program:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f0000000a80)=ANY=[], 0x0)

[   83.089715][ T4666] Bluetooth: hci0: command tx timeout
[   83.093942][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[   83.096295][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[   83.184449][ T5321] BUG: Bad page state in process syz.0.0  pfn:1225f
[   83.187203][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x1225f
[   83.191938][ T5321] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   83.195722][ T5321] raw: 00fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   83.199711][ T5321] raw: ffff888000000000 3fffffffffffffff 00000000ffffffff 0000000000000000
[   83.203299][ T5321] page dumped because: page_pool leak
[   83.205451][ T5321] page_owner tracks the page as allocated
[   83.207670][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 83184396798, free_ts 40202606712
[   83.212922][ T5321]  post_alloc_hook+0x1f4/0x240
[   83.214669][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   83.216474][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   83.218529][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   83.220454][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   83.222851][ T5321]  page_pool_alloc_frag_netmem+0x59c/0x940
[   83.224928][ T5321]  skb_pp_cow_data+0xcea/0x1720
[   83.226426][ T5321]  do_xdp_generic+0x505/0xd30
[   83.228030][ T5321]  tun_get_user+0x2a4b/0x4860
[   83.229786][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   83.231677][ T5321]  vfs_write+0xacf/0xd10
[   83.233379][ T5321]  ksys_write+0x18f/0x2b0
[   83.235014][ T5321]  do_syscall_64+0xf3/0x230
[   83.237180][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.239960][ T5321] page last free pid 17 tgid 17 stack trace:
[   83.242763][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   83.244635][ T5321]  __tlb_remove_table+0x33c/0x420
[   83.246412][ T5321]  tlb_remove_table_rcu+0x76/0xf0
[   83.248268][ T5321]  rcu_core+0xaaa/0x17a0
[   83.249812][ T5321]  handle_softirqs+0x2d4/0x9b0
[   83.251517][ T5321]  run_ksoftirqd+0xca/0x130
[   83.253275][ T5321]  smpboot_thread_fn+0x544/0xa30
[   83.255064][ T5321]  kthread+0x7a9/0x920
[   83.256601][ T5321]  ret_from_fork+0x4b/0x80
[   83.258315][ T5321]  ret_from_fork_asm+0x1a/0x30
[   83.260249][ T5321] Modules linked in:
[   83.261825][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.14.0-syzkaller-00624-g2f2d52945852 #0
[   83.261842][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   83.261850][ T5321] Call Trace:
[   83.261857][ T5321]  <TASK>
[   83.261863][ T5321]  dump_stack_lvl+0x241/0x360
[   83.261879][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   83.261892][ T5321]  ? __pfx_print_modules+0x10/0x10
[   83.261919][ T5321]  bad_page+0x176/0x1d0
[   83.261934][ T5321]  free_frozen_pages+0x1082/0x10e0
[   83.261955][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   83.261980][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   83.261998][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   83.262008][ T5321]  bpf_prog_run_generic_xdp+0x686/0x1510
[   83.262042][ T5321]  do_xdp_generic+0x757/0xd30
[   83.262058][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   83.262074][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   83.262091][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   83.262108][ T5321]  ? tun_get_user+0x2914/0x4860
[   83.262124][ T5321]  tun_get_user+0x2a4b/0x4860
[   83.262148][ T5321]  ? __lock_acquire+0x1397/0x2100
[   83.262170][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   83.262195][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   83.262211][ T5321]  ? tun_get+0x1e/0x2f0
[   83.262227][ T5321]  ? __pfx_lock_release+0x10/0x10
[   83.262251][ T5321]  ? tun_get+0x1e/0x2f0
[   83.262266][ T5321]  ? tun_get+0x27d/0x2f0
[   83.262282][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   83.262300][ T5321]  vfs_write+0xacf/0xd10
[   83.262315][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   83.262332][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   83.262345][ T5321]  ? __fget_files+0x2a/0x420
[   83.262383][ T5321]  ? __fget_files+0x2a/0x420
[   83.262407][ T5321]  ksys_write+0x18f/0x2b0
[   83.262421][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   83.262434][ T5321]  ? exc_page_fault+0x590/0x8b0
[   83.262451][ T5321]  ? do_syscall_64+0xb6/0x230
[   83.262465][ T5321]  do_syscall_64+0xf3/0x230
[   83.262480][ T5321]  ? clear_bhb_loop+0x35/0x90
[   83.262500][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.262516][ T5321] RIP: 0033:0x7f1c1878bc1f
[   83.262530][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   83.262539][ T5321] RSP: 002b:00007f1c195d6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   83.262551][ T5321] RAX: ffffffffffffffda RBX: 00007f1c189a5fa0 RCX: 00007f1c1878bc1f
[   83.262560][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   83.262568][ T5321] RBP: 00007f1c1880e2a0 R08: 0000000000000000 R09: 0000000000000000
[   83.262577][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   83.262584][ T5321] R13: 0000000000000000 R14: 00007f1c189a5fa0 R15: 00007ffe708ebc28
[   83.262602][ T5321]  </TASK>
[   83.367729][ T5321] Disabling lock debugging due to kernel taint
[   83.370058][ T5321] BUG: Bad page state in process syz.0.0  pfn:12253
[   83.372335][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x12253
[   83.375824][ T5321] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   83.378385][ T5321] raw: 00fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   83.381500][ T5321] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[   83.384713][ T5321] page dumped because: page_pool leak
[   83.386721][ T5321] page_owner tracks the page as allocated
[   83.388976][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 83184391265, free_ts 40202610241
[   83.395181][ T5321]  post_alloc_hook+0x1f4/0x240
[   83.397100][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   83.399374][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   83.401663][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   83.403903][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   83.406229][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   83.408022][ T5321]  do_xdp_generic+0x505/0xd30
[   83.409597][ T5321]  tun_get_user+0x2a4b/0x4860
[   83.411338][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   83.413426][ T5321]  vfs_write+0xacf/0xd10
[   83.415085][ T5321]  ksys_write+0x18f/0x2b0
[   83.416605][ T5321]  do_syscall_64+0xf3/0x230
[   83.418296][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.420324][ T5321] page last free pid 17 tgid 17 stack trace:
[   83.422612][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   83.424506][ T5321]  __tlb_remove_table+0x33c/0x420
[   83.426619][ T5321]  tlb_remove_table_rcu+0x76/0xf0
[   83.428700][ T5321]  rcu_core+0xaaa/0x17a0
[   83.430372][ T5321]  handle_softirqs+0x2d4/0x9b0
[   83.432232][ T5321]  run_ksoftirqd+0xca/0x130
[   83.434150][ T5321]  smpboot_thread_fn+0x544/0xa30
[   83.436063][ T5321]  kthread+0x7a9/0x920
[   83.437697][ T5321]  ret_from_fork+0x4b/0x80
[   83.439425][ T5321]  ret_from_fork_asm+0x1a/0x30
[   83.441370][ T5321] Modules linked in:
[   83.443082][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   83.443100][ T5321] Tainted: [B]=BAD_PAGE
