program:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2, 0x25, 0x4, @void}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f0000000400)=ANY=[], 0x0)

[   74.940415][ T4662] Bluetooth: hci0: command tx timeout
[   75.058404][ T5314] BUG: Bad page state in process syz.0.0  pfn:360c3
[   75.061437][ T5314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880360c33c0 pfn:0x360c3
[   75.066034][ T5314] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   75.069331][ T5314] raw: 04fff00000000000 dead000000000040 ffff88801f35c000 0000000000000000
[   75.073185][ T5314] raw: ffff8880360c33c0 3fffffffffffffff 00000000ffffffff 0000000000000000
[   75.076989][ T5314] page dumped because: page_pool leak
[   75.079255][ T5314] page_owner tracks the page as allocated
[   75.081714][ T5314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5314, tgid 5313 (syz.0.0), ts 75058332096, free_ts 73197012158
[   75.089835][ T5314]  post_alloc_hook+0x231/0x280
[   75.092243][ T5314]  get_page_from_freelist+0x24dc/0x2580
[   75.094640][ T5314]  __alloc_frozen_pages_noprof+0x18d/0x380
[   75.097254][ T5314]  alloc_pages_bulk_noprof+0x558/0x700
[   75.099758][ T5314]  __page_pool_alloc_netmems_slow+0x14c/0x710
[   75.102482][ T5314]  page_pool_alloc_frag_netmem+0x421/0x9b0
[   75.105156][ T5314]  skb_pp_cow_data+0xc43/0x1680
[   75.107413][ T5314]  do_xdp_generic+0x76b/0x12e0
[   75.109559][ T5314]  tun_get_user+0x247d/0x3dd0
[   75.111739][ T5314]  tun_chr_write_iter+0x113/0x200
[   75.113998][ T5314]  vfs_write+0x61d/0xb90
[   75.115961][ T5314]  ksys_write+0x150/0x270
[   75.118087][ T5314]  do_syscall_64+0x14d/0xf80
[   75.120059][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.122722][ T5314] page last free pid 15 tgid 15 stack trace:
[   75.125424][ T5314]  __free_frozen_pages+0xc00/0xd90
[   75.127909][ T5314]  rcu_core+0x7cd/0x1070
[   75.129988][ T5314]  handle_softirqs+0x22a/0x870
[   75.132254][ T5314]  run_ksoftirqd+0x36/0x60
[   75.134242][ T5314]  smpboot_thread_fn+0x541/0xa50
[   75.136551][ T5314]  kthread+0x388/0x470
[   75.138378][ T5314]  ret_from_fork+0x51e/0xb90
[   75.140377][ T5314]  ret_from_fork_asm+0x1a/0x30
[   75.142510][ T5314] Modules linked in:
[   75.144266][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.144279][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   75.144286][ T5314] Call Trace:
[   75.144294][ T5314]  <TASK>
[   75.144333][ T5314]  dump_stack_lvl+0xe8/0x150
[   75.144355][ T5314]  bad_page+0x17f/0x1c0
[   75.144377][ T5314]  __free_frozen_pages+0xd37/0xd90
[   75.144405][ T5314]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[   75.144434][ T5314]  bpf_xdp_adjust_tail+0x1d6/0x220
[   75.144453][ T5314]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[   75.144465][ T5314]  bpf_prog_run_generic_xdp+0x603/0x1490
[   75.144497][ T5314]  do_xdp_generic+0xac5/0x12e0
[   75.144518][ T5314]  ? __pfx_do_xdp_generic+0x10/0x10
[   75.144546][ T5314]  ? tun_get_user+0x2354/0x3dd0
[   75.144559][ T5314]  tun_get_user+0x247d/0x3dd0
[   75.144579][ T5314]  ? aa_file_perm+0x12d/0x1630
[   75.144594][ T5314]  ? aa_file_perm+0x440/0x1630
[   75.144604][ T5314]  ? __pfx_tun_get_user+0x10/0x10
[   75.144617][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   75.144634][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   75.144649][ T5314]  ? __pfx_css_rstat_updated+0x10/0x10
[   75.144663][ T5314]  ? ref_tracker_alloc+0x363/0x4d0
[   75.144675][ T5314]  ? page_table_check_set+0x148/0x610
[   75.144691][ T5314]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   75.144703][ T5314]  ? count_memcg_event_mm+0x21/0x260
[   75.144717][ T5314]  ? tun_get+0x1c/0x2f0
[   75.144732][ T5314]  ? tun_get+0x1c/0x2f0
[   75.144743][ T5314]  ? tun_get+0x1c/0x2f0
[   75.144755][ T5314]  tun_chr_write_iter+0x113/0x200
[   75.144769][ T5314]  vfs_write+0x61d/0xb90
[   75.144788][ T5314]  ? __pfx_vfs_write+0x10/0x10
[   75.144808][ T5314]  ? __fget_files+0x2a/0x420
[   75.144827][ T5314]  ksys_write+0x150/0x270
[   75.144843][ T5314]  ? __pfx_ksys_write+0x10/0x10
[   75.144864][ T5314]  do_syscall_64+0x14d/0xf80
[   75.144879][ T5314]  ? trace_irq_disable+0x3b/0x150
[   75.144894][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.144905][ T5314]  ? clear_bhb_loop+0x40/0x90
[   75.144917][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.144929][ T5314] RIP: 0033:0x7fbceb35cece
[   75.144942][ T5314] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   75.144951][ T5314] RSP: 002b:00007fbcec27bfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   75.144965][ T5314] RAX: ffffffffffffffda RBX: 00007fbcec27c6c0 RCX: 00007fbceb35cece
[   75.144974][ T5314] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8
[   75.144982][ T5314] RBP: 00007fbceb432b39 R08: 0000000000000000 R09: 0000000000000000
[   75.144988][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.144995][ T5314] R13: 00007fbceb616038 R14: 00007fbceb615fa0 R15: 00007ffcfb255238
[   75.145013][ T5314]  </TASK>
[   75.145018][ T5314] Disabling lock debugging due to kernel taint
[   75.268222][ T5314] BUG: Bad page state in process syz.0.0  pfn:44462
[   75.271059][ T5314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888044462dc0 pfn:0x44462
[   75.275476][ T5314] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   75.278737][ T5314] raw: 04fff00000000000 dead000000000040 ffff88801f35c000 0000000000000000
[   75.282386][ T5314] raw: ffff888044462dc0 0000000000000001 00000000ffffffff 0000000000000000
[   75.285996][ T5314] page dumped because: page_pool leak
[   75.288303][ T5314] page_owner tracks the page as allocated
[   75.290902][ T5314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5314, tgid 5313 (syz.0.0), ts 75058325286, free_ts 73197020728
[   75.297649][ T5314]  post_alloc_hook+0x231/0x280
[   75.299710][ T5314]  get_page_from_freelist+0x24dc/0x2580
[   75.302151][ T5314]  __alloc_frozen_pages_noprof+0x18d/0x380
[   75.304709][ T5314]  alloc_pages_bulk_noprof+0x558/0x700
[   75.307140][ T5314]  __page_pool_alloc_netmems_slow+0x14c/0x710
[   75.309953][ T5314]  skb_pp_cow_data+0xc21/0x1680
[   75.312159][ T5314]  do_xdp_generic+0x76b/0x12e0
[   75.314239][ T5314]  tun_get_user+0x247d/0x3dd0
[   75.316421][ T5314]  tun_chr_write_iter+0x113/0x200
[   75.318721][ T5314]  vfs_write+0x61d/0xb90
[   75.320651][ T5314]  ksys_write+0x150/0x270
[   75.322595][ T5314]  do_syscall_64+0x14d/0xf80
[   75.324612][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.327281][ T5314] page last free pid 15 tgid 15 stack trace:
[   75.329820][ T5314]  __free_frozen_pages+0xc00/0xd90
[   75.332092][ T5314]  rcu_core+0x7cd/0x1070
[   75.334043][ T5314]  handle_softirqs+0x22a/0x870
[   75.336186][ T5314]  run_ksoftirqd+0x36/0x60
[   75.338020][ T5314]  smpboot_thread_fn+0x541/0xa50
[   75.340147][ T5314]  kthread+0x388/0x470
[   75.341996][ T5314]  ret_from_fork+0x51e/0xb90
[   75.344094][ T5314]  ret_from_fork_asm+0x1a/0x30
[   75.346410][ T5314] Modules linked in:
[   75.348129][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   75.348149][ T5314] Tainted: [B]=BAD_PAGE
[   75.348153][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   75.348161][ T5314] Call Trace:
