syzbot

BUG: Bad page state in process syz.2.5182  pfn:48416
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888048416f50 pfn:0x48416
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888048416f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739834737, free_ts 1032443767681
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 56 tgid 56 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 kasan_depopulate_vmalloc_pte+0x63/0x80 mm/kasan/shadow.c:408
 apply_to_pte_range mm/memory.c:2817 [inline]
 apply_to_pmd_range mm/memory.c:2861 [inline]
 apply_to_pud_range mm/memory.c:2897 [inline]
 apply_to_p4d_range mm/memory.c:2933 [inline]
 __apply_to_page_range+0x5fd/0xd30 mm/memory.c:2967
 kasan_release_vmalloc+0xac/0xc0 mm/kasan/shadow.c:525
 purge_vmap_node+0x3fb/0x930 mm/vmalloc.c:2204
 __purge_vmap_area_lazy+0x9c5/0xc00 mm/vmalloc.c:2288
 drain_vmap_area_work+0x27/0x40 mm/vmalloc.c:2322
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Not tainted 6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:58897
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888058897f50 pfn:0x58897
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888058897f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739826169, free_ts 1032444438039
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 56 tgid 56 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 kasan_depopulate_vmalloc_pte+0x63/0x80 mm/kasan/shadow.c:408
 apply_to_pte_range mm/memory.c:2817 [inline]
 apply_to_pmd_range mm/memory.c:2861 [inline]
 apply_to_pud_range mm/memory.c:2897 [inline]
 apply_to_p4d_range mm/memory.c:2933 [inline]
 __apply_to_page_range+0x5fd/0xd30 mm/memory.c:2967
 kasan_release_vmalloc+0xac/0xc0 mm/kasan/shadow.c:525
 purge_vmap_node+0x3fb/0x930 mm/vmalloc.c:2204
 __purge_vmap_area_lazy+0x9c5/0xc00 mm/vmalloc.c:2288
 drain_vmap_area_work+0x27/0x40 mm/vmalloc.c:2322
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:58896
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888058896f50 pfn:0x58896
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888058896f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739817725, free_ts 1032444444069
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 56 tgid 56 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 kasan_depopulate_vmalloc_pte+0x63/0x80 mm/kasan/shadow.c:408
 apply_to_pte_range mm/memory.c:2817 [inline]
 apply_to_pmd_range mm/memory.c:2861 [inline]
 apply_to_pud_range mm/memory.c:2897 [inline]
 apply_to_p4d_range mm/memory.c:2933 [inline]
 __apply_to_page_range+0x5fd/0xd30 mm/memory.c:2967
 kasan_release_vmalloc+0xac/0xc0 mm/kasan/shadow.c:525
 purge_vmap_node+0x3fb/0x930 mm/vmalloc.c:2204
 __purge_vmap_area_lazy+0x9c5/0xc00 mm/vmalloc.c:2288
 drain_vmap_area_work+0x27/0x40 mm/vmalloc.c:2322
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:30aa5
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888030aa5f50 pfn:0x30aa5
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888030aa5f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739808780, free_ts 1032444447948
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 56 tgid 56 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 kasan_depopulate_vmalloc_pte+0x63/0x80 mm/kasan/shadow.c:408
 apply_to_pte_range mm/memory.c:2817 [inline]
 apply_to_pmd_range mm/memory.c:2861 [inline]
 apply_to_pud_range mm/memory.c:2897 [inline]
 apply_to_p4d_range mm/memory.c:2933 [inline]
 __apply_to_page_range+0x5fd/0xd30 mm/memory.c:2967
 kasan_release_vmalloc+0xac/0xc0 mm/kasan/shadow.c:525
 purge_vmap_node+0x3fb/0x930 mm/vmalloc.c:2204
 __purge_vmap_area_lazy+0x9c5/0xc00 mm/vmalloc.c:2288
 drain_vmap_area_work+0x27/0x40 mm/vmalloc.c:2322
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:30aa4
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888030aa4f50 pfn:0x30aa4
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888030aa4f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739804155, free_ts 1032444451860
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 56 tgid 56 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 kasan_depopulate_vmalloc_pte+0x63/0x80 mm/kasan/shadow.c:408
 apply_to_pte_range mm/memory.c:2817 [inline]
 apply_to_pmd_range mm/memory.c:2861 [inline]
 apply_to_pud_range mm/memory.c:2897 [inline]
 apply_to_p4d_range mm/memory.c:2933 [inline]
 __apply_to_page_range+0x5fd/0xd30 mm/memory.c:2967
 kasan_release_vmalloc+0xac/0xc0 mm/kasan/shadow.c:525
 purge_vmap_node+0x3fb/0x930 mm/vmalloc.c:2204
 __purge_vmap_area_lazy+0x9c5/0xc00 mm/vmalloc.c:2288
 drain_vmap_area_work+0x27/0x40 mm/vmalloc.c:2322
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:4b9ed
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804b9edf50 pfn:0x4b9ed
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88804b9edf50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739799472, free_ts 1032444455679
