Warning: Permanently added '[localhost]:36759' (ED25519) to the list of known hosts.
2025/10/02 10:45:57 parsed 1 programs
[  125.988508][ T5559] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  131.163563][ T1125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.167106][ T1125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.205438][  T128] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.208998][  T128] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.330976][   T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  132.336048][   T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  132.339893][   T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  132.344574][   T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  132.347955][   T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  132.937923][ T5630] chnl_net:caif_netlink_parms(): no params data found
[  133.003452][ T5630] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.006752][ T5630] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.009963][ T5630] bridge_slave_0: entered allmulticast mode
[  133.014383][ T5630] bridge_slave_0: entered promiscuous mode
[  133.019701][ T5630] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.023860][ T5630] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.027097][ T5630] bridge_slave_1: entered allmulticast mode
[  133.030961][ T5630] bridge_slave_1: entered promiscuous mode
[  133.057496][ T5630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  133.065391][ T5630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  133.088882][ T5630] team0: Port device team_slave_0 added
[  133.093996][ T5630] team0: Port device team_slave_1 added
[  133.115182][ T5630] batman_adv: batadv0: Adding interface: batadv_slave_0
[  133.118120][ T5630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  133.130838][ T5630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  133.137329][ T5630] batman_adv: batadv0: Adding interface: batadv_slave_1
[  133.140462][ T5630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  133.155405][ T5630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  133.189792][ T5630] hsr_slave_0: entered promiscuous mode
[  133.194586][ T5630] hsr_slave_1: entered promiscuous mode
[  133.669446][ T5630] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  133.684358][ T5630] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  133.690370][ T5630] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  133.705911][ T5630] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  133.846040][ T5630] 8021q: adding VLAN 0 to HW filter on device bond0
[  133.883332][ T5630] 8021q: adding VLAN 0 to HW filter on device team0
[  133.899549][ T4082] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.902843][ T4082] bridge0: port 1(bridge_slave_0) entered forwarding state
[  133.933400][ T4082] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.936504][ T4082] bridge0: port 2(bridge_slave_1) entered forwarding state
[  134.001762][ T5630] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  134.317221][ T5630] 8021q: adding VLAN 0 to HW filter on device batadv0
[  134.386359][ T5630] veth0_vlan: entered promiscuous mode
[  134.415584][ T5630] veth1_vlan: entered promiscuous mode
[  134.461713][ T5630] veth0_macvtap: entered promiscuous mode
[  134.474239][ T5630] veth1_macvtap: entered promiscuous mode
[  134.507432][ T5630] batman_adv: batadv0: Interface activated: batadv_slave_0
[  134.526648][ T5630] batman_adv: batadv0: Interface activated: batadv_slave_1
[  134.545907][ T4082] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  134.549697][ T4082] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  134.560669][ T4082] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  134.583448][ T4082] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  134.795503][ T1125] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.875560][ T1125] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.955918][ T1125] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.074913][ T1125] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/10/02 10:46:10 executed programs: 0
[  135.779302][   T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  135.786678][   T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  135.790287][   T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  135.795095][   T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  135.798579][   T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  136.198981][ T5688] chnl_net:caif_netlink_parms(): no params data found
[  136.424828][ T5688] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.433502][ T5688] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.436780][ T5688] bridge_slave_0: entered allmulticast mode
[  136.454042][ T5688] bridge_slave_0: entered promiscuous mode
[  136.464031][ T5688] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.467258][ T5688] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.470528][ T5688] bridge_slave_1: entered allmulticast mode
[  136.503788][ T5688] bridge_slave_1: entered promiscuous mode
[  136.586697][ T5688] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  136.615389][ T5688] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  136.708443][ T5688] team0: Port device team_slave_0 added
[  136.727761][ T5688] team0: Port device team_slave_1 added
[  136.861381][ T5688] batman_adv: batadv0: Adding interface: batadv_slave_0
[  136.867824][ T5688] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  136.893363][ T5688] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  136.940343][ T5688] batman_adv: batadv0: Adding interface: batadv_slave_1
[  136.943433][ T5688] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  136.985078][ T5688] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  137.127980][ T1125] bridge_slave_1: left allmulticast mode
[  137.130561][ T1125] bridge_slave_1: left promiscuous mode
[  137.133710][ T1125] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.163092][ T1125] bridge_slave_0: left allmulticast mode
[  137.165671][ T1125] bridge_slave_0: left promiscuous mode
[  137.168187][ T1125] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.538225][ T1125] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  137.544369][ T1125] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  137.549561][ T1125] bond0 (unregistering): Released all slaves
[  137.607055][ T5688] hsr_slave_0: entered promiscuous mode
[  137.610251][ T5688] hsr_slave_1: entered promiscuous mode
[  137.620261][ T5688] debugfs: 'hsr0' already exists in 'hsr'
[  137.638952][ T5688] Cannot create hsr debugfs directory
[  137.649089][ T1125] hsr_slave_0: left promiscuous mode
[  137.663238][ T1125] hsr_slave_1: left promiscuous mode
[  137.666121][ T1125] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  137.669425][ T1125] batman_adv: batadv0: Removing interface: batadv_slave_0
[  137.683070][ T1125] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  137.686357][ T1125] batman_adv: batadv0: Removing interface: batadv_slave_1
[  137.701255][ T1125] veth1_macvtap: left promiscuous mode
[  137.715388][ T1125] veth0_macvtap: left promiscuous mode
[  137.718023][ T1125] veth1_vlan: left promiscuous mode
[  137.723565][ T1125] veth0_vlan: left promiscuous mode
[  137.819923][   T45] Bluetooth: hci0: command tx timeout
[  137.977347][ T1312] ieee802154 phy0 wpan0: encryption failed: -22
[  137.980257][ T1312] ieee802154 phy1 wpan1: encryption failed: -22
[  138.355226][ T1125] team0 (unregistering): Port device team_slave_1 removed
[  138.392019][ T1125] team0 (unregistering): Port device team_slave_0 removed
[  139.428733][ T5688] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  139.445201][ T5688] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  139.455712][ T5688] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  139.475900][ T5688] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  139.631888][ T5688] 8021q: adding VLAN 0 to HW filter on device bond0
[  139.648077][ T5688] 8021q: adding VLAN 0 to HW filter on device team0
[  139.655944][ T1036] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.659091][ T1036] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.676104][ T1036] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.679302][ T1036] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.848714][ T5688] 8021q: adding VLAN 0 to HW filter on device batadv0
[  139.887992][ T5688] veth0_vlan: entered promiscuous mode
[  139.898269][   T45] Bluetooth: hci0: command tx timeout
[  139.907734][ T5688] veth1_vlan: entered promiscuous mode
[  139.931771][ T5688] veth0_macvtap: entered promiscuous mode
[  139.940965][ T5688] veth1_macvtap: entered promiscuous mode
[  139.960877][ T5688] batman_adv: batadv0: Interface activated: batadv_slave_0
[  139.971722][ T5688] batman_adv: batadv0: Interface activated: batadv_slave_1
[  139.985412][   T31] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  139.990977][   T31] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  140.007564][   T31] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  140.011326][   T31] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  140.077408][ T1036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.080947][ T1036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.115534][   T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.118987][   T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.177273][ T5750] BUG: Bad page state in process syz.0.16  pfn:54ba8
[  140.180558][ T5750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888054ba83c0 pfn:0x54ba8
[  140.185979][ T5750] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  140.189196][ T5750] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  140.193045][ T5750] raw: ffff888054ba83c0 0000000000000001 00000000ffffffff 0000000000000000
[  140.196654][ T5750] page dumped because: page_pool leak
[  140.198981][ T5750] page_owner tracks the page as allocated
[  140.201642][ T5750] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5750, tgid 5749 (syz.0.16), ts 140177176424, free_ts 140030627126
[  140.208985][ T5750]  post_alloc_hook+0x240/0x2a0
[  140.211083][ T5750]  get_page_from_freelist+0x21e4/0x22c0
[  140.213451][ T5750]  __alloc_frozen_pages_noprof+0x181/0x370
[  140.215830][ T5750]  alloc_pages_bulk_noprof+0x560/0x710
[  140.218161][ T5750]  __page_pool_alloc_netmems_slow+0x127/0x740
[  140.220958][ T5750]  skb_pp_cow_data+0xb47/0x13e0
[  140.223261][ T5750]  do_xdp_generic+0x699/0x11a0
[  140.225409][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  140.228029][ T5750]  __netif_receive_skb+0x72/0x380
[  140.230398][ T5750]  netif_receive_skb+0x1cb/0x790
[  140.232643][ T5750]  tun_rx_batched+0x1b9/0x730
[  140.234912][ T5750]  tun_get_user+0x2b65/0x3ea0
[  140.236967][ T5750]  tun_chr_write_iter+0x113/0x200
[  140.239212][ T5750]  vfs_write+0x5c9/0xb30
[  140.241076][ T5750]  ksys_write+0x145/0x250
[  140.243093][ T5750]  do_syscall_64+0xfa/0x3b0
[  140.244995][ T5750] page last free pid 5688 tgid 5688 stack trace:
[  140.247725][ T5750]  __free_frozen_pages+0xbc4/0xd30
[  140.249963][ T5750]  __put_partials+0x156/0x1a0
[  140.252127][ T5750]  put_cpu_partial+0x17c/0x250
[  140.254435][ T5750]  __slab_free+0x2d5/0x3c0
[  140.256438][ T5750]  qlist_free_all+0x97/0x140
[  140.258530][ T5750]  kasan_quarantine_reduce+0x148/0x160
[  140.261015][ T5750]  __kasan_slab_alloc+0x22/0x80
[  140.263356][ T5750]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  140.265920][ T5750]  __alloc_skb+0x112/0x2d0
[  140.267951][ T5750]  netlink_sendmsg+0x5c6/0xb30
[  140.269998][ T5750]  __sock_sendmsg+0x219/0x270
[  140.272156][ T5750]  __sys_sendto+0x3bd/0x520
[  140.274411][ T5750]  __x64_sys_sendto+0xde/0x100
[  140.276768][ T5750]  do_syscall_64+0xfa/0x3b0
[  140.279202][ T5750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.282637][ T5750] Modules linked in:
[  140.284431][ T5750] CPU: 0 UID: 0 PID: 5750 Comm: syz.0.16 Not tainted syzkaller #0 PREEMPT(full) 
[  140.284444][ T5750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  140.284451][ T5750] Call Trace:
[  140.284458][ T5750]  <TASK>
[  140.284464][ T5750]  dump_stack_lvl+0x189/0x250
[  140.284483][ T5750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.284497][ T5750]  ? __pfx_print_modules+0x10/0x10
[  140.284508][ T5750]  ? tun_rx_batched+0x1b9/0x730
[  140.284518][ T5750]  ? tun_chr_write_iter+0x113/0x200
[  140.284526][ T5750]  ? vfs_write+0x5c9/0xb30
[  140.284536][ T5750]  ? ksys_write+0x145/0x250
[  140.284545][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.284560][ T5750]  bad_page+0x180/0x1c0
[  140.284571][ T5750]  __free_frozen_pages+0xce2/0xd30
[  140.284589][ T5750]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  140.284614][ T5750]  bpf_xdp_adjust_tail+0x1d6/0x220
[  140.284631][ T5750]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  140.284642][ T5750]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  140.284674][ T5750]  do_xdp_generic+0x9f7/0x11a0
[  140.284694][ T5750]  ? __pfx_do_xdp_generic+0x10/0x10
[  140.284705][ T5750]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  140.284736][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  140.284753][ T5750]  ? __pfx___skb_flow_dissect+0x10/0x10
[  140.284768][ T5750]  ? do_user_addr_fault+0xbbc/0x1380
[  140.284783][ T5750]  ? do_user_addr_fault+0xc85/0x1380
[  140.284796][ T5750]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  140.284812][ T5750]  ? irqentry_exit+0x74/0x90
[  140.284824][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.284838][ T5750]  ? __lock_acquire+0xab9/0xd20
[  140.284853][ T5750]  ? netif_receive_skb+0x115/0x790
[  140.284868][ T5750]  ? netif_receive_skb+0x115/0x790
[  140.284893][ T5750]  __netif_receive_skb+0x72/0x380
[  140.284907][ T5750]  ? _copy_from_iter+0x24f/0x1790
[  140.284925][ T5750]  ? netif_receive_skb+0x115/0x790
[  140.284938][ T5750]  netif_receive_skb+0x1cb/0x790
[  140.284952][ T5750]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  140.284965][ T5750]  ? __pfx_netif_receive_skb+0x10/0x10
[  140.284980][ T5750]  ? __pfx__copy_from_iter+0x10/0x10
[  140.284993][ T5750]  ? sock_alloc_send_pskb+0x86b/0x980
[  140.285007][ T5750]  ? tun_rx_batched+0x160/0x730
[  140.285018][ T5750]  tun_rx_batched+0x1b9/0x730
[  140.285028][ T5750]  ? __lock_acquire+0xab9/0xd20
[  140.285041][ T5750]  ? __pfx_tun_rx_batched+0x10/0x10
[  140.285053][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  140.285071][ T5750]  tun_get_user+0x2b65/0x3ea0
[  140.285089][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  140.285101][ T5750]  ? aa_file_perm+0x44d/0x1550
[  140.285115][ T5750]  ? __pfx_tun_get_user+0x10/0x10
[  140.285135][ T5750]  ? ref_tracker_alloc+0x318/0x460
[  140.285148][ T5750]  ? __lock_acquire+0xab9/0xd20
[  140.285158][ T5750]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  140.285175][ T5750]  ? tun_get+0x1c/0x2f0
[  140.285188][ T5750]  ? tun_get+0x1c/0x2f0
[  140.285196][ T5750]  ? tun_get+0x1c/0x2f0
[  140.285209][ T5750]  tun_chr_write_iter+0x113/0x200
[  140.285221][ T5750]  vfs_write+0x5c9/0xb30
[  140.285234][ T5750]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  140.285245][ T5750]  ? __pfx_vfs_write+0x10/0x10
[  140.285262][ T5750]  ? __fget_files+0x2a/0x420
[  140.285280][ T5750]  ksys_write+0x145/0x250
[  140.285293][ T5750]  ? __pfx_ksys_write+0x10/0x10
[  140.285302][ T5750]  ? rcu_is_watching+0x15/0xb0
[  140.285319][ T5750]  ? do_syscall_64+0xbe/0x3b0
[  140.285334][ T5750]  do_syscall_64+0xfa/0x3b0
[  140.285345][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.285355][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.285366][ T5750]  ? clear_bhb_loop+0x60/0xb0
[  140.285379][ T5750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.285389][ T5750] RIP: 0033:0x7f6d23f8d3df
[  140.285400][ T5750] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  140.285409][ T5750] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  140.285420][ T5750] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  140.285428][ T5750] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  140.285434][ T5750] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  140.285441][ T5750] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  140.285446][ T5750] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  140.285464][ T5750]  </TASK>
[  140.285469][ T5750] Disabling lock debugging due to kernel taint
[  140.476788][ T5750] BUG: Bad page state in process syz.0.16  pfn:54b8c
[  140.479823][ T5750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888054b8c2d0 pfn:0x54b8c
[  140.484325][ T5750] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  140.487481][ T5750] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  140.491183][ T5750] raw: ffff888054b8c2d0 0000000000000001 00000000ffffffff 0000000000000000
[  140.494990][ T5750] page dumped because: page_pool leak
[  140.497300][ T5750] page_owner tracks the page as allocated
[  140.499805][ T5750] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5750, tgid 5749 (syz.0.16), ts 140177165377, free_ts 140030638852
[  140.509530][ T5750]  post_alloc_hook+0x240/0x2a0
[  140.512148][ T5750]  get_page_from_freelist+0x21e4/0x22c0
[  140.514618][ T5750]  __alloc_frozen_pages_noprof+0x181/0x370
[  140.517166][ T5750]  alloc_pages_bulk_noprof+0x560/0x710
[  140.519532][ T5750]  __page_pool_alloc_netmems_slow+0x127/0x740
[  140.522304][ T5750]  skb_pp_cow_data+0xb47/0x13e0
[  140.524336][ T5750]  do_xdp_generic+0x699/0x11a0
[  140.526398][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  140.528757][ T5750]  __netif_receive_skb+0x72/0x380
[  140.530876][ T5750]  netif_receive_skb+0x1cb/0x790
[  140.533018][ T5750]  tun_rx_batched+0x1b9/0x730
[  140.535095][ T5750]  tun_get_user+0x2b65/0x3ea0
[  140.537155][ T5750]  tun_chr_write_iter+0x113/0x200
[  140.539410][ T5750]  vfs_write+0x5c9/0xb30
[  140.541282][ T5750]  ksys_write+0x145/0x250
[  140.543311][ T5750]  do_syscall_64+0xfa/0x3b0
[  140.545320][ T5750] page last free pid 5688 tgid 5688 stack trace:
[  140.548570][ T5750]  __free_frozen_pages+0xbc4/0xd30
[  140.551235][ T5750]  __put_partials+0x156/0x1a0
[  140.553692][ T5750]  put_cpu_partial+0x17c/0x250
[  140.555964][ T5750]  __slab_free+0x2d5/0x3c0
[  140.557927][ T5750]  qlist_free_all+0x97/0x140
[  140.559977][ T5750]  kasan_quarantine_reduce+0x148/0x160
[  140.562641][ T5750]  __kasan_slab_alloc+0x22/0x80
[  140.565254][ T5750]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  140.567926][ T5750]  __alloc_skb+0x112/0x2d0
[  140.569887][ T5750]  netlink_sendmsg+0x5c6/0xb30
[  140.572069][ T5750]  __sock_sendmsg+0x219/0x270
[  140.574194][ T5750]  __sys_sendto+0x3bd/0x520
[  140.576195][ T5750]  __x64_sys_sendto+0xde/0x100
[  140.578332][ T5750]  do_syscall_64+0xfa/0x3b0
[  140.580376][ T5750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.583030][ T5750] Modules linked in:
[  140.584775][ T5750] CPU: 0 UID: 0 PID: 5750 Comm: syz.0.16 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  140.584791][ T5750] Tainted: [B]=BAD_PAGE
[  140.584795][ T5750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  140.584801][ T5750] Call Trace:
[  140.584808][ T5750]  <TASK>
[  140.584814][ T5750]  dump_stack_lvl+0x189/0x250
[  140.584830][ T5750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.584842][ T5750]  ? __pfx_print_modules+0x10/0x10
[  140.584852][ T5750]  ? tun_rx_batched+0x1b9/0x730
[  140.584863][ T5750]  ? ksys_write+0x145/0x250
[  140.584872][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.584883][ T5750]  bad_page+0x180/0x1c0
[  140.584892][ T5750]  __free_frozen_pages+0xce2/0xd30
[  140.584907][ T5750]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  140.584925][ T5750]  bpf_xdp_adjust_tail+0x1d6/0x220
[  140.584937][ T5750]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  140.584946][ T5750]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  140.584967][ T5750]  do_xdp_generic+0x9f7/0x11a0
[  140.584981][ T5750]  ? __pfx_do_xdp_generic+0x10/0x10
[  140.584991][ T5750]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  140.585015][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  140.585030][ T5750]  ? __pfx___skb_flow_dissect+0x10/0x10
[  140.585043][ T5750]  ? do_user_addr_fault+0xbbc/0x1380
[  140.585055][ T5750]  ? do_user_addr_fault+0xc85/0x1380
[  140.585066][ T5750]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  140.585081][ T5750]  ? irqentry_exit+0x74/0x90
[  140.585092][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.585102][ T5750]  ? __lock_acquire+0xab9/0xd20
[  140.585115][ T5750]  ? netif_receive_skb+0x115/0x790
[  140.585134][ T5750]  ? netif_receive_skb+0x115/0x790
[  140.585147][ T5750]  __netif_receive_skb+0x72/0x380
[  140.585161][ T5750]  ? _copy_from_iter+0x24f/0x1790
[  140.585176][ T5750]  ? netif_receive_skb+0x115/0x790
[  140.585188][ T5750]  netif_receive_skb+0x1cb/0x790
[  140.585201][ T5750]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  140.585213][ T5750]  ? __pfx_netif_receive_skb+0x10/0x10
[  140.585226][ T5750]  ? __pfx__copy_from_iter+0x10/0x10
[  140.585239][ T5750]  ? sock_alloc_send_pskb+0x86b/0x980
[  140.585252][ T5750]  ? tun_rx_batched+0x160/0x730
[  140.585261][ T5750]  tun_rx_batched+0x1b9/0x730
[  140.585270][ T5750]  ? __lock_acquire+0xab9/0xd20
[  140.585281][ T5750]  ? __pfx_tun_rx_batched+0x10/0x10
[  140.585291][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  140.585302][ T5750]  tun_get_user+0x2b65/0x3ea0
[  140.585314][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  140.585324][ T5750]  ? aa_file_perm+0x44d/0x1550
[  140.585337][ T5750]  ? __pfx_tun_get_user+0x10/0x10
[  140.585350][ T5750]  ? ref_tracker_alloc+0x318/0x460
[  140.585362][ T5750]  ? __lock_acquire+0xab9/0xd20
[  140.585371][ T5750]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  140.585385][ T5750]  ? tun_get+0x1c/0x2f0
[  140.585394][ T5750]  ? tun_get+0x1c/0x2f0
[  140.585402][ T5750]  ? tun_get+0x1c/0x2f0
[  140.585411][ T5750]  tun_chr_write_iter+0x113/0x200
[  140.585421][ T5750]  vfs_write+0x5c9/0xb30
[  140.585433][ T5750]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  140.585442][ T5750]  ? __pfx_vfs_write+0x10/0x10
[  140.585453][ T5750]  ? __fget_files+0x2a/0x420
[  140.585466][ T5750]  ksys_write+0x145/0x250
[  140.585476][ T5750]  ? __pfx_ksys_write+0x10/0x10
[  140.585485][ T5750]  ? rcu_is_watching+0x15/0xb0
[  140.585498][ T5750]  ? do_syscall_64+0xbe/0x3b0
[  140.585510][ T5750]  do_syscall_64+0xfa/0x3b0
[  140.585519][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.585528][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.585536][ T5750]  ? clear_bhb_loop+0x60/0xb0
[  140.585547][ T5750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.585557][ T5750] RIP: 0033:0x7f6d23f8d3df
[  140.585567][ T5750] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  140.585574][ T5750] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  140.585585][ T5750] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  140.585592][ T5750] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  140.585597][ T5750] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  140.585604][ T5750] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  140.585610][ T5750] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  140.585620][ T5750]  </TASK>
[  140.585629][ T5750] BUG: Bad page state in process syz.0.16  pfn:54b9e
[  140.777233][ T5750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888054b9ef00 pfn:0x54b9e
[  140.781648][ T5750] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  140.784916][ T5750] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  140.788683][ T5750] raw: ffff888054b9ef00 0000000000000001 00000000ffffffff 0000000000000000
[  140.792478][ T5750] page dumped because: page_pool leak
[  140.794827][ T5750] page_owner tracks the page as allocated
[  140.797299][ T5750] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5750, tgid 5749 (syz.0.16), ts 140177153960, free_ts 140030649297
[  140.804640][ T5750]  post_alloc_hook+0x240/0x2a0
[  140.806749][ T5750]  get_page_from_freelist+0x21e4/0x22c0
[  140.809161][ T5750]  __alloc_frozen_pages_noprof+0x181/0x370
[  140.811863][ T5750]  alloc_pages_bulk_noprof+0x560/0x710
[  140.814347][ T5750]  __page_pool_alloc_netmems_slow+0x127/0x740
[  140.816955][ T5750]  skb_pp_cow_data+0xb47/0x13e0
[  140.819133][ T5750]  do_xdp_generic+0x699/0x11a0
[  140.821244][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  140.823931][ T5750]  __netif_receive_skb+0x72/0x380
[  140.826096][ T5750]  netif_receive_skb+0x1cb/0x790
[  140.828258][ T5750]  tun_rx_batched+0x1b9/0x730
[  140.830541][ T5750]  tun_get_user+0x2b65/0x3ea0
[  140.832658][ T5750]  tun_chr_write_iter+0x113/0x200
[  140.834871][ T5750]  vfs_write+0x5c9/0xb30
[  140.836685][ T5750]  ksys_write+0x145/0x250
[  140.838567][ T5750]  do_syscall_64+0xfa/0x3b0
[  140.840587][ T5750] page last free pid 5688 tgid 5688 stack trace:
[  140.843468][ T5750]  __free_frozen_pages+0xbc4/0xd30
[  140.845803][ T5750]  __put_partials+0x156/0x1a0
[  140.847849][ T5750]  put_cpu_partial+0x17c/0x250
[  140.849935][ T5750]  __slab_free+0x2d5/0x3c0
[  140.851927][ T5750]  qlist_free_all+0x97/0x140
[  140.853996][ T5750]  kasan_quarantine_reduce+0x148/0x160
[  140.856361][ T5750]  __kasan_slab_alloc+0x22/0x80
[  140.858496][ T5750]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  140.861140][ T5750]  __alloc_skb+0x112/0x2d0
[  140.863156][ T5750]  netlink_sendmsg+0x5c6/0xb30
[  140.865220][ T5750]  __sock_sendmsg+0x219/0x270
[  140.867244][ T5750]  __sys_sendto+0x3bd/0x520
[  140.869182][ T5750]  __x64_sys_sendto+0xde/0x100
[  140.871276][ T5750]  do_syscall_64+0xfa/0x3b0
[  140.873330][ T5750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.875861][ T5750] Modules linked in:
[  140.877588][ T5750] CPU: 0 UID: 0 PID: 5750 Comm: syz.0.16 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  140.877605][ T5750] Tainted: [B]=BAD_PAGE
[  140.877608][ T5750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  140.877615][ T5750] Call Trace:
[  140.877621][ T5750]  <TASK>
[  140.877627][ T5750]  dump_stack_lvl+0x189/0x250
[  140.877643][ T5750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.877654][ T5750]  ? __pfx_print_modules+0x10/0x10
[  140.877664][ T5750]  ? tun_rx_batched+0x1b9/0x730
[  140.877674][ T5750]  ? ksys_write+0x145/0x250
[  140.877684][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.877696][ T5750]  bad_page+0x180/0x1c0
[  140.877705][ T5750]  __free_frozen_pages+0xce2/0xd30
[  140.877719][ T5750]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  140.877736][ T5750]  bpf_xdp_adjust_tail+0x1d6/0x220
[  140.877748][ T5750]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  140.877757][ T5750]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  140.877777][ T5750]  do_xdp_generic+0x9f7/0x11a0
[  140.877791][ T5750]  ? __pfx_do_xdp_generic+0x10/0x10
[  140.877804][ T5750]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  140.877822][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  140.877835][ T5750]  ? __pfx___skb_flow_dissect+0x10/0x10
[  140.877846][ T5750]  ? do_user_addr_fault+0xbbc/0x1380
[  140.877858][ T5750]  ? do_user_addr_fault+0xc85/0x1380
[  140.877869][ T5750]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  140.877883][ T5750]  ? irqentry_exit+0x74/0x90
[  140.877893][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.877903][ T5750]  ? __lock_acquire+0xab9/0xd20
[  140.877919][ T5750]  ? netif_receive_skb+0x115/0x790
[  140.877927][ T5750]  ? netif_receive_skb+0x115/0x790
[  140.877934][ T5750]  __netif_receive_skb+0x72/0x380
[  140.877947][ T5750]  ? _copy_from_iter+0x24f/0x1790
[  140.877965][ T5750]  ? netif_receive_skb+0x115/0x790
[  140.877976][ T5750]  netif_receive_skb+0x1cb/0x790
[  140.877988][ T5750]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  140.877999][ T5750]  ? __pfx_netif_receive_skb+0x10/0x10
[  140.878010][ T5750]  ? __pfx__copy_from_iter+0x10/0x10
[  140.878021][ T5750]  ? sock_alloc_send_pskb+0x86b/0x980
[  140.878034][ T5750]  ? tun_rx_batched+0x160/0x730
[  140.878044][ T5750]  tun_rx_batched+0x1b9/0x730
[  140.878053][ T5750]  ? __lock_acquire+0xab9/0xd20
[  140.878063][ T5750]  ? __pfx_tun_rx_batched+0x10/0x10
[  140.878072][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  140.878082][ T5750]  tun_get_user+0x2b65/0x3ea0
[  140.878093][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  140.878102][ T5750]  ? aa_file_perm+0x44d/0x1550
[  140.878116][ T5750]  ? __pfx_tun_get_user+0x10/0x10
[  140.878128][ T5750]  ? ref_tracker_alloc+0x318/0x460
[  140.878141][ T5750]  ? __lock_acquire+0xab9/0xd20
[  140.878150][ T5750]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  140.878163][ T5750]  ? tun_get+0x1c/0x2f0
[  140.878172][ T5750]  ? tun_get+0x1c/0x2f0
[  140.878180][ T5750]  ? tun_get+0x1c/0x2f0
[  140.878188][ T5750]  tun_chr_write_iter+0x113/0x200
[  140.878198][ T5750]  vfs_write+0x5c9/0xb30
[  140.878209][ T5750]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  140.878218][ T5750]  ? __pfx_vfs_write+0x10/0x10
[  140.878230][ T5750]  ? __fget_files+0x2a/0x420
[  140.878243][ T5750]  ksys_write+0x145/0x250
[  140.878253][ T5750]  ? __pfx_ksys_write+0x10/0x10
[  140.878262][ T5750]  ? rcu_is_watching+0x15/0xb0
[  140.878304][ T5750]  ? do_syscall_64+0xbe/0x3b0
[  140.878318][ T5750]  do_syscall_64+0xfa/0x3b0
[  140.878329][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.878343][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.878351][ T5750]  ? clear_bhb_loop+0x60/0xb0
[  140.878361][ T5750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.878370][ T5750] RIP: 0033:0x7f6d23f8d3df
[  140.878380][ T5750] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  140.878389][ T5750] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  140.878405][ T5750] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  140.878412][ T5750] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  140.878419][ T5750] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  140.878425][ T5750] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  140.878430][ T5750] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  140.878440][ T5750]  </TASK>
[  140.878449][ T5750] BUG: Bad page state in process syz.0.16  pfn:54ba9
[  141.064250][ T5750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888054ba94b0 pfn:0x54ba9
[  141.068506][ T5750] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  141.071671][ T5750] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  141.075586][ T5750] raw: ffff888054ba94b0 0000000000000001 00000000ffffffff 0000000000000000
[  141.079225][ T5750] page dumped because: page_pool leak
[  141.081580][ T5750] page_owner tracks the page as allocated
[  141.084122][ T5750] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5750, tgid 5749 (syz.0.16), ts 140177142441, free_ts 140030665689
[  141.091301][ T5750]  post_alloc_hook+0x240/0x2a0
[  141.093509][ T5750]  get_page_from_freelist+0x21e4/0x22c0
[  141.095979][ T5750]  __alloc_frozen_pages_noprof+0x181/0x370