[   75.348168][ T5314]  <TASK>
[   75.348175][ T5314]  dump_stack_lvl+0xe8/0x150
[   75.348191][ T5314]  bad_page+0x17f/0x1c0
[   75.348205][ T5314]  __free_frozen_pages+0xd37/0xd90
[   75.348224][ T5314]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[   75.348247][ T5314]  bpf_xdp_adjust_tail+0x1d6/0x220
[   75.348262][ T5314]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[   75.348274][ T5314]  bpf_prog_run_generic_xdp+0x603/0x1490
[   75.348297][ T5314]  do_xdp_generic+0xac5/0x12e0
[   75.348316][ T5314]  ? __pfx_do_xdp_generic+0x10/0x10
[   75.348336][ T5314]  ? tun_get_user+0x2354/0x3dd0
[   75.348348][ T5314]  tun_get_user+0x247d/0x3dd0
[   75.348362][ T5314]  ? aa_file_perm+0x12d/0x1630
[   75.348375][ T5314]  ? aa_file_perm+0x440/0x1630
[   75.348386][ T5314]  ? __pfx_tun_get_user+0x10/0x10
[   75.348398][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   75.348413][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   75.348425][ T5314]  ? __pfx_css_rstat_updated+0x10/0x10
[   75.348437][ T5314]  ? ref_tracker_alloc+0x363/0x4d0
[   75.348448][ T5314]  ? page_table_check_set+0x148/0x610
[   75.348464][ T5314]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   75.348473][ T5314]  ? count_memcg_event_mm+0x21/0x260
[   75.348486][ T5314]  ? tun_get+0x1c/0x2f0
[   75.348496][ T5314]  ? tun_get+0x1c/0x2f0
[   75.348506][ T5314]  ? tun_get+0x1c/0x2f0
[   75.348516][ T5314]  tun_chr_write_iter+0x113/0x200
[   75.348526][ T5314]  vfs_write+0x61d/0xb90
[   75.348541][ T5314]  ? __pfx_vfs_write+0x10/0x10
[   75.348556][ T5314]  ? __fget_files+0x2a/0x420
[   75.348571][ T5314]  ksys_write+0x150/0x270
[   75.348585][ T5314]  ? __pfx_ksys_write+0x10/0x10
[   75.348600][ T5314]  do_syscall_64+0x14d/0xf80
[   75.348615][ T5314]  ? trace_irq_disable+0x3b/0x150
[   75.348637][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.348648][ T5314]  ? clear_bhb_loop+0x40/0x90
[   75.348660][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.348672][ T5314] RIP: 0033:0x7fbceb35cece
[   75.348683][ T5314] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   75.348691][ T5314] RSP: 002b:00007fbcec27bfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   75.348703][ T5314] RAX: ffffffffffffffda RBX: 00007fbcec27c6c0 RCX: 00007fbceb35cece
[   75.348710][ T5314] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8
[   75.348717][ T5314] RBP: 00007fbceb432b39 R08: 0000000000000000 R09: 0000000000000000
[   75.348724][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.348730][ T5314] R13: 00007fbceb616038 R14: 00007fbceb615fa0 R15: 00007ffcfb255238
[   75.348739][ T5314]  </TASK>
[   75.348747][ T5314] BUG: Bad page state in process syz.0.0  pfn:383f6
[   75.479593][ T5314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880383f6000 pfn:0x383f6
[   75.484023][ T5314] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   75.487757][ T5314] raw: 04fff00000000000 dead000000000040 ffff88801f35c000 0000000000000000
[   75.491517][ T5314] raw: ffff8880383f6000 0000000000000001 00000000ffffffff 0000000000000000
[   75.495149][ T5314] page dumped because: page_pool leak
[   75.497897][ T5314] page_owner tracks the page as allocated
[   75.500326][ T5314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5314, tgid 5313 (syz.0.0), ts 75058318629, free_ts 73197025341
[   75.507620][ T5314]  post_alloc_hook+0x231/0x280
[   75.509718][ T5314]  get_page_from_freelist+0x24dc/0x2580
[   75.511984][ T5314]  __alloc_frozen_pages_noprof+0x18d/0x380
[   75.514529][ T5314]  alloc_pages_bulk_noprof+0x558/0x700
[   75.516924][ T5314]  __page_pool_alloc_netmems_slow+0x14c/0x710
[   75.519635][ T5314]  skb_pp_cow_data+0xc21/0x1680
[   75.521960][ T5314]  do_xdp_generic+0x76b/0x12e0
[   75.524175][ T5314]  tun_get_user+0x247d/0x3dd0
[   75.526502][ T5314]  tun_chr_write_iter+0x113/0x200
[   75.528846][ T5314]  vfs_write+0x61d/0xb90
[   75.530757][ T5314]  ksys_write+0x150/0x270
[   75.532784][ T5314]  do_syscall_64+0x14d/0xf80
[   75.534867][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.537852][ T5314] page last free pid 15 tgid 15 stack trace:
[   75.541344][ T5314]  __free_frozen_pages+0xc00/0xd90
[   75.543597][ T5314]  rcu_core+0x7cd/0x1070
[   75.545557][ T5314]  handle_softirqs+0x22a/0x870
[   75.547640][ T5314]  run_ksoftirqd+0x36/0x60
[   75.549540][ T5314]  smpboot_thread_fn+0x541/0xa50
[   75.551763][ T5314]  kthread+0x388/0x470
[   75.553552][ T5314]  ret_from_fork+0x51e/0xb90
[   75.555574][ T5314]  ret_from_fork_asm+0x1a/0x30
[   75.557707][ T5314] Modules linked in:
[   75.559437][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   75.559455][ T5314] Tainted: [B]=BAD_PAGE
[   75.559460][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   75.559467][ T5314] Call Trace:
[   75.559565][ T5314]  <TASK>
[   75.559689][ T5314]  dump_stack_lvl+0xe8/0x150
[   75.559709][ T5314]  bad_page+0x17f/0x1c0
[   75.559723][ T5314]  __free_frozen_pages+0xd37/0xd90
[   75.559743][ T5314]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[   75.559778][ T5314]  bpf_xdp_adjust_tail+0x1d6/0x220
[   75.559801][ T5314]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[   75.559812][ T5314]  bpf_prog_run_generic_xdp+0x603/0x1490
[   75.559832][ T5314]  do_xdp_generic+0xac5/0x12e0
[   75.559842][ T5314]  ? __pfx_do_xdp_generic+0x10/0x10
[   75.559869][ T5314]  ? tun_get_user+0x2354/0x3dd0
[   75.559881][ T5314]  tun_get_user+0x247d/0x3dd0
[   75.559909][ T5314]  ? aa_file_perm+0x12d/0x1630
[   75.559923][ T5314]  ? aa_file_perm+0x440/0x1630
[   75.559935][ T5314]  ? __pfx_tun_get_user+0x10/0x10
[   75.559946][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   75.559961][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   75.559974][ T5314]  ? __pfx_css_rstat_updated+0x10/0x10
[   75.559986][ T5314]  ? ref_tracker_alloc+0x363/0x4d0
[   75.559996][ T5314]  ? page_table_check_set+0x148/0x610
[   75.560011][ T5314]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   75.560023][ T5314]  ? count_memcg_event_mm+0x21/0x260
[   75.560037][ T5314]  ? tun_get+0x1c/0x2f0
[   75.560047][ T5314]  ? tun_get+0x1c/0x2f0
[   75.560057][ T5314]  ? tun_get+0x1c/0x2f0
[   75.560068][ T5314]  tun_chr_write_iter+0x113/0x200
[   75.560079][ T5314]  vfs_write+0x61d/0xb90
[   75.560095][ T5314]  ? __pfx_vfs_write+0x10/0x10
[   75.560110][ T5314]  ? __fget_files+0x2a/0x420
[   75.560123][ T5314]  ksys_write+0x150/0x270
[   75.560137][ T5314]  ? __pfx_ksys_write+0x10/0x10
[   75.560153][ T5314]  do_syscall_64+0x14d/0xf80
[   75.560168][ T5314]  ? trace_irq_disable+0x3b/0x150
[   75.560184][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.560195][ T5314]  ? clear_bhb_loop+0x40/0x90
[   75.560207][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.560217][ T5314] RIP: 0033:0x7fbceb35cece
[   75.560280][ T5314] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   75.560317][ T5314] RSP: 002b:00007fbcec27bfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   75.560331][ T5314] RAX: ffffffffffffffda RBX: 00007fbcec27c6c0 RCX: 00007fbceb35cece
[   75.560339][ T5314] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8
[   75.560345][ T5314] RBP: 00007fbceb432b39 R08: 0000000000000000 R09: 0000000000000000
