] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6411, tgid 6410 (syz.0.19), ts 109834682638, free_ts 104401334325
[  111.257732][ T6411]  post_alloc_hook+0x1c0/0x230
[  111.259348][ T6411]  get_page_from_freelist+0x132b/0x38e0
[  111.261115][ T6411]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  111.263201][ T6411]  alloc_pages_bulk_noprof+0x71c/0x1410
[  111.265250][ T6411]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  111.267808][ T6411]  page_pool_alloc_netmems+0xc4/0x190
[  111.270234][ T6411]  skb_pp_cow_data+0x7c0/0xff0
[  111.272594][ T6411]  skb_cow_data_for_xdp+0x88/0xb0
[  111.274603][ T6411]  do_xdp_generic+0x530/0x1320
[  111.276487][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  111.278901][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  111.281066][ T6411]  __netif_receive_skb+0x1d/0x160
[  111.283149][ T6411]  netif_receive_skb+0x137/0x7b0
[  111.285176][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  111.287399][ T6411]  tun_get_user+0x28bb/0x3cd0
[  111.289257][ T6411]  tun_chr_write_iter+0xdc/0x210
[  111.291532][ T6411] page last free pid 6400 tgid 6400 stack trace:
[  111.294557][ T6411]  __free_frozen_pages+0x7d5/0x10f0
[  111.297025][ T6411]  tlb_remove_table_rcu+0x116/0x1a0
[  111.298861][ T6411]  rcu_core+0x79c/0x1530
[  111.300288][ T6411]  handle_softirqs+0x216/0x8e0
[  111.301849][ T6411]  __irq_exit_rcu+0x109/0x170
[  111.303763][ T6411]  irq_exit_rcu+0x9/0x30
[  111.305049][ T6411]  sysvec_call_function_single+0xa4/0xc0
[  111.306759][ T6411]  asm_sysvec_call_function_single+0x1a/0x20
[  111.308820][ T6411] Modules linked in:
[  111.310112][ T6411] CPU: 2 UID: 0 PID: 6411 Comm: syz.0.19 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  111.310130][ T6411] Tainted: [B]=BAD_PAGE
[  111.310134][ T6411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  111.310141][ T6411] Call Trace:
[  111.310145][ T6411]  <TASK>
[  111.310150][ T6411]  dump_stack_lvl+0x16c/0x1f0
[  111.310169][ T6411]  bad_page+0xcf/0x220
[  111.310181][ T6411]  ? __pfx_bad_page+0x10/0x10
[  111.310191][ T6411]  ? page_bad_reason+0x9d/0x1f0
[  111.310202][ T6411]  __free_frozen_pages+0x7f7/0x10f0
[  111.310217][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.310235][ T6411]  page_frag_free+0x27f/0x2e0
[  111.310245][ T6411]  __xdp_return+0x3ab/0xab0
[  111.310256][ T6411]  ? kfree_skbmem+0x1a4/0x1f0
[  111.310268][ T6411]  bpf_xdp_adjust_tail+0x887/0xcb0
[  111.310282][ T6411]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  111.310292][ T6411]  bpf_prog_run_generic_xdp+0x626/0x1530
[  111.310309][ T6411]  do_xdp_generic+0x8e6/0x1320
[  111.310323][ T6411]  ? lock_release+0x201/0x2f0
[  111.310334][ T6411]  ? __pfx_do_xdp_generic+0x10/0x10
[  111.310352][ T6411]  ? mt_find+0x3ef/0xa30
[  111.310374][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  111.310393][ T6411]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  111.310411][ T6411]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  111.310428][ T6411]  ? __skb_flow_dissect+0x11b2/0x7d90
[  111.310440][ T6411]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  111.310455][ T6411]  ? handle_mm_fault+0x200/0xd10
[  111.310472][ T6411]  ? __pfx___skb_flow_dissect+0x10/0x10
[  111.310483][ T6411]  ? lock_release+0x201/0x2f0
[  111.310495][ T6411]  ? do_user_addr_fault+0x843/0x1370
[  111.310510][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.310526][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  111.310541][ T6411]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  111.310556][ T6411]  ? lock_acquire+0x2cd/0x350
[  111.310568][ T6411]  __netif_receive_skb+0x1d/0x160
[  111.310581][ T6411]  netif_receive_skb+0x137/0x7b0
[  111.310594][ T6411]  ? __pfx_netif_receive_skb+0x10/0x10
[  111.310608][ T6411]  ? __pfx__copy_from_iter+0x10/0x10
[  111.310624][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  111.310643][ T6411]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  111.310660][ T6411]  ? lock_acquire+0x2cd/0x350
[  111.310671][ T6411]  ? tun_get_user+0x1df6/0x3cd0
[  111.310687][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.310704][ T6411]  tun_get_user+0x28bb/0x3cd0
[  111.310724][ T6411]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  111.310742][ T6411]  ? __pfx_tun_get_user+0x10/0x10
[  111.310760][ T6411]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  111.310778][ T6411]  ? tun_get+0x191/0x370
[  111.310794][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.310810][ T6411]  ? lock_release+0x201/0x2f0
[  111.310822][ T6411]  tun_chr_write_iter+0xdc/0x210
[  111.310840][ T6411]  vfs_write+0x7d3/0x11d0
[  111.310858][ T6411]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  111.310877][ T6411]  ? __pfx_vfs_write+0x10/0x10
[  111.310894][ T6411]  ? lock_release+0x201/0x2f0
[  111.310908][ T6411]  ksys_write+0x12a/0x250
[  111.310925][ T6411]  ? __pfx_ksys_write+0x10/0x10
[  111.310943][ T6411]  do_syscall_64+0xcd/0x4e0
[  111.310960][ T6411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.310972][ T6411] RIP: 0033:0x7ff08ef8d65f
[  111.310982][ T6411] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  111.310993][ T6411] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  111.311005][ T6411] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  111.311012][ T6411] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  111.311028][ T6411] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  111.311035][ T6411] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  111.311042][ T6411] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  111.311052][ T6411]  </TASK>
[  111.311060][ T6411] BUG: Bad page state in process syz.0.19  pfn:5378a
[  111.470672][ T6411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5378a
[  111.474285][ T6411] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  111.476719][ T6411] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  111.479610][ T6411] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  111.483117][ T6411] page dumped because: page_pool leak
[  111.485869][ T6411] page_owner tracks the page as allocated
[  111.488396][ T6411] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6411, tgid 6410 (syz.0.19), ts 109834678275, free_ts 104401420579
[  111.494918][ T6411]  post_alloc_hook+0x1c0/0x230
[  111.496775][ T6411]  get_page_from_freelist+0x132b/0x38e0
[  111.498489][ T6411]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  111.500278][ T6411]  alloc_pages_bulk_noprof+0x71c/0x1410
[  111.501960][ T6411]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  111.503849][ T6411]  page_pool_alloc_netmems+0xc4/0x190
[  111.505845][ T6411]  skb_pp_cow_data+0x7c0/0xff0
[  111.507837][ T6411]  skb_cow_data_for_xdp+0x88/0xb0
[  111.509890][ T6411]  do_xdp_generic+0x530/0x1320
[  111.511533][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  111.514164][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  111.516700][ T6411]  __netif_receive_skb+0x1d/0x160
[  111.518785][ T6411]  netif_receive_skb+0x137/0x7b0
[  111.520647][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  111.522755][ T6411]  tun_get_user+0x28bb/0x3cd0
[  111.524647][ T6411]  tun_chr_write_iter+0xdc/0x210
[  111.526655][ T6411] page last free pid 6400 tgid 6400 stack trace:
[  111.529516][ T6411]  __free_frozen_pages+0x7d5/0x10f0
[  111.532459][ T6411]  tlb_remove_table_rcu+0x116/0x1a0
[  111.535051][ T6411]  rcu_core+0x79c/0x1530
[  111.536970][ T6411]  handle_softirqs+0x216/0x8e0
[  111.538718][ T6411]  __irq_exit_rcu+0x109/0x170
[  111.540300][ T6411]  irq_exit_rcu+0x9/0x30
[  111.541871][ T6411]  sysvec_call_function_single+0xa4/0xc0
[  111.543834][ T6411]  asm_sysvec_call_function_single+0x1a/0x20
[  111.545866][ T6411] Modules linked in:
[  111.547425][ T6411] CPU: 2 UID: 0 PID: 6411 Comm: syz.0.19 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  111.547453][ T6411] Tainted: [B]=BAD_PAGE
[  111.547460][ T6411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  111.547471][ T6411] Call Trace:
[  111.547479][ T6411]  <TASK>
[  111.547486][ T6411]  dump_stack_lvl+0x16c/0x1f0
[  111.547515][ T6411]  bad_page+0xcf/0x220
[  111.547531][ T6411]  ? __pfx_bad_page+0x10/0x10
[  111.547544][ T6411]  ? page_bad_reason+0x9d/0x1f0
[  111.547558][ T6411]  __free_frozen_pages+0x7f7/0x10f0
[  111.547578][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.547602][ T6411]  page_frag_free+0x27f/0x2e0
[  111.547616][ T6411]  __xdp_return+0x3ab/0xab0
[  111.547631][ T6411]  ? kfree_skbmem+0x1a4/0x1f0
[  111.547648][ T6411]  bpf_xdp_adjust_tail+0x887/0xcb0
[  111.547668][ T6411]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  111.547682][ T6411]  bpf_prog_run_generic_xdp+0x626/0x1530
[  111.547707][ T6411]  do_xdp_generic+0x8e6/0x1320
[  111.547726][ T6411]  ? lock_release+0x201/0x2f0
[  111.547744][ T6411]  ? __pfx_do_xdp_generic+0x10/0x10
[  111.547777][ T6411]  ? mt_find+0x3ef/0xa30
[  111.547804][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  111.547825][ T6411]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  111.547851][ T6411]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  111.547877][ T6411]  ? __skb_flow_dissect+0x11b2/0x7d90
[  111.547898][ T6411]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  111.547919][ T6411]  ? handle_mm_fault+0x200/0xd10
[  111.547944][ T6411]  ? __pfx___skb_flow_dissect+0x10/0x10
[  111.547960][ T6411]  ? lock_release+0x201/0x2f0
[  111.547978][ T6411]  ? do_user_addr_fault+0x843/0x1370
[  111.548004][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.548028][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  111.548050][ T6411]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  111.548073][ T6411]  ? lock_acquire+0x2cd/0x350
[  111.548093][ T6411]  __netif_receive_skb+0x1d/0x160
[  111.548114][ T6411]  netif_receive_skb+0x137/0x7b0
[  111.548136][ T6411]  ? __pfx_netif_receive_skb+0x10/0x10
[  111.548159][ T6411]  ? __pfx__copy_from_iter+0x10/0x10
[  111.548185][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  111.548213][ T6411]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  111.548241][ T6411]  ? lock_acquire+0x2cd/0x350
[  111.548259][ T6411]  ? tun_get_user+0x1df6/0x3cd0
[  111.548284][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.548311][ T6411]  tun_get_user+0x28bb/0x3cd0
[  111.548341][ T6411]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  111.548368][ T6411]  ? __pfx_tun_get_user+0x10/0x10
[  111.548395][ T6411]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  111.548424][ T6411]  ? tun_get+0x191/0x370
[  111.548447][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.548471][ T6411]  ? lock_release+0x201/0x2f0
[  111.548491][ T6411]  tun_chr_write_iter+0xdc/0x210
[  111.548518][ T6411]  vfs_write+0x7d3/0x11d0
[  111.548546][ T6411]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  111.548574][ T6411]  ? __pfx_vfs_write+0x10/0x10
[  111.548600][ T6411]  ? lock_release+0x201/0x2f0
[  111.548623][ T6411]  ksys_write+0x12a/0x250
[  111.548648][ T6411]  ? __pfx_ksys_write+0x10/0x10
[  111.548675][ T6411]  do_syscall_64+0xcd/0x4e0
[  111.548703][ T6411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.548721][ T6411] RIP: 0033:0x7ff08ef8d65f
[  111.548735][ T6411] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  111.548753][ T6411] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  111.548780][ T6411] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  111.548792][ T6411] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  111.548803][ T6411] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  111.548814][ T6411] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  111.548824][ T6411] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  111.548840][ T6411]  </TASK>