[  141.098585][ T5750]  alloc_pages_bulk_noprof+0x560/0x710
[  141.100942][ T5750]  __page_pool_alloc_netmems_slow+0x127/0x740
[  141.103717][ T5750]  skb_pp_cow_data+0xb47/0x13e0
[  141.105912][ T5750]  do_xdp_generic+0x699/0x11a0
[  141.108173][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  141.110725][ T5750]  __netif_receive_skb+0x72/0x380
[  141.113036][ T5750]  netif_receive_skb+0x1cb/0x790
[  141.115258][ T5750]  tun_rx_batched+0x1b9/0x730
[  141.117335][ T5750]  tun_get_user+0x2b65/0x3ea0
[  141.119499][ T5750]  tun_chr_write_iter+0x113/0x200
[  141.121839][ T5750]  vfs_write+0x5c9/0xb30
[  141.123837][ T5750]  ksys_write+0x145/0x250
[  141.125770][ T5750]  do_syscall_64+0xfa/0x3b0
[  141.127805][ T5750] page last free pid 5688 tgid 5688 stack trace:
[  141.130613][ T5750]  __free_frozen_pages+0xbc4/0xd30
[  141.132968][ T5750]  __slab_free+0x303/0x3c0
[  141.134966][ T5750]  qlist_free_all+0x97/0x140
[  141.137057][ T5750]  kasan_quarantine_reduce+0x148/0x160
[  141.139818][ T5750]  __kasan_slab_alloc+0x22/0x80
[  141.142060][ T5750]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  141.144722][ T5750]  __alloc_skb+0x112/0x2d0
[  141.146709][ T5750]  netlink_sendmsg+0x5c6/0xb30
[  141.148798][ T5750]  __sock_sendmsg+0x219/0x270
[  141.150989][ T5750]  __sys_sendto+0x3bd/0x520
[  141.153146][ T5750]  __x64_sys_sendto+0xde/0x100
[  141.155335][ T5750]  do_syscall_64+0xfa/0x3b0
[  141.157312][ T5750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.159865][ T5750] Modules linked in:
[  141.161664][ T5750] CPU: 0 UID: 0 PID: 5750 Comm: syz.0.16 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  141.161682][ T5750] Tainted: [B]=BAD_PAGE
[  141.161685][ T5750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  141.161692][ T5750] Call Trace:
[  141.161699][ T5750]  <TASK>
[  141.161705][ T5750]  dump_stack_lvl+0x189/0x250
[  141.161723][ T5750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.161734][ T5750]  ? __pfx_print_modules+0x10/0x10
[  141.161743][ T5750]  ? tun_rx_batched+0x1b9/0x730
[  141.161753][ T5750]  ? ksys_write+0x145/0x250
[  141.161763][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.161774][ T5750]  bad_page+0x180/0x1c0
[  141.161784][ T5750]  __free_frozen_pages+0xce2/0xd30
[  141.161799][ T5750]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  141.161819][ T5750]  bpf_xdp_adjust_tail+0x1d6/0x220
[  141.161830][ T5750]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  141.161839][ T5750]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  141.161873][ T5750]  do_xdp_generic+0x9f7/0x11a0
[  141.161888][ T5750]  ? __pfx_do_xdp_generic+0x10/0x10
[  141.161899][ T5750]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  141.161922][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  141.161938][ T5750]  ? __pfx___skb_flow_dissect+0x10/0x10
[  141.161949][ T5750]  ? do_user_addr_fault+0xbbc/0x1380
[  141.161962][ T5750]  ? do_user_addr_fault+0xc85/0x1380
[  141.161973][ T5750]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  141.161987][ T5750]  ? irqentry_exit+0x74/0x90
[  141.161998][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.162009][ T5750]  ? __lock_acquire+0xab9/0xd20
[  141.162021][ T5750]  ? netif_receive_skb+0x115/0x790
[  141.162033][ T5750]  ? netif_receive_skb+0x115/0x790
[  141.162047][ T5750]  __netif_receive_skb+0x72/0x380
[  141.162060][ T5750]  ? _copy_from_iter+0x24f/0x1790
[  141.162074][ T5750]  ? netif_receive_skb+0x115/0x790
[  141.162086][ T5750]  netif_receive_skb+0x1cb/0x790
[  141.162099][ T5750]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  141.162109][ T5750]  ? __pfx_netif_receive_skb+0x10/0x10
[  141.162121][ T5750]  ? __pfx__copy_from_iter+0x10/0x10
[  141.162134][ T5750]  ? sock_alloc_send_pskb+0x86b/0x980
[  141.162147][ T5750]  ? tun_rx_batched+0x160/0x730
[  141.162156][ T5750]  tun_rx_batched+0x1b9/0x730
[  141.162188][ T5750]  ? __lock_acquire+0xab9/0xd20
[  141.162199][ T5750]  ? __pfx_tun_rx_batched+0x10/0x10
[  141.162208][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  141.162219][ T5750]  tun_get_user+0x2b65/0x3ea0
[  141.162231][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  141.162240][ T5750]  ? aa_file_perm+0x44d/0x1550
[  141.162253][ T5750]  ? __pfx_tun_get_user+0x10/0x10
[  141.162266][ T5750]  ? ref_tracker_alloc+0x318/0x460
[  141.162304][ T5750]  ? __lock_acquire+0xab9/0xd20
[  141.162314][ T5750]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  141.162327][ T5750]  ? tun_get+0x1c/0x2f0
[  141.162336][ T5750]  ? tun_get+0x1c/0x2f0
[  141.162345][ T5750]  ? tun_get+0x1c/0x2f0
[  141.162354][ T5750]  tun_chr_write_iter+0x113/0x200
[  141.162364][ T5750]  vfs_write+0x5c9/0xb30
[  141.162374][ T5750]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  141.162383][ T5750]  ? __pfx_vfs_write+0x10/0x10
[  141.162394][ T5750]  ? __fget_files+0x2a/0x420
[  141.162408][ T5750]  ksys_write+0x145/0x250
[  141.162418][ T5750]  ? __pfx_ksys_write+0x10/0x10
[  141.162427][ T5750]  ? rcu_is_watching+0x15/0xb0
[  141.162440][ T5750]  ? do_syscall_64+0xbe/0x3b0
[  141.162453][ T5750]  do_syscall_64+0xfa/0x3b0
[  141.162463][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.162473][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.162482][ T5750]  ? clear_bhb_loop+0x60/0xb0
[  141.162493][ T5750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.162503][ T5750] RIP: 0033:0x7f6d23f8d3df
[  141.162513][ T5750] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  141.162521][ T5750] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  141.162532][ T5750] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  141.162539][ T5750] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  141.162545][ T5750] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  141.162552][ T5750] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  141.162558][ T5750] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  141.162568][ T5750]  </TASK>
[  141.345189][ T5750] BUG: Bad page state in process syz.0.16  pfn:59862
[  141.348054][ T5750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888059862dc0 pfn:0x59862
[  141.352601][ T5750] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  141.355791][ T5750] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  141.359362][ T5750] raw: ffff888059862dc0 0000000000000001 00000000ffffffff 0000000000000000
[  141.363076][ T5750] page dumped because: page_pool leak
[  141.365480][ T5750] page_owner tracks the page as allocated
[  141.368041][ T5750] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5750, tgid 5749 (syz.0.16), ts 140177131605, free_ts 140043024673
[  141.375831][ T5750]  post_alloc_hook+0x240/0x2a0
[  141.377932][ T5750]  get_page_from_freelist+0x21e4/0x22c0
[  141.380192][ T5750]  __alloc_frozen_pages_noprof+0x181/0x370
[  141.382873][ T5750]  alloc_pages_bulk_noprof+0x560/0x710
[  141.385239][ T5750]  __page_pool_alloc_netmems_slow+0x127/0x740
[  141.388055][ T5750]  skb_pp_cow_data+0xb47/0x13e0
[  141.390265][ T5750]  do_xdp_generic+0x699/0x11a0
[  141.392576][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  141.395083][ T5750]  __netif_receive_skb+0x72/0x380
[  141.397348][ T5750]  netif_receive_skb+0x1cb/0x790
[  141.399574][ T5750]  tun_rx_batched+0x1b9/0x730
[  141.401626][ T5750]  tun_get_user+0x2b65/0x3ea0
[  141.403786][ T5750]  tun_chr_write_iter+0x113/0x200
[  141.405974][ T5750]  vfs_write+0x5c9/0xb30
[  141.408013][ T5750]  ksys_write+0x145/0x250
[  141.410099][ T5750]  do_syscall_64+0xfa/0x3b0
[  141.412501][ T5750] page last free pid 15 tgid 15 stack trace:
[  141.415435][ T5750]  __free_frozen_pages+0xbc4/0xd30
[  141.417994][ T5750]  rcu_core+0xca8/0x1770
[  141.420076][ T5750]  handle_softirqs+0x283/0x870
[  141.422342][ T5750]  run_ksoftirqd+0x9b/0x100
[  141.424325][ T5750]  smpboot_thread_fn+0x53f/0xa60
[  141.426487][ T5750]  kthread+0x711/0x8a0
[  141.428291][ T5750]  ret_from_fork+0x436/0x7d0
[  141.430438][ T5750]  ret_from_fork_asm+0x1a/0x30
[  141.432633][ T5750] Modules linked in:
[  141.434313][ T5750] CPU: 0 UID: 0 PID: 5750 Comm: syz.0.16 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  141.434329][ T5750] Tainted: [B]=BAD_PAGE
[  141.434334][ T5750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  141.434340][ T5750] Call Trace:
[  141.434347][ T5750]  <TASK>
[  141.434352][ T5750]  dump_stack_lvl+0x189/0x250
[  141.434368][ T5750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.434380][ T5750]  ? __pfx_print_modules+0x10/0x10
[  141.434389][ T5750]  ? tun_rx_batched+0x1b9/0x730
[  141.434399][ T5750]  ? ksys_write+0x145/0x250
[  141.434410][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.434421][ T5750]  bad_page+0x180/0x1c0
[  141.434430][ T5750]  __free_frozen_pages+0xce2/0xd30
[  141.434444][ T5750]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  141.434462][ T5750]  bpf_xdp_adjust_tail+0x1d6/0x220
[  141.434475][ T5750]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  141.434485][ T5750]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  141.434504][ T5750]  do_xdp_generic+0x9f7/0x11a0
[  141.434519][ T5750]  ? __pfx_do_xdp_generic+0x10/0x10
[  141.434529][ T5750]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  141.434545][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  141.434560][ T5750]  ? __pfx___skb_flow_dissect+0x10/0x10
[  141.434572][ T5750]  ? do_user_addr_fault+0xbbc/0x1380
[  141.434584][ T5750]  ? do_user_addr_fault+0xc85/0x1380
[  141.434595][ T5750]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  141.434608][ T5750]  ? irqentry_exit+0x74/0x90
[  141.434619][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.434630][ T5750]  ? __lock_acquire+0xab9/0xd20
[  141.434641][ T5750]  ? netif_receive_skb+0x115/0x790
[  141.434653][ T5750]  ? netif_receive_skb+0x115/0x790
[  141.434667][ T5750]  __netif_receive_skb+0x72/0x380
[  141.434680][ T5750]  ? _copy_from_iter+0x24f/0x1790
[  141.434695][ T5750]  ? netif_receive_skb+0x115/0x790
[  141.434707][ T5750]  netif_receive_skb+0x1cb/0x790
[  141.434719][ T5750]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  141.434729][ T5750]  ? __pfx_netif_receive_skb+0x10/0x10
[  141.434741][ T5750]  ? __pfx__copy_from_iter+0x10/0x10
[  141.434753][ T5750]  ? sock_alloc_send_pskb+0x86b/0x980
[  141.434766][ T5750]  ? tun_rx_batched+0x160/0x730
[  141.434776][ T5750]  tun_rx_batched+0x1b9/0x730
[  141.434785][ T5750]  ? __lock_acquire+0xab9/0xd20
[  141.434794][ T5750]  ? __pfx_tun_rx_batched+0x10/0x10
[  141.434802][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  141.434810][ T5750]  tun_get_user+0x2b65/0x3ea0
[  141.434818][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  141.434826][ T5750]  ? aa_file_perm+0x44d/0x1550
[  141.434839][ T5750]  ? __pfx_tun_get_user+0x10/0x10
[  141.434851][ T5750]  ? ref_tracker_alloc+0x318/0x460
[  141.434863][ T5750]  ? __lock_acquire+0xab9/0xd20
[  141.434872][ T5750]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  141.434894][ T5750]  ? tun_get+0x1c/0x2f0
[  141.434903][ T5750]  ? tun_get+0x1c/0x2f0
[  141.434912][ T5750]  ? tun_get+0x1c/0x2f0
[  141.434920][ T5750]  tun_chr_write_iter+0x113/0x200
[  141.434930][ T5750]  vfs_write+0x5c9/0xb30
[  141.434943][ T5750]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  141.434951][ T5750]  ? __pfx_vfs_write+0x10/0x10
[  141.434963][ T5750]  ? __fget_files+0x2a/0x420
[  141.434977][ T5750]  ksys_write+0x145/0x250
[  141.434988][ T5750]  ? __pfx_ksys_write+0x10/0x10
[  141.434997][ T5750]  ? rcu_is_watching+0x15/0xb0
[  141.435011][ T5750]  ? do_syscall_64+0xbe/0x3b0
[  141.435023][ T5750]  do_syscall_64+0xfa/0x3b0
[  141.435033][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.435043][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.435053][ T5750]  ? clear_bhb_loop+0x60/0xb0
[  141.435063][ T5750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.435072][ T5750] RIP: 0033:0x7f6d23f8d3df
[  141.435083][ T5750] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  141.435091][ T5750] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  141.435102][ T5750] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  141.435109][ T5750] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  141.435115][ T5750] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  141.435120][ T5750] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  141.435126][ T5750] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  141.435136][ T5750]  </TASK>
[  141.435145][ T5750] BUG: Bad page state in process syz.0.16  pfn:3ee0d
[  141.626407][ T5750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803ee0ddc0 pfn:0x3ee0d
[  141.630543][ T5750] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  141.633544][ T5750] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  141.637280][ T5750] raw: ffff88803ee0ddc0 0000000000000001 00000000ffffffff 0000000000000000
[  141.640869][ T5750] page dumped because: page_pool leak
[  141.643273][ T5750] page_owner tracks the page as allocated
[  141.645670][ T5750] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5750, tgid 5749 (syz.0.16), ts 140177120485, free_ts 140043043657
[  141.652919][ T5750]  post_alloc_hook+0x240/0x2a0
[  141.655048][ T5750]  get_page_from_freelist+0x21e4/0x22c0
[  141.657520][ T5750]  __alloc_frozen_pages_noprof+0x181/0x370
[  141.660004][ T5750]  alloc_pages_bulk_noprof+0x560/0x710
[  141.662515][ T5750]  __page_pool_alloc_netmems_slow+0x127/0x740
[  141.665152][ T5750]  skb_pp_cow_data+0xb47/0x13e0
[  141.667275][ T5750]  do_xdp_generic+0x699/0x11a0
[  141.669326][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  141.671777][ T5750]  __netif_receive_skb+0x72/0x380
[  141.674056][ T5750]  netif_receive_skb+0x1cb/0x790
[  141.676208][ T5750]  tun_rx_batched+0x1b9/0x730
[  141.678215][ T5750]  tun_get_user+0x2b65/0x3ea0
[  141.680289][ T5750]  tun_chr_write_iter+0x113/0x200
[  141.682561][ T5750]  vfs_write+0x5c9/0xb30
[  141.684408][ T5750]  ksys_write+0x145/0x250
[  141.686297][ T5750]  do_syscall_64+0xfa/0x3b0
[  141.688263][ T5750] page last free pid 15 tgid 15 stack trace:
[  141.690933][ T5750]  __free_frozen_pages+0xbc4/0xd30
[  141.693271][ T5750]  rcu_core+0xca8/0x1770
[  141.695118][ T5750]  handle_softirqs+0x283/0x870
[  141.697215][ T5750]  run_ksoftirqd+0x9b/0x100
[  141.699200][ T5750]  smpboot_thread_fn+0x53f/0xa60
[  141.701439][ T5750]  kthread+0x711/0x8a0
[  141.703367][ T5750]  ret_from_fork+0x436/0x7d0
[  141.705540][ T5750]  ret_from_fork_asm+0x1a/0x30
[  141.707652][ T5750] Modules linked in:
[  141.709407][ T5750] CPU: 0 UID: 0 PID: 5750 Comm: syz.0.16 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  141.709428][ T5750] Tainted: [B]=BAD_PAGE
[  141.709432][ T5750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  141.709437][ T5750] Call Trace:
[  141.709444][ T5750]  <TASK>
[  141.709450][ T5750]  dump_stack_lvl+0x189/0x250
[  141.709466][ T5750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.709478][ T5750]  ? __pfx_print_modules+0x10/0x10
[  141.709487][ T5750]  ? tun_rx_batched+0x1b9/0x730
[  141.709502][ T5750]  ? ksys_write+0x145/0x250
[  141.709513][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.709525][ T5750]  bad_page+0x180/0x1c0
[  141.709535][ T5750]  __free_frozen_pages+0xce2/0xd30
[  141.709548][ T5750]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  141.709568][ T5750]  bpf_xdp_adjust_tail+0x1d6/0x220
[  141.709580][ T5750]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  141.709589][ T5750]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  141.709609][ T5750]  do_xdp_generic+0x9f7/0x11a0
[  141.709624][ T5750]  ? __pfx_do_xdp_generic+0x10/0x10
[  141.709635][ T5750]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  141.709651][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  141.709665][ T5750]  ? __pfx___skb_flow_dissect+0x10/0x10
[  141.709677][ T5750]  ? do_user_addr_fault+0xbbc/0x1380
[  141.709689][ T5750]  ? do_user_addr_fault+0xc85/0x1380
[  141.709699][ T5750]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  141.709714][ T5750]  ? irqentry_exit+0x74/0x90
[  141.709724][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.709733][ T5750]  ? __lock_acquire+0xab9/0xd20
[  141.709745][ T5750]  ? netif_receive_skb+0x115/0x790
[  141.709758][ T5750]  ? netif_receive_skb+0x115/0x790
[  141.709769][ T5750]  __netif_receive_skb+0x72/0x380
[  141.709782][ T5750]  ? _copy_from_iter+0x24f/0x1790
[  141.709796][ T5750]  ? netif_receive_skb+0x115/0x790
[  141.709808][ T5750]  netif_receive_skb+0x1cb/0x790
[  141.709820][ T5750]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  141.709830][ T5750]  ? __pfx_netif_receive_skb+0x10/0x10
[  141.709842][ T5750]  ? __pfx__copy_from_iter+0x10/0x10
[  141.709854][ T5750]  ? sock_alloc_send_pskb+0x86b/0x980
[  141.709866][ T5750]  ? tun_rx_batched+0x160/0x730
[  141.709876][ T5750]  tun_rx_batched+0x1b9/0x730
[  141.709884][ T5750]  ? __lock_acquire+0xab9/0xd20
[  141.709894][ T5750]  ? __pfx_tun_rx_batched+0x10/0x10
[  141.709903][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  141.709920][ T5750]  tun_get_user+0x2b65/0x3ea0
[  141.709932][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  141.709940][ T5750]  ? aa_file_perm+0x44d/0x1550
[  141.709953][ T5750]  ? __pfx_tun_get_user+0x10/0x10
[  141.709966][ T5750]  ? ref_tracker_alloc+0x318/0x460
[  141.709978][ T5750]  ? __lock_acquire+0xab9/0xd20
[  141.709988][ T5750]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  141.710001][ T5750]  ? tun_get+0x1c/0x2f0
[  141.710009][ T5750]  ? tun_get+0x1c/0x2f0
[  141.710017][ T5750]  ? tun_get+0x1c/0x2f0
[  141.710025][ T5750]  tun_chr_write_iter+0x113/0x200
[  141.710034][ T5750]  vfs_write+0x5c9/0xb30
[  141.710045][ T5750]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  141.710054][ T5750]  ? __pfx_vfs_write+0x10/0x10
[  141.710065][ T5750]  ? __fget_files+0x2a/0x420
[  141.710077][ T5750]  ksys_write+0x145/0x250
[  141.710086][ T5750]  ? __pfx_ksys_write+0x10/0x10
[  141.710094][ T5750]  ? rcu_is_watching+0x15/0xb0
[  141.710107][ T5750]  ? do_syscall_64+0xbe/0x3b0
[  141.710118][ T5750]  do_syscall_64+0xfa/0x3b0
[  141.710128][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.710138][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.710146][ T5750]  ? clear_bhb_loop+0x60/0xb0
[  141.710156][ T5750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.710166][ T5750] RIP: 0033:0x7f6d23f8d3df
[  141.710177][ T5750] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  141.710185][ T5750] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  141.710198][ T5750] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  141.710204][ T5750] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  141.710210][ T5750] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  141.710216][ T5750] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  141.710222][ T5750] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  141.710231][ T5750]  </TASK>
[  141.710240][ T5750] BUG: Bad page state in process syz.0.16  pfn:410fc
[  141.900169][ T5750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880410fcdc0 pfn:0x410fc
[  141.904658][ T5750] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  141.907786][ T5750] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  141.911467][ T5750] raw: ffff8880410fcdc0 0000000000000001 00000000ffffffff 0000000000000000
[  141.915244][ T5750] page dumped because: page_pool leak
[  141.917519][ T5750] page_owner tracks the page as allocated
[  141.920033][ T5750] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5750, tgid 5749 (syz.0.16), ts 140177109405, free_ts 140043060905
[  141.927188][ T5750]  post_alloc_hook+0x240/0x2a0
[  141.929372][ T5750]  get_page_from_freelist+0x21e4/0x22c0
[  141.931869][ T5750]  __alloc_frozen_pages_noprof+0x181/0x370
[  141.934571][ T5750]  alloc_pages_bulk_noprof+0x560/0x710
[  141.937022][ T5750]  __page_pool_alloc_netmems_slow+0x127/0x740
[  141.939751][ T5750]  skb_pp_cow_data+0xb47/0x13e0
[  141.942020][ T5750]  do_xdp_generic+0x699/0x11a0
[  141.944313][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  141.946909][ T5750]  __netif_receive_skb+0x72/0x380
[  141.949063][ T5750]  netif_receive_skb+0x1cb/0x790
[  141.951215][ T5750]  tun_rx_batched+0x1b9/0x730
[  141.953305][ T5750]  tun_get_user+0x2b65/0x3ea0
[  141.955372][ T5750]  tun_chr_write_iter+0x113/0x200
[  141.957635][ T5750]  vfs_write+0x5c9/0xb30
[  141.959488][ T5750]  ksys_write+0x145/0x250
[  141.961355][ T5750]  do_syscall_64+0xfa/0x3b0
[  141.963380][ T5750] page last free pid 15 tgid 15 stack trace:
[  141.965856][ T5750]  __free_frozen_pages+0xbc4/0xd30
[  141.968543][ T5750]  rcu_core+0xca8/0x1770
[  141.970867][ T5750]  handle_softirqs+0x283/0x870
[  141.973018][ T5750]  run_ksoftirqd+0x9b/0x100
[  141.974922][ T5750]  smpboot_thread_fn+0x53f/0xa60
[  141.977013][ T5750]  kthread+0x711/0x8a0
[  141.978823][ T5750]  ret_from_fork+0x436/0x7d0
[  141.980822][ T5750]  ret_from_fork_asm+0x1a/0x30
[  141.983063][ T5750] Modules linked in:
[  141.984725][ T5750] CPU: 0 UID: 0 PID: 5750 Comm: syz.0.16 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  141.984741][ T5750] Tainted: [B]=BAD_PAGE
[  141.984744][ T5750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  141.984750][ T5750] Call Trace:
[  141.984757][ T5750]  <TASK>
[  141.984764][ T5750]  dump_stack_lvl+0x189/0x250
[  141.984779][ T5750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.984791][ T5750]  ? __pfx_print_modules+0x10/0x10
[  141.984801][ T5750]  ? tun_rx_batched+0x1b9/0x730
[  141.984810][ T5750]  ? ksys_write+0x145/0x250
[  141.984820][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.984832][ T5750]  bad_page+0x180/0x1c0
[  141.984842][ T5750]  __free_frozen_pages+0xce2/0xd30
[  141.984855][ T5750]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  141.984873][ T5750]  bpf_xdp_adjust_tail+0x1d6/0x220
[  141.984886][ T5750]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  141.984895][ T5750]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  141.984914][ T5750]  do_xdp_generic+0x9f7/0x11a0
[  141.984930][ T5750]  ? __pfx_do_xdp_generic+0x10/0x10
[  141.984940][ T5750]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  141.984954][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  141.984968][ T5750]  ? __pfx___skb_flow_dissect+0x10/0x10
[  141.984979][ T5750]  ? do_user_addr_fault+0xbbc/0x1380
[  141.984991][ T5750]  ? do_user_addr_fault+0xc85/0x1380
[  141.985000][ T5750]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  141.985013][ T5750]  ? irqentry_exit+0x74/0x90
[  141.985024][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.985034][ T5750]  ? __lock_acquire+0xab9/0xd20
[  141.985045][ T5750]  ? netif_receive_skb+0x115/0x790
[  141.985058][ T5750]  ? netif_receive_skb+0x115/0x790
[  141.985071][ T5750]  __netif_receive_skb+0x72/0x380
[  141.985084][ T5750]  ? _copy_from_iter+0x24f/0x1790
[  141.985098][ T5750]  ? netif_receive_skb+0x115/0x790
[  141.985110][ T5750]  netif_receive_skb+0x1cb/0x790
[  141.985122][ T5750]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  141.985133][ T5750]  ? __pfx_netif_receive_skb+0x10/0x10
[  141.985154][ T5750]  ? __pfx__copy_from_iter+0x10/0x10
[  141.985166][ T5750]  ? sock_alloc_send_pskb+0x86b/0x980
[  141.985179][ T5750]  ? tun_rx_batched+0x160/0x730
[  141.985188][ T5750]  tun_rx_batched+0x1b9/0x730
[  141.985197][ T5750]  ? __lock_acquire+0xab9/0xd20
[  141.985207][ T5750]  ? __pfx_tun_rx_batched+0x10/0x10
[  141.985217][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  141.985229][ T5750]  tun_get_user+0x2b65/0x3ea0
[  141.985241][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  141.985250][ T5750]  ? aa_file_perm+0x44d/0x1550
[  141.985263][ T5750]  ? __pfx_tun_get_user+0x10/0x10
[  141.985275][ T5750]  ? ref_tracker_alloc+0x318/0x460
[  141.985288][ T5750]  ? __lock_acquire+0xab9/0xd20
[  141.985298][ T5750]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  141.985311][ T5750]  ? tun_get+0x1c/0x2f0
[  141.985320][ T5750]  ? tun_get+0x1c/0x2f0
[  141.985328][ T5750]  ? tun_get+0x1c/0x2f0
[  141.985337][ T5750]  tun_chr_write_iter+0x113/0x200
[  141.985347][ T5750]  vfs_write+0x5c9/0xb30
[  141.985358][ T5750]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  141.985367][ T5750]  ? __pfx_vfs_write+0x10/0x10
[  141.985379][ T5750]  ? __fget_files+0x2a/0x420
[  141.985392][ T5750]  ksys_write+0x145/0x250
[  141.985402][ T5750]  ? __pfx_ksys_write+0x10/0x10
[  141.985412][ T5750]  ? rcu_is_watching+0x15/0xb0
[  141.985425][ T5750]  ? do_syscall_64+0xbe/0x3b0
[  141.985437][ T5750]  do_syscall_64+0xfa/0x3b0
[  141.985448][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.985457][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.985467][ T5750]  ? clear_bhb_loop+0x60/0xb0
[  141.985477][ T5750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.985486][ T5750] RIP: 0033:0x7f6d23f8d3df
[  141.985497][ T5750] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  141.985506][ T5750] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  141.985517][ T5750] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  141.985524][ T5750] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  141.985530][ T5750] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  141.985536][ T5750] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  141.985542][ T5750] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  141.985551][ T5750]  </TASK>
[  141.985560][ T5750] BUG: Bad page state in process syz.0.16  pfn:54b3a
[  142.174551][ T5750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888054b3a280 pfn:0x54b3a
[  142.178987][ T5750] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  142.182303][ T5750] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  142.185958][ T5750] raw: ffff888054b3a280 0000000000000001 00000000ffffffff 0000000000000000
[  142.189654][ T5750] page dumped because: page_pool leak
[  142.192054][ T5750] page_owner tracks the page as allocated
[  142.194684][ T5750] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5750, tgid 5749 (syz.0.16), ts 140177097165, free_ts 140043076299
[  142.202025][ T5750]  post_alloc_hook+0x240/0x2a0
[  142.204264][ T5750]  get_page_from_freelist+0x21e4/0x22c0
[  142.206741][ T5750]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.209366][ T5750]  alloc_pages_bulk_noprof+0x560/0x710
[  142.211903][ T5750]  __page_pool_alloc_netmems_slow+0x127/0x740
[  142.214679][ T5750]  skb_pp_cow_data+0xb47/0x13e0
[  142.216850][ T5750]  do_xdp_generic+0x699/0x11a0
[  142.218908][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  142.221434][ T5750]  __netif_receive_skb+0x72/0x380
[  142.223782][ T5750]  netif_receive_skb+0x1cb/0x790
[  142.225893][ T5750]  tun_rx_batched+0x1b9/0x730
[  142.227978][ T5750]  tun_get_user+0x2b65/0x3ea0
[  142.229964][ T5750]  tun_chr_write_iter+0x113/0x200
[  142.232367][ T5750]  vfs_write+0x5c9/0xb30
[  142.234242][ T5750]  ksys_write+0x145/0x250
[  142.236098][ T5750]  do_syscall_64+0xfa/0x3b0
[  142.238525][ T5750] page last free pid 15 tgid 15 stack trace:
[  142.241710][ T5750]  __free_frozen_pages+0xbc4/0xd30
[  142.244019][ T5750]  rcu_core+0xca8/0x1770
[  142.245837][ T5750]  handle_softirqs+0x283/0x870
[  142.247926][ T5750]  run_ksoftirqd+0x9b/0x100
[  142.249927][ T5750]  smpboot_thread_fn+0x53f/0xa60
[  142.252112][ T5750]  kthread+0x711/0x8a0
[  142.253969][ T5750]  ret_from_fork+0x436/0x7d0
[  142.256037][ T5750]  ret_from_fork_asm+0x1a/0x30
[  142.258086][ T5750] Modules linked in:
[  142.259808][ T5750] CPU: 0 UID: 0 PID: 5750 Comm: syz.0.16 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  142.259824][ T5750] Tainted: [B]=BAD_PAGE
[  142.259828][ T5750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  142.259834][ T5750] Call Trace:
[  142.259841][ T5750]  <TASK>
[  142.259846][ T5750]  dump_stack_lvl+0x189/0x250
[  142.259860][ T5750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.259871][ T5750]  ? __pfx_print_modules+0x10/0x10
[  142.259880][ T5750]  ? tun_rx_batched+0x1b9/0x730
[  142.259899][ T5750]  ? ksys_write+0x145/0x250
[  142.259909][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.259920][ T5750]  bad_page+0x180/0x1c0
[  142.259929][ T5750]  __free_frozen_pages+0xce2/0xd30
[  142.259943][ T5750]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  142.259960][ T5750]  bpf_xdp_adjust_tail+0x1d6/0x220
[  142.259972][ T5750]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  142.259981][ T5750]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  142.260002][ T5750]  do_xdp_generic+0x9f7/0x11a0
[  142.260017][ T5750]  ? __pfx_do_xdp_generic+0x10/0x10
[  142.260027][ T5750]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  142.260045][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  142.260061][ T5750]  ? __pfx___skb_flow_dissect+0x10/0x10
[  142.260071][ T5750]  ? do_user_addr_fault+0xbbc/0x1380
[  142.260084][ T5750]  ? do_user_addr_fault+0xc85/0x1380
[  142.260093][ T5750]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  142.260106][ T5750]  ? irqentry_exit+0x74/0x90
[  142.260117][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.260126][ T5750]  ? __lock_acquire+0xab9/0xd20
[  142.260137][ T5750]  ? netif_receive_skb+0x115/0x790
[  142.260148][ T5750]  ? netif_receive_skb+0x115/0x790
[  142.260161][ T5750]  __netif_receive_skb+0x72/0x380
[  142.260174][ T5750]  ? _copy_from_iter+0x24f/0x1790
[  142.260189][ T5750]  ? netif_receive_skb+0x115/0x790
[  142.260201][ T5750]  netif_receive_skb+0x1cb/0x790
[  142.260213][ T5750]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  142.260224][ T5750]  ? __pfx_netif_receive_skb+0x10/0x10
[  142.260236][ T5750]  ? __pfx__copy_from_iter+0x10/0x10
[  142.260249][ T5750]  ? sock_alloc_send_pskb+0x86b/0x980
[  142.260262][ T5750]  ? tun_rx_batched+0x160/0x730
[  142.260270][ T5750]  tun_rx_batched+0x1b9/0x730
[  142.260279][ T5750]  ? __lock_acquire+0xab9/0xd20
[  142.260289][ T5750]  ? __pfx_tun_rx_batched+0x10/0x10
[  142.260298][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  142.260309][ T5750]  tun_get_user+0x2b65/0x3ea0
[  142.260321][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  142.260331][ T5750]  ? aa_file_perm+0x44d/0x1550
[  142.260344][ T5750]  ? __pfx_tun_get_user+0x10/0x10
[  142.260356][ T5750]  ? ref_tracker_alloc+0x318/0x460
[  142.260368][ T5750]  ? __lock_acquire+0xab9/0xd20
[  142.260377][ T5750]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  142.260391][ T5750]  ? tun_get+0x1c/0x2f0
[  142.260400][ T5750]  ? tun_get+0x1c/0x2f0
[  142.260408][ T5750]  ? tun_get+0x1c/0x2f0
[  142.260417][ T5750]  tun_chr_write_iter+0x113/0x200
[  142.260425][ T5750]  vfs_write+0x5c9/0xb30
[  142.260435][ T5750]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  142.260444][ T5750]  ? __pfx_vfs_write+0x10/0x10
[  142.260454][ T5750]  ? __fget_files+0x2a/0x420
[  142.260468][ T5750]  ksys_write+0x145/0x250
[  142.260478][ T5750]  ? __pfx_ksys_write+0x10/0x10
[  142.260487][ T5750]  ? rcu_is_watching+0x15/0xb0
[  142.260499][ T5750]  ? do_syscall_64+0xbe/0x3b0
[  142.260511][ T5750]  do_syscall_64+0xfa/0x3b0