[   75.560350][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.560356][ T5314] R13: 00007fbceb616038 R14: 00007fbceb615fa0 R15: 00007ffcfb255238
[   75.560366][ T5314]  </TASK>
[   75.560454][ T5314] BUG: Bad page state in process syz.0.0  pfn:39448
[   75.686571][ T5314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888039448a00 pfn:0x39448
[   75.691084][ T5314] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   75.694421][ T5314] raw: 04fff00000000000 dead000000000040 ffff88801f35c000 0000000000000000
[   75.698172][ T5314] raw: ffff888039448a00 0000000000000001 00000000ffffffff 0000000000000000
[   75.701822][ T5314] page dumped because: page_pool leak
[   75.704016][ T5314] page_owner tracks the page as allocated
[   75.706612][ T5314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5314, tgid 5313 (syz.0.0), ts 75058311737, free_ts 73197029505
[   75.713736][ T5314]  post_alloc_hook+0x231/0x280
[   75.715871][ T5314]  get_page_from_freelist+0x24dc/0x2580
[   75.718412][ T5314]  __alloc_frozen_pages_noprof+0x18d/0x380
[   75.720947][ T5314]  alloc_pages_bulk_noprof+0x558/0x700
[   75.723283][ T5314]  __page_pool_alloc_netmems_slow+0x14c/0x710
[   75.725806][ T5314]  skb_pp_cow_data+0xc21/0x1680
[   75.727840][ T5314]  do_xdp_generic+0x76b/0x12e0
[   75.729843][ T5314]  tun_get_user+0x247d/0x3dd0
[   75.731812][ T5314]  tun_chr_write_iter+0x113/0x200
[   75.733906][ T5314]  vfs_write+0x61d/0xb90
[   75.735698][ T5314]  ksys_write+0x150/0x270
[   75.737728][ T5314]  do_syscall_64+0x14d/0xf80
[   75.739898][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.742625][ T5314] page last free pid 15 tgid 15 stack trace:
[   75.745374][ T5314]  __free_frozen_pages+0xc00/0xd90
[   75.747769][ T5314]  rcu_core+0x7cd/0x1070
[   75.749712][ T5314]  handle_softirqs+0x22a/0x870
[   75.751893][ T5314]  run_ksoftirqd+0x36/0x60
[   75.753894][ T5314]  smpboot_thread_fn+0x541/0xa50
[   75.756045][ T5314]  kthread+0x388/0x470
[   75.758012][ T5314]  ret_from_fork+0x51e/0xb90
[   75.760121][ T5314]  ret_from_fork_asm+0x1a/0x30
[   75.762336][ T5314] Modules linked in:
[   75.764133][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   75.764152][ T5314] Tainted: [B]=BAD_PAGE
[   75.764157][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   75.764165][ T5314] Call Trace:
[   75.764172][ T5314]  <TASK>
[   75.764179][ T5314]  dump_stack_lvl+0xe8/0x150
[   75.764197][ T5314]  bad_page+0x17f/0x1c0
[   75.764213][ T5314]  __free_frozen_pages+0xd37/0xd90
[   75.764234][ T5314]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[   75.764258][ T5314]  bpf_xdp_adjust_tail+0x1d6/0x220
[   75.764274][ T5314]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[   75.764285][ T5314]  bpf_prog_run_generic_xdp+0x603/0x1490
[   75.764308][ T5314]  do_xdp_generic+0xac5/0x12e0
[   75.764327][ T5314]  ? __pfx_do_xdp_generic+0x10/0x10
[   75.764350][ T5314]  ? tun_get_user+0x2354/0x3dd0
[   75.764363][ T5314]  tun_get_user+0x247d/0x3dd0
[   75.764377][ T5314]  ? aa_file_perm+0x12d/0x1630
[   75.764396][ T5314]  ? aa_file_perm+0x440/0x1630
[   75.764409][ T5314]  ? __pfx_tun_get_user+0x10/0x10
[   75.764422][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   75.764439][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   75.764453][ T5314]  ? __pfx_css_rstat_updated+0x10/0x10
[   75.764467][ T5314]  ? ref_tracker_alloc+0x363/0x4d0
[   75.764479][ T5314]  ? page_table_check_set+0x148/0x610
[   75.764497][ T5314]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   75.764508][ T5314]  ? count_memcg_event_mm+0x21/0x260
[   75.764522][ T5314]  ? tun_get+0x1c/0x2f0
[   75.764534][ T5314]  ? tun_get+0x1c/0x2f0
[   75.764545][ T5314]  ? tun_get+0x1c/0x2f0
[   75.764557][ T5314]  tun_chr_write_iter+0x113/0x200
[   75.764570][ T5314]  vfs_write+0x61d/0xb90
[   75.764587][ T5314]  ? __pfx_vfs_write+0x10/0x10
[   75.764605][ T5314]  ? __fget_files+0x2a/0x420
[   75.764620][ T5314]  ksys_write+0x150/0x270
[   75.764636][ T5314]  ? __pfx_ksys_write+0x10/0x10
[   75.764653][ T5314]  do_syscall_64+0x14d/0xf80
[   75.764669][ T5314]  ? trace_irq_disable+0x3b/0x150
[   75.764685][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.764696][ T5314]  ? clear_bhb_loop+0x40/0x90
[   75.764708][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.764719][ T5314] RIP: 0033:0x7fbceb35cece
[   75.764732][ T5314] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   75.764741][ T5314] RSP: 002b:00007fbcec27bfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   75.764754][ T5314] RAX: ffffffffffffffda RBX: 00007fbcec27c6c0 RCX: 00007fbceb35cece
[   75.764762][ T5314] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8
[   75.764769][ T5314] RBP: 00007fbceb432b39 R08: 0000000000000000 R09: 0000000000000000
[   75.764776][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.764782][ T5314] R13: 00007fbceb616038 R14: 00007fbceb615fa0 R15: 00007ffcfb255238
[   75.764795][ T5314]  </TASK>
[   75.764804][ T5314] BUG: Bad page state in process syz.0.0  pfn:394ca
[   75.892935][ T5314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880394cadc0 pfn:0x394ca
[   75.897362][ T5314] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   75.900433][ T5314] raw: 04fff00000000000 dead000000000040 ffff88801f35c000 0000000000000000
[   75.904246][ T5314] raw: ffff8880394cadc0 0000000000000001 00000000ffffffff 0000000000000000
[   75.908052][ T5314] page dumped because: page_pool leak
[   75.910368][ T5314] page_owner tracks the page as allocated
[   75.912774][ T5314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5314, tgid 5313 (syz.0.0), ts 75058304474, free_ts 73197033801
[   75.919711][ T5314]  post_alloc_hook+0x231/0x280
[   75.921858][ T5314]  get_page_from_freelist+0x24dc/0x2580
[   75.924223][ T5314]  __alloc_frozen_pages_noprof+0x18d/0x380
[   75.926862][ T5314]  alloc_pages_bulk_noprof+0x558/0x700
[   75.929179][ T5314]  __page_pool_alloc_netmems_slow+0x14c/0x710
[   75.931965][ T5314]  skb_pp_cow_data+0xc21/0x1680
[   75.934141][ T5314]  do_xdp_generic+0x76b/0x12e0
[   75.936244][ T5314]  tun_get_user+0x247d/0x3dd0
[   75.938350][ T5314]  tun_chr_write_iter+0x113/0x200
[   75.940541][ T5314]  vfs_write+0x61d/0xb90
[   75.942384][ T5314]  ksys_write+0x150/0x270
[   75.944505][ T5314]  do_syscall_64+0x14d/0xf80
[   75.946658][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.949344][ T5314] page last free pid 15 tgid 15 stack trace:
[   75.951954][ T5314]  __free_frozen_pages+0xc00/0xd90
[   75.954171][ T5314]  rcu_core+0x7cd/0x1070
[   75.955974][ T5314]  handle_softirqs+0x22a/0x870
[   75.958091][ T5314]  run_ksoftirqd+0x36/0x60
[   75.959996][ T5314]  smpboot_thread_fn+0x541/0xa50
[   75.962206][ T5314]  kthread+0x388/0x470
[   75.964026][ T5314]  ret_from_fork+0x51e/0xb90
[   75.966021][ T5314]  ret_from_fork_asm+0x1a/0x30
[   75.968080][ T5314] Modules linked in:
[   75.970030][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   75.970048][ T5314] Tainted: [B]=BAD_PAGE
[   75.970053][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   75.970060][ T5314] Call Trace:
[   75.970067][ T5314]  <TASK>
[   75.970074][ T5314]  dump_stack_lvl+0xe8/0x150