[  111.548849][ T6411] BUG: Bad page state in process syz.0.19  pfn:5378c
[  111.693199][ T6411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5378c
[  111.696085][ T6411] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  111.698237][ T6411] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  111.700801][ T6411] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  111.703696][ T6411] page dumped because: page_pool leak
[  111.705677][ T6411] page_owner tracks the page as allocated
[  111.708020][ T6411] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6411, tgid 6410 (syz.0.19), ts 109834673887, free_ts 104401457115
[  111.714319][ T6411]  post_alloc_hook+0x1c0/0x230
[  111.716277][ T6411]  get_page_from_freelist+0x132b/0x38e0
[  111.718563][ T6411]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  111.720886][ T6411]  alloc_pages_bulk_noprof+0x71c/0x1410
[  111.723053][ T6411]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  111.725617][ T6411]  page_pool_alloc_netmems+0xc4/0x190
[  111.728148][ T6411]  skb_pp_cow_data+0x7c0/0xff0
[  111.730566][ T6411]  skb_cow_data_for_xdp+0x88/0xb0
[  111.733073][ T6411]  do_xdp_generic+0x530/0x1320
[  111.735108][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  111.737844][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  111.740099][ T6411]  __netif_receive_skb+0x1d/0x160
[  111.741781][ T6411]  netif_receive_skb+0x137/0x7b0
[  111.743392][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  111.745510][ T6411]  tun_get_user+0x28bb/0x3cd0
[  111.747692][ T6411]  tun_chr_write_iter+0xdc/0x210
[  111.749816][ T6411] page last free pid 6400 tgid 6400 stack trace:
[  111.752853][ T6411]  __free_frozen_pages+0x7d5/0x10f0
[  111.754523][ T6411]  tlb_remove_table_rcu+0x116/0x1a0
[  111.756647][ T6411]  rcu_core+0x79c/0x1530
[  111.758408][ T6411]  handle_softirqs+0x216/0x8e0
[  111.760120][ T6411]  __irq_exit_rcu+0x109/0x170
[  111.761848][ T6411]  irq_exit_rcu+0x9/0x30
[  111.763590][ T6411]  sysvec_call_function_single+0xa4/0xc0
[  111.766031][ T6411]  asm_sysvec_call_function_single+0x1a/0x20
[  111.768789][ T6411] Modules linked in:
[  111.770278][ T6411] CPU: 2 UID: 0 PID: 6411 Comm: syz.0.19 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  111.770300][ T6411] Tainted: [B]=BAD_PAGE
[  111.770304][ T6411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  111.770314][ T6411] Call Trace:
[  111.770319][ T6411]  <TASK>
[  111.770325][ T6411]  dump_stack_lvl+0x16c/0x1f0
[  111.770348][ T6411]  bad_page+0xcf/0x220
[  111.770361][ T6411]  ? __pfx_bad_page+0x10/0x10
[  111.770373][ T6411]  ? page_bad_reason+0x9d/0x1f0
[  111.770385][ T6411]  __free_frozen_pages+0x7f7/0x10f0
[  111.770403][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.770423][ T6411]  page_frag_free+0x27f/0x2e0
[  111.770435][ T6411]  __xdp_return+0x3ab/0xab0
[  111.770449][ T6411]  ? kfree_skbmem+0x1a4/0x1f0
[  111.770463][ T6411]  bpf_xdp_adjust_tail+0x887/0xcb0
[  111.770480][ T6411]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  111.770491][ T6411]  bpf_prog_run_generic_xdp+0x626/0x1530
[  111.770511][ T6411]  do_xdp_generic+0x8e6/0x1320
[  111.770526][ T6411]  ? lock_release+0x201/0x2f0
[  111.770539][ T6411]  ? __pfx_do_xdp_generic+0x10/0x10
[  111.770560][ T6411]  ? mt_find+0x3ef/0xa30
[  111.770580][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  111.770598][ T6411]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  111.770618][ T6411]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  111.770637][ T6411]  ? __skb_flow_dissect+0x11b2/0x7d90
[  111.770651][ T6411]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  111.770668][ T6411]  ? handle_mm_fault+0x200/0xd10
[  111.770687][ T6411]  ? __pfx___skb_flow_dissect+0x10/0x10
[  111.770701][ T6411]  ? lock_release+0x201/0x2f0
[  111.770714][ T6411]  ? do_user_addr_fault+0x843/0x1370
[  111.770731][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.770750][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  111.770774][ T6411]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  111.770792][ T6411]  ? lock_acquire+0x2cd/0x350
[  111.770806][ T6411]  __netif_receive_skb+0x1d/0x160
[  111.770821][ T6411]  netif_receive_skb+0x137/0x7b0
[  111.770836][ T6411]  ? __pfx_netif_receive_skb+0x10/0x10
[  111.770851][ T6411]  ? __pfx__copy_from_iter+0x10/0x10
[  111.770871][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  111.770892][ T6411]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  111.770913][ T6411]  ? lock_acquire+0x2cd/0x350
[  111.770925][ T6411]  ? tun_get_user+0x1df6/0x3cd0
[  111.770944][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.770963][ T6411]  tun_get_user+0x28bb/0x3cd0
[  111.770986][ T6411]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  111.771006][ T6411]  ? __pfx_tun_get_user+0x10/0x10
[  111.771029][ T6411]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  111.771051][ T6411]  ? tun_get+0x191/0x370
[  111.771068][ T6411]  ? rcu_is_watching+0x12/0xc0
[  111.771086][ T6411]  ? lock_release+0x201/0x2f0
[  111.771100][ T6411]  tun_chr_write_iter+0xdc/0x210
[  111.771121][ T6411]  vfs_write+0x7d3/0x11d0
[  111.771142][ T6411]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  111.771163][ T6411]  ? __pfx_vfs_write+0x10/0x10
[  111.771183][ T6411]  ? lock_release+0x201/0x2f0
[  111.771199][ T6411]  ksys_write+0x12a/0x250
[  111.771218][ T6411]  ? __pfx_ksys_write+0x10/0x10
[  111.771239][ T6411]  do_syscall_64+0xcd/0x4e0
[  111.771260][ T6411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.771273][ T6411] RIP: 0033:0x7ff08ef8d65f
[  111.771285][ T6411] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  111.771298][ T6411] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  111.771312][ T6411] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  111.771320][ T6411] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  111.771328][ T6411] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  111.771336][ T6411] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  111.771343][ T6411] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  111.771388][ T6411]  </TASK>
[  111.771397][ T6411] BUG: Bad page state in process syz.0.19  pfn:5378d
[  111.928584][ T6411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5378d
[  111.931207][ T6411] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  111.933351][ T6411] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  111.935959][ T6411] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  111.938967][ T6411] page dumped because: page_pool leak
[  111.941046][ T6411] page_owner tracks the page as allocated
[  111.943539][ T6411] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6411, tgid 6410 (syz.0.19), ts 109834669779, free_ts 109833579323
[  111.949233][ T6411]  post_alloc_hook+0x1c0/0x230
[  111.950929][ T6411]  get_page_from_freelist+0x132b/0x38e0
[  111.953192][ T6411]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  111.955930][ T6411]  alloc_pages_bulk_noprof+0x71c/0x1410
[  111.958223][ T6411]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  111.960575][ T6411]  page_pool_alloc_netmems+0xc4/0x190
[  111.962664][ T6411]  skb_pp_cow_data+0x7c0/0xff0
[  111.964591][ T6411]  skb_cow_data_for_xdp+0x88/0xb0
[  111.966409][ T6411]  do_xdp_generic+0x530/0x1320
[  111.968059][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  111.970190][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  111.972099][ T6411]  __netif_receive_skb+0x1d/0x160
[  111.973645][ T6411]  netif_receive_skb+0x137/0x7b0
[  111.975408][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  111.977502][ T6411]  tun_get_user+0x28bb/0x3cd0
[  111.979462][ T6411]  tun_chr_write_iter+0xdc/0x210
[  111.981737][ T6411] page last free pid 6411 tgid 6410 stack trace:
[  111.984321][ T6411]  __free_frozen_pages+0x7d5/0x10f0
[  111.986232][ T6411]  kasan_populate_vmalloc+0x1eb/0x2d0
[  111.988086][ T6411]  alloc_vmap_area+0x960/0x29c0
[  111.989765][ T6411]  __get_vm_area_node+0x1ca/0x330
[  111.991895][ T6411]  __vmalloc_node_range_noprof+0x271/0x14b0
[  111.994105][ T6411]  __vmalloc_node_noprof+0xad/0xf0
[  111.996045][ T6411]  bpf_prog_calc_tag+0x69/0x370
[  111.997762][ T6411]  resolve_pseudo_ldimm64+0xd3/0x1aa0
[  111.999815][ T6411]  bpf_check+0x6471/0xb6f0
[  112.001579][ T6411]  bpf_prog_load+0x1129/0x2850
[  112.003229][ T6411]  __sys_bpf+0x3e6d/0x4980
[  112.004744][ T6411]  __x64_sys_bpf+0x78/0xc0
[  112.006335][ T6411]  do_syscall_64+0xcd/0x4e0
[  112.008378][ T6411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.010673][ T6411] Modules linked in:
[  112.011987][ T6411] CPU: 2 UID: 0 PID: 6411 Comm: syz.0.19 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  112.012005][ T6411] Tainted: [B]=BAD_PAGE
[  112.012009][ T6411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  112.012018][ T6411] Call Trace:
[  112.012024][ T6411]  <TASK>
[  112.012029][ T6411]  dump_stack_lvl+0x16c/0x1f0
[  112.012048][ T6411]  bad_page+0xcf/0x220
[  112.012059][ T6411]  ? __pfx_bad_page+0x10/0x10
[  112.012069][ T6411]  ? page_bad_reason+0x9d/0x1f0
[  112.012080][ T6411]  __free_frozen_pages+0x7f7/0x10f0
[  112.012095][ T6411]  ? rcu_is_watching+0x12/0xc0
[  112.012111][ T6411]  page_frag_free+0x27f/0x2e0
[  112.012122][ T6411]  __xdp_return+0x3ab/0xab0
[  112.012133][ T6411]  ? kfree_skbmem+0x1a4/0x1f0
[  112.012145][ T6411]  bpf_xdp_adjust_tail+0x887/0xcb0
[  112.012160][ T6411]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  112.012169][ T6411]  bpf_prog_run_generic_xdp+0x626/0x1530
[  112.012186][ T6411]  do_xdp_generic+0x8e6/0x1320
[  112.012199][ T6411]  ? lock_release+0x201/0x2f0
[  112.012210][ T6411]  ? __pfx_do_xdp_generic+0x10/0x10
[  112.012227][ T6411]  ? mt_find+0x3ef/0xa30
[  112.012244][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  112.012259][ T6411]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  112.012276][ T6411]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  112.012292][ T6411]  ? __skb_flow_dissect+0x11b2/0x7d90
[  112.012305][ T6411]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  112.012319][ T6411]  ? handle_mm_fault+0x200/0xd10
[  112.012335][ T6411]  ? __pfx___skb_flow_dissect+0x10/0x10
[  112.012347][ T6411]  ? lock_release+0x201/0x2f0
[  112.012358][ T6411]  ? do_user_addr_fault+0x843/0x1370
[  112.012373][ T6411]  ? rcu_is_watching+0x12/0xc0
[  112.012389][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  112.012402][ T6411]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  112.012417][ T6411]  ? lock_acquire+0x2cd/0x350
[  112.012429][ T6411]  __netif_receive_skb+0x1d/0x160
[  112.012442][ T6411]  netif_receive_skb+0x137/0x7b0
[  112.012455][ T6411]  ? __pfx_netif_receive_skb+0x10/0x10
[  112.012468][ T6411]  ? __pfx__copy_from_iter+0x10/0x10
[  112.012484][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  112.012502][ T6411]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  112.012519][ T6411]  ? lock_acquire+0x2cd/0x350
[  112.012529][ T6411]  ? tun_get_user+0x1df6/0x3cd0
[  112.012546][ T6411]  ? rcu_is_watching+0x12/0xc0
[  112.012562][ T6411]  tun_get_user+0x28bb/0x3cd0
[  112.012581][ T6411]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  112.012598][ T6411]  ? __pfx_tun_get_user+0x10/0x10
