BUG: Bad page state in xdp_test_run

Title	Replies (including bot)	Last reply
[syzbot] [net?] BUG: Bad page state in xdp_test_run_batch	0 (1)	2024/11/02 06:34

BUG: Bad page state in process syz-executor153 pfn:346a0 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880346a6000 pfn:0x346a0 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: ffff8880346a6000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555560392, free_ts 50198891047 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 0 tgid 0 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 skb_page_unref include/linux/skbuff_ref.h:43 [inline] __skb_frag_unref include/linux/skbuff_ref.h:56 [inline] skb_release_data+0x4d7/0x730 net/core/skbuff.c:1119 skb_release_all net/core/skbuff.c:1190 [inline] kfree_skb_add_bulk net/core/skbuff.c:1263 [inline] kfree_skb_list_reason+0x2c6/0x4c0 net/core/skbuff.c:1285 skb_release_data+0x553/0x730 net/core/skbuff.c:1123 skb_release_all net/core/skbuff.c:1190 [inline] napi_consume_skb+0x15a/0x220 net/core/skbuff.c:1518 skb_defer_free_flush net/core/dev.c:6317 [inline] skb_defer_free_flush net/core/dev.c:6301 [inline] net_rx_action+0x47c/0x1010 net/core/dev.c:6947 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 common_interrupt+0xbf/0xe0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:238f7 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x238f7 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555556158, free_ts 50198914286 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 0 tgid 0 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] kfree_skb_add_bulk net/core/skbuff.c:1263 [inline] kfree_skb_list_reason+0x2c6/0x4c0 net/core/skbuff.c:1285 skb_release_data+0x553/0x730 net/core/skbuff.c:1123 skb_release_all net/core/skbuff.c:1190 [inline] napi_consume_skb+0x15a/0x220 net/core/skbuff.c:1518 skb_defer_free_flush net/core/dev.c:6317 [inline] skb_defer_free_flush net/core/dev.c:6301 [inline] net_rx_action+0x47c/0x1010 net/core/dev.c:6947 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 common_interrupt+0xbf/0xe0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:238f6 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x238f6 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555552042, free_ts 50198914286 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 0 tgid 0 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] kfree_skb_add_bulk net/core/skbuff.c:1263 [inline] kfree_skb_list_reason+0x2c6/0x4c0 net/core/skbuff.c:1285 skb_release_data+0x553/0x730 net/core/skbuff.c:1123 skb_release_all net/core/skbuff.c:1190 [inline] napi_consume_skb+0x15a/0x220 net/core/skbuff.c:1518 skb_defer_free_flush net/core/dev.c:6317 [inline] skb_defer_free_flush net/core/dev.c:6301 [inline] net_rx_action+0x47c/0x1010 net/core/dev.c:6947 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 common_interrupt+0xbf/0xe0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:238f5 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x238f5 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555547812, free_ts 50198914286 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 0 tgid 0 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] kfree_skb_add_bulk net/core/skbuff.c:1263 [inline] kfree_skb_list_reason+0x2c6/0x4c0 net/core/skbuff.c:1285 skb_release_data+0x553/0x730 net/core/skbuff.c:1123 skb_release_all net/core/skbuff.c:1190 [inline] napi_consume_skb+0x15a/0x220 net/core/skbuff.c:1518 skb_defer_free_flush net/core/dev.c:6317 [inline] skb_defer_free_flush net/core/dev.c:6301 [inline] net_rx_action+0x47c/0x1010 net/core/dev.c:6947 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 common_interrupt+0xbf/0xe0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:238f4 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x238f4 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555543478, free_ts 50198914286 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 0 tgid 0 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] kfree_skb_add_bulk net/core/skbuff.c:1263 [inline] kfree_skb_list_reason+0x2c6/0x4c0 net/core/skbuff.c:1285 skb_release_data+0x553/0x730 net/core/skbuff.c:1123 skb_release_all net/core/skbuff.c:1190 [inline] napi_consume_skb+0x15a/0x220 net/core/skbuff.c:1518 skb_defer_free_flush net/core/dev.c:6317 [inline] skb_defer_free_flush net/core/dev.c:6301 [inline] net_rx_action+0x47c/0x1010 net/core/dev.c:6947 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 common_interrupt+0xbf/0xe0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:238f3 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x238f3 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555527388, free_ts 50198914286 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 0 tgid 0 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] kfree_skb_add_bulk net/core/skbuff.c:1263 [inline] kfree_skb_list_reason+0x2c6/0x4c0 net/core/skbuff.c:1285 skb_release_data+0x553/0x730 net/core/skbuff.c:1123 skb_release_all net/core/skbuff.c:1190 [inline] napi_consume_skb+0x15a/0x220 net/core/skbuff.c:1518 skb_defer_free_flush net/core/dev.c:6317 [inline] skb_defer_free_flush net/core/dev.c:6301 [inline] net_rx_action+0x47c/0x1010 net/core/dev.c:6947 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 common_interrupt+0xbf/0xe0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:238f2 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x238f2 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555523073, free_ts 