[   83.443104][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   83.443111][ T5321] Call Trace:
[   83.443119][ T5321]  <TASK>
[   83.443125][ T5321]  dump_stack_lvl+0x241/0x360
[   83.443141][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   83.443154][ T5321]  ? __pfx_print_modules+0x10/0x10
[   83.443174][ T5321]  bad_page+0x176/0x1d0
[   83.443189][ T5321]  free_frozen_pages+0x1082/0x10e0
[   83.443208][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   83.443227][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   83.443238][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   83.443244][ T5321]  bpf_prog_run_generic_xdp+0x686/0x1510
[   83.443259][ T5321]  do_xdp_generic+0x757/0xd30
[   83.443266][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   83.443273][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   83.443282][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   83.443291][ T5321]  ? tun_get_user+0x2914/0x4860
[   83.443302][ T5321]  tun_get_user+0x2a4b/0x4860
[   83.443314][ T5321]  ? __lock_acquire+0x1397/0x2100
[   83.443325][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   83.443337][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   83.443347][ T5321]  ? tun_get+0x1e/0x2f0
[   83.443356][ T5321]  ? __pfx_lock_release+0x10/0x10
[   83.443372][ T5321]  ? tun_get+0x1e/0x2f0
[   83.443387][ T5321]  ? tun_get+0x27d/0x2f0
[   83.443402][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   83.443418][ T5321]  vfs_write+0xacf/0xd10
[   83.443430][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   83.443447][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   83.443459][ T5321]  ? __fget_files+0x2a/0x420
[   83.443478][ T5321]  ? __fget_files+0x2a/0x420
[   83.443494][ T5321]  ksys_write+0x18f/0x2b0
[   83.443504][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   83.443514][ T5321]  ? exc_page_fault+0x590/0x8b0
[   83.443527][ T5321]  ? do_syscall_64+0xb6/0x230
[   83.443541][ T5321]  do_syscall_64+0xf3/0x230
[   83.443557][ T5321]  ? clear_bhb_loop+0x35/0x90
[   83.443575][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.443592][ T5321] RIP: 0033:0x7f1c1878bc1f
[   83.443603][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   83.443613][ T5321] RSP: 002b:00007f1c195d6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   83.443627][ T5321] RAX: ffffffffffffffda RBX: 00007f1c189a5fa0 RCX: 00007f1c1878bc1f
[   83.443635][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   83.443643][ T5321] RBP: 00007f1c1880e2a0 R08: 0000000000000000 R09: 0000000000000000
[   83.443651][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   83.443659][ T5321] R13: 0000000000000000 R14: 00007f1c189a5fa0 R15: 00007ffe708ebc28
[   83.443672][ T5321]  </TASK>
[   83.443680][ T5321] BUG: Bad page state in process syz.0.0  pfn:1217d
[   83.554303][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x1217d
[   83.558167][ T5321] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   83.560952][ T5321] raw: 00fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   83.564438][ T5321] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[   83.567896][ T5321] page dumped because: page_pool leak
[   83.570041][ T5321] page_owner tracks the page as allocated
[   83.572464][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 83184387169, free_ts 40202615141
[   83.578924][ T5321]  post_alloc_hook+0x1f4/0x240
[   83.580863][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   83.583204][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   83.585614][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   83.587829][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   83.590152][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   83.592119][ T5321]  do_xdp_generic+0x505/0xd30
[   83.594117][ T5321]  tun_get_user+0x2a4b/0x4860
[   83.595983][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   83.598041][ T5321]  vfs_write+0xacf/0xd10
[   83.599767][ T5321]  ksys_write+0x18f/0x2b0
[   83.601734][ T5321]  do_syscall_64+0xf3/0x230
[   83.603751][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.606191][ T5321] page last free pid 17 tgid 17 stack trace:
[   83.608617][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   83.610766][ T5321]  __tlb_remove_table+0x33c/0x420
[   83.612932][ T5321]  tlb_remove_table_rcu+0x76/0xf0
[   83.615035][ T5321]  rcu_core+0xaaa/0x17a0
[   83.616797][ T5321]  handle_softirqs+0x2d4/0x9b0
[   83.618729][ T5321]  run_ksoftirqd+0xca/0x130
[   83.620564][ T5321]  smpboot_thread_fn+0x544/0xa30
[   83.622705][ T5321]  kthread+0x7a9/0x920
[   83.624364][ T5321]  ret_from_fork+0x4b/0x80
[   83.626163][ T5321]  ret_from_fork_asm+0x1a/0x30
[   83.628084][ T5321] Modules linked in:
[   83.629654][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   83.629674][ T5321] Tainted: [B]=BAD_PAGE
[   83.629679][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   83.629687][ T5321] Call Trace:
[   83.629694][ T5321]  <TASK>
[   83.629700][ T5321]  dump_stack_lvl+0x241/0x360
[   83.629717][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   83.629728][ T5321]  ? __pfx_print_modules+0x10/0x10
[   83.629749][ T5321]  bad_page+0x176/0x1d0
[   83.629763][ T5321]  free_frozen_pages+0x1082/0x10e0
[   83.629777][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   83.629792][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   83.629803][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   83.629810][ T5321]  bpf_prog_run_generic_xdp+0x686/0x1510
[   83.629825][ T5321]  do_xdp_generic+0x757/0xd30
[   83.629832][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   83.629840][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   83.629849][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   83.629862][ T5321]  ? tun_get_user+0x2914/0x4860
[   83.629878][ T5321]  tun_get_user+0x2a4b/0x4860
[   83.629898][ T5321]  ? __lock_acquire+0x1397/0x2100
[   83.629918][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   83.629939][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   83.629953][ T5321]  ? tun_get+0x1e/0x2f0
[   83.629968][ T5321]  ? __pfx_lock_release+0x10/0x10
[   83.629986][ T5321]  ? tun_get+0x1e/0x2f0
[   83.629999][ T5321]  ? tun_get+0x27d/0x2f0
[   83.630013][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   83.630029][ T5321]  vfs_write+0xacf/0xd10
[   83.630040][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   83.630055][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   83.630066][ T5321]  ? __fget_files+0x2a/0x420
[   83.630081][ T5321]  ? __fget_files+0x2a/0x420
[   83.630096][ T5321]  ksys_write+0x18f/0x2b0
[   83.630107][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   83.630118][ T5321]  ? exc_page_fault+0x590/0x8b0
[   83.630129][ T5321]  ? do_syscall_64+0xb6/0x230
[   83.630140][ T5321]  do_syscall_64+0xf3/0x230
[   83.630153][ T5321]  ? clear_bhb_loop+0x35/0x90
[   83.630169][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.630185][ T5321] RIP: 0033:0x7f1c1878bc1f
[   83.630196][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   83.630206][ T5321] RSP: 002b:00007f1c195d6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   83.630219][ T5321] RAX: ffffffffffffffda RBX: 00007f1c189a5fa0 RCX: 00007f1c1878bc1f