[  142.260520][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.260530][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.260539][ T5750]  ? clear_bhb_loop+0x60/0xb0
[  142.260550][ T5750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.260558][ T5750] RIP: 0033:0x7f6d23f8d3df
[  142.260569][ T5750] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  142.260576][ T5750] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  142.260587][ T5750] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  142.260594][ T5750] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  142.260600][ T5750] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  142.260606][ T5750] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  142.260611][ T5750] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  142.260620][ T5750]  </TASK>
[  142.260629][ T5750] BUG: Bad page state in process syz.0.16  pfn:355f6
[  142.448762][ T5750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880355f68c0 pfn:0x355f6
[  142.453086][ T5750] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  142.456159][ T5750] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  142.459811][ T5750] raw: ffff8880355f68c0 0000000000000001 00000000ffffffff 0000000000000000
[  142.463721][ T5750] page dumped because: page_pool leak
[  142.466031][ T5750] page_owner tracks the page as allocated
[  142.469207][ T5750] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5750, tgid 5749 (syz.0.16), ts 140177084941, free_ts 140043090660
[  142.476901][ T5750]  post_alloc_hook+0x240/0x2a0
[  142.478977][ T5750]  get_page_from_freelist+0x21e4/0x22c0
[  142.481396][ T5750]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.483991][ T5750]  alloc_pages_bulk_noprof+0x560/0x710
[  142.486328][ T5750]  __page_pool_alloc_netmems_slow+0x127/0x740
[  142.488852][ T5750]  skb_pp_cow_data+0xb47/0x13e0
[  142.490998][ T5750]  do_xdp_generic+0x699/0x11a0
[  142.493173][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  142.495648][ T5750]  __netif_receive_skb+0x72/0x380
[  142.497857][ T5750]  netif_receive_skb+0x1cb/0x790
[  142.500074][ T5750]  tun_rx_batched+0x1b9/0x730
[  142.502150][ T5750]  tun_get_user+0x2b65/0x3ea0
[  142.504270][ T5750]  tun_chr_write_iter+0x113/0x200
[  142.506456][ T5750]  vfs_write+0x5c9/0xb30
[  142.508319][ T5750]  ksys_write+0x145/0x250
[  142.510139][ T5750]  do_syscall_64+0xfa/0x3b0
[  142.512350][ T5750] page last free pid 15 tgid 15 stack trace:
[  142.514992][ T5750]  __free_frozen_pages+0xbc4/0xd30
[  142.517199][ T5750]  rcu_core+0xca8/0x1770
[  142.519088][ T5750]  handle_softirqs+0x283/0x870
[  142.521194][ T5750]  run_ksoftirqd+0x9b/0x100
[  142.523357][ T5750]  smpboot_thread_fn+0x53f/0xa60
[  142.525585][ T5750]  kthread+0x711/0x8a0
[  142.527363][ T5750]  ret_from_fork+0x436/0x7d0
[  142.529340][ T5750]  ret_from_fork_asm+0x1a/0x30
[  142.531494][ T5750] Modules linked in:
[  142.533320][ T5750] CPU: 0 UID: 0 PID: 5750 Comm: syz.0.16 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  142.533336][ T5750] Tainted: [B]=BAD_PAGE
[  142.533350][ T5750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  142.533357][ T5750] Call Trace:
[  142.533392][ T5750]  <TASK>
[  142.533413][ T5750]  dump_stack_lvl+0x189/0x250
[  142.533429][ T5750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.533441][ T5750]  ? __pfx_print_modules+0x10/0x10
[  142.533450][ T5750]  ? tun_rx_batched+0x1b9/0x730
[  142.533459][ T5750]  ? ksys_write+0x145/0x250
[  142.533469][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.533480][ T5750]  bad_page+0x180/0x1c0
[  142.533490][ T5750]  __free_frozen_pages+0xce2/0xd30
[  142.533503][ T5750]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  142.533578][ T5750]  bpf_xdp_adjust_tail+0x1d6/0x220
[  142.533599][ T5750]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  142.533608][ T5750]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  142.533629][ T5750]  do_xdp_generic+0x9f7/0x11a0
[  142.533643][ T5750]  ? __pfx_do_xdp_generic+0x10/0x10
[  142.533653][ T5750]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  142.533670][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  142.533684][ T5750]  ? __pfx___skb_flow_dissect+0x10/0x10
[  142.533695][ T5750]  ? do_user_addr_fault+0xbbc/0x1380
[  142.533707][ T5750]  ? do_user_addr_fault+0xc85/0x1380
[  142.533718][ T5750]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  142.533732][ T5750]  ? irqentry_exit+0x74/0x90
[  142.533742][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.533753][ T5750]  ? __lock_acquire+0xab9/0xd20
[  142.533765][ T5750]  ? netif_receive_skb+0x115/0x790
[  142.533778][ T5750]  ? netif_receive_skb+0x115/0x790
[  142.533791][ T5750]  __netif_receive_skb+0x72/0x380
[  142.533803][ T5750]  ? _copy_from_iter+0x24f/0x1790
[  142.533818][ T5750]  ? netif_receive_skb+0x115/0x790
[  142.533829][ T5750]  netif_receive_skb+0x1cb/0x790
[  142.533841][ T5750]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  142.533852][ T5750]  ? __pfx_netif_receive_skb+0x10/0x10
[  142.533865][ T5750]  ? __pfx__copy_from_iter+0x10/0x10
[  142.533876][ T5750]  ? sock_alloc_send_pskb+0x86b/0x980
[  142.533889][ T5750]  ? tun_rx_batched+0x160/0x730
[  142.533898][ T5750]  tun_rx_batched+0x1b9/0x730
[  142.533919][ T5750]  ? __lock_acquire+0xab9/0xd20
[  142.533929][ T5750]  ? __pfx_tun_rx_batched+0x10/0x10
[  142.533938][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  142.533949][ T5750]  tun_get_user+0x2b65/0x3ea0
[  142.533962][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  142.533970][ T5750]  ? aa_file_perm+0x44d/0x1550
[  142.533983][ T5750]  ? __pfx_tun_get_user+0x10/0x10
[  142.533995][ T5750]  ? ref_tracker_alloc+0x318/0x460
[  142.534007][ T5750]  ? __lock_acquire+0xab9/0xd20
[  142.534017][ T5750]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  142.534029][ T5750]  ? tun_get+0x1c/0x2f0
[  142.534037][ T5750]  ? tun_get+0x1c/0x2f0
[  142.534045][ T5750]  ? tun_get+0x1c/0x2f0
[  142.534054][ T5750]  tun_chr_write_iter+0x113/0x200
[  142.534063][ T5750]  vfs_write+0x5c9/0xb30
[  142.534074][ T5750]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  142.534084][ T5750]  ? __pfx_vfs_write+0x10/0x10
[  142.534095][ T5750]  ? __fget_files+0x2a/0x420
[  142.534109][ T5750]  ksys_write+0x145/0x250
[  142.534120][ T5750]  ? __pfx_ksys_write+0x10/0x10
[  142.534128][ T5750]  ? rcu_is_watching+0x15/0xb0
[  142.534141][ T5750]  ? do_syscall_64+0xbe/0x3b0
[  142.534153][ T5750]  do_syscall_64+0xfa/0x3b0
[  142.534163][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.534179][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.534188][ T5750]  ? clear_bhb_loop+0x60/0xb0
[  142.534199][ T5750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.534209][ T5750] RIP: 0033:0x7f6d23f8d3df
[  142.534285][ T5750] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  142.534295][ T5750] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  142.534306][ T5750] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  142.534313][ T5750] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  142.534320][ T5750] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  142.534326][ T5750] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  142.534332][ T5750] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  142.534343][ T5750]  </TASK>
[  142.534364][ T5750] BUG: Bad page state in process syz.0.16  pfn:3ef13
[  142.721433][ T5750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803ef13500 pfn:0x3ef13
[  142.725816][ T5750] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  142.728943][ T5750] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  142.732694][ T5750] raw: ffff88803ef13500 0000000000000001 00000000ffffffff 0000000000000000
[  142.736308][ T5750] page dumped because: page_pool leak
[  142.738662][ T5750] page_owner tracks the page as allocated
[  142.741157][ T5750] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5750, tgid 5749 (syz.0.16), ts 140177073736, free_ts 140043104015
[  142.748234][ T5750]  post_alloc_hook+0x240/0x2a0
[  142.750439][ T5750]  get_page_from_freelist+0x21e4/0x22c0
[  142.752809][ T5750]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.755289][ T5750]  alloc_pages_bulk_noprof+0x560/0x710
[  142.757664][ T5750]  __page_pool_alloc_netmems_slow+0x127/0x740
[  142.760498][ T5750]  skb_pp_cow_data+0xb47/0x13e0
[  142.762623][ T5750]  do_xdp_generic+0x699/0x11a0
[  142.764647][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  142.767114][ T5750]  __netif_receive_skb+0x72/0x380
[  142.769247][ T5750]  netif_receive_skb+0x1cb/0x790
[  142.771432][ T5750]  tun_rx_batched+0x1b9/0x730
[  142.773532][ T5750]  tun_get_user+0x2b65/0x3ea0
[  142.775599][ T5750]  tun_chr_write_iter+0x113/0x200
[  142.777727][ T5750]  vfs_write+0x5c9/0xb30
[  142.779603][ T5750]  ksys_write+0x145/0x250
[  142.781473][ T5750]  do_syscall_64+0xfa/0x3b0
[  142.783584][ T5750] page last free pid 15 tgid 15 stack trace:
[  142.786086][ T5750]  __free_frozen_pages+0xbc4/0xd30
[  142.788287][ T5750]  rcu_core+0xca8/0x1770
[  142.790120][ T5750]  handle_softirqs+0x283/0x870
[  142.792430][ T5750]  run_ksoftirqd+0x9b/0x100
[  142.794834][ T5750]  smpboot_thread_fn+0x53f/0xa60
[  142.797423][ T5750]  kthread+0x711/0x8a0
[  142.799362][ T5750]  ret_from_fork+0x436/0x7d0
[  142.801444][ T5750]  ret_from_fork_asm+0x1a/0x30
[  142.803607][ T5750] Modules linked in:
[  142.805196][ T5750] CPU: 0 UID: 0 PID: 5750 Comm: syz.0.16 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  142.805212][ T5750] Tainted: [B]=BAD_PAGE
[  142.805216][ T5750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  142.805222][ T5750] Call Trace:
[  142.805229][ T5750]  <TASK>
[  142.805236][ T5750]  dump_stack_lvl+0x189/0x250
[  142.805252][ T5750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.805263][ T5750]  ? __pfx_print_modules+0x10/0x10
[  142.805272][ T5750]  ? tun_rx_batched+0x1b9/0x730
[  142.805283][ T5750]  ? ksys_write+0x145/0x250
[  142.805293][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.805303][ T5750]  bad_page+0x180/0x1c0
[  142.805312][ T5750]  __free_frozen_pages+0xce2/0xd30
[  142.805327][ T5750]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  142.805344][ T5750]  bpf_xdp_adjust_tail+0x1d6/0x220
[  142.805357][ T5750]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  142.805366][ T5750]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  142.805383][ T5750]  do_xdp_generic+0x9f7/0x11a0
[  142.805398][ T5750]  ? __pfx_do_xdp_generic+0x10/0x10
[  142.805409][ T5750]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  142.805427][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  142.805443][ T5750]  ? __pfx___skb_flow_dissect+0x10/0x10
[  142.805455][ T5750]  ? do_user_addr_fault+0xbbc/0x1380
[  142.805467][ T5750]  ? do_user_addr_fault+0xc85/0x1380
[  142.805478][ T5750]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  142.805488][ T5750]  ? irqentry_exit+0x74/0x90
[  142.805496][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.805502][ T5750]  ? __lock_acquire+0xab9/0xd20
[  142.805509][ T5750]  ? netif_receive_skb+0x115/0x790
[  142.805519][ T5750]  ? netif_receive_skb+0x115/0x790
[  142.805531][ T5750]  __netif_receive_skb+0x72/0x380
[  142.805544][ T5750]  ? _copy_from_iter+0x24f/0x1790
[  142.805559][ T5750]  ? netif_receive_skb+0x115/0x790
[  142.805571][ T5750]  netif_receive_skb+0x1cb/0x790
[  142.805584][ T5750]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  142.805595][ T5750]  ? __pfx_netif_receive_skb+0x10/0x10
[  142.805608][ T5750]  ? __pfx__copy_from_iter+0x10/0x10
[  142.805620][ T5750]  ? sock_alloc_send_pskb+0x86b/0x980
[  142.805632][ T5750]  ? tun_rx_batched+0x160/0x730
[  142.805642][ T5750]  tun_rx_batched+0x1b9/0x730
[  142.805651][ T5750]  ? __lock_acquire+0xab9/0xd20
[  142.805657][ T5750]  ? __pfx_tun_rx_batched+0x10/0x10
[  142.805666][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  142.805676][ T5750]  tun_get_user+0x2b65/0x3ea0
[  142.805687][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  142.805696][ T5750]  ? aa_file_perm+0x44d/0x1550
[  142.805709][ T5750]  ? __pfx_tun_get_user+0x10/0x10
[  142.805720][ T5750]  ? ref_tracker_alloc+0x318/0x460
[  142.805731][ T5750]  ? __lock_acquire+0xab9/0xd20
[  142.805739][ T5750]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  142.805752][ T5750]  ? tun_get+0x1c/0x2f0
[  142.805761][ T5750]  ? tun_get+0x1c/0x2f0
[  142.805769][ T5750]  ? tun_get+0x1c/0x2f0
[  142.805777][ T5750]  tun_chr_write_iter+0x113/0x200
[  142.805787][ T5750]  vfs_write+0x5c9/0xb30
[  142.805797][ T5750]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  142.805805][ T5750]  ? __pfx_vfs_write+0x10/0x10
[  142.805816][ T5750]  ? __fget_files+0x2a/0x420
[  142.805829][ T5750]  ksys_write+0x145/0x250
[  142.805840][ T5750]  ? __pfx_ksys_write+0x10/0x10
[  142.805848][ T5750]  ? rcu_is_watching+0x15/0xb0
[  142.805860][ T5750]  ? do_syscall_64+0xbe/0x3b0
[  142.805871][ T5750]  do_syscall_64+0xfa/0x3b0
[  142.805882][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.805892][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.805910][ T5750]  ? clear_bhb_loop+0x60/0xb0
[  142.805920][ T5750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.805929][ T5750] RIP: 0033:0x7f6d23f8d3df
[  142.805939][ T5750] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  142.805947][ T5750] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  142.805958][ T5750] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  142.805964][ T5750] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  142.805970][ T5750] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  142.805976][ T5750] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  142.805982][ T5750] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  142.805991][ T5750]  </TASK>
[  142.806000][ T5750] BUG: Bad page state in process syz.0.16  pfn:3f198
[  142.994529][ T5750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803f198000 pfn:0x3f198
[  142.998733][ T5750] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  143.001903][ T5750] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  143.005711][ T5750] raw: ffff88803f198000 0000000000000001 00000000ffffffff 0000000000000000
[  143.009322][ T5750] page dumped because: page_pool leak
[  143.011671][ T5750] page_owner tracks the page as allocated
[  143.014239][ T5750] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5750, tgid 5749 (syz.0.16), ts 140177061518, free_ts 140043119885
[  143.021567][ T5750]  post_alloc_hook+0x240/0x2a0
[  143.023975][ T5750]  get_page_from_freelist+0x21e4/0x22c0
[  143.026475][ T5750]  __alloc_frozen_pages_noprof+0x181/0x370
[  143.028972][ T5750]  alloc_pages_bulk_noprof+0x560/0x710
[  143.031344][ T5750]  __page_pool_alloc_netmems_slow+0x127/0x740
[  143.034029][ T5750]  skb_pp_cow_data+0xb47/0x13e0
[  143.036098][ T5750]  do_xdp_generic+0x699/0x11a0
[  143.038145][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  143.040687][ T5750]  __netif_receive_skb+0x72/0x380
[  143.043082][ T5750]  netif_receive_skb+0x1cb/0x790
[  143.045216][ T5750]  tun_rx_batched+0x1b9/0x730
[  143.047313][ T5750]  tun_get_user+0x2b65/0x3ea0
[  143.049359][ T5750]  tun_chr_write_iter+0x113/0x200
[  143.051566][ T5750]  vfs_write+0x5c9/0xb30
[  143.053524][ T5750]  ksys_write+0x145/0x250
[  143.055623][ T5750]  do_syscall_64+0xfa/0x3b0
[  143.057600][ T5750] page last free pid 15 tgid 15 stack trace:
[  143.060127][ T5750]  __free_frozen_pages+0xbc4/0xd30
[  143.062567][ T5750]  rcu_core+0xca8/0x1770
[  143.064450][ T5750]  handle_softirqs+0x283/0x870
[  143.066619][ T5750]  run_ksoftirqd+0x9b/0x100
[  143.068617][ T5750]  smpboot_thread_fn+0x53f/0xa60
[  143.070878][ T5750]  kthread+0x711/0x8a0
[  143.072791][ T5750]  ret_from_fork+0x436/0x7d0
[  143.074884][ T5750]  ret_from_fork_asm+0x1a/0x30
[  143.077068][ T5750] Modules linked in:
[  143.078830][ T5750] CPU: 0 UID: 0 PID: 5750 Comm: syz.0.16 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  143.078847][ T5750] Tainted: [B]=BAD_PAGE
[  143.078851][ T5750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  143.078858][ T5750] Call Trace:
[  143.078865][ T5750]  <TASK>
[  143.078911][ T5750]  dump_stack_lvl+0x189/0x250
[  143.078930][ T5750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.078943][ T5750]  ? __pfx_print_modules+0x10/0x10
[  143.078954][ T5750]  ? tun_rx_batched+0x1b9/0x730
[  143.078965][ T5750]  ? ksys_write+0x145/0x250
[  143.078976][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.078989][ T5750]  bad_page+0x180/0x1c0
[  143.079001][ T5750]  __free_frozen_pages+0xce2/0xd30
[  143.079015][ T5750]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  143.079036][ T5750]  bpf_xdp_adjust_tail+0x1d6/0x220
[  143.079050][ T5750]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  143.079060][ T5750]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  143.079083][ T5750]  do_xdp_generic+0x9f7/0x11a0
[  143.079099][ T5750]  ? __pfx_do_xdp_generic+0x10/0x10
[  143.079112][ T5750]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  143.079132][ T5750]  __netif_receive_skb_core+0x18f4/0x4380
[  143.079155][ T5750]  ? __pfx___skb_flow_dissect+0x10/0x10
[  143.079167][ T5750]  ? do_user_addr_fault+0xbbc/0x1380
[  143.079181][ T5750]  ? do_user_addr_fault+0xc85/0x1380
[  143.079193][ T5750]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  143.079209][ T5750]  ? irqentry_exit+0x74/0x90
[  143.079221][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.079232][ T5750]  ? __lock_acquire+0xab9/0xd20
[  143.079245][ T5750]  ? netif_receive_skb+0x115/0x790
[  143.079259][ T5750]  ? netif_receive_skb+0x115/0x790
[  143.079273][ T5750]  __netif_receive_skb+0x72/0x380
[  143.079288][ T5750]  ? _copy_from_iter+0x24f/0x1790
[  143.079304][ T5750]  ? netif_receive_skb+0x115/0x790
[  143.079317][ T5750]  netif_receive_skb+0x1cb/0x790
[  143.079331][ T5750]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  143.079344][ T5750]  ? __pfx_netif_receive_skb+0x10/0x10
[  143.079358][ T5750]  ? __pfx__copy_from_iter+0x10/0x10
[  143.079371][ T5750]  ? sock_alloc_send_pskb+0x86b/0x980
[  143.079385][ T5750]  ? tun_rx_batched+0x160/0x730
[  143.079395][ T5750]  tun_rx_batched+0x1b9/0x730
[  143.079405][ T5750]  ? __lock_acquire+0xab9/0xd20
[  143.079416][ T5750]  ? __pfx_tun_rx_batched+0x10/0x10
[  143.079426][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  143.079439][ T5750]  tun_get_user+0x2b65/0x3ea0
[  143.079451][ T5750]  ? tun_get_user+0x272f/0x3ea0
[  143.079461][ T5750]  ? aa_file_perm+0x44d/0x1550
[  143.079476][ T5750]  ? __pfx_tun_get_user+0x10/0x10
[  143.079491][ T5750]  ? ref_tracker_alloc+0x318/0x460
[  143.079503][ T5750]  ? __lock_acquire+0xab9/0xd20
[  143.079514][ T5750]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  143.079528][ T5750]  ? tun_get+0x1c/0x2f0
[  143.079539][ T5750]  ? tun_get+0x1c/0x2f0
[  143.079548][ T5750]  ? tun_get+0x1c/0x2f0
[  143.079557][ T5750]  tun_chr_write_iter+0x113/0x200
[  143.079568][ T5750]  vfs_write+0x5c9/0xb30
[  143.079580][ T5750]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  143.079590][ T5750]  ? __pfx_vfs_write+0x10/0x10
[  143.079602][ T5750]  ? __fget_files+0x2a/0x420
[  143.079617][ T5750]  ksys_write+0x145/0x250
[  143.079628][ T5750]  ? __pfx_ksys_write+0x10/0x10
[  143.079638][ T5750]  ? rcu_is_watching+0x15/0xb0
[  143.079652][ T5750]  ? do_syscall_64+0xbe/0x3b0
[  143.079664][ T5750]  do_syscall_64+0xfa/0x3b0
[  143.079676][ T5750]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.079686][ T5750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.079696][ T5750]  ? clear_bhb_loop+0x60/0xb0
[  143.079708][ T5750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.079718][ T5750] RIP: 0033:0x7f6d23f8d3df
[  143.079766][ T5750] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  143.079777][ T5750] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  143.079788][ T5750] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  143.079795][ T5750] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  143.079802][ T5750] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  143.079809][ T5750] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  143.079815][ T5750] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  143.079826][ T5750]  </TASK>
[  143.280743][   T45] Bluetooth: hci0: command tx timeout
[  143.390302][ T5753] BUG: Bad page state in process syz.0.17  pfn:42782
[  143.393315][ T5753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888042782f00 pfn:0x42782
[  143.397767][ T5753] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  143.400915][ T5753] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  143.404768][ T5753] raw: ffff888042782f00 0000000000000001 00000000ffffffff 0000000000000000
[  143.408497][ T5753] page dumped because: page_pool leak
[  143.411128][ T5753] page_owner tracks the page as allocated
[  143.414343][ T5753] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5753, tgid 5752 (syz.0.17), ts 143390218040, free_ts 143387756254
[  143.422475][ T5753]  post_alloc_hook+0x240/0x2a0
[  143.424597][ T5753]  get_page_from_freelist+0x21e4/0x22c0
[  143.426967][ T5753]  __alloc_frozen_pages_noprof+0x181/0x370
[  143.429519][ T5753]  alloc_pages_bulk_noprof+0x560/0x710
[  143.432107][ T5753]  __page_pool_alloc_netmems_slow+0x127/0x740
[  143.434875][ T5753]  skb_pp_cow_data+0xb47/0x13e0
[  143.436919][ T5753]  do_xdp_generic+0x699/0x11a0
[  143.438970][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  143.441441][ T5753]  __netif_receive_skb+0x72/0x380
[  143.443776][ T5753]  netif_receive_skb+0x1cb/0x790
[  143.446232][ T5753]  tun_rx_batched+0x1b9/0x730
[  143.448829][ T5753]  tun_get_user+0x2b65/0x3ea0
[  143.451292][ T5753]  tun_chr_write_iter+0x113/0x200
[  143.453572][ T5753]  vfs_write+0x5c9/0xb30
[  143.455456][ T5753]  ksys_write+0x145/0x250
[  143.457345][ T5753]  do_syscall_64+0xfa/0x3b0
[  143.459384][ T5753] page last free pid 5751 tgid 5751 stack trace:
[  143.462334][ T5753]  __free_frozen_pages+0xbc4/0xd30
[  143.464547][ T5753]  __put_partials+0x156/0x1a0
[  143.466652][ T5753]  put_cpu_partial+0x17c/0x250
[  143.468756][ T5753]  __slab_free+0x2d5/0x3c0
[  143.470729][ T5753]  qlist_free_all+0x97/0x140
[  143.472873][ T5753]  kasan_quarantine_reduce+0x148/0x160
[  143.475265][ T5753]  __kasan_slab_alloc+0x22/0x80
[  143.477389][ T5753]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  143.479946][ T5753]  shmem_alloc_inode+0x28/0x40
[  143.482139][ T5753]  alloc_inode+0x67/0x1b0
[  143.484177][ T5753]  new_inode+0x22/0x170
[  143.486022][ T5753]  shmem_get_inode+0x346/0xe90
[  143.488112][ T5753]  shmem_mknod+0x18c/0x3e0
[  143.490066][ T5753]  path_openat+0x14f1/0x3830
[  143.492176][ T5753]  do_filp_open+0x1fa/0x410
[  143.494248][ T5753]  do_sys_openat2+0x121/0x1c0
[  143.496338][ T5753] Modules linked in:
[  143.498059][ T5753] CPU: 0 UID: 0 PID: 5753 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  143.498075][ T5753] Tainted: [B]=BAD_PAGE
[  143.498078][ T5753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  143.498084][ T5753] Call Trace:
[  143.498091][ T5753]  <TASK>
[  143.498097][ T5753]  dump_stack_lvl+0x189/0x250
[  143.498112][ T5753]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.498123][ T5753]  ? __pfx_print_modules+0x10/0x10
[  143.498133][ T5753]  ? tun_rx_batched+0x1b9/0x730
[  143.498142][ T5753]  ? tun_chr_write_iter+0x113/0x200
[  143.498150][ T5753]  ? vfs_write+0x5c9/0xb30
[  143.498158][ T5753]  ? ksys_write+0x145/0x250
[  143.498167][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.498178][ T5753]  bad_page+0x180/0x1c0
[  143.498188][ T5753]  __free_frozen_pages+0xce2/0xd30
[  143.498202][ T5753]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  143.498221][ T5753]  bpf_xdp_adjust_tail+0x1d6/0x220
[  143.498233][ T5753]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  143.498242][ T5753]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  143.498285][ T5753]  do_xdp_generic+0x9f7/0x11a0
[  143.498301][ T5753]  ? __pfx_do_xdp_generic+0x10/0x10
[  143.498313][ T5753]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  143.498332][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  143.498347][ T5753]  ? __pfx___skb_flow_dissect+0x10/0x10
[  143.498359][ T5753]  ? lock_release+0x4b/0x3e0
[  143.498371][ T5753]  ? do_user_addr_fault+0xc85/0x1380
[  143.498383][ T5753]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  143.498396][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.498409][ T5753]  ? irqentry_exit+0x74/0x90
[  143.498419][ T5753]  ? exc_page_fault+0x9f/0xf0
[  143.498431][ T5753]  ? netif_receive_skb+0x115/0x790
[  143.498442][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.498453][ T5753]  ? lock_acquire+0x5f/0x360
[  143.498462][ T5753]  __netif_receive_skb+0x72/0x380
[  143.498474][ T5753]  ? _copy_from_iter+0x24f/0x1790
[  143.498488][ T5753]  ? netif_receive_skb+0x115/0x790
[  143.498500][ T5753]  netif_receive_skb+0x1cb/0x790
[  143.498512][ T5753]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  143.498524][ T5753]  ? __pfx_netif_receive_skb+0x10/0x10
[  143.498536][ T5753]  ? __pfx__copy_from_iter+0x10/0x10
[  143.498547][ T5753]  ? sock_alloc_send_pskb+0x86b/0x980
[  143.498559][ T5753]  ? tun_rx_batched+0x160/0x730
[  143.498569][ T5753]  tun_rx_batched+0x1b9/0x730
[  143.498576][ T5753]  ? skb_header_pointer+0x8e/0x120
[  143.498587][ T5753]  ? __pfx_tun_rx_batched+0x10/0x10
[  143.498597][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  143.498605][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.498615][ T5753]  ? lock_acquire+0x5f/0x360
[  143.498622][ T5753]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  143.498634][ T5753]  tun_get_user+0x2b65/0x3ea0
[  143.498643][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.498653][ T5753]  ? lock_release+0x4b/0x3e0
[  143.498661][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  143.498668][ T5753]  ? aa_file_perm+0x44d/0x1550
[  143.498689][ T5753]  ? __pfx_tun_get_user+0x10/0x10
[  143.498700][ T5753]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  143.498709][ T5753]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  143.498718][ T5753]  ? ref_tracker_alloc+0x318/0x460
[  143.498733][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.498742][ T5753]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  143.498756][ T5753]  ? lock_release+0x4b/0x3e0
[  143.498767][ T5753]  ? tun_get+0x1c/0x2f0
[  143.498775][ T5753]  ? tun_get+0x1c/0x2f0
[  143.498783][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.498794][ T5753]  ? tun_get+0x1c/0x2f0
[  143.498802][ T5753]  ? lock_release+0x4b/0x3e0
[  143.498809][ T5753]  ? common_file_perm+0x1b5/0x230
[  143.498823][ T5753]  ? tun_get+0x1c/0x2f0
[  143.498834][ T5753]  tun_chr_write_iter+0x113/0x200
[  143.498843][ T5753]  vfs_write+0x5c9/0xb30
[  143.498854][ T5753]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  143.498862][ T5753]  ? __pfx_vfs_write+0x10/0x10
[  143.498872][ T5753]  ? __fget_files+0x2a/0x420
[  143.498884][ T5753]  ksys_write+0x145/0x250
[  143.498893][ T5753]  ? __pfx_ksys_write+0x10/0x10
[  143.498909][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.498921][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.498931][ T5753]  do_syscall_64+0xfa/0x3b0
[  143.498944][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.498953][ T5753]  ? clear_bhb_loop+0x60/0xb0
[  143.498964][ T5753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.498974][ T5753] RIP: 0033:0x7f6d23f8d3df
[  143.498983][ T5753] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  143.498993][ T5753] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  143.499004][ T5753] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  143.499011][ T5753] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  143.499018][ T5753] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  143.499024][ T5753] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  143.499030][ T5753] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  143.499040][ T5753]  </TASK>
[  143.499049][ T5753] BUG: Bad page state in process syz.0.17  pfn:3de3d
[  143.720835][ T5753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803de3dc00 pfn:0x3de3d
[  143.725268][ T5753] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  143.728491][ T5753] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  143.732764][ T5753] raw: ffff88803de3dc00 0000000000000001 00000000ffffffff 0000000000000000
[  143.736680][ T5753] page dumped because: page_pool leak
[  143.739039][ T5753] page_owner tracks the page as allocated
[  143.741431][ T5753] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5753, tgid 5752 (syz.0.17), ts 143390212102, free_ts 143387940912
[  143.749108][ T5753]  post_alloc_hook+0x240/0x2a0
[  143.751158][ T5753]  get_page_from_freelist+0x21e4/0x22c0
[  143.753593][ T5753]  __alloc_frozen_pages_noprof+0x181/0x370
[  143.756153][ T5753]  alloc_pages_bulk_noprof+0x560/0x710
[  143.758570][ T5753]  __page_pool_alloc_netmems_slow+0x127/0x740
[  143.761429][ T5753]  skb_pp_cow_data+0xb47/0x13e0
[  143.763575][ T5753]  do_xdp_generic+0x699/0x11a0
[  143.765636][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  143.768041][ T5753]  __netif_receive_skb+0x72/0x380
[  143.770188][ T5753]  netif_receive_skb+0x1cb/0x790
[  143.772411][ T5753]  tun_rx_batched+0x1b9/0x730
[  143.774404][ T5753]  tun_get_user+0x2b65/0x3ea0
[  143.776534][ T5753]  tun_chr_write_iter+0x113/0x200
[  143.778685][ T5753]  vfs_write+0x5c9/0xb30
[  143.780478][ T5753]  ksys_write+0x145/0x250
[  143.782451][ T5753]  do_syscall_64+0xfa/0x3b0
[  143.784394][ T5753] page last free pid 5751 tgid 5751 stack trace:
[  143.787117][ T5753]  __free_frozen_pages+0xbc4/0xd30
[  143.789315][ T5753]  __slab_free+0x303/0x3c0
[  143.791346][ T5753]  qlist_free_all+0x97/0x140
[  143.793520][ T5753]  kasan_quarantine_reduce+0x148/0x160
[  143.795828][ T5753]  __kasan_slab_alloc+0x22/0x80
[  143.797924][ T5753]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  143.800387][ T5753]  shmem_alloc_inode+0x28/0x40
[  143.802530][ T5753]  alloc_inode+0x67/0x1b0
[  143.804394][ T5753]  new_inode+0x22/0x170
[  143.806168][ T5753]  shmem_get_inode+0x346/0xe90
[  143.808219][ T5753]  shmem_mknod+0x18c/0x3e0
[  143.810141][ T5753]  path_openat+0x14f1/0x3830
[  143.812141][ T5753]  do_filp_open+0x1fa/0x410
[  143.814092][ T5753]  do_sys_openat2+0x121/0x1c0
[  143.816063][ T5753]  __x64_sys_openat+0x138/0x170
[  143.818170][ T5753]  do_syscall_64+0xfa/0x3b0
[  143.820076][ T5753] Modules linked in:
[  143.821775][ T5753] CPU: 0 UID: 0 PID: 5753 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  143.821791][ T5753] Tainted: [B]=BAD_PAGE
[  143.821795][ T5753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  143.821802][ T5753] Call Trace:
[  143.821809][ T5753]  <TASK>
[  143.821815][ T5753]  dump_stack_lvl+0x189/0x250
[  143.821831][ T5753]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.821843][ T5753]  ? __pfx_print_modules+0x10/0x10
[  143.821871][ T5753]  ? tun_rx_batched+0x1b9/0x730
[  143.821882][ T5753]  ? tun_chr_write_iter+0x113/0x200
[  143.821896][ T5753]  ? vfs_write+0x5c9/0xb30
[  143.821906][ T5753]  ? ksys_write+0x145/0x250