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 56 tgid 56 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 kasan_depopulate_vmalloc_pte+0x63/0x80 mm/kasan/shadow.c:408
 apply_to_pte_range mm/memory.c:2817 [inline]
 apply_to_pmd_range mm/memory.c:2861 [inline]
 apply_to_pud_range mm/memory.c:2897 [inline]
 apply_to_p4d_range mm/memory.c:2933 [inline]
 __apply_to_page_range+0x5fd/0xd30 mm/memory.c:2967
 kasan_release_vmalloc+0xac/0xc0 mm/kasan/shadow.c:525
 purge_vmap_node+0x3fb/0x930 mm/vmalloc.c:2204
 __purge_vmap_area_lazy+0x9c5/0xc00 mm/vmalloc.c:2288
 drain_vmap_area_work+0x27/0x40 mm/vmalloc.c:2322
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:4b9ec
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804b9ecf50 pfn:0x4b9ec
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88804b9ecf50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739794722, free_ts 1032444459544
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 56 tgid 56 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 kasan_depopulate_vmalloc_pte+0x63/0x80 mm/kasan/shadow.c:408
 apply_to_pte_range mm/memory.c:2817 [inline]
 apply_to_pmd_range mm/memory.c:2861 [inline]
 apply_to_pud_range mm/memory.c:2897 [inline]
 apply_to_p4d_range mm/memory.c:2933 [inline]
 __apply_to_page_range+0x5fd/0xd30 mm/memory.c:2967
 kasan_release_vmalloc+0xac/0xc0 mm/kasan/shadow.c:525
 purge_vmap_node+0x3fb/0x930 mm/vmalloc.c:2204
 __purge_vmap_area_lazy+0x9c5/0xc00 mm/vmalloc.c:2288
 drain_vmap_area_work+0x27/0x40 mm/vmalloc.c:2322
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:2560d
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802560d000 pfn:0x2560d
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88802560d000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739790177, free_ts 1034302633166
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 0 tgid 0 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:2560c
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802560c000 pfn:0x2560c
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88802560c000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739785478, free_ts 1032401757921
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 56 tgid 56 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 kasan_depopulate_vmalloc_pte+0x63/0x80 mm/kasan/shadow.c:408
 apply_to_pte_range mm/memory.c:2817 [inline]
 apply_to_pmd_range mm/memory.c:2861 [inline]
 apply_to_pud_range mm/memory.c:2897 [inline]
 apply_to_p4d_range mm/memory.c:2933 [inline]
 __apply_to_page_range+0x5fd/0xd30 mm/memory.c:2967
 kasan_release_vmalloc+0xac/0xc0 mm/kasan/shadow.c:525
 purge_vmap_node+0x3fb/0x930 mm/vmalloc.c:2204
 __purge_vmap_area_lazy+0x9c5/0xc00 mm/vmalloc.c:2288
 drain_vmap_area_work+0x27/0x40 mm/vmalloc.c:2322
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:31921
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888031921f50 pfn:0x31921
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888031921f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739780601, free_ts 1034303234279
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5858 tgid 5858 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 mm_free_pgd kernel/fork.c:803 [inline]
 __mmdrop+0xd5/0x460 kernel/fork.c:919
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch.isra.0+0x7af/0xcc0 kernel/sched/core.c:5227
 context_switch kernel/sched/core.c:5331 [inline]
 __schedule+0xe5d/0x5730 kernel/sched/core.c:6690
 __schedule_loop kernel/sched/core.c:6767 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6782
 schedule_hrtimeout_range_clock+0x272/0x3b0 kernel/time/hrtimer.c:2281
 poll_schedule_timeout.constprop.0+0xba/0x190 fs/select.c:241
 do_select+0x12ec/0x17b0 fs/select.c:604
 core_sys_select+0x459/0xb80 fs/select.c:678
 do_pselect.constprop.0+0x1a0/0x1f0 fs/select.c:760
 __do_sys_pselect6 fs/select.c:803 [inline]
 __se_sys_pselect6 fs/select.c:794 [inline]
 __x64_sys_pselect6+0x183/0x240 fs/select.c:794
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:31920
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880566a4c00 pfn:0x31920
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff8880566a4c00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739776228, free_ts 1034303234279
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5858 tgid 5858 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 mm_free_pgd kernel/fork.c:803 [inline]
 __mmdrop+0xd5/0x460 kernel/fork.c:919
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch.isra.0+0x7af/0xcc0 kernel/sched/core.c:5227
 context_switch kernel/sched/core.c:5331 [inline]
 __schedule+0xe5d/0x5730 kernel/sched/core.c:6690
 __schedule_loop kernel/sched/core.c:6767 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6782
 schedule_hrtimeout_range_clock+0x272/0x3b0 kernel/time/hrtimer.c:2281