[   75.970091][ T5314]  bad_page+0x17f/0x1c0
[   75.970103][ T5314]  __free_frozen_pages+0xd37/0xd90
[   75.970120][ T5314]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[   75.970141][ T5314]  bpf_xdp_adjust_tail+0x1d6/0x220
[   75.970154][ T5314]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[   75.970164][ T5314]  bpf_prog_run_generic_xdp+0x603/0x1490
[   75.970184][ T5314]  do_xdp_generic+0xac5/0x12e0
[   75.970200][ T5314]  ? __pfx_do_xdp_generic+0x10/0x10
[   75.970219][ T5314]  ? tun_get_user+0x2354/0x3dd0
[   75.970231][ T5314]  tun_get_user+0x247d/0x3dd0
[   75.970244][ T5314]  ? aa_file_perm+0x12d/0x1630
[   75.970257][ T5314]  ? aa_file_perm+0x440/0x1630
[   75.970267][ T5314]  ? __pfx_tun_get_user+0x10/0x10
[   75.970278][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   75.970290][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   75.970302][ T5314]  ? __pfx_css_rstat_updated+0x10/0x10
[   75.970315][ T5314]  ? ref_tracker_alloc+0x363/0x4d0
[   75.970324][ T5314]  ? page_table_check_set+0x148/0x610
[   75.970339][ T5314]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   75.970350][ T5314]  ? count_memcg_event_mm+0x21/0x260
[   75.970362][ T5314]  ? tun_get+0x1c/0x2f0
[   75.970385][ T5314]  ? tun_get+0x1c/0x2f0
[   75.970396][ T5314]  ? tun_get+0x1c/0x2f0
[   75.970408][ T5314]  tun_chr_write_iter+0x113/0x200
[   75.970421][ T5314]  vfs_write+0x61d/0xb90
[   75.970436][ T5314]  ? __pfx_vfs_write+0x10/0x10
[   75.970451][ T5314]  ? __fget_files+0x2a/0x420
[   75.970464][ T5314]  ksys_write+0x150/0x270
[   75.970477][ T5314]  ? __pfx_ksys_write+0x10/0x10
[   75.970491][ T5314]  do_syscall_64+0x14d/0xf80
[   75.970505][ T5314]  ? trace_irq_disable+0x3b/0x150
[   75.970519][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.970528][ T5314]  ? clear_bhb_loop+0x40/0x90
[   75.970539][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.970550][ T5314] RIP: 0033:0x7fbceb35cece
[   75.970561][ T5314] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   75.970568][ T5314] RSP: 002b:00007fbcec27bfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   75.970581][ T5314] RAX: ffffffffffffffda RBX: 00007fbcec27c6c0 RCX: 00007fbceb35cece
[   75.970589][ T5314] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8
[   75.970596][ T5314] RBP: 00007fbceb432b39 R08: 0000000000000000 R09: 0000000000000000
[   75.970603][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.970609][ T5314] R13: 00007fbceb616038 R14: 00007fbceb615fa0 R15: 00007ffcfb255238
[   75.970620][ T5314]  </TASK>
[   75.970627][ T5314] BUG: Bad page state in process syz.0.0  pfn:42e1e
[   76.099405][ T5314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888042e1e640 pfn:0x42e1e
[   76.103698][ T5314] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   76.106852][ T5314] raw: 04fff00000000000 dead000000000040 ffff88801f35c000 0000000000000000
[   76.111171][ T5314] raw: ffff888042e1e640 0000000000000001 00000000ffffffff 0000000000000000
[   76.114782][ T5314] page dumped because: page_pool leak
[   76.117040][ T5314] page_owner tracks the page as allocated
[   76.119599][ T5314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5314, tgid 5313 (syz.0.0), ts 75058293662, free_ts 73197038558
[   76.126097][ T5314]  post_alloc_hook+0x231/0x280
[   76.128259][ T5314]  get_page_from_freelist+0x24dc/0x2580
[   76.130740][ T5314]  __alloc_frozen_pages_noprof+0x18d/0x380
[   76.133320][ T5314]  alloc_pages_bulk_noprof+0x558/0x700
[   76.135776][ T5314]  __page_pool_alloc_netmems_slow+0x14c/0x710
[   76.138535][ T5314]  skb_pp_cow_data+0xc21/0x1680
[   76.140652][ T5314]  do_xdp_generic+0x76b/0x12e0
[   76.142801][ T5314]  tun_get_user+0x247d/0x3dd0
[   76.145065][ T5314]  tun_chr_write_iter+0x113/0x200
[   76.147603][ T5314]  vfs_write+0x61d/0xb90
[   76.149460][ T5314]  ksys_write+0x150/0x270
[   76.151399][ T5314]  do_syscall_64+0x14d/0xf80
[   76.153463][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.156162][ T5314] page last free pid 15 tgid 15 stack trace:
[   76.158991][ T5314]  __free_frozen_pages+0xc00/0xd90
[   76.161648][ T5314]  rcu_core+0x7cd/0x1070
[   76.163630][ T5314]  handle_softirqs+0x22a/0x870
[   76.165808][ T5314]  run_ksoftirqd+0x36/0x60
[   76.167972][ T5314]  smpboot_thread_fn+0x541/0xa50
[   76.170200][ T5314]  kthread+0x388/0x470
[   76.172264][ T5314]  ret_from_fork+0x51e/0xb90
[   76.174428][ T5314]  ret_from_fork_asm+0x1a/0x30
[   76.176657][ T5314] Modules linked in:
[   76.178431][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   76.178450][ T5314] Tainted: [B]=BAD_PAGE
[   76.178455][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   76.178462][ T5314] Call Trace:
[   76.178469][ T5314]  <TASK>
[   76.178476][ T5314]  dump_stack_lvl+0xe8/0x150
[   76.178493][ T5314]  bad_page+0x17f/0x1c0
[   76.178507][ T5314]  __free_frozen_pages+0xd37/0xd90
[   76.178522][ T5314]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[   76.178542][ T5314]  bpf_xdp_adjust_tail+0x1d6/0x220
[   76.178557][ T5314]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[   76.178567][ T5314]  bpf_prog_run_generic_xdp+0x603/0x1490
[   76.178587][ T5314]  do_xdp_generic+0xac5/0x12e0
[   76.178601][ T5314]  ? __pfx_do_xdp_generic+0x10/0x10
[   76.178620][ T5314]  ? tun_get_user+0x2354/0x3dd0
[   76.178630][ T5314]  tun_get_user+0x247d/0x3dd0
[   76.178652][ T5314]  ? aa_file_perm+0x12d/0x1630
[   76.178665][ T5314]  ? aa_file_perm+0x440/0x1630
[   76.178676][ T5314]  ? __pfx_tun_get_user+0x10/0x10
[   76.178687][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   76.178699][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   76.178711][ T5314]  ? __pfx_css_rstat_updated+0x10/0x10
[   76.178722][ T5314]  ? ref_tracker_alloc+0x363/0x4d0
[   76.178731][ T5314]  ? page_table_check_set+0x148/0x610
[   76.178745][ T5314]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   76.178756][ T5314]  ? count_memcg_event_mm+0x21/0x260
[   76.178768][ T5314]  ? tun_get+0x1c/0x2f0
[   76.178780][ T5314]  ? tun_get+0x1c/0x2f0
[   76.178788][ T5314]  ? tun_get+0x1c/0x2f0
[   76.178798][ T5314]  tun_chr_write_iter+0x113/0x200
[   76.178809][ T5314]  vfs_write+0x61d/0xb90
[   76.178823][ T5314]  ? __pfx_vfs_write+0x10/0x10
[   76.178837][ T5314]  ? __fget_files+0x2a/0x420
[   76.178851][ T5314]  ksys_write+0x150/0x270
[   76.178864][ T5314]  ? __pfx_ksys_write+0x10/0x10
[   76.178876][ T5314]  do_syscall_64+0x14d/0xf80
[   76.178889][ T5314]  ? trace_irq_disable+0x3b/0x150
[   76.178903][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.178913][ T5314]  ? clear_bhb_loop+0x40/0x90
[   76.178923][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.178934][ T5314] RIP: 0033:0x7fbceb35cece
[   76.178944][ T5314] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   76.178952][ T5314] RSP: 002b:00007fbcec27bfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   76.178965][ T5314] RAX: ffffffffffffffda RBX: 00007fbcec27c6c0 RCX: 00007fbceb35cece
[   76.178973][ T5314] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8
[   76.178981][ T5314] RBP: 00007fbceb432b39 R08: 0000000000000000 R09: 0000000000000000