[  143.821916][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.821929][ T5753]  bad_page+0x180/0x1c0
[  143.821940][ T5753]  __free_frozen_pages+0xce2/0xd30
[  143.821953][ T5753]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  143.821973][ T5753]  bpf_xdp_adjust_tail+0x1d6/0x220
[  143.821985][ T5753]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  143.821994][ T5753]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  143.822016][ T5753]  do_xdp_generic+0x9f7/0x11a0
[  143.822033][ T5753]  ? __pfx_do_xdp_generic+0x10/0x10
[  143.822045][ T5753]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  143.822064][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  143.822080][ T5753]  ? __pfx___skb_flow_dissect+0x10/0x10
[  143.822092][ T5753]  ? lock_release+0x4b/0x3e0
[  143.822106][ T5753]  ? do_user_addr_fault+0xc85/0x1380
[  143.822119][ T5753]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  143.822134][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.822147][ T5753]  ? irqentry_exit+0x74/0x90
[  143.822158][ T5753]  ? exc_page_fault+0x9f/0xf0
[  143.822190][ T5753]  ? netif_receive_skb+0x115/0x790
[  143.822203][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.822215][ T5753]  ? lock_acquire+0x5f/0x360
[  143.822225][ T5753]  __netif_receive_skb+0x72/0x380
[  143.822239][ T5753]  ? _copy_from_iter+0x24f/0x1790
[  143.822255][ T5753]  ? netif_receive_skb+0x115/0x790
[  143.822295][ T5753]  netif_receive_skb+0x1cb/0x790
[  143.822309][ T5753]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  143.822321][ T5753]  ? __pfx_netif_receive_skb+0x10/0x10
[  143.822335][ T5753]  ? __pfx__copy_from_iter+0x10/0x10
[  143.822349][ T5753]  ? sock_alloc_send_pskb+0x86b/0x980
[  143.822363][ T5753]  ? tun_rx_batched+0x160/0x730
[  143.822373][ T5753]  tun_rx_batched+0x1b9/0x730
[  143.822382][ T5753]  ? skb_header_pointer+0x8e/0x120
[  143.822396][ T5753]  ? __pfx_tun_rx_batched+0x10/0x10
[  143.822406][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  143.822414][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.822426][ T5753]  ? lock_acquire+0x5f/0x360
[  143.822435][ T5753]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  143.822449][ T5753]  tun_get_user+0x2b65/0x3ea0
[  143.822459][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.822469][ T5753]  ? lock_release+0x4b/0x3e0
[  143.822478][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  143.822486][ T5753]  ? aa_file_perm+0x44d/0x1550
[  143.822497][ T5753]  ? __pfx_tun_get_user+0x10/0x10
[  143.822509][ T5753]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  143.822518][ T5753]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  143.822530][ T5753]  ? ref_tracker_alloc+0x318/0x460
[  143.822545][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.822556][ T5753]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  143.822568][ T5753]  ? lock_release+0x4b/0x3e0
[  143.822578][ T5753]  ? tun_get+0x1c/0x2f0
[  143.822587][ T5753]  ? tun_get+0x1c/0x2f0
[  143.822596][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.822607][ T5753]  ? tun_get+0x1c/0x2f0
[  143.822615][ T5753]  ? lock_release+0x4b/0x3e0
[  143.822624][ T5753]  ? common_file_perm+0x1b5/0x230
[  143.822637][ T5753]  ? tun_get+0x1c/0x2f0
[  143.822647][ T5753]  tun_chr_write_iter+0x113/0x200
[  143.822657][ T5753]  vfs_write+0x5c9/0xb30
[  143.822669][ T5753]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  143.822679][ T5753]  ? __pfx_vfs_write+0x10/0x10
[  143.822692][ T5753]  ? __fget_files+0x2a/0x420
[  143.822707][ T5753]  ksys_write+0x145/0x250
[  143.822718][ T5753]  ? __pfx_ksys_write+0x10/0x10
[  143.822728][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.822741][ T5753]  ? rcu_is_watching+0x15/0xb0
[  143.822753][ T5753]  do_syscall_64+0xfa/0x3b0
[  143.822765][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.822775][ T5753]  ? clear_bhb_loop+0x60/0xb0
[  143.822786][ T5753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.822797][ T5753] RIP: 0033:0x7f6d23f8d3df
[  143.822808][ T5753] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  143.822817][ T5753] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  143.822829][ T5753] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  143.822837][ T5753] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  143.822843][ T5753] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  143.822850][ T5753] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  143.822857][ T5753] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  143.822868][ T5753]  </TASK>
[  144.030976][ T5753] BUG: Bad page state in process syz.0.17  pfn:41fdf
[  144.033884][ T5753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888041fdf800 pfn:0x41fdf
[  144.038080][ T5753] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  144.041117][ T5753] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  144.044890][ T5753] raw: ffff888041fdf800 0000000000000001 00000000ffffffff 0000000000000000
[  144.048625][ T5753] page dumped because: page_pool leak
[  144.050828][ T5753] page_owner tracks the page as allocated
[  144.053273][ T5753] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5753, tgid 5752 (syz.0.17), ts 143390206199, free_ts 143387947721
[  144.060340][ T5753]  post_alloc_hook+0x240/0x2a0
[  144.062425][ T5753]  get_page_from_freelist+0x21e4/0x22c0
[  144.064796][ T5753]  __alloc_frozen_pages_noprof+0x181/0x370
[  144.067317][ T5753]  alloc_pages_bulk_noprof+0x560/0x710
[  144.069644][ T5753]  __page_pool_alloc_netmems_slow+0x127/0x740
[  144.072315][ T5753]  skb_pp_cow_data+0xb47/0x13e0
[  144.074406][ T5753]  do_xdp_generic+0x699/0x11a0
[  144.076414][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  144.078837][ T5753]  __netif_receive_skb+0x72/0x380
[  144.080986][ T5753]  netif_receive_skb+0x1cb/0x790
[  144.083196][ T5753]  tun_rx_batched+0x1b9/0x730
[  144.085227][ T5753]  tun_get_user+0x2b65/0x3ea0
[  144.087313][ T5753]  tun_chr_write_iter+0x113/0x200
[  144.089422][ T5753]  vfs_write+0x5c9/0xb30
[  144.091255][ T5753]  ksys_write+0x145/0x250
[  144.093006][ T5753]  do_syscall_64+0xfa/0x3b0
[  144.094699][ T5753] page last free pid 5751 tgid 5751 stack trace:
[  144.097174][ T5753]  __free_frozen_pages+0xbc4/0xd30
[  144.099178][ T5753]  __slab_free+0x303/0x3c0
[  144.100915][ T5753]  qlist_free_all+0x97/0x140
[  144.103080][ T5753]  kasan_quarantine_reduce+0x148/0x160
[  144.105509][ T5753]  __kasan_slab_alloc+0x22/0x80
[  144.107471][ T5753]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  144.109651][ T5753]  shmem_alloc_inode+0x28/0x40
[  144.111642][ T5753]  alloc_inode+0x67/0x1b0
[  144.113475][ T5753]  new_inode+0x22/0x170
[  144.115065][ T5753]  shmem_get_inode+0x346/0xe90
[  144.116836][ T5753]  shmem_mknod+0x18c/0x3e0
[  144.118538][ T5753]  path_openat+0x14f1/0x3830
[  144.120337][ T5753]  do_filp_open+0x1fa/0x410
[  144.122580][ T5753]  do_sys_openat2+0x121/0x1c0
[  144.124602][ T5753]  __x64_sys_openat+0x138/0x170
[  144.126725][ T5753]  do_syscall_64+0xfa/0x3b0
[  144.128700][ T5753] Modules linked in:
[  144.130383][ T5753] CPU: 0 UID: 0 PID: 5753 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  144.130399][ T5753] Tainted: [B]=BAD_PAGE
[  144.130403][ T5753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  144.130410][ T5753] Call Trace:
[  144.130416][ T5753]  <TASK>
[  144.130462][ T5753]  dump_stack_lvl+0x189/0x250
[  144.130479][ T5753]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.130491][ T5753]  ? __pfx_print_modules+0x10/0x10
[  144.130501][ T5753]  ? tun_rx_batched+0x1b9/0x730
[  144.130510][ T5753]  ? tun_chr_write_iter+0x113/0x200
[  144.130519][ T5753]  ? vfs_write+0x5c9/0xb30
[  144.130528][ T5753]  ? ksys_write+0x145/0x250
[  144.130536][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.130547][ T5753]  bad_page+0x180/0x1c0
[  144.130557][ T5753]  __free_frozen_pages+0xce2/0xd30
[  144.130571][ T5753]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  144.130590][ T5753]  bpf_xdp_adjust_tail+0x1d6/0x220
[  144.130602][ T5753]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  144.130611][ T5753]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  144.130632][ T5753]  do_xdp_generic+0x9f7/0x11a0
[  144.130647][ T5753]  ? __pfx_do_xdp_generic+0x10/0x10
[  144.130659][ T5753]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  144.130676][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  144.130688][ T5753]  ? __pfx___skb_flow_dissect+0x10/0x10
[  144.130695][ T5753]  ? lock_release+0x4b/0x3e0
[  144.130703][ T5753]  ? do_user_addr_fault+0xc85/0x1380
[  144.130710][ T5753]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  144.130719][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.130727][ T5753]  ? irqentry_exit+0x74/0x90
[  144.130734][ T5753]  ? exc_page_fault+0x9f/0xf0
[  144.130742][ T5753]  ? netif_receive_skb+0x115/0x790
[  144.130753][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.130763][ T5753]  ? lock_acquire+0x5f/0x360
[  144.130772][ T5753]  __netif_receive_skb+0x72/0x380
[  144.130784][ T5753]  ? _copy_from_iter+0x24f/0x1790
[  144.130798][ T5753]  ? netif_receive_skb+0x115/0x790
[  144.130810][ T5753]  netif_receive_skb+0x1cb/0x790
[  144.130822][ T5753]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  144.130835][ T5753]  ? __pfx_netif_receive_skb+0x10/0x10
[  144.130847][ T5753]  ? __pfx__copy_from_iter+0x10/0x10
[  144.130859][ T5753]  ? sock_alloc_send_pskb+0x86b/0x980
[  144.130872][ T5753]  ? tun_rx_batched+0x160/0x730
[  144.130882][ T5753]  tun_rx_batched+0x1b9/0x730
[  144.130891][ T5753]  ? skb_header_pointer+0x8e/0x120
[  144.130904][ T5753]  ? __pfx_tun_rx_batched+0x10/0x10
[  144.130914][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  144.130921][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.130932][ T5753]  ? lock_acquire+0x5f/0x360
[  144.130941][ T5753]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  144.130953][ T5753]  tun_get_user+0x2b65/0x3ea0
[  144.130963][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.130974][ T5753]  ? lock_release+0x4b/0x3e0
[  144.130983][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  144.130992][ T5753]  ? aa_file_perm+0x44d/0x1550
[  144.131006][ T5753]  ? __pfx_tun_get_user+0x10/0x10
[  144.131017][ T5753]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  144.131027][ T5753]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  144.131036][ T5753]  ? ref_tracker_alloc+0x318/0x460
[  144.131049][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.131059][ T5753]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  144.131070][ T5753]  ? lock_release+0x4b/0x3e0
[  144.131079][ T5753]  ? tun_get+0x1c/0x2f0
[  144.131087][ T5753]  ? tun_get+0x1c/0x2f0
[  144.131095][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.131105][ T5753]  ? tun_get+0x1c/0x2f0
[  144.131113][ T5753]  ? lock_release+0x4b/0x3e0
[  144.131122][ T5753]  ? common_file_perm+0x1b5/0x230
[  144.131140][ T5753]  ? tun_get+0x1c/0x2f0
[  144.131148][ T5753]  tun_chr_write_iter+0x113/0x200
[  144.131157][ T5753]  vfs_write+0x5c9/0xb30
[  144.131168][ T5753]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  144.131177][ T5753]  ? __pfx_vfs_write+0x10/0x10
[  144.131189][ T5753]  ? __fget_files+0x2a/0x420
[  144.131203][ T5753]  ksys_write+0x145/0x250
[  144.131213][ T5753]  ? __pfx_ksys_write+0x10/0x10
[  144.131219][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.131226][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.131233][ T5753]  do_syscall_64+0xfa/0x3b0
[  144.131240][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.131246][ T5753]  ? clear_bhb_loop+0x60/0xb0
[  144.131253][ T5753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.131259][ T5753] RIP: 0033:0x7f6d23f8d3df
[  144.131309][ T5753] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  144.131318][ T5753] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  144.131330][ T5753] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  144.131337][ T5753] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  144.131344][ T5753] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  144.131350][ T5753] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  144.131356][ T5753] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  144.131366][ T5753]  </TASK>
[  144.131376][ T5753] BUG: Bad page state in process syz.0.17  pfn:42535
[  144.345020][ T5753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888042535c00 pfn:0x42535
[  144.349196][ T5753] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  144.352363][ T5753] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  144.355994][ T5753] raw: ffff888042535c00 0000000000000001 00000000ffffffff 0000000000000000
[  144.359532][ T5753] page dumped because: page_pool leak
[  144.361865][ T5753] page_owner tracks the page as allocated
[  144.364352][ T5753] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5753, tgid 5752 (syz.0.17), ts 143390199848, free_ts 143387953715
[  144.371396][ T5753]  post_alloc_hook+0x240/0x2a0
[  144.373485][ T5753]  get_page_from_freelist+0x21e4/0x22c0
[  144.375839][ T5753]  __alloc_frozen_pages_noprof+0x181/0x370
[  144.378208][ T5753]  alloc_pages_bulk_noprof+0x560/0x710
[  144.380546][ T5753]  __page_pool_alloc_netmems_slow+0x127/0x740
[  144.383216][ T5753]  skb_pp_cow_data+0xb47/0x13e0
[  144.385349][ T5753]  do_xdp_generic+0x699/0x11a0
[  144.387477][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  144.389969][ T5753]  __netif_receive_skb+0x72/0x380
[  144.392122][ T5753]  netif_receive_skb+0x1cb/0x790
[  144.394281][ T5753]  tun_rx_batched+0x1b9/0x730
[  144.396285][ T5753]  tun_get_user+0x2b65/0x3ea0
[  144.398312][ T5753]  tun_chr_write_iter+0x113/0x200
[  144.400440][ T5753]  vfs_write+0x5c9/0xb30
[  144.402357][ T5753]  ksys_write+0x145/0x250
[  144.404184][ T5753]  do_syscall_64+0xfa/0x3b0
[  144.406057][ T5753] page last free pid 5751 tgid 5751 stack trace:
[  144.408631][ T5753]  __free_frozen_pages+0xbc4/0xd30
[  144.410774][ T5753]  __slab_free+0x303/0x3c0
[  144.412872][ T5753]  qlist_free_all+0x97/0x140
[  144.414847][ T5753]  kasan_quarantine_reduce+0x148/0x160
[  144.417140][ T5753]  __kasan_slab_alloc+0x22/0x80
[  144.419229][ T5753]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  144.421802][ T5753]  shmem_alloc_inode+0x28/0x40
[  144.423977][ T5753]  alloc_inode+0x67/0x1b0
[  144.425833][ T5753]  new_inode+0x22/0x170
[  144.427619][ T5753]  shmem_get_inode+0x346/0xe90
[  144.429622][ T5753]  shmem_mknod+0x18c/0x3e0
[  144.431543][ T5753]  path_openat+0x14f1/0x3830
[  144.433631][ T5753]  do_filp_open+0x1fa/0x410
[  144.435603][ T5753]  do_sys_openat2+0x121/0x1c0
[  144.437555][ T5753]  __x64_sys_openat+0x138/0x170
[  144.439572][ T5753]  do_syscall_64+0xfa/0x3b0
[  144.441553][ T5753] Modules linked in:
[  144.443322][ T5753] CPU: 0 UID: 0 PID: 5753 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  144.443338][ T5753] Tainted: [B]=BAD_PAGE
[  144.443342][ T5753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  144.443347][ T5753] Call Trace:
[  144.443354][ T5753]  <TASK>
[  144.443359][ T5753]  dump_stack_lvl+0x189/0x250
[  144.443374][ T5753]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.443386][ T5753]  ? __pfx_print_modules+0x10/0x10
[  144.443395][ T5753]  ? tun_rx_batched+0x1b9/0x730
[  144.443405][ T5753]  ? tun_chr_write_iter+0x113/0x200
[  144.443413][ T5753]  ? vfs_write+0x5c9/0xb30
[  144.443423][ T5753]  ? ksys_write+0x145/0x250
[  144.443431][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.443443][ T5753]  bad_page+0x180/0x1c0
[  144.443453][ T5753]  __free_frozen_pages+0xce2/0xd30
[  144.443467][ T5753]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  144.443486][ T5753]  bpf_xdp_adjust_tail+0x1d6/0x220
[  144.443498][ T5753]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  144.443507][ T5753]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  144.443525][ T5753]  do_xdp_generic+0x9f7/0x11a0
[  144.443540][ T5753]  ? __pfx_do_xdp_generic+0x10/0x10
[  144.443552][ T5753]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  144.443570][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  144.443590][ T5753]  ? __pfx___skb_flow_dissect+0x10/0x10
[  144.443601][ T5753]  ? lock_release+0x4b/0x3e0
[  144.443611][ T5753]  ? do_user_addr_fault+0xc85/0x1380
[  144.443623][ T5753]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  144.443639][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.443651][ T5753]  ? irqentry_exit+0x74/0x90
[  144.443665][ T5753]  ? exc_page_fault+0x9f/0xf0
[  144.443676][ T5753]  ? netif_receive_skb+0x115/0x790
[  144.443688][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.443703][ T5753]  ? lock_acquire+0x5f/0x360
[  144.443712][ T5753]  __netif_receive_skb+0x72/0x380
[  144.443725][ T5753]  ? _copy_from_iter+0x24f/0x1790
[  144.443739][ T5753]  ? netif_receive_skb+0x115/0x790
[  144.443750][ T5753]  netif_receive_skb+0x1cb/0x790
[  144.443763][ T5753]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  144.443775][ T5753]  ? __pfx_netif_receive_skb+0x10/0x10
[  144.443787][ T5753]  ? __pfx__copy_from_iter+0x10/0x10
[  144.443798][ T5753]  ? sock_alloc_send_pskb+0x86b/0x980
[  144.443809][ T5753]  ? tun_rx_batched+0x160/0x730
[  144.443818][ T5753]  tun_rx_batched+0x1b9/0x730
[  144.443827][ T5753]  ? skb_header_pointer+0x8e/0x120
[  144.443838][ T5753]  ? __pfx_tun_rx_batched+0x10/0x10
[  144.443847][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  144.443854][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.443865][ T5753]  ? lock_acquire+0x5f/0x360
[  144.443873][ T5753]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  144.443885][ T5753]  tun_get_user+0x2b65/0x3ea0
[  144.443895][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.443906][ T5753]  ? lock_release+0x4b/0x3e0
[  144.443914][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  144.443922][ T5753]  ? aa_file_perm+0x44d/0x1550
[  144.443936][ T5753]  ? __pfx_tun_get_user+0x10/0x10
[  144.443946][ T5753]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  144.443955][ T5753]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  144.443964][ T5753]  ? ref_tracker_alloc+0x318/0x460
[  144.443977][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.443988][ T5753]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  144.443998][ T5753]  ? lock_release+0x4b/0x3e0
[  144.444007][ T5753]  ? tun_get+0x1c/0x2f0
[  144.444014][ T5753]  ? tun_get+0x1c/0x2f0
[  144.444022][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.444032][ T5753]  ? tun_get+0x1c/0x2f0
[  144.444039][ T5753]  ? lock_release+0x4b/0x3e0
[  144.444048][ T5753]  ? common_file_perm+0x1b5/0x230
[  144.444060][ T5753]  ? tun_get+0x1c/0x2f0
[  144.444069][ T5753]  tun_chr_write_iter+0x113/0x200
[  144.444079][ T5753]  vfs_write+0x5c9/0xb30
[  144.444089][ T5753]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  144.444098][ T5753]  ? __pfx_vfs_write+0x10/0x10
[  144.444109][ T5753]  ? __fget_files+0x2a/0x420
[  144.444121][ T5753]  ksys_write+0x145/0x250
[  144.444132][ T5753]  ? __pfx_ksys_write+0x10/0x10
[  144.444141][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.444159][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.444169][ T5753]  do_syscall_64+0xfa/0x3b0
[  144.444181][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.444190][ T5753]  ? clear_bhb_loop+0x60/0xb0
[  144.444200][ T5753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.444209][ T5753] RIP: 0033:0x7f6d23f8d3df
[  144.444219][ T5753] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  144.444228][ T5753] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  144.444239][ T5753] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  144.444245][ T5753] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  144.444251][ T5753] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  144.444257][ T5753] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  144.444262][ T5753] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  144.444274][ T5753]  </TASK>
[  144.444327][ T5753] BUG: Bad page state in process syz.0.17  pfn:59897
[  144.657281][ T5753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888059897f00 pfn:0x59897
[  144.661343][ T5753] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  144.664402][ T5753] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  144.667910][ T5753] raw: ffff888059897f00 0000000000000001 00000000ffffffff 0000000000000000
[  144.671537][ T5753] page dumped because: page_pool leak
[  144.673861][ T5753] page_owner tracks the page as allocated
[  144.676257][ T5753] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5753, tgid 5752 (syz.0.17), ts 143390193354, free_ts 143388006289
[  144.683355][ T5753]  post_alloc_hook+0x240/0x2a0
[  144.685342][ T5753]  get_page_from_freelist+0x21e4/0x22c0
[  144.687653][ T5753]  __alloc_frozen_pages_noprof+0x181/0x370
[  144.690110][ T5753]  alloc_pages_bulk_noprof+0x560/0x710
[  144.692556][ T5753]  __page_pool_alloc_netmems_slow+0x127/0x740
[  144.695087][ T5753]  skb_pp_cow_data+0xb47/0x13e0
[  144.697057][ T5753]  do_xdp_generic+0x699/0x11a0
[  144.698999][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  144.701374][ T5753]  __netif_receive_skb+0x72/0x380
[  144.703643][ T5753]  netif_receive_skb+0x1cb/0x790
[  144.705712][ T5753]  tun_rx_batched+0x1b9/0x730
[  144.707704][ T5753]  tun_get_user+0x2b65/0x3ea0
[  144.709723][ T5753]  tun_chr_write_iter+0x113/0x200
[  144.711864][ T5753]  vfs_write+0x5c9/0xb30
[  144.713762][ T5753]  ksys_write+0x145/0x250
[  144.715625][ T5753]  do_syscall_64+0xfa/0x3b0
[  144.717574][ T5753] page last free pid 5751 tgid 5751 stack trace:
[  144.720405][ T5753]  __free_frozen_pages+0xbc4/0xd30
[  144.722621][ T5753]  __slab_free+0x303/0x3c0
[  144.724524][ T5753]  qlist_free_all+0x97/0x140
[  144.726527][ T5753]  kasan_quarantine_reduce+0x148/0x160
[  144.728805][ T5753]  __kasan_slab_alloc+0x22/0x80
[  144.730878][ T5753]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  144.733427][ T5753]  shmem_alloc_inode+0x28/0x40
[  144.735443][ T5753]  alloc_inode+0x67/0x1b0
[  144.737208][ T5753]  new_inode+0x22/0x170
[  144.738975][ T5753]  shmem_get_inode+0x346/0xe90
[  144.740975][ T5753]  shmem_mknod+0x18c/0x3e0
[  144.742962][ T5753]  path_openat+0x14f1/0x3830
[  144.744970][ T5753]  do_filp_open+0x1fa/0x410
[  144.746956][ T5753]  do_sys_openat2+0x121/0x1c0
[  144.749008][ T5753]  __x64_sys_openat+0x138/0x170
[  144.751131][ T5753]  do_syscall_64+0xfa/0x3b0
[  144.753162][ T5753] Modules linked in:
[  144.754868][ T5753] CPU: 0 UID: 0 PID: 5753 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  144.754886][ T5753] Tainted: [B]=BAD_PAGE
[  144.754889][ T5753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  144.754896][ T5753] Call Trace:
[  144.754903][ T5753]  <TASK>
[  144.754909][ T5753]  dump_stack_lvl+0x189/0x250
[  144.754928][ T5753]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.754940][ T5753]  ? __pfx_print_modules+0x10/0x10
[  144.754951][ T5753]  ? tun_rx_batched+0x1b9/0x730
[  144.754961][ T5753]  ? tun_chr_write_iter+0x113/0x200
[  144.754969][ T5753]  ? vfs_write+0x5c9/0xb30
[  144.754978][ T5753]  ? ksys_write+0x145/0x250
[  144.754987][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.754999][ T5753]  bad_page+0x180/0x1c0
[  144.755009][ T5753]  __free_frozen_pages+0xce2/0xd30
[  144.755023][ T5753]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  144.755043][ T5753]  bpf_xdp_adjust_tail+0x1d6/0x220
[  144.755056][ T5753]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  144.755065][ T5753]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  144.755087][ T5753]  do_xdp_generic+0x9f7/0x11a0
[  144.755111][ T5753]  ? __pfx_do_xdp_generic+0x10/0x10
[  144.755123][ T5753]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  144.755144][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  144.755160][ T5753]  ? __pfx___skb_flow_dissect+0x10/0x10
[  144.755171][ T5753]  ? lock_release+0x4b/0x3e0
[  144.755184][ T5753]  ? do_user_addr_fault+0xc85/0x1380
[  144.755196][ T5753]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  144.755210][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.755223][ T5753]  ? irqentry_exit+0x74/0x90
[  144.755233][ T5753]  ? exc_page_fault+0x9f/0xf0
[  144.755245][ T5753]  ? netif_receive_skb+0x115/0x790
[  144.755257][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.755268][ T5753]  ? lock_acquire+0x5f/0x360
[  144.755278][ T5753]  __netif_receive_skb+0x72/0x380
[  144.755292][ T5753]  ? _copy_from_iter+0x24f/0x1790
[  144.755309][ T5753]  ? netif_receive_skb+0x115/0x790
[  144.755321][ T5753]  netif_receive_skb+0x1cb/0x790
[  144.755335][ T5753]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  144.755346][ T5753]  ? __pfx_netif_receive_skb+0x10/0x10
[  144.755360][ T5753]  ? __pfx__copy_from_iter+0x10/0x10
[  144.755373][ T5753]  ? sock_alloc_send_pskb+0x86b/0x980
[  144.755387][ T5753]  ? tun_rx_batched+0x160/0x730
[  144.755396][ T5753]  tun_rx_batched+0x1b9/0x730
[  144.755406][ T5753]  ? skb_header_pointer+0x8e/0x120
[  144.755419][ T5753]  ? __pfx_tun_rx_batched+0x10/0x10
[  144.755428][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  144.755437][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.755448][ T5753]  ? lock_acquire+0x5f/0x360
[  144.755457][ T5753]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  144.755469][ T5753]  tun_get_user+0x2b65/0x3ea0
[  144.755480][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.755492][ T5753]  ? lock_release+0x4b/0x3e0
[  144.755502][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  144.755512][ T5753]  ? aa_file_perm+0x44d/0x1550
[  144.755529][ T5753]  ? __pfx_tun_get_user+0x10/0x10
[  144.755539][ T5753]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  144.755549][ T5753]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  144.755560][ T5753]  ? ref_tracker_alloc+0x318/0x460
[  144.755574][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.755586][ T5753]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  144.755599][ T5753]  ? lock_release+0x4b/0x3e0
[  144.755608][ T5753]  ? tun_get+0x1c/0x2f0
[  144.755616][ T5753]  ? tun_get+0x1c/0x2f0
[  144.755624][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.755634][ T5753]  ? tun_get+0x1c/0x2f0
[  144.755641][ T5753]  ? lock_release+0x4b/0x3e0
[  144.755649][ T5753]  ? common_file_perm+0x1b5/0x230
[  144.755662][ T5753]  ? tun_get+0x1c/0x2f0
[  144.755671][ T5753]  tun_chr_write_iter+0x113/0x200
[  144.755680][ T5753]  vfs_write+0x5c9/0xb30
[  144.755690][ T5753]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  144.755700][ T5753]  ? __pfx_vfs_write+0x10/0x10
[  144.755711][ T5753]  ? __fget_files+0x2a/0x420
[  144.755724][ T5753]  ksys_write+0x145/0x250
[  144.755735][ T5753]  ? __pfx_ksys_write+0x10/0x10
[  144.755743][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.755754][ T5753]  ? rcu_is_watching+0x15/0xb0
[  144.755765][ T5753]  do_syscall_64+0xfa/0x3b0
[  144.755777][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.755787][ T5753]  ? clear_bhb_loop+0x60/0xb0
[  144.755798][ T5753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.755808][ T5753] RIP: 0033:0x7f6d23f8d3df
[  144.755819][ T5753] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  144.755828][ T5753] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  144.755840][ T5753] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  144.755848][ T5753] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  144.755854][ T5753] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  144.755860][ T5753] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  144.755866][ T5753] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  144.755877][ T5753]  </TASK>
[  144.755934][ T5753] BUG: Bad page state in process syz.0.17  pfn:4d95a
[  144.968964][ T5753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804d95af00 pfn:0x4d95a
[  144.973373][ T5753] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  144.976403][ T5753] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  144.980031][ T5753] raw: ffff88804d95af00 0000000000000001 00000000ffffffff 0000000000000000
[  144.983707][ T5753] page dumped because: page_pool leak
[  144.986006][ T5753] page_owner tracks the page as allocated
[  144.988386][ T5753] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5753, tgid 5752 (syz.0.17), ts 143390187035, free_ts 143388100982
[  144.995369][ T5753]  post_alloc_hook+0x240/0x2a0
[  144.997389][ T5753]  get_page_from_freelist+0x21e4/0x22c0
[  144.999784][ T5753]  __alloc_frozen_pages_noprof+0x181/0x370
[  145.002361][ T5753]  alloc_pages_bulk_noprof+0x560/0x710
[  145.004650][ T5753]  __page_pool_alloc_netmems_slow+0x127/0x740
[  145.007161][ T5753]  skb_pp_cow_data+0xb47/0x13e0
[  145.009224][ T5753]  do_xdp_generic+0x699/0x11a0
[  145.011311][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  145.013690][ T5753]  __netif_receive_skb+0x72/0x380
[  145.015845][ T5753]  netif_receive_skb+0x1cb/0x790
[  145.017898][ T5753]  tun_rx_batched+0x1b9/0x730
[  145.019882][ T5753]  tun_get_user+0x2b65/0x3ea0
[  145.021926][ T5753]  tun_chr_write_iter+0x113/0x200
[  145.024154][ T5753]  vfs_write+0x5c9/0xb30
[  145.025980][ T5753]  ksys_write+0x145/0x250
[  145.027838][ T5753]  do_syscall_64+0xfa/0x3b0
[  145.029793][ T5753] page last free pid 5751 tgid 5751 stack trace:
[  145.032586][ T5753]  __free_frozen_pages+0xbc4/0xd30
[  145.034759][ T5753]  __slab_free+0x303/0x3c0
[  145.036619][ T5753]  qlist_free_all+0x97/0x140
[  145.038675][ T5753]  kasan_quarantine_reduce+0x148/0x160
[  145.041082][ T5753]  __kasan_slab_alloc+0x22/0x80
[  145.043332][ T5753]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  145.045793][ T5753]  shmem_alloc_inode+0x28/0x40
[  145.047857][ T5753]  alloc_inode+0x67/0x1b0
[  145.049638][ T5753]  new_inode+0x22/0x170
[  145.051518][ T5753]  shmem_get_inode+0x346/0xe90
[  145.053644][ T5753]  shmem_mknod+0x18c/0x3e0
[  145.055558][ T5753]  path_openat+0x14f1/0x3830
[  145.057531][ T5753]  do_filp_open+0x1fa/0x410
[  145.059524][ T5753]  do_sys_openat2+0x121/0x1c0
[  145.061804][ T5753]  __x64_sys_openat+0x138/0x170
[  145.064007][ T5753]  do_syscall_64+0xfa/0x3b0
[  145.065870][ T5753] Modules linked in:
[  145.067538][ T5753] CPU: 0 UID: 0 PID: 5753 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  145.067555][ T5753] Tainted: [B]=BAD_PAGE
[  145.067567][ T5753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  145.067573][ T5753] Call Trace:
[  145.067607][ T5753]  <TASK>
[  145.067622][ T5753]  dump_stack_lvl+0x189/0x250
[  145.067638][ T5753]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.067651][ T5753]  ? __pfx_print_modules+0x10/0x10
[  145.067660][ T5753]  ? tun_rx_batched+0x1b9/0x730
[  145.067670][ T5753]  ? tun_chr_write_iter+0x113/0x200
[  145.067677][ T5753]  ? vfs_write+0x5c9/0xb30
[  145.067687][ T5753]  ? ksys_write+0x145/0x250
[  145.067696][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.067708][ T5753]  bad_page+0x180/0x1c0
[  145.067718][ T5753]  __free_frozen_pages+0xce2/0xd30