 poll_schedule_timeout.constprop.0+0xba/0x190 fs/select.c:241
 do_select+0x12ec/0x17b0 fs/select.c:604
 core_sys_select+0x459/0xb80 fs/select.c:678
 do_pselect.constprop.0+0x1a0/0x1f0 fs/select.c:760
 __do_sys_pselect6 fs/select.c:803 [inline]
 __se_sys_pselect6 fs/select.c:794 [inline]
 __x64_sys_pselect6+0x183/0x240 fs/select.c:794
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:5b4a7
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805b4a7f50 pfn:0x5b4a7
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88805b4a7f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739771796, free_ts 1022300055593
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:5b4a6
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805b4a6f50 pfn:0x5b4a6
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88805b4a6f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739766832, free_ts 1022300048873
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:439e1
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880439e1f50 pfn:0x439e1
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff8880439e1f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739762207, free_ts 1022300075471
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:439e0
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880439e0f50 pfn:0x439e0
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff8880439e0f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739757157, free_ts 1022300067655
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:4d589
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804d589f50 pfn:0x4d589
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88804d589f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739740143, free_ts 1022300119693
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:4d588
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804d588f50 pfn:0x4d588
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88804d588f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739735475, free_ts 1022300081893
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:2cafd
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802cafdf50 pfn:0x2cafd
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88802cafdf50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739710176, free_ts 1022300140158
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:2cafc
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802cafcf50 pfn:0x2cafc
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88802cafcf50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739705664, free_ts 1022300132944
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:2fe29
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802fe29f50 pfn:0x2fe29
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88802fe29f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739701331, free_ts 1022300153087
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:2fe28
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802fe28f50 pfn:0x2fe28
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88802fe28f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739696886, free_ts 1022300146542
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:4cdad
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804cdadf50 pfn:0x4cdad
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88804cdadf50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739692270, free_ts 1022300187360
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:4cdac
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804cdacf50 pfn:0x4cdac
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88804cdacf50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739687740, free_ts 1022300180652
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:640ff
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880640fff50 pfn:0x640ff
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff8880640fff50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739683278, free_ts 1022300200549
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:640fe
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880640fef50 pfn:0x640fe
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff8880640fef50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739678913, free_ts 1022300193453
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:5e3f7
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805e3f7f50 pfn:0x5e3f7
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88805e3f7f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739674605, free_ts 1022300213546
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:5e3f6
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805e3f6f50 pfn:0x5e3f6