[   76.178988][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.178994][ T5314] R13: 00007fbceb616038 R14: 00007fbceb615fa0 R15: 00007ffcfb255238
[   76.179004][ T5314]  </TASK>
[   76.179012][ T5314] BUG: Bad page state in process syz.0.0  pfn:38ab8
[   76.304627][ T5314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888038ab8780 pfn:0x38ab8
[   76.308947][ T5314] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   76.312104][ T5314] raw: 04fff00000000000 dead000000000040 ffff88801f35c000 0000000000000000
[   76.315496][ T5314] raw: ffff888038ab8780 0000000000000001 00000000ffffffff 0000000000000000
[   76.318918][ T5314] page dumped because: page_pool leak
[   76.320972][ T5314] page_owner tracks the page as allocated
[   76.323201][ T5314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5314, tgid 5313 (syz.0.0), ts 75058282784, free_ts 73197042840
[   76.329936][ T5314]  post_alloc_hook+0x231/0x280
[   76.332126][ T5314]  get_page_from_freelist+0x24dc/0x2580
[   76.334544][ T5314]  __alloc_frozen_pages_noprof+0x18d/0x380
[   76.337202][ T5314]  alloc_pages_bulk_noprof+0x558/0x700
[   76.339403][ T5314]  __page_pool_alloc_netmems_slow+0x14c/0x710
[   76.341940][ T5314]  skb_pp_cow_data+0xc21/0x1680
[   76.343935][ T5314]  do_xdp_generic+0x76b/0x12e0
[   76.345928][ T5314]  tun_get_user+0x247d/0x3dd0
[   76.347910][ T5314]  tun_chr_write_iter+0x113/0x200
[   76.350084][ T5314]  vfs_write+0x61d/0xb90
[   76.352048][ T5314]  ksys_write+0x150/0x270
[   76.353944][ T5314]  do_syscall_64+0x14d/0xf80
[   76.355945][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.358731][ T5314] page last free pid 15 tgid 15 stack trace:
[   76.361386][ T5314]  __free_frozen_pages+0xc00/0xd90
[   76.363506][ T5314]  rcu_core+0x7cd/0x1070
[   76.365316][ T5314]  handle_softirqs+0x22a/0x870
[   76.367498][ T5314]  run_ksoftirqd+0x36/0x60
[   76.369434][ T5314]  smpboot_thread_fn+0x541/0xa50
[   76.371648][ T5314]  kthread+0x388/0x470
[   76.373519][ T5314]  ret_from_fork+0x51e/0xb90
[   76.375604][ T5314]  ret_from_fork_asm+0x1a/0x30
[   76.377811][ T5314] Modules linked in:
[   76.379470][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   76.379486][ T5314] Tainted: [B]=BAD_PAGE
[   76.379490][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   76.379497][ T5314] Call Trace:
[   76.379504][ T5314]  <TASK>
[   76.379510][ T5314]  dump_stack_lvl+0xe8/0x150
[   76.379527][ T5314]  bad_page+0x17f/0x1c0
[   76.379540][ T5314]  __free_frozen_pages+0xd37/0xd90
[   76.379555][ T5314]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[   76.379575][ T5314]  bpf_xdp_adjust_tail+0x1d6/0x220
[   76.379588][ T5314]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[   76.379598][ T5314]  bpf_prog_run_generic_xdp+0x603/0x1490
[   76.379616][ T5314]  do_xdp_generic+0xac5/0x12e0
[   76.379631][ T5314]  ? __pfx_do_xdp_generic+0x10/0x10
[   76.379656][ T5314]  ? tun_get_user+0x2354/0x3dd0
[   76.379668][ T5314]  tun_get_user+0x247d/0x3dd0
[   76.379682][ T5314]  ? aa_file_perm+0x12d/0x1630
[   76.379694][ T5314]  ? aa_file_perm+0x440/0x1630
[   76.379702][ T5314]  ? __pfx_tun_get_user+0x10/0x10
[   76.379712][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   76.379725][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   76.379737][ T5314]  ? __pfx_css_rstat_updated+0x10/0x10
[   76.379751][ T5314]  ? ref_tracker_alloc+0x363/0x4d0
[   76.379760][ T5314]  ? page_table_check_set+0x148/0x610
[   76.379775][ T5314]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   76.379786][ T5314]  ? count_memcg_event_mm+0x21/0x260
[   76.379798][ T5314]  ? tun_get+0x1c/0x2f0
[   76.379807][ T5314]  ? tun_get+0x1c/0x2f0
[   76.379815][ T5314]  ? tun_get+0x1c/0x2f0
[   76.379827][ T5314]  tun_chr_write_iter+0x113/0x200
[   76.379839][ T5314]  vfs_write+0x61d/0xb90
[   76.379854][ T5314]  ? __pfx_vfs_write+0x10/0x10
[   76.379869][ T5314]  ? __fget_files+0x2a/0x420
[   76.379881][ T5314]  ksys_write+0x150/0x270
[   76.379892][ T5314]  ? __pfx_ksys_write+0x10/0x10
[   76.379908][ T5314]  do_syscall_64+0x14d/0xf80
[   76.379919][ T5314]  ? trace_irq_disable+0x3b/0x150
[   76.379930][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.379939][ T5314]  ? clear_bhb_loop+0x40/0x90
[   76.379949][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.379957][ T5314] RIP: 0033:0x7fbceb35cece
[   76.379967][ T5314] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   76.379975][ T5314] RSP: 002b:00007fbcec27bfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   76.379987][ T5314] RAX: ffffffffffffffda RBX: 00007fbcec27c6c0 RCX: 00007fbceb35cece
[   76.379994][ T5314] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8
[   76.380000][ T5314] RBP: 00007fbceb432b39 R08: 0000000000000000 R09: 0000000000000000
[   76.380006][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.380012][ T5314] R13: 00007fbceb616038 R14: 00007fbceb615fa0 R15: 00007ffcfb255238
[   76.380022][ T5314]  </TASK>
[   76.380029][ T5314] BUG: Bad page state in process syz.0.0  pfn:42802
[   76.508337][ T5314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888042802280 pfn:0x42802
[   76.512883][ T5314] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   76.516126][ T5314] raw: 04fff00000000000 dead000000000040 ffff88801f35c000 0000000000000000
[   76.519964][ T5314] raw: ffff888042802280 0000000000000001 00000000ffffffff 0000000000000000
[   76.523765][ T5314] page dumped because: page_pool leak
[   76.526214][ T5314] page_owner tracks the page as allocated
[   76.528768][ T5314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5314, tgid 5313 (syz.0.0), ts 75058271674, free_ts 73197048107
[   76.536548][ T5314]  post_alloc_hook+0x231/0x280
[   76.538832][ T5314]  get_page_from_freelist+0x24dc/0x2580
[   76.541359][ T5314]  __alloc_frozen_pages_noprof+0x18d/0x380
[   76.544184][ T5314]  alloc_pages_bulk_noprof+0x558/0x700
[   76.546808][ T5314]  __page_pool_alloc_netmems_slow+0x14c/0x710
[   76.549448][ T5314]  skb_pp_cow_data+0xc21/0x1680
[   76.551647][ T5314]  do_xdp_generic+0x76b/0x12e0
[   76.553705][ T5314]  tun_get_user+0x247d/0x3dd0
[   76.555790][ T5314]  tun_chr_write_iter+0x113/0x200
[   76.558013][ T5314]  vfs_write+0x61d/0xb90
[   76.559935][ T5314]  ksys_write+0x150/0x270
[   76.561971][ T5314]  do_syscall_64+0x14d/0xf80
[   76.564069][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.566732][ T5314] page last free pid 15 tgid 15 stack trace:
[   76.569317][ T5314]  __free_frozen_pages+0xc00/0xd90
[   76.571712][ T5314]  rcu_core+0x7cd/0x1070
[   76.573664][ T5314]  handle_softirqs+0x22a/0x870
[   76.575833][ T5314]  run_ksoftirqd+0x36/0x60
[   76.577968][ T5314]  smpboot_thread_fn+0x541/0xa50
[   76.580180][ T5314]  kthread+0x388/0x470
[   76.582074][ T5314]  ret_from_fork+0x51e/0xb90
[   76.584123][ T5314]  ret_from_fork_asm+0x1a/0x30
[   76.586644][ T5314] Modules linked in:
[   76.588420][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   76.588440][ T5314] Tainted: [B]=BAD_PAGE
[   76.588445][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   76.588453][ T5314] Call Trace:
[   76.588549][ T5314]  <TASK>
[   76.588611][ T5314]  dump_stack_lvl+0xe8/0x150
[   76.588632][ T5314]  bad_page+0x17f/0x1c0