[  112.012616][ T6411]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  112.012634][ T6411]  ? tun_get+0x191/0x370
[  112.012648][ T6411]  ? rcu_is_watching+0x12/0xc0
[  112.012664][ T6411]  ? lock_release+0x201/0x2f0
[  112.012676][ T6411]  tun_chr_write_iter+0xdc/0x210
[  112.012694][ T6411]  vfs_write+0x7d3/0x11d0
[  112.012711][ T6411]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  112.012728][ T6411]  ? __pfx_vfs_write+0x10/0x10
[  112.012744][ T6411]  ? lock_release+0x201/0x2f0
[  112.012758][ T6411]  ksys_write+0x12a/0x250
[  112.012778][ T6411]  ? __pfx_ksys_write+0x10/0x10
[  112.012796][ T6411]  do_syscall_64+0xcd/0x4e0
[  112.012811][ T6411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.012822][ T6411] RIP: 0033:0x7ff08ef8d65f
[  112.012832][ T6411] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  112.012842][ T6411] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  112.012853][ T6411] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  112.012860][ T6411] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  112.012866][ T6411] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  112.012872][ T6411] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  112.012879][ T6411] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  112.012889][ T6411]  </TASK>
[  112.012897][ T6411] BUG: Bad page state in process syz.0.19  pfn:53789
[  112.145022][ T6411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x53789
[  112.147801][ T6411] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  112.150172][ T6411] raw: 00fff00000000000 dead000000000040 ffff888021998000 0000000000000000
[  112.153616][ T6411] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  112.157165][ T6411] page dumped because: page_pool leak
[  112.159150][ T6411] page_owner tracks the page as allocated
[  112.161181][ T6411] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6411, tgid 6410 (syz.0.19), ts 109834663884, free_ts 109833599795
[  112.166643][ T6411]  post_alloc_hook+0x1c0/0x230
[  112.168217][ T6411]  get_page_from_freelist+0x132b/0x38e0
[  112.169831][ T6411]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  112.171645][ T6411]  alloc_pages_bulk_noprof+0x71c/0x1410
[  112.173618][ T6411]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  112.175828][ T6411]  page_pool_alloc_netmems+0xc4/0x190
[  112.177795][ T6411]  skb_pp_cow_data+0x7c0/0xff0
[  112.179242][ T6411]  skb_cow_data_for_xdp+0x88/0xb0
[  112.180757][ T6411]  do_xdp_generic+0x530/0x1320
[  112.182191][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  112.184226][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  112.186664][ T6411]  __netif_receive_skb+0x1d/0x160
[  112.188538][ T6411]  netif_receive_skb+0x137/0x7b0
[  112.190448][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  112.192749][ T6411]  tun_get_user+0x28bb/0x3cd0
[  112.194946][ T6411]  tun_chr_write_iter+0xdc/0x210
[  112.197227][ T6411] page last free pid 6411 tgid 6410 stack trace:
[  112.200056][ T6411]  __free_frozen_pages+0x7d5/0x10f0
[  112.202196][ T6411]  vfree+0x1fd/0xb50
[  112.203797][ T6411]  bpf_prog_calc_tag+0x2ec/0x370
[  112.205722][ T6411]  resolve_pseudo_ldimm64+0xd3/0x1aa0
[  112.207722][ T6411]  bpf_check+0x6471/0xb6f0
[  112.209246][ T6411]  bpf_prog_load+0x1129/0x2850
[  112.211261][ T6411]  __sys_bpf+0x3e6d/0x4980
[  112.213690][ T6411]  __x64_sys_bpf+0x78/0xc0
[  112.216133][ T6411]  do_syscall_64+0xcd/0x4e0
[  112.218442][ T6411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.220467][ T6411] Modules linked in:
[  112.221622][ T6411] CPU: 2 UID: 0 PID: 6411 Comm: syz.0.19 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  112.221640][ T6411] Tainted: [B]=BAD_PAGE
[  112.221644][ T6411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  112.221650][ T6411] Call Trace:
[  112.221655][ T6411]  <TASK>
[  112.221660][ T6411]  dump_stack_lvl+0x16c/0x1f0
[  112.221678][ T6411]  bad_page+0xcf/0x220
[  112.221689][ T6411]  ? __pfx_bad_page+0x10/0x10
[  112.221699][ T6411]  ? page_bad_reason+0x9d/0x1f0
[  112.221708][ T6411]  __free_frozen_pages+0x7f7/0x10f0
[  112.221723][ T6411]  ? rcu_is_watching+0x12/0xc0
[  112.221740][ T6411]  page_frag_free+0x27f/0x2e0
[  112.221750][ T6411]  __xdp_return+0x3ab/0xab0
[  112.221765][ T6411]  ? kfree_skbmem+0x1a4/0x1f0
[  112.221776][ T6411]  bpf_xdp_adjust_tail+0x887/0xcb0
[  112.221790][ T6411]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  112.221799][ T6411]  bpf_prog_run_generic_xdp+0x626/0x1530
[  112.221816][ T6411]  do_xdp_generic+0x8e6/0x1320
[  112.221828][ T6411]  ? lock_release+0x201/0x2f0
[  112.221839][ T6411]  ? __pfx_do_xdp_generic+0x10/0x10
[  112.221856][ T6411]  ? mt_find+0x3ef/0xa30
[  112.221873][ T6411]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  112.221887][ T6411]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  112.221904][ T6411]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  112.221920][ T6411]  ? __skb_flow_dissect+0x11b2/0x7d90
[  112.221931][ T6411]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  112.221945][ T6411]  ? handle_mm_fault+0x200/0xd10
[  112.221960][ T6411]  ? __pfx___skb_flow_dissect+0x10/0x10
[  112.221971][ T6411]  ? lock_release+0x201/0x2f0
[  112.221982][ T6411]  ? do_user_addr_fault+0x843/0x1370
[  112.221997][ T6411]  ? rcu_is_watching+0x12/0xc0
[  112.222012][ T6411]  __netif_receive_skb_one_core+0xb0/0x1e0
[  112.222025][ T6411]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  112.222039][ T6411]  ? lock_acquire+0x2cd/0x350
[  112.222051][ T6411]  __netif_receive_skb+0x1d/0x160
[  112.222063][ T6411]  netif_receive_skb+0x137/0x7b0
[  112.222076][ T6411]  ? __pfx_netif_receive_skb+0x10/0x10
[  112.222088][ T6411]  ? __pfx__copy_from_iter+0x10/0x10
[  112.222105][ T6411]  tun_rx_batched.isra.0+0x3ee/0x740
[  112.222122][ T6411]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  112.222138][ T6411]  ? lock_acquire+0x2cd/0x350
[  112.222149][ T6411]  ? tun_get_user+0x1df6/0x3cd0
[  112.222164][ T6411]  ? rcu_is_watching+0x12/0xc0
[  112.222180][ T6411]  tun_get_user+0x28bb/0x3cd0
[  112.222199][ T6411]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  112.222216][ T6411]  ? __pfx_tun_get_user+0x10/0x10
[  112.222232][ T6411]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  112.222250][ T6411]  ? tun_get+0x191/0x370
[  112.222264][ T6411]  ? rcu_is_watching+0x12/0xc0
[  112.222278][ T6411]  ? lock_release+0x201/0x2f0
[  112.222290][ T6411]  tun_chr_write_iter+0xdc/0x210
[  112.222308][ T6411]  vfs_write+0x7d3/0x11d0
[  112.222325][ T6411]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  112.222343][ T6411]  ? __pfx_vfs_write+0x10/0x10
[  112.222359][ T6411]  ? lock_release+0x201/0x2f0
[  112.222372][ T6411]  ksys_write+0x12a/0x250
[  112.222388][ T6411]  ? __pfx_ksys_write+0x10/0x10
[  112.222405][ T6411]  do_syscall_64+0xcd/0x4e0
[  112.222422][ T6411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.222433][ T6411] RIP: 0033:0x7ff08ef8d65f
[  112.222442][ T6411] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  112.222453][ T6411] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  112.222464][ T6411] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  112.222471][ T6411] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  112.222478][ T6411] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  112.222484][ T6411] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  112.222490][ T6411] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  112.222500][ T6411]  </TASK>
[  112.378107][ T6413] BUG: Bad page state in process syz.0.20  pfn:502d0
[  112.381170][ T6413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x502d0
[  112.385175][ T6413] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  112.388034][ T6413] raw: 00fff00000000000 dead000000000040 ffff88802199a000 0000000000000000
[  112.391636][ T6413] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  112.395402][ T6413] page dumped because: page_pool leak
[  112.398397][ T6413] page_owner tracks the page as allocated
[  112.401046][ T6413] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6413, tgid 6412 (syz.0.20), ts 112378036702, free_ts 109827799981
[  112.407817][ T6413]  post_alloc_hook+0x1c0/0x230
[  112.409687][ T6413]  get_page_from_freelist+0x132b/0x38e0
[  112.411892][ T6413]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  112.414146][ T6413]  alloc_pages_bulk_noprof+0x71c/0x1410
[  112.416358][ T6413]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  112.418832][ T6413]  page_pool_alloc_netmems+0xc4/0x190
[  112.421071][ T6413]  skb_pp_cow_data+0x7c0/0xff0
[  112.423545][ T6413]  skb_cow_data_for_xdp+0x88/0xb0
[  112.426117][ T6413]  do_xdp_generic+0x530/0x1320
[  112.428567][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  112.431161][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  112.433521][ T6413]  __netif_receive_skb+0x1d/0x160
[  112.435476][ T6413]  netif_receive_skb+0x137/0x7b0
[  112.437708][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  112.439796][ T6413]  tun_get_user+0x28bb/0x3cd0
[  112.441644][ T6413]  tun_chr_write_iter+0xdc/0x210
[  112.443943][ T6413] page last free pid 33 tgid 33 stack trace:
[  112.446977][ T6413]  __free_frozen_pages+0x7d5/0x10f0
[  112.449226][ T6413]  tlb_remove_table_rcu+0x116/0x1a0
[  112.451254][ T6413]  rcu_core+0x79c/0x1530
[  112.453091][ T6413]  handle_softirqs+0x216/0x8e0
[  112.455007][ T6413]  run_ksoftirqd+0x3a/0x60
[  112.456785][ T6413]  smpboot_thread_fn+0x3f4/0xae0
[  112.458763][ T6413]  kthread+0x3c5/0x780
[  112.460348][ T6413]  ret_from_fork+0x56a/0x730
[  112.462435][ T6413]  ret_from_fork_asm+0x1a/0x30
[  112.464545][ T6413] Modules linked in:
[  112.466804][ T6413] CPU: 3 UID: 0 PID: 6413 Comm: syz.0.20 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  112.466863][ T6413] Tainted: [B]=BAD_PAGE
[  112.466871][ T6413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  112.466886][ T6413] Call Trace:
[  112.466896][ T6413]  <TASK>
[  112.466906][ T6413]  dump_stack_lvl+0x16c/0x1f0
[  112.466944][ T6413]  bad_page+0xcf/0x220
[  112.466971][ T6413]  ? __pfx_bad_page+0x10/0x10
[  112.466994][ T6413]  ? page_bad_reason+0x9d/0x1f0
[  112.467021][ T6413]  __free_frozen_pages+0x7f7/0x10f0
[  112.467053][ T6413]  ? rcu_is_watching+0x12/0xc0
[  112.467087][ T6413]  page_frag_free+0x27f/0x2e0
[  112.467111][ T6413]  __xdp_return+0x3ab/0xab0
[  112.467138][ T6413]  ? kfree_skbmem+0x1a4/0x1f0
[  112.467167][ T6413]  bpf_xdp_adjust_tail+0x887/0xcb0
[  112.467198][ T6413]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  112.467222][ T6413]  bpf_prog_run_generic_xdp+0x626/0x1530
[  112.467258][ T6413]  do_xdp_generic+0x8e6/0x1320
[  112.467289][ T6413]  ? lock_release+0x201/0x2f0
[  112.467317][ T6413]  ? __pfx_do_xdp_generic+0x10/0x10
[  112.467388][ T6413]  ? mt_find+0x3ef/0xa30
[  112.467430][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  112.467473][ T6413]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  112.467511][ T6413]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  112.467553][ T6413]  ? __skb_flow_dissect+0x11b2/0x7d90
[  112.467583][ T6413]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  112.467615][ T6413]  ? handle_mm_fault+0x200/0xd10
[  112.467651][ T6413]  ? __pfx___skb_flow_dissect+0x10/0x10
[  112.467674][ T6413]  ? lock_release+0x201/0x2f0
[  112.467697][ T6413]  ? do_user_addr_fault+0x843/0x1370
[  112.467742][ T6413]  ? rcu_is_watching+0x12/0xc0