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88805e3f6f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739669956, free_ts 1022300206855
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:32a7b
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888032a7bf50 pfn:0x32a7b
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888032a7bf50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739665418, free_ts 1022300275680
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:32a7a
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888032a7af50 pfn:0x32a7a
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888032a7af50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739661075, free_ts 1022300219817
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:132c9
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880132c9f50 pfn:0x132c9
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff8880132c9f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739656767, free_ts 1022300289557
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:132c8
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880132c8f50 pfn:0x132c8
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff8880132c8f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739652505, free_ts 1022300282472
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:29f23
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888029f23f50 pfn:0x29f23
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888029f23f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739648398, free_ts 1022300303214
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:29f22
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888029f22f50 pfn:0x29f22
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888029f22f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739644198, free_ts 1022300296174
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:132c3
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880132c3f50 pfn:0x132c3
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff8880132c3f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739639998, free_ts 1022300315465
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:132c2
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880132c2f50 pfn:0x132c2
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff8880132c2f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739635765, free_ts 1022300309248
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:32541
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888032541a10 pfn:0x32541
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888032541a10 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739631079, free_ts 1022300322860
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:32540
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888032540f50 pfn:0x32540
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888032540f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739626603, free_ts 1022300125918
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:28b9d
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888028b9df50 pfn:0x28b9d
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888028b9df50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739621976, free_ts 1022300365108
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:28b9c
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888028b9cf50 pfn:0x28b9c
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888028b9cf50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739617669, free_ts 1022300357890
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:3a417
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803a417f50 pfn:0x3a417
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88803a417f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739613457, free_ts 1022300379570
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:3a416
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803a416f50 pfn:0x3a416
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88803a416f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739609194, free_ts 1022300373481
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:26493
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888026493f50 pfn:0x26493
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888026493f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739604620, free_ts 1022300423328
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:26492
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888026492f50 pfn:0x26492
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff888026492f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739599960, free_ts 1022300416533
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:2939d