[   76.588645][ T5314]  __free_frozen_pages+0xd37/0xd90
[   76.588662][ T5314]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[   76.588720][ T5314]  bpf_xdp_adjust_tail+0x1d6/0x220
[   76.588743][ T5314]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[   76.588754][ T5314]  bpf_prog_run_generic_xdp+0x603/0x1490
[   76.588797][ T5314]  do_xdp_generic+0xac5/0x12e0
[   76.588816][ T5314]  ? __pfx_do_xdp_generic+0x10/0x10
[   76.588859][ T5314]  ? tun_get_user+0x2354/0x3dd0
[   76.588875][ T5314]  tun_get_user+0x247d/0x3dd0
[   76.588902][ T5314]  ? aa_file_perm+0x12d/0x1630
[   76.588918][ T5314]  ? aa_file_perm+0x440/0x1630
[   76.588930][ T5314]  ? __pfx_tun_get_user+0x10/0x10
[   76.588958][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   76.588973][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   76.588985][ T5314]  ? __pfx_css_rstat_updated+0x10/0x10
[   76.589016][ T5314]  ? ref_tracker_alloc+0x363/0x4d0
[   76.589030][ T5314]  ? page_table_check_set+0x148/0x610
[   76.589049][ T5314]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   76.589060][ T5314]  ? count_memcg_event_mm+0x21/0x260
[   76.589100][ T5314]  ? tun_get+0x1c/0x2f0
[   76.589111][ T5314]  ? tun_get+0x1c/0x2f0
[   76.589122][ T5314]  ? tun_get+0x1c/0x2f0
[   76.589134][ T5314]  tun_chr_write_iter+0x113/0x200
[   76.589170][ T5314]  vfs_write+0x61d/0xb90
[   76.589190][ T5314]  ? __pfx_vfs_write+0x10/0x10
[   76.589208][ T5314]  ? __fget_files+0x2a/0x420
[   76.589245][ T5314]  ksys_write+0x150/0x270
[   76.589263][ T5314]  ? __pfx_ksys_write+0x10/0x10
[   76.589280][ T5314]  do_syscall_64+0x14d/0xf80
[   76.589374][ T5314]  ? trace_irq_disable+0x3b/0x150
[   76.589392][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.589405][ T5314]  ? clear_bhb_loop+0x40/0x90
[   76.589439][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.589450][ T5314] RIP: 0033:0x7fbceb35cece
[   76.589607][ T5314] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   76.589639][ T5314] RSP: 002b:00007fbcec27bfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   76.589649][ T5314] RAX: ffffffffffffffda RBX: 00007fbcec27c6c0 RCX: 00007fbceb35cece
[   76.589655][ T5314] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8
[   76.589681][ T5314] RBP: 00007fbceb432b39 R08: 0000000000000000 R09: 0000000000000000
[   76.589691][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.589697][ T5314] R13: 00007fbceb616038 R14: 00007fbceb615fa0 R15: 00007ffcfb255238
[   76.589711][ T5314]  </TASK>
[   76.589788][ T5314] BUG: Bad page state in process syz.0.0  pfn:35205
[   76.719189][ T5314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880352058c0 pfn:0x35205
[   76.724851][ T5314] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   76.728321][ T5314] raw: 04fff00000000000 dead000000000040 ffff88801f35c000 0000000000000000
[   76.732201][ T5314] raw: ffff8880352058c0 0000000000000001 00000000ffffffff 0000000000000000
[   76.736007][ T5314] page dumped because: page_pool leak
[   76.738493][ T5314] page_owner tracks the page as allocated
[   76.740999][ T5314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5314, tgid 5313 (syz.0.0), ts 75058246045, free_ts 73197058926
[   76.748570][ T5314]  post_alloc_hook+0x231/0x280
[   76.750782][ T5314]  get_page_from_freelist+0x24dc/0x2580
[   76.753197][ T5314]  __alloc_frozen_pages_noprof+0x18d/0x380
[   76.755777][ T5314]  alloc_pages_bulk_noprof+0x558/0x700
[   76.758340][ T5314]  __page_pool_alloc_netmems_slow+0x14c/0x710
[   76.761097][ T5314]  skb_pp_cow_data+0xc21/0x1680
[   76.763390][ T5314]  do_xdp_generic+0x76b/0x12e0
[   76.765469][ T5314]  tun_get_user+0x247d/0x3dd0
[   76.767711][ T5314]  tun_chr_write_iter+0x113/0x200
[   76.770013][ T5314]  vfs_write+0x61d/0xb90
[   76.772020][ T5314]  ksys_write+0x150/0x270
[   76.773970][ T5314]  do_syscall_64+0x14d/0xf80
[   76.776085][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.778862][ T5314] page last free pid 15 tgid 15 stack trace:
[   76.781540][ T5314]  __free_frozen_pages+0xc00/0xd90
[   76.783899][ T5314]  rcu_core+0x7cd/0x1070
[   76.785897][ T5314]  handle_softirqs+0x22a/0x870
[   76.788189][ T5314]  run_ksoftirqd+0x36/0x60
[   76.790247][ T5314]  smpboot_thread_fn+0x541/0xa50
[   76.792540][ T5314]  kthread+0x388/0x470
[   76.794332][ T5314]  ret_from_fork+0x51e/0xb90
[   76.796284][ T5314]  ret_from_fork_asm+0x1a/0x30
[   76.798598][ T5314] Modules linked in:
[   76.800385][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   76.800408][ T5314] Tainted: [B]=BAD_PAGE
[   76.800413][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   76.800420][ T5314] Call Trace:
[   76.800429][ T5314]  <TASK>
[   76.800435][ T5314]  dump_stack_lvl+0xe8/0x150
[   76.800454][ T5314]  bad_page+0x17f/0x1c0
[   76.800469][ T5314]  __free_frozen_pages+0xd37/0xd90
[   76.800486][ T5314]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[   76.800503][ T5314]  bpf_xdp_adjust_tail+0x1d6/0x220
[   76.800517][ T5314]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[   76.800526][ T5314]  bpf_prog_run_generic_xdp+0x603/0x1490
[   76.800547][ T5314]  do_xdp_generic+0xac5/0x12e0
[   76.800563][ T5314]  ? __pfx_do_xdp_generic+0x10/0x10
[   76.800582][ T5314]  ? tun_get_user+0x2354/0x3dd0
[   76.800594][ T5314]  tun_get_user+0x247d/0x3dd0
[   76.800607][ T5314]  ? aa_file_perm+0x12d/0x1630
[   76.800620][ T5314]  ? aa_file_perm+0x440/0x1630
[   76.800631][ T5314]  ? __pfx_tun_get_user+0x10/0x10
[   76.800641][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   76.800655][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   76.800667][ T5314]  ? __pfx_css_rstat_updated+0x10/0x10
[   76.800680][ T5314]  ? ref_tracker_alloc+0x363/0x4d0
[   76.800698][ T5314]  ? page_table_check_set+0x148/0x610
[   76.800713][ T5314]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   76.800722][ T5314]  ? count_memcg_event_mm+0x21/0x260
[   76.800735][ T5314]  ? tun_get+0x1c/0x2f0
[   76.800746][ T5314]  ? tun_get+0x1c/0x2f0
[   76.800756][ T5314]  ? tun_get+0x1c/0x2f0
[   76.800767][ T5314]  tun_chr_write_iter+0x113/0x200
[   76.800778][ T5314]  vfs_write+0x61d/0xb90
[   76.800793][ T5314]  ? __pfx_vfs_write+0x10/0x10
[   76.800808][ T5314]  ? __fget_files+0x2a/0x420
[   76.800822][ T5314]  ksys_write+0x150/0x270
[   76.800836][ T5314]  ? __pfx_ksys_write+0x10/0x10
[   76.800852][ T5314]  do_syscall_64+0x14d/0xf80
[   76.800866][ T5314]  ? trace_irq_disable+0x3b/0x150
[   76.800879][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.800889][ T5314]  ? clear_bhb_loop+0x40/0x90
[   76.800901][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.800911][ T5314] RIP: 0033:0x7fbceb35cece
[   76.800923][ T5314] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   76.800932][ T5314] RSP: 002b:00007fbcec27bfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   76.800944][ T5314] RAX: ffffffffffffffda RBX: 00007fbcec27c6c0 RCX: 00007fbceb35cece
[   76.800951][ T5314] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8
[   76.800956][ T5314] RBP: 00007fbceb432b39 R08: 0000000000000000 R09: 0000000000000000
[   76.800960][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.800963][ T5314] R13: 00007fbceb616038 R14: 00007fbceb615fa0 R15: 00007ffcfb255238