[  145.067731][ T5753]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  145.067771][ T5753]  bpf_xdp_adjust_tail+0x1d6/0x220
[  145.067783][ T5753]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  145.067792][ T5753]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  145.067810][ T5753]  do_xdp_generic+0x9f7/0x11a0
[  145.067824][ T5753]  ? __pfx_do_xdp_generic+0x10/0x10
[  145.067835][ T5753]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  145.067853][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  145.067867][ T5753]  ? __pfx___skb_flow_dissect+0x10/0x10
[  145.067878][ T5753]  ? lock_release+0x4b/0x3e0
[  145.067891][ T5753]  ? do_user_addr_fault+0xc85/0x1380
[  145.067909][ T5753]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  145.067923][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.067936][ T5753]  ? irqentry_exit+0x74/0x90
[  145.067945][ T5753]  ? exc_page_fault+0x9f/0xf0
[  145.067956][ T5753]  ? netif_receive_skb+0x115/0x790
[  145.067968][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.067978][ T5753]  ? lock_acquire+0x5f/0x360
[  145.067988][ T5753]  __netif_receive_skb+0x72/0x380
[  145.068001][ T5753]  ? _copy_from_iter+0x24f/0x1790
[  145.068016][ T5753]  ? netif_receive_skb+0x115/0x790
[  145.068028][ T5753]  netif_receive_skb+0x1cb/0x790
[  145.068040][ T5753]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  145.068050][ T5753]  ? __pfx_netif_receive_skb+0x10/0x10
[  145.068062][ T5753]  ? __pfx__copy_from_iter+0x10/0x10
[  145.068074][ T5753]  ? sock_alloc_send_pskb+0x86b/0x980
[  145.068086][ T5753]  ? tun_rx_batched+0x160/0x730
[  145.068095][ T5753]  tun_rx_batched+0x1b9/0x730
[  145.068115][ T5753]  ? skb_header_pointer+0x8e/0x120
[  145.068128][ T5753]  ? __pfx_tun_rx_batched+0x10/0x10
[  145.068137][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  145.068145][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.068155][ T5753]  ? lock_acquire+0x5f/0x360
[  145.068163][ T5753]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  145.068174][ T5753]  tun_get_user+0x2b65/0x3ea0
[  145.068182][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.068191][ T5753]  ? lock_release+0x4b/0x3e0
[  145.068199][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  145.068207][ T5753]  ? aa_file_perm+0x44d/0x1550
[  145.068221][ T5753]  ? __pfx_tun_get_user+0x10/0x10
[  145.068232][ T5753]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  145.068241][ T5753]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  145.068250][ T5753]  ? ref_tracker_alloc+0x318/0x460
[  145.068263][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.068274][ T5753]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  145.068285][ T5753]  ? lock_release+0x4b/0x3e0
[  145.068294][ T5753]  ? tun_get+0x1c/0x2f0
[  145.068302][ T5753]  ? tun_get+0x1c/0x2f0
[  145.068310][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.068320][ T5753]  ? tun_get+0x1c/0x2f0
[  145.068328][ T5753]  ? lock_release+0x4b/0x3e0
[  145.068336][ T5753]  ? common_file_perm+0x1b5/0x230
[  145.068348][ T5753]  ? tun_get+0x1c/0x2f0
[  145.068357][ T5753]  tun_chr_write_iter+0x113/0x200
[  145.068365][ T5753]  vfs_write+0x5c9/0xb30
[  145.068376][ T5753]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  145.068385][ T5753]  ? __pfx_vfs_write+0x10/0x10
[  145.068397][ T5753]  ? __fget_files+0x2a/0x420
[  145.068410][ T5753]  ksys_write+0x145/0x250
[  145.068420][ T5753]  ? __pfx_ksys_write+0x10/0x10
[  145.068430][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.068441][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.068453][ T5753]  do_syscall_64+0xfa/0x3b0
[  145.068466][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.068475][ T5753]  ? clear_bhb_loop+0x60/0xb0
[  145.068486][ T5753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.068496][ T5753] RIP: 0033:0x7f6d23f8d3df
[  145.068513][ T5753] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  145.068523][ T5753] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  145.068535][ T5753] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  145.068543][ T5753] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  145.068549][ T5753] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  145.068556][ T5753] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  145.068562][ T5753] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  145.068573][ T5753]  </TASK>
[  145.068642][ T5753] BUG: Bad page state in process syz.0.17  pfn:35645
[  145.279935][ T5753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888035645d20 pfn:0x35645
[  145.284294][ T5753] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  145.287604][ T5753] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  145.291237][ T5753] raw: ffff888035645d20 0000000000000001 00000000ffffffff 0000000000000000
[  145.294933][ T5753] page dumped because: page_pool leak
[  145.297201][ T5753] page_owner tracks the page as allocated
[  145.299703][ T5753] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5753, tgid 5752 (syz.0.17), ts 143390180413, free_ts 143388115334
[  145.306669][ T5753]  post_alloc_hook+0x240/0x2a0
[  145.308751][ T5753]  get_page_from_freelist+0x21e4/0x22c0
[  145.311081][ T5753]  __alloc_frozen_pages_noprof+0x181/0x370
[  145.313707][ T5753]  alloc_pages_bulk_noprof+0x560/0x710
[  145.316051][ T5753]  __page_pool_alloc_netmems_slow+0x127/0x740
[  145.318637][ T5753]  skb_pp_cow_data+0xb47/0x13e0
[  145.320686][ T5753]  do_xdp_generic+0x699/0x11a0
[  145.323066][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  145.325448][ T5753]  __netif_receive_skb+0x72/0x380
[  145.327591][ T5753]  netif_receive_skb+0x1cb/0x790
[  145.329655][ T5753]  tun_rx_batched+0x1b9/0x730
[  145.331647][ T5753]  tun_get_user+0x2b65/0x3ea0
[  145.333746][ T5753]  tun_chr_write_iter+0x113/0x200
[  145.335842][ T5753]  vfs_write+0x5c9/0xb30
[  145.337607][ T5753]  ksys_write+0x145/0x250
[  145.339440][ T5753]  do_syscall_64+0xfa/0x3b0
[  145.341445][ T5753] page last free pid 5751 tgid 5751 stack trace:
[  145.344148][ T5753]  __free_frozen_pages+0xbc4/0xd30
[  145.346363][ T5753]  __slab_free+0x303/0x3c0
[  145.348269][ T5753]  qlist_free_all+0x97/0x140
[  145.350211][ T5753]  kasan_quarantine_reduce+0x148/0x160
[  145.352595][ T5753]  __kasan_slab_alloc+0x22/0x80
[  145.354666][ T5753]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  145.357064][ T5753]  shmem_alloc_inode+0x28/0x40
[  145.359173][ T5753]  alloc_inode+0x67/0x1b0
[  145.361328][ T5753]  new_inode+0x22/0x170
[  145.363259][ T5753]  shmem_get_inode+0x346/0xe90
[  145.365327][ T5753]  shmem_mknod+0x18c/0x3e0
[  145.367236][ T5753]  path_openat+0x14f1/0x3830
[  145.369211][ T5753]  do_filp_open+0x1fa/0x410
[  145.371177][ T5753]  do_sys_openat2+0x121/0x1c0
[  145.373256][ T5753]  __x64_sys_openat+0x138/0x170
[  145.375305][ T5753]  do_syscall_64+0xfa/0x3b0
[  145.377205][ T5753] Modules linked in:
[  145.378903][ T5753] CPU: 0 UID: 0 PID: 5753 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  145.378926][ T5753] Tainted: [B]=BAD_PAGE
[  145.378930][ T5753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  145.378937][ T5753] Call Trace:
[  145.378945][ T5753]  <TASK>
[  145.378951][ T5753]  dump_stack_lvl+0x189/0x250
[  145.378967][ T5753]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.378980][ T5753]  ? __pfx_print_modules+0x10/0x10
[  145.378990][ T5753]  ? tun_rx_batched+0x1b9/0x730
[  145.379000][ T5753]  ? tun_chr_write_iter+0x113/0x200
[  145.379009][ T5753]  ? vfs_write+0x5c9/0xb30
[  145.379017][ T5753]  ? ksys_write+0x145/0x250
[  145.379026][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.379037][ T5753]  bad_page+0x180/0x1c0
[  145.379046][ T5753]  __free_frozen_pages+0xce2/0xd30
[  145.379059][ T5753]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  145.379078][ T5753]  bpf_xdp_adjust_tail+0x1d6/0x220
[  145.379090][ T5753]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  145.379099][ T5753]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  145.379120][ T5753]  do_xdp_generic+0x9f7/0x11a0
[  145.379134][ T5753]  ? __pfx_do_xdp_generic+0x10/0x10
[  145.379146][ T5753]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  145.379166][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  145.379181][ T5753]  ? __pfx___skb_flow_dissect+0x10/0x10
[  145.379192][ T5753]  ? lock_release+0x4b/0x3e0
[  145.379204][ T5753]  ? do_user_addr_fault+0xc85/0x1380
[  145.379216][ T5753]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  145.379231][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.379243][ T5753]  ? irqentry_exit+0x74/0x90
[  145.379255][ T5753]  ? exc_page_fault+0x9f/0xf0
[  145.379267][ T5753]  ? netif_receive_skb+0x115/0x790
[  145.379278][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.379289][ T5753]  ? lock_acquire+0x5f/0x360
[  145.379299][ T5753]  __netif_receive_skb+0x72/0x380
[  145.379312][ T5753]  ? _copy_from_iter+0x24f/0x1790
[  145.379328][ T5753]  ? netif_receive_skb+0x115/0x790
[  145.379340][ T5753]  netif_receive_skb+0x1cb/0x790
[  145.379352][ T5753]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  145.379362][ T5753]  ? __pfx_netif_receive_skb+0x10/0x10
[  145.379374][ T5753]  ? __pfx__copy_from_iter+0x10/0x10
[  145.379387][ T5753]  ? sock_alloc_send_pskb+0x86b/0x980
[  145.379398][ T5753]  ? tun_rx_batched+0x160/0x730
[  145.379409][ T5753]  tun_rx_batched+0x1b9/0x730
[  145.379418][ T5753]  ? skb_header_pointer+0x8e/0x120
[  145.379431][ T5753]  ? __pfx_tun_rx_batched+0x10/0x10
[  145.379439][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  145.379448][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.379458][ T5753]  ? lock_acquire+0x5f/0x360
[  145.379467][ T5753]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  145.379480][ T5753]  tun_get_user+0x2b65/0x3ea0
[  145.379492][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.379503][ T5753]  ? lock_release+0x4b/0x3e0
[  145.379513][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  145.379522][ T5753]  ? aa_file_perm+0x44d/0x1550
[  145.379536][ T5753]  ? __pfx_tun_get_user+0x10/0x10
[  145.379547][ T5753]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  145.379557][ T5753]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  145.379568][ T5753]  ? ref_tracker_alloc+0x318/0x460
[  145.379581][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.379590][ T5753]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  145.379601][ T5753]  ? lock_release+0x4b/0x3e0
[  145.379611][ T5753]  ? tun_get+0x1c/0x2f0
[  145.379620][ T5753]  ? tun_get+0x1c/0x2f0
[  145.379629][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.379639][ T5753]  ? tun_get+0x1c/0x2f0
[  145.379647][ T5753]  ? lock_release+0x4b/0x3e0
[  145.379654][ T5753]  ? common_file_perm+0x1b5/0x230
[  145.379666][ T5753]  ? tun_get+0x1c/0x2f0
[  145.379675][ T5753]  tun_chr_write_iter+0x113/0x200
[  145.379684][ T5753]  vfs_write+0x5c9/0xb30
[  145.379695][ T5753]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  145.379704][ T5753]  ? __pfx_vfs_write+0x10/0x10
[  145.379716][ T5753]  ? __fget_files+0x2a/0x420
[  145.379728][ T5753]  ksys_write+0x145/0x250
[  145.379739][ T5753]  ? __pfx_ksys_write+0x10/0x10
[  145.379748][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.379760][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.379770][ T5753]  do_syscall_64+0xfa/0x3b0
[  145.379783][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.379792][ T5753]  ? clear_bhb_loop+0x60/0xb0
[  145.379802][ T5753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.379811][ T5753] RIP: 0033:0x7f6d23f8d3df
[  145.379822][ T5753] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  145.379831][ T5753] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  145.379842][ T5753] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  145.379849][ T5753] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  145.379855][ T5753] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  145.379861][ T5753] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  145.379866][ T5753] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  145.379876][ T5753]  </TASK>
[  145.379886][ T5753] BUG: Bad page state in process syz.0.17  pfn:59a9d
[  145.597742][ T5753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888059a9d400 pfn:0x59a9d
[  145.602010][ T5753] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  145.605130][ T5753] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  145.608711][ T5753] raw: ffff888059a9d400 0000000000000001 00000000ffffffff 0000000000000000
[  145.612431][ T5753] page dumped because: page_pool leak
[  145.614727][ T5753] page_owner tracks the page as allocated
[  145.617119][ T5753] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5753, tgid 5752 (syz.0.17), ts 143390174005, free_ts 143388127275
[  145.624159][ T5753]  post_alloc_hook+0x240/0x2a0
[  145.626227][ T5753]  get_page_from_freelist+0x21e4/0x22c0
[  145.628617][ T5753]  __alloc_frozen_pages_noprof+0x181/0x370
[  145.631208][ T5753]  alloc_pages_bulk_noprof+0x560/0x710
[  145.633963][ T5753]  __page_pool_alloc_netmems_slow+0x127/0x740
[  145.636595][ T5753]  skb_pp_cow_data+0xb47/0x13e0
[  145.638690][ T5753]  do_xdp_generic+0x699/0x11a0
[  145.640823][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  145.643396][ T5753]  __netif_receive_skb+0x72/0x380
[  145.645542][ T5753]  netif_receive_skb+0x1cb/0x790
[  145.647677][ T5753]  tun_rx_batched+0x1b9/0x730
[  145.649673][ T5753]  tun_get_user+0x2b65/0x3ea0
[  145.651730][ T5753]  tun_chr_write_iter+0x113/0x200
[  145.653947][ T5753]  vfs_write+0x5c9/0xb30
[  145.655792][ T5753]  ksys_write+0x145/0x250
[  145.657674][ T5753]  do_syscall_64+0xfa/0x3b0
[  145.659611][ T5753] page last free pid 5751 tgid 5751 stack trace:
[  145.662441][ T5753]  __free_frozen_pages+0xbc4/0xd30
[  145.664671][ T5753]  __slab_free+0x303/0x3c0
[  145.666641][ T5753]  qlist_free_all+0x97/0x140
[  145.668625][ T5753]  kasan_quarantine_reduce+0x148/0x160
[  145.670967][ T5753]  __kasan_slab_alloc+0x22/0x80
[  145.673146][ T5753]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  145.676203][ T5753]  shmem_alloc_inode+0x28/0x40
[  145.678289][ T5753]  alloc_inode+0x67/0x1b0
[  145.680141][ T5753]  new_inode+0x22/0x170
[  145.681949][ T5753]  shmem_get_inode+0x346/0xe90
[  145.684156][ T5753]  shmem_mknod+0x18c/0x3e0
[  145.686066][ T5753]  path_openat+0x14f1/0x3830
[  145.688048][ T5753]  do_filp_open+0x1fa/0x410
[  145.690004][ T5753]  do_sys_openat2+0x121/0x1c0
[  145.692078][ T5753]  __x64_sys_openat+0x138/0x170
[  145.694247][ T5753]  do_syscall_64+0xfa/0x3b0
[  145.696277][ T5753] Modules linked in:
[  145.697962][ T5753] CPU: 0 UID: 0 PID: 5753 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  145.697979][ T5753] Tainted: [B]=BAD_PAGE
[  145.697983][ T5753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  145.697989][ T5753] Call Trace:
[  145.697996][ T5753]  <TASK>
[  145.698002][ T5753]  dump_stack_lvl+0x189/0x250
[  145.698018][ T5753]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.698030][ T5753]  ? __pfx_print_modules+0x10/0x10
[  145.698040][ T5753]  ? tun_rx_batched+0x1b9/0x730
[  145.698050][ T5753]  ? tun_chr_write_iter+0x113/0x200
[  145.698058][ T5753]  ? vfs_write+0x5c9/0xb30
[  145.698066][ T5753]  ? ksys_write+0x145/0x250
[  145.698075][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.698087][ T5753]  bad_page+0x180/0x1c0
[  145.698097][ T5753]  __free_frozen_pages+0xce2/0xd30
[  145.698110][ T5753]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  145.698129][ T5753]  bpf_xdp_adjust_tail+0x1d6/0x220
[  145.698141][ T5753]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  145.698151][ T5753]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  145.698170][ T5753]  do_xdp_generic+0x9f7/0x11a0
[  145.698186][ T5753]  ? __pfx_do_xdp_generic+0x10/0x10
[  145.698198][ T5753]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  145.698217][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  145.698233][ T5753]  ? __pfx___skb_flow_dissect+0x10/0x10
[  145.698244][ T5753]  ? lock_release+0x4b/0x3e0
[  145.698282][ T5753]  ? do_user_addr_fault+0xc85/0x1380
[  145.698294][ T5753]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  145.698309][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.698320][ T5753]  ? irqentry_exit+0x74/0x90
[  145.698331][ T5753]  ? exc_page_fault+0x9f/0xf0
[  145.698343][ T5753]  ? netif_receive_skb+0x115/0x790
[  145.698354][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.698363][ T5753]  ? lock_acquire+0x5f/0x360
[  145.698373][ T5753]  __netif_receive_skb+0x72/0x380
[  145.698385][ T5753]  ? _copy_from_iter+0x24f/0x1790
[  145.698400][ T5753]  ? netif_receive_skb+0x115/0x790
[  145.698412][ T5753]  netif_receive_skb+0x1cb/0x790
[  145.698425][ T5753]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  145.698436][ T5753]  ? __pfx_netif_receive_skb+0x10/0x10
[  145.698448][ T5753]  ? __pfx__copy_from_iter+0x10/0x10
[  145.698460][ T5753]  ? sock_alloc_send_pskb+0x86b/0x980
[  145.698473][ T5753]  ? tun_rx_batched+0x160/0x730
[  145.698483][ T5753]  tun_rx_batched+0x1b9/0x730
[  145.698491][ T5753]  ? skb_header_pointer+0x8e/0x120
[  145.698503][ T5753]  ? __pfx_tun_rx_batched+0x10/0x10
[  145.698512][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  145.698519][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.698529][ T5753]  ? lock_acquire+0x5f/0x360
[  145.698537][ T5753]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  145.698551][ T5753]  tun_get_user+0x2b65/0x3ea0
[  145.698561][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.698572][ T5753]  ? lock_release+0x4b/0x3e0
[  145.698581][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  145.698590][ T5753]  ? aa_file_perm+0x44d/0x1550
[  145.698603][ T5753]  ? __pfx_tun_get_user+0x10/0x10
[  145.698614][ T5753]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  145.698623][ T5753]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  145.698634][ T5753]  ? ref_tracker_alloc+0x318/0x460
[  145.698647][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.698657][ T5753]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  145.698668][ T5753]  ? lock_release+0x4b/0x3e0
[  145.698677][ T5753]  ? tun_get+0x1c/0x2f0
[  145.698685][ T5753]  ? tun_get+0x1c/0x2f0
[  145.698694][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.698704][ T5753]  ? tun_get+0x1c/0x2f0
[  145.698712][ T5753]  ? lock_release+0x4b/0x3e0
[  145.698720][ T5753]  ? common_file_perm+0x1b5/0x230
[  145.698732][ T5753]  ? tun_get+0x1c/0x2f0
[  145.698741][ T5753]  tun_chr_write_iter+0x113/0x200
[  145.698750][ T5753]  vfs_write+0x5c9/0xb30
[  145.698762][ T5753]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  145.698771][ T5753]  ? __pfx_vfs_write+0x10/0x10
[  145.698783][ T5753]  ? __fget_files+0x2a/0x420
[  145.698796][ T5753]  ksys_write+0x145/0x250
[  145.698807][ T5753]  ? __pfx_ksys_write+0x10/0x10
[  145.698816][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.698827][ T5753]  ? rcu_is_watching+0x15/0xb0
[  145.698838][ T5753]  do_syscall_64+0xfa/0x3b0
[  145.698850][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.698860][ T5753]  ? clear_bhb_loop+0x60/0xb0
[  145.698870][ T5753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.698880][ T5753] RIP: 0033:0x7f6d23f8d3df
[  145.698890][ T5753] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  145.698899][ T5753] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  145.698919][ T5753] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  145.698926][ T5753] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  145.698933][ T5753] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  145.698939][ T5753] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  145.698944][ T5753] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  145.698954][ T5753]  </TASK>
[  145.698962][ T5753] BUG: Bad page state in process syz.0.17  pfn:3ec40
[  145.917856][ T5753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803ec40400 pfn:0x3ec40
[  145.922149][ T5753] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  145.925324][ T5753] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  145.929041][ T5753] raw: ffff88803ec40400 0000000000000001 00000000ffffffff 0000000000000000
[  145.932866][ T5753] page dumped because: page_pool leak
[  145.935245][ T5753] page_owner tracks the page as allocated
[  145.937652][ T5753] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5753, tgid 5752 (syz.0.17), ts 143390156707, free_ts 143388136140
[  145.944625][ T5753]  post_alloc_hook+0x240/0x2a0
[  145.946789][ T5753]  get_page_from_freelist+0x21e4/0x22c0
[  145.949214][ T5753]  __alloc_frozen_pages_noprof+0x181/0x370
[  145.951676][ T5753]  alloc_pages_bulk_noprof+0x560/0x710
[  145.954156][ T5753]  __page_pool_alloc_netmems_slow+0x127/0x740
[  145.956787][ T5753]  skb_pp_cow_data+0xb47/0x13e0
[  145.959061][ T5753]  do_xdp_generic+0x699/0x11a0
[  145.961121][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  145.963608][ T5753]  __netif_receive_skb+0x72/0x380
[  145.965765][ T5753]  netif_receive_skb+0x1cb/0x790
[  145.967930][ T5753]  tun_rx_batched+0x1b9/0x730
[  145.969948][ T5753]  tun_get_user+0x2b65/0x3ea0
[  145.971962][ T5753]  tun_chr_write_iter+0x113/0x200
[  145.974213][ T5753]  vfs_write+0x5c9/0xb30
[  145.976026][ T5753]  ksys_write+0x145/0x250
[  145.977874][ T5753]  do_syscall_64+0xfa/0x3b0
[  145.979832][ T5753] page last free pid 5751 tgid 5751 stack trace:
[  145.982587][ T5753]  __free_frozen_pages+0xbc4/0xd30
[  145.984706][ T5753]  __slab_free+0x303/0x3c0
[  145.986598][ T5753]  qlist_free_all+0x97/0x140
[  145.988528][ T5753]  kasan_quarantine_reduce+0x148/0x160
[  145.990801][ T5753]  __kasan_slab_alloc+0x22/0x80
[  145.992879][ T5753]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  145.995325][ T5753]  shmem_alloc_inode+0x28/0x40
[  145.997265][ T5753]  alloc_inode+0x67/0x1b0
[  145.999059][ T5753]  new_inode+0x22/0x170
[  146.000836][ T5753]  shmem_get_inode+0x346/0xe90
[  146.003013][ T5753]  shmem_mknod+0x18c/0x3e0
[  146.004970][ T5753]  path_openat+0x14f1/0x3830
[  146.006925][ T5753]  do_filp_open+0x1fa/0x410
[  146.008858][ T5753]  do_sys_openat2+0x121/0x1c0
[  146.010876][ T5753]  __x64_sys_openat+0x138/0x170
[  146.012980][ T5753]  do_syscall_64+0xfa/0x3b0
[  146.014931][ T5753] Modules linked in:
[  146.016572][ T5753] CPU: 0 UID: 0 PID: 5753 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  146.016589][ T5753] Tainted: [B]=BAD_PAGE
[  146.016603][ T5753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  146.016610][ T5753] Call Trace:
[  146.016744][ T5753]  <TASK>
[  146.016784][ T5753]  dump_stack_lvl+0x189/0x250
[  146.016802][ T5753]  ? __pfx_dump_stack_lvl+0x10/0x10
[  146.016814][ T5753]  ? __pfx_print_modules+0x10/0x10
[  146.016825][ T5753]  ? tun_rx_batched+0x1b9/0x730
[  146.016834][ T5753]  ? tun_chr_write_iter+0x113/0x200
[  146.016842][ T5753]  ? vfs_write+0x5c9/0xb30
[  146.016852][ T5753]  ? ksys_write+0x145/0x250
[  146.016861][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.016873][ T5753]  bad_page+0x180/0x1c0
[  146.016882][ T5753]  __free_frozen_pages+0xce2/0xd30
[  146.016894][ T5753]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  146.016998][ T5753]  bpf_xdp_adjust_tail+0x1d6/0x220
[  146.017012][ T5753]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  146.017022][ T5753]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  146.017043][ T5753]  do_xdp_generic+0x9f7/0x11a0
[  146.017058][ T5753]  ? __pfx_do_xdp_generic+0x10/0x10
[  146.017068][ T5753]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  146.017092][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  146.017109][ T5753]  ? __pfx___skb_flow_dissect+0x10/0x10
[  146.017121][ T5753]  ? lock_release+0x4b/0x3e0
[  146.017133][ T5753]  ? do_user_addr_fault+0xc85/0x1380
[  146.017145][ T5753]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  146.017159][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.017173][ T5753]  ? irqentry_exit+0x74/0x90
[  146.017184][ T5753]  ? exc_page_fault+0x9f/0xf0
[  146.017196][ T5753]  ? netif_receive_skb+0x115/0x790
[  146.017207][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.017218][ T5753]  ? lock_acquire+0x5f/0x360
[  146.017228][ T5753]  __netif_receive_skb+0x72/0x380
[  146.017241][ T5753]  ? _copy_from_iter+0x24f/0x1790
[  146.017256][ T5753]  ? netif_receive_skb+0x115/0x790
[  146.017267][ T5753]  netif_receive_skb+0x1cb/0x790
[  146.017280][ T5753]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  146.017292][ T5753]  ? __pfx_netif_receive_skb+0x10/0x10
[  146.017305][ T5753]  ? __pfx__copy_from_iter+0x10/0x10
[  146.017317][ T5753]  ? sock_alloc_send_pskb+0x86b/0x980
[  146.017330][ T5753]  ? tun_rx_batched+0x160/0x730
[  146.017340][ T5753]  tun_rx_batched+0x1b9/0x730
[  146.017399][ T5753]  ? skb_header_pointer+0x8e/0x120
[  146.017413][ T5753]  ? __pfx_tun_rx_batched+0x10/0x10
[  146.017421][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  146.017429][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.017439][ T5753]  ? lock_acquire+0x5f/0x360
[  146.017447][ T5753]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  146.017464][ T5753]  tun_get_user+0x2b65/0x3ea0
[  146.017475][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.017485][ T5753]  ? lock_release+0x4b/0x3e0
[  146.017493][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  146.017502][ T5753]  ? aa_file_perm+0x44d/0x1550
[  146.017515][ T5753]  ? __pfx_tun_get_user+0x10/0x10
[  146.017525][ T5753]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  146.017534][ T5753]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  146.017543][ T5753]  ? ref_tracker_alloc+0x318/0x460
[  146.017558][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.017569][ T5753]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  146.017579][ T5753]  ? lock_release+0x4b/0x3e0
[  146.017589][ T5753]  ? tun_get+0x1c/0x2f0
[  146.017597][ T5753]  ? tun_get+0x1c/0x2f0
[  146.017605][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.017616][ T5753]  ? tun_get+0x1c/0x2f0
[  146.017623][ T5753]  ? lock_release+0x4b/0x3e0
[  146.017632][ T5753]  ? common_file_perm+0x1b5/0x230
[  146.017643][ T5753]  ? tun_get+0x1c/0x2f0
[  146.017653][ T5753]  tun_chr_write_iter+0x113/0x200
[  146.017663][ T5753]  vfs_write+0x5c9/0xb30
[  146.017675][ T5753]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  146.017684][ T5753]  ? __pfx_vfs_write+0x10/0x10
[  146.017695][ T5753]  ? __fget_files+0x2a/0x420
[  146.017708][ T5753]  ksys_write+0x145/0x250
[  146.017718][ T5753]  ? __pfx_ksys_write+0x10/0x10
[  146.017727][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.017737][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.017748][ T5753]  do_syscall_64+0xfa/0x3b0
[  146.017760][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.017769][ T5753]  ? clear_bhb_loop+0x60/0xb0
[  146.017780][ T5753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.017789][ T5753] RIP: 0033:0x7f6d23f8d3df
[  146.017805][ T5753] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  146.017814][ T5753] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  146.017825][ T5753] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  146.017832][ T5753] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  146.017838][ T5753] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  146.017844][ T5753] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  146.017850][ T5753] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  146.017861][ T5753]  </TASK>
[  146.017912][ T5753] BUG: Bad page state in process syz.0.17  pfn:3ed5f
[  146.225238][ T5753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803ed5f000 pfn:0x3ed5f
[  146.229337][ T5753] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  146.232492][ T5753] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  146.236187][ T5753] raw: ffff88803ed5f000 0000000000000001 00000000ffffffff 0000000000000000
[  146.239716][ T5753] page dumped because: page_pool leak
[  146.241860][ T5753] page_owner tracks the page as allocated
[  146.244056][ T5753] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5753, tgid 5752 (syz.0.17), ts 143390150540, free_ts 143388143020
[  146.250188][ T5753]  post_alloc_hook+0x240/0x2a0
[  146.252403][ T5753]  get_page_from_freelist+0x21e4/0x22c0
[  146.254676][ T5753]  __alloc_frozen_pages_noprof+0x181/0x370
[  146.257066][ T5753]  alloc_pages_bulk_noprof+0x560/0x710
[  146.259390][ T5753]  __page_pool_alloc_netmems_slow+0x127/0x740
[  146.262092][ T5753]  skb_pp_cow_data+0xb47/0x13e0
[  146.264229][ T5753]  do_xdp_generic+0x699/0x11a0
[  146.266180][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  146.268489][ T5753]  __netif_receive_skb+0x72/0x380
[  146.270628][ T5753]  netif_receive_skb+0x1cb/0x790
[  146.272741][ T5753]  tun_rx_batched+0x1b9/0x730
[  146.274741][ T5753]  tun_get_user+0x2b65/0x3ea0
[  146.276766][ T5753]  tun_chr_write_iter+0x113/0x200
[  146.278872][ T5753]  vfs_write+0x5c9/0xb30
[  146.280659][ T5753]  ksys_write+0x145/0x250
[  146.282597][ T5753]  do_syscall_64+0xfa/0x3b0
[  146.284574][ T5753] page last free pid 5751 tgid 5751 stack trace:
[  146.287267][ T5753]  __free_frozen_pages+0xbc4/0xd30
[  146.289407][ T5753]  __slab_free+0x303/0x3c0
[  146.291359][ T5753]  qlist_free_all+0x97/0x140
[  146.293447][ T5753]  kasan_quarantine_reduce+0x148/0x160
[  146.295798][ T5753]  __kasan_slab_alloc+0x22/0x80
[  146.297810][ T5753]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  146.300279][ T5753]  shmem_alloc_inode+0x28/0x40
[  146.302402][ T5753]  alloc_inode+0x67/0x1b0
[  146.304214][ T5753]  new_inode+0x22/0x170
[  146.305933][ T5753]  shmem_get_inode+0x346/0xe90
[  146.307908][ T5753]  shmem_mknod+0x18c/0x3e0
[  146.309772][ T5753]  path_openat+0x14f1/0x3830
[  146.311750][ T5753]  do_filp_open+0x1fa/0x410
[  146.313712][ T5753]  do_sys_openat2+0x121/0x1c0
[  146.315702][ T5753]  __x64_sys_openat+0x138/0x170
[  146.317680][ T5753]  do_syscall_64+0xfa/0x3b0
[  146.319645][ T5753] Modules linked in:
[  146.321369][ T5753] CPU: 0 UID: 0 PID: 5753 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  146.321386][ T5753] Tainted: [B]=BAD_PAGE
[  146.321390][ T5753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  146.321395][ T5753] Call Trace:
[  146.321403][ T5753]  <TASK>
[  146.321408][ T5753]  dump_stack_lvl+0x189/0x250
[  146.321426][ T5753]  ? __pfx_dump_stack_lvl+0x10/0x10
[  146.321438][ T5753]  ? __pfx_print_modules+0x10/0x10
[  146.321449][ T5753]  ? tun_rx_batched+0x1b9/0x730
[  146.321463][ T5753]  ? tun_chr_write_iter+0x113/0x200
[  146.321472][ T5753]  ? vfs_write+0x5c9/0xb30
[  146.321482][ T5753]  ? ksys_write+0x145/0x250
[  146.321492][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.321504][ T5753]  bad_page+0x180/0x1c0
[  146.321515][ T5753]  __free_frozen_pages+0xce2/0xd30
[  146.321528][ T5753]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  146.321548][ T5753]  bpf_xdp_adjust_tail+0x1d6/0x220
[  146.321561][ T5753]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  146.321571][ T5753]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  146.321592][ T5753]  do_xdp_generic+0x9f7/0x11a0