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802939df50 pfn:0x2939d
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88802939df50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739595542, free_ts 1022300435990
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:2939c
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802939cf50 pfn:0x2939c
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88802939cf50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739591213, free_ts 1022300429673
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:4f81d
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804f81df50 pfn:0x4f81d
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88804f81df50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739586981, free_ts 1022300449410
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:4f81c
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804f81cf50 pfn:0x4f81c
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88804f81cf50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739582647, free_ts 1022300442870
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:3357d
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803357df50 pfn:0x3357d
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88803357df50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739578572, free_ts 1022300483890
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:3357c
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803357cf50 pfn:0x3357c
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff88803357cf50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739574147, free_ts 1022300476877
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25799 tgid 25794 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:257 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x1e8/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
 tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x590 security/tomoyo/file.c:723
 security_file_ioctl+0x9b/0x240 security/security.c:2910
 __do_sys_ioctl fs/ioctl.c:901 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:505c5
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880505c5f50 pfn:0x505c5
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff8880505c5f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739569872, free_ts 1026432162007
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25950 tgid 25948 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 ptlock_alloc+0x1f/0x70 mm/memory.c:6918
 ptlock_init include/linux/mm.h:2958 [inline]
 pagetable_pte_ctor include/linux/mm.h:2985 [inline]
 __pte_alloc_one_noprof include/asm-generic/pgalloc.h:73 [inline]
 pte_alloc_one+0x74/0x360 arch/x86/mm/pgtable.c:33
 __pte_alloc+0x6e/0x390 mm/memory.c:448
 do_anonymous_page mm/memory.c:4752 [inline]
 do_pte_missing+0x27ee/0x3e50 mm/memory.c:3963
 handle_pte_fault mm/memory.c:5766 [inline]
 __handle_mm_fault+0x100a/0x2a10 mm/memory.c:5909
 handle_mm_fault+0x3fa/0xaa0 mm/memory.c:6077
 do_user_addr_fault+0x7a3/0x13f0 arch/x86/mm/fault.c:1389
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:505c4
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880505c4f50 pfn:0x505c4
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: ffff8880505c4f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739565607, free_ts 1026432135085
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 25950 tgid 25948 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 ptlock_alloc+0x1f/0x70 mm/memory.c:6918
 ptlock_init include/linux/mm.h:2958 [inline]
 pagetable_pte_ctor include/linux/mm.h:2985 [inline]
 __pte_alloc_one_noprof include/asm-generic/pgalloc.h:73 [inline]
 pte_alloc_one+0x74/0x360 arch/x86/mm/pgtable.c:33
 __pte_alloc+0x6e/0x390 mm/memory.c:448
 do_anonymous_page mm/memory.c:4752 [inline]
 do_pte_missing+0x27ee/0x3e50 mm/memory.c:3963
 handle_pte_fault mm/memory.c:5766 [inline]
 __handle_mm_fault+0x100a/0x2a10 mm/memory.c:5909
 handle_mm_fault+0x3fa/0xaa0 mm/memory.c:6077
 do_user_addr_fault+0x7a3/0x13f0 arch/x86/mm/fault.c:1389
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:3ee25
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f0a8f52a pfn:0x3ee25
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: 00000007f0a8f52a 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739561182, free_ts 1034683656588
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 26298 tgid 26295 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_folios+0x956/0x1310 mm/page_alloc.c:2686
 folios_put_refs+0x551/0x750 mm/swap.c:1007
 free_pages_and_swap_cache+0x36d/0x510 mm/swap_state.c:332
 __tlb_batch_free_encoded_pages+0xf9/0x290 mm/mmu_gather.c:136
 tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]
 tlb_flush_mmu mm/mmu_gather.c:373 [inline]
 tlb_finish_mmu+0x168/0x7b0 mm/mmu_gather.c:465