[  112.467778][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  112.467805][ T6413]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  112.467835][ T6413]  ? lock_acquire+0x2cd/0x350
[  112.467859][ T6413]  __netif_receive_skb+0x1d/0x160
[  112.467891][ T6413]  netif_receive_skb+0x137/0x7b0
[  112.467921][ T6413]  ? __pfx_netif_receive_skb+0x10/0x10
[  112.467949][ T6413]  ? __pfx__copy_from_iter+0x10/0x10
[  112.467990][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  112.468029][ T6413]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  112.468069][ T6413]  ? lock_acquire+0x2cd/0x350
[  112.468096][ T6413]  ? tun_get_user+0x1df6/0x3cd0
[  112.468131][ T6413]  ? rcu_is_watching+0x12/0xc0
[  112.468163][ T6413]  tun_get_user+0x28bb/0x3cd0
[  112.468201][ T6413]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  112.468240][ T6413]  ? __pfx_tun_get_user+0x10/0x10
[  112.468281][ T6413]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  112.468317][ T6413]  ? tun_get+0x191/0x370
[  112.468344][ T6413]  ? rcu_is_watching+0x12/0xc0
[  112.468378][ T6413]  ? lock_release+0x201/0x2f0
[  112.468406][ T6413]  tun_chr_write_iter+0xdc/0x210
[  112.468445][ T6413]  vfs_write+0x7d3/0x11d0
[  112.468481][ T6413]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  112.468526][ T6413]  ? __pfx_vfs_write+0x10/0x10
[  112.468564][ T6413]  ? lock_release+0x201/0x2f0
[  112.468602][ T6413]  ksys_write+0x12a/0x250
[  112.468643][ T6413]  ? __pfx_ksys_write+0x10/0x10
[  112.468682][ T6413]  do_syscall_64+0xcd/0x4e0
[  112.468718][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.468756][ T6413] RIP: 0033:0x7ff08ef8d65f
[  112.468775][ T6413] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  112.468796][ T6413] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  112.468822][ T6413] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  112.468840][ T6413] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  112.468856][ T6413] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  112.468867][ T6413] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  112.468879][ T6413] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  112.468905][ T6413]  </TASK>
[  112.629795][ T6413] BUG: Bad page state in process syz.0.20  pfn:51c85
[  112.632491][ T6413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51c85
[  112.636260][ T6413] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  112.639469][ T6413] raw: 00fff00000000000 dead000000000040 ffff88802199a000 0000000000000000
[  112.643480][ T6413] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  112.648085][ T6413] page dumped because: page_pool leak
[  112.650611][ T6413] page_owner tracks the page as allocated
[  112.652932][ T6413] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6413, tgid 6412 (syz.0.20), ts 112378029285, free_ts 109827809931
[  112.659444][ T6413]  post_alloc_hook+0x1c0/0x230
[  112.661317][ T6413]  get_page_from_freelist+0x132b/0x38e0
[  112.663522][ T6413]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  112.666049][ T6413]  alloc_pages_bulk_noprof+0x71c/0x1410
[  112.668511][ T6413]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  112.671048][ T6413]  page_pool_alloc_netmems+0xc4/0x190
[  112.673537][ T6413]  skb_pp_cow_data+0x7c0/0xff0
[  112.675655][ T6413]  skb_cow_data_for_xdp+0x88/0xb0
[  112.677816][ T6413]  do_xdp_generic+0x530/0x1320
[  112.679796][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  112.682516][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  112.684823][ T6413]  __netif_receive_skb+0x1d/0x160
[  112.687191][ T6413]  netif_receive_skb+0x137/0x7b0
[  112.690360][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  112.693276][ T6413]  tun_get_user+0x28bb/0x3cd0
[  112.695329][ T6413]  tun_chr_write_iter+0xdc/0x210
[  112.697444][ T6413] page last free pid 33 tgid 33 stack trace:
[  112.699842][ T6413]  __free_frozen_pages+0x7d5/0x10f0
[  112.701879][ T6413]  tlb_remove_table_rcu+0x116/0x1a0
[  112.703919][ T6413]  rcu_core+0x79c/0x1530
[  112.705567][ T6413]  handle_softirqs+0x216/0x8e0
[  112.707502][ T6413]  run_ksoftirqd+0x3a/0x60
[  112.709200][ T6413]  smpboot_thread_fn+0x3f4/0xae0
[  112.711335][ T6413]  kthread+0x3c5/0x780
[  112.713194][ T6413]  ret_from_fork+0x56a/0x730
[  112.715220][ T6413]  ret_from_fork_asm+0x1a/0x30
[  112.717845][ T6413] Modules linked in:
[  112.719943][ T6413] CPU: 3 UID: 0 PID: 6413 Comm: syz.0.20 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  112.719978][ T6413] Tainted: [B]=BAD_PAGE
[  112.719988][ T6413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  112.720002][ T6413] Call Trace:
[  112.720011][ T6413]  <TASK>
[  112.720020][ T6413]  dump_stack_lvl+0x16c/0x1f0
[  112.720067][ T6413]  bad_page+0xcf/0x220
[  112.720092][ T6413]  ? __pfx_bad_page+0x10/0x10
[  112.720122][ T6413]  ? page_bad_reason+0x9d/0x1f0
[  112.720142][ T6413]  __free_frozen_pages+0x7f7/0x10f0
[  112.720169][ T6413]  ? rcu_is_watching+0x12/0xc0
[  112.720200][ T6413]  page_frag_free+0x27f/0x2e0
[  112.720222][ T6413]  __xdp_return+0x3ab/0xab0
[  112.720245][ T6413]  ? kfree_skbmem+0x1a4/0x1f0
[  112.720272][ T6413]  bpf_xdp_adjust_tail+0x887/0xcb0
[  112.720300][ T6413]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  112.720318][ T6413]  bpf_prog_run_generic_xdp+0x626/0x1530
[  112.720349][ T6413]  do_xdp_generic+0x8e6/0x1320
[  112.720373][ T6413]  ? lock_release+0x201/0x2f0
[  112.720398][ T6413]  ? __pfx_do_xdp_generic+0x10/0x10
[  112.720437][ T6413]  ? mt_find+0x3ef/0xa30
[  112.720470][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  112.720497][ T6413]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  112.720528][ T6413]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  112.720562][ T6413]  ? __skb_flow_dissect+0x11b2/0x7d90
[  112.720589][ T6413]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  112.720618][ T6413]  ? handle_mm_fault+0x200/0xd10
[  112.720647][ T6413]  ? __pfx___skb_flow_dissect+0x10/0x10
[  112.720668][ T6413]  ? lock_release+0x201/0x2f0
[  112.720690][ T6413]  ? do_user_addr_fault+0x843/0x1370
[  112.720722][ T6413]  ? rcu_is_watching+0x12/0xc0
[  112.720757][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  112.720784][ T6413]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  112.720811][ T6413]  ? lock_acquire+0x2cd/0x350
[  112.720833][ T6413]  __netif_receive_skb+0x1d/0x160
[  112.720856][ T6413]  netif_receive_skb+0x137/0x7b0
[  112.720883][ T6413]  ? __pfx_netif_receive_skb+0x10/0x10
[  112.720912][ T6413]  ? __pfx__copy_from_iter+0x10/0x10
[  112.720946][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  112.720981][ T6413]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  112.721011][ T6413]  ? lock_acquire+0x2cd/0x350
[  112.721038][ T6413]  ? tun_get_user+0x1df6/0x3cd0
[  112.721072][ T6413]  ? rcu_is_watching+0x12/0xc0
[  112.721107][ T6413]  tun_get_user+0x28bb/0x3cd0
[  112.721146][ T6413]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  112.721176][ T6413]  ? __pfx_tun_get_user+0x10/0x10
[  112.721209][ T6413]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  112.721247][ T6413]  ? tun_get+0x191/0x370
[  112.721277][ T6413]  ? rcu_is_watching+0x12/0xc0
[  112.721305][ T6413]  ? lock_release+0x201/0x2f0
[  112.721328][ T6413]  tun_chr_write_iter+0xdc/0x210
[  112.721360][ T6413]  vfs_write+0x7d3/0x11d0
[  112.721395][ T6413]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  112.721434][ T6413]  ? __pfx_vfs_write+0x10/0x10
[  112.721464][ T6413]  ? lock_release+0x201/0x2f0
[  112.721490][ T6413]  ksys_write+0x12a/0x250
[  112.721519][ T6413]  ? __pfx_ksys_write+0x10/0x10
[  112.721557][ T6413]  do_syscall_64+0xcd/0x4e0
[  112.721594][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.721617][ T6413] RIP: 0033:0x7ff08ef8d65f
[  112.721633][ T6413] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  112.721653][ T6413] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  112.721673][ T6413] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  112.721689][ T6413] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  112.721705][ T6413] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  112.721719][ T6413] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  112.721735][ T6413] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  112.721759][ T6413]  </TASK>
[  112.721773][ T6413] BUG: Bad page state in process syz.0.20  pfn:51c86
[  112.884333][ T6413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51c86
[  112.887996][ T6413] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  112.890914][ T6413] raw: 00fff00000000000 dead000000000040 ffff88802199a000 0000000000000000
[  112.894749][ T6413] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  112.898774][ T6413] page dumped because: page_pool leak
[  112.900983][ T6413] page_owner tracks the page as allocated
[  112.903162][ T6413] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6413, tgid 6412 (syz.0.20), ts 112378021965, free_ts 109827819287
[  112.909693][ T6413]  post_alloc_hook+0x1c0/0x230
[  112.911881][ T6413]  get_page_from_freelist+0x132b/0x38e0
[  112.914485][ T6413]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  112.917113][ T6413]  alloc_pages_bulk_noprof+0x71c/0x1410
[  112.919931][ T6413]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  112.922823][ T6413]  page_pool_alloc_netmems+0xc4/0x190
[  112.925037][ T6413]  skb_pp_cow_data+0x7c0/0xff0
[  112.927004][ T6413]  skb_cow_data_for_xdp+0x88/0xb0
[  112.929058][ T6413]  do_xdp_generic+0x530/0x1320
[  112.930964][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  112.933710][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  112.936172][ T6413]  __netif_receive_skb+0x1d/0x160
[  112.938357][ T6413]  netif_receive_skb+0x137/0x7b0
[  112.940392][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  112.942585][ T6413]  tun_get_user+0x28bb/0x3cd0
[  112.945146][ T6413]  tun_chr_write_iter+0xdc/0x210
[  112.947614][ T6413] page last free pid 33 tgid 33 stack trace:
[  112.950041][ T6413]  __free_frozen_pages+0x7d5/0x10f0
[  112.952160][ T6413]  tlb_remove_table_rcu+0x116/0x1a0
[  112.954220][ T6413]  rcu_core+0x79c/0x1530
[  112.955949][ T6413]  handle_softirqs+0x216/0x8e0
[  112.957912][ T6413]  run_ksoftirqd+0x3a/0x60
[  112.959712][ T6413]  smpboot_thread_fn+0x3f4/0xae0
[  112.962486][ T6413]  kthread+0x3c5/0x780
[  112.964959][ T6413]  ret_from_fork+0x56a/0x730
[  112.967441][ T6413]  ret_from_fork_asm+0x1a/0x30
[  112.969363][ T6413] Modules linked in:
[  112.970932][ T6413] CPU: 3 UID: 0 PID: 6413 Comm: syz.0.20 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  112.970957][ T6413] Tainted: [B]=BAD_PAGE
[  112.970962][ T6413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  112.970975][ T6413] Call Trace:
[  112.970983][ T6413]  <TASK>
[  112.970992][ T6413]  dump_stack_lvl+0x16c/0x1f0
[  112.971020][ T6413]  bad_page+0xcf/0x220
[  112.971037][ T6413]  ? __pfx_bad_page+0x10/0x10
[  112.971052][ T6413]  ? page_bad_reason+0x9d/0x1f0
[  112.971072][ T6413]  __free_frozen_pages+0x7f7/0x10f0
[  112.971092][ T6413]  ? rcu_is_watching+0x12/0xc0
[  112.971114][ T6413]  page_frag_free+0x27f/0x2e0
[  112.971129][ T6413]  __xdp_return+0x3ab/0xab0
[  112.971148][ T6413]  ? kfree_skbmem+0x1a4/0x1f0
[  112.971166][ T6413]  bpf_xdp_adjust_tail+0x887/0xcb0
[  112.971189][ T6413]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  112.971202][ T6413]  bpf_prog_run_generic_xdp+0x626/0x1530
[  112.971226][ T6413]  do_xdp_generic+0x8e6/0x1320
[  112.971243][ T6413]  ? lock_release+0x201/0x2f0
[  112.971259][ T6413]  ? __pfx_do_xdp_generic+0x10/0x10