[  146.321608][ T5753]  ? __pfx_do_xdp_generic+0x10/0x10
[  146.321619][ T5753]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  146.321638][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  146.321652][ T5753]  ? __pfx___skb_flow_dissect+0x10/0x10
[  146.321664][ T5753]  ? lock_release+0x4b/0x3e0
[  146.321675][ T5753]  ? do_user_addr_fault+0xc85/0x1380
[  146.321686][ T5753]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  146.321700][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.321714][ T5753]  ? irqentry_exit+0x74/0x90
[  146.321724][ T5753]  ? exc_page_fault+0x9f/0xf0
[  146.321735][ T5753]  ? netif_receive_skb+0x115/0x790
[  146.321747][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.321759][ T5753]  ? lock_acquire+0x5f/0x360
[  146.321773][ T5753]  __netif_receive_skb+0x72/0x380
[  146.321787][ T5753]  ? _copy_from_iter+0x24f/0x1790
[  146.321802][ T5753]  ? netif_receive_skb+0x115/0x790
[  146.321814][ T5753]  netif_receive_skb+0x1cb/0x790
[  146.321827][ T5753]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  146.321855][ T5753]  ? __pfx_netif_receive_skb+0x10/0x10
[  146.321867][ T5753]  ? __pfx__copy_from_iter+0x10/0x10
[  146.321880][ T5753]  ? sock_alloc_send_pskb+0x86b/0x980
[  146.321893][ T5753]  ? tun_rx_batched+0x160/0x730
[  146.321903][ T5753]  tun_rx_batched+0x1b9/0x730
[  146.321912][ T5753]  ? skb_header_pointer+0x8e/0x120
[  146.321926][ T5753]  ? __pfx_tun_rx_batched+0x10/0x10
[  146.321935][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  146.321943][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.321954][ T5753]  ? lock_acquire+0x5f/0x360
[  146.321964][ T5753]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  146.321977][ T5753]  tun_get_user+0x2b65/0x3ea0
[  146.321986][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.321997][ T5753]  ? lock_release+0x4b/0x3e0
[  146.322007][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  146.322016][ T5753]  ? aa_file_perm+0x44d/0x1550
[  146.322030][ T5753]  ? __pfx_tun_get_user+0x10/0x10
[  146.322041][ T5753]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  146.322051][ T5753]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  146.322062][ T5753]  ? ref_tracker_alloc+0x318/0x460
[  146.322075][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.322090][ T5753]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  146.322102][ T5753]  ? lock_release+0x4b/0x3e0
[  146.322112][ T5753]  ? tun_get+0x1c/0x2f0
[  146.322120][ T5753]  ? tun_get+0x1c/0x2f0
[  146.322135][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.322145][ T5753]  ? tun_get+0x1c/0x2f0
[  146.322152][ T5753]  ? lock_release+0x4b/0x3e0
[  146.322181][ T5753]  ? common_file_perm+0x1b5/0x230
[  146.322196][ T5753]  ? tun_get+0x1c/0x2f0
[  146.322205][ T5753]  tun_chr_write_iter+0x113/0x200
[  146.322215][ T5753]  vfs_write+0x5c9/0xb30
[  146.322226][ T5753]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  146.322236][ T5753]  ? __pfx_vfs_write+0x10/0x10
[  146.322273][ T5753]  ? __fget_files+0x2a/0x420
[  146.322290][ T5753]  ksys_write+0x145/0x250
[  146.322300][ T5753]  ? __pfx_ksys_write+0x10/0x10
[  146.322308][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.322320][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.322332][ T5753]  do_syscall_64+0xfa/0x3b0
[  146.322344][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.322354][ T5753]  ? clear_bhb_loop+0x60/0xb0
[  146.322365][ T5753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.322376][ T5753] RIP: 0033:0x7f6d23f8d3df
[  146.322387][ T5753] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  146.322396][ T5753] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  146.322409][ T5753] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  146.322417][ T5753] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  146.322424][ T5753] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  146.322430][ T5753] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  146.322436][ T5753] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  146.322447][ T5753]  </TASK>
[  146.525897][ T5753] BUG: Bad page state in process syz.0.17  pfn:3f7f7
[  146.528705][ T5753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803f7f7600 pfn:0x3f7f7
[  146.532898][ T5753] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  146.535943][ T5753] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  146.539538][ T5753] raw: ffff88803f7f7600 0000000000000001 00000000ffffffff 0000000000000000
[  146.543193][ T5753] page dumped because: page_pool leak
[  146.545416][ T5753] page_owner tracks the page as allocated
[  146.547767][ T5753] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5753, tgid 5752 (syz.0.17), ts 143390141967, free_ts 143388149979
[  146.554528][ T5753]  post_alloc_hook+0x240/0x2a0
[  146.556467][ T5753]  get_page_from_freelist+0x21e4/0x22c0
[  146.558652][ T5753]  __alloc_frozen_pages_noprof+0x181/0x370
[  146.561129][ T5753]  alloc_pages_bulk_noprof+0x560/0x710
[  146.563474][ T5753]  __page_pool_alloc_netmems_slow+0x127/0x740
[  146.566033][ T5753]  skb_pp_cow_data+0xb47/0x13e0
[  146.568073][ T5753]  do_xdp_generic+0x699/0x11a0
[  146.570020][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  146.572457][ T5753]  __netif_receive_skb+0x72/0x380
[  146.574550][ T5753]  netif_receive_skb+0x1cb/0x790
[  146.576672][ T5753]  tun_rx_batched+0x1b9/0x730
[  146.578620][ T5753]  tun_get_user+0x2b65/0x3ea0
[  146.580585][ T5753]  tun_chr_write_iter+0x113/0x200
[  146.582825][ T5753]  vfs_write+0x5c9/0xb30
[  146.584550][ T5753]  ksys_write+0x145/0x250
[  146.586409][ T5753]  do_syscall_64+0xfa/0x3b0
[  146.588326][ T5753] page last free pid 5751 tgid 5751 stack trace:
[  146.590904][ T5753]  __free_frozen_pages+0xbc4/0xd30
[  146.593084][ T5753]  __slab_free+0x303/0x3c0
[  146.594964][ T5753]  qlist_free_all+0x97/0x140
[  146.596872][ T5753]  kasan_quarantine_reduce+0x148/0x160
[  146.599101][ T5753]  __kasan_slab_alloc+0x22/0x80
[  146.601181][ T5753]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  146.603658][ T5753]  shmem_alloc_inode+0x28/0x40
[  146.605659][ T5753]  alloc_inode+0x67/0x1b0
[  146.607492][ T5753]  new_inode+0x22/0x170
[  146.609258][ T5753]  shmem_get_inode+0x346/0xe90
[  146.611283][ T5753]  shmem_mknod+0x18c/0x3e0
[  146.613211][ T5753]  path_openat+0x14f1/0x3830
[  146.615156][ T5753]  do_filp_open+0x1fa/0x410
[  146.617055][ T5753]  do_sys_openat2+0x121/0x1c0
[  146.619043][ T5753]  __x64_sys_openat+0x138/0x170
[  146.621115][ T5753]  do_syscall_64+0xfa/0x3b0
[  146.623098][ T5753] Modules linked in:
[  146.624739][ T5753] CPU: 0 UID: 0 PID: 5753 Comm: syz.0.17 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  146.624756][ T5753] Tainted: [B]=BAD_PAGE
[  146.624761][ T5753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  146.624767][ T5753] Call Trace:
[  146.624775][ T5753]  <TASK>
[  146.624780][ T5753]  dump_stack_lvl+0x189/0x250
[  146.624798][ T5753]  ? __pfx_dump_stack_lvl+0x10/0x10
[  146.624811][ T5753]  ? __pfx_print_modules+0x10/0x10
[  146.624823][ T5753]  ? tun_rx_batched+0x1b9/0x730
[  146.624833][ T5753]  ? tun_chr_write_iter+0x113/0x200
[  146.624851][ T5753]  ? vfs_write+0x5c9/0xb30
[  146.624861][ T5753]  ? ksys_write+0x145/0x250
[  146.624871][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.624884][ T5753]  bad_page+0x180/0x1c0
[  146.624895][ T5753]  __free_frozen_pages+0xce2/0xd30
[  146.624911][ T5753]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  146.624931][ T5753]  bpf_xdp_adjust_tail+0x1d6/0x220
[  146.624945][ T5753]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  146.624955][ T5753]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  146.624976][ T5753]  do_xdp_generic+0x9f7/0x11a0
[  146.624994][ T5753]  ? __pfx_do_xdp_generic+0x10/0x10
[  146.625006][ T5753]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  146.625027][ T5753]  __netif_receive_skb_core+0x18f4/0x4380
[  146.625044][ T5753]  ? __pfx___skb_flow_dissect+0x10/0x10
[  146.625056][ T5753]  ? lock_release+0x4b/0x3e0
[  146.625070][ T5753]  ? do_user_addr_fault+0xc85/0x1380
[  146.625083][ T5753]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  146.625097][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.625111][ T5753]  ? irqentry_exit+0x74/0x90
[  146.625122][ T5753]  ? exc_page_fault+0x9f/0xf0
[  146.625135][ T5753]  ? netif_receive_skb+0x115/0x790
[  146.625148][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.625160][ T5753]  ? lock_acquire+0x5f/0x360
[  146.625171][ T5753]  __netif_receive_skb+0x72/0x380
[  146.625185][ T5753]  ? _copy_from_iter+0x24f/0x1790
[  146.625203][ T5753]  ? netif_receive_skb+0x115/0x790
[  146.625217][ T5753]  netif_receive_skb+0x1cb/0x790
[  146.625231][ T5753]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  146.625244][ T5753]  ? __pfx_netif_receive_skb+0x10/0x10
[  146.625258][ T5753]  ? __pfx__copy_from_iter+0x10/0x10
[  146.625272][ T5753]  ? sock_alloc_send_pskb+0x86b/0x980
[  146.625286][ T5753]  ? tun_rx_batched+0x160/0x730
[  146.625296][ T5753]  tun_rx_batched+0x1b9/0x730
[  146.625306][ T5753]  ? skb_header_pointer+0x8e/0x120
[  146.625320][ T5753]  ? __pfx_tun_rx_batched+0x10/0x10
[  146.625330][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  146.625339][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.625351][ T5753]  ? lock_acquire+0x5f/0x360
[  146.625361][ T5753]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  146.625376][ T5753]  tun_get_user+0x2b65/0x3ea0
[  146.625387][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.625400][ T5753]  ? lock_release+0x4b/0x3e0
[  146.625411][ T5753]  ? tun_get_user+0x272f/0x3ea0
[  146.625420][ T5753]  ? aa_file_perm+0x44d/0x1550
[  146.625432][ T5753]  ? __pfx_tun_get_user+0x10/0x10
[  146.625442][ T5753]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  146.625451][ T5753]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  146.625466][ T5753]  ? ref_tracker_alloc+0x318/0x460
[  146.625481][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.625491][ T5753]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  146.625503][ T5753]  ? lock_release+0x4b/0x3e0
[  146.625513][ T5753]  ? tun_get+0x1c/0x2f0
[  146.625521][ T5753]  ? tun_get+0x1c/0x2f0
[  146.625534][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.625541][ T5753]  ? tun_get+0x1c/0x2f0
[  146.625547][ T5753]  ? lock_release+0x4b/0x3e0
[  146.625555][ T5753]  ? common_file_perm+0x1b5/0x230
[  146.625566][ T5753]  ? tun_get+0x1c/0x2f0
[  146.625574][ T5753]  tun_chr_write_iter+0x113/0x200
[  146.625584][ T5753]  vfs_write+0x5c9/0xb30
[  146.625595][ T5753]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  146.625605][ T5753]  ? __pfx_vfs_write+0x10/0x10
[  146.625616][ T5753]  ? __fget_files+0x2a/0x420
[  146.625632][ T5753]  ksys_write+0x145/0x250
[  146.625642][ T5753]  ? __pfx_ksys_write+0x10/0x10
[  146.625651][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.625661][ T5753]  ? rcu_is_watching+0x15/0xb0
[  146.625672][ T5753]  do_syscall_64+0xfa/0x3b0
[  146.625684][ T5753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.625694][ T5753]  ? clear_bhb_loop+0x60/0xb0
[  146.625704][ T5753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.625713][ T5753] RIP: 0033:0x7f6d23f8d3df
[  146.625723][ T5753] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  146.625731][ T5753] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  146.625743][ T5753] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  146.625750][ T5753] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  146.625757][ T5753] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  146.625763][ T5753] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  146.625769][ T5753] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  146.625779][ T5753]  </TASK>
[  146.861196][ T4675] Bluetooth: hci0: command tx timeout
2025/10/02 10:46:22 executed programs: 3
[  146.946710][ T5756] BUG: Bad page state in process syz.0.18  pfn:41e7b
[  146.949605][ T5756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888041e7b000 pfn:0x41e7b
[  146.953858][ T5756] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  146.956861][ T5756] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  146.960456][ T5756] raw: ffff888041e7b000 0000000000000001 00000000ffffffff 0000000000000000
[  146.964155][ T5756] page dumped because: page_pool leak
[  146.966398][ T5756] page_owner tracks the page as allocated
[  146.968767][ T5756] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5756, tgid 5755 (syz.0.18), ts 146946667272, free_ts 146942520105
[  146.975689][ T5756]  post_alloc_hook+0x240/0x2a0
[  146.977731][ T5756]  get_page_from_freelist+0x21e4/0x22c0
[  146.980048][ T5756]  __alloc_frozen_pages_noprof+0x181/0x370
[  146.982593][ T5756]  alloc_pages_bulk_noprof+0x560/0x710
[  146.984859][ T5756]  __page_pool_alloc_netmems_slow+0x127/0x740
[  146.987556][ T5756]  skb_pp_cow_data+0xb47/0x13e0
[  146.989642][ T5756]  do_xdp_generic+0x699/0x11a0
[  146.991588][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  146.994023][ T5756]  __netif_receive_skb+0x72/0x380
[  146.996107][ T5756]  netif_receive_skb+0x1cb/0x790
[  146.998227][ T5756]  tun_rx_batched+0x1b9/0x730
[  147.000404][ T5756]  tun_get_user+0x2b65/0x3ea0
[  147.002605][ T5756]  tun_chr_write_iter+0x113/0x200
[  147.004666][ T5756]  vfs_write+0x5c9/0xb30
[  147.006437][ T5756]  ksys_write+0x145/0x250
[  147.008219][ T5756]  do_syscall_64+0xfa/0x3b0
[  147.010471][ T5756] page last free pid 15 tgid 15 stack trace:
[  147.013005][ T5756]  __free_frozen_pages+0xbc4/0xd30
[  147.015136][ T5756]  __tlb_remove_table+0x2d2/0x3b0
[  147.017242][ T5756]  tlb_remove_table_rcu+0x85/0x100
[  147.019387][ T5756]  rcu_core+0xca8/0x1770
[  147.021195][ T5756]  handle_softirqs+0x283/0x870
[  147.023297][ T5756]  run_ksoftirqd+0x9b/0x100
[  147.025182][ T5756]  smpboot_thread_fn+0x53f/0xa60
[  147.027217][ T5756]  kthread+0x711/0x8a0
[  147.028926][ T5756]  ret_from_fork+0x436/0x7d0
[  147.031078][ T5756]  ret_from_fork_asm+0x1a/0x30
[  147.033617][ T5756] Modules linked in:
[  147.035587][ T5756] CPU: 0 UID: 0 PID: 5756 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  147.035605][ T5756] Tainted: [B]=BAD_PAGE
[  147.035609][ T5756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  147.035616][ T5756] Call Trace:
[  147.035639][ T5756]  <TASK>
[  147.035645][ T5756]  dump_stack_lvl+0x189/0x250
[  147.035662][ T5756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.035675][ T5756]  ? __pfx_print_modules+0x10/0x10
[  147.035686][ T5756]  ? tun_rx_batched+0x1b9/0x730
[  147.035696][ T5756]  ? tun_chr_write_iter+0x113/0x200
[  147.035705][ T5756]  ? vfs_write+0x5c9/0xb30
[  147.035716][ T5756]  ? ksys_write+0x145/0x250
[  147.035726][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.035738][ T5756]  bad_page+0x180/0x1c0
[  147.035749][ T5756]  __free_frozen_pages+0xce2/0xd30
[  147.035764][ T5756]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  147.035783][ T5756]  bpf_xdp_adjust_tail+0x1d6/0x220
[  147.035796][ T5756]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  147.035806][ T5756]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  147.035828][ T5756]  do_xdp_generic+0x9f7/0x11a0
[  147.035844][ T5756]  ? __pfx_do_xdp_generic+0x10/0x10
[  147.035858][ T5756]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  147.035876][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  147.035894][ T5756]  ? __pfx___skb_flow_dissect+0x10/0x10
[  147.035906][ T5756]  ? lock_release+0x4b/0x3e0
[  147.035919][ T5756]  ? do_user_addr_fault+0xc85/0x1380
[  147.035933][ T5756]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  147.035949][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.035962][ T5756]  ? irqentry_exit+0x74/0x90
[  147.035974][ T5756]  ? exc_page_fault+0x9f/0xf0
[  147.035986][ T5756]  ? netif_receive_skb+0x115/0x790
[  147.036000][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.036011][ T5756]  ? lock_acquire+0x5f/0x360
[  147.036020][ T5756]  __netif_receive_skb+0x72/0x380
[  147.036032][ T5756]  ? _copy_from_iter+0x24f/0x1790
[  147.036047][ T5756]  ? netif_receive_skb+0x115/0x790
[  147.036058][ T5756]  netif_receive_skb+0x1cb/0x790
[  147.036073][ T5756]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  147.036085][ T5756]  ? __pfx_netif_receive_skb+0x10/0x10
[  147.036099][ T5756]  ? __pfx__copy_from_iter+0x10/0x10
[  147.036112][ T5756]  ? sock_alloc_send_pskb+0x86b/0x980
[  147.036135][ T5756]  ? tun_rx_batched+0x160/0x730
[  147.036146][ T5756]  tun_rx_batched+0x1b9/0x730
[  147.036155][ T5756]  ? skb_header_pointer+0x8e/0x120
[  147.036169][ T5756]  ? __pfx_tun_rx_batched+0x10/0x10
[  147.036179][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  147.036188][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.036200][ T5756]  ? lock_acquire+0x5f/0x360
[  147.036210][ T5756]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  147.036224][ T5756]  tun_get_user+0x2b65/0x3ea0
[  147.036236][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.036247][ T5756]  ? lock_release+0x4b/0x3e0
[  147.036257][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  147.036266][ T5756]  ? aa_file_perm+0x44d/0x1550
[  147.036282][ T5756]  ? __pfx_tun_get_user+0x10/0x10
[  147.036293][ T5756]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  147.036304][ T5756]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  147.036315][ T5756]  ? ref_tracker_alloc+0x318/0x460
[  147.036330][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.036341][ T5756]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  147.036353][ T5756]  ? lock_release+0x4b/0x3e0
[  147.036363][ T5756]  ? tun_get+0x1c/0x2f0
[  147.036372][ T5756]  ? tun_get+0x1c/0x2f0
[  147.036381][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.036392][ T5756]  ? tun_get+0x1c/0x2f0
[  147.036400][ T5756]  ? lock_release+0x4b/0x3e0
[  147.036410][ T5756]  ? common_file_perm+0x1b5/0x230
[  147.036424][ T5756]  ? tun_get+0x1c/0x2f0
[  147.036434][ T5756]  tun_chr_write_iter+0x113/0x200
[  147.036444][ T5756]  vfs_write+0x5c9/0xb30
[  147.036458][ T5756]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  147.036467][ T5756]  ? __pfx_vfs_write+0x10/0x10
[  147.036480][ T5756]  ? __fget_files+0x2a/0x420
[  147.036496][ T5756]  ksys_write+0x145/0x250
[  147.036507][ T5756]  ? __pfx_ksys_write+0x10/0x10
[  147.036517][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.036530][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.036543][ T5756]  do_syscall_64+0xfa/0x3b0
[  147.036555][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.036566][ T5756]  ? clear_bhb_loop+0x60/0xb0
[  147.036577][ T5756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.036588][ T5756] RIP: 0033:0x7f6d23f8d3df
[  147.036600][ T5756] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  147.036610][ T5756] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  147.036622][ T5756] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  147.036630][ T5756] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  147.036637][ T5756] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  147.036643][ T5756] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  147.036649][ T5756] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  147.036660][ T5756]  </TASK>
[  147.036668][ T5756] BUG: Bad page state in process syz.0.18  pfn:41318
[  147.246794][ T5756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x41318
[  147.250985][ T5756] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  147.254090][ T5756] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  147.257717][ T5756] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  147.261335][ T5756] page dumped because: page_pool leak
[  147.263660][ T5756] page_owner tracks the page as allocated
[  147.266030][ T5756] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5756, tgid 5755 (syz.0.18), ts 146946663490, free_ts 146942528597
[  147.272960][ T5756]  post_alloc_hook+0x240/0x2a0
[  147.274974][ T5756]  get_page_from_freelist+0x21e4/0x22c0
[  147.277235][ T5756]  __alloc_frozen_pages_noprof+0x181/0x370
[  147.279615][ T5756]  alloc_pages_bulk_noprof+0x560/0x710
[  147.281855][ T5756]  __page_pool_alloc_netmems_slow+0x127/0x740
[  147.284475][ T5756]  skb_pp_cow_data+0xb47/0x13e0
[  147.286529][ T5756]  do_xdp_generic+0x699/0x11a0
[  147.288607][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  147.291041][ T5756]  __netif_receive_skb+0x72/0x380
[  147.293203][ T5756]  netif_receive_skb+0x1cb/0x790
[  147.295308][ T5756]  tun_rx_batched+0x1b9/0x730
[  147.297301][ T5756]  tun_get_user+0x2b65/0x3ea0
[  147.299255][ T5756]  tun_chr_write_iter+0x113/0x200
[  147.301359][ T5756]  vfs_write+0x5c9/0xb30
[  147.303233][ T5756]  ksys_write+0x145/0x250
[  147.305080][ T5756]  do_syscall_64+0xfa/0x3b0
[  147.306979][ T5756] page last free pid 15 tgid 15 stack trace:
[  147.309463][ T5756]  __free_frozen_pages+0xbc4/0xd30
[  147.311685][ T5756]  __tlb_remove_table+0x2d2/0x3b0
[  147.313860][ T5756]  tlb_remove_table_rcu+0x85/0x100
[  147.315987][ T5756]  rcu_core+0xca8/0x1770
[  147.317830][ T5756]  handle_softirqs+0x283/0x870
[  147.320240][ T5756]  run_ksoftirqd+0x9b/0x100
[  147.322134][ T5756]  smpboot_thread_fn+0x53f/0xa60
[  147.324224][ T5756]  kthread+0x711/0x8a0
[  147.325906][ T5756]  ret_from_fork+0x436/0x7d0
[  147.327932][ T5756]  ret_from_fork_asm+0x1a/0x30
[  147.329918][ T5756] Modules linked in:
[  147.331561][ T5756] CPU: 0 UID: 0 PID: 5756 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  147.331578][ T5756] Tainted: [B]=BAD_PAGE
[  147.331581][ T5756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  147.331588][ T5756] Call Trace:
[  147.331596][ T5756]  <TASK>
[  147.331602][ T5756]  dump_stack_lvl+0x189/0x250
[  147.331619][ T5756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.331631][ T5756]  ? __pfx_print_modules+0x10/0x10
[  147.331642][ T5756]  ? tun_rx_batched+0x1b9/0x730
[  147.331651][ T5756]  ? tun_chr_write_iter+0x113/0x200
[  147.331659][ T5756]  ? vfs_write+0x5c9/0xb30
[  147.331668][ T5756]  ? ksys_write+0x145/0x250
[  147.331677][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.331688][ T5756]  bad_page+0x180/0x1c0
[  147.331698][ T5756]  __free_frozen_pages+0xce2/0xd30
[  147.331711][ T5756]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  147.331728][ T5756]  bpf_xdp_adjust_tail+0x1d6/0x220
[  147.331740][ T5756]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  147.331749][ T5756]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  147.331770][ T5756]  do_xdp_generic+0x9f7/0x11a0
[  147.331785][ T5756]  ? __pfx_do_xdp_generic+0x10/0x10
[  147.331796][ T5756]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  147.331814][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  147.331829][ T5756]  ? __pfx___skb_flow_dissect+0x10/0x10
[  147.331841][ T5756]  ? lock_release+0x4b/0x3e0
[  147.331853][ T5756]  ? do_user_addr_fault+0xc85/0x1380
[  147.331865][ T5756]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  147.331885][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.331897][ T5756]  ? irqentry_exit+0x74/0x90
[  147.331908][ T5756]  ? exc_page_fault+0x9f/0xf0
[  147.331920][ T5756]  ? netif_receive_skb+0x115/0x790
[  147.331932][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.331942][ T5756]  ? lock_acquire+0x5f/0x360
[  147.331951][ T5756]  __netif_receive_skb+0x72/0x380
[  147.331963][ T5756]  ? _copy_from_iter+0x24f/0x1790
[  147.331977][ T5756]  ? netif_receive_skb+0x115/0x790
[  147.331990][ T5756]  netif_receive_skb+0x1cb/0x790
[  147.332002][ T5756]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  147.332015][ T5756]  ? __pfx_netif_receive_skb+0x10/0x10
[  147.332027][ T5756]  ? __pfx__copy_from_iter+0x10/0x10
[  147.332039][ T5756]  ? sock_alloc_send_pskb+0x86b/0x980
[  147.332052][ T5756]  ? tun_rx_batched+0x160/0x730
[  147.332061][ T5756]  tun_rx_batched+0x1b9/0x730
[  147.332071][ T5756]  ? skb_header_pointer+0x8e/0x120
[  147.332083][ T5756]  ? __pfx_tun_rx_batched+0x10/0x10
[  147.332092][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  147.332100][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.332109][ T5756]  ? lock_acquire+0x5f/0x360
[  147.332118][ T5756]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  147.332129][ T5756]  tun_get_user+0x2b65/0x3ea0
[  147.332139][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.332149][ T5756]  ? lock_release+0x4b/0x3e0
[  147.332159][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  147.332193][ T5756]  ? aa_file_perm+0x44d/0x1550
[  147.332207][ T5756]  ? __pfx_tun_get_user+0x10/0x10
[  147.332218][ T5756]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  147.332228][ T5756]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  147.332238][ T5756]  ? ref_tracker_alloc+0x318/0x460
[  147.332253][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.332264][ T5756]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  147.332275][ T5756]  ? lock_release+0x4b/0x3e0
[  147.332285][ T5756]  ? tun_get+0x1c/0x2f0
[  147.332293][ T5756]  ? tun_get+0x1c/0x2f0
[  147.332301][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.332310][ T5756]  ? tun_get+0x1c/0x2f0
[  147.332319][ T5756]  ? lock_release+0x4b/0x3e0
[  147.332327][ T5756]  ? common_file_perm+0x1b5/0x230
[  147.332339][ T5756]  ? tun_get+0x1c/0x2f0
[  147.332348][ T5756]  tun_chr_write_iter+0x113/0x200
[  147.332358][ T5756]  vfs_write+0x5c9/0xb30
[  147.332370][ T5756]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  147.332380][ T5756]  ? __pfx_vfs_write+0x10/0x10
[  147.332392][ T5756]  ? __fget_files+0x2a/0x420
[  147.332405][ T5756]  ksys_write+0x145/0x250
[  147.332414][ T5756]  ? __pfx_ksys_write+0x10/0x10
[  147.332423][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.332435][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.332445][ T5756]  do_syscall_64+0xfa/0x3b0
[  147.332457][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.332467][ T5756]  ? clear_bhb_loop+0x60/0xb0
[  147.332478][ T5756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.332489][ T5756] RIP: 0033:0x7f6d23f8d3df
[  147.332500][ T5756] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  147.332510][ T5756] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  147.332521][ T5756] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  147.332528][ T5756] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  147.332535][ T5756] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  147.332540][ T5756] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  147.332546][ T5756] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  147.332555][ T5756]  </TASK>
[  147.535119][ T5756] BUG: Bad page state in process syz.0.18  pfn:4269e
[  147.537805][ T5756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804269ecc0 pfn:0x4269e
[  147.541858][ T5756] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  147.544886][ T5756] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  147.548365][ T5756] raw: ffff88804269ecc0 0000000000000001 00000000ffffffff 0000000000000000
[  147.551952][ T5756] page dumped because: page_pool leak
[  147.554270][ T5756] page_owner tracks the page as allocated
[  147.556630][ T5756] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5756, tgid 5755 (syz.0.18), ts 146946659634, free_ts 146942533110
[  147.563427][ T5756]  post_alloc_hook+0x240/0x2a0
[  147.565476][ T5756]  get_page_from_freelist+0x21e4/0x22c0
[  147.567860][ T5756]  __alloc_frozen_pages_noprof+0x181/0x370
[  147.570481][ T5756]  alloc_pages_bulk_noprof+0x560/0x710
[  147.573052][ T5756]  __page_pool_alloc_netmems_slow+0x127/0x740
[  147.575843][ T5756]  skb_pp_cow_data+0xb47/0x13e0
[  147.577982][ T5756]  do_xdp_generic+0x699/0x11a0
[  147.579968][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  147.582461][ T5756]  __netif_receive_skb+0x72/0x380
[  147.584545][ T5756]  netif_receive_skb+0x1cb/0x790
[  147.586617][ T5756]  tun_rx_batched+0x1b9/0x730
[  147.588576][ T5756]  tun_get_user+0x2b65/0x3ea0
[  147.590648][ T5756]  tun_chr_write_iter+0x113/0x200
[  147.592808][ T5756]  vfs_write+0x5c9/0xb30
[  147.594568][ T5756]  ksys_write+0x145/0x250
[  147.596338][ T5756]  do_syscall_64+0xfa/0x3b0
[  147.598233][ T5756] page last free pid 15 tgid 15 stack trace:
[  147.600924][ T5756]  __free_frozen_pages+0xbc4/0xd30
[  147.603322][ T5756]  __tlb_remove_table+0x2d2/0x3b0
[  147.605571][ T5756]  tlb_remove_table_rcu+0x85/0x100
[  147.607853][ T5756]  rcu_core+0xca8/0x1770
[  147.609819][ T5756]  handle_softirqs+0x283/0x870
[  147.611999][ T5756]  run_ksoftirqd+0x9b/0x100
[  147.614031][ T5756]  smpboot_thread_fn+0x53f/0xa60
[  147.616082][ T5756]  kthread+0x711/0x8a0
[  147.617809][ T5756]  ret_from_fork+0x436/0x7d0
[  147.619831][ T5756]  ret_from_fork_asm+0x1a/0x30
[  147.621824][ T5756] Modules linked in:
[  147.623621][ T5756] CPU: 0 UID: 0 PID: 5756 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  147.623638][ T5756] Tainted: [B]=BAD_PAGE
[  147.623641][ T5756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  147.623649][ T5756] Call Trace:
[  147.623656][ T5756]  <TASK>
[  147.623662][ T5756]  dump_stack_lvl+0x189/0x250
[  147.623678][ T5756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.623689][ T5756]  ? __pfx_print_modules+0x10/0x10
[  147.623698][ T5756]  ? tun_rx_batched+0x1b9/0x730
[  147.623707][ T5756]  ? tun_chr_write_iter+0x113/0x200
[  147.623716][ T5756]  ? vfs_write+0x5c9/0xb30
[  147.623726][ T5756]  ? ksys_write+0x145/0x250
[  147.623735][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.623747][ T5756]  bad_page+0x180/0x1c0
[  147.623757][ T5756]  __free_frozen_pages+0xce2/0xd30
[  147.623770][ T5756]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  147.623790][ T5756]  bpf_xdp_adjust_tail+0x1d6/0x220
[  147.623801][ T5756]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  147.623811][ T5756]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  147.623831][ T5756]  do_xdp_generic+0x9f7/0x11a0
[  147.623846][ T5756]  ? __pfx_do_xdp_generic+0x10/0x10
[  147.623859][ T5756]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  147.623875][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  147.623891][ T5756]  ? __pfx___skb_flow_dissect+0x10/0x10
[  147.623902][ T5756]  ? lock_release+0x4b/0x3e0
[  147.623915][ T5756]  ? do_user_addr_fault+0xc85/0x1380
[  147.623926][ T5756]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  147.623940][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.623953][ T5756]  ? irqentry_exit+0x74/0x90
[  147.623963][ T5756]  ? exc_page_fault+0x9f/0xf0
[  147.623975][ T5756]  ? netif_receive_skb+0x115/0x790
[  147.623986][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.623996][ T5756]  ? lock_acquire+0x5f/0x360
[  147.624005][ T5756]  __netif_receive_skb+0x72/0x380
[  147.624018][ T5756]  ? _copy_from_iter+0x24f/0x1790
[  147.624033][ T5756]  ? netif_receive_skb+0x115/0x790
[  147.624045][ T5756]  netif_receive_skb+0x1cb/0x790
[  147.624057][ T5756]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  147.624069][ T5756]  ? __pfx_netif_receive_skb+0x10/0x10