 exit_mmap+0x3df/0xb30 mm/mmap.c:1925
 __mmput+0x12a/0x480 kernel/fork.c:1347
 mmput+0x62/0x70 kernel/fork.c:1369
 exit_mm kernel/exit.c:571 [inline]
 do_exit+0x9bf/0x2d70 kernel/exit.c:926
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 get_signal+0x25fb/0x2770 kernel/signal.c:2917
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:38ebe
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f33204ff pfn:0x38ebe
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: 00000007f33204ff 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739556579, free_ts 1034295476273
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 26282 tgid 26281 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_folios+0x956/0x1310 mm/page_alloc.c:2686
 folios_put_refs+0x551/0x750 mm/swap.c:1007
 free_pages_and_swap_cache+0x45f/0x510 mm/swap_state.c:335
 __tlb_batch_free_encoded_pages+0xf9/0x290 mm/mmu_gather.c:136
 tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]
 tlb_flush_mmu mm/mmu_gather.c:373 [inline]
 tlb_finish_mmu+0x168/0x7b0 mm/mmu_gather.c:465
 exit_mmap+0x3df/0xb30 mm/mmap.c:1925
 __mmput+0x12a/0x480 kernel/fork.c:1347
 mmput+0x62/0x70 kernel/fork.c:1369
 exit_mm kernel/exit.c:571 [inline]
 do_exit+0x9bf/0x2d70 kernel/exit.c:926
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 get_signal+0x25fb/0x2770 kernel/signal.c:2917
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:38e61
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f33204e0 pfn:0x38e61
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: 00000007f33204e0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739552285, free_ts 1034295473139
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 26282 tgid 26281 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_folios+0x956/0x1310 mm/page_alloc.c:2686
 folios_put_refs+0x551/0x750 mm/swap.c:1007
 free_pages_and_swap_cache+0x45f/0x510 mm/swap_state.c:335
 __tlb_batch_free_encoded_pages+0xf9/0x290 mm/mmu_gather.c:136
 tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]
 tlb_flush_mmu mm/mmu_gather.c:373 [inline]
 tlb_finish_mmu+0x168/0x7b0 mm/mmu_gather.c:465
 exit_mmap+0x3df/0xb30 mm/mmap.c:1925
 __mmput+0x12a/0x480 kernel/fork.c:1347
 mmput+0x62/0x70 kernel/fork.c:1369
 exit_mm kernel/exit.c:571 [inline]
 do_exit+0x9bf/0x2d70 kernel/exit.c:926
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 get_signal+0x25fb/0x2770 kernel/signal.c:2917
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:12957
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2b pfn:0x12957
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: 000000000000002b 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739547810, free_ts 1034308177655
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 21992 tgid 21992 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_folios+0x956/0x1310 mm/page_alloc.c:2686
 folios_put_refs+0x551/0x750 mm/swap.c:1007
 folio_batch_release include/linux/pagevec.h:101 [inline]
 shmem_undo_range+0x586/0x1170 mm/shmem.c:1032
 shmem_truncate_range mm/shmem.c:1144 [inline]
 shmem_evict_inode+0x3a3/0xba0 mm/shmem.c:1274
 evict+0x409/0x970 fs/inode.c:725
 iput_final fs/inode.c:1877 [inline]
 iput fs/inode.c:1903 [inline]
 iput+0x530/0x890 fs/inode.c:1889
 do_unlinkat+0x5c3/0x760 fs/namei.c:4540
 __do_sys_unlink fs/namei.c:4581 [inline]
 __se_sys_unlink fs/namei.c:4579 [inline]
 __x64_sys_unlink+0xc5/0x110 fs/namei.c:4579
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:50aaf
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x411d pfn:0x50aaf
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: 000000000000411d 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739542748, free_ts 1033428795313
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 26233 tgid 26231 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_folios+0x956/0x1310 mm/page_alloc.c:2686
 folios_put_refs+0x551/0x750 mm/swap.c:1007
 free_pages_and_swap_cache+0x45f/0x510 mm/swap_state.c:335
 __tlb_batch_free_encoded_pages+0xf9/0x290 mm/mmu_gather.c:136
 tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]
 tlb_flush_mmu+0xe9/0x590 mm/mmu_gather.c:373
 zap_pte_range mm/memory.c:1700 [inline]
 zap_pmd_range mm/memory.c:1739 [inline]
 zap_pud_range mm/memory.c:1768 [inline]
 zap_p4d_range mm/memory.c:1789 [inline]
 unmap_page_range+0x1c08/0x3cf0 mm/memory.c:1810
 unmap_single_vma+0x194/0x2b0 mm/memory.c:1856
 unmap_vmas+0x22f/0x490 mm/memory.c:1900
 exit_mmap+0x1c6/0xb30 mm/mmap.c:1912
 __mmput+0x12a/0x480 kernel/fork.c:1347
 mmput+0x62/0x70 kernel/fork.c:1369
 exit_mm kernel/exit.c:571 [inline]
 do_exit+0x9bf/0x2d70 kernel/exit.c:926
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 get_signal+0x25fb/0x2770 kernel/signal.c:2917
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:1297f
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x18 pfn:0x1297f