[   83.630226][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   83.630237][ T5321] RBP: 00007f1c1880e2a0 R08: 0000000000000000 R09: 0000000000000000
[   83.630244][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   83.630251][ T5321] R13: 0000000000000000 R14: 00007f1c189a5fa0 R15: 00007ffe708ebc28
[   83.630262][ T5321]  </TASK>
[   83.630271][ T5321] BUG: Bad page state in process syz.0.0  pfn:1ed47
[   83.743727][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801ed47000 pfn:0x1ed47
[   83.747742][ T5321] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   83.750416][ T5321] raw: 00fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   83.753902][ T5321] raw: ffff88801ed47000 0000000000000001 00000000ffffffff 0000000000000000
[   83.757056][ T5321] page dumped because: page_pool leak
[   83.758938][ T5321] page_owner tracks the page as allocated
[   83.760951][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 83184382173, free_ts 40202620301
[   83.766899][ T5321]  post_alloc_hook+0x1f4/0x240
[   83.768878][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   83.771064][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   83.773560][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   83.775735][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   83.778306][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   83.780405][ T5321]  do_xdp_generic+0x505/0xd30
[   83.782299][ T5321]  tun_get_user+0x2a4b/0x4860
[   83.784315][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   83.786374][ T5321]  vfs_write+0xacf/0xd10
[   83.788125][ T5321]  ksys_write+0x18f/0x2b0
[   83.789891][ T5321]  do_syscall_64+0xf3/0x230
[   83.791701][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.794146][ T5321] page last free pid 17 tgid 17 stack trace:
[   83.796371][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   83.798448][ T5321]  __tlb_remove_table+0x33c/0x420
[   83.800416][ T5321]  tlb_remove_table_rcu+0x76/0xf0
[   83.802517][ T5321]  rcu_core+0xaaa/0x17a0
[   83.804279][ T5321]  handle_softirqs+0x2d4/0x9b0
[   83.806247][ T5321]  run_ksoftirqd+0xca/0x130
[   83.808131][ T5321]  smpboot_thread_fn+0x544/0xa30
[   83.810151][ T5321]  kthread+0x7a9/0x920
[   83.811836][ T5321]  ret_from_fork+0x4b/0x80
[   83.813718][ T5321]  ret_from_fork_asm+0x1a/0x30
[   83.815404][ T5321] Modules linked in:
[   83.816642][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   83.816657][ T5321] Tainted: [B]=BAD_PAGE
[   83.816660][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   83.816665][ T5321] Call Trace:
[   83.816671][ T5321]  <TASK>
[   83.816677][ T5321]  dump_stack_lvl+0x241/0x360
[   83.816690][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   83.816699][ T5321]  ? __pfx_print_modules+0x10/0x10
[   83.816716][ T5321]  bad_page+0x176/0x1d0
[   83.816729][ T5321]  free_frozen_pages+0x1082/0x10e0
[   83.816746][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   83.816765][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   83.816780][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   83.816788][ T5321]  bpf_prog_run_generic_xdp+0x686/0x1510
[   83.816807][ T5321]  do_xdp_generic+0x757/0xd30
[   83.816816][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   83.816825][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   83.816838][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   83.816850][ T5321]  ? tun_get_user+0x2914/0x4860
[   83.816866][ T5321]  tun_get_user+0x2a4b/0x4860
[   83.816882][ T5321]  ? __lock_acquire+0x1397/0x2100
[   83.816895][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   83.816911][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   83.816924][ T5321]  ? tun_get+0x1e/0x2f0
[   83.816936][ T5321]  ? __pfx_lock_release+0x10/0x10
[   83.816952][ T5321]  ? tun_get+0x1e/0x2f0
[   83.816967][ T5321]  ? tun_get+0x27d/0x2f0
[   83.816982][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   83.816999][ T5321]  vfs_write+0xacf/0xd10
[   83.817009][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   83.817021][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   83.817030][ T5321]  ? __fget_files+0x2a/0x420
[   83.817042][ T5321]  ? __fget_files+0x2a/0x420
[   83.817055][ T5321]  ksys_write+0x18f/0x2b0
[   83.817063][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   83.817072][ T5321]  ? exc_page_fault+0x590/0x8b0
[   83.817083][ T5321]  ? do_syscall_64+0xb6/0x230
[   83.817094][ T5321]  do_syscall_64+0xf3/0x230
[   83.817106][ T5321]  ? clear_bhb_loop+0x35/0x90
[   83.817119][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.817131][ T5321] RIP: 0033:0x7f1c1878bc1f
[   83.817140][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   83.817171][ T5321] RSP: 002b:00007f1c195d6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   83.817183][ T5321] RAX: ffffffffffffffda RBX: 00007f1c189a5fa0 RCX: 00007f1c1878bc1f
[   83.817192][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   83.817198][ T5321] RBP: 00007f1c1880e2a0 R08: 0000000000000000 R09: 0000000000000000
[   83.817204][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   83.817210][ T5321] R13: 0000000000000000 R14: 00007f1c189a5fa0 R15: 00007ffe708ebc28
[   83.817221][ T5321]  </TASK>
[   83.817229][ T5321] BUG: Bad page state in process syz.0.0  pfn:1adcd
[   83.936340][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801adcd7c0 pfn:0x1adcd
[   83.940259][ T5321] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   83.943118][ T5321] raw: 00fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   83.946454][ T5321] raw: ffff88801adcd7c0 0000000000000001 00000000ffffffff 0000000000000000
[   83.949922][ T5321] page dumped because: page_pool leak
[   83.951990][ T5321] page_owner tracks the page as allocated
[   83.954348][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 83184376663, free_ts 40202625764
[   83.960528][ T5321]  post_alloc_hook+0x1f4/0x240
[   83.962548][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   83.964822][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   83.967270][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   83.969398][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   83.971820][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   83.973793][ T5321]  do_xdp_generic+0x505/0xd30
[   83.975691][ T5321]  tun_get_user+0x2a4b/0x4860
[   83.977568][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   83.979515][ T5321]  vfs_write+0xacf/0xd10
[   83.981214][ T5321]  ksys_write+0x18f/0x2b0
[   83.982973][ T5321]  do_syscall_64+0xf3/0x230
[   83.984808][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.987132][ T5321] page last free pid 17 tgid 17 stack trace:
[   83.989451][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   83.991397][ T5321]  __tlb_remove_table+0x33c/0x420
[   83.993378][ T5321]  tlb_remove_table_rcu+0x76/0xf0
[   83.995320][ T5321]  rcu_core+0xaaa/0x17a0
[   83.997016][ T5321]  handle_softirqs+0x2d4/0x9b0
[   83.998837][ T5321]  run_ksoftirqd+0xca/0x130
[   84.000654][ T5321]  smpboot_thread_fn+0x544/0xa30
[   84.002694][ T5321]  kthread+0x7a9/0x920
[   84.004347][ T5321]  ret_from_fork+0x4b/0x80
[   84.006189][ T5321]  ret_from_fork_asm+0x1a/0x30
[   84.008056][ T5321] Modules linked in:
[   84.009660][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   84.009680][ T5321] Tainted: [B]=BAD_PAGE