[  112.971283][ T6413]  ? mt_find+0x3ef/0xa30
[  112.971310][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  112.971385][ T6413]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  112.971412][ T6413]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  112.971434][ T6413]  ? __skb_flow_dissect+0x11b2/0x7d90
[  112.971451][ T6413]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  112.971473][ T6413]  ? handle_mm_fault+0x200/0xd10
[  112.971499][ T6413]  ? __pfx___skb_flow_dissect+0x10/0x10
[  112.971515][ T6413]  ? lock_release+0x201/0x2f0
[  112.971531][ T6413]  ? do_user_addr_fault+0x843/0x1370
[  112.971552][ T6413]  ? rcu_is_watching+0x12/0xc0
[  112.971573][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  112.971591][ T6413]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  112.971612][ T6413]  ? lock_acquire+0x2cd/0x350
[  112.971631][ T6413]  __netif_receive_skb+0x1d/0x160
[  112.971652][ T6413]  netif_receive_skb+0x137/0x7b0
[  112.971670][ T6413]  ? __pfx_netif_receive_skb+0x10/0x10
[  112.971691][ T6413]  ? __pfx__copy_from_iter+0x10/0x10
[  112.971713][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  112.971737][ T6413]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  112.971769][ T6413]  ? lock_acquire+0x2cd/0x350
[  112.971786][ T6413]  ? tun_get_user+0x1df6/0x3cd0
[  112.971811][ T6413]  ? rcu_is_watching+0x12/0xc0
[  112.971835][ T6413]  tun_get_user+0x28bb/0x3cd0
[  112.971861][ T6413]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  112.971883][ T6413]  ? __pfx_tun_get_user+0x10/0x10
[  112.971906][ T6413]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  112.971931][ T6413]  ? tun_get+0x191/0x370
[  112.971953][ T6413]  ? rcu_is_watching+0x12/0xc0
[  112.971975][ T6413]  ? lock_release+0x201/0x2f0
[  112.971992][ T6413]  tun_chr_write_iter+0xdc/0x210
[  112.972016][ T6413]  vfs_write+0x7d3/0x11d0
[  112.972042][ T6413]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  112.972072][ T6413]  ? __pfx_vfs_write+0x10/0x10
[  112.972099][ T6413]  ? lock_release+0x201/0x2f0
[  112.972122][ T6413]  ksys_write+0x12a/0x250
[  112.972147][ T6413]  ? __pfx_ksys_write+0x10/0x10
[  112.972173][ T6413]  do_syscall_64+0xcd/0x4e0
[  112.972195][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.972212][ T6413] RIP: 0033:0x7ff08ef8d65f
[  112.972224][ T6413] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  112.972239][ T6413] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  112.972256][ T6413] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  112.972268][ T6413] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  112.972279][ T6413] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  112.972290][ T6413] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  112.972301][ T6413] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  112.972318][ T6413]  </TASK>
[  112.972329][ T6413] BUG: Bad page state in process syz.0.20  pfn:51c89
[  113.140204][ T6413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffffffffffffff pfn:0x51c89
[  113.144936][ T6413] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  113.147797][ T6413] raw: 00fff00000000000 dead000000000040 ffff88802199a000 0000000000000000
[  113.151160][ T6413] raw: ffffffffffffffff 0000000000000001 00000000ffffffff 0000000000000000
[  113.154584][ T6413] page dumped because: page_pool leak
[  113.156814][ T6413] page_owner tracks the page as allocated
[  113.159142][ T6413] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6413, tgid 6412 (syz.0.20), ts 112378014609, free_ts 109827823548
[  113.166521][ T6413]  post_alloc_hook+0x1c0/0x230
[  113.168580][ T6413]  get_page_from_freelist+0x132b/0x38e0
[  113.170811][ T6413]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  113.173187][ T6413]  alloc_pages_bulk_noprof+0x71c/0x1410
[  113.175459][ T6413]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  113.178335][ T6413]  page_pool_alloc_netmems+0xc4/0x190
[  113.181150][ T6413]  skb_pp_cow_data+0x7c0/0xff0
[  113.183739][ T6413]  skb_cow_data_for_xdp+0x88/0xb0
[  113.185793][ T6413]  do_xdp_generic+0x530/0x1320
[  113.187791][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  113.190449][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  113.193005][ T6413]  __netif_receive_skb+0x1d/0x160
[  113.194992][ T6413]  netif_receive_skb+0x137/0x7b0
[  113.197064][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  113.199207][ T6413]  tun_get_user+0x28bb/0x3cd0
[  113.201909][ T6413]  tun_chr_write_iter+0xdc/0x210
[  113.204766][ T6413] page last free pid 33 tgid 33 stack trace:
[  113.207233][ T6413]  __free_frozen_pages+0x7d5/0x10f0
[  113.209326][ T6413]  tlb_remove_table_rcu+0x116/0x1a0
[  113.211443][ T6413]  rcu_core+0x79c/0x1530
[  113.213451][ T6413]  handle_softirqs+0x216/0x8e0
[  113.215553][ T6413]  run_ksoftirqd+0x3a/0x60
[  113.217915][ T6413]  smpboot_thread_fn+0x3f4/0xae0
[  113.220818][ T6413]  kthread+0x3c5/0x780
[  113.223270][ T6413]  ret_from_fork+0x56a/0x730
[  113.225230][ T6413]  ret_from_fork_asm+0x1a/0x30
[  113.227368][ T6413] Modules linked in:
[  113.228947][ T6413] CPU: 3 UID: 0 PID: 6413 Comm: syz.0.20 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  113.228974][ T6413] Tainted: [B]=BAD_PAGE
[  113.228979][ T6413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  113.228989][ T6413] Call Trace:
[  113.228994][ T6413]  <TASK>
[  113.229000][ T6413]  dump_stack_lvl+0x16c/0x1f0
[  113.229026][ T6413]  bad_page+0xcf/0x220
[  113.229047][ T6413]  ? __pfx_bad_page+0x10/0x10
[  113.229061][ T6413]  ? page_bad_reason+0x9d/0x1f0
[  113.229078][ T6413]  __free_frozen_pages+0x7f7/0x10f0
[  113.229102][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.229129][ T6413]  page_frag_free+0x27f/0x2e0
[  113.229143][ T6413]  __xdp_return+0x3ab/0xab0
[  113.229158][ T6413]  ? kfree_skbmem+0x1a4/0x1f0
[  113.229175][ T6413]  bpf_xdp_adjust_tail+0x887/0xcb0
[  113.229194][ T6413]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  113.229206][ T6413]  bpf_prog_run_generic_xdp+0x626/0x1530
[  113.229232][ T6413]  do_xdp_generic+0x8e6/0x1320
[  113.229253][ T6413]  ? lock_release+0x201/0x2f0
[  113.229272][ T6413]  ? __pfx_do_xdp_generic+0x10/0x10
[  113.229296][ T6413]  ? mt_find+0x3ef/0xa30
[  113.229320][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  113.229340][ T6413]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  113.229363][ T6413]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  113.229388][ T6413]  ? __skb_flow_dissect+0x11b2/0x7d90
[  113.229406][ T6413]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  113.229428][ T6413]  ? handle_mm_fault+0x200/0xd10
[  113.229451][ T6413]  ? __pfx___skb_flow_dissect+0x10/0x10
[  113.229466][ T6413]  ? lock_release+0x201/0x2f0
[  113.229482][ T6413]  ? do_user_addr_fault+0x843/0x1370
[  113.229502][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.229525][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  113.229546][ T6413]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  113.229570][ T6413]  ? lock_acquire+0x2cd/0x350
[  113.229587][ T6413]  __netif_receive_skb+0x1d/0x160
[  113.229605][ T6413]  netif_receive_skb+0x137/0x7b0
[  113.229622][ T6413]  ? __pfx_netif_receive_skb+0x10/0x10
[  113.229639][ T6413]  ? __pfx__copy_from_iter+0x10/0x10
[  113.229661][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  113.229687][ T6413]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  113.229714][ T6413]  ? lock_acquire+0x2cd/0x350
[  113.229731][ T6413]  ? tun_get_user+0x1df6/0x3cd0
[  113.229753][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.229775][ T6413]  tun_get_user+0x28bb/0x3cd0
[  113.229800][ T6413]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  113.229823][ T6413]  ? __pfx_tun_get_user+0x10/0x10
[  113.229850][ T6413]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  113.229879][ T6413]  ? tun_get+0x191/0x370
[  113.229898][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.229918][ T6413]  ? lock_release+0x201/0x2f0
[  113.229935][ T6413]  tun_chr_write_iter+0xdc/0x210
[  113.229958][ T6413]  vfs_write+0x7d3/0x11d0
[  113.229982][ T6413]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  113.230010][ T6413]  ? __pfx_vfs_write+0x10/0x10
[  113.230035][ T6413]  ? lock_release+0x201/0x2f0
[  113.230060][ T6413]  ksys_write+0x12a/0x250
[  113.230081][ T6413]  ? __pfx_ksys_write+0x10/0x10
[  113.230106][ T6413]  do_syscall_64+0xcd/0x4e0
[  113.230130][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.230148][ T6413] RIP: 0033:0x7ff08ef8d65f
[  113.230164][ T6413] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  113.230181][ T6413] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  113.230197][ T6413] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  113.230208][ T6413] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  113.230218][ T6413] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  113.230228][ T6413] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  113.230237][ T6413] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  113.230253][ T6413]  </TASK>
[  113.230263][ T6413] BUG: Bad page state in process syz.0.20  pfn:4dd42
[  113.395813][ T6413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804dd420f0 pfn:0x4dd42
[  113.399860][ T6413] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  113.402517][ T6413] raw: 00fff00000000000 dead000000000040 ffff88802199a000 0000000000000000
[  113.405693][ T6413] raw: ffff88804dd420f0 0000000000000001 00000000ffffffff 0000000000000000
[  113.409074][ T6413] page dumped because: page_pool leak
[  113.411186][ T6413] page_owner tracks the page as allocated
[  113.413696][ T6413] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6413, tgid 6412 (syz.0.20), ts 112378007105, free_ts 109931989293
[  113.421827][ T6413]  post_alloc_hook+0x1c0/0x230
[  113.423735][ T6413]  get_page_from_freelist+0x132b/0x38e0
[  113.425948][ T6413]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  113.428920][ T6413]  alloc_pages_bulk_noprof+0x71c/0x1410
[  113.431212][ T6413]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  113.433951][ T6413]  page_pool_alloc_netmems+0xc4/0x190
[  113.436133][ T6413]  skb_pp_cow_data+0x7c0/0xff0
[  113.438115][ T6413]  skb_cow_data_for_xdp+0x88/0xb0
[  113.440646][ T6413]  do_xdp_generic+0x530/0x1320
[  113.443289][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  113.446448][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  113.448851][ T6413]  __netif_receive_skb+0x1d/0x160
[  113.450804][ T6413]  netif_receive_skb+0x137/0x7b0
[  113.452817][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  113.454948][ T6413]  tun_get_user+0x28bb/0x3cd0
[  113.457005][ T6413]  tun_chr_write_iter+0xdc/0x210
[  113.459110][ T6413] page last free pid 5339 tgid 5339 stack trace:
[  113.461703][ T6413]  __free_frozen_pages+0x7d5/0x10f0
[  113.463973][ T6413]  __put_partials+0x165/0x1c0
[  113.466124][ T6413]  qlist_free_all+0x4d/0x120
[  113.468320][ T6413]  kasan_quarantine_reduce+0x195/0x1e0
[  113.470667][ T6413]  __kasan_slab_alloc+0x69/0x90
[  113.472949][ T6413]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  113.475601][ T6413]  __alloc_skb+0x2b2/0x380
[  113.477544][ T6413]  alloc_skb_with_frags+0xe0/0x860
[  113.479826][ T6413]  sock_alloc_send_pskb+0x7f9/0x980
[  113.482106][ T6413]  unix_dgram_sendmsg+0x3e9/0x17e0
[  113.484186][ T6413]  __sys_sendto+0x4a0/0x520
[  113.486120][ T6413]  __x64_sys_sendto+0xe0/0x1c0
[  113.488265][ T6413]  do_syscall_64+0xcd/0x4e0