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: 0000000000000018 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739538345, free_ts 1034307962287
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 21992 tgid 21992 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_folios+0x956/0x1310 mm/page_alloc.c:2686
 folios_put_refs+0x551/0x750 mm/swap.c:1007
 folio_batch_release include/linux/pagevec.h:101 [inline]
 shmem_undo_range+0x586/0x1170 mm/shmem.c:1032
 shmem_truncate_range mm/shmem.c:1144 [inline]
 shmem_evict_inode+0x3a3/0xba0 mm/shmem.c:1274
 evict+0x409/0x970 fs/inode.c:725
 iput_final fs/inode.c:1877 [inline]
 iput fs/inode.c:1903 [inline]
 iput+0x530/0x890 fs/inode.c:1889
 do_unlinkat+0x5c3/0x760 fs/namei.c:4540
 __do_sys_unlink fs/namei.c:4581 [inline]
 __se_sys_unlink fs/namei.c:4579 [inline]
 __x64_sys_unlink+0xc5/0x110 fs/namei.c:4579
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:12968
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f331f932 pfn:0x12968
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: 00000007f331f932 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739533935, free_ts 1034509303565
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 26287 tgid 26287 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_folios+0x956/0x1310 mm/page_alloc.c:2686
 folios_put_refs+0x551/0x750 mm/swap.c:1007
 folios_put include/linux/mm.h:1537 [inline]
 folio_batch_move_lru+0x2c4/0x3b0 mm/swap.c:220
 lru_add_drain_cpu+0x521/0x810 mm/swap.c:661
 lru_add_drain+0x109/0x440 mm/swap.c:743
 exit_mmap+0x199/0xb30 mm/mmap.c:1907
 __mmput+0x12a/0x480 kernel/fork.c:1347
 mmput+0x62/0x70 kernel/fork.c:1369
 exit_mm kernel/exit.c:571 [inline]
 do_exit+0x9bf/0x2d70 kernel/exit.c:926
 __do_sys_exit kernel/exit.c:1055 [inline]
 __se_sys_exit kernel/exit.c:1053 [inline]
 __x64_sys_exit+0x42/0x50 kernel/exit.c:1053
 x64_sys_call+0x14ae/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:61
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:41511
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x41511
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: 0000000000020000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739529559, free_ts 1034676863984
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 26298 tgid 26295 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_folios+0x956/0x1310 mm/page_alloc.c:2686
 folios_put_refs+0x551/0x750 mm/swap.c:1007
 folios_put include/linux/mm.h:1537 [inline]
 folio_batch_move_lru+0x2c4/0x3b0 mm/swap.c:220
 lru_add_drain_cpu+0x521/0x810 mm/swap.c:661
 lru_add_drain+0x109/0x440 mm/swap.c:743
 exit_mmap+0x199/0xb30 mm/mmap.c:1907
 __mmput+0x12a/0x480 kernel/fork.c:1347
 mmput+0x62/0x70 kernel/fork.c:1369
 exit_mm kernel/exit.c:571 [inline]
 do_exit+0x9bf/0x2d70 kernel/exit.c:926
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 get_signal+0x25fb/0x2770 kernel/signal.c:2917
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>
BUG: Bad page state in process syz.2.5182  pfn:4152a
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f7fb0b37 pfn:0x4152a
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88802a599000 0000000000000000
raw: 00000007f7fb0b37 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 26325, tgid 26322 (syz.2.5182), ts 1035739525256, free_ts 1034676880983
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 26298 tgid 26295 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_folios+0x956/0x1310 mm/page_alloc.c:2686
 folios_put_refs+0x551/0x750 mm/swap.c:1007
 folios_put include/linux/mm.h:1537 [inline]
 folio_batch_move_lru+0x2c4/0x3b0 mm/swap.c:220
 lru_add_drain_cpu+0x521/0x810 mm/swap.c:661
 lru_add_drain+0x109/0x440 mm/swap.c:743
 exit_mmap+0x199/0xb30 mm/mmap.c:1907
 __mmput+0x12a/0x480 kernel/fork.c:1347
 mmput+0x62/0x70 kernel/fork.c:1369
 exit_mm kernel/exit.c:571 [inline]
 do_exit+0x9bf/0x2d70 kernel/exit.c:926
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 get_signal+0x25fb/0x2770 kernel/signal.c:2917
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 26325 Comm: syz.2.5182 Tainted: G    B              6.12.0-rc5-syzkaller-00161-g90602c251cda #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 packet_rcv+0x16c/0x15a0 net/packet/af_packet.c:2290
 __netif_receive_skb_list_ptype net/core/dev.c:5718 [inline]
 __netif_receive_skb_list_ptype net/core/dev.c:5702 [inline]
 __netif_receive_skb_list_core+0x6e0/0x950 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5903
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a8f37e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a901b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8f536058 RCX: 00007f0a8f37e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f0a8f3f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0a8f536058 R15: 00007ffd66e72e88
 </TASK>