[   84.009684][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.009692][ T5321] Call Trace:
[   84.009699][ T5321]  <TASK>
[   84.009705][ T5321]  dump_stack_lvl+0x241/0x360
[   84.009721][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.009732][ T5321]  ? __pfx_print_modules+0x10/0x10
[   84.009751][ T5321]  bad_page+0x176/0x1d0
[   84.009764][ T5321]  free_frozen_pages+0x1082/0x10e0
[   84.009784][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   84.009803][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   84.009816][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   84.009825][ T5321]  bpf_prog_run_generic_xdp+0x686/0x1510
[   84.009848][ T5321]  do_xdp_generic+0x757/0xd30
[   84.009859][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   84.009870][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   84.009882][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   84.009896][ T5321]  ? tun_get_user+0x2914/0x4860
[   84.009911][ T5321]  tun_get_user+0x2a4b/0x4860
[   84.009932][ T5321]  ? __lock_acquire+0x1397/0x2100
[   84.009950][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   84.009968][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   84.009984][ T5321]  ? tun_get+0x1e/0x2f0
[   84.009998][ T5321]  ? __pfx_lock_release+0x10/0x10
[   84.010017][ T5321]  ? tun_get+0x1e/0x2f0
[   84.010031][ T5321]  ? tun_get+0x27d/0x2f0
[   84.010042][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   84.010055][ T5321]  vfs_write+0xacf/0xd10
[   84.010066][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   84.010080][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   84.010092][ T5321]  ? __fget_files+0x2a/0x420
[   84.010109][ T5321]  ? __fget_files+0x2a/0x420
[   84.010124][ T5321]  ksys_write+0x18f/0x2b0
[   84.010145][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   84.010157][ T5321]  ? exc_page_fault+0x590/0x8b0
[   84.010173][ T5321]  ? do_syscall_64+0xb6/0x230
[   84.010192][ T5321]  do_syscall_64+0xf3/0x230
[   84.010208][ T5321]  ? clear_bhb_loop+0x35/0x90
[   84.010226][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.010245][ T5321] RIP: 0033:0x7f1c1878bc1f
[   84.010256][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   84.010267][ T5321] RSP: 002b:00007f1c195d6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   84.010284][ T5321] RAX: ffffffffffffffda RBX: 00007f1c189a5fa0 RCX: 00007f1c1878bc1f
[   84.010293][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   84.010302][ T5321] RBP: 00007f1c1880e2a0 R08: 0000000000000000 R09: 0000000000000000
[   84.010310][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   84.010317][ T5321] R13: 0000000000000000 R14: 00007f1c189a5fa0 R15: 00007ffe708ebc28
[   84.010327][ T5321]  </TASK>
[   84.010336][ T5321] BUG: Bad page state in process syz.0.0  pfn:1205d
[   84.125683][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x1205d
[   84.129473][ T5321] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   84.132262][ T5321] raw: 00fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   84.135706][ T5321] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[   84.139136][ T5321] page dumped because: page_pool leak
[   84.141337][ T5321] page_owner tracks the page as allocated
[   84.143650][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 83184370071, free_ts 40202631156
[   84.150018][ T5321]  post_alloc_hook+0x1f4/0x240
[   84.151952][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   84.154227][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   84.156557][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   84.158847][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   84.161193][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   84.163300][ T5321]  do_xdp_generic+0x505/0xd30
[   84.165122][ T5321]  tun_get_user+0x2a4b/0x4860
[   84.167064][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   84.169087][ T5321]  vfs_write+0xacf/0xd10
[   84.170908][ T5321]  ksys_write+0x18f/0x2b0
[   84.172723][ T5321]  do_syscall_64+0xf3/0x230
[   84.174645][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.177062][ T5321] page last free pid 17 tgid 17 stack trace:
[   84.179512][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   84.181575][ T5321]  __tlb_remove_table+0x33c/0x420
[   84.183552][ T5321]  tlb_remove_table_rcu+0x76/0xf0
[   84.185324][ T5321]  rcu_core+0xaaa/0x17a0
[   84.186975][ T5321]  handle_softirqs+0x2d4/0x9b0
[   84.188815][ T5321]  run_ksoftirqd+0xca/0x130
[   84.190553][ T5321]  smpboot_thread_fn+0x544/0xa30
[   84.192465][ T5321]  kthread+0x7a9/0x920
[   84.193998][ T5321]  ret_from_fork+0x4b/0x80
[   84.195657][ T5321]  ret_from_fork_asm+0x1a/0x30
[   84.197512][ T5321] Modules linked in:
[   84.200099][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   84.200124][ T5321] Tainted: [B]=BAD_PAGE
[   84.200135][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.200143][ T5321] Call Trace:
[   84.200181][ T5321]  <TASK>
[   84.200190][ T5321]  dump_stack_lvl+0x241/0x360
[   84.200211][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.200223][ T5321]  ? __pfx_print_modules+0x10/0x10
[   84.200243][ T5321]  bad_page+0x176/0x1d0
[   84.200259][ T5321]  free_frozen_pages+0x1082/0x10e0
[   84.200280][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   84.200321][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   84.200338][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   84.200349][ T5321]  bpf_prog_run_generic_xdp+0x686/0x1510
[   84.200375][ T5321]  do_xdp_generic+0x757/0xd30
[   84.200387][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   84.200399][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   84.200413][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   84.200428][ T5321]  ? tun_get_user+0x2914/0x4860
[   84.200445][ T5321]  tun_get_user+0x2a4b/0x4860
[   84.200466][ T5321]  ? __lock_acquire+0x1397/0x2100
[   84.200478][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   84.200492][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   84.200503][ T5321]  ? tun_get+0x1e/0x2f0
[   84.200517][ T5321]  ? __pfx_lock_release+0x10/0x10
[   84.200536][ T5321]  ? tun_get+0x1e/0x2f0
[   84.200550][ T5321]  ? tun_get+0x27d/0x2f0
[   84.200566][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   84.200582][ T5321]  vfs_write+0xacf/0xd10
[   84.200595][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   84.200613][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   84.200626][ T5321]  ? __fget_files+0x2a/0x420
[   84.200643][ T5321]  ? __fget_files+0x2a/0x420
[   84.200663][ T5321]  ksys_write+0x18f/0x2b0
[   84.200674][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   84.200685][ T5321]  ? exc_page_fault+0x590/0x8b0
[   84.200698][ T5321]  ? do_syscall_64+0xb6/0x230
[   84.200716][ T5321]  do_syscall_64+0xf3/0x230
[   84.200731][ T5321]  ? clear_bhb_loop+0x35/0x90
[   84.200748][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.200763][ T5321] RIP: 0033:0x7f1c1878bc1f
[   84.200796][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   84.200806][ T5321] RSP: 002b:00007f1c195d6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   84.200821][ T5321] RAX: ffffffffffffffda RBX: 00007f1c189a5fa0 RCX: 00007f1c1878bc1f
[   84.200828][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   84.200835][ T5321] RBP: 00007f1c1880e2a0 R08: 0000000000000000 R09: 0000000000000000