[  113.490111][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.492494][ T6413] Modules linked in:
[  113.494073][ T6413] CPU: 3 UID: 0 PID: 6413 Comm: syz.0.20 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  113.494100][ T6413] Tainted: [B]=BAD_PAGE
[  113.494106][ T6413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  113.494117][ T6413] Call Trace:
[  113.494126][ T6413]  <TASK>
[  113.494136][ T6413]  dump_stack_lvl+0x16c/0x1f0
[  113.494162][ T6413]  bad_page+0xcf/0x220
[  113.494179][ T6413]  ? __pfx_bad_page+0x10/0x10
[  113.494195][ T6413]  ? page_bad_reason+0x9d/0x1f0
[  113.494212][ T6413]  __free_frozen_pages+0x7f7/0x10f0
[  113.494234][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.494260][ T6413]  page_frag_free+0x27f/0x2e0
[  113.494278][ T6413]  __xdp_return+0x3ab/0xab0
[  113.494294][ T6413]  ? kfree_skbmem+0x1a4/0x1f0
[  113.494311][ T6413]  bpf_xdp_adjust_tail+0x887/0xcb0
[  113.494332][ T6413]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  113.494347][ T6413]  bpf_prog_run_generic_xdp+0x626/0x1530
[  113.494372][ T6413]  do_xdp_generic+0x8e6/0x1320
[  113.494392][ T6413]  ? lock_release+0x201/0x2f0
[  113.494411][ T6413]  ? __pfx_do_xdp_generic+0x10/0x10
[  113.494437][ T6413]  ? mt_find+0x3ef/0xa30
[  113.494463][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  113.494484][ T6413]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  113.494508][ T6413]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  113.494532][ T6413]  ? __skb_flow_dissect+0x11b2/0x7d90
[  113.494550][ T6413]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  113.494571][ T6413]  ? handle_mm_fault+0x200/0xd10
[  113.494597][ T6413]  ? __pfx___skb_flow_dissect+0x10/0x10
[  113.494615][ T6413]  ? lock_release+0x201/0x2f0
[  113.494635][ T6413]  ? do_user_addr_fault+0x843/0x1370
[  113.494659][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.494682][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  113.494700][ T6413]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  113.494722][ T6413]  ? lock_acquire+0x2cd/0x350
[  113.494747][ T6413]  __netif_receive_skb+0x1d/0x160
[  113.494765][ T6413]  netif_receive_skb+0x137/0x7b0
[  113.494781][ T6413]  ? __pfx_netif_receive_skb+0x10/0x10
[  113.494800][ T6413]  ? __pfx__copy_from_iter+0x10/0x10
[  113.494824][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  113.494848][ T6413]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  113.494873][ T6413]  ? lock_acquire+0x2cd/0x350
[  113.494888][ T6413]  ? tun_get_user+0x1df6/0x3cd0
[  113.494910][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.494934][ T6413]  tun_get_user+0x28bb/0x3cd0
[  113.494959][ T6413]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  113.494983][ T6413]  ? __pfx_tun_get_user+0x10/0x10
[  113.495007][ T6413]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  113.495034][ T6413]  ? tun_get+0x191/0x370
[  113.495056][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.495078][ T6413]  ? lock_release+0x201/0x2f0
[  113.495096][ T6413]  tun_chr_write_iter+0xdc/0x210
[  113.495123][ T6413]  vfs_write+0x7d3/0x11d0
[  113.495148][ T6413]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  113.495174][ T6413]  ? __pfx_vfs_write+0x10/0x10
[  113.495199][ T6413]  ? lock_release+0x201/0x2f0
[  113.495219][ T6413]  ksys_write+0x12a/0x250
[  113.495243][ T6413]  ? __pfx_ksys_write+0x10/0x10
[  113.495270][ T6413]  do_syscall_64+0xcd/0x4e0
[  113.495296][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.495314][ T6413] RIP: 0033:0x7ff08ef8d65f
[  113.495327][ T6413] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  113.495403][ T6413] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  113.495421][ T6413] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  113.495433][ T6413] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  113.495443][ T6413] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  113.495453][ T6413] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  113.495463][ T6413] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  113.495480][ T6413]  </TASK>
[  113.495491][ T6413] BUG: Bad page state in process syz.0.20  pfn:537e3
[  113.661452][ T6413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880537e3000 pfn:0x537e3
[  113.665239][ T6413] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  113.668587][ T6413] raw: 00fff00000000000 dead000000000040 ffff88802199a000 0000000000000000
[  113.672033][ T6413] raw: ffff8880537e3000 0000000000000001 00000000ffffffff 0000000000000000
[  113.675534][ T6413] page dumped because: page_pool leak
[  113.677905][ T6413] page_owner tracks the page as allocated
[  113.680183][ T6413] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6413, tgid 6412 (syz.0.20), ts 112377999697, free_ts 109931995943
[  113.687650][ T6413]  post_alloc_hook+0x1c0/0x230
[  113.689521][ T6413]  get_page_from_freelist+0x132b/0x38e0
[  113.691719][ T6413]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  113.694359][ T6413]  alloc_pages_bulk_noprof+0x71c/0x1410
[  113.696763][ T6413]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  113.699846][ T6413]  page_pool_alloc_netmems+0xc4/0x190
[  113.702371][ T6413]  skb_pp_cow_data+0x7c0/0xff0
[  113.704844][ T6413]  skb_cow_data_for_xdp+0x88/0xb0
[  113.707168][ T6413]  do_xdp_generic+0x530/0x1320
[  113.709026][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  113.711413][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  113.713576][ T6413]  __netif_receive_skb+0x1d/0x160
[  113.715704][ T6413]  netif_receive_skb+0x137/0x7b0
[  113.717712][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  113.719757][ T6413]  tun_get_user+0x28bb/0x3cd0
[  113.721674][ T6413]  tun_chr_write_iter+0xdc/0x210
[  113.723435][ T6413] page last free pid 5339 tgid 5339 stack trace:
[  113.725617][ T6413]  __free_frozen_pages+0x7d5/0x10f0
[  113.727534][ T6413]  __put_partials+0x165/0x1c0
[  113.729301][ T6413]  qlist_free_all+0x4d/0x120
[  113.731240][ T6413]  kasan_quarantine_reduce+0x195/0x1e0
[  113.733559][ T6413]  __kasan_slab_alloc+0x69/0x90
[  113.735622][ T6413]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  113.738311][ T6413]  __alloc_skb+0x2b2/0x380
[  113.740084][ T6413]  alloc_skb_with_frags+0xe0/0x860
[  113.741856][ T6413]  sock_alloc_send_pskb+0x7f9/0x980
[  113.743758][ T6413]  unix_dgram_sendmsg+0x3e9/0x17e0
[  113.745771][ T6413]  __sys_sendto+0x4a0/0x520
[  113.747448][ T6413]  __x64_sys_sendto+0xe0/0x1c0
[  113.749429][ T6413]  do_syscall_64+0xcd/0x4e0
[  113.751083][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.753589][ T6413] Modules linked in:
[  113.755065][ T6413] CPU: 3 UID: 0 PID: 6413 Comm: syz.0.20 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  113.755094][ T6413] Tainted: [B]=BAD_PAGE
[  113.755101][ T6413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  113.755112][ T6413] Call Trace:
[  113.755122][ T6413]  <TASK>
[  113.755130][ T6413]  dump_stack_lvl+0x16c/0x1f0
[  113.755161][ T6413]  bad_page+0xcf/0x220
[  113.755180][ T6413]  ? __pfx_bad_page+0x10/0x10
[  113.755195][ T6413]  ? page_bad_reason+0x9d/0x1f0
[  113.755206][ T6413]  __free_frozen_pages+0x7f7/0x10f0
[  113.755222][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.755241][ T6413]  page_frag_free+0x27f/0x2e0
[  113.755251][ T6413]  __xdp_return+0x3ab/0xab0
[  113.755263][ T6413]  ? kfree_skbmem+0x1a4/0x1f0
[  113.755275][ T6413]  bpf_xdp_adjust_tail+0x887/0xcb0
[  113.755290][ T6413]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  113.755300][ T6413]  bpf_prog_run_generic_xdp+0x626/0x1530
[  113.755387][ T6413]  do_xdp_generic+0x8e6/0x1320
[  113.755403][ T6413]  ? lock_release+0x201/0x2f0
[  113.755415][ T6413]  ? __pfx_do_xdp_generic+0x10/0x10
[  113.755433][ T6413]  ? mt_find+0x3ef/0xa30
[  113.755452][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  113.755468][ T6413]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  113.755486][ T6413]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  113.755504][ T6413]  ? __skb_flow_dissect+0x11b2/0x7d90
[  113.755517][ T6413]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  113.755532][ T6413]  ? handle_mm_fault+0x200/0xd10
[  113.755548][ T6413]  ? __pfx___skb_flow_dissect+0x10/0x10
[  113.755560][ T6413]  ? lock_release+0x201/0x2f0
[  113.755572][ T6413]  ? do_user_addr_fault+0x843/0x1370
[  113.755588][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.755605][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  113.755619][ T6413]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  113.755635][ T6413]  ? lock_acquire+0x2cd/0x350
[  113.755648][ T6413]  __netif_receive_skb+0x1d/0x160
[  113.755663][ T6413]  netif_receive_skb+0x137/0x7b0
[  113.755676][ T6413]  ? __pfx_netif_receive_skb+0x10/0x10
[  113.755690][ T6413]  ? __pfx__copy_from_iter+0x10/0x10
[  113.755707][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  113.755726][ T6413]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  113.755744][ T6413]  ? lock_acquire+0x2cd/0x350
[  113.755755][ T6413]  ? tun_get_user+0x1df6/0x3cd0
[  113.755773][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.755790][ T6413]  tun_get_user+0x28bb/0x3cd0
[  113.755812][ T6413]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  113.755830][ T6413]  ? __pfx_tun_get_user+0x10/0x10
[  113.755848][ T6413]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  113.755867][ T6413]  ? tun_get+0x191/0x370
[  113.755883][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.755899][ T6413]  ? lock_release+0x201/0x2f0
[  113.755912][ T6413]  tun_chr_write_iter+0xdc/0x210
[  113.755931][ T6413]  vfs_write+0x7d3/0x11d0
[  113.755949][ T6413]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  113.755969][ T6413]  ? __pfx_vfs_write+0x10/0x10
[  113.755987][ T6413]  ? lock_release+0x201/0x2f0
[  113.756001][ T6413]  ksys_write+0x12a/0x250
[  113.756019][ T6413]  ? __pfx_ksys_write+0x10/0x10
[  113.756038][ T6413]  do_syscall_64+0xcd/0x4e0
[  113.756060][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.756073][ T6413] RIP: 0033:0x7ff08ef8d65f
[  113.756084][ T6413] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  113.756096][ T6413] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  113.756107][ T6413] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  113.756115][ T6413] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  113.756122][ T6413] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  113.756129][ T6413] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  113.756136][ T6413] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  113.756152][ T6413]  </TASK>
[  113.756164][ T6413] BUG: Bad page state in process syz.0.20  pfn:537e4
[  113.904660][ T6413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880537e43c0 pfn:0x537e4
[  113.907678][ T6413] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  113.910267][ T6413] raw: 00fff00000000000 dead000000000040 ffff88802199a000 0000000000000000
[  113.913947][ T6413] raw: ffff8880537e43c0 0000000000000001 00000000ffffffff 0000000000000000
[  113.917905][ T6413] page dumped because: page_pool leak
[  113.919776][ T6413] page_owner tracks the page as allocated
[  113.921420][ T6413] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6413, tgid 6412 (syz.0.20), ts 112377992282, free_ts 109932000859
[  113.926649][ T6413]  post_alloc_hook+0x1c0/0x230
[  113.928305][ T6413]  get_page_from_freelist+0x132b/0x38e0
[  113.930738][ T6413]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  113.933321][ T6413]  alloc_pages_bulk_noprof+0x71c/0x1410