[  147.624081][ T5756]  ? __pfx__copy_from_iter+0x10/0x10
[  147.624093][ T5756]  ? sock_alloc_send_pskb+0x86b/0x980
[  147.624106][ T5756]  ? tun_rx_batched+0x160/0x730
[  147.624115][ T5756]  tun_rx_batched+0x1b9/0x730
[  147.624131][ T5756]  ? skb_header_pointer+0x8e/0x120
[  147.624144][ T5756]  ? __pfx_tun_rx_batched+0x10/0x10
[  147.624153][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  147.624161][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.624172][ T5756]  ? lock_acquire+0x5f/0x360
[  147.624181][ T5756]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  147.624193][ T5756]  tun_get_user+0x2b65/0x3ea0
[  147.624204][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.624215][ T5756]  ? lock_release+0x4b/0x3e0
[  147.624226][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  147.624235][ T5756]  ? aa_file_perm+0x44d/0x1550
[  147.624249][ T5756]  ? __pfx_tun_get_user+0x10/0x10
[  147.624260][ T5756]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  147.624269][ T5756]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  147.624280][ T5756]  ? ref_tracker_alloc+0x318/0x460
[  147.624292][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.624302][ T5756]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  147.624312][ T5756]  ? lock_release+0x4b/0x3e0
[  147.624320][ T5756]  ? tun_get+0x1c/0x2f0
[  147.624328][ T5756]  ? tun_get+0x1c/0x2f0
[  147.624335][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.624345][ T5756]  ? tun_get+0x1c/0x2f0
[  147.624353][ T5756]  ? lock_release+0x4b/0x3e0
[  147.624362][ T5756]  ? common_file_perm+0x1b5/0x230
[  147.624375][ T5756]  ? tun_get+0x1c/0x2f0
[  147.624384][ T5756]  tun_chr_write_iter+0x113/0x200
[  147.624394][ T5756]  vfs_write+0x5c9/0xb30
[  147.624405][ T5756]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  147.624414][ T5756]  ? __pfx_vfs_write+0x10/0x10
[  147.624427][ T5756]  ? __fget_files+0x2a/0x420
[  147.624440][ T5756]  ksys_write+0x145/0x250
[  147.624451][ T5756]  ? __pfx_ksys_write+0x10/0x10
[  147.624460][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.624471][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.624482][ T5756]  do_syscall_64+0xfa/0x3b0
[  147.624494][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.624504][ T5756]  ? clear_bhb_loop+0x60/0xb0
[  147.624515][ T5756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.624524][ T5756] RIP: 0033:0x7f6d23f8d3df
[  147.624534][ T5756] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  147.624543][ T5756] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  147.624556][ T5756] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  147.624563][ T5756] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  147.624569][ T5756] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  147.624575][ T5756] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  147.624582][ T5756] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  147.624592][ T5756]  </TASK>
[  147.624602][ T5756] BUG: Bad page state in process syz.0.18  pfn:39435
[  147.833780][ T5756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888039435000 pfn:0x39435
[  147.837935][ T5756] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  147.841002][ T5756] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  147.844627][ T5756] raw: ffff888039435000 0000000000000001 00000000ffffffff 0000000000000000
[  147.848070][ T5756] page dumped because: page_pool leak
[  147.850457][ T5756] page_owner tracks the page as allocated
[  147.852928][ T5756] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5756, tgid 5755 (syz.0.18), ts 146946653903, free_ts 146942541712
[  147.859817][ T5756]  post_alloc_hook+0x240/0x2a0
[  147.861851][ T5756]  get_page_from_freelist+0x21e4/0x22c0
[  147.864274][ T5756]  __alloc_frozen_pages_noprof+0x181/0x370
[  147.866680][ T5756]  alloc_pages_bulk_noprof+0x560/0x710
[  147.869068][ T5756]  __page_pool_alloc_netmems_slow+0x127/0x740
[  147.871625][ T5756]  skb_pp_cow_data+0xb47/0x13e0
[  147.873766][ T5756]  do_xdp_generic+0x699/0x11a0
[  147.875688][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  147.878051][ T5756]  __netif_receive_skb+0x72/0x380
[  147.880107][ T5756]  netif_receive_skb+0x1cb/0x790
[  147.882333][ T5756]  tun_rx_batched+0x1b9/0x730
[  147.884302][ T5756]  tun_get_user+0x2b65/0x3ea0
[  147.886230][ T5756]  tun_chr_write_iter+0x113/0x200
[  147.888403][ T5756]  vfs_write+0x5c9/0xb30
[  147.890181][ T5756]  ksys_write+0x145/0x250
[  147.892026][ T5756]  do_syscall_64+0xfa/0x3b0
[  147.894016][ T5756] page last free pid 15 tgid 15 stack trace:
[  147.896519][ T5756]  __free_frozen_pages+0xbc4/0xd30
[  147.898695][ T5756]  __tlb_remove_table+0x2d2/0x3b0
[  147.900820][ T5756]  tlb_remove_table_rcu+0x85/0x100
[  147.903184][ T5756]  rcu_core+0xca8/0x1770
[  147.905029][ T5756]  handle_softirqs+0x283/0x870
[  147.907125][ T5756]  run_ksoftirqd+0x9b/0x100
[  147.909058][ T5756]  smpboot_thread_fn+0x53f/0xa60
[  147.911153][ T5756]  kthread+0x711/0x8a0
[  147.912930][ T5756]  ret_from_fork+0x436/0x7d0
[  147.914927][ T5756]  ret_from_fork_asm+0x1a/0x30
[  147.916920][ T5756] Modules linked in:
[  147.918743][ T5756] CPU: 0 UID: 0 PID: 5756 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  147.918760][ T5756] Tainted: [B]=BAD_PAGE
[  147.918769][ T5756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  147.918776][ T5756] Call Trace:
[  147.918810][ T5756]  <TASK>
[  147.918825][ T5756]  dump_stack_lvl+0x189/0x250
[  147.918841][ T5756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.918853][ T5756]  ? __pfx_print_modules+0x10/0x10
[  147.918862][ T5756]  ? tun_rx_batched+0x1b9/0x730
[  147.918872][ T5756]  ? tun_chr_write_iter+0x113/0x200
[  147.918880][ T5756]  ? vfs_write+0x5c9/0xb30
[  147.918890][ T5756]  ? ksys_write+0x145/0x250
[  147.918908][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.918920][ T5756]  bad_page+0x180/0x1c0
[  147.918930][ T5756]  __free_frozen_pages+0xce2/0xd30
[  147.918944][ T5756]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  147.918977][ T5756]  bpf_xdp_adjust_tail+0x1d6/0x220
[  147.918989][ T5756]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  147.918999][ T5756]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  147.919019][ T5756]  do_xdp_generic+0x9f7/0x11a0
[  147.919032][ T5756]  ? __pfx_do_xdp_generic+0x10/0x10
[  147.919044][ T5756]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  147.919063][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  147.919079][ T5756]  ? __pfx___skb_flow_dissect+0x10/0x10
[  147.919090][ T5756]  ? lock_release+0x4b/0x3e0
[  147.919102][ T5756]  ? do_user_addr_fault+0xc85/0x1380
[  147.919114][ T5756]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  147.919127][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.919145][ T5756]  ? irqentry_exit+0x74/0x90
[  147.919155][ T5756]  ? exc_page_fault+0x9f/0xf0
[  147.919166][ T5756]  ? netif_receive_skb+0x115/0x790
[  147.919178][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.919189][ T5756]  ? lock_acquire+0x5f/0x360
[  147.919198][ T5756]  __netif_receive_skb+0x72/0x380
[  147.919212][ T5756]  ? _copy_from_iter+0x24f/0x1790
[  147.919227][ T5756]  ? netif_receive_skb+0x115/0x790
[  147.919242][ T5756]  netif_receive_skb+0x1cb/0x790
[  147.919254][ T5756]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  147.919265][ T5756]  ? __pfx_netif_receive_skb+0x10/0x10
[  147.919280][ T5756]  ? __pfx__copy_from_iter+0x10/0x10
[  147.919293][ T5756]  ? sock_alloc_send_pskb+0x86b/0x980
[  147.919305][ T5756]  ? tun_rx_batched+0x160/0x730
[  147.919315][ T5756]  tun_rx_batched+0x1b9/0x730
[  147.919336][ T5756]  ? skb_header_pointer+0x8e/0x120
[  147.919348][ T5756]  ? __pfx_tun_rx_batched+0x10/0x10
[  147.919357][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  147.919365][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.919376][ T5756]  ? lock_acquire+0x5f/0x360
[  147.919383][ T5756]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  147.919396][ T5756]  tun_get_user+0x2b65/0x3ea0
[  147.919406][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.919417][ T5756]  ? lock_release+0x4b/0x3e0
[  147.919424][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  147.919433][ T5756]  ? aa_file_perm+0x44d/0x1550
[  147.919447][ T5756]  ? __pfx_tun_get_user+0x10/0x10
[  147.919458][ T5756]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  147.919467][ T5756]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  147.919482][ T5756]  ? ref_tracker_alloc+0x318/0x460
[  147.919496][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.919506][ T5756]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  147.919518][ T5756]  ? lock_release+0x4b/0x3e0
[  147.919527][ T5756]  ? tun_get+0x1c/0x2f0
[  147.919535][ T5756]  ? tun_get+0x1c/0x2f0
[  147.919543][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.919553][ T5756]  ? tun_get+0x1c/0x2f0
[  147.919559][ T5756]  ? lock_release+0x4b/0x3e0
[  147.919568][ T5756]  ? common_file_perm+0x1b5/0x230
[  147.919580][ T5756]  ? tun_get+0x1c/0x2f0
[  147.919589][ T5756]  tun_chr_write_iter+0x113/0x200
[  147.919599][ T5756]  vfs_write+0x5c9/0xb30
[  147.919610][ T5756]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  147.919619][ T5756]  ? __pfx_vfs_write+0x10/0x10
[  147.919631][ T5756]  ? __fget_files+0x2a/0x420
[  147.919645][ T5756]  ksys_write+0x145/0x250
[  147.919655][ T5756]  ? __pfx_ksys_write+0x10/0x10
[  147.919664][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.919676][ T5756]  ? rcu_is_watching+0x15/0xb0
[  147.919687][ T5756]  do_syscall_64+0xfa/0x3b0
[  147.919699][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.919709][ T5756]  ? clear_bhb_loop+0x60/0xb0
[  147.919719][ T5756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.919729][ T5756] RIP: 0033:0x7f6d23f8d3df
[  147.919739][ T5756] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  147.919748][ T5756] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  147.919759][ T5756] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  147.919767][ T5756] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  147.919774][ T5756] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  147.919780][ T5756] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  147.919787][ T5756] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  147.919797][ T5756]  </TASK>
[  147.919818][ T5756] BUG: Bad page state in process syz.0.18  pfn:43696
[  148.126871][ T5756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x43696
[  148.130980][ T5756] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  148.134114][ T5756] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  148.137654][ T5756] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  148.141186][ T5756] page dumped because: page_pool leak
[  148.143571][ T5756] page_owner tracks the page as allocated
[  148.145881][ T5756] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5756, tgid 5755 (syz.0.18), ts 146946648025, free_ts 146942551037
[  148.152775][ T5756]  post_alloc_hook+0x240/0x2a0
[  148.154751][ T5756]  get_page_from_freelist+0x21e4/0x22c0
[  148.156827][ T5756]  __alloc_frozen_pages_noprof+0x181/0x370
[  148.159249][ T5756]  alloc_pages_bulk_noprof+0x560/0x710
[  148.161588][ T5756]  __page_pool_alloc_netmems_slow+0x127/0x740
[  148.164290][ T5756]  skb_pp_cow_data+0xb47/0x13e0
[  148.166351][ T5756]  do_xdp_generic+0x699/0x11a0
[  148.168297][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  148.170747][ T5756]  __netif_receive_skb+0x72/0x380
[  148.172935][ T5756]  netif_receive_skb+0x1cb/0x790
[  148.175024][ T5756]  tun_rx_batched+0x1b9/0x730
[  148.176987][ T5756]  tun_get_user+0x2b65/0x3ea0
[  148.179028][ T5756]  tun_chr_write_iter+0x113/0x200
[  148.181202][ T5756]  vfs_write+0x5c9/0xb30
[  148.183131][ T5756]  ksys_write+0x145/0x250
[  148.184909][ T5756]  do_syscall_64+0xfa/0x3b0
[  148.186819][ T5756] page last free pid 15 tgid 15 stack trace:
[  148.189342][ T5756]  __free_frozen_pages+0xbc4/0xd30
[  148.191440][ T5756]  __tlb_remove_table+0x2d2/0x3b0
[  148.193660][ T5756]  tlb_remove_table_rcu+0x85/0x100
[  148.195864][ T5756]  rcu_core+0xca8/0x1770
[  148.197620][ T5756]  handle_softirqs+0x283/0x870
[  148.199624][ T5756]  run_ksoftirqd+0x9b/0x100
[  148.201540][ T5756]  smpboot_thread_fn+0x53f/0xa60
[  148.203685][ T5756]  kthread+0x711/0x8a0
[  148.205366][ T5756]  ret_from_fork+0x436/0x7d0
[  148.207324][ T5756]  ret_from_fork_asm+0x1a/0x30
[  148.209315][ T5756] Modules linked in:
[  148.211060][ T5756] CPU: 0 UID: 0 PID: 5756 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  148.211078][ T5756] Tainted: [B]=BAD_PAGE
[  148.211081][ T5756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  148.211095][ T5756] Call Trace:
[  148.211103][ T5756]  <TASK>
[  148.211110][ T5756]  dump_stack_lvl+0x189/0x250
[  148.211127][ T5756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  148.211141][ T5756]  ? __pfx_print_modules+0x10/0x10
[  148.211151][ T5756]  ? tun_rx_batched+0x1b9/0x730
[  148.211162][ T5756]  ? tun_chr_write_iter+0x113/0x200
[  148.211170][ T5756]  ? vfs_write+0x5c9/0xb30
[  148.211182][ T5756]  ? ksys_write+0x145/0x250
[  148.211192][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.211204][ T5756]  bad_page+0x180/0x1c0
[  148.211216][ T5756]  __free_frozen_pages+0xce2/0xd30
[  148.211231][ T5756]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  148.211251][ T5756]  bpf_xdp_adjust_tail+0x1d6/0x220
[  148.211265][ T5756]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  148.211274][ T5756]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  148.211296][ T5756]  do_xdp_generic+0x9f7/0x11a0
[  148.211313][ T5756]  ? __pfx_do_xdp_generic+0x10/0x10
[  148.211325][ T5756]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  148.211346][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  148.211363][ T5756]  ? __pfx___skb_flow_dissect+0x10/0x10
[  148.211375][ T5756]  ? lock_release+0x4b/0x3e0
[  148.211388][ T5756]  ? do_user_addr_fault+0xc85/0x1380
[  148.211401][ T5756]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  148.211416][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.211429][ T5756]  ? irqentry_exit+0x74/0x90
[  148.211441][ T5756]  ? exc_page_fault+0x9f/0xf0
[  148.211453][ T5756]  ? netif_receive_skb+0x115/0x790
[  148.211466][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.211478][ T5756]  ? lock_acquire+0x5f/0x360
[  148.211489][ T5756]  __netif_receive_skb+0x72/0x380
[  148.211502][ T5756]  ? _copy_from_iter+0x24f/0x1790
[  148.211518][ T5756]  ? netif_receive_skb+0x115/0x790
[  148.211532][ T5756]  netif_receive_skb+0x1cb/0x790
[  148.211546][ T5756]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  148.211560][ T5756]  ? __pfx_netif_receive_skb+0x10/0x10
[  148.211572][ T5756]  ? __pfx__copy_from_iter+0x10/0x10
[  148.211586][ T5756]  ? sock_alloc_send_pskb+0x86b/0x980
[  148.211600][ T5756]  ? tun_rx_batched+0x160/0x730
[  148.211609][ T5756]  tun_rx_batched+0x1b9/0x730
[  148.211620][ T5756]  ? skb_header_pointer+0x8e/0x120
[  148.211634][ T5756]  ? __pfx_tun_rx_batched+0x10/0x10
[  148.211643][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  148.211653][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.211665][ T5756]  ? lock_acquire+0x5f/0x360
[  148.211675][ T5756]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  148.211689][ T5756]  tun_get_user+0x2b65/0x3ea0
[  148.211700][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.211712][ T5756]  ? lock_release+0x4b/0x3e0
[  148.211722][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  148.211731][ T5756]  ? aa_file_perm+0x44d/0x1550
[  148.211747][ T5756]  ? __pfx_tun_get_user+0x10/0x10
[  148.211758][ T5756]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  148.211769][ T5756]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  148.211781][ T5756]  ? ref_tracker_alloc+0x318/0x460
[  148.211796][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.211806][ T5756]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  148.211819][ T5756]  ? lock_release+0x4b/0x3e0
[  148.211829][ T5756]  ? tun_get+0x1c/0x2f0
[  148.211838][ T5756]  ? tun_get+0x1c/0x2f0
[  148.211845][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.211857][ T5756]  ? tun_get+0x1c/0x2f0
[  148.211865][ T5756]  ? lock_release+0x4b/0x3e0
[  148.211876][ T5756]  ? common_file_perm+0x1b5/0x230
[  148.211889][ T5756]  ? tun_get+0x1c/0x2f0
[  148.211898][ T5756]  tun_chr_write_iter+0x113/0x200
[  148.211910][ T5756]  vfs_write+0x5c9/0xb30
[  148.211923][ T5756]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  148.211932][ T5756]  ? __pfx_vfs_write+0x10/0x10
[  148.211945][ T5756]  ? __fget_files+0x2a/0x420
[  148.211960][ T5756]  ksys_write+0x145/0x250
[  148.211971][ T5756]  ? __pfx_ksys_write+0x10/0x10
[  148.211982][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.211994][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.212006][ T5756]  do_syscall_64+0xfa/0x3b0
[  148.212020][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.212031][ T5756]  ? clear_bhb_loop+0x60/0xb0
[  148.212041][ T5756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.212053][ T5756] RIP: 0033:0x7f6d23f8d3df
[  148.212064][ T5756] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  148.212073][ T5756] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  148.212091][ T5756] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  148.212100][ T5756] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  148.212106][ T5756] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  148.212114][ T5756] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  148.212120][ T5756] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  148.212132][ T5756]  </TASK>
[  148.212140][ T5756] BUG: Bad page state in process syz.0.18  pfn:39436
[  148.418897][ T5756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x39436
[  148.423064][ T5756] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  148.425990][ T5756] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  148.429776][ T5756] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  148.433683][ T5756] page dumped because: page_pool leak
[  148.435982][ T5756] page_owner tracks the page as allocated
[  148.438352][ T5756] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5756, tgid 5755 (syz.0.18), ts 146946641158, free_ts 146942555772
[  148.445210][ T5756]  post_alloc_hook+0x240/0x2a0
[  148.447206][ T5756]  get_page_from_freelist+0x21e4/0x22c0
[  148.449480][ T5756]  __alloc_frozen_pages_noprof+0x181/0x370
[  148.451961][ T5756]  alloc_pages_bulk_noprof+0x560/0x710
[  148.454324][ T5756]  __page_pool_alloc_netmems_slow+0x127/0x740
[  148.456832][ T5756]  skb_pp_cow_data+0xb47/0x13e0
[  148.458931][ T5756]  do_xdp_generic+0x699/0x11a0
[  148.460957][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  148.463401][ T5756]  __netif_receive_skb+0x72/0x380
[  148.465502][ T5756]  netif_receive_skb+0x1cb/0x790
[  148.467562][ T5756]  tun_rx_batched+0x1b9/0x730
[  148.469497][ T5756]  tun_get_user+0x2b65/0x3ea0
[  148.471498][ T5756]  tun_chr_write_iter+0x113/0x200
[  148.473706][ T5756]  vfs_write+0x5c9/0xb30
[  148.475624][ T5756]  ksys_write+0x145/0x250
[  148.477788][ T5756]  do_syscall_64+0xfa/0x3b0
[  148.479971][ T5756] page last free pid 15 tgid 15 stack trace:
[  148.482650][ T5756]  __free_frozen_pages+0xbc4/0xd30
[  148.484734][ T5756]  __tlb_remove_table+0x2d2/0x3b0
[  148.486802][ T5756]  tlb_remove_table_rcu+0x85/0x100
[  148.488895][ T5756]  rcu_core+0xca8/0x1770
[  148.490636][ T5756]  handle_softirqs+0x283/0x870
[  148.492636][ T5756]  run_ksoftirqd+0x9b/0x100
[  148.494515][ T5756]  smpboot_thread_fn+0x53f/0xa60
[  148.496561][ T5756]  kthread+0x711/0x8a0
[  148.498321][ T5756]  ret_from_fork+0x436/0x7d0
[  148.500185][ T5756]  ret_from_fork_asm+0x1a/0x30
[  148.502156][ T5756] Modules linked in:
[  148.503852][ T5756] CPU: 0 UID: 0 PID: 5756 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  148.503868][ T5756] Tainted: [B]=BAD_PAGE
[  148.503878][ T5756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  148.503886][ T5756] Call Trace:
[  148.503892][ T5756]  <TASK>
[  148.503898][ T5756]  dump_stack_lvl+0x189/0x250
[  148.503914][ T5756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  148.503926][ T5756]  ? __pfx_print_modules+0x10/0x10
[  148.503936][ T5756]  ? tun_rx_batched+0x1b9/0x730
[  148.503948][ T5756]  ? tun_chr_write_iter+0x113/0x200
[  148.503957][ T5756]  ? vfs_write+0x5c9/0xb30
[  148.503966][ T5756]  ? ksys_write+0x145/0x250
[  148.503976][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.503988][ T5756]  bad_page+0x180/0x1c0
[  148.503997][ T5756]  __free_frozen_pages+0xce2/0xd30
[  148.504012][ T5756]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  148.504031][ T5756]  bpf_xdp_adjust_tail+0x1d6/0x220
[  148.504046][ T5756]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  148.504055][ T5756]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  148.504076][ T5756]  do_xdp_generic+0x9f7/0x11a0
[  148.504091][ T5756]  ? __pfx_do_xdp_generic+0x10/0x10
[  148.504104][ T5756]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  148.504123][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  148.504138][ T5756]  ? __pfx___skb_flow_dissect+0x10/0x10
[  148.504151][ T5756]  ? lock_release+0x4b/0x3e0
[  148.504163][ T5756]  ? do_user_addr_fault+0xc85/0x1380
[  148.504174][ T5756]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  148.504190][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.504201][ T5756]  ? irqentry_exit+0x74/0x90
[  148.504213][ T5756]  ? exc_page_fault+0x9f/0xf0
[  148.504224][ T5756]  ? netif_receive_skb+0x115/0x790
[  148.504237][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.504248][ T5756]  ? lock_acquire+0x5f/0x360
[  148.504257][ T5756]  __netif_receive_skb+0x72/0x380
[  148.504271][ T5756]  ? _copy_from_iter+0x24f/0x1790
[  148.504287][ T5756]  ? netif_receive_skb+0x115/0x790
[  148.504299][ T5756]  netif_receive_skb+0x1cb/0x790
[  148.504314][ T5756]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  148.504324][ T5756]  ? __pfx_netif_receive_skb+0x10/0x10
[  148.504339][ T5756]  ? __pfx__copy_from_iter+0x10/0x10
[  148.504351][ T5756]  ? sock_alloc_send_pskb+0x86b/0x980
[  148.504365][ T5756]  ? tun_rx_batched+0x160/0x730
[  148.504374][ T5756]  tun_rx_batched+0x1b9/0x730
[  148.504383][ T5756]  ? skb_header_pointer+0x8e/0x120
[  148.504397][ T5756]  ? __pfx_tun_rx_batched+0x10/0x10
[  148.504406][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  148.504414][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.504426][ T5756]  ? lock_acquire+0x5f/0x360
[  148.504435][ T5756]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  148.504447][ T5756]  tun_get_user+0x2b65/0x3ea0
[  148.504460][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.504471][ T5756]  ? lock_release+0x4b/0x3e0
[  148.504479][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  148.504491][ T5756]  ? aa_file_perm+0x44d/0x1550
[  148.504503][ T5756]  ? __pfx_tun_get_user+0x10/0x10
[  148.504514][ T5756]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  148.504525][ T5756]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  148.504535][ T5756]  ? ref_tracker_alloc+0x318/0x460
[  148.504549][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.504560][ T5756]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  148.504571][ T5756]  ? lock_release+0x4b/0x3e0
[  148.504580][ T5756]  ? tun_get+0x1c/0x2f0
[  148.504590][ T5756]  ? tun_get+0x1c/0x2f0
[  148.504598][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.504607][ T5756]  ? tun_get+0x1c/0x2f0
[  148.504616][ T5756]  ? lock_release+0x4b/0x3e0
[  148.504626][ T5756]  ? common_file_perm+0x1b5/0x230
[  148.504637][ T5756]  ? tun_get+0x1c/0x2f0
[  148.504646][ T5756]  tun_chr_write_iter+0x113/0x200
[  148.504657][ T5756]  vfs_write+0x5c9/0xb30
[  148.504668][ T5756]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  148.504677][ T5756]  ? __pfx_vfs_write+0x10/0x10
[  148.504690][ T5756]  ? __fget_files+0x2a/0x420
[  148.504702][ T5756]  ksys_write+0x145/0x250
[  148.504713][ T5756]  ? __pfx_ksys_write+0x10/0x10
[  148.504723][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.504734][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.504745][ T5756]  do_syscall_64+0xfa/0x3b0
[  148.504759][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.504768][ T5756]  ? clear_bhb_loop+0x60/0xb0
[  148.504778][ T5756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.504790][ T5756] RIP: 0033:0x7f6d23f8d3df
[  148.504799][ T5756] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  148.504808][ T5756] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  148.504820][ T5756] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  148.504827][ T5756] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  148.504834][ T5756] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  148.504840][ T5756] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  148.504846][ T5756] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  148.504857][ T5756]  </TASK>
[  148.504866][ T5756] BUG: Bad page state in process syz.0.18  pfn:3eea0
[  148.709688][ T5756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x3eea0
[  148.714009][ T5756] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  148.717075][ T5756] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  148.720891][ T5756] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  148.724463][ T5756] page dumped because: page_pool leak
[  148.726730][ T5756] page_owner tracks the page as allocated
[  148.729043][ T5756] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5756, tgid 5755 (syz.0.18), ts 146946634175, free_ts 146942564766
[  148.736363][ T5756]  post_alloc_hook+0x240/0x2a0
[  148.738426][ T5756]  get_page_from_freelist+0x21e4/0x22c0
[  148.740860][ T5756]  __alloc_frozen_pages_noprof+0x181/0x370
[  148.743342][ T5756]  alloc_pages_bulk_noprof+0x560/0x710
[  148.745627][ T5756]  __page_pool_alloc_netmems_slow+0x127/0x740
[  148.748143][ T5756]  skb_pp_cow_data+0xb47/0x13e0
[  148.750172][ T5756]  do_xdp_generic+0x699/0x11a0
[  148.752303][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  148.754673][ T5756]  __netif_receive_skb+0x72/0x380
[  148.756756][ T5756]  netif_receive_skb+0x1cb/0x790
[  148.758808][ T5756]  tun_rx_batched+0x1b9/0x730
[  148.760782][ T5756]  tun_get_user+0x2b65/0x3ea0
[  148.762814][ T5756]  tun_chr_write_iter+0x113/0x200
[  148.764876][ T5756]  vfs_write+0x5c9/0xb30
[  148.766653][ T5756]  ksys_write+0x145/0x250
[  148.768447][ T5756]  do_syscall_64+0xfa/0x3b0
[  148.770414][ T5756] page last free pid 15 tgid 15 stack trace:
[  148.772943][ T5756]  __free_frozen_pages+0xbc4/0xd30
[  148.775076][ T5756]  __tlb_remove_table+0x2d2/0x3b0
[  148.777134][ T5756]  tlb_remove_table_rcu+0x85/0x100
[  148.779260][ T5756]  rcu_core+0xca8/0x1770
[  148.781062][ T5756]  handle_softirqs+0x283/0x870
[  148.783163][ T5756]  run_ksoftirqd+0x9b/0x100
[  148.785076][ T5756]  smpboot_thread_fn+0x53f/0xa60
[  148.787169][ T5756]  kthread+0x711/0x8a0
[  148.788888][ T5756]  ret_from_fork+0x436/0x7d0
[  148.790810][ T5756]  ret_from_fork_asm+0x1a/0x30
[  148.792881][ T5756] Modules linked in:
[  148.794559][ T5756] CPU: 0 UID: 0 PID: 5756 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  148.794576][ T5756] Tainted: [B]=BAD_PAGE
[  148.794589][ T5756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  148.794596][ T5756] Call Trace:
[  148.794631][ T5756]  <TASK>
[  148.794647][ T5756]  dump_stack_lvl+0x189/0x250
[  148.794663][ T5756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  148.794675][ T5756]  ? __pfx_print_modules+0x10/0x10
[  148.794685][ T5756]  ? tun_rx_batched+0x1b9/0x730
[  148.794694][ T5756]  ? tun_chr_write_iter+0x113/0x200
[  148.794701][ T5756]  ? vfs_write+0x5c9/0xb30
[  148.794710][ T5756]  ? ksys_write+0x145/0x250
[  148.794719][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.794729][ T5756]  bad_page+0x180/0x1c0
[  148.794738][ T5756]  __free_frozen_pages+0xce2/0xd30
[  148.794752][ T5756]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  148.794785][ T5756]  bpf_xdp_adjust_tail+0x1d6/0x220
[  148.794796][ T5756]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  148.794806][ T5756]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  148.794834][ T5756]  do_xdp_generic+0x9f7/0x11a0
[  148.794849][ T5756]  ? __pfx_do_xdp_generic+0x10/0x10
[  148.794861][ T5756]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  148.794878][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  148.794892][ T5756]  ? __pfx___skb_flow_dissect+0x10/0x10
[  148.794903][ T5756]  ? lock_release+0x4b/0x3e0
[  148.794914][ T5756]  ? do_user_addr_fault+0xc85/0x1380
[  148.794926][ T5756]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  148.794940][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.794953][ T5756]  ? irqentry_exit+0x74/0x90
[  148.794962][ T5756]  ? exc_page_fault+0x9f/0xf0
[  148.794972][ T5756]  ? netif_receive_skb+0x115/0x790
[  148.794985][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.794995][ T5756]  ? lock_acquire+0x5f/0x360
[  148.795003][ T5756]  __netif_receive_skb+0x72/0x380
[  148.795015][ T5756]  ? _copy_from_iter+0x24f/0x1790
[  148.795029][ T5756]  ? netif_receive_skb+0x115/0x790
[  148.795041][ T5756]  netif_receive_skb+0x1cb/0x790
[  148.795054][ T5756]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  148.795065][ T5756]  ? __pfx_netif_receive_skb+0x10/0x10
[  148.795077][ T5756]  ? __pfx__copy_from_iter+0x10/0x10
[  148.795089][ T5756]  ? sock_alloc_send_pskb+0x86b/0x980
[  148.795100][ T5756]  ? tun_rx_batched+0x160/0x730
[  148.795110][ T5756]  tun_rx_batched+0x1b9/0x730
[  148.795129][ T5756]  ? skb_header_pointer+0x8e/0x120
[  148.795143][ T5756]  ? __pfx_tun_rx_batched+0x10/0x10
[  148.795152][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  148.795160][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.795170][ T5756]  ? lock_acquire+0x5f/0x360
[  148.795178][ T5756]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  148.795190][ T5756]  tun_get_user+0x2b65/0x3ea0
[  148.795200][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.795210][ T5756]  ? lock_release+0x4b/0x3e0
[  148.795219][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  148.795229][ T5756]  ? aa_file_perm+0x44d/0x1550
[  148.795242][ T5756]  ? __pfx_tun_get_user+0x10/0x10
[  148.795253][ T5756]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  148.795263][ T5756]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  148.795273][ T5756]  ? ref_tracker_alloc+0x318/0x460
[  148.795285][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.795295][ T5756]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  148.795306][ T5756]  ? lock_release+0x4b/0x3e0
[  148.795315][ T5756]  ? tun_get+0x1c/0x2f0
[  148.795323][ T5756]  ? tun_get+0x1c/0x2f0
[  148.795332][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.795340][ T5756]  ? tun_get+0x1c/0x2f0
[  148.795348][ T5756]  ? lock_release+0x4b/0x3e0
[  148.795355][ T5756]  ? common_file_perm+0x1b5/0x230