[   84.200842][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   84.200848][ T5321] R13: 0000000000000000 R14: 00007f1c189a5fa0 R15: 00007ffe708ebc28
[   84.200859][ T5321]  </TASK>
[   84.200928][ T5321] BUG: Bad page state in process syz.0.0  pfn:1af4d
[   84.316077][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x1af4d
[   84.320093][ T5321] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   84.323091][ T5321] raw: 00fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   84.326664][ T5321] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[   84.330116][ T5321] page dumped because: page_pool leak
[   84.332075][ T5321] page_owner tracks the page as allocated
[   84.334336][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 83184362803, free_ts 40202634210
[   84.340652][ T5321]  post_alloc_hook+0x1f4/0x240
[   84.342633][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   84.345434][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   84.347939][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   84.350147][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   84.352548][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   84.354437][ T5321]  do_xdp_generic+0x505/0xd30
[   84.356259][ T5321]  tun_get_user+0x2a4b/0x4860
[   84.358215][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   84.360135][ T5321]  vfs_write+0xacf/0xd10
[   84.361827][ T5321]  ksys_write+0x18f/0x2b0
[   84.363816][ T5321]  do_syscall_64+0xf3/0x230
[   84.365749][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.368089][ T5321] page last free pid 17 tgid 17 stack trace:
[   84.370373][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   84.372563][ T5321]  __tlb_remove_table+0x33c/0x420
[   84.374448][ T5321]  tlb_remove_table_rcu+0x76/0xf0
[   84.376551][ T5321]  rcu_core+0xaaa/0x17a0
[   84.378350][ T5321]  handle_softirqs+0x2d4/0x9b0
[   84.380345][ T5321]  run_ksoftirqd+0xca/0x130
[   84.382255][ T5321]  smpboot_thread_fn+0x544/0xa30
[   84.384377][ T5321]  kthread+0x7a9/0x920
[   84.385900][ T5321]  ret_from_fork+0x4b/0x80
[   84.387632][ T5321]  ret_from_fork_asm+0x1a/0x30
[   84.389453][ T5321] Modules linked in:
[   84.390898][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   84.390919][ T5321] Tainted: [B]=BAD_PAGE
[   84.390924][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.390932][ T5321] Call Trace:
[   84.390940][ T5321]  <TASK>
[   84.390947][ T5321]  dump_stack_lvl+0x241/0x360
[   84.390964][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.390977][ T5321]  ? __pfx_print_modules+0x10/0x10
[   84.390998][ T5321]  bad_page+0x176/0x1d0
[   84.391013][ T5321]  free_frozen_pages+0x1082/0x10e0
[   84.391032][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   84.391054][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   84.391070][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   84.391081][ T5321]  bpf_prog_run_generic_xdp+0x686/0x1510
[   84.391106][ T5321]  do_xdp_generic+0x757/0xd30
[   84.391118][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   84.391127][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   84.391142][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   84.391157][ T5321]  ? tun_get_user+0x2914/0x4860
[   84.391174][ T5321]  tun_get_user+0x2a4b/0x4860
[   84.391193][ T5321]  ? __lock_acquire+0x1397/0x2100
[   84.391213][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   84.391235][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   84.391251][ T5321]  ? tun_get+0x1e/0x2f0
[   84.391266][ T5321]  ? __pfx_lock_release+0x10/0x10
[   84.391285][ T5321]  ? tun_get+0x1e/0x2f0
[   84.391299][ T5321]  ? tun_get+0x27d/0x2f0
[   84.391315][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   84.391331][ T5321]  vfs_write+0xacf/0xd10
[   84.391344][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   84.391358][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   84.391369][ T5321]  ? __fget_files+0x2a/0x420
[   84.391385][ T5321]  ? __fget_files+0x2a/0x420
[   84.391400][ T5321]  ksys_write+0x18f/0x2b0
[   84.391412][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   84.391422][ T5321]  ? exc_page_fault+0x590/0x8b0
[   84.391435][ T5321]  ? do_syscall_64+0xb6/0x230
[   84.391450][ T5321]  do_syscall_64+0xf3/0x230
[   84.391464][ T5321]  ? clear_bhb_loop+0x35/0x90
[   84.391484][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.391501][ T5321] RIP: 0033:0x7f1c1878bc1f
[   84.391513][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   84.391522][ T5321] RSP: 002b:00007f1c195d6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   84.391535][ T5321] RAX: ffffffffffffffda RBX: 00007f1c189a5fa0 RCX: 00007f1c1878bc1f
[   84.391544][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   84.391552][ T5321] RBP: 00007f1c1880e2a0 R08: 0000000000000000 R09: 0000000000000000
[   84.391559][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   84.391567][ T5321] R13: 0000000000000000 R14: 00007f1c189a5fa0 R15: 00007ffe708ebc28
[   84.391579][ T5321]  </TASK>
[   84.391591][ T5321] BUG: Bad page state in process syz.0.0  pfn:126b9
[   84.504612][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880126b9dc0 pfn:0x126b9
[   84.508268][ T5321] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   84.510947][ T5321] raw: 00fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   84.514183][ T5321] raw: ffff8880126b9dc0 0000000000000001 00000000ffffffff 0000000000000000
[   84.517702][ T5321] page dumped because: page_pool leak
[   84.519889][ T5321] page_owner tracks the page as allocated
[   84.522220][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 83184351997, free_ts 40202639449
[   84.528302][ T5321]  post_alloc_hook+0x1f4/0x240
[   84.529938][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   84.531964][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   84.534420][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   84.536553][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   84.539208][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   84.541248][ T5321]  do_xdp_generic+0x505/0xd30
[   84.543189][ T5321]  tun_get_user+0x2a4b/0x4860
[   84.545095][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   84.546957][ T5321]  vfs_write+0xacf/0xd10
[   84.548378][ T5321]  ksys_write+0x18f/0x2b0
[   84.550159][ T5321]  do_syscall_64+0xf3/0x230
[   84.552248][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.554601][ T5321] page last free pid 17 tgid 17 stack trace:
[   84.557000][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   84.558828][ T5321]  __tlb_remove_table+0x33c/0x420
[   84.560517][ T5321]  tlb_remove_table_rcu+0x76/0xf0
[   84.562109][ T5321]  rcu_core+0xaaa/0x17a0
[   84.563603][ T5321]  handle_softirqs+0x2d4/0x9b0
[   84.565245][ T5321]  run_ksoftirqd+0xca/0x130
[   84.566777][ T5321]  smpboot_thread_fn+0x544/0xa30
[   84.568599][ T5321]  kthread+0x7a9/0x920
[   84.570123][ T5321]  ret_from_fork+0x4b/0x80
[   84.571801][ T5321]  ret_from_fork_asm+0x1a/0x30
[   84.573881][ T5321] Modules linked in:
[   84.575457][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   84.575483][ T5321] Tainted: [B]=BAD_PAGE
[   84.575490][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.575501][ T5321] Call Trace:
[   84.575512][ T5321]  <TASK>