[   76.800970][ T5314]  </TASK>
[   76.800978][ T5314] BUG: Bad page state in process syz.0.0  pfn:415ae
[   76.925687][ T5314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880415aea00 pfn:0x415ae
[   76.930134][ T5314] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   76.933409][ T5314] raw: 04fff00000000000 dead000000000040 ffff88801f35c000 0000000000000000
[   76.937187][ T5314] raw: ffff8880415aea00 0000000000000001 00000000ffffffff 0000000000000000
[   76.940985][ T5314] page dumped because: page_pool leak
[   76.943488][ T5314] page_owner tracks the page as allocated
[   76.946123][ T5314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5314, tgid 5313 (syz.0.0), ts 75058235831, free_ts 73197063538
[   76.954145][ T5314]  post_alloc_hook+0x231/0x280
[   76.956272][ T5314]  get_page_from_freelist+0x24dc/0x2580
[   76.958832][ T5314]  __alloc_frozen_pages_noprof+0x18d/0x380
[   76.961508][ T5314]  alloc_pages_bulk_noprof+0x558/0x700
[   76.963828][ T5314]  __page_pool_alloc_netmems_slow+0x14c/0x710
[   76.966600][ T5314]  skb_pp_cow_data+0xc21/0x1680
[   76.968758][ T5314]  do_xdp_generic+0x76b/0x12e0
[   76.971013][ T5314]  tun_get_user+0x247d/0x3dd0
[   76.973100][ T5314]  tun_chr_write_iter+0x113/0x200
[   76.975257][ T5314]  vfs_write+0x61d/0xb90
[   76.977114][ T5314]  ksys_write+0x150/0x270
[   76.979036][ T5314]  do_syscall_64+0x14d/0xf80
[   76.981103][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.983684][ T5314] page last free pid 15 tgid 15 stack trace:
[   76.986372][ T5314]  __free_frozen_pages+0xc00/0xd90
[   76.988644][ T5314]  rcu_core+0x7cd/0x1070
[   76.990538][ T5314]  handle_softirqs+0x22a/0x870
[   76.992583][ T5314]  run_ksoftirqd+0x36/0x60
[   76.994598][ T5314]  smpboot_thread_fn+0x541/0xa50
[   76.996831][ T5314]  kthread+0x388/0x470
[   76.998657][ T5314]  ret_from_fork+0x51e/0xb90
[   77.000681][ T5314]  ret_from_fork_asm+0x1a/0x30
[   77.002902][ T5314] Modules linked in:
[   77.004604][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   77.004621][ T5314] Tainted: [B]=BAD_PAGE
[   77.004625][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   77.004632][ T5314] Call Trace:
[   77.004638][ T5314]  <TASK>
[   77.004644][ T5314]  dump_stack_lvl+0xe8/0x150
[   77.004660][ T5314]  bad_page+0x17f/0x1c0
[   77.004674][ T5314]  __free_frozen_pages+0xd37/0xd90
[   77.004687][ T5314]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[   77.004699][ T5314]  bpf_xdp_adjust_tail+0x1d6/0x220
[   77.004707][ T5314]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[   77.004714][ T5314]  bpf_prog_run_generic_xdp+0x603/0x1490
[   77.004729][ T5314]  do_xdp_generic+0xac5/0x12e0
[   77.004744][ T5314]  ? __pfx_do_xdp_generic+0x10/0x10
[   77.004761][ T5314]  ? tun_get_user+0x2354/0x3dd0
[   77.004773][ T5314]  tun_get_user+0x247d/0x3dd0
[   77.004787][ T5314]  ? aa_file_perm+0x12d/0x1630
[   77.004799][ T5314]  ? aa_file_perm+0x440/0x1630
[   77.004808][ T5314]  ? __pfx_tun_get_user+0x10/0x10
[   77.004817][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   77.004832][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   77.004844][ T5314]  ? __pfx_css_rstat_updated+0x10/0x10
[   77.004858][ T5314]  ? ref_tracker_alloc+0x363/0x4d0
[   77.004868][ T5314]  ? page_table_check_set+0x148/0x610
[   77.004883][ T5314]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   77.004895][ T5314]  ? count_memcg_event_mm+0x21/0x260
[   77.004908][ T5314]  ? tun_get+0x1c/0x2f0
[   77.004919][ T5314]  ? tun_get+0x1c/0x2f0
[   77.004930][ T5314]  ? tun_get+0x1c/0x2f0
[   77.004941][ T5314]  tun_chr_write_iter+0x113/0x200
[   77.004952][ T5314]  vfs_write+0x61d/0xb90
[   77.004969][ T5314]  ? __pfx_vfs_write+0x10/0x10
[   77.004985][ T5314]  ? __fget_files+0x2a/0x420
[   77.005001][ T5314]  ksys_write+0x150/0x270
[   77.005014][ T5314]  ? __pfx_ksys_write+0x10/0x10
[   77.005030][ T5314]  do_syscall_64+0x14d/0xf80
[   77.005046][ T5314]  ? trace_irq_disable+0x3b/0x150
[   77.005061][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.005071][ T5314]  ? clear_bhb_loop+0x40/0x90
[   77.005084][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.005095][ T5314] RIP: 0033:0x7fbceb35cece
[   77.005106][ T5314] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   77.005114][ T5314] RSP: 002b:00007fbcec27bfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   77.005128][ T5314] RAX: ffffffffffffffda RBX: 00007fbcec27c6c0 RCX: 00007fbceb35cece
[   77.005135][ T5314] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8
[   77.005141][ T5314] RBP: 00007fbceb432b39 R08: 0000000000000000 R09: 0000000000000000
[   77.005147][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.005153][ T5314] R13: 00007fbceb616038 R14: 00007fbceb615fa0 R15: 00007ffcfb255238
[   77.005164][ T5314]  </TASK>
[   77.005173][ T5314] BUG: Bad page state in process syz.0.0  pfn:32a28
[   77.129733][ T5314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888032a28dc0 pfn:0x32a28
[   77.133849][ T5314] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   77.136878][ T5314] raw: 04fff00000000000 dead000000000040 ffff88801f35c000 0000000000000000
[   77.140514][ T5314] raw: ffff888032a28dc0 0000000000000001 00000000ffffffff 0000000000000000
[   77.144081][ T5314] page dumped because: page_pool leak
[   77.146454][ T5314] page_owner tracks the page as allocated
[   77.148925][ T5314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5314, tgid 5313 (syz.0.0), ts 75058224242, free_ts 73197067999
[   77.156107][ T5314]  post_alloc_hook+0x231/0x280
[   77.158415][ T5314]  get_page_from_freelist+0x24dc/0x2580
[   77.160748][ T5314]  __alloc_frozen_pages_noprof+0x18d/0x380
[   77.163209][ T5314]  alloc_pages_bulk_noprof+0x558/0x700
[   77.165349][ T5314]  __page_pool_alloc_netmems_slow+0x14c/0x710
[   77.168015][ T5314]  skb_pp_cow_data+0xc21/0x1680
[   77.170414][ T5314]  do_xdp_generic+0x76b/0x12e0
[   77.172587][ T5314]  tun_get_user+0x247d/0x3dd0
[   77.174370][ T5314]  tun_chr_write_iter+0x113/0x200
[   77.176534][ T5314]  vfs_write+0x61d/0xb90
[   77.178315][ T5314]  ksys_write+0x150/0x270
[   77.180138][ T5314]  do_syscall_64+0x14d/0xf80
[   77.182054][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.184437][ T5314] page last free pid 15 tgid 15 stack trace:
[   77.186956][ T5314]  __free_frozen_pages+0xc00/0xd90
[   77.189332][ T5314]  rcu_core+0x7cd/0x1070
[   77.191319][ T5314]  handle_softirqs+0x22a/0x870
[   77.193484][ T5314]  run_ksoftirqd+0x36/0x60
[   77.195312][ T5314]  smpboot_thread_fn+0x541/0xa50
[   77.197520][ T5314]  kthread+0x388/0x470
[   77.199302][ T5314]  ret_from_fork+0x51e/0xb90
[   77.201443][ T5314]  ret_from_fork_asm+0x1a/0x30
[   77.204284][ T5314] Modules linked in:
[   77.206634][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   77.206651][ T5314] Tainted: [B]=BAD_PAGE
[   77.206655][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   77.206662][ T5314] Call Trace:
[   77.206670][ T5314]  <TASK>
[   77.206677][ T5314]  dump_stack_lvl+0xe8/0x150
[   77.206696][ T5314]  bad_page+0x17f/0x1c0
[   77.206721][ T5314]  __free_frozen_pages+0xd37/0xd90