[  113.935508][ T6413]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  113.937815][ T6413]  page_pool_alloc_netmems+0xc4/0x190
[  113.939852][ T6413]  skb_pp_cow_data+0x7c0/0xff0
[  113.941382][ T6413]  skb_cow_data_for_xdp+0x88/0xb0
[  113.942881][ T6413]  do_xdp_generic+0x530/0x1320
[  113.944547][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  113.947130][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  113.949919][ T6413]  __netif_receive_skb+0x1d/0x160
[  113.952188][ T6413]  netif_receive_skb+0x137/0x7b0
[  113.954231][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  113.956391][ T6413]  tun_get_user+0x28bb/0x3cd0
[  113.958255][ T6413]  tun_chr_write_iter+0xdc/0x210
[  113.959851][ T6413] page last free pid 5339 tgid 5339 stack trace:
[  113.962270][ T6413]  __free_frozen_pages+0x7d5/0x10f0
[  113.964249][ T6413]  __put_partials+0x165/0x1c0
[  113.966108][ T6413]  qlist_free_all+0x4d/0x120
[  113.968061][ T6413]  kasan_quarantine_reduce+0x195/0x1e0
[  113.970157][ T6413]  __kasan_slab_alloc+0x69/0x90
[  113.972334][ T6413]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  113.974845][ T6413]  __alloc_skb+0x2b2/0x380
[  113.976704][ T6413]  alloc_skb_with_frags+0xe0/0x860
[  113.978692][ T6413]  sock_alloc_send_pskb+0x7f9/0x980
[  113.980281][ T6413]  unix_dgram_sendmsg+0x3e9/0x17e0
[  113.982236][ T6413]  __sys_sendto+0x4a0/0x520
[  113.983708][ T6413]  __x64_sys_sendto+0xe0/0x1c0
[  113.985132][ T6413]  do_syscall_64+0xcd/0x4e0
[  113.986525][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.988794][ T6413] Modules linked in:
[  113.990507][ T6413] CPU: 3 UID: 0 PID: 6413 Comm: syz.0.20 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  113.990535][ T6413] Tainted: [B]=BAD_PAGE
[  113.990541][ T6413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  113.990554][ T6413] Call Trace:
[  113.990562][ T6413]  <TASK>
[  113.990570][ T6413]  dump_stack_lvl+0x16c/0x1f0
[  113.990598][ T6413]  bad_page+0xcf/0x220
[  113.990615][ T6413]  ? __pfx_bad_page+0x10/0x10
[  113.990631][ T6413]  ? page_bad_reason+0x9d/0x1f0
[  113.990649][ T6413]  __free_frozen_pages+0x7f7/0x10f0
[  113.990671][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.990699][ T6413]  page_frag_free+0x27f/0x2e0
[  113.990715][ T6413]  __xdp_return+0x3ab/0xab0
[  113.990733][ T6413]  ? kfree_skbmem+0x1a4/0x1f0
[  113.990753][ T6413]  bpf_xdp_adjust_tail+0x887/0xcb0
[  113.990776][ T6413]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  113.990791][ T6413]  bpf_prog_run_generic_xdp+0x626/0x1530
[  113.990824][ T6413]  do_xdp_generic+0x8e6/0x1320
[  113.990839][ T6413]  ? lock_release+0x201/0x2f0
[  113.990851][ T6413]  ? __pfx_do_xdp_generic+0x10/0x10
[  113.990871][ T6413]  ? mt_find+0x3ef/0xa30
[  113.990891][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  113.990907][ T6413]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  113.990927][ T6413]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  113.990945][ T6413]  ? __skb_flow_dissect+0x11b2/0x7d90
[  113.990960][ T6413]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  113.990976][ T6413]  ? handle_mm_fault+0x200/0xd10
[  113.990994][ T6413]  ? __pfx___skb_flow_dissect+0x10/0x10
[  113.991007][ T6413]  ? lock_release+0x201/0x2f0
[  113.991020][ T6413]  ? do_user_addr_fault+0x843/0x1370
[  113.991037][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.991056][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  113.991072][ T6413]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  113.991089][ T6413]  ? lock_acquire+0x2cd/0x350
[  113.991103][ T6413]  __netif_receive_skb+0x1d/0x160
[  113.991117][ T6413]  netif_receive_skb+0x137/0x7b0
[  113.991132][ T6413]  ? __pfx_netif_receive_skb+0x10/0x10
[  113.991147][ T6413]  ? __pfx__copy_from_iter+0x10/0x10
[  113.991167][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  113.991195][ T6413]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  113.991221][ T6413]  ? lock_acquire+0x2cd/0x350
[  113.991241][ T6413]  ? tun_get_user+0x1df6/0x3cd0
[  113.991270][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.991294][ T6413]  tun_get_user+0x28bb/0x3cd0
[  113.991353][ T6413]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  113.991385][ T6413]  ? __pfx_tun_get_user+0x10/0x10
[  113.991415][ T6413]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  113.991435][ T6413]  ? tun_get+0x191/0x370
[  113.991452][ T6413]  ? rcu_is_watching+0x12/0xc0
[  113.991469][ T6413]  ? lock_release+0x201/0x2f0
[  113.991483][ T6413]  tun_chr_write_iter+0xdc/0x210
[  113.991503][ T6413]  vfs_write+0x7d3/0x11d0
[  113.991523][ T6413]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  113.991543][ T6413]  ? __pfx_vfs_write+0x10/0x10
[  113.991562][ T6413]  ? lock_release+0x201/0x2f0
[  113.991577][ T6413]  ksys_write+0x12a/0x250
[  113.991596][ T6413]  ? __pfx_ksys_write+0x10/0x10
[  113.991616][ T6413]  do_syscall_64+0xcd/0x4e0
[  113.991635][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.991649][ T6413] RIP: 0033:0x7ff08ef8d65f
[  113.991660][ T6413] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  113.991673][ T6413] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  113.991685][ T6413] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  113.991693][ T6413] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  113.991701][ T6413] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  113.991708][ T6413] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  113.991716][ T6413] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  113.991727][ T6413]  </TASK>
[  113.991737][ T6413] BUG: Bad page state in process syz.0.20  pfn:537ec
[  114.127739][ T6413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880537ec2d0 pfn:0x537ec
[  114.130693][ T6413] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  114.133336][ T6413] raw: 00fff00000000000 dead000000000040 ffff88802199a000 0000000000000000
[  114.137182][ T6413] raw: ffff8880537ec2d0 0000000000000001 00000000ffffffff 0000000000000000
[  114.140042][ T6413] page dumped because: page_pool leak
[  114.141669][ T6413] page_owner tracks the page as allocated
[  114.143746][ T6413] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6413, tgid 6412 (syz.0.20), ts 112377984753, free_ts 111547738060
[  114.149949][ T6413]  post_alloc_hook+0x1c0/0x230
[  114.152170][ T6413]  get_page_from_freelist+0x132b/0x38e0
[  114.154287][ T6413]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  114.157028][ T6413]  alloc_pages_bulk_noprof+0x71c/0x1410
[  114.159317][ T6413]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  114.161780][ T6413]  page_pool_alloc_netmems+0xc4/0x190
[  114.163516][ T6413]  skb_pp_cow_data+0x7c0/0xff0
[  114.165287][ T6413]  skb_cow_data_for_xdp+0x88/0xb0
[  114.167288][ T6413]  do_xdp_generic+0x530/0x1320
[  114.169175][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  114.171854][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  114.174000][ T6413]  __netif_receive_skb+0x1d/0x160
[  114.175718][ T6413]  netif_receive_skb+0x137/0x7b0
[  114.177334][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  114.179239][ T6413]  tun_get_user+0x28bb/0x3cd0
[  114.180721][ T6413]  tun_chr_write_iter+0xdc/0x210
[  114.182484][ T6413] page last free pid 5339 tgid 5339 stack trace:
[  114.184691][ T6413]  __free_frozen_pages+0x7d5/0x10f0
[  114.186640][ T6413]  __put_partials+0x165/0x1c0
[  114.188529][ T6413]  qlist_free_all+0x4d/0x120
[  114.190335][ T6413]  kasan_quarantine_reduce+0x195/0x1e0
[  114.192535][ T6413]  __kasan_slab_alloc+0x69/0x90
[  114.194296][ T6413]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  114.196349][ T6413]  __alloc_skb+0x2b2/0x380
[  114.197913][ T6413]  alloc_skb_with_frags+0xe0/0x860
[  114.199651][ T6413]  sock_alloc_send_pskb+0x7f9/0x980
[  114.201592][ T6413]  unix_dgram_sendmsg+0x3e9/0x17e0
[  114.203845][ T6413]  __sys_sendto+0x4a0/0x520
[  114.205823][ T6413]  __x64_sys_sendto+0xe0/0x1c0
[  114.207727][ T6413]  do_syscall_64+0xcd/0x4e0
[  114.209223][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.211538][ T6413] Modules linked in:
[  114.213079][ T6413] CPU: 3 UID: 0 PID: 6413 Comm: syz.0.20 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  114.213098][ T6413] Tainted: [B]=BAD_PAGE
[  114.213103][ T6413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  114.213110][ T6413] Call Trace:
[  114.213115][ T6413]  <TASK>
[  114.213120][ T6413]  dump_stack_lvl+0x16c/0x1f0
[  114.213140][ T6413]  bad_page+0xcf/0x220
[  114.213151][ T6413]  ? __pfx_bad_page+0x10/0x10
[  114.213161][ T6413]  ? page_bad_reason+0x9d/0x1f0
[  114.213171][ T6413]  __free_frozen_pages+0x7f7/0x10f0
[  114.213185][ T6413]  ? rcu_is_watching+0x12/0xc0
[  114.213202][ T6413]  page_frag_free+0x27f/0x2e0
[  114.213212][ T6413]  __xdp_return+0x3ab/0xab0
[  114.213223][ T6413]  ? kfree_skbmem+0x1a4/0x1f0
[  114.213235][ T6413]  bpf_xdp_adjust_tail+0x887/0xcb0
[  114.213248][ T6413]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  114.213258][ T6413]  bpf_prog_run_generic_xdp+0x626/0x1530
[  114.213274][ T6413]  do_xdp_generic+0x8e6/0x1320
[  114.213287][ T6413]  ? lock_release+0x201/0x2f0
[  114.213298][ T6413]  ? __pfx_do_xdp_generic+0x10/0x10
[  114.213314][ T6413]  ? mt_find+0x3ef/0xa30
[  114.213331][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  114.213346][ T6413]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  114.213362][ T6413]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  114.213378][ T6413]  ? __skb_flow_dissect+0x11b2/0x7d90
[  114.213392][ T6413]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  114.213411][ T6413]  ? handle_mm_fault+0x200/0xd10
[  114.213433][ T6413]  ? __pfx___skb_flow_dissect+0x10/0x10
[  114.213450][ T6413]  ? lock_release+0x201/0x2f0
[  114.213468][ T6413]  ? do_user_addr_fault+0x843/0x1370
[  114.213536][ T6413]  ? rcu_is_watching+0x12/0xc0
[  114.213565][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  114.213585][ T6413]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  114.213607][ T6413]  ? lock_acquire+0x2cd/0x350
[  114.213629][ T6413]  __netif_receive_skb+0x1d/0x160
[  114.213642][ T6413]  netif_receive_skb+0x137/0x7b0
[  114.213654][ T6413]  ? __pfx_netif_receive_skb+0x10/0x10
[  114.213667][ T6413]  ? __pfx__copy_from_iter+0x10/0x10
[  114.213683][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  114.213700][ T6413]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  114.213719][ T6413]  ? lock_acquire+0x2cd/0x350
[  114.213729][ T6413]  ? tun_get_user+0x1df6/0x3cd0
[  114.213745][ T6413]  ? rcu_is_watching+0x12/0xc0
[  114.213761][ T6413]  tun_get_user+0x28bb/0x3cd0
[  114.213780][ T6413]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  114.213796][ T6413]  ? __pfx_tun_get_user+0x10/0x10
[  114.213813][ T6413]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  114.213830][ T6413]  ? tun_get+0x191/0x370
[  114.213844][ T6413]  ? rcu_is_watching+0x12/0xc0
[  114.213859][ T6413]  ? lock_release+0x201/0x2f0
[  114.213870][ T6413]  tun_chr_write_iter+0xdc/0x210
[  114.213887][ T6413]  vfs_write+0x7d3/0x11d0
[  114.213904][ T6413]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  114.213922][ T6413]  ? __pfx_vfs_write+0x10/0x10
[  114.213938][ T6413]  ? lock_release+0x201/0x2f0
[  114.213951][ T6413]  ksys_write+0x12a/0x250
[  114.213973][ T6413]  ? __pfx_ksys_write+0x10/0x10
[  114.213991][ T6413]  do_syscall_64+0xcd/0x4e0