[   84.575521][ T5321]  dump_stack_lvl+0x241/0x360
[   84.575540][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.575551][ T5321]  ? __pfx_print_modules+0x10/0x10
[   84.575571][ T5321]  bad_page+0x176/0x1d0
[   84.575586][ T5321]  free_frozen_pages+0x1082/0x10e0
[   84.575606][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   84.575638][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   84.575655][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   84.575666][ T5321]  bpf_prog_run_generic_xdp+0x686/0x1510
[   84.575689][ T5321]  do_xdp_generic+0x757/0xd30
[   84.575700][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   84.575712][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   84.575727][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   84.575744][ T5321]  ? tun_get_user+0x2914/0x4860
[   84.575760][ T5321]  tun_get_user+0x2a4b/0x4860
[   84.575780][ T5321]  ? __lock_acquire+0x1397/0x2100
[   84.575798][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   84.575818][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   84.575834][ T5321]  ? tun_get+0x1e/0x2f0
[   84.575849][ T5321]  ? __pfx_lock_release+0x10/0x10
[   84.575867][ T5321]  ? tun_get+0x1e/0x2f0
[   84.575881][ T5321]  ? tun_get+0x27d/0x2f0
[   84.575896][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   84.575912][ T5321]  vfs_write+0xacf/0xd10
[   84.575926][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   84.575941][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   84.575952][ T5321]  ? __fget_files+0x2a/0x420
[   84.575969][ T5321]  ? __fget_files+0x2a/0x420
[   84.575984][ T5321]  ksys_write+0x18f/0x2b0
[   84.575996][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   84.576006][ T5321]  ? exc_page_fault+0x590/0x8b0
[   84.576021][ T5321]  ? do_syscall_64+0xb6/0x230
[   84.576035][ T5321]  do_syscall_64+0xf3/0x230
[   84.576050][ T5321]  ? clear_bhb_loop+0x35/0x90
[   84.576066][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.576082][ T5321] RIP: 0033:0x7f1c1878bc1f
[   84.576093][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   84.576102][ T5321] RSP: 002b:00007f1c195d6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   84.576115][ T5321] RAX: ffffffffffffffda RBX: 00007f1c189a5fa0 RCX: 00007f1c1878bc1f
[   84.576124][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   84.576131][ T5321] RBP: 00007f1c1880e2a0 R08: 0000000000000000 R09: 0000000000000000
[   84.576138][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   84.576144][ T5321] R13: 0000000000000000 R14: 00007f1c189a5fa0 R15: 00007ffe708ebc28
[   84.576155][ T5321]  </TASK>
[   84.576166][ T5321] BUG: Bad page state in process syz.0.0  pfn:1ad71
[   84.691162][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x1ad71
[   84.695000][ T5321] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   84.697697][ T5321] raw: 00fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   84.700949][ T5321] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[   84.704258][ T5321] page dumped because: page_pool leak
[   84.706315][ T5321] page_owner tracks the page as allocated
[   84.708743][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 83184344880, free_ts 40202644153
[   84.715401][ T5321]  post_alloc_hook+0x1f4/0x240
[   84.717390][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   84.719666][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   84.722144][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   84.724408][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   84.726802][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   84.728843][ T5321]  do_xdp_generic+0x505/0xd30
[   84.730621][ T5321]  tun_get_user+0x2a4b/0x4860
[   84.732498][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   84.734436][ T5321]  vfs_write+0xacf/0xd10
[   84.736138][ T5321]  ksys_write+0x18f/0x2b0
[   84.738005][ T5321]  do_syscall_64+0xf3/0x230
[   84.739842][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.742256][ T5321] page last free pid 17 tgid 17 stack trace:
[   84.744756][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   84.746973][ T5321]  __tlb_remove_table+0x33c/0x420
[   84.748988][ T5321]  tlb_remove_table_rcu+0x76/0xf0
[   84.750836][ T5321]  rcu_core+0xaaa/0x17a0
[   84.752619][ T5321]  handle_softirqs+0x2d4/0x9b0
[   84.754525][ T5321]  run_ksoftirqd+0xca/0x130
[   84.756387][ T5321]  smpboot_thread_fn+0x544/0xa30
[   84.758497][ T5321]  kthread+0x7a9/0x920
[   84.760266][ T5321]  ret_from_fork+0x4b/0x80
[   84.761992][ T5321]  ret_from_fork_asm+0x1a/0x30
[   84.764012][ T5321] Modules linked in:
[   84.765579][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   84.765597][ T5321] Tainted: [B]=BAD_PAGE
[   84.765601][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.765609][ T5321] Call Trace:
[   84.765617][ T5321]  <TASK>
[   84.765623][ T5321]  dump_stack_lvl+0x241/0x360
[   84.765639][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.765650][ T5321]  ? __pfx_print_modules+0x10/0x10
[   84.765669][ T5321]  bad_page+0x176/0x1d0
[   84.765683][ T5321]  free_frozen_pages+0x1082/0x10e0
[   84.765702][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   84.765723][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   84.765739][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   84.765749][ T5321]  bpf_prog_run_generic_xdp+0x686/0x1510
[   84.765776][ T5321]  do_xdp_generic+0x757/0xd30
[   84.765787][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   84.765800][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   84.765815][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   84.765830][ T5321]  ? tun_get_user+0x2914/0x4860
[   84.765847][ T5321]  tun_get_user+0x2a4b/0x4860
[   84.765866][ T5321]  ? __lock_acquire+0x1397/0x2100
[   84.765884][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   84.765903][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   84.765919][ T5321]  ? tun_get+0x1e/0x2f0
[   84.765934][ T5321]  ? __pfx_lock_release+0x10/0x10
[   84.765952][ T5321]  ? tun_get+0x1e/0x2f0
[   84.765975][ T5321]  ? tun_get+0x27d/0x2f0
[   84.765990][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   84.766006][ T5321]  vfs_write+0xacf/0xd10
[   84.766018][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   84.766034][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   84.766045][ T5321]  ? __fget_files+0x2a/0x420
[   84.766061][ T5321]  ? __fget_files+0x2a/0x420
[   84.766077][ T5321]  ksys_write+0x18f/0x2b0
[   84.766088][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   84.766098][ T5321]  ? exc_page_fault+0x590/0x8b0
[   84.766113][ T5321]  ? do_syscall_64+0xb6/0x230
[   84.766127][ T5321]  do_syscall_64+0xf3/0x230
[   84.766142][ T5321]  ? clear_bhb_loop+0x35/0x90
[   84.766160][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.766175][ T5321] RIP: 0033:0x7f1c1878bc1f
[   84.766186][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   84.766195][ T5321] RSP: 002b:00007f1c195d6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   84.766208][ T5321] RAX: ffffffffffffffda RBX: 00007f1c189a5fa0 RCX: 00007f1c1878bc1f
[   84.766215][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   84.766223][ T5321] RBP: 00007f1c1880e2a0 R08: 0000000000000000 R09: 0000000000000000