50198914286 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 0 tgid 0 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] kfree_skb_add_bulk net/core/skbuff.c:1263 [inline] kfree_skb_list_reason+0x2c6/0x4c0 net/core/skbuff.c:1285 skb_release_data+0x553/0x730 net/core/skbuff.c:1123 skb_release_all net/core/skbuff.c:1190 [inline] napi_consume_skb+0x15a/0x220 net/core/skbuff.c:1518 skb_defer_free_flush net/core/dev.c:6317 [inline] skb_defer_free_flush net/core/dev.c:6301 [inline] net_rx_action+0x47c/0x1010 net/core/dev.c:6947 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 common_interrupt+0xbf/0xe0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:238f1 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x238f1 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555518976, free_ts 50198914286 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 0 tgid 0 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] kfree_skb_add_bulk net/core/skbuff.c:1263 [inline] kfree_skb_list_reason+0x2c6/0x4c0 net/core/skbuff.c:1285 skb_release_data+0x553/0x730 net/core/skbuff.c:1123 skb_release_all net/core/skbuff.c:1190 [inline] napi_consume_skb+0x15a/0x220 net/core/skbuff.c:1518 skb_defer_free_flush net/core/dev.c:6317 [inline] skb_defer_free_flush net/core/dev.c:6301 [inline] net_rx_action+0x47c/0x1010 net/core/dev.c:6947 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 common_interrupt+0xbf/0xe0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:238f0 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880238f6600 pfn:0x238f0 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: ffff8880238f6600 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555514682, free_ts 50198914286 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 0 tgid 0 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] kfree_skb_add_bulk net/core/skbuff.c:1263 [inline] kfree_skb_list_reason+0x2c6/0x4c0 net/core/skbuff.c:1285 skb_release_data+0x553/0x730 net/core/skbuff.c:1123 skb_release_all net/core/skbuff.c:1190 [inline] napi_consume_skb+0x15a/0x220 net/core/skbuff.c:1518 skb_defer_free_flush net/core/dev.c:6317 [inline] skb_defer_free_flush net/core/dev.c:6301 [inline] net_rx_action+0x47c/0x1010 net/core/dev.c:6947 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 common_interrupt+0xbf/0xe0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:32107 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32107 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555510308, free_ts 50198924742 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 0 tgid 0 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] napi_consume_skb+0x15a/0x220 net/core/skbuff.c:1518 skb_defer_free_flush net/core/dev.c:6317 [inline] skb_defer_free_flush net/core/dev.c:6301 [inline] net_rx_action+0x47c/0x1010 net/core/dev.c:6947 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 common_interrupt+0xbf/0xe0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:32106 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32106 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555506145, free_ts 50198924742 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 0 tgid 0 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] napi_consume_skb+0x15a/0x220 net/core/skbuff.c:1518 skb_defer_free_flush net/core/dev.c:6317 [inline] skb_defer_free_flush net/core/dev.c:6301 [inline] net_rx_action+0x47c/0x1010 net/core/dev.c:6947 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 common_interrupt+0xbf/0xe0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:32105 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32105 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555501696, free_ts 50198924742 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 0 tgid 0 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] napi_consume_skb+0x15a/0x220 net/core/skbuff.c:1518 skb_defer_free_flush net/core/dev.c:6317 [inline] skb_defer_free_flush net/core/dev.c:6301 [inline] net_rx_action+0x47c/0x1010 net/core/dev.c:6947 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 common_interrupt+0xbf/0xe0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:32104 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32104 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555497545, free_ts 50198924742 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 0 tgid 0 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] napi_consume_skb+0x15a/0x220 net/core/skbuff.c:1518 skb_defer_free_flush net/core/dev.c:6317 [inline] skb_defer_free_flush net/core/dev.c:6301 [inline] net_rx_action+0x47c/0x1010 net/core/dev.c:6947 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 common_interrupt+0xbf/0xe0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:32103 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32103 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555493217, free_ts 50198924742 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 0 tgid 0 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] napi_consume_skb+0x15a/0x220 net/core/skbuff.c:1518 skb_defer_free_flush net/core/dev.c:6317 [inline] skb_defer_free_flush net/core/dev.c:6301 [inline] net_rx_action+0x47c/0x1010 net/core/dev.c:6947 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 common_interrupt+0xbf/0xe0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:32102 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32102 