[   77.206740][ T5314]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[   77.206763][ T5314]  bpf_xdp_adjust_tail+0x1d6/0x220
[   77.206778][ T5314]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[   77.206788][ T5314]  bpf_prog_run_generic_xdp+0x603/0x1490
[   77.206811][ T5314]  do_xdp_generic+0xac5/0x12e0
[   77.206829][ T5314]  ? __pfx_do_xdp_generic+0x10/0x10
[   77.206850][ T5314]  ? tun_get_user+0x2354/0x3dd0
[   77.206863][ T5314]  tun_get_user+0x247d/0x3dd0
[   77.206878][ T5314]  ? aa_file_perm+0x12d/0x1630
[   77.206891][ T5314]  ? aa_file_perm+0x440/0x1630
[   77.206903][ T5314]  ? __pfx_tun_get_user+0x10/0x10
[   77.206915][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   77.206931][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   77.206944][ T5314]  ? __pfx_css_rstat_updated+0x10/0x10
[   77.206958][ T5314]  ? ref_tracker_alloc+0x363/0x4d0
[   77.206971][ T5314]  ? page_table_check_set+0x148/0x610
[   77.206988][ T5314]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   77.206998][ T5314]  ? count_memcg_event_mm+0x21/0x260
[   77.207013][ T5314]  ? tun_get+0x1c/0x2f0
[   77.207025][ T5314]  ? tun_get+0x1c/0x2f0
[   77.207036][ T5314]  ? tun_get+0x1c/0x2f0
[   77.207048][ T5314]  tun_chr_write_iter+0x113/0x200
[   77.207061][ T5314]  vfs_write+0x61d/0xb90
[   77.207079][ T5314]  ? __pfx_vfs_write+0x10/0x10
[   77.207097][ T5314]  ? __fget_files+0x2a/0x420
[   77.207112][ T5314]  ksys_write+0x150/0x270
[   77.207129][ T5314]  ? __pfx_ksys_write+0x10/0x10
[   77.207146][ T5314]  do_syscall_64+0x14d/0xf80
[   77.207163][ T5314]  ? trace_irq_disable+0x3b/0x150
[   77.207180][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.207191][ T5314]  ? clear_bhb_loop+0x40/0x90
[   77.207202][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.207214][ T5314] RIP: 0033:0x7fbceb35cece
[   77.207227][ T5314] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   77.207236][ T5314] RSP: 002b:00007fbcec27bfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   77.207249][ T5314] RAX: ffffffffffffffda RBX: 00007fbcec27c6c0 RCX: 00007fbceb35cece
[   77.207257][ T5314] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8
[   77.207264][ T5314] RBP: 00007fbceb432b39 R08: 0000000000000000 R09: 0000000000000000
[   77.207270][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.207276][ T5314] R13: 00007fbceb616038 R14: 00007fbceb615fa0 R15: 00007ffcfb255238
[   77.207287][ T5314]  </TASK>
[   77.207296][ T5314] BUG: Bad page state in process syz.0.0  pfn:390a1
[   77.334942][ T5314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880390a1b40 pfn:0x390a1
[   77.339144][ T5314] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   77.342097][ T5314] raw: 04fff00000000000 dead000000000040 ffff88801f35c000 0000000000000000
[   77.345477][ T5314] raw: ffff8880390a1b40 0000000000000001 00000000ffffffff 0000000000000000
[   77.348918][ T5314] page dumped because: page_pool leak
[   77.351051][ T5314] page_owner tracks the page as allocated
[   77.353177][ T5314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5314, tgid 5313 (syz.0.0), ts 75058211899, free_ts 73197073650
[   77.359970][ T5314]  post_alloc_hook+0x231/0x280
[   77.362135][ T5314]  get_page_from_freelist+0x24dc/0x2580
[   77.364566][ T5314]  __alloc_frozen_pages_noprof+0x18d/0x380
[   77.367034][ T5314]  alloc_pages_bulk_noprof+0x558/0x700
[   77.369367][ T5314]  __page_pool_alloc_netmems_slow+0x14c/0x710
[   77.372074][ T5314]  skb_pp_cow_data+0xc21/0x1680
[   77.374265][ T5314]  do_xdp_generic+0x76b/0x12e0
[   77.376438][ T5314]  tun_get_user+0x247d/0x3dd0
[   77.379053][ T5314]  tun_chr_write_iter+0x113/0x200
[   77.381007][ T5314]  vfs_write+0x61d/0xb90
[   77.382960][ T5314]  ksys_write+0x150/0x270
[   77.384969][ T5314]  do_syscall_64+0x14d/0xf80
[   77.387259][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.389840][ T5314] page last free pid 15 tgid 15 stack trace:
[   77.392431][ T5314]  __free_frozen_pages+0xc00/0xd90
[   77.394730][ T5314]  rcu_core+0x7cd/0x1070
[   77.396796][ T5314]  handle_softirqs+0x22a/0x870
[   77.399621][ T5314]  run_ksoftirqd+0x36/0x60
[   77.401610][ T5314]  smpboot_thread_fn+0x541/0xa50
[   77.403731][ T5314]  kthread+0x388/0x470
[   77.405534][ T5314]  ret_from_fork+0x51e/0xb90
[   77.407601][ T5314]  ret_from_fork_asm+0x1a/0x30
[   77.409708][ T5314] Modules linked in:
[   77.411447][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   77.411464][ T5314] Tainted: [B]=BAD_PAGE
[   77.411468][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   77.411474][ T5314] Call Trace:
[   77.411480][ T5314]  <TASK>
[   77.411486][ T5314]  dump_stack_lvl+0xe8/0x150
[   77.411501][ T5314]  bad_page+0x17f/0x1c0
[   77.411514][ T5314]  __free_frozen_pages+0xd37/0xd90
[   77.411531][ T5314]  bpf_xdp_frags_shrink_tail+0x4f7/0x7f0
[   77.411551][ T5314]  bpf_xdp_adjust_tail+0x1d6/0x220
[   77.411564][ T5314]  bpf_prog_5d7dc57dfd7f985a+0x1e/0x24
[   77.411573][ T5314]  bpf_prog_run_generic_xdp+0x603/0x1490
[   77.411593][ T5314]  do_xdp_generic+0xac5/0x12e0
[   77.411607][ T5314]  ? __pfx_do_xdp_generic+0x10/0x10
[   77.411623][ T5314]  ? tun_get_user+0x2354/0x3dd0
[   77.411634][ T5314]  tun_get_user+0x247d/0x3dd0
[   77.411648][ T5314]  ? aa_file_perm+0x12d/0x1630
[   77.411661][ T5314]  ? aa_file_perm+0x440/0x1630
[   77.411672][ T5314]  ? __pfx_tun_get_user+0x10/0x10
[   77.411683][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   77.411698][ T5314]  ? __lock_acquire+0x6b5/0x2cf0
[   77.411711][ T5314]  ? __pfx_css_rstat_updated+0x10/0x10
[   77.411724][ T5314]  ? ref_tracker_alloc+0x363/0x4d0
[   77.411736][ T5314]  ? page_table_check_set+0x148/0x610
[   77.411753][ T5314]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   77.411763][ T5314]  ? count_memcg_event_mm+0x21/0x260
[   77.411777][ T5314]  ? tun_get+0x1c/0x2f0
[   77.411789][ T5314]  ? tun_get+0x1c/0x2f0
[   77.411799][ T5314]  ? tun_get+0x1c/0x2f0
[   77.411811][ T5314]  tun_chr_write_iter+0x113/0x200
[   77.411823][ T5314]  vfs_write+0x61d/0xb90
[   77.411840][ T5314]  ? __pfx_vfs_write+0x10/0x10
[   77.411856][ T5314]  ? __fget_files+0x2a/0x420
[   77.411871][ T5314]  ksys_write+0x150/0x270
[   77.411887][ T5314]  ? __pfx_ksys_write+0x10/0x10
[   77.411903][ T5314]  do_syscall_64+0x14d/0xf80
[   77.411919][ T5314]  ? trace_irq_disable+0x3b/0x150
[   77.411933][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.411944][ T5314]  ? clear_bhb_loop+0x40/0x90
[   77.411956][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.411967][ T5314] RIP: 0033:0x7fbceb35cece
[   77.411978][ T5314] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   77.411987][ T5314] RSP: 002b:00007fbcec27bfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   77.412000][ T5314] RAX: ffffffffffffffda RBX: 00007fbcec27c6c0 RCX: 00007fbceb35cece
[   77.412008][ T5314] RDX: 000000000000fdef RSI: 0000200000000400 RDI: 00000000000000c8
[   77.412015][ T5314] RBP: 00007fbceb432b39 R08: 0000000000000000 R09: 0000000000000000
[   77.412021][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.412026][ T5314] R13: 00007fbceb616038 R14: 00007fbceb615fa0 R15: 00007ffcfb255238
[   77.412036][ T5314]  </TASK>
[   77.581244][ T4662] Bluetooth: hci0: command tx timeout