[   84.766230][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   84.766236][ T5321] R13: 0000000000000000 R14: 00007f1c189a5fa0 R15: 00007ffe708ebc28
[   84.766247][ T5321]  </TASK>
[   84.766257][ T5321] BUG: Bad page state in process syz.0.0  pfn:12177
[   84.882912][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x12177
[   84.886872][ T5321] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   84.889621][ T5321] raw: 00fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   84.893008][ T5321] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[   84.896264][ T5321] page dumped because: page_pool leak
[   84.898490][ T5321] page_owner tracks the page as allocated
[   84.900659][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 83184337535, free_ts 40202650433
[   84.907217][ T5321]  post_alloc_hook+0x1f4/0x240
[   84.909250][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   84.911425][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   84.913930][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   84.916127][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   84.918590][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   84.920664][ T5321]  do_xdp_generic+0x505/0xd30
[   84.922744][ T5321]  tun_get_user+0x2a4b/0x4860
[   84.924565][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   84.926463][ T5321]  vfs_write+0xacf/0xd10
[   84.928217][ T5321]  ksys_write+0x18f/0x2b0
[   84.929867][ T5321]  do_syscall_64+0xf3/0x230
[   84.931766][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.934035][ T5321] page last free pid 17 tgid 17 stack trace:
[   84.936019][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   84.938762][ T5321]  rcu_core+0xaaa/0x17a0
[   84.940308][ T5321]  handle_softirqs+0x2d4/0x9b0
[   84.942225][ T5321]  run_ksoftirqd+0xca/0x130
[   84.944277][ T5321]  smpboot_thread_fn+0x544/0xa30
[   84.946572][ T5321]  kthread+0x7a9/0x920
[   84.948467][ T5321]  ret_from_fork+0x4b/0x80
[   84.950584][ T5321]  ret_from_fork_asm+0x1a/0x30
[   84.952933][ T5321] Modules linked in:
[   84.954811][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   84.954830][ T5321] Tainted: [B]=BAD_PAGE
[   84.954885][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.954895][ T5321] Call Trace:
[   84.955032][ T5321]  <TASK>
[   84.955040][ T5321]  dump_stack_lvl+0x241/0x360
[   84.955060][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.955071][ T5321]  ? __pfx_print_modules+0x10/0x10
[   84.955091][ T5321]  bad_page+0x176/0x1d0
[   84.955108][ T5321]  free_frozen_pages+0x1082/0x10e0
[   84.955129][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   84.955284][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   84.955308][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   84.955320][ T5321]  bpf_prog_run_generic_xdp+0x686/0x1510
[   84.955346][ T5321]  do_xdp_generic+0x757/0xd30
[   84.955359][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   84.955373][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   84.955390][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   84.955407][ T5321]  ? tun_get_user+0x2914/0x4860
[   84.955425][ T5321]  tun_get_user+0x2a4b/0x4860
[   84.955521][ T5321]  ? __lock_acquire+0x1397/0x2100
[   84.955546][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   84.955565][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   84.955580][ T5321]  ? tun_get+0x1e/0x2f0
[   84.955594][ T5321]  ? __pfx_lock_release+0x10/0x10
[   84.955612][ T5321]  ? tun_get+0x1e/0x2f0
[   84.955627][ T5321]  ? tun_get+0x27d/0x2f0
[   84.955643][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   84.955661][ T5321]  vfs_write+0xacf/0xd10
[   84.955676][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   84.955693][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   84.955703][ T5321]  ? __fget_files+0x2a/0x420
[   84.955733][ T5321]  ? __fget_files+0x2a/0x420
[   84.955750][ T5321]  ksys_write+0x18f/0x2b0
[   84.955762][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   84.955773][ T5321]  ? exc_page_fault+0x590/0x8b0
[   84.955790][ T5321]  ? do_syscall_64+0xb6/0x230
[   84.955806][ T5321]  do_syscall_64+0xf3/0x230
[   84.955821][ T5321]  ? clear_bhb_loop+0x35/0x90
[   84.955840][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.955857][ T5321] RIP: 0033:0x7f1c1878bc1f
[   84.955896][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   84.955906][ T5321] RSP: 002b:00007f1c195d6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   84.955920][ T5321] RAX: ffffffffffffffda RBX: 00007f1c189a5fa0 RCX: 00007f1c1878bc1f
[   84.955928][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   84.955935][ T5321] RBP: 00007f1c1880e2a0 R08: 0000000000000000 R09: 0000000000000000
[   84.955942][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   84.955949][ T5321] R13: 0000000000000000 R14: 00007f1c189a5fa0 R15: 00007ffe708ebc28
[   84.955960][ T5321]  </TASK>
[   84.956024][ T5321] BUG: Bad page state in process syz.0.0  pfn:11f72
[   85.068601][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888011f72dc0 pfn:0x11f72
[   85.072840][ T5321] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   85.075709][ T5321] raw: 00fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   85.079219][ T5321] raw: ffff888011f72dc0 0000000000000001 00000000ffffffff 0000000000000000
[   85.082802][ T5321] page dumped because: page_pool leak
[   85.085160][ T5321] page_owner tracks the page as allocated
[   85.087548][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 83184330371, free_ts 40222642883
[   85.093720][ T5321]  post_alloc_hook+0x1f4/0x240
[   85.095514][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   85.097622][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   85.099765][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   85.101476][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   85.103473][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   85.105248][ T5321]  do_xdp_generic+0x505/0xd30
[   85.107045][ T5321]  tun_get_user+0x2a4b/0x4860
[   85.108883][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   85.110794][ T5321]  vfs_write+0xacf/0xd10
[   85.112634][ T5321]  ksys_write+0x18f/0x2b0
[   85.114383][ T5321]  do_syscall_64+0xf3/0x230
[   85.116178][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.118431][ T5321] page last free pid 17 tgid 17 stack trace:
[   85.120828][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   85.122708][ T5321]  __tlb_remove_table+0x33c/0x420
[   85.124469][ T5321]  tlb_remove_table_rcu+0x76/0xf0
[   85.126257][ T5321]  rcu_core+0xaaa/0x17a0
[   85.127919][ T5321]  handle_softirqs+0x2d4/0x9b0
[   85.129537][ T5321]  run_ksoftirqd+0xca/0x130
[   85.131131][ T5321]  smpboot_thread_fn+0x544/0xa30
[   85.133000][ T5321]  kthread+0x7a9/0x920
[   85.134686][ T5321]  ret_from_fork+0x4b/0x80
[   85.136441][ T5321]  ret_from_fork_asm+0x1a/0x30
[   85.138507][ T5321] Modules linked in:
[   85.140158][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   85.140177][ T5321] Tainted: [B]=BAD_PAGE
[   85.140181][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.140188][ T5321] Call Trace:
[   85.140196][ T5321]  <TASK>
[   85.140203][ T5321]  dump_stack_lvl+0x241/0x360
[   85.140219][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.140230][ T5321]  ? __pfx_print_modules+0x10/0x10
[   85.140248][ T5321]  bad_page+0x176/0x1d0