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555486122, free_ts 50198924742 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 0 tgid 0 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] napi_consume_skb+0x15a/0x220 net/core/skbuff.c:1518 skb_defer_free_flush net/core/dev.c:6317 [inline] skb_defer_free_flush net/core/dev.c:6301 [inline] net_rx_action+0x47c/0x1010 net/core/dev.c:6947 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 common_interrupt+0xbf/0xe0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:3661e page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3661e flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555342221, free_ts 48538655741 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:3661d page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3661d flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555338302, free_ts 48538659806 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:3661c page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3661c flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555334197, free_ts 48540759688 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:3645f page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3645f flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555330135, free_ts 48678052230 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:3645e page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3645e flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555325969, free_ts 48678057850 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:3645d page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3645d flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555321967, free_ts 48678078670 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:3645c page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3645c flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555317801, free_ts 48678084677 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:36473 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36473 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555313772, free_ts 48680551480 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:36472 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36472 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555309702, free_ts 48680547432 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:36471 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36471 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555305734, free_ts 48680532378 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:36470 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36470 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555301372, free_ts 48680527828 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:28937 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28937 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555297489, free_ts 49937530631 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5932 tgid 5932 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329 kasan_slab_alloc include/linux/kasan.h:247 [inline] slab_post_alloc_hook mm/slub.c:4085 [inline] slab_alloc_node mm/slub.c:4134 [inline] __do_kmalloc_node mm/slub.c:4263 [inline] __kmalloc_noprof+0x199/0x400 mm/slub.c:4276 kmalloc_noprof include/linux/slab.h:882 [inline] tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_path_perm+0x273/0x450 security/tomoyo/file.c:822 security_inode_getattr+0x116/0x290 security/security.c:2373 vfs_getattr fs/stat.c:204 [inline] vfs_fstat+0x53/0xd0 fs/stat.c:229 vfs_fstatat+0x146/0x160 fs/stat.c:338 __do_sys_newfstatat+0xa2/0x130 fs/stat.c:505 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:28936 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28936 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555293052, free_ts 49937530631 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5932 tgid 5932 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329 kasan_slab_alloc include/linux/kasan.h:247 [inline] slab_post_alloc_hook mm/slub.c:4085 [inline] slab_alloc_node mm/slub.c:4134 [inline] __do_kmalloc_node mm/slub.c:4263 [inline] __kmalloc_noprof+0x199/0x400 mm/slub.c:4276 kmalloc_noprof include/linux/slab.h:882 [inline] tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_path_perm+0x273/0x450 security/tomoyo/file.c:822 security_inode_getattr+0x116/0x290 security/security.c:2373 vfs_getattr fs/stat.c:204 [inline] vfs_fstat+0x53/0xd0 fs/stat.c:229 vfs_fstatat+0x146/0x160 fs/stat.c:338 __do_sys_newfstatat+0xa2/0x130 fs/stat.c:505 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:28935 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28935 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555288695, free_ts 49937530631 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5932 tgid 5932 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329 kasan_slab_alloc include/linux/kasan.h:247 [inline] slab_post_alloc_hook mm/slub.c:4085 [inline] slab_alloc_node mm/slub.c:4134 [inline] __do_kmalloc_node mm/slub.c:4263 [inline] __kmalloc_noprof+0x199/0x400 mm/slub.c:4276 kmalloc_noprof include/linux/slab.h:882 [inline] tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_path_perm+0x273/0x450 security/tomoyo/file.c:822 security_inode_getattr+0x116/0x290 security/security.c:2373 vfs_getattr fs/stat.c:204 [inline] vfs_fstat+0x53/0xd0 fs/stat.c:229 vfs_fstatat+0x146/0x160 fs/stat.c:338 __do_sys_newfstatat+0xa2/0x130 fs/stat.c:505 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:28934 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28934 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555282150, free_ts 49937530631 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5932 tgid 5932 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329 kasan_slab_alloc include/linux/kasan.h:247 [inline] slab_post_alloc_hook mm/slub.c:4085 [inline] slab_alloc_node mm/slub.c:4134 [inline] __do_kmalloc_node mm/slub.c:4263 [inline] __kmalloc_noprof+0x199/0x400 mm/slub.c:4276 kmalloc_noprof include/linux/slab.h:882 [inline] tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_path_perm+0x273/0x450 security/tomoyo/file.c:822 security_inode_getattr+0x116/0x290 security/security.c:2373 vfs_getattr fs/stat.c:204 [inline] vfs_fstat+0x53/0xd0 fs/stat.c:229 vfs_fstatat+0x146/0x160 fs/stat.c:338 __do_sys_newfstatat+0xa2/0x130 fs/stat.c:505 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:35c4b page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35c4b flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555277940, free_ts 48393633756 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:35c4a page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35c4a flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555273835, free_ts 48393641963 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:35c49 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x35c49 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555269737, free_ts 48434829309 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:35c48 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888035c4d500 pfn:0x35c48 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: ffff888035c4d500 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555265504, free_ts 48745311163 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:3652f page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3652f flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555261328, free_ts 48745385682 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:3652e page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3652e flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555257210, free_ts 48745377987 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:3652d page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3652d flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555253075, free_ts 48745370469 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:3652c page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3652c flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555248851, free_ts 48745352951 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:35f2f page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35f2f flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555244526, free_ts 48540806799 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:35f2e page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35f2e flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555240310, free_ts 48540816945 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:35f2d page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35f2d flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555235887, free_ts 48540821269 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:35f2c page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35f2c flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555231485, free_ts 48540825324 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:35f37 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35f37 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555226913, free_ts 48536336752 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:35f36 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35f36 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555222786, free_ts 48540791148 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:35f35 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35f35 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555218839, free_ts 48540795460 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:35f34 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35f34 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555214516, free_ts 48542556190 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:293f7 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x293f7 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555210422, free_ts 48542582751 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:293f6 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x293f6 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555206229, free_ts 48542578719 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:293f5 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x293f5 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555201832, free_ts 48542574662 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:293f4 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x293f4 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555197248, free_ts 48542565078 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:36517 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36517 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555192956, free_ts 48675997126 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:36516 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36516 