[  114.214008][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.214021][ T6413] RIP: 0033:0x7ff08ef8d65f
[  114.214031][ T6413] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  114.214041][ T6413] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  114.214052][ T6413] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  114.214059][ T6413] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  114.214066][ T6413] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  114.214072][ T6413] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  114.214079][ T6413] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  114.214089][ T6413]  </TASK>
[  114.214098][ T6413] BUG: Bad page state in process syz.0.20  pfn:4dd19
[  114.355496][ T6413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804dd191e0 pfn:0x4dd19
[  114.358496][ T6413] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  114.360603][ T6413] raw: 00fff00000000000 dead000000000040 ffff88802199a000 0000000000000000
[  114.363213][ T6413] raw: ffff88804dd191e0 0000000000000001 00000000ffffffff 0000000000000000
[  114.365921][ T6413] page dumped because: page_pool leak
[  114.367854][ T6413] page_owner tracks the page as allocated
[  114.369922][ T6413] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6413, tgid 6412 (syz.0.20), ts 112377976969, free_ts 111547742248
[  114.375868][ T6413]  post_alloc_hook+0x1c0/0x230
[  114.377521][ T6413]  get_page_from_freelist+0x132b/0x38e0
[  114.379615][ T6413]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  114.381796][ T6413]  alloc_pages_bulk_noprof+0x71c/0x1410
[  114.383601][ T6413]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  114.385409][ T6413]  page_pool_alloc_netmems+0xc4/0x190
[  114.387233][ T6413]  skb_pp_cow_data+0x7c0/0xff0
[  114.389183][ T6413]  skb_cow_data_for_xdp+0x88/0xb0
[  114.390845][ T6413]  do_xdp_generic+0x530/0x1320
[  114.392525][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  114.394564][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  114.397478][ T6413]  __netif_receive_skb+0x1d/0x160
[  114.400174][ T6413]  netif_receive_skb+0x137/0x7b0
[  114.402592][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  114.404553][ T6413]  tun_get_user+0x28bb/0x3cd0
[  114.406074][ T6413]  tun_chr_write_iter+0xdc/0x210
[  114.407779][ T6413] page last free pid 5339 tgid 5339 stack trace:
[  114.410038][ T6413]  __free_frozen_pages+0x7d5/0x10f0
[  114.412082][ T6413]  __put_partials+0x165/0x1c0
[  114.413621][ T6413]  qlist_free_all+0x4d/0x120
[  114.415347][ T6413]  kasan_quarantine_reduce+0x195/0x1e0
[  114.417257][ T6413]  __kasan_slab_alloc+0x69/0x90
[  114.418946][ T6413]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  114.420981][ T6413]  __alloc_skb+0x2b2/0x380
[  114.422597][ T6413]  alloc_skb_with_frags+0xe0/0x860
[  114.424453][ T6413]  sock_alloc_send_pskb+0x7f9/0x980
[  114.426289][ T6413]  unix_dgram_sendmsg+0x3e9/0x17e0
[  114.428216][ T6413]  __sys_sendto+0x4a0/0x520
[  114.429991][ T6413]  __x64_sys_sendto+0xe0/0x1c0
[  114.431664][ T6413]  do_syscall_64+0xcd/0x4e0
[  114.433189][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.434967][ T6413] Modules linked in:
[  114.436308][ T6413] CPU: 3 UID: 0 PID: 6413 Comm: syz.0.20 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  114.436325][ T6413] Tainted: [B]=BAD_PAGE
[  114.436329][ T6413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  114.436335][ T6413] Call Trace:
[  114.436341][ T6413]  <TASK>
[  114.436346][ T6413]  dump_stack_lvl+0x16c/0x1f0
[  114.436364][ T6413]  bad_page+0xcf/0x220
[  114.436375][ T6413]  ? __pfx_bad_page+0x10/0x10
[  114.436385][ T6413]  ? page_bad_reason+0x9d/0x1f0
[  114.436395][ T6413]  __free_frozen_pages+0x7f7/0x10f0
[  114.436409][ T6413]  ? rcu_is_watching+0x12/0xc0
[  114.436426][ T6413]  page_frag_free+0x27f/0x2e0
[  114.436437][ T6413]  __xdp_return+0x3ab/0xab0
[  114.436447][ T6413]  ? kfree_skbmem+0x1a4/0x1f0
[  114.436458][ T6413]  bpf_xdp_adjust_tail+0x887/0xcb0
[  114.436472][ T6413]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  114.436481][ T6413]  bpf_prog_run_generic_xdp+0x626/0x1530
[  114.436497][ T6413]  do_xdp_generic+0x8e6/0x1320
[  114.436510][ T6413]  ? lock_release+0x201/0x2f0
[  114.436521][ T6413]  ? __pfx_do_xdp_generic+0x10/0x10
[  114.436538][ T6413]  ? mt_find+0x3ef/0xa30
[  114.436555][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  114.436569][ T6413]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  114.436586][ T6413]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  114.436601][ T6413]  ? __skb_flow_dissect+0x11b2/0x7d90
[  114.436613][ T6413]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  114.436626][ T6413]  ? handle_mm_fault+0x200/0xd10
[  114.436642][ T6413]  ? __pfx___skb_flow_dissect+0x10/0x10
[  114.436652][ T6413]  ? lock_release+0x201/0x2f0
[  114.436663][ T6413]  ? do_user_addr_fault+0x843/0x1370
[  114.436678][ T6413]  ? rcu_is_watching+0x12/0xc0
[  114.436693][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  114.436706][ T6413]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  114.436720][ T6413]  ? lock_acquire+0x2cd/0x350
[  114.436732][ T6413]  __netif_receive_skb+0x1d/0x160
[  114.436744][ T6413]  netif_receive_skb+0x137/0x7b0
[  114.436756][ T6413]  ? __pfx_netif_receive_skb+0x10/0x10
[  114.436769][ T6413]  ? __pfx__copy_from_iter+0x10/0x10
[  114.436785][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  114.436803][ T6413]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  114.436832][ T6413]  ? lock_acquire+0x2cd/0x350
[  114.436843][ T6413]  ? tun_get_user+0x1df6/0x3cd0
[  114.436859][ T6413]  ? rcu_is_watching+0x12/0xc0
[  114.436875][ T6413]  tun_get_user+0x28bb/0x3cd0
[  114.436893][ T6413]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  114.436910][ T6413]  ? __pfx_tun_get_user+0x10/0x10
[  114.436933][ T6413]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  114.436959][ T6413]  ? tun_get+0x191/0x370
[  114.436979][ T6413]  ? rcu_is_watching+0x12/0xc0
[  114.437002][ T6413]  ? lock_release+0x201/0x2f0
[  114.437022][ T6413]  tun_chr_write_iter+0xdc/0x210
[  114.437044][ T6413]  vfs_write+0x7d3/0x11d0
[  114.437065][ T6413]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  114.437084][ T6413]  ? __pfx_vfs_write+0x10/0x10
[  114.437105][ T6413]  ? lock_release+0x201/0x2f0
[  114.437122][ T6413]  ksys_write+0x12a/0x250
[  114.437142][ T6413]  ? __pfx_ksys_write+0x10/0x10
[  114.437167][ T6413]  do_syscall_64+0xcd/0x4e0
[  114.437190][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.437205][ T6413] RIP: 0033:0x7ff08ef8d65f
[  114.437217][ T6413] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  114.437231][ T6413] RSP: 002b:00007ff08fe76000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  114.437246][ T6413] RAX: ffffffffffffffda RBX: 00007ff08f1d5fa0 RCX: 00007ff08ef8d65f
[  114.437255][ T6413] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  114.437264][ T6413] RBP: 00007ff08f011e19 R08: 0000000000000000 R09: 0000000000000000
[  114.437274][ T6413] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  114.437284][ T6413] R13: 00007ff08f1d6038 R14: 00007ff08f1d5fa0 R15: 00007ffe7bd5cdf8
[  114.437295][ T6413]  </TASK>
[  114.568671][ T6413] BUG: Bad page state in process syz.0.20  pfn:4dd10
[  114.570636][ T6413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804dd10000 pfn:0x4dd10
[  114.574363][ T6413] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  114.577534][ T6413] raw: 00fff00000000000 dead000000000040 ffff88802199a000 0000000000000000
[  114.581370][ T6413] raw: ffff88804dd10000 0000000000000001 00000000ffffffff 0000000000000000
[  114.584928][ T6413] page dumped because: page_pool leak
[  114.586815][ T6413] page_owner tracks the page as allocated
[  114.588947][ T6413] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 6413, tgid 6412 (syz.0.20), ts 112377969382, free_ts 111547747496
[  114.593957][ T6413]  post_alloc_hook+0x1c0/0x230
[  114.595313][ T6413]  get_page_from_freelist+0x132b/0x38e0
[  114.597437][ T6413]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  114.599648][ T6413]  alloc_pages_bulk_noprof+0x71c/0x1410
[  114.601382][ T6413]  __page_pool_alloc_netmems_slow+0x193/0xc60
[  114.603537][ T6413]  page_pool_alloc_netmems+0xc4/0x190
[  114.605597][ T6413]  skb_pp_cow_data+0x7c0/0xff0
[  114.607646][ T6413]  skb_cow_data_for_xdp+0x88/0xb0
[  114.609636][ T6413]  do_xdp_generic+0x530/0x1320
[  114.611143][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  114.613632][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0
[  114.615601][ T6413]  __netif_receive_skb+0x1d/0x160
[  114.617227][ T6413]  netif_receive_skb+0x137/0x7b0
[  114.618785][ T6413]  tun_rx_batched.isra.0+0x3ee/0x740
[  114.620526][ T6413]  tun_get_user+0x28bb/0x3cd0
[  114.622009][ T6413]  tun_chr_write_iter+0xdc/0x210
[  114.623745][ T6413] page last free pid 5339 tgid 5339 stack trace:
[  114.625712][ T6413]  __free_frozen_pages+0x7d5/0x10f0
[  114.627522][ T6413]  __put_partials+0x165/0x1c0
[  114.629013][ T6413]  qlist_free_all+0x4d/0x120
[  114.630597][ T6413]  kasan_quarantine_reduce+0x195/0x1e0
[  114.632897][ T6413]  __kasan_slab_alloc+0x69/0x90
[  114.635032][ T6413]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  114.637251][ T6413]  __alloc_skb+0x2b2/0x380
[  114.638649][ T6413]  alloc_skb_with_frags+0xe0/0x860
[  114.640225][ T6413]  sock_alloc_send_pskb+0x7f9/0x980
[  114.641871][ T6413]  unix_dgram_sendmsg+0x3e9/0x17e0
[  114.643531][ T6413]  __sys_sendto+0x4a0/0x520
[  114.644990][ T6413]  __x64_sys_sendto+0xe0/0x1c0
[  114.646533][ T6413]  do_syscall_64+0xcd/0x4e0
[  114.648033][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.649895][ T6413] Modules linked in:
[  114.651175][ T6413] CPU: 3 UID: 0 PID: 6413 Comm: syz.0.20 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  114.651193][ T6413] Tainted: [B]=BAD_PAGE
[  114.651197][ T6413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  114.651203][ T6413] Call Trace:
[  114.651209][ T6413]  <TASK>
[  114.651215][ T6413]  dump_stack_lvl+0x16c/0x1f0
[  114.651232][ T6413]  bad_page+0xcf/0x220
[  114.651243][ T6413]  ? __pfx_bad_page+0x10/0x10
[  114.651252][ T6413]  ? page_bad_reason+0x9d/0x1f0
[  114.651262][ T6413]  __free_frozen_pages+0x7f7/0x10f0
[  114.651277][ T6413]  ? rcu_is_watching+0x12/0xc0
[  114.651294][ T6413]  page_frag_free+0x27f/0x2e0
[  114.651304][ T6413]  __xdp_return+0x3ab/0xab0
[  114.651316][ T6413]  ? kfree_skbmem+0x1a4/0x1f0
[  114.651354][ T6413]  bpf_xdp_adjust_tail+0x887/0xcb0
[  114.651368][ T6413]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  114.651377][ T6413]  bpf_prog_run_generic_xdp+0x626/0x1530
[  114.651393][ T6413]  do_xdp_generic+0x8e6/0x1320
[  114.651406][ T6413]  ? lock_release+0x201/0x2f0
[  114.651416][ T6413]  ? __pfx_do_xdp_generic+0x10/0x10
[  114.651433][ T6413]  ? mt_find+0x3ef/0xa30
[  114.651450][ T6413]  __netif_receive_skb_core.constprop.0+0x15e5/0x4bd0
[  114.651464][ T6413]  ? rcu_watching_snap_stopped_since+0xd0/0x110
[  114.651481][ T6413]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  114.651496][ T6413]  ? __skb_flow_dissect+0x11b2/0x7d90
[  114.651508][ T6413]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  114.651521][ T6413]  ? handle_mm_fault+0x200/0xd10
[  114.651536][ T6413]  ? __pfx___skb_flow_dissect+0x10/0x10
[  114.651547][ T6413]  ? lock_release+0x201/0x2f0
[  114.651558][ T6413]  ? do_user_addr_fault+0x843/0x1370
[  114.651572][ T6413]  ? rcu_is_watching+0x12/0xc0
[  114.651588][ T6413]  __netif_receive_skb_one_core+0xb0/0x1e0