[   85.140262][ T5321]  free_frozen_pages+0x1082/0x10e0
[   85.140281][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   85.140301][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   85.140315][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   85.140326][ T5321]  bpf_prog_run_generic_xdp+0x686/0x1510
[   85.140350][ T5321]  do_xdp_generic+0x757/0xd30
[   85.140361][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   85.140373][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   85.140387][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   85.140402][ T5321]  ? tun_get_user+0x2914/0x4860
[   85.140417][ T5321]  tun_get_user+0x2a4b/0x4860
[   85.140435][ T5321]  ? __lock_acquire+0x1397/0x2100
[   85.140453][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   85.140471][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   85.140487][ T5321]  ? tun_get+0x1e/0x2f0
[   85.140500][ T5321]  ? __pfx_lock_release+0x10/0x10
[   85.140518][ T5321]  ? tun_get+0x1e/0x2f0
[   85.140531][ T5321]  ? tun_get+0x27d/0x2f0
[   85.140545][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   85.140561][ T5321]  vfs_write+0xacf/0xd10
[   85.140574][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   85.140589][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   85.140599][ T5321]  ? __fget_files+0x2a/0x420
[   85.140614][ T5321]  ? __fget_files+0x2a/0x420
[   85.140629][ T5321]  ksys_write+0x18f/0x2b0
[   85.140649][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   85.140659][ T5321]  ? exc_page_fault+0x590/0x8b0
[   85.140675][ T5321]  ? do_syscall_64+0xb6/0x230
[   85.140690][ T5321]  do_syscall_64+0xf3/0x230
[   85.140703][ T5321]  ? clear_bhb_loop+0x35/0x90
[   85.140718][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.140733][ T5321] RIP: 0033:0x7f1c1878bc1f
[   85.140745][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   85.140754][ T5321] RSP: 002b:00007f1c195d6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   85.140767][ T5321] RAX: ffffffffffffffda RBX: 00007f1c189a5fa0 RCX: 00007f1c1878bc1f
[   85.140774][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   85.140781][ T5321] RBP: 00007f1c1880e2a0 R08: 0000000000000000 R09: 0000000000000000
[   85.140787][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   85.140794][ T5321] R13: 0000000000000000 R14: 00007f1c189a5fa0 R15: 00007ffe708ebc28
[   85.140804][ T5321]  </TASK>
[   85.140815][ T5321] BUG: Bad page state in process syz.0.0  pfn:12ef6
[   85.250935][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x12ef6
[   85.254086][ T5321] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   85.256576][ T5321] raw: 00fff00000000000 dead000000000040 ffff88801e490000 0000000000000000
[   85.259685][ T5321] raw: ffff888000000000 0000000000000001 00000000ffffffff 0000000000000000
[   85.263069][ T5321] page dumped because: page_pool leak
[   85.265922][ T5321] page_owner tracks the page as allocated
[   85.268300][ T5321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5321, tgid 5320 (syz.0.0), ts 83184323126, free_ts 40222656083
[   85.274916][ T5321]  post_alloc_hook+0x1f4/0x240
[   85.276821][ T5321]  get_page_from_freelist+0x365c/0x37a0
[   85.278944][ T5321]  __alloc_frozen_pages_noprof+0x292/0x710
[   85.281420][ T5321]  alloc_pages_bulk_noprof+0x847/0xae0
[   85.283757][ T5321]  __page_pool_alloc_pages_slow+0x11f/0x690
[   85.286216][ T5321]  skb_pp_cow_data+0xcc8/0x1720
[   85.288299][ T5321]  do_xdp_generic+0x505/0xd30
[   85.289996][ T5321]  tun_get_user+0x2a4b/0x4860
[   85.291804][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   85.294089][ T5321]  vfs_write+0xacf/0xd10
[   85.295668][ T5321]  ksys_write+0x18f/0x2b0
[   85.297515][ T5321]  do_syscall_64+0xf3/0x230
[   85.299411][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.301850][ T5321] page last free pid 17 tgid 17 stack trace:
[   85.303963][ T5321]  free_frozen_pages+0xe0d/0x10e0
[   85.306066][ T5321]  __tlb_remove_table+0x33c/0x420
[   85.308086][ T5321]  tlb_remove_table_rcu+0x76/0xf0
[   85.310008][ T5321]  rcu_core+0xaaa/0x17a0
[   85.311708][ T5321]  handle_softirqs+0x2d4/0x9b0
[   85.313759][ T5321]  run_ksoftirqd+0xca/0x130
[   85.315619][ T5321]  smpboot_thread_fn+0x544/0xa30
[   85.317760][ T5321]  kthread+0x7a9/0x920
[   85.319443][ T5321]  ret_from_fork+0x4b/0x80
[   85.321273][ T5321]  ret_from_fork_asm+0x1a/0x30
[   85.323355][ T5321] Modules linked in:
[   85.324813][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Tainted: G    B              6.14.0-syzkaller-00624-g2f2d52945852 #0
[   85.324830][ T5321] Tainted: [B]=BAD_PAGE
[   85.324840][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.324846][ T5321] Call Trace:
[   85.324907][ T5321]  <TASK>
[   85.324915][ T5321]  dump_stack_lvl+0x241/0x360
[   85.324930][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.324940][ T5321]  ? __pfx_print_modules+0x10/0x10
[   85.324958][ T5321]  bad_page+0x176/0x1d0
[   85.324968][ T5321]  free_frozen_pages+0x1082/0x10e0
[   85.324980][ T5321]  bpf_xdp_frags_shrink_tail+0x3b3/0x780
[   85.325015][ T5321]  bpf_xdp_adjust_tail+0x1c6/0x210
[   85.325025][ T5321]  bpf_prog_f476d5219b92964a+0x1e/0x20
[   85.325032][ T5321]  bpf_prog_run_generic_xdp+0x686/0x1510
[   85.325048][ T5321]  do_xdp_generic+0x757/0xd30
[   85.325056][ T5321]  ? __pfx_do_xdp_generic+0x10/0x10
[   85.325063][ T5321]  ? __local_bh_disable_ip+0x179/0x220
[   85.325075][ T5321]  ? __pfx_eth_type_trans+0x10/0x10
[   85.325090][ T5321]  ? tun_get_user+0x2914/0x4860
[   85.325108][ T5321]  tun_get_user+0x2a4b/0x4860
[   85.325156][ T5321]  ? __lock_acquire+0x1397/0x2100
[   85.325177][ T5321]  ? __pfx_tun_get_user+0x10/0x10
[   85.325196][ T5321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   85.325211][ T5321]  ? tun_get+0x1e/0x2f0
[   85.325221][ T5321]  ? __pfx_lock_release+0x10/0x10
[   85.325233][ T5321]  ? tun_get+0x1e/0x2f0
[   85.325242][ T5321]  ? tun_get+0x27d/0x2f0
[   85.325252][ T5321]  tun_chr_write_iter+0x10d/0x1f0
[   85.325263][ T5321]  vfs_write+0xacf/0xd10
[   85.325272][ T5321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   85.325282][ T5321]  ? __pfx_vfs_write+0x10/0x10
[   85.325289][ T5321]  ? __fget_files+0x2a/0x420
[   85.325304][ T5321]  ? __fget_files+0x2a/0x420
[   85.325319][ T5321]  ksys_write+0x18f/0x2b0
[   85.325329][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   85.325339][ T5321]  ? exc_page_fault+0x590/0x8b0
[   85.325354][ T5321]  ? do_syscall_64+0xb6/0x230
[   85.325369][ T5321]  do_syscall_64+0xf3/0x230
[   85.325383][ T5321]  ? clear_bhb_loop+0x35/0x90
[   85.325399][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.325411][ T5321] RIP: 0033:0x7f1c1878bc1f
[   85.325441][ T5321] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   85.325450][ T5321] RSP: 002b:00007f1c195d6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   85.325463][ T5321] RAX: ffffffffffffffda RBX: 00007f1c189a5fa0 RCX: 00007f1c1878bc1f
[   85.325471][ T5321] RDX: 000000000000fdef RSI: 0000200000000a80 RDI: 00000000000000c8
[   85.325478][ T5321] RBP: 00007f1c1880e2a0 R08: 0000000000000000 R09: 0000000000000000
[   85.325484][ T5321] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[   85.325491][ T5321] R13: 0000000000000000 R14: 00007f1c189a5fa0 R15: 00007ffe708ebc28
[   85.325502][ T5321]  </TASK>
[   85.469571][   T49] Bluetooth: hci0: command tx timeout