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555188696, free_ts 48675991126 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:36515 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36515 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555183960, free_ts 48675927019 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:36514 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36514 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555179457, free_ts 48675922277 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951 xdp_recv_frames net/bpf/test_run.c:279 [inline] xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb21d3be99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb21cf6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ffb21dc6328 RCX: 00007ffb21d3be99 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00007ffb21dc6320 R08: 00007ffb21cf66c0 R09: 00007ffb21cf66c0 R10: 00007ffb21cf66c0 R11: 0000000000000246 R12: 00007ffb21d93074 R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffe38c46e08 </TASK> BUG: Bad page state in process syz-executor153 pfn:36527 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36527 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 dead000000000040 ffff88802a725000 0000000000000000 raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5947, tgid 5942 (syz-executor153), ts 50555173985, free_ts 48676026655 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline] __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538 page_pool_alloc_netmem net/core/page_pool.c:590 [inline] page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline] xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline] __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline] __se_sys_bpf kernel/bpf/syscall.c:5758 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5924 tgid 5924 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638 __folio_put+0x30d/0x3d0 mm/swap.c:126 folio_put include/linux/mm.h:1478 [inline] put_page+0x21e/0x280 include/linux/mm.h:1550 anon_pipe_buf_release+0x11a/0x240 fs/pipe.c:128 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x641/0x13f0 fs/pipe.c:344 new_sync_read fs/read_write.c:488 [inline] vfs_read+0xa4c/0xbe0 fs/read_write.c:569 ksys_read+0x1fa/0x260 fs/read_write.c:712 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 3 UID: 0 PID: 5947 Comm: syz-executor153 Tainted: G B 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 bad_page+0xb3/0x1f0 mm/page_alloc.c:501 free_page_is_bad_report mm/page_alloc.c:908 [inline] free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638 skb_free_frag include/linux/skbuff.h:3399 [inline] skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096 skb_release_data+0x560/0x730 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1262 [inline] __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741 __netif_receive_skb_list net/core/dev.c:5808 [inline] netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899

Crashes (19):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/10/29 21:29	upstream	e42b1a9a2557	66aeb999	.config	console log	report	syz / log	C		[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/10/29 18:24	upstream	e42b1a9a2557	66aeb999	.config	console log	report	syz / log	C		[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/10/29 17:54	upstream	e42b1a9a2557	66aeb999	.config	console log	report	syz / log	C		[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/10/29 16:22	upstream	e42b1a9a2557	66aeb999	.config	console log	report	syz / log	C		[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/10/29 15:53	upstream	e42b1a9a2557	66aeb999	.config	console log	report	syz / log	C		[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/10/29 20:41	upstream	e42b1a9a2557	66aeb999	.config	console log	report	syz / log			[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/10/29 20:18	upstream	e42b1a9a2557	66aeb999	.config	console log	report	syz / log			[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/10/29 19:57	upstream	e42b1a9a2557	66aeb999	.config	console log	report	syz / log			[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/10/29 19:09	upstream	e42b1a9a2557	66aeb999	.config	console log	report	syz / log			[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/10/29 12:41	upstream	e42b1a9a2557	66aeb999	.config	console log	report	syz / log			[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/10/29 10:51	upstream	e42b1a9a2557	66aeb999	.config	console log	report	syz / log			[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/11/01 03:07	upstream	90602c251cda	96eb609f	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/11/01 03:07	upstream	90602c251cda	96eb609f	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/11/01 02:43	upstream	90602c251cda	96eb609f	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/10/31 05:14	upstream	4236f913808c	fb888278	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/10/29 19:38	upstream	e42b1a9a2557	66aeb999	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/10/29 18:12	upstream	e42b1a9a2557	66aeb999	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/10/29 15:46	upstream	e42b1a9a2557	66aeb999	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch
2024/10/29 06:23	upstream	e42b1a9a2557	66aeb999	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: Bad page state in xdp_test_run_batch

Crashes (19):

Assets (help?)

2024/10/29 21:29

upstream