[  148.795367][ T5756]  ? tun_get+0x1c/0x2f0
[  148.795376][ T5756]  tun_chr_write_iter+0x113/0x200
[  148.795385][ T5756]  vfs_write+0x5c9/0xb30
[  148.795397][ T5756]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  148.795405][ T5756]  ? __pfx_vfs_write+0x10/0x10
[  148.795416][ T5756]  ? __fget_files+0x2a/0x420
[  148.795429][ T5756]  ksys_write+0x145/0x250
[  148.795440][ T5756]  ? __pfx_ksys_write+0x10/0x10
[  148.795448][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.795458][ T5756]  ? rcu_is_watching+0x15/0xb0
[  148.795470][ T5756]  do_syscall_64+0xfa/0x3b0
[  148.795481][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.795491][ T5756]  ? clear_bhb_loop+0x60/0xb0
[  148.795501][ T5756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.795511][ T5756] RIP: 0033:0x7f6d23f8d3df
[  148.795588][ T5756] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  148.795598][ T5756] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  148.795609][ T5756] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  148.795615][ T5756] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  148.795621][ T5756] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  148.795627][ T5756] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  148.795633][ T5756] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  148.795645][ T5756]  </TASK>
[  148.795670][ T5756] BUG: Bad page state in process syz.0.18  pfn:4e0a8
[  149.007580][ T5756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x4e0a8
[  149.011964][ T5756] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  149.014999][ T5756] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  149.018581][ T5756] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[  149.022118][ T5756] page dumped because: page_pool leak
[  149.024455][ T5756] page_owner tracks the page as allocated
[  149.026789][ T5756] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5756, tgid 5755 (syz.0.18), ts 146946627460, free_ts 146942573684
[  149.033559][ T5756]  post_alloc_hook+0x240/0x2a0
[  149.035582][ T5756]  get_page_from_freelist+0x21e4/0x22c0
[  149.037905][ T5756]  __alloc_frozen_pages_noprof+0x181/0x370
[  149.040357][ T5756]  alloc_pages_bulk_noprof+0x560/0x710
[  149.042710][ T5756]  __page_pool_alloc_netmems_slow+0x127/0x740
[  149.045189][ T5756]  skb_pp_cow_data+0xb47/0x13e0
[  149.047240][ T5756]  do_xdp_generic+0x699/0x11a0
[  149.049280][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  149.051901][ T5756]  __netif_receive_skb+0x72/0x380
[  149.054374][ T5756]  netif_receive_skb+0x1cb/0x790
[  149.056498][ T5756]  tun_rx_batched+0x1b9/0x730
[  149.058481][ T5756]  tun_get_user+0x2b65/0x3ea0
[  149.060503][ T5756]  tun_chr_write_iter+0x113/0x200
[  149.062732][ T5756]  vfs_write+0x5c9/0xb30
[  149.064504][ T5756]  ksys_write+0x145/0x250
[  149.066348][ T5756]  do_syscall_64+0xfa/0x3b0
[  149.068208][ T5756] page last free pid 15 tgid 15 stack trace:
[  149.070679][ T5756]  __free_frozen_pages+0xbc4/0xd30
[  149.072919][ T5756]  __tlb_remove_table+0x2d2/0x3b0
[  149.075007][ T5756]  tlb_remove_table_rcu+0x85/0x100
[  149.077111][ T5756]  rcu_core+0xca8/0x1770
[  149.078898][ T5756]  handle_softirqs+0x283/0x870
[  149.080911][ T5756]  run_ksoftirqd+0x9b/0x100
[  149.082863][ T5756]  smpboot_thread_fn+0x53f/0xa60
[  149.084889][ T5756]  kthread+0x711/0x8a0
[  149.086599][ T5756]  ret_from_fork+0x436/0x7d0
[  149.088497][ T5756]  ret_from_fork_asm+0x1a/0x30
[  149.090548][ T5756] Modules linked in:
[  149.092410][ T5756] CPU: 0 UID: 0 PID: 5756 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  149.092426][ T5756] Tainted: [B]=BAD_PAGE
[  149.092430][ T5756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  149.092436][ T5756] Call Trace:
[  149.092444][ T5756]  <TASK>
[  149.092450][ T5756]  dump_stack_lvl+0x189/0x250
[  149.092465][ T5756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.092476][ T5756]  ? __pfx_print_modules+0x10/0x10
[  149.092486][ T5756]  ? tun_rx_batched+0x1b9/0x730
[  149.092495][ T5756]  ? tun_chr_write_iter+0x113/0x200
[  149.092503][ T5756]  ? vfs_write+0x5c9/0xb30
[  149.092513][ T5756]  ? ksys_write+0x145/0x250
[  149.092522][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.092534][ T5756]  bad_page+0x180/0x1c0
[  149.092545][ T5756]  __free_frozen_pages+0xce2/0xd30
[  149.092559][ T5756]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  149.092575][ T5756]  bpf_xdp_adjust_tail+0x1d6/0x220
[  149.092583][ T5756]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  149.092590][ T5756]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  149.092603][ T5756]  do_xdp_generic+0x9f7/0x11a0
[  149.092616][ T5756]  ? __pfx_do_xdp_generic+0x10/0x10
[  149.092626][ T5756]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  149.092644][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  149.092660][ T5756]  ? __pfx___skb_flow_dissect+0x10/0x10
[  149.092670][ T5756]  ? lock_release+0x4b/0x3e0
[  149.092682][ T5756]  ? do_user_addr_fault+0xc85/0x1380
[  149.092693][ T5756]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  149.092707][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.092720][ T5756]  ? irqentry_exit+0x74/0x90
[  149.092731][ T5756]  ? exc_page_fault+0x9f/0xf0
[  149.092743][ T5756]  ? netif_receive_skb+0x115/0x790
[  149.092755][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.092765][ T5756]  ? lock_acquire+0x5f/0x360
[  149.092774][ T5756]  __netif_receive_skb+0x72/0x380
[  149.092786][ T5756]  ? _copy_from_iter+0x24f/0x1790
[  149.092801][ T5756]  ? netif_receive_skb+0x115/0x790
[  149.092813][ T5756]  netif_receive_skb+0x1cb/0x790
[  149.092826][ T5756]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  149.092837][ T5756]  ? __pfx_netif_receive_skb+0x10/0x10
[  149.092849][ T5756]  ? __pfx__copy_from_iter+0x10/0x10
[  149.092861][ T5756]  ? sock_alloc_send_pskb+0x86b/0x980
[  149.092873][ T5756]  ? tun_rx_batched+0x160/0x730
[  149.092882][ T5756]  tun_rx_batched+0x1b9/0x730
[  149.092891][ T5756]  ? skb_header_pointer+0x8e/0x120
[  149.092905][ T5756]  ? __pfx_tun_rx_batched+0x10/0x10
[  149.092914][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  149.092923][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.092934][ T5756]  ? lock_acquire+0x5f/0x360
[  149.092942][ T5756]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  149.092954][ T5756]  tun_get_user+0x2b65/0x3ea0
[  149.092963][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.092973][ T5756]  ? lock_release+0x4b/0x3e0
[  149.092982][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  149.092992][ T5756]  ? aa_file_perm+0x44d/0x1550
[  149.093005][ T5756]  ? __pfx_tun_get_user+0x10/0x10
[  149.093016][ T5756]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  149.093026][ T5756]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  149.093035][ T5756]  ? ref_tracker_alloc+0x318/0x460
[  149.093047][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.093057][ T5756]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  149.093067][ T5756]  ? lock_release+0x4b/0x3e0
[  149.093077][ T5756]  ? tun_get+0x1c/0x2f0
[  149.093085][ T5756]  ? tun_get+0x1c/0x2f0
[  149.093092][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.093102][ T5756]  ? tun_get+0x1c/0x2f0
[  149.093109][ T5756]  ? lock_release+0x4b/0x3e0
[  149.093118][ T5756]  ? common_file_perm+0x1b5/0x230
[  149.093136][ T5756]  ? tun_get+0x1c/0x2f0
[  149.093145][ T5756]  tun_chr_write_iter+0x113/0x200
[  149.093155][ T5756]  vfs_write+0x5c9/0xb30
[  149.093166][ T5756]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  149.093174][ T5756]  ? __pfx_vfs_write+0x10/0x10
[  149.093186][ T5756]  ? __fget_files+0x2a/0x420
[  149.093199][ T5756]  ksys_write+0x145/0x250
[  149.093209][ T5756]  ? __pfx_ksys_write+0x10/0x10
[  149.093218][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.093229][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.093239][ T5756]  do_syscall_64+0xfa/0x3b0
[  149.093253][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.093263][ T5756]  ? clear_bhb_loop+0x60/0xb0
[  149.093275][ T5756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.093286][ T5756] RIP: 0033:0x7f6d23f8d3df
[  149.093296][ T5756] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  149.093305][ T5756] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  149.093318][ T5756] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  149.093325][ T5756] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  149.093331][ T5756] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  149.093337][ T5756] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  149.093343][ T5756] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  149.093353][ T5756]  </TASK>
[  149.093377][ T5756] BUG: Bad page state in process syz.0.18  pfn:54b8b
[  149.301992][ T5756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888054b8bc30 pfn:0x54b8b
[  149.306196][ T5756] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  149.309131][ T5756] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  149.312669][ T5756] raw: ffff888054b8bc30 0000000000000001 00000000ffffffff 0000000000000000
[  149.316132][ T5756] page dumped because: page_pool leak
[  149.318368][ T5756] page_owner tracks the page as allocated
[  149.320765][ T5756] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5756, tgid 5755 (syz.0.18), ts 146946620429, free_ts 146942582869
[  149.327617][ T5756]  post_alloc_hook+0x240/0x2a0
[  149.329622][ T5756]  get_page_from_freelist+0x21e4/0x22c0
[  149.332050][ T5756]  __alloc_frozen_pages_noprof+0x181/0x370
[  149.334900][ T5756]  alloc_pages_bulk_noprof+0x560/0x710
[  149.337602][ T5756]  __page_pool_alloc_netmems_slow+0x127/0x740
[  149.340123][ T5756]  skb_pp_cow_data+0xb47/0x13e0
[  149.342336][ T5756]  do_xdp_generic+0x699/0x11a0
[  149.344289][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  149.346596][ T5756]  __netif_receive_skb+0x72/0x380
[  149.348706][ T5756]  netif_receive_skb+0x1cb/0x790
[  149.350884][ T5756]  tun_rx_batched+0x1b9/0x730
[  149.352914][ T5756]  tun_get_user+0x2b65/0x3ea0
[  149.354928][ T5756]  tun_chr_write_iter+0x113/0x200
[  149.357017][ T5756]  vfs_write+0x5c9/0xb30
[  149.358782][ T5756]  ksys_write+0x145/0x250
[  149.360566][ T5756]  do_syscall_64+0xfa/0x3b0
[  149.362652][ T5756] page last free pid 15 tgid 15 stack trace:
[  149.365099][ T5756]  __free_frozen_pages+0xbc4/0xd30
[  149.367244][ T5756]  __tlb_remove_table+0x2d2/0x3b0
[  149.369279][ T5756]  tlb_remove_table_rcu+0x85/0x100
[  149.371371][ T5756]  rcu_core+0xca8/0x1770
[  149.373180][ T5756]  handle_softirqs+0x283/0x870
[  149.375215][ T5756]  run_ksoftirqd+0x9b/0x100
[  149.377123][ T5756]  smpboot_thread_fn+0x53f/0xa60
[  149.379273][ T5756]  kthread+0x711/0x8a0
[  149.381000][ T5756]  ret_from_fork+0x436/0x7d0
[  149.383026][ T5756]  ret_from_fork_asm+0x1a/0x30
[  149.385045][ T5756] Modules linked in:
[  149.386690][ T5756] CPU: 0 UID: 0 PID: 5756 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  149.386706][ T5756] Tainted: [B]=BAD_PAGE
[  149.386710][ T5756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  149.386717][ T5756] Call Trace:
[  149.386723][ T5756]  <TASK>
[  149.386729][ T5756]  dump_stack_lvl+0x189/0x250
[  149.386745][ T5756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.386756][ T5756]  ? __pfx_print_modules+0x10/0x10
[  149.386765][ T5756]  ? tun_rx_batched+0x1b9/0x730
[  149.386774][ T5756]  ? tun_chr_write_iter+0x113/0x200
[  149.386782][ T5756]  ? vfs_write+0x5c9/0xb30
[  149.386792][ T5756]  ? ksys_write+0x145/0x250
[  149.386800][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.386811][ T5756]  bad_page+0x180/0x1c0
[  149.386820][ T5756]  __free_frozen_pages+0xce2/0xd30
[  149.386834][ T5756]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  149.386853][ T5756]  bpf_xdp_adjust_tail+0x1d6/0x220
[  149.386866][ T5756]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  149.386876][ T5756]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  149.386897][ T5756]  do_xdp_generic+0x9f7/0x11a0
[  149.386912][ T5756]  ? __pfx_do_xdp_generic+0x10/0x10
[  149.386919][ T5756]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  149.386933][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  149.386947][ T5756]  ? __pfx___skb_flow_dissect+0x10/0x10
[  149.386958][ T5756]  ? lock_release+0x4b/0x3e0
[  149.386970][ T5756]  ? do_user_addr_fault+0xc85/0x1380
[  149.386981][ T5756]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  149.386994][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.387007][ T5756]  ? irqentry_exit+0x74/0x90
[  149.387018][ T5756]  ? exc_page_fault+0x9f/0xf0
[  149.387030][ T5756]  ? netif_receive_skb+0x115/0x790
[  149.387043][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.387053][ T5756]  ? lock_acquire+0x5f/0x360
[  149.387062][ T5756]  __netif_receive_skb+0x72/0x380
[  149.387074][ T5756]  ? _copy_from_iter+0x24f/0x1790
[  149.387089][ T5756]  ? netif_receive_skb+0x115/0x790
[  149.387107][ T5756]  netif_receive_skb+0x1cb/0x790
[  149.387120][ T5756]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  149.387132][ T5756]  ? __pfx_netif_receive_skb+0x10/0x10
[  149.387145][ T5756]  ? __pfx__copy_from_iter+0x10/0x10
[  149.387156][ T5756]  ? sock_alloc_send_pskb+0x86b/0x980
[  149.387169][ T5756]  ? tun_rx_batched+0x160/0x730
[  149.387178][ T5756]  tun_rx_batched+0x1b9/0x730
[  149.387187][ T5756]  ? skb_header_pointer+0x8e/0x120
[  149.387200][ T5756]  ? __pfx_tun_rx_batched+0x10/0x10
[  149.387209][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  149.387217][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.387227][ T5756]  ? lock_acquire+0x5f/0x360
[  149.387236][ T5756]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  149.387250][ T5756]  tun_get_user+0x2b65/0x3ea0
[  149.387260][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.387271][ T5756]  ? lock_release+0x4b/0x3e0
[  149.387280][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  149.387286][ T5756]  ? aa_file_perm+0x44d/0x1550
[  149.387298][ T5756]  ? __pfx_tun_get_user+0x10/0x10
[  149.387307][ T5756]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  149.387317][ T5756]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  149.387327][ T5756]  ? ref_tracker_alloc+0x318/0x460
[  149.387339][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.387349][ T5756]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  149.387359][ T5756]  ? lock_release+0x4b/0x3e0
[  149.387367][ T5756]  ? tun_get+0x1c/0x2f0
[  149.387376][ T5756]  ? tun_get+0x1c/0x2f0
[  149.387383][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.387393][ T5756]  ? tun_get+0x1c/0x2f0
[  149.387400][ T5756]  ? lock_release+0x4b/0x3e0
[  149.387409][ T5756]  ? common_file_perm+0x1b5/0x230
[  149.387422][ T5756]  ? tun_get+0x1c/0x2f0
[  149.387431][ T5756]  tun_chr_write_iter+0x113/0x200
[  149.387441][ T5756]  vfs_write+0x5c9/0xb30
[  149.387453][ T5756]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  149.387465][ T5756]  ? __pfx_vfs_write+0x10/0x10
[  149.387472][ T5756]  ? __fget_files+0x2a/0x420
[  149.387481][ T5756]  ksys_write+0x145/0x250
[  149.387489][ T5756]  ? __pfx_ksys_write+0x10/0x10
[  149.387497][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.387509][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.387520][ T5756]  do_syscall_64+0xfa/0x3b0
[  149.387532][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.387541][ T5756]  ? clear_bhb_loop+0x60/0xb0
[  149.387551][ T5756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.387561][ T5756] RIP: 0033:0x7f6d23f8d3df
[  149.387572][ T5756] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  149.387581][ T5756] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  149.387593][ T5756] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  149.387600][ T5756] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  149.387606][ T5756] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  149.387611][ T5756] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  149.387617][ T5756] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  149.387628][ T5756]  </TASK>
[  149.387637][ T5756] BUG: Bad page state in process syz.0.18  pfn:3e88a
[  149.592338][ T5756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803e88a000 pfn:0x3e88a
[  149.596386][ T5756] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  149.599356][ T5756] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  149.602926][ T5756] raw: ffff88803e88a000 0000000000000001 00000000ffffffff 0000000000000000
[  149.606377][ T5756] page dumped because: page_pool leak
[  149.608524][ T5756] page_owner tracks the page as allocated
[  149.610878][ T5756] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5756, tgid 5755 (syz.0.18), ts 146946613622, free_ts 146942591997
[  149.617732][ T5756]  post_alloc_hook+0x240/0x2a0
[  149.619759][ T5756]  get_page_from_freelist+0x21e4/0x22c0
[  149.622049][ T5756]  __alloc_frozen_pages_noprof+0x181/0x370
[  149.624512][ T5756]  alloc_pages_bulk_noprof+0x560/0x710
[  149.626769][ T5756]  __page_pool_alloc_netmems_slow+0x127/0x740
[  149.629231][ T5756]  skb_pp_cow_data+0xb47/0x13e0
[  149.631386][ T5756]  do_xdp_generic+0x699/0x11a0
[  149.633451][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  149.635826][ T5756]  __netif_receive_skb+0x72/0x380
[  149.637931][ T5756]  netif_receive_skb+0x1cb/0x790
[  149.639997][ T5756]  tun_rx_batched+0x1b9/0x730
[  149.641994][ T5756]  tun_get_user+0x2b65/0x3ea0
[  149.644100][ T5756]  tun_chr_write_iter+0x113/0x200
[  149.646198][ T5756]  vfs_write+0x5c9/0xb30
[  149.647925][ T5756]  ksys_write+0x145/0x250
[  149.649760][ T5756]  do_syscall_64+0xfa/0x3b0
[  149.651779][ T5756] page last free pid 15 tgid 15 stack trace:
[  149.654320][ T5756]  __free_frozen_pages+0xbc4/0xd30
[  149.656385][ T5756]  __tlb_remove_table+0x2d2/0x3b0
[  149.658451][ T5756]  tlb_remove_table_rcu+0x85/0x100
[  149.660608][ T5756]  rcu_core+0xca8/0x1770
[  149.662473][ T5756]  handle_softirqs+0x283/0x870
[  149.664457][ T5756]  run_ksoftirqd+0x9b/0x100
[  149.666361][ T5756]  smpboot_thread_fn+0x53f/0xa60
[  149.668400][ T5756]  kthread+0x711/0x8a0
[  149.670055][ T5756]  ret_from_fork+0x436/0x7d0
[  149.671969][ T5756]  ret_from_fork_asm+0x1a/0x30
[  149.674097][ T5756] Modules linked in:
[  149.675736][ T5756] CPU: 0 UID: 0 PID: 5756 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  149.675753][ T5756] Tainted: [B]=BAD_PAGE
[  149.675757][ T5756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  149.675763][ T5756] Call Trace:
[  149.675770][ T5756]  <TASK>
[  149.675775][ T5756]  dump_stack_lvl+0x189/0x250
[  149.675791][ T5756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.675803][ T5756]  ? __pfx_print_modules+0x10/0x10
[  149.675813][ T5756]  ? tun_rx_batched+0x1b9/0x730
[  149.675823][ T5756]  ? tun_chr_write_iter+0x113/0x200
[  149.675831][ T5756]  ? vfs_write+0x5c9/0xb30
[  149.675841][ T5756]  ? ksys_write+0x145/0x250
[  149.675850][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.675869][ T5756]  bad_page+0x180/0x1c0
[  149.675884][ T5756]  __free_frozen_pages+0xce2/0xd30
[  149.675901][ T5756]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  149.675921][ T5756]  bpf_xdp_adjust_tail+0x1d6/0x220
[  149.675933][ T5756]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  149.675942][ T5756]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  149.675961][ T5756]  do_xdp_generic+0x9f7/0x11a0
[  149.675976][ T5756]  ? __pfx_do_xdp_generic+0x10/0x10
[  149.675988][ T5756]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  149.676005][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  149.676020][ T5756]  ? __pfx___skb_flow_dissect+0x10/0x10
[  149.676030][ T5756]  ? lock_release+0x4b/0x3e0
[  149.676042][ T5756]  ? do_user_addr_fault+0xc85/0x1380
[  149.676054][ T5756]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  149.676068][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.676081][ T5756]  ? irqentry_exit+0x74/0x90
[  149.676092][ T5756]  ? exc_page_fault+0x9f/0xf0
[  149.676104][ T5756]  ? netif_receive_skb+0x115/0x790
[  149.676115][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.676126][ T5756]  ? lock_acquire+0x5f/0x360
[  149.676135][ T5756]  __netif_receive_skb+0x72/0x380
[  149.676148][ T5756]  ? _copy_from_iter+0x24f/0x1790
[  149.676164][ T5756]  ? netif_receive_skb+0x115/0x790
[  149.676176][ T5756]  netif_receive_skb+0x1cb/0x790
[  149.676188][ T5756]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  149.676199][ T5756]  ? __pfx_netif_receive_skb+0x10/0x10
[  149.676210][ T5756]  ? __pfx__copy_from_iter+0x10/0x10
[  149.676222][ T5756]  ? sock_alloc_send_pskb+0x86b/0x980
[  149.676235][ T5756]  ? tun_rx_batched+0x160/0x730
[  149.676246][ T5756]  tun_rx_batched+0x1b9/0x730
[  149.676255][ T5756]  ? skb_header_pointer+0x8e/0x120
[  149.676268][ T5756]  ? __pfx_tun_rx_batched+0x10/0x10
[  149.676277][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  149.676284][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.676293][ T5756]  ? lock_acquire+0x5f/0x360
[  149.676301][ T5756]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  149.676312][ T5756]  tun_get_user+0x2b65/0x3ea0
[  149.676322][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.676333][ T5756]  ? lock_release+0x4b/0x3e0
[  149.676343][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  149.676352][ T5756]  ? aa_file_perm+0x44d/0x1550
[  149.676367][ T5756]  ? __pfx_tun_get_user+0x10/0x10
[  149.676378][ T5756]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  149.676387][ T5756]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  149.676397][ T5756]  ? ref_tracker_alloc+0x318/0x460
[  149.676410][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.676420][ T5756]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  149.676432][ T5756]  ? lock_release+0x4b/0x3e0
[  149.676442][ T5756]  ? tun_get+0x1c/0x2f0
[  149.676450][ T5756]  ? tun_get+0x1c/0x2f0
[  149.676458][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.676469][ T5756]  ? tun_get+0x1c/0x2f0
[  149.676476][ T5756]  ? lock_release+0x4b/0x3e0
[  149.676485][ T5756]  ? common_file_perm+0x1b5/0x230
[  149.676495][ T5756]  ? tun_get+0x1c/0x2f0
[  149.676504][ T5756]  tun_chr_write_iter+0x113/0x200
[  149.676513][ T5756]  vfs_write+0x5c9/0xb30
[  149.676524][ T5756]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  149.676534][ T5756]  ? __pfx_vfs_write+0x10/0x10
[  149.676546][ T5756]  ? __fget_files+0x2a/0x420
[  149.676560][ T5756]  ksys_write+0x145/0x250
[  149.676571][ T5756]  ? __pfx_ksys_write+0x10/0x10
[  149.676580][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.676590][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.676600][ T5756]  do_syscall_64+0xfa/0x3b0
[  149.676610][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.676619][ T5756]  ? clear_bhb_loop+0x60/0xb0
[  149.676631][ T5756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.676642][ T5756] RIP: 0033:0x7f6d23f8d3df
[  149.676676][ T5756] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  149.676685][ T5756] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  149.676697][ T5756] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  149.676704][ T5756] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  149.676710][ T5756] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  149.676716][ T5756] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  149.676723][ T5756] R13: 0000000000000000 R14: 00007f6d241b5fa0 R15: 00007ffd7c7dc758
[  149.676733][ T5756]  </TASK>
[  149.676741][ T5756] BUG: Bad page state in process syz.0.18  pfn:3e88c
[  149.884102][ T5756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803e88c870 pfn:0x3e88c
[  149.888211][ T5756] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  149.891230][ T5756] raw: 04fff00000000000 dead000000000040 ffff88801e89f000 0000000000000000
[  149.894868][ T5756] raw: ffff88803e88c870 0000000000000001 00000000ffffffff 0000000000000000
[  149.898391][ T5756] page dumped because: page_pool leak
[  149.900698][ T5756] page_owner tracks the page as allocated
[  149.903197][ T5756] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5756, tgid 5755 (syz.0.18), ts 146946604495, free_ts 146944178792
[  149.909939][ T5756]  post_alloc_hook+0x240/0x2a0
[  149.911948][ T5756]  get_page_from_freelist+0x21e4/0x22c0
[  149.914280][ T5756]  __alloc_frozen_pages_noprof+0x181/0x370
[  149.916644][ T5756]  alloc_pages_bulk_noprof+0x560/0x710
[  149.918883][ T5756]  __page_pool_alloc_netmems_slow+0x127/0x740
[  149.921428][ T5756]  skb_pp_cow_data+0xb47/0x13e0
[  149.923694][ T5756]  do_xdp_generic+0x699/0x11a0
[  149.925707][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  149.928095][ T5756]  __netif_receive_skb+0x72/0x380
[  149.930172][ T5756]  netif_receive_skb+0x1cb/0x790
[  149.932283][ T5756]  tun_rx_batched+0x1b9/0x730
[  149.934226][ T5756]  tun_get_user+0x2b65/0x3ea0
[  149.936234][ T5756]  tun_chr_write_iter+0x113/0x200
[  149.938468][ T5756]  vfs_write+0x5c9/0xb30
[  149.940715][ T5756]  ksys_write+0x145/0x250
[  149.942727][ T5756]  do_syscall_64+0xfa/0x3b0
[  149.944687][ T5756] page last free pid 5756 tgid 5755 stack trace:
[  149.947277][ T5756]  __free_frozen_pages+0xbc4/0xd30
[  149.949379][ T5756]  kasan_populate_vmalloc+0x1db/0x270
[  149.951591][ T5756]  alloc_vmap_area+0xd62/0x14a0
[  149.953847][ T5756]  __get_vm_area_node+0x1f8/0x300
[  149.955936][ T5756]  __vmalloc_node_range_noprof+0x301/0x12f0
[  149.958372][ T5756]  vmalloc_noprof+0xb2/0xf0
[  149.960492][ T5756]  bpf_prog_calc_tag+0x4c/0x370
[  149.962717][ T5756]  resolve_pseudo_ldimm64+0xbc/0xc50
[  149.964916][ T5756]  bpf_check+0x1c40/0x1d720
[  149.966805][ T5756]  bpf_prog_load+0x13ba/0x19e0
[  149.968777][ T5756]  __sys_bpf+0x507/0x860
[  149.970574][ T5756]  __x64_sys_bpf+0x7c/0x90
[  149.972477][ T5756]  do_syscall_64+0xfa/0x3b0
[  149.974379][ T5756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.976883][ T5756] Modules linked in:
[  149.978599][ T5756] CPU: 0 UID: 0 PID: 5756 Comm: syz.0.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  149.978616][ T5756] Tainted: [B]=BAD_PAGE
[  149.978620][ T5756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  149.978626][ T5756] Call Trace:
[  149.978633][ T5756]  <TASK>
[  149.978639][ T5756]  dump_stack_lvl+0x189/0x250
[  149.978657][ T5756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.978671][ T5756]  ? __pfx_print_modules+0x10/0x10
[  149.978681][ T5756]  ? tun_rx_batched+0x1b9/0x730
[  149.978692][ T5756]  ? tun_chr_write_iter+0x113/0x200
[  149.978700][ T5756]  ? vfs_write+0x5c9/0xb30
[  149.978708][ T5756]  ? ksys_write+0x145/0x250
[  149.978717][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.978734][ T5756]  bad_page+0x180/0x1c0
[  149.978744][ T5756]  __free_frozen_pages+0xce2/0xd30
[  149.978759][ T5756]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[  149.978778][ T5756]  bpf_xdp_adjust_tail+0x1d6/0x220
[  149.978789][ T5756]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[  149.978799][ T5756]  bpf_prog_run_generic_xdp+0x64b/0x14c0
[  149.978819][ T5756]  do_xdp_generic+0x9f7/0x11a0
[  149.978834][ T5756]  ? __pfx_do_xdp_generic+0x10/0x10
[  149.978846][ T5756]  ? __skb_flow_dissect+0x5ef8/0x68b0
[  149.978871][ T5756]  __netif_receive_skb_core+0x18f4/0x4380
[  149.978887][ T5756]  ? __pfx___skb_flow_dissect+0x10/0x10
[  149.978899][ T5756]  ? lock_release+0x4b/0x3e0
[  149.978913][ T5756]  ? do_user_addr_fault+0xc85/0x1380
[  149.978926][ T5756]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  149.978939][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.978952][ T5756]  ? irqentry_exit+0x74/0x90
[  149.978963][ T5756]  ? exc_page_fault+0x9f/0xf0
[  149.978973][ T5756]  ? netif_receive_skb+0x115/0x790
[  149.978984][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.978994][ T5756]  ? lock_acquire+0x5f/0x360
[  149.979003][ T5756]  __netif_receive_skb+0x72/0x380
[  149.979015][ T5756]  ? _copy_from_iter+0x24f/0x1790
[  149.979032][ T5756]  ? netif_receive_skb+0x115/0x790
[  149.979044][ T5756]  netif_receive_skb+0x1cb/0x790
[  149.979056][ T5756]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  149.979068][ T5756]  ? __pfx_netif_receive_skb+0x10/0x10
[  149.979085][ T5756]  ? __pfx__copy_from_iter+0x10/0x10
[  149.979096][ T5756]  ? sock_alloc_send_pskb+0x86b/0x980
[  149.979108][ T5756]  ? tun_rx_batched+0x160/0x730
[  149.979118][ T5756]  tun_rx_batched+0x1b9/0x730
[  149.979127][ T5756]  ? skb_header_pointer+0x8e/0x120
[  149.979143][ T5756]  ? __pfx_tun_rx_batched+0x10/0x10
[  149.979152][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  149.979165][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.979176][ T5756]  ? lock_acquire+0x5f/0x360
[  149.979184][ T5756]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  149.979199][ T5756]  tun_get_user+0x2b65/0x3ea0
[  149.979210][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.979225][ T5756]  ? lock_release+0x4b/0x3e0
[  149.979234][ T5756]  ? tun_get_user+0x272f/0x3ea0
[  149.979250][ T5756]  ? aa_file_perm+0x44d/0x1550
[  149.979264][ T5756]  ? __pfx_tun_get_user+0x10/0x10
[  149.979275][ T5756]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  149.979284][ T5756]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  149.979293][ T5756]  ? ref_tracker_alloc+0x318/0x460
[  149.979306][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.979317][ T5756]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  149.979327][ T5756]  ? lock_release+0x4b/0x3e0
[  149.979336][ T5756]  ? tun_get+0x1c/0x2f0
[  149.979343][ T5756]  ? tun_get+0x1c/0x2f0
[  149.979350][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.979361][ T5756]  ? tun_get+0x1c/0x2f0
[  149.979369][ T5756]  ? lock_release+0x4b/0x3e0
[  149.979378][ T5756]  ? common_file_perm+0x1b5/0x230
[  149.979390][ T5756]  ? tun_get+0x1c/0x2f0
[  149.979400][ T5756]  tun_chr_write_iter+0x113/0x200
[  149.979410][ T5756]  vfs_write+0x5c9/0xb30
[  149.979423][ T5756]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  149.979432][ T5756]  ? __pfx_vfs_write+0x10/0x10
[  149.979444][ T5756]  ? __fget_files+0x2a/0x420
[  149.979458][ T5756]  ksys_write+0x145/0x250
[  149.979469][ T5756]  ? __pfx_ksys_write+0x10/0x10
[  149.979478][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.979489][ T5756]  ? rcu_is_watching+0x15/0xb0
[  149.979500][ T5756]  do_syscall_64+0xfa/0x3b0
[  149.979513][ T5756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.979522][ T5756]  ? clear_bhb_loop+0x60/0xb0
[  149.979531][ T5756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.979541][ T5756] RIP: 0033:0x7f6d23f8d3df
[  149.979551][ T5756] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  149.979560][ T5756] RSP: 002b:00007f6d24d12000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  149.979572][ T5756] RAX: ffffffffffffffda RBX: 00007f6d241b5fa0 RCX: 00007f6d23f8d3df
[  149.979578][ T5756] RDX: 0000000000011dc0 RSI: 00002000000004c0 RDI: 00000000000000c8
[  149.979584][ T5756] RBP: 00007f6d24010b39 R08: 0000000000000000 R09: 0000000000000000
[  149.979590